Sha256: e9c2f5dcc1fd58d5c8dff6f0fc929d21f931e4279ea87acd5264d861ac7e922e
Contents?: true
Size: 1.9 KB
Versions: 4
Compression:
Stored size: 1.9 KB
Contents
module ShopifyAPI
class Session
cattr_accessor :api_key
cattr_accessor :secret
cattr_accessor :protocol
self.protocol = 'https'
attr_accessor :url, :token, :name
class << self
def setup(params)
params.each { |k,value| send("#{k}=", value) }
end
def temp(domain, token, &block)
session = new(domain, token)
begin
original_domain = URI.parse(ShopifyAPI::Base.site.to_s).host
rescue URI::InvalidURIError
end
original_token = ShopifyAPI::Base.headers['X-Shopify-Access-Token']
original_session = new(original_domain, original_token)
begin
ShopifyAPI::Base.activate_session(session)
yield
ensure
ShopifyAPI::Base.activate_session(original_session)
end
end
def prepare_url(url)
return nil if url.blank?
url.gsub!(/https?:\/\//, '') # remove http:// or https://
url.concat(".myshopify.com") unless url.include?('.') # extend url to myshopify.com if no host is given
end
def validate_signature(params)
return false unless signature = params[:signature]
sorted_params = params.except(:signature, :action, :controller).collect{|k,v|"#{k}=#{v}"}.sort.join
Digest::MD5.hexdigest(secret + sorted_params) == signature
end
end
def initialize(url, token = nil, params = nil)
self.url, self.token = url, token
self.class.prepare_url(self.url)
if params
unless self.class.validate_signature(params) && params[:timestamp].to_i > 24.hours.ago.utc.to_i
raise "Invalid Signature: Possible malicious login"
end
end
end
def shop
Shop.current
end
def site
"#{protocol}://#{url}/admin"
end
def valid?
url.present? && token.present?
end
end
end
Version data entries
4 entries across 4 versions & 1 rubygems
| Version | Path |
|---|---|
| shopify_api-3.0.3 | lib/shopify_api/session.rb |
| shopify_api-3.0.2 | lib/shopify_api/session.rb |
| shopify_api-3.0.1 | lib/shopify_api/session.rb |
| shopify_api-3.0.0 | lib/shopify_api/session.rb |