UNPKG

koa-shopify-auth-cookieless

Version:

A cookieless version of the koa-shopify-auth package with some utilities

62 lines (50 loc) 1.47 kB
const Error = require("./errors"); const validateHmac = require("./validate-hmac"); const createOAuthCallback = (config) => { return async function oAuthCallback(ctx) { const { query } = ctx; const { code, hmac, shop, state: nonce } = query; const { apiKey, secret, afterAuth } = config; if (nonce == null) { ctx.throw(403, Error.NonceMatchFailed); } if (shop == null) { ctx.throw(400, Error.ShopParamMissing); return; } if (validateHmac(hmac, secret, query) === false) { ctx.throw(400, Error.InvalidHmac); return; } const accessTokenQuery = new URLSearchParams({ code, client_id: apiKey, client_secret: secret, }).toString(); const accessTokenResponse = await fetch( `https://${shop}/admin/oauth/access_token`, { method: "POST", headers: { "Content-Type": "application/x-www-form-urlencoded", "Content-Length": Buffer.byteLength(accessTokenQuery).toString(), }, body: accessTokenQuery, } ); if (!accessTokenResponse.ok) { ctx.throw(401, Error.AccessTokenFetchFailure); return; } const accessTokenData = await accessTokenResponse.json(); const { access_token: accessToken } = accessTokenData; ctx.state.shopify = { shop, accessToken, }; if (afterAuth) { await afterAuth(ctx); } }; } module.exports = createOAuthCallback;