-
Notifications
You must be signed in to change notification settings - Fork 0
/
server.js
137 lines (120 loc) · 3.59 KB
/
server.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
const dotenv = require('dotenv').config();
const express = require('express');
const crypto = require('crypto');
const cookie = require('cookie');
const nonce = require('nonce')();
const querystring = require('querystring');
const request = require('request-promise');
const path = require('path');
const session = require('express-session');
const FileStore = require('session-file-store')(session);
const app = express();
app.use(express.static(path.join(__dirname, 'build')));
app.use(
session({
store: new FileStore({}),
secret: 'lorem ipsum',
}),
);
const apiKey = process.env.SHOPIFY_API_KEY;
const apiSecret = process.env.SHOPIFY_API_SECRET;
const appSlug = process.env.SHOPIFY_APP_SLUG;
const scopes = 'read_products';
const forwardingAddress = process.env.PUBLIC_URI;
app.get('/install', (req, res) => {
const shop = req.query.shop;
if (shop) {
const state = nonce();
const redirectUri = forwardingAddress + '/auth/callback';
const installUrl = `https://${shop}/admin/oauth/authorize?client_id=${apiKey}&scope=${scopes}&state=${state}&redirect_uri=${redirectUri}`;
res.cookie('state', state);
res.redirect(installUrl);
} else {
return res
.status(400)
.send(
'Missing shop parameter. Please add ?shop=your-development-shop.myshopify.com to your request',
);
}
});
app.get('/get-product', (req, res) => {
if (!req.session.shop) {
res.json({
status: 'Unauthorized',
});
return;
}
const productsUrl = `https://${req.session.shop}/admin/products.json`;
const headers = {
'X-Shopify-Access-Token': req.session.accessToken,
};
request
.get(productsUrl, {headers})
.then(response => {
res.json({
product: JSON.parse(response).products[0],
});
})
.catch(error => {
res.json({
status: 'error',
error,
});
});
});
app.get('/auth/callback', (req, res) => {
const {shop, hmac, code, state} = req.query;
const stateCookie = cookie.parse(req.headers.cookie).state;
if (state !== stateCookie) {
return res.status(403).send('Request origin cannot be verified');
}
if (shop && hmac && code) {
// DONE: Validate request is from Shopify
const map = Object.assign({}, req.query);
delete map['signature'];
delete map['hmac'];
const message = querystring.stringify(map);
const providedHmac = Buffer.from(hmac, 'utf-8');
const generatedHash = Buffer.from(
crypto
.createHmac('sha256', apiSecret)
.update(message)
.digest('hex'),
'utf-8',
);
let hashEquals = false;
try {
hashEquals = crypto.timingSafeEqual(generatedHash, providedHmac);
} catch (e) {
hashEquals = false;
}
if (!hashEquals) {
return res.status(400).send('HMAC validation failed');
}
const accessTokenPayload = {
client_id: apiKey,
client_secret: apiSecret,
code,
};
request
.post(`https://${shop}/admin/oauth/access_token`, {
json: accessTokenPayload,
})
.then(accessTokenResponse => {
const accessToken = accessTokenResponse.access_token;
req.session.shop = shop;
req.session.accessToken = accessToken;
res.redirect('https://' + shop + '/admin/apps/' + appSlug);
})
.catch(error => {
console.log(error);
res.status(error.statusCode).send(error.error.error_description);
});
} else {
res.status(400).send('Required parameters missing');
}
});
app.get('/', function(req, res) {
res.sendFile(path.join(__dirname, 'build', 'index.html'));
});
app.listen(process.env.PORT || 8080);