module MosEisley::SlackEvent
Public Class Methods
parse_http_body(b, t)
click to toggle source
# File lib/slack.rb, line 28 def self.parse_http_body(b, t) case t when 'application/json' b when 'application/x-www-form-urlencoded' JSON.fast_generate(URI.decode_www_form(b).to_h) when 'application/xml' require 'rexml/document' REXML::Document.new(b) else b end end
validate(e)
click to toggle source
Validate incoming Slack request, decodes the body then into JSON @param e [Hash] original AWS API GW event object @return [Hash] {valid?: [Bool], msg: [String], json: [String], event: [Hash]}
# File lib/slack.rb, line 10 def self.validate(e) t = e.dig('headers', 'x-slack-request-timestamp') return {valid?: false, msg: 'Invalid request.'} if t.nil? if (Time.new - Time.at(t.to_i)).abs > 300 return {valid?: false, msg: 'Request too old.'} end b = e['isBase64Encoded'] ? Base64.decode64(e['body']) : e['body'] s = "v0:#{t}:#{b}" k = ENV['SLACK_SIGNING_SECRET'] sig = "v0=#{OpenSSL::HMAC.hexdigest('sha256', k, s)}" if e.dig('headers', 'x-slack-signature') != sig return {valid?: false, msg: 'Invalid signature.'} end b = SlackEvent.parse_http_body(b, e.dig('headers', 'content-type')) h = JSON.parse(b, {symbolize_names: true}) {valid?: true, msg: 'Validated.', json: b, event: h} end