From c844d0d26d0610077ff68576ee907f82838b63e7 Mon Sep 17 00:00:00 2001 From: ycfxx Date: Mon, 7 Feb 2022 16:44:50 +0800 Subject: [PATCH] upgrade shopify OAuth process --- .../shopify/hooks/ShopifyWebhooksController.java | 13 ++++++++++--- src/main/resources/templates/shopify/auth_back.html | 1 - .../ui/static/shopify/auth/templates/auth_root.html | 1 - .../static/shopify/auth/templates/shopify_auth.html | 1 - .../shopify/auth/templates/shopify_login.html | 1 - .../shopify/auth/templates/shopify_register.html | 1 - 6 files changed, 10 insertions(+), 8 deletions(-) diff --git a/src/main/java/au/com/royalpay/payment/manage/shopify/hooks/ShopifyWebhooksController.java b/src/main/java/au/com/royalpay/payment/manage/shopify/hooks/ShopifyWebhooksController.java index 0b620a206..05e2bb31a 100644 --- a/src/main/java/au/com/royalpay/payment/manage/shopify/hooks/ShopifyWebhooksController.java +++ b/src/main/java/au/com/royalpay/payment/manage/shopify/hooks/ShopifyWebhooksController.java @@ -14,6 +14,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.*; import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; @Slf4j @RestController @@ -32,12 +33,14 @@ public class ShopifyWebhooksController { */ @PostMapping("/customer/request") public void customerRequest(@RequestHeader("X-Shopify-Hmac-SHA256") String hmac, - HttpServletRequest request) { + HttpServletRequest request, + HttpServletResponse response) { String requestBody = ShopifyHttpUtils.getRequestBody(request); if (!shopifyRequestValidator.verify(requestBody, hmac)) { throw new ShopifyRequestVerifyException("Unauthorized"); } ShopifyCustomerRequestCommand shopifyCustomerRequestCommand = JSONObject.parseObject(requestBody, ShopifyCustomerRequestCommand.class); + response.setHeader("content-security-policy", "frame-ancestors https://" + shopifyCustomerRequestCommand.getShop_domain() + ".myshopify.com https://admin.shopify.com"); } /** @@ -46,12 +49,14 @@ public class ShopifyWebhooksController { */ @PostMapping("/customer/erasure") public void customerRedact(@RequestHeader("X-Shopify-Hmac-SHA256") String hmac, - HttpServletRequest request) { + HttpServletRequest request, + HttpServletResponse response) { String requestBody = ShopifyHttpUtils.getRequestBody(request); if (!shopifyRequestValidator.verify(requestBody, hmac)) { throw new ShopifyRequestVerifyException("Unauthorized"); } ShopifyCustomerRedactCommand shopifyCustomerRedactCommand = JSONObject.parseObject(requestBody, ShopifyCustomerRedactCommand.class); + response.setHeader("content-security-policy", "frame-ancestors https://" + shopifyCustomerRedactCommand.getShop_domain() + ".myshopify.com https://admin.shopify.com"); } /** @@ -60,7 +65,8 @@ public class ShopifyWebhooksController { */ @PostMapping("/shop/erasure") public void shopRedact(@RequestHeader("X-Shopify-Hmac-SHA256") String hmac, - HttpServletRequest request) { + HttpServletRequest request, + HttpServletResponse response) { String requestBody = ShopifyHttpUtils.getRequestBody(request); if (!shopifyRequestValidator.verify(requestBody, hmac)) { throw new ShopifyRequestVerifyException("Unauthorized"); @@ -71,5 +77,6 @@ public class ShopifyWebhooksController { return; } shopifyStoreService.modifyShopifyStore(shopifyShop.setStatus(0)); + response.setHeader("content-security-policy", "frame-ancestors https://" + shopifyShopRedactCommand.getShop_domain() + ".myshopify.com https://admin.shopify.com"); } } diff --git a/src/main/resources/templates/shopify/auth_back.html b/src/main/resources/templates/shopify/auth_back.html index ddb681f82..afe68c072 100644 --- a/src/main/resources/templates/shopify/auth_back.html +++ b/src/main/resources/templates/shopify/auth_back.html @@ -2,7 +2,6 @@ - Auth diff --git a/src/main/ui/static/shopify/auth/templates/auth_root.html b/src/main/ui/static/shopify/auth/templates/auth_root.html index 02274e3b8..ccb6db5c9 100644 --- a/src/main/ui/static/shopify/auth/templates/auth_root.html +++ b/src/main/ui/static/shopify/auth/templates/auth_root.html @@ -2,7 +2,6 @@ - Title