feat: enhance Slack integration by adding optional Bot Token and upda… #248
Conversation
…ting validation rules for Webhook URL and Channel requirements
✅ Deploy Preview for peekaping ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
✅ Deploy Preview for docspeekaping ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
This PR is being reviewed by Cursor Bugbot
Details
You are on the Bugbot Free tier. On this plan, Bugbot will review limited PRs each billing cycle.
To receive Bugbot reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial.
| // Use Slack API if BotToken is provided, otherwise use webhook | ||
| if cfg.BotToken != "" { | ||
| fmt.Println("cfg.BotToken", cfg.BotToken) | ||
| fmt.Println("jsonPayload", string(jsonPayload)) |
There was a problem hiding this comment.
Debug statements leak bot token to stdout
Two fmt.Println statements print the cfg.BotToken and jsonPayload to stdout. This exposes the Slack bot token (a sensitive authentication credential) in logs/console output. These appear to be leftover debug statements that were accidentally committed and pose a security risk in production.
| TelegramForm.schema, | ||
| WebhookForm.schema, | ||
| SlackForm.schema, | ||
| SlackForm.baseSchema, |
There was a problem hiding this comment.
Slack form validation refinements not applied
The discriminated union uses SlackForm.baseSchema instead of SlackForm.schema, so the .refine() validations never run on the frontend. Users won't see client-side validation errors for the requirements that either webhook URL or bot token must be provided, nor that channel is required when using bot token. Forms will submit without these validations, only failing at the backend.
Additional Locations (1)
| // Check response status | ||
| if resp.StatusCode < 200 || resp.StatusCode >= 300 { | ||
| return fmt.Errorf("Slack webhook returned status: %s", resp.Status) | ||
| return fmt.Errorf("Slack API returned status: %s", resp.Status) |
There was a problem hiding this comment.
Slack API errors not detected due to HTTP 200 response
The Slack Web API (chat.postMessage) returns HTTP 200 for most errors, with {"ok": false, "error": "..."} in the response body. The code only checks HTTP status codes, so API-level errors like invalid tokens, missing permissions, or invalid channels will be silently treated as success. The function will return nil and log "Slack message sent successfully" even when the message failed to send. The response body needs to be parsed to check the ok field.
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #248 +/- ##
==========================================
- Coverage 21.33% 21.31% -0.03%
==========================================
Files 199 199
Lines 16129 16147 +18
==========================================
Hits 3441 3441
- Misses 12468 12486 +18
Partials 220 220 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
…ting validation rules for Webhook URL and Channel requirements
Note
Introduces Bot Token-based Slack messaging alongside existing webhooks and aligns validations and UI.
SlackConfignow acceptsslack_bot_tokenand makesslack_webhook_urloptional;Validateenforces either webhook or bot token and requiresslack_channelwhen using a bot token;Sendposts to Slackchat.postMessagewithAuthorization: Bearer <token>when a token is provided, otherwise uses the webhook; improves logs and error messages.slack-formaddsslack_bot_tokenfield, splits schema intobaseSchema(for discriminated union) and refinedschemaenforcing the same rules; removes hard-required webhook UI markers; adds help links and notes;create-edit-notification-channelswitches union toSlackForm.baseSchema.Written by Cursor Bugbot for commit d5b80d9. This will update automatically on new commits. Configure here.