diff --git a/src/main/java/au/com/royalpay/payment/manage/shopify/auth/domain/service/ShopifyAuthService.java b/src/main/java/au/com/royalpay/payment/manage/shopify/auth/domain/service/ShopifyAuthService.java index ad99f0971..56bfbbfb3 100644 --- a/src/main/java/au/com/royalpay/payment/manage/shopify/auth/domain/service/ShopifyAuthService.java +++ b/src/main/java/au/com/royalpay/payment/manage/shopify/auth/domain/service/ShopifyAuthService.java @@ -43,7 +43,7 @@ public class ShopifyAuthService { private StringRedisTemplate stringRedisTemplate; public ShopifyPermissionURL shopifyPermission(String shopifyStoreHost) { - String redirectUri = PlatformEnvironment.getEnv().concatUrl("/auth.html"); + String redirectUri = PlatformEnvironment.getEnv().concatUrl("/shopify/auth/back"); String state = String.valueOf(new Date().getTime()).substring(0,10); diff --git a/src/main/java/au/com/royalpay/payment/manage/shopify/auth/web/ShopifyAuthController.java b/src/main/java/au/com/royalpay/payment/manage/shopify/auth/web/ShopifyAuthController.java index 516a155c0..745dff1f6 100644 --- a/src/main/java/au/com/royalpay/payment/manage/shopify/auth/web/ShopifyAuthController.java +++ b/src/main/java/au/com/royalpay/payment/manage/shopify/auth/web/ShopifyAuthController.java @@ -1,14 +1,9 @@ package au.com.royalpay.payment.manage.shopify.auth.web; -import au.com.royalpay.payment.manage.shopify.auth.domain.ShopifyRequestVerifyException; import au.com.royalpay.payment.manage.shopify.auth.domain.application.ShopifyMerchantAuthApplication; import au.com.royalpay.payment.manage.shopify.auth.domain.entity.ShopifyAccessToken; -import au.com.royalpay.payment.manage.shopify.auth.domain.service.ShopifyRequestValidator; import au.com.royalpay.payment.manage.shopify.auth.web.command.ShopifyPermissionRequest; -import au.com.royalpay.payment.manage.shopify.auth.web.command.ShopifyVerifyRequest; -import com.alibaba.fastjson.JSONObject; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.data.redis.core.StringRedisTemplate; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; @@ -26,31 +21,6 @@ public class ShopifyAuthController { @Autowired private ShopifyMerchantAuthApplication shopifyMerchantAuthApplication; - @Autowired - private ShopifyRequestValidator shopifyRequestValidator; - - @Autowired - private StringRedisTemplate stringRedisTemplate; - - /** - * 校验shopify请求 - * - * @param request - * @return - */ - @PostMapping("/verify") - public JSONObject verifyRequest(@RequestBody @Valid ShopifyVerifyRequest request) { - String state = stringRedisTemplate.boundValueOps("shopifyAuthState:" + request.getShop()).get(); - if (!request.getState().equals(state)) { - throw new ShopifyRequestVerifyException("This request parameters is invalid"); - } - stringRedisTemplate.delete("shopifyAuthState:" + request.getShop()); - if (!shopifyRequestValidator.valid(request.build())) { - throw new ShopifyRequestVerifyException("This request parameters is invalid"); - } - return new JSONObject(); - } - /** * 获取shopify店铺授权URL * @@ -58,10 +28,7 @@ public class ShopifyAuthController { * @return */ @PostMapping("/install") - public ShopifyAccessToken shopifyPermission(@RequestBody @Valid ShopifyPermissionRequest request) { - if (!shopifyRequestValidator.valid(request.build())) { - throw new ShopifyRequestVerifyException("This request parameters is invalid"); - } + public ShopifyAccessToken shopifyStoreInstall(@RequestBody @Valid ShopifyPermissionRequest request) { ShopifyAccessToken shopifyAccessToken = shopifyMerchantAuthApplication.install(request); return shopifyAccessToken; } diff --git a/src/main/java/au/com/royalpay/payment/manage/shopify/auth/web/ShopifyAuthTemplateController.java b/src/main/java/au/com/royalpay/payment/manage/shopify/auth/web/ShopifyAuthTemplateController.java index 424494079..c8e61b2e3 100644 --- a/src/main/java/au/com/royalpay/payment/manage/shopify/auth/web/ShopifyAuthTemplateController.java +++ b/src/main/java/au/com/royalpay/payment/manage/shopify/auth/web/ShopifyAuthTemplateController.java @@ -2,15 +2,21 @@ package au.com.royalpay.payment.manage.shopify.auth.web; import au.com.royalpay.payment.manage.shopify.auth.domain.ShopifyRequestVerifyException; import au.com.royalpay.payment.manage.shopify.auth.domain.application.ShopifyMerchantAuthApplication; +import au.com.royalpay.payment.manage.shopify.auth.domain.entity.ShopifyCommonParameter; import au.com.royalpay.payment.manage.shopify.auth.domain.entity.ShopifyPermissionURL; import au.com.royalpay.payment.manage.shopify.auth.domain.service.ShopifyRequestValidator; +import au.com.royalpay.payment.tools.env.PlatformEnvironment; +import au.com.royalpay.payment.tools.exceptions.BadRequestException; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.data.redis.core.StringRedisTemplate; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.servlet.view.RedirectView; +import java.util.regex.Pattern; + @Controller @RequestMapping(value = "/shopify") public class ShopifyAuthTemplateController { @@ -21,23 +27,73 @@ public class ShopifyAuthTemplateController { @Autowired private ShopifyRequestValidator shopifyRequestValidator; + @Autowired + private StringRedisTemplate stringRedisTemplate; + /** * shopify店铺安装入口 * - * @param shopifyStoreHost + * @param shop * @param hmac * @param timestamp * @return */ @GetMapping("/auth") - public RedirectView shopifyStorePermission(@RequestParam("shop") String shopifyStoreHost, - @RequestParam("hmac") String hmac, - @RequestParam("timestamp") String timestamp) { - if (!shopifyRequestValidator.verifyPermission(shopifyStoreHost, hmac, timestamp)) { + public RedirectView shopifyStorePermission(@RequestParam("shop") String shop, + @RequestParam("hmac") String hmac, + @RequestParam("timestamp") String timestamp) { + if (!Pattern.matches("^[a-zA-Z0-9][a-zA-Z0-9\\-]*\\.myshopify\\.com", shop)) { + throw new BadRequestException("Parameter shop is invalid."); + } + if (!shopifyRequestValidator.verifyPermission(shop, hmac, timestamp)) { throw new ShopifyRequestVerifyException("This request parameters is invalid"); } - ShopifyPermissionURL shopifyPermissionURL = shopifyMerchantAuthApplication.getShopifyPermissionUrl(shopifyStoreHost); + ShopifyPermissionURL shopifyPermissionURL = shopifyMerchantAuthApplication.getShopifyPermissionUrl(shop); return new RedirectView(shopifyPermissionURL.getUrl()); } + /** + * shopify店铺授权后回调URL + * + * @param code + * @param hmac + * @param host + * @param state + * @param shop + * @param timestamp + * @return + */ + @GetMapping("/auth/back") + public RedirectView shopifyStoreAuthRedirect(@RequestParam("code") String code, + @RequestParam("hmac") String hmac, + @RequestParam("host") String host, + @RequestParam("state") String state, + @RequestParam("shop") String shop, + @RequestParam("timestamp") String timestamp) { + + if (!Pattern.matches("^[a-zA-Z0-9][a-zA-Z0-9\\-]*\\.myshopify\\.com", shop)) { + throw new ShopifyRequestVerifyException("Parameter shop is invalid."); + } + + String preState = stringRedisTemplate.boundValueOps("shopifyAuthState:" + shop).get(); + if (!state.equals(preState)) { + throw new ShopifyRequestVerifyException("This request parameters is invalid"); + } + stringRedisTemplate.delete("shopifyAuthState:" + shop); + ShopifyCommonParameter shopifyCommonParameter = ShopifyCommonParameter.builder() + .code(code) + .hmac(hmac) + .host(host) + .state(state) + .shop(shop) + .timestamp(timestamp) + .build(); + if (!shopifyRequestValidator.valid(shopifyCommonParameter)) { + throw new ShopifyRequestVerifyException("This request parameters is invalid"); + } + + String redirectUri = PlatformEnvironment.getEnv().concatUrl("/auth.html#/shopify/login?code=" + code + "&hmac=" + hmac + "&host=" + host + "&state=" + state + "&shop=" + shop + "×tamp=" + timestamp); + return new RedirectView(redirectUri); + } + } diff --git a/src/main/java/au/com/royalpay/payment/manage/shopify/auth/web/command/ShopifyPermissionRequest.java b/src/main/java/au/com/royalpay/payment/manage/shopify/auth/web/command/ShopifyPermissionRequest.java index d2190a921..ef2526d07 100644 --- a/src/main/java/au/com/royalpay/payment/manage/shopify/auth/web/command/ShopifyPermissionRequest.java +++ b/src/main/java/au/com/royalpay/payment/manage/shopify/auth/web/command/ShopifyPermissionRequest.java @@ -1,6 +1,5 @@ package au.com.royalpay.payment.manage.shopify.auth.web.command; -import au.com.royalpay.payment.manage.shopify.auth.domain.entity.ShopifyCommonParameter; import au.com.royalpay.payment.manage.shopify.store.web.command.CreateShopifyMerchantCommand; import lombok.AllArgsConstructor; import lombok.Builder; @@ -25,43 +24,17 @@ public class ShopifyPermissionRequest { @NotBlank(message = "Code can not blank") private String code; - @NotBlank(message = "hmac can not blank") - private String hmac; - - @NotBlank(message = "host can not blank") - private String host; - @NotBlank(message = "Shop can not blank") - @Pattern(regexp = "^[a-zA-Z0-9][a-zA-Z0-9\\-]*\\.myshopify\\.com",message = "Shop hostname is invalid") + @Pattern(regexp = "^[a-zA-Z0-9][a-zA-Z0-9\\-]*\\.myshopify\\.com", message = "Shop hostname is invalid") private String shop; - @NotBlank(message = "state can not blank") - private String state; - - @NotBlank(message = "timestamp can not blank") - private String timestamp; - public static ShopifyPermissionRequest instanceOf(CreateShopifyMerchantCommand command) { return ShopifyPermissionRequest.builder() .loginId(command.getPaymentAccount().getLoginId()) .password(command.getPaymentAccount().getPassword()) .code(command.getCode()) - .hmac(command.getHmac()) - .host(command.getHost()) .shop(command.getShopifyShop()) - .state(command.getState()) - .timestamp(command.getTimestamp()) .build(); } - public ShopifyCommonParameter build() { - return ShopifyCommonParameter.builder() - .code(code) - .hmac(hmac) - .host(host) - .shop(shop) - .state(state) - .timestamp(timestamp) - .build(); - } } diff --git a/src/main/java/au/com/royalpay/payment/manage/shopify/auth/web/command/ShopifyVerifyRequest.java b/src/main/java/au/com/royalpay/payment/manage/shopify/auth/web/command/ShopifyVerifyRequest.java index 76a89f34d..fc7a8fb02 100644 --- a/src/main/java/au/com/royalpay/payment/manage/shopify/auth/web/command/ShopifyVerifyRequest.java +++ b/src/main/java/au/com/royalpay/payment/manage/shopify/auth/web/command/ShopifyVerifyRequest.java @@ -1,6 +1,5 @@ package au.com.royalpay.payment.manage.shopify.auth.web.command; -import au.com.royalpay.payment.manage.shopify.auth.domain.entity.ShopifyCommonParameter; import lombok.Data; import javax.validation.constraints.NotBlank; @@ -27,15 +26,4 @@ public class ShopifyVerifyRequest { @NotBlank(message = "timestamp can not blank") private String timestamp; - - public ShopifyCommonParameter build() { - return ShopifyCommonParameter.builder() - .code(code) - .hmac(hmac) - .host(host) - .shop(shop) - .state(state) - .timestamp(timestamp) - .build(); - } } diff --git a/src/main/java/au/com/royalpay/payment/manage/shopify/store/web/ShopifyStoreController.java b/src/main/java/au/com/royalpay/payment/manage/shopify/store/web/ShopifyStoreController.java index fd4f95db8..9cb987e35 100644 --- a/src/main/java/au/com/royalpay/payment/manage/shopify/store/web/ShopifyStoreController.java +++ b/src/main/java/au/com/royalpay/payment/manage/shopify/store/web/ShopifyStoreController.java @@ -24,6 +24,7 @@ public class ShopifyStoreController { * * @param partnerCode 商户标识 */ + @Deprecated @GetMapping("/exist") public Boolean validPaymentAppMerchant(@RequestParam("partnerCode") String partnerCode) { return shopifyStoreApplication.existMerchant(partnerCode); diff --git a/src/main/java/au/com/royalpay/payment/manage/shopify/store/web/command/CreateShopifyMerchantCommand.java b/src/main/java/au/com/royalpay/payment/manage/shopify/store/web/command/CreateShopifyMerchantCommand.java index eb29b9431..8bad7393b 100644 --- a/src/main/java/au/com/royalpay/payment/manage/shopify/store/web/command/CreateShopifyMerchantCommand.java +++ b/src/main/java/au/com/royalpay/payment/manage/shopify/store/web/command/CreateShopifyMerchantCommand.java @@ -17,19 +17,8 @@ public class CreateShopifyMerchantCommand { @NotBlank(message = "Auth code can not blank") private String code; - @NotBlank(message = "hmac can not blank") - private String hmac; - - @NotBlank(message = "host can not blank") - private String host; - @NotBlank(message = "Shop can not blank") - @Pattern(regexp = "^[a-zA-Z0-9][a-zA-Z0-9\\-]*\\.myshopify\\.com",message = "Shop hostname is invalid") + @Pattern(regexp = "^[a-zA-Z0-9][a-zA-Z0-9\\-]*\\.myshopify\\.com", message = "Shop hostname is invalid") private String shopifyShop; - @NotBlank(message = "state can not blank") - private String state; - - @NotBlank(message = "timestamp can not blank") - private String timestamp; } diff --git a/src/main/ui/static/shopify/auth/shopify.auth.js b/src/main/ui/static/shopify/auth/shopify.auth.js index a2e317838..6e175b53b 100644 --- a/src/main/ui/static/shopify/auth/shopify.auth.js +++ b/src/main/ui/static/shopify/auth/shopify.auth.js @@ -70,12 +70,19 @@ define(['angular', 'uiRouter', 'uiBootstrap'], function (angular) { module.controller('ShopifyLoginController', ['$scope', '$http', '$state', '$stateParams', '$location', function ($scope, $http, $state, $stateParams, $location) { var that = $scope; - var code = getQueryVariable("code") + /*var code = getQueryVariable("code") var hmac = getQueryVariable("hmac") var host = getQueryVariable("host") var shop = getQueryVariable("shop") var state = getQueryVariable("state") - var timestamp = getQueryVariable("timestamp") + var timestamp = getQueryVariable("timestamp")*/ + + var code = $location.search().code + var hmac = $location.search().hmac + var host = $location.search().host + var shop = $location.search().shop + var state = $location.search().state + var timestamp = $location.search().timestamp that.model = { loginId: '', @@ -89,14 +96,14 @@ define(['angular', 'uiRouter', 'uiBootstrap'], function (angular) { } that.loginDisable = false - that.verifyRequest = function () { + /*that.verifyRequest = function () { $http.post("/shopify/auth/verify", that.model).then(function (res) { }, function (error) { that.resError = error.data.message; that.loginDisable = false }) } - that.verifyRequest() + that.verifyRequest()*/ that.activeShopifyMerchant = function () { that.loginDisable = true