mythic-insight/calcom
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 5
calcom/packages/app-store/slackmessaging/lib/slackVerify.ts
sean-brydon fa1ca5fba0
Slack Signature Verification (#2667) 
* Slack Verify

* Adding await

* Update slackVerify.ts

Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com>
Co-authored-by: zomars <zomars@me.com>
2022-05-03 23:40:01 +00:00

36 lines
1.3 KiB
TypeScript
Raw Blame History

import { createHmac } from "crypto";
import dayjs from "dayjs";
import { NextApiRequest, NextApiResponse } from "next";
import { stringify } from "querystring";
import getAppKeysFromSlug from "../../_utils/getAppKeysFromSlug";
let signingSecret = "";
export default async function slackVerify(req: NextApiRequest, res: NextApiResponse) {
const body = req.body;
const timeStamp = req.headers["x-slack-request-timestamp"] as string; // Always returns a string and not a string[]
const slackSignature = req.headers["x-slack-signature"] as string;
const currentTime = dayjs().unix();
let { signing_secret } = await getAppKeysFromSlug("slack");
if (typeof signing_secret === "string") signingSecret = signing_secret;
if (!timeStamp) {
return res.status(400).json({ message: "Missing X-Slack-Request-Timestamp header" });
}
if (!signingSecret) {
return res.status(400).json({ message: "Missing Slack's signing_secret" });
}
if (Math.abs(currentTime - parseInt(timeStamp)) > 60 * 5) {
return res.status(400).json({ message: "Request is too old" });
}
const signature_base = `v0:${timeStamp}:${stringify(body)}`;
const signed_sig = "v0=" + createHmac("sha256", signingSecret).update(signature_base).digest("hex");
if (signed_sig !== slackSignature) {
return res.status(400).json({ message: "Invalid signature" });
}
}
Reference in a new issue View git blame Copy permalink