Slack auth support

[jimaek]

Once we have the API functionality we need to support it in the app too. I was thinking something like this:

/globalping admin auth

The admin part is to discourage random users in the Slack org from using it.
It should open a new browser tab and close it if possible when user is done.
Can we somehow differentiate between user permissions? To limit that command only to admins. If not then I guess we just have to hope no user will abuse it.

Additional new related commands:

/globalping credits

Plan: Sponsor (Free IP|Free User|Sponsor|Custom)
Total credits: 2000
Remaining credits: 300
Visit [Globalping](https://www.jsdelivr.com/globalping) to manage your account

[ayuhito]

https://api.slack.com/methods/users.info

We would be able to differentiate Slack admins with this endpoint, so we can reject the command if they aren't an admin. Will need a new scope, which I didn't predict. Apologies.

[jimaek]

I think its time to review this task again since auth is finally live. @MartinKolarik Any thoughts or clarifications?

@radulucut please check as well

[MartinKolarik]

Overview

1. All auth commands are allowed only for admins or owners. Use https://api.slack.com/methods/users.info to check. Print an error for other users.
2. The commands are similar to the CLI:
   • /globalping auth login prints a link to open the web browser; the user signs in there and doesn't have to do anything else; the token is created and stored automatically in our chatbots installations table
   • /globalping auth status shows info like in the CLI
   • /globalping auth logout removes and revokes the token

Implementation details

• Recommended OAuth2 client library: https://github.com/panva/oauth4webapi/
• Client config for dev:
  • Client ID: 8d061aba-5635-4a4e-9cc9-a4aea0549fbe - must be configurable via ENV
  • Client Secret: public - must be configurable via ENV
  • Requested scopes: measurements - may be hardcoded
  • Redirect URL: http://localhost:3000/slack/oauth/callback - host must be configurable via ENV (call it SERVER_HOST), path stays the same
• All other details like in the CLI.

[radulucut]

@MartinKolarik I'm not sure where http://localhost:3000/slack/oauth/callback is supposed to be used. As far as I know there is no way to locally listen to a callback from a bot inside a slack client (native or browser), unless I am missing something. Webhooks seems to be a way to do it but it's not very clear from the docs.

[MartinKolarik]

I was thinking here which is then publicly reachable at bots.globalping.io. Once everything is done, you can redirect the user to https://dash.globalping.io/authorize/success and, if possible, also send a message to the slack channel that initiated auth that it was successful. The Slack client itself is not directly involved in the auth process, it just initiates it and then (ideally) reports the status after the web service gets the callback call.

[radulucut]

Then, the redirect URL should be https://bots.globalping.io/slack/oauth/callback, right?

[MartinKolarik]

In production yes, but the client I gave you has the localhost URL configured so that you can use it in dev. That's why the http://localhost:3000 part should be configurable via SERVER_HOST