UNPKG

@shopify/shopify-app-express

Version:

Shopify Express Middleware - to simplify the building of Shopify Apps with Express

github.com/Shopify/shopify-app-js/tree/main/packages/apps/shopify-app-express

Shopify/shopify-app-js

105 lines (101 loc) 4.08 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
'use strict'; var shopifyApi = require('@shopify/shopify-api'); var redirectToAuth = require('../redirect-to-auth.js'); var redirectOutOfApp = require('../redirect-out-of-app.js'); var hasValidAccessToken = require('./has-valid-access-token.js'); function validateAuthenticatedSession({ api, config, }) { return function validateAuthenticatedSession() { return async (req, res, next) => { config.logger.debug('Running validateAuthenticatedSession'); let sessionId; try { sessionId = await api.session.getCurrentId({ isOnline: config.useOnlineTokens, rawRequest: req, rawResponse: res, }); } catch (error) { config.logger.error(`Error when loading session from storage: ${error}`); handleSessionError(req, res, error); return undefined; } let session; if (sessionId) { try { session = await config.sessionStorage.loadSession(sessionId); } catch (error) { config.logger.error(`Error when loading session from storage: ${error}`); res.status(500); res.send(error.message); return undefined; } } let shop = api.utils.sanitizeShop(req.query.shop) || session?.shop; if (session && shop && session.shop !== shop) { config.logger.debug('Found a session for a different shop in the request', { currentShop: session.shop, requestShop: shop }); return redirectToAuth.redirectToAuth({ req, res, api, config }); } if (session) { config.logger.debug('Request session found and loaded', { shop: session.shop, }); if (session.isActive(api.config.scopes)) { config.logger.debug('Request session exists and is active', { shop: session.shop, }); if (await hasValidAccessToken.hasValidAccessToken(api, session)) { config.logger.debug('Request session has a valid access token', { shop: session.shop, }); res.locals.shopify = { ...res.locals.shopify, session, }; return next(); } } } const bearerPresent = req.headers.authorization?.match(/Bearer (.*)/); if (bearerPresent) { if (!shop) { shop = await setShopFromSessionOrToken(api, session, bearerPresent[1]); } } const redirectUri = `${config.auth.path}?shop=${shop}`; config.logger.info(`Session was not valid. Redirecting to ${redirectUri}`, { shop }); return redirectOutOfApp.redirectOutOfApp({ api, config })({ req, res, redirectUri, shop: shop, }); }; }; } function handleSessionError(_req, res, error) { switch (true) { case error instanceof shopifyApi.InvalidJwtError: res.status(401); res.send(error.message); break; default: res.status(500); res.send(error.message); break; } } async function setShopFromSessionOrToken(api, session, token) { let shop; if (session) { shop = session.shop; } else if (api.config.isEmbeddedApp) { const payload = await api.session.decodeSessionToken(token); shop = payload.dest.replace('https://', ''); } return shop; } exports.validateAuthenticatedSession = validateAuthenticatedSession; //# sourceMappingURL=validate-authenticated-session.js.map