Gathering detailed insights and metrics for @blendededge/simple-koa-shopify-auth
Gathering detailed insights and metrics for @blendededge/simple-koa-shopify-auth
An unofficial, simplified version of the @Shopify/koa-shopify-auth middleware library.
Installations
npm install @blendededge/simple-koa-shopify-authDeveloper Guide
BETA
Typescript
Yes
Module System
CommonJS
Node Version
14.19.1
NPM Version
9.2.0
Score
69.5
Supply Chain
97
Quality
72.8
Maintenance
50
Vulnerability
98.6
License
Releases
16
Contributors
3
Unable to fetch Contributors
Languages
1
TypeScript
TypeScript (100%)
Developer
TheSecurityDev
Download Statistics
Total Downloads
773
Last Day
1
Last Week
1
Last Month
7
Last Year
84
GitHub Statistics
25 Stars
59 Commits
6 Forks
4 Watching
1 Branches
3 Contributors
Bundle Size
8.17 kB
Minified
2.75 kB
Minified + Gzipped
Maintainers
1
Package Meta Information
Latest Version
2.1.12
Package Id
@blendededge/simple-koa-shopify-auth@2.1.12
Unpacked Size
167.71 kB
Size
39.26 kB
File Count
16
NPM Version
9.2.0
Node Version
14.19.1
Publised On
20 Feb 2023
Total Downloads
Cumulative downloads
Total Downloads
773
Last day
0%
1
Compared to previous day
Last week
-66.7%
1
Compared to previous week
Last month
-12.5%
7
Compared to previous month
Last year
-87.8%
84
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Peer Dependencies
1
Dev Dependencies
2
Versions
simple-koa-shopify-auth
https://www.npmjs.com/package/simple-koa-shopify-auth
NOTE: This package is not maintained by or affiliated with Shopify.
Description:
A better, simplified version of the (no longer supported) @Shopify/koa-shopify-auth middleware library. It removes the use of cookies for sessions (which greatly smooths the auth process by requiring fewer redirects in some cases), replaces a deprecated API call, and supports v5 of the official @shopify/shopify-api package.
Installation:
npm i simple-koa-shopify-auth
Requirements:
This package assumes you have @shopify/shopify-api v5 already installed. If you are on a lower version you will need to upgrade to the latest version with npm i @shopify/shopify-api@latest.
WARNING:
Please check the changelog to see all the changes, and update your code accordingly.
Usage:
The usage is very similar to @Shopify/koa-shopify-auth (which you should check for more examples), but there are a few differences, so it isn't a drop-in replacement.
Import the middleware functions (ES6 syntax):
1import { createShopifyAuth, verifyRequest } from "simple-koa-shopify-auth";
Importing differs slightly from the official library in that the createShopifyAuth function is not a default import here, and has been renamed.
Using verifyRequest for verifying session token on routes:
NOTE:
If the session is invalid it will return a 401 Unauthorized status code, that you can handle on the client side. This is a breaking change from the official library, which returns 403 Forbidden.
For requests, create the middleware like this:
1// For requests from the frontend, we want to return headers, so we can check if we need to reauth on the client side 2const verifyApiRequest = verifyRequest({ returnHeader: true }); 3const verifyPageRequest = verifyRequest();
The verifyRequest middleware function only accepts the following parameters (default values shown):
NOTE: These parameters differ from the ones in the official library.
1{ 2 accessMode: "online", // The access mode of the token to check 3 authRoute: "/auth", // Where to redirect if the session is invalid 4 returnHeader: false, // If true, set headers instead of redirecting if session is invalid 5}
For more help on how to use the middleware functions, check the examples from the official library.
Registering middleware for handling auth routes:
The createShopifyAuth middleware function only accepts the following parameters (default values shown):
NOTE: These parameters differ from the ones in the official library.
1{ 2 accessMode: "online", // What kind of token we want to fetch 3 authPath: "/auth", // The path to handle the request on 4 async afterAuth(ctx) { } // Callback function after auth is completed (the token is available at ctx.state.shopify) 5}
This is a simple example that you can use to help understand how to implement it.
1const server = new Koa(); 2 3// Installation route (get offline, permanent access token) 4server.use( 5 createShopifyAuth({ 6 accessMode: "offline", 7 authPath: "/install/auth", 8 async afterAuth(ctx) { 9 const { shop, accessToken } = ctx.state.shopify; 10 const { host } = ctx.query; 11 if (!accessToken) { 12 // This can happen if the browser interferes with the auth flow 13 ctx.response.status = 500; 14 ctx.response.body = "Failed to get access token! Please try again."; 15 return; 16 } 17 // Redirect to user auth endpoint, to get user's online token 18 ctx.redirect(`/auth?shop=${shop}&host=${host}`); 19 }, 20 }) 21); 22 23// User auth route (get online session token) 24server.use( 25 createShopifyAuth({ 26 accessMode: "online", 27 authPath: "/auth", 28 async afterAuth(ctx) { 29 const { shop } = ctx.state.shopify; 30 const { host } = ctx.query; 31 // Check if the app is installed 32 // NOTE: You can replace with your own function to check if the shop is installed, or you can just remove it, but this is an extra check that can help prevent auth issues 33 if (isShopActive(shop)) { 34 // Redirect to app 35 ctx.redirect(`/?shop=${shop}&host=${host}`); 36 } else { 37 // Redirect to installation endpoint to get permanent access token 38 ctx.redirect(`/install/auth/?shop=${shop}&host=${host}`); 39 } 40 }, 41 }) 42);
No vulnerabilities found.
No security vulnerabilities found.