def _is_valid_slack_request(req: request) -> None: """ This function ensures that the request we received came from Slack. Details on the algorithm here can be found at: https://api.slack.com/docs/verifying-requests-from-slack :param req: Flask request object :return: bool indicating whether or not the request is valid. """ req_timestamp = req.headers.get("X-Slack-Request-Timestamp") if abs(int(datetime.now().timestamp()) - int(req_timestamp)) > 60 * 5: logger.error("This request is quite old. Could be a replay attack. Bailing.") abort(403) req_signature = req.headers.get("X-Slack-Signature") req_data = req.get_data().decode("utf-8") logger.debug("Request data:" + req_data) basestring = f"{VERSION_NUMBER}:{req_timestamp}:{req_data}".encode("utf-8") expected_signature = ( "v0=" + hmac.new( slack_cfg.get("signing_secret").encode("utf-8"), basestring, hashlib.sha256, ).hexdigest() ) if not hmac.compare_digest(expected_signature, req_signature): logging.error("Request is improperly signed.") abort(403)
def extract_slack_info(r: request): try: data = r.get_data(as_text=True) timestamp = r.headers.get("X-Slack-Request-Timestamp") signature = r.headers.get("X-Slack-Signature") return SlackVerification(data, timestamp, signature) except Exception as e: # If it makes it here, the request probably isn't from Slack. logging.error(e) return None
def add_request(req: request, name: str, description: str): request_list.append({ "url": req.base_url, "args": req.args, "headers": req.headers.to_wsgi_list(), "body": req.get_data(as_text=True), "name": name, "description": description, "real_time": datetime.now().strftime(sch.time_format), "fake_time": sch.fake_clock.get_time().strftime(sch.time_format) })
def persist_request(directory: str, req: request) -> Path: vname = "video_%d.mp4" % randint(0, 999999999999) vname_path = Path(directory, vname) with open(vname_path, 'wb') as f: f.write(req.get_data()) return vname_path