Crate slack_http_verifier

Source
Expand description

slack_http_verifier verifies request signatures from Slacks HTTP Events API, as described here.

§Usage

If you’re using the http crate, requests can be verified directly

use slack_http_verifier::SlackHTTPVerifier;

// Sample from Slack's documentation page - do not use this in your own code
let my_secret_key: &str = "8f742231b10e8888abcd99yyyzzz85a5";
let slack_sample_timestamp: &str = "1531420618";
let slack_sample_body: &str =
    "token=xyzz0WbapA4vBCDEFasx0q6G&team_id=T1DC2JH3J&team_domain=testteamnow&channel_id=G8PSS9T3V&channel_name=foobar&user_id=U2CERLKJA&user_name=roadrunner&command=%2Fwebhook-collect&text=&response_url=https%3A%2F%2Fhooks.slack.com%2Fcommands%2FT1DC2JH3J%2F397700885554%2F96rGlfmibIGlgcZRskXaIFfN&trigger_id=398738663015.47445629121.803a0bc887a14d10d2c447fce8b6703c";
let slack_sample_sig: &str =
    "v0=a2114d57b48eac39b9ad189dd8316235a7b4a8d21a10bd27519666489c69b503";

let http_verifier = SlackHTTPVerifier::new(my_secret_key).unwrap();

// ...
// Receive requests

let client = reqwest::blocking::Client::new();
let req = client.post("http://localhost:65535")
    .header("X-Slack-Request-Timestamp", slack_sample_timestamp)
    .header("X-Slack-Signature", slack_sample_sig)
    .body(slack_sample_body)
    .build()
    .unwrap();

http_verifier.verify(&req).unwrap();

They can also be verified using the raw body directly, encoded as a string.


// Sample from Slack's documentation page - do not use this in your own code
let my_secret_key: &str = "8f742231b10e8888abcd99yyyzzz85a5";

let verifier = SlackVerifier::new(my_secret_key).unwrap();

// ...
// Receive requests, extract from your framework

let slack_sample_timestamp: &str = "1531420618";
let slack_sample_sig: &str =
    "v0=a2114d57b48eac39b9ad189dd8316235a7b4a8d21a10bd27519666489c69b503";
let slack_sample_body: &str =
    "token=xyzz0WbapA4vBCDEFasx0q6G&team_id=T1DC2JH3J&team_domain=testteamnow&channel_id=G8PSS9T3V&channel_name=foobar&user_id=U2CERLKJA&user_name=roadrunner&command=%2Fwebhook-collect&text=&response_url=https%3A%2F%2Fhooks.slack.com%2Fcommands%2FT1DC2JH3J%2F397700885554%2F96rGlfmibIGlgcZRskXaIFfN&trigger_id=398738663015.47445629121.803a0bc887a14d10d2c447fce8b6703c";

verifier
    .verify(slack_sample_timestamp, slack_sample_body, slack_sample_sig)
    .unwrap();

Structs§

SlackHTTPVerifier
Verifies Slack http requests are signed by the given secret. A convenience wrapper around SlackVerifier.
SlackVerifier
Verifies raw request bodies are signed by Slack’s secret. An alternative if it is inconvenient/impossible to use SlackHTTPVerifier

Traits§

HTTPRequest