Utilities for verifing an HTTP request can be authenticated as a request coming from Slack HQ.
https://api.slack.com/authentication/verifying-requests-from-slack
If available in Hex, the package can be installed by adding slack_request to your list of dependencies in mix.exs:
def deps do [ {:slack_request, "~> 1.0.0"} ] endSet body_reader: in Plug.Parsers inside your Endpoint.
# lib/your_app_web/endpoint.ex defmodule YourAppWeb.Endpoint do ... plug Plug.Parsers, ... body_reader: {SlackRequest.BodyReader, :read_and_cache_body, []} endPlug the SlackRequest.Plug in the pipeline that handles your Slack Requests/Webhooks.
Example:
# lib/your_app_web/router.ex defmodule YourAppWeb.Router do ... pipeline :slack do plug :accepts, ["json"] plug SlackRequest.Plug end scope "/slack", YourAppWeb do pipe_through :slack ... end Or if just prefer to use the validation function directly:
# Somewhere were you're ready to validate the incoming request conn if SlackRequest.valid_request?(conn, secret: signing_secret, body: raw_request_body) do # all good else # handle invalid slack request/webhook endDocumentation can be generated with ExDoc and published on HexDocs. Once published, the docs can be found at https://hexdocs.pm/slack_request.
Copyright 2024 Mimiquate
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
![@dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=64&v=4){kind=small}