upgrade shopify OAuth process

3 years ago · c844d0d26d
parent 5f377f9d18
commit c844d0d26d
6 changed files with 10 additions and 8 deletions
--- a/src/main/java/au/com/royalpay/payment/manage/shopify/hooks/ShopifyWebhooksController.java
+++ b/src/main/java/au/com/royalpay/payment/manage/shopify/hooks/ShopifyWebhooksController.java
@ -14,6 +14,7 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.*;

 import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;

@Slf4j
@RestController
@ -32,12 +33,14 @@ public class ShopifyWebhooksController {
     */
    @PostMapping("/customer/request")
    public void customerRequest(@RequestHeader("X-Shopify-Hmac-SHA256") String hmac,
-                                HttpServletRequest request) {
+                                HttpServletRequest request,
+                                HttpServletResponse response) {
        String requestBody = ShopifyHttpUtils.getRequestBody(request);
        if (!shopifyRequestValidator.verify(requestBody, hmac)) {
            throw new ShopifyRequestVerifyException("Unauthorized");
        }
        ShopifyCustomerRequestCommand shopifyCustomerRequestCommand = JSONObject.parseObject(requestBody, ShopifyCustomerRequestCommand.class);
+        response.setHeader("content-security-policy", "frame-ancestors https://" + shopifyCustomerRequestCommand.getShop_domain() + ".myshopify.com https://admin.shopify.com");
    }

    /**
@ -46,12 +49,14 @@ public class ShopifyWebhooksController {
     */
    @PostMapping("/customer/erasure")
    public void customerRedact(@RequestHeader("X-Shopify-Hmac-SHA256") String hmac,
-                               HttpServletRequest request) {
+                               HttpServletRequest request,
+                               HttpServletResponse response) {
        String requestBody = ShopifyHttpUtils.getRequestBody(request);
        if (!shopifyRequestValidator.verify(requestBody, hmac)) {
            throw new ShopifyRequestVerifyException("Unauthorized");
        }
        ShopifyCustomerRedactCommand shopifyCustomerRedactCommand = JSONObject.parseObject(requestBody, ShopifyCustomerRedactCommand.class);
+        response.setHeader("content-security-policy", "frame-ancestors https://" + shopifyCustomerRedactCommand.getShop_domain() + ".myshopify.com https://admin.shopify.com");
    }

    /**
@ -60,7 +65,8 @@ public class ShopifyWebhooksController {
     */
    @PostMapping("/shop/erasure")
    public void shopRedact(@RequestHeader("X-Shopify-Hmac-SHA256") String hmac,
-                           HttpServletRequest request) {
+                           HttpServletRequest request,
+                           HttpServletResponse response) {
        String requestBody = ShopifyHttpUtils.getRequestBody(request);
        if (!shopifyRequestValidator.verify(requestBody, hmac)) {
            throw new ShopifyRequestVerifyException("Unauthorized");
@ -71,5 +77,6 @@ public class ShopifyWebhooksController {
            return;
        }
        shopifyStoreService.modifyShopifyStore(shopifyShop.setStatus(0));
+        response.setHeader("content-security-policy", "frame-ancestors https://" + shopifyShopRedactCommand.getShop_domain() + ".myshopify.com https://admin.shopify.com");
    }
 }
--- a/src/main/resources/templates/shopify/auth_back.html
+++ b/src/main/resources/templates/shopify/auth_back.html
@ -2,7 +2,6 @@
 <html lang="en">
 <head>
    <meta charset="UTF-8">
-    <meta http-equiv="Content-Security-Policy" content="frame-ancestors 'none'">
    <title>Auth</title>
    <link rel="stylesheet" type="text/css" href="/static/lib/bootstrap/css/bootstrap.min.css">
    <script type="text/javascript" src="/static/lib/jquery/jquery-2.1.4.min.js"></script>
--- a/src/main/ui/static/shopify/auth/templates/auth_root.html
+++ b/src/main/ui/static/shopify/auth/templates/auth_root.html
@ -2,7 +2,6 @@
 <html lang="en">
 <head>
  <meta charset="UTF-8">
-  <meta http-equiv="Content-Security-Policy" content="frame-ancestors 'none'">
  <title>Title</title>

  <style>
--- a/src/main/ui/static/shopify/auth/templates/shopify_auth.html
+++ b/src/main/ui/static/shopify/auth/templates/shopify_auth.html
@ -2,7 +2,6 @@
 <html lang="en">
 <head>
    <meta charset="UTF-8">
-    <meta http-equiv="Content-Security-Policy" content="frame-ancestors 'none'">
    <title>Title</title>

    <style>
--- a/src/main/ui/static/shopify/auth/templates/shopify_login.html
+++ b/src/main/ui/static/shopify/auth/templates/shopify_login.html
@ -2,7 +2,6 @@
 <html lang="en">
 <head>
    <meta charset="UTF-8">
-    <meta http-equiv="Content-Security-Policy" content="frame-ancestors 'none'">
    <title>Title</title>

    <style>
--- a/src/main/ui/static/shopify/auth/templates/shopify_register.html
+++ b/src/main/ui/static/shopify/auth/templates/shopify_register.html
@ -2,7 +2,6 @@
 <html lang="en">
 <head>
    <meta charset="UTF-8">
-    <meta http-equiv="Content-Security-Policy" content="frame-ancestors 'none'">
    <title>Title</title>
    <style>
        .col-centered {