|
|
|
@ -37,11 +37,11 @@ public class ShopifyWebhooksController {
|
|
|
|
|
HttpServletRequest request,
|
|
|
|
|
HttpServletResponse response) {
|
|
|
|
|
String requestBody = ShopifyHttpUtils.getRequestBody(request);
|
|
|
|
|
ShopifyCustomerRequestCommand shopifyCustomerRequestCommand = JSONObject.parseObject(requestBody, ShopifyCustomerRequestCommand.class);
|
|
|
|
|
response.setHeader("Content-Security-Policy", "frame-ancestors https://" + shopifyCustomerRequestCommand.getShop_domain() + ".myshopify.com https://admin.shopify.com");
|
|
|
|
|
if (!shopifyRequestValidator.verify(requestBody, hmac)) {
|
|
|
|
|
throw new ShopifyRequestVerifyException("Unauthorized");
|
|
|
|
|
}
|
|
|
|
|
ShopifyCustomerRequestCommand shopifyCustomerRequestCommand = JSONObject.parseObject(requestBody, ShopifyCustomerRequestCommand.class);
|
|
|
|
|
response.setHeader("Content-Security-Policy", "frame-ancestors https://" + shopifyCustomerRequestCommand.getShop_domain() + ".myshopify.com https://admin.shopify.com");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
@ -49,16 +49,15 @@ public class ShopifyWebhooksController {
|
|
|
|
|
*
|
|
|
|
|
*/
|
|
|
|
|
@PostMapping("/customer/erasure")
|
|
|
|
|
public ResponseEntity<Void> customerRedact(@RequestHeader("X-Shopify-Hmac-SHA256") String hmac,
|
|
|
|
|
public void customerRedact(@RequestHeader("X-Shopify-Hmac-SHA256") String hmac,
|
|
|
|
|
HttpServletRequest request,
|
|
|
|
|
HttpServletResponse response) {
|
|
|
|
|
String requestBody = ShopifyHttpUtils.getRequestBody(request);
|
|
|
|
|
ShopifyCustomerRedactCommand shopifyCustomerRedactCommand = JSONObject.parseObject(requestBody, ShopifyCustomerRedactCommand.class);
|
|
|
|
|
response.setHeader("Content-Security-Policy", "frame-ancestors https://" + shopifyCustomerRedactCommand.getShop_domain() + ".myshopify.com https://admin.shopify.com");
|
|
|
|
|
if (!shopifyRequestValidator.verify(requestBody, hmac)) {
|
|
|
|
|
throw new ShopifyRequestVerifyException("Unauthorized");
|
|
|
|
|
}
|
|
|
|
|
ShopifyCustomerRedactCommand shopifyCustomerRedactCommand = JSONObject.parseObject(requestBody, ShopifyCustomerRedactCommand.class);
|
|
|
|
|
return ResponseEntity.ok().header("Content-Security-Policy", "frame-ancestors https://" + shopifyCustomerRedactCommand.getShop_domain() + ".myshopify.com https://admin.shopify.com")
|
|
|
|
|
.build();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
@ -70,15 +69,16 @@ public class ShopifyWebhooksController {
|
|
|
|
|
HttpServletRequest request,
|
|
|
|
|
HttpServletResponse response) {
|
|
|
|
|
String requestBody = ShopifyHttpUtils.getRequestBody(request);
|
|
|
|
|
ShopifyShopRedactCommand shopifyShopRedactCommand = JSONObject.parseObject(requestBody, ShopifyShopRedactCommand.class);
|
|
|
|
|
response.setHeader("Content-Security-Policy", "frame-ancestors https://" + shopifyShopRedactCommand.getShop_domain() + ".myshopify.com https://admin.shopify.com");
|
|
|
|
|
if (!shopifyRequestValidator.verify(requestBody, hmac)) {
|
|
|
|
|
throw new ShopifyRequestVerifyException("Unauthorized");
|
|
|
|
|
}
|
|
|
|
|
ShopifyShopRedactCommand shopifyShopRedactCommand = JSONObject.parseObject(requestBody, ShopifyShopRedactCommand.class);
|
|
|
|
|
|
|
|
|
|
ShopifyStore shopifyShop = shopifyStoreService.getByShopifyShop(shopifyShopRedactCommand.getShop_domain());
|
|
|
|
|
if (shopifyShop == null) {
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
shopifyStoreService.modifyShopifyStore(shopifyShop.setStatus(0));
|
|
|
|
|
response.setHeader("Content-Security-Policy", "frame-ancestors https://" + shopifyShopRedactCommand.getShop_domain() + ".myshopify.com https://admin.shopify.com");
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|