Websocket authentication failures since 2023-09-19

Question

Websocket authentication failures since 2023-09-19

the-real-ed opened this issue 9 months ago · 0 comments

Hi,

I'm a matterircd user (Slack/Mattermost <-> IRC bridge), which utilises the slack-go library.

What happened

On September 19th (approximately 3AM UTC) I stopped receiving messages on my IRC client (IRC client <-> matterircd (uses slack-go) <-> Slack).

I investigated the logs and found the following errors (previously unseen):

websocket_managed_conn.go:62: RTM connection succeeded on try 27
websocket_managed_conn.go:387: Incoming Event: {"type":"error","error":{"msg":"invalid_auth","code":401,"source":"gatewayserver-syd-1"}}
websocket_managed_conn.go:477: RTM Error - received unmapped event "error": {"type":"error","error":{"msg":"invalid_auth","code":401,"source":"gatewayserver-syd-1"}}
websocket_managed_conn.go:219: killing connection signaled
websocket_managed_conn.go:181: Connecting to RTM

The lack of authentication leads to HTTP 429 (Too Many Requests) responses, which I was able to determine with custom code.

I updated the Token/Cookie to rule out obvious credential errors. This did not resolve the issues.

Expected behavior

The correct behaviour is for Slack messages to appear in my IRC client (via the matterircd IRC <-> Slack bridge).

Steps to reproduce

On investigating, I found other Slack<->IRC bridge users were also being affected, e.g.: insomniacslk/irc-slack#183 (also uses slack-go). The issue links to another Slack<->IRC bridge (written in Python) that hints at the solution: ltworf/localslackirc#426

reproducible code

As a proof-of-concept, I was able to hardcode a work-around which resolved the issue for me:

diff --git a/vendor/github.com/slack-go/slack/websocket_managed_conn.go b/vendor/github.com/slack-go/slack/websocket_managed_conn.go
index f107b2a..378cf91 100644
--- a/vendor/github.com/slack-go/slack/websocket_managed_conn.go
+++ b/vendor/github.com/slack-go/slack/websocket_managed_conn.go
@@ -222,6 +222,9 @@ func (rtm *RTM) startRTMAndDial(useRTMStart bool) (info *Info, _ *websocket.Conn
        // Only use HTTPS for connections to prevent MITM attacks on the connection.
        upgradeHeader := http.Header{}
        upgradeHeader.Add("Origin", "https://api.slack.com")
+       upgradeHeader.Add("user-agent", "test-agent")
+       upgradeHeader.Add("Authorization", "Bearer xoxc-<REDACTED>")
+       upgradeHeader.Add("Cookie", "d=xoxd-<REDACTED>;")
        dialer := websocket.DefaultDialer
        if rtm.dialer != nil {
                dialer = rtm.dialer

manifest.yaml

Versions

slack-go/slack: v0.12.2 (used in matterircd), v0.12.1 (used in irc-slack)

Apologies for not providing a full solution, but I am not familiar with Golang or websockets. If you're able to resolve this issue, I can raise another issue with project matterircd (and irc-slack) to update their dependencies/code.

Regards