search

Shopify / koa-shopify-auth

DEPRECATED Middleware to authenticate a Koa application with Shopify
MIT License
80 stars 63 forks source link

verifyRequest() redirect to "/auth" when request has a valid session #135

Closed WeikunYe closed 1 year ago

WeikunYe commented 3 years ago

Issue summary

When a request has a valid session, the verifyRequest middleware is still directing to the "/auth" router rather than letting the request goes to the actual request handler function.

Expected behavior

verifyRequest middleware should allow the request with a valid session to go to the actual request handler.

Actual behavior

When I put verifyRequest on the "/api/test" route, it will redirect to "/auth". 

import Router from "koa-router";
import TestController from "../controllers/tests";
import { verifyRequest } from "@shopify/koa-shopify-auth";

const router = new Router();

router.get("/api/test", verifyRequest(), TestController.index);

export default router;

If I remove the verifyRequest middleware, I can actually log a valid session in the TestController.index

import Router from "koa-router";
import TestController from "../controllers/tests";
import { verifyRequest } from "@shopify/koa-shopify-auth";

const router = new Router();
// Without verifyRequest
router.get("/api/test", TestController.index);

export default router;
// TestController
import Shopify from "@shopify/shopify-api";

class TestController {
  async index(ctx) {
    console.log("get(test/index)");
    const session = await Shopify.Utils.loadCurrentSession(ctx.req, ctx.res);
    console.log(session);
    ctx.body = JSON.stringify(session);
    ctx.status = 200;
  }
}

export default new TestController();

And the session is

┃ {
┃   id: 'weikun-sample-dev.myshopify.com_78890828031',
┃   shop: 'weikun-sample-dev.myshopify.com',
┃   state: '746422650317799',
┃   scope: 'write_products,write_customers,write_draft_orders',
┃   expires: 2021-12-03T00:44:38.753Z,
┃   isOnline: true,
┃   accessToken: 'shpat_39e49985be00de9776817f84716xxxxxx',
┃   onlineAccessInfo: {
┃     expires_in: 86398,
┃     associated_user_scope: 'write_products,write_customers,write_draft_orders',
┃     session: null,
┃     account_number: null,
┃     associated_user: {...}
┃   }
┃ }

The request was made today(2nd Dec), and it will expire tomorrow. So, I guess this is a valid session.

Steps to reproduce the problem

It's very similar to your demo code, but I add/edit:

  router.get("/", async (ctx) => {
    console.log("get(/)");
    const shop = ctx.query.shop;
    const isInstalled = await ShopController.isInstalled(shop);
    if (!isInstalled) {
      ctx.redirect(`/auth?shop=${shop}`);
    } else {
      await handleRequest(ctx);
    }
  });
  router.post("/webhooks", async (ctx) => {
    try {
      await Shopify.Webhooks.Registry.process(ctx.req, ctx.res);
      console.log(`Webhook processed, returned status code 200`);
    } catch (error) {
      console.log(`Failed to process webhook: ${error}`);
    }
  });

  router.post(
    "/graphql",
    verifyRequest({ returnHeader: true }),
    async (ctx, next) => {
      await Shopify.Utils.graphqlProxy(ctx.req, ctx.res);
    }
  );

  router.get("(/_next/static/.*)", handleRequest); // Static content is clear
  router.get("/_next/webpack-hmr", handleRequest); // Webpack content is clear

  // Mount app's routers
  server.use(AppRouters.routes());

  // Everything else should have session and needs verifyRequest
  // Add verifyRequest here is not working as well
  router.get("(.*)", handleRequest);

  server.use(router.allowedMethods());
  server.use(router.routes());

  server.listen(port, () => {
    console.log(`> Ready on http://localhost:${port}`);
  });
github-actions[bot] commented 1 year ago

Note that this repo is no longer maintained and this issue will not be reviewed. Prefer the official JavaScript API library. If you still want to use Koa, see simple-koa-shopify-auth for a potential community solution.