Class: Banacle::SlackValidator

Inherits:

Object

• Object
• Banacle::SlackValidator

Defined in:

lib/banacle/slack_validator.rb

Constant Summary

SLACK_SIGNING_SECRET_VERSION =

'v0'.freeze

Instance Attribute Summary

• #signing_secret ⇒ Object readonly

  Returns the value of attribute signing_secret.

Instance Method Summary

• #initialize(signing_secret) ⇒ SlackValidator constructor

  A new instance of SlackValidator.

• #valid_signature?(request) ⇒ Boolean

Constructor Details

#initialize(signing_secret) ⇒ SlackValidator

Returns a new instance of SlackValidator.

# File 'lib/banacle/slack_validator.rb', line 8

def initialize(signing_secret)
  @signing_secret = signing_secret
end

Instance Attribute Details

#signing_secret ⇒ Object (readonly)

Returns the value of attribute signing_secret.

# File 'lib/banacle/slack_validator.rb', line 12

def signing_secret
  @signing_secret
end

Instance Method Details

#valid_signature?(request) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/banacle/slack_validator.rb', line 14

def valid_signature?(request)
  body = request.env["rack.request.form_vars"]
  slack_signature = request.env["HTTP_X_SLACK_SIGNATURE"]
  slack_timestamp = request.env["HTTP_X_SLACK_REQUEST_TIMESTAMP"]

  # https://api.slack.com/docs/verifying-requests-from-slack#verification_token_deprecation
  if (slack_timestamp.to_i - Time.now.to_i).abs > 60 * 5
    return false
  end

  sig_basestring = "#{SLACK_SIGNING_SECRET_VERSION}:#{slack_timestamp}:#{body}"
  digest = OpenSSL::HMAC.hexdigest("SHA256", signing_secret, sig_basestring)

  slack_signature == "#{SLACK_SIGNING_SECRET_VERSION}=#{digest}"
end