Shopify API App Proxy with Rails verify Users

Question

I am trying to configure an app proxy so users can submit a product for a Shopify store. I have seen multiple ways to so a signature and handle it so yet I am unable to get it working so the ShopifyAPI will work. The action is below, I noticed that:shopify_session filter only works for admin, not customers as well.

def submit_product
    query_parameters = Rack::Utils.parse_query(request.query_string)

    # Remove and save the "signature" entry
    signature = query_parameters.delete("signature")
    sorted_params = query_parameters.collect{ |k, v| "#{k}=#{Array(v).join(',')}" }.sort.join
    calculated_signature = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new('sha256'), ENV['SHOPIFY_SECRET'], sorted_params)
    raise 'Invalid signature' if signature != calculated_signature
    @store = Store.where(shopify_url: query_parameters['shop']).first 
    if @store.present?
      @product = @store.products.new
      @product.images.build
      @product_types = ShopifyAPI::CustomCollection.find(@store.customizable_collection_id).products
    end
end

Answer 1

Before you can connect to the ShopifyAPI you should first establish an API session. Otherwise the ShopifyAPI::CustomCollection.find method can't connect to Shopify. Steps 3 and 4 of the shopify_api README include the following example:

session = ShopifyAPI::Session.new("SHOP_NAME.myshopify.com", token)
ShopifyAPI::Base.activate_session(session)
product_types = ShopifyAPI::CustomCollection.find(id)

token is the permanent access token which you can request during the OAuth Authentication phase (the installation of the App into a shop).