Created
January 30, 2024 18:32
-
-
Save remy727/9f207fb2cfa604d325b2850a708c1701 to your computer and use it in GitHub Desktop.
App Proxy Verification
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| module AppProxyVerification | |
| extend ActiveSupport::Concern | |
| included do | |
| skip_before_action :verify_authenticity_token, raise: false | |
| before_action :verify_request | |
| end | |
| private | |
| def verify_request | |
| query_parameters = Rack::Utils.parse_query(request.query_string) | |
| return head(:unauthorized) unless hmac_valid?(query_parameters) | |
| end | |
| def hmac_valid?(query_parameters) | |
| signature = query_parameters.delete("signature") | |
| sorted_params = query_parameters.collect{ |k, v| "#{k}=#{Array(v).join(',')}" }.sort.join | |
| ActiveSupport::SecurityUtils.secure_compare( | |
| signature, | |
| OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new('sha256'), ENV['SHOPIFY_API_SECRET'], sorted_params) | |
| ) | |
| end | |
| end | |
| class Api::ReviewsController < ApplicationController | |
| include AppProxyVerification | |
| def create | |
| # do your work | |
| render(json: { success: true }, status: 200) | |
| end | |
| end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment