slackapi / python-slack-events-api

Slack Events API adapter for Python (Flask required)
https://api.slack.com/events
MIT License
343 stars 116 forks source link

SlackEventAdapter not working with AWS S3 Bucket, AWS Lambda & API Gateway #102

Closed gnohgnij closed 1 year ago

gnohgnij commented 1 year ago

Description

I'm using AWS Lambda and API Gateway to host my Flask code for a Slack App. Currently, I'm struggling with responding to the challenge parameter when entering the Request URL. The way I'm implementing my code is:

  1. Use serverless framework to develop code in a test environment
  2. Once the code works in the test environment, I download the zip file from the test Lambda function, unzip it, change the variables to production environment variables and zip it.
  3. I upload the code to the production S3 bucket, which is linked to the production AWS Lambda.

Here are some routes that I have in my code:

app = Flask(__name__)
slack_event_adapter = SlackEventAdapter(os.environ["TEST_SLACK_SIGNING_SECRET"], "/slack/events", app)

@app.route("/")
def hello_from_root():
    return jsonify(message=f'Slack signing secret: {os.environ["TEST_SLACK_SIGNING_SECRET"]}'). 

@app.route("/interactions", methods=['GET', 'POST'])
def parse_interactions():
    """
    Parse interactions here
    """

I suspected that the environment variables weren't being read, but I am able to receive the slack signing secret when sending a GET request to the API Gateway URL

What could be the issue?

What type of issue is this? (place an x in one of the [ ])

Requirements

Bug Report

Filling out the following details about bugs will help us solve your issue sooner.

Reproducible in:

slackeventsapi version: 3.0.1 python version: 3.9.6 OS version(s): macOS Ventura 13.2.1

Steps to reproduce:

  1. Deploy serverless framework
  2. Export function
  3. Unzip function, change env variables to prod variables, upload to prod S3 bucket
  4. Enter "prod-api-gateway-url/slack/events" to Slack events subscription request url

Expected result:

The request url to be accepted

Actual result:

The request url not accepted

Attachments:

seratch commented 1 year ago

Hi @gnohgnij, thanks for asking the question.

I am still unshare why you don't use serverless framework for prod deployement while you use it for development. If you use serverless framework for deployments too, just setting env variables in your serverless.yml file should work. Here is my example: https://github.com/seratch/ChatGPT-in-Slack/blob/e8202b144d0d90e5095623f207e291f9008ca8ff/serverless.yml#L33

Also, as mentioned at https://github.com/slackapi/python-slack-events-api#%EF%B8%8F--important-notice, our latest recommendation is to use bolt-python instead. https://github.com/slackapi/python-slack-events-api/issues/84 can be a challenge as long as you go with this package. bolt-python offers better options for AWS lambda use cases:

I highly recommend switching to bolt-python if it's still possible. I hope this helps.

gnohgnij commented 1 year ago

@seratch Hi, thanks for responding. My company practices infrastructure as code and provisions cloud resources through terraform. The serverless framework is just for me to test my code and ultimately, I have to deploy the code using terraform. Is there any reason why the Slack Event Adapter is not respondin with the challenge parameter? When I deployed using the serverless framework, it responded.

seratch commented 1 year ago

@gnohgnij this library is a tiny one so pointing the source code out should be easier for you too. As you can see here, the signature verifications should be failing before responding to the url verification request. I cannot guess what's actually happening on your end but the most common cause is the absence of the signing secret (or using an invalid one such as the one for a different app). I don't think this is your case but another pattern is the system clock problem, which may cause this error.

gnohgnij commented 1 year ago

@seratch Oh I think I've figured it out, my company's terraform API Gateway module uses REST API while serverless framework uses HTTP API

seratch commented 1 year ago

Great to hear that you've identified the cause! Would you mind if I close this issue now?

gnohgnij commented 1 year ago

Yup, you may close the issue