Rack middleware for use with "Third Party Applications" on the Wix platform. It handles the instance param passed by Wix requests for configurable paths. It checks the signature, parses the contents and passes a convenient Object to your application via env.
Important note: if you're using a pre-1.0.0-version of this gem, please be aware the API changed significantly. You will have to update some of your code. However, in versions >= 1.0.0 should be a corresponding method for anything from version 0.0.x.
Add this line to your application's Gemfile:
gem 'wix-apps', '~> 1.0.0'
And then execute:
$ bundle
Or install it yourself as:
$ gem install wix-apps
Add Wix::Apps::SignedInstanceMiddleware
like any other middleware.
use Wix::Apps::SignedInstanceMiddleware, secret_key: 'secret_key',
secured_paths: ['/your', '/paths', %r{\A/wix/(auth|update)\z}]
In application.rb
, add:
config.middleware.use Wix::Apps::SignedInstanceMiddleware, secret_key: 'your-secret-key',
secured_paths: ['/wix']
In your controller handling a configured secured path, access the signed instance:
class WixController < ApplicationController
def index
# retrieve Wix::Apps::SignedInstance object
instance = request.env['wix.instance']
if instance.owner_permissions?
...
This WixApps middleware passes on a Wix::Apps::SignedInstance
object through env['wix.instance']. The object has the following methods:
Object method | Type | Description |
---|---|---|
instance_id | String | Required Wix instance property instanceId |
sign_date | DateTime | Required Wix instance property signDate |
uid | String | Optional Wix instance property uid |
permissions | String | Required Wix instance property permissions |
ip_and_port | String | Required Wix instance property ipAndPort |
vendor_product_id | String | Required Wix instance property vendorProductId |
aid | String | Required Wix instance property aid |
origin_instance_id | String | Optional Wix instance property originInstanceId |
site_owner_id | String | Required Wix instance property siteOwnerId |
owner_permissions? | Boolean | Indicates if instance user has owner (includes site administrators) permissions |
owner_logged_in? | Boolean | Indicates if instance user is the single owner of the site |
An Array of String- and Regexp-objects describing the paths to be secured by checking the Wix signed instance. On request, the path will be checked against every entry in this list. Strings are checked for equality, Regexps are matched (without additional conditions, so use \A and \z for start and end markers if you need them!). Keep in mind rack's paths always begin with a '/'.
Example (secures '/auth_path', every path containing the string 'wix' and every path starting with '/wox/'):
secured_paths: ['/auth_path', /wix/, %r{\A/wox/}]
Just like secured_paths, except these paths may or may not receive a Wix signed instance. If it does, the instance has to be valid. Calling request.env('wix.instance')
in the controller may return nil (although the env key 'wix.instance'
exists) if there was no instance passed.
A String containing your Wix app's secret key.
Example:
secret_key: 'd245bbf8-57eb-49d6-aeff-beff6d82cd39'
A Boolean indicating if the instance properties of the Wix signed instance should be checked for completeness (true, default) or not (false). You should never need to set it to false and it's meant for debugging purposes only.
Example:
strict_properties: true
- Fork it
- Create your feature branch (
git checkout -b my-new-feature
) - Commit your changes (
git commit -am 'Added some feature'
) - Push to the branch (
git push origin my-new-feature
) - Create new Pull Request