Skip to content

Instantly share code, notes, and snippets.

@sachinr
Created July 25, 2018 21:19
Show Gist options
  • Save sachinr/838fefa9c5db42cef138c29d404d8bd2 to your computer and use it in GitHub Desktop.
Save sachinr/838fefa9c5db42cef138c29d404d8bd2 to your computer and use it in GitHub Desktop.
Slack verifying request signatures with Node & Express
const express = require('express');
const bodyParser = require('body-parser');
const qs = require('querystring');
const crypto = require('crypto');
const app = express();
const rawBodySaver = function (req, res, buf, encoding) {
if (buf && buf.length) {
req.rawBody = buf.toString(encoding || 'utf8');
}
}
const verifySignature = function(req) {
const signature = req.headers['x-slack-signature']
const timestamp = req.headers['x-slack-request-timestamp']
const hmac = crypto.createHmac('sha256', process.env.SIGNING_SECRET)
const [version, hash] = signature.split('=')
hmac.update(`${version}:${timestamp}:${req.rawBody}`)
return hmac.digest('hex') === hash
};
/*
* Parse application/x-www-form-urlencoded && application/json
*/
app.use(bodyParser.urlencoded({verify: rawBodySaver, extended: true }));
app.use(bodyParser.json({ verify: rawBodySaver }));
app.post('/commands', (req, res) => {
const { token, text, trigger_id } = req.body;
// check that the request signature matches expected value
if (verifySignature(req)) {
res.send('');
} else {
res.sendStatus(500);
}
}
app.post('/interactive-component', (req, res) => {
const body = JSON.parse(req.body.payload);
// check that the verification token matches expected value
if (verifySignature(req)) {
res.send('');
} else {
res.sendStatus(500);
}
});
app.listen(process.env.PORT, () => {
console.log(`App listening on port ${process.env.PORT}!`);
});
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment