[如果请求来自动作或斜杠命令(body:带有平面JSON),则哈希计算正确,但如果请求来自slack事件,例如member_joined_channel(body:具有嵌套对象和数组的一个属性,则计算出的哈希值是错误的。有人有类似的情况吗?我应该如何用嵌套对象将主体字符串化,否则这不是问题吗?
来自错误计算哈希的事件的样本主体:
{
token: 'Nl6QizISEmzAEGEyoU5dXgJb',
team_id: 'TG5TF58AA',
api_app_id: 'BOB32T802',
event: {
type: 'member_joined_channel',
user: 'UMSFF5SAD',
channel: 'CG6CF6D4D',
channel_type: 'C',
team: 'TG3CF32RS',
event_ts: '1566978171.000500'
},
type: 'event_callback',
event_id: 'EvMS6K8BV2',
event_time: 1566978171,
authed_users: [ 'UMSFF5SAD' ]
}
我的验证松弛请求的代码:
const { body, headers } = req
const {
'x-slack-request-timestamp': slackRequestTimestamp,
'x-slack-signature': slackSignature
} = headers
const bodyString = qs.stringify(body, { format: 'RFC1738' })
const dataToHash =
`${Config.signingSecretVersion}:${slackRequestTimestamp}:${bodyString}`
const hashedData = crypto
.createHmac("sha256", Config.signingSecret)
.update(dataToHash)
.digest("hex")
const calculatedSignatureToCompare =
`${Config.signingSecretVersion}=${hashedData}`
if (calculatedSignatureToCompare !== slackSignature) {
return res.status(401).send("unauthorized")
}
next()