class SlackEvents::VerificationHandler

Overview

Middleware that verifies that requests are correctly signed with SLACK_SIGNING_SECRET by Slack.

Included Modules

HTTP::Handler

Defined in:

slack-events-api/verification_handler.cr

Constructors

.new(signing_secret : String)
Initialize with the unique string Slack creates for your app.

Instance Method Summary

#call(context)
Requests that go through this middleware need to have a valid signature or are a '403 - Forbidden' will be returned to the client.
#computed_signature(request)
With the help of HMAC SHA256 - OpenSSL::HMAC hash the basestring, using the Slack Signing Secret - @signing_secret - as the key.
#valid_age?(request)
The signature depends on the timestamp to protect against replay attacks.
#valid_signature?(request)
Compare this computed signature to the X-Slack-Signature header on the request.

Constructor Detail

def self.new(signing_secret : String) #

Initialize with the unique string Slack creates for your app. Verify requests from Slack with confidence by verifying signatures using your signing secret.

[View source]

Instance Method Detail

def call(context) #

Requests that go through this middleware need to have a valid signature or are a '403 - Forbidden' will be returned to the client.

[View source]

def computed_signature(request) #

With the help of HMAC SHA256 - OpenSSL::HMAC hash the basestring, using the Slack Signing Secret - @signing_secret - as the key.

[View source]

def valid_age?(request) #

The signature depends on the timestamp to protect against replay attacks. Check to make sure that the request occurred recently.

NOTE The package defaults to accepting timestamps that are within 5 minutes of the current time. i.e. It can be either from 3 minutes ago or 3 minutes from now.

[View source]

def valid_signature?(request) #

Compare this computed signature to the X-Slack-Signature header on the request.

[View source]