From 5b75f8bb9a58b60d6b4e188635a89b99e6805e34 Mon Sep 17 00:00:00 2001 From: TylerP33 Date: Mon, 25 Mar 2024 09:50:37 -0500 Subject: [PATCH] Added refresh user token flow using httpOnly cookies --- api/controllers/dataController.js | 4 +- api/controllers/inventoryController.js | 5 +- api/node_modules/.package-lock.json | 20 ++ api/node_modules/cookie-parser/HISTORY.md | 100 +++++++ api/node_modules/cookie-parser/LICENSE | 23 ++ api/node_modules/cookie-parser/README.md | 119 ++++++++ api/node_modules/cookie-parser/index.js | 182 +++++++++++++ .../node_modules/cookie/HISTORY.md | 128 +++++++++ .../cookie-parser/node_modules/cookie/LICENSE | 24 ++ .../node_modules/cookie/README.md | 257 ++++++++++++++++++ .../node_modules/cookie/index.js | 202 ++++++++++++++ .../node_modules/cookie/package.json | 40 +++ api/node_modules/cookie-parser/package.json | 45 +++ api/package-lock.json | 37 +++ api/package.json | 1 + api/server.js | 2 + ...dToken.js => fetchEbayApplicationToken.js} | 4 +- api/utils/fetchEbayUserToken.js | 65 ++++- 18 files changed, 1249 insertions(+), 9 deletions(-) create mode 100644 api/node_modules/cookie-parser/HISTORY.md create mode 100644 api/node_modules/cookie-parser/LICENSE create mode 100644 api/node_modules/cookie-parser/README.md create mode 100644 api/node_modules/cookie-parser/index.js create mode 100644 api/node_modules/cookie-parser/node_modules/cookie/HISTORY.md create mode 100644 api/node_modules/cookie-parser/node_modules/cookie/LICENSE create mode 100644 api/node_modules/cookie-parser/node_modules/cookie/README.md create mode 100644 api/node_modules/cookie-parser/node_modules/cookie/index.js create mode 100644 api/node_modules/cookie-parser/node_modules/cookie/package.json create mode 100644 api/node_modules/cookie-parser/package.json rename api/utils/{fetchEbayReadToken.js => fetchEbayApplicationToken.js} (92%) diff --git a/api/controllers/dataController.js b/api/controllers/dataController.js index c32fe77..3ecc12d 100644 --- a/api/controllers/dataController.js +++ b/api/controllers/dataController.js @@ -1,9 +1,9 @@ import fetch from "node-fetch"; -import fetchEbayToken from "../utils/fetchEbayReadToken.js"; +import fetchEbayApplicationToken from "../utils/fetchEbayApplicationToken.js"; export const itemLookup = async (req, res) => { const productCode = req.query.productCode; - const token = await fetchEbayToken(); + const token = await fetchEbayApplicationToken(); console.log(productCode); try { const response = await fetch( diff --git a/api/controllers/inventoryController.js b/api/controllers/inventoryController.js index 8782fc0..8f45fcc 100644 --- a/api/controllers/inventoryController.js +++ b/api/controllers/inventoryController.js @@ -1,9 +1,10 @@ import fetch from "node-fetch"; +import fetchEbayUserToken from "../utils/fetchEbayUserToken.js"; export const addItem = async (req, res) => { const itemDetails = req.body; - // hardcoded user token - will be expired when we come back and we need to figure out to cache these while we make calls - const token = "v^1.1#i^1#r^0#I^3#f^0#p^3#t^H4sIAAAAAAAAAOVZf2wbVx2Pk7SsajMQm8ZageTdWjQ1Ovvdnc93PtWmTuwkLkns2E7ahA3r3d07+yXnu+vduyQeFUuDqAR/ABtqNw0mog7EJu0HYkMIKGiaQCs/CvzRAhrbXwhU1tFJFQMqpMGdk7puqrWNHVRLnBRF9+776/P96fceWNq6be+xkWP/7At8oHtlCSx1BwLMdrBt65b+O3u6d23pAk0EgZWl3Uu9yz3n9zmwqltSHjmWaTgouFjVDUeqL8Yp1zYkEzrYkQxYRY5EFKmQHBuV2BCQLNskpmLqVDCTilNQ1gRZY6CoCUgQo8BbNa7ILJpxihNjUJBhNMaLIsvEeO+747goYzgEGiROsYCN0ICj2UgRRCSWldhoSADCDBWcQraDTcMjCQEqUTdXqvPaTbbe2FToOMgmnhAqkUkOFbLJTCo9XtwXbpKVWPNDgUDiOte+DZoqCk5B3UU3VuPUqaWCqyjIcahwYlXDtUKl5BVjWjC/7mpZ9uTLHK/IoqzyKLYprhwy7SokN7bDX8EqrdVJJWQQTGo386jnDXkWKWTtbdwTkUkF/X8TLtSxhpEdp9IDyenJQjpPBQu5nG3OYxWpPlKWZ3gOiALHUgkdH3axCn03qEjH88hG6pq+VaFr3l6ncNAjxz6TExw3yQDyjEfrXcQ0ucgjyhpZO6kR37BmumjDldyMH9vVYLqkYvjhRVXPH8H6680DcSUzrubCZuUGDwVG4FXAi7yIIqipzPxabz0/En6Ikrlc2LcFybBGV6E9h4ilQwXRiudet4psrEocr7GcqCFajcY0OhLTNFrm1SjNaAgBhLzcjYn/h2lCiI1ll6BGqqz/UMcapwqKaaGcqWOlRq0nqXegtcRYdOJUhRBLCocXFhZCC1zItMthFgAmfGhstKBUUBVSDVp8c2Ia17NWQR6XgyVSszxrFr0M9JQbZSrB2WoO2qRWQLruLVzJ32tsS6xffR+Qgzr2PFD0VHQWxhHTIY1saQ2aiuaxgkpYva3I6rW+Hp0/dSNCNCpEAODbAqmbZWyMIVIxby/M6yAOZ7PDo+m2sHm9FJLOQtXoLlyRZda6UDTC00CQAGgLbNKyMtWqS6Cso0yHxTIiCJzItAXPct3bXIjXoarM1qqlwzJtE9gWNH8ESxhqEvFr3ZxDRue103x6KJ8ujJSK2U+mx9tCm0eajZxK0cfZaXmanEgeSHrPWC4KJia4KVldnJiqTh5gY6m5fmWGJdkRPCrmdK28eIAtz07P9qsH83o5yy+M8SC1COxKVogZQ1OxcjzelpMKSLFRh7WuQ7PFVKwwLCfd6XBqxEIzQ3Z2iBvlKsn+apifHF4YGJiOJIv9h7Rye+DHyp1W6Zs3bouN8vZrvaNA2quFWSK+iSXvrS2g6XLH9esoikFN5RVGRADKiOMF4PGjqOY9gqy218T98dtheIs1Hdk5V6f9AYOrlknn8ikaxkQOsIKi0TE5Kouy3B5uq+PCvFlj2fG3b5sDza/1TYPn8TueAGjhkB/YkGJWwyZ0ScVfKtWtDt4KUdjxtn+h1a2/JzlkI6iahl5rhXkDPNiY9zaMpl1rRWGDeQM8UFFM1yCtqFtj3QCH5uoa1nX/VKAVhU3sGzHTgHqNYMVpSSU2/GxzNsBiwVodoIody6+XW+L01qrIVlAIq6unja0YayNPYf1AqCWmDapsmGyYBGtYWZXhuLKj2Nh6Hyvqv+FbkdWKPxyvFjYUulWGhqr2ttdIxTZSSMm1cWeNgPrkK3mjz0H0uilI60idq9bMtpD7nu3EM5NMahM2aCk032m/ZDSNQ4BTAM2iqEpHoqxGQ1lkaE0UBBFAFXKwvaO+Fs+Jeo++9r8DzQgMw/IRhhFuFdq6habz6etuKMLX3hQmuuoPsxx4FSwHftIdCIB9YA9zP7hva89kb8+OXQ4mXueGWsjBZQMS10ahOVSzILa77+q6dPL4yOCudPbE3s8Ua7/92mtdO5ouKlceAvc2riq39TDbm+4twUevftnCfPAjfWwEcN5fhGXZ6Ay4/+rXXuae3rtfSV/+2fmdp+8qsm888Am3tnO2enkA9DWIAoEtXb3LgS7jjuTD2w+eem/bk/mnzp3dLe7cX/z7iz8fePxDf/nPlzP8U/jIr0snRm3u5I7z9719+YWLK2dPxZ/78bF/nVl4+gdfcb564tw3xd1n//xM8a+X/tSXPvPxA+PJSv9Ly+9978Ip6mVj8mLJuPPN1LeP9D134vL+778e2iP/MlV44x1zz2RRHJp46xvRcyMDya9H9n7h1bfv/ewLh09+Z8fUO/f89IHci+/ufmLuzUeOQ+Hx561zv7r4+5WFVxbyn7Ly9vCP8lrxkc/9odItRR9792/bD74u3D0IE48d/cenY5eY/eULTz/0rUcn//2yffz5C9Of/+LeB/OTxyPjp08/+7HDf+x68BdvnbnD+dIPf0O99Lsj3wX8h489fHQ1lv8FLVji00IeAAA=" + // must be called with req/res due to cookie access - cookie flow is inside fetchEbayUserToken() + const token = await fetchEbayUserToken(req, res) // Constructing the payload for the Inventory API const offerPayload = { diff --git a/api/node_modules/.package-lock.json b/api/node_modules/.package-lock.json index 7810e09..1bcf385 100644 --- a/api/node_modules/.package-lock.json +++ b/api/node_modules/.package-lock.json @@ -177,6 +177,26 @@ "node": ">= 0.6" } }, + "node_modules/cookie-parser": { + "version": "1.4.6", + "resolved": "https://registry.npmjs.org/cookie-parser/-/cookie-parser-1.4.6.tgz", + "integrity": "sha512-z3IzaNjdwUC2olLIB5/ITd0/setiaFMLYiZJle7xg5Fe9KWAceil7xszYfHHBtDFYLSgJduS2Ty0P1uJdPDJeA==", + "dependencies": { + "cookie": "0.4.1", + "cookie-signature": "1.0.6" + }, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/cookie-parser/node_modules/cookie": { + "version": "0.4.1", + "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.4.1.tgz", + "integrity": "sha512-ZwrFkGJxUR3EIoXtO+yVE69Eb7KlixbaeAWfBQB9vVsNn/o+Yw69gBWSSDK825hQNdN+wF8zELf3dFNl/kxkUA==", + "engines": { + "node": ">= 0.6" + } + }, "node_modules/cookie-signature": { "version": "1.0.6", "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz", diff --git a/api/node_modules/cookie-parser/HISTORY.md b/api/node_modules/cookie-parser/HISTORY.md new file mode 100644 index 0000000..e4073d5 --- /dev/null +++ b/api/node_modules/cookie-parser/HISTORY.md @@ -0,0 +1,100 @@ +1.4.6 / 2021-11-16 +================== + + * deps: cookie@0.4.1 + +1.4.5 / 2020-03-14 +================== + + * deps: cookie@0.4.0 + +1.4.4 / 2019-02-12 +================== + + * perf: normalize `secret` argument only once + +1.4.3 / 2016-05-26 +================== + + * deps: cookie@0.3.1 + - perf: use for loop in parse + +1.4.2 / 2016-05-20 +================== + + * deps: cookie@0.2.4 + - perf: enable strict mode + - perf: use for loop in parse + - perf: use string concatenation for serialization + +1.4.1 / 2016-01-11 +================== + + * deps: cookie@0.2.3 + * perf: enable strict mode + +1.4.0 / 2015-09-18 +================== + + * Accept array of secrets in addition to a single secret + * Fix `JSONCookie` to return `undefined` for non-string arguments + * Fix `signedCookie` to return `undefined` for non-string arguments + * deps: cookie@0.2.2 + +1.3.5 / 2015-05-19 +================== + + * deps: cookie@0.1.3 + - Slight optimizations + +1.3.4 / 2015-02-15 +================== + + * deps: cookie-signature@1.0.6 + +1.3.3 / 2014-09-05 +================== + + * deps: cookie-signature@1.0.5 + +1.3.2 / 2014-06-26 +================== + + * deps: cookie-signature@1.0.4 + - fix for timing attacks + +1.3.1 / 2014-06-17 +================== + + * actually export `signedCookie` + +1.3.0 / 2014-06-17 +================== + + * add `signedCookie` export for single cookie unsigning + +1.2.0 / 2014-06-17 +================== + + * export parsing functions + * `req.cookies` and `req.signedCookies` are now plain objects + * slightly faster parsing of many cookies + +1.1.0 / 2014-05-12 +================== + + * Support for NodeJS version 0.8 + * deps: cookie@0.1.2 + - Fix for maxAge == 0 + - made compat with expires field + - tweak maxAge NaN error message + +1.0.1 / 2014-02-20 +================== + + * add missing dependencies + +1.0.0 / 2014-02-15 +================== + + * Genesis from `connect` diff --git a/api/node_modules/cookie-parser/LICENSE b/api/node_modules/cookie-parser/LICENSE new file mode 100644 index 0000000..343f2ad --- /dev/null +++ b/api/node_modules/cookie-parser/LICENSE @@ -0,0 +1,23 @@ +(The MIT License) + +Copyright (c) 2014 TJ Holowaychuk +Copyright (c) 2015 Douglas Christopher Wilson + +Permission is hereby granted, free of charge, to any person obtaining +a copy of this software and associated documentation files (the +'Software'), to deal in the Software without restriction, including +without limitation the rights to use, copy, modify, merge, publish, +distribute, sublicense, and/or sell copies of the Software, and to +permit persons to whom the Software is furnished to do so, subject to +the following conditions: + +The above copyright notice and this permission notice shall be +included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, +EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. +IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY +CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, +TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE +SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/api/node_modules/cookie-parser/README.md b/api/node_modules/cookie-parser/README.md new file mode 100644 index 0000000..b8ecd7b --- /dev/null +++ b/api/node_modules/cookie-parser/README.md @@ -0,0 +1,119 @@ +# cookie-parser + +[![NPM Version][npm-version-image]][npm-url] +[![NPM Downloads][npm-downloads-image]][npm-url] +[![Build Status][ci-image]][ci-url] +[![Test Coverage][coveralls-image]][coveralls-url] + +Parse `Cookie` header and populate `req.cookies` with an object keyed by the +cookie names. Optionally you may enable signed cookie support by passing a +`secret` string, which assigns `req.secret` so it may be used by other +middleware. + +## Installation + +```sh +$ npm install cookie-parser +``` + +## API + +```js +var cookieParser = require('cookie-parser') +``` + +### cookieParser(secret, options) + +Create a new cookie parser middleware function using the given `secret` and +`options`. + +- `secret` a string or array used for signing cookies. This is optional and if + not specified, will not parse signed cookies. If a string is provided, this + is used as the secret. If an array is provided, an attempt will be made to + unsign the cookie with each secret in order. +- `options` an object that is passed to `cookie.parse` as the second option. See + [cookie](https://www.npmjs.org/package/cookie) for more information. + - `decode` a function to decode the value of the cookie + +The middleware will parse the `Cookie` header on the request and expose the +cookie data as the property `req.cookies` and, if a `secret` was provided, as +the property `req.signedCookies`. These properties are name value pairs of the +cookie name to cookie value. + +When `secret` is provided, this module will unsign and validate any signed cookie +values and move those name value pairs from `req.cookies` into `req.signedCookies`. +A signed cookie is a cookie that has a value prefixed with `s:`. Signed cookies +that fail signature validation will have the value `false` instead of the tampered +value. + +In addition, this module supports special "JSON cookies". These are cookie where +the value is prefixed with `j:`. When these values are encountered, the value will +be exposed as the result of `JSON.parse`. If parsing fails, the original value will +remain. + +### cookieParser.JSONCookie(str) + +Parse a cookie value as a JSON cookie. This will return the parsed JSON value +if it was a JSON cookie, otherwise, it will return the passed value. + +### cookieParser.JSONCookies(cookies) + +Given an object, this will iterate over the keys and call `JSONCookie` on each +value, replacing the original value with the parsed value. This returns the +same object that was passed in. + +### cookieParser.signedCookie(str, secret) + +Parse a cookie value as a signed cookie. This will return the parsed unsigned +value if it was a signed cookie and the signature was valid. If the value was +not signed, the original value is returned. If the value was signed but the +signature could not be validated, `false` is returned. + +The `secret` argument can be an array or string. If a string is provided, this +is used as the secret. If an array is provided, an attempt will be made to +unsign the cookie with each secret in order. + +### cookieParser.signedCookies(cookies, secret) + +Given an object, this will iterate over the keys and check if any value is a +signed cookie. If it is a signed cookie and the signature is valid, the key +will be deleted from the object and added to the new object that is returned. + +The `secret` argument can be an array or string. If a string is provided, this +is used as the secret. If an array is provided, an attempt will be made to +unsign the cookie with each secret in order. + +## Example + +```js +var express = require('express') +var cookieParser = require('cookie-parser') + +var app = express() +app.use(cookieParser()) + +app.get('/', function (req, res) { + // Cookies that have not been signed + console.log('Cookies: ', req.cookies) + + // Cookies that have been signed + console.log('Signed Cookies: ', req.signedCookies) +}) + +app.listen(8080) + +// curl command that sends an HTTP request with two cookies +// curl http://127.0.0.1:8080 --cookie "Cho=Kim;Greet=Hello" +``` + +## License + +[MIT](LICENSE) + +[ci-image]: https://badgen.net/github/checks/expressjs/cookie-parser/master?label=ci +[ci-url]: https://github.com/expressjs/cookie-parser/actions?query=workflow%3Aci +[coveralls-image]: https://badgen.net/coveralls/c/github/expressjs/cookie-parser/master +[coveralls-url]: https://coveralls.io/r/expressjs/cookie-parser?branch=master +[npm-downloads-image]: https://badgen.net/npm/dm/cookie-parser +[npm-url]: https://npmjs.org/package/cookie-parser +[npm-version-image]: https://badgen.net/npm/v/cookie-parser diff --git a/api/node_modules/cookie-parser/index.js b/api/node_modules/cookie-parser/index.js new file mode 100644 index 0000000..dd6d479 --- /dev/null +++ b/api/node_modules/cookie-parser/index.js @@ -0,0 +1,182 @@ +/*! + * cookie-parser + * Copyright(c) 2014 TJ Holowaychuk + * Copyright(c) 2015 Douglas Christopher Wilson + * MIT Licensed + */ + +'use strict' + +/** + * Module dependencies. + * @private + */ + +var cookie = require('cookie') +var signature = require('cookie-signature') + +/** + * Module exports. + * @public + */ + +module.exports = cookieParser +module.exports.JSONCookie = JSONCookie +module.exports.JSONCookies = JSONCookies +module.exports.signedCookie = signedCookie +module.exports.signedCookies = signedCookies + +/** + * Parse Cookie header and populate `req.cookies` + * with an object keyed by the cookie names. + * + * @param {string|array} [secret] A string (or array of strings) representing cookie signing secret(s). + * @param {Object} [options] + * @return {Function} + * @public + */ + +function cookieParser (secret, options) { + var secrets = !secret || Array.isArray(secret) + ? (secret || []) + : [secret] + + return function cookieParser (req, res, next) { + if (req.cookies) { + return next() + } + + var cookies = req.headers.cookie + + req.secret = secrets[0] + req.cookies = Object.create(null) + req.signedCookies = Object.create(null) + + // no cookies + if (!cookies) { + return next() + } + + req.cookies = cookie.parse(cookies, options) + + // parse signed cookies + if (secrets.length !== 0) { + req.signedCookies = signedCookies(req.cookies, secrets) + req.signedCookies = JSONCookies(req.signedCookies) + } + + // parse JSON cookies + req.cookies = JSONCookies(req.cookies) + + next() + } +} + +/** + * Parse JSON cookie string. + * + * @param {String} str + * @return {Object} Parsed object or undefined if not json cookie + * @public + */ + +function JSONCookie (str) { + if (typeof str !== 'string' || str.substr(0, 2) !== 'j:') { + return undefined + } + + try { + return JSON.parse(str.slice(2)) + } catch (err) { + return undefined + } +} + +/** + * Parse JSON cookies. + * + * @param {Object} obj + * @return {Object} + * @public + */ + +function JSONCookies (obj) { + var cookies = Object.keys(obj) + var key + var val + + for (var i = 0; i < cookies.length; i++) { + key = cookies[i] + val = JSONCookie(obj[key]) + + if (val) { + obj[key] = val + } + } + + return obj +} + +/** + * Parse a signed cookie string, return the decoded value. + * + * @param {String} str signed cookie string + * @param {string|array} secret + * @return {String} decoded value + * @public + */ + +function signedCookie (str, secret) { + if (typeof str !== 'string') { + return undefined + } + + if (str.substr(0, 2) !== 's:') { + return str + } + + var secrets = !secret || Array.isArray(secret) + ? (secret || []) + : [secret] + + for (var i = 0; i < secrets.length; i++) { + var val = signature.unsign(str.slice(2), secrets[i]) + + if (val !== false) { + return val + } + } + + return false +} + +/** + * Parse signed cookies, returning an object containing the decoded key/value + * pairs, while removing the signed key from obj. + * + * @param {Object} obj + * @param {string|array} secret + * @return {Object} + * @public + */ + +function signedCookies (obj, secret) { + var cookies = Object.keys(obj) + var dec + var key + var ret = Object.create(null) + var val + + for (var i = 0; i < cookies.length; i++) { + key = cookies[i] + val = obj[key] + dec = signedCookie(val, secret) + + if (val !== dec) { + ret[key] = dec + delete obj[key] + } + } + + return ret +} diff --git a/api/node_modules/cookie-parser/node_modules/cookie/HISTORY.md b/api/node_modules/cookie-parser/node_modules/cookie/HISTORY.md new file mode 100644 index 0000000..ce080e0 --- /dev/null +++ b/api/node_modules/cookie-parser/node_modules/cookie/HISTORY.md @@ -0,0 +1,128 @@ +0.4.1 / 2020-04-21 +================== + + * Fix `maxAge` option to reject invalid values + +0.4.0 / 2019-05-15 +================== + + * Add `SameSite=None` support + +0.3.1 / 2016-05-26 +================== + + * Fix `sameSite: true` to work with draft-7 clients + - `true` now sends `SameSite=Strict` instead of `SameSite` + +0.3.0 / 2016-05-26 +================== + + * Add `sameSite` option + - Replaces `firstPartyOnly` option, never implemented by browsers + * Improve error message when `encode` is not a function + * Improve error message when `expires` is not a `Date` + +0.2.4 / 2016-05-20 +================== + + * perf: enable strict mode + * perf: use for loop in parse + * perf: use string concatination for serialization + +0.2.3 / 2015-10-25 +================== + + * Fix cookie `Max-Age` to never be a floating point number + +0.2.2 / 2015-09-17 +================== + + * Fix regression when setting empty cookie value + - Ease the new restriction, which is just basic header-level validation + * Fix typo in invalid value errors + +0.2.1 / 2015-09-17 +================== + + * Throw on invalid values provided to `serialize` + - Ensures the resulting string is a valid HTTP header value + +0.2.0 / 2015-08-13 +================== + + * Add `firstPartyOnly` option + * Throw better error for invalid argument to parse + * perf: hoist regular expression + +0.1.5 / 2015-09-17 +================== + + * Fix regression when setting empty cookie value + - Ease the new restriction, which is just basic header-level validation + * Fix typo in invalid value errors + +0.1.4 / 2015-09-17 +================== + + * Throw better error for invalid argument to parse + * Throw on invalid values provided to `serialize` + - Ensures the resulting string is a valid HTTP header value + +0.1.3 / 2015-05-19 +================== + + * Reduce the scope of try-catch deopt + * Remove argument reassignments + +0.1.2 / 2014-04-16 +================== + + * Remove unnecessary files from npm package + +0.1.1 / 2014-02-23 +================== + + * Fix bad parse when cookie value contained a comma + * Fix support for `maxAge` of `0` + +0.1.0 / 2013-05-01 +================== + + * Add `decode` option + * Add `encode` option + +0.0.6 / 2013-04-08 +================== + + * Ignore cookie parts missing `=` + +0.0.5 / 2012-10-29 +================== + + * Return raw cookie value if value unescape errors + +0.0.4 / 2012-06-21 +================== + + * Use encode/decodeURIComponent for cookie encoding/decoding + - Improve server/client interoperability + +0.0.3 / 2012-06-06 +================== + + * Only escape special characters per the cookie RFC + +0.0.2 / 2012-06-01 +================== + + * Fix `maxAge` option to not throw error + +0.0.1 / 2012-05-28 +================== + + * Add more tests + +0.0.0 / 2012-05-28 +================== + + * Initial release diff --git a/api/node_modules/cookie-parser/node_modules/cookie/LICENSE b/api/node_modules/cookie-parser/node_modules/cookie/LICENSE new file mode 100644 index 0000000..058b6b4 --- /dev/null +++ b/api/node_modules/cookie-parser/node_modules/cookie/LICENSE @@ -0,0 +1,24 @@ +(The MIT License) + +Copyright (c) 2012-2014 Roman Shtylman +Copyright (c) 2015 Douglas Christopher Wilson + +Permission is hereby granted, free of charge, to any person obtaining +a copy of this software and associated documentation files (the +'Software'), to deal in the Software without restriction, including +without limitation the rights to use, copy, modify, merge, publish, +distribute, sublicense, and/or sell copies of the Software, and to +permit persons to whom the Software is furnished to do so, subject to +the following conditions: + +The above copyright notice and this permission notice shall be +included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, +EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. +IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY +CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, +TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE +SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + diff --git a/api/node_modules/cookie-parser/node_modules/cookie/README.md b/api/node_modules/cookie-parser/node_modules/cookie/README.md new file mode 100644 index 0000000..18b2c2c --- /dev/null +++ b/api/node_modules/cookie-parser/node_modules/cookie/README.md @@ -0,0 +1,257 @@ +# cookie + +[![NPM Version][npm-version-image]][npm-url] +[![NPM Downloads][npm-downloads-image]][npm-url] +[![Node.js Version][node-version-image]][node-version-url] +[![Build Status][travis-image]][travis-url] +[![Test Coverage][coveralls-image]][coveralls-url] + +Basic HTTP cookie parser and serializer for HTTP servers. + +## Installation + +This is a [Node.js](https://nodejs.org/en/) module available through the +[npm registry](https://www.npmjs.com/). Installation is done using the +[`npm install` command](https://docs.npmjs.com/getting-started/installing-npm-packages-locally): + +```sh +$ npm install cookie +``` + +## API + +```js +var cookie = require('cookie'); +``` + +### cookie.parse(str, options) + +Parse an HTTP `Cookie` header string and returning an object of all cookie name-value pairs. +The `str` argument is the string representing a `Cookie` header value and `options` is an +optional object containing additional parsing options. + +```js +var cookies = cookie.parse('foo=bar; equation=E%3Dmc%5E2'); +// { foo: 'bar', equation: 'E=mc^2' } +``` + +#### Options + +`cookie.parse` accepts these properties in the options object. + +##### decode + +Specifies a function that will be used to decode a cookie's value. Since the value of a cookie +has a limited character set (and must be a simple string), this function can be used to decode +a previously-encoded cookie value into a JavaScript string or other object. + +The default function is the global `decodeURIComponent`, which will decode any URL-encoded +sequences into their byte representations. + +**note** if an error is thrown from this function, the original, non-decoded cookie value will +be returned as the cookie's value. + +### cookie.serialize(name, value, options) + +Serialize a cookie name-value pair into a `Set-Cookie` header string. The `name` argument is the +name for the cookie, the `value` argument is the value to set the cookie to, and the `options` +argument is an optional object containing additional serialization options. + +```js +var setCookie = cookie.serialize('foo', 'bar'); +// foo=bar +``` + +#### Options + +`cookie.serialize` accepts these properties in the options object. + +##### domain + +Specifies the value for the [`Domain` `Set-Cookie` attribute][rfc-6265-5.2.3]. By default, no +domain is set, and most clients will consider the cookie to apply to only the current domain. + +##### encode + +Specifies a function that will be used to encode a cookie's value. Since value of a cookie +has a limited character set (and must be a simple string), this function can be used to encode +a value into a string suited for a cookie's value. + +The default function is the global `encodeURIComponent`, which will encode a JavaScript string +into UTF-8 byte sequences and then URL-encode any that fall outside of the cookie range. + +##### expires + +Specifies the `Date` object to be the value for the [`Expires` `Set-Cookie` attribute][rfc-6265-5.2.1]. +By default, no expiration is set, and most clients will consider this a "non-persistent cookie" and +will delete it on a condition like exiting a web browser application. + +**note** the [cookie storage model specification][rfc-6265-5.3] states that if both `expires` and +`maxAge` are set, then `maxAge` takes precedence, but it is possible not all clients by obey this, +so if both are set, they should point to the same date and time. + +##### httpOnly + +Specifies the `boolean` value for the [`HttpOnly` `Set-Cookie` attribute][rfc-6265-5.2.6]. When truthy, +the `HttpOnly` attribute is set, otherwise it is not. By default, the `HttpOnly` attribute is not set. + +**note** be careful when setting this to `true`, as compliant clients will not allow client-side +JavaScript to see the cookie in `document.cookie`. + +##### maxAge + +Specifies the `number` (in seconds) to be the value for the [`Max-Age` `Set-Cookie` attribute][rfc-6265-5.2.2]. +The given number will be converted to an integer by rounding down. By default, no maximum age is set. + +**note** the [cookie storage model specification][rfc-6265-5.3] states that if both `expires` and +`maxAge` are set, then `maxAge` takes precedence, but it is possible not all clients by obey this, +so if both are set, they should point to the same date and time. + +##### path + +Specifies the value for the [`Path` `Set-Cookie` attribute][rfc-6265-5.2.4]. By default, the path +is considered the ["default path"][rfc-6265-5.1.4]. + +##### sameSite + +Specifies the `boolean` or `string` to be the value for the [`SameSite` `Set-Cookie` attribute][rfc-6265bis-03-4.1.2.7]. + + - `true` will set the `SameSite` attribute to `Strict` for strict same site enforcement. + - `false` will not set the `SameSite` attribute. + - `'lax'` will set the `SameSite` attribute to `Lax` for lax same site enforcement. + - `'none'` will set the `SameSite` attribute to `None` for an explicit cross-site cookie. + - `'strict'` will set the `SameSite` attribute to `Strict` for strict same site enforcement. + +More information about the different enforcement levels can be found in +[the specification][rfc-6265bis-03-4.1.2.7]. + +**note** This is an attribute that has not yet been fully standardized, and may change in the future. +This also means many clients may ignore this attribute until they understand it. + +##### secure + +Specifies the `boolean` value for the [`Secure` `Set-Cookie` attribute][rfc-6265-5.2.5]. When truthy, +the `Secure` attribute is set, otherwise it is not. By default, the `Secure` attribute is not set. + +**note** be careful when setting this to `true`, as compliant clients will not send the cookie back to +the server in the future if the browser does not have an HTTPS connection. + +## Example + +The following example uses this module in conjunction with the Node.js core HTTP server +to prompt a user for their name and display it back on future visits. + +```js +var cookie = require('cookie'); +var escapeHtml = require('escape-html'); +var http = require('http'); +var url = require('url'); + +function onRequest(req, res) { + // Parse the query string + var query = url.parse(req.url, true, true).query; + + if (query && query.name) { + // Set a new cookie with the name + res.setHeader('Set-Cookie', cookie.serialize('name', String(query.name), { + httpOnly: true, + maxAge: 60 * 60 * 24 * 7 // 1 week + })); + + // Redirect back after setting cookie + res.statusCode = 302; + res.setHeader('Location', req.headers.referer || '/'); + res.end(); + return; + } + + // Parse the cookies on the request + var cookies = cookie.parse(req.headers.cookie || ''); + + // Get the visitor name set in the cookie + var name = cookies.name; + + res.setHeader('Content-Type', 'text/html; charset=UTF-8'); + + if (name) { + res.write('

Welcome back, ' + escapeHtml(name) + '!

'); + } else { + res.write('

Hello, new visitor!

'); + } + + res.write('
'); + res.write(' '); + res.end('
'); +} + +http.createServer(onRequest).listen(3000); +``` + +## Testing + +```sh +$ npm test +``` + +## Benchmark + +``` +$ npm run bench + +> cookie@0.3.1 bench cookie +> node benchmark/index.js + + http_parser@2.8.0 + node@6.14.2 + v8@5.1.281.111 + uv@1.16.1 + zlib@1.2.11 + ares@1.10.1-DEV + icu@58.2 + modules@48 + napi@3 + openssl@1.0.2o + +> node benchmark/parse.js + + cookie.parse + + 6 tests completed. + + simple x 1,200,691 ops/sec ±1.12% (189 runs sampled) + decode x 1,012,994 ops/sec ±0.97% (186 runs sampled) + unquote x 1,074,174 ops/sec ±2.43% (186 runs sampled) + duplicates x 438,424 ops/sec ±2.17% (184 runs sampled) + 10 cookies x 147,154 ops/sec ±1.01% (186 runs sampled) + 100 cookies x 14,274 ops/sec ±1.07% (187 runs sampled) +``` + +## References + +- [RFC 6265: HTTP State Management Mechanism][rfc-6265] +- [Same-site Cookies][rfc-6265bis-03-4.1.2.7] + +[rfc-6265bis-03-4.1.2.7]: https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-03#section-4.1.2.7 +[rfc-6265]: https://tools.ietf.org/html/rfc6265 +[rfc-6265-5.1.4]: https://tools.ietf.org/html/rfc6265#section-5.1.4 +[rfc-6265-5.2.1]: https://tools.ietf.org/html/rfc6265#section-5.2.1 +[rfc-6265-5.2.2]: https://tools.ietf.org/html/rfc6265#section-5.2.2 +[rfc-6265-5.2.3]: https://tools.ietf.org/html/rfc6265#section-5.2.3 +[rfc-6265-5.2.4]: https://tools.ietf.org/html/rfc6265#section-5.2.4 +[rfc-6265-5.2.5]: https://tools.ietf.org/html/rfc6265#section-5.2.5 +[rfc-6265-5.2.6]: https://tools.ietf.org/html/rfc6265#section-5.2.6 +[rfc-6265-5.3]: https://tools.ietf.org/html/rfc6265#section-5.3 + +## License + +[MIT](LICENSE) + +[coveralls-image]: https://badgen.net/coveralls/c/github/jshttp/cookie/master +[coveralls-url]: https://coveralls.io/r/jshttp/cookie?branch=master +[node-version-image]: https://badgen.net/npm/node/cookie +[node-version-url]: https://nodejs.org/en/download +[npm-downloads-image]: https://badgen.net/npm/dm/cookie +[npm-url]: https://npmjs.org/package/cookie +[npm-version-image]: https://badgen.net/npm/v/cookie +[travis-image]: https://badgen.net/travis/jshttp/cookie/master +[travis-url]: https://travis-ci.org/jshttp/cookie diff --git a/api/node_modules/cookie-parser/node_modules/cookie/index.js b/api/node_modules/cookie-parser/node_modules/cookie/index.js new file mode 100644 index 0000000..760f32e --- /dev/null +++ b/api/node_modules/cookie-parser/node_modules/cookie/index.js @@ -0,0 +1,202 @@ +/*! + * cookie + * Copyright(c) 2012-2014 Roman Shtylman + * Copyright(c) 2015 Douglas Christopher Wilson + * MIT Licensed + */ + +'use strict'; + +/** + * Module exports. + * @public + */ + +exports.parse = parse; +exports.serialize = serialize; + +/** + * Module variables. + * @private + */ + +var decode = decodeURIComponent; +var encode = encodeURIComponent; +var pairSplitRegExp = /; */; + +/** + * RegExp to match field-content in RFC 7230 sec 3.2 + * + * field-content = field-vchar [ 1*( SP / HTAB ) field-vchar ] + * field-vchar = VCHAR / obs-text + * obs-text = %x80-FF + */ + +var fieldContentRegExp = /^[\u0009\u0020-\u007e\u0080-\u00ff]+$/; + +/** + * Parse a cookie header. + * + * Parse the given cookie header string into an object + * The object has the various cookies as keys(names) => values + * + * @param {string} str + * @param {object} [options] + * @return {object} + * @public + */ + +function parse(str, options) { + if (typeof str !== 'string') { + throw new TypeError('argument str must be a string'); + } + + var obj = {} + var opt = options || {}; + var pairs = str.split(pairSplitRegExp); + var dec = opt.decode || decode; + + for (var i = 0; i < pairs.length; i++) { + var pair = pairs[i]; + var eq_idx = pair.indexOf('='); + + // skip things that don't look like key=value + if (eq_idx < 0) { + continue; + } + + var key = pair.substr(0, eq_idx).trim() + var val = pair.substr(++eq_idx, pair.length).trim(); + + // quoted values + if ('"' == val[0]) { + val = val.slice(1, -1); + } + + // only assign once + if (undefined == obj[key]) { + obj[key] = tryDecode(val, dec); + } + } + + return obj; +} + +/** + * Serialize data into a cookie header. + * + * Serialize the a name value pair into a cookie string suitable for + * http headers. An optional options object specified cookie parameters. + * + * serialize('foo', 'bar', { httpOnly: true }) + * => "foo=bar; httpOnly" + * + * @param {string} name + * @param {string} val + * @param {object} [options] + * @return {string} + * @public + */ + +function serialize(name, val, options) { + var opt = options || {}; + var enc = opt.encode || encode; + + if (typeof enc !== 'function') { + throw new TypeError('option encode is invalid'); + } + + if (!fieldContentRegExp.test(name)) { + throw new TypeError('argument name is invalid'); + } + + var value = enc(val); + + if (value && !fieldContentRegExp.test(value)) { + throw new TypeError('argument val is invalid'); + } + + var str = name + '=' + value; + + if (null != opt.maxAge) { + var maxAge = opt.maxAge - 0; + + if (isNaN(maxAge) || !isFinite(maxAge)) { + throw new TypeError('option maxAge is invalid') + } + + str += '; Max-Age=' + Math.floor(maxAge); + } + + if (opt.domain) { + if (!fieldContentRegExp.test(opt.domain)) { + throw new TypeError('option domain is invalid'); + } + + str += '; Domain=' + opt.domain; + } + + if (opt.path) { + if (!fieldContentRegExp.test(opt.path)) { + throw new TypeError('option path is invalid'); + } + + str += '; Path=' + opt.path; + } + + if (opt.expires) { + if (typeof opt.expires.toUTCString !== 'function') { + throw new TypeError('option expires is invalid'); + } + + str += '; Expires=' + opt.expires.toUTCString(); + } + + if (opt.httpOnly) { + str += '; HttpOnly'; + } + + if (opt.secure) { + str += '; Secure'; + } + + if (opt.sameSite) { + var sameSite = typeof opt.sameSite === 'string' + ? opt.sameSite.toLowerCase() : opt.sameSite; + + switch (sameSite) { + case true: + str += '; SameSite=Strict'; + break; + case 'lax': + str += '; SameSite=Lax'; + break; + case 'strict': + str += '; SameSite=Strict'; + break; + case 'none': + str += '; SameSite=None'; + break; + default: + throw new TypeError('option sameSite is invalid'); + } + } + + return str; +} + +/** + * Try decoding a string using a decoding function. + * + * @param {string} str + * @param {function} decode + * @private + */ + +function tryDecode(str, decode) { + try { + return decode(str); + } catch (e) { + return str; + } +} diff --git a/api/node_modules/cookie-parser/node_modules/cookie/package.json b/api/node_modules/cookie-parser/node_modules/cookie/package.json new file mode 100644 index 0000000..1ae8eb6 --- /dev/null +++ b/api/node_modules/cookie-parser/node_modules/cookie/package.json @@ -0,0 +1,40 @@ +{ + "name": "cookie", + "description": "HTTP server cookie parsing and serialization", + "version": "0.4.1", + "author": "Roman Shtylman ", + "contributors": [ + "Douglas Christopher Wilson " + ], + "license": "MIT", + "keywords": [ + "cookie", + "cookies" + ], + "repository": "jshttp/cookie", + "devDependencies": { + "beautify-benchmark": "0.2.4", + "benchmark": "2.1.4", + "eslint": "6.8.0", + "eslint-plugin-markdown": "1.0.2", + "mocha": "7.1.1", + "nyc": "15.0.1" + }, + "files": [ + "HISTORY.md", + "LICENSE", + "README.md", + "index.js" + ], + "engines": { + "node": ">= 0.6" + }, + "scripts": { + "bench": "node benchmark/index.js", + "lint": "eslint --plugin markdown --ext js,md .", + "test": "mocha --reporter spec --bail --check-leaks --ui qunit test/", + "test-ci": "nyc --reporter=text npm test", + "test-cov": "nyc --reporter=html --reporter=text npm test", + "version": "node scripts/version-history.js && git add HISTORY.md" + } +} diff --git a/api/node_modules/cookie-parser/package.json b/api/node_modules/cookie-parser/package.json new file mode 100644 index 0000000..4efac17 --- /dev/null +++ b/api/node_modules/cookie-parser/package.json @@ -0,0 +1,45 @@ +{ + "name": "cookie-parser", + "description": "Parse HTTP request cookies", + "version": "1.4.6", + "author": "TJ Holowaychuk (http://tjholowaychuk.com)", + "contributors": [ + "Douglas Christopher Wilson " + ], + "license": "MIT", + "repository": "expressjs/cookie-parser", + "keywords": [ + "cookie", + "middleware" + ], + "dependencies": { + "cookie": "0.4.1", + "cookie-signature": "1.0.6" + }, + "devDependencies": { + "eslint": "7.32.0", + "eslint-config-standard": "14.1.1", + "eslint-plugin-import": "2.25.2", + "eslint-plugin-markdown": "2.2.1", + "eslint-plugin-node": "11.1.0", + "eslint-plugin-promise": "4.3.1", + "eslint-plugin-standard": "4.1.0", + "mocha": "9.1.3", + "nyc": "15.1.0", + "supertest": "6.1.6" + }, + "files": [ + "LICENSE", + "HISTORY.md", + "index.js" + ], + "engines": { + "node": ">= 0.8.0" + }, + "scripts": { + "lint": "eslint .", + "test": "mocha --reporter spec --bail --check-leaks test/", + "test-ci": "nyc --reporter=lcov --reporter=text npm test", + "test-cov": "nyc --reporter=html --reporter=text npm test" + } +} diff --git a/api/package-lock.json b/api/package-lock.json index e01e3ac..687ed8d 100644 --- a/api/package-lock.json +++ b/api/package-lock.json @@ -5,6 +5,7 @@ "packages": { "": { "dependencies": { + "cookie-parser": "^1.4.6", "cors": "^2.8.5", "dotenv": "^16.4.5", "express": "^4.19.0", @@ -186,6 +187,26 @@ "node": ">= 0.6" } }, + "node_modules/cookie-parser": { + "version": "1.4.6", + "resolved": "https://registry.npmjs.org/cookie-parser/-/cookie-parser-1.4.6.tgz", + "integrity": "sha512-z3IzaNjdwUC2olLIB5/ITd0/setiaFMLYiZJle7xg5Fe9KWAceil7xszYfHHBtDFYLSgJduS2Ty0P1uJdPDJeA==", + "dependencies": { + "cookie": "0.4.1", + "cookie-signature": "1.0.6" + }, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/cookie-parser/node_modules/cookie": { + "version": "0.4.1", + "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.4.1.tgz", + "integrity": "sha512-ZwrFkGJxUR3EIoXtO+yVE69Eb7KlixbaeAWfBQB9vVsNn/o+Yw69gBWSSDK825hQNdN+wF8zELf3dFNl/kxkUA==", + "engines": { + "node": ">= 0.6" + } + }, "node_modules/cookie-signature": { "version": "1.0.6", "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz", @@ -1244,6 +1265,22 @@ "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.6.0.tgz", "integrity": "sha512-U71cyTamuh1CRNCfpGY6to28lxvNwPG4Guz/EVjgf3Jmzv0vlDp1atT9eS5dDjMYHucpHbWns6Lwf3BKz6svdw==" }, + "cookie-parser": { + "version": "1.4.6", + "resolved": "https://registry.npmjs.org/cookie-parser/-/cookie-parser-1.4.6.tgz", + "integrity": "sha512-z3IzaNjdwUC2olLIB5/ITd0/setiaFMLYiZJle7xg5Fe9KWAceil7xszYfHHBtDFYLSgJduS2Ty0P1uJdPDJeA==", + "requires": { + "cookie": "0.4.1", + "cookie-signature": "1.0.6" + }, + "dependencies": { + "cookie": { + "version": "0.4.1", + "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.4.1.tgz", + "integrity": "sha512-ZwrFkGJxUR3EIoXtO+yVE69Eb7KlixbaeAWfBQB9vVsNn/o+Yw69gBWSSDK825hQNdN+wF8zELf3dFNl/kxkUA==" + } + } + }, "cookie-signature": { "version": "1.0.6", "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz", diff --git a/api/package.json b/api/package.json index 3c66b9a..3128d2f 100644 --- a/api/package.json +++ b/api/package.json @@ -1,6 +1,7 @@ { "type": "module", "dependencies": { + "cookie-parser": "^1.4.6", "cors": "^2.8.5", "dotenv": "^16.4.5", "express": "^4.19.0", diff --git a/api/server.js b/api/server.js index d9b5ec4..b5ca359 100644 --- a/api/server.js +++ b/api/server.js @@ -4,6 +4,7 @@ import cors from "cors"; import dotenv from "dotenv"; import dataRoutes from "./routes/dataRoutes.js"; import inventoryRoutes from "./routes/inventoryRoutes.js"; +import cookieParser from 'cookie-parser'; dotenv.config(); @@ -11,6 +12,7 @@ const app = express(); app.use(cors()); app.use(express.json()); +app.use(cookieParser()); app.use("/api/data", dataRoutes); app.use("/api/inventory", inventoryRoutes); diff --git a/api/utils/fetchEbayReadToken.js b/api/utils/fetchEbayApplicationToken.js similarity index 92% rename from api/utils/fetchEbayReadToken.js rename to api/utils/fetchEbayApplicationToken.js index 017535e..69d2b83 100644 --- a/api/utils/fetchEbayReadToken.js +++ b/api/utils/fetchEbayApplicationToken.js @@ -1,7 +1,7 @@ // Need to figoure out expiration and make sure to cycle this appropriately to avoid unnecessary calls import fetch from "node-fetch"; -const fetchEbayToken = async () => { +const fetchEbayApplicationToken = async () => { const ebayClientId = process.env.EBAY_CLIENT_ID; const ebayClientSecret = process.env.EBAY_CLIENT_SECRET; const credentials = Buffer.from( @@ -37,4 +37,4 @@ const fetchEbayToken = async () => { } }; -export default fetchEbayToken; +export default fetchEbayApplicationToken; diff --git a/api/utils/fetchEbayUserToken.js b/api/utils/fetchEbayUserToken.js index dec943a..323f553 100644 --- a/api/utils/fetchEbayUserToken.js +++ b/api/utils/fetchEbayUserToken.js @@ -1,7 +1,66 @@ import fetch from "node-fetch"; -const fetchEbayUserToken = async (authorizationCode) => { - // this is where we will use our refresh token and cycle our user tokens +const fetchEbayUserToken = async (req, res) => { + const ebayClientId = process.env.EBAY_CLIENT_ID; + const ebayClientSecret = process.env.EBAY_CLIENT_SECRET; + const refreshToken = process.env.EBAY_REFRESH_TOKEN; // This is retrieved from a manual process + const credentials = Buffer.from(`${ebayClientId}:${ebayClientSecret}`).toString("base64"); + const scopes = encodeURIComponent([ + "https://api.ebay.com/oauth/api_scope", + "https://api.ebay.com/oauth/api_scope/sell.marketing.readonly", + "https://api.ebay.com/oauth/api_scope/sell.marketing", + "https://api.ebay.com/oauth/api_scope/sell.inventory.readonly", + "https://api.ebay.com/oauth/api_scope/sell.inventory", + "https://api.ebay.com/oauth/api_scope/sell.account.readonly", + "https://api.ebay.com/oauth/api_scope/sell.account", + "https://api.ebay.com/oauth/api_scope/sell.fulfillment.readonly", + "https://api.ebay.com/oauth/api_scope/sell.fulfillment", + "https://api.ebay.com/oauth/api_scope/sell.analytics.readonly", + "https://api.ebay.com/oauth/api_scope/sell.finances", + "https://api.ebay.com/oauth/api_scope/sell.payment.dispute", + "https://api.ebay.com/oauth/api_scope/commerce.identity.readonly", + "https://api.ebay.com/oauth/api_scope/sell.reputation", + "https://api.ebay.com/oauth/api_scope/sell.reputation.readonly", + "https://api.ebay.com/oauth/api_scope/commerce.notification.subscription", + "https://api.ebay.com/oauth/api_scope/commerce.notification.subscription.readonly", + "https://api.ebay.com/oauth/api_scope/sell.stores", + "https://api.ebay.com/oauth/api_scope/sell.stores.readonly" + ].join(' ')); + + const token = req.cookies.ebayUserToken; + const tokenExpiry = req.cookies.ebayUserTokenExpiry ? new Date(req.cookies.ebayUserTokenExpiry) : null; + + // Check if the token exists and is not expired + if (token && tokenExpiry && new Date() < tokenExpiry) { + return token; // Token is valid, use it + } + + try { + const response = await fetch("https://api.ebay.com/identity/v1/oauth2/token", { + method: "POST", + headers: { + "Content-Type": "application/x-www-form-urlencoded", + "Authorization": `Basic ${credentials}`, + }, + body: `grant_type=refresh_token&refresh_token=${refreshToken}&scope=${scopes}`, + }); + + if (!response.ok) { + const errorBody = await response.text(); + throw new Error(`Failed to fetch eBay user token: ${response.status} ${response.statusText} - ${errorBody}`); + } + + const data = await response.json(); + const expiryDuration = 1.92 * 60 * 60 * 1000; // 1 hour 55 minutes in milliseconds + + // Store the new token in an HTTP-only cookie + res.cookie('ebayUserToken', data.access_token, { httpOnly: true, maxAge: expiryDuration }); + + return data.access_token; + } catch (error) { + console.error("Error fetching eBay user token:", error); + throw error; + } }; -export default fetchEbayUserToken; +export default fetchEbayUserToken \ No newline at end of file