website-backend icon indicating copy to clipboard operation
website-backend copied to clipboard
verified publisher icon Real-Dev-Squad

Update middleware to validate incoming request from Discord Service

Open joyguptaa opened this issue 8 months ago • 0 comments

Description:

The current middleware verifyDiscordBot requires an update to properly validate incoming requests from the Discord service. Right now, it partially handles this by checking the x-service-name header and verifying the token, but lacks complete validation logic specific to Discord's expected signature-based request validation (if applicable).

Proposed Changes:

  • Ensure the middleware performs complete validation of incoming requests from Discord, including:
  • Verifying the authorization header format.
  • Confirming x-service-name equals DISCORD_SERVICE.
  • If x-service-name is DISCORD_SERVICE, ensure botVerification.verifyDiscordService(token) returns a valid result and implements any additional checks Discord requires (e.g., signature verification).
  • Maintain compatibility with existing token-based validation from Cloudflare Worker (CLOUDFLARE_WORKER).
  • Improve error handling and response messages for clarity.

joyguptaa avatar Apr 29 '25 19:04 joyguptaa