Channel ID that the bot asks the question in and gets list of users from.
SLACK_SIGNING_SECRET
Required
Slack bot signing secret used to authenticate requests from Slack.
Local Dev
Prerequisites
A slack workspace to which you can add a bot and edit its permissions, create one if needed, adding the OAuth scopes listed above.
Docker - the app is containerised and the development environment uses docker compose
ngrok, used to forward an https URL to your local machine, needed to test slack events and actions
*. Use ngrok to forward traffic to your local machine, copy the URL.
ngrok http 8000
Set up your slack app by going to the app home under Slack Apps
Under Features > Interactivity & Shortcuts, enable and configure the URL to {ngrok_url}/slack/actions
Under Features > Event Subscriptions, enable and configure the URL to {ngrok_url}/slack/events
Subscribe to the following events: app_home_opened, app_mention and message.channels
Additional to the required standard environment variables, add these to your .env file:
Name
Description
DEPLOYMENT_ENV
Set to Local to enable local development mocking
LOCAL_URL
Set to the https URL obtained from ngrok
Local dev loop
Start the docker compose application (in older docker versions, docker-compose needed to be downloaded separately)
docker compose up -d --build && docker compose logs -f
Make changes to the code to auto-restart the process inside the contianer.
When a user joins a channel where MusicalChair daily question is active, the should be DM'd with the option to do whatever the opposite of the default setting is.
Endpoints that aren't authenticated by Slack's signing secret methodology need to be authenticated by OAuth.
These endpoints (/ask-for-song, /backfill--playlists) are currently available publicly and could be abused with the lack of authentication currently on them.
Should figure out what the interaction with Slack's OAuth is like as well as that is required to distribute the app eventually.
Currently, the random member from the channel chosen can be another slack bot which is undesirable.
When MusicalChair is added to a channel, it should scan for bot users using the users_info method of the slack_bolt sdk and add those bot users to the permanent exclusions state. This would also require for new members added to the channel to be acted upon, checking if it is a bot or not.
It is currently possible for users to click opt-in or opt-out multiple times before the ack response comes back, and for each time clicked - the user gets added/excluded an extra time.
In conjunction with #26, when a legitimate new user joins a channel, show them the status of if they are in the question pool or not and give them the option to opt-in/out