Contents

# frozen_string_literal: true

module ShopifyApp
  class ExtensionVerificationController < ActionController::Base
    protect_from_forgery with: :null_session
    before_action :verify_request

    private

    def verify_request
      hmac_header = request.headers['HTTP_X_SHOPIFY_HMAC_SHA256']
      request_body = request.body.read
      secret = ShopifyApp.configuration.secret
      digest = OpenSSL::Digest.new('sha256')

      expected_hmac = Base64.strict_encode64(OpenSSL::HMAC.digest(digest, secret, request_body))
      head(:unauthorized) unless ActiveSupport::SecurityUtils.secure_compare(expected_hmac, hmac_header)
    end
  end
end

Version data entries

15 entries across 15 versions & 1 rubygems

Version	Path
shopify_app-13.2.0	app/controllers/shopify_app/extension_verification_controller.rb
shopify_app-13.1.1	app/controllers/shopify_app/extension_verification_controller.rb
shopify_app-13.1.0	app/controllers/shopify_app/extension_verification_controller.rb
shopify_app-13.0.1	app/controllers/shopify_app/extension_verification_controller.rb
shopify_app-13.0.0	app/controllers/shopify_app/extension_verification_controller.rb
shopify_app-12.0.7	app/controllers/shopify_app/extension_verification_controller.rb
shopify_app-12.0.6	app/controllers/shopify_app/extension_verification_controller.rb
shopify_app-12.0.5	app/controllers/shopify_app/extension_verification_controller.rb
shopify_app-12.0.4	app/controllers/shopify_app/extension_verification_controller.rb
shopify_app-12.0.3	app/controllers/shopify_app/extension_verification_controller.rb
shopify_app-12.0.2	app/controllers/shopify_app/extension_verification_controller.rb
shopify_app-12.0.1	app/controllers/shopify_app/extension_verification_controller.rb
shopify_app-12.0.0	app/controllers/shopify_app/extension_verification_controller.rb
shopify_app-11.7.1	app/controllers/shopify_app/extension_verification_controller.rb
shopify_app-11.7.0	app/controllers/shopify_app/extension_verification_controller.rb