@bowtie/sls/src/validator.js

Serverless helpers & utilities

const https = require('https')
const crypto = require('crypto')
const config = require('./config');

/**
 * Validate Bitbucket webhook source using User-Agent header
 * @param {object} event
 */
module.exports.bitbucketWebhook = (event) => {
  // Return a promise for the promise chain
  return new Promise(
    (resolve, reject) => {
      // Ensure the body exists
      if (!event.body) {
        reject(new Error('Event has no body.'))
        return
      }

      // Ensure the headers contain a User-Agent
      if (!event.headers['User-Agent']) {
        reject(new Error('Missing User-Agent header.'))
        return
      }

      // Ensure webhook is coming from bitbucket
      if (event.headers['User-Agent'].indexOf('Bitbucket-Webhooks') === 0) {
        resolve(event)
      } else {
        reject(new Error('Invalid User-Agent header'))
      }
    }
  )
}

/**
 * Validate github webhooks
 */
module.exports.githubWebhook = (event) => {
  // Return a promise for the promise chain
  return new Promise(
    (resolve, reject) => {
      // Ensure the body exists
      if (!event.body) {
        reject(new Error('Event has no body.'))
        return
      }

      // Ensure the headers contain a Signature
      if (!event.headers['x-hub-signature'] && !event.headers['X-Hub-Signature']) {
        reject(new Error('Missing signature header.'))
        return;
      }

      const signatureHeader = event.headers['x-hub-signature'] || event.headers['X-Hub-Signature']
      const signatureParts = signatureHeader.split('=')

      if (signatureParts.length !== 2) {
        reject(new Error('Unknown signature header format.'))
        return
      }

      const signatureAlgorithm = signatureParts[0]
      const signatureReceived  = signatureParts[1]
      const signatureComputed  = crypto.createHmac(signatureAlgorithm, event.service.github.secret).update(event.body).digest('hex')

      if (signatureComputed === signatureReceived) {
        resolve(event)
      } else {
        reject(new Error('Invalid github signature.'))
      }
    }
  )
}

/**
 * Validate Slack slash command events
 */
module.exports.slackCommand = (event) => {
  // Return a promise for the promise chain
  return new Promise(
    (resolve, reject) => {
      // Ensure the body has been parsed
      if (!event.parsed.body) {
        reject(new Error('No body has been parsed.'))
        return
      }

      // Ensure the parsed body contains a token
      if (!event.parsed.body.token) {
        reject(new Error('Missing token in parsed body.'))
        return
      }

      // Compare the parsed body token to the token in the config
      if (event.parsed.body.token === event.service.slack.token) {
        // Resolve if tokens match!
        resolve(event)
      } else {
        // Reject if tokens do not match
        reject(new Error('Invalid slack verification token.'))
      }
    }
  )
}

/**
 * Validate Slack response events
 */
module.exports.slackResponse = (event) => {
  // Return a promise for the promise chain
  return new Promise(
    (resolve, reject) => {
      // Ensure the payload has been parsed
      if (!event.parsed.payload) {
        reject(new Error('No payload has been parsed.'))
        return
      }

      // Ensure the parsed payload contains a token
      if (!event.parsed.payload.token) {
        reject(new Error('Missing token in parsed payload.'))
        return
      }

      // Compare the parsed payload token to the token in the config
      if (event.parsed.payload.token === event.service.slack.token) {
        // Resolve if tokens match!
        resolve(event)
      } else {
        // Reject if tokens do not match
        reject(new Error('Invalid slack verification token.'))
      }
    }
  )
}