.net - 验证 Slack 请求
问题描述
我正在 Slack 上创建一条交互式消息,因此当您单击一个按钮时,它会将值返回给我的 API。我在验证响应时遇到问题,因为它在此处完成。
如果我使用文档中所说的值作为示例,我的测试通过了,但如果我使用真实的响应主体,它会失败。我认为它可能导致错误的唯一原因是没有正确检索响应正文。
示例数据如下:
token=xyzz0WbapA4vBCDEFasx0q6G&team_id=T1DC2JH3J&team_domain=testteamnow&channel_id=G8PSS9T3V&channel_name=foobar&user_id=U2CERLKJA&user_name=roadrunner&command=%2Fwebhook-collect&text=&response_url=https%3A%2F%2Fhooks.slack.com%2Fcommands%2FT1DC2JH3J%2F397700885554%2F96rGlfmibIGlgcZRskXaIFfN&trigger_id=398738663015.47445629121.803a0bc887a14d10d2c447fce8b6703c
但我的数据看起来像一个 json 对象:
{""type"":""block_actions"",""team"":{""id"":""TKAKBLC56"",""domain"":""removed""},""user"":{""id"":""UJZ6URSMR"",""username"":""removed"",""name"":""removed"",""team_id"":""removed""},""api_app_id"":""removed"",""token"":""removed"",""container"":{""type"":""message"",""message_ts"":""1562642155.000100"",""channel_id"":""CKCEGGARM"",""is_ephemeral"":false},""trigger_id"":""693043647686.656657692176.b781b587db5dde32e149e03e3442d5ec"",""channel"":{""id"":""CKCEGGARM"",""name"":""general""},""message"":{""type"":""message"",""subtype"":""bot_message"",""text"":""test1"",""ts"":""1562642155.000100"",""username"":""removed"",""bot_id"":""BKE0G32UX"",""blocks"":[{""type"":""actions"",""block_id"":""O4i1"",""elements"":[{""type"":""button"",""action_id"":""DKC"",""text"":{""type"":""plain_text"",""text"":""Farmhouse"",""emoji"":true},""value"":""click_me_123""},{""type"":""button"",""action_id"":""rRVe1"",""text"":{""type"":""plain_text"",""text"":""Kin Khao"",""emoji"":true},""value"":""click_me_123""},{""type"":""button"",""action_id"":""3nT"",""text"":{""type"":""plain_text"",""text"":""Ler Ros"",""emoji"":true},""value"":""click_me_123""}]}]},""response_url"":""https:\/\/hooks.slack.com\/actions\/TKAKBLC56\/690896030256\/yAQ7AGoHcX8HgTcQQH1YnmOM"",""actions"":[{""action_id"":""DKC"",""block_id"":""O4i1"",""text"":{""type"":""plain_text"",""text"":""Farmhouse"",""emoji"":true},""value"":""click_me_123"",""type"":""button"",""action_ts"":""1562799606.639327""}]}
更新:
我的操作方法如下所示:
[HttpPost]
public IHttpActionResult ProcessResponse(FormDataCollection response)
{
var rawPayload = response.Get("payload");
var slackSignature = Request.Headers.GetValues("X-Slack-Signature").FirstOrDefault();
var timestampString = Request.Headers.GetValues("X-Slack-Request-Timestamp").FirstOrDefault();
if (slackSignature.IsNullOrWhiteSpace() || timestampString.IsNullOrWhiteSpace()) return Unauthorized();
if (!int.TryParse(timestampString, out int timestamp)) return BadRequest();
if (DateTimeOffset.Now.ToUnixTimeSeconds() - timestamp > 60 * 5) return BadRequest();
var signingSecret = ConfigurationManager.AppSettings["SlackSigningSecret"];
var isValid = uSlack.Security.Security.IsValidSlackSignature(timestamp, rawPayload, slackSignature, signingSecret);
return Ok();
}
我没有将代码放在 IsValidSlackSignature 方法中,因为它实际上是在使用 Slack 的演示数据。
解决方案
在您的代码中,您仅包含有效负载属性的数据作为计算签名的基础:
var rawPayload = response.Get("payload");
但是您需要包含完整的正文,包括有效负载属性。
推荐阅读
- php - 从 Spotify Artists 数组中访问特定的嵌套值
- javascript - 当子元素触发事件时,如何访问事件的实际目标?
- authentication - 位置/api的Nginx配置
- neo4j - 如何将 Quarkus 配置为指向非默认名称 Neo4J DB?
- python-3.x - PyAudio 不能处理长时间的沉默
- c++ - 对“Class::Class Constructor”的未定义引用
- python-3.x - 正则表达式搜索和替换从关键字开始的任何字符串
- java - 将 JSON 数据转换为 DataFrame Apache Spark
- php - 从特定产品中排除自定义 WooCommerce 可用性文本
- python - Python 从 .csv 文件写入 SQL 数据