Update the vulnerable Archivers "slackin" invite app

[patcon]

There is a vulnerability that can be a huge hassle if spammer discovers our Slack invite form: http://slackout.github.io/

Basically, it can flood our invites and make us hit an invite quota that will can the form to fail for many real users, in a way that we can't fix without registering a whole new slack and migrating the community :/

cc: @b5

To Do

• [x] get access to slackin app (on heroku from @b5?)
• [x] create google captcha api keys for app
• [x] update the slack code
• [x] host code in [datatogether?] github org (optional) https://github.com/datatogether/archivers-slack
• [ ] set up auto-deploy from github master branch (optional)
• [x] add some other people as heroku contributors (optional)

Outstanding Questions

1. Does this technically fall under DataTogether now? I ask because the Google Captcha API credentials should prob exist under a proper shared brand account, and I'm not sure what that could be now -- happy to use EDGI brand account for now, but also happy to create a "DataTogether" or "Archivers" brand account, pending feedback :)

[b5]

yo yo just gave you access on heroku @patcon, I have no idea where/if the repo lives on GitHub, maybe git pull from the heroku endpoint, feel free to modify / push to that heroku box as necessary.

[patcon]

Done and done. Turns out the invite app was actually completely different, and I didn't realize until after. but anyhow, we've now got source code here: https://github.com/datatogether/archivers-slack

There are a couple more features:

• active and total user counts
• captcha

Things I did:

• set up google reCAPTCHA
  • sent an invite to co-own the client keys to your personal gmail @b5
• added this service to the DataTogether access doc

I'll leave this open until I have time to set up and document the auto-deploy to heroku

[patcon]

Actually, auto-deploy doesn't seem right here. I don't want to fork their code just to doc that in our fork's readme, but otherwise, it would be unexpected behaviour -- someone could accidentally break things while pushing to github

[b5]

🤔

[patcon]

confuzzled, I'm seeing it work fine at both http and https. You using a domain besides https://archivers-slack.herokuapp.com/ ?

[b5]

oh, there is also url that points to this same thing: http://slack.archivers.space, must be the issue

[patcon]

ah cool! added that one too. tooltip says it could take up to 30 min to take affect. thx!