I'm developing a Shopify App with rails and I would like to avoid future problems with the security of it . I don't know what I should do with it so I hope you could guide me with that...
The Webhooks Controller:
module ShopifyApp
class WebhooksController < ActionController::Base
include ShopifyApp::WebhookVerification
class ShopifyApp::MissingWebhookJobError < StandardError; end
def receive
params.try(:permit!)
job_args = {shop_domain: shop_domain, webhook: webhook_params.to_h}
webhook_job_klass.perform_later(job_args)
head :no_content
end
private
def webhook_params
params.except(:controller, :action, :type)
end
def webhook_job_klass
"#{webhook_type.classify}Job".safe_constantize or raise ShopifyApp::MissingWebhookJobError
end
def webhook_type
params[:type]
end
end
end
I've read about checking the HMAC of the Webhook, but I don't know if I have to implement it by myself, or if the above code is doing that actually.
About front-end ... Should I do some security comprobation on the Views or Controllers?
Thank you for your attention and your knowledge.
I've read about it and it's not neccesary to write the security of Webhooks.
The line include ShopifyApp::WebhookVerification does all the process. WebhookVerification it's included in the gem 'shopify_api', so we just have to include the gem and copy the code above to manage the webhooks.
If we want to test webhooks through the Shopify admin: Settings>Notifications>Webhooks then we should implement this code.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.