后端OAuth2.0认证流程
  1. 安装依赖
  Codeblock
   1
   npm install express crypto axios
   2. 配置⽂件/config/index.js
  ⽤于存放APP_NAME,CLIENT_ID,CLIENT_SECRET,REDIRECT_URI
   Codeblock
  
   const CLIENT_ID = "<YOUR_CLIENT_ID>";
   const CLIENT_SECRET = "<YOUR_CLIENT_SECRET>";
   const BASE_URL = "<BASE_URL>";
   const REDIRECT_URI = `${BASE_URL}/auth/shoplazza/callback`;
   let access_token = {};
   3. HMAC校验中间件/middleware/hmacValidator.js
   Codeblock
  
   9
   import crypto from "crypto";
   export const hmacValidator = async (ctx, next) => {
   const { hmac, ...queryParams } = ctx.query;
   if (!hmac) {
   ctx.status = 400;
   ctx.body = { error: "Missing HMAC parameter" };
   return;
  
   }
   // 
  计算
   HMAC 
  校验
   
  const message = Object.keys(queryParams)
   .sort()
   .map((key) => `${key}=${queryParams[key]}`)
   .join("&");
   const generatedHmac = crypto
   .createHmac("sha256", process.env.CLIENT_SECRET)
   .update(message)
   .digest("hex");
   if (crypto.timingSafeEqual(Buffer.from(generatedHmac), Buffer.from(hmac))) {
   await next();
   } else {
   ctx.status = 403;
   ctx.body = { error: "HMAC validation failed" };
   }
   };
   4. 认证路由/routes/auth.js
   Codeblock
  
   import Router from "koa-router";
   import crypto from "crypto";
   import axios from "axios";
   import { APP_NAME, CLIENT_ID, CLIENT_SECRET, REDIRECT_URI } from 
  "../config/index.js";
   import { hmacValidator } from "../middleware/hmacValidator.js";
   const router = new Router({ prefix: "/api" });
   router.get(`/auth/install`, async (ctx) => {
   const shop = ctx.query.shop;
   if (!shop) {
   ctx.status = 400;
   ctx.body = { error: "Missing shop parameter" };
   return;
   }
   const scopes = "read_customer,read_product,write_product";
   const state = crypto.randomBytes(16).toString("hex");
   const redirectUri = `https://${ctx.host}${REDIRECT_URI}`;
  
   const authUrl = `https://${shop}/admin/oauth/authorize?
   client_id=${CLIENT_ID}&scope=${scopes}&redirect_uri=${redirectUri}&response_typ
   e=code&state=${state}`;
   ctx.redirect(authUrl);
   });
   // ** Step 2: 
  处理
   OAuth 
  回调
  ** 
  router.get(`/auth/callback`, hmacValidator, async (ctx) => {
   const { code, shop } = ctx.query;
   if (!shop || !code) {
   ctx.status = 400;
   ctx.body = { error: "Missing required parameters" };
   return;
   }
   const redirectUri = `https://${ctx.host}${REDIRECT_URI}`;
   try {
   const response = await axios.post(`https://${shop}/admin/oauth/token`, {
   client_id: CLIENT_ID,
   client_secret: CLIENT_SECRET,
   code,
   grant_type: "authorization_code",
   redirect_uri: redirectUri,
   });
   console.log("
  获取
   access_token 
  成功
  :", response.data);
   ctx.body = response.data;  // 
  返回
   token 
  及
   store 
  信息
   
  } catch (error) {
   console.error(" 
  获取
   access_token 
  失败
  :", error.message);
   ctx.status = 500;
   ctx.body = { error: "Failed to obtain access token" };
   }
   });
   export default router;
   5. 启动服务器挂载oauth，认证路由
  Codeblock
   1
   2
   const PORT = process.env.PORT || 3000;
   app.listen(PORT, () => {
  3
   4
   console.log(`Server running on http://localhost:${PORT}`);
   });