我'm trying the new request verification process for Slack API on AWS Lambda but I can' t从请求中生成有效签名 .

在API网关中映射Integration请求的模板 . 我不能得到一个原始的请求,因为松弛的文档说,但我尽力这样:

{
  "body" : $input.body,
  "headers": {
    #foreach($param in $input.params().header.keySet())
    "$param": "$util.escapeJavaScript($input.params().header.get($param))" #if($foreach.hasNext),#end

    #end  
  }
}

我的验证功能:

def is_valid_request(headers, body):
   logger.info(f"DECODED_SECRET: {DECODED_SECRET}")
   logger.info(f"DECRYPTED_SECRET: {DECRYPTED_SECRET}")

   timestamp   = headers.get(REQ_KEYS['timestamp'])
   logger.info(f"timestamp: {timestamp}")

   encoded_body = urlencode(body)
   logger.info(f"encoded_body: {encoded_body}")

   base_str    = f"{SLACK_API_VER}:{timestamp}:{encoded_body}"
   logger.info(f"base_str: {base_str}")

   base_b      = bytes(base_str, 'utf-8')
   dgst_str    = hmac.new(DECRYPTED_SECRET, base_b, digestmod=sha256).hexdigest()

   sig_str     = f"{SLACK_API_VER}={dgst_str}"
   logger.info(f"signature: {sig_str}")

   req_sig = headers.get(REQ_KEYS['sig'])
   logger.info(f"req_sig: {req_sig}")

   logger.info(f"comparing: {hmac.compare_digest(sig_str, req_sig)}")
   return hmac.compare_digest(sig_str, req_sig)

Lambda登录CloudWatch . 出于安全原因,我无法显示值,但似乎每个变量/常量都具有合理的值:

DECODED_SECRET: ...
DECRYPTED_SECRET: ...
timestamp: 1532011621
encoded_body: ...
base_str: v0:1532011621:token= ... &team_id= ... &api_app_id= ...
signature: v0=3 ...
req_sig: v0=1 ...
comparing: False

signature should match with req_sig but it doesn't . 我猜 base_str = f"{SLACK_API_VER}:{timestamp}:{encoded_body}" 有问题 . 我的意思是,请求机构的连接或urlencoding,但我不确定 . 先感谢您!