Shopify exchange OAuth code for token and create user account
const crypto = require("crypto") | |
const querystring = require("querystring") | |
const fetch = require("isomorphic-fetch") | |
const Account = require("./models/account") | |
exports.handler = async (event, context) => { | |
const { shop, hmac, code, timestamp } = event.queryStringParameters | |
const apiKey = process.env.SHOPIFY_API_KEY | |
const apiSecret = process.env.SHOPIFY_API_SECRET | |
if (shop && hmac && code) { | |
const map = { code, shop, timestamp } | |
const message = querystring.stringify(map) | |
const providedHmac = Buffer.from(hmac, 'utf-8') | |
const generatedHash = Buffer.from( | |
crypto | |
.createHmac('sha256', apiSecret) | |
.update(message) | |
.digest('hex'), | |
'utf-8' | |
) | |
let hashEquals = false | |
try { | |
hashEquals = crypto.timingSafeEqual(generatedHash, providedHmac) | |
} catch (e) { | |
hashEquals = false | |
}; | |
if (!hashEquals) { | |
return { | |
statusCode: 400, | |
body: "HMAC validation failed" | |
} | |
} | |
const accessTokenRequestUrl = `https://${shop}/admin/oauth/access_token` | |
const accessTokenPayload = { | |
client_id: apiKey, | |
client_secret: apiSecret, | |
code, | |
} | |
const tokenRes = await fetch(accessTokenRequestUrl, { | |
method: "POST", | |
headers: { | |
"Accept": "application/json", | |
"Content-Type": "application/json" | |
}, | |
body: JSON.stringify(accessTokenPayload) | |
}) | |
const tokenJson = await tokenRes.json() | |
const acc = new Account({ | |
id: shop, | |
shopifyToken: tokenJson.access_token | |
}) | |
const { id, token } = await acc.save() | |
return { | |
statusCode: 200, | |
headers: { "Content-Type": "application/json" }, | |
body: JSON.stringify({ id, token }) | |
} | |
} else { | |
return { | |
statusCode: 400, | |
body: "Required parameters missing" | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment