Cosmin-Parvulescu / next-shopify-client-auth Public

Notifications You must be signed in to change notification settings
Fork 0
Star 1

An example of authenticating Shopify apps with a NextJS app using a client side encrypted token

AGPL-3.0 license

1 star 0 forks Branches Tags Activity

Notifications

Name		Name	Last commit message	Last commit date
Latest commit History 49 Commits
components		components
cryptool		cryptool
middleware		middleware
models		models
pages		pages
services		services
utils		utils
.eslintignore		.eslintignore
.eslintrc.json		.eslintrc.json
.gitignore		.gitignore
LICENSE		LICENSE
index.js		index.js
next.config.js		next.config.js
package-lock.json		package-lock.json
package.json		package.json
readme.md		readme.md
server.js		server.js

Repository files navigation

Stack

Area	Technology
PaaS	Heroku, MongoDB Atlas
Database	MongoDB
Server	Node, Koa, Next, Shopify
Client	Next, React, Polaris
Test	Jest

Environment variables

KEY	Mentions
SHOPIFY_API_KEY
SHOPIFY_API_SECRET
HOST	Host of the running system
MONGODB_CONNECTION_STRING

Development

Run npm install command
Run npm run dev command
Run ngrok to open a tunnel to your localhost
Update**.env** HOST with the ngrok host (i.e. your-ngrok-url.ngrok.io)
Configure Shopify App to allow redirect to your ngrok host (i.e. your-ngrok-url.ngrok.io/auth/callback)

Tooling

Node nodejs/node: Node.js JavaScript runtime (github.com) Koa koajs/koa: Expressive middleware for node.js using ES2017 async functions (github.com) Winston winstonjs/winston: A logger for just about anything Mongoose Automattic/mongoose: MongoDB object modeling designed to work in an asynchronous environment Koa-shopify-auth Shopify/koa-shopify-auth: Middleware to authenticate a Koa application with Shopify (github.com) Shopify-node-api Shopify/shopify-node-api: Shopify Admin API Library for Node. Accelerate development with support for authentication, graphql proxy, webhooks (github.com)

Next vercel/next.js: The React Framework (github.com) React facebook/react: A declarative, efficient, and flexible JavaScript library for building user interfaces. (github.com) Polaris Shopify/polaris-react: Shopify’s admin product component library (github.com)

Jest facebook/jest: Delightful JavaScript Testing (github.com)

ESLint eslint/eslint: Find and fix problems in your JavaScript code (github.com)

Considerations

The stack was chosen in order to facilitate an easier move to Session Tokens in the future as most apps are going with full on Shopify integration.

Uses client side cookies for authentication.

Encryption keys are mostly the SHOPIFY API KEY, which shouldn't be the case for a serious app.

Most of the code was built with a consideration for the happy flow; error cases and edge cases weren't considered all that much.

Some next steps could be

~~add linting;~~
~~fix testing;~~
~~refactorization of customer operations into a service;~~
~~refactorization of token operations into a service;~~
~~fix nasty redirect on spotify unauthorized;~~
~~turn custom cookie auth into a middleware;~~
~~add logging framework;~~
add database logging;
fix API Deprecation notice;
add more tests;
GraphQL integration for better querying;
Transformation into a Shopify Bridge app.

About

An example of authenticating Shopify apps with a NextJS app using a client side encrypted token

mongodb nextjs shopify

AGPL-3.0 license

Report repository

Languages

JavaScript 100.0%