Sha256: 3e3bb5d3385f8a8fdfb1d3402002d191f4b3e8c45ac0fcac6aab2f4214cca022

Contents?: true

Size: 777 Bytes

Versions: 7

Compression:

Stored size: 777 Bytes

Contents

module DiscoApp
  module CarrierRequestController
    extend ActiveSupport::Concern

    included do
      before_action :verify_carrier_request_signature
    end

    private

      def verify_carrier_request_signature
        unless carrier_request_signature_is_valid?
          head :unauthorized
        end
      end

      def carrier_request_signature_is_valid?
        return true unless Rails.env.production?
        data = request.body.read.to_s
        hmac_header = request.headers['HTTP_X_SHOPIFY_HMAC_SHA256']
        digest  = OpenSSL::Digest.new('sha256')
        calculated_hmac = Base64.encode64(OpenSSL::HMAC.digest(digest, ShopifyApp.configuration.secret, data)).strip
        request.body.rewind
        calculated_hmac == hmac_header
      end

  end
end

Version data entries

7 entries across 7 versions & 1 rubygems

Version Path
disco_app-0.7.0 app/controllers/disco_app/carrier_request_controller.rb
disco_app-0.7.1 app/controllers/disco_app/carrier_request_controller.rb
disco_app-0.7.2 app/controllers/disco_app/carrier_request_controller.rb
disco_app-0.8.0 app/controllers/disco_app/carrier_request_controller.rb
disco_app-0.8.1 app/controllers/disco_app/carrier_request_controller.rb
disco_app-0.8.2 app/controllers/disco_app/carrier_request_controller.rb
disco_app-0.8.3 app/controllers/disco_app/carrier_request_controller.rb