module MosEisley::SlackEvent

Public Class Methods

parse_http_body(b, t) click to toggle source
# File lib/slack.rb, line 28
def self.parse_http_body(b, t)
  case t
  when 'application/json'
    b
  when 'application/x-www-form-urlencoded'
    JSON.fast_generate(URI.decode_www_form(b).to_h)
  when 'application/xml'
    require 'rexml/document'
    REXML::Document.new(b)
  else
    b
  end
end
validate(e) click to toggle source

Validate incoming Slack request, decodes the body then into JSON @param e [Hash] original AWS API GW event object @return [Hash] {valid?: [Bool], msg: [String], json: [String], event: [Hash]}

# File lib/slack.rb, line 10
def self.validate(e)
  t = e.dig('headers', 'x-slack-request-timestamp')
  return {valid?: false, msg: 'Invalid request.'} if t.nil?
  if (Time.new - Time.at(t.to_i)).abs > 300
    return {valid?: false, msg: 'Request too old.'}
  end
  b = e['isBase64Encoded'] ? Base64.decode64(e['body']) : e['body']
  s = "v0:#{t}:#{b}"
  k = ENV['SLACK_SIGNING_SECRET']
  sig = "v0=#{OpenSSL::HMAC.hexdigest('sha256', k, s)}"
  if e.dig('headers', 'x-slack-signature') != sig
    return {valid?: false, msg: 'Invalid signature.'}
  end
  b = SlackEvent.parse_http_body(b, e.dig('headers', 'content-type'))
  h = JSON.parse(b, {symbolize_names: true})
  {valid?: true, msg: 'Validated.', json: b, event: h}
end