Sha256: fc3a69af8ef5c96abcc39a3055c342d593fc1933c947cc28b8b19f26e05d929b

Contents?: true

Size: 1.01 KB

Versions: 5

Compression:

Stored size: 1.01 KB

Contents

module DiscoApp
  module Flow
    module Concerns
      module VerifiesFlowPayload

        extend ActiveSupport::Concern

        included do
          before_action :verify_flow_payload
          before_action :find_shop
          protect_from_forgery with: :null_session
        end

        private

          def verify_flow_payload
            return head :unauthorized unless flow_payload_is_valid?

            request.body.rewind
          end

          # Shopify Flow action and trigger usage update endpoints use the same
          # verification as webhooks, which is why we reuse this service method here.
          def flow_payload_is_valid?
            DiscoApp::WebhookService.valid_hmac?(
              request.body.read.to_s,
              ShopifyApp.configuration.secret,
              request.headers['HTTP_X_SHOPIFY_HMAC_SHA256']
            )
          end

          def find_shop
            @shop = DiscoApp::Shop.find_by!(shopify_domain: params[:shopify_domain])
          end

      end
    end
  end
end

Version data entries

5 entries across 5 versions & 1 rubygems

Version Path
disco_app-0.18.2 app/controllers/disco_app/flow/concerns/verifies_flow_payload.rb
disco_app-0.18.3 app/controllers/disco_app/flow/concerns/verifies_flow_payload.rb
disco_app-0.18.6 app/controllers/disco_app/flow/concerns/verifies_flow_payload.rb
disco_app-0.18.4 app/controllers/disco_app/flow/concerns/verifies_flow_payload.rb
disco_app-0.18.1 app/controllers/disco_app/flow/concerns/verifies_flow_payload.rb