langchain-trigger-server 0.2.6rc1__tar.gz → 0.2.6rc3__tar.gz

{langchain_trigger_server-0.2.6rc1 → langchain_trigger_server-0.2.6rc3}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: langchain-trigger-server
-Version: 0.2.6rc1
+Version: 0.2.6rc3
 Summary: Generic event-driven triggers framework
 Project-URL: Homepage, https://github.com/langchain-ai/open-agent-platform
 Project-URL: Repository, https://github.com/langchain-ai/open-agent-platform

{langchain_trigger_server-0.2.6rc1 → langchain_trigger_server-0.2.6rc3}/langchain_triggers/app.py

@@ -16,6 +16,12 @@ from .decorators import TriggerTemplate
 from .database import create_database, TriggerDatabaseInterface
 from .cron_manager import CronTriggerManager
 from .triggers.cron_trigger import CRON_TRIGGER_ID
+from .auth.slack_hmac import (
+    verify_slack_signature,
+    get_slack_signing_secret,
+    extract_slack_headers,
+    SlackSignatureVerificationError,
+)
 
 logger = logging.getLogger(__name__)
 
@@ -29,7 +35,7 @@ class AuthenticationMiddleware(BaseHTTPMiddleware):
     
     async def dispatch(self, request: Request, call_next):
         # Skip auth for webhooks, health/root endpoints, and OPTIONS requests
-        if (request.url.path.startswith("/webhooks/") or 
+        if (request.url.path.startswith("/v1/triggers/webhooks/") or 
             request.url.path in ["/", "/health"] or
             request.method == "OPTIONS"):
             return await call_next(request)
@@ -174,7 +180,7 @@ class TriggerServer:
             async def handler_endpoint(request: Request) -> Dict[str, Any]:
                 return await self._handle_request(trigger, request)
             
-            handler_path = f"/webhooks/{trigger.id}"
+            handler_path = f"/v1/triggers/webhooks/{trigger.id}"
             self.app.post(handler_path)(handler_endpoint)
             logger.info(f"Added handler route: POST {handler_path}")
         
@@ -213,7 +219,7 @@ class TriggerServer:
         async def health() -> Dict[str, str]:
             return {"status": "healthy"}
         
-        @self.app.get("/api/triggers")
+        @self.app.get("/v1/triggers")
         async def api_list_triggers() -> Dict[str, Any]:
             """List available trigger templates."""
             templates = await self.database.get_trigger_templates()
@@ -224,7 +230,7 @@ class TriggerServer:
                     "provider": template["provider"],
                     "displayName": template["name"],
                     "description": template["description"],
-                    "path": "/api/triggers/registrations",
+                    "path": "/v1/triggers/registrations",
                     "method": "POST",
                     "payloadSchema": template.get("registration_schema", {}),
                 })
@@ -234,7 +240,7 @@ class TriggerServer:
                 "data": trigger_list
             }
         
-        @self.app.get("/api/triggers/registrations")
+        @self.app.get("/v1/triggers/registrations")
         async def api_list_registrations(current_user: Dict[str, Any] = Depends(get_current_user)) -> Dict[str, Any]:
             """List user's trigger registrations (user-scoped)."""
             try:
@@ -266,7 +272,7 @@ class TriggerServer:
                 logger.error(f"Error listing registrations: {e}")
                 raise HTTPException(status_code=500, detail=str(e))
         
-        @self.app.post("/api/triggers/registrations")
+        @self.app.post("/v1/triggers/registrations")
         async def api_create_registration(request: Request, current_user: Dict[str, Any] = Depends(get_current_user)) -> Dict[str, Any]:
             """Create a new trigger registration."""
             try:
@@ -345,14 +351,14 @@ class TriggerServer:
                 logger.exception(f"Error creating trigger registration: {e}")
                 raise HTTPException(status_code=500, detail=str(e))
         
-        @self.app.get("/api/triggers/registrations/{registration_id}/agents")
+        @self.app.get("/v1/triggers/registrations/{registration_id}/agents")
         async def api_list_registration_agents(registration_id: str, current_user: Dict[str, Any] = Depends(get_current_user)) -> Dict[str, Any]:
             """List agents linked to this registration."""
             try:
                 user_id = current_user["identity"]
                 
                 # Get the specific trigger registration
-                trigger = await self.database.get_user_trigger(user_id, registration_id, token)
+                trigger = await self.database.get_trigger_registration(registration_id, user_id)
                 if not trigger:
                     raise HTTPException(status_code=404, detail="Trigger registration not found or access denied")
                 
@@ -368,7 +374,7 @@ class TriggerServer:
                 logger.error(f"Error getting registration agents: {e}")
                 raise HTTPException(status_code=500, detail=str(e))
         
-        @self.app.post("/api/triggers/registrations/{registration_id}/agents/{agent_id}")
+        @self.app.post("/v1/triggers/registrations/{registration_id}/agents/{agent_id}")
         async def api_add_agent_to_trigger(registration_id: str, agent_id: str, request: Request, current_user: Dict[str, Any] = Depends(get_current_user)) -> Dict[str, Any]:
             """Add an agent to a trigger registration."""
             try:
@@ -412,7 +418,7 @@ class TriggerServer:
                 logger.error(f"Error linking agent to trigger: {e}")
                 raise HTTPException(status_code=500, detail=str(e))
         
-        @self.app.delete("/api/triggers/registrations/{registration_id}/agents/{agent_id}")
+        @self.app.delete("/v1/triggers/registrations/{registration_id}/agents/{agent_id}")
         async def api_remove_agent_from_trigger(registration_id: str, agent_id: str, current_user: Dict[str, Any] = Depends(get_current_user)) -> Dict[str, Any]:
             """Remove an agent from a trigger registration."""
             try:
@@ -447,7 +453,7 @@ class TriggerServer:
                 logger.error(f"Error unlinking agent from trigger: {e}")
                 raise HTTPException(status_code=500, detail=str(e))
 
-        @self.app.post("/api/triggers/registrations/{registration_id}/execute")
+        @self.app.post("/v1/triggers/registrations/{registration_id}/execute")
         async def api_execute_trigger_now(registration_id: str, current_user: Dict[str, Any] = Depends(get_current_user)) -> Dict[str, Any]:
             """Manually execute a cron trigger registration immediately."""
             try:
@@ -486,6 +492,10 @@ class TriggerServer:
     ) -> Dict[str, Any]:
         """Handle an incoming request with a handler function."""
         try:
+            # Slack webhook authentication
+            # Check if this is a Slack trigger that requires HMAC signature verification
+            if self._is_slack_trigger(trigger):
+                await self._verify_slack_webhook_auth(request)
             
             # Parse request data
             if request.method == "POST":
@@ -592,6 +602,82 @@ class TriggerServer:
                 logger.error(f"Error invoking agent {agent_id}: {e}")
                 raise
     
+    def _is_slack_trigger(self, trigger: TriggerTemplate) -> bool:
+        """Check if a trigger is from Slack and requires HMAC signature verification."""
+        return (
+            trigger.provider.lower() == "slack" or
+            "slack" in trigger.id.lower()
+        )
+    
+    async def _verify_slack_webhook_auth(self, request: Request) -> None:
+        """Verify Slack HMAC signature for webhook requests.
+        
+        Slack uses HMAC-SHA256 signatures to verify webhook authenticity.
+        The signature is computed from the timestamp, body, and signing secret.
+        
+        Args:
+            request: The FastAPI request object
+            
+        Raises:
+            HTTPException: If authentication fails
+        """
+        try:
+            signing_secret = get_slack_signing_secret()
+            if not signing_secret:
+                logger.error("SLACK_SIGNING_SECRET environment variable not set")
+                raise HTTPException(
+                    status_code=500,
+                    detail="Slack signing secret not configured on server"
+                )
+            
+            headers_dict = dict(request.headers)
+            signature, timestamp = extract_slack_headers(headers_dict)
+            
+            if not signature:
+                logger.error("Missing X-Slack-Signature header")
+                raise HTTPException(
+                    status_code=401,
+                    detail="Missing X-Slack-Signature header. Slack webhooks require signature verification."
+                )
+            
+            if not timestamp:
+                logger.error("Missing X-Slack-Request-Timestamp header")
+                raise HTTPException(
+                    status_code=401,
+                    detail="Missing X-Slack-Request-Timestamp header. Slack webhooks require timestamp."
+                )
+            
+            body = await request.body()
+            body_str = body.decode('utf-8')
+            
+            try:
+                verify_slack_signature(
+                    signing_secret=signing_secret,
+                    timestamp=timestamp,
+                    body=body_str,
+                    signature=signature
+                )
+                logger.info(f"Successfully verified Slack webhook signature. Timestamp: {timestamp}")
+            except SlackSignatureVerificationError as e:
+                logger.error(f"Slack signature verification failed: {e}")
+                raise HTTPException(
+                    status_code=401,
+                    detail=f"Slack signature verification failed: {str(e)}"
+                )
+            
+            # Store verification info in request state
+            request.state.slack_verified = True
+            request.state.slack_timestamp = timestamp
+            
+        except HTTPException:
+            raise
+        except Exception as e:
+            logger.error(f"Unexpected error during Slack webhook authentication: {e}")
+            raise HTTPException(
+                status_code=500,
+                detail=f"Authentication error: {str(e)}"
+            )
+    
     def get_app(self) -> FastAPI:
         """Get the FastAPI app instance."""
         return self.app

langchain_trigger_server-0.2.6rc3/langchain_triggers/auth/__init__.py

@@ -0,0 +1,16 @@
+"""Authentication utilities for trigger webhooks."""
+
+from .slack_hmac import (
+    verify_slack_signature,
+    get_slack_signing_secret,
+    extract_slack_headers,
+    SlackSignatureVerificationError,
+)
+
+__all__ = [
+    "verify_slack_signature",
+    "get_slack_signing_secret",
+    "extract_slack_headers",
+    "SlackSignatureVerificationError",
+]
+

langchain_trigger_server-0.2.6rc3/langchain_triggers/auth/slack_hmac.py

@@ -0,0 +1,95 @@
+"""Slack HMAC signature verification for webhook authentication.
+
+Slack uses HMAC-SHA256 signatures to verify webhook authenticity.
+Each request includes an X-Slack-Signature header that must be verified
+against your app's signing secret.
+"""
+
+from __future__ import annotations
+
+import hashlib
+import hmac
+import logging
+import os
+import time
+from typing import Optional
+
+logger = logging.getLogger(__name__)
+
+
+class SlackSignatureVerificationError(Exception):
+    """Exception raised when Slack signature verification fails."""
+    pass
+
+
+def verify_slack_signature(
+    signing_secret: str,
+    timestamp: str,
+    body: str,
+    signature: str,
+    max_age_seconds: int = 300
+) -> bool:
+    try:
+        # Verify timestamp to prevent replay attacks
+        current_time = int(time.time())
+        request_time = int(timestamp)
+        
+        if abs(current_time - request_time) > max_age_seconds:
+            logger.error(
+                f"Slack request timestamp too old. "
+                f"Current: {current_time}, Request: {request_time}, "
+                f"Diff: {abs(current_time - request_time)}s"
+            )
+            raise SlackSignatureVerificationError(
+                f"Request timestamp is too old (>{max_age_seconds}s). Possible replay attack."
+            )
+        
+        # Format: v0:{timestamp}:{body}
+        sig_basestring = f"v0:{timestamp}:{body}"
+        
+        # Create HMAC-SHA256 hash
+        my_signature = 'v0=' + hmac.new(
+            signing_secret.encode(),
+            sig_basestring.encode(),
+            hashlib.sha256
+        ).hexdigest()
+        
+        if not hmac.compare_digest(my_signature, signature):
+            logger.error(
+                f"Slack signature mismatch. "
+                f"Expected: {my_signature}, Got: {signature}"
+            )
+            raise SlackSignatureVerificationError("Signature verification failed")
+        
+        logger.info("Successfully verified Slack webhook signature")
+        return True
+        
+    except ValueError as e:
+        logger.error(f"Invalid timestamp format: {e}")
+        raise SlackSignatureVerificationError(f"Invalid timestamp: {str(e)}")
+    except Exception as e:
+        logger.error(f"Unexpected error during Slack signature verification: {e}")
+        raise SlackSignatureVerificationError(f"Verification error: {str(e)}")
+
+
+def get_slack_signing_secret() -> Optional[str]:
+    """Get Slack signing secret from SLACK_SIGNING_SECRET environment variable."""
+    secret = os.getenv("SLACK_SIGNING_SECRET")
+    if not secret:
+        logger.warning("SLACK_SIGNING_SECRET environment variable not set")
+    return secret
+
+
+def extract_slack_headers(headers: dict) -> tuple[Optional[str], Optional[str]]:
+    """Extract Slack signature and timestamp from request headers."""
+    signature = (
+        headers.get('x-slack-signature') or 
+        headers.get('X-Slack-Signature')
+    )
+    timestamp = (
+        headers.get('x-slack-request-timestamp') or 
+        headers.get('X-Slack-Request-Timestamp')
+    )
+    
+    return signature, timestamp
+

{langchain_trigger_server-0.2.6rc1 → langchain_trigger_server-0.2.6rc3}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "langchain-trigger-server"
-version = "0.2.6rc1"
+version = "0.2.6rc3"
 description = "Generic event-driven triggers framework"
 readme = "README.md"
 requires-python = ">=3.9"