BigCommerce App 回调处理

当前配置

官方文档

Single-Click App Callbacks: https://developer.bigcommerce.com/api-docs/apps/guide/callbacks
Verifying the signed payload: https://developer.bigcommerce.com/api-docs/apps/guide/callbacks#verifying-the-signed-payload

回调参数

1
{"signed_payload":["eyJ1c2VyIjp7ImlkIjoxODk3NTQwLCJlbWFpbCI6InRlc3RAaW9iZXRhLmNvbSJ9LCJvd25lciI6eyJpZCI6MTg5NzU0MCwiZW1haWwiOiJ0ZXN0QGlvYmV0YS5jb20ifSwiY29udGV4dCI6InN0b3Jlcy9zdzd2MGlkenhxIiwic3RvcmVfaGFzaCI6InN3N3YwaWR6eHEiLCJ0aW1lc3RhbXAiOjE2MTIyNjg2ODMuNDYzODcxN30=.N2M4ZjhmNjgxMTczZTk3MWM1YTgxNWE1NDRhOWYxZjIxMzRjMmYzMjExMWYxZDA3NzIwOWIyZjljMmJmYmZjZQ=="]}

Base64解码后:

(1)data:

1
{"user":{"id":1897540,"email":"test@appblog.cn"},"owner":{"id":1897540,"email":"test@appblog.cn"},"context":"stores/sw7v0idzxq","store_hash":"sw7v0idzxq","timestamp":1612269767.6191726}

(2)sign: 39583f9c6020c1f80f450e935d387bfd1917788c7569a7e863686ae13e118a9f

1
2
3
4
5
6
7
8
9
10
11
12
13
{
"user":{
"id":1897540,
"email":"test@appblog.cn"
},
"owner":{
"id":1897540,
"email":"test@appblog.cn"
},
"context":"stores/sw7v0idzxq",
"store_hash":"sw7v0idzxq",
"timestamp":1612269767.6191726
}

回调处理

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
private static final String REGISTRATION_ID = SecurityBeansConfig.BIGCOMMERCE_REGISTRATION_ID;

@Resource
private OAuth2AuthorizedClientService clientService;

@Value("${bigcommerce.client.client_secret}")
private String clientSecret;

@RequestMapping(path = SecurityConfig.LOAD_PATH, method = RequestMethod.GET)
public String load(Model model, @RequestParam("signed_payload") String signedPayload) {
log.info("HomeController.load, signed_payload: {}", signedPayload);
if (StringUtils.isNotBlank(signedPayload)) {
String[] signedPayloads = signedPayload.split("\\.");
if (signedPayloads.length == 2) {
String data = new String(Base64.decodeBase64(signedPayloads[0]));
String sign = new String(Base64.decodeBase64(signedPayloads[1]));
log.info("data: {}, sign: {}", data, sign);
try {
boolean verified = HmacUtil.verifyHmacSHA256(data, sign, clientSecret);
if (verified) {
BigcommerceContext bigcommerceContext = JacksonUtil.toJSONObject(data, BigcommerceContext.class);
if (bigcommerceContext != null) {
SecurityContext context = SecurityContextHolder.getContext();
if (context != null && context.getAuthentication() != null) {
Authentication principal = context.getAuthentication();
if (principal != null) {
String shopDomain = String.format("store-%s.mybigcommerce.com", bigcommerceContext.getStoreHash());
OAuth2AuthorizedClient client = clientService.loadAuthorizedClient(REGISTRATION_ID, shopDomain);

if (client != null) {
// this store "has not been installed", or salt and passwords are outdated
String apiKey = client.getClientRegistration().getClientId();
OAuth2AuthenticationToken oauth2Authentication = new OAuth2AuthenticationToken(
new BigcommerceStore(client.getPrincipalName(), client.getAccessToken().getTokenValue(), apiKey),
null,
REGISTRATION_ID);
SecurityContextHolder.getContext().setAuthentication(oauth2Authentication);

model.addAttribute("shopDomain", bigcommerceContext.getStoreHash());
return "success";
}
}
}
}
}
} catch (Exception e) {
log.error("", e);
}
}
}
return "authError";
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
public class HmacUtil {

public static String hmacSHA256(String data, String key) throws Exception {
Mac sha256Hmac = Mac.getInstance("HmacSHA256");
SecretKeySpec secretKey = new SecretKeySpec(key.getBytes(), "HmacSHA256");
sha256Hmac.init(secretKey);
byte[] array = sha256Hmac.doFinal(data.getBytes());
StringBuilder sb = new StringBuilder();
for (byte item : array) {
sb.append(Integer.toHexString((item & 0xFF) | 0x100).substring(1, 3));
}
return sb.toString();
}

public static boolean verifyHmacSHA256(String text, String sign, String key) throws Exception {
String mySign = hmacSHA256(text, key);
if (mySign.equalsIgnoreCase(sign)) {
return true;
} else {
return false;
}
}
}

Powered by AppBlog.CN     浙ICP备14037229号

Copyright © 2012 - 2021 APP开发技术博客 All Rights Reserved.

访客数 : | 访问量 :