This module implements Guards which verifies the HMAC signature of incoming requests from Shopify:
ShopifyAuthGuard– verifies the HMAC signature of incoming Auth requests from Shopify as described in the Shopify documentation and will throw an UnauthorizedException if it is invalid.ShopifyWebhookGuard– verifies the HMAC signature of incoming Webhook requests from Shopify as described in the Shopify documentation and will throw an UnauthorizedException if it is invalid.
First install this module:
npm i -P @e-mage/nestjs-shopify-guards
Then import module into your Nestjs application and configure it with your app secret:
import { ShopifyGuardsModule } from '@e-mage/nestjs-shopify-guards';
@Module({
imports: [
ShopifyGuardsModule.register({
apiSecretKey: 'my_client_secret',
}),
],
controllers: [AppController],
providers: [AppService],
})
export class AppModule {}
And use the guards in your controller:
import { ShopifyAuthGuard, ShopifyWebhookGuard } from '@e-mage/nestjs-shopify-guards';
@Controller()
@UseGuards(ShopifyAuthGuard)
export class AppController {
// Guard will verify the HMAC signature of the request
// and will throw an UnauthorizedException if it is invalid
@UseGuards(ShopifyAuthGuard)
@Get('/auth')
getHello(): string {
return this.appService.getHello();
}
// Guard will verify the HMAC signature of the request
// and will throw an UnauthorizedException if it is invalid
@UseGuards(ShopifyWebhookGuard)
@Post('/webhook')
postHello(): string {
return this.appService.getHello();
}
}
You can change the default hmac header name or the default hmac query parameter name:
import { ShopifyGuardsModule } from '@e-mage/nestjs-shopify-guards';
@Module({
imports: [
ShopifyGuardsModule.register({
apiSecretKey: 'my_client_secret',
hmacHeaderName: 'X-My-Shopify-Hmac-Sha256',
hmacQueryParameterName: 'my-hmac',
}),
],
controllers: [AppController],
providers: [AppService],
})
export class AppModule {}
https://github.com/e-mage-gh/nestjs-shopify-guards
Leave a Reply