package discordgo import ( "bytes" "crypto/ed25519" "encoding/hex" "io" "io/ioutil" "net/http" ) // VerifyInteraction implements message verification of the discord interactions api // signing algorithm, as documented here: // https://discord.com/developers/docs/interactions/slash-commands#security-and-authorization func VerifyInteraction(r *http.Request, key ed25519.PublicKey) bool { var msg bytes.Buffer signature := r.Header.Get("X-Signature-Ed25519") if signature == "" { return false } sig, err := hex.DecodeString(signature) if err != nil { return false } if len(sig) != ed25519.SignatureSize { return false } timestamp := r.Header.Get("X-Signature-Timestamp") if timestamp == "" { return false } msg.WriteString(timestamp) defer r.Body.Close() var body bytes.Buffer // at the end of the function, copy the original body back into the request defer func() { r.Body = ioutil.NopCloser(&body) }() // copy body into buffers _, err = io.Copy(&msg, io.TeeReader(r.Body, &body)) if err != nil { return false } return ed25519.Verify(key, msg.Bytes(), sig) }