implement slack oauth exchange

This exposes a `/slack` route that Slack can query to trigger an
OAuth exchange, culminating in the generation of an access token
authorizing the bot to post messages to a workspace.

When just working with one bot app per workspace, the token can be
generated from the app dashboard and copy-pasted into the secrets file.
But if the app is distributed, and a user who isn’t a bot server admin
wants to install the bot into their workspace, the server needs to
handle OAuth.

Author: yasunariw

lib/action.ml

@@ -232,4 +232,34 @@ module Action (Github_api : Api.Github) (Slack_api : Api.Slack) = struct
     | Context.Context_error msg ->
       log#error "%s" msg;
       Lwt.return_unit
+
+  let process_slack_oauth (ctx : Context.t) args =
+    try%lwt
+      let secrets = Context.get_secrets_exn ctx in
+      match secrets.slack_access_token with
+      | Some _ -> Lwt.return "ok"
+      | None ->
+      match Slack.validate_state ?oauth_state:secrets.slack_oauth_state ~args with
+      | Error e -> action_error e
+      | Ok () ->
+      match List.Assoc.find args "code" ~equal:String.equal with
+      | None -> action_error "argument `code` not found in slack authorization request"
+      | Some code ->
+        ( match%lwt Slack_api.update_access_token_of_context ~ctx ~code with
+        | Error e -> action_error e
+        | Ok () -> Lwt.return "ok"
+        )
+    with
+    | Yojson.Json_error msg ->
+      let e = Printf.sprintf "failed to parse file as valid JSON (%s)\naborting slack oauth exchange" msg in
+      log#error "%s" e;
+      Lwt.return e
+    | Action_error msg ->
+      let e = Printf.sprintf "%s\naborting slack oauth exchange" msg in
+      log#error "%s" e;
+      Lwt.return e
+    | Context.Context_error msg ->
+      let e = Printf.sprintf "%s\naborting slack oauth exchange" msg in
+      log#error "%s" e;
+      Lwt.return e
 end

src/request_handler.ml

@@ -38,6 +38,9 @@ let setup_http ~ctx ~signature ~port ~ip =
           log#info "%s" request.body;
           let%lwt () = Action.process_github_notification ctx request.headers request.body in
           ret (Lwt.return "ok")
+        | _, [ "slack"; "oauth" ] ->
+          log#info "slack oauth authorization request received";
+          ret @@ Action.process_slack_oauth ctx request.args
         | _, _ ->
           log#error "unknown path : %s" (Httpev.show_request request);
           ret_err `Not_found "not found"