git.cworth.org Git - turbot/blob - turbot/slack.py

   1 import hashlib
   2 import hmac
   3 import os
   4
   5 slack_signing_secret = bytes(os.environ['SLACK_SIGNING_SECRET'], 'utf-8')
   6
   7 def slack_is_valid_request(slack_signature, timestamp, body):
   8     """Returns True if the timestamp and body correspond to signature.
   9
  10     This implements the Slack signature verification using the slack
  11     signing secret (obtained via an SSM parameter in code above)."""
  12
  13     content = "v0:{}:{}".format(timestamp, body).encode('utf-8')
  14
  15     signature = 'v0=' + hmac.new(slack_signing_secret,
  16                                  content,
  17                                  hashlib.sha256).hexdigest()
  18
  19     if hmac.compare_digest(signature, slack_signature):
  20         return True
  21     else:
  22         print("Bad signature: {} != {}".format(signature, slack_signature))
  23         return False