Gatekeeper
Now available: Gatekeeper, the content protection tool for Shopify.
Gatekeeper is built on CakePHP, using an extension of Shopify's official PHP api (to be released in the near future as a Cake component - leave a comment if you're anxious).
Version 1.0 features:
Automatic installation on shop templates
Single-click protection for pages and products
To preserve settings, locks can be disabled without deleting
Username/password or username-only users
Multiple users per lock
Automated cache renewal to ensure locked content is up to date
Planned:
SSL support
Storefront authentication without page reloads
Customize login message per-lock
Style gallery for Gatekeeper's login forms and messages
Global enable/disable
User import/export
––verbose
This project started out as a value-add for a client who maintains a Shopify storefront. They were looking for a way to lock down a single page of their store, such that only users who had a valid username could enter. Shopify does offer password protection, but it's applied globally - the store is either completely locked, or completely open. Thus, Gatekeeper.
Implementation was somewhat less than straightforward. There are no provisions for local scripting in Shopify, and because Liquid is sanely designed it does not provide access to arbitrary HTTP query data (so no POST/GET vars, let alone any session identifiers). This meant that the role that the Shopify storefront could play was limited at best. The solution I arrived at, and what is in production now, involves metafields set on the requested resource (currently implemented for pages/products) and on the shop itself to control whether or not the resource should be delivered from Shopify, or retrieved from Gatekeeper. If the resource is locked, Javascript is used to pull the requested data from Gatekeeper's domain (necessitating JSONP). This data is only delivered if an authenticated user session is active - if not, a login form is returned, which points back to Gatekeeper.
This obviously means that Gatekeeper must actively maintain a cache of resource data, which it does. This same cache powers the lists of resources (again, just pages and products for now) that are offered to the user from the Gatekeeper dashboard, and is regularly validated and renewed. This allows Gatekeeper to capably handle thousands of resources per shop while keeping the user experience responsive, and keeping api calls to a minimum.
Gatekeeper spent exactly three weeks in the approval process. Dennis Theisen handled its review, and provided surprisingly practical and insightful feedback throughout. I'm thoroughly impressed with the level of care that Shopify gives to the user experience, even as it extends beyond Shopify to third-party applications. The App Store is a walled garden, yes, but close communication throughout makes this a benefit, not a hindrance.
Gatekeeper is being released today into the wild, with a free one-lock-one-user trial and an unlimited-use subscription for USD$20 per month.
Last updated
Was this helpful?