How to use tsscmp - 9 common examples

To help you get started, we’ve selected a few tsscmp examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github slackapi / node-slack-sdk / packages / interactive-messages / src / http-handler.ts View on Github external
const ts = parseInt(requestHeaders['x-slack-request-timestamp'], 10);

    // Divide current date to match Slack ts format
    // Subtract 5 minutes from current time
    const fiveMinutesAgo = Math.floor(Date.now() / 1000) - (60 * 5);

    if (ts < fiveMinutesAgo) {
      debug('request is older than 5 minutes');
      throw errorWithCode(new Error('Slack request signing verification failed'), ErrorCode.RequestTimeFailure);
    }

    const hmac = crypto.createHmac('sha256', signingSecret);
    const [version, hash] = signature.split('=');
    hmac.update(`${version}:${ts}:${body}`);

    if (!timingSafeCompare(hash, hmac.digest('hex'))) {
      debug('request signature is not valid');
      throw errorWithCode(
        new Error('Slack request signing verification failed'),
        ErrorCode.SignatureVerificationFailure,
      );
    }

    debug('request signing verification success');
    return true;
  }
github slackapi / node-slack-interactive-messages / src / http-handler.js View on Github external
// Divide current date to match Slack ts format
    // Subtract 5 minutes from current time
    const fiveMinutesAgo = Math.floor(Date.now() / 1000) - (60 * 5);

    if (ts < fiveMinutesAgo) {
      debug('request is older than 5 minutes');
      const error = new Error('Slack request signing verification failed');
      error.code = errorCodes.REQUEST_TIME_FAILURE;
      throw error;
    }

    const hmac = crypto.createHmac('sha256', signingSecret);
    const [version, hash] = signature.split('=');
    hmac.update(`${version}:${ts}:${body}`);

    if (!timingSafeCompare(hash, hmac.digest('hex'))) {
      debug('request signature is not valid');
      const error = new Error('Slack request signing verification failed');
      error.code = errorCodes.SIGNATURE_VERIFICATION_FAILURE;
      throw error;
    }

    debug('request signing verification success');
    return true;
  }
github slackapi / node-slack-sdk / packages / events-api / src / http-handler.ts View on Github external
export function verifyRequestSignature({
  signingSecret, requestSignature, requestTimestamp, body,
}: VerifyRequestSignatureParams): true {
  // convert the current time to seconds (to match the API's `ts` format), then subtract 5 minutes' worth of seconds.
  const fiveMinutesAgo = Math.floor(Date.now() / 1000) - (60 * 5);

  if (requestTimestamp < fiveMinutesAgo) {
    debug('request is older than 5 minutes');
    throw errorWithCode(new Error('Slack request signing verification outdated'), ErrorCode.RequestTimeFailure);
  }

  const hmac = crypto.createHmac('sha256', signingSecret);
  const [version, hash] = requestSignature.split('=');
  hmac.update(`${version}:${requestTimestamp}:${body}`);

  if (!timingSafeCompare(hash, hmac.digest('hex'))) {
    debug('request signature is not valid');
    throw errorWithCode(new Error('Slack request signing verification failed'), ErrorCode.SignatureVerificationFailure);
  }

  debug('request signing verification success');
  return true;
}
github slackapi / node-slack-events-api / src / http-handler.js View on Github external
// Divide current date to match Slack ts format
  // Subtract 5 minutes from current time
  const fiveMinutesAgo = Math.floor(Date.now() / 1000) - (60 * 5);

  if (requestTimestamp < fiveMinutesAgo) {
    debug('request is older than 5 minutes');
    const error = new Error('Slack request signing verification outdated');
    error.code = errorCodes.REQUEST_TIME_FAILURE;
    throw error;
  }

  const hmac = crypto.createHmac('sha256', signingSecret);
  const [version, hash] = requestSignature.split('=');
  hmac.update(`${version}:${requestTimestamp}:${body}`);

  if (!timingSafeCompare(hash, hmac.digest('hex'))) {
    debug('request signature is not valid');
    const error = new Error('Slack request signing verification failed');
    error.code = errorCodes.SIGNATURE_VERIFICATION_FAILURE;
    throw error;
  }

  debug('request signing verification success');
  return true;
}
github slackapi / bolt / src / ExpressReceiver.ts View on Github external
// Divide current date to match Slack ts format
  // Subtract 5 minutes from current time
  const fiveMinutesAgo = Math.floor(Date.now() / 1000) - (60 * 5);

  if (ts < fiveMinutesAgo) {
    throw errorWithCode(
      'Slack request signing verification failed. Timestamp is too old.',
      ErrorCode.ExpressReceiverAuthenticityError,
    );
  }

  const hmac = crypto.createHmac('sha256', signingSecret);
  const [version, hash] = signature.split('=');
  hmac.update(`${version}:${ts}:${body}`);

  if (!tsscmp(hash, hmac.digest('hex'))) {
    throw errorWithCode(
      'Slack request signing verification failed. Signature mismatch.',
      ErrorCode.ExpressReceiverAuthenticityError,
    );
  }
}
github slackapi / node-slack-sdk / packages / events-api / src / http-handler.js View on Github external
// Divide current date to match Slack ts format
  // Subtract 5 minutes from current time
  const fiveMinutesAgo = Math.floor(Date.now() / 1000) - (60 * 5);

  if (requestTimestamp < fiveMinutesAgo) {
    debug('request is older than 5 minutes');
    const error = new Error('Slack request signing verification outdated');
    error.code = errorCodes.REQUEST_TIME_FAILURE;
    throw error;
  }

  const hmac = crypto.createHmac('sha256', signingSecret);
  const [version, hash] = requestSignature.split('=');
  hmac.update(`${version}:${requestTimestamp}:${body}`);

  if (!timingSafeCompare(hash, hmac.digest('hex'))) {
    debug('request signature is not valid');
    const error = new Error('Slack request signing verification failed');
    error.code = errorCodes.SIGNATURE_VERIFICATION_FAILURE;
    throw error;
  }

  debug('request signing verification success');
  return true;
}
github slackapi / bolt / src / receiver / middleware / parseRequest.ts View on Github external
const ts = Number(req.headers['x-slack-request-timestamp']);

        // Divide current date to match Slack ts format
        // Subtract 5 minutes from current time
        const fiveMinutesAgo = Math.floor(Date.now() / 1000) - (60 * 5);

        if (ts < fiveMinutesAgo) {
          const error = new Error('Slack request signing verification failed');
          next(error);
        }

        const hmac = crypto.createHmac('sha256', signingSecret);
        const [version, hash] = signature.split('=');
        hmac.update(`${version}:${ts}:${body}`);

        if (!timingSafeCompare(hash, hmac.digest('hex'))) {
          const error = new Error('Slack request signing verification failed');
          next(error);
        }

        req.body = parseBody(req.headers['Content-Type'] as string, body);

        next();
      });
  };
github coralproject / talk / src / core / server / app / middleware / basicAuth.ts View on Github external
function check(name: string, pass: string) {
    let valid = true;

    // Simple method to prevent short-circuit and use timing-safe compare.
    valid = compare(name, username) && valid;
    valid = compare(pass, password) && valid;

    return valid;
  }
github coralproject / talk / src / core / server / app / middleware / basicAuth.ts View on Github external
function check(name: string, pass: string) {
    let valid = true;

    // Simple method to prevent short-circuit and use timing-safe compare.
    valid = compare(name, username) && valid;
    valid = compare(pass, password) && valid;

    return valid;
  }

tsscmp

Timing safe string compare using double HMAC

MIT
Latest version published 6 years ago

Package Health Score

67 / 100
Full package analysis

Popular tsscmp functions