1.2.0 • Published 6 years ago

slack-secret-middleware v1.2.0

Weekly downloads
3
License
MIT
Repository
github
Last release
6 years ago

Slack Secret Middleware

NPM Version NPM Downloads Build Status Test Coverage

Express middleware to check the authenticity of incoming Slack signed requests, as part of the Events API.

Installation

npm i slack-secret-middleware

Usage

Find the Signing Secret of your Slack app in your app settings.

Add the middleware to the route receiving the Slack events:

import { slackSignedRequestHandler } from 'slack-secret-middleware'

app.post(
  '/events',
  slackSignedRequestHandler('SLACK_SIGNING_SECRET'),
  // The request is authentic, do your own logic
  (req, res, next) => {
    // `req.body` contains the parsed JSON of the event
    res.status(200).json(req.body)
  }
)

Custom signature mismatch middleware

By default, when the signature check fails, it just returns a response with status 200. If you want to do custom logic when this happens, you can provide your own middleware as a second parameter of the slackSignedRequestHandler:

slackSignedRequestHandler(
  'SLACK_SIGNING_SECRET',
  (req, res, next) => {
    console.error('Wrong signature', { body: req.body, headers: req.headers })
    res.sendStatus(500)
  }
)

License

MIT

content-typeraw-body
@infinitebrahmanuniverse/nolb-slac@everything-registry/sub-chunk-2778
1.2.0

6 years ago

1.1.0

6 years ago

1.0.14

6 years ago

1.0.13

6 years ago

1.0.12

6 years ago

1.0.11

6 years ago

1.0.4

6 years ago