shopify_app_whitelist

This Gem extends shopify_app to add a whitelist option so only defined shops can access your app for installation.

Compatibility

v2.0 up - Rails 5 and Shopify App 8 are supported.

v1.0 up - Rails 4 and Rails 5, Shopify App <7.1 are supported. Appraisal Gem is used to test against both versions of Rails.

Installation

Assuming shopify_app is already installed

Add gem 'shopify_app_whitelist' to your Gemfile
Run bundle install

Configuration

Open your existing config/initializers/shopify_app.rb file
Add whitelist and whitelist_redirect options

Example:

ShopifyApp.configure do |config|
  # ...
  config.whitelist          = %w(allowed.myshopify.com another-allowed-shop.myshopify.com)
  config.whitelist_redirect = '/404.html'
  # ...
end

Testing

This Gem is tested. See test/ or run bundle rake test after installing development dependencies.

How It Works

This Gem adds two configuration options to ShopifyApp::Configuration automatically. Using a Railite, it also automatically injects a controller concern into ActionController::Base.

The concern will check if the current controller is shopify_app/sessions_controller and that the action is one of new, create, or callback. If it is, it will check the shop's Shopify domain against the whitelist to see if the shop is allowed to access these methods.

License

This project is released under the MIT license.