search

Shopify / koa-shopify-auth

DEPRECATED Middleware to authenticate a Koa application with Shopify
MIT License
80 stars 64 forks source link

verifyRequest() not working for rest routes using fetch function. #109

Closed ketangupta34 closed 3 years ago

ketangupta34 commented 3 years ago

Issue summary

Write a short description of the issue here ↓ I am trying to create a Shopify application using the session tokens. I am using koa-router for creating a rest API route and I need to get the shop name and body content.

this is my fetch function

await fetch('/api/testRoute', {
      method: 'POST',
      headers: {
        'Content-Type': 'application/json',
      },
      body: JSON.stringify({
        message: 'Hello World',
      }),
    })
      .then((res) => res.json())
      .then((res) => {
        console.log(res);
      })
      .catch((e) => console.log(e));

this is my route

  router.post('/api/testRoute', verifyRequest(), async (ctx) => {
    console.log('CALLED');
    console.log(ctx);
    console.log(ctx.body);
    console.log(ctx.session);

    ctx.body = { status: true, message: 'Updated' };
  });

issue - If I call this route through the frontend WITHOUT verifyRequest, it works( i can get a response back) but I cannot get the shop name or body or anything else. If I add the verifyRequest() and then try I get this in the app console

Screenshot from 2021-06-18 02-17-30

How to successfully call these routes, and get shop name and body details?

Expected behavior

What do you think should happen?

Actual behavior

What actually happens?

Tip: include an error message (in a <details></details> tag) if your issue is related to an error

Steps to reproduce the problem

1. 1. 1.

Reduced test case

The best way to get your bug fixed is to provide a reduced test case.

Checklist

grallc commented 3 years ago

Hello, I got the same issue by trying to decode the session with Shopify.Utils.loadCurrentSession. The function always returns undefined as the session.

I've dug down into the different packages handling this, and the problem seems to be coming from this this file.

The session is getting correctly provided to the function loadSession as argument (in the mystore.myshopify.com_xxxx), but the loadSession function never finds the given session in the sessions array : this one seems to be empty.

I've tried with a Redis session memory, and it doesn't work neither, so I think the problem comes from the session management.

mkamalkayani commented 3 years ago

@ketangupta34 Normal fetch won't work. You have to use authenticated fetch from the @shopify/app-bridge-utilies.

import { authenticatedFetch, getSessionToken } from "@shopify/app-bridge-utils";

authenticated fetch adds an Authorization Header with a Bearer Token to the request. The verfyRequest checks the validity of this token.

Alternatively, you can also add the header yourself, 

      const token = await getSessionToken(app);
      headers["Authorization"] = `Bearer ${token}`;
ketangupta34 commented 3 years ago

@mkamalkayani Thanks for pointing it out, but i have tried this. Issue is with host not found to getSessionToken (even after following some ways on community). I went through some forums but was not able to find how its working. I will try to upgrade the packages again, see if its fixed.

ketangupta34 commented 3 years ago

This issue is more related to app-bridge-utils and its already raised https://github.com/Shopify/shopify-app-bridge/issues/48

i am gonna close it here!!!