From 1e796ee5848910e955bc9971133a03cceee6a12e Mon Sep 17 00:00:00 2001 From: jason-engage Date: Wed, 11 Jan 2017 20:13:27 +0700 Subject: [PATCH 1/5] Update shopify.php --- shopify.php | 53 +++++++++++------------------------------------------ 1 file changed, 11 insertions(+), 42 deletions(-) diff --git a/shopify.php b/shopify.php index 76ac4d4..a4a5ac6 100644 --- a/shopify.php +++ b/shopify.php @@ -1,41 +1,29 @@ $val) $params[] = "$key=$val"; - sort($params); - - return (md5($shared_secret.implode('', $params)) === $signature); + function is_valid_request($query_params, $shared_secret) { + if(!is_array($query_params)) return false; + if(array_key_exists('shop',$query_params) && array_key_exists('timestamp',$query_params) && array_key_exists('hmac',$query_params)) { + $hmac = $query_params['hmac']; + unset($query_params['signature']); + unset($query_params['hmac']); + ksort($query_params); + return $hmac == hash_hmac('sha256', http_build_query($query_params), $shared_secret); + } + return false; } - function authorization_url($shop, $api_key, $scopes=array(), $redirect_uri='') { $scopes = empty($scopes) ? '' : '&scope='.implode(',', $scopes); $redirect_uri = empty($redirect_uri) ? '' : '&redirect_uri='.urlencode($redirect_uri); return "https://$shop/admin/oauth/authorize?client_id=$api_key$scopes$redirect_uri"; } - - function access_token($shop, $api_key, $shared_secret, $code) { try @@ -44,21 +32,16 @@ function access_token($shop, $api_key, $shared_secret, $code) } catch (http\CurlException $e) { throw new CurlException($e->getMessage(), $e->getCode(), $e->getRequest()); } catch (http\ResponseException $e) { throw new ApiException($e->getMessage(), $e->getCode(), $e->getRequest(), $e->getResponse()); } - return $response['access_token']; } - - function client($shop, $api_key, $oauth_token, $private_app=false) { $base_uri = $private_app ? _private_app_base_url($shop, $api_key, $oauth_token) : "https://$shop/"; - return function ($method_uri, $query='', $payload='', &$response_headers=array(), $request_headers=array(), $curl_opts=array()) use ($base_uri, $oauth_token, $private_app) { if (!$private_app) $request_headers['X-Shopify-Access-Token'] = $oauth_token; $request_headers['content-type'] = 'application/json; charset=utf-8'; $http_client = http\client($base_uri, $request_headers); - try { $response = $http_client($method_uri, $query, $payload, $response_headers, $request_headers, $curl_opts); @@ -74,43 +57,30 @@ function client($shop, $api_key, $oauth_token, $private_app=false) $response = array('headers'=>$response_headers, 'body'=>$response); throw new ApiException($response_headers['http_status_message'].": $uri", $response_headers['http_status_code'], $request, $response); } - return (is_array($response) and !empty($response)) ? array_shift($response) : $response; - }; } - function _private_app_base_url($shop, $api_key, $password) { return "https://$api_key:$password@$shop/"; } - - function calls_made($response_headers) { return _shop_api_call_limit_param(0, $response_headers); } - - function call_limit($response_headers) { return _shop_api_call_limit_param(1, $response_headers); } - - function calls_left($response_headers) { return call_limit($response_headers) - calls_made($response_headers); } - - function _shop_api_call_limit_param($index, $response_headers) { $params = explode('/', $response_headers['http_x_shopify_shop_api_call_limit']); return (int) $params[$index]; } - - class Exception extends http\Exception { } class CurlException extends Exception { } class ApiException extends Exception @@ -124,5 +94,4 @@ function __construct($message, $code, $request, $response=array(), Exception $pr parent::__construct($this->message, $code, $request, $response, $previous); } } - -?> \ No newline at end of file +?> From 4fa3b0171a283d4fdbbc5be3f2e5d7d0f59e605d Mon Sep 17 00:00:00 2001 From: Jason Shaw Date: Fri, 7 Jul 2017 15:51:17 +0700 Subject: [PATCH 2/5] Update README.md --- README.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 2981aab..9698f68 100644 --- a/README.md +++ b/README.md @@ -10,4 +10,8 @@ Simple [Shopify API](http://api.shopify.com/) client in PHP ## Usage and Quickstart Skeleton Project -See [phpish/shopify_app-skeleton](https://github.com/phpish/shopify_app-skeleton) and [phpish/shopify_private_app-skeleton](https://github.com/phpish/shopify_private_app-skeleton) \ No newline at end of file +See [phpish/shopify_app-skeleton](https://github.com/phpish/shopify_app-skeleton) and [phpish/shopify_private_app-skeleton](https://github.com/phpish/shopify_private_app-skeleton) + +## FIXED + +I had to fix it so it works with the latest HMAC protocols. Unable to reach creator for pull request. From 6441a0cd5b17ec9c2603a623d9b53188b2816b2d Mon Sep 17 00:00:00 2001 From: Jason Shaw Date: Thu, 24 Aug 2017 09:20:47 +0700 Subject: [PATCH 3/5] Update shopify.php Added the default CURL options for clarity --- shopify.php | 34 +++++++++++++++++++++++----------- 1 file changed, 23 insertions(+), 11 deletions(-) diff --git a/shopify.php b/shopify.php index a4a5ac6..d85e67a 100644 --- a/shopify.php +++ b/shopify.php @@ -41,7 +41,19 @@ function client($shop, $api_key, $oauth_token, $private_app=false) { if (!$private_app) $request_headers['X-Shopify-Access-Token'] = $oauth_token; $request_headers['content-type'] = 'application/json; charset=utf-8'; - $http_client = http\client($base_uri, $request_headers); + $http_client = http\client($base_uri, $request_headers, array( + CURLOPT_HEADER => true, + CURLOPT_RETURNTRANSFER => true, + # http://www.php.net/manual/en/function.curl-setopt.php#71313 + # CURLOPT_FOLLOWLOCATION => true, + CURLOPT_MAXREDIRS => 3, + CURLOPT_SSL_VERIFYPEER => true, + CURLOPT_SSL_VERIFYHOST => 2, + CURLOPT_USERAGENT => 'phpish/http', + CURLOPT_CONNECTTIMEOUT => 500, + CURLOPT_TIMEOUT => 500, + CURLOPT_SSLVERSION => 1 + )); try { $response = $http_client($method_uri, $query, $payload, $response_headers, $request_headers, $curl_opts); @@ -60,10 +72,10 @@ function client($shop, $api_key, $oauth_token, $private_app=false) return (is_array($response) and !empty($response)) ? array_shift($response) : $response; }; } - function _private_app_base_url($shop, $api_key, $password) - { - return "https://$api_key:$password@$shop/"; - } + function _private_app_base_url($shop, $api_key, $password) + { + return "https://$api_key:$password@$shop/"; + } function calls_made($response_headers) { return _shop_api_call_limit_param(0, $response_headers); @@ -72,15 +84,15 @@ function call_limit($response_headers) { return _shop_api_call_limit_param(1, $response_headers); } - function calls_left($response_headers) + function calls_left($response_headers) { return call_limit($response_headers) - calls_made($response_headers); } - function _shop_api_call_limit_param($index, $response_headers) - { - $params = explode('/', $response_headers['http_x_shopify_shop_api_call_limit']); - return (int) $params[$index]; - } + function _shop_api_call_limit_param($index, $response_headers) + { + $params = explode('/', $response_headers['http_x_shopify_shop_api_call_limit']); + return (int) $params[$index]; + } class Exception extends http\Exception { } class CurlException extends Exception { } class ApiException extends Exception From 74e0e243b7f3688d39856c79e8d0f0672dbbbab4 Mon Sep 17 00:00:00 2001 From: Jason Shaw Date: Thu, 1 Mar 2018 13:32:41 +0700 Subject: [PATCH 4/5] Updated Timeouts --- shopify.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/shopify.php b/shopify.php index d85e67a..71ff039 100644 --- a/shopify.php +++ b/shopify.php @@ -50,8 +50,8 @@ function client($shop, $api_key, $oauth_token, $private_app=false) CURLOPT_SSL_VERIFYPEER => true, CURLOPT_SSL_VERIFYHOST => 2, CURLOPT_USERAGENT => 'phpish/http', - CURLOPT_CONNECTTIMEOUT => 500, - CURLOPT_TIMEOUT => 500, + CURLOPT_CONNECTTIMEOUT => 25, + CURLOPT_TIMEOUT => 25, CURLOPT_SSLVERSION => 1 )); try From 1312bdc763717ae3bb48d4295bc780a079d50c2f Mon Sep 17 00:00:00 2001 From: Jason Shaw Date: Sun, 22 Jul 2018 13:43:29 +0800 Subject: [PATCH 5/5] Adding more exceptions --- shopify.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/shopify.php b/shopify.php index 71ff039..cdf4985 100644 --- a/shopify.php +++ b/shopify.php @@ -60,6 +60,7 @@ function client($shop, $api_key, $oauth_token, $private_app=false) } catch (http\CurlException $e) { throw new CurlException($e->getMessage(), $e->getCode(), $e->getRequest()); } catch (http\ResponseException $e) { throw new ApiException($e->getMessage(), $e->getCode(), $e->getRequest(), $e->getResponse()); } + catch (http\Exception $e) { throw new Exception($e->getMessage(), $e->getCode(), $e->getRequest()); } if (isset($response['errors'])) { list($method, $uri) = explode(' ', $method_uri, 2); @@ -84,7 +85,7 @@ function call_limit($response_headers) { return _shop_api_call_limit_param(1, $response_headers); } - function calls_left($response_headers) + function calls_left($response_headers) { return call_limit($response_headers) - calls_made($response_headers); }