admin/n8n-enterprise-unlocked
1
0
Fork 0
mirror of https://github.com/Abdulazizzn/n8n-enterprise-unlocked.git synced 2025-12-17 18:12:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(Slack Trigger Node): Add support for signature verification (#17838)

Browse Source
This commit is contained in:
Jon
2025-08-01 17:32:01 +01:00
committed by GitHub
parent aced4bf86f
commit 133058183e
5 changed files with 252 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
packages/nodes-base/nodes/Slack/SlackTriggerHelpers.ts
View File

@@ -1,6 +1,8 @@
import type { IHttpRequestOptions, IWebhookFunctions } from 'n8n-workflow';
import { NodeOperationError } from 'n8n-workflow';
import { createHmac, timingSafeEqual } from 'crypto';
import { slackApiRequest } from './V2/GenericFunctions';
export async function getUserInfo(this: IWebhookFunctions, userId: string): Promise<any> {
@@ -78,3 +80,57 @@ export async function downloadFile(this: IWebhookFunctions, url: string): Promis
}
return response;
}
export async function verifySignature(this: IWebhookFunctions): Promise<boolean> {
const credential = await this.getCredentials('slackApi');
if (!credential?.signatureSecret) {
return true; // No signature secret provided, skip verification
}
const req = this.getRequestObject();
const signature = req.header('x-slack-signature');
const timestamp = req.header('x-slack-request-timestamp');
if (!signature || !timestamp) {
return false;
}
const currentTime = Math.floor(Date.now() / 1000);
const timestampNum = parseInt(timestamp, 10);
if (isNaN(timestampNum) || Math.abs(currentTime - timestampNum) > 60 * 5) {
return false;
}
try {
if (typeof credential.signatureSecret !== 'string') {
return false;
}
if (!req.rawBody) {
return false;
}
const hmac = createHmac('sha256', credential.signatureSecret);
if (Buffer.isBuffer(req.rawBody)) {
hmac.update(`v0:${timestamp}:`);
hmac.update(req.rawBody);
} else {
const rawBodyString =
typeof req.rawBody === 'string' ? req.rawBody : JSON.stringify(req.rawBody);
hmac.update(`v0:${timestamp}:${rawBodyString}`);
}
const computedSignature = `v0=${hmac.digest('hex')}`;
const computedBuffer = Buffer.from(computedSignature);
const providedBuffer = Buffer.from(signature);
return (
computedBuffer.length === providedBuffer.length &&
timingSafeEqual(computedBuffer, providedBuffer)
);
} catch (error) {
return false;
}
}