use parent shopify integration

3 years ago · 9c09129010
parent 86d36680fd
commit 9c09129010
12 changed files with 5 additions and 232 deletions
--- a/src/main/java/au/com/royalpay/payment/manage/WebConfiguration.java
+++ b/src/main/java/au/com/royalpay/payment/manage/WebConfiguration.java
@ -1,8 +1,6 @@
 package au.com.royalpay.payment.manage;
 import au.com.royalpay.payment.manage.permission.manager.ManagerUserInterceptor;
 import au.com.royalpay.payment.manage.shopify.support.ShopifyRequestInfoInterceptor;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@ -17,16 +15,9 @@ public class WebConfiguration implements WebMvcConfigurer {
    @Resource
    private ManagerUserInterceptor managerUserInterceptor;
    @Bean
    public ShopifyRequestInfoInterceptor shopifyRequestInfoInterceptor() {
        return new ShopifyRequestInfoInterceptor();
    }
    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        registry.addInterceptor(managerUserInterceptor).order(1);
        registry.addInterceptor(shopifyRequestInfoInterceptor());
    }
--- a/src/main/java/au/com/royalpay/payment/manage/shopify/auth/domain/graphqlclient/PaymentsAppConfigureClient.java
+++ b/src/main/java/au/com/royalpay/payment/manage/shopify/auth/domain/graphqlclient/PaymentsAppConfigureClient.java
@ -2,7 +2,7 @@ package au.com.royalpay.payment.manage.shopify.auth.domain.graphqlclient;
 import au.com.royalpay.payment.manage.shopify.store.domain.entity.ShopifyStore;
 import au.com.royalpay.payment.manage.shopify.store.domain.service.ShopifyStoreService;
-import au.com.royalpay.payment.manage.shopify.support.GraphqlSchemaReaderUtil;
+import au.com.royalpay.shopify.support.GraphqlSchemaReaderUtil;
 import com.alibaba.fastjson.JSONObject;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
--- a/src/main/java/au/com/royalpay/payment/manage/shopify/auth/web/ShopifyAuthTemplateController.java
+++ b/src/main/java/au/com/royalpay/payment/manage/shopify/auth/web/ShopifyAuthTemplateController.java
@ -2,12 +2,12 @@ package au.com.royalpay.payment.manage.shopify.auth.web;
 import au.com.royalpay.payment.manage.shopify.auth.domain.application.ShopifyMerchantAuthApplication;
 import au.com.royalpay.payment.manage.shopify.auth.domain.exception.ShopifyRequestVerifyException;
 import au.com.royalpay.payment.manage.shopify.support.ShopifyEndpoint;
 import au.com.royalpay.payment.tools.env.PlatformEnvironment;
 import au.com.royalpay.payment.tools.exceptions.BadRequestException;
 import au.com.royalpay.shopify.entity.ShopifyCommonParameter;
 import au.com.royalpay.shopify.entity.ShopifyPermissionURL;
 import au.com.royalpay.shopify.service.ShopifyRequestValidator;
 import au.com.royalpay.shopify.support.ShopifyEndpoint;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.data.redis.core.StringRedisTemplate;
--- a/src/main/java/au/com/royalpay/payment/manage/shopify/hooks/ShopifyWebhooksController.java
+++ b/src/main/java/au/com/royalpay/payment/manage/shopify/hooks/ShopifyWebhooksController.java
@ -6,9 +6,9 @@ import au.com.royalpay.payment.manage.shopify.hooks.command.ShopifyCustomerReque
 import au.com.royalpay.payment.manage.shopify.hooks.command.ShopifyShopRedactCommand;
 import au.com.royalpay.payment.manage.shopify.store.domain.entity.ShopifyStore;
 import au.com.royalpay.payment.manage.shopify.store.domain.service.ShopifyStoreService;
 import au.com.royalpay.payment.manage.shopify.support.ShopifyEndpoint;
 import au.com.royalpay.payment.manage.shopify.support.ShopifyHttpUtils;
 import au.com.royalpay.shopify.service.ShopifyRequestValidator;
 import au.com.royalpay.shopify.support.ShopifyEndpoint;
 import au.com.royalpay.shopify.support.ShopifyHttpUtils;
 import com.alibaba.fastjson.JSON;
 import com.alibaba.fastjson.JSONObject;
 import lombok.extern.slf4j.Slf4j;
--- a/src/main/java/au/com/royalpay/payment/manage/shopify/support/GraphqlSchemaReaderUtil.java
+++ b/src/main/java/au/com/royalpay/payment/manage/shopify/support/GraphqlSchemaReaderUtil.java
@ -1,11 +0,0 @@
 package au.com.royalpay.payment.manage.shopify.support;
 import java.io.IOException;
 public class GraphqlSchemaReaderUtil {
    public static String getSchemaFromFileName(final String filename) throws IOException {
        return new String(
                GraphqlSchemaReaderUtil.class.getClassLoader().getResourceAsStream("graphql/" + filename + ".graphql").readAllBytes());
    }
 }
--- a/src/main/java/au/com/royalpay/payment/manage/shopify/support/HmacVerificationUtil.java
+++ b/src/main/java/au/com/royalpay/payment/manage/shopify/support/HmacVerificationUtil.java
@ -1,75 +0,0 @@
 package au.com.royalpay.payment.manage.shopify.support;
 import org.apache.commons.codec.DecoderException;
 import org.apache.commons.codec.binary.Base64;
 import org.apache.commons.codec.binary.Hex;
 import org.apache.commons.codec.digest.HmacAlgorithms;
 import org.apache.commons.codec.digest.HmacUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.bouncycastle.crypto.RuntimeCryptoException;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import javax.crypto.Mac;
 import javax.crypto.SecretKey;
 import javax.crypto.spec.SecretKeySpec;
 import javax.xml.bind.annotation.adapters.HexBinaryAdapter;
 import java.nio.charset.StandardCharsets;
 import java.security.Security;
 import java.util.Arrays;
 import java.util.Locale;
 public class HmacVerificationUtil {
    private static final Logger logger = LoggerFactory.getLogger(HmacVerificationUtil.class);
    private HmacVerificationUtil() {
    }
    public static boolean checkParameters(String message, String secret, String hmac) {
        try {
            Security.addProvider(new BouncyCastleProvider());
            SecretKey secretKey = new SecretKeySpec(secret.getBytes(StandardCharsets.UTF_8), "HmacSHA256");
            Mac mac = Mac.getInstance(secretKey.getAlgorithm());
            mac.init(secretKey);
            byte[] digest = mac.doFinal(message.getBytes(StandardCharsets.UTF_8));
            String marshal = new HexBinaryAdapter().marshal(digest).toLowerCase(Locale.ROOT);
            return StringUtils.equals(marshal, hmac);
        } catch (Exception e) {
            throw new RuntimeCryptoException("加密异常");
        }
    }
    public static boolean hmacSHA256(String input, String key, String hmac) {
        if (isHex(hmac)) {
            try {
                byte[] requestHmac = Hex.decodeHex(hmac);
                byte[] hmacRes = hmac(input, key, HmacAlgorithms.HMAC_SHA_256);
                String hmacHex = Hex.encodeHexString(hmacRes);
                logger.debug("hex-mode: input={}; key={}; encoded={}; request-hmac: {}", input, key, hmacHex, hmac);
                return Arrays.equals(requestHmac, hmacRes);
            } catch (DecoderException ignore) {
                return false;
            }
        } else {
            //base64
            byte[] hmacRes = hmac(input, key, HmacAlgorithms.HMAC_SHA_256);
            String hmacB64 = Base64.encodeBase64String(hmacRes);
            logger.debug("b64-mode: input={}; key={}; encoded={}; request-hmac: {}", input, key, hmacB64, hmac);
            byte[] requestHmac = Base64.decodeBase64(hmac);
            return Arrays.equals(requestHmac, hmacRes);
        }
    }
    private static boolean isHex(String str) {
        return str != null && str.toUpperCase(Locale.ROOT).matches("^[0-9A-F]+$");
    }
    private static byte[] hmac(String input, String key, HmacAlgorithms algorithm) {
        Mac mac = HmacUtils.getInitializedMac(algorithm, key.getBytes(StandardCharsets.UTF_8));
        byte[] content = input.getBytes(StandardCharsets.UTF_8);
        return mac.doFinal(content);
    }
 }
--- a/src/main/java/au/com/royalpay/payment/manage/shopify/support/ShopifyEndpoint.java
+++ b/src/main/java/au/com/royalpay/payment/manage/shopify/support/ShopifyEndpoint.java
@ -1,9 +0,0 @@
 package au.com.royalpay.payment.manage.shopify.support;
 import java.lang.annotation.*;
@Documented
@Retention(RetentionPolicy.RUNTIME)
@Target({ElementType.METHOD, ElementType.TYPE})
 public @interface ShopifyEndpoint {
 }
--- a/src/main/java/au/com/royalpay/payment/manage/shopify/support/ShopifyHttpUtils.java
+++ b/src/main/java/au/com/royalpay/payment/manage/shopify/support/ShopifyHttpUtils.java
@ -1,28 +0,0 @@
 package au.com.royalpay.payment.manage.shopify.support;
 import au.com.royalpay.payment.tools.exceptions.ServerErrorException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.util.StreamUtils;
 import javax.servlet.http.HttpServletRequest;
 import java.io.IOException;
 import java.io.InputStream;
 import java.nio.charset.StandardCharsets;
 public class ShopifyHttpUtils {
    private ShopifyHttpUtils() {
    }
    private static final Logger logger = LoggerFactory.getLogger(ShopifyHttpUtils.class);
    public static String getRequestBody(HttpServletRequest request) {
        try (InputStream in = request.getInputStream()) {
            String body = StreamUtils.copyToString(in, StandardCharsets.UTF_8);
            logger.debug("Shopify read body |-{}", body);
            return body;
        } catch (IOException e) {
            throw new ServerErrorException("Failed to read request content");
        }
    }
 }
--- a/src/main/java/au/com/royalpay/payment/manage/shopify/support/ShopifyRequestInfoInterceptor.java
+++ b/src/main/java/au/com/royalpay/payment/manage/shopify/support/ShopifyRequestInfoInterceptor.java
@ -1,51 +0,0 @@
 package au.com.royalpay.payment.manage.shopify.support;
 import com.alibaba.fastjson.JSON;
 import org.apache.commons.lang3.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.core.annotation.AnnotatedElementUtils;
 import org.springframework.http.HttpMethod;
 import org.springframework.web.method.HandlerMethod;
 import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.lang.reflect.Method;
 import java.util.Optional;
 public class ShopifyRequestInfoInterceptor extends HandlerInterceptorAdapter {
    private Logger logger = LoggerFactory.getLogger(getClass());
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        if (!(handler instanceof HandlerMethod)){
            return super.preHandle(request, response, handler);
        }
        Method method = ((HandlerMethod) handler).getMethod();
        if(HttpMethod.GET.matches(request.getMethod())) {
            if (AnnotatedElementUtils.isAnnotated(method, ShopifyEndpoint.class)) {
                String shop = request.getParameter("shop");
                if (StringUtils.isNotBlank(shop)) {
                    response.addHeader("Content-Security-Policy", "frame-ancestors 'none'");
                }
            }
        }
        if (HttpMethod.POST.matches(request.getMethod())) {
            if (AnnotatedElementUtils.isAnnotated(method, ShopifyEndpoint.class)) {
                String requestBody = ShopifyHttpUtils.getRequestBody(request);
                logger.debug("shopify request body:[POST]{}  -->{}", request.getRequestURI(), requestBody);
                String shop = Optional.ofNullable(requestBody).map(JSON::parseObject).map(body->body.getString("shop_domain")).orElse(null);
                if (StringUtils.isNotBlank(shop)) {
                    response.addHeader("Content-Security-Policy", "frame-ancestors 'none'");
                }
            }
        }
        return super.preHandle(request, response, handler);
    }
 }
--- a/src/main/java/au/com/royalpay/payment/manage/shopify/support/SpringContextUtil.java
+++ b/src/main/java/au/com/royalpay/payment/manage/shopify/support/SpringContextUtil.java
@ -1,37 +0,0 @@
 package au.com.royalpay.payment.manage.shopify.support;
 import org.apache.poi.ss.formula.functions.T;
 import org.springframework.beans.BeansException;
 import org.springframework.context.ApplicationContext;
 public class SpringContextUtil {
    // Spring应用上下文环境
    private static ApplicationContext applicationContext;
    /**
     * 实现ApplicationContextAware接口的回调方法，设置上下文环境
     */
    public static void setApplicationContext(ApplicationContext applicationContext)throws BeansException {
        SpringContextUtil.applicationContext = applicationContext;
    }
    public static ApplicationContext getApplicationContext() {
        return applicationContext;
    }
    /**
     *  根据beanId返回Spring中的实例
     * @Date 2019-08-07 17:36
     * @param
     * @return
     **/
    public static Object getBean(String beanId) throws BeansException {
        return applicationContext.getBean(beanId);
    }
    public static Object getBean(Class<T> className) {
        return applicationContext.getBean(className);
    }
 }
--- a/src/main/resources/graphql/paymentsAppConfigure.graphql
+++ b/src/main/resources/graphql/paymentsAppConfigure.graphql
@ -1,8 +0,0 @@
 mutation PaymentsAppConfigure($externalHandle: String, $ready: Boolean!) {
    paymentsAppConfigure(externalHandle: $externalHandle, ready: $ready) {
        userErrors{
            field
            message
        }
    }
 }
--- a/src/test/java/au/com/royalpay/payment/manage/shopify/support/HmacVerificationUtilTest.java
+++ b/src/test/java/au/com/royalpay/payment/manage/shopify/support/HmacVerificationUtilTest.java
@ -1,5 +1,6 @@
 package au.com.royalpay.payment.manage.shopify.support;
 import au.com.royalpay.shopify.support.HmacVerificationUtil;
 import org.junit.jupiter.api.Test;
 import org.springframework.web.util.UriComponentsBuilder;