/
session.rb
117 lines (93 loc) · 3.21 KB
/
session.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
module ShopifyAPI
class Session
cattr_accessor :api_key
cattr_accessor :secret
cattr_accessor :protocol
self.protocol = 'https'
attr_accessor :url, :token, :name
class << self
def setup(params)
params.each { |k,value| send("#{k}=", value) }
end
def temp(domain, token, &block)
session = new(domain, token)
begin
original_domain = host_with_port(ShopifyAPI::Base.site.to_s)
rescue URI::InvalidURIError
end
original_token = ShopifyAPI::Base.headers['X-Shopify-Access-Token']
original_session = new(original_domain, original_token)
begin
ShopifyAPI::Base.activate_session(session)
yield
ensure
ShopifyAPI::Base.activate_session(original_session)
end
end
def prepare_url(url)
return nil if url.blank?
url.gsub!(/https?:\/\//, '') # remove http:// or https://
url.concat(".myshopify.com") unless url.include?('.') # extend url to myshopify.com if no host is given
end
def validate_signature(params)
params = params.with_indifferent_access
return false unless signature = params[:signature]
sorted_params = params.except(:signature, :action, :controller).collect{|k,v|"#{k}=#{v}"}.sort.join
Digest::MD5.hexdigest(secret + sorted_params) == signature
end
def host_with_port(site)
parsed_site = URI.parse(site)
host = parsed_site.host or return
port = parsed_site.port
if (protocol == 'http' && port == 80) || (protocol == 'https' && port == 443)
host
else
"#{host}:#{port}"
end
end
end
def initialize(url, token = nil)
self.url, self.token = url, token
self.class.prepare_url(self.url)
end
def create_permission_url(scope, redirect_uri = nil)
params = {:client_id => api_key, :scope => scope.join(',')}
params[:redirect_uri] = redirect_uri if redirect_uri
"#{protocol}://#{url}/admin/oauth/authorize?#{parameterize(params)}"
end
def request_token(params)
return token if token
unless self.class.validate_signature(params) && params[:timestamp].to_i > 24.hours.ago.utc.to_i
raise "Invalid Signature: Possible malicious login"
end
code = params['code']
response = access_token_request(code)
if response.code == "200"
token = JSON.parse(response.body)['access_token']
else
raise RuntimeError, response.msg
end
end
def shop
Shop.current
end
def site
"#{protocol}://#{url}/admin"
end
def valid?
url.present? && token.present?
end
private
def parameterize(params)
URI.escape(params.collect{|k,v| "#{k}=#{v}"}.join('&'))
end
def access_token_request(code)
uri = URI.parse("#{protocol}://#{url}/admin/oauth/access_token")
https = Net::HTTP.new(uri.host, uri.port)
https.use_ssl = true
request = Net::HTTP::Post.new(uri.request_uri)
request.set_form_data({"client_id" => api_key, "client_secret" => secret, "code" => code})
https.request(request)
end
end
end