AWS Lambda 验证来自 Slack 的请求
AWS Lambda verify requests from Slack
我在 AWS Lambda 中有以下 Python 代码来验证收到的事件是否确实来自 Slack:
import hmac
import json
def verifySignature(header,body):
h = hmac.new(key=os.getenv('sign_secret').encode(), \
msg=f'v0:{header.get("X-Slack-Request-Timestamp")}:{body}'.encode(), \
digestmod="sha256")
result = hmac.compare_digest('v0='+h.hexdigest(),header.get('X-Slack-Signature'))
print('v0='+h.hexdigest(),header.get('X-Slack-Signature'))
return result
def lambda_handler(event, context):
body = json.loads(event.get('body'))
if verifySignature(event.get('headers'),body):
do_something()
概述了 Slack 的身份验证协议 here。但是,我不断收到不匹配的签名(结果 == False)。有谁知道为什么?
问题很可能来自编码/解码。有pip package验证松弛签名。
但是验证码很简单:
import hashlib
import hmac
def verify_slack_signature(slack_post_request, slack_signing_secret):
slack_signing_secret = bytes(slack_signing_secret, 'utf-8')
slack_signature = slack_post_request['headers']['X-Slack-Signature']
slack_request_timestamp = slack_post_request['headers']['X-Slack-Request-Timestamp']
request_body = slack_post_request["body"]
basestring = f"v0:{slack_request_timestamp}:{request_body}".encode('utf-8')
my_signature = 'v0=' + hmac.new(slack_signing_secret, basestring, hashlib.sha256).hexdigest()
return hmac.compare_digest(my_signature, slack_signature)
我在 AWS Lambda 中有以下 Python 代码来验证收到的事件是否确实来自 Slack:
import hmac
import json
def verifySignature(header,body):
h = hmac.new(key=os.getenv('sign_secret').encode(), \
msg=f'v0:{header.get("X-Slack-Request-Timestamp")}:{body}'.encode(), \
digestmod="sha256")
result = hmac.compare_digest('v0='+h.hexdigest(),header.get('X-Slack-Signature'))
print('v0='+h.hexdigest(),header.get('X-Slack-Signature'))
return result
def lambda_handler(event, context):
body = json.loads(event.get('body'))
if verifySignature(event.get('headers'),body):
do_something()
概述了 Slack 的身份验证协议 here。但是,我不断收到不匹配的签名(结果 == False)。有谁知道为什么?
问题很可能来自编码/解码。有pip package验证松弛签名。
但是验证码很简单:
import hashlib
import hmac
def verify_slack_signature(slack_post_request, slack_signing_secret):
slack_signing_secret = bytes(slack_signing_secret, 'utf-8')
slack_signature = slack_post_request['headers']['X-Slack-Signature']
slack_request_timestamp = slack_post_request['headers']['X-Slack-Request-Timestamp']
request_body = slack_post_request["body"]
basestring = f"v0:{slack_request_timestamp}:{request_body}".encode('utf-8')
my_signature = 'v0=' + hmac.new(slack_signing_secret, basestring, hashlib.sha256).hexdigest()
return hmac.compare_digest(my_signature, slack_signature)