我是 Shopify 应用程序开发的新手。当我尝试在市场上部署应用程序时,我遇到了必须安装强制隐私 Webhook 的要求。经过一番研究后,我能够使用附带的模板文件并发送 200 OK 响应,因为我们不收集或使用任何客户数据。
我收到一封电子邮件,指出我的应用程序因以下原因被拒绝
App must verify the authenticity of the request from Shopify.
Expected HTTP 401 (Unauthorized), but got HTTP 302 from https://server/api/webhooks/shop_redact. Your app's HTTPS webhook endpoints must validate the HMAC digest of each request, and return an HTTP 401 (Unauthorized) response code when rejecting a request that has an invalid digest
如何验证请求?有没有我们从 Shopify 获得的基本样板代码的示例?
privacy.js
import { DeliveryMethod } from "@shopify/shopify-api";
/**
* @type {{[key: string]: import("@shopify/shopify-api").WebhookHandler}}
*/
export default {
/**
* Customers can request their data from a store owner. When this happens,
* Shopify invokes this privacy webhook.
*
* https://shopify.dev/docs/apps/webhooks/configuration/mandatory-webhooks#customers-data_request
*/
CUSTOMERS_DATA_REQUEST: {
deliveryMethod: DeliveryMethod.Http,
callbackUrl: "/api/webhooks",
callback: async (topic, shop, body, webhookId) => {
const payload = JSON.parse(body);
// Payload has the following shape:
// {
// "shop_id": 954889,
// "shop_domain": "{shop}.myshopify.com",
// "orders_requested": [
// 299938,
// 280263,
// 220458
// ],
// "customer": {
// "id": 191167,
// "email": "[email protected]",
// "phone": "555-625-1199"
// },
// "data_request": {
// "id": 9999
// }
// }
return {
statusCode: 200,
body: JSON.stringify({}),
}
},
},
/**
* Store owners can request that data is deleted on behalf of a customer. When
* this happens, Shopify invokes this privacy webhook.
*
* https://shopify.dev/docs/apps/webhooks/configuration/mandatory-webhooks#customers-redact
*/
CUSTOMERS_REDACT: {
deliveryMethod: DeliveryMethod.Http,
callbackUrl: "/api/webhooks",
callback: async (topic, shop, body, webhookId) => {
const payload = JSON.parse(body);
// Payload has the following shape:
// {
// "shop_id": 954889,
// "shop_domain": "{shop}.myshopify.com",
// "customer": {
// "id": 191167,
// "email": "[email protected]",
// "phone": "555-625-1199"
// },
// "orders_to_redact": [
// 299938,
// 280263,
// 220458
// ]
// }
return {
statusCode: 200,
body: JSON.stringify({}),
}
},
},
/**
* 48 hours after a store owner uninstalls your app, Shopify invokes this
* privacy webhook.
*
* https://shopify.dev/docs/apps/webhooks/configuration/mandatory-webhooks#shop-redact
*/
SHOP_REDACT: {
deliveryMethod: DeliveryMethod.Http,
callbackUrl: "/api/webhooks",
callback: async (topic, shop, body, webhookId) => {
const payload = JSON.parse(body);
// Payload has the following shape:
// {
// "shop_id": 954889,
// "shop_domain": "{shop}.myshopify.com"
// }
return {
statusCode: 200,
body: JSON.stringify({}),
}
},
},
};
这些 Webhooks 与 Shopify 中的任何其他 Webhook 相同。唯一的区别是,它们不是你要求的,而是他们给你的。因此,您提供应用程序端点来处理 Webhook,然后只需添加这些隐私 Webhook 的主题即可进行处理。因此,假设您已经编写了卸载 Webhook 代码,只需遵循该模式,输入 Shopify 隐私中的 3,然后让您的路由器处理其余的事情。换句话说,这比常规 Webhook 更简单,因为您不需要请求它。