upgrade shopify OAuth process

src/main/java/au/com/royalpay/payment/manage/shopify/auth/domain/service/ShopifyAuthService.java

@@ -43,7 +43,7 @@ public class ShopifyAuthService {
     private StringRedisTemplate stringRedisTemplate;
 
     public ShopifyPermissionURL shopifyPermission(String shopifyStoreHost) {
-        String redirectUri = PlatformEnvironment.getEnv().concatUrl("/auth.html");
+        String redirectUri = PlatformEnvironment.getEnv().concatUrl("/shopify/auth/back");
 
         String state = String.valueOf(new Date().getTime()).substring(0,10);
 

src/main/java/au/com/royalpay/payment/manage/shopify/auth/web/ShopifyAuthController.java

@@ -1,14 +1,9 @@
 package au.com.royalpay.payment.manage.shopify.auth.web;
 
-import au.com.royalpay.payment.manage.shopify.auth.domain.ShopifyRequestVerifyException;
 import au.com.royalpay.payment.manage.shopify.auth.domain.application.ShopifyMerchantAuthApplication;
 import au.com.royalpay.payment.manage.shopify.auth.domain.entity.ShopifyAccessToken;
-import au.com.royalpay.payment.manage.shopify.auth.domain.service.ShopifyRequestValidator;
 import au.com.royalpay.payment.manage.shopify.auth.web.command.ShopifyPermissionRequest;
-import au.com.royalpay.payment.manage.shopify.auth.web.command.ShopifyVerifyRequest;
-import com.alibaba.fastjson.JSONObject;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.data.redis.core.StringRedisTemplate;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -26,31 +21,6 @@ public class ShopifyAuthController {
     @Autowired
     private ShopifyMerchantAuthApplication shopifyMerchantAuthApplication;
 
-    @Autowired
-    private ShopifyRequestValidator shopifyRequestValidator;
-
-    @Autowired
-    private StringRedisTemplate stringRedisTemplate;
-
-    /**
-     * 校验shopify请求
-     *
-     * @param request
-     * @return
-     */
-    @PostMapping("/verify")
-    public JSONObject verifyRequest(@RequestBody @Valid ShopifyVerifyRequest request) {
-        String state = stringRedisTemplate.boundValueOps("shopifyAuthState:" + request.getShop()).get();
-        if (!request.getState().equals(state)) {
-            throw new ShopifyRequestVerifyException("This request parameters is invalid");
-        }
-        stringRedisTemplate.delete("shopifyAuthState:" + request.getShop());
-        if (!shopifyRequestValidator.valid(request.build())) {
-            throw new ShopifyRequestVerifyException("This request parameters is invalid");
-        }
-        return new JSONObject();
-    }
-
     /**
      * 获取shopify店铺授权URL
      *
@@ -58,10 +28,7 @@ public class ShopifyAuthController {
      * @return
      */
     @PostMapping("/install")
-    public ShopifyAccessToken shopifyPermission(@RequestBody @Valid ShopifyPermissionRequest request) {
-        if (!shopifyRequestValidator.valid(request.build())) {
-            throw new ShopifyRequestVerifyException("This request parameters is invalid");
-        }
+    public ShopifyAccessToken shopifyStoreInstall(@RequestBody @Valid ShopifyPermissionRequest request) {
         ShopifyAccessToken shopifyAccessToken = shopifyMerchantAuthApplication.install(request);
         return shopifyAccessToken;
     }

src/main/java/au/com/royalpay/payment/manage/shopify/auth/web/ShopifyAuthTemplateController.java

@@ -2,15 +2,21 @@ package au.com.royalpay.payment.manage.shopify.auth.web;
 
 import au.com.royalpay.payment.manage.shopify.auth.domain.ShopifyRequestVerifyException;
 import au.com.royalpay.payment.manage.shopify.auth.domain.application.ShopifyMerchantAuthApplication;
+import au.com.royalpay.payment.manage.shopify.auth.domain.entity.ShopifyCommonParameter;
 import au.com.royalpay.payment.manage.shopify.auth.domain.entity.ShopifyPermissionURL;
 import au.com.royalpay.payment.manage.shopify.auth.domain.service.ShopifyRequestValidator;
+import au.com.royalpay.payment.tools.env.PlatformEnvironment;
+import au.com.royalpay.payment.tools.exceptions.BadRequestException;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.data.redis.core.StringRedisTemplate;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.servlet.view.RedirectView;
 
+import java.util.regex.Pattern;
+
 @Controller
 @RequestMapping(value = "/shopify")
 public class ShopifyAuthTemplateController {
@@ -21,23 +27,73 @@ public class ShopifyAuthTemplateController {
     @Autowired
     private ShopifyRequestValidator shopifyRequestValidator;
 
+    @Autowired
+    private StringRedisTemplate stringRedisTemplate;
+
     /**
      * shopify店铺安装入口
      *
-     * @param shopifyStoreHost
+     * @param shop
      * @param hmac
      * @param timestamp
      * @return
      */
     @GetMapping("/auth")
-    public RedirectView shopifyStorePermission(@RequestParam("shop") String shopifyStoreHost,
+    public RedirectView shopifyStorePermission(@RequestParam("shop") String shop,
                                                @RequestParam("hmac") String hmac,
                                                @RequestParam("timestamp") String timestamp) {
-        if (!shopifyRequestValidator.verifyPermission(shopifyStoreHost, hmac, timestamp)) {
+        if (!Pattern.matches("^[a-zA-Z0-9][a-zA-Z0-9\\-]*\\.myshopify\\.com", shop)) {
+            throw new BadRequestException("Parameter shop is invalid.");
+        }
+        if (!shopifyRequestValidator.verifyPermission(shop, hmac, timestamp)) {
             throw new ShopifyRequestVerifyException("This request parameters is invalid");
         }
-        ShopifyPermissionURL shopifyPermissionURL = shopifyMerchantAuthApplication.getShopifyPermissionUrl(shopifyStoreHost);
+        ShopifyPermissionURL shopifyPermissionURL = shopifyMerchantAuthApplication.getShopifyPermissionUrl(shop);
         return new RedirectView(shopifyPermissionURL.getUrl());
     }
 
+    /**
+     * shopify店铺授权后回调URL
+     *
+     * @param code
+     * @param hmac
+     * @param host
+     * @param state
+     * @param shop
+     * @param timestamp
+     * @return
+     */
+    @GetMapping("/auth/back")
+    public RedirectView shopifyStoreAuthRedirect(@RequestParam("code") String code,
+                                                 @RequestParam("hmac") String hmac,
+                                                 @RequestParam("host") String host,
+                                                 @RequestParam("state") String state,
+                                                 @RequestParam("shop") String shop,
+                                                 @RequestParam("timestamp") String timestamp) {
+
+        if (!Pattern.matches("^[a-zA-Z0-9][a-zA-Z0-9\\-]*\\.myshopify\\.com", shop)) {
+            throw new ShopifyRequestVerifyException("Parameter shop is invalid.");
+        }
+
+        String preState = stringRedisTemplate.boundValueOps("shopifyAuthState:" + shop).get();
+        if (!state.equals(preState)) {
+            throw new ShopifyRequestVerifyException("This request parameters is invalid");
+        }
+        stringRedisTemplate.delete("shopifyAuthState:" + shop);
+        ShopifyCommonParameter shopifyCommonParameter = ShopifyCommonParameter.builder()
+                .code(code)
+                .hmac(hmac)
+                .host(host)
+                .state(state)
+                .shop(shop)
+                .timestamp(timestamp)
+                .build();
+        if (!shopifyRequestValidator.valid(shopifyCommonParameter)) {
+            throw new ShopifyRequestVerifyException("This request parameters is invalid");
+        }
+
+        String redirectUri = PlatformEnvironment.getEnv().concatUrl("/auth.html#/shopify/login?code=" + code + "&hmac=" + hmac + "&host=" + host + "&state=" + state + "&shop=" + shop + "&timestamp=" + timestamp);
+        return new RedirectView(redirectUri);
+    }
+
 }

src/main/java/au/com/royalpay/payment/manage/shopify/auth/web/command/ShopifyPermissionRequest.java

@@ -1,6 +1,5 @@
 package au.com.royalpay.payment.manage.shopify.auth.web.command;
 
-import au.com.royalpay.payment.manage.shopify.auth.domain.entity.ShopifyCommonParameter;
 import au.com.royalpay.payment.manage.shopify.store.web.command.CreateShopifyMerchantCommand;
 import lombok.AllArgsConstructor;
 import lombok.Builder;
@@ -25,43 +24,17 @@ public class ShopifyPermissionRequest {
     @NotBlank(message = "Code can not blank")
     private String code;
 
-    @NotBlank(message = "hmac can not blank")
-    private String hmac;
-
-    @NotBlank(message = "host can not blank")
-    private String host;
-
     @NotBlank(message = "Shop can not blank")
-    @Pattern(regexp = "^[a-zA-Z0-9][a-zA-Z0-9\\-]*\\.myshopify\\.com",message = "Shop hostname is invalid")
+    @Pattern(regexp = "^[a-zA-Z0-9][a-zA-Z0-9\\-]*\\.myshopify\\.com", message = "Shop hostname is invalid")
     private String shop;
 
-    @NotBlank(message = "state can not blank")
-    private String state;
-
-    @NotBlank(message = "timestamp can not blank")
-    private String timestamp;
-
     public static ShopifyPermissionRequest instanceOf(CreateShopifyMerchantCommand command) {
         return ShopifyPermissionRequest.builder()
                 .loginId(command.getPaymentAccount().getLoginId())
                 .password(command.getPaymentAccount().getPassword())
                 .code(command.getCode())
-                .hmac(command.getHmac())
-                .host(command.getHost())
                 .shop(command.getShopifyShop())
-                .state(command.getState())
-                .timestamp(command.getTimestamp())
                 .build();
     }
 
-    public ShopifyCommonParameter build() {
-        return ShopifyCommonParameter.builder()
-                .code(code)
-                .hmac(hmac)
-                .host(host)
-                .shop(shop)
-                .state(state)
-                .timestamp(timestamp)
-                .build();
-    }
 }

src/main/java/au/com/royalpay/payment/manage/shopify/auth/web/command/ShopifyVerifyRequest.java

@@ -1,6 +1,5 @@
 package au.com.royalpay.payment.manage.shopify.auth.web.command;
 
-import au.com.royalpay.payment.manage.shopify.auth.domain.entity.ShopifyCommonParameter;
 import lombok.Data;
 
 import javax.validation.constraints.NotBlank;
@@ -27,15 +26,4 @@ public class ShopifyVerifyRequest {
 
     @NotBlank(message = "timestamp can not blank")
     private String timestamp;
-
-    public ShopifyCommonParameter build() {
-        return ShopifyCommonParameter.builder()
-                .code(code)
-                .hmac(hmac)
-                .host(host)
-                .shop(shop)
-                .state(state)
-                .timestamp(timestamp)
-                .build();
-    }
 }

src/main/java/au/com/royalpay/payment/manage/shopify/store/web/ShopifyStoreController.java

@@ -24,6 +24,7 @@ public class ShopifyStoreController {
      *
      * @param partnerCode 商户标识
      */
+    @Deprecated
     @GetMapping("/exist")
     public Boolean validPaymentAppMerchant(@RequestParam("partnerCode") String partnerCode) {
         return shopifyStoreApplication.existMerchant(partnerCode);

src/main/java/au/com/royalpay/payment/manage/shopify/store/web/command/CreateShopifyMerchantCommand.java

@@ -17,19 +17,8 @@ public class CreateShopifyMerchantCommand {
     @NotBlank(message = "Auth code can not blank")
     private String code;
 
-    @NotBlank(message = "hmac can not blank")
-    private String hmac;
-
-    @NotBlank(message = "host can not blank")
-    private String host;
-
     @NotBlank(message = "Shop can not blank")
-    @Pattern(regexp = "^[a-zA-Z0-9][a-zA-Z0-9\\-]*\\.myshopify\\.com",message = "Shop hostname is invalid")
+    @Pattern(regexp = "^[a-zA-Z0-9][a-zA-Z0-9\\-]*\\.myshopify\\.com", message = "Shop hostname is invalid")
     private String shopifyShop;
 
-    @NotBlank(message = "state can not blank")
-    private String state;
-
-    @NotBlank(message = "timestamp can not blank")
-    private String timestamp;
 }

src/main/ui/static/shopify/auth/shopify.auth.js

@@ -70,12 +70,19 @@ define(['angular', 'uiRouter', 'uiBootstrap'], function (angular) {
         module.controller('ShopifyLoginController', ['$scope', '$http', '$state', '$stateParams', '$location', function ($scope, $http, $state, $stateParams, $location) {
             var that = $scope;
 
-            var code = getQueryVariable("code")
+            /*var code = getQueryVariable("code")
             var hmac = getQueryVariable("hmac")
             var host = getQueryVariable("host")
             var shop = getQueryVariable("shop")
             var state = getQueryVariable("state")
-            var timestamp = getQueryVariable("timestamp")
+            var timestamp = getQueryVariable("timestamp")*/
+
+            var code = $location.search().code
+            var hmac = $location.search().hmac
+            var host = $location.search().host
+            var shop = $location.search().shop
+            var state = $location.search().state
+            var timestamp = $location.search().timestamp
 
             that.model = {
                 loginId: '',
@@ -89,14 +96,14 @@ define(['angular', 'uiRouter', 'uiBootstrap'], function (angular) {
             }
             that.loginDisable = false
 
-            that.verifyRequest = function () {
+            /*that.verifyRequest = function () {
                 $http.post("/shopify/auth/verify", that.model).then(function (res) {
                 }, function (error) {
                     that.resError = error.data.message;
                     that.loginDisable = false
                 })
             }
-            that.verifyRequest()
+            that.verifyRequest()*/
 
             that.activeShopifyMerchant = function () {
                 that.loginDisable = true