Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ExpressReceiver support for rawBody for signature verification #192

Closed
3 tasks done
aoberoi opened this issue May 15, 2019 · 3 comments
Closed
3 tasks done

ExpressReceiver support for rawBody for signature verification #192

aoberoi opened this issue May 15, 2019 · 3 comments
Assignees
@seratch
Labels
enhancement M-T: A feature request for new functionality

Comments

@aoberoi
Copy link
Contributor

aoberoi commented May 15, 2019

Description

The ExpressReceiver handles buffering the request body stream, and then verifying the signature (using the signing secret) in order to authenticate the sender as Slack.

However, when running in some serverless environments, such as Google Cloud Platform (GCP), the request body has already been buffered and even parsed before the Receiver gets a chance to interact with it. In GCP, the original buffer is not destroyed, but rather added as the req.rawBody property.

The ExpressReceiver should check the req.rawBody property for a buffered body for verification, instead of failing in this condition.

This feature request is analogous to slackapi/node-slack-events-api#85, and the fix would be analogous to slackapi/node-slack-events-api#90.

Requirements (place an x in each of the [ ])

  • I've read and understood the Contributing guidelines and have done my best effort to follow them.
  • I've read and agree to the Code of Conduct.
  • I've searched for any related issues and avoided creating a duplicate issue.
@aoberoi aoberoi added the enhancement M-T: A feature request for new functionality label May 15, 2019
@aoberoi
Copy link
Contributor Author

aoberoi commented May 15, 2019

cc @seratch - I think you'd like to follow this issue 😄

@seratch
Copy link
Member

seratch commented May 17, 2019

Did somebody already start working on this? If not, I'll make a pull request soon (possibly this weekend or early next week).

@aoberoi
Copy link
Contributor Author

aoberoi commented May 17, 2019

@seratch nobody has claimed this one yet that we're aware of. the timeline of next week sounds great! i'll assign this one to you just to keep track 🙇

@aoberoi aoberoi assigned aoberoi and seratch and unassigned aoberoi May 17, 2019
seratch added a commit to seratch/bolt-js that referenced this issue May 19, 2019
@seratch
Fix slackapi#192 ExpressReceiver support for rawBody for signature ve…
61b22ec 
…rification
@seratch seratch mentioned this issue May 19, 2019
Merged
2 tasks
seratch added a commit to seratch/bolt-js that referenced this issue May 20, 2019
@seratch
Fix slackapi#192 ExpressReceiver support for rawBody for signature ve…
5f600ee 
…rification
seratch added a commit to seratch/bolt-js that referenced this issue May 21, 2019
@seratch
Fix slackapi#192 ExpressReceiver support for rawBody for signature ve…
51f79b6 
…rification
seratch added a commit to seratch/bolt-js that referenced this issue May 21, 2019
@seratch
Fix slackapi#192 ExpressReceiver support for rawBody for signature ve…
6cea077 
…rification
aoberoi added a commit that referenced this issue May 24, 2019
@aoberoi
Merge pull request #197 from seratch/issue-192-raw-body
77431a7 
Fix #192 ExpressReceiver support for rawBody for signature verification
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@seratch seratch

Labels
enhancement M-T: A feature request for new functionality
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@seratch @aoberoi