Implement secure Slack account linking

[Eneshjakhar]

Description

This PR implements Slack account linking functionality for HelpMe, enabling Slack bots to authenticate users and access HelpMe's chatbot through a secure OAuth 2.0 flow. The feature provides a complete account binding system that allows Slack users to link their HelpMe accounts and access course-specific chatbot functionality.

Key Features:

• Complete OAuth flow for Slack account linking
• Secure short-lived, one-time use codes for authentication
• User data retrieval including courses, chat tokens, and organization info
• API endpoints for code exchange
• Database entity for temporary code storage with automatic expiration

Motivation: Slack bots need a secure way to authenticate users and access HelpMe's chatbot API. This implementation provides a standard OAuth flow that allows Slack applications to link user accounts and retrieve necessary data for chatbot interactions, course management, and user-specific functionality.

Dependencies: None - uses existing auth system and database infrastructure.

Type of change

• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• This change requires a documentation update
• This requires a run of yarn install
• This change requires an addition/change to the production .env variables. These changes are below:
• This change requires developers to add new .env variables. The file and variables needed are below:
• This change requires a database query to update old data on production. This query is below:

How Has This Been Tested?

Please describe how you tested this PR (both manually and with tests)
Provide instructions so we can reproduce.

• Test A: OAuth Flow - Test complete Slack linking flow from /link command to successful account binding
• Test B: Code Generation - Verify short-lived codes are generated with proper expiration (5 minutes)
• Test C: Code Exchange - Test server-to-server code exchange returns correct user data
• Test D: User Data Retrieval - Confirm returned data includes userId, name, email, courses, and chatToken
• Test E: Security - Verify codes are one-time use and properly consumed after exchange
• Test F: Error Handling - Test handling of expired codes, invalid codes, and missing parameters

Reproduction Steps:

1. Start HelpMe server and ensure database is running
2. Create a Slack app with /link command pointing to HelpMe OAuth endpoints
3. Run /link in Slack and follow OAuth flow
4. Verify redirect to HelpMe login (if not authenticated)
5. After login, verify redirect back to Slack with authorization code
6. Test code exchange endpoint returns user data with courses and chatToken

Checklist:

• I have performed a self-review of my own code
• I have commented my code where needed
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• I have checked that new and existing tests pass locally with my changes
• Any work that this PR is dependent on has been merged into the main branch
• Any UI changes have been checked to work on desktop, tablet, and mobile

Files Changed

New Files:

• packages/server/src/slack/slack-link-code.entity.ts - Database entity for temporary linking codes

Modified Files:

• packages/server/src/auth/auth.service.ts - Added Slack linking methods
• packages/server/src/auth/auth.controller.ts - Added OAuth endpoints
• packages/server/ormconfig.ts - Registered new entity

API Endpoints Added

• GET /api/v1/auth/slack/start - OAuth entry point
• GET /api/v1/auth/slack/finish - Code generation and redirect
• POST /api/v1/auth/slack/exchange - Server-to-server code exchange

Data Structure

Returns user data in format:

{
  "userId": 123,
  "name": "John Doe",
  "email": "john@example.com",
  "organizationId": 1,
  "courses": [
    {"id": 1, "name": "CS 101"},
    {"id": 2, "name": "Math 200"}
  ],
  "chatToken": "uuid-for-chatbot-api"
}

[AdamFipke]

Slack bots need a secure way to authenticate users and access HelpMe's chatbot API.

I'm a little confused. Why does a slack bot need to authenticate users when it can just authenticate itself (even just using the existing login endpoints) and then call the endpoints it needs to on behalf of the user? We could then just record what userId the slackbot is inside the .env file and then add a new guard that limits the slack bot to only call just the /ask endpoint (and maybe any other endpoints it needs but I think /ask is all it needs).

Granted, this would mean you wouldn't have any user tracking. For that you would need to create new users here based on the slack user's information (which this PR doesn't seem to do and only seems to authenticate existing users?) and then store a map (either on HelpMe DB or on the slackbot itself) that maps each userId to slack user and then essentially call the /ask endpoint on behalf of said user (or something like that, anyway). And while user tracking would be nice, it would require a lot more work and thought to do securely.

[AdamFipke]

We could then just record what userId the slackbot is inside the .env file and then add a new guard that limits the slack bot to only call just the /ask endpoint (and maybe any other endpoints it needs but I think /ask is all it needs).

Actually this part may not be as simple since there's different courses. Though, I guess the slackbot can just be invited to all courses that require it, and then it decide what courses' /ask endpoint should be called based on what channel the person asked the question in (or something like that)