App Proxy is not working - appending the app proxy twice

App Proxy is not working - appending the app proxy twice

kwp-simon
Visitor
2 0 0

Hi,

 

We've got an app proxy setup which has been working across our development team. We've create a KOA middleware function to check the signature coming from the App Proxy that looks like the following:

 

async function verifyAppProxy(ctx: any, next: Function): Promise<any> {
    const { query } = ctx.request;
    const { signature } = query;

    delete query.signature;
    const input = Object.keys(query)
        .sort()
        .map((key) => {
            let value = query[key];
            value = Array.isArray(value) ? value : [value];
            return `${key}=${value.join(',')}`;
        })
        .join('');

    const hash = crypto
        .createHmac('sha256', SHOPIFY_API_SECRET_KEY)
        .update(input)
        .digest('hex');

    ctx.assert(signature === hash, 403, 'invalid signature');

    return await next();
}

For one of our developers though it just won't work. Once we started debugging the code, we found that App Proxy is sending the Query String twice.... for instance, the url should look like

 

http://123456.ngrok.io/cart?shop=secret-store.myshopify.com&path_prefix=%2Fcommunity%2Fcart&timestamp=1591151903&signature=mysignature

but instead it is coming out looking like this

http://123456.ngrok.io/cart?shop=secret-store.myshopify.com&path_prefix=%2Fcommunity%2Fcart&timestamp=1591151903&signature=mysignature?shop=secret-store.myshopify.com&path_prefix=%2Fcommunity%2Fcart&timestamp=1591151903&signature=mysignature

So the signature ends up coming in as an array with two values

signature = [ "mysignature?shop=secret-store.myshopify.com", "mysignature"] 

 This seems to be an internal fault in App Proxy itself. We've tried to removing and then adding again the App Proxy multiple times yet we still seem to get the same fault.

 

The only other thing we can think to try is to delete and re-create the application from scratch which he will try tomorrow.

 

Any ideas?

Replies 2 (2)

kwp-simon
Visitor
2 0 0

BTW, each of our developers has a seperate App but running from the same code base and we've made sure that each of the apps uses a different App Proxy URL.

SBD_
Shopify Staff
1830 273 417

Hey @kwp-simon 

 

Can you please link me to an example store exhibiting this behaviour? (reply or dm)

Scott | Developer Advocate @ Shopify