slack-go / slack

Slack API in Go, originally by @nlopes; Maintainers needed, contact @parsley42
https://pkg.go.dev/github.com/slack-go/slack
BSD 2-Clause "Simplified" License
4.7k stars 1.14k forks source link

Websocket authentication failures since 2023-09-19 #1230

Open the-real-ed opened 1 year ago

the-real-ed commented 1 year ago

Hi,

I'm a matterircd user (Slack/Mattermost <-> IRC bridge), which utilises the slack-go library.

What happened

On September 19th (approximately 3AM UTC) I stopped receiving messages on my IRC client (IRC client <-> matterircd (uses slack-go) <-> Slack).

I investigated the logs and found the following errors (previously unseen):

websocket_managed_conn.go:62: RTM connection succeeded on try 27
websocket_managed_conn.go:387: Incoming Event: {"type":"error","error":{"msg":"invalid_auth","code":401,"source":"gatewayserver-syd-1"}}
websocket_managed_conn.go:477: RTM Error - received unmapped event "error": {"type":"error","error":{"msg":"invalid_auth","code":401,"source":"gatewayserver-syd-1"}}
websocket_managed_conn.go:219: killing connection signaled
websocket_managed_conn.go:181: Connecting to RTM

The lack of authentication leads to HTTP 429 (Too Many Requests) responses, which I was able to determine with custom code.

I updated the Token/Cookie to rule out obvious credential errors. This did not resolve the issues.

Expected behavior

The correct behaviour is for Slack messages to appear in my IRC client (via the matterircd IRC <-> Slack bridge).

Steps to reproduce

On investigating, I found other Slack<->IRC bridge users were also being affected, e.g.: https://github.com/insomniacslk/irc-slack/issues/183 (also uses slack-go). The issue links to another Slack<->IRC bridge (written in Python) that hints at the solution: https://github.com/ltworf/localslackirc/pull/426

reproducible code

As a proof-of-concept, I was able to hardcode a work-around which resolved the issue for me:

diff --git a/vendor/github.com/slack-go/slack/websocket_managed_conn.go b/vendor/github.com/slack-go/slack/websocket_managed_conn.go
index f107b2a..378cf91 100644
--- a/vendor/github.com/slack-go/slack/websocket_managed_conn.go
+++ b/vendor/github.com/slack-go/slack/websocket_managed_conn.go
@@ -222,6 +222,9 @@ func (rtm *RTM) startRTMAndDial(useRTMStart bool) (info *Info, _ *websocket.Conn
        // Only use HTTPS for connections to prevent MITM attacks on the connection.
        upgradeHeader := http.Header{}
        upgradeHeader.Add("Origin", "https://api.slack.com")
+       upgradeHeader.Add("user-agent", "test-agent")
+       upgradeHeader.Add("Authorization", "Bearer xoxc-<REDACTED>")
+       upgradeHeader.Add("Cookie", "d=xoxd-<REDACTED>;")
        dialer := websocket.DefaultDialer
        if rtm.dialer != nil {
                dialer = rtm.dialer

manifest.yaml

Versions

Apologies for not providing a full solution, but I am not familiar with Golang or websockets. If you're able to resolve this issue, I can raise another issue with project matterircd (and irc-slack) to update their dependencies/code.

Regards

juztin commented 2 months ago

~Also running into auth issues with the messages example~

~Created an app/token and used the above example with the newly created token and only ever get "invalid_auth".~

UPDATE

Got this working... was just stuck on the very convoluted Slack instructions for such a simple task.