From 9f40ec768a166a38a8ac63cf18bd8fe139900967 Mon Sep 17 00:00:00 2001 From: dev-prakhar Date: Mon, 24 Jan 2022 23:58:21 +0530 Subject: [PATCH 1/4] Added methods for Verifying SmoothCode Requests --- .gitignore | 3 +++ lib/smoothcode.rb | 1 + lib/smoothcode/auth.rb | 17 +++++++++++++++++ lib/smoothcode/utils.rb | 7 +++++++ smoothcode.gemspec | 11 +++++++++++ 5 files changed, 39 insertions(+) create mode 100644 lib/smoothcode.rb create mode 100644 lib/smoothcode/auth.rb create mode 100644 lib/smoothcode/utils.rb create mode 100644 smoothcode.gemspec diff --git a/.gitignore b/.gitignore index e3200e0..d96afb4 100644 --- a/.gitignore +++ b/.gitignore @@ -54,3 +54,6 @@ build-iPhoneSimulator/ # Used by RuboCop. Remote config files pulled in from inherit_from directive. # .rubocop-https?--* + +# IDE Files +.idea/ \ No newline at end of file diff --git a/lib/smoothcode.rb b/lib/smoothcode.rb new file mode 100644 index 0000000..3f6929c --- /dev/null +++ b/lib/smoothcode.rb @@ -0,0 +1 @@ +require 'smoothcode/auth' \ No newline at end of file diff --git a/lib/smoothcode/auth.rb b/lib/smoothcode/auth.rb new file mode 100644 index 0000000..87aff64 --- /dev/null +++ b/lib/smoothcode/auth.rb @@ -0,0 +1,17 @@ +require_relative 'utils' +require 'json' + +class SmoothCodeAuth + def initialize(request_hmac, client_secret) + @request_hmac = request_hmac + @client_secret = client_secret + end + + def dashboard_request?(shop) + generate_hmac(@client_secret, shop) == @request_hmac + end + + def webhook_request?(webhook_data) + generate_hmac(@client_secret, webhook_data.to_json) == @request_hmac + end +end diff --git a/lib/smoothcode/utils.rb b/lib/smoothcode/utils.rb new file mode 100644 index 0000000..987fb63 --- /dev/null +++ b/lib/smoothcode/utils.rb @@ -0,0 +1,7 @@ +require 'openssl' + +def generate_hmac(secret, base_string, digest_alg = 'sha256') + digest = OpenSSL::Digest.new(digest_alg) + + OpenSSL::HMAC.hexdigest(digest, secret, base_string) +end \ No newline at end of file diff --git a/smoothcode.gemspec b/smoothcode.gemspec new file mode 100644 index 0000000..2690ae7 --- /dev/null +++ b/smoothcode.gemspec @@ -0,0 +1,11 @@ +Gem::Specification.new do |s| + s.name = 'smoothcode' + s.version = '0.0.1' + s.summary = 'Ruby client to interact with SmoothCode' + s.description = 'Ruby client to interact with SmoothCode' + s.authors = ['SmoothCode'] + s.email = 'hello@smoothcode.io' + s.files = %w[lib/smoothcode.rb lib/smoothcode/auth.rb lib/smoothcode/utils.rb] + s.homepage = 'https://github.com/Smooth-Code-IO/smoothcode-client-ruby' + s.license = 'MIT' +end From dac87ca13613e0a53f50ebd2bb5e6fea921bbe45 Mon Sep 17 00:00:00 2001 From: dev-prakhar Date: Tue, 25 Jan 2022 00:02:01 +0530 Subject: [PATCH 2/4] Made Changes in Readme --- README.md | 34 +++++++++++++++++++++++++++++++++- 1 file changed, 33 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 9f5f2f7..2f027a4 100644 --- a/README.md +++ b/README.md @@ -1 +1,33 @@ -# smoothcode-client-ruby \ No newline at end of file +# SmoothCode Client Ruby + +## Introduction +Ruby Client that exposes utility functions to authenticate SmoothCode requests + +## Installation +```shell +gem install smoothcode +``` + +## Usage +This library exposes 2 methods +* `dashboard_request?(shop)` - This method verifies if the request for accessing the dashboard is coming from `SmoothCode` +```ruby +require 'smoothcode' + +# SmoothCode sends query parameters to the URL +# shop -> Shopify Shop in the form: `test.myshopify.com` +# hmac -> HMAC of the shop signed by your App Client Secret (can be obtained from SmoothCode Dashboard in App Settings) + +SmoothCodeAuth.new(request_hmac, client_secret).dashboard_request?(shop) # returns True if the request is valid +``` + +* `webhook_request?(webhook_data)` - This method verifies if the webhook request is coming from `SmoothCode` +```ruby +require 'smoothcode' + +# SmoothCode sends hmac in the Authorization Header of the request +# It is hmac of the webhook data signed by your App Client Secret + +SmoothCodeAuth.new(request_hmac, client_secret).webhook_request?(webhook_data) # returns True if the request is valid +``` +*** From 48d73ed313aa32d8e6ee5f1b20476ef401852342 Mon Sep 17 00:00:00 2001 From: dev-prakhar Date: Tue, 25 Jan 2022 00:04:28 +0530 Subject: [PATCH 3/4] Minor Refactoring --- .gitignore | 2 +- lib/smoothcode.rb | 2 +- lib/smoothcode/utils.rb | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index d96afb4..3335ce1 100644 --- a/.gitignore +++ b/.gitignore @@ -56,4 +56,4 @@ build-iPhoneSimulator/ # .rubocop-https?--* # IDE Files -.idea/ \ No newline at end of file +.idea/ diff --git a/lib/smoothcode.rb b/lib/smoothcode.rb index 3f6929c..486221c 100644 --- a/lib/smoothcode.rb +++ b/lib/smoothcode.rb @@ -1 +1 @@ -require 'smoothcode/auth' \ No newline at end of file +require 'smoothcode/auth' diff --git a/lib/smoothcode/utils.rb b/lib/smoothcode/utils.rb index 987fb63..9bb503f 100644 --- a/lib/smoothcode/utils.rb +++ b/lib/smoothcode/utils.rb @@ -4,4 +4,4 @@ def generate_hmac(secret, base_string, digest_alg = 'sha256') digest = OpenSSL::Digest.new(digest_alg) OpenSSL::HMAC.hexdigest(digest, secret, base_string) -end \ No newline at end of file +end From f14e2275bc53a06c708e248081e16fe378425a72 Mon Sep 17 00:00:00 2001 From: dev-prakhar Date: Tue, 25 Jan 2022 00:05:23 +0530 Subject: [PATCH 4/4] Bumped Version 0.0.2 --- smoothcode.gemspec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/smoothcode.gemspec b/smoothcode.gemspec index 2690ae7..8b5a74b 100644 --- a/smoothcode.gemspec +++ b/smoothcode.gemspec @@ -1,6 +1,6 @@ Gem::Specification.new do |s| s.name = 'smoothcode' - s.version = '0.0.1' + s.version = '0.0.2' s.summary = 'Ruby client to interact with SmoothCode' s.description = 'Ruby client to interact with SmoothCode' s.authors = ['SmoothCode']