UNPKG

@seratch_/bolt-fastify

Version:

Bolt for JavaScript Extension - Fastify

github.com/seratch/slack-bolt-extensions

seratch/slack-bolt-extensions

40 lines 2.39 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
/** * Functions used to verify the authenticity of incoming HTTP requests from Slack. * * The functions in this file are intentionally generic (don't depend on any particular web framework) and * time-independent (for testing) so they can be used in a wide variety of applications. The intention is to distribute * these functions in its own package. * * For now, there is some duplication between the contents of this file and ExpressReceiver.ts. Later, the duplication * can be reduced by implementing the equivalent functionality in terms of the functions in this file. */ /// <reference types="node" /> import type { Logger } from '@slack/logger'; import type { IncomingMessage, ServerResponse } from 'http'; import { BufferedIncomingMessage } from './BufferedIncomingMessage'; export interface VerifyOptions { enabled?: boolean; signingSecret: string; nowMilliseconds?: () => number; logger?: Logger; } /** * Verify the authenticity of an incoming HTTP request from Slack and buffer the HTTP body. * * When verification succeeds, the returned promise is resolved. When verification fails, the returned promise is * rejected with an error describing the reason. IMPORTANT: The error messages may contain sensitive information about * failures, do not return the error message text to users in a production environment. It's recommended to catch all * errors and return an opaque failure (HTTP status code 401, no body). * * Verification requires consuming `req` as a Readable stream. * If the `req` was consumed before this function is called, * then this function expects it to be stored as a Buffer at `req.rawBody`. This is a convention used by infrastructure * platforms such as Google Cloud Platform. When the function returns, the buffered body is stored at the `req.rawBody` * property for further handling. * * The function is designed to be curry-able for use as a standard http RequestListener, and therefore keeps `req` and * `res` are the last arguments. However, the function is also async, which means when it is curried for use as a * RequestListener, the caller should also capture and use the return value. */ export declare function parseAndVerifyHTTPRequest(options: VerifyOptions, req: IncomingMessage, _res?: ServerResponse): Promise<BufferedIncomingMessage>; //# sourceMappingURL=request-verification.d.ts.map