Copyright	(c) Mo Kweon
Maintainer	kkweon@gmail.com
Safe Haskell	None
Language	Haskell2010

Web.Slack.Auth

Description

This module provides a single function verify which can be used to verify your Slack bot

Synopsis

newtype SlackSigningToken = SlackSigningToken ByteString
newtype Timestamp = Timestamp Int
newtype Hex = Hex ByteString
newtype VerificationError = WrongHex String
verify :: SlackSigningToken -> Timestamp -> ByteString -> Hex -> Either VerificationError Bool

Documentation

newtype SlackSigningToken Source #

SlackSigningToken is your Slack Signing Secret

Constructors

SlackSigningToken ByteString

Instances

Eq SlackSigningToken Source #
Instance details Defined in Web.Slack.Auth Methods (==) :: SlackSigningToken -> SlackSigningToken -> Bool # (/=) :: SlackSigningToken -> SlackSigningToken -> Bool #
Show SlackSigningToken Source #
Instance details Defined in Web.Slack.Auth Methods showsPrec :: Int -> SlackSigningToken -> ShowS # show :: SlackSigningToken -> String # showList :: [SlackSigningToken] -> ShowS #

newtype Timestamp Source #

Timestamp is sent from X-Slack-Request-Timestamp in the request header

Constructors

Timestamp Int

Instances

Eq Timestamp Source #
Instance details Defined in Web.Slack.Auth Methods (==) :: Timestamp -> Timestamp -> Bool # (/=) :: Timestamp -> Timestamp -> Bool #
Ord Timestamp Source #
Instance details Defined in Web.Slack.Auth Methods compare :: Timestamp -> Timestamp -> Ordering # (<) :: Timestamp -> Timestamp -> Bool # (<=) :: Timestamp -> Timestamp -> Bool # (>) :: Timestamp -> Timestamp -> Bool # (>=) :: Timestamp -> Timestamp -> Bool # max :: Timestamp -> Timestamp -> Timestamp # min :: Timestamp -> Timestamp -> Timestamp #
Show Timestamp Source #
Instance details Defined in Web.Slack.Auth Methods showsPrec :: Int -> Timestamp -> ShowS # show :: Timestamp -> String # showList :: [Timestamp] -> ShowS #

newtype Hex Source #

Hex is retrieved from X-Slack-Signature in the request header

Note you don't have to strip "v0=" so you can just pass the header value directly

Constructors

Hex ByteString

Instances

Eq Hex Source #
Instance details Defined in Web.Slack.Auth Methods (==) :: Hex -> Hex -> Bool # (/=) :: Hex -> Hex -> Bool #
Show Hex Source #
Instance details Defined in Web.Slack.Auth Methods showsPrec :: Int -> Hex -> ShowS # show :: Hex -> String # showList :: [Hex] -> ShowS #

newtype VerificationError Source #

Constructors

WrongHex String

Instances

Eq VerificationError Source #
Instance details Defined in Web.Slack.Auth Methods (==) :: VerificationError -> VerificationError -> Bool # (/=) :: VerificationError -> VerificationError -> Bool #
Show VerificationError Source #
Instance details Defined in Web.Slack.Auth Methods showsPrec :: Int -> VerificationError -> ShowS # show :: VerificationError -> String # showList :: [VerificationError] -> ShowS #

verify Source #

Arguments

:: SlackSigningToken	Slack Token
-> Timestamp	X-SlackRequest-Timestamp Header Value
-> ByteString	Request body sent by Slack (urlencoded)
-> Hex	X-Slack-Signature Header Value (The HMAC will be compared to this value)
-> Either VerificationError Bool

Verify verifies Slack Request

Example

>>> slackSecret = SlackSigningToken "8f742231b10e8888abcd99yyyzzz85a5"
>>> timestamp = Timestamp 1531420618
>>> body = "token=xyzz0WbapA4vBCDEFasx0q6G&team_id=T1DC2JH3J&team_domain=testteamnow&channel_id=G8PSS9T3V&channel_name=foobar&user_id=U2CERLKJA&user_name=roadrunner&command=%2Fwebhook-collect&text=&response_url=https%3A%2F%2Fhooks.slack.com%2Fcommands%2FT1DC2JH3J%2F397700885554%2F96rGlfmibIGlgcZRskXaIFfN&trigger_id=398738663015.47445629121.803a0bc887a14d10d2c447fce8b6703c"
>>> expectedHash = Hex "v0=a2114d57b48eac39b9ad189dd8316235a7b4a8d21a10bd27519666489c69b503"
>>> verify slackSecret timestamp body expectedHash
Right True