Class: Slack::Events::Request

Inherits:

Object

• Object
• Slack::Events::Request

Defined in:

lib/slack/events/request.rb

Defined Under Namespace

Classes: InvalidSignature, MissingSigningSecret, TimestampExpired

Instance Attribute Summary

• #http_request ⇒ Object readonly

  Returns the value of attribute http_request.

• #signature_expires_in ⇒ Object readonly

  Returns the value of attribute signature_expires_in.

• #signing_secret ⇒ Object readonly

  Returns the value of attribute signing_secret.

Instance Method Summary

• #body ⇒ Object

  Request body.

• #expired? ⇒ Boolean

  Returns true if the signature coming from Slack has expired.

• #initialize(http_request, options = {}) ⇒ Request constructor

  A new instance of Request.

• #signature ⇒ Object

  The signature is created by combining the signing secret with the body of the request Slack is sending using a standard HMAC-SHA256 keyed hash.

• #timestamp ⇒ Object

  Request timestamp.

• #valid? ⇒ Boolean

  Returns true if the signature coming from Slack is valid.

• #verify! ⇒ Object

  Validates the request signature and its expiration.

• #version ⇒ Object

  Signature version.

Constructor Details

#initialize(http_request, options = {}) ⇒ Request

Returns a new instance of Request.

# File 'lib/slack/events/request.rb', line 16

def initialize(http_request, options = {})
  @http_request = http_request
  @signing_secret = options[:signing_secret] || Slack::Events.config.signing_secret
  @signature_expires_in =
    options[:signature_expires_in] || Slack::Events.config.signature_expires_in
end

Instance Attribute Details

#http_request ⇒ Object (readonly)

Returns the value of attribute http_request.

# File 'lib/slack/events/request.rb', line 12

def http_request
  @http_request
end

#signature_expires_in ⇒ Object (readonly)

Returns the value of attribute signature_expires_in.

# File 'lib/slack/events/request.rb', line 12

def signature_expires_in
  @signature_expires_in
end

#signing_secret ⇒ Object (readonly)

Returns the value of attribute signing_secret.

# File 'lib/slack/events/request.rb', line 12

def signing_secret
  @signing_secret
end

Instance Method Details

#body ⇒ Object

Request body.

# File 'lib/slack/events/request.rb', line 40

def body
  @body ||= begin
    input = http_request.body
    input.rewind
    body = input.read
    input.rewind
    body
  end
end

#expired? ⇒ Boolean

Returns true if the signature coming from Slack has expired.

Returns:

• (Boolean)

# File 'lib/slack/events/request.rb', line 51

def expired?
  timestamp.nil? || (Time.now.to_i - timestamp.to_i).abs > signature_expires_in
end

#signature ⇒ Object

The signature is created by combining the signing secret with the body of the request Slack is sending using a standard HMAC-SHA256 keyed hash.

# File 'lib/slack/events/request.rb', line 30

def signature
  @signature ||= http_request.get_header('HTTP_X_SLACK_SIGNATURE')
end

#timestamp ⇒ Object

Request timestamp.

# File 'lib/slack/events/request.rb', line 24

def timestamp
  @timestamp ||= http_request.get_header('HTTP_X_SLACK_REQUEST_TIMESTAMP')
end

#valid? ⇒ Boolean

Returns true if the signature coming from Slack is valid.

Returns:

• (Boolean)

Raises:

• (MissingSigningSecret)

# File 'lib/slack/events/request.rb', line 56

def valid?
  raise MissingSigningSecret unless signing_secret
  raise InvalidSignature unless signature

  digest = OpenSSL::Digest.new('SHA256')
  signature_basestring = [version, timestamp, body].join(':')
  hex_hash = OpenSSL::HMAC.hexdigest(digest, signing_secret, signature_basestring)
  computed_signature = [version, hex_hash].join('=')
  Utils::Security.secure_compare(computed_signature, signature)
end

#verify! ⇒ Object

Validates the request signature and its expiration.

Raises:

• (TimestampExpired)

# File 'lib/slack/events/request.rb', line 68

def verify!
  raise TimestampExpired if expired?
  raise InvalidSignature unless valid?

  true
end

#version ⇒ Object

Signature version.

# File 'lib/slack/events/request.rb', line 35

def version
  'v0'
end