cal.pub0.org/packages/app-store/slackmessaging/lib/slackVerify.ts

import { createHmac } from "crypto";
import dayjs from "@calcom/dayjs";
import { NextApiRequest, NextApiResponse } from "next";
import { stringify } from "querystring";

import { getSlackAppKeys } from "./utils";

export default async function slackVerify(req: NextApiRequest, res: NextApiResponse) {
  const timeStamp = req.headers["x-slack-request-timestamp"] as string; // Always returns a string and not a string[]
  const slackSignature = req.headers["x-slack-signature"] as string;
  const currentTime = dayjs().unix();
  const { signing_secret: signingSecret } = await getSlackAppKeys();
  const [version, hash] = slackSignature.split("=");

  if (!timeStamp) {
    return res.status(400).json({ message: "Missing X-Slack-Request-Timestamp header" });
  }

  if (!signingSecret) {
    return res.status(400).json({ message: "Missing Slack's signing_secret" });
  }

  if (Math.abs(currentTime - parseInt(timeStamp)) > 60 * 5) {
    return res.status(400).json({ message: "Request is too old" });
  }

  const hmac = createHmac("sha256", signingSecret);

  hmac.update(`${version}:${timeStamp}:${stringify(req.body)}`);

  const signed_sig = hmac.digest("hex");
  console.log({ signed_sig, hash, match: signed_sig === hash });
  if (signed_sig !== hash) {
    throw new Error("Hashes do not match ");
  }
}
Slack Signature Verification (#2667) * Slack Verify * Adding await * Update slackVerify.ts Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com> Co-authored-by: zomars <zomars@me.com> 2022-05-03 23:40:01 +00:00			`import { createHmac } from "crypto";`
Consolidates dayjs in a single package 2022-06-28 20:40:58 +00:00			`import dayjs from "@calcom/dayjs";`
Slack Signature Verification (#2667) * Slack Verify * Adding await * Update slackVerify.ts Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com> Co-authored-by: zomars <zomars@me.com> 2022-05-03 23:40:01 +00:00			`import { NextApiRequest, NextApiResponse } from "next";`
			`import { stringify } from "querystring";`

Fixes slack verification and timeout errors (#2972) * Fixing slack create event * Fixes verify working 90% of the time :S * Verify V2 * Fixing verify - not needed on interaction payload * Fixing verifcation + response * Fix verifcation * DM user error/success * Remove random 200 * Timeout return * Adding Zod schema verification * Added validations, cleanup * Type fixes * Update event.ts Co-authored-by: Peer Richelsen <peeroke@gmail.com> Co-authored-by: zomars <zomars@me.com> Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com> 2022-06-11 21:30:52 +00:00			`import { getSlackAppKeys } from "./utils";`
Slack Signature Verification (#2667) * Slack Verify * Adding await * Update slackVerify.ts Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com> Co-authored-by: zomars <zomars@me.com> 2022-05-03 23:40:01 +00:00
			`export default async function slackVerify(req: NextApiRequest, res: NextApiResponse) {`
			`const timeStamp = req.headers["x-slack-request-timestamp"] as string; // Always returns a string and not a string[]`
			`const slackSignature = req.headers["x-slack-signature"] as string;`
			`const currentTime = dayjs().unix();`
Fixes slack verification and timeout errors (#2972) * Fixing slack create event * Fixes verify working 90% of the time :S * Verify V2 * Fixing verify - not needed on interaction payload * Fixing verifcation + response * Fix verifcation * DM user error/success * Remove random 200 * Timeout return * Adding Zod schema verification * Added validations, cleanup * Type fixes * Update event.ts Co-authored-by: Peer Richelsen <peeroke@gmail.com> Co-authored-by: zomars <zomars@me.com> Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com> 2022-06-11 21:30:52 +00:00			`const { signing_secret: signingSecret } = await getSlackAppKeys();`
			`const [version, hash] = slackSignature.split("=");`
Slack Signature Verification (#2667) * Slack Verify * Adding await * Update slackVerify.ts Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com> Co-authored-by: zomars <zomars@me.com> 2022-05-03 23:40:01 +00:00
			`if (!timeStamp) {`
			`return res.status(400).json({ message: "Missing X-Slack-Request-Timestamp header" });`
			`}`

			`if (!signingSecret) {`
			`return res.status(400).json({ message: "Missing Slack's signing_secret" });`
			`}`

			`if (Math.abs(currentTime - parseInt(timeStamp)) > 60 * 5) {`
			`return res.status(400).json({ message: "Request is too old" });`
			`}`

Fixes slack verification and timeout errors (#2972) * Fixing slack create event * Fixes verify working 90% of the time :S * Verify V2 * Fixing verify - not needed on interaction payload * Fixing verifcation + response * Fix verifcation * DM user error/success * Remove random 200 * Timeout return * Adding Zod schema verification * Added validations, cleanup * Type fixes * Update event.ts Co-authored-by: Peer Richelsen <peeroke@gmail.com> Co-authored-by: zomars <zomars@me.com> Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com> 2022-06-11 21:30:52 +00:00			`const hmac = createHmac("sha256", signingSecret);`

			hmac.update(`${version}:${timeStamp}:${stringify(req.body)}`);
Slack Signature Verification (#2667) * Slack Verify * Adding await * Update slackVerify.ts Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com> Co-authored-by: zomars <zomars@me.com> 2022-05-03 23:40:01 +00:00
Fixes slack verification and timeout errors (#2972) * Fixing slack create event * Fixes verify working 90% of the time :S * Verify V2 * Fixing verify - not needed on interaction payload * Fixing verifcation + response * Fix verifcation * DM user error/success * Remove random 200 * Timeout return * Adding Zod schema verification * Added validations, cleanup * Type fixes * Update event.ts Co-authored-by: Peer Richelsen <peeroke@gmail.com> Co-authored-by: zomars <zomars@me.com> Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com> 2022-06-11 21:30:52 +00:00			`const signed_sig = hmac.digest("hex");`
			`console.log({ signed_sig, hash, match: signed_sig === hash });`
			`if (signed_sig !== hash) {`
			`throw new Error("Hashes do not match ");`
Slack Signature Verification (#2667) * Slack Verify * Adding await * Update slackVerify.ts Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com> Co-authored-by: zomars <zomars@me.com> 2022-05-03 23:40:01 +00:00			`}`
			`}`