堆栈内存溢出
  简体   繁体   English

如何为Shopify应用程序增加安全性? (webhooks和前端)

[英]How can I add security to my Shopify App? (webhooks & front-end)

 原文  2018-01-19 17:27:03       ruby-on-rails/ webhooks/ shopify-app

问题描述

I'm developing a Shopify App with rails and I would like to avoid future problems with the security of it . 我正在开发带导轨的Shopify应用程序, 我想避免它在安全性方面的未来问题 I don't know what I should do with it so I hope you could guide me with that... 我不知道该怎么办,所以希望您能以此为指导...

The Webhooks Controller: Webhooks控制器: 

module ShopifyApp
class WebhooksController < ActionController::Base
   include ShopifyApp::WebhookVerification

  class ShopifyApp::MissingWebhookJobError < StandardError; end

  def receive
    params.try(:permit!)
    job_args = {shop_domain: shop_domain, webhook: webhook_params.to_h}
    webhook_job_klass.perform_later(job_args)
    head :no_content
  end

  private

  def webhook_params
    params.except(:controller, :action, :type)
  end

  def webhook_job_klass
    "#{webhook_type.classify}Job".safe_constantize or raise ShopifyApp::MissingWebhookJobError
  end

  def webhook_type
    params[:type]
  end
 end
end

I've read about checking the HMAC of the Webhook, but I don't know if I have to implement it by myself, or if the above code is doing that actually. 我已经阅读过有关检查Webhook的HMAC的信息,但是我不知道我是否必须自己实现它,或者上述代码是否确实在执行该操作。

About front-end ... Should I do some security comprobation on the Views or Controllers? 关于前端 ...我应该对视图或控制器进行一些安全防护吗?

Thank you for your attention and your knowledge. 感谢您的关注和知识。

1 个解决方案

解决方案1
 0  2018-02-14 17:19:37

I've read about it and it's not neccesary to write the security of Webhooks. 我已经读过有关它,并且不必编写Webhooks的安全性。

The line include ShopifyApp::WebhookVerification does all the process. 该行包括ShopifyApp :: WebhookVerification完成所有过程。 WebhookVerification it's included in the gem 'shopify_api', so we just have to include the gem and copy the code above to manage the webhooks. WebhookVerification包含在gem'shopify_api'中,因此我们只需要包含gem并复制上面的代码即可管理webhooks。

If we want to test webhooks through the Shopify admin: Settings>Notifications>Webhooks then we should implement this code. 如果我们想通过Shopify管理员测试Webhook: Settings> Notifications> Webhook, 那么我们应该实现此代码。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 我应该如何将 React 前端添加到使用 Rails 构建的 Web 应用程序中? - How should I approach adding a react front-end to a web app built with rails? Android应用程式如何搭配Java前端和Rails 4后端? - How Android app with Java front-end and Rails 4 backend? 如何将Webhooks与shopify_app gem结合使用? - How to use webhooks with shopify_app gem? RoR如何用于前端? - How is it possible to use RoR for front-end? Web应用程序的Ruby前端和PHP后端? - Ruby front-end and PHP back-end for a web app? 我应该在Shopify Rails App中的何处创建卸载Webhooks? - Where in the Shopify Rails App should I create uninstall webhooks? 用于Shopify应用程序的Rails Controller中的Webhooks - Webhooks in Rails Controller for Shopify App 优化前端代码 - Optimizing Front-end code 如何使用 Vue 前端和 rails 后端实现 env vairables? 是否需要使用 dotenv package 来完成此任务? - How do I implement env vairables with a Vue front-end and a rails backe-end? Is it necissary to use the dotenv package to complete this task? 如何同时更新响应式前端和数据库? - How to update both a responsive front-end and the database?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM