Sha256: 73919580f1f14f5236d79fa645a592340ce0be3da7567c9daf328445dfe25d2e

Contents?: true

Size: 928 Bytes

Versions: 3

Compression:

Stored size: 928 Bytes

Contents

module DiscoApp
  module AppProxyController
    extend ActiveSupport::Concern

    included do
      before_action :verify_proxy_signature
      after_action :add_liquid_header
    end

    private

      def verify_proxy_signature
        unless proxy_signature_is_valid?
          head :unauthorized
        end
      end

      def proxy_signature_is_valid?
        return true unless Rails.env.production?
        query_hash = Rack::Utils.parse_query(request.query_string)
        signature = query_hash.delete("signature")
        sorted_params = query_hash.collect{ |k, v| "#{k}=#{Array(v).join(',')}" }.sort.join
        calculated_signature = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new('sha256'), ShopifyApp.configuration.secret, sorted_params)
        signature == calculated_signature
      end

      def add_liquid_header
        response.headers['Content-Type'] = 'application/liquid'
      end

  end
end

Version data entries

3 entries across 3 versions & 1 rubygems

Version Path
disco_app-0.3.0 app/controllers/disco_app/app_proxy_controller.rb
disco_app-0.4.0 app/controllers/disco_app/app_proxy_controller.rb
disco_app-0.4.1 app/controllers/disco_app/app_proxy_controller.rb