impl middleware to verify the req sent from GROWI

packages/slack/src/index.ts

@@ -8,8 +8,10 @@ export const supportedGrowiCommands: string[] = [
 ];
 
 export * from './interfaces/growi-command';
+export * from './interfaces/request-between-growi-and-proxy';
 export * from './interfaces/request-from-slack';
 export * from './models/errors';
+export * from './middlewares/verify-growi-to-slack-request';
 export * from './middlewares/verify-slack-request';
 export * from './utils/block-creater';
 export * from './utils/check-communicable';

packages/slack/src/interfaces/request-between-growi-and-proxy.ts

@@ -0,0 +1,17 @@
+import { Request } from 'express';
+
+export type RequestFromGrowi = Request & {
+  // appended by GROWI
+  headers:{'x-growi-gtop-tokens'?:string},
+
+  // will be extracted from header
+  tokenGtoPs: string[],
+};
+
+export type RequestFromProxy = Request & {
+  // appended by Proxy
+  headers:{'x-growi-ptog-token'?:string},
+
+  // will be extracted from header
+  tokenPtoG: string[],
+};

packages/slack/src/middlewares/verify-growi-to-slack-request.ts

@@ -0,0 +1,30 @@
+import { Response, NextFunction } from 'express';
+
+import loggerFactory from '../utils/logger';
+import { RequestFromGrowi } from '../interfaces/request-between-growi-and-proxy';
+
+const logger = loggerFactory('@growi/slack:middlewares:verify-slack-request');
+
+/**
+ * Verify if the request came from slack
+ * See: https://api.slack.com/authentication/verifying-requests-from-slack
+ */
+export const verifyGrowiToSlackRequest = (req: RequestFromGrowi, res: Response, next: NextFunction): Record<string, any> | void => {
+  const str = req.headers['x-growi-gtop-tokens'];
+
+  if (str == null) {
+    const message = 'The value of header \'x-growi-gtop-tokens\' must not be empty.';
+    logger.warn(message, { body: req.body });
+    return res.status(400).send({ message });
+  }
+
+  const tokens = str.split(',').map(value => value.trim());
+  if (tokens.length === 0) {
+    const message = 'The value of header \'x-growi-gtop-tokens\' must include at least one or more tokens.';
+    logger.warn(message, { body: req.body });
+    return res.status(400).send({ message });
+  }
+
+  req.tokenGtoPs = tokens;
+  return next();
+};