Merge pull request #11 from lfn3/master

Add a token that's required to be invited.

README.md

@@ -19,6 +19,8 @@ fill out `config.js` as your infomation.
   You can generate it in <https://api.slack.com/web#auth>.
   **You should generate the token in admin user, not owner.**
   If you generate the token in owner user, `missing_scope` error will be occurred.
+* `inviteToken`: an optional security measure - if it is set, then that token will be required to get invited.
+  Intended to be provided in person or on a whiteboard or something.
 
   You can test your token via curl:
 

app.json

@@ -15,6 +15,10 @@
     "SLACK_TOKEN": {
       "description": "access token of slack, You can generate it in https://api.slack.com/web#auth",
       "value": ""
+    },
+    "INVITE_TOKEN": {
+      "description": "Shared secret token used to get access. Leave blank if you don't want users to have to provide a token.",
+      "value": ""
     }
   }
 }

config.js

@@ -12,5 +12,7 @@ module.exports = {
   //   curl -X POST 'https://YOUR-SLACK-TEAM.slack.com/api/users.admin.invite' \
   //   --data 'email=EMAIL&token=TOKEN&set_active=true' \
   //   --compressed
-  slacktoken: process.env.SLACK_TOKEN || 'YOUR-ACCESS-TOKEN'
+  slacktoken: process.env.SLACK_TOKEN || 'YOUR-ACCESS-TOKEN',
+
+  inviteToken: process.env.INVITE_TOKEN || ''
 };

public/css/style.css

@@ -100,7 +100,8 @@ font-family: 'Lato', sans-serif;
 font-size: 16px;
 color: #ffffff;
 float: left;
-padding: 15px ;
+padding: 15px;
+margin-bottom: 15px;
 }
 
 @media only screen and (max-device-width: 420px)  {

routes/index.js

@@ -4,11 +4,12 @@ var request = require('request');
 var config = require('../config');
 
 router.get('/', function(req, res) {
-  res.render('index', { community: config.community });
+  res.render('index', { community: config.community,
+                        tokenRequired: config.inviteToken !== "" });
 });
 
 router.post('/invite', function(req, res) {
-  if (req.body.email) {
+  if (req.body.email && req.body.token && config.inviteToken !== "" && req.body.token === config.inviteToken) {
     request.post({
         url: 'https://'+ config.slackUrl + '/api/users.admin.invite',
         form: {
@@ -43,7 +44,25 @@ router.post('/invite', function(req, res) {
         }
       });
   } else {
-    res.status(400).send('email is required.');
+    var errMsg = [];
+    if (!req.body.email) {
+      errMsg.push('email is required.');
+    }
+
+    if (config.inviteToken !== "") {
+      if (!req.body.token) {
+        errMsg.push('token is required.');
+      }
+
+      if (req.body.token && req.body.token !== config.inviteToken) {
+        errMsg.push('token is wrong.');
+      }
+    }
+
+    res.render('result', {
+      community: config.community,
+      message: errMsg.join(" and ")
+    });
   }
 });
 

views/index.jade

@@ -17,12 +17,15 @@ html
           .information
             form(method="POST", action="/invite")#join-form.form
               input(type="text", name="email", placeholder="Enter Your Email Address")#slack-email.field
+              if tokenRequired
+                input(type="text", name="token", placeholder="Enter the token you were given")#slack-token.field
               input(type="submit", value="Join").submit
     script.
       var form = document.getElementById('join-form');
-      var email = document.getElementById('slack-email')
+      var email = document.getElementById('slack-email');
+      var token = document.getElementById('slack-token');
       form.addEventListener('submit', function(evt) {
-        if (!email.value) {
+        if (!email.value || (tokenRequired && !token.value)) {
           evt.preventDefault();
         }
       });