+def error(message):
+ """Generate an error response for a Slack request
+
+ This will print the error message (so that it appears in CloudWatch
+ logs) and will then return a dictionary suitable for returning
+ as an error response."""
+
+ print("Error: {}.".format(message))
+
+ return {
+ 'statusCode': 400,
+ 'body': ''
+ }
+
+def slack_is_valid_request(slack_signature, timestamp, body):
+ """Returns True if the timestamp and body correspond to signature.
+
+ This implements the Slack signature verification using the slack
+ signing secret (obtained via an SSM parameter in code above)."""
+
+ content = "v0:{}:{}".format(timestamp,body).encode('utf-8')
+
+ signature = 'v0=' + hmac.new(slack_signing_secret,
+ content,
+ hashlib.sha256).hexdigest()
+
+ if hmac.compare_digest(signature, slack_signature):
+ return True
+ else:
+ print("Bad signature: {} != {}".format(signature, slack_signature))
+ return False
+