@agnostack/next-shopify
Version:
Please contact agnoStack via info@agnostack.com for any questions
63 lines • 4.32 kB
JavaScript
;
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
return new (P || (P = Promise))(function (resolve, reject) {
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
step((generator = generator.apply(thisArg, _arguments || [])).next());
});
};
var __rest = (this && this.__rest) || function (s, e) {
var t = {};
for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p) && e.indexOf(p) < 0)
t[p] = s[p];
if (s != null && typeof Object.getOwnPropertySymbols === "function")
for (var i = 0, p = Object.getOwnPropertySymbols(s); i < p.length; i++) {
if (e.indexOf(p[i]) < 0 && Object.prototype.propertyIsEnumerable.call(s, p[i]))
t[p[i]] = s[p[i]];
}
return t;
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.getVerifiedSessionData = void 0;
const jsonwebtoken_1 = require("jsonwebtoken");
const shared_1 = require("../../shared");
const crypto_1 = require("./crypto");
// NOTE: this signingSecret is not current used, but just in case we ever need it
const getVerifiedSessionData = (serverRuntimeConfig, { signingSecret: _signingSecret } = {}) => {
const { APP_CONFIG } = serverRuntimeConfig;
return (sessionToken_1, ...args_1) => __awaiter(void 0, [sessionToken_1, ...args_1], void 0, function* (sessionToken, { shop, host: _host } = {}) {
let data;
try {
if ((0, shared_1.stringEmptyOnly)(sessionToken)) {
return data;
}
// NOTE: this does not always contain sid (depending on if calling from appbridge)
// eslint-disable-next-line @typescript-eslint/no-unused-vars
const _a = (0, shared_1.decodeSessionToken)(sessionToken), { decoded, token } = _a, _data = __rest(_a, ["decoded", "token"]);
const { shop: sessionShop, host: sessionHost } = _data;
data = _data;
// NOTE this will remove additional query params added by Shopify, i.e. "oseid" which is added when loaded inside the theme editor
const [host] = (0, shared_1.ensureString)(_host).split('?');
if (!shop || !host || (sessionShop !== shop) || (sessionHost !== host)) {
throw new shared_1.ShopifySessionInvalidError('Unauthorized shop or host', { shop, host, sessionShop, sessionHost });
}
// eslint-disable-next-line @typescript-eslint/no-unused-vars
const { iat, nbf, exp } = decoded, verifiable = __rest(decoded, ["iat", "nbf", "exp"]);
const signingSecret = _signingSecret || (0, crypto_1.generateHMAC)((0, shared_1.objectToSortedString)(verifiable), APP_CONFIG.apiSecretKey);
const verified = (0, jsonwebtoken_1.verify)(sessionToken, signingSecret);
if (verified == undefined) {
throw new shared_1.ShopifySessionInvalidError('Verified Undefined');
}
}
catch (error) {
// eslint-disable-next-line max-len
console.error('Error verifying session token', (0, shared_1.cleanObject)(Object.assign({ type: error === null || error === void 0 ? void 0 : error.type, code: error === null || error === void 0 ? void 0 : error.code, name: error === null || error === void 0 ? void 0 : error.name, message: error === null || error === void 0 ? void 0 : error.message }, error === null || error === void 0 ? void 0 : error.data), false, shared_1.stringEmptyOnly));
throw new shared_1.ShopifySessionInvalidError('Error verifying session token', Object.assign({ message: error === null || error === void 0 ? void 0 : error.message, name: error === null || error === void 0 ? void 0 : error.name }, error === null || error === void 0 ? void 0 : error.data));
}
return data;
});
};
exports.getVerifiedSessionData = getVerifiedSessionData;
//# sourceMappingURL=token.js.map