npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@satel/shopify-app-utils

v2.0.0-beta.0

Published

Authentication & Validation for Shopify Apps

Downloads

10

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

qw-inqw-insatelcreativesatelcreative

Keywords

shopifyexpressmiddlewarehmacsignature

Readme

Disclaimers

This is beta software. Use in production at your own risk.

Currently validateRequest and handleCallback only support online mode.

About

Provides functionality for some of the more tedious requirements when building a Shopify app such as consistent hmac validation behavior for authentication, proxies, etc. Provided as general use functions but can easily be adapted for use as express middleware.

This is not meant to be a batteries included solution. For that checkout shopify-express

Installation

Note: requires NodeJS >= 8.6.0

npm install @satel/shopify-app-utils

or

yarn add @satel/shopify-app-utils

Documentation

Table of Contents

createOAuth

Creates instances of validateRequest & handleCallback wrapped in a closure

Parameters

  • options object
    • options.host string the base url of the app
    • options.redirectRoute string the route where oauth2 redirects will be handled
    • options.scope Array<string> scope your app will require
    • options.key string shopify app api key
    • options.secret string shopify app shared secret
    • options.online boolean do you require an online token (optional, default false)
    • options.offline boolean do you require an offline token (optional, default false)

Examples

const oauth = require('@satel/shopify-app-utils');

const { validateRequest, handleCallback } = oauth.create({
  host: 'https://my-app.com',
  redirectRoute: '/redirect',
  scope: ['read_products'],
  key: 'MY_KEY',
  secret: 'MY_SECRET',
  online: true,
});

validateRequest

TODO

Parameters

validateRequest~generateNonce

Used to generate a nonce to be used in a redirect url

Type: Function

Parameters

Returns string

validateRequest~onAuthenticated

Called when a request is authorized

Type: Function

Parameters

  • options object
    • options.shop string the .myshopify domain
    • options.appScope Array<string> the application scope (when jwt was generated)
    • options.userScope (Array<string> | undefined) the user scope (only applicable to online tokens)
    • options.decoded object decoded body of the jwt

validateRequest~onRedirect

Called when a redirect is required

Type: Function

Parameters

  • options object
    • options.url string the redirect url
    • options.html string a js based redirect for use in iframes

validateRequest~onFailed

Called when unable to redirect or authorize

Type: Function

Parameters

handleCallback

Parameters

handleCallback~validateNonce

Used to validate a previously generated nonce

Type: Function

Parameters

  • options object
    • options.shop string the .myshopify domain
    • options.nonce string the retrieved nonce

Returns (boolean | Promise<boolean>)

handleCallback~onAuthenticated

Called when a request is authorized

Type: Function

Parameters

  • options object
    • options.token string the shopify access token
    • options.online string indicates if the current token is online or offline
    • options.jwt string a jwt token
    • options.shop string the .myshopify domain
    • options.appScope Array<string> the application scope (when jwt was generated)
    • options.userScope (Array<string> | undefined) the user scope (only applicable to online tokens)

handleCallback~onFailed

Called when request cannot be authorized

Type: Function

Parameters

validateHMAC

Parses the url and validates the HMAC provided by shopify

Parameters

Examples

// Import
import { oauth } from '@satel/shopify-app-utils';
const { oauth } = require('@satel/shopify-app-utils');
const { validateHMAC } = oauth;

// Directly
const validateHMAC = require('@satel/shopify-app-utils/oauth/hmac');

// General
const validHMAC = validateHMAC({ url, secret: 'hush' });

// Express
app.use(req => {
  const validHMAC = validateHMAC({ url: req.url, secret: 'hush' });
});

Returns boolean

generateRedirect

Generates the url / html based redirect to start the oauth2 process

Parameters

Examples

// Full Page App
res.redirect(
  generateRedirect({
    shop: 'example.myshopify.com',
    apiKey: 'MY_APP_API_KEY',
    nonce: 'unique-request-identifier',
    redirect: 'https://my-app.com/path/to/redirect',
    scope: ['read_products', 'write_products', 'etc'],
  }),
);

// Embedded online app
res.send(
  generateRedirect({
    shop: 'example.myshopify.com',
    apiKey: 'MY_APP_API_KEY',
    nonce: 'unique-request-identifier',
    redirect: 'https://my-app.com/path/to/redirect',
    scope: ['read_products', 'write_products', 'etc'],
    online: true,
    iframe: true,
  }),
);

Returns string

generateJSRedirect

Pass in a url and it returns an html document that will redirect top rather than the iFrame

Parameters

Returns string

validateDomain

Checks if a string is a valid .myshopify.com domain (exclude the protocol)

Parameters

Examples

const validDomain = validateDomain({ shop: 'my-shop.myshopify.com' });

Returns boolean

validateTimestamp

Verifies the shopify timestamp generally provided with authenticated responses from shopify

Parameters

  • $0 Object
    • $0.timestamp
    • $0.margin (optional, default 60)
  • options Object
  • timestamp string
  • margin number Timestamp must be withing margin of now (optional, default 60)

Examples

const validTimestamp = validateTimestamp({ timestamp: '1533160800', margin: 60 * 5 });

Returns boolean

validateSignature

Parses the url and validates proxied requests from Shopify

Parameters

Examples

// Import
import { proxy } from '@satel/shopify-app-utils';
const { proxy } = require('@satel/shopify-app-utils');
const { validateSignature } = proxy;

// Directly
const validateSignature = require('@satel/shopify-app-utils/oauth/proxy');

// General
const valid = validateSignature({ url, secret: 'hush' });

// Express
app.use(req => {
  const valid = validateSignature({ url: req.url, secret: 'hush' });
});

Returns boolean

computeHMAC

Produces a hex encoded Sha256 hmac

Parameters

Examples

const hash = computeHMAC({
  text: 'message',
  secret: 'hush',
});

Returns string