PyPI - langchain-trigger-server - Versions diffs - 0.2.6rc3__tar.gz → 0.2.6rc4__tar.gz - Mend

langchain-trigger-server 0.2.6rc3tar.gz → 0.2.6rc4tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of langchain-trigger-server might be problematic. Click here for more details.

Files changed (19) hide show

{langchain_trigger_server-0.2.6rc3 → langchain_trigger_server-0.2.6rc4}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: langchain-trigger-server
-Version: 0.2.6rc3
+Version: 0.2.6rc4
 Summary: Generic event-driven triggers framework
 Project-URL: Homepage, https://github.com/langchain-ai/open-agent-platform
 Project-URL: Repository, https://github.com/langchain-ai/open-agent-platform

{langchain_trigger_server-0.2.6rc3 → langchain_trigger_server-0.2.6rc4}/langchain_triggers/app.py RENAMED Viewed

@@ -492,15 +492,21 @@ class TriggerServer:
     ) -> Dict[str, Any]:
         """Handle an incoming request with a handler function."""
         try:
-            # Slack webhook authentication
-            # Check if this is a Slack trigger that requires HMAC signature verification
-            if self._is_slack_trigger(trigger):
-                await self._verify_slack_webhook_auth(request)
-            # Parse request data
             if request.method == "POST":
                 if request.headers.get("content-type", "").startswith("application/json"):
-                    payload = await request.json()
+                    # Read body once for both auth and parsing
+                    body_bytes = await request.body()
+                    body_str = body_bytes.decode("utf-8")
+                    if self._is_slack_trigger(trigger):
+                        await self._verify_slack_webhook_auth_with_body(request, body_str)
+                    import json
+                    payload = json.loads(body_str)
+                    if payload.get("type") == "url_verification" and "challenge" in payload:
+                        logger.info(f"Responding to Slack URL verification challenge")
+                        return {"challenge": payload["challenge"]}
                 else:
                     # Handle form data or other content types
                     body = await request.body()
@@ -678,6 +684,73 @@ class TriggerServer:
                 detail=f"Authentication error: {str(e)}"
             )
+    async def _verify_slack_webhook_auth_with_body(self, request: Request, body_str: str) -> None:
+        """Verify Slack HMAC signature for webhook requests using pre-read body.
+        Slack uses HMAC-SHA256 signatures to verify webhook authenticity.
+        The signature is computed from the timestamp, body, and signing secret.
+        Args:
+            request: The FastAPI request object
+            body_str: The request body as a string (already read)
+        Raises:
+            HTTPException: If authentication fails
+        """
+        try:
+            signing_secret = get_slack_signing_secret()
+            if not signing_secret:
+                logger.error("SLACK_SIGNING_SECRET environment variable not set")
+                raise HTTPException(
+                    status_code=500,
+                    detail="Slack signing secret not configured on server"
+                )
+            headers_dict = dict(request.headers)
+            signature, timestamp = extract_slack_headers(headers_dict)
+            if not signature:
+                logger.error("Missing X-Slack-Signature header")
+                raise HTTPException(
+                    status_code=401,
+                    detail="Missing X-Slack-Signature header. Slack webhooks require signature verification."
+                )
+            if not timestamp:
+                logger.error("Missing X-Slack-Request-Timestamp header")
+                raise HTTPException(
+                    status_code=401,
+                    detail="Missing X-Slack-Request-Timestamp header. Slack webhooks require timestamp."
+                )
+            try:
+                verify_slack_signature(
+                    signing_secret=signing_secret,
+                    timestamp=timestamp,
+                    body=body_str,
+                    signature=signature
+                )
+                logger.info(f"Successfully verified Slack webhook signature. Timestamp: {timestamp}")
+            except SlackSignatureVerificationError as e:
+                logger.error(f"Slack signature verification failed: {e}")
+                raise HTTPException(
+                    status_code=401,
+                    detail=f"Slack signature verification failed: {str(e)}"
+                )
+            # Store verification info in request state
+            request.state.slack_verified = True
+            request.state.slack_timestamp = timestamp
+        except HTTPException:
+            raise
+        except Exception as e:
+            logger.error(f"Unexpected error during Slack webhook authentication: {e}")
+            raise HTTPException(
+                status_code=500,
+                detail=f"Authentication error: {str(e)}"
+            )
     def get_app(self) -> FastAPI:
         """Get the FastAPI app instance."""
         return self.app

{langchain_trigger_server-0.2.6rc3 → langchain_trigger_server-0.2.6rc4}/pyproject.toml RENAMED Viewed

@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 [project]
 name = "langchain-trigger-server"
-version = "0.2.6rc3"
+version = "0.2.6rc4"
 description = "Generic event-driven triggers framework"
 readme = "README.md"
 requires-python = ">=3.9"