I'm currently writing a Slack bot using BoltJS and wanted to add verification using the integrated verify() method, which needs the signing secret as well as the incoming request. The problem is, that commands triggering the app.command() method do not provide the whole request. It only provides the payload and thereby the verify() method throws following error:
TypeError: stream.on is not a function
since none of the provided parameters are valid.
//These are the parameters of the app.command method
export interface SlackCommandMiddlewareArgs {
payload: SlashCommand;
command: this['payload'];
body: this['payload'];
say: SayFn;
respond: RespondFn;
ack: AckFn<string | RespondArguments>;
}
//This is what the SlashCommand Object is made of for context
export interface SlashCommand extends StringIndexed {
token: string;
command: string;
text: string;
response_url: string;
trigger_id: string;
user_id: string;
user_name: string;
team_id: string;
team_domain: string;
channel_id: string;
channel_name: string;
api_app_id: string;
enterprise_id?: string;
enterprise_name?: string;
is_enterprise_install?: string;
}
Is there any way to catch the request before the command handler receives it with which I could verify it, or am I missing something else completely? I haven't found anything regarding this in the documentation but I'll keep looking in the meantime.
The documentation from slack, states that :
Some SDKs perform signature verification automatically, accessible via an easy drop-in replacement of your signing secret for your old verification token. See the SDK support section for more detail. https://api.slack.com/authentication/verifying-requests-from-slack#about
And Bolt for JS is one of the supported SDK