Sha256: 493fb4d1913e905ab1246fdb726912f2535d9534d3a65b70a4cad67454846d4d

Contents?: true

Size: 752 Bytes

Versions: 4

Compression:

Stored size: 752 Bytes

Contents

module ShopifyApp
  module WebhooksController
    extend ActiveSupport::Concern

    included do
      skip_before_action :verify_authenticity_token
      before_action :verify_request
    end

    private

    def verify_request
      request.body.rewind
      data = request.body.read

      unless validate_hmac(ShopifyApp.configuration.secret, data)
        head :unauthorized
      end
    end

    def validate_hmac(secret, data)
      digest  = OpenSSL::Digest.new('sha256')
      shopify_hmac == Base64.encode64(OpenSSL::HMAC.digest(digest, secret, data)).strip
    end

    def shop_domain
      request.headers['HTTP_X_SHOPIFY_SHOP_DOMAIN']
    end

    def shopify_hmac
      request.headers['HTTP_X_SHOPIFY_HMAC_SHA256']
    end

  end
end

Version data entries

4 entries across 4 versions & 1 rubygems

Version Path
shopify_app-6.4.2 lib/shopify_app/webhooks_controller.rb
shopify_app-6.4.1 lib/shopify_app/webhooks_controller.rb
shopify_app-6.4.0 lib/shopify_app/webhooks_controller.rb
shopify_app-6.3.0 lib/shopify_app/webhooks_controller.rb