wireapp / echo-bot Goto Github PK

WARN [2021-03-03 13:32:10,687] org.reflections.Reflections: given scan urls are empty. set urls in the configuration
INFO [2021-03-03 13:32:11,545] com.wire.bots.logger: Running health checks...
ERROR [2021-03-03 13:32:15,636] com.wire.bots.logger: Outbound failed with: {"code":404,"message":"HTTP 404 Not Found"}. status: 404
java.lang.RuntimeException
at com.wire.lithium.Server.runHealthChecks(Server.java:270)
at com.wire.lithium.Server.run(Server.java:152)
at com.wire.lithium.Server.run(Server.java:73)
at io.dropwizard.cli.EnvironmentCommand.run(EnvironmentCommand.java:44)
at io.dropwizard.cli.ConfiguredCommand.run(ConfiguredCommand.java:87)
at io.dropwizard.cli.Cli.run(Cli.java:78)
at io.dropwizard.Application.run(Application.java:94)
at com.wire.bots.echo.Service.main(Service.java:30)

1. Registered my bot
2. Built the bot on macOS 10.12.3 with make - without any errors.
3. Deployed hello.jar, hello.yaml and keystore.jks.
4. Started it on Debian 8 with java -jar hello.jar server hello.yaml - without problems.
5. Tried to start a conversation with the bot.
6. Received the error Could not find native library libsodium.so in jar.

Excerpt from log:

INFO  [2017-03-13 17:17:42,301] org.eclipse.jetty.server.Server: Started @5381ms
13/03/2017 18:17:57 - [INFO] - onNewBot: user: 9bce80c5-ec4c-457e-a966-7eecee1674d9/Florian, locale: en
ERROR [2017-03-13 17:17:57,676] io.dropwizard.jersey.errors.LoggingExceptionMapper: Error handling a request: f095cab88d2759c0
! java.io.FileNotFoundException: Could not find native library libsodium.so in jar.
! at com.wire.cryptobox.NativeLibraryLoader.loadFromJar(NativeLibraryLoader.java:28)
! ... 65 common frames omitted
! Causing: java.lang.RuntimeException: java.io.FileNotFoundException: Could not find native library libsodium.so in jar.
! at com.wire.cryptobox.NativeLibraryLoader.loadFromJar(NativeLibraryLoader.java:45)
! at com.wire.cryptobox.NativeLibraryLoader.loadLibrary(NativeLibraryLoader.java:11)
! at com.wire.cryptobox.CryptoBox.<clinit>(CryptoBox.java:45)

During a call the initial screen share works fine but if that share is that stopped and another person tried to then share their screen it either completely fails, without raising an error, or just shares a black screen.

Tested in both browser and desktop clients
Windows -> Windows, Windows -> Linux, Linux <- Windows

Version 2.11.2685 (Linux)
Version 2.11.2712 (Windows)

How can I change the displayed name of my contacts. If I have over 200 contacts I don't know how is "AP" or "blind23". Better would be a possibility where I can change the displayed name of my contacts for my view only.

I noticed that the current version of API doesn't provide a method for bots to make/respond to connection requests with users? Hope this can be added soon:)

Having the sample hello app is a nice start, but there are a lot of things you can't tell from the sample code. It would be nice to have JavaDoc documentation for the Java API. Or the source code, so that we can just read the source to answer questions four ourselves. :)

User object seems to have id, name and accent, but it looks like it's missing recently introduced username. It's easy to spoof name thus username would be more reliable, especially when I want to use that username in my backend service.

Right now wire.com/b/botname links only work on webapp. Need support on mobile clients too.

Right now I am trying to deploy the echo bot and got quite some part working.
I am now stuck at the part where I am trying to add the bot to a conversation. Therefore I am using the add.sh script.

But I am always getting this response:

HTTP/1.1 502 Bad Gateway
Access-Control-Expose-Headers: Request-Id, Location
Content-Type: application/json
Date: Tue, 27 Aug 2019 06:28:09 GMT
Request-Id: 76455ec1809c3fb4b25cec4cbd72d238
Server: nginx
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Length: 155
Connection: keep-alive

{"code":502,"message":"{\"code\":502,\"message\":\"The upstream service returned an invalid response.\",\"label\":\"bad-gateway\"}","label":"server-error"}
Done!

The problem is I can not even see the request in the logs of the bot.
My own requests (with curl) instead are showing up.

$ curl https://bot.ortel.tech/bots/status  
**All good!**

[27/Aug/2019:06:27:54 +0000] "GET /bots/status HTTP/1.1" 200 13 "-" "curl/7.65.3" 5

Some more infos which might help finding the problem:

$ ./myprovider.sh list-services
[
  {
    "summary": "summary",
    "public_keys": [
      {
        "size": 4096,
        "pem": "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvOZ7OnydDAL0xLd8BB4O\nk12No0/txpfvdrGgzmlFmuJztGzbkviRGecLf3NIMYmc4EMsX22Mo8aZOvwgHduX\nYYgPWjRJzUbCa0tIibjKoWho0pIwn8JK0+VJ3DPO1uPb86nTBnvfO3aM70DuHAgz\nPFeCZMBdMMuZ6l14+vmVsdhEiky+v5m+/MCEC6bUSJ0j1p/Xb1B1/kztoacpXd60\nxk5dhbHgG8rdw0Y2OHGMRr5VW2t7NN1QcqSGgZhdphkmC0QUXXbTWKbiBdSfqVLp\n5yy8Ngx/Jzx5x3Cr6N9GpgRQ+ys1y5WcuWrTpgSytOj9f3ljGQXUUiyo0bkNusWl\nfFjeaLgx0CbhivzoEiZP+mnk597Qkpd832xLezXZkknSxfkb6IXe+hTxfogTTn08\nQVK+WQIpA3OtGyHRRnkjlDW8S5PjkQ6Ij+gHGD+2A7Ie2ISS86u1DwcssPfaUnqa\nmCOn2dHAxJjLQsy/zoLX7WC2ZWvuuxnEJ1Cc1h65bgnuOpYNIomQ9lwzScWKJrNh\n3qeXjcpDeDa07jxn3pukaC0AABmhzt7xS5Vo6Acxu0I5wAxbPH4QUx1nHoYl7Fks\nlgS3zFuBp/dWs4DBKPBhgmzWvoQi9+N/kWeshcbmTdHyAy1n5HtUEL5LQglapv3P\n0DKIkF3dvTDNIErrW4THnsMCAwEAAQ==\n-----END PUBLIC KEY-----\n",
        "type": "rsa"
      }
    ],
    "enabled": true,
    "base_url": "https://bot.ortel.tech:443", #tried https://bot.ortel.tech aswell
    "name": "M3NIX Echo Bot",
    "auth_tokens": [
      "MY SECRET AUTH KEY"
    ],
    "id": "831040d5-66bc-45a4-a634-54947b68b034",
    "assets": [],
    "description": "My try to deploy a working wire bot",
    "tags": [
      "tutorial"
    ]
  }

$ cat echo.yaml
server:
  # root path. Remove it if you dont need it
  rootPath: /

# comment out these 2 lines in order to enable HTTP reqs logging
#  requestLog:
#    appenders: []

# Log lever: INFO | DEBUG | ERROR
logging:
  level: INFO
  loggers:
    "com.wire.bots.logger": INFO

auth: MY SECRET AUTH KEY   # Service's auth token

# Swagger documentation... useful sometimes
swagger:
  resourcePackage: com.wire.bots.sdk.server.resources
  uriPrefix: /echo
  schemes:
    - http
    - https

# Calling stuff (optional)
module: echo
portMin: 32768
portMax: 32867
ingress: localhost

#redis DB. Primary keys are stored here
db:
  host: localhost
  driver: redis
  port: 6379    #redis default port
  password:

# To use file system as the storage use these settings
#db:
#  driver: fs

calling ./myprovider.sh auth will generate a ./.cookie file, then execute another command (eg get-self), response 401 Authorization Required, then I manually add the access_token to -H 'Authorization: Bearer $access_token ', request again, can work normally (Amazon server Linux).

my improvement is: extract access_token from the response 'cookie' and save it to the ./.access_token file. When executing other commands, read the access_token in the file and put it into -H "Authorization: Bearer $access_token", then send the request.

authenticate() {
   ### ..... Omit other code ....
   resp=$(curl -s -X POST "$zapi/provider/login" \
        -H 'Content-Type: application/json' \
        -d '{"email":"'"$auth_email"'"
            ,"password":"'"$auth_password"'"}' \
        -c ./.cookie)

    ### ..... save access_token ....
    awk 'END{print $7}' ./.cookie > ./.access_token
    cat ./.access_token
 
    echo "$auth_ident" > .current
    echo "Authenticated as $auth_email"
}

get_self() {
    check_auth

    ###  read access_token from ./.access_token file
    access_token=$(< "./.access_token")

    ###  put it to header
    ###  still pass the ./.cookie, double insurance
    resp=$(curl -s -X GET -H "Authorization: Bearer $access_token" "$zapi/provider" -b ./.cookie)
   
    if [[ "$resp" == \{* ]]; then
        echo "$resp" | jq .
    else
        echo "$resp"
    fi
}

I guess this API allows to create only public bots.

Is there a way to create a private BOT which will be running behind the NAT and will be allowed to join only certain channels/groups?

There should be a way to add bot to existing conversation or let bot change conversation to existing one. It would also allow multiple bots to join one conversation.

I'm trying to deploy a hello bot onto a heroku dyno. I have the server working and I can actually get a bot's subscription link, but then DevBot gives me the error:

Failed to query: https://safe-reef-88300.herokuapp.com:443/bots/status.
Make sure your service is running and this url is visible

On the heroku logs I see this error:

2017-05-13T13:56:26.088066+00:00 heroku[router]: at=error code=H13 desc="Connection closed without response" method=GET path="/bots/status" host=safe-reef-88300.herokuapp.com request_id=e59b09ec-da74-402f-a6b1-0c368e89f442 fwd="104.199.39.107" dyno=web.1 connect=0ms service=4ms status=503 bytes=0 protocol=https

In order to deploy the application to heroku, I prebuilt the bot on my machine, and then used a Null buildpack so heroku does no building on the server. I am running this in a free web dyno, and I have the https port exposed on 443. What would cause this error?

My echo.yaml is:

server:
  applicationConnectors:
    - type: http
      port: 8049
    - type: https
      port: 443
      keyStorePath: certs/keystore.jks
      keyStorePassword: 123456 
      certAlias: myservercert
      validateCerts: false
      validatePeers: false

  adminConnectors:
    - type: http
      port: 8051
#  requestLog:
#    appenders: []

auth: <bot token>  # obtained from DevBot when running: show bot <name>
name: testbridge
accent: 2
cryptoDir: certs

DevBot fails to create invite link if the bot shares name with previously deleted bot.

Example:

FUN: create bot mytest
DEVBOT: What should we call this bot?
FUN: mytest
[...]
FUN: enable bot mytest
DEVBOT: Enabled mytest
DEVBOT: Users can start using your bot by clicking on this link: wire.com/b/mytest
FUN: delete bot mytest
DEVBOT: Deleted mytest
FUN: create bot
DEVBOT: What should we call this bot?
FUN: mytest
[...]
FUN: enable bot mytest
DEVBOT: Enabled mytest
DEVBOT: Failed to create the invite link :(

The account is actually verified.

Expected behaviour: Show a confirmation message that verification was successful. State next steps.

Send some info messages or responses to commands as self-destruct messages to not SPAM the main chat.

I've had to make a few changes to the script.

in the authenticate section I had to remove /providers/ so it would just use /login.

I get my token, user, etc.

When I try to use the new-service function, I get an unauthorized error even after previously using the auth function.

A golang API would be great.

There should be documentation to answer questions about acceptable use of the API.

• Is there a rate limit?
• Are there things you want to deny bots from doing? (Ex: explicit content. Harassment. Etc.)
• Is there a way to report a bot you find doing something bad?

(Append other Acceptable Use questions to this issue with comments.)

The echo-bot service works for me when I use the add.sh script. But if I try and add any other participants it says "[user] does not want to be added to conversations". I've tried adding other participants before adding the bot to the conversation and after.

Presently, the registration form is quite bare-bones and it isn't clear what values are expected for the REGISTER_FORM.URL or REGISTER_FORM.DESCRIPTION fields. If you submit a value it doesn't like the backend will return a 400, but the frontend provides no feedback and spins infinitely.

Edit: I see that wireapp/roman mentions slightly different instructions for registering as a Wire Bot Developer. Is that method is equivalent to the one linked here?

Hello,

a friend of me is not able to login anymore. She only wants to login with her phone number and not with her email address. But after she login the app request an email address. Do you changed it or is it a bug? She has an Android phone and used wire since today.

Having documentation of the server API would allow us to write clients in languages other than Java.

• Request URLs/params
• Response formats
• Handling of authentication/SSL

This was asked via support mail. I was asked to create an issue, here.

I had two Wire accounts (A and B). Tried (more than once) to register with DevBot on account A and never received the mail to complete. I used the mail address which was assigned to account A. I moved everything to account B and deleted account A later. I moved the used mail address to account B as well.

When I try to register with DevBot from account B with my mail address I get: "This email address was already used to register". But I never successfully registered this address with DevBot.

Deleting all the messages in a conversation (including images, videos, sounds, etc), but without leaving or deleting the conversation itself, would be great !

I'm trying to run this bot on a heroku dyno, which means I have access to only one port. Are all the ports needed, or is only the https port truly needed?

A Node.js API would be great for writing easily Electron, or headless server, programs. Even potentially browser based applications.

I've been doing a lot of development in JS lately, so if I manage to get something thrown together before someone else does, I'll share that code here or in the group chat.

Some examples:
– Register (multiple steps)
If I’m already using Wire, should I register again with a new email or log in with my current account?

– Create new bot (with Don)
Many mentions of Don, yet no idea what or who Don is?

– RSA key (from /certs/privatekey.pem)
What? Where? On my own machine? From the code?

– Deploy service to cloud
Is this something I have to configure myself or something that Wire supplies? Just a button somewhere, that says "Deploy"? Etc

When I complete the add.sh script questions and Wire makes a call to my service it throws this exception:
java.lang.UnsatisfiedLinkError: no sodium in java.library.path

the add.sh script exits with this error:
{"code":502,"message":"The upstream service returned an invalid response.","label":"bad-gateway"}

I have confirmed that Wire can reach my service as I can see the initial POST to /bots in my logs.

java version: 1.8.0_201
OS: ubuntu 18.04

Wire Version: 2.11.2673 (Desktop)
Operating System: Windows 10

ISSUE DESCRIPTION:

When User A and User B have verified their encryption keys and User A's keys change due to him adding a new device to their account (which is unverified), User B is never notified of the change even when communicating with User A on the new device.

NARRATIVE:

The situation described above presents a simple attack surface for an attacker to MITM Wire users and should be corrected immediately. Basically, anyone with a users password can add a new device to that users account and begin communicating with their contact without their contacts being notified that they are communicating with a new, unverified, device.