forked from jshiffer/matterbridge
55 lines
1.1 KiB
Go
55 lines
1.1 KiB
Go
package discordgo
|
|
|
|
import (
|
|
"bytes"
|
|
"crypto/ed25519"
|
|
"encoding/hex"
|
|
"io"
|
|
"io/ioutil"
|
|
"net/http"
|
|
)
|
|
|
|
// VerifyInteraction implements message verification of the discord interactions api
|
|
// signing algorithm, as documented here:
|
|
// https://discord.com/developers/docs/interactions/slash-commands#security-and-authorization
|
|
func VerifyInteraction(r *http.Request, key ed25519.PublicKey) bool {
|
|
var msg bytes.Buffer
|
|
|
|
signature := r.Header.Get("X-Signature-Ed25519")
|
|
if signature == "" {
|
|
return false
|
|
}
|
|
|
|
sig, err := hex.DecodeString(signature)
|
|
if err != nil {
|
|
return false
|
|
}
|
|
|
|
if len(sig) != ed25519.SignatureSize {
|
|
return false
|
|
}
|
|
|
|
timestamp := r.Header.Get("X-Signature-Timestamp")
|
|
if timestamp == "" {
|
|
return false
|
|
}
|
|
|
|
msg.WriteString(timestamp)
|
|
|
|
defer r.Body.Close()
|
|
var body bytes.Buffer
|
|
|
|
// at the end of the function, copy the original body back into the request
|
|
defer func() {
|
|
r.Body = ioutil.NopCloser(&body)
|
|
}()
|
|
|
|
// copy body into buffers
|
|
_, err = io.Copy(&msg, io.TeeReader(r.Body, &body))
|
|
if err != nil {
|
|
return false
|
|
}
|
|
|
|
return ed25519.Verify(key, msg.Bytes(), sig)
|
|
}
|