Adding support for transcripts, recording, AI summarization and meeting subscription to channels

[jespino]

This PR include 3 important changes:

1. It allows the user to subscribe channels to meetings. That way, whenever that meeting is started outside mattermost it will post a message with a link to the meeting (identical to the one is create when you click the zoom button).
2. Whenever a meeting is finish, if there is a recording it is going to report the recording, the transcription and the chat messages in replies to the original zoom post (this works for the meetings in the point 1 and for the meetings that are created using the zoom button).
3. If you have the mattermost AI Copilot plugin installed and configured, whenever you receive the transcription and the chat, you can summarize them using the AI plugin.

Testing

For testing this, you should test the 3 features independently (there is some degree of overlap, but I going to propose independent test cases). Another important thing is that before you test it you need to configure the zoom application in the zoom marketplace with the right webhook events (it has change, so check out the documentation).

I expect all the test proposed here are executed after properly configuring zoom plugin and AI copilot plugin

Test case 1: Subscription

• Go to zoom web interface and create a recurrent meeting.
• Go to a channel and execute /zoom subscribe [meeting id], where [meeting id] is the ID of the created meeting in the pervious step (without spaces)
• Go to the zoom web interface and initiate the recurrent meeting.
• The expected behavior is that in some seconds after that, you see the post in the channel that is subscribe.
• Stop the meeting.
• After some seconds you should see reflected in the post that the meeting has ended
• Go back to the channel and execute /zoom unsubscribe [meeting id], with the same meeting id.
• Go back to the zoom web interface and initiate the recurrent meeting again.
• The expected behavior is you don't see any post created in the channel.

Test case 2: Recordings, Chats, and Transcriptions (Without AI Copilot enabled)

• Go to any channel and click the zoom button to start a meeting.
• You will see the zoom post and you get automatically connect to the meeting.
• Leave the meeting.
• The post in some seconds is going to be mark as terminated.
• No other messages are published later (you can skip this step because you can verify it later).
• Open another zoom meeting using the same process.
• Send a chat message
• Start the recording
• Say some text to get that in the transcription
• Send another chat message
• Stop the recording
• Leave the meeting.
• After this, you will see the post message changing to ended (in some seconds).
• Then, after some minutes (maybe around 5), you will receive 2 new posts. one attaching the transcription, and one attaching the chat and including a link to the recording with the password.
• Check the transcription and see if that is the one.
• Check the chat and verify that only the message sent during the recording is there.
• Check the recording link and password (maybe you need to use an incognito window to require the password)

Test case 3: AI Summarization (With AI Copilot enabled)

• Follow all the steps of the test case 2 with AI copilot enable
• In the transcription message and in the chat message you should see a new button that allows you to summarize the content.
• Click that button in the chat history message and see the AI copilot summarizing it
• Click that button in the transcription message and see the AI copilot summarizing it
• If the text in the chat history or the transcription is too short the AI copilot can send you non-sense, if you want to have a better result with the AI copilot use more messages in the chat and speak more to include more text in the transcription.

---

Documentation PR: mattermost/docs#7276

[jespino]

This is because we are handling the incoming webhook from zoom as something secure, it should be signed if you configured it properly

[wiggin77]

Can these CodeQL errors be suppressed? We don't want this on every PR going forward after merge.

[jespino]

This is because we are handling the incoming webhook from zoom as something secure, it should be signed if you configured it properly

[mickmister]

CodeQL code tracing is 👌

[jespino]

Oh yes, I check the "show paths" and I was really impressed, It is pure gold.

[mickmister]

Excellent feature here 🚀

I gave the PR a review and added some comments for discussion. Let me know what you think 👍

[mickmister]

CodeQL code tracing is 👌

[mickmister]

I like this a lot 👍 Many Zoom meetings do not start in Mattermost, but now they kind of "do" because we can listen for that event in an intentionally subscribed channel. We do need to take access control into account here though. The person running this command should potentially not have access to that meeting

We'll also need to do some exploratory testing in general with this. e.g. Some conflict of meeting ids between starting a meeting in MM with a personal meeting id and a matching subscribed meeting id

[jespino]

Yes, probably the ideal solution is to not allow to subscribe personal meetings, and also ensure that you have access to the meeting before you subscribe it to the channel.

[jespino]

This is done. Now, you can only subscribe to meetings that are not personal meetings, so the only meetings that you know the ID upfront are not ad-hoc meetings, so any meeting created within Mattermost should be a PMI or Ad-hoc created on the fly.

[mickmister]

so the only meetings that you know the ID upfront are not ad-hoc meetings

Sure but what if someone knows the meeting id and not e.g. a password, can they start funneling in recordings of the meetings in their own channel? Is "knowing the meeting id ahead of time" enough of a security measure?

[wiggin77]

@enzowritescode Thoughts?

[enzowritescode]

@wiggin77 This has been on my TODO list for a while but other priorities have taken precedence. I even have a PR draft up from when I had started reviewing the plugin as a whole for better understanding #405.

Maybe with the introduction of Security Partners I can get this wrapped up in the next month or two

[jespino]

@mickmister PTAL

[wiggin77]

Leaving this request for change to get this off my review queue until it is ready.

[Kshitij-Katiyar]

@jespino Can you sync this PR with master, this fix some of the failing ci

[jespino]

@wiggin77 It looks like @enzowritescode is going to start with the security review soon, so feel free to start reviewing the code.

[mattermost-build]

This PR has been automatically labelled "stale" because it hasn't had recent activity.
A core team member will check in on the status of the PR to help with questions.
Thank you for your contribution!

[esarafianou]

Removing the security review. Please re-add Product Security if the PR is picked up again.

[marianunez]

Closing this PR as this work was moved and completed in #455

Thanks @jespino 👋