upgrade shopify OAuth process

master
ycfxx 3 years ago
parent 5f377f9d18
commit c844d0d26d

@ -14,6 +14,7 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.*; import org.springframework.web.bind.annotation.*;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@Slf4j @Slf4j
@RestController @RestController
@ -32,12 +33,14 @@ public class ShopifyWebhooksController {
*/ */
@PostMapping("/customer/request") @PostMapping("/customer/request")
public void customerRequest(@RequestHeader("X-Shopify-Hmac-SHA256") String hmac, public void customerRequest(@RequestHeader("X-Shopify-Hmac-SHA256") String hmac,
HttpServletRequest request) { HttpServletRequest request,
HttpServletResponse response) {
String requestBody = ShopifyHttpUtils.getRequestBody(request); String requestBody = ShopifyHttpUtils.getRequestBody(request);
if (!shopifyRequestValidator.verify(requestBody, hmac)) { if (!shopifyRequestValidator.verify(requestBody, hmac)) {
throw new ShopifyRequestVerifyException("Unauthorized"); throw new ShopifyRequestVerifyException("Unauthorized");
} }
ShopifyCustomerRequestCommand shopifyCustomerRequestCommand = JSONObject.parseObject(requestBody, ShopifyCustomerRequestCommand.class); ShopifyCustomerRequestCommand shopifyCustomerRequestCommand = JSONObject.parseObject(requestBody, ShopifyCustomerRequestCommand.class);
response.setHeader("content-security-policy", "frame-ancestors https://" + shopifyCustomerRequestCommand.getShop_domain() + ".myshopify.com https://admin.shopify.com");
} }
/** /**
@ -46,12 +49,14 @@ public class ShopifyWebhooksController {
*/ */
@PostMapping("/customer/erasure") @PostMapping("/customer/erasure")
public void customerRedact(@RequestHeader("X-Shopify-Hmac-SHA256") String hmac, public void customerRedact(@RequestHeader("X-Shopify-Hmac-SHA256") String hmac,
HttpServletRequest request) { HttpServletRequest request,
HttpServletResponse response) {
String requestBody = ShopifyHttpUtils.getRequestBody(request); String requestBody = ShopifyHttpUtils.getRequestBody(request);
if (!shopifyRequestValidator.verify(requestBody, hmac)) { if (!shopifyRequestValidator.verify(requestBody, hmac)) {
throw new ShopifyRequestVerifyException("Unauthorized"); throw new ShopifyRequestVerifyException("Unauthorized");
} }
ShopifyCustomerRedactCommand shopifyCustomerRedactCommand = JSONObject.parseObject(requestBody, ShopifyCustomerRedactCommand.class); ShopifyCustomerRedactCommand shopifyCustomerRedactCommand = JSONObject.parseObject(requestBody, ShopifyCustomerRedactCommand.class);
response.setHeader("content-security-policy", "frame-ancestors https://" + shopifyCustomerRedactCommand.getShop_domain() + ".myshopify.com https://admin.shopify.com");
} }
/** /**
@ -60,7 +65,8 @@ public class ShopifyWebhooksController {
*/ */
@PostMapping("/shop/erasure") @PostMapping("/shop/erasure")
public void shopRedact(@RequestHeader("X-Shopify-Hmac-SHA256") String hmac, public void shopRedact(@RequestHeader("X-Shopify-Hmac-SHA256") String hmac,
HttpServletRequest request) { HttpServletRequest request,
HttpServletResponse response) {
String requestBody = ShopifyHttpUtils.getRequestBody(request); String requestBody = ShopifyHttpUtils.getRequestBody(request);
if (!shopifyRequestValidator.verify(requestBody, hmac)) { if (!shopifyRequestValidator.verify(requestBody, hmac)) {
throw new ShopifyRequestVerifyException("Unauthorized"); throw new ShopifyRequestVerifyException("Unauthorized");
@ -71,5 +77,6 @@ public class ShopifyWebhooksController {
return; return;
} }
shopifyStoreService.modifyShopifyStore(shopifyShop.setStatus(0)); shopifyStoreService.modifyShopifyStore(shopifyShop.setStatus(0));
response.setHeader("content-security-policy", "frame-ancestors https://" + shopifyShopRedactCommand.getShop_domain() + ".myshopify.com https://admin.shopify.com");
} }
} }

@ -2,7 +2,6 @@
<html lang="en"> <html lang="en">
<head> <head>
<meta charset="UTF-8"> <meta charset="UTF-8">
<meta http-equiv="Content-Security-Policy" content="frame-ancestors 'none'">
<title>Auth</title> <title>Auth</title>
<link rel="stylesheet" type="text/css" href="/static/lib/bootstrap/css/bootstrap.min.css"> <link rel="stylesheet" type="text/css" href="/static/lib/bootstrap/css/bootstrap.min.css">
<script type="text/javascript" src="/static/lib/jquery/jquery-2.1.4.min.js"></script> <script type="text/javascript" src="/static/lib/jquery/jquery-2.1.4.min.js"></script>

@ -2,7 +2,6 @@
<html lang="en"> <html lang="en">
<head> <head>
<meta charset="UTF-8"> <meta charset="UTF-8">
<meta http-equiv="Content-Security-Policy" content="frame-ancestors 'none'">
<title>Title</title> <title>Title</title>
<style> <style>

@ -2,7 +2,6 @@
<html lang="en"> <html lang="en">
<head> <head>
<meta charset="UTF-8"> <meta charset="UTF-8">
<meta http-equiv="Content-Security-Policy" content="frame-ancestors 'none'">
<title>Title</title> <title>Title</title>
<style> <style>

@ -2,7 +2,6 @@
<html lang="en"> <html lang="en">
<head> <head>
<meta charset="UTF-8"> <meta charset="UTF-8">
<meta http-equiv="Content-Security-Policy" content="frame-ancestors 'none'">
<title>Title</title> <title>Title</title>
<style> <style>

@ -2,7 +2,6 @@
<html lang="en"> <html lang="en">
<head> <head>
<meta charset="UTF-8"> <meta charset="UTF-8">
<meta http-equiv="Content-Security-Policy" content="frame-ancestors 'none'">
<title>Title</title> <title>Title</title>
<style> <style>
.col-centered { .col-centered {

Loading…
Cancel
Save