Sha256: e9c2f5dcc1fd58d5c8dff6f0fc929d21f931e4279ea87acd5264d861ac7e922e

Contents?: true

Size: 1.9 KB

Versions: 4

Compression:

Stored size: 1.9 KB

Contents

module ShopifyAPI
  
  class Session
    cattr_accessor :api_key
    cattr_accessor :secret
    cattr_accessor :protocol 
    self.protocol = 'https'

    attr_accessor :url, :token, :name
    
    class << self
    
      def setup(params)
        params.each { |k,value| send("#{k}=", value) }
      end
      
      def temp(domain, token, &block)
        session = new(domain, token)
        begin
          original_domain  = URI.parse(ShopifyAPI::Base.site.to_s).host
        rescue URI::InvalidURIError
        end
        original_token   = ShopifyAPI::Base.headers['X-Shopify-Access-Token']
        original_session = new(original_domain, original_token)

        begin
          ShopifyAPI::Base.activate_session(session)
          yield
        ensure
          ShopifyAPI::Base.activate_session(original_session)
        end
      end
      
      def prepare_url(url)
        return nil if url.blank?
        url.gsub!(/https?:\/\//, '')                            # remove http:// or https://
        url.concat(".myshopify.com") unless url.include?('.')   # extend url to myshopify.com if no host is given
      end

      def validate_signature(params)
        return false unless signature = params[:signature]

        sorted_params = params.except(:signature, :action, :controller).collect{|k,v|"#{k}=#{v}"}.sort.join
        Digest::MD5.hexdigest(secret + sorted_params) == signature
      end

    end
    
    def initialize(url, token = nil, params = nil)
      self.url, self.token = url, token
      self.class.prepare_url(self.url)

      if params
        unless self.class.validate_signature(params) && params[:timestamp].to_i > 24.hours.ago.utc.to_i
          raise "Invalid Signature: Possible malicious login" 
        end
      end
    end
    
    def shop
      Shop.current
    end

    def site
      "#{protocol}://#{url}/admin"
    end

    def valid?
      url.present? && token.present?
    end
  
  end
end

Version data entries

4 entries across 4 versions & 1 rubygems

Version Path
shopify_api-3.0.3 lib/shopify_api/session.rb
shopify_api-3.0.2 lib/shopify_api/session.rb
shopify_api-3.0.1 lib/shopify_api/session.rb
shopify_api-3.0.0 lib/shopify_api/session.rb