You're Invited: Meet the Socket team at BSidesSF and RSAC - April 27 - May 1.RSVP
Socket
Sign inDemoInstall
Socket

@shopify/shopify-api

Package Overview
Dependencies
Maintainers
19
Versions
105
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@shopify/shopify-api - npm Package Compare versions

Comparing version

to
0.3.1

4

CHANGELOG.md

@@ -12,2 +12,6 @@ # Changelog

## [0.3.1] - 2021-02-03
### Fixed
- Fixed an issue when deleting the current session for embedded apps [#88](https://github.com/shopify/shopify-node-api/pull/88)
## [0.3.0] - 2021-01-27

@@ -14,0 +18,0 @@ ### Added

@@ -48,4 +48,11 @@ import http from 'http';

getOfflineSessionId(shop: string): string;
/**
* Extracts the current session id from the request / response pair.
*
* @param request HTTP request object
* @param response HTTP response object
*/
getCurrentSessionId(request: http.IncomingMessage, response: http.ServerResponse): string | undefined;
};
export { ShopifyOAuth };
//# sourceMappingURL=oauth.d.ts.map

@@ -13,2 +13,3 @@ "use strict";

var safe_compare_1 = tslib_1.__importDefault(require("../../utils/safe-compare"));
var decode_session_token_1 = tslib_1.__importDefault(require("../../utils/decode-session-token"));
var session_1 = require("../session");

@@ -34,3 +35,3 @@ var http_client_1 = require("../../clients/http_client/http_client");

return tslib_1.__awaiter(this, void 0, void 0, function () {
var cookies, state, session, query, queryString;
var cookies, state, session, sessionStored, query, queryString;
return tslib_1.__generator(this, function (_a) {

@@ -51,3 +52,6 @@ switch (_a.label) {

case 1:
_a.sent();
sessionStored = _a.sent();
if (!sessionStored) {
throw new ShopifyErrors.SessionStorageError('OAuth Session could not be saved. Please check your session storage functionality.');
}
cookies.set(ShopifyOAuth.SESSION_COOKIE_NAME, session.id, {

@@ -84,3 +88,3 @@ signed: true,

return tslib_1.__awaiter(this, void 0, void 0, function () {
var cookies, currentSession, sessionCookie, body, postParams, client, postResponse, responseBody, access_token, scope, rest, sessionExpiration, responseBody, oauthSessionExpiration, onlineInfo, jwtSessionId, jwtSession;
var cookies, currentSession, sessionCookie, body, postParams, client, postResponse, responseBody, access_token, scope, rest, sessionExpiration, responseBody, oauthSessionExpiration, onlineInfo, jwtSessionId, jwtSession, sessionStored;
return tslib_1.__generator(this, function (_a) {

@@ -160,3 +164,6 @@ switch (_a.label) {

case 7:
_a.sent();
sessionStored = _a.sent();
if (!sessionStored) {
throw new ShopifyErrors.SessionStorageError('OAuth Session could not be saved. Please check your session storage functionality.');
}
return [2 /*return*/];

@@ -197,2 +204,28 @@ }

},
/**
* Extracts the current session id from the request / response pair.
*
* @param request HTTP request object
* @param response HTTP response object
*/
getCurrentSessionId: function (request, response) {
var currentSessionId;
if (context_1.Context.IS_EMBEDDED_APP) {
var authHeader = request.headers.authorization;
if (authHeader) {
var matches = authHeader.match(/^Bearer (.+)$/);
if (!matches) {
throw new ShopifyErrors.MissingJwtTokenError('Missing Bearer token in authorization header');
}
var jwtPayload = decode_session_token_1.default(matches[1]);
currentSessionId = this.getJwtSessionId(jwtPayload.dest.replace(/^https:\/\//, ''), jwtPayload.sub);
}
}
// We fall back to the cookie session to allow apps to load their skeleton page after OAuth, so they can set up App
// Bridge and get a new JWT.
if (!currentSessionId) {
currentSessionId = this.getCookieSessionId(request, response);
}
return currentSessionId;
},
};

@@ -199,0 +232,0 @@ exports.ShopifyOAuth = ShopifyOAuth;

@@ -5,2 +5,4 @@ "use strict";

var tslib_1 = require("tslib");
var session_1 = require("../session");
var ShopifyErrors = tslib_1.__importStar(require("../../../error"));
var CustomSessionStorage = /** @class */ (function () {

@@ -18,3 +20,9 @@ function CustomSessionStorage(storeCallback, loadCallback, deleteCallback) {

return tslib_1.__generator(this, function (_a) {
return [2 /*return*/, this.storeCallback(session)];
try {
return [2 /*return*/, this.storeCallback(session)];
}
catch (error) {
throw new ShopifyErrors.SessionStorageError("CustomSessionStorage failed to store a session. Error Details: " + error);
}
return [2 /*return*/];
});

@@ -25,4 +33,22 @@ });

return tslib_1.__awaiter(this, void 0, void 0, function () {
var result;
return tslib_1.__generator(this, function (_a) {
return [2 /*return*/, this.loadCallback(id)];
try {
result = this.loadCallback(id);
}
catch (error) {
throw new ShopifyErrors.SessionStorageError("CustomSessionStorage failed to load a session. Error Details: " + error);
}
if (result) {
if (result instanceof session_1.Session) {
return [2 /*return*/, result];
}
else {
throw new ShopifyErrors.SessionStorageError("Expected return to be instanceof Session, but received instanceof " + result.constructor.name + ".");
}
}
else {
return [2 /*return*/, undefined];
}
return [2 /*return*/];
});

@@ -34,3 +60,9 @@ });

return tslib_1.__generator(this, function (_a) {
return [2 /*return*/, this.deleteCallback(id)];
try {
return [2 /*return*/, this.deleteCallback(id)];
}
catch (error) {
throw new ShopifyErrors.SessionStorageError("CustomSessionStorage failed to delete a session. Error Details: " + error);
}
return [2 /*return*/];
});

@@ -37,0 +69,0 @@ });

4

dist/error.d.ts

@@ -41,2 +41,4 @@ declare class ShopifyError extends Error {

}
declare class SessionStorageError extends ShopifyError {
}
declare class MissingRequiredArgument extends ShopifyError {

@@ -46,3 +48,3 @@ }

}
export { ShopifyError, InvalidHmacError, InvalidShopError, InvalidJwtError, MissingJwtTokenError, SafeCompareError, HttpRequestError, HttpMaxRetriesError, HttpResponseError, HttpRetriableError, HttpInternalError, HttpThrottlingError, UninitializedContextError, InvalidOAuthError, SessionNotFound, InvalidSession, InvalidWebhookError, MissingRequiredArgument, UnsupportedClientType, };
export { ShopifyError, InvalidHmacError, InvalidShopError, InvalidJwtError, MissingJwtTokenError, SafeCompareError, HttpRequestError, HttpMaxRetriesError, HttpResponseError, HttpRetriableError, HttpInternalError, HttpThrottlingError, UninitializedContextError, InvalidOAuthError, SessionNotFound, InvalidSession, InvalidWebhookError, MissingRequiredArgument, UnsupportedClientType, SessionStorageError, };
//# sourceMappingURL=error.d.ts.map
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.UnsupportedClientType = exports.MissingRequiredArgument = exports.InvalidWebhookError = exports.InvalidSession = exports.SessionNotFound = exports.InvalidOAuthError = exports.UninitializedContextError = exports.HttpThrottlingError = exports.HttpInternalError = exports.HttpRetriableError = exports.HttpResponseError = exports.HttpMaxRetriesError = exports.HttpRequestError = exports.SafeCompareError = exports.MissingJwtTokenError = exports.InvalidJwtError = exports.InvalidShopError = exports.InvalidHmacError = exports.ShopifyError = void 0;
exports.SessionStorageError = exports.UnsupportedClientType = exports.MissingRequiredArgument = exports.InvalidWebhookError = exports.InvalidSession = exports.SessionNotFound = exports.InvalidOAuthError = exports.UninitializedContextError = exports.HttpThrottlingError = exports.HttpInternalError = exports.HttpRetriableError = exports.HttpResponseError = exports.HttpMaxRetriesError = exports.HttpRequestError = exports.SafeCompareError = exports.MissingJwtTokenError = exports.InvalidJwtError = exports.InvalidShopError = exports.InvalidHmacError = exports.ShopifyError = void 0;
var tslib_1 = require("tslib");

@@ -153,2 +153,10 @@ var ShopifyError = /** @class */ (function (_super) {

exports.InvalidWebhookError = InvalidWebhookError;
var SessionStorageError = /** @class */ (function (_super) {
tslib_1.__extends(SessionStorageError, _super);
function SessionStorageError() {
return _super !== null && _super.apply(this, arguments) || this;
}
return SessionStorageError;
}(ShopifyError));
exports.SessionStorageError = SessionStorageError;
var MissingRequiredArgument = /** @class */ (function (_super) {

@@ -155,0 +163,0 @@ tslib_1.__extends(MissingRequiredArgument, _super);

@@ -12,2 +12,3 @@ /// <reference types="node" />

getOfflineSessionId(shop: string): string;
getCurrentSessionId(request: import("http").IncomingMessage, response: import("http").ServerResponse): string | undefined;
};

@@ -14,0 +15,0 @@ Session: {

@@ -9,3 +9,3 @@ /// <reference types="node" />

*/
export default function deleteCurrentSession(req: http.IncomingMessage, res: http.ServerResponse): Promise<boolean | never>;
export default function deleteCurrentSession(request: http.IncomingMessage, response: http.ServerResponse): Promise<boolean | never>;
//# sourceMappingURL=delete-current-session.d.ts.map
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
var tslib_1 = require("tslib");
var cookies_1 = tslib_1.__importDefault(require("cookies"));
var context_1 = require("../context");
var oauth_1 = require("../auth/oauth/oauth");
var ShopifyErrors = tslib_1.__importStar(require("../error"));
var oauth_1 = require("../auth/oauth/oauth");
var decode_session_token_1 = tslib_1.__importDefault(require("./decode-session-token"));
/**

@@ -15,39 +13,12 @@ * Finds and deletes the current user's session, based on the given request and response

*/
function deleteCurrentSession(req, res) {
function deleteCurrentSession(request, response) {
return tslib_1.__awaiter(this, void 0, void 0, function () {
var authHeader, matches, jwtPayload, jwtSessionId, cookies, sessionCookie;
var sessionId;
return tslib_1.__generator(this, function (_a) {
switch (_a.label) {
case 0:
context_1.Context.throwIfUninitialized();
if (!context_1.Context.IS_EMBEDDED_APP) return [3 /*break*/, 4];
authHeader = req.headers.authorization;
if (!authHeader) return [3 /*break*/, 2];
matches = authHeader.match(/^Bearer (.+)$/);
if (!matches) {
throw new ShopifyErrors.MissingJwtTokenError('Missing Bearer token in authorization header');
}
jwtPayload = decode_session_token_1.default(matches[1]);
jwtSessionId = oauth_1.ShopifyOAuth.getJwtSessionId(jwtPayload.dest.replace(/^https:\/\//, ''), jwtPayload.sub);
return [4 /*yield*/, context_1.Context.SESSION_STORAGE.deleteSession(jwtSessionId)];
case 1:
_a.sent();
return [2 /*return*/, true];
case 2: throw new ShopifyErrors.MissingJwtTokenError('Missing authorization header');
case 3: return [3 /*break*/, 7];
case 4:
cookies = new cookies_1.default(req, res, {
secure: true,
keys: [context_1.Context.API_SECRET_KEY],
});
sessionCookie = cookies.get(oauth_1.ShopifyOAuth.SESSION_COOKIE_NAME, { signed: true });
if (!sessionCookie) return [3 /*break*/, 6];
return [4 /*yield*/, context_1.Context.SESSION_STORAGE.deleteSession(sessionCookie)];
case 5:
_a.sent();
cookies.set(oauth_1.ShopifyOAuth.SESSION_COOKIE_NAME);
return [2 /*return*/, true];
case 6: throw new ShopifyErrors.SessionNotFound('No active cookie session found.');
case 7: return [2 /*return*/];
context_1.Context.throwIfUninitialized();
sessionId = oauth_1.ShopifyOAuth.getCurrentSessionId(request, response);
if (!sessionId) {
throw new ShopifyErrors.SessionNotFound('No active session found.');
}
return [2 /*return*/, context_1.Context.SESSION_STORAGE.deleteSession(sessionId)];
});

@@ -54,0 +25,0 @@ });

@@ -5,5 +5,3 @@ "use strict";

var context_1 = require("../context");
var ShopifyErrors = tslib_1.__importStar(require("../error"));
var oauth_1 = require("../auth/oauth/oauth");
var decode_session_token_1 = tslib_1.__importDefault(require("./decode-session-token"));
/**

@@ -17,30 +15,10 @@ * Loads the current user's session, based on the given request and response.

return tslib_1.__awaiter(this, void 0, void 0, function () {
var session, authHeader, matches, jwtPayload, jwtSessionId, sessionCookie;
var sessionId;
return tslib_1.__generator(this, function (_a) {
switch (_a.label) {
case 0:
context_1.Context.throwIfUninitialized();
if (!context_1.Context.IS_EMBEDDED_APP) return [3 /*break*/, 2];
authHeader = request.headers.authorization;
if (!authHeader) return [3 /*break*/, 2];
matches = authHeader.match(/^Bearer (.+)$/);
if (!matches) {
throw new ShopifyErrors.MissingJwtTokenError('Missing Bearer token in authorization header');
}
jwtPayload = decode_session_token_1.default(matches[1]);
jwtSessionId = oauth_1.ShopifyOAuth.getJwtSessionId(jwtPayload.dest.replace(/^https:\/\//, ''), jwtPayload.sub);
return [4 /*yield*/, context_1.Context.SESSION_STORAGE.loadSession(jwtSessionId)];
case 1:
session = _a.sent();
_a.label = 2;
case 2:
if (!!session) return [3 /*break*/, 4];
sessionCookie = oauth_1.ShopifyOAuth.getCookieSessionId(request, response);
if (!sessionCookie) return [3 /*break*/, 4];
return [4 /*yield*/, context_1.Context.SESSION_STORAGE.loadSession(sessionCookie)];
case 3:
session = _a.sent();
_a.label = 4;
case 4: return [2 /*return*/, session];
context_1.Context.throwIfUninitialized();
sessionId = oauth_1.ShopifyOAuth.getCurrentSessionId(request, response);
if (!sessionId) {
return [2 /*return*/, Promise.resolve(undefined)];
}
return [2 /*return*/, context_1.Context.SESSION_STORAGE.loadSession(sessionId)];
});

@@ -47,0 +25,0 @@ });

@@ -1,2 +0,2 @@

export declare const SHOPIFY_APP_DEV_KIT_VERSION = "0.3.0";
export declare const SHOPIFY_APP_DEV_KIT_VERSION = "0.3.1";
//# sourceMappingURL=version.d.ts.map
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.SHOPIFY_APP_DEV_KIT_VERSION = void 0;
exports.SHOPIFY_APP_DEV_KIT_VERSION = '0.3.0';
exports.SHOPIFY_APP_DEV_KIT_VERSION = '0.3.1';
{
"name": "@shopify/shopify-api",
"version": "0.3.0",
"version": "0.3.1",
"description": "Shopify TypeScript API to support core API functionality (auth, graphql proxy, webhooks)",

@@ -5,0 +5,0 @@ "main": "dist/index.js",

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet