Class: Slack::Events::Request
- Inherits:
-
Object
- Object
- Slack::Events::Request
- Defined in:
- lib/slack/events/request.rb
Defined Under Namespace
Classes: InvalidSignature, MissingSigningSecret, TimestampExpired
Instance Attribute Summary collapse
-
#http_request ⇒ Object
readonly
Returns the value of attribute http_request.
-
#signature_expires_in ⇒ Object
readonly
Returns the value of attribute signature_expires_in.
-
#signing_secret ⇒ Object
readonly
Returns the value of attribute signing_secret.
Instance Method Summary collapse
-
#body ⇒ Object
Request body.
-
#expired? ⇒ Boolean
Returns true if the signature coming from Slack has expired.
-
#initialize(http_request, options = {}) ⇒ Request
constructor
A new instance of Request.
-
#signature ⇒ Object
The signature is created by combining the signing secret with the body of the request Slack is sending using a standard HMAC-SHA256 keyed hash.
-
#timestamp ⇒ Object
Request timestamp.
-
#valid? ⇒ Boolean
Returns true if the signature coming from Slack is valid.
-
#verify! ⇒ Object
Validates the request signature and its expiration.
-
#version ⇒ Object
Signature version.
Constructor Details
#initialize(http_request, options = {}) ⇒ Request
Returns a new instance of Request.
13 14 15 16 17 18 |
# File 'lib/slack/events/request.rb', line 13 def initialize(http_request, = {}) @http_request = http_request @signing_secret = [:signing_secret] || Slack::Events.config.signing_secret @signature_expires_in = [:signature_expires_in] || Slack::Events.config.signature_expires_in end |
Instance Attribute Details
#http_request ⇒ Object (readonly)
Returns the value of attribute http_request.
9 10 11 |
# File 'lib/slack/events/request.rb', line 9 def http_request @http_request end |
#signature_expires_in ⇒ Object (readonly)
Returns the value of attribute signature_expires_in.
9 10 11 |
# File 'lib/slack/events/request.rb', line 9 def signature_expires_in @signature_expires_in end |
#signing_secret ⇒ Object (readonly)
Returns the value of attribute signing_secret.
9 10 11 |
# File 'lib/slack/events/request.rb', line 9 def signing_secret @signing_secret end |
Instance Method Details
#body ⇒ Object
Request body.
37 38 39 40 41 42 43 |
# File 'lib/slack/events/request.rb', line 37 def body @body ||= begin body = http_request.body.read http_request.body.rewind body end end |
#expired? ⇒ Boolean
Returns true if the signature coming from Slack has expired.
46 47 48 |
# File 'lib/slack/events/request.rb', line 46 def expired? .nil? || (Time.now.to_i - .to_i).abs > signature_expires_in end |
#signature ⇒ Object
The signature is created by combining the signing secret with the body of the request Slack is sending using a standard HMAC-SHA256 keyed hash.
27 28 29 |
# File 'lib/slack/events/request.rb', line 27 def signature @signature ||= http_request.get_header('HTTP_X_SLACK_SIGNATURE') end |
#timestamp ⇒ Object
Request timestamp.
21 22 23 |
# File 'lib/slack/events/request.rb', line 21 def @timestamp ||= http_request.get_header('HTTP_X_SLACK_REQUEST_TIMESTAMP') end |
#valid? ⇒ Boolean
Returns true if the signature coming from Slack is valid.
51 52 53 54 55 56 57 58 59 |
# File 'lib/slack/events/request.rb', line 51 def valid? raise MissingSigningSecret unless signing_secret digest = OpenSSL::Digest::SHA256.new signature_basestring = [version, , body].join(':') hex_hash = OpenSSL::HMAC.hexdigest(digest, signing_secret, signature_basestring) computed_signature = [version, hex_hash].join('=') computed_signature == signature end |
#verify! ⇒ Object
Validates the request signature and its expiration.
62 63 64 65 66 67 |
# File 'lib/slack/events/request.rb', line 62 def verify! raise TimestampExpired if expired? raise InvalidSignature unless valid? true end |
#version ⇒ Object
Signature version.
32 33 34 |
# File 'lib/slack/events/request.rb', line 32 def version 'v0' end |