flint-bot / sparky Goto Github PK

It would be great to have the ability to use the new markdown message support functionality when sending messages.

Spark APIs do not provide a way to get/list messages for a space after a certain date, only before...
that isnt very helpful in many situations. The /events API is only available to compliance officer roles, which is not the vast majority of users. We need a way, with a standard user token (from oAuth) to list messages from a certain date till now... Ideally sparky would fill that void with a getMessagesAfter(date, roomId, pagesize) could go back page-by-page till it finds the the threshold message/time.

I think i have an issue with isMessageSearch validator method
Validator.isMessageSearch = searchObj => (typeof messageSearch === 'object' && searchObj.roomId);

This method test typeof "messageSearch" variable instead of "searchObj" variable.

Write like that, it works better.
Validator.isMessageSearch = searchObj => (typeof searchObj=== 'object' && searchObj.roomId);

You need to replace a line in flint-bot/sparky/blob/master/lib/res/webhooks.js

offending line:
...
if(sig === hmac.digest('hex')) {
...

Solution: replace triple equals with time-constant comparison from crypto lib
nodejs/node#3073

vulnerability explanation:
https://en.wikipedia.org/wiki/Timing_attack

discussion (in depth explanation):
nodejs/node-v0.x-archive#8560

Thank you for building this framework.

Steven Miller
Cisco Systems, IT Engineer

Example of working error:

spark.personGet('Y2lzY29zcGFyaMWU4LWI1MzQtZDM3YjY1MzYzNjhl]', '1234')
  .then(result => {
    console.log('Good:', result);
  })
  .catch(error => {
    console.log(JSON.stringify(error, null, 2));  // ​​​​​{​​​​​​​  "code": 404,​​​​​​​​​​  "type": "ERR_STATUS"​​​​​ ​​​​​}​​​​​
    console.log(typeof error); // object
    console.log('Array? ', Array.isArray(error)); // false
    console.log(error);  { [Error: recieved error 404 for a GET request to https://api.ciscospark.com/v1/people/Y2lzY29zcGFyaMWU4LWI1MzQtZDM3YjY1MzYzNjhl] code: 404, type: 'ERR_STATUS' 
   })

membershipAdd result error not an object

spark.membershipAdd(spaceId, '1234')
  .then(result => {
    console.log('Good:', result);
  })
  .catch(error => {
    console.log(JSON.stringify(error, null, 2));  // {}
    console.log(typeof error); // object
    console.log(Array.isArray(error));  //false
    console.log(error); // [Error: invalid arguments]​​​​​
   })

Sorry that I did not have the time to dig further.

The doc for getting messages from the room: https://github.com/nmarus/sparky/blob/master/README.md#sparkymessagesroomgetroomid-max-callbackerror-results
Is not on sync with the code: https://github.com/nmarus/sparky/blob/master/lib/sparky.js#L289

(Thanks for the npm package)

Getting this message at npm install

npm install node-sparky
npm WARN deprecated [email protected]: ReDoS vulnerability parsing Set-Cookie
https://nodesecurity.io/advisories/130

The library should not log errors, itself. This should be the responsibility the surrounding code. In fact, it might not be an error and is correctly handled.

TODO: There may be other places in the code this occurs too.

Line 315 in spark.js -> console.error(err)

        const processError = (_res, _opts) => {
          const err = new Error(`recieved error ${_res.statusCode} for a ${_opts.method.toUpperCase()} request to ${_opts.url}`);
          // attach statusCode to error.code
          err.code = _res.statusCode;
          // attach err.type
          if (parseInt(_res.statusCode, 10) === 400) {
            err.type = 'ERR_REQUEST';
          } else if (parseInt(_res.statusCode, 10) === 401) {
            err.type = 'ERR_UNAUTHORIZED';
          } else if (parseInt(_res.statusCode, 10) === 403) {
            err.type = 'ERR_FORBIDDEN';
          } else if (parseInt(_res.statusCode, 10) === 409) {
            err.type = 'ERR_CONFLICT';
          } else if (parseInt(_res.statusCode, 10) === 415) {
            err.type = 'ERR_MEDIA';
          } else if (parseInt(_res.statusCode, 10) === 429) {
            err.type = 'ERR_RATELIMIT';
          } else {
            err.type = 'ERR_STATUS';
          }
          console.error(err);
          return when.reject(err);
};

The spark api supports adding membership via email or personId. It would be nice to have the sparky sdk to do the same.

https://developer.webex.com/endpoint-memberships-post.html

When the Cisco Spark API returns an error such as a 409, I am having difficulties handling it from my client application code.

Sparky returns an err containing only a message, which gives no other option but to do string comparison, or creating a regexp to matching a 409 status error.

Hi Nick,

Are there any plans to add the Admin API?

Thanks.