don't overwrite access token in secrets file; use state instead

yasunariw · yasunariw · commit 987f50d2659e · 2021-01-04T15:01:45.000+08:00
If access token is provided in secrets file at startup time, should
copy into runtime state.
diff --git a/lib/action.ml b/lib/action.ml
@@ -284,7 +284,7 @@ module Action (Github_api : Api.Github) (Slack_api : Api.Slack) = struct
   let process_slack_oauth (ctx : Context.t) args =
     try%lwt
       let secrets = Context.get_secrets_exn ctx in
-      match secrets.slack_access_token with
+      match ctx.state.slack_access_token with
       | Some _ -> Lwt.return "ok"
       | None ->
       match Slack.validate_state ?oauth_state:secrets.slack_oauth_state ~args with
@@ -293,9 +293,18 @@ module Action (Github_api : Api.Github) (Slack_api : Api.Slack) = struct
       match List.Assoc.find args "code" ~equal:String.equal with
       | None -> action_error "argument `code` not found in slack authorization request"
       | Some code ->
-        ( match%lwt Slack_api.update_access_token_of_context ~ctx ~code with
+        ( match%lwt Slack_api.access_token_of_code ~ctx ~code with
         | Error e -> action_error e
-        | Ok () -> Lwt.return "ok"
+        | Ok access_token ->
+          State.set_slack_access_token ctx.state access_token;
+          ( match ctx.state_filepath with
+          | None -> Lwt.return "ok"
+          | Some path ->
+            ( match%lwt State.save ctx.state path with
+            | Ok () -> Lwt.return "ok"
+            | Error e -> action_error e
+            )
+          )
         )
     with
     | Yojson.Json_error msg ->
diff --git a/lib/api.ml b/lib/api.ml
@@ -17,5 +17,5 @@ module type Slack = sig
 
   val send_chat_unfurl : ctx:Context.t -> chat_unfurl_req -> (unit, string) Result.t Lwt.t
 
-  val update_access_token_of_context : ctx:Context.t -> code:string -> (unit, string) Result.t Lwt.t
+  val access_token_of_code : ctx:Context.t -> code:string -> (string, string) Result.t Lwt.t
 end
diff --git a/lib/api_local.ml b/lib/api_local.ml
@@ -29,7 +29,7 @@ module Slack_base : Api.Slack = struct
 
   let send_chat_unfurl ~ctx:_ _ = Lwt.return @@ Error "undefined for local setup"
 
-  let update_access_token_of_context ~ctx:_ ~code:_ = Lwt.return @@ Error "undefined for local setup"
+  let access_token_of_code ~ctx:_ ~code:_ = Lwt.return @@ Error "undefined for local setup"
 end
 
 module Slack : Api.Slack = struct
@@ -41,9 +41,7 @@ module Slack : Api.Slack = struct
     Stdio.printf "%s\n" json;
     Lwt.return @@ Ok ()
 
-  let update_access_token_of_context ~ctx:_ ~code:_ =
-    Stdio.printf "will generate token\n";
-    Lwt.return @@ Ok ()
+  let access_token_of_code ~ctx:_ ~code = Lwt.return @@ Ok (Printf.sprintf "token of code %s" code)
 end
 
 module Slack_simple : Api.Slack = struct
diff --git a/lib/api_remote.ml b/lib/api_remote.ml
@@ -142,14 +142,4 @@ module Slack : Api.Slack = struct
         | None, None -> Lwt.return @@ Error "an unknown error occurred while getting access token"
         )
       )
-
-  let update_access_token_of_context ~ctx ~code =
-    let secrets = Context.get_secrets_exn ctx in
-    match%lwt access_token_of_code ~ctx ~code with
-    | Error e -> Lwt.return @@ Error e
-    | Ok access_token ->
-      let secrets = { secrets with slack_access_token = Some access_token } in
-      ctx.secrets <- Some secrets;
-      let data = Config_j.string_of_secrets secrets |> Yojson.Basic.from_string |> Yojson.Basic.pretty_to_string in
-      Lwt.return @@ write_to_local_file ~data ctx.secrets_filepath
 end
diff --git a/lib/context.ml b/lib/context.ml
@@ -86,6 +86,12 @@ let refresh_state ctx =
       | Error e -> fmt_error "error while getting local file: %s\nfailed to get state from file %s" e path
       | Ok file ->
         let state = State_j.state_of_string file in
+        let secrets = get_secrets_exn ctx in
+        begin
+          match secrets.slack_access_token with
+          | None -> ()
+          | Some token -> State.set_slack_access_token ctx.state token
+        end;
         Ok { ctx with state }
     end
     else Ok ctx
diff --git a/lib/state.atd b/lib/state.atd
@@ -14,5 +14,6 @@ type pipeline_statuses = branch_statuses map_as_object
 
 (* The serializable runtime state of the bot *)
 type state = {
-  pipeline_statuses <ocaml mutable>: pipeline_statuses
+  pipeline_statuses <ocaml mutable>: pipeline_statuses;
+  ?slack_access_token <ocaml mutable>: string nullable;
 }
diff --git a/lib/state.ml b/lib/state.ml
@@ -2,7 +2,7 @@ open Base
 open Common
 open Devkit
 
-let empty : State_t.state = { pipeline_statuses = StringMap.empty }
+let empty : State_t.state = { pipeline_statuses = StringMap.empty; slack_access_token = None }
 
 let refresh_pipeline_status (state : State_t.state) ~pipeline ~(branches : Github_t.branch list) ~status =
   let update_pipeline_status branch_statuses =
@@ -12,6 +12,8 @@ let refresh_pipeline_status (state : State_t.state) ~pipeline ~(branches : Githu
   in
   state.pipeline_statuses <- Map.update state.pipeline_statuses pipeline ~f:update_pipeline_status
 
+let set_slack_access_token (state : State_t.state) access_token = state.slack_access_token <- Some access_token
+
 let log = Log.from "state"
 
 let save state path =

Original file line number	Diff line number	Diff line change
`@@ -14,5 +14,6 @@ type pipeline_statuses = branch_statuses map_as_object`
`14`	`14`
`15`	`15`	`(* The serializable runtime state of the bot *)`
`16`	`16`	`type state = {`
`17`		`- pipeline_statuses <ocaml mutable>: pipeline_statuses`
	`17`	`+ pipeline_statuses <ocaml mutable>: pipeline_statuses;`
	`18`	`+ ?slack_access_token <ocaml mutable>: string nullable;`
`18`	`19`	`}`