Sha256: 55c1bbe3311ce9a3a23bd54b17ca656e0845ad437263b74284ab332e2fbb837e
Contents?: true
Size: 919 Bytes
Versions: 3
Compression:
Stored size: 919 Bytes
Contents
module ShopifyApp
module WebhookVerification
extend ActiveSupport::Concern
included do
if Rails.version >= '5.0'
skip_before_action :verify_authenticity_token, raise: false
else
skip_before_action :verify_authenticity_token
end
before_action :verify_request
end
private
def verify_request
data = request.raw_post
return head :unauthorized unless hmac_valid?(data)
end
def hmac_valid?(data)
secret = ShopifyApp.configuration.secret
digest = OpenSSL::Digest.new('sha256')
ActiveSupport::SecurityUtils.variable_size_secure_compare(
shopify_hmac,
Base64.encode64(OpenSSL::HMAC.digest(digest, secret, data)).strip
)
end
def shop_domain
request.headers['HTTP_X_SHOPIFY_SHOP_DOMAIN']
end
def shopify_hmac
request.headers['HTTP_X_SHOPIFY_HMAC_SHA256']
end
end
end
Version data entries
3 entries across 3 versions & 1 rubygems
| Version | Path |
|---|---|
| shopify_app-7.2.0 | lib/shopify_app/webhook_verification.rb |
| shopify_app-7.1.1 | lib/shopify_app/webhook_verification.rb |
| shopify_app-7.1.0 | lib/shopify_app/webhook_verification.rb |