I'm trying to post discount codes to a user's shop using the reverse engineering instructions shown here http://ma.rtin.so/reverse-engineering-shopify-private-apis (instructions are in PHP)
The first step is properly logging into the users account so I can grab information from the response. Am I doing this step correctly? I feel like I'm missing something to do with tokens, but its hard for me to understand the PHP code given in the instructions.
I am receiving a response without an error status code from the login function but I still don't know if this means I'm doing it correctly. Thanks for any help.
Node.js Discount Creation Controller (Please look at login function but included the whole thing in case)
use strict';
var request = require('request');
var cookie = require('cookie');
var USER_AGENT = 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.57 Safari/537.17';
var login = function(req, res, cb) {
req.url = 'https://' + req.body.name + '.myshopify.com';
var post_data = {
'utf8': '✓',
'redirect': '',
'subdomain': req.body.name,
'login': req.body.email,
'password': req.body.pwd
}
var headers = {
'User-Agent': USER_AGENT,
'Content-Type': 'application/x-www-form-urlencoded'
};
var url = req.url + '/admin/auth/login';
request.post({ url: url, form: post_data, headers: headers }, function(err, response, body) {
if (err) 'ERROR LOGGING IN';
else {
if (response.statusCode !== 200) throw 'ERROR LOGGING IN';
console.log('Login response headers:', response.headers);
var shopCookies = response.headers['set-cookie'];
var j = request.jar();
for (var i = 0; i < shopCookies.length; i++) {
var cookie = request.cookie(shopCookies[i]);
j.setCookie(cookie, url);
}
req.cookie_string = j.getCookieString(url);
if (cb !== undefined) cb(req, res);
}
});
};
var setCoupons = function(req, res) {
var url = req.url + '/admin/discounts/new';
var headers = {
'User-Agent': USER_AGENT,
'Content-Type': 'application/x-www-form-urlencoded',
'Cookie': req.cookie_string
};
request.get({ url: url, headers: headers }, function(err, response, body) {
if (err) throw 'Problem setting coupons';
var value = response.body.match(/name="authenticity_token" value=".*"/i)[0];
var index = value.indexOf('value="');
value = (value.substring(index + 7, value.length - 1));
var count = parseInt(req.body.amount) + 1;
var checkCount = count;
var codes = [];
for (var i = 1; i < count; i++) {
var post_data = {
utf8: '✓',
authenticity_token: value,
discount: {
code: req.body.code + "_" + i,
discount_type: req.body.discount_type,
value: parseInt(req.body.value),
applies_to_resource: '',
starts_at: '2016-04-10'
},
'unlimited-uses': '',
discount_never_expires: ''
}
codes.push(post_data.discount);
var url = req.url + '/admin/discounts';
request.post({ url: url, form: post_data, headers: headers }, function(err, response, body) {
checkCount--;
if (checkCount < 2) {
res.send(codes);
}
});
}
});
};
export function create(req, res) {
login(req, res, setCoupons);
}
Discount codes are only available to Shopify Plus customers.
The API however is available now: https://docs.shopify.com/api/reference/discount
Also rather than using Shopify Plus it would be possible to create your own Discount code engine as an app and apply discounts to sales orders.
Related
I am just trying to upload a file from the browser through Node.js/Next.js to S3, and busboy is not emitting the file event.
Here is my FE code essentially:
Upload.prototype.to = function(options, fn){
// TODO: x-browser
var path;
if (typeof options == 'string') {
path = options;
options = {};
} else {
path = options.path;
}
var self = this;
fn = fn || function(){};
var req = this.req = new XMLHttpRequest;
req.open('POST', path);
req.onload = this.onload.bind(this);
req.onerror = this.onerror.bind(this);
req.upload.onprogress = this.onprogress.bind(this);
req.onreadystatechange = function(){
if (4 == req.readyState) {
var type = req.status / 100 | 0;
if (2 == type) return fn(null, req);
var err = new Error(req.statusText + ': ' + req.response);
err.status = req.status;
fn(err);
}
};
var key, headers = options.headers || {};
for (key in headers) {
req.setRequestHeader(key, headers[key]);
}
var body = new FormData;
body.append(options.name || 'file', this.file);
var data = options.data || {};
for (key in data) {
body.append(key, data[key]);
}
req.send(body);
};
All that's doing is making the request to /api/<path> with the file name for the selected jpeg I am trying to upload. This is what I receive in the server request body:
body: '------WebKitFormBoundaryWbaXO8J6c8aI7Q4B\r\n' +
'Content-Disposition: form-data; name="file"; filename="1-profile.jpg"\r\n' +
'Content-Type: image/jpeg\r\n' +
'\r\n' +
'����\x00\x10JFIF...
The headers include these:
connection: 'keep-alive',
'content-length': '41079',
pragma: 'no-cache',
'cache-control': 'no-cache',
'content-type': 'multipart/form-data; boundary=----WebKitFormBoundaryWbaXO87Kc9aI2Q4B',
accept: '*/*',
origin: 'http://localhost:3000',
My server code looks like this:
import fetchId from '../../../../utils/get-next-id-from-pg'
import Busboy from 'busboy'
import s3 from 'initializers/s3'
export default async function(req, res) {
if (req.method === 'POST') {
const id = await fetchId('image')
return new Promise((resolve, rej) => {
const busboy = new Busboy({ headers: req.headers });
busboy.on('field', function(fieldname, val, fieldnameTruncated, valTruncated, encoding, mimetype) {
console.log('Field [' + fieldname + ']: value: ' + inspect(val));
})
busboy.on('file', function(fieldname, file, filename, encoding, mimetype) {
console.log('params')
const params = {
Bucket: 'mybucket123',
Key: id,
Body: file
}
s3.upload(params, (err, data) => {
console.log('s3', err, data)
res.setHeader('Connection', 'close');
res.status(200).json({ records: [ { id } ]})
resolve()
})
})
busboy.on('finish', function() {
console.log('finish')
})
req.pipe(busboy);
})
} else {
res.writeHead(405, { 'content-type': 'text/plain' });
res.end("Method not allowed. Send a POST request.");
return;
}
}
It logs finish and that's it, it doesn't log either file or field. What am I missing here? It doesn't log params inside of the on('file') handler, or any of the s3 stuff. I am starting to dig into the busboy source code but is there any better way? What am I doing wrong, or what is a library that works with Next.js?
I am using Next.js and dotenv, could that be causing weird issues?
Hooray I figured it out, add this to the Next.js route:
export const config = {
api: {
bodyParser: false,
},
}
https://nextjs.org/docs/api-routes/api-middlewares#custom-config
I wish to upload files in the form of a stream into Azure Storage but I don't want to use Azure SDK instead I want to do it in a more generic way using REST API and not BlobServiceClient.
Is there a way to do so?
The reference links for the same can be found here:
https://learn.microsoft.com/en-us/azure/storage/common/storage-samples-javascript?toc=/azure/storage/blobs/toc.json#blob-samples
https://github.com/Azure/azure-sdk-for-js/blob/master/sdk/storage/storage-blob/samples/javascript/advanced.js#L74
But the links mentioned here propose a solution using Azure SDK. I want to do it without Azure SDK
Here's the code:
const CryptoJS = require("crypto-js");
const request = require("request");
const fs = require("fs");
const account = process.env.ACCOUNT_NAME || "";
const key = process.env.ACCOUNT_KEY || "";
const containerName = "demo";
const blobName = "dummyfile.txt";
var strTime = new Date().toUTCString();
// read file to Stream
var filePath = `${__dirname}/README.md`;
const readStream = fs.createReadStream(filePath);
var stat = fs.statSync(filePath);
string_params = {
verb: "PUT",
"Content-Encoding": "",
"Content-Language": "",
"Content-Length": stat.size,
"Content-MD5": "",
"Content-Type": "application/octet-stream",
Date: "",
"If-Modified-Since": "",
"If-Match": "",
"If-None-Match": "",
"If-Unmodified-Since": "",
Range: "",
CanonicalizedHeaders:
"x-ms-blob-type:BlockBlob\nx-ms-date:" +
strTime +
"\nx-ms-version:" +
"2020-04-08\n",
CanonicalizedResource: `/${account}/${containerName}/${blobName}`,
};
var strToSign = `${string_params["verb"]}\n${string_params["Content-Encoding"]}\n${string_params["Content-Language"]}\n${string_params["Content-Length"]}\n${string_params["Content-MD5"]}\n${string_params["Content-Type"]}\n${string_params["Date"]}\n${string_params["If-Modified-Since"]}\n${string_params["If-Match"]}\n${string_params["If-None-Match"]}\n${string_params["If-Unmodified-Since"]}\n${string_params["Range"]}\n${string_params["CanonicalizedHeaders"]}${string_params["CanonicalizedResource"]}`;
var secret = CryptoJS.enc.Base64.parse(key);
var hash = CryptoJS.HmacSHA256(strToSign, secret);
var hashInBase64 = CryptoJS.enc.Base64.stringify(hash);
var auth = `SharedKey ${account}:` + hashInBase64;
const options = {
url: `https://${account}.blob.core.windows.net/${containerName}/${blobName}`,
headers: {
Authorization: auth,
"x-ms-blob-type": "BlockBlob",
"x-ms-date": strTime,
"x-ms-version": "2020-04-08",
"Content-Type": "application/octet-stream",
"Content-Length": stat.size,
},
body: readStream,
};
function callback(error, response, body) {
console.log(response.statusCode);
console.log(response.statusMessage);
if (!error && response.statusCode == 200) {
console.log(error);
console.log(response);
console.log(body);
}
}
request.put(options, callback);
The error which I am getting is:
TypeError: Cannot read property 'statusCode' of undefined
Edit: The problem was solved by Pamela's code + the issue I found was there's was an error in initializing .env variables.
You could use Put Blob Rest API to upload a stream. There is a sample using node.js.
const CryptoJS = require("crypto-js");
const request = require("request");
const fs = require('fs');
const account = "account-name";
const key = "account-key";
var strTime = new Date().toUTCString();
var filePath = 'your-file-path';
const readStream = fs.createReadStream(filePath);
var stat = fs.statSync(filePath);
string_params = {
'verb': 'PUT',
'Content-Encoding': '',
'Content-Language': '',
'Content-Length': stat.size,
'Content-MD5': '',
'Content-Type': 'application/octet-stream',
'Date': '',
'If-Modified-Since': '',
'If-Match': '',
'If-None-Match': '',
'If-Unmodified-Since': '',
'Range': '',
'CanonicalizedHeaders': 'x-ms-blob-type:BlockBlob\nx-ms-date:' + strTime + '\nx-ms-version:' + '2020-04-08\n',
'CanonicalizedResource': `/${account}/containername/myblob`
}
var strToSign = `${string_params['verb']}\n${string_params['Content-Encoding']}\n${string_params['Content-Language']}\n${string_params['Content-Length']}\n${string_params['Content-MD5']}\n${string_params['Content-Type']}\n${string_params['Date']}\n${string_params['If-Modified-Since']}\n${string_params['If-Match']}\n${string_params['If-None-Match']}\n${string_params['If-Unmodified-Since']}\n${string_params['Range']}\n${string_params['CanonicalizedHeaders']}${string_params['CanonicalizedResource']}`
console.log(strToSign);
var secret = CryptoJS.enc.Base64.parse(key);
var hash = CryptoJS.HmacSHA256(strToSign, secret);
var hashInBase64 = CryptoJS.enc.Base64.stringify(hash);
var auth = `SharedKey ${account}:` + hashInBase64;
console.log(auth)
const options = {
url: `https://${account}.blob.core.windows.net/containername/myblob`,
headers: {
Authorization: auth,
'x-ms-blob-type': 'BlockBlob',
"x-ms-date": strTime,
"x-ms-version": "2020-04-08",
'Content-Type': "application/octet-stream",
'Content-Length': stat.size
},
body: readStream
};
function callback(error, response, body) {
console.log(response.statusCode);
console.log(response.statusMessage);
if (!error && response.statusCode == 200) {
console.log(error);
console.log(response);
console.log(body);
}
}
request.put(options, callback);
You can try using Azure REST API for the Blob Operations. You can find REST API's for Blob here - Operations on Blob
The question is how are you going to handle stream upload at runtime. Azure SDK supports the stream upload. However in case of REST API, you'll need to handle that by yourself.
Uploading stream or parallel data you'll need some wrapper around this REST API Calls to achieve that
Hope you find this useful.
my server can't find the api's that i created in api directory. it leads to 500 internal server.
I have checked routes.js but i see that everything is right. i have an error.js file for file handling. Here's my code.
'use strict';
let router = require('express').Router();
// Middleware
let middleware = require('./controllers/middleware');
router.use(middleware.doSomethingInteresting);
// Tasks
let tasks = require('./controllers/tasks');
let createkeypairs = require('./controllers/createkeypairs');
let importaddress = require('./controllers/importaddress');
let getwalletinfo = require('./controllers/getwalletinfo');
router.get('/tasks', tasks.findAll2);
router.get('/createkeypairs', createkeypairs.findAll);
router.get('/importaddress', importaddress.findAll);
router.get('/getwalletinfo', getwalletinfo.findAll);
router.post('/buggyroute', tasks.buggyRoute);
// Error Handling
let errors = require('./controllers/errors');
router.use(errors.errorHandler);
// Request was not picked up by a route, send 404
router.use(errors.nullRoute);
// Export the router
module.exports = router;
now showing you my createkeypairs.js
'use strict';
let errors = require('./errors.js');
var request = require("request");
var options = { method: 'POST',
url: '127.0.0.1:18332',
headers:
{ 'Authorization': 'Basic bXVsdGljaGFpbnJwYzpHTmJ5enJhMnlHRjN4Ymp1cnluRTFucTlnV1ExRXV3OTFpYVBqSkt5TkJxdA==',
'cache-control': 'no-cache',
'Cache-Control': 'no-cache',
'Content-Type': 'application/json' },
body: { method: 'createkeypairs', params: [], chain_name: 'tokenchain' },
json: true };
exports.findAll = (req, res, next) => {
// Simulate task list, normally this would be retrieved from a database
let createkeypairs ;
request(options, function (error, response, body) {
if (error) throw new Error(error);
console.log("working here ");
// res.json(body);
});
};
exports.buggyRoute = (req, res, next) => {
// Simulate a custom error
next(errors.newHttpError(400, 'bad request'));
};
I think the problem is in createkeypair file.
Try this code once for your createkeypairs.js:
'use strict';
let errors = require('./errors.js');
var request = require("request");
let config = require('config');
var auth = 'Basic ' + Buffer.from(config.user + ':' + config.pass).toString('base64');
var url = config.url;
var chain = config.chain;
var options = { method: 'POST',
url: url,
headers:
{ 'cache-control': 'no-cache',
Authorization : auth,
'Content-Type': 'application/json' },
body: { method: 'importaddress', params: ["address"], chain_name: chain },
json: true };
exports.findAll = (req, res, next) => {
// Simulate task list, normally this would be retrieved from a database
let createkeypairs ;
request(options, function (error, response, body) {
if (error) throw new Error(error);
console.log(body);
res.json(body);
});
};
exports.buggyRoute = (req, res, next) => {
// Simulate a custom error
next(errors.newHttpError(400, 'bad request'));
};
Do tell me if it works or not.
I have an external API endpoint that uses basic authentication that I'm trying to find a specific key and/or value of from the JSON response.
Results:
hrefsOnly returns an array with two items.
[
"https://192.168.254.133/api/json/v2/types/volumes/1",
"https://192.168.254.133/api/json/v2/types/volumes/3"
]
Calling hrefsOnly[1] shows the following JSON response:
{ "content": {
"ancestor-vol-name": null,
"small-io-alerts": "disabled",
"last-refreshed-from-obj-name": null,
"small-iops": "0",
"wr-latency": "1738",
"obj-severity": "information"
}}
volumeInfo is undefined in my code is below:
const express = require('express');
const app = express();
const request = require("request");
const bodyParser = require('body-parser');
const auth = 'YWRtaW46WHRyZW0xMA==';
//Get Volume api endpoint values
var getVols = {
method: 'GET',
url: 'https://192.168.254.133/api/json/v2/types/volumes/',
headers:
{
'cache-control': 'no-cache',
Accept: 'application/json',
'Content-Type': 'application/json',
Authorization: `Basic ${auth}`
}
};
//Get above api endpoint data
var volsData = {
method: 'GET',
url: 'https://192.168.254.133/api/json/v2/types/volumes/1',
headers:
{
'cache-control': 'no-cache',
Accept: 'application/json',
'Content-Type': 'application/json',
Authorization: `Basic ${auth}`
}
};
var hrefsOnly = [];
var volumeInfo = [];
//GET request to parse hfref data only
request(getVols, function (error, response, body) {
var data = JSON.parse(body);
if (error){
console.log('error: ', error);
} else {
for(var i = 0; i < data["volumes"].length; i++){
hrefsOnly.push(data["volumes"][i].href);
}
}
});
app.get('/url', (req, res, next) => {
res.send(hrefsOnly);
});
// GET Volumes JSON response
request(volsData, function (error, response, body) {
var vols = body;
if (error){
console.log('error: ', error);
} else {
for(var elem in vols){
volumeInfo.push(vols);
}
}
});
app.get('/volume', (req, res, next) => {
console.log(volumeInfo["content"]);
res.send(volumeInfo["content"]);
});
process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0";
app.listen(3000, () => {
console.log("Server running on port 3000");
});
I expect when I visit the page localhost:3000/volume to return the content section from the API. the page shows blank though.
console.log(volumeInfo[1]) shows the JSON data, but volumeInfo[1].content is undefined. Not sure what I'm doing to get 'undefined' as the result.
You declared an array var volumeInfo = []; but you're using it as a map res.send(volumeInfo["content"]);
TTo access an element inside an array, you need an index (integer). Try with res.send(volumeInfo[0].content);
I'm working on a project and I would like to get a list of all the playlists of the logged in user on spotify. Currently I can loggin and see user info (by following the demo on spotify). Now I want to get the playlists of the user that is logged in and that is where I'm stuck.
This is the code I have:
/**
* This is an example of a basic node.js script that performs
* the Authorization Code oAuth2 flow to authenticate against
* the Spotify Accounts.
*
* For more information, read
* https://developer.spotify.com/web-api/authorization-guide/#authorization_code_flow
*/
var express = require('express'); // Express web server framework
var request = require('request'); // "Request" library
var querystring = require('querystring');
var cookieParser = require('cookie-parser');
var client_id = '2e54c888b964418588d8c274d2b9dd5e'; // Your client id
var client_secret = 'c7b15e90a3cb4891b3dbcd79ed8bcfa0'; // Your secret
var redirect_uri = 'http://localhost:8888/callback'; // Your redirect uri
/**
* Generates a random string containing numbers and letters
* #param {number} length The length of the string
* #return {string} The generated string
*/
var generateRandomString = function(length) {
var text = '';
var possible = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
for (var i = 0; i < length; i++) {
text += possible.charAt(Math.floor(Math.random() * possible.length));
}
return text;
};
var stateKey = 'spotify_auth_state';
var app = express();
app.use(express.static(__dirname + '/public'))
.use(cookieParser());
app.get('/login', function(req, res) {
var state = generateRandomString(16);
res.cookie(stateKey, state);
// your application requests authorization
var scope = 'user-read-private user-read-email';
res.redirect('https://accounts.spotify.com/authorize?' +
querystring.stringify({
response_type: 'code',
client_id: client_id,
scope: scope,
redirect_uri: redirect_uri,
state: state
}));
});
app.get('/playlists', function(req, res) {
// your application requests authorization
var scope = 'playlist-read-private';
res.redirect('https://api.spotify.com/v1/me/playlists');
});
app.get('/callback', function(req, res) {
// your application requests refresh and access tokens
// after checking the state parameter
var code = req.query.code || null;
var state = req.query.state || null;
var storedState = req.cookies ? req.cookies[stateKey] : null;
if (state === null || state !== storedState) {
res.redirect('/#' +
querystring.stringify({
error: 'state_mismatch'
}));
} else {
res.clearCookie(stateKey);
var authOptions = {
url: 'https://accounts.spotify.com/api/token',
form: {
code: code,
redirect_uri: redirect_uri,
grant_type: 'authorization_code'
},
headers: {
'Authorization': 'Basic ' + (new Buffer(client_id + ':' + client_secret).toString('base64'))
},
json: true
};
request.post(authOptions, function(error, response, body) {
if (!error && response.statusCode === 200) {
var access_token = body.access_token,
refresh_token = body.refresh_token;
var options = {
url: 'https://api.spotify.com/v1/me',
headers: { 'Authorization': 'Bearer ' + access_token },
json: true
};
// use the access token to access the Spotify Web API
request.get(options, function(error, response, body) {
console.log(body);
});
// we can also pass the token to the browser to make requests from there
res.redirect('/#' +
querystring.stringify({
access_token: access_token,
refresh_token: refresh_token
}));
} else {
res.redirect('/#' +
querystring.stringify({
error: 'invalid_token'
}));
}
});
}
});
app.get('/refresh_token', function(req, res) {
// requesting access token from refresh token
var refresh_token = req.query.refresh_token;
var authOptions = {
url: 'https://accounts.spotify.com/api/token',
headers: { 'Authorization': 'Basic ' + (new Buffer(client_id + ':' + client_secret).toString('base64')) },
form: {
grant_type: 'refresh_token',
refresh_token: refresh_token
},
json: true
};
request.post(authOptions, function(error, response, body) {
if (!error && response.statusCode === 200) {
var access_token = body.access_token;
res.send({
'access_token': access_token
});
}
});
});
console.log('Listening on 8888');
app.listen(8888);
The lines with:
app.get('/playlists', function(req, res) {
// your application requests authorization
var scope = 'playlist-read-private';
res.redirect('https://api.spotify.com/v1/me/playlists');
});
are the ones I wrote myself but I don't know how I can make it work.
Spotify API playlists endpoint requires authentication token.
Very primitive example, in those lines you can get Auth Token:
// use the access token to access the Spotify Web API
request.get(options, function(error, response, body) {
console.log(body);
token = access_token;
});
Then, your code for getting playlists:
var token = '';
app.get('/playlists', function(req, res) {
var state = generateRandomString(16);
res.cookie(stateKey, state);
// your application requests authorization
var scope = 'playlist-read-private';
res.redirect('https://api.spotify.com/v1/me/playlists?' +
querystring.stringify({
access_token: token,
token_type: 'Bearer',
response_type: 'code',
client_id: client_id,
scope: scope,
redirect_uri: redirect_uri,
state: state
}));
});
First, you visiting 'http://localhost:8888/login` for authentification, then, you going to 'http://localhost:8888/playlists' for playlists.