romica
romica7mo ago

Trouble validating a request

Hi there! I'm trying to validate a Discord HTTP request, but I don't know how to do it (https://discord.com/developers/docs/interactions/receiving-and-responding#security-and-authorization)
Discord Developer Portal
Discord Developer Portal — API Docs for Bots and Developers
Integrate your service with Discord — whether it's a bot or a game or whatever your wildest imagination can come up with.
2 Replies
Deno AI Helper
Deno AI Helper7mo ago
Hello! Validating a Discord HTTP request is an important step to ensure that the requests your application is handling are indeed coming from Discord. According to the documentation, you can use the validateRequest function from the sift module to validate incoming requests. Here's a step-by-step guide based on the documentation: 1. Import the necessary functions from the sift module:
import {
json,
serve,
validateRequest,
} from "https://deno.land/x/sift@0.6.0/mod.ts";

import {
json,
serve,
validateRequest,
} from "https://deno.land/x/sift@0.6.0/mod.ts";

2. You'll also need to import the nacl module to verify the signature provided by Discord:
import nacl from "https://cdn.skypack.dev/tweetnacl@v1.0.3?dts";

import nacl from "https://cdn.skypack.dev/tweetnacl@v1.0.3?dts";

3. Set up your server with the serve function and define a handler for the route you want to validate, for example, the root ("/") route:
serve({
"/": home,
});

serve({
"/": home,
});

4. In your handler function, use validateRequest to ensure that the request is a POST request and contains the required headers:
async function home(request: Request) {
const { error } = await validateRequest(request, {
POST: {
headers: ["X-Signature-Ed25519", "X-Signature-Timestamp"],
},
});
if (error) {
return json({ error: error.message }, { status: error.status });
}
// Continue with signature verification...
}

async function home(request: Request) {
const { error } = await validateRequest(request, {
POST: {
headers: ["X-Signature-Ed25519", "X-Signature-Timestamp"],
},
});
if (error) {
return json({ error: error.message }, { status: error.status });
}
// Continue with signature verification...
}

5. After validating the request type and headers, proceed to verify the signature using the verifySignature function you'll define: ```typescript async function verifySignature(request: Request): Promise<{ valid: boolean; body: string }> { const PUBLIC_KEY = Deno.env.get("DISCORD_PUBLIC_KEY")!; const signature = request.headers.get("X-Signature-Ed25519")!;
Deno AI Helper
Deno AI Helper7mo ago
const timestamp = request.headers.get("X-Signature-Timestamp")!; const body = await request.text(); const valid = nacl.sign.detached.verify( new TextEncoder().encode(timestamp + body), hexToUint8Array(signature), hexToUint8Array(PUBLIC_KEY), ); return { valid, body }; }
6. The `hexToUint8Array` function is used to convert hexadecimal strings to Uint8Array, which is needed for the verification process:

6. The `hexToUint8Array` function is used to convert hexadecimal strings to Uint8Array, which is needed for the verification process:

typescript function hexToUint8Array(hex: string) { return new Uint8Array( hex.match(/.{1,2}/g)!.map((val) => parseInt(val, 16)), ); } `` 7. Finally, use the verifySignature` function