class Slack::Events::Request
def body
def body @body ||= begin body = http_request.body.read http_request.body.rewind body end end
def expired?
def expired? timestamp.nil? || (Time.now.to_i - timestamp.to_i).abs > signature_expires_in end
def initialize(http_request, options = {})
def initialize(http_request, options = {}) @http_request = http_request @signing_secret = options[:signing_secret] || Slack::Events.config.signing_secret @signature_expires_in = options[:signature_expires_in] || Slack::Events.config.signature_expires_in end
def signature
The signature is created by combining the signing secret with the body of the request
def signature @signature ||= http_request.get_header('HTTP_X_SLACK_SIGNATURE') end
def timestamp
def timestamp @timestamp ||= http_request.get_header('HTTP_X_SLACK_REQUEST_TIMESTAMP') end
def valid?
def valid? raise MissingSigningSecret unless signing_secret digest = OpenSSL::Digest::SHA256.new signature_basestring = [version, timestamp, body].join(':') hex_hash = OpenSSL::HMAC.hexdigest(digest, signing_secret, signature_basestring) computed_signature = [version, hex_hash].join('=') computed_signature == signature end
def verify!
def verify! raise TimestampExpired if expired? raise InvalidSignature unless valid? true end
def version
def version 'v0' end