Provide a custom event for AppAPI to receive message to send to bots

[bigcat88]

Is your feature request related to a problem? Please describe.

Starting from AppAPI 2.0 we support installation of ExApps on the remote servers.
In these cases, we use additional authentication + brute-force protection using HaProxy and a password, which is not compatible with the current implementation of TalkBots.

As a temporary solution we implemented such code:
https://github.com/cloud-py-api/app_api/blob/5e492fb4d9102233d0fad03d38c41f5f642d2b70/lib/Controller/TalkBotController.php#L83-L131

Where AppAPI act as a proxy. But it is a temporary solution, and very ugly.

Describe the solution you'd like

Perhaps a solution would be to add a new value to the BotInstallEvent, such as "callFunctionFlag", and when it is set, the call to provided function occurs instead of a request to the URL.

url in this case will be something like: "\OCA\AppAPI\BotMessage"

This will allow PHP applications that installed inside Nextcloud to receive messages directly without authentication.

Describe alternatives you've considered

Implementing a new event: "BotMessage" and PHP applications can listen for it and do with it whenever they want.

Maybe some other alternative will be better and someone has a better idea.

[nickvergessen]

As a temporary solution we implemented such code:
https://github.com/cloud-py-api/app_api/blob/5e492fb4d9102233d0fad03d38c41f5f642d2b70/lib/Controller/TalkBotController.php#L83-L131
Where AppAPI act as a proxy. But it is a temporary solution, and very ugly.

Yeah that's definetly not the right way, as other apps should not invoke internal services directly. They are neither public nor stable APIs.

Perhaps a solution would be to add a new value to the BotInstallEvent, such as "callFunctionFlag", and when it is set, the call to provided function occurs instead of a request to the URL.

That sounds like a potential security issue, but an event should be an option.

That being said, https://nextcloud-talk.readthedocs.io/en/latest/events/#chat-message-sent should be exactly what you need?

[bigcat88]

That being said, https://nextcloud-talk.readthedocs.io/en/latest/events/#chat-message-sent should be exactly what you need?

Wow, thanks, I missed that in docs. We will discuss this in a team, maybe that will be enough and I will close this.

[bigcat88]

That being said, https://nextcloud-talk.readthedocs.io/en/latest/events/#chat-message-sent should be exactly what you need?

We definitely can use that, instead of current AppAPI proxy implementation, but what then we can put in url during bot registration to inform Talk that no need of notifications from it's side is needed(as they will fail)?

[nickvergessen]

Use the "feature flag" response or none …

Okay not exported yet on the events, but that is what would be used from CLI.
So should just add it to the PHP event as well I guess