shopify-app-template-node
shopify-app-template-node copied to clipboard
Shopify
GDPR Webhook Integration
Our app was rejected by Shopify's automated submission test immediately after submission with the same reason of
App must verify the authenticity of the request from Shopify. Expected HTTP 401 (Unauthorized), but got HTTP 405 from https://8235cf20c428.ngrok.io/webhook/gdpr/shop_redact. Your app's HTTPS webhook endpoints must validate the HMAC digest of each request, and return an HTTP 401 (Unauthorized) response when rejecting a request that has an invalid digest.
Error I received
TypeError [ERR_INVALID_ARG_TYPE]: The "data" argument must be of type string or an instance of Buffer, TypedArray, or DataView. Received undefined in
at Hmac.update (internal/crypto/hash.js:84:11)
at receiveWebhookMiddleware( \node_modules@shopify\koa-shopify-webhooks\build\cjs\receive.js:32:63 )
at dispatch( \node_modules@shopify\koa-shopify-webhooks\node_modules\koa-compose\index.js:42:32 )
at bodyParser \node_modules\koa-bodyparser\index.js:95:11)
at processTicksAndRejections (internal/process/task_queues.js:95:5)
at \node_modules\koa-mount\index.js:58:5
You can check the code here. https://github.com/akeans-mgs/mgs_testing
I believe this is a question more geared towards the node api package, here is a similar issue
https://github.com/Shopify/shopify-node-api/issues/256
Hope some info in there helps
I agree that there should be a better more streamlined way in node considering it is a mandatory process for public listing, but if you're looking for a quick fix I believe something in that issue can help.
@Michael-Gibbons
https://github.com/Shopify/shopify-node-api/issues/256#issuecomment-1054152638
They said that, they haven't used koa-shopify-webhooks
My need is have to add GDPR Weebhook integration with Node + Koa Packages https://github.com/akeans-mgs/mgs_testing
Here's simple code sample
Shopify.Webhooks.Registry.addHandlers({
"CUSTOMERS_DATA_REQUEST": {
path: "/webhooks",
webhookHandler: processCustomersDataRequest,
},
"CUSTOMERS_REDACT": {
path: "/webhooks",
webhookHandler: processCustomersRedact,
},
"SHOP_REDACT": {
path: "/webhooks",
webhookHandler: processShopRedact,
},
})
// json examples here https://shopify.dev/apps/webhooks/configuration/mandatory-webhooks
export async function processCustomersDataRequest(topic: string, shop: string, body: string) {
try {
const {
shop_domain,
customer: {
id,
email,
},
orders_requested,
} = JSON.parse(body)
// log event or send an email notification
} catch (e) {
console.error(e)
}
}
export async function processCustomersRedact(topic: string, shop: string, body: string) {
try {
const {
shop_domain,
customer: {
id,
email,
},
orders_to_redact,
} = JSON.parse(body)
// log event or send an email notification
} catch (e) {
console.error(e)
}
}
export async function processShopRedact(topic: string, shop: string, body: string) {
try {
const { shop_domain } = JSON.parse(body)
// log event or send an email notification
} catch (e) {
console.error(e)
}
}
// this block of code is already present in the starter app
app.post("/webhooks", async (req, res) => {
try {
await Shopify.Webhooks.Registry.process(req, res);
console.log(`Webhook processed, returned status code 200`);
} catch (error) {
console.log(`Failed to process webhook: ${error}`);
res.status(401).send(error.message);
}
});
This issue is stale because it has been open for 60 days with no activity. It will be closed if no further action occurs in 14 days.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
We are closing this issue because it has been inactive for a few months. This probably means that it is not reproducible or it has been fixed in a newer version. If it’s an enhancement and hasn’t been taken on since it was submitted, then it seems other issues have taken priority.
If you still encounter this issue with the latest stable version, please reopen using the issue template. You can also contribute directly by submitting a pull request– see the CONTRIBUTING.md file for guidelines
Thank you!
Shopify.Webhooks.Registry.addHandlers({ "CUSTOMERS_DATA_REQUEST": { path: "/webhooks", webhookHandler: processCustomersDataRequest, }, "CUSTOMERS_REDACT": { path: "/webhooks", webhookHandler: processCustomersRedact, }, "SHOP_REDACT": { path: "/webhooks", webhookHandler: processShopRedact, }, })
@unlocomqx do we have to do HMAC validation in same or there is no need of that ?
here is my verifyWebhook code
function verifyWebhookRequest(req, res, next) { try { const generatedHash = crypto.createHmac('SHA256', apiSecret).update(JSON.stringify(req.body), 'utf8').digest('base64'); const hmac = req.get('X-Shopify-Hmac-Sha256') // Equal to 'X-Shopify-Hmac-Sha256' at time of coding console.log(hmac); console.log(shopify); const match = shopify.auth.safeCompare(generatedHash, hmac); if (!!match) { console.log('hmac verified for webhook route, proceeding'); next(); } else { console.log('Shopify hmac verification for webhook failed, aborting'); return res.status(401).json({ succeeded: false, message: 'Not Authorized' }).send(); } } catch (error) { console.log(error); return res.status(401).json({ succeeded: false, message: 'Error caught' }).send(); } }
just want some clarification in configuring it
i have made 3 functions as stated for customers data request,customers redact, shop redact and returned status 200 as i am using orders data
i also gave the particular endpoints to the app setup but while testing i didnt got anything in my console just not getting idea what i am missing
any help will be appreciated thank you
I don't remember the code very well but I think that Shopify.Webhooks.Registry.process takes care of everything for you. Check the source code to be sure.
Just give it the same endpoint, which is /webhooks, You don't need different endpoints in this example.
@unlocomqx and about the testing part do u have any idea how can i test it as i tested earlier but didnt got anything on my console there.... should i try submitting my app directly or it must be tested ?