slack validateSlackSignature wasn't beung used

Author: Adam Gough

apps/sim/lib/webhooks/processor.ts

@@ -176,12 +176,6 @@ export async function findWebhookAndWorkflow(
   return null
 }
 
-/**
- * Resolves environment variables in a string value
- * @param value - String that may contain {{VARIABLE}} references
- * @param envVars - Map of environment variable name to decrypted value
- * @returns String with all {{VARIABLE}} references replaced with actual values
- */
 function resolveEnvVariablesInString(value: string, envVars: Record<string, string>): string {
   const envMatches = value.match(/\{\{([^}]+)\}\}/g)
   if (!envMatches) {
@@ -202,12 +196,6 @@ function resolveEnvVariablesInString(value: string, envVars: Record<string, stri
   return resolvedValue
 }
 
-/**
- * Resolves environment variables in providerConfig
- * @param providerConfig - Provider configuration that may contain {{VARIABLE}} references
- * @param envVars - Map of environment variable name to decrypted value
- * @returns Provider config with all {{VARIABLE}} references resolved
- */
 function resolveProviderConfigEnvVars(
   providerConfig: Record<string, any>,
   envVars: Record<string, string>
@@ -232,7 +220,6 @@ export async function verifyProviderAuth(
   rawBody: string,
   requestId: string
 ): Promise<NextResponse | null> {
-  // Fetch and decrypt environment variables for resolving {{VARIABLE}} references in providerConfig
   let decryptedEnvVars: Record<string, string> = {}
   try {
     decryptedEnvVars = await getEffectiveDecryptedEnv(
@@ -243,7 +230,6 @@ export async function verifyProviderAuth(
     logger.error(`[${requestId}] Failed to fetch environment variables for webhook verification`, {
       error: error instanceof Error ? error.message : String(error),
     })
-    // Continue without env vars - if config needs them, verification will fail appropriately
   }
 
   // Resolve environment variables in providerConfig and mutate in place
@@ -279,6 +265,37 @@ export async function verifyProviderAuth(
     }
   }
 
+  // Slack webhook signature verification
+  if (foundWebhook.provider === 'slack') {
+    const signingSecret = providerConfig.signingSecret as string | undefined
+
+    if (signingSecret) {
+      const signature = request.headers.get('x-slack-signature')
+      const timestamp = request.headers.get('x-slack-request-timestamp')
+
+      if (!signature || !timestamp) {
+        logger.warn(`[${requestId}] Slack webhook missing signature headers`)
+        return new NextResponse('Unauthorized - Missing Slack signature', { status: 401 })
+      }
+
+      const { validateSlackSignature } = await import('@/lib/webhooks/utils')
+
+      const isValidSignature = await validateSlackSignature(
+        signingSecret,
+        signature,
+        timestamp,
+        rawBody
+      )
+
+      if (!isValidSignature) {
+        logger.warn(`[${requestId}] Slack signature verification failed`)
+        return new NextResponse('Unauthorized - Invalid Slack signature', { status: 401 })
+      }
+
+      logger.debug(`[${requestId}] Slack signature verified successfully`)
+    }
+  }
+
   // Provider-specific verification (utils may return a response for some providers)
   const providerVerification = verifyProviderWebhook(foundWebhook, request, requestId)
   if (providerVerification) {