From dda1269b846e9093de03f232943445e39f648292 Mon Sep 17 00:00:00 2001 From: Yixian Date: Thu, 7 Apr 2022 17:52:43 +0800 Subject: [PATCH] shopify hmac optimise --- .../web/ShopifyAuthTemplateController.java | 23 ++++++++++++------- .../ShopifyRequestInfoInterceptor.java | 10 +++++--- 2 files changed, 22 insertions(+), 11 deletions(-) diff --git a/src/main/java/au/com/royalpay/payment/manage/shopify/auth/web/ShopifyAuthTemplateController.java b/src/main/java/au/com/royalpay/payment/manage/shopify/auth/web/ShopifyAuthTemplateController.java index 85dc87aea..c3b210ec3 100644 --- a/src/main/java/au/com/royalpay/payment/manage/shopify/auth/web/ShopifyAuthTemplateController.java +++ b/src/main/java/au/com/royalpay/payment/manage/shopify/auth/web/ShopifyAuthTemplateController.java @@ -8,6 +8,7 @@ import au.com.royalpay.payment.manage.shopify.auth.domain.service.ShopifyRequest import au.com.royalpay.payment.manage.shopify.support.ShopifyEndpoint; import au.com.royalpay.payment.tools.env.PlatformEnvironment; import au.com.royalpay.payment.tools.exceptions.BadRequestException; +import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.data.redis.core.StringRedisTemplate; import org.springframework.http.server.ServletServerHttpRequest; @@ -41,7 +42,10 @@ public class ShopifyAuthTemplateController { @GetMapping("/auth") @ShopifyEndpoint public String shopifyStorePermission(@RequestParam(value = "shop", required = false) String shop, - @RequestParam("hmac") String hmac, HttpServletRequest request) { + @RequestParam(value = "hmac", required = false) String hmac, HttpServletRequest request) { + if (StringUtils.isAnyEmpty(shop, hmac)) { + throw new BadRequestException("Parameter shop&hmac are required"); + } if (!Pattern.matches("^[a-zA-Z0-9][a-zA-Z0-9\\-]*\\.myshopify\\.com", shop)) { throw new BadRequestException("Parameter shop is invalid."); } @@ -67,12 +71,15 @@ public class ShopifyAuthTemplateController { */ @GetMapping("/auth/back") @ShopifyEndpoint - public String shopifyStoreAuthRedirect(@RequestParam("code") String code, - @RequestParam("hmac") String hmac, - @RequestParam("host") String host, - @RequestParam("state") String state, - @RequestParam("shop") String shop, - @RequestParam("timestamp") String timestamp) { + public String shopifyStoreAuthRedirect(@RequestParam(value = "code", required = false) String code, + @RequestParam(value = "hmac", required = false) String hmac, + @RequestParam(value = "host", required = false) String host, + @RequestParam(value = "state", required = false) String state, + @RequestParam(value = "shop", required = false) String shop, + @RequestParam(value = "timestamp", required = false) String timestamp) { + if (StringUtils.isAnyEmpty(shop, hmac, host, state, shop, timestamp)) { + throw new BadRequestException("Parameter shop,hmac,host,state,shop,timestamp are required"); + } if (!Pattern.matches("^[a-zA-Z0-9][a-zA-Z0-9\\-]*\\.myshopify\\.com", shop)) { throw new ShopifyRequestVerifyException("Parameter shop is invalid."); } @@ -90,7 +97,7 @@ public class ShopifyAuthTemplateController { .shop(shop) .timestamp(timestamp) .build(); - if (!shopifyRequestValidator.valid(shopifyCommonParameter)) { + if (Boolean.FALSE.equals(shopifyRequestValidator.valid(shopifyCommonParameter))) { throw new ShopifyRequestVerifyException("This request parameters is invalid"); } diff --git a/src/main/java/au/com/royalpay/payment/manage/shopify/support/ShopifyRequestInfoInterceptor.java b/src/main/java/au/com/royalpay/payment/manage/shopify/support/ShopifyRequestInfoInterceptor.java index 0d4c8270b..fc9934f1b 100644 --- a/src/main/java/au/com/royalpay/payment/manage/shopify/support/ShopifyRequestInfoInterceptor.java +++ b/src/main/java/au/com/royalpay/payment/manage/shopify/support/ShopifyRequestInfoInterceptor.java @@ -1,7 +1,9 @@ package au.com.royalpay.payment.manage.shopify.support; -import com.alibaba.fastjson.JSONObject; +import com.alibaba.fastjson.JSON; import org.apache.commons.lang3.StringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.springframework.core.annotation.AnnotatedElementUtils; import org.springframework.http.HttpMethod; import org.springframework.web.method.HandlerMethod; @@ -10,8 +12,10 @@ import org.springframework.web.servlet.handler.HandlerInterceptorAdapter; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.lang.reflect.Method; +import java.util.Optional; public class ShopifyRequestInfoInterceptor extends HandlerInterceptorAdapter { + private Logger logger = LoggerFactory.getLogger(getClass()); @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { @@ -33,8 +37,8 @@ public class ShopifyRequestInfoInterceptor extends HandlerInterceptorAdapter { if (AnnotatedElementUtils.isAnnotated(method, ShopifyEndpoint.class)) { String requestBody = ShopifyHttpUtils.getRequestBody(request); - JSONObject body = JSONObject.parseObject(requestBody); - String shop = body.getString("shop_domain"); + logger.debug("shopify request body:[POST]{} -->{}", request.getRequestURI(), requestBody); + String shop = Optional.ofNullable(requestBody).map(JSON::parseObject).map(body->body.getString("shop_domain")).orElse(null); if (StringUtils.isNotBlank(shop)) { response.addHeader("Content-Security-Policy", "frame-ancestors 'none'"); }