How to use the tsscmp function in tsscmp
To help you get started, we’ve selected a few tsscmp examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
slackapi / node-slack-sdk / packages / interactive-messages / src / http-handler.ts View on Github 
const ts = parseInt(requestHeaders['x-slack-request-timestamp'], 10);
// Divide current date to match Slack ts format
// Subtract 5 minutes from current time
const fiveMinutesAgo = Math.floor(Date.now() / 1000) - (60 * 5);
if (ts < fiveMinutesAgo) {
debug('request is older than 5 minutes');
throw errorWithCode(new Error('Slack request signing verification failed'), ErrorCode.RequestTimeFailure);
}
const hmac = crypto.createHmac('sha256', signingSecret);
const [version, hash] = signature.split('=');
hmac.update(`${version}:${ts}:${body}`);
if (!timingSafeCompare(hash, hmac.digest('hex'))) {
debug('request signature is not valid');
throw errorWithCode(
new Error('Slack request signing verification failed'),
ErrorCode.SignatureVerificationFailure,
);
}
debug('request signing verification success');
return true;
}// Divide current date to match Slack ts format
// Subtract 5 minutes from current time
const fiveMinutesAgo = Math.floor(Date.now() / 1000) - (60 * 5);
if (ts < fiveMinutesAgo) {
debug('request is older than 5 minutes');
const error = new Error('Slack request signing verification failed');
error.code = errorCodes.REQUEST_TIME_FAILURE;
throw error;
}
const hmac = crypto.createHmac('sha256', signingSecret);
const [version, hash] = signature.split('=');
hmac.update(`${version}:${ts}:${body}`);
if (!timingSafeCompare(hash, hmac.digest('hex'))) {
debug('request signature is not valid');
const error = new Error('Slack request signing verification failed');
error.code = errorCodes.SIGNATURE_VERIFICATION_FAILURE;
throw error;
}
debug('request signing verification success');
return true;
}export function verifyRequestSignature({
signingSecret, requestSignature, requestTimestamp, body,
}: VerifyRequestSignatureParams): true {
// convert the current time to seconds (to match the API's `ts` format), then subtract 5 minutes' worth of seconds.
const fiveMinutesAgo = Math.floor(Date.now() / 1000) - (60 * 5);
if (requestTimestamp < fiveMinutesAgo) {
debug('request is older than 5 minutes');
throw errorWithCode(new Error('Slack request signing verification outdated'), ErrorCode.RequestTimeFailure);
}
const hmac = crypto.createHmac('sha256', signingSecret);
const [version, hash] = requestSignature.split('=');
hmac.update(`${version}:${requestTimestamp}:${body}`);
if (!timingSafeCompare(hash, hmac.digest('hex'))) {
debug('request signature is not valid');
throw errorWithCode(new Error('Slack request signing verification failed'), ErrorCode.SignatureVerificationFailure);
}
debug('request signing verification success');
return true;
}// Divide current date to match Slack ts format
// Subtract 5 minutes from current time
const fiveMinutesAgo = Math.floor(Date.now() / 1000) - (60 * 5);
if (requestTimestamp < fiveMinutesAgo) {
debug('request is older than 5 minutes');
const error = new Error('Slack request signing verification outdated');
error.code = errorCodes.REQUEST_TIME_FAILURE;
throw error;
}
const hmac = crypto.createHmac('sha256', signingSecret);
const [version, hash] = requestSignature.split('=');
hmac.update(`${version}:${requestTimestamp}:${body}`);
if (!timingSafeCompare(hash, hmac.digest('hex'))) {
debug('request signature is not valid');
const error = new Error('Slack request signing verification failed');
error.code = errorCodes.SIGNATURE_VERIFICATION_FAILURE;
throw error;
}
debug('request signing verification success');
return true;
}// Divide current date to match Slack ts format
// Subtract 5 minutes from current time
const fiveMinutesAgo = Math.floor(Date.now() / 1000) - (60 * 5);
if (ts < fiveMinutesAgo) {
throw errorWithCode(
'Slack request signing verification failed. Timestamp is too old.',
ErrorCode.ExpressReceiverAuthenticityError,
);
}
const hmac = crypto.createHmac('sha256', signingSecret);
const [version, hash] = signature.split('=');
hmac.update(`${version}:${ts}:${body}`);
if (!tsscmp(hash, hmac.digest('hex'))) {
throw errorWithCode(
'Slack request signing verification failed. Signature mismatch.',
ErrorCode.ExpressReceiverAuthenticityError,
);
}
}// Divide current date to match Slack ts format
// Subtract 5 minutes from current time
const fiveMinutesAgo = Math.floor(Date.now() / 1000) - (60 * 5);
if (requestTimestamp < fiveMinutesAgo) {
debug('request is older than 5 minutes');
const error = new Error('Slack request signing verification outdated');
error.code = errorCodes.REQUEST_TIME_FAILURE;
throw error;
}
const hmac = crypto.createHmac('sha256', signingSecret);
const [version, hash] = requestSignature.split('=');
hmac.update(`${version}:${requestTimestamp}:${body}`);
if (!timingSafeCompare(hash, hmac.digest('hex'))) {
debug('request signature is not valid');
const error = new Error('Slack request signing verification failed');
error.code = errorCodes.SIGNATURE_VERIFICATION_FAILURE;
throw error;
}
debug('request signing verification success');
return true;
}function check(name: string, pass: string) {
let valid = true;
// Simple method to prevent short-circuit and use timing-safe compare.
valid = compare(name, username) && valid;
valid = compare(pass, password) && valid;
return valid;
}function check(name: string, pass: string) {
let valid = true;
// Simple method to prevent short-circuit and use timing-safe compare.
valid = compare(name, username) && valid;
valid = compare(pass, password) && valid;
return valid;
}tsscmp
Timing safe string compare using double HMAC
