slack-secret-middleware

Express middleware to verify Slack Signed Secret requests.

Usage no npm install needed!

<script type="module">
  import slackSecretMiddleware from 'https://cdn.skypack.dev/slack-secret-middleware';
</script>

README

Slack Secret Middleware

NPM Version NPM Downloads Build Status Test Coverage

Express middleware to check the authenticity of incoming Slack signed requests, as part of the Events API.

Installation

npm i slack-secret-middleware

Usage

Find the Signing Secret of your Slack app in your app settings.

Add the middleware to the route receiving the Slack events:

import { slackSignedRequestHandler } from 'slack-secret-middleware'

app.post(
  '/events',
  slackSignedRequestHandler('SLACK_SIGNING_SECRET'),
  // The request is authentic, do your own logic
  (req, res, next) => {
    // `req.body` contains the parsed JSON of the event
    res.status(200).json(req.body)
  }
)

Custom signature mismatch middleware

By default, when the signature check fails, it just returns a response with status 200. If you want to do custom logic when this happens, you can provide your own middleware as a second parameter of the slackSignedRequestHandler:

slackSignedRequestHandler(
  'SLACK_SIGNING_SECRET',
  (req, res, next) => {
    console.error('Wrong signature', { body: req.body, headers: req.headers })
    res.sendStatus(500)
  }
)

License

MIT