slack-secret-middleware
v1.2.0
Published
Express middleware to verify Slack Signed Secret requests.
Downloads
9
Readme
Slack Secret Middleware
Express middleware to check the authenticity of incoming Slack signed requests, as part of the Events API.
Installation
npm i slack-secret-middleware
Usage
Find the Signing Secret of your Slack app in your app settings.
Add the middleware to the route receiving the Slack events:
import { slackSignedRequestHandler } from 'slack-secret-middleware'
app.post(
'/events',
slackSignedRequestHandler('SLACK_SIGNING_SECRET'),
// The request is authentic, do your own logic
(req, res, next) => {
// `req.body` contains the parsed JSON of the event
res.status(200).json(req.body)
}
)
Custom signature mismatch middleware
By default, when the signature check fails, it just returns a response with status 200. If you want to do custom logic when this happens, you can provide your own middleware as a second parameter of the slackSignedRequestHandler
:
slackSignedRequestHandler(
'SLACK_SIGNING_SECRET',
(req, res, next) => {
console.error('Wrong signature', { body: req.body, headers: req.headers })
res.sendStatus(500)
}
)