@shopify/shopify-api
Version:
Shopify API Library for Node - accelerate development with support for authentication, graphql proxy, webhooks
88 lines (84 loc) • 4.19 kB
JavaScript
;
var types = require('../runtime/crypto/types.js');
var utils = require('../runtime/crypto/utils.js');
var getShopValue = require('./get-shop-value.js');
var getHostValue = require('./get-host-value.js');
var getJwt = require('./get-jwt.js');
var getHmac = require('./get-hmac.js');
exports.RequestType = void 0;
(function (RequestType) {
RequestType[RequestType["Admin"] = 0] = "Admin";
RequestType[RequestType["Bearer"] = 1] = "Bearer";
RequestType[RequestType["Extension"] = 2] = "Extension";
RequestType[RequestType["Public"] = 3] = "Public";
})(exports.RequestType || (exports.RequestType = {}));
/**
* Duplicates a Request object and decorates the duplicated object with fake authorization headers or query string parameters.
*
* @param {ValidRequestOptions} options Provides the type of authorization method to fake for the provided Request, and the inputs required to fake the authorization.
* @param {Request} request The Request object to be decorated with fake authorization headers or query string parameters.
* @returns {Request} A duplicate of the provided Request object with faked authorization headers or query string parameters.
*/
async function setUpValidRequest(options, request) {
let authenticatedRequest;
switch (options.type) {
case exports.RequestType.Admin:
authenticatedRequest = await adminRequest(request, options.store, options.apiKey, options.apiSecretKey);
break;
case exports.RequestType.Bearer:
authenticatedRequest = await bearerRequest(request, options.store, options.apiKey, options.apiSecretKey);
break;
case exports.RequestType.Extension:
authenticatedRequest = extensionRequest(request, options.store, options.apiSecretKey, options.body, options.headers);
break;
case exports.RequestType.Public:
authenticatedRequest = await publicRequest(request, options.store, options.apiSecretKey);
break;
}
return authenticatedRequest;
}
async function adminRequest(request, store, apiKey, apiSecretKey) {
const { token } = await getJwt.getJwt(store, apiKey, apiSecretKey);
const url = new URL(request.url);
url.searchParams.set('embedded', '1');
url.searchParams.set('shop', getShopValue.getShopValue(store));
url.searchParams.set('host', getHostValue.getHostValue(store));
url.searchParams.set('id_token', token);
return new Request(url.href, request);
}
async function bearerRequest(request, store, apiKey, apiSecretKey) {
const { token } = await getJwt.getJwt(store, apiKey, apiSecretKey);
const authenticatedRequest = new Request(request);
authenticatedRequest.headers.set('authorization', `Bearer ${token}`);
return authenticatedRequest;
}
function extensionRequest(request, store, apiSecretKey, body, headers) {
const bodyString = JSON.stringify(body);
const authenticatedRequest = new Request(request, {
method: 'POST',
body: bodyString,
});
authenticatedRequest.headers.set('X-Shopify-Hmac-Sha256', getHmac.getHmac(bodyString, apiSecretKey));
authenticatedRequest.headers.set('X-Shopify-Shop-Domain', getShopValue.getShopValue(store));
if (headers) {
for (const [key, value] of Object.entries(headers)) {
authenticatedRequest.headers.set(key, value);
}
}
return authenticatedRequest;
}
async function publicRequest(request, store, apiSecretKey) {
const url = new URL(request.url);
url.searchParams.set('shop', getShopValue.getShopValue(store));
url.searchParams.set('timestamp', String(Math.trunc(Date.now() / 1000) - 1));
const params = Object.fromEntries(url.searchParams.entries());
const string = Object.entries(params)
.sort(([val1], [val2]) => val1.localeCompare(val2))
.reduce((acc, [key, value]) => {
return `${acc}${key}=${value}`;
}, '');
url.searchParams.set('signature', await utils.createSHA256HMAC(apiSecretKey, string, types.HashFormat.Hex));
return new Request(url.href, request);
}
exports.setUpValidRequest = setUpValidRequest;
//# sourceMappingURL=setup-valid-request.js.map