feat(common): migrate-to-signed-payload-jwt

Author: Tyler Broadway

lib/auth.ts

@@ -7,20 +7,20 @@ import db from './db';
 const { AUTH_CALLBACK, CLIENT_ID, CLIENT_SECRET, JWT_KEY } = process.env;
 
 // Create BigCommerce instance
-// https://github.com/getconversio/node-bigcommerce
+// https://github.com/bigcommerce/node-bigcommerce/
 const bigcommerce = new BigCommerce({
     logLevel: 'info',
     clientId: CLIENT_ID,
     secret: CLIENT_SECRET,
     callback: AUTH_CALLBACK,
     responseType: 'json',
     headers: { 'Accept-Encoding': '*' },
-    apiVersion: 'v3'
+    apiVersion: 'v3',
 });
 
 const bigcommerceSigned = new BigCommerce({
     secret: CLIENT_SECRET,
-    responseType: 'json'
+    responseType: 'json',
 });
 
 export function bigcommerceClient(accessToken: string, storeHash: string) {
@@ -29,16 +29,16 @@ export function bigcommerceClient(accessToken: string, storeHash: string) {
         accessToken,
         storeHash,
         responseType: 'json',
-        apiVersion: 'v3'
+        apiVersion: 'v3',
     });
 }
 // Authorizes app on install
 export function getBCAuth(query: QueryParams) {
     return bigcommerce.authorize(query);
 }
 // Verifies app on load/ uninstall
-export function getBCVerify({ signed_payload }: QueryParams) {
-    return bigcommerceSigned.verify(signed_payload);
+export function getBCVerify({ signed_payload_jwt }: QueryParams) {
+    return bigcommerceSigned.verifyJWT(signed_payload_jwt);
 }
 
 export function setSession(session: SessionProps) {
@@ -64,7 +64,8 @@ export async function getSession({ query: { context = '' } }: NextApiRequest) {
 
 // JWT functions to sign/ verify 'context' query param from /api/auth||load
 export function encodePayload({ user, owner, ...session }: SessionProps) {
-    const context = session?.context?.split('/')[1] || '';
+    const contextString = session?.context ?? session?.sub;
+    const context = contextString.split('/')[1] || '';
 
     return jwt.sign({ context, user, owner }, JWT_KEY, { expiresIn: '24h' });
 }

lib/dbs/firebase.ts

@@ -39,7 +39,12 @@ export async function setUser({ user }: SessionProps) {
 }
 
 export async function setStore(session: SessionProps) {
-    const { access_token: accessToken, context, scope, user: { id } } = session;
+    const {
+        access_token: accessToken,
+        context,
+        scope,
+        user: { id },
+    } = session;
     // Only set on app install or update
     if (!accessToken || !scope) return null;
 
@@ -53,10 +58,17 @@ export async function setStore(session: SessionProps) {
 // User management for multi-user apps
 // Use setStoreUser for storing store specific variables
 export async function setStoreUser(session: SessionProps) {
-    const { access_token: accessToken, context, owner, user: { id: userId } } = session;
+    const {
+        access_token: accessToken,
+        context,
+        owner,
+        sub,
+        user: { id: userId },
+    } = session;
     if (!userId) return null;
 
-    const storeHash = context?.split('/')[1] || '';
+    const contextString = context ?? sub;
+    const storeHash = contextString?.split('/')[1] || '';
     const collection = db.collection('storeUsers');
     const documentId = `${userId}_${storeHash}`; // users can belong to multiple stores
     const ref = collection.doc(documentId);
@@ -79,8 +91,9 @@ export async function setStoreUser(session: SessionProps) {
     }
 }
 
-export async function deleteUser({ context, user }: SessionProps) {
-    const storeHash = context?.split('/')[1] || '';
+export async function deleteUser({ context, user, sub }: SessionProps) {
+    const contextString = context ?? sub;
+    const storeHash = contextString?.split('/')[1] || '';
     const docId = `${user?.id}_${storeHash}`;
     const storeUsersRef = db.collection('storeUsers').doc(docId);
 

lib/dbs/mysql.ts

@@ -30,10 +30,11 @@ export async function setStore(session: SessionProps) {
 
 // Use setStoreUser for storing store specific variables
 export async function setStoreUser(session: SessionProps) {
-    const { access_token: accessToken, context, owner, user: { id: userId } } = session;
+    const { access_token: accessToken, context, owner, sub, user: { id: userId } } = session;
     if (!userId) return null;
 
-    const storeHash = context?.split('/')[1] || '';
+    const contextString = context ?? sub;
+    const storeHash = contextString?.split('/')[1] || '';
     const sql = 'SELECT * FROM storeUsers WHERE userId = ? AND storeHash = ?';
     const values = [String(userId), storeHash];
     const storeUser = await query(sql, values);
@@ -55,8 +56,9 @@ export async function setStoreUser(session: SessionProps) {
     }
 }
 
-export async function deleteUser({ context, user }: SessionProps) {
-    const storeHash = context?.split('/')[1] || '';
+export async function deleteUser({ context, user, sub }: SessionProps) {
+    const contextString = context ?? sub;
+    const storeHash = contextString?.split('/')[1] || '';
     const values = [String(user?.id), storeHash];
     await query('DELETE FROM storeUsers WHERE userId = ? AND storeHash = ?', values);
 }

package-lock.json

@@ -20,7 +20,7 @@
     "jsonwebtoken": "^8.5.1",
     "mysql": "^2.18.1",
     "next": "^10.2.3",
-    "node-bigcommerce": "^4.1.0",
+    "node-bigcommerce": "bigcommerce/node-bigcommerce",
     "react": "^17.0.1",
     "react-dom": "^17.0.1",
     "styled-components": "^4.4.1",

package.json

@@ -10,6 +10,7 @@ export interface SessionProps {
     owner?: User;
     scope?: string;
     store_hash?: string;
+    sub?: string;
     timestamp?: number;
     user: User;
 }