A space to discuss online store customization, theme development, and Liquid templating.
Hi,
We've got an app proxy setup which has been working across our development team. We've create a KOA middleware function to check the signature coming from the App Proxy that looks like the following:
async function verifyAppProxy(ctx: any, next: Function): Promise<any> { const { query } = ctx.request; const { signature } = query; delete query.signature; const input = Object.keys(query) .sort() .map((key) => { let value = query[key]; value = Array.isArray(value) ? value : [value]; return `${key}=${value.join(',')}`; }) .join(''); const hash = crypto .createHmac('sha256', SHOPIFY_API_SECRET_KEY) .update(input) .digest('hex'); ctx.assert(signature === hash, 403, 'invalid signature'); return await next(); }
For one of our developers though it just won't work. Once we started debugging the code, we found that App Proxy is sending the Query String twice.... for instance, the url should look like
http://123456.ngrok.io/cart?shop=secret-store.myshopify.com&path_prefix=%2Fcommunity%2Fcart×tamp=1591151903&signature=mysignature
but instead it is coming out looking like this
http://123456.ngrok.io/cart?shop=secret-store.myshopify.com&path_prefix=%2Fcommunity%2Fcart×tamp=1591151903&signature=mysignature?shop=secret-store.myshopify.com&path_prefix=%2Fcommunity%2Fcart×tamp=1591151903&signature=mysignature
So the signature ends up coming in as an array with two values
signature = [ "mysignature?shop=secret-store.myshopify.com", "mysignature"]
This seems to be an internal fault in App Proxy itself. We've tried to removing and then adding again the App Proxy multiple times yet we still seem to get the same fault.
The only other thing we can think to try is to delete and re-create the application from scratch which he will try tomorrow.
Any ideas?
BTW, each of our developers has a seperate App but running from the same code base and we've made sure that each of the apps uses a different App Proxy URL.
Hey @kwp-simon
Can you please link me to an example store exhibiting this behaviour? (reply or dm)
Scott | Developer Advocate @ Shopify