个人中心
gpt4 book ai didi

ruby-on-rails - shopify 应用程序授权陷入无限重定向

转载 作者:行者123 更新时间:2023-12-05 07:55:41 25 4
gpt4 key购买 nike

我已将嵌入式 Shopify 应用程序部署到生产服务器。在此项目中,shopify_app gem 用于处理流行的场景,例如使用 omniauth-shopify-oauth2 gem 进行身份验证。
尽管该应用程序安装在商店中,但该应用程序未正确进行身份验证,因此不会存储 session 。似乎在将应用程序的控制权交给 omniauth-oauth2 gem 之后,它会将应用程序重定向到预期的根路径,但因为 session 未保存并且 Controller 具有 arround_filter : shopify_session,在 /auth/shopify?shop=foobar.myshopify.com/login?shop=foobar.myshopify.com 之间创建了一个无限循环。最后,shopify管理面板,抛出一个shopify the application cannot be loaded, please check that your browser allows third party cookies错误,我们无法打开应用程序。

当应用服务器在本地主机上但在生产服务器上不起作用时,此应用程序运行良好

以下是我认为可能有用的部分代码:

服务器日志: 

Started GET "/?hmac=HMAC&shop=SHOP&signature=SIGNATURE&timestamp=TIMESTAMP" for 127.0.0.1 at 2015-04-07 20:33:11 +0000
Processing by MainController#index as HTML
  Parameters: {"hmac"=>"HMAC", "shop"=>"SHOP", "signature"=>"SIGNATURE", "timestamp"=>"TIMESTAMP"}
shop_session: 
Redirected to http://PRODUCTION_SERVER_IP/login?shop=SHOP
Completed 302 Found in 1ms (ActiveRecord: 0.0ms)
Started GET "/login?shop=SHOP" for 127.0.0.1 at 2015-04-07 20:33:11 +0000
Processing by SessionsController#new as HTML
  Parameters: {"shop"=>"SHOP"}
  Rendered common/iframe_redirect.html.erb (0.0ms)
Completed 200 OK in 1ms (Views: 0.3ms | ActiveRecord: 0.0ms)
Started GET "/auth/shopify?shop=SHOP" for 127.0.0.1 at 2015-04-07 20:33:12 +0000
Started GET "/?code=CODE&hmac=HMAC&shop=SHOP&signature=SIGNATURE&timestamp=1428438796" for 127.0.0.1 at 2015-04-07 20:33:12 +0000
Processing by MainController#index as HTML
  Parameters: {"code"=>"CODE", "hmac"=>"HMAC", "shop"=>"SHOP", "signature"=>"SIGNATURE", "timestamp"=>"1428438796"}
Redirected to http://PRODUCTION_SERVER_IP/login?shop=Shop
Completed 302 Found in 1ms (ActiveRecord: 0.0ms)
Started GET "/login?shop=SHOP" for 127.0.0.1 at 2015-04-07 20:33:13 +0000
Processing by SessionsController#new as HTML
  Parameters: {"shop"=>"SHOP"}
  Rendered common/iframe_redirect.html.erb (0.0ms)
Completed 200 OK in 1ms (Views: 0.4ms | ActiveRecord: 0.0ms)
Started GET "/auth/shopify?shop=SHOP" for 127.0.0.1 at 2015-04-07 20:33:13 +0000
Started GET "/?
// And this pattern goes on...

nginx 配置:

upstream app_name {
  server 127.0.0.1:3000;
  server 127.0.0.1:3001;
  server 127.0.0.1:3002;
}
server {
  listen   80;
  server_name PRODUCTION_SERVER_IP;

  access_log /var/www/app_name/log/access.log;
  error_log  /var/www/app_name/log/error.log;
  root     /var/www/app_name/current;
  index index.html;

  location / {
    proxy_set_header  X-Real-IP  $remote_addr;
    proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header  Host $http_host;
    proxy_redirect  off;
    try_files /system/maintenance.html $uri $uri/index.html $uri.html @ruby;
  }

  location @ruby {
    proxy_pass http://app_name;
    proxy_set_header Host $host;
  }
}

config/initializers/omniauth.rb:

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :shopify,
    ShopifyApp.configuration.api_key,
    ShopifyApp.configuration.secret,

    # Example permission scopes - see http://docs.shopify.com/api/tutorials/oauth for full listing
    scope: 'read_products,read_themes, write_themes, read_customers',
    myshopify_domain: ShopifyApp.configuration.myshopify_domain.presence || "myshopify.com",
    callback_url: 'http://PRODUCTION_SERVER_IP',
    setup: lambda {|env|
             params = Rack::Utils.parse_query(env['QUERY_STRING'])
             site_url = "https://#{params['shop']}"
             env['omniauth.strategy'].options[:client_options][:site] = site_url
           }
end

config/initializers/shopify_session_repository.rb:

ShopifySessionRepository.storage = "商店"

app/controllers/sessions_controller.rb:

class SessionsController < ApplicationController
  layout :false

  def new
    authenticate if params[:shop]
  end

  def show
    if response = request.env['omniauth.auth']
      sess = ShopifyAPI::Session.new(params[:shop],response['credentials']['token'])    
      session[:shopify] = ShopifySessionRepository.store(sess)
      flash[:notice] = "Logged in"
      redirect_to return_address
    else
      flash[:error] = "Could not log in to Shopify store."
      redirect_to :action => 'new'
    end
  end

  protected

  def authenticate
    #
    # Instead of doing a backend redirect we need to do a javascript redirect
    # here. Open the app/views/commom/iframe_redirect.html.erb file to understand why.
    #
    if shop_name = sanitize_shop_param(params)
      @redirect_url = "/auth/shopify?shop=#{shop_name}"
      render "/common/iframe_redirect", :format => [:html], layout: false
    else
      redirect_to return_address
    end
  end

  def return_address
    session[:return_to] || root_url
  end

  def sanitize_shop_param(params)
    return unless params[:shop].present?
    return unless domain = ShopifyApp.configuration.myshopify_domain.presence || "myshopify.com"

    name = params[:shop].to_s.strip
    name += ".#{domain}" if !name.include?(domain) && !name.include?(".")
    name.sub!(%r|https?://|, '')

    u = URI("http://#{name}")
    u.host.ends_with?(".#{domain}") ? u.host : nil
  end
end

知道为什么它在授权后不存储 session 吗?

最佳答案

如果回调 url 与您用于注册的 url 相同,则可能会发生这种情况。尝试调查请求参数,或提供另一个回调 url 以返回。您可能会看到第一个请求与后续请求不同。

关于ruby-on-rails - shopify 应用程序授权陷入无限重定向,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/29500994/

25 4 0
文章推荐: api - 通过 ShipStation API 更新订单重量
文章推荐: java - 在 Maven 依赖插件中使用本地 jar 作为 Artifact ?
文章推荐: android - 每次我构建我的 Android 应用程序(在手机上运行)时,我都会丢失磁盘空间
文章推荐: android - 如何通过 ACTION_SEND Intent 将文件上传到 webview
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
全站热门文章
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com