shopify_app_whitelist

This Gem extends shopify_app to add a whitelist option so only defined shops can access your app for installation.

v2.0 up - Rails 5 and Shopify App 8 are supported.

v1.0 up - Rails 4 and Rails 5, Shopify App <7.1 are supported. Appraisal Gem is used to test against both versions of Rails.

Assuming shopify_app is already installed

1. Add gem 'shopify_app_whitelist' to your Gemfile
2. Run bundle install

1. Open your existing config/initializers/shopify_app.rb file
2. Add whitelist and whitelist_redirect options

Example:

ShopifyApp.configure do |config|
  # ...
  config.whitelist          = %w(allowed.myshopify.com another-allowed-shop.myshopify.com)
  config.whitelist_redirect = '/404.html'
  # ...
end

This Gem is tested. See test/ or run bundle rake test after installing development dependencies.

This Gem adds two configuration options to ShopifyApp::Configuration automatically. Using a Railite, it also automatically injects a controller concern into ActionController::Base.

The concern will check if the current controller is shopify_app/sessions_controller and that the action is one of new, create, or callback. If it is, it will check the shop's Shopify domain against the whitelist to see if the shop is allowed to access these methods.

This project is released under the MIT license.