Comments (9)
Interesting, I'll try and dig into this a bit later today. Thanks for the detailed description. Are you getting that invalid signature
on pretty much any slack event that comes in (i.e. actions, events, commands etc.)?
from bolt-js.
I'm getting it on slack events and commands. Didn't test it for actions and options
from bolt-js.
I'm seeing the same issue. I modified parse-command
middleware and it seems bodyParser
verify
function is never firing.
return [
(req, res, next) => {
console.log('pre body parse', req.rawBody)
next()
},
bodyParser.urlencoded({ extended: true, verify }),
(req, res, next) => {
console.log('post body parse', req.rawBody)
next()
},
function parseCommand (req, res, next) {
Prints
pre body parse undefined
post body parse undefined
slapp:error Invalid signature
from bolt-js.
I think @curtisallen and I figured out what it was yesterday. I believe you're seeing the error because you have another body parser middleware (perhaps running at our app level? app.use(bodyParser.json())
or something). What ends up happening is that first body parser you register on your server ends up capturing the data
& end
events on the request stream, so the body parsers that slapp
sets up for each of the event routes are missing at the minimum, the end
event, which is why the verify
function isn't being called.
The immediate solution is to avoid having 2 body parsers for those slapp registered routes, which can be done by not registering a body parser across your entire app, and either limiting it to sub routers or routes that explicitly need it. Then when slapp sets up it's event routes, it's body parser will be the only ones registered for those routes.
I'm struggling to find a better solution that doesn't impose this restriction on your http server, but for now, that at least explains what's going on, and how to avoid it.
from bolt-js.
Hmm... So, I can fix it by adding verify function to my bodyParsers:
const verify = (req, res, buffer, encoding) => {
if (req.path.includes('/api/slack')) {
req.rawBody = buffer.toString()
}
}
But I still hope it can be resolved on your side somehow 🤞
from bolt-js.
I've just thought if my app use bodyParser
and Slapp too, then Slapp's will never run. And I've noticed, that you have bodyParser.urlencoded({ extended: true })
and we have { extended: false }
. It works for three of our apps, but I wonder if it ever can cause a bug 🤔
from bolt-js.
I think it’s pretty likely there could be body parsing bugs if there are multiple body parsing middleware functions running on the same request. One of the reasons we explicitly put them in the routes slapp adds is that there is nuance to what format Slack sends each of the events in, i.e, json vs url encoded etc.
I’d definitely suggest scoping any body parsers for your app in a way that doesn’t run in the slack event routes as well.
from bolt-js.
@selfcontained I've excluded Slack related routes where I'm registering my bodyParsers and now it works. Thanks! I think we can close this issue.
What do you think, should this case be reflected in the documentation?
from bolt-js.
Yes, at a minimum we should make it very clear that conflicting body parsers can cause this type of issue.
from bolt-js.
Related Issues (20)
- [ERROR] bolt-app no more than 100 items allowed [json-pointer:/view/blocks/0/element/options] HOT 13
- Unhandled request to /slack/install HOT 6
- Unhandled error log when user is not authorized HOT 8
- Cannot access the files in the "app_mention" event with TypeScript HOT 3
- How to get search params in custom routes HOT 4
- appToken is not read in socketMode @3.18.0 HOT 4
- Links with ampersand do not work in Slack iOS app HOT 6
- Add flag to `AwsLambdaReceiver` to disable Signature Verification HOT 1
- Events Subscription is continuously being turned off when we kill the process HOT 4
- Add reply_in_thread method HOT 1
- Run multiple replicas in k8s of bot app HOT 2
- Frequent disconnects in socket mode HOT 9
- Unable to upload a file in a direct message using files.completeUploadExternal HOT 7
- `too_many_websockets` causes Cannot read properties of undefined (reading 'event') HOT 5
- Cannot respond to incoming message events with `say` using the Bun runtime HOT 5
- Keep getting Error: Cannot write headers after they are sent to the client HOT 3
- How do I create a custom ConsoleLogger? HOT 1
- Better typing for block actions payload HOT 3
- How to access Company ID during OAuth for Slack App Installation HOT 2
- Add docs/sample for using browser cookies to pass custom app data during OAuth flow
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from bolt-js.