Add authenticate app proxies #44
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
This PR adds HMAC-based authentication for Shopify App Proxy requests to ensure only verified requests from Shopify are processed by the server.
⸻
Changes
• Added verifyShopifyProxySignature() helper to validate incoming app proxy requests.
• Integrated signature validation into the route loader for all GET/POST proxy endpoints.
• Improved request flow to reject unauthenticated requests early with 401 Invalid signature or 400 Missing signature.
• Refactored route handler to separate:
• History access requests (/chat/history/proxy)
• SSE streaming requests (text/event-stream)
• Standard chat completion handling
• Enhanced error handling and response structure for better debugging and security.
• Added clean modular imports for getCustomerAccountByFund(), createHistoryService(), and createChatService().
⸻
Why
Shopify App Proxy endpoints are publicly accessible.
Without signature validation, malicious actors could spoof requests or manipulate data.
This update secures the integration layer, ensuring all traffic truly originates from Shopify.
⸻
Testing
• Verified successful HMAC validation for genuine proxy requests.
• Confirmed 401 rejection for invalid or missing signatures.
• Validated normal chat and SSE behavior remains unaffected post-authentication.
• Manual tests performed via browser proxy and CLI.