summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--configure.ac3
-rw-r--r--sessiontoken.h37
-rw-r--r--shopify.c52
3 files changed, 43 insertions, 49 deletions
diff --git a/configure.ac b/configure.ac
index aa2530f..bae8f59 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,11 +1,10 @@
-AC_INIT([shopify], [0.0], [erik@darapsa.co.id])
+AC_INIT([shopify], [0.0], [prabowo@darapsa.org])
AM_INIT_AUTOMAKE([-Wall -Werror foreign])
AC_PROG_CC
AM_PROG_AR
LT_INIT
PKG_CHECK_MODULES([DEPS], [libmicrohttpd libgcrypt gnutls libpcre2-8 libcurl json-c])
AC_CHECK_HEADERS([fcntl.h])
-AC_CHECK_HEADER_STDBOOL
AC_C_INLINE
AC_CHECK_FUNCS([strrchr])
AC_FUNC_MALLOC
diff --git a/sessiontoken.h b/sessiontoken.h
deleted file mode 100644
index cff077c..0000000
--- a/sessiontoken.h
+++ /dev/null
@@ -1,37 +0,0 @@
-#include <l8w8jwt/decode.h>
-
-static inline bool sessiontoken_isvalid(const char *token, const char *api_key,
- const char *api_secret_key, const char *shop)
-{
- struct l8w8jwt_decoding_params params;
- l8w8jwt_decoding_params_init(&params);
- params.alg = L8W8JWT_ALG_HS256;
- params.jwt = (char *)token;
- params.jwt_length = strlen(token);
- params.verification_key = (unsigned char *)api_secret_key;
- params.verification_key_length = strlen(api_secret_key);
- params.validate_exp = 1;
- params.validate_nbf = 1;
- params.validate_aud = (char *)api_key;
-
- enum l8w8jwt_validation_result validation;
- struct l8w8jwt_claim *claims;
- size_t claims_len;
- int decode = l8w8jwt_decode(&params, &validation, &claims, &claims_len);
-
- struct l8w8jwt_claim *dest
- = l8w8jwt_get_claim(claims, claims_len, "dest", 4);
- _Bool iss_isvalid = !strncmp(dest->value,
- l8w8jwt_get_claim(claims, claims_len, "iss", 3)->value,
- dest->value_length);
- if (validation != L8W8JWT_NBF_FAILURE)
- printf("nbf invalid\n");
- printf("JWT payload sub: %s\n",
- l8w8jwt_get_claim(claims, claims_len, "sub", 3)->value);
- l8w8jwt_free_claims(claims, claims_len);
-
- return decode == L8W8JWT_SUCCESS
- && (validation == L8W8JWT_VALID
- || validation == L8W8JWT_NBF_FAILURE)
- && iss_isvalid;
-}
diff --git a/shopify.c b/shopify.c
index eca8e7f..a3cd6d8 100644
--- a/shopify.c
+++ b/shopify.c
@@ -1,4 +1,3 @@
-#include <stdbool.h>
#include <fcntl.h>
#include <sys/stat.h>
#define PCRE2_CODE_UNIT_WIDTH 8
@@ -9,8 +8,8 @@
#include <curl/curl.h>
#include <json.h>
#include <microhttpd.h>
+#include <l8w8jwt/decode.h>
#include "shopify.h"
-#include "sessiontoken.h"
#define AUTH_URL \
"https://%s/oauth/authorize?client_id=%s&scope=%s&redirect_uri=%s%s"\
@@ -44,9 +43,6 @@
#define EMBEDDED_URL "https://%s/apps/%s/"
#define EMBEDDED_URL_LEN strlen(EMBEDDED_URL) - strlen("%s") * 2
-extern inline bool sessiontoken_isvalid(const char *, const char *,
- const char *, const char *);
-
struct parameter {
char *key;
char *val;
@@ -244,7 +240,7 @@ static enum MHD_Result handle_request(void *cls, struct MHD_Connection *con,
const char *val = params[i].val;
if (strcmp(key, "hmac")) {
size_t query_len = query ? strlen(query) : 0;
- bool ampersand_len = i != nparams - 1;
+ _Bool ampersand_len = i != nparams - 1;
query = realloc(query, query_len + strlen(key)
+ strlen("=") + strlen(val)
+ ampersand_len + 1);
@@ -307,6 +303,7 @@ static enum MHD_Result handle_request(void *cls, struct MHD_Connection *con,
} else {
free(params);
params = NULL;
+
char *referer = NULL;
MHD_get_connection_values(con, MHD_HEADER_KIND, iterate,
(char **[]){ &session_token, &referer });
@@ -320,6 +317,7 @@ static enum MHD_Result handle_request(void *cls, struct MHD_Connection *con,
free(referer);
return MHD_NO;
}
+
referer = &referer[app_url_len + 1];
char *tofree = referer;
char *pair = NULL;
@@ -333,13 +331,47 @@ static enum MHD_Result handle_request(void *cls, struct MHD_Connection *con,
free(tofree);
return MHD_NO;
}
+
pair = &pair[key_len];
- shop_len = (strchrnul(pair, '&') - pair) * sizeof(char);
+ shop_len = strchrnul(pair, '&') - pair;
shop = malloc(shop_len + 1);
strlcpy(shop, pair, shop_len + 1);
free(tofree);
- if (!match(shop) || !sessiontoken_isvalid(session_token,
- api_key, api_secret_key, shop)) {
+ if (!match(shop)) {
+ free(session_token);
+ free(shop);
+ return MHD_NO;
+ }
+
+ struct l8w8jwt_decoding_params params;
+ l8w8jwt_decoding_params_init(&params);
+ params.alg = L8W8JWT_ALG_HS256;
+ params.jwt = (char *)session_token;
+ params.jwt_length = strlen(session_token);
+ params.verification_key = (unsigned char *)api_secret_key;
+ params.verification_key_length = strlen(api_secret_key);
+ params.validate_exp = 1;
+ params.validate_nbf = 1;
+ params.validate_aud = (char *)api_key;
+ enum l8w8jwt_validation_result validation;
+ struct l8w8jwt_claim *claims;
+ size_t claims_len;
+ int decode = l8w8jwt_decode(&params, &validation, &claims,
+ &claims_len);
+ if (validation != L8W8JWT_NBF_FAILURE)
+ printf("JWT payload nbf is invalid.\n");
+ struct l8w8jwt_claim *dest
+ = l8w8jwt_get_claim(claims, claims_len, "dest", 4);
+ _Bool iss_valid = !strncmp( l8w8jwt_get_claim(claims,
+ claims_len, "iss", 3)->value,
+ dest->value, dest->value_length);
+ printf("JWT payload sub: %s\n", l8w8jwt_get_claim(claims,
+ claims_len, "sub", 3)->value);
+ l8w8jwt_free_claims(claims, claims_len);
+ if (decode != L8W8JWT_SUCCESS
+ || validation != L8W8JWT_VALID
+ && validation != L8W8JWT_NBF_FAILURE
+ || !iss_valid) {
free(session_token);
free(shop);
return MHD_NO;
@@ -348,7 +380,7 @@ static enum MHD_Result handle_request(void *cls, struct MHD_Connection *con,
char *host = NULL;
size_t host_len = 0;
- bool embedded = false;
+ _Bool embedded = 0;
char *dec_host = NULL;
size_t dec_host_len = 0;
if (params) {