From 9e6e3213fb04c3c67539bd85b62dcdbbe4bf4a7c Mon Sep 17 00:00:00 2001
From: Carl Worth <cworth@cworth.org>
Date: Tue, 13 Oct 2020 16:15:57 -0700
Subject: [PATCH] Move some slack utility code into turbot/slack.py

Specifically, the Slack verification code. Just trying to keep
turbot_lambda.py a bit more tidy.
---
 turbot/slack.py                | 23 +++++++++++++++++++++++
 turbot_lambda/turbot_lambda.py | 33 +++++++++------------------------
 2 files changed, 32 insertions(+), 24 deletions(-)
 create mode 100644 turbot/slack.py

diff --git a/turbot/slack.py b/turbot/slack.py
new file mode 100644
index 0000000..d2d683d
--- /dev/null
+++ b/turbot/slack.py
@@ -0,0 +1,23 @@
+import hashlib
+import hmac
+import os
+
+slack_signing_secret = bytes(os.environ['SLACK_SIGNING_SECRET'], 'utf-8')
+
+def slack_is_valid_request(slack_signature, timestamp, body):
+    """Returns True if the timestamp and body correspond to signature.
+
+    This implements the Slack signature verification using the slack
+    signing secret (obtained via an SSM parameter in code above)."""
+
+    content = "v0:{}:{}".format(timestamp, body).encode('utf-8')
+
+    signature = 'v0=' + hmac.new(slack_signing_secret,
+                                 content,
+                                 hashlib.sha256).hexdigest()
+
+    if hmac.compare_digest(signature, slack_signature):
+        return True
+    else:
+        print("Bad signature: {} != {}".format(signature, slack_signature))
+        return False
diff --git a/turbot_lambda/turbot_lambda.py b/turbot_lambda/turbot_lambda.py
index fc047e3..ece58d6 100644
--- a/turbot_lambda/turbot_lambda.py
+++ b/turbot_lambda/turbot_lambda.py
@@ -1,18 +1,21 @@
 from urllib.parse import parse_qs
-from turbot.rot import rot
-import turbot.views
-import turbot.actions
 from slack import WebClient
 import boto3
 import requests
-import hashlib
-import hmac
 import json
+import os
+from turbot.rot import rot
+import turbot.views
+import turbot.actions
 
 ssm = boto3.client('ssm')
 
 response = ssm.get_parameter(Name='SLACK_SIGNING_SECRET', WithDecryption=True)
-slack_signing_secret = bytes(response['Parameter']['Value'], 'utf-8')
+slack_signing_secret = response['Parameter']['Value']
+os.environ['SLACK_SIGNING_SECRET'] = slack_signing_secret
+
+# Note: Late import here to have the environment variable above available
+from turbot.slack import slack_is_valid_request # noqa
 
 response = ssm.get_parameter(Name='SLACK_BOT_TOKEN', WithDecryption=True)
 slack_bot_token = response['Parameter']['Value']
@@ -32,24 +35,6 @@ def error(message):
         'body': ''
     }
 
-def slack_is_valid_request(slack_signature, timestamp, body):
-    """Returns True if the timestamp and body correspond to signature.
-
-    This implements the Slack signature verification using the slack
-    signing secret (obtained via an SSM parameter in code above)."""
-
-    content = "v0:{}:{}".format(timestamp, body).encode('utf-8')
-
-    signature = 'v0=' + hmac.new(slack_signing_secret,
-                                 content,
-                                 hashlib.sha256).hexdigest()
-
-    if hmac.compare_digest(signature, slack_signature):
-        return True
-    else:
-        print("Bad signature: {} != {}".format(signature, slack_signature))
-        return False
-
 def turbot_lambda(event, context):
     """Top-level entry point for our lambda function.
 
-- 
2.45.2