Class: Slack::Events::Request

Inherits:
Object
  • Object
show all
Defined in:
lib/slack/events/request.rb

Defined Under Namespace

Classes: InvalidSignature, MissingSigningSecret, TimestampExpired

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(http_request, options = {}) ⇒ Request

Returns a new instance of Request.



15
16
17
18
19
20
# File 'lib/slack/events/request.rb', line 15

def initialize(http_request, options = {})
  @http_request = http_request
  @signing_secret = options[:signing_secret] || Slack::Events.config.signing_secret
  @signature_expires_in =
    options[:signature_expires_in] || Slack::Events.config.signature_expires_in
end

Instance Attribute Details

#http_requestObject (readonly)

Returns the value of attribute http_request.



11
12
13
# File 'lib/slack/events/request.rb', line 11

def http_request
  @http_request
end

#signature_expires_inObject (readonly)

Returns the value of attribute signature_expires_in.



11
12
13
# File 'lib/slack/events/request.rb', line 11

def signature_expires_in
  @signature_expires_in
end

#signing_secretObject (readonly)

Returns the value of attribute signing_secret.



11
12
13
# File 'lib/slack/events/request.rb', line 11

def signing_secret
  @signing_secret
end

Instance Method Details

#bodyObject

Request body.



39
40
41
42
43
44
45
# File 'lib/slack/events/request.rb', line 39

def body
  @body ||= begin
    body = http_request.body.read
    http_request.body.rewind
    body
  end
end

#expired?Boolean

Returns true if the signature coming from Slack has expired.

Returns:

  • (Boolean)


48
49
50
# File 'lib/slack/events/request.rb', line 48

def expired?
  timestamp.nil? || (Time.now.to_i - timestamp.to_i).abs > signature_expires_in
end

#signatureObject

The signature is created by combining the signing secret with the body of the request Slack is sending using a standard HMAC-SHA256 keyed hash.



29
30
31
# File 'lib/slack/events/request.rb', line 29

def signature
  @signature ||= http_request.get_header('HTTP_X_SLACK_SIGNATURE')
end

#timestampObject

Request timestamp.



23
24
25
# File 'lib/slack/events/request.rb', line 23

def timestamp
  @timestamp ||= http_request.get_header('HTTP_X_SLACK_REQUEST_TIMESTAMP')
end

#valid?Boolean

Returns true if the signature coming from Slack is valid.

Returns:

  • (Boolean)

Raises:



53
54
55
56
57
58
59
60
61
# File 'lib/slack/events/request.rb', line 53

def valid?
  raise MissingSigningSecret unless signing_secret

  digest = OpenSSL::Digest.new('SHA256')
  signature_basestring = [version, timestamp, body].join(':')
  hex_hash = OpenSSL::HMAC.hexdigest(digest, signing_secret, signature_basestring)
  computed_signature = [version, hex_hash].join('=')
  computed_signature == signature
end

#verify!Object

Validates the request signature and its expiration.

Raises:



64
65
66
67
68
69
# File 'lib/slack/events/request.rb', line 64

def verify!
  raise TimestampExpired if expired?
  raise InvalidSignature unless valid?

  true
end

#versionObject

Signature version.



34
35
36
# File 'lib/slack/events/request.rb', line 34

def version
  'v0'
end