Copyright | (c) Mo Kweon |
---|---|
Maintainer | kkweon@gmail.com |
Safe Haskell | None |
Language | Haskell2010 |
This module provides a single function verify
which can be used to verify your Slack bot
Synopsis
- newtype SlackSigningToken = SlackSigningToken ByteString
- newtype Timestamp = Timestamp Int
- newtype Hex = Hex ByteString
- newtype VerificationError = WrongHex String
- verify :: SlackSigningToken -> Timestamp -> ByteString -> Hex -> Either VerificationError Bool
Documentation
newtype SlackSigningToken Source #
SlackSigningToken is your Slack Signing Secret
Instances
Eq SlackSigningToken Source # | |
Defined in Web.Slack.Auth (==) :: SlackSigningToken -> SlackSigningToken -> Bool # (/=) :: SlackSigningToken -> SlackSigningToken -> Bool # | |
Show SlackSigningToken Source # | |
Defined in Web.Slack.Auth showsPrec :: Int -> SlackSigningToken -> ShowS # show :: SlackSigningToken -> String # showList :: [SlackSigningToken] -> ShowS # |
Timestamp is sent from X-Slack-Request-Timestamp in the request header
Hex is retrieved from X-Slack-Signature in the request header
Note you don't have to strip "v0=" so you can just pass the header value directly
newtype VerificationError Source #
Instances
Eq VerificationError Source # | |
Defined in Web.Slack.Auth (==) :: VerificationError -> VerificationError -> Bool # (/=) :: VerificationError -> VerificationError -> Bool # | |
Show VerificationError Source # | |
Defined in Web.Slack.Auth showsPrec :: Int -> VerificationError -> ShowS # show :: VerificationError -> String # showList :: [VerificationError] -> ShowS # |
:: SlackSigningToken | Slack Token |
-> Timestamp | X-SlackRequest-Timestamp Header Value |
-> ByteString | Request body sent by Slack (urlencoded) |
-> Hex | X-Slack-Signature Header Value (The HMAC will be compared to this value) |
-> Either VerificationError Bool |
Verify verifies Slack Request
Example
>>>
slackSecret = SlackSigningToken "8f742231b10e8888abcd99yyyzzz85a5"
>>>
timestamp = Timestamp 1531420618
>>>
body = "token=xyzz0WbapA4vBCDEFasx0q6G&team_id=T1DC2JH3J&team_domain=testteamnow&channel_id=G8PSS9T3V&channel_name=foobar&user_id=U2CERLKJA&user_name=roadrunner&command=%2Fwebhook-collect&text=&response_url=https%3A%2F%2Fhooks.slack.com%2Fcommands%2FT1DC2JH3J%2F397700885554%2F96rGlfmibIGlgcZRskXaIFfN&trigger_id=398738663015.47445629121.803a0bc887a14d10d2c447fce8b6703c"
>>>
expectedHash = Hex "v0=a2114d57b48eac39b9ad189dd8316235a7b4a8d21a10bd27519666489c69b503"
>>>
verify slackSecret timestamp body expectedHash
Right True