shopify_app 7.0.9 → 7.0.10
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +42 -0
- data/images/app-proxy-screenshot.png +0 -0
- data/lib/shopify_app.rb +1 -0
- data/lib/shopify_app/app_proxy_verification.rb +38 -0
- data/lib/shopify_app/version.rb +1 -1
- data/shopify_app.gemspec +1 -1
- metadata +4 -8
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1d6309c0a72b84c1a7643960b79466c21b9ab04c
|
|
4
|
+
data.tar.gz: 79097e759876a3fcff79093b51796ba8d7d47266
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 405f3a3afadb611f2d160a94756061873b4bf324aadc32e0405eaf380818291d886b03455e37e28dc3295d90edb8b3dc7fe3aa1ade85429ff0d43d84df2e18dc
|
|
7
|
+
data.tar.gz: d113dc8aa5e61eef97f79ad8cbc5f7e5bb23e2bd48cd5c3dcd38e64752970013a56afe216b9feb7d334806aaa5838b70f7d0166f6ea25ce2a77afca2b68b74a3
|
data/README.md
CHANGED
|
@@ -202,6 +202,48 @@ AuthenticatedController
|
|
|
202
202
|
|
|
203
203
|
The engine includes a controller called `ShopifyApp::AuthenticatedController` which inherits from `ApplicationController`. It adds some before_filters which ensure the user is authenticated and will redirect to the login page if not. It is best practice to have all controllers that belong to the Shopify part of your app inherit from this controller. The HomeController that is generated already inherits from AuthenticatedController.
|
|
204
204
|
|
|
205
|
+
AppProxyVerification
|
|
206
|
+
--------------------
|
|
207
|
+
|
|
208
|
+
The engine provides a mixin for verifying incoming HTTP requests sent via an App Proxy. Any controller that `include`s `ShopifyApp::AppProxyVerification` will verify that each request has a valid `signature` query parameter that is calculated using the other query parameters and the app's shared secret.
|
|
209
|
+
|
|
210
|
+
### Recommended Usage
|
|
211
|
+
|
|
212
|
+
1. Use the `namespace` method to create app proxy routes
|
|
213
|
+
```ruby
|
|
214
|
+
# config/routes.rb
|
|
215
|
+
namespace :app_proxy do
|
|
216
|
+
# simple routes without a specified controller will go to AppProxyController
|
|
217
|
+
get :basic
|
|
218
|
+
|
|
219
|
+
# more complex routes will go to controllers in the AppProxy namespace
|
|
220
|
+
resources :reviews
|
|
221
|
+
# GET /app_proxy/reviews will now be routed to
|
|
222
|
+
# AppProxy::ReviewsController#index, for example
|
|
223
|
+
end
|
|
224
|
+
```
|
|
225
|
+
|
|
226
|
+
2. `include` the mixin in your app proxy controllers
|
|
227
|
+
```ruby
|
|
228
|
+
# app/controllers/app_proxy_controller.rb
|
|
229
|
+
class AppProxyController < ApplicationController
|
|
230
|
+
include ShopifyApp::AppProxyVerification
|
|
231
|
+
|
|
232
|
+
def basic
|
|
233
|
+
render text: 'Signature verification passed!'
|
|
234
|
+
end
|
|
235
|
+
end
|
|
236
|
+
|
|
237
|
+
# app/controllers/app_proxy/reviews_controller.rb
|
|
238
|
+
class ReviewsController < ApplicationController
|
|
239
|
+
include ShopifyApp::AppProxyVerification
|
|
240
|
+
# ...
|
|
241
|
+
end
|
|
242
|
+
```
|
|
243
|
+
|
|
244
|
+
3. Create your app proxy url in the [Shopify Partners' Dashboard](https://app.shopify.com/services/partners/api_clients), making sure to point it to `https://your_app_website.com/app_proxy`.
|
|
245
|
+
|
|
246
|
+
|
|
205
247
|
Troubleshooting
|
|
206
248
|
---------------
|
|
207
249
|
|
|
Binary file
|
data/lib/shopify_app.rb
CHANGED
|
@@ -22,6 +22,7 @@ require 'shopify_app/login_protection'
|
|
|
22
22
|
require 'shopify_app/webhooks_manager'
|
|
23
23
|
require 'shopify_app/scripttags_manager'
|
|
24
24
|
require 'shopify_app/webhook_verification'
|
|
25
|
+
require 'shopify_app/app_proxy_verification'
|
|
25
26
|
require 'shopify_app/utils'
|
|
26
27
|
|
|
27
28
|
# session repository
|
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
module ShopifyApp
|
|
2
|
+
module AppProxyVerification
|
|
3
|
+
extend ActiveSupport::Concern
|
|
4
|
+
|
|
5
|
+
included do
|
|
6
|
+
skip_before_action :verify_authenticity_token
|
|
7
|
+
before_action :verify_proxy_request
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
def verify_proxy_request
|
|
11
|
+
return head :unauthorized unless query_string_valid?(request.query_string)
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
private
|
|
15
|
+
|
|
16
|
+
def query_string_valid?(query_string)
|
|
17
|
+
query_hash = Rack::Utils.parse_query(query_string)
|
|
18
|
+
|
|
19
|
+
signature = query_hash.delete('signature')
|
|
20
|
+
return false if signature.nil?
|
|
21
|
+
|
|
22
|
+
ActiveSupport::SecurityUtils.secure_compare(
|
|
23
|
+
calculated_signature(query_hash),
|
|
24
|
+
signature
|
|
25
|
+
)
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
def calculated_signature(query_hash_without_signature)
|
|
29
|
+
sorted_params = query_hash_without_signature.collect{|k,v| "#{k}=#{Array(v).join(',')}"}.sort.join
|
|
30
|
+
|
|
31
|
+
OpenSSL::HMAC.hexdigest(
|
|
32
|
+
OpenSSL::Digest.new('sha256'),
|
|
33
|
+
ShopifyApp.configuration.secret,
|
|
34
|
+
sorted_params
|
|
35
|
+
)
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
end
|
data/lib/shopify_app/version.rb
CHANGED
data/shopify_app.gemspec
CHANGED
|
@@ -8,7 +8,7 @@ Gem::Specification.new do |s|
|
|
|
8
8
|
s.author = "Shopify"
|
|
9
9
|
s.summary = %q{This gem is used to get quickly started with the Shopify API}
|
|
10
10
|
|
|
11
|
-
s.add_dependency('rails', '>= 4.2.6'
|
|
11
|
+
s.add_dependency('rails', '>= 4.2.6')
|
|
12
12
|
|
|
13
13
|
s.add_runtime_dependency('shopify_api', '~> 4.2')
|
|
14
14
|
s.add_runtime_dependency('omniauth-shopify-oauth2', '~> 1.1.11')
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: shopify_app
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 7.0.
|
|
4
|
+
version: 7.0.10
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Shopify
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2016-06
|
|
11
|
+
date: 2016-07-06 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|
|
@@ -17,9 +17,6 @@ dependencies:
|
|
|
17
17
|
- - ">="
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
19
|
version: 4.2.6
|
|
20
|
-
- - "<"
|
|
21
|
-
- !ruby/object:Gem::Version
|
|
22
|
-
version: '5.0'
|
|
23
20
|
type: :runtime
|
|
24
21
|
prerelease: false
|
|
25
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
@@ -27,9 +24,6 @@ dependencies:
|
|
|
27
24
|
- - ">="
|
|
28
25
|
- !ruby/object:Gem::Version
|
|
29
26
|
version: 4.2.6
|
|
30
|
-
- - "<"
|
|
31
|
-
- !ruby/object:Gem::Version
|
|
32
|
-
version: '5.0'
|
|
33
27
|
- !ruby/object:Gem::Dependency
|
|
34
28
|
name: shopify_api
|
|
35
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -151,6 +145,7 @@ files:
|
|
|
151
145
|
- config/locales/en.yml
|
|
152
146
|
- config/locales/es.yml
|
|
153
147
|
- config/routes.rb
|
|
148
|
+
- images/app-proxy-screenshot.png
|
|
154
149
|
- lib/generators/shopify_app/add_webhook/add_webhook_generator.rb
|
|
155
150
|
- lib/generators/shopify_app/add_webhook/templates/webhook_job.rb
|
|
156
151
|
- lib/generators/shopify_app/controllers/controllers_generator.rb
|
|
@@ -175,6 +170,7 @@ files:
|
|
|
175
170
|
- lib/generators/shopify_app/shopify_app_generator.rb
|
|
176
171
|
- lib/generators/shopify_app/views/views_generator.rb
|
|
177
172
|
- lib/shopify_app.rb
|
|
173
|
+
- lib/shopify_app/app_proxy_verification.rb
|
|
178
174
|
- lib/shopify_app/configuration.rb
|
|
179
175
|
- lib/shopify_app/engine.rb
|
|
180
176
|
- lib/shopify_app/in_memory_session_store.rb
|