https://github.com/byjpr/plug_shopify_verify_timestamp
Validates inbound connection timestamp delta, designed for Shopify App Bridge
https://github.com/byjpr/plug_shopify_verify_timestamp
app-bridge elixir plug security shopify shopify-app shopify-embedded-applications
Last synced: 2 months ago
JSON representation
Validates inbound connection timestamp delta, designed for Shopify App Bridge
- Host: GitHub
- URL: https://github.com/byjpr/plug_shopify_verify_timestamp
- Owner: byjpr
- License: agpl-3.0
- Created: 2021-07-16T10:51:59.000Z (almost 4 years ago)
- Default Branch: main
- Last Pushed: 2021-07-19T23:11:29.000Z (almost 4 years ago)
- Last Synced: 2025-02-27T12:13:15.011Z (3 months ago)
- Topics: app-bridge, elixir, plug, security, shopify, shopify-app, shopify-embedded-applications
- Language: Elixir
- Homepage:
- Size: 34.2 KB
- Stars: 1
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# PlugShopifyVerifyTimestamp
When Shopify embeds your app into the Shopify Admin it also includes a bunch of variables in URL Parameters. Those are `shop`, `timestamp` and `hmac`. Together these variables allow you to verify the legitimacy of a request. This package allows you to verify the "timestamp" component (it does not validate it against the hmac) has not elapsed a configured window.
## Usage
In the pipeline you would like to timestamp verify, add `plug PlugShopifyVerifyTimestamp, max_delta: 5, halt_on_error: true` to create a 5 second grace period between the request being sent and it being recieved.
```elixir
pipeline :embedded do
plug PlugShopifyVerifyTimestamp, max_delta: 5, halt_on_error: true
end
```
## Installation
The package can be installed by adding `plug_shopify_verify_timestamp`
to your list of dependencies in `mix.exs`:
```elixir
def deps do
[
{:plug_shopify_verify_timestamp, "~> 0.1.0"}
]
end
```