Sha256: a3685f1220e0b4654f4fc4e5ce0bddbe2e8cfa08642a88a1d4516e26f27a98c0

Contents?: true

Size: 1018 Bytes

Versions: 43

Compression:

Stored size: 1018 Bytes

Contents

# frozen_string_literal: true
module ShopifyApp
  module AppProxyVerification
    extend ActiveSupport::Concern
    included do
      skip_before_action :verify_authenticity_token, raise: false
      before_action :verify_proxy_request
    end

    def verify_proxy_request
      return head(:forbidden) unless query_string_valid?(request.query_string)
    end

    private

    def query_string_valid?(query_string)
      query_hash = Rack::Utils.parse_query(query_string)

      signature = query_hash.delete('signature')
      return false if signature.nil?

      ActiveSupport::SecurityUtils.secure_compare(
        calculated_signature(query_hash),
        signature
      )
    end

    def calculated_signature(query_hash_without_signature)
      sorted_params = query_hash_without_signature.collect { |k, v| "#{k}=#{Array(v).join(',')}" }.sort.join

      OpenSSL::HMAC.hexdigest(
        OpenSSL::Digest.new('sha256'),
        ShopifyApp.configuration.secret,
        sorted_params
      )
    end
  end
end

Version data entries

43 entries across 43 versions & 2 rubygems

Version Path
ruby_shopify_app-1.3.3 lib/ruby_shopify_app/controller_concerns/app_proxy_verification.rb
ruby_shopify_app-1.3.2 lib/ruby_shopify_app/controller_concerns/app_proxy_verification.rb
ruby_shopify_app-1.3.1 lib/ruby_shopify_app/controller_concerns/app_proxy_verification.rb
ruby_shopify_app-1.3.0 lib/ruby_shopify_app/controller_concerns/app_proxy_verification.rb
ruby_shopify_app-1.2.0 lib/ruby_shopify_app/controller_concerns/app_proxy_verification.rb
ruby_shopify_app-1.1.0 lib/ruby_shopify_app/controller_concerns/app_proxy_verification.rb
ruby_shopify_app-1.0.0 lib/shopify_app/controller_concerns/app_proxy_verification.rb
shopify_app-18.1.3 lib/shopify_app/controller_concerns/app_proxy_verification.rb
shopify_app-18.1.2 lib/shopify_app/controller_concerns/app_proxy_verification.rb
shopify_app-18.1.1 lib/shopify_app/controller_concerns/app_proxy_verification.rb
shopify_app-18.1.0 lib/shopify_app/controller_concerns/app_proxy_verification.rb
shopify_app-18.0.4 lib/shopify_app/controller_concerns/app_proxy_verification.rb
shopify_app-18.0.3 lib/shopify_app/controller_concerns/app_proxy_verification.rb
shopify_app-18.0.2 lib/shopify_app/controller_concerns/app_proxy_verification.rb
shopify_app-18.0.1 lib/shopify_app/controller_concerns/app_proxy_verification.rb
shopify_app-18.0.0 lib/shopify_app/controller_concerns/app_proxy_verification.rb
shopify_app-17.2.1 lib/shopify_app/controller_concerns/app_proxy_verification.rb
shopify_app-17.2.0 lib/shopify_app/controller_concerns/app_proxy_verification.rb
shopify_app-17.1.1 lib/shopify_app/controller_concerns/app_proxy_verification.rb
shopify_app-17.1.0 lib/shopify_app/controller_concerns/app_proxy_verification.rb