SlackVerify

SlackVerify is a plug that enables verifying Slack requests.

Installation

Installation is a five-step process.

1. Add the dependency in your mix.deps:

   def deps do
   [
    {:slack_verify, "~> 0.2.2"}
   ]
   end

2. Configure your application's Slack signing secret:

   # config.exs
   config :slack_verify, slack_signing_secret: System.get_env("MY_SLACK_SIGNING_SECRET")

3. SlackVerify relies on the raw request body for signature verification. To achieve this, configure the body_reader option on Plug.Parsers:

   plug Plug.Parsers,
   parsers: [:urlencoded, :multipart, :json],
   pass: ["*/*"],
   body_reader: {CacheBodyReader, :read_body, []}, # <-- right here
   json_decoder: Poison

4. Then, per the Plug.Parsers documentation define the CacheBodyReader module like so:

   defmodule CacheBodyReader do
   def read_body(conn, opts) do
    {:ok, body, conn} = Plug.Conn.read_body(conn, opts)
    conn = update_in(conn.assigns[:raw_body], &[body | (&1 || [])])
    {:ok, body, conn}
   end
   end

5. Plug it in!

   plug SlackVerify

Common Patterns

It's advisable to configure a controller specifically to handle Slack requests. Then you can only plug SlackVerify in your Slack controller and leave other controller logic in your app untouched.

defmodule MyAppWeb.MySlackController do
  use MyAppWeb, :controller

  plug SlackVerify

  def handle(conn, _params) do
    text conn, "Hello, Slack!"
  end
end

Documentation can be generated with ExDoc and published on HexDocs. Once published, the docs can be found at https://hexdocs.pm/slack_verify.