1package discordgo 2 3import ( 4 "bytes" 5 "crypto/ed25519" 6 "encoding/hex" 7 "io" 8 "io/ioutil" 9 "net/http" 10) 11 12// VerifyInteraction implements message verification of the discord interactions api 13// signing algorithm, as documented here: 14// https://discord.com/developers/docs/interactions/slash-commands#security-and-authorization 15func VerifyInteraction(r *http.Request, key ed25519.PublicKey) bool { 16 var msg bytes.Buffer 17 18 signature := r.Header.Get("X-Signature-Ed25519") 19 if signature == "" { 20 return false 21 } 22 23 sig, err := hex.DecodeString(signature) 24 if err != nil { 25 return false 26 } 27 28 if len(sig) != ed25519.SignatureSize { 29 return false 30 } 31 32 timestamp := r.Header.Get("X-Signature-Timestamp") 33 if timestamp == "" { 34 return false 35 } 36 37 msg.WriteString(timestamp) 38 39 defer r.Body.Close() 40 var body bytes.Buffer 41 42 // at the end of the function, copy the original body back into the request 43 defer func() { 44 r.Body = ioutil.NopCloser(&body) 45 }() 46 47 // copy body into buffers 48 _, err = io.Copy(&msg, io.TeeReader(r.Body, &body)) 49 if err != nil { 50 return false 51 } 52 53 return ed25519.Verify(key, msg.Bytes(), sig) 54} 55