Spark Bot Security
There’s no way to restrict bot usage by other people that you might not want to have it. What you can do is look at other things and deside if you bot wants to stay. With the Tropo SMS bot I created I wanted to make sure that it didn’t get highjacked and a ton of SMS messages sent. This script is added to a create membership webhook. Pretty straight forward. When the script is triggered, the bot looks to see if I am in the room to. If it is then everything goes smooth. If not the bot leaves the room. More could be put to it or done different ways, but stuff to think about. Note that the bot does stay if I leave which may or may not be find depending on the bots use. It could also be tweaked to only stay in rooms that have your company in them and leave if there is an outside user.
Main Spark Bot Script
<?php
$sparkToken = "Stuff"; //sms@13.59.168.227
function send_to_spark($method,$uri,$data) {
global $sparkToken;
switch ($method) {
case "get":
$uri .= $data;
$options = array(
'http' => array(
'header' => "Authorization: Bearer ".$sparkToken." \r\nContent-type: application/x-www-form-urlencoded\r\n",
'method' => 'GET',
),
);
break;
case "post":
$options = array(
'http' => array(
'header' => "Authorization: Bearer ".$sparkToken." \r\nContent-type: application/json\r\n",
'method' => 'POST',
'content' => json_encode($data),
),
);
break;
case "delete":
$uri .= $data;
$options = array(
'http' => array(
'header' => "Authorization: Bearer ".$sparkToken." \r\nContent-type: application/x-www-form-urlencoded\r\n",
'method' => 'DELETE',
),
);
break;
}
$context = stream_context_create($options);
$result = json_decode(file_get_contents("https://api.ciscospark.com/v1/".$uri, false, $context));
return $result;
}
$jsonData = json_decode(strip_tags(file_get_contents("php://input")));
$sparkResponse = send_to_spark("get","memberships?roomId=",preg_replace("/\"/","",$jsonData->data->roomId));
if ( preg_match("/jsnipes@domain.com/i",json_encode($sparkResponse)) ){
//If I'm not in the room then leave the room
$sparkResponse = send_to_spark("get","memberships?roomId=",preg_replace("/\"/","",$jsonData->data->roomId."&personEmail=sms@domain.org"));
$membershipId = json_decode(preg_replace("/[\[\]]/","",json_encode($sparkResponse)))->items->id;
$data = array("text"=>"Doesn't look like my owner is here. I'm not staying."
,"roomId"=>$jsonData->data->roomId);
$sparkResponse = send_to_spark("post","messages",$data);
$sparkResponse = send_to_spark("delete","memberships/",$membershipId);
}
?>