Press n or j to go to the next uncovered block, b, p or k for the previous block.
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 | 10x 10x 10x 10x 10x 10x 12x 59x 48x 48x 12x 10x 12x 12x 10x 8x 1x 7x 7x 7x | import crypto from 'crypto';
import querystring from 'querystring';
import {AuthQuery} from '../auth/oauth/types';
import * as ShopifyErrors from '../error';
import {Context} from '../context';
import safeCompare from './safe-compare';
export function stringifyQuery(query: AuthQuery): string {
const orderedObj = Object.keys(query)
.sort((val1, val2) => val1.localeCompare(val2))
.reduce((obj: Record<string, string | undefined>, key: keyof AuthQuery) => {
obj[key] = query[key];
return obj;
}, {});
return querystring.stringify(orderedObj);
}
export function generateLocalHmac(query: AuthQuery): string {
const queryString = stringifyQuery(query);
return crypto
.createHmac('sha256', Context.API_SECRET_KEY)
.update(queryString)
.digest('hex');
}
/**
* Uses the received query to validate the contained hmac value against the rest of the query content.
*
* @param query HTTP Request Query, containing the information to be validated.
*/
export default function validateHmac(query: AuthQuery): boolean {
if (!query.hmac) {
throw new ShopifyErrors.InvalidHmacError(
'Query does not contain an HMAC value.',
);
}
const {hmac, ...rest} = query;
const localHmac = generateLocalHmac(rest);
return safeCompare(hmac as string, localHmac);
}
|