nestjs-shopify-auth

nestjs-shopify-auth

An OAuth setup for NestJS using Shopify's [shopify-node-api] package. Allows for online and offline auth using this module. Also adds a GraphQL proxy so you can use online tokens to proxy your GraphQL requests to Shopify, without exposing your Shopify Admin access token to the frontend.

Installation

Install package using NPM:

npm install @shopify/shopify-api nestjs-shopify-auth

or using Yarn:

yarn add @shopify/shopify-api nestjs-shopify-auth

Make sure you have your Shopify context initialized, as required in @shopify/shopify-api. You can use the following package to do this is a neat way in NestJS that I've developed as well:

npm install shopify-nestjs-api

See usage: https://github.com/tolgap/shopify-nestjs-api .

Usage

From any module, import the ShopifyAuthModule using registerOnlineAuthAsync and/or registerOfflineAuthAsync:

// app.module.ts
@Module({
  imports: [
    ShopifyAuthModule.registerOnlineAuthAsync({
      useFactory: () => ({
        basePath: 'user',
      }),
    }),
  ],
})
export class AppModule {}

You can provide an injectable that can handle the redirection or any other setup you want after an offline or online auth was successful:

// my-shopify-auth.handler.ts
@Injectable()
export class MyShopifyAuthHandler implements ShopifyAuthAfterHandler {
  async afterAuth(req: Request, res: Response, session: SessionInterface) {
    // implement your logic after a successful auth.
    // you can check `session.isOnline` to see if it was an online auth or offline auth.
  }
}

and provide and inject it to your ShopifyAuthModule:

// app.module.ts
import { MyShopifyAuthHandler } from './my-shopify-auth.handler';

@Module({
  imports: [
    ShopifyAuthModule.registerOnlineAuthAsync({
      useFactory: (afterAuthHandler: MyShopifyAuthHandler) => ({
        basePath: 'user',
        afterAuthHandler,
      }),
      provide: [MyShopifyAuthHandler]
      inject: [MyShopifyAuthHandler],
    }),
  ],
})
export class AppModule {}

You can also use useClass and useExisting to register the ShopifyAuthModule. You can even register both auth modes using the same Module:

// app.module.ts
import { MyShopifyAuthHandler } from './my-shopify-auth.handler';

@Module({
  imports: [
    ShopifyAuthModule.registerOnlineAuthAsync({
      useFactory: (afterAuthHandler: MyShopifyAuthHandler) => ({
        basePath: 'user',
        afterAuthHandler,
      }),
      provide: [MyShopifyAuthHandler]
      inject: [MyShopifyAuthHandler],
    }),
    ShopifyAuthModule.registerOfflineAuthAsync({
      useFactory: (afterAuthHandler: MyShopifyAuthHandler) => ({
        basePath: 'shop',
        afterAuthHandler,
      }),
      provide: [MyShopifyAuthHandler]
      inject: [MyShopifyAuthHandler],
    }),
  ],
})
export class AppModule {}

Now, if you want to install an App and store the offline access token in your DB, or Redis, or whatever storage you prefer, just visit /shop/auth?shop=<yourshopname>.myshopify.com. And if you want to create short-lived online access token, for instance, to only perform one-off requests to Shopify Admin GraphQL, you can visit /user/auth?shop=<yourshopname>.myshopify.com.

Authentication

When ShopifyAuthModule is setup, you can use @UseShopifyAuth() to require online or offline session in Controllers or specific routes. Example:

import { AccessMode } from '@shopify/shopify-api';
import { Controller, Get } from '@nestjs/common';

@UseShopifyAuth(AccessMode.Online)
@Controller()
export class AppController {
  @Get('online-route')
  hello() {
    return 'you are using online auth!';
  }

  @Get('offline-route')
  // Overriding the controller access mode:
  @UseShopifyAuth(AccessMode.Offline)
  offline() {
    return 'you are using offline auth!';
  }
}

GraphQL proxy

This module automatically attaches a GraphQL endpoint to /graphql if you register online auth. You will need valid online auth tokens to make use of it.