shopify hmac optimise

3 years ago · dda1269b84
parent 1c249b1e3c
commit dda1269b84
2 changed files with 22 additions and 11 deletions
--- a/src/main/java/au/com/royalpay/payment/manage/shopify/auth/web/ShopifyAuthTemplateController.java
+++ b/src/main/java/au/com/royalpay/payment/manage/shopify/auth/web/ShopifyAuthTemplateController.java
@ -8,6 +8,7 @@ import au.com.royalpay.payment.manage.shopify.auth.domain.service.ShopifyRequest
 import au.com.royalpay.payment.manage.shopify.support.ShopifyEndpoint;
 import au.com.royalpay.payment.tools.env.PlatformEnvironment;
 import au.com.royalpay.payment.tools.exceptions.BadRequestException;
+import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.data.redis.core.StringRedisTemplate;
 import org.springframework.http.server.ServletServerHttpRequest;
@ -41,7 +42,10 @@ public class ShopifyAuthTemplateController {
    @GetMapping("/auth")
    @ShopifyEndpoint
    public String shopifyStorePermission(@RequestParam(value = "shop", required = false) String shop,
-                                         @RequestParam("hmac") String hmac, HttpServletRequest request) {
+                                         @RequestParam(value = "hmac", required = false) String hmac, HttpServletRequest request) {
+        if (StringUtils.isAnyEmpty(shop, hmac)) {
+            throw new BadRequestException("Parameter shop&hmac are required");
+        }
        if (!Pattern.matches("^[a-zA-Z0-9][a-zA-Z0-9\\-]*\\.myshopify\\.com", shop)) {
            throw new BadRequestException("Parameter shop is invalid.");
        }
@ -67,12 +71,15 @@ public class ShopifyAuthTemplateController {
     */
    @GetMapping("/auth/back")
    @ShopifyEndpoint
-    public String shopifyStoreAuthRedirect(@RequestParam("code") String code,
-                                                 @RequestParam("hmac") String hmac,
-                                                 @RequestParam("host") String host,
-                                                 @RequestParam("state") String state,
-                                                 @RequestParam("shop") String shop,
-                                                 @RequestParam("timestamp") String timestamp) {
+    public String shopifyStoreAuthRedirect(@RequestParam(value = "code", required = false) String code,
+                                           @RequestParam(value = "hmac", required = false) String hmac,
+                                           @RequestParam(value = "host", required = false) String host,
+                                           @RequestParam(value = "state", required = false) String state,
+                                           @RequestParam(value = "shop", required = false) String shop,
+                                           @RequestParam(value = "timestamp", required = false) String timestamp) {
+        if (StringUtils.isAnyEmpty(shop, hmac, host, state, shop, timestamp)) {
+            throw new BadRequestException("Parameter shop,hmac,host,state,shop,timestamp are required");
+        }
        if (!Pattern.matches("^[a-zA-Z0-9][a-zA-Z0-9\\-]*\\.myshopify\\.com", shop)) {
            throw new ShopifyRequestVerifyException("Parameter shop is invalid.");
        }
@ -90,7 +97,7 @@ public class ShopifyAuthTemplateController {
                .shop(shop)
                .timestamp(timestamp)
                .build();
-        if (!shopifyRequestValidator.valid(shopifyCommonParameter)) {
+        if (Boolean.FALSE.equals(shopifyRequestValidator.valid(shopifyCommonParameter))) {
            throw new ShopifyRequestVerifyException("This request parameters is invalid");
        }

--- a/src/main/java/au/com/royalpay/payment/manage/shopify/support/ShopifyRequestInfoInterceptor.java
+++ b/src/main/java/au/com/royalpay/payment/manage/shopify/support/ShopifyRequestInfoInterceptor.java
@ -1,7 +1,9 @@
 package au.com.royalpay.payment.manage.shopify.support;

-import com.alibaba.fastjson.JSONObject;
+import com.alibaba.fastjson.JSON;
 import org.apache.commons.lang3.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.core.annotation.AnnotatedElementUtils;
 import org.springframework.http.HttpMethod;
 import org.springframework.web.method.HandlerMethod;
@ -10,8 +12,10 @@ import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.lang.reflect.Method;
+import java.util.Optional;

 public class ShopifyRequestInfoInterceptor extends HandlerInterceptorAdapter {
+    private Logger logger = LoggerFactory.getLogger(getClass());

    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
@ -33,8 +37,8 @@ public class ShopifyRequestInfoInterceptor extends HandlerInterceptorAdapter {
            if (AnnotatedElementUtils.isAnnotated(method, ShopifyEndpoint.class)) {

                String requestBody = ShopifyHttpUtils.getRequestBody(request);
-                JSONObject body = JSONObject.parseObject(requestBody);
-                String shop = body.getString("shop_domain");
+                logger.debug("shopify request body:[POST]{}  -->{}", request.getRequestURI(), requestBody);
+                String shop = Optional.ofNullable(requestBody).map(JSON::parseObject).map(body->body.getString("shop_domain")).orElse(null);
                if (StringUtils.isNotBlank(shop)) {
                    response.addHeader("Content-Security-Policy", "frame-ancestors 'none'");
                }