我'm trying the new request verification process for Slack API on AWS Lambda but I can' t从请求中生成有效签名 .
-
https://api.slack.com/docs/verifying-requests-from-slack中显示的示例是斜杠命令,但我用于事件订阅,尤其是对bot事件(app_mention)的订阅 . Does the new process support event subscriptions as well?
-
若然, am I missing something?
在API网关中映射Integration请求的模板 . 我不能得到一个原始的请求,因为松弛的文档说,但我尽力这样:
{
"body" : $input.body,
"headers": {
#foreach($param in $input.params().header.keySet())
"$param": "$util.escapeJavaScript($input.params().header.get($param))" #if($foreach.hasNext),#end
#end
}
}
我的验证功能:
def is_valid_request(headers, body):
logger.info(f"DECODED_SECRET: {DECODED_SECRET}")
logger.info(f"DECRYPTED_SECRET: {DECRYPTED_SECRET}")
timestamp = headers.get(REQ_KEYS['timestamp'])
logger.info(f"timestamp: {timestamp}")
encoded_body = urlencode(body)
logger.info(f"encoded_body: {encoded_body}")
base_str = f"{SLACK_API_VER}:{timestamp}:{encoded_body}"
logger.info(f"base_str: {base_str}")
base_b = bytes(base_str, 'utf-8')
dgst_str = hmac.new(DECRYPTED_SECRET, base_b, digestmod=sha256).hexdigest()
sig_str = f"{SLACK_API_VER}={dgst_str}"
logger.info(f"signature: {sig_str}")
req_sig = headers.get(REQ_KEYS['sig'])
logger.info(f"req_sig: {req_sig}")
logger.info(f"comparing: {hmac.compare_digest(sig_str, req_sig)}")
return hmac.compare_digest(sig_str, req_sig)
Lambda登录CloudWatch . 出于安全原因,我无法显示值,但似乎每个变量/常量都具有合理的值:
DECODED_SECRET: ...
DECRYPTED_SECRET: ...
timestamp: 1532011621
encoded_body: ...
base_str: v0:1532011621:token= ... &team_id= ... &api_app_id= ...
signature: v0=3 ...
req_sig: v0=1 ...
comparing: False
signature should match with req_sig but it doesn't . 我猜 base_str = f"{SLACK_API_VER}:{timestamp}:{encoded_body}" 有问题 . 我的意思是,请求机构的连接或urlencoding,但我不确定 . 先感谢您!