slack-verify-0.1.0.0: Slack API Request Verification HMAC

Copyright(c) Mo Kweon
Maintainerkkweon@gmail.com
Safe HaskellNone
LanguageHaskell2010

Web.Slack.Auth

Description

This module provides a single function verify which can be used to verify your Slack bot

Synopsis

Documentation

newtype SlackSigningToken Source #

SlackSigningToken is your Slack Signing Secret

newtype Timestamp Source #

Timestamp is sent from X-Slack-Request-Timestamp in the request header

Constructors

Timestamp Int 

newtype Hex Source #

Hex is retrieved from X-Slack-Signature in the request header

Note you don't have to strip "v0=" so you can just pass the header value directly

Constructors

Hex ByteString 
Instances
Eq Hex Source # 
Instance details

Defined in Web.Slack.Auth

Methods

(==) :: Hex -> Hex -> Bool #

(/=) :: Hex -> Hex -> Bool #

Show Hex Source # 
Instance details

Defined in Web.Slack.Auth

Methods

showsPrec :: Int -> Hex -> ShowS #

show :: Hex -> String #

showList :: [Hex] -> ShowS #

verify Source #

Arguments

:: SlackSigningToken

Slack Token

-> Timestamp

X-SlackRequest-Timestamp Header Value

-> ByteString

Request body sent by Slack (urlencoded)

-> Hex

X-Slack-Signature Header Value (The HMAC will be compared to this value)

-> Either VerificationError Bool 

Verify verifies Slack Request

Example

>>> slackSecret = SlackSigningToken "8f742231b10e8888abcd99yyyzzz85a5"
>>> timestamp = Timestamp 1531420618
>>> body = "token=xyzz0WbapA4vBCDEFasx0q6G&team_id=T1DC2JH3J&team_domain=testteamnow&channel_id=G8PSS9T3V&channel_name=foobar&user_id=U2CERLKJA&user_name=roadrunner&command=%2Fwebhook-collect&text=&response_url=https%3A%2F%2Fhooks.slack.com%2Fcommands%2FT1DC2JH3J%2F397700885554%2F96rGlfmibIGlgcZRskXaIFfN&trigger_id=398738663015.47445629121.803a0bc887a14d10d2c447fce8b6703c"
>>> expectedHash = Hex "v0=a2114d57b48eac39b9ad189dd8316235a7b4a8d21a10bd27519666489c69b503"
>>> verify slackSecret timestamp body expectedHash
Right True