Merge pull request #17 from ohmybrew/legacy-mode

Legacy mode
gnikyt · Mar 11, 2018 · f6604c5 · f6604c5
2 parents 3f24737 + 7071b7b
commit f6604c5
Show file tree

Hide file tree

Showing 5 changed files with 86 additions and 13 deletions.
diff --git a/src/ShopifyApp/Middleware/AuthShop.php b/src/ShopifyApp/Middleware/AuthShop.php
@@ -5,6 +5,7 @@
 use Closure;
 use Illuminate\Http\Request;
 use OhMyBrew\ShopifyApp\Facades\ShopifyApp;
+use Symfony\Component\HttpFoundation\Response;
 
 class AuthShop
 {
@@ -22,14 +23,29 @@ public function handle(Request $request, Closure $next)
         $shopParam = ShopifyApp::sanitizeShopDomain(request('shop'));
 
         // Check if shop has a session, also check the shops to ensure a match
-        if ($shop === null || ($shopParam && $shopParam !== $shop->shopify_domain) === true) {
+        if (
+            $shop === null ||
+            ($shopParam && $shopParam !== $shop->shopify_domain) === true
+        ) {
             // Either no shop session or shops do not match
             session()->forget('shopify_domain');
 
             return redirect()->route('authenticate')->with('shop', $shopParam);
         }
 
-        // Move on, authenticated
-        return $next($request);
+        // Shop is OK, move on...
+        $response = $next($request);
+        if (!$response instanceof Response) {
+            // We need a response object to modify headers
+            $response = new Response($response);
+        }
+
+        if (config('shopify-app.esdk_enabled')) {
+            // Headers applicable to ESDK only
+            $response->headers->set('P3P', 'CP="Not used"');
+            $response->headers->remove('X-Frame-Options');
+        }
+
+        return $response;
     }
 }
diff --git a/src/ShopifyApp/resources/config/shopify-app.php b/src/ShopifyApp/resources/config/shopify-app.php
@@ -12,6 +12,18 @@
 
     'shop_model' => env('SHOPIFY_SHOP_MODEL', '\OhMyBrew\ShopifyApp\Models\Shop'),
 
+    /*
+    |--------------------------------------------------------------------------
+    | ESDK Mode
+    |--------------------------------------------------------------------------
+    |
+    | ESDK (embedded apps) are enabled by default. Set to false to use legacy
+    | mode and host the app inside your own container.
+    |
+    */
+
+    'esdk_enabled' => (bool) env('SHOPIFY_ESDK_ENABLED', true),
+
     /*
     |--------------------------------------------------------------------------
     | Shopify App Name

diff --git a/src/ShopifyApp/resources/views/layouts/default.blade.php b/src/ShopifyApp/resources/views/layouts/default.blade.php
@@ -18,17 +18,19 @@
             </div>
         </div>
 
-        <script src="https://cdn.shopify.com/s/assets/external/app.js?{{ date('YmdH') }}"></script>
-        <script type="text/javascript">
-            ShopifyApp.init({
-                apiKey: '{{ config('shopify-app.api_key') }}',
-                shopOrigin: 'https://{{ ShopifyApp::shop()->shopify_domain }}',
-                debug: false,
-                forceRedirect: true
-            });
-        </script>
+        @if(config('shopify-app.esdk_enabled'))
+            <script src="https://cdn.shopify.com/s/assets/external/app.js?{{ date('YmdH') }}"></script>
+            <script type="text/javascript">
+                ShopifyApp.init({
+                    apiKey: '{{ config('shopify-app.api_key') }}',
+                    shopOrigin: 'https://{{ ShopifyApp::shop()->shopify_domain }}',
+                    debug: false,
+                    forceRedirect: true
+                });
+            </script>
 
-        @include('shopify-app::partials.flash_messages')
+            @include('shopify-app::partials.flash_messages')
+        @endif
 
         @yield('scripts')
     </body>

diff --git a/tests/Controllers/HomeControllerTest.php b/tests/Controllers/HomeControllerTest.php
@@ -36,4 +36,14 @@ public function testShopWithSessionShouldLoad()
         $this->assertEquals(true, strpos($response->content(), "apiKey: ''") !== false);
         $this->assertEquals(true, strpos($response->content(), "shopOrigin: 'https://example.myshopify.com'") !== false);
     }
+
+    public function testShopWithSessionAndDisabledEsdkShouldLoad()
+    {
+        session(['shopify_domain' => 'example.myshopify.com']);
+        config(['shopify-app.esdk_enabled' => false]);
+
+        $response = $this->get('/');
+        $response->assertStatus(200);
+        $this->assertEquals(false, strpos($response->content(), 'ShopifyApp.init'));
+    }
 }
diff --git a/tests/Middleware/AuthShopMiddlewareTest.php b/tests/Middleware/AuthShopMiddlewareTest.php
@@ -49,4 +49,37 @@ public function testShopsWhichDoNotMatchShouldKillSessionAndDirectToReAuthentica
         $this->assertFalse($called);
         $this->assertEquals('example-different-shop.myshopify.com', session('shop'));
     }
+
+    public function testHeadersForEsdkShouldBeAdjusted()
+    {
+        // Set a shop
+        session(['shopify_domain' => 'example.myshopify.com']);
+
+        $response = (new AuthShop())->handle(
+            request(),
+            function ($request) use (&$called) {
+                // Nothing to do here...
+            }
+        );
+
+        $this->assertEquals('CP="Not used"', $response->headers->get('p3p'));
+        $this->assertNull($response->headers->get('x-frame-options'));
+    }
+
+    public function testHeadersForDisabledEsdk()
+    {
+        // Set a shop
+        session(['shopify_domain' => 'example.myshopify.com']);
+        config(['shopify-app.esdk_enabled' => false]);
+
+        $response = (new AuthShop())->handle(
+            request(),
+            function ($request) use (&$called) {
+                // Nothing to do here...
+            }
+        );
+
+        $this->assertNull($response->headers->get('p3p'));
+        $this->assertNull($response->headers->get('x-frame-options'));
+    }
 }