My Collab Lab

mycollablab.org

Spark Bot Security

October 15, 2017 PHP Webex

There’s no way to restrict bot usage by other people that you might not want to have it. What you can do is look at other things and deside if you bot wants to stay. With the Tropo SMS bot I created I wanted to make sure that it didn’t get highjacked and a ton of SMS messages sent. This script is added to a create membership webhook. Pretty straight forward. When the script is triggered, the bot looks to see if I am in the room to. If it is then everything goes smooth. If not the bot leaves the room. More could be put to it or done different ways, but stuff to think about. Note that the bot does stay if I leave which may or may not be find depending on the bots use. It could also be tweaked to only stay in rooms that have your company in them and leave if there is an outside user.

Main Spark Bot Script


<?php

    $sparkToken = "Stuff"; //sms@13.59.168.227

function send_to_spark($method,$uri,$data) {

    global $sparkToken;

    switch ($method) {
        case "get":
            $uri .= $data;
            $options = array(
                    'http' => array(
                        'header'  => "Authorization: Bearer ".$sparkToken." \r\nContent-type: application/x-www-form-urlencoded\r\n",
                        'method'  => 'GET',
                    ),
                );
                break;
        case "post":
            $options = array(
                'http' => array(
                    'header'  => "Authorization: Bearer ".$sparkToken." \r\nContent-type: application/json\r\n",
                    'method'  => 'POST',
                    'content' => json_encode($data),
                ),
            );
            break;
        case "delete":
            $uri .= $data;
            $options = array(
                'http' => array(
                    'header'  => "Authorization: Bearer ".$sparkToken." \r\nContent-type: application/x-www-form-urlencoded\r\n",
                    'method'  => 'DELETE',
                ),
            );
            break;

    }

    $context  = stream_context_create($options);
    $result = json_decode(file_get_contents("https://api.ciscospark.com/v1/".$uri, false, $context));

    return $result;
}

$jsonData = json_decode(strip_tags(file_get_contents("php://input")));

$sparkResponse = send_to_spark("get","memberships?roomId=",preg_replace("/\"/","",$jsonData->data->roomId));

if (  preg_match("/jsnipes@domain.com/i",json_encode($sparkResponse)) ){
//If I'm not in the room then leave the room
    $sparkResponse = send_to_spark("get","memberships?roomId=",preg_replace("/\"/","",$jsonData->data->roomId."&personEmail=sms@domain.org"));
    $membershipId = json_decode(preg_replace("/[\[\]]/","",json_encode($sparkResponse)))->items->id;

    $data = array("text"=>"Doesn't look like my owner is here.  I'm not staying."
                    ,"roomId"=>$jsonData->data->roomId);
    $sparkResponse = send_to_spark("post","messages",$data);

    $sparkResponse = send_to_spark("delete","memberships/",$membershipId);

}

?>

botsecurityspark

User Input Update

Spark+SMS Interop with Tropo


Jon Snipes
LinkedIn

My career progressed from head butcher to Collaboration CCIE. There isn’t much technically that carries over between professions, but 8 years of direct customer service experience and squeezing margin out of processes provided a solid base and direction for the rest of my career. My focus today is deep into collaboration messaging, voice and video with the expertise to develop processes and programmatic solutions to complex business problems.

Principal Architect at Cloverhound
CCIE Collaboration 51786
Cisco Webex Expert
2018-2021 Cisco Champion

Categories
  • Cloud (4)
  • Contact Center (1)
  • Development (1)
  • PHP (10)
  • Python (3)
  • Uncategorized (1)
  • Video (2)
  • Voice (12)
  • Voicemail (5)
  • Webex (7)
Recent Posts
  • Azure OAuth2.0 User Authentication December 4, 2021
  • Pass-through Gateway Routing and Dial Peer Groups December 4, 2021
  • Get Started Coding with Python: System Setup and Running Scripts December 4, 2021
  • Exporting CUCM to an Offline Local DB with Python December 4, 2021
  • Connecting to UCCX INFORMIX DB with Python on Linux December 4, 2021
Proudly powered by WordPress | Theme: Doo by ThemeVS.