shopify_app_whitelist

This Gem extends shopify_app to add a whitelist option so only defined shops can access your app for installation.

Compatibility

Rails 4 and Rails 5 are supported. Appraisal Gem is used to test against both versions.

Installation

Assuming shopify_app is already installed

1. Add gem 'shopify_app_whitelist' to your Gemfile
2. Run bundle install

Configuration

1. Open your existing config/initializers/shopify_app.rb file
2. Add whitelist and whitelist_redirect options

Example:

ShopifyApp.configure do |config|
  # ...
  config.whitelist          = ['allowed.myshopify.com', 'another-allowed-shop.myshopify.com']
  config.whitelist_redirect = '/404.html'
  # ...
end

Testing

This Gem is tested. See test/ or run bundle rake test after installing development dependencies.

How It Works

This Gem adds two configuration options to ShopifyApp::Configuration automatically. Using a Railite, it also automatically injects a controller concern into ApplicationController.

The concern will check if the current controller is shopify_app/sessions_controller and that the action is one of new, create, or callback. If it is, it will check the shop's Shopify domain against the whitelist to see if the shop is allowed to access these methods.