Archives
/
matterbridge
mirror of https://github.com/42wim/matterbridge
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
updatedepz
dependabot/go_modules/golang.org/x/crypto-0.17.0
dependabot/go_modules/golang.org/x/net-0.17.0
master
fix-1540
usemautrixlib
addtengodownload
rocketchat-reconnect
discord-webhook-fixes
v0.1
v0.10.0
v0.10.1
v0.10.2
v0.10.2-dev
v0.10.3
v0.11.0
v0.11.0-beta1
v0.11.0-beta2
v0.11.0-beta3
v0.12.0
v0.12.1
v0.13.0
v0.14.0
v0.15.0
v0.16.0
v0.16.0-rc1
v0.16.0-rc2
v0.16.1
v0.16.2
v0.16.3
v0.2
v0.3
v0.4
v0.4.1
v0.4.2
v0.5.0
v0.5.0-beta1
v0.5.0-beta2
v0.6.0-beta1
v0.6.0-beta2
v0.6.1
v0.7.0
v0.7.1
v0.8.0
v0.8.1
v0.9.0
v0.9.1
v0.9.2
v0.9.3
v1.0.0
v1.0.0-rc1
v1.0.1
v1.1.0
v1.1.1
v1.1.2
v1.10.0
v1.10.1
v1.11.0
v1.11.1
v1.11.2
v1.11.3
v1.12.0
v1.12.1
v1.12.2
v1.12.3
v1.13.0
v1.13.1
v1.14.0
v1.14.0-rc1
v1.14.0-rc2
v1.14.1
v1.14.2
v1.14.3
v1.14.4
v1.15.0
v1.15.1
v1.16.0
v1.16.1
v1.16.2
v1.16.3
v1.16.4
v1.16.5
v1.17.0
v1.17.1
v1.17.2
v1.17.3
v1.17.4
v1.17.5
v1.18.0
v1.18.1
v1.18.2
v1.18.3
v1.19.0
v1.2.0
v1.20.0
v1.21.0
v1.22.0
v1.22.1
v1.22.2
v1.22.3
v1.23.0
v1.23.1
v1.23.2
v1.24.0
v1.24.1
v1.25.0
v1.25.1
v1.25.2
v1.26.0
v1.3.0
v1.3.1
v1.4.0
v1.4.1
v1.5.0
v1.5.1
v1.6.0
v1.6.1
v1.6.2
v1.6.3
v1.7.0
v1.7.1
v1.8.0
v1.9.0
v1.9.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '250b3bb579'
${ noResults }
matterbridge/vendor/github.com/slack-go/slack/security.go

101 lines
2.3 KiB
Go
Raw Blame History

package slack
import (
"crypto/hmac"
"crypto/sha256"
"encoding/hex"
"fmt"
"hash"
"net/http"
"strconv"
"strings"
"time"
)
// Signature headers
const (
hSignature = "X-Slack-Signature"
hTimestamp = "X-Slack-Request-Timestamp"
)
// SecretsVerifier contains the information needed to verify that the request comes from Slack
type SecretsVerifier struct {
signature []byte
hmac hash.Hash
}
func unsafeSignatureVerifier(header http.Header, secret string) (_ SecretsVerifier, err error) {
var (
bsignature []byte
)
signature := header.Get(hSignature)
stimestamp := header.Get(hTimestamp)
if signature == "" || stimestamp == "" {
return SecretsVerifier{}, ErrMissingHeaders
}
if bsignature, err = hex.DecodeString(strings.TrimPrefix(signature, "v0=")); err != nil {
return SecretsVerifier{}, err
}
hash := hmac.New(sha256.New, []byte(secret))
if _, err = hash.Write([]byte(fmt.Sprintf("v0:%s:", stimestamp))); err != nil {
return SecretsVerifier{}, err
}
return SecretsVerifier{
signature: bsignature,
hmac: hash,
}, nil
}
// NewSecretsVerifier returns a SecretsVerifier object in exchange for an http.Header object and signing secret
func NewSecretsVerifier(header http.Header, secret string) (sv SecretsVerifier, err error) {
var (
timestamp int64
)
stimestamp := header.Get(hTimestamp)
if sv, err = unsafeSignatureVerifier(header, secret); err != nil {
return SecretsVerifier{}, err
}
if timestamp, err = strconv.ParseInt(stimestamp, 10, 64); err != nil {
return SecretsVerifier{}, err
}
diff := absDuration(time.Since(time.Unix(timestamp, 0)))
if diff > 5*time.Minute {
return SecretsVerifier{}, ErrExpiredTimestamp
}
return sv, err
}
func (v *SecretsVerifier) Write(body []byte) (n int, err error) {
return v.hmac.Write(body)
}
// Ensure compares the signature sent from Slack with the actual computed hash to judge validity
func (v SecretsVerifier) Ensure() error {
computed := v.hmac.Sum(nil)
// use hmac.Equal prevent leaking timing information.
if hmac.Equal(computed, v.signature) {
return nil
}
return fmt.Errorf("Expected signing signature: %s, but computed: %s", hex.EncodeToString(v.signature), hex.EncodeToString(computed))
}
func abs64(n int64) int64 {
y := n >> 63
return (n ^ y) - y
}
func absDuration(n time.Duration) time.Duration {
return time.Duration(abs64(int64(n)))
}
Reference in New Issue View Git Blame Copy Permalink