shopify-graphql_proxy 0.1.0 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 63eb52573ec696136c330d46e6366b08851a0fa0
-  data.tar.gz: 0a072590efaee1179a3656e36edc9ad8941a5165
+  metadata.gz: 53a98e1b0047f818fedcfabe1015fce982167c76
+  data.tar.gz: ea8901b6ec6dab33dd1746fbc766bff80769ba4a
 SHA512:
-  metadata.gz: 6db9250610bd658d30387181eed6b22be8f77ccefdc4ffffe7d9ab241849b03ff5d0ab4425496404266392a4e9918a54a5977fa011f093219cbbd7b06b375797
-  data.tar.gz: ba7d4da8592744e36f05816077700c817947caa2921e69d2f7f5223cdc4af4b0319032435457a0cc1140f45a61db85f7aa3808bd7c989540b26748cc8032843e
+  metadata.gz: 7857c3847d01d36411599221120ec76190ac9ecf99b06d906a0eb0567dabc51c4a3ad8ffcbdc032580361efdab43664dcba591639ed3515b89c72cd6c5fe7490
+  data.tar.gz: 10db470df033c3bb6b6fcb8f12202993beef396bede4bb239dcf0a1dd5354c8698fe4e3f01a5de84697af738a137b9456c4fdd1babcbe075bc181a770188863b

data/README.md

@@ -0,0 +1,67 @@
+# shopify-graphql_proxy
+Gem to securely proxy graphql requests to Shopify from Rack based Apps
+
+* Avoid CORS complications by proxying from same domain to Shopify
+* Allows client side scripts to query a logged in merchant's shop without needing to know the users acces token
+
+## Installation
+Add the following to your Gemfile
+```
+gem 'shopify-graphql_proxy', '-> 0.1.0'
+```
+Or install:
+```
+gem install shopify-graphql_proxy
+```
+
+## Usage
+It is recommended to use the [omniauth-shopify-oauth2](https://github.com/Shopify/omniauth-shopify-oauth2) to authenticate requests with Shopify
+
+```ruby
+use Shopify::GraphQLProxy
+
+```
+
+This middleware expects that the session data is stored in the shopify key
+
+
+```ruby
+session[:shopify] = {
+  shop: shop_name,
+  token: token
+}
+```
+
+It will proxy any `POST` request to `/graphql` on your app to the current logged in shop found in session
+
+#### Get GraphQL data from client side with logged in merchant's shop
+```javascript
+fetch('/graphql', {
+  method: 'POST',
+  headers: { 'Content-Type': 'application/json' },
+  body: JSON.stringify({ query: '{ shop { name } }' }),
+  credentials: 'include'
+})
+  .then(res => res.json())
+  .then(res => console.log(res.data));
+```
+
+## Custom path
+You can use the Rack::Builder#map method to specify middleware to run under specific path
+```ruby
+# /shopify/graphql
+
+map('/shopify') do
+  use Shopify::GraphQLProxy
+  run Proc.new { |env| [200, {'Content-Type' => 'text/plain'}, ['get rack\'d']]}
+end
+
+map('/') do
+  run App
+end
+```
+
+## Thanks
+
+* [Rack Proxy](https://github.com/ncr/rack-proxy)
+* [Koa Shopify GraphQL Proxy](https://github.com/Shopify/quilt/tree/master/packages/koa-shopify-graphql-proxy)

data/lib/shopify/graphql_proxy.rb

@@ -4,25 +4,33 @@ module Shopify
   class GraphQLProxy < Rack::Proxy
     PROXY_BASE_PATH = "/graphql"
     GRAPHQL_PATH = "/admin/api/graphql.json"
-    VERSION = "0.1.0"
+    VERSION = "0.2.0"
+
+    def initialize(app = nil, opts= {})
+      super
+      @shop = opts[:shop] if opts[:shop]
+      @password = opts[:password] if opts[:password]
+    end
 
     def perform_request(env)
-      request = Rack::Request.new(env)
+      @request = Rack::Request.new(env)
 
-      if request.path_info =~ %r{^#{PROXY_BASE_PATH}}
-        unless request.request_method == "POST"
-          return @app.call(env)
-        end
+      path_info = @request.path_info
+      request_method = @request.request_method
+
+      if path_info =~ %r{^#{PROXY_BASE_PATH}} && request_method == "POST"
+        shop = @shop ? @shop : value_from_shopify_session(:shop)
+        token = @password ? @password : value_from_shopify_session(:token)
 
-        unless request.session.key?(:shopify)
+        unless shop && token
           return ["403", {"Content-Type" => "text/plain"}, ["Unauthorized"]]
         end
 
-        backend = URI("https://#{request.session[:shopify][:shop]}#{GRAPHQL_PATH}")
+        backend = URI("https://#{shop}#{GRAPHQL_PATH}")
 
         env["HTTP_HOST"] = backend.host
         env["PATH_INFO"] = backend.path
-        env["HTTP_X_SHOPIFY_ACCESS_TOKEN"] = request.session[:shopify][:token]
+        env["HTTP_X_SHOPIFY_ACCESS_TOKEN"] = token
         env["SCRIPT_NAME"] = ""
         env["HTTP_COOKIE"] = nil
 
@@ -31,5 +39,11 @@ module Shopify
         @app.call(env)
       end
     end
+
+    private
+
+    def value_from_shopify_session(key)
+      @request.session.key?(:shopify) ? @request.session[:shopify][key] : nil;
+    end
   end
 end

data/shopify-graphql_proxy.gemspec

@@ -1,10 +1,11 @@
 # coding: utf-8
 lib = File.expand_path("../lib", __FILE__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'shopify/graphql_proxy'
 
 Gem::Specification.new do |spec|
   spec.name          = "shopify-graphql_proxy"
-  spec.version       = "0.1.0"
+  spec.version       = Shopify::GraphQLProxy::VERSION
   spec.authors       = ["montalvomiguelo"]
   spec.email         = ["me@montalvomiguelo.com"]
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: shopify-graphql_proxy
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.2.0
 platform: ruby
 authors:
 - montalvomiguelo
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-05-24 00:00:00.000000000 Z
+date: 2018-08-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -90,6 +90,7 @@ files:
 - ".gitignore"
 - Gemfile
 - LICENSE.txt
+- README.md
 - Rakefile
 - lib/shopify/graphql_proxy.rb
 - shopify-graphql_proxy.gemspec