Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ErrTimestampExpired = errors.New("slack request timestamp expired (possible replay attack)")
ErrTimestampExpired is returned when the Slack request timestamp is too old
Functions ¶
This section is empty.
Types ¶
type GoTemplateEvaluator ¶ added in v1.165.0
type GoTemplateEvaluator struct{}
GoTemplateEvaluator evaluates Go template expressions against JSON payloads
func NewGoTemplateEvaluator ¶ added in v1.165.0
func NewGoTemplateEvaluator() *GoTemplateEvaluator
NewGoTemplateEvaluator creates a new GoTemplateEvaluator
func (*GoTemplateEvaluator) Evaluate ¶ added in v1.165.0
func (e *GoTemplateEvaluator) Evaluate(payload map[string]interface{}, templateStr string) (bool, error)
Evaluate evaluates a Go template expression against a payload The template should return "true" or "false" as a string Returns true if the template evaluates to "true", false otherwise
func (*GoTemplateEvaluator) FuncMap ¶ added in v1.198.0
func (e *GoTemplateEvaluator) FuncMap() template.FuncMap
FuncMap returns custom template functions
type SignatureConfig ¶
type SignatureConfig struct {
// HeaderName is the name of the HTTP header containing the signature
// Examples: "X-Hub-Signature-256", "X-Signature"
HeaderName string
// Secret is the shared secret used for HMAC computation
Secret string
// Algorithm specifies the hash algorithm to use
// Supported values: "sha256", "sha1", "sha512"
Algorithm string
// Prefix specifies the exact prefix to strip from the header value before comparing.
// When empty, auto-detection is used: if the header value contains "=",
// the part before and including "=" is stripped (e.g., "sha256=<hex>" → "<hex>").
// When set to a non-empty string, that exact prefix is stripped.
// Use this for services that send plain hex digests without any prefix (e.g., Sentry).
// Example: "" (auto-detect), "sha256=" (GitHub-style), "v0=" (Slack-style)
Prefix string
}
SignatureConfig contains configuration for signature verification
type SignatureVerifier ¶
type SignatureVerifier struct{}
SignatureVerifier provides HMAC signature verification for webhooks
func NewSignatureVerifier ¶
func NewSignatureVerifier() *SignatureVerifier
NewSignatureVerifier creates a new SignatureVerifier
func (*SignatureVerifier) Verify ¶
func (v *SignatureVerifier) Verify(payload []byte, signatureHeader string, config SignatureConfig) bool
Verify verifies an HMAC signature against a payload Returns true if the signature is valid, false otherwise
func (*SignatureVerifier) VerifyGitHubSignature ¶
func (v *SignatureVerifier) VerifyGitHubSignature(payload []byte, signatureHeader, secret string) bool
VerifyGitHubSignature is a convenience method for verifying GitHub webhook signatures It handles both X-Hub-Signature (SHA1) and X-Hub-Signature-256 (SHA256)
type SlackSignatureVerifier ¶ added in v1.261.0
type SlackSignatureVerifier struct {
// contains filtered or unexported fields
}
SlackSignatureVerifier verifies Slack's v0 HMAC-SHA256 webhook signatures.
Slack signature format:
- Header X-Slack-Signature: v0=<hex>
- Header X-Slack-Request-Timestamp: <unix timestamp>
- Base string: "v0:" + timestamp + ":" + body
- Signature: "v0=" + HMAC-SHA256(signingSecret, baseString)
func NewSlackSignatureVerifier ¶ added in v1.261.0
func NewSlackSignatureVerifier() *SlackSignatureVerifier
NewSlackSignatureVerifier creates a new SlackSignatureVerifier
func (*SlackSignatureVerifier) Verify ¶ added in v1.261.0
func (v *SlackSignatureVerifier) Verify( body []byte, timestamp string, signature string, signingSecret string, ) (bool, error)
Verify verifies a Slack webhook signature. Returns (true, nil) on success. Returns (false, ErrTimestampExpired) if the timestamp is too old. Returns (false, nil) if the signature does not match.
Source Files