App reviews, troubleshooting, and recommendations
I am creating a link inside of an admin block that will take a user to the product page. Inside of the query string I am appending the user id of the logged in staff member. I will be using this to load extra script on the page. I want to encrypt this id and then decrypt it later when requesting data via an app proxy. How can I encrypt/decrypt inside of an admin block and an extension?
Hi @midavis
To encrypt and decrypt the user ID securely within an admin block and extension in Shopify, you can use cryptographic techniques provided by Node.js or Ruby, depending on your tech stack. Here's a straightforward way to achieve this:
Encryption and Decryption Example:
const crypto = require('crypto');
// Replace with your secret key (keep this secure and consistent)
const SECRET_KEY = 'your_secret_key';
const ALGORITHM = 'aes-256-cbc';
const IV_LENGTH = 16; // Initialization vector length
// Encrypt function
function encrypt(text) {
const iv = crypto.randomBytes(IV_LENGTH);
const cipher = crypto.createCipheriv(ALGORITHM, Buffer.from(SECRET_KEY, 'hex'), iv);
let encrypted = cipher.update(text, 'utf8', 'hex');
encrypted += cipher.final('hex');
return iv.toString('hex') + ':' + encrypted;
}
// Decrypt function
function decrypt(encryptedText) {
const parts = encryptedText.split(':');
const iv = Buffer.from(parts[0], 'hex');
const encryptedData = parts[1];
const decipher = crypto.createDecipheriv(ALGORITHM, Buffer.from(SECRET_KEY, 'hex'), iv);
let decrypted = decipher.update(encryptedData, 'hex', 'utf8');
decrypted += decipher.final('utf8');
return decrypted;
}
// Example Usage
const userId = "12345";
const encryptedId = encrypt(userId);
console.log("Encrypted ID:", encryptedId);
const decryptedId = decrypt(encryptedId);
console.log("Decrypted ID:", decryptedId);
Steps to Use:
1-Include the above logic in your admin block or app backend.
2-When creating the link, call the encrypt() function with the user ID.
3-Append the encrypted ID to the query string.
Example:
const encryptedId = encrypt(userId);
const productPageLink = `/products/12345?staff_id=${encryptedId}`;
4-When decrypting (e.g., in your app proxy request), use the decrypt() function to decode the ID.
If your app is built with Ruby on Rails, you can use the ActiveSupport::MessageEncryptor for encryption and decryption.
ruby
CopyEdit
require 'active_support'
require 'active_support/core_ext'
# Replace with your secret key (32 bytes)
SECRET_KEY = 'your_secret_key_here'
SALT = 'your_salt'
# Create the encryptor
key = ActiveSupport::KeyGenerator.new(SECRET_KEY).generate_key(SALT, 32)
encryptor = ActiveSupport::MessageEncryptor.new(key)
# Encrypt function
def encrypt(user_id)
encryptor.encrypt_and_sign(user_id)
end
# Decrypt function
def decrypt(encrypted_id)
encryptor.decrypt_and_verify(encrypted_id)
end
# Example Usage
user_id = "12345"
encrypted_id = encrypt(user_id)
puts "Encrypted ID: #{encrypted_id}"
decrypted_id = decrypt(encrypted_id)
puts "Decrypted ID: #{decrypted_id}"
Steps to Use:
When generating the link:
const productPageLink = `/products/12345?staff_id=${encryptedId}`;
When processing the query string in your app:
If you need any other assistance, feel free to reply and I will try my best to respond.
Best regards,
Daisy
Hey Community! As we jump into 2025, we want to give a big shout-out to all of you wh...
By JasonH Jan 7, 2025Hey Community! As the holiday season unfolds, we want to extend heartfelt thanks to a...
By JasonH Dec 6, 2024Dropshipping, a high-growth, $226 billion-dollar industry, remains a highly dynamic bus...
By JasonH Nov 27, 2024