Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
// A bot requires a state store to persist the dialog and user state between messages.
// For local development, in-memory storage is used.
// CAUTION: The Memory Storage used here is for local bot debugging only. When the bot
// is restarted, anything stored in memory will be gone.
const memoryStorage = new MemoryStorage();
const conversationState = new ConversationState(memoryStorage);
// Create the conversationIdFactory
const conversationIdFactory = new SkillConversationIdFactory();
// Load skills configuration
const skillsConfig = new SkillsConfiguration();
// Create the credential provider;
const credentialProvider = new SimpleCredentialProvider(process.env.MicrosoftAppId, process.env.MicrosoftAppPassword);
// Create the skill client
const skillClient = new SkillHttpClient(credentialProvider, conversationIdFactory);
// Create the main dialog.
const bot = new RootBot(conversationState, skillsConfig, skillClient);
// Create HTTP server.
// maxParamLength defaults to 100, which is too short for the conversationId created in skillConversationIdFactory.
// See: https://github.com/microsoft/BotBuilder-Samples/issues/2194.
const server = restify.createServer({ maxParamLength: 1000 });
server.listen(process.env.port || process.env.PORT || 3978, function() {
console.log(`\n${ server.name } listening to ${ server.url }`);
console.log('\nGet Bot Framework Emulator: https://aka.ms/botframework-emulator');
console.log('\nTo talk to your bot, open the emulator select "Open Bot"');
});
const { ConnectorClient, MicrosoftAppCredentials, SimpleCredentialProvider, JwtTokenValidation } = require('botframework-connector');
const { Activity, ActivityTypes } = require('botframework-schema');
const restify = require('restify');
// Create server
let server = restify.createServer();
server.use(restify.plugins.bodyParser());
server.listen(process.env.port || process.env.PORT || 3978, function () {
console.log(`${server.name} listening to ${server.url}`);
});
const botCredentials = {
appId: '',
appPassword: ''
};
const authenticator = new SimpleCredentialProvider(botCredentials.appId, botCredentials.appPassword);
const credentials = new MicrosoftAppCredentials(botCredentials.appId, botCredentials.appPassword);;
server.post('/api/messages', (req, res, next) => {
console.log('processReq:', req.body);
let activity = req.body;
// authenticate request
JwtTokenValidation.assertValidActivity(activity, req.headers.authorization, authenticator).then(() => {
// On message activity, reply with the same text
if (activity.type === ActivityTypes.Message) {
var reply = createReply(activity, `You said: ${activity.text}`);
const client = new ConnectorClient(credentials, activity.serviceUrl);
client.conversations.replyToActivity(activity.conversation.id, activity.id, reply)
.then((reply) => {
// Create store
const store = redux.createStore(conversation.store,
redux.applyMiddleware(
// our custom Redux middleware
lowerCase,
// and a popular piece of Redux middleware from npm
createLogger()
));
// Create the authenticator (for inbound activities) and the credentials (for outbound activities)
const botCredentials = {
appId: process.env.MICROSOFT_APP_ID,
appPassword: process.env.MICROSOFT_APP_PASSWORD
};
const authenticator = new SimpleCredentialProvider(botCredentials.appId, botCredentials.appPassword);
const credentials = new MicrosoftAppCredentials(botCredentials.appId, botCredentials.appPassword);;
// Redux provides a simple pub-sub model that we can use to help organize our application logic in a decoupled way
server.post('/api/messages', (req, res) => {
console.log('processReq:', req.body);
let activity = req.body;
// authenticate request
JwtTokenValidation.assertValidActivity(activity, req.headers.authorization, authenticator).then(() => {
// dispatch the inbound activity to redux
store.dispatch({ type: activity.type, activity: activity });
private async authenticateConnection(req: WebRequest, appId?: string, appPassword?: string, channelService?: string): Promise {
if (!appId || !appPassword) {
// auth is disabled
return true;
}
try {
let authHeader: string = req.headers.authorization || req.headers.Authorization || '';
let channelIdHeader: string = req.headers.channelid || req.headers.ChannelId || req.headers.ChannelID || '';
let credentials = new MicrosoftAppCredentials(appId, appPassword);
let credentialProvider = new SimpleCredentialProvider(credentials.appId, credentials.appPassword);
let claims = await JwtTokenValidation.validateAuthHeader(authHeader, credentialProvider, channelService, channelIdHeader);
return claims.isAuthenticated;
} catch (error) {
this.logger.log(error);
return false;
}
}
}
private async authenticateConnection(req: WebRequest, appId?: string, appPassword?: string, channelService?: string): Promise {
if (!appId || !appPassword) {
// auth is disabled
return true;
}
try {
let authHeader: string = req.headers.authorization || req.headers.Authorization || '';
let channelIdHeader: string = req.headers.channelid || req.headers.ChannelId || req.headers.ChannelID || '';
let credentials = new MicrosoftAppCredentials(appId, appPassword);
let credentialProvider = new SimpleCredentialProvider(credentials.appId, credentials.appPassword);
let claims = await JwtTokenValidation.validateAuthHeader(authHeader, credentialProvider, channelService, channelIdHeader);
return claims.isAuthenticated;
} catch (error) {
this.logger.log(error);
return false;
}
}
constructor(settings?: Partial) {
super();
this.settings = { appId: '', appPassword: '', ...settings };
// If settings.certificateThumbprint & settings.certificatePrivateKey are provided,
// use CertificateAppCredentials.
if (this.settings.certificateThumbprint && this.settings.certificatePrivateKey) {
this.credentials = new CertificateAppCredentials(this.settings.appId, settings.certificateThumbprint, settings.certificatePrivateKey, this.settings.channelAuthTenant);
this.credentialsProvider = new SimpleCredentialProvider(this.credentials.appId, '');
} else {
this.credentials = new MicrosoftAppCredentials(this.settings.appId, this.settings.appPassword || '', this.settings.channelAuthTenant);
this.credentialsProvider = new SimpleCredentialProvider(this.credentials.appId, this.settings.appPassword || '');
}
this.isEmulatingOAuthCards = false;
// If no channelService or openIdMetadata values were passed in the settings, check the process' Environment Variables for values.
// These values may be set when a bot is provisioned on Azure and if so are required for the bot to properly work in Public Azure or a National Cloud.
this.settings.channelService = this.settings.channelService || process.env[AuthenticationConstants.ChannelService];
this.settings.openIdMetadata = this.settings.openIdMetadata || process.env[AuthenticationConstants.BotOpenIdMetadataKey];
this.authConfiguration = this.settings.authConfig || new AuthenticationConfiguration();
if (this.settings.openIdMetadata) {
ChannelValidation.OpenIdMetadataEndpoint = this.settings.openIdMetadata;
GovernmentChannelValidation.OpenIdMetadataEndpoint = this.settings.openIdMetadata;
}
if (JwtTokenValidation.isGovernment(this.settings.channelService)) {
constructor({appId: appId, password: password, fb_verify_token: fb_verify_token, fb_password: fb_password, fb_access_token: fb_access_token}){
super({
verify_token: fb_verify_token,
app_secret: fb_password,
access_token: fb_access_token
});
this.credentials = new botframework_connector.MicrosoftAppCredentials(appId, password);
this.credentialsProvider = new botframework_connector.SimpleCredentialProvider(appId, password);
this.tokenApiClient = new botframework_connector.TokenApiClient(this.credentials, { baseUri: OAUTH_ENDPOINT, userAgent: exports.USER_AGENT });;
}
constructor(settings) {
super();
this.settings = Object.assign({ appId: '', appPassword: '' }, settings);
this.credentials = new botframework_connector_1.MicrosoftAppCredentials(this.settings.appId, this.settings.appPassword || '');
this.credentialsProvider = new botframework_connector_1.SimpleCredentialProvider(this.credentials.appId, this.credentials.appPassword);
this.isEmulatingOAuthCards = false;
}
/**