0

我使用 block-kit UI 创建了一个机器人响应。消息中包含一条文本消息和按钮元素。对于文本,我使用 * 应用了粗体格式。因此,slack 频道中显示的带有粗体字符的消息到目前为止是可以的。但是当用户执行按钮操作时,请求验证失败。

这是代码:控制器中的此方法接受来自 Slack 的消息并将消息发送回 slack

    @PostMapping(path = "/slack")
   @ResponseBody
   public void handleSlackRequest(
      @RequestBody String requestBody) throws URISyntaxException
   {
      RestTemplate restTemplate = new RestTemplate();
      HttpHeaders headers = new HttpHeaders();
      Map<Object, Object> mainMap = new HashMap<>();
      mainMap.put("channel", "DXXXXXXXXX");
      mainMap.put("blocks",
         "[{\"type\":\"section\",\"text\":{\"type\":\"mrkdwn\",\"text\":\"*Text message with bold characters.*\"}},{\"type\":\"section\",\"text\":{\"type\":\"mrkdwn\",\"text\":\"This is a section block with a button.\"},\"accessory\":{\"type\":\"button\",\"text\":{\"type\":\"plain_text\",\"text\":\"Click Me\",\"emoji\":true},\"value\":\"click_me_123\"}}]");
      URI uri = new URI("https://slack.com/api/chat.postMessage");
      headers.add("Content-Type", "application/json");
      headers.set("Authorization", "Bearer xoxb-11XXXXXXXX-13XXXXXXXXXX-Q2XXXXXXXXXXXXXXXXX");
      HttpEntity<Object> restrequest = new HttpEntity<>(mainMap, headers);
      ResponseEntity<String> result = restTemplate.exchange(uri, HttpMethod.POST, restrequest,
         String.class);
      return;
   }

如果我们在块中看到添加了这条短信 带有粗体字符的短信。

显示图像中的响应 https://i.stack.imgur.com/m0PCc.png

单击按钮时,以下方法会触发

 @PostMapping(path = "/slackaction", consumes = MediaType.APPLICATION_FORM_URLENCODED_VALUE)
   @ResponseBody
   public void handleSlackActionsConversationEvent(

      @RequestHeader HttpHeaders headers,
      @ModelAttribute("payload") String requestPayload, @RequestBody String slackRequestActionMessage)
   {
      String slackRequestTimeStamp = headers.getFirst(SlackRequestHeaders.X_SLACK_REQUEST_TIMESTAMP.getHeader());
      String slackSignature = headers.getFirst(SlackRequestHeaders.X_SLACK_SIGNATURE.getHeader());
      boolean isValid = verifyIncomingSlackRequest(slackRequestActionMessage, slackRequestTimeStamp, slackSignature);
      return;
   }

我正在使用下面的代码来验证遵循此 [链接] 的请求:https ://api.slack.com/authentication/verifying-requests-from-slack

     public boolean verifyIncomingSlackRequest(String requestBody, String slackRequestTimeStamp, String slackSignature)
       {
          try
          {
             String signing_secret = "dXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";
             String[] split = slackSignature.split("=");
             String versionNumber = split[0];
             String requestKey = versionNumber + ":" + slackRequestTimeStamp + ":" + requestBody;
             String siginingKey = encode(signing_secret, requestKey, versionNumber);
    
             return siginingKey.equals(slackSignature);
          }
          catch (Exception e)
          {
          }
          return false;
       }

  public String encode(String key, String data, String versionNumber) throws Exception
   {
      SecretKeySpec secret_key = new SecretKeySpec(key.getBytes(), "HmacSHA256");
      Mac sha256_HMAC = Mac.getInstance("HmacSHA256");
      sha256_HMAC.init(secret_key);
      byte[] macBytes = sha256_HMAC.doFinal(data.getBytes());
      StringBuilder hashValue = new StringBuilder(2 * macBytes.length);
      for (byte macByte : macBytes)
      {
         hashValue.append(String.format("%02x", macByte & 0xff));
      }
      return versionNumber + "=" + hashValue.toString();
   }

当按钮操作和消息在 Slack 请求中包含 * 时,验证失败而 * 验证工作正常。我错过了什么或方法不同吗?请问我对此有何想法。

4

1 回答 1

0

我有这个确切的问题。虽然我使用的是 php,但这可能对你有用。

$headers = getallheaders();

$raw_body = file_get_contents('php://input');

$x_slack_signature = $headers["X-Slack-Signature"];

$x_slack_timestamp = $headers["X-Slack-Request-Timestamp"];

$slack_signing_secret = "...";

注意正常的连字符,而不是代码中的下划线。

    /*

For computing the signature, I need the following:

    1. $version
    2. $x_slack_timestamp
    3. $raw_body
    
All of them appended to each other with a colon (:)

*/

$signature_base_string = $version . ":" . $x_slack_timestamp . ":" . $raw_body;

$hash_signature = "v0=" . hash_hmac('sha256', $signature_base_string, $slack_signing_secret);

在此之后,我比较它们,如果它们不匹配,则请求无效。

于 2020-09-17T08:30:54.337 回答