如何验证事件(例如app_mention)推送的来自Slack的请求?

时间:2019-08-28 08:30:11

标签: node.js slack slack-api

如果请求来自动作或斜杠命令(body:使用扁平JSON),则哈希计算正确,但如果请求来自slack事件,例如member_joined_channel(body:具有嵌套对象和数组的一个属性,则计算出的哈希值错误) 。有人遇到过类似的情况吗?我应该如何用嵌套对象对身体进行字符串化处理,否则这不是问题吗?

从哈希计算错误的事件中获取的示例主体:

{
  token: 'Nl6QizISEmzAEGEyoU5dXgJb',
  team_id: 'TG5TF58AA',
  api_app_id: 'BOB32T802',
  event: {
    type: 'member_joined_channel',
    user: 'UMSFF5SAD',
    channel: 'CG6CF6D4D',
    channel_type: 'C',
    team: 'TG3CF32RS',
    event_ts: '1566978171.000500'
  },
  type: 'event_callback',
  event_id: 'EvMS6K8BV2',
  event_time: 1566978171,
  authed_users: [ 'UMSFF5SAD' ]
}

我的验证松弛请求的代码:

    const { body, headers } = req

    const {
      'x-slack-request-timestamp': slackRequestTimestamp,
      'x-slack-signature': slackSignature
    } = headers

    const bodyString = qs.stringify(body, { format: 'RFC1738' })

    const dataToHash =
 `${Config.signingSecretVersion}:${slackRequestTimestamp}:${bodyString}`
    const hashedData = crypto
      .createHmac("sha256", Config.signingSecret)
      .update(dataToHash)
      .digest("hex")

    const calculatedSignatureToCompare =
      `${Config.signingSecretVersion}=${hashedData}`

    if (calculatedSignatureToCompare !== slackSignature) {
      return res.status(401).send("unauthorized")
    }

    next()

0 个答案:

没有答案
相关问题
最新问题