From 2f0b35e3c25bc4394f3288e1baa77d250cb510ed Mon Sep 17 00:00:00 2001
From: Jordan <me@jordan.im>
Date: Thu, 10 Feb 2022 19:10:54 -0700
Subject: misc: go mod vendor

---
 .../github.com/bwmarrin/discordgo/interactions.go  | 54 ++++++++++++++++++++++
 1 file changed, 54 insertions(+)
 create mode 100644 vendor/github.com/bwmarrin/discordgo/interactions.go

(limited to 'vendor/github.com/bwmarrin/discordgo/interactions.go')

diff --git a/vendor/github.com/bwmarrin/discordgo/interactions.go b/vendor/github.com/bwmarrin/discordgo/interactions.go
new file mode 100644
index 0000000..6fc2f55
--- /dev/null
+++ b/vendor/github.com/bwmarrin/discordgo/interactions.go
@@ -0,0 +1,54 @@
+package discordgo
+
+import (
+	"bytes"
+	"crypto/ed25519"
+	"encoding/hex"
+	"io"
+	"io/ioutil"
+	"net/http"
+)
+
+// VerifyInteraction implements message verification of the discord interactions api
+// signing algorithm, as documented here:
+// https://discord.com/developers/docs/interactions/slash-commands#security-and-authorization
+func VerifyInteraction(r *http.Request, key ed25519.PublicKey) bool {
+	var msg bytes.Buffer
+
+	signature := r.Header.Get("X-Signature-Ed25519")
+	if signature == "" {
+		return false
+	}
+
+	sig, err := hex.DecodeString(signature)
+	if err != nil {
+		return false
+	}
+
+	if len(sig) != ed25519.SignatureSize {
+		return false
+	}
+
+	timestamp := r.Header.Get("X-Signature-Timestamp")
+	if timestamp == "" {
+		return false
+	}
+
+	msg.WriteString(timestamp)
+
+	defer r.Body.Close()
+	var body bytes.Buffer
+
+	// at the end of the function, copy the original body back into the request
+	defer func() {
+		r.Body = ioutil.NopCloser(&body)
+	}()
+
+	// copy body into buffers
+	_, err = io.Copy(&msg, io.TeeReader(r.Body, &body))
+	if err != nil {
+		return false
+	}
+
+	return ed25519.Verify(key, msg.Bytes(), sig)
+}
-- 
cgit v1.2.3-54-g00ecf