First Commit

.env.example

@@ -0,0 +1,34 @@
+SHOPIFY_API_KEY="YOUR_SHOPIFY_API_KEY"
+SHOPIFY_API_SECRET="YOUR_SHOPIFY_SECRET"
+HOST="YOUR_TUNNEL_URL"
+SCOPES=write_products
+DB_NAME=
+DB_USER=
+DB_PASSWORD=
+DB_HOST=
+DB_PORT=
+STAGING_DB_NAME=
+STAGING_DB_USER=
+STAGING_DB_PASSWORD=
+STAGING_DB_HOST=
+STAGING_DB_PORT=
+PROD_DB_NAME=
+PROD_DB_USER=
+PROD_DB_PASSWORD=
+PROD_DB_HOST=
+PROD_DB_PORT=
+LOG_DB_QUERIES=true
+USE_REDIS=true
+REDIS_HOST=127.0.0.1
+REDIS_PORT=6379
+STAGING_REDIS_HOST=
+STAGING_REDIS_PORT=
+PROD_REDIS_HOST=
+PROD_REDIS_PORT=
+NODE_ENV=development
+AWS_LOG_GROUP_NAME=endor
+AWS_CLOUDWATCH_ACCESS_KEY_ID=
+AWS_CLOUDWATCH_SECRET=
+AWS_REGION=us-west-1
+LOG_LEVEL=silly
+FORCE_COLOR=1

.gitignore

@@ -0,0 +1,21 @@
+# Environment Configuration
+.env
+
+# Dependency directory
+node_modules
+
+# Test coverage directory
+coverage
+
+# Ignore Apple macOS Desktop Services Store
+.DS_Store
+
+# Logs
+logs
+*.log
+
+# ngrok tunnel file
+config/tunnel.pid
+
+# webpack build output
+dist/

.husky/pre-commit

@@ -0,0 +1,4 @@
+#!/bin/sh
+. "$(dirname "$0")/_/husky.sh"
+
+npx pretty-quick --staged

.npmrc

@@ -0,0 +1,2 @@
+engine-strict=true
+@shopify:registry=https://registry.yarnpkg.com

.sequelizerc

@@ -0,0 +1,8 @@
+import path from 'path';
+
+export default {
+  'config': path.resolve('./db', 'config/config.js'),
+  'models-path': path.resolve('./db', 'models'),
+  'migrations-path': path.resolve('./db', 'migrations'),
+  'seeders-path': path.resolve('./db', 'seeders')
+}

.shopify-cli.yml

@@ -0,0 +1,3 @@
+---
+project_type: node
+organization_id: 670938

LICENSE.md

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2018 Shopify
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

SECURITY.md

@@ -0,0 +1,59 @@
+# Security Policy
+
+## Supported versions
+
+### New features
+
+New features will only be added to the master branch and will not be made available in point releases.
+
+### Bug fixes
+
+Only the latest release series will receive bug fixes. When enough bugs are fixed and its deemed worthy to release a new gem, this is the branch it happens from.
+
+### Security issues
+
+Only the latest release series will receive patches and new versions in case of a security issue.
+
+### Severe security issues
+
+For severe security issues we will provide new versions as above, and also the last major release series will receive patches and new versions. The classification of the security issue is judged by the core team.
+
+### Unsupported Release Series
+
+When a release series is no longer supported, it's your own responsibility to deal with bugs and security issues. If you are not comfortable maintaining your own versions, you should upgrade to a supported version.
+
+## Reporting a bug
+
+All security bugs in shopify repositories should be reported to [our hackerone program](https://hackerone.com/shopify)
+Shopify's whitehat program is our way to reward security researchers for finding serious security vulnerabilities in the In Scope properties listed at the bottom of this page, including our core application (all functionality associated with a Shopify store, particularly your-store.myshopify.com/admin) and certain ancillary applications.
+
+## Disclosure Policy
+
+We look forward to working with all security researchers and strive to be respectful, always assume the best and treat others as peers. We expect the same in return from all participants. To achieve this, our team strives to:
+
+- Reply to all reports within one business day and triage within two business days (if applicable)
+- Be as transparent as possible, answering all inquires about our report decisions and adding hackers to duplicate HackerOne reports
+- Award bounties within a week of resolution (excluding extenuating circumstances)
+- Only close reports as N/A when the issue reported is included in Known Issues, Ineligible Vulnerabilities Types or lacks evidence of a vulnerability
+
+**The following rules must be followed in order for any rewards to be paid:**
+
+- You may only test against shops you have created which include your HackerOne YOURHANDLE @ wearehackerone.com registered email address.
+- You must not attempt to gain access to, or interact with, any shops other than those created by you.
+- The use of commercial scanners is prohibited (e.g., Nessus).
+- Rules for reporting must be followed.
+- Do not disclose any issues publicly before they have been resolved.
+- Shopify reserves the right to modify the rules for this program or deem any submissions invalid at any time. Shopify may cancel the whitehat program without notice at any time.
+- Contacting Shopify Support over chat, email or phone about your HackerOne report is not allowed. We may disqualify you from receiving a reward, or from participating in the program altogether.
+- You are not an employee of Shopify; employees should report bugs to the internal bug bounty program.
+- You hereby represent, warrant and covenant that any content you submit to Shopify is an original work of authorship and that you are legally entitled to grant the rights and privileges conveyed by these terms. You further represent, warrant and covenant that the consent of no other person or entity is or will be necessary for Shopify to use the submitted content.
+- By submitting content to Shopify, you irrevocably waive all moral rights which you may have in the content.
+- All content submitted by you to Shopify under this program is licensed under the MIT License.
+- You must report any discovered vulnerability to Shopify as soon as you have validated the vulnerability.
+- Failure to follow any of the foregoing rules will disqualify you from participating in this program.
+
+\*\* Please see our [Hackerone Profile](https://hackerone.com/shopify) for full details
+
+## Receiving Security Updates
+
+To recieve all general updates to vulnerabilities, please subscribe to our hackerone [Hacktivity](https://hackerone.com/shopify/hacktivity)

db/config/config.js

@@ -0,0 +1,57 @@
+import dotenv from "dotenv";
+dotenv.config();
+
+export default {
+  test: {
+    username: process.env.DB_USER,
+    password: process.env.DB_PASSWORD,
+    database: process.env.DB_NAME,
+    host: process.env.DB_HOST,
+    port: process.env.DB_PORT,
+    dialect: "mysql",
+    logging: process.env.LOG_DB_QUERIES === "true" ? console.log : false,
+    define: {
+      underscoredAll: true,
+      timestamps: true,
+    },
+  },
+  development: {
+    username: process.env.DB_USER,
+    password: process.env.DB_PASSWORD,
+    database: process.env.DB_NAME,
+    host: process.env.DB_HOST,
+    port: process.env.DB_PORT,
+    dialect: "mysql",
+    logging: process.env.LOG_DB_QUERIES === "true" ? console.log : false,
+    define: {
+      underscoredAll: true,
+      timestamps: true,
+    },
+  },
+  staging: {
+    username: process.env.STAGING_DB_USER,
+    password: process.env.STAGING_DB_PASSWORD,
+    database: process.env.STAGING_DB_NAME,
+    host: process.env.STAGING_DB_HOST,
+    port: process.env.DB_PORT,
+    dialect: "mysql",
+    logging: process.env.LOG_DB_QUERIES === "true" ? console.log : false,
+    define: {
+      underscoredAll: true,
+      timestamps: true,
+    },
+  },
+  production: {
+    username: process.env.PROD_DB_USER,
+    password: process.env.PROD_DB_PASSWORD,
+    database: process.env.PROD_DB_NAME,
+    host: process.env.PROD_DB_HOST,
+    port: process.env.PROD_DB_PORT,
+    dialect: "mysql",
+    logging: process.env.LOG_DB_QUERIES === "true" ? console.log : false,
+    define: {
+      underscoredAll: true,
+      timestamps: true,
+    },
+  },
+};

db/config/connect.js

@@ -0,0 +1,24 @@
+import dbObj from "../models/index.js";
+const db = dbObj.sequelize;
+
+import logger from "../../services/logger/index.js";
+
+const connect = async () => {
+  try {
+    await db.authenticate();
+    logger.info(
+      `Connection to the ${process.env.NODE_ENV} database was successful `
+    );
+  } catch (error) {
+    logger.error("Unable to connect to the database:", error);
+  }
+
+  try {
+    await db.sync();
+    logger.info(`${process.env.NODE_ENV} database was successfully synced`);
+  } catch (error) {
+    logger.error("Unable to sync to the database:", error);
+  }
+};
+
+export default { connect };

db/models/index.js

@@ -0,0 +1,52 @@
+"use strict";
+
+import fs from "fs";
+import path from "path";
+import Sequelize from "sequelize";
+import { fileURLToPath } from "url";
+import { dirname } from "path";
+
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = dirname(__filename);
+
+const basename = path.basename(__filename);
+const env = process.env.NODE_ENV || "development";
+import configObj from "../config/config.js";
+const config = configObj[env];
+const db = {};
+
+let sequelize;
+if (config.use_env_variable) {
+  sequelize = new Sequelize(process.env[config.use_env_variable], config);
+} else {
+  sequelize = new Sequelize(
+    config.database,
+    config.username,
+    config.password,
+    config
+  );
+}
+
+const files = fs.readdirSync(__dirname).filter((file) => {
+  return (
+    file.indexOf(".") !== 0 && file !== basename && file.slice(-3) === ".js"
+  );
+});
+
+for (const file of files) {
+  const pathName = "./" + file;
+  const modelObj = await import(pathName);
+  const model = modelObj.default(sequelize, Sequelize.DataTypes);
+  db[model.name] = model;
+}
+
+Object.keys(db).forEach((modelName) => {
+  if (db[modelName].associate) {
+    db[modelName].associate(db);
+  }
+});
+
+db.sequelize = sequelize;
+db.Sequelize = Sequelize;
+
+export default db;

db/models/session.js

@@ -0,0 +1,33 @@
+"use strict";
+import { Model } from "sequelize";
+export default (sequelize, DataTypes) => {
+  class Session extends Model {
+    /**
+     * Helper method for defining associations.
+     * This method is not a part of Sequelize lifecycle.
+     * The `models/index` file will call this method automatically.
+     */
+    static associate(models) {
+      // define association here
+    }
+  }
+  Session.init(
+    {
+      id: {
+        type: DataTypes.STRING,
+        primaryKey: true,
+      },
+      shop: {
+        type: DataTypes.STRING,
+      },
+      payload: {
+        type: DataTypes.JSON,
+      },
+    },
+    {
+      sequelize,
+      modelName: "Session",
+    }
+  );
+  return Session;
+};

db/models/shop.js

@@ -0,0 +1,25 @@
+"use strict";
+import { Model } from "sequelize";
+export default (sequelize, DataTypes) => {
+  class Shop extends Model {
+    /**
+     * Helper method for defining associations.
+     * This method is not a part of Sequelize lifecycle.
+     * The `models/index` file will call this method automatically.
+     */
+    static associate(models) {
+      // define association here
+    }
+  }
+  Shop.init(
+    {
+      shopName: DataTypes.STRING,
+      longTermAccessToken: DataTypes.STRING,
+    },
+    {
+      sequelize,
+      modelName: "Shop",
+    }
+  );
+  return Shop;
+};

db/models/webhooks.js

@@ -0,0 +1,25 @@
+"use strict";
+import { Model } from "sequelize";
+export default (sequelize, DataTypes) => {
+  class Webhooks extends Model {
+    /**
+     * Helper method for defining associations.
+     * This method is not a part of Sequelize lifecycle.
+     * The `models/index` file will call this method automatically.
+     */
+    static associate(models) {
+      // define association here
+    }
+  }
+  Webhooks.init(
+    {
+      webhooks: DataTypes.STRING,
+      host: DataTypes.STRING,
+    },
+    {
+      sequelize,
+      modelName: "Webhooks",
+    }
+  );
+  return Webhooks;
+};

index.html

@@ -0,0 +1,10 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8" />
+  </head>
+  <body>
+    <div id="app"><!--app-html--></div>
+    <script type="module" src="/src/entry-client.jsx"></script>
+  </body>
+</html>