shopify_gdpr 0.1.0 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile.lock +20 -0
- data/README.md +11 -0
- data/lib/generators/shopify_gdpr/shopify_gdpr_generator.rb +47 -0
- data/lib/shopify_gdpr/version.rb +1 -1
- data/shopify_gdpr-0.1.0.gem +0 -0
- metadata +4 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e6b9a1a5211c629e13f183a3cd8150a09548b8b6db4a18369d26f5eeeb233e5b
|
|
4
|
+
data.tar.gz: 7291ca80e68b9971b8d3c6cffe27bbeac98883b9a0191162b8fbddce1367a585
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6e3d7a4b6af6121a415ca227430ade432dc4bf7bfe73bdf925dc56759b31f9620e3e21a63416b5461d5dfae180dc0a9ad6811bd56ad6aa6aa99380a554c36ebd
|
|
7
|
+
data.tar.gz: 8967ce6d335cd92cb800ea782a9d463338d4afaee1bb5f90db9c75947e96c585e4cb966ff77cdcb36c118cd3062a39684501290dbced12dc01bdd021aa4120d0
|
data/Gemfile.lock
ADDED
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
PATH
|
|
2
|
+
remote: .
|
|
3
|
+
specs:
|
|
4
|
+
shopify_gdpr (0.1.0)
|
|
5
|
+
|
|
6
|
+
GEM
|
|
7
|
+
remote: https://rubygems.org/
|
|
8
|
+
specs:
|
|
9
|
+
rake (10.5.0)
|
|
10
|
+
|
|
11
|
+
PLATFORMS
|
|
12
|
+
ruby
|
|
13
|
+
|
|
14
|
+
DEPENDENCIES
|
|
15
|
+
bundler (~> 1.16)
|
|
16
|
+
rake (~> 10.0)
|
|
17
|
+
shopify_gdpr!
|
|
18
|
+
|
|
19
|
+
BUNDLED WITH
|
|
20
|
+
1.16.2
|
data/README.md
CHANGED
|
@@ -19,6 +19,17 @@ Or install it yourself as:
|
|
|
19
19
|
Generate the three required endpoints for Shopify's GDPR webhooks with `rails generate shopify_gdpr`
|
|
20
20
|
NOTE: shop/redact assumes use of the Shop class generated by the ShopifyAPI / ShopifyApp engines.
|
|
21
21
|
|
|
22
|
+
The three endpoints to direct webhooks at:
|
|
23
|
+
`/shop_redact`
|
|
24
|
+
`/customers_redact`
|
|
25
|
+
`/customers_data_request`
|
|
26
|
+
|
|
27
|
+
|
|
28
|
+
## Validation
|
|
29
|
+
|
|
30
|
+
Add the ShopifyApp::WebhookVerification module with the `--validate` option when running the generator.
|
|
31
|
+
This module assumes that your app has its secret API key saved to ShopifyApp.config.secret
|
|
32
|
+
|
|
22
33
|
## Development
|
|
23
34
|
|
|
24
35
|
After checking out the repo, run `bin/setup` to install dependencies. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
|
|
@@ -5,6 +5,7 @@ module ShopifyGdpr
|
|
|
5
5
|
# generates basic GDPR endpoints
|
|
6
6
|
class ShopifyGdprGenerator < Rails::Generators::Base
|
|
7
7
|
source_root File.expand_path('../templates', __FILE__)
|
|
8
|
+
class_option :validate, type: :boolean, default: false
|
|
8
9
|
def create_endpoints
|
|
9
10
|
create_file 'app/controllers/shopify_gdpr_controller.rb',
|
|
10
11
|
"class ShopifyGdprController < ActionController::Base
|
|
@@ -37,6 +38,14 @@ module ShopifyGdpr
|
|
|
37
38
|
end
|
|
38
39
|
end"
|
|
39
40
|
create_routes
|
|
41
|
+
if options.validate?
|
|
42
|
+
add_validator
|
|
43
|
+
inject_into_file 'app/controllers/shopify_gdpr_controller.rb', after: "class ShopifyGdprController < ActionController::Base\n" do
|
|
44
|
+
<<-'RUBY'
|
|
45
|
+
include ShopifyApp::WebhookVerification
|
|
46
|
+
RUBY
|
|
47
|
+
end
|
|
48
|
+
end
|
|
40
49
|
end
|
|
41
50
|
|
|
42
51
|
private
|
|
@@ -46,6 +55,44 @@ module ShopifyGdpr
|
|
|
46
55
|
route "post 'customers_redact', to: 'shopify_gdpr#customers_redact'"
|
|
47
56
|
route "post 'customers_data_request', to: 'shopify_gdpr#customers_data_request'"
|
|
48
57
|
end
|
|
58
|
+
|
|
59
|
+
def add_validator
|
|
60
|
+
create_file 'lib/webhook_verification.rb', "module ShopifyApp
|
|
61
|
+
module WebhookVerification
|
|
62
|
+
extend ActiveSupport::Concern
|
|
63
|
+
|
|
64
|
+
included do
|
|
65
|
+
skip_before_action :verify_authenticity_token, raise: false
|
|
66
|
+
before_action :verify_request
|
|
67
|
+
end
|
|
68
|
+
|
|
69
|
+
private
|
|
70
|
+
|
|
71
|
+
def verify_request
|
|
72
|
+
data = request.raw_post
|
|
73
|
+
return head :unauthorized unless hmac_valid?(data)
|
|
74
|
+
end
|
|
75
|
+
|
|
76
|
+
def hmac_valid?(data)
|
|
77
|
+
secret = ShopifyApp.configuration.secret
|
|
78
|
+
digest = OpenSSL::Digest.new('sha256')
|
|
79
|
+
ActiveSupport::SecurityUtils.secure_compare(
|
|
80
|
+
shopify_hmac,
|
|
81
|
+
Base64.encode64(OpenSSL::HMAC.digest(digest, secret, data)).strip
|
|
82
|
+
)
|
|
83
|
+
end
|
|
84
|
+
|
|
85
|
+
def shop_domain
|
|
86
|
+
request.headers['HTTP_X_SHOPIFY_SHOP_DOMAIN']
|
|
87
|
+
end
|
|
88
|
+
|
|
89
|
+
def shopify_hmac
|
|
90
|
+
request.headers['HTTP_X_SHOPIFY_HMAC_SHA256']
|
|
91
|
+
end
|
|
92
|
+
end
|
|
93
|
+
end
|
|
94
|
+
"
|
|
95
|
+
end
|
|
49
96
|
end
|
|
50
97
|
end
|
|
51
98
|
end
|
data/lib/shopify_gdpr/version.rb
CHANGED
|
Binary file
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: shopify_gdpr
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- James Dunn
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-08-
|
|
11
|
+
date: 2018-08-29 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -47,6 +47,7 @@ extra_rdoc_files: []
|
|
|
47
47
|
files:
|
|
48
48
|
- ".gitignore"
|
|
49
49
|
- Gemfile
|
|
50
|
+
- Gemfile.lock
|
|
50
51
|
- LICENSE.txt
|
|
51
52
|
- README.md
|
|
52
53
|
- Rakefile
|
|
@@ -55,6 +56,7 @@ files:
|
|
|
55
56
|
- lib/generators/shopify_gdpr/shopify_gdpr_generator.rb
|
|
56
57
|
- lib/shopify_gdpr.rb
|
|
57
58
|
- lib/shopify_gdpr/version.rb
|
|
59
|
+
- shopify_gdpr-0.1.0.gem
|
|
58
60
|
- shopify_gdpr.gemspec
|
|
59
61
|
homepage: https://github.com/jdgc/shopify_gdpr
|
|
60
62
|
licenses:
|