diff options
Diffstat (limited to 'vendor/github.com/bwmarrin/discordgo/interactions.go')
| -rw-r--r-- | vendor/github.com/bwmarrin/discordgo/interactions.go | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/vendor/github.com/bwmarrin/discordgo/interactions.go b/vendor/github.com/bwmarrin/discordgo/interactions.go new file mode 100644 index 0000000..6fc2f55 --- /dev/null +++ b/vendor/github.com/bwmarrin/discordgo/interactions.go @@ -0,0 +1,54 @@ +package discordgo + +import ( + "bytes" + "crypto/ed25519" + "encoding/hex" + "io" + "io/ioutil" + "net/http" +) + +// VerifyInteraction implements message verification of the discord interactions api +// signing algorithm, as documented here: +// https://discord.com/developers/docs/interactions/slash-commands#security-and-authorization +func VerifyInteraction(r *http.Request, key ed25519.PublicKey) bool { + var msg bytes.Buffer + + signature := r.Header.Get("X-Signature-Ed25519") + if signature == "" { + return false + } + + sig, err := hex.DecodeString(signature) + if err != nil { + return false + } + + if len(sig) != ed25519.SignatureSize { + return false + } + + timestamp := r.Header.Get("X-Signature-Timestamp") + if timestamp == "" { + return false + } + + msg.WriteString(timestamp) + + defer r.Body.Close() + var body bytes.Buffer + + // at the end of the function, copy the original body back into the request + defer func() { + r.Body = ioutil.NopCloser(&body) + }() + + // copy body into buffers + _, err = io.Copy(&msg, io.TeeReader(r.Body, &body)) + if err != nil { + return false + } + + return ed25519.Verify(key, msg.Bytes(), sig) +} |