Skip to content
This repository has been archived by the owner on Apr 11, 2024. It is now read-only.

Commit

Permalink
[WIP] - Function to authenticate flow requests
Browse files Browse the repository at this point in the history
  • Loading branch information
byrichardpowell committed Oct 24, 2023
1 parent 34f4f57 commit 0286078
Show file tree
Hide file tree
Showing 7 changed files with 213 additions and 0 deletions.
11 changes: 11 additions & 0 deletions lib/flow/index.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
import {ConfigInterface} from '../base-types';

import {validateFactory} from './validate';

export function shopifyFlow(config: ConfigInterface) {
return {
validate: validateFactory(config),
};
}

export type ShopifyFlow = ReturnType<typeof shopifyFlow>;
20 changes: 20 additions & 0 deletions lib/flow/types.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
import {AdapterArgs} from '../../runtime/types';

export interface FlowValidateParams extends AdapterArgs {
rawBody: string;
}

export enum FlowValidationErrorReason {
MissingBody = 'missing_body',
MissingHmac = 'missing_hmac',
InvalidHmac = 'invalid_hmac',
}

export interface FlowValidationInvalid {
valid: false;
reason: FlowValidationErrorReason;
}

export interface FlowValidationValid {
valid: true;
}
74 changes: 74 additions & 0 deletions lib/flow/validate.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
import {abstractConvertRequest, getHeader} from '../../runtime/http';
import {createSHA256HMAC} from '../../runtime/crypto';
import {HashFormat} from '../../runtime/crypto/types';
import {ConfigInterface} from '../base-types';
import {safeCompare} from '../auth/oauth/safe-compare';
import {logger} from '../logger';

import {
FlowValidateParams,
FlowValidationInvalid,
FlowValidationValid,
FlowValidationErrorReason,
} from './types';

export function validateFactory(config: ConfigInterface) {
return async function validate({
rawBody,
...adapterArgs
}: FlowValidateParams): Promise<FlowValidationInvalid | FlowValidationValid> {
const request = await abstractConvertRequest(adapterArgs);

if (!rawBody.length) {
fail(FlowValidationErrorReason.MissingBody, config);
}

const hmac = getHeader(request.headers, 'hmac');

if (!hmac) {
return fail(FlowValidationErrorReason.MissingHmac, config);
}

if (await hmacIsValid(config.apiSecretKey, rawBody, hmac)) {
return succeed(config);
}

return fail(FlowValidationErrorReason.InvalidHmac, config);
};
}

async function fail(
reason: FlowValidationErrorReason,
config: ConfigInterface,
): Promise<FlowValidationInvalid> {
const log = logger(config);
await log.debug('Flow request is not valid');

return {
valid: false,
reason,
};
}

async function succeed(config: ConfigInterface): Promise<FlowValidationValid> {
const log = logger(config);
await log.debug('Flow request is not valid');

return {
valid: true,
};
}

async function hmacIsValid(
secret: string,
rawBody: string,
hmac: string,
): Promise<boolean> {
const generatedHash = await createSHA256HMAC(
secret,
rawBody,
HashFormat.Base64,
);

return safeCompare(generatedHash, hmac);
}
11 changes: 11 additions & 0 deletions packages/shopify-api/lib/flow/index.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
import {ConfigInterface} from '../base-types';

import {validateFactory} from './validate';

export function shopifyFlow(config: ConfigInterface) {
return {
validate: validateFactory(config),
};
}

export type ShopifyFlow = ReturnType<typeof shopifyFlow>;
20 changes: 20 additions & 0 deletions packages/shopify-api/lib/flow/types.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
import {AdapterArgs} from '../../runtime/types';

export interface FlowValidateParams extends AdapterArgs {
rawBody: string;
}

export enum FlowValidationErrorReason {
MissingBody = 'missing_body',
MissingHmac = 'missing_hmac',
InvalidHmac = 'invalid_hmac',
}

export interface FlowValidationInvalid {
valid: false;
reason: FlowValidationErrorReason;
}

export interface FlowValidationValid {
valid: true;
}
74 changes: 74 additions & 0 deletions packages/shopify-api/lib/flow/validate.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
import {abstractConvertRequest, getHeader} from '../../runtime/http';
import {createSHA256HMAC} from '../../runtime/crypto';
import {HashFormat} from '../../runtime/crypto/types';
import {ConfigInterface} from '../base-types';
import {safeCompare} from '../auth/oauth/safe-compare';
import {logger} from '../logger';

import {
FlowValidateParams,
FlowValidationInvalid,
FlowValidationValid,
FlowValidationErrorReason,
} from './types';

export function validateFactory(config: ConfigInterface) {
return async function validate({
rawBody,
...adapterArgs
}: FlowValidateParams): Promise<FlowValidationInvalid | FlowValidationValid> {
const request = await abstractConvertRequest(adapterArgs);

if (!rawBody.length) {
fail(FlowValidationErrorReason.MissingBody, config);
}

const hmac = getHeader(request.headers, 'hmac');

if (!hmac) {
return fail(FlowValidationErrorReason.MissingHmac, config);
}

if (await hmacIsValid(config.apiSecretKey, rawBody, hmac)) {
return succeed(config);
}

return fail(FlowValidationErrorReason.InvalidHmac, config);
};
}

async function fail(
reason: FlowValidationErrorReason,
config: ConfigInterface,
): Promise<FlowValidationInvalid> {
const log = logger(config);
await log.debug('Flow request is not valid');

return {
valid: false,
reason,
};
}

async function succeed(config: ConfigInterface): Promise<FlowValidationValid> {
const log = logger(config);
await log.debug('Flow request is not valid');

return {
valid: true,
};
}

async function hmacIsValid(
secret: string,
rawBody: string,
hmac: string,
): Promise<boolean> {
const generatedHash = await createSHA256HMAC(
secret,
rawBody,
HashFormat.Base64,
);

return safeCompare(generatedHash, hmac);
}
3 changes: 3 additions & 0 deletions packages/shopify-api/lib/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ import {shopifyWebhooks, ShopifyWebhooks} from './webhooks';
import {shopifyBilling, ShopifyBilling} from './billing';
import {logger, ShopifyLogger} from './logger';
import {SHOPIFY_API_LIBRARY_VERSION} from './version';
import {ShopifyFlow, shopifyFlow} from './flow';

export * from './error';
export * from './session/classes';
Expand Down Expand Up @@ -44,6 +45,7 @@ export interface Shopify<
billing: ShopifyBilling;
logger: ShopifyLogger;
rest: Resources;
flow: ShopifyFlow;
}

export function shopifyApi<
Expand All @@ -65,6 +67,7 @@ export function shopifyApi<
billing: shopifyBilling(validatedConfig),
logger: logger(validatedConfig),
rest: {} as Resources,
flow: shopifyFlow(validatedConfig),
};

if (restResources) {
Expand Down

0 comments on commit 0286078

Please sign in to comment.