triangletodd · February 7, 2019 23:29 · cahyowhy · May 28, 2024
diff --git a/working_verify_slack.go b/working_verify_slack.go
 package middlewares

 import (
 	"crypto/hmac"
 	"crypto/sha256"
 	"encoding/hex"

 	"github.com/gin-gonic/gin"
 )

 const (
 	signingKey = "SLACK_SECRET_HERE"
 )

 // VerifySlackMiddleware is responsible for verifying the X-Slack-Signature
 // in a request against our secret.
 func VerifySlackMiddleware() gin.HandlerFunc {
 	return func(c *gin.Context) {
 		rTimestamp := c.Request.Header.Get("X-Slack-Request-Timestamp")
 		expectedSig := c.Request.Header.Get("X-Slack-Signature")
 		rawBody, err := c.GetRawData()
 		if err != nil {
 			c.AbortWithStatusJSON(502, gin.H{"text": "Unexpected error."})
 		}

 		sigBaseString := "v0:" + rTimestamp + ":" + string(rawBody)

 		h := hmac.New(sha256.New, []byte(signingKey))
 		h.Write([]byte(sigBaseString))
 		computedSig := "v0=" + hex.EncodeToString(h.Sum(nil))

 		if expectedSig != computedSig {
 			c.AbortWithStatusJSON(401, gin.H{"text": "You shall not pass."})
 		}

 		c.Next()
 	}
 }
	package middlewares

	import (
	"crypto/hmac"
	"crypto/sha256"
	"encoding/hex"

	"github.com/gin-gonic/gin"
	)

	const (
	signingKey = "SLACK_SECRET_HERE"
	)

	// VerifySlackMiddleware is responsible for verifying the X-Slack-Signature
	// in a request against our secret.
	func VerifySlackMiddleware() gin.HandlerFunc {
	return func(c *gin.Context) {
	rTimestamp := c.Request.Header.Get("X-Slack-Request-Timestamp")
	expectedSig := c.Request.Header.Get("X-Slack-Signature")
	rawBody, err := c.GetRawData()
	if err != nil {
	c.AbortWithStatusJSON(502, gin.H{"text": "Unexpected error."})
	}

	sigBaseString := "v0:" + rTimestamp + ":" + string(rawBody)

	h := hmac.New(sha256.New, []byte(signingKey))
	h.Write([]byte(sigBaseString))
	computedSig := "v0=" + hex.EncodeToString(h.Sum(nil))

	if expectedSig != computedSig {
	c.AbortWithStatusJSON(401, gin.H{"text": "You shall not pass."})
	}

	c.Next()
	}
	}