casen•12mo ago

Issue using crypto functions in http actions to verify slack web hooks

Hello everyone! I recently wrote a socket-mode slack app in golang to have a little fun, and after learning about convex I wanted to do the same. Receiving webhooks from slack is no problem, but I've had a few issues trying to verify the raw slack payloads before taking any action on them. Assuming slack/bolt would not work in Convex runtime, I thought I'd test out slack-edge. Unfortunately that is using some functionality not supported by the Convex runtime.

failure
Not implemented: verify for SubtleCrypto. Consider calling an action defined in Node.js instead (https://docs.convex.dev/functions/actions).
    at verifySlackRequest (../node_modules/slack-edge/src/request/request-verification.ts:34:0)
    at async handleEventRequest [as handleEventRequest] (../node_modules/slack-edge/src/app.ts:555:36)
    at async run [as run] (../node_modules/slack-edge/src/app.ts:505:2)
    at async Array.<anonymous> (../convex/http.ts:37:16)
    at async <anonymous> (../../convex/lib/honoWithConvex.ts:70:5)

failure
Not implemented: verify for SubtleCrypto. Consider calling an action defined in Node.js instead (https://docs.convex.dev/functions/actions).
    at verifySlackRequest (../node_modules/slack-edge/src/request/request-verification.ts:34:0)
    at async handleEventRequest [as handleEventRequest] (../node_modules/slack-edge/src/app.ts:555:36)
    at async run [as run] (../node_modules/slack-edge/src/app.ts:505:2)
    at async Array.<anonymous> (../convex/http.ts:37:16)
    at async <anonymous> (../../convex/lib/honoWithConvex.ts:70:5)

Anyone have some pointers about how to use crypto in the Convex runtime? I am assuming the above call is about using the signing secret to verify the request.

9 Replies

erquhart•12mo ago

Any reason you can't use the node runtime for your action? http actions have to run in the convex runtime, but they can call actions that use node, that's the typical approach for this

ballingt•12mo ago

@erquhart's suggestion is the pragmatic one for now, Node.js 18 does providecrypto.subtle.verify() — but it is a goal for the Convex rutime to support these kinds of standard runtime APIs. Noted that support for this would be useful to you!

casenOP•12mo ago

@erquhart @ballingt thanks for the reply! I did attempt that approach by passing the raw Request object to the action, but the Request object is circular, and non-serializable, so I got an error. I suppose I could abandon slack-edge and de-structure the Request object in such a way that I can pass the necessary pieces back to a Node.js action.

erquhart•12mo ago

Yeah you'll need to break it down and pass arguments that are valid for convex functions Need to look at slack-edge to better understand what you're working with ah it's a framework Possible to reconstruct the request object in the node function? Might be a lot of mucking around, to be fair

ballingt•12mo ago

Sorry for the inconvenience here @casen, this is a gap you've found with our edge runtime.

casenOP•12mo ago

They have an interesting approach. I wouldn't say it's my favorite:

import { SlackApp } from "slack-edge";

export const config = {
  runtime: "edge",
};

const app = new SlackApp({
  env: {
    SLACK_SIGNING_SECRET: process.env.SLACK_SIGNING_SECRET!,
    SLACK_BOT_TOKEN: process.env.SLACK_BOT_TOKEN!,
    SLACK_LOGGING_LEVEL: "DEBUG",
  },
});

const req: Request ... // Standard Request object
const result = await app.run(req)

import { SlackApp } from "slack-edge";

export const config = {
  runtime: "edge",
};

const app = new SlackApp({
  env: {
    SLACK_SIGNING_SECRET: process.env.SLACK_SIGNING_SECRET!,
    SLACK_BOT_TOKEN: process.env.SLACK_BOT_TOKEN!,
    SLACK_LOGGING_LEVEL: "DEBUG",
  },
});

const req: Request ... // Standard Request object
const result = await app.run(req)

If I feel dedicated, I will muck around and roll my own!

erquhart•12mo ago

Yeah if you want to work with that, maybe try turning the args back into a request object

lee•12mo ago

hi! i believe this is implemented in the convex runtime now. i tested a webhook using slack-edge and it worked.

ballingt•12mo ago

@casen ^ notification for above, thanks to @lee for getting crypto.subtle.verify() and friends in

Issue using crypto functions in http actions to verify slack web hooks

Did you find this page helpful?