UNPKG

@slack/bolt

Version:

A framework for building Slack apps, fast.

tools.slack.dev/bolt-js

slackapi/bolt-js

216 lines 9.83 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
"use strict"; var __importDefault = (this && this.__importDefault) || function (mod) { return (mod && mod.__esModule) ? mod : { "default": mod }; }; Object.defineProperty(exports, "__esModule", { value: true }); exports.defaultUnhandledRequestHandler = exports.defaultProcessEventErrorHandler = exports.defaultAsyncDispatchErrorHandler = exports.defaultDispatchErrorHandler = exports.buildContentResponse = exports.buildSSLCheckResponse = exports.buildUrlVerificationResponse = exports.buildNoBodyResponse = exports.bufferIncomingMessage = exports.getHeader = exports.isBufferedIncomingMessage = exports.parseAndVerifyHTTPRequest = exports.parseHTTPRequestBody = exports.extractRetryReasonFromHTTPRequest = exports.extractRetryNumFromHTTPRequest = void 0; const node_querystring_1 = require("node:querystring"); const raw_body_1 = __importDefault(require("raw-body")); const errors_1 = require("../errors"); const verify_request_1 = require("./verify-request"); const verifyErrorPrefix = 'Failed to verify authenticity'; const extractRetryNumFromHTTPRequest = (req) => { let retryNum; const retryNumHeaderValue = req.headers['x-slack-retry-num']; if (retryNumHeaderValue === undefined) { retryNum = undefined; } else if (typeof retryNumHeaderValue === 'string') { retryNum = Number.parseInt(retryNumHeaderValue, 10); } else if (Array.isArray(retryNumHeaderValue) && retryNumHeaderValue.length > 0) { retryNum = Number.parseInt(retryNumHeaderValue[0], 10); } return retryNum; }; exports.extractRetryNumFromHTTPRequest = extractRetryNumFromHTTPRequest; const extractRetryReasonFromHTTPRequest = (req) => { let retryReason; const retryReasonHeaderValue = req.headers['x-slack-retry-reason']; if (retryReasonHeaderValue === undefined) { retryReason = undefined; } else if (typeof retryReasonHeaderValue === 'string') { retryReason = retryReasonHeaderValue; } else if (Array.isArray(retryReasonHeaderValue) && retryReasonHeaderValue.length > 0) { retryReason = retryReasonHeaderValue[0]; } return retryReason; }; exports.extractRetryReasonFromHTTPRequest = extractRetryReasonFromHTTPRequest; // ------------------------------------------ // HTTP request parsing and verification // ------------------------------------------ // biome-ignore lint/suspicious/noExplicitAny: HTTP request bodies could be anything const parseHTTPRequestBody = (req) => { const bodyAsString = req.rawBody.toString(); const contentType = req.headers['content-type']; if (contentType === 'application/x-www-form-urlencoded') { const parsedQs = (0, node_querystring_1.parse)(bodyAsString); const { payload } = parsedQs; if (typeof payload === 'string') { return JSON.parse(payload); } return parsedQs; } return JSON.parse(bodyAsString); }; exports.parseHTTPRequestBody = parseHTTPRequestBody; const parseAndVerifyHTTPRequest = async (options, req, _res) => { const { signingSecret } = options; // Consume the readable stream (or use the previously consumed readable stream) const bufferedReq = await (0, exports.bufferIncomingMessage)(req); if (options.enabled !== undefined && !options.enabled) { // As the validation is disabled, immediately return the buffered request return bufferedReq; } const textBody = bufferedReq.rawBody.toString(); const contentType = req.headers['content-type']; if (contentType === 'application/x-www-form-urlencoded') { // `ssl_check=1` requests do not require x-slack-signature verification const parsedQs = (0, node_querystring_1.parse)(textBody); if (parsedQs?.ssl_check) { return bufferedReq; } } // Find the relevant request headers const signature = (0, exports.getHeader)(req, 'x-slack-signature'); const requestTimestampSec = Number((0, exports.getHeader)(req, 'x-slack-request-timestamp')); (0, verify_request_1.verifySlackRequest)({ signingSecret, body: textBody, headers: { 'x-slack-signature': signature, 'x-slack-request-timestamp': requestTimestampSec, }, logger: options.logger, }); // Checks have passed! Return the value that has a side effect (the buffered request) return bufferedReq; }; exports.parseAndVerifyHTTPRequest = parseAndVerifyHTTPRequest; const isBufferedIncomingMessage = (req) => { // TODO: why are we casting the argument if we're using this as a type guard? return Buffer.isBuffer(req.rawBody); }; exports.isBufferedIncomingMessage = isBufferedIncomingMessage; const getHeader = (req, header) => { const value = req.headers[header]; if (value === undefined || Array.isArray(value)) { throw new Error(`${verifyErrorPrefix}: header ${header} did not have the expected type (received ${typeof value}, expected string)`); } return value; }; exports.getHeader = getHeader; const bufferIncomingMessage = async (req) => { if ((0, exports.isBufferedIncomingMessage)(req)) { return req; } const bufferedRequest = req; bufferedRequest.rawBody = await (0, raw_body_1.default)(req); return bufferedRequest; }; exports.bufferIncomingMessage = bufferIncomingMessage; // ------------------------------------------ // HTTP response builder methods // ------------------------------------------ const buildNoBodyResponse = (res, status) => { res.writeHead(status); res.end(); }; exports.buildNoBodyResponse = buildNoBodyResponse; // biome-ignore lint/suspicious/noExplicitAny: HTTP request bodies could be anything const buildUrlVerificationResponse = (res, body) => { res.writeHead(200, { 'content-type': 'application/json' }); res.end(JSON.stringify({ challenge: body.challenge })); }; exports.buildUrlVerificationResponse = buildUrlVerificationResponse; const buildSSLCheckResponse = (res) => { res.writeHead(200); res.end(); }; exports.buildSSLCheckResponse = buildSSLCheckResponse; // biome-ignore lint/suspicious/noExplicitAny: HTTP request bodies could be anything const buildContentResponse = (res, body) => { if (!body) { res.writeHead(200); res.end(); } else if (typeof body === 'string') { res.writeHead(200); res.end(body); } else { res.writeHead(200, { 'content-type': 'application/json' }); res.end(JSON.stringify(body)); } }; exports.buildContentResponse = buildContentResponse; // ------------------------------------------ // Error handlers for event processing // ------------------------------------------ // The default dispatchErrorHandler implementation: // Developers can customize this behavior by passing dispatchErrorHandler to the constructor // Note that it was not possible to make this function async due to the limitation of http module const defaultDispatchErrorHandler = (args) => { const { error, logger, request, response } = args; if ('code' in error) { if (error.code === errors_1.ErrorCode.HTTPReceiverDeferredRequestError) { logger.info(`Unhandled HTTP request (${request.method}) made to ${request.url}`); response.writeHead(404); response.end(); return; } } logger.error(`An unexpected error occurred during a request (${request.method}) made to ${request.url}`); logger.debug(`Error details: ${error}`); response.writeHead(500); response.end(); }; exports.defaultDispatchErrorHandler = defaultDispatchErrorHandler; const defaultAsyncDispatchErrorHandler = async (args) => { return (0, exports.defaultDispatchErrorHandler)(args); }; exports.defaultAsyncDispatchErrorHandler = defaultAsyncDispatchErrorHandler; // The default processEventErrorHandler implementation: // Developers can customize this behavior by passing processEventErrorHandler to the constructor const defaultProcessEventErrorHandler = async (args) => { const { error, response, logger, storedResponse } = args; // Check if the response headers have already been sent if (response.headersSent) { logger.error('An unhandled error occurred after ack() called in a listener'); logger.debug(`Error details: ${error}, storedResponse: ${storedResponse}`); return false; } if ('code' in error) { if (error.code === errors_1.ErrorCode.AuthorizationError) { // authorize function threw an exception, which means there is no valid installation data response.writeHead(401); response.end(); return true; } } logger.error('An unhandled error occurred while Bolt processed an event'); logger.debug(`Error details: ${error}, storedResponse: ${storedResponse}`); response.writeHead(500); response.end(); return false; }; exports.defaultProcessEventErrorHandler = defaultProcessEventErrorHandler; // The default unhandledRequestHandler implementation: // Developers can customize this behavior by passing unhandledRequestHandler to the constructor // Note that this method cannot be an async function to align with the implementation using setTimeout const defaultUnhandledRequestHandler = (args) => { const { logger, response } = args; logger.error('An incoming event was not acknowledged within 3 seconds. ' + 'Ensure that the ack() argument is called in a listener.'); // Check if the response has already been sent if (!response.headersSent) { // If not, set the status code and end the response to close the connection response.writeHead(404); // Not Found response.end(); } }; exports.defaultUnhandledRequestHandler = defaultUnhandledRequestHandler; //# sourceMappingURL=HTTPModuleFunctions.js.map