Sha256: 0766150dd2967c3394bc2fbc960f62bce700899634476e9024d71c3aea616ce2

Contents?: true

Size: 937 Bytes

Versions: 4

Compression:

Stored size: 937 Bytes

Contents

# frozen_string_literal: true
module ShopifyApp
  module WebhookVerification
    extend ActiveSupport::Concern

    included do
      skip_before_action :verify_authenticity_token, raise: false
      before_action :verify_request
    end

    private

    def verify_request
      data = request.raw_post
      return head(:unauthorized) unless hmac_valid?(data)
    end

    def hmac_valid?(data)
      secrets = [ShopifyApp.configuration.secret, ShopifyApp.configuration.old_secret].reject(&:blank?)

      secrets.any? do |secret|
        digest = OpenSSL::Digest.new('sha256')

        ActiveSupport::SecurityUtils.secure_compare(
          shopify_hmac,
          Base64.strict_encode64(OpenSSL::HMAC.digest(digest, secret, data))
        )
      end
    end

    def shop_domain
      request.headers['HTTP_X_SHOPIFY_SHOP_DOMAIN']
    end

    def shopify_hmac
      request.headers['HTTP_X_SHOPIFY_HMAC_SHA256']
    end
  end
end

Version data entries

4 entries across 4 versions & 1 rubygems

Version Path
shopify_app-13.2.0 lib/shopify_app/controller_concerns/webhook_verification.rb
shopify_app-13.1.1 lib/shopify_app/controller_concerns/webhook_verification.rb
shopify_app-13.1.0 lib/shopify_app/controller_concerns/webhook_verification.rb
shopify_app-13.0.1 lib/shopify_app/controller_concerns/webhook_verification.rb