slack signature verification

signature.js

    verifySignature(slackSignature, slackTimestamp, body) {

        const slackSigningSecret = process.env.SLACK_SIGNING_SECRET;
        console.log('slackTimestamp: ', slackTimestamp);
        console.log('slackSignature: ', slackSignature);

        const timestamp = slackTimestamp;
        const time = Math.floor(new Date().getTime()/1000);

        if (Math.abs(time - timestamp) > 300) {
            throw new Error('Ignore this request.');
        }
        if (!slackSigningSecret) {
            throw new Error('Slack signing secret is empty.');
        }

        const sigBasestring = `v0:${timestamp}:${body}`;
        console.log('sigBasestring: ', sigBasestring);
        const cryptoHMac = crypto.createHmac('sha256', slackSigningSecret).update(sigBasestring, 'utf8').digest('hex');
        console.log('cryptoHMac: ', cryptoHMac);
        const mySignature = `v0=${cryptoHMac}`;
        console.log('mySignature: ', mySignature);

        if (!crypto.timingSafeEqual(Buffer.from(mySignature, 'utf8'), Buffer.from(slackSignature, 'utf8'))) {
            throw new Error('Verification failed');
        }
    }

signature.py

import json
import hashlib
import hmac

def create_signature(secret, timestamp, data):
    
    newdata =json.dumps(data, separators=(',', ':'))

    req = ('v0:' + str(timestamp) + ':' + newdata).encode()
    print('sigBaseString: ', req)
    request_signature= 'v0='+hmac.new(
        str.encode(secret),
        req, hashlib.sha256
    ).hexdigest()

    return request_signature


data = {}

currentSignature = create_signature('secret', timestamp, data['body'])

print('currentSignature: ', currentSignature)

expected_signature = 'v0=something'

print('expected_signature: ', expected_signature)

print('matching=', hmac.compare_digest(currentSignature, expected_signature))