apply midlware

packages/slack/src/utils/verifying-is-slack-request.ts

@@ -1,42 +1,43 @@
-// import crypto from 'crypto';
-// import qs from 'qs';
+import crypto from 'crypto';
+import qs from 'qs';
 
-// /**
-//    * Verify if the request came from slack
-//    * See: https://api.slack.com/authentication/verifying-requests-from-slack
-//    */
-// // TODO GW-5628 move this to slack package
-// export const verifyingIsSlackRequest = (req, res, next):string => {
-//   console.log("hogematus");
-//   // Temporary
-//   // req.signingSecret = crowi.configManager.getConfig('crowi', 'slackbot:signingSecret');
-//   req.signingSecret = 'dummy';
+/**
+   * Verify if the request came from slack
+   * See: https://api.slack.com/authentication/verifying-requests-from-slack
+   */
+// TODO GW-5628 move this to slack package
+export const verifyingIsSlackRequest = (req, res, next):string => {
+  console.log("hogematus");
+  // Temporary
+  // req.signingSecret = crowi.configManager.getConfig('crowi', 'slackbot:signingSecret');
+  req.signingSecret = 'dummy';
 
-//   // take out slackSignature and timestamp from header
-//   const slackSignature = req.headers['x-slack-signature'];
-//   const timestamp = req.headers['x-slack-request-timestamp'];
+  // take out slackSignature and timestamp from header
+  const slackSignature = req.headers['x-slack-signature'];
+  const timestamp = req.headers['x-slack-request-timestamp'];
 
-//   // protect against replay attacks
-//   const time = Math.floor(new Date().getTime() / 1000);
-//   if (Math.abs(time - timestamp) > 300) {
-//     return res.send('Verification failed.');
-//   }
+  // protect against replay attacks
+  const time = Math.floor(new Date().getTime() / 1000);
+  if (Math.abs(time - timestamp) > 300) {
+    return res.send('Verification failed.');
+  }
 
-//   // generate growi signature
-//   const sigBaseString = `v0:${timestamp}:${qs.stringify(req.body, { format: 'RFC1738' })}`;
-//   const hasher = crypto.createHmac('sha256', req.signingSecret);
-//   hasher.update(sigBaseString, 'utf8');
-//   const hashedSigningSecret = hasher.digest('hex');
-//   const growiSignature = `v0=${hashedSigningSecret}`;
+  // generate growi signature
+  const sigBaseString = `v0:${timestamp}:${qs.stringify(req.body, { format: 'RFC1738' })}`;
+  const hasher = crypto.createHmac('sha256', req.signingSecret);
+  hasher.update(sigBaseString, 'utf8');
+  const hashedSigningSecret = hasher.digest('hex');
+  const growiSignature = `v0=${hashedSigningSecret}`;
 
-//   // compare growiSignature and slackSignature
-//   if (crypto.timingSafeEqual(Buffer.from(growiSignature, 'utf8'), Buffer.from(slackSignature, 'utf8'))) {
-//     return next();
-//   }
+  // compare growiSignature and slackSignature
+  if (crypto.timingSafeEqual(Buffer.from(growiSignature, 'utf8'), Buffer.from(slackSignature, 'utf8'))) {
+    return next();
+  }
+console.log("ippo");
 
-//   return res.send('Verification failed');
-// };
+  return res.send('Verification failed');
+};
 
-export const verifyingIsSlackRequest = (req, res, next) => {
-return 'hoge'
-}
+// export const verifyingIsSlackRequest = (req, res, next) => {
+// return 'hoge'
+// }

src/server/routes/apiv3/slack-bot.js

@@ -69,10 +69,10 @@ module.exports = (crowi) => {
   //   return res.send('Verification failed');
   // }
 
-  router.post('/', /* verificationRequestUrl, */ /* verifyingIsSlackRequest(), */ /* verificationAccessToken, */ async(req, res) => {
+  router.post('/', /* verificationRequestUrl, */ verifyingIsSlackRequest, /* verificationAccessToken, */ async(req, res) => {
 
-    const hoge = verifyingIsSlackRequest();
-    console.log('slackbotapi', hoge);
+    // const hoge = verifyingIsSlackRequest(req, res);
+    // console.log('slackbotapi', hoge);
     // Send response immediately to avoid opelation_timeout error
     // See https://api.slack.com/apis/connections/events-api#the-events-api__responding-to-events
     res.send();