Class: Slack::Events::Request
- Inherits:
-
Object
- Object
- Slack::Events::Request
- Defined in:
- lib/slack/events/request.rb
Defined Under Namespace
Classes: InvalidSignature, MissingSigningSecret, TimestampExpired
Instance Attribute Summary collapse
-
#http_request ⇒ Object
readonly
Returns the value of attribute http_request.
-
#signature_expires_in ⇒ Object
readonly
Returns the value of attribute signature_expires_in.
-
#signing_secret ⇒ Object
readonly
Returns the value of attribute signing_secret.
Instance Method Summary collapse
-
#body ⇒ Object
Request body.
-
#expired? ⇒ Boolean
Returns true if the signature coming from Slack has expired.
-
#initialize(http_request, options = {}) ⇒ Request
constructor
A new instance of Request.
-
#signature ⇒ Object
The signature is created by combining the signing secret with the body of the request Slack is sending using a standard HMAC-SHA256 keyed hash.
-
#timestamp ⇒ Object
Request timestamp.
-
#valid? ⇒ Boolean
Returns true if the signature coming from Slack is valid.
-
#verify! ⇒ Object
Validates the request signature and its expiration.
-
#version ⇒ Object
Signature version.
Constructor Details
#initialize(http_request, options = {}) ⇒ Request
Returns a new instance of Request.
15 16 17 18 19 20 |
# File 'lib/slack/events/request.rb', line 15 def initialize(http_request, = {}) @http_request = http_request @signing_secret = [:signing_secret] || Slack::Events.config.signing_secret @signature_expires_in = [:signature_expires_in] || Slack::Events.config.signature_expires_in end |
Instance Attribute Details
#http_request ⇒ Object (readonly)
Returns the value of attribute http_request.
11 12 13 |
# File 'lib/slack/events/request.rb', line 11 def http_request @http_request end |
#signature_expires_in ⇒ Object (readonly)
Returns the value of attribute signature_expires_in.
11 12 13 |
# File 'lib/slack/events/request.rb', line 11 def signature_expires_in @signature_expires_in end |
#signing_secret ⇒ Object (readonly)
Returns the value of attribute signing_secret.
11 12 13 |
# File 'lib/slack/events/request.rb', line 11 def signing_secret @signing_secret end |
Instance Method Details
#body ⇒ Object
Request body.
39 40 41 42 43 44 45 46 47 |
# File 'lib/slack/events/request.rb', line 39 def body @body ||= begin input = http_request.body input.rewind body = input.read input.rewind body end end |
#expired? ⇒ Boolean
Returns true if the signature coming from Slack has expired.
50 51 52 |
# File 'lib/slack/events/request.rb', line 50 def expired? .nil? || (Time.now.to_i - .to_i).abs > signature_expires_in end |
#signature ⇒ Object
The signature is created by combining the signing secret with the body of the request Slack is sending using a standard HMAC-SHA256 keyed hash.
29 30 31 |
# File 'lib/slack/events/request.rb', line 29 def signature @signature ||= http_request.get_header('HTTP_X_SLACK_SIGNATURE') end |
#timestamp ⇒ Object
Request timestamp.
23 24 25 |
# File 'lib/slack/events/request.rb', line 23 def @timestamp ||= http_request.get_header('HTTP_X_SLACK_REQUEST_TIMESTAMP') end |
#valid? ⇒ Boolean
Returns true if the signature coming from Slack is valid.
55 56 57 58 59 60 61 62 63 |
# File 'lib/slack/events/request.rb', line 55 def valid? raise MissingSigningSecret unless signing_secret digest = OpenSSL::Digest.new('SHA256') signature_basestring = [version, , body].join(':') hex_hash = OpenSSL::HMAC.hexdigest(digest, signing_secret, signature_basestring) computed_signature = [version, hex_hash].join('=') computed_signature == signature end |
#verify! ⇒ Object
Validates the request signature and its expiration.
66 67 68 69 70 71 |
# File 'lib/slack/events/request.rb', line 66 def verify! raise TimestampExpired if expired? raise InvalidSignature unless valid? true end |
#version ⇒ Object
Signature version.
34 35 36 |
# File 'lib/slack/events/request.rb', line 34 def version 'v0' end |