forked from slack-go/slack
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsecurity.go
47 lines (40 loc) · 1.43 KB
/
security.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
package slack
import (
"crypto/hmac"
"crypto/sha256"
"encoding/hex"
"errors"
"fmt"
"hash"
"net/http"
)
// SecretsVerifier contains the information needed to verify that the request comes from Slack
type SecretsVerifier struct {
slackSig string
timeStamp string
hmac hash.Hash
}
// NewSecretsVerifier returns a SecretsVerifier object in exchange for an http.Header object and signing secret
func NewSecretsVerifier(header http.Header, signingSecret string) (SecretsVerifier, error) {
if header["X-Slack-Signature"][0] == "" || header["X-Slack-Request-Timestamp"][0] == "" {
return SecretsVerifier{}, errors.New("Headers are empty, cannot create SecretsVerifier")
}
hash := hmac.New(sha256.New, []byte(signingSecret))
hash.Write([]byte(fmt.Sprintf("v0:%s:", header["X-Slack-Request-Timestamp"][0])))
return SecretsVerifier{
slackSig: header["X-Slack-Signature"][0],
timeStamp: header["X-Slack-Request-Timestamp"][0],
hmac: hash,
}, nil
}
func (v *SecretsVerifier) Write(body []byte) (n int, err error) {
return v.hmac.Write(body)
}
// Ensure compares the signature sent from Slack with the actual computed hash to judge validity
func (v SecretsVerifier) Ensure() error {
computed := "v0=" + string(hex.EncodeToString(v.hmac.Sum(nil)))
if computed == v.slackSig {
return nil
}
return fmt.Errorf("Expected signing signature: %s, but computed: %s", v.slackSig, computed)
}