use slack package

packages/slack/src/index.ts

@@ -10,3 +10,4 @@ export const supportedGrowiCommands: string[] = [
 export * from './interfaces/growi-command';
 export * from './models/errors';
 export * from './utils/slash-command-parser';
+export * from './utils/verifying-is-slack-request';

packages/slack/src/utils/verifying-is-slack-request.ts

@@ -7,6 +7,7 @@ import qs from 'qs';
    */
 // TODO GW-5628 move this to slack package
 export default function verifyingIsSlackRequest(req, res, next):string {
+  console.log(req);
   // Temporary
   // req.signingSecret = crowi.configManager.getConfig('crowi', 'slackbot:signingSecret');
   req.signingSecret = 'dummy';

src/server/routes/apiv3/slack-bot.js

@@ -1,8 +1,8 @@
 
 const express = require('express');
 
-const crypto = require('crypto');
-const qs = require('qs');
+// const crypto = require('crypto');
+// const qs = require('qs');
 
 const loggerFactory = require('@alias/logger');
 
@@ -40,34 +40,34 @@ module.exports = (crowi) => {
    * See: https://api.slack.com/authentication/verifying-requests-from-slack
    */
   // TODO GW-5628 move this to slack package
-  function verifyingIsSlackRequest(req, res, next) {
-    // Temporary
-    req.signingSecret = crowi.configManager.getConfig('crowi', 'slackbot:signingSecret');
-
-    // take out slackSignature and timestamp from header
-    const slackSignature = req.headers['x-slack-signature'];
-    const timestamp = req.headers['x-slack-request-timestamp'];
-
-    // protect against replay attacks
-    const time = Math.floor(new Date().getTime() / 1000);
-    if (Math.abs(time - timestamp) > 300) {
-      return res.send('Verification failed.');
-    }
-
-    // generate growi signature
-    const sigBaseString = `v0:${timestamp}:${qs.stringify(req.body, { format: 'RFC1738' })}`;
-    const hasher = crypto.createHmac('sha256', req.signingSecret);
-    hasher.update(sigBaseString, 'utf8');
-    const hashedSigningSecret = hasher.digest('hex');
-    const growiSignature = `v0=${hashedSigningSecret}`;
-
-    // compare growiSignature and slackSignature
-    if (crypto.timingSafeEqual(Buffer.from(growiSignature, 'utf8'), Buffer.from(slackSignature, 'utf8'))) {
-      return next();
-    }
-
-    return res.send('Verification failed');
-  }
+  // function verifyingIsSlackRequest(req, res, next) {
+  //   // Temporary
+  //   req.signingSecret = crowi.configManager.getConfig('crowi', 'slackbot:signingSecret');
+
+  //   // take out slackSignature and timestamp from header
+  //   const slackSignature = req.headers['x-slack-signature'];
+  //   const timestamp = req.headers['x-slack-request-timestamp'];
+
+  //   // protect against replay attacks
+  //   const time = Math.floor(new Date().getTime() / 1000);
+  //   if (Math.abs(time - timestamp) > 300) {
+  //     return res.send('Verification failed.');
+  //   }
+
+  //   // generate growi signature
+  //   const sigBaseString = `v0:${timestamp}:${qs.stringify(req.body, { format: 'RFC1738' })}`;
+  //   const hasher = crypto.createHmac('sha256', req.signingSecret);
+  //   hasher.update(sigBaseString, 'utf8');
+  //   const hashedSigningSecret = hasher.digest('hex');
+  //   const growiSignature = `v0=${hashedSigningSecret}`;
+
+  //   // compare growiSignature and slackSignature
+  //   if (crypto.timingSafeEqual(Buffer.from(growiSignature, 'utf8'), Buffer.from(slackSignature, 'utf8'))) {
+  //     return next();
+  //   }
+
+  //   return res.send('Verification failed');
+  // }
 
   router.post('/', verificationRequestUrl, verifyingIsSlackRequest, verificationAccessToken, async(req, res) => {