shopify_gdpr 0.1.0 → 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +20 -0
- data/README.md +11 -0
- data/lib/generators/shopify_gdpr/shopify_gdpr_generator.rb +47 -0
- data/lib/shopify_gdpr/version.rb +1 -1
- data/shopify_gdpr-0.1.0.gem +0 -0
- metadata +4 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e6b9a1a5211c629e13f183a3cd8150a09548b8b6db4a18369d26f5eeeb233e5b
|
|
4
|
+
data.tar.gz: 7291ca80e68b9971b8d3c6cffe27bbeac98883b9a0191162b8fbddce1367a585
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6e3d7a4b6af6121a415ca227430ade432dc4bf7bfe73bdf925dc56759b31f9620e3e21a63416b5461d5dfae180dc0a9ad6811bd56ad6aa6aa99380a554c36ebd
|
|
7
|
+
data.tar.gz: 8967ce6d335cd92cb800ea782a9d463338d4afaee1bb5f90db9c75947e96c585e4cb966ff77cdcb36c118cd3062a39684501290dbced12dc01bdd021aa4120d0
|
data/Gemfile.lock
ADDED
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
PATH
|
|
2
|
+
remote: .
|
|
3
|
+
specs:
|
|
4
|
+
shopify_gdpr (0.1.0)
|
|
5
|
+
|
|
6
|
+
GEM
|
|
7
|
+
remote: https://rubygems.org/
|
|
8
|
+
specs:
|
|
9
|
+
rake (10.5.0)
|
|
10
|
+
|
|
11
|
+
PLATFORMS
|
|
12
|
+
ruby
|
|
13
|
+
|
|
14
|
+
DEPENDENCIES
|
|
15
|
+
bundler (~> 1.16)
|
|
16
|
+
rake (~> 10.0)
|
|
17
|
+
shopify_gdpr!
|
|
18
|
+
|
|
19
|
+
BUNDLED WITH
|
|
20
|
+
1.16.2
|
data/README.md
CHANGED
|
@@ -19,6 +19,17 @@ Or install it yourself as:
|
|
|
19
19
|
Generate the three required endpoints for Shopify's GDPR webhooks with `rails generate shopify_gdpr`
|
|
20
20
|
NOTE: shop/redact assumes use of the Shop class generated by the ShopifyAPI / ShopifyApp engines.
|
|
21
21
|
|
|
22
|
+
The three endpoints to direct webhooks at:
|
|
23
|
+
`/shop_redact`
|
|
24
|
+
`/customers_redact`
|
|
25
|
+
`/customers_data_request`
|
|
26
|
+
|
|
27
|
+
|
|
28
|
+
## Validation
|
|
29
|
+
|
|
30
|
+
Add the ShopifyApp::WebhookVerification module with the `--validate` option when running the generator.
|
|
31
|
+
This module assumes that your app has its secret API key saved to ShopifyApp.config.secret
|
|
32
|
+
|
|
22
33
|
## Development
|
|
23
34
|
|
|
24
35
|
After checking out the repo, run `bin/setup` to install dependencies. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
|
|
@@ -5,6 +5,7 @@ module ShopifyGdpr
|
|
|
5
5
|
# generates basic GDPR endpoints
|
|
6
6
|
class ShopifyGdprGenerator < Rails::Generators::Base
|
|
7
7
|
source_root File.expand_path('../templates', __FILE__)
|
|
8
|
+
class_option :validate, type: :boolean, default: false
|
|
8
9
|
def create_endpoints
|
|
9
10
|
create_file 'app/controllers/shopify_gdpr_controller.rb',
|
|
10
11
|
"class ShopifyGdprController < ActionController::Base
|
|
@@ -37,6 +38,14 @@ module ShopifyGdpr
|
|
|
37
38
|
end
|
|
38
39
|
end"
|
|
39
40
|
create_routes
|
|
41
|
+
if options.validate?
|
|
42
|
+
add_validator
|
|
43
|
+
inject_into_file 'app/controllers/shopify_gdpr_controller.rb', after: "class ShopifyGdprController < ActionController::Base\n" do
|
|
44
|
+
<<-'RUBY'
|
|
45
|
+
include ShopifyApp::WebhookVerification
|
|
46
|
+
RUBY
|
|
47
|
+
end
|
|
48
|
+
end
|
|
40
49
|
end
|
|
41
50
|
|
|
42
51
|
private
|
|
@@ -46,6 +55,44 @@ module ShopifyGdpr
|
|
|
46
55
|
route "post 'customers_redact', to: 'shopify_gdpr#customers_redact'"
|
|
47
56
|
route "post 'customers_data_request', to: 'shopify_gdpr#customers_data_request'"
|
|
48
57
|
end
|
|
58
|
+
|
|
59
|
+
def add_validator
|
|
60
|
+
create_file 'lib/webhook_verification.rb', "module ShopifyApp
|
|
61
|
+
module WebhookVerification
|
|
62
|
+
extend ActiveSupport::Concern
|
|
63
|
+
|
|
64
|
+
included do
|
|
65
|
+
skip_before_action :verify_authenticity_token, raise: false
|
|
66
|
+
before_action :verify_request
|
|
67
|
+
end
|
|
68
|
+
|
|
69
|
+
private
|
|
70
|
+
|
|
71
|
+
def verify_request
|
|
72
|
+
data = request.raw_post
|
|
73
|
+
return head :unauthorized unless hmac_valid?(data)
|
|
74
|
+
end
|
|
75
|
+
|
|
76
|
+
def hmac_valid?(data)
|
|
77
|
+
secret = ShopifyApp.configuration.secret
|
|
78
|
+
digest = OpenSSL::Digest.new('sha256')
|
|
79
|
+
ActiveSupport::SecurityUtils.secure_compare(
|
|
80
|
+
shopify_hmac,
|
|
81
|
+
Base64.encode64(OpenSSL::HMAC.digest(digest, secret, data)).strip
|
|
82
|
+
)
|
|
83
|
+
end
|
|
84
|
+
|
|
85
|
+
def shop_domain
|
|
86
|
+
request.headers['HTTP_X_SHOPIFY_SHOP_DOMAIN']
|
|
87
|
+
end
|
|
88
|
+
|
|
89
|
+
def shopify_hmac
|
|
90
|
+
request.headers['HTTP_X_SHOPIFY_HMAC_SHA256']
|
|
91
|
+
end
|
|
92
|
+
end
|
|
93
|
+
end
|
|
94
|
+
"
|
|
95
|
+
end
|
|
49
96
|
end
|
|
50
97
|
end
|
|
51
98
|
end
|
data/lib/shopify_gdpr/version.rb
CHANGED
|
Binary file
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: shopify_gdpr
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- James Dunn
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-08-
|
|
11
|
+
date: 2018-08-29 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -47,6 +47,7 @@ extra_rdoc_files: []
|
|
|
47
47
|
files:
|
|
48
48
|
- ".gitignore"
|
|
49
49
|
- Gemfile
|
|
50
|
+
- Gemfile.lock
|
|
50
51
|
- LICENSE.txt
|
|
51
52
|
- README.md
|
|
52
53
|
- Rakefile
|
|
@@ -55,6 +56,7 @@ files:
|
|
|
55
56
|
- lib/generators/shopify_gdpr/shopify_gdpr_generator.rb
|
|
56
57
|
- lib/shopify_gdpr.rb
|
|
57
58
|
- lib/shopify_gdpr/version.rb
|
|
59
|
+
- shopify_gdpr-0.1.0.gem
|
|
58
60
|
- shopify_gdpr.gemspec
|
|
59
61
|
homepage: https://github.com/jdgc/shopify_gdpr
|
|
60
62
|
licenses:
|