@drawbridge/drawbridge-utils 0.0.22 → 0.0.24
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cdn.cjs +15 -0
- package/dist/cdn.d.cts +33 -1
- package/dist/cdn.d.ts +33 -1
- package/dist/cdn.js +14 -0
- package/dist/shopify.cjs +51 -2
- package/dist/shopify.d.cts +92 -2
- package/dist/shopify.d.ts +92 -2
- package/dist/shopify.js +47 -1
- package/package.json +1 -1
package/dist/cdn.cjs
CHANGED
|
@@ -19,6 +19,7 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
|
|
|
19
19
|
// cdn.js
|
|
20
20
|
var cdn_exports = {};
|
|
21
21
|
__export(cdn_exports, {
|
|
22
|
+
cdnShopify: () => cdnShopify,
|
|
22
23
|
cdnSrc: () => cdnSrc
|
|
23
24
|
});
|
|
24
25
|
module.exports = __toCommonJS(cdn_exports);
|
|
@@ -31,7 +32,21 @@ var cdnSrc = (asset, size, timestamp) => {
|
|
|
31
32
|
"?query=" + timestamp
|
|
32
33
|
].join("");
|
|
33
34
|
};
|
|
35
|
+
var cdnShopify = (url, size, timestamp) => {
|
|
36
|
+
if (!url) return void 0;
|
|
37
|
+
try {
|
|
38
|
+
const parsed = new URL(url);
|
|
39
|
+
const [width, height] = (size || "").split("x").map(Number);
|
|
40
|
+
if (width) parsed.searchParams.set("width", String(width));
|
|
41
|
+
if (height) parsed.searchParams.set("height", String(height));
|
|
42
|
+
if (timestamp) parsed.searchParams.set("v", String(new Date(timestamp).getTime()));
|
|
43
|
+
return parsed.toString();
|
|
44
|
+
} catch {
|
|
45
|
+
return void 0;
|
|
46
|
+
}
|
|
47
|
+
};
|
|
34
48
|
// Annotate the CommonJS export names for ESM import in node:
|
|
35
49
|
0 && (module.exports = {
|
|
50
|
+
cdnShopify,
|
|
36
51
|
cdnSrc
|
|
37
52
|
});
|
package/dist/cdn.d.cts
CHANGED
|
@@ -17,4 +17,36 @@ const cdnSrc = ( asset, size, timestamp ) => {
|
|
|
17
17
|
|
|
18
18
|
};
|
|
19
19
|
|
|
20
|
-
|
|
20
|
+
// Build a Shopify CDN URL with on-the-fly resize. Shopify CDN supports
|
|
21
|
+
// `?width=`/`?height=` query params for server-side resizing, so the
|
|
22
|
+
// caller doesn't need a pre-generated sizes map (unlike cdnSrc).
|
|
23
|
+
// `url` is a Shopify CDN URL string. `size` is the same WxH grammar as
|
|
24
|
+
// cdnSrc (e.g. '100x100') — parsed into width/height query params.
|
|
25
|
+
// `timestamp` is optional: Shopify URLs typically already carry their
|
|
26
|
+
// own `?v=` versioning, so a missing timestamp does not produce a stale
|
|
27
|
+
// asset the way it does with cdnSrc. When provided, the timestamp
|
|
28
|
+
// overrides any existing `v=` to force cache-bust across updates.
|
|
29
|
+
const cdnShopify = ( url, size, timestamp ) => {
|
|
30
|
+
|
|
31
|
+
if( ! url ) return undefined;
|
|
32
|
+
|
|
33
|
+
try {
|
|
34
|
+
|
|
35
|
+
const parsed = new URL( url );
|
|
36
|
+
const [ width, height ] = ( size || '' ).split( 'x' ).map( Number );
|
|
37
|
+
|
|
38
|
+
if( width ) parsed.searchParams.set( 'width', String( width ) );
|
|
39
|
+
if( height ) parsed.searchParams.set( 'height', String( height ) );
|
|
40
|
+
if( timestamp ) parsed.searchParams.set( 'v', String( new Date( timestamp ).getTime() ) );
|
|
41
|
+
|
|
42
|
+
return parsed.toString();
|
|
43
|
+
|
|
44
|
+
} catch {
|
|
45
|
+
|
|
46
|
+
return undefined;
|
|
47
|
+
|
|
48
|
+
}
|
|
49
|
+
|
|
50
|
+
};
|
|
51
|
+
|
|
52
|
+
export { cdnShopify, cdnSrc };
|
package/dist/cdn.d.ts
CHANGED
|
@@ -17,4 +17,36 @@ const cdnSrc = ( asset, size, timestamp ) => {
|
|
|
17
17
|
|
|
18
18
|
};
|
|
19
19
|
|
|
20
|
-
|
|
20
|
+
// Build a Shopify CDN URL with on-the-fly resize. Shopify CDN supports
|
|
21
|
+
// `?width=`/`?height=` query params for server-side resizing, so the
|
|
22
|
+
// caller doesn't need a pre-generated sizes map (unlike cdnSrc).
|
|
23
|
+
// `url` is a Shopify CDN URL string. `size` is the same WxH grammar as
|
|
24
|
+
// cdnSrc (e.g. '100x100') — parsed into width/height query params.
|
|
25
|
+
// `timestamp` is optional: Shopify URLs typically already carry their
|
|
26
|
+
// own `?v=` versioning, so a missing timestamp does not produce a stale
|
|
27
|
+
// asset the way it does with cdnSrc. When provided, the timestamp
|
|
28
|
+
// overrides any existing `v=` to force cache-bust across updates.
|
|
29
|
+
const cdnShopify = ( url, size, timestamp ) => {
|
|
30
|
+
|
|
31
|
+
if( ! url ) return undefined;
|
|
32
|
+
|
|
33
|
+
try {
|
|
34
|
+
|
|
35
|
+
const parsed = new URL( url );
|
|
36
|
+
const [ width, height ] = ( size || '' ).split( 'x' ).map( Number );
|
|
37
|
+
|
|
38
|
+
if( width ) parsed.searchParams.set( 'width', String( width ) );
|
|
39
|
+
if( height ) parsed.searchParams.set( 'height', String( height ) );
|
|
40
|
+
if( timestamp ) parsed.searchParams.set( 'v', String( new Date( timestamp ).getTime() ) );
|
|
41
|
+
|
|
42
|
+
return parsed.toString();
|
|
43
|
+
|
|
44
|
+
} catch {
|
|
45
|
+
|
|
46
|
+
return undefined;
|
|
47
|
+
|
|
48
|
+
}
|
|
49
|
+
|
|
50
|
+
};
|
|
51
|
+
|
|
52
|
+
export { cdnShopify, cdnSrc };
|
package/dist/cdn.js
CHANGED
|
@@ -8,6 +8,20 @@ var cdnSrc = (asset, size, timestamp) => {
|
|
|
8
8
|
"?query=" + timestamp
|
|
9
9
|
].join("");
|
|
10
10
|
};
|
|
11
|
+
var cdnShopify = (url, size, timestamp) => {
|
|
12
|
+
if (!url) return void 0;
|
|
13
|
+
try {
|
|
14
|
+
const parsed = new URL(url);
|
|
15
|
+
const [width, height] = (size || "").split("x").map(Number);
|
|
16
|
+
if (width) parsed.searchParams.set("width", String(width));
|
|
17
|
+
if (height) parsed.searchParams.set("height", String(height));
|
|
18
|
+
if (timestamp) parsed.searchParams.set("v", String(new Date(timestamp).getTime()));
|
|
19
|
+
return parsed.toString();
|
|
20
|
+
} catch {
|
|
21
|
+
return void 0;
|
|
22
|
+
}
|
|
23
|
+
};
|
|
11
24
|
export {
|
|
25
|
+
cdnShopify,
|
|
12
26
|
cdnSrc
|
|
13
27
|
};
|
package/dist/shopify.cjs
CHANGED
|
@@ -32,9 +32,13 @@ __export(shopify_exports, {
|
|
|
32
32
|
getAdminToken: () => getAdminToken,
|
|
33
33
|
ping: () => ping,
|
|
34
34
|
refreshAdminToken: () => refreshAdminToken,
|
|
35
|
-
resolveConnectionSettings: () => resolveConnectionSettings
|
|
35
|
+
resolveConnectionSettings: () => resolveConnectionSettings,
|
|
36
|
+
signOAuthState: () => signOAuthState,
|
|
37
|
+
verifyOAuthCallbackHmac: () => verifyOAuthCallbackHmac,
|
|
38
|
+
verifyOAuthState: () => verifyOAuthState
|
|
36
39
|
});
|
|
37
40
|
module.exports = __toCommonJS(shopify_exports);
|
|
41
|
+
var import_crypto3 = __toESM(require("crypto"), 1);
|
|
38
42
|
|
|
39
43
|
// encrypt.js
|
|
40
44
|
var import_crypto2 = __toESM(require("crypto"), 1);
|
|
@@ -79,6 +83,48 @@ var decrypt = (value) => {
|
|
|
79
83
|
var SHOPIFY_ADMIN_API_VERSION = "2025-01";
|
|
80
84
|
var REFRESH_TOKEN_LIFETIME_MS = 90 * 24 * 60 * 60 * 1e3;
|
|
81
85
|
var ACCESS_TOKEN_REFRESH_BUFFER_MS = 5 * 60 * 1e3;
|
|
86
|
+
var OAUTH_STATE_TTL_MS = 5 * 60 * 1e3;
|
|
87
|
+
var signOAuthState = ({ organizationId, shop }) => {
|
|
88
|
+
const payload = Buffer.from(JSON.stringify({
|
|
89
|
+
exp: Date.now() + OAUTH_STATE_TTL_MS,
|
|
90
|
+
organizationId,
|
|
91
|
+
shop
|
|
92
|
+
})).toString("base64url");
|
|
93
|
+
const signature = import_crypto3.default.createHmac("sha256", process.env.SHOPIFY_API_SECRET).update(payload).digest("base64url");
|
|
94
|
+
return payload + "." + signature;
|
|
95
|
+
};
|
|
96
|
+
var verifyOAuthState = (raw) => {
|
|
97
|
+
if (!raw) return null;
|
|
98
|
+
const [payload, signature] = raw.split(".");
|
|
99
|
+
if (!payload || !signature) return null;
|
|
100
|
+
const expected = import_crypto3.default.createHmac("sha256", process.env.SHOPIFY_API_SECRET).update(payload).digest("base64url");
|
|
101
|
+
if (signature.length !== expected.length) return null;
|
|
102
|
+
const valid = import_crypto3.default.timingSafeEqual(
|
|
103
|
+
Buffer.from(signature),
|
|
104
|
+
Buffer.from(expected)
|
|
105
|
+
);
|
|
106
|
+
if (!valid) return null;
|
|
107
|
+
let parsed;
|
|
108
|
+
try {
|
|
109
|
+
parsed = JSON.parse(Buffer.from(payload, "base64url").toString());
|
|
110
|
+
} catch {
|
|
111
|
+
return null;
|
|
112
|
+
}
|
|
113
|
+
;
|
|
114
|
+
if (!(parsed == null ? void 0 : parsed.exp) || parsed.exp < Date.now()) return null;
|
|
115
|
+
return parsed;
|
|
116
|
+
};
|
|
117
|
+
var verifyOAuthCallbackHmac = ({ hmac, rawQuery }) => {
|
|
118
|
+
const message = (rawQuery || "").split("&").filter((pair) => !pair.startsWith("hmac=")).sort((a, b) => {
|
|
119
|
+
const nameA = a.split("=")[0];
|
|
120
|
+
const nameB = b.split("=")[0];
|
|
121
|
+
return nameA < nameB ? -1 : nameA > nameB ? 1 : 0;
|
|
122
|
+
}).join("&");
|
|
123
|
+
const digest = import_crypto3.default.createHmac("sha256", process.env.SHOPIFY_API_SECRET).update(message).digest("hex");
|
|
124
|
+
const digestBuf = Buffer.from(digest);
|
|
125
|
+
const hmacBuf = Buffer.from(hmac || "");
|
|
126
|
+
return digestBuf.length === hmacBuf.length && import_crypto3.default.timingSafeEqual(digestBuf, hmacBuf);
|
|
127
|
+
};
|
|
82
128
|
var shopifyOAuthFetch = async (url, body) => {
|
|
83
129
|
const response = await fetch(url, {
|
|
84
130
|
method: "POST",
|
|
@@ -199,5 +245,8 @@ var getAdminToken = async ({ connection, controller }) => {
|
|
|
199
245
|
getAdminToken,
|
|
200
246
|
ping,
|
|
201
247
|
refreshAdminToken,
|
|
202
|
-
resolveConnectionSettings
|
|
248
|
+
resolveConnectionSettings,
|
|
249
|
+
signOAuthState,
|
|
250
|
+
verifyOAuthCallbackHmac,
|
|
251
|
+
verifyOAuthState
|
|
203
252
|
});
|
package/dist/shopify.d.cts
CHANGED
|
@@ -1,10 +1,100 @@
|
|
|
1
|
+
import crypto from 'crypto';
|
|
1
2
|
import { decrypt, encrypt } from './encrypt.cjs';
|
|
2
|
-
import 'crypto';
|
|
3
3
|
import './token.cjs';
|
|
4
4
|
|
|
5
5
|
const SHOPIFY_ADMIN_API_VERSION = '2025-01';
|
|
6
6
|
const REFRESH_TOKEN_LIFETIME_MS = 90 * 24 * 60 * 60 * 1000;
|
|
7
7
|
const ACCESS_TOKEN_REFRESH_BUFFER_MS = 5 * 60 * 1000;
|
|
8
|
+
const OAUTH_STATE_TTL_MS = 5 * 60 * 1000;
|
|
9
|
+
|
|
10
|
+
const signOAuthState = ({ organizationId, shop }) => {
|
|
11
|
+
|
|
12
|
+
const payload = Buffer.from( JSON.stringify({
|
|
13
|
+
exp : Date.now() + OAUTH_STATE_TTL_MS,
|
|
14
|
+
organizationId,
|
|
15
|
+
shop
|
|
16
|
+
}) ).toString( 'base64url' );
|
|
17
|
+
|
|
18
|
+
const signature = crypto
|
|
19
|
+
.createHmac( 'sha256', process.env.SHOPIFY_API_SECRET )
|
|
20
|
+
.update( payload )
|
|
21
|
+
.digest( 'base64url' );
|
|
22
|
+
|
|
23
|
+
return payload + '.' + signature;
|
|
24
|
+
|
|
25
|
+
};
|
|
26
|
+
|
|
27
|
+
const verifyOAuthState = ( raw ) => {
|
|
28
|
+
|
|
29
|
+
if( ! raw ) return null;
|
|
30
|
+
|
|
31
|
+
const [ payload, signature ] = raw.split( '.' );
|
|
32
|
+
|
|
33
|
+
if( ! payload || ! signature ) return null;
|
|
34
|
+
|
|
35
|
+
const expected = crypto
|
|
36
|
+
.createHmac( 'sha256', process.env.SHOPIFY_API_SECRET )
|
|
37
|
+
.update( payload )
|
|
38
|
+
.digest( 'base64url' );
|
|
39
|
+
|
|
40
|
+
if( signature.length !== expected.length ) return null;
|
|
41
|
+
|
|
42
|
+
const valid = crypto.timingSafeEqual(
|
|
43
|
+
Buffer.from( signature ),
|
|
44
|
+
Buffer.from( expected )
|
|
45
|
+
);
|
|
46
|
+
|
|
47
|
+
if( ! valid ) return null;
|
|
48
|
+
|
|
49
|
+
let parsed;
|
|
50
|
+
|
|
51
|
+
try {
|
|
52
|
+
|
|
53
|
+
parsed = JSON.parse( Buffer.from( payload, 'base64url' ).toString() );
|
|
54
|
+
|
|
55
|
+
} catch {
|
|
56
|
+
|
|
57
|
+
return null;
|
|
58
|
+
|
|
59
|
+
}
|
|
60
|
+
if( ! parsed?.exp || parsed.exp < Date.now() ) return null;
|
|
61
|
+
|
|
62
|
+
return parsed;
|
|
63
|
+
|
|
64
|
+
};
|
|
65
|
+
|
|
66
|
+
// Verifies the HMAC Shopify includes on OAuth callback query strings. Sort by
|
|
67
|
+
// parameter NAME (not full key=value pair) per Shopify spec — matches the
|
|
68
|
+
// official @shopify/shopify-api SDK. A plain .sort() compares whole strings,
|
|
69
|
+
// which would diverge when one name is a prefix of another and the next char
|
|
70
|
+
// sorts before '=' in ASCII (e.g. `state` vs `state2`).
|
|
71
|
+
const verifyOAuthCallbackHmac = ({ hmac, rawQuery }) => {
|
|
72
|
+
|
|
73
|
+
const message = ( rawQuery || '' )
|
|
74
|
+
.split( '&' )
|
|
75
|
+
.filter( pair => ! pair.startsWith( 'hmac=' ) )
|
|
76
|
+
.sort( ( a, b ) => {
|
|
77
|
+
|
|
78
|
+
const nameA = a.split( '=' )[ 0 ];
|
|
79
|
+
const nameB = b.split( '=' )[ 0 ];
|
|
80
|
+
|
|
81
|
+
return nameA < nameB ? -1 : nameA > nameB ? 1 : 0;
|
|
82
|
+
|
|
83
|
+
})
|
|
84
|
+
.join( '&' );
|
|
85
|
+
|
|
86
|
+
const digest = crypto
|
|
87
|
+
.createHmac( 'sha256', process.env.SHOPIFY_API_SECRET )
|
|
88
|
+
.update( message )
|
|
89
|
+
.digest( 'hex' );
|
|
90
|
+
|
|
91
|
+
const digestBuf = Buffer.from( digest );
|
|
92
|
+
const hmacBuf = Buffer.from( hmac || '' );
|
|
93
|
+
|
|
94
|
+
return digestBuf.length === hmacBuf.length
|
|
95
|
+
&& crypto.timingSafeEqual( digestBuf, hmacBuf );
|
|
96
|
+
|
|
97
|
+
};
|
|
8
98
|
|
|
9
99
|
const shopifyOAuthFetch = async ( url, body ) => {
|
|
10
100
|
|
|
@@ -166,4 +256,4 @@ const getAdminToken = async ({ connection, controller }) => {
|
|
|
166
256
|
|
|
167
257
|
};
|
|
168
258
|
|
|
169
|
-
export { getAdminToken, ping, refreshAdminToken, resolveConnectionSettings };
|
|
259
|
+
export { getAdminToken, ping, refreshAdminToken, resolveConnectionSettings, signOAuthState, verifyOAuthCallbackHmac, verifyOAuthState };
|
package/dist/shopify.d.ts
CHANGED
|
@@ -1,10 +1,100 @@
|
|
|
1
|
+
import crypto from 'crypto';
|
|
1
2
|
import { decrypt, encrypt } from './encrypt.js';
|
|
2
|
-
import 'crypto';
|
|
3
3
|
import './token.js';
|
|
4
4
|
|
|
5
5
|
const SHOPIFY_ADMIN_API_VERSION = '2025-01';
|
|
6
6
|
const REFRESH_TOKEN_LIFETIME_MS = 90 * 24 * 60 * 60 * 1000;
|
|
7
7
|
const ACCESS_TOKEN_REFRESH_BUFFER_MS = 5 * 60 * 1000;
|
|
8
|
+
const OAUTH_STATE_TTL_MS = 5 * 60 * 1000;
|
|
9
|
+
|
|
10
|
+
const signOAuthState = ({ organizationId, shop }) => {
|
|
11
|
+
|
|
12
|
+
const payload = Buffer.from( JSON.stringify({
|
|
13
|
+
exp : Date.now() + OAUTH_STATE_TTL_MS,
|
|
14
|
+
organizationId,
|
|
15
|
+
shop
|
|
16
|
+
}) ).toString( 'base64url' );
|
|
17
|
+
|
|
18
|
+
const signature = crypto
|
|
19
|
+
.createHmac( 'sha256', process.env.SHOPIFY_API_SECRET )
|
|
20
|
+
.update( payload )
|
|
21
|
+
.digest( 'base64url' );
|
|
22
|
+
|
|
23
|
+
return payload + '.' + signature;
|
|
24
|
+
|
|
25
|
+
};
|
|
26
|
+
|
|
27
|
+
const verifyOAuthState = ( raw ) => {
|
|
28
|
+
|
|
29
|
+
if( ! raw ) return null;
|
|
30
|
+
|
|
31
|
+
const [ payload, signature ] = raw.split( '.' );
|
|
32
|
+
|
|
33
|
+
if( ! payload || ! signature ) return null;
|
|
34
|
+
|
|
35
|
+
const expected = crypto
|
|
36
|
+
.createHmac( 'sha256', process.env.SHOPIFY_API_SECRET )
|
|
37
|
+
.update( payload )
|
|
38
|
+
.digest( 'base64url' );
|
|
39
|
+
|
|
40
|
+
if( signature.length !== expected.length ) return null;
|
|
41
|
+
|
|
42
|
+
const valid = crypto.timingSafeEqual(
|
|
43
|
+
Buffer.from( signature ),
|
|
44
|
+
Buffer.from( expected )
|
|
45
|
+
);
|
|
46
|
+
|
|
47
|
+
if( ! valid ) return null;
|
|
48
|
+
|
|
49
|
+
let parsed;
|
|
50
|
+
|
|
51
|
+
try {
|
|
52
|
+
|
|
53
|
+
parsed = JSON.parse( Buffer.from( payload, 'base64url' ).toString() );
|
|
54
|
+
|
|
55
|
+
} catch {
|
|
56
|
+
|
|
57
|
+
return null;
|
|
58
|
+
|
|
59
|
+
}
|
|
60
|
+
if( ! parsed?.exp || parsed.exp < Date.now() ) return null;
|
|
61
|
+
|
|
62
|
+
return parsed;
|
|
63
|
+
|
|
64
|
+
};
|
|
65
|
+
|
|
66
|
+
// Verifies the HMAC Shopify includes on OAuth callback query strings. Sort by
|
|
67
|
+
// parameter NAME (not full key=value pair) per Shopify spec — matches the
|
|
68
|
+
// official @shopify/shopify-api SDK. A plain .sort() compares whole strings,
|
|
69
|
+
// which would diverge when one name is a prefix of another and the next char
|
|
70
|
+
// sorts before '=' in ASCII (e.g. `state` vs `state2`).
|
|
71
|
+
const verifyOAuthCallbackHmac = ({ hmac, rawQuery }) => {
|
|
72
|
+
|
|
73
|
+
const message = ( rawQuery || '' )
|
|
74
|
+
.split( '&' )
|
|
75
|
+
.filter( pair => ! pair.startsWith( 'hmac=' ) )
|
|
76
|
+
.sort( ( a, b ) => {
|
|
77
|
+
|
|
78
|
+
const nameA = a.split( '=' )[ 0 ];
|
|
79
|
+
const nameB = b.split( '=' )[ 0 ];
|
|
80
|
+
|
|
81
|
+
return nameA < nameB ? -1 : nameA > nameB ? 1 : 0;
|
|
82
|
+
|
|
83
|
+
})
|
|
84
|
+
.join( '&' );
|
|
85
|
+
|
|
86
|
+
const digest = crypto
|
|
87
|
+
.createHmac( 'sha256', process.env.SHOPIFY_API_SECRET )
|
|
88
|
+
.update( message )
|
|
89
|
+
.digest( 'hex' );
|
|
90
|
+
|
|
91
|
+
const digestBuf = Buffer.from( digest );
|
|
92
|
+
const hmacBuf = Buffer.from( hmac || '' );
|
|
93
|
+
|
|
94
|
+
return digestBuf.length === hmacBuf.length
|
|
95
|
+
&& crypto.timingSafeEqual( digestBuf, hmacBuf );
|
|
96
|
+
|
|
97
|
+
};
|
|
8
98
|
|
|
9
99
|
const shopifyOAuthFetch = async ( url, body ) => {
|
|
10
100
|
|
|
@@ -166,4 +256,4 @@ const getAdminToken = async ({ connection, controller }) => {
|
|
|
166
256
|
|
|
167
257
|
};
|
|
168
258
|
|
|
169
|
-
export { getAdminToken, ping, refreshAdminToken, resolveConnectionSettings };
|
|
259
|
+
export { getAdminToken, ping, refreshAdminToken, resolveConnectionSettings, signOAuthState, verifyOAuthCallbackHmac, verifyOAuthState };
|
package/dist/shopify.js
CHANGED
|
@@ -5,9 +5,52 @@ import {
|
|
|
5
5
|
import "./chunk-HOA2JHXC.js";
|
|
6
6
|
|
|
7
7
|
// shopify.js
|
|
8
|
+
import crypto from "crypto";
|
|
8
9
|
var SHOPIFY_ADMIN_API_VERSION = "2025-01";
|
|
9
10
|
var REFRESH_TOKEN_LIFETIME_MS = 90 * 24 * 60 * 60 * 1e3;
|
|
10
11
|
var ACCESS_TOKEN_REFRESH_BUFFER_MS = 5 * 60 * 1e3;
|
|
12
|
+
var OAUTH_STATE_TTL_MS = 5 * 60 * 1e3;
|
|
13
|
+
var signOAuthState = ({ organizationId, shop }) => {
|
|
14
|
+
const payload = Buffer.from(JSON.stringify({
|
|
15
|
+
exp: Date.now() + OAUTH_STATE_TTL_MS,
|
|
16
|
+
organizationId,
|
|
17
|
+
shop
|
|
18
|
+
})).toString("base64url");
|
|
19
|
+
const signature = crypto.createHmac("sha256", process.env.SHOPIFY_API_SECRET).update(payload).digest("base64url");
|
|
20
|
+
return payload + "." + signature;
|
|
21
|
+
};
|
|
22
|
+
var verifyOAuthState = (raw) => {
|
|
23
|
+
if (!raw) return null;
|
|
24
|
+
const [payload, signature] = raw.split(".");
|
|
25
|
+
if (!payload || !signature) return null;
|
|
26
|
+
const expected = crypto.createHmac("sha256", process.env.SHOPIFY_API_SECRET).update(payload).digest("base64url");
|
|
27
|
+
if (signature.length !== expected.length) return null;
|
|
28
|
+
const valid = crypto.timingSafeEqual(
|
|
29
|
+
Buffer.from(signature),
|
|
30
|
+
Buffer.from(expected)
|
|
31
|
+
);
|
|
32
|
+
if (!valid) return null;
|
|
33
|
+
let parsed;
|
|
34
|
+
try {
|
|
35
|
+
parsed = JSON.parse(Buffer.from(payload, "base64url").toString());
|
|
36
|
+
} catch {
|
|
37
|
+
return null;
|
|
38
|
+
}
|
|
39
|
+
;
|
|
40
|
+
if (!(parsed == null ? void 0 : parsed.exp) || parsed.exp < Date.now()) return null;
|
|
41
|
+
return parsed;
|
|
42
|
+
};
|
|
43
|
+
var verifyOAuthCallbackHmac = ({ hmac, rawQuery }) => {
|
|
44
|
+
const message = (rawQuery || "").split("&").filter((pair) => !pair.startsWith("hmac=")).sort((a, b) => {
|
|
45
|
+
const nameA = a.split("=")[0];
|
|
46
|
+
const nameB = b.split("=")[0];
|
|
47
|
+
return nameA < nameB ? -1 : nameA > nameB ? 1 : 0;
|
|
48
|
+
}).join("&");
|
|
49
|
+
const digest = crypto.createHmac("sha256", process.env.SHOPIFY_API_SECRET).update(message).digest("hex");
|
|
50
|
+
const digestBuf = Buffer.from(digest);
|
|
51
|
+
const hmacBuf = Buffer.from(hmac || "");
|
|
52
|
+
return digestBuf.length === hmacBuf.length && crypto.timingSafeEqual(digestBuf, hmacBuf);
|
|
53
|
+
};
|
|
11
54
|
var shopifyOAuthFetch = async (url, body) => {
|
|
12
55
|
const response = await fetch(url, {
|
|
13
56
|
method: "POST",
|
|
@@ -127,5 +170,8 @@ export {
|
|
|
127
170
|
getAdminToken,
|
|
128
171
|
ping,
|
|
129
172
|
refreshAdminToken,
|
|
130
|
-
resolveConnectionSettings
|
|
173
|
+
resolveConnectionSettings,
|
|
174
|
+
signOAuthState,
|
|
175
|
+
verifyOAuthCallbackHmac,
|
|
176
|
+
verifyOAuthState
|
|
131
177
|
};
|
package/package.json
CHANGED