Skip to content

Commit

Permalink
update:cookies-headers-logic
Browse files Browse the repository at this point in the history
  • Loading branch information
@admirsaheta
admirsaheta committed Jun 6, 2024
1 parent e5f31b1 commit 4c19132
Show file tree
Hide file tree
Showing 2 changed files with 29 additions and 10 deletions.
33 changes: 24 additions & 9 deletions packages/apps/shopify-api/runtime/http/cookies.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -175,25 +175,40 @@ export class Cookies {
this.updateHeader();
}

private cookieExists(cookieName: string) {
return !!this.get(cookieName);

Check failure on line 179 in packages/apps/shopify-api/runtime/http/cookies.ts

View workflow job for this annotation

GitHub Actions / CI_Node_20 

use `Boolean(this.get(cookieName))` instead

Check failure on line 179 in packages/apps/shopify-api/runtime/http/cookies.ts

View workflow job for this annotation

GitHub Actions / CI_Node_20 

use `Boolean(this.get(cookieName))` instead
}

private deleteInvalidCookies(...cookieNames: string[]): void {
cookieNames.forEach((cookieName) => this.deleteCookie(cookieName));
}

async isSignedCookieValid(cookieName: string): Promise<boolean> {

Check failure on line 186 in packages/apps/shopify-api/runtime/http/cookies.ts

View workflow job for this annotation

GitHub Actions / CI_Node_20 

Member isSignedCookieValid should be declared before all private instance method definitions

Check failure on line 186 in packages/apps/shopify-api/runtime/http/cookies.ts

View workflow job for this annotation

GitHub Actions / CI_Node_20 

Member isSignedCookieValid should be declared before all private instance method definitions
const signedCookieName = `${cookieName}.sig`;
// No cookie or no signature cookie makes the cookie it invalid.
if (!this.get(cookieName) || !this.get(signedCookieName)) {
this.deleteCookie(signedCookieName);
this.deleteCookie(cookieName);
if (
!this.cookieExists(cookieName) ||
!this.cookieExists(signedCookieName)
) {
this.deleteInvalidCookies(cookieName, signedCookieName);
return false;
}
const cookieValue = this.get(cookieName);
const signature = this.get(signedCookieName);

if (!cookieValue || !signature) {
this.deleteInvalidCookies(cookieName, signedCookieName);
return false;
}

const value = this.get(cookieName)!;
const signature = this.get(signedCookieName)!;
const allCheckSignatures = await Promise.all(
this.keys.map((key) => createSHA256HMAC(key, value)),
this.keys.map((key) => createSHA256HMAC(key, cookieValue)),
);

if (!allCheckSignatures.includes(signature)) {
this.deleteCookie(signedCookieName);
this.deleteCookie(cookieName);
this.deleteInvalidCookies(cookieName, signedCookieName);
return false;
}

return true;
}
}
6 changes: 5 additions & 1 deletion packages/apps/shopify-api/runtime/http/headers.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -89,7 +89,11 @@ export function removeHeader(headers: Headers, needle: string) {
// ...
]
*/
export function flatHeaders(headers: Headers): [string, string][] {
export function flatHeaders(
headers: Headers | undefined | null,
): [string, string][] {
if (!headers) return [];

return Object.entries(headers).flatMap(([header, values]) =>
Array.isArray(values)
? values.map((value): [string, string] => [header, value])
Expand Down

0 comments on commit 4c19132

Please sign in to comment.