[][src]Crate slack_http_verifier

slack_http_verifier verifies request signatures from Slacks HTTP Events API, as described here.

Usage

If you're using the http crate, requests can be verified directly

This code runs with edition 2018
use slack_http_verifier::SlackHTTPVerifier;

// Sample from Slack's documentation page - do not use this in your own code
let my_secret_key: &str = "8f742231b10e8888abcd99yyyzzz85a5";
let slack_sample_timestamp: &str = "1531420618";
let slack_sample_body: &str =
    "token=xyzz0WbapA4vBCDEFasx0q6G&team_id=T1DC2JH3J&team_domain=testteamnow&channel_id=G8PSS9T3V&channel_name=foobar&user_id=U2CERLKJA&user_name=roadrunner&command=%2Fwebhook-collect&text=&response_url=https%3A%2F%2Fhooks.slack.com%2Fcommands%2FT1DC2JH3J%2F397700885554%2F96rGlfmibIGlgcZRskXaIFfN&trigger_id=398738663015.47445629121.803a0bc887a14d10d2c447fce8b6703c";
let slack_sample_sig: &str =
    "v0=a2114d57b48eac39b9ad189dd8316235a7b4a8d21a10bd27519666489c69b503";

let http_verifier = SlackHTTPVerifier::new(my_secret_key).unwrap();

// ...
// Receive requests

let client = reqwest::blocking::Client::new();
let req = client.post("http://localhost:65535")
    .header("X-Slack-Request-Timestamp", slack_sample_timestamp)
    .header("X-Slack-Signature", slack_sample_sig)
    .body(slack_sample_body)
    .build()
    .unwrap();

http_verifier.verify(&req).unwrap();

They can also be verified using the raw body directly, encoded as a string.

This code runs with edition 2018

// Sample from Slack's documentation page - do not use this in your own code
let my_secret_key: &str = "8f742231b10e8888abcd99yyyzzz85a5";

let verifier = SlackVerifier::new(my_secret_key).unwrap();

// ...
// Receive requests, extract from your framework

let slack_sample_timestamp: &str = "1531420618";
let slack_sample_sig: &str =
    "v0=a2114d57b48eac39b9ad189dd8316235a7b4a8d21a10bd27519666489c69b503";
let slack_sample_body: &str =
    "token=xyzz0WbapA4vBCDEFasx0q6G&team_id=T1DC2JH3J&team_domain=testteamnow&channel_id=G8PSS9T3V&channel_name=foobar&user_id=U2CERLKJA&user_name=roadrunner&command=%2Fwebhook-collect&text=&response_url=https%3A%2F%2Fhooks.slack.com%2Fcommands%2FT1DC2JH3J%2F397700885554%2F96rGlfmibIGlgcZRskXaIFfN&trigger_id=398738663015.47445629121.803a0bc887a14d10d2c447fce8b6703c";

verifier
    .verify(slack_sample_timestamp, slack_sample_body, slack_sample_sig)
    .unwrap();

Structs

SlackHTTPVerifier

Verifies Slack http requests are signed by the given secret. A convenience wrapper around SlackVerifier.

SlackVerifier

Verifies raw request bodies are signed by Slack's secret. An alternative if it is inconvenient/impossible to use SlackHTTPVerifier

Traits

HTTPRequest