App Proxy is not working - appending the app proxy twice

Highlighted
New Member
2 0 0

Hi,

 

We've got an app proxy setup which has been working across our development team. We've create a KOA middleware function to check the signature coming from the App Proxy that looks like the following:

 

async function verifyAppProxy(ctx: any, next: Function): Promise<any> {
    const { query } = ctx.request;
    const { signature } = query;

    delete query.signature;
    const input = Object.keys(query)
        .sort()
        .map((key) => {
            let value = query[key];
            value = Array.isArray(value) ? value : [value];
            return `${key}=${value.join(',')}`;
        })
        .join('');

    const hash = crypto
        .createHmac('sha256', SHOPIFY_API_SECRET_KEY)
        .update(input)
        .digest('hex');

    ctx.assert(signature === hash, 403, 'invalid signature');

    return await next();
}

For one of our developers though it just won't work. Once we started debugging the code, we found that App Proxy is sending the Query String twice.... for instance, the url should look like

 

http://123456.ngrok.io/cart?shop=secret-store.myshopify.com&path_prefix=%2Fcommunity%2Fcart&timestamp=1591151903&signature=mysignature

but instead it is coming out looking like this

http://123456.ngrok.io/cart?shop=secret-store.myshopify.com&path_prefix=%2Fcommunity%2Fcart&timestamp=1591151903&signature=mysignature?shop=secret-store.myshopify.com&path_prefix=%2Fcommunity%2Fcart&timestamp=1591151903&signature=mysignature

So the signature ends up coming in as an array with two values

signature = [ "mysignature?shop=secret-store.myshopify.com", "mysignature"] 

 This seems to be an internal fault in App Proxy itself. We've tried to removing and then adding again the App Proxy multiple times yet we still seem to get the same fault.

 

The only other thing we can think to try is to delete and re-create the application from scratch which he will try tomorrow.

 

Any ideas?

0 Likes
Highlighted
New Member
2 0 0

BTW, each of our developers has a seperate App but running from the same code base and we've made sure that each of the apps uses a different App Proxy URL.

0 Likes
Highlighted
Shopify Staff
Shopify Staff
1002 128 143

Hey @kwp-simon 

 

Can you please link me to an example store exhibiting this behaviour? (reply or dm)

0 Likes