search

alexa / alexa-skills-kit-sdk-for-nodejs

The Alexa Skills Kit SDK for Node.js helps you get a skill up and running quickly, letting you focus on skill logic instead of boilerplate code.
Apache License 2.0
3.12k stars 737 forks source link

Provide sample code for an express based Skill using the v2 SDK and Signature verification #591

Closed lucidokr closed 4 years ago

lucidokr commented 4 years ago

I'm submitting a...


[ ] Regression (a behavior that used to work and stopped working in a new release)
[ ] Bug report  
[ ] Performance issue
[ ] Feature request
[x] Documentation issue or request
[ ] Other... Please describe:

Could you please create an example Alexa skill that's built as an express app, which shows how to pass request / context to handlers and how to verify the signature, instead of a lambda-only example? I'm dependent upon using Express to power my Skill (handling incoming https requests). So, it'd be helpful to see a best practices for building a skill this way.

Expected Behavior

Current Behavior

Possible Solution

skill = Alexa.SkillBuilders.custom().addRequestHandlers(
      ...
    )
    .addErrorHandlers(ErrorHandler)
    .create();

   try {
    await new expressAdapter.SkillRequestSignatureVerifier().verify(textBody, requestHeaders);
    await new expressAdapter.TimestampVerifier().verify(textBody);
  } catch (err) {
    // server return err message
  }

  skill.invoke(req.body)
    .then(function(responseBody) {
      res.json(responseBody);
    })
    .catch(function(error) {
      console.log(error);
      res.status(500).send('Error during the request');
    });

What does it mean: "This code snippet assumes you have already consumed the request body as text and headers"??

Steps to Reproduce (for bugs)

Context

I'm trying to integrate a new skill with V2 SDK in my Express app executed on a node server.

Your Environment

Node.js and NPM Info

nikhilym commented 4 years ago

Hey @lucidokr , thanks for raising the issue. We have a backlog item for this request and will provide you with a code sample soon.

sjames1958gm commented 4 years ago

One issue I had trouble with the adaptor is that my boilerplate express app had app.use(bodyParser.json()); which caused a error in the first of the three request handlers pushed onto the array in the adaptor. A note to not add this middleware before adding the request handlers should be included.

ShenChen93 commented 4 years ago

Hi @lucidokr

Thanks for being patience and using our new ExpressAdapter package ! Your request is reasonable and we will work on sample skills in near future.

To answer your question: if you are using express and try to build an express app, you can ignore this part as it shows how to use SignatureVerifier and TimeStampVerifier without express. For user who don't use express, they cannot directly use our adapter class and need to figure out a way to parse the request body and request Header themselves. Therefore, for your case you just need to follow this tab. Please be aware don't use any other middleware before adding the request handlers just as @sjames1958gm mentioned.

Let me know if you met any problems while using our SDK !

Thanks, Shen

ShenChen93 commented 4 years ago

Hi @sjames1958gm ,

Thanks for reaching out. And yes you're right, as you can see in our code base, the express adapter will send error response if other middleware is registered before the handler. Due to your report, I think only a error response might not be enough. I will reach out to the doc team to update our doc to avoid similar issues in the future.

Thanks, Shen

NicoWeio commented 4 years ago

Hey there, I just created a little repo with an example. Hope this helps!