/
session.rb
102 lines (81 loc) · 2.9 KB
/
session.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
module ShopifyAPI
class Session
cattr_accessor :api_key
cattr_accessor :secret
cattr_accessor :protocol
self.protocol = 'https'
attr_accessor :url, :token, :name
class << self
def setup(params)
params.each { |k,value| send("#{k}=", value) }
end
def temp(domain, token, &block)
session = new(domain, token)
begin
original_domain = host_with_port(ShopifyAPI::Base.site.to_s)
rescue URI::InvalidURIError
end
original_token = ShopifyAPI::Base.headers['X-Shopify-Access-Token']
original_session = new(original_domain, original_token)
begin
ShopifyAPI::Base.activate_session(session)
yield
ensure
ShopifyAPI::Base.activate_session(original_session)
end
end
def prepare_url(url)
return nil if url.blank?
url.gsub!(/https?:\/\//, '') # remove http:// or https://
url.concat(".myshopify.com") unless url.include?('.') # extend url to myshopify.com if no host is given
end
def create_permission_url(shop_url, scope, redirect_uri=nil)
self.prepare_url(shop_url)
params = {:client_id => self.api_key, :scope => scope.join(',')}
params[:redirect_uri => redirect_uri] if redirect_uri
"#{self.protocol}://#{shop_url}/admin/oauth/authorize?#{parameterize(params)}"
end
def create_auth_url(shop_url, code)
self.prepare_url(shop_url)
params = {:client_id => self.api_key, :client_secret => self.secret, :code => code}
"#{self.protocol}://#{shop_url}/admin/oauth/access_token?#{parameterize(params)}"
end
def parameterize(params)
URI.escape(params.collect{|k,v| "#{k}=#{v}"}.join('&'))
end
def validate_signature(params)
return false unless signature = params[:signature]
sorted_params = params.except(:signature, :action, :controller).collect{|k,v|"#{k}=#{v}"}.sort.join
Digest::MD5.hexdigest(secret + sorted_params) == signature
end
def host_with_port(site)
parsed_site = URI.parse(site)
host = parsed_site.host or return
port = parsed_site.port
if (protocol == 'http' && port == 80) || (protocol == 'https' && port == 443)
host
else
"#{host}:#{port}"
end
end
end
def initialize(url, token = nil, params = nil)
self.url, self.token = url, token
self.class.prepare_url(self.url)
if params
unless self.class.validate_signature(params) && params[:timestamp].to_i > 24.hours.ago.utc.to_i
raise "Invalid Signature: Possible malicious login"
end
end
end
def shop
Shop.current
end
def site
"#{protocol}://#{url}/admin"
end
def valid?
url.present? && token.present?
end
end
end