Add an optional handler for invalid request signature error

slackapi · Jul 1, 2024 · 1775635 · 1775635
1 parent 8e49f7b
commit 1775635
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 0 deletions.
diff --git a/src/receivers/AwsLambdaReceiver.spec.ts b/src/receivers/AwsLambdaReceiver.spec.ts
@@ -470,9 +470,11 @@ describe('AwsLambdaReceiver', function () {
   });
 
   it('should detect invalid signature', async (): Promise<void> => {
+    const spy = sinon.spy();
     const awsReceiver = new AwsLambdaReceiver({
       signingSecret: 'my-secret',
       logger: noopLogger,
+      invalidRequestSignatureHandler: spy,
     });
     const handler = awsReceiver.toHandler();
     const timestamp = Math.floor(Date.now() / 1000);
@@ -504,6 +506,7 @@ describe('AwsLambdaReceiver', function () {
       (_error, _result) => {},
     );
     assert.equal(response.statusCode, 401);
+    assert(spy.calledOnce);
   });
 
   it('should detect too old request timestamp', async (): Promise<void> => {

diff --git a/src/receivers/AwsLambdaReceiver.ts b/src/receivers/AwsLambdaReceiver.ts
@@ -7,6 +7,7 @@ import App from '../App';
 import { Receiver, ReceiverEvent } from '../types/receiver';
 import { ReceiverMultipleAckError } from '../errors';
 import { StringIndexed } from '../types/helpers';
+import { ReceiverInvalidRequestSignatureHandlerArgs } from './HTTPModuleFunctions';
 
 export interface AwsEvent {
   body: string | null;
@@ -76,6 +77,7 @@ export interface AwsLambdaReceiverOptions {
    * @default noop
    */
   customPropertiesExtractor?: (request: AwsEvent) => StringIndexed;
+  invalidRequestSignatureHandler?: (args: ReceiverInvalidRequestSignatureHandlerArgs) => void;
 }
 
 /*
@@ -95,12 +97,15 @@ export default class AwsLambdaReceiver implements Receiver {
 
   private customPropertiesExtractor: (request: AwsEvent) => StringIndexed;
 
+  private invalidRequestSignatureHandler?: (args: ReceiverInvalidRequestSignatureHandlerArgs) => void;
+
   public constructor({
     signingSecret,
     logger = undefined,
     logLevel = LogLevel.INFO,
     signatureVerification = true,
     customPropertiesExtractor = (_) => ({}),
+    invalidRequestSignatureHandler,
   }: AwsLambdaReceiverOptions) {
     // Initialize instance variables, substituting defaults for each value
     this.signingSecret = signingSecret;
@@ -112,6 +117,9 @@ export default class AwsLambdaReceiver implements Receiver {
         return defaultLogger;
       })();
     this.customPropertiesExtractor = customPropertiesExtractor;
+    if (invalidRequestSignatureHandler) {
+      this.invalidRequestSignatureHandler = invalidRequestSignatureHandler;
+    }
   }
 
   public init(app: App): void {
@@ -172,6 +180,11 @@ export default class AwsLambdaReceiver implements Receiver {
         const ts = Number(this.getHeaderValue(awsEvent.headers, 'X-Slack-Request-Timestamp'));
         if (!this.isValidRequestSignature(this.signingSecret, rawBody, signature, ts)) {
           this.logger.info(`Invalid request signature detected (X-Slack-Signature: ${signature}, X-Slack-Request-Timestamp: ${ts})`);
+          if (this.invalidRequestSignatureHandler) {
+            this.invalidRequestSignatureHandler({
+              error: new Error('Invalid request signature'),
+            });
+          }
           return Promise.resolve({ statusCode: 401, body: '' });
         }
       }

diff --git a/src/receivers/HTTPModuleFunctions.ts b/src/receivers/HTTPModuleFunctions.ts
@@ -268,3 +268,7 @@ export interface ReceiverUnhandledRequestHandlerArgs {
   request: IncomingMessage;
   response: ServerResponse;
 }
+
+export interface ReceiverInvalidRequestSignatureHandlerArgs {
+  error: Error;
+}