msb_52843
/
dalong_mall
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'production' into develop

Browse Source
master
Yixian 3 years ago
parent a5488d107d 9c10d05462
commit 5f5a275be9
6 changed files with 81 additions and 18 deletions
Show Stats Download Patch File Download Diff File

7
src/main/java/au/com/royalpay/payment/manage/WebConfiguration.java
Unescape View File

@ -1,6 +1,8 @@
package au.com.royalpay.payment.manage; package au.com.royalpay.payment.manage;
import au.com.royalpay.payment.manage.permission.manager.ManagerUserInterceptor; import au.com.royalpay.payment.manage.permission.manager.ManagerUserInterceptor;
import au.com.royalpay.payment.manage.shopify.support.ShopifyRequestInfoInterceptor;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry; import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@ -15,10 +17,15 @@ public class WebConfiguration implements WebMvcConfigurer {
@Resource @Resource
private ManagerUserInterceptor managerUserInterceptor; private ManagerUserInterceptor managerUserInterceptor;
@Bean
public ShopifyRequestInfoInterceptor shopifyRequestInfoInterceptor() {
return new ShopifyRequestInfoInterceptor();
}
@Override @Override
public void addInterceptors(InterceptorRegistry registry) { public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(managerUserInterceptor).order(1); registry.addInterceptor(managerUserInterceptor).order(1);
registry.addInterceptor(shopifyRequestInfoInterceptor());
} }

22
src/main/java/au/com/royalpay/payment/manage/shopify/auth/web/ShopifyAuthTemplateController.java
Unescape View File

@ -5,17 +5,14 @@ import au.com.royalpay.payment.manage.shopify.auth.domain.entity.ShopifyCommonPa
import au.com.royalpay.payment.manage.shopify.auth.domain.entity.ShopifyPermissionURL; import au.com.royalpay.payment.manage.shopify.auth.domain.entity.ShopifyPermissionURL;
import au.com.royalpay.payment.manage.shopify.auth.domain.exception.ShopifyRequestVerifyException; import au.com.royalpay.payment.manage.shopify.auth.domain.exception.ShopifyRequestVerifyException;
import au.com.royalpay.payment.manage.shopify.auth.domain.service.ShopifyRequestValidator; import au.com.royalpay.payment.manage.shopify.auth.domain.service.ShopifyRequestValidator;
import au.com.royalpay.payment.manage.shopify.support.ShopifyEndpoint;
import au.com.royalpay.payment.tools.env.PlatformEnvironment; import au.com.royalpay.payment.tools.env.PlatformEnvironment;
import au.com.royalpay.payment.tools.exceptions.BadRequestException; import au.com.royalpay.payment.tools.exceptions.BadRequestException;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.redis.core.StringRedisTemplate; import org.springframework.data.redis.core.StringRedisTemplate;
import org.springframework.stereotype.Controller; import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.*;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.servlet.view.RedirectView;
import javax.servlet.http.HttpServletResponse;
import java.util.regex.Pattern; import java.util.regex.Pattern;
@Controller @Controller
@ -40,10 +37,10 @@ public class ShopifyAuthTemplateController {
* @return * @return
*/ */
@GetMapping("/auth") @GetMapping("/auth")
@ShopifyEndpoint
public String shopifyStorePermission(@RequestParam("shop") String shop, public String shopifyStorePermission(@RequestParam("shop") String shop,
@RequestParam("hmac") String hmac, @RequestParam("hmac") String hmac,
@RequestParam("timestamp") String timestamp, @RequestParam("timestamp") String timestamp) {
HttpServletResponse response) {
if (!Pattern.matches("^[a-zA-Z0-9][a-zA-Z0-9\\-]*\\.myshopify\\.com", shop)) { if (!Pattern.matches("^[a-zA-Z0-9][a-zA-Z0-9\\-]*\\.myshopify\\.com", shop)) {
throw new BadRequestException("Parameter shop is invalid."); throw new BadRequestException("Parameter shop is invalid.");
} }
@ -51,7 +48,6 @@ public class ShopifyAuthTemplateController {
throw new ShopifyRequestVerifyException("This request parameters is invalid"); throw new ShopifyRequestVerifyException("This request parameters is invalid");
} }
ShopifyPermissionURL shopifyPermissionURL = shopifyMerchantAuthApplication.getShopifyPermissionUrl(shop); ShopifyPermissionURL shopifyPermissionURL = shopifyMerchantAuthApplication.getShopifyPermissionUrl(shop);
response.setHeader("content-security-policy", "frame-ancestors https://" + shop + ".myshopify.com https://admin.shopify.com");
return "redirect:" + shopifyPermissionURL.getUrl(); return "redirect:" + shopifyPermissionURL.getUrl();
} }
@ -67,14 +63,13 @@ public class ShopifyAuthTemplateController {
* @return * @return
*/ */
@GetMapping("/auth/back") @GetMapping("/auth/back")
public RedirectView shopifyStoreAuthRedirect(@RequestParam("code") String code, @ShopifyEndpoint
public String shopifyStoreAuthRedirect(@RequestParam("code") String code,
@RequestParam("hmac") String hmac, @RequestParam("hmac") String hmac,
@RequestParam("host") String host, @RequestParam("host") String host,
@RequestParam("state") String state, @RequestParam("state") String state,
@RequestParam("shop") String shop, @RequestParam("shop") String shop,
@RequestParam("timestamp") String timestamp, @RequestParam("timestamp") String timestamp) {
HttpServletResponse response) {
if (!Pattern.matches("^[a-zA-Z0-9][a-zA-Z0-9\\-]*\\.myshopify\\.com", shop)) { if (!Pattern.matches("^[a-zA-Z0-9][a-zA-Z0-9\\-]*\\.myshopify\\.com", shop)) {
throw new ShopifyRequestVerifyException("Parameter shop is invalid."); throw new ShopifyRequestVerifyException("Parameter shop is invalid.");
} }
@ -97,8 +92,7 @@ public class ShopifyAuthTemplateController {
} }
String redirectUri = PlatformEnvironment.getEnv().concatUrl("/auth.html#/shopify/login?code=" + code + "&hmac=" + hmac + "&host=" + host + "&state=" + state + "&shop=" + shop + "&timestamp=" + timestamp); String redirectUri = PlatformEnvironment.getEnv().concatUrl("/auth.html#/shopify/login?code=" + code + "&hmac=" + hmac + "&host=" + host + "&state=" + state + "&shop=" + shop + "&timestamp=" + timestamp);
response.setHeader("content-security-policy", "frame-ancestors https://" + shop + ".myshopify.com https://admin.shopify.com"); return "redirect:" + redirectUri;
return new RedirectView(redirectUri);
} }
} }

16
src/main/java/au/com/royalpay/payment/manage/shopify/hooks/ShopifyWebhooksController.java
Unescape View File

@ -7,6 +7,7 @@ import au.com.royalpay.payment.manage.shopify.hooks.command.ShopifyCustomerReque
import au.com.royalpay.payment.manage.shopify.hooks.command.ShopifyShopRedactCommand; import au.com.royalpay.payment.manage.shopify.hooks.command.ShopifyShopRedactCommand;
import au.com.royalpay.payment.manage.shopify.store.domain.entity.ShopifyStore; import au.com.royalpay.payment.manage.shopify.store.domain.entity.ShopifyStore;
import au.com.royalpay.payment.manage.shopify.store.domain.service.ShopifyStoreService; import au.com.royalpay.payment.manage.shopify.store.domain.service.ShopifyStoreService;
import au.com.royalpay.payment.manage.shopify.support.ShopifyEndpoint;
import au.com.royalpay.payment.manage.shopify.support.ShopifyHttpUtils; import au.com.royalpay.payment.manage.shopify.support.ShopifyHttpUtils;
import com.alibaba.fastjson.JSONObject; import com.alibaba.fastjson.JSONObject;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
@ -14,6 +15,7 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.*; import org.springframework.web.bind.annotation.*;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@Slf4j @Slf4j
@RestController @RestController
@ -31,8 +33,10 @@ public class ShopifyWebhooksController {
* *
*/ */
@PostMapping("/customer/request") @PostMapping("/customer/request")
@ShopifyEndpoint
public void customerRequest(@RequestHeader("X-Shopify-Hmac-SHA256") String hmac, public void customerRequest(@RequestHeader("X-Shopify-Hmac-SHA256") String hmac,
HttpServletRequest request) { HttpServletRequest request,
HttpServletResponse response) {
String requestBody = ShopifyHttpUtils.getRequestBody(request); String requestBody = ShopifyHttpUtils.getRequestBody(request);
if (!shopifyRequestValidator.verify(requestBody, hmac)) { if (!shopifyRequestValidator.verify(requestBody, hmac)) {
throw new ShopifyRequestVerifyException("Unauthorized"); throw new ShopifyRequestVerifyException("Unauthorized");
@ -45,12 +49,15 @@ public class ShopifyWebhooksController {
* *
*/ */
@PostMapping("/customer/erasure") @PostMapping("/customer/erasure")
@ShopifyEndpoint
public void customerRedact(@RequestHeader("X-Shopify-Hmac-SHA256") String hmac, public void customerRedact(@RequestHeader("X-Shopify-Hmac-SHA256") String hmac,
HttpServletRequest request) { HttpServletRequest request,
HttpServletResponse response) {
String requestBody = ShopifyHttpUtils.getRequestBody(request); String requestBody = ShopifyHttpUtils.getRequestBody(request);
if (!shopifyRequestValidator.verify(requestBody, hmac)) { if (!shopifyRequestValidator.verify(requestBody, hmac)) {
throw new ShopifyRequestVerifyException("Unauthorized"); throw new ShopifyRequestVerifyException("Unauthorized");
} }
ShopifyCustomerRedactCommand shopifyCustomerRedactCommand = JSONObject.parseObject(requestBody, ShopifyCustomerRedactCommand.class); ShopifyCustomerRedactCommand shopifyCustomerRedactCommand = JSONObject.parseObject(requestBody, ShopifyCustomerRedactCommand.class);
} }
@ -59,12 +66,15 @@ public class ShopifyWebhooksController {
* *
*/ */
@PostMapping("/shop/erasure") @PostMapping("/shop/erasure")
@ShopifyEndpoint
public void shopRedact(@RequestHeader("X-Shopify-Hmac-SHA256") String hmac, public void shopRedact(@RequestHeader("X-Shopify-Hmac-SHA256") String hmac,
HttpServletRequest request) { HttpServletRequest request,
HttpServletResponse response) {
String requestBody = ShopifyHttpUtils.getRequestBody(request); String requestBody = ShopifyHttpUtils.getRequestBody(request);
if (!shopifyRequestValidator.verify(requestBody, hmac)) { if (!shopifyRequestValidator.verify(requestBody, hmac)) {
throw new ShopifyRequestVerifyException("Unauthorized"); throw new ShopifyRequestVerifyException("Unauthorized");
} }
ShopifyShopRedactCommand shopifyShopRedactCommand = JSONObject.parseObject(requestBody, ShopifyShopRedactCommand.class); ShopifyShopRedactCommand shopifyShopRedactCommand = JSONObject.parseObject(requestBody, ShopifyShopRedactCommand.class);
ShopifyStore shopifyShop = shopifyStoreService.getByShopifyShop(shopifyShopRedactCommand.getShop_domain()); ShopifyStore shopifyShop = shopifyStoreService.getByShopifyShop(shopifyShopRedactCommand.getShop_domain());
if (shopifyShop == null) { if (shopifyShop == null) {

9
src/main/java/au/com/royalpay/payment/manage/shopify/support/ShopifyEndpoint.java
Unescape View File

@ -0,0 +1,9 @@
package au.com.royalpay.payment.manage.shopify.support;
import java.lang.annotation.*;
@Documented
@Retention(RetentionPolicy.RUNTIME)
@Target({ElementType.METHOD, ElementType.TYPE})
public @interface ShopifyEndpoint {
}

43
src/main/java/au/com/royalpay/payment/manage/shopify/support/ShopifyRequestInfoInterceptor.java
Unescape View File

@ -0,0 +1,43 @@
package au.com.royalpay.payment.manage.shopify.support;
import com.alibaba.fastjson.JSONObject;
import org.apache.commons.lang3.StringUtils;
import org.springframework.core.annotation.AnnotatedElementUtils;
import org.springframework.http.HttpMethod;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.lang.reflect.Method;
public class ShopifyRequestInfoInterceptor extends HandlerInterceptorAdapter {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
Method method = ((HandlerMethod) handler).getMethod();
if(HttpMethod.GET.matches(request.getMethod())) {
if (AnnotatedElementUtils.isAnnotated(method, ShopifyEndpoint.class)) {
String shop = request.getParameter("shop");
if (StringUtils.isNotBlank(shop)) {
response.addHeader("Content-Security-Policy", "frame-ancestors 'none'");
}
}
}
if (HttpMethod.POST.matches(request.getMethod())) {
if (AnnotatedElementUtils.isAnnotated(method, ShopifyEndpoint.class)) {
String requestBody = ShopifyHttpUtils.getRequestBody(request);
JSONObject body = JSONObject.parseObject(requestBody);
String shop = body.getString("shop_domain");
if (StringUtils.isNotBlank(shop)) {
response.addHeader("Content-Security-Policy", "frame-ancestors 'none'");
}
}
}
return super.preHandle(request, response, handler);
}
}

2
src/main/resources/application-dev.yml
Unescape View File

@ -73,7 +73,7 @@ spring:
app: app:
run-tasks: false run-tasks: false
host: host:
main: https://1c6d-222-95-180-118.ngrok.io/ main: https://65e5-222-95-183-204.ngrok.io/
regions: regions:
au: http://dalong-au.dev.rpaygroup.com/ au: http://dalong-au.dev.rpaygroup.com/
cn: http://dalong-au.dev.rpaygroup.com/ cn: http://dalong-au.dev.rpaygroup.com/

Write Preview
Loading…
Cancel
Save