0

我正在开发一个带有 rails 的 Shopify 应用程序,我想避免将来出现它的安全性问题。我不知道我该怎么做,所以我希望你能指导我......

Webhook 控制器:

module ShopifyApp
class WebhooksController < ActionController::Base
   include ShopifyApp::WebhookVerification

  class ShopifyApp::MissingWebhookJobError < StandardError; end

  def receive
    params.try(:permit!)
    job_args = {shop_domain: shop_domain, webhook: webhook_params.to_h}
    webhook_job_klass.perform_later(job_args)
    head :no_content
  end

  private

  def webhook_params
    params.except(:controller, :action, :type)
  end

  def webhook_job_klass
    "#{webhook_type.classify}Job".safe_constantize or raise ShopifyApp::MissingWebhookJobError
  end

  def webhook_type
    params[:type]
  end
 end
end

我已经阅读了有关检查 Webhook 的 HMAC 的信息,但我不知道我是否必须自己实现它,或者上面的代码是否真的在这样做。

关于前端......我应该对视图或控制器进行一些安全检查吗?

感谢您的关注和您的知识。

4

1 回答 1

0

I've read about it and it's not neccesary to write the security of Webhooks.

The line include ShopifyApp::WebhookVerification does all the process. WebhookVerification it's included in the gem 'shopify_api', so we just have to include the gem and copy the code above to manage the webhooks.

If we want to test webhooks through the Shopify admin: Settings>Notifications>Webhooks then we should implement this code.

于 2018-02-14T17:19:37.620 回答