upgrade shopify OAuth process

master
ycfxx 3 years ago
parent 5f377f9d18
commit c844d0d26d

@ -14,6 +14,7 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@Slf4j
@RestController
@ -32,12 +33,14 @@ public class ShopifyWebhooksController {
*/
@PostMapping("/customer/request")
public void customerRequest(@RequestHeader("X-Shopify-Hmac-SHA256") String hmac,
HttpServletRequest request) {
HttpServletRequest request,
HttpServletResponse response) {
String requestBody = ShopifyHttpUtils.getRequestBody(request);
if (!shopifyRequestValidator.verify(requestBody, hmac)) {
throw new ShopifyRequestVerifyException("Unauthorized");
}
ShopifyCustomerRequestCommand shopifyCustomerRequestCommand = JSONObject.parseObject(requestBody, ShopifyCustomerRequestCommand.class);
response.setHeader("content-security-policy", "frame-ancestors https://" + shopifyCustomerRequestCommand.getShop_domain() + ".myshopify.com https://admin.shopify.com");
}
/**
@ -46,12 +49,14 @@ public class ShopifyWebhooksController {
*/
@PostMapping("/customer/erasure")
public void customerRedact(@RequestHeader("X-Shopify-Hmac-SHA256") String hmac,
HttpServletRequest request) {
HttpServletRequest request,
HttpServletResponse response) {
String requestBody = ShopifyHttpUtils.getRequestBody(request);
if (!shopifyRequestValidator.verify(requestBody, hmac)) {
throw new ShopifyRequestVerifyException("Unauthorized");
}
ShopifyCustomerRedactCommand shopifyCustomerRedactCommand = JSONObject.parseObject(requestBody, ShopifyCustomerRedactCommand.class);
response.setHeader("content-security-policy", "frame-ancestors https://" + shopifyCustomerRedactCommand.getShop_domain() + ".myshopify.com https://admin.shopify.com");
}
/**
@ -60,7 +65,8 @@ public class ShopifyWebhooksController {
*/
@PostMapping("/shop/erasure")
public void shopRedact(@RequestHeader("X-Shopify-Hmac-SHA256") String hmac,
HttpServletRequest request) {
HttpServletRequest request,
HttpServletResponse response) {
String requestBody = ShopifyHttpUtils.getRequestBody(request);
if (!shopifyRequestValidator.verify(requestBody, hmac)) {
throw new ShopifyRequestVerifyException("Unauthorized");
@ -71,5 +77,6 @@ public class ShopifyWebhooksController {
return;
}
shopifyStoreService.modifyShopifyStore(shopifyShop.setStatus(0));
response.setHeader("content-security-policy", "frame-ancestors https://" + shopifyShopRedactCommand.getShop_domain() + ".myshopify.com https://admin.shopify.com");
}
}

@ -2,7 +2,6 @@
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="Content-Security-Policy" content="frame-ancestors 'none'">
<title>Auth</title>
<link rel="stylesheet" type="text/css" href="/static/lib/bootstrap/css/bootstrap.min.css">
<script type="text/javascript" src="/static/lib/jquery/jquery-2.1.4.min.js"></script>

@ -2,7 +2,6 @@
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="Content-Security-Policy" content="frame-ancestors 'none'">
<title>Title</title>
<style>

@ -2,7 +2,6 @@
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="Content-Security-Policy" content="frame-ancestors 'none'">
<title>Title</title>
<style>

@ -2,7 +2,6 @@
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="Content-Security-Policy" content="frame-ancestors 'none'">
<title>Title</title>
<style>

@ -2,7 +2,6 @@
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="Content-Security-Policy" content="frame-ancestors 'none'">
<title>Title</title>
<style>
.col-centered {

Loading…
Cancel
Save