[FEATURE] Custom Expiry Feature (#131)

neufeldtech · web-flow · commit 427444f2cdc5 · 2025-06-12T15:35:45.000-05:00
* new feat secret expiry working, but messy

* fix tests

* add test

* added tests for model

* Apply suggestions from code review
diff --git a/go.mod b/go.mod
@@ -11,6 +11,7 @@ require (
 	github.com/onsi/gomega v1.31.1
 	github.com/sirupsen/logrus v1.9.3
 	github.com/slack-go/slack v0.13.1
+	github.com/stretchr/testify v1.8.4
 	go.elastic.co/apm v1.15.0
 	go.elastic.co/apm/module/apmgin v1.15.0
 	go.elastic.co/apm/module/apmgormv2 v1.15.0
@@ -28,6 +29,7 @@ require (
 
 require (
 	github.com/cenkalti/backoff/v4 v4.2.1 // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/elastic/go-licenser v0.3.1 // indirect
 	github.com/gabriel-vasile/mimetype v1.4.2 // indirect
 	github.com/go-logr/logr v1.4.1 // indirect
@@ -38,6 +40,7 @@ require (
 	github.com/jackc/puddle/v2 v2.2.1 // indirect
 	github.com/jcchavezs/porto v0.1.0 // indirect
 	github.com/mattn/go-sqlite3 v1.14.17 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/rogpeppe/go-internal v1.11.0 // indirect
 	go.opentelemetry.io/otel/metric v1.24.0 // indirect
 	go.opentelemetry.io/otel/trace v1.24.0 // indirect
diff --git a/pkg/secretmessage/handle_interactive.go b/pkg/secretmessage/handle_interactive.go
@@ -26,14 +26,20 @@ func (ctl *PublicController) HandleInteractive(c *gin.Context) {
 	}
 	tx.Context.SetLabel("userHash", hash(i.User.ID))
 	tx.Context.SetLabel("teamHash", hash(i.Team.ID))
-	callbackType := strings.Split(i.CallbackID, ":")[0]
-	switch callbackType {
-	case actions.ReadMessage:
-		CallbackReadSecret(ctl, tx, c, i)
-	case actions.DeleteMessage:
-		CallbackDeleteSecret(ctl, tx, c, i)
+
+	switch i.Type {
+	case slack.InteractionTypeViewSubmission:
+		CallbackViewSubmission(ctl, tx, c, i)
 	default:
-		log.Error("Hit the default case. bad things happened")
-		c.Data(http.StatusInternalServerError, gin.MIMEPlain, nil)
+		callbackType := strings.Split(i.CallbackID, ":")[0]
+		switch callbackType {
+		case actions.ReadMessage:
+			CallbackReadSecret(ctl, tx, c, i)
+		case actions.DeleteMessage:
+			CallbackDeleteSecret(ctl, tx, c, i)
+		default:
+			log.Error("Hit the default case. bad things happened")
+			c.Data(http.StatusInternalServerError, gin.MIMEPlain, nil)
+		}
 	}
 }
diff --git a/pkg/secretmessage/handle_interactive_test.go b/pkg/secretmessage/handle_interactive_test.go
@@ -18,6 +18,7 @@ import (
 	. "github.com/onsi/ginkgo"
 	. "github.com/onsi/gomega"
 	"github.com/slack-go/slack"
+
 	"gorm.io/driver/sqlite"
 	"gorm.io/gorm"
 )
@@ -44,7 +45,6 @@ var _ = Describe("/interactive", func() {
 		}
 
 		BeforeEach(func() {
-			httpmock.Activate()
 			gdb, err = gorm.Open(sqlite.Open("file::memory:?cache=shared&dbname=handle_interactive_get"), &gorm.Config{})
 			if err != nil {
 				log.Fatal(err)
@@ -61,7 +61,6 @@ var _ = Describe("/interactive", func() {
 			serverResponse = doHttpRequest(router, strings.NewReader(requestBody.Encode()), map[string]string{"Content-Type": "application/x-www-form-urlencoded"}, "POST", "/interactive")
 		})
 		AfterEach(func() {
-			httpmock.DeactivateAndReset()
 			db, _ := gdb.DB()
 			db.Close()
 		})
@@ -99,6 +98,25 @@ var _ = Describe("/interactive", func() {
 				Expect(msg.DeleteOriginal).To(BeTrue())
 			})
 		})
+		Context("on secret expired", func() {
+			BeforeEach(func() {
+				// Insert the secret with an expired timestamp
+				tx := gdb.Create(&secretmessage.Secret{
+					ID:        secretIDHashed,
+					Value:     encryptedPayload,
+					ExpiresAt: time.Now().Add(-time.Hour), // expired 1 hour ago
+				})
+				Expect(tx.RowsAffected).To(BeEquivalentTo(1))
+			})
+			It("should return error message for expired secret", func() {
+				var msg slack.Message
+				b, _ := ioutil.ReadAll(serverResponse.Body)
+				json.Unmarshal(b, &msg)
+				Expect(serverResponse.Code).To(Equal(http.StatusOK))
+				Expect(msg.Attachments[0].Text).To(MatchRegexp(`This Secret has expired`))
+				Expect(msg.DeleteOriginal).To(BeTrue())
+			})
+		})
 		Context("on db error", func() {
 			BeforeEach(func() {
 				// force an error by closing DB
@@ -161,4 +179,76 @@ var _ = Describe("/interactive", func() {
 			})
 		})
 	})
+
+	Describe("Modal Submit", func() {
+		// setup httpmock for responseURl from privatemetadata
+		responseURL := "https://hooks.slack.com/actions/T00000000/1234567890/abcdefghijklmnopqrstuvwxyz"
+
+		interactionPayload := slack.InteractionCallback{
+			Type: slack.InteractionTypeViewSubmission,
+			View: slack.View{
+				PrivateMetadata: responseURL,
+				Type:            "modal",
+				CallbackID:      "test_modal_submit",
+				State: &slack.ViewState{
+					Values: map[string]map[string]slack.BlockAction{
+						"secret_text_input": {
+							"secret_text_input": slack.BlockAction{
+								Value: "example secret text",
+							},
+						},
+						"expiry_date_input": {
+							"expiry_date_input": slack.BlockAction{
+								SelectedDate: "2024-06-01",
+							},
+						},
+					},
+				},
+			},
+		}
+		interactionBytes, err := json.Marshal(interactionPayload)
+		if err != nil {
+			log.Fatal(err)
+		}
+		requestBody := url.Values{
+			"payload": []string{string(interactionBytes)},
+		}
+
+		BeforeEach(func() {
+			// Configuration
+			httpmock.Activate()
+
+			gdb, err = gorm.Open(sqlite.Open("file::memory:?cache=shared&dbname=handle_interactive_delete"), &gorm.Config{})
+			if err != nil {
+				log.Fatal(err)
+			}
+			gdb.AutoMigrate(secretmessage.Team{})
+			gdb.AutoMigrate(secretmessage.Secret{})
+			ctl = secretmessage.NewController(
+				secretmessage.Config{SkipSignatureValidation: true},
+				gdb,
+			)
+
+		})
+		JustBeforeEach(func() {
+			// creation of objects
+			router = ctl.ConfigureRoutes()
+			serverResponse = doHttpRequest(router, strings.NewReader(requestBody.Encode()), map[string]string{"Content-Type": "application/x-www-form-urlencoded"}, "POST", "/interactive")
+		})
+		AfterEach(func() {
+			httpmock.DeactivateAndReset()
+			db, _ := gdb.DB()
+			db.Close()
+		})
+
+		Context("on happy path", func() {
+			BeforeEach(func() {
+				httpmock.RegisterResponder("POST", responseURL, httpmock.NewStringResponder(200, `ok`))
+
+			})
+			It("should return 200", func() {
+				Expect(serverResponse.Code).To(Equal(http.StatusOK))
+			})
+		})
+	})
 })
diff --git a/pkg/secretmessage/handle_slash_test.go b/pkg/secretmessage/handle_slash_test.go
@@ -125,7 +125,7 @@ var _ = Describe("/secret", func() {
 			var msg slack.Message
 			b, _ := ioutil.ReadAll(serverResponse.Body)
 			json.Unmarshal(b, &msg)
-			Expect(msg.Attachments[0].Text).To(MatchRegexp(`An error occurred attempting to create secret`))
+			Expect(msg.Attachments[0].Text).To(MatchRegexp(`An error occurred`))
 		})
 		It("should respond with 200", func() {
 			Expect(serverResponse.Code).To(Equal(http.StatusOK))
@@ -149,12 +149,12 @@ var _ = Describe("/secret", func() {
 				"channel_name":    []string{"fishbowl"},
 				"trigger_id":      []string{"0000000000.1111111111.222222222222aaaaaaaaaaaaaa"},
 			}
+			gdb.Create(&secretmessage.Team{ID: teamID, AccessToken: accessToken})
+
+			httpmock.RegisterResponder("POST", "https://slack.com/api/views.open", httpmock.NewStringResponder(200, `{"ok": true}`))
 		})
-		It("should return a useful error message", func() {
-			var msg slack.Message
-			b, _ := ioutil.ReadAll(serverResponse.Body)
-			json.Unmarshal(b, &msg)
-			Expect(msg.Attachments[0].Text).To(MatchRegexp(`It looks like you tried to send a secret but forgot to provide the secret's text`))
+		It("should POST to views.open", func() {
+			Expect(httpmock.GetTotalCallCount()).To(Equal(1))
 		})
 		It("should respond with 200", func() {
 			Expect(serverResponse.Code).To(Equal(http.StatusOK))
@@ -168,7 +168,7 @@ var _ = Describe("/secret", func() {
 			var msg slack.Message
 			b, _ := ioutil.ReadAll(serverResponse.Body)
 			json.Unmarshal(b, &msg)
-			Expect(msg.Attachments[0].Text).To(MatchRegexp(`An error occurred attempting to create secret`))
+			Expect(msg.Attachments[0].Text).To(MatchRegexp(`An error occurred`))
 		})
 		It("should respond with 200", func() {
 			Expect(serverResponse.Code).To(Equal(http.StatusOK))
diff --git a/pkg/secretmessage/interactive.go b/pkg/secretmessage/interactive.go
@@ -2,9 +2,11 @@ package secretmessage
 
 import (
 	"encoding/json"
+	"errors"
 	"fmt"
 	"net/http"
 	"strings"
+	"time"
 
 	"github.com/gin-gonic/gin"
 	"github.com/neufeldtech/secretmessage-go/pkg/secretmessage/actions"
@@ -32,6 +34,14 @@ func CallbackReadSecret(ctl *PublicController, tx *apm.Transaction, c *gin.Conte
 	var errCallback string
 	var deleteOriginal bool
 	switch {
+	case !secret.ExpiresAt.IsZero() && secret.ExpiresAt.Before(time.Now()):
+		getSecretErr = errors.New("Secret expired")
+		tx.Context.SetLabel("errorCode", "secret_expired")
+		errTitle = ":hourglass: Secret expired"
+		errMsg = "This Secret has expired"
+		errCallback = "secret_expired"
+		deleteOriginal = true
+		ctl.db.WithContext(hc).Unscoped().Where("id = ?", hash(secretID)).Delete(Secret{})
 	case getSecretErr == gorm.ErrRecordNotFound:
 		tx.Context.SetLabel("errorCode", "secret_not_found")
 		errTitle = ":question: Secret not found"
@@ -139,3 +149,25 @@ func CallbackDeleteSecret(ctl *PublicController, tx *apm.Transaction, c *gin.Con
 	}
 	c.Data(http.StatusOK, gin.MIMEJSON, responseBytes)
 }
+
+func CallbackViewSubmission(ctl *PublicController, tx *apm.Transaction, c *gin.Context, i slack.InteractionCallback) {
+	tx.Context.SetLabel("callbackID", i.CallbackID)
+	tx.Context.SetLabel("action", "viewSubmission")
+
+	secretTextVal := i.View.State.Values["secret_text_input"]["secret_text_input"].Value
+	datePickerVal := i.View.State.Values["expiry_date_input"]["expiry_date_input"].SelectedDate
+
+	dateParsed, err := time.Parse("2006-01-02", datePickerVal)
+	if err != nil {
+		log.Errorf("error parsing date: %v, using default expiry date...", err)
+	}
+
+	err = PrepareAndSendSecretEnvelope(ctl, c, tx, secretTextVal, i.Team.ID, i.User.Name, i.View.PrivateMetadata, WithExpiryDate(dateParsed))
+	if err != nil {
+		log.Errorf("error preparing and sending secret envelope: %v", err)
+		c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"status": "Error with the stuffs"})
+		tx.Context.SetLabel("errorCode", "prepare_and_send_secret_error")
+		return
+	}
+	c.Data(http.StatusOK, gin.MIMEPlain, nil)
+}
diff --git a/pkg/secretmessage/model.go b/pkg/secretmessage/model.go
@@ -14,6 +14,8 @@ type Secret struct {
 	Value     string
 }
 
+type SecretOption func(*Secret) *Secret
+
 type Team struct {
 	gorm.Model
 	ID          string
@@ -22,3 +24,36 @@ type Team struct {
 	Name        string
 	Paid        sql.NullBool `gorm:"default:false"`
 }
+
+func WithExpiryDate(expiryDate time.Time) SecretOption {
+	return func(s *Secret) *Secret {
+		s.ExpiresAt = expiryDate
+		return s
+	}
+}
+
+func NewSecret(id string, value string, opts ...SecretOption) *Secret {
+	secret := &Secret{
+		ID:    id,
+		Value: value,
+	}
+
+	for _, opt := range opts {
+		opt(secret)
+	}
+
+	if secret.ExpiresAt.IsZero() {
+		// Default to 7 days expiry if not provided
+		secret.ExpiresAt = time.Now().AddDate(0, 0, 7)
+	}
+	// if expiry date is more than 30 days in the future, set it to 30 days
+	if secret.ExpiresAt.After(time.Now().AddDate(0, 0, 30)) {
+		secret.ExpiresAt = time.Now().AddDate(0, 0, 30)
+	}
+
+	// If expiry date is in the past, set it to now
+	if secret.ExpiresAt.Before(time.Now()) {
+		secret.ExpiresAt = time.Now()
+	}
+	return secret
+}
diff --git a/pkg/secretmessage/model_test.go b/pkg/secretmessage/model_test.go
@@ -0,0 +1,48 @@
+package secretmessage
+
+import (
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestNewSecret_DefaultExpiry(t *testing.T) {
+	id := "abc123"
+	value := "mysecret"
+	secret := NewSecret(id, value)
+
+	assert.Equal(t, id, secret.ID)
+	assert.Equal(t, value, secret.Value)
+	assert.WithinDuration(t, time.Now().AddDate(0, 0, 7), secret.ExpiresAt, time.Second*2)
+}
+
+func TestNewSecret_WithExpiryDate(t *testing.T) {
+	id := "abc123"
+	value := "mysecret"
+	expiry := time.Now().AddDate(0, 0, 3)
+	secret := NewSecret(id, value, WithExpiryDate(expiry))
+
+	assert.Equal(t, id, secret.ID)
+	assert.Equal(t, value, secret.Value)
+	assert.WithinDuration(t, expiry, secret.ExpiresAt, time.Second*2)
+}
+
+func TestNewSecret_ExpiryMoreThan30Days(t *testing.T) {
+	id := "abc123"
+	value := "mysecret"
+	expiry := time.Now().AddDate(0, 0, 40)
+	secret := NewSecret(id, value, WithExpiryDate(expiry))
+
+	maxExpiry := time.Now().AddDate(0, 0, 30)
+	assert.WithinDuration(t, maxExpiry, secret.ExpiresAt, time.Second*2)
+}
+
+func TestNewSecret_ExpiryInPast(t *testing.T) {
+	id := "abc123"
+	value := "mysecret"
+	expiry := time.Now().Add(-time.Hour * 24)
+	secret := NewSecret(id, value, WithExpiryDate(expiry))
+
+	assert.WithinDuration(t, time.Now(), secret.ExpiresAt, time.Second*2)
+}
diff --git a/pkg/secretmessage/slash.go b/pkg/secretmessage/slash.go
diff --git a/pkg/secretslack/slack.go b/pkg/secretslack/slack.go
