Lib.rs

Web programming
#http-request #slack #verifier #verification #api #signature-verification #verifies

slack-http-verifier

Verifies HTTP request signatures from Slack

by Denbeigh Stevens

3 releases

0.1.2 Mar 4, 2020
0.1.1 Feb 29, 2020
0.1.0 Feb 29, 2020

#36 in #signature-verification

MIT license

15KB
144 lines

slack-http-verifier

This crate implements verification of Slack's request tokens, as described here.

There is out-of-the-box support for reqwest::blocking::Request, and http::Request, but you can create a newtype implementing HTTPRequest to suit your own needs.

Use the HTTP Request API:

use slack_http_verifier::SlackHTTPVerifier;

let verifier = SlackHTTPVerifier::new("abcd1234...").unwrap();

// ... Receive a request somehow ...

assert!(verifier.verify(&req).is_ok());

Or use the raw API:

use slack_http_verifier::SlackVerifier;

let verifier = SlackVerifier::new("abcd1234...").unwrap();

// ... Receive a request somehow ...
let ts = req.get("X-Slack-Request-Timestamp");
let sig = req.get("X-Slack-Signature");
let body = req.body().as_str();

assert!(verifier.verify(&ts, &body, &sig).is_ok());

Dependencies

~3–7MB
~162K SLoC