5 лет назад · f70d13a1b2
--- a/packages/slack/src/utils/verifying-is-slack-request.ts
+++ b/packages/slack/src/utils/verifying-is-slack-request.ts
@@ -1,16 +1,15 @@
 
				-import {createHmac,timingSafeEqual} from 'crypto';
			
 
				-import {stringify}  from 'qs';
			
 
				+import { createHmac, timingSafeEqual } from 'crypto';
			
 
				+import { stringify } from 'qs';
			
 
				 
			
 
				 /**
			
 
				    * Verify if the request came from slack
			
 
				    * See: https://api.slack.com/authentication/verifying-requests-from-slack
			
 
				    */
			
 
				 // TODO GW-5628 move this to slack package
			
 
				-export const verifyingIsSlackRequest = (req, res, next):string => {
			
 
				-  console.log("hogematus");
			
 
				+export const verifyingIsSlackRequest = (req, res, signingSecret):string => {
			
 
				   // Temporary
			
 
				   // req.signingSecret = crowi.configManager.getConfig('crowi', 'slackbot:signingSecret');
			
 
				-  req.signingSecret = 'dummy';
			
 
				+  req.signingSecret = signingSecret;
			
 
				 
			
 
				   // take out slackSignature and timestamp from header
			
 
				   const slackSignature = req.headers['x-slack-signature'];
			
@@ -19,8 +18,6 @@ export const verifyingIsSlackRequest = (req, res, next):string => {
 
				   // protect against replay attacks
			
 
				   const time = Math.floor(new Date().getTime() / 1000);
			
 
				   if (Math.abs(time - timestamp) > 300) {
			
 
				-    console.log("math");
			
 
				-
			
 
				     return res.send('Verification failed.');
			
 
				   }
			
 
				 
			
@@ -33,13 +30,8 @@ export const verifyingIsSlackRequest = (req, res, next):string => {
 
				 
			
 
				   // compare growiSignature and slackSignature
			
 
				   if (timingSafeEqual(Buffer.from(growiSignature, 'utf8'), Buffer.from(slackSignature, 'utf8'))) {
			
 
				-    return next();
			
 
				+    return res.send('いけてるよ');
			
 
				   }
			
 
				-console.log("ippo");
			
 
				 
			
 
				   return res.send('Verification failed');
			
 
				 };
			
 
				-
			
 
				-// export const verifyingIsSlackRequest = (req, res, next) => {
			
 
				-// return 'hoge'
			
 
				-// }
			
--- a/src/server/routes/apiv3/slack-bot.js
+++ b/src/server/routes/apiv3/slack-bot.js
@@ -69,8 +69,9 @@ module.exports = (crowi) => {
 
				   //   return res.send('Verification failed');
			
 
				   // }
			
 
				 
			
 
				-  router.post('/', /* verificationRequestUrl, */ verifyingIsSlackRequest, /* verificationAccessToken, */ async(req, res) => {
			
 
				+  router.post('/', /* verificationRequestUrl, /* verificationAccessToken, */ async(req, res) => {
			
 
				 
			
 
				+    verifyingIsSlackRequest(req, res, crowi.configManager.getConfig('crowi', 'slackbot:signingSecret'));
			
 
				     // Send response immediately to avoid opelation_timeout error
			
 
				     // See https://api.slack.com/apis/connections/events-api#the-events-api__responding-to-events
			
 
				     res.send();