-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathindex.js
88 lines (63 loc) · 2.63 KB
/
index.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
const dotenv = require('dotenv').config();
const express = require('express');
const crypto = require('crypto');
const cookie = require('cookie');
const nonce = require('nonce')();
const querystring = require('querystring');
const axios = require('axios');
const shopifyApiPublicKey = process.env.SHOPIFY_API_PUBLIC_KEY;
const shopifyApiSecretKey = process.env.SHOPIFY_API_SECRET_KEY;
const scopes = 'write_products';
const appUrl = 'YOUR NGROK FORWARDING URL HERE';
const app = express();
const PORT = 3000
app.get('/', (req, res) => {
res.send('Ello Govna')
});
const buildRedirectUri = () => `${appUrl}/shopify/callback`;
const buildInstallUrl = (shop, state, redirectUri) => `https://${shop}/admin/oauth/authorize?client_id=${shopifyApiPublicKey}&scope=${scopes}&state=${state}&redirect_uri=${redirectUri}`;
const buildAccessTokenRequestUrl = (shop) => `https://${shop}/admin/oauth/access_token`;
const buildShopDataRequestUrl = (shop) => `https://${shop}/admin/shop.json`;
const generateEncryptedHash = (params) => crypto.createHmac('sha256', shopifyApiSecretKey).update(params).digest('hex');
const fetchAccessToken = async (shop, data) => await axios(buildAccessTokenRequestUrl(shop), {
method: 'POST',
data
});
const fetchShopData = async (shop, accessToken) => await axios(buildShopDataRequestUrl(shop), {
method: 'GET',
headers: {
'X-Shopify-Access-Token': accessToken
}
});
app.get('/shopify', (req, res) => {
const shop = req.query.shop;
if (!shop) { return res.status(400).send('no shop')}
const state = nonce();
const installShopUrl = buildInstallUrl(shop, state, buildRedirectUri())
res.cookie('state', state) // should be encrypted in production
res.redirect(installShopUrl);
});
app.get('/shopify/callback', async (req, res) => {
const { shop, code, state } = req.query;
const stateCookie = cookie.parse(req.headers.cookie).state;
if (state !== stateCookie) { return res.status(403).send('Cannot be verified')}
const { hmac, ...params } = req.query
const queryParams = querystring.stringify(params)
const hash = generateEncryptedHash(queryParams)
if (hash !== hmac) { return res.status(400).send('HMAC validation failed')}
try {
const data = {
client_id: shopifyApiPublicKey,
client_secret: shopifyApiSecretKey,
code
};
const tokenResponse = await fetchAccessToken(shop, data)
const { access_token } = tokenResponse.data
const shopData = await fetchShopData(shop, access_token)
res.send(shopData.data.shop)
} catch(err) {
console.log(err)
res.status(500).send('something went wrong')
}
});
app.listen(PORT, () => console.log(`listening on port ${PORT}`));