search

slackapi / bolt-python

A framework to build Slack apps using Python
https://slack.dev/bolt-python/
MIT License
1.02k stars 236 forks source link

Invalid request signature detected when running a bot inside a container #1068

Closed slin-auradine closed 3 months ago

slin-auradine commented 3 months ago

I have a small bot code (just copying from the sample) which runs ok locally. But, not working after I packaged into a container. It gave me an error of

INFO:slack_bolt.RequestVerification:Invalid request signature detected

INFO: 192.168.65.1:21464 - "POST /slack/events HTTP/1.1" 401 Unauthorized

I noticed "192.168.65.1". Is the bot checking the source IP?

Reproducible in:

The slack_bolt version

slack-bolt==1.18.1 slack_sdk==3.27.1

Python runtime version

Python 3.12.1

OS info

ProductName: macOS ProductVersion: 13.4 BuildVersion: 22F66 Darwin Kernel Version 22.5.0: Mon Apr 24 20:53:19 PDT 2023; root:xnu-8796.121.2~5/RELEASE_ARM64_T6020

Steps to reproduce:

(Share the commands to run, source code, and project settings (e.g., setup.py))

  1. uvicorn main:fast_api --app-dir . --port 8168 --reload-exclude "Repo/**"

Expected result:

The application can handle "POST /slack/events"

Actual result:

2024-04-01 14:56:09 request_body: <starlette.requests.Request object at 0xffffaf9c65a0>
2024-04-01 14:56:09 DEBUG:slack_bolt.AsyncApp:Applying slack_bolt.middleware.ssl_check.async_ssl_check.AsyncSslCheck
2024-04-01 14:56:09 DEBUG:slack_bolt.AsyncApp:Applying slack_bolt.middleware.request_verification.async_request_verification.AsyncRequestVerification
2024-04-01 14:56:09 INFO:slack_bolt.RequestVerification:Invalid request signature detected (signature: v0=91a5......5bf7, timestamp: 1712008569, body: {"token":"GMoejf6choBAoceTRXQQQouO","team_id":"T0......","context_team_id":"T0......","context_enterprise_id":null,"api_app_id":"A06ERCEC38T","event":{"user":"U0......","type":"message","ts":"1712008569.425579","client_msg_id":"0cc224b8-027a-49ce-a0df-18f2a18101ed","text":"hi","team":"T02PX3BDA7J","blocks":[{"type":"rich_text","block_id":"a8bcU","elements":[{"type":"rich_text_section","elements":[{"type":"text","text":"hi"}]}]}],"channel":"D06N3E675SN","event_ts":"1712008569.425579","channel_type":"im"},"type":"event_callback","event_id":"Ev06RVHU0ETZ","event_time":1712008569,"authorizations":[{"enterprise_id":null,"team_id":"T02PX3BDA7J","user_id":"U0......","is_bot":true,"is_enterprise_install":false}],"is_ext_shared_channel":false,"event_context":"4-eyJldCI6Im1lc3NhZ2UiLCJ0aWQiOiJUMDJQWDNCREE3SiIsImFpZCI6IkEwNkVSQ0VDMzhUIiwiY2lkIjoiRDA2TjNFNjc1U04ifQ"})
seratch commented 3 months ago

Hi @slin-auradine, thanks for asking the question. The global IP address is unrelated. This error could be caused due to lack of your signing secret (or using an invalid one). Please double-check if you're passing SLACK_SIGNING_SECRET env variable to the container. You can check this example for more details: https://github.com/slackapi/bolt-python/blob/main/examples/docker/fastapi-gunicorn/Dockerfile

slin-auradine commented 3 months ago

@seratch Thanks a lot for the quick response! I hardcoded SIGNING_SECRET in the code. It works now. Somehow, the environment variables are passed with a double quote around.