Skip to content
This repository has been archived by the owner on Sep 20, 2024. It is now read-only.

Request Signing with Slack Signing Secret #1406

Merged
merged 1 commit into from
Jul 9, 2018
Merged

Request Signing with Slack Signing Secret #1406

merged 1 commit into from
Jul 9, 2018

Conversation

shishirsharma
Copy link
Contributor

@shishirsharma shishirsharma commented Jul 2, 2018
edited
Loading

This is first cut.

Biggest caveat in the current approach is control of webserver. HMAC signature needs raw request body. So far the only way to do with express is via a middleware. That needs to be added before usual handleWebhookPayload.

PS: You will have to add the following snippet just after you create webserver in your code.

  var webserver = express();
  webserver.use(function(req, res, next) {
    req.rawBody = '';
    
    req.on('data', function(chunk) {
      req.rawBody += chunk;
    });
    
    next();
  });

@peterswimm peterswimm requested a review from benbrown July 2, 2018 14:36
@chrilian
Copy link

chrilian commented Jul 6, 2018

Hi there-- I tried this in my code and the req.rawBody comes out as empty? Is this just me? nothing gets passed into it in the stream basically...

@shishirsharma
Copy link
Contributor Author

Yes, You will have to add the following snippet just after you create webserver in your code.

  var webserver = express();
  webserver.use(function(req, res, next) {
    req.rawBody = '';
    
    req.on('data', function(chunk) {
      req.rawBody += chunk;
    });
    
    next();
  });

@chrilian
Copy link

chrilian commented Jul 6, 2018

Thats what I did but for some reason my system must hate me....

@chrilian
Copy link

chrilian commented Jul 6, 2018

my bad-- I put it in the wrong place

benbrown
benbrown suggested changes Jul 9, 2018
View reviewed changes
Copy link
Contributor

@benbrown benbrown left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you please make these docs changes in the new official docs repo, github.com/howdyai/botkit-docs

benbrown
benbrown reviewed Jul 9, 2018
View reviewed changes
lib/CoreBot.js
@@ -1488,6 +1488,15 @@ function Botkit(configuration) {
botkit.config.port = port;

botkit.webserver = express();
botkit.webserver.use(function(req, res, next) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you make this same change to the slack starter kit? github.com/howdyai/botkit-starter-slack

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure

peterswimm pushed a commit to howdyai/botkit-docs that referenced this pull request Jul 9, 2018
Updated from Oaudie PRs
8e9bc83 
howdyai/botkit#1369
howdyai/botkit#1354
howdyai/botkit#1353
howdyai/botkit#1406
peterswimm pushed a commit to howdyai/botkit-docs that referenced this pull request Jul 9, 2018
added shishirsharmas docs
858dcca 
howdyai/botkit#1406
@benbrown benbrown merged commit a524a9c into howdyai:master Jul 9, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@benbrown benbrown benbrown requested changes

Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@shishirsharma @chrilian @benbrown @peterswimm