@@ -36,6 +36,33 @@ Set the TPG_JWT_SIGNING_KEY and TPG_JWT_VERIFICATION_KEY environment variables i
3636🚨️🚨️🚨️
3737```
3838
39+ ## Shopify whitelisting
40+
41+ Orders are submitted to the server via the ` /shopify/webhook/* ` endpoints. This are called by shopify's webhook system.
42+ However, if anyone could make calls to that endpoint, they could submit fake orders to the server.
43+ One set of protections against this is to whitelist the IP addresses of Shopify's webhook servers.
44+
45+ All endpoints under the ` /shopify ` scope are checked against the shopify IP whitelist. These are configured via the
46+ ` TPG_SHOPIFY_IP_WHITELIST ` environment variable. This is a comma-separated list of IP addresses.
47+ For example,
48+ ```
49+ TPG_SHOPIFY_IP_WHITELIST=192.168.1.1,192.168.1.5,10.0.0.2
50+ ```
51+
52+ When an incoming request is made, the server will check the IP address of the request against the whitelist. The IP is taken
53+ from the remote peer of the connection. If the Tari payment server is behind a load balancer, this might cause the check
54+ to fail, since the IP address of the load balancer will be checked, rather than the IP address of the Shopify server.
55+
56+ To work around this, you can set the ` TPG_USE_X_FORWARDED_FOR ` or ` TPG_USE_FORWARDED ` environment variables to ` 1 ` or ` true ` .
57+ The server will then use the IP address in the ` X-Forwarded-For ` or ` Forwarded ` headers, respectively.
58+
59+ Your proxy or load balancer must then be configured to set these headers and should take precautions against header spoofing.
60+
61+ 🚨️🚨️🚨️ ** WARNING** 🚨️🚨️🚨️
62+
63+ Attackers can trivially spoof ` X-Forwarded-For ` or ` Forwarded ` headers. So be careful if using these options and ensure that
64+ your proxy or load balancer takes precautions to detect spoofing (such as comparing against the remote peer's IP address).
65+
3966## Server configuration
4067
4168The server is configured via the following environment variables:
0 commit comments