shopify hmac optimise

master
Yixian 3 years ago
parent 1c249b1e3c
commit dda1269b84

@ -8,6 +8,7 @@ import au.com.royalpay.payment.manage.shopify.auth.domain.service.ShopifyRequest
import au.com.royalpay.payment.manage.shopify.support.ShopifyEndpoint;
import au.com.royalpay.payment.tools.env.PlatformEnvironment;
import au.com.royalpay.payment.tools.exceptions.BadRequestException;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.redis.core.StringRedisTemplate;
import org.springframework.http.server.ServletServerHttpRequest;
@ -41,7 +42,10 @@ public class ShopifyAuthTemplateController {
@GetMapping("/auth")
@ShopifyEndpoint
public String shopifyStorePermission(@RequestParam(value = "shop", required = false) String shop,
@RequestParam("hmac") String hmac, HttpServletRequest request) {
@RequestParam(value = "hmac", required = false) String hmac, HttpServletRequest request) {
if (StringUtils.isAnyEmpty(shop, hmac)) {
throw new BadRequestException("Parameter shop&hmac are required");
}
if (!Pattern.matches("^[a-zA-Z0-9][a-zA-Z0-9\\-]*\\.myshopify\\.com", shop)) {
throw new BadRequestException("Parameter shop is invalid.");
}
@ -67,12 +71,15 @@ public class ShopifyAuthTemplateController {
*/
@GetMapping("/auth/back")
@ShopifyEndpoint
public String shopifyStoreAuthRedirect(@RequestParam("code") String code,
@RequestParam("hmac") String hmac,
@RequestParam("host") String host,
@RequestParam("state") String state,
@RequestParam("shop") String shop,
@RequestParam("timestamp") String timestamp) {
public String shopifyStoreAuthRedirect(@RequestParam(value = "code", required = false) String code,
@RequestParam(value = "hmac", required = false) String hmac,
@RequestParam(value = "host", required = false) String host,
@RequestParam(value = "state", required = false) String state,
@RequestParam(value = "shop", required = false) String shop,
@RequestParam(value = "timestamp", required = false) String timestamp) {
if (StringUtils.isAnyEmpty(shop, hmac, host, state, shop, timestamp)) {
throw new BadRequestException("Parameter shop,hmac,host,state,shop,timestamp are required");
}
if (!Pattern.matches("^[a-zA-Z0-9][a-zA-Z0-9\\-]*\\.myshopify\\.com", shop)) {
throw new ShopifyRequestVerifyException("Parameter shop is invalid.");
}
@ -90,7 +97,7 @@ public class ShopifyAuthTemplateController {
.shop(shop)
.timestamp(timestamp)
.build();
if (!shopifyRequestValidator.valid(shopifyCommonParameter)) {
if (Boolean.FALSE.equals(shopifyRequestValidator.valid(shopifyCommonParameter))) {
throw new ShopifyRequestVerifyException("This request parameters is invalid");
}

@ -1,7 +1,9 @@
package au.com.royalpay.payment.manage.shopify.support;
import com.alibaba.fastjson.JSONObject;
import com.alibaba.fastjson.JSON;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.annotation.AnnotatedElementUtils;
import org.springframework.http.HttpMethod;
import org.springframework.web.method.HandlerMethod;
@ -10,8 +12,10 @@ import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.lang.reflect.Method;
import java.util.Optional;
public class ShopifyRequestInfoInterceptor extends HandlerInterceptorAdapter {
private Logger logger = LoggerFactory.getLogger(getClass());
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
@ -33,8 +37,8 @@ public class ShopifyRequestInfoInterceptor extends HandlerInterceptorAdapter {
if (AnnotatedElementUtils.isAnnotated(method, ShopifyEndpoint.class)) {
String requestBody = ShopifyHttpUtils.getRequestBody(request);
JSONObject body = JSONObject.parseObject(requestBody);
String shop = body.getString("shop_domain");
logger.debug("shopify request body:[POST]{} -->{}", request.getRequestURI(), requestBody);
String shop = Optional.ofNullable(requestBody).map(JSON::parseObject).map(body->body.getString("shop_domain")).orElse(null);
if (StringUtils.isNotBlank(shop)) {
response.addHeader("Content-Security-Policy", "frame-ancestors 'none'");
}

Loading…
Cancel
Save