Skip to content
/ plug_shopify_verify_timestamp Public

Validates inbound connection timestamp delta, designed for Shopify App Bridge

License

AGPL-3.0 license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

byjpr/plug_shopify_verify_timestamp

BranchesTags

Repository files navigation

PlugShopifyVerifyTimestamp

When Shopify embeds your app into the Shopify Admin it also includes a bunch of variables in URL Parameters. Those are shop, timestamp and hmac. Together these variables allow you to verify the legitimacy of a request. This package allows you to verify the "timestamp" component (it does not validate it against the hmac) has not elapsed a configured window.

Usage

In the pipeline you would like to timestamp verify, add plug PlugShopifyVerifyTimestamp, max_delta: 5, halt_on_error: true to create a 5 second grace period between the request being sent and it being recieved.

pipeline :embedded do
  plug PlugShopifyVerifyTimestamp, max_delta: 5, halt_on_error: true
end

Installation

The package can be installed by adding plug_shopify_verify_timestamp to your list of dependencies in mix.exs:

def deps do
  [
    {:plug_shopify_verify_timestamp, "~> 0.1.0"}
  ]
end

About

Validates inbound connection timestamp delta, designed for Shopify App Bridge

Topics

security elixir plug shopify shopify-embedded-applications shopify-app app-bridge

Resources

Readme

License

AGPL-3.0 license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases 1

v0.1.0 Latest
Jul 19, 2021

Packages

No packages published

Languages