Sha256: 4831057cf1cee721b3f0e05f239d85f93f9b9c0fedaf719868433562b3c6e0c0

Contents?: true

Size: 600 Bytes

Versions: 3

Compression:

Stored size: 600 Bytes

Contents

# frozen_string_literal: true

class ExtensionVerificationController < ActionController::Base
  protect_from_forgery with: :null_session
  before_action :verify_request

  private

  def verify_request
    hmac_header = request.headers['HTTP_X_SHOPIFY_HMAC_SHA256']
    request_body = request.body.read
    secret = ShopifyApp.configuration.secret
    digest = OpenSSL::Digest.new('sha256')

    expected_hmac = Base64.strict_encode64(OpenSSL::HMAC.digest(digest, secret, request_body))
    head(:unauthorized) unless ActiveSupport::SecurityUtils.secure_compare(expected_hmac, hmac_header)
  end
end

Version data entries

3 entries across 3 versions & 1 rubygems

Version Path
shopify_app-11.6.0 lib/shopify_app/controllers/extension_verification_controller.rb
shopify_app-11.5.1 lib/shopify_app/controllers/extension_verification_controller.rb
shopify_app-11.5.0 lib/shopify_app/controllers/extension_verification_controller.rb