Implement Shopify App

Replace simulation with a real Shopify app using Firebase Functions.

Author: lovable-dev[bot]

api/shopify-auth-callback.js

@@ -0,0 +1,30 @@
+// Proxy pour le callback OAuth Shopify
+export default async function handler(req, res) {
+  if (req.method !== 'POST') {
+    return res.status(405).json({ error: 'Method not allowed' });
+  }
+
+  try {
+    // Forward la requête vers Firebase Functions
+    const firebaseUrl = 'https://us-central1-refspring-project.cloudfunctions.net/shopifyTokenExchange';
+    
+    const response = await fetch(firebaseUrl, {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+      },
+      body: JSON.stringify(req.body)
+    });
+
+    const data = await response.json();
+    
+    if (!response.ok) {
+      return res.status(response.status).json(data);
+    }
+
+    res.json(data);
+  } catch (error) {
+    console.error('OAuth callback proxy error:', error);
+    res.status(500).json({ error: 'Internal server error' });
+  }
+}

api/shopify-config.js

@@ -6,7 +6,7 @@ export default async function handler(req, res) {
 
   try {
     // Forward la requête vers Firebase Functions
-    const firebaseUrl = 'https://us-central1-refspring-project.cloudfunctions.net/shopifyInstall';
+    const firebaseUrl = 'https://us-central1-refspring-project.cloudfunctions.net/shopifyAuthUrl';
 
     const response = await fetch(firebaseUrl, {
       method: 'POST',

api/shopify-webhooks.js

@@ -0,0 +1,48 @@
+// Proxy pour les webhooks Shopify
+export default async function handler(req, res) {
+  if (req.method !== 'POST') {
+    return res.status(405).json({ error: 'Method not allowed' });
+  }
+
+  try {
+    const topic = req.headers['x-shopify-topic'];
+    let firebaseUrl;
+
+    // Router vers la bonne fonction selon le type de webhook
+    switch (topic) {
+      case 'orders/create':
+      case 'orders/updated':
+      case 'orders/paid':
+        firebaseUrl = 'https://us-central1-refspring-project.cloudfunctions.net/shopifyOrderWebhook';
+        break;
+      case 'app/uninstalled':
+        firebaseUrl = 'https://us-central1-refspring-project.cloudfunctions.net/shopifyAppWebhook';
+        break;
+      default:
+        return res.status(400).json({ error: 'Unsupported webhook topic' });
+    }
+
+    // Forward la requête avec tous les headers Shopify
+    const response = await fetch(firebaseUrl, {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        'X-Shopify-Topic': req.headers['x-shopify-topic'] || '',
+        'X-Shopify-Hmac-Sha256': req.headers['x-shopify-hmac-sha256'] || '',
+        'X-Shopify-Shop-Domain': req.headers['x-shopify-shop-domain'] || '',
+      },
+      body: JSON.stringify(req.body)
+    });
+
+    const data = await response.json();
+    
+    if (!response.ok) {
+      return res.status(response.status).json(data);
+    }
+
+    res.json(data);
+  } catch (error) {
+    console.error('Webhook proxy error:', error);
+    res.status(500).json({ error: 'Internal server error' });
+  }
+}

functions/src/index.ts

@@ -6,6 +6,9 @@ import { validateTracking } from './validateTracking';
 import { calculateCommissions } from './calculateCommissions';
 import { antifraudCheck } from './antifraudCheck';
 import { wordpressConfig, shopifyInstall, generatePluginApiKey } from './pluginAPI';
+import { shopifyAuthUrl, shopifyTokenExchange } from './shopifyOAuth';
+import { shopifyOrderWebhook, shopifyAppWebhook } from './shopifyWebhooks';
+import { setupShopifyWebhooks, checkShopifyInstallation } from './shopifySetup';
 import { stripeGetPaymentMethods } from './stripeGetPaymentMethods';
 import { stripeDeletePaymentMethod } from './stripeDeletePaymentMethod';
 import { stripeSetDefaultPaymentMethod } from './stripeSetDefaultPaymentMethod';
@@ -27,6 +30,12 @@ export {
   wordpressConfig,
   shopifyInstall,
   generatePluginApiKey,
+  shopifyAuthUrl,
+  shopifyTokenExchange,
+  shopifyOrderWebhook,
+  shopifyAppWebhook,
+  setupShopifyWebhooks,
+  checkShopifyInstallation,
   stripeGetPaymentMethods,
   stripeDeletePaymentMethod,
   stripeSetDefaultPaymentMethod,

functions/src/pluginAPI.ts

@@ -79,7 +79,7 @@ export const wordpressConfig = functions.https.onRequest((request, response) =>
   });
 });
 
-// API pour l'installation Shopify
+// API pour l'installation Shopify (redirige vers le processus OAuth)
 export const shopifyInstall = functions.https.onRequest((request, response) => {
   corsHandler(request, response, async () => {
     if (request.method !== 'POST') {
@@ -90,35 +90,20 @@ export const shopifyInstall = functions.https.onRequest((request, response) => {
       const installData: ShopifyInstall = request.body;
 
       // Validation
-      if (!installData.shop || !installData.code || !installData.campaignId) {
+      if (!installData.shop || !installData.campaignId) {
         return response.status(400).json({ error: 'Missing required fields' });
       }
 
-      // Échanger le code OAuth contre un access token (simulation)
-      // En réalité, on ferait un appel à l'API Shopify
-      const accessToken = 'simulated_access_token_' + Date.now();
-
-      // Stocker la configuration Shopify
-      const shopifyDoc = await admin.firestore()
-        .collection('plugin_configs')
-        .add({
-          pluginType: 'shopify',
-          domain: installData.shop,
-          campaignId: installData.campaignId,
-          accessToken,
-          createdAt: new Date(),
-          updatedAt: new Date(),
-          active: true,
-          settings: {
-            autoInject: true,
-            trackingEnabled: true
-          }
-        });
-
+      // Génération de l'état OAuth sécurisé
+      const state = Buffer.from(`${installData.campaignId}:${Date.now()}`).toString('base64');
+      
+      // Rediriger vers le processus OAuth réel
       response.json({
         success: true,
-        pluginId: shopifyDoc.id,
-        message: 'Shopify app installed successfully'
+        requiresOAuth: true,
+        state,
+        message: 'Please complete OAuth authorization',
+        nextStep: 'oauth'
       });
 
     } catch (error) {

functions/src/shopifyApp.ts

@@ -0,0 +1,95 @@
+import * as functions from 'firebase-functions';
+
+// Configuration de l'app Shopify
+export interface ShopifyAppConfig {
+  apiKey: string;
+  apiSecret: string;
+  scopes: string[];
+  appUrl: string;
+  webhookSecret: string;
+}
+
+// Récupérer la configuration de l'app Shopify
+export function shopifyAppConfig(): ShopifyAppConfig {
+  // En production, ces valeurs doivent être dans les secrets Firebase
+  // Pour le développement, on peut utiliser des variables d'environnement
+  const config = functions.config();
+  
+  return {
+    apiKey: config.shopify?.api_key || process.env.SHOPIFY_API_KEY || '',
+    apiSecret: config.shopify?.api_secret || process.env.SHOPIFY_API_SECRET || '',
+    scopes: ['read_orders', 'read_products', 'write_script_tags', 'read_customers'],
+    appUrl: config.app?.url || process.env.APP_URL || 'https://refspring.com',
+    webhookSecret: config.shopify?.webhook_secret || process.env.SHOPIFY_WEBHOOK_SECRET || ''
+  };
+}
+
+// Valider la configuration de l'app
+export function validateShopifyConfig(): boolean {
+  const config = shopifyAppConfig();
+  
+  if (!config.apiKey || !config.apiSecret) {
+    console.error('Shopify API credentials not configured');
+    return false;
+  }
+  
+  return true;
+}
+
+// Générer un state sécurisé pour OAuth
+export function generateOAuthState(campaignId: string, userId: string): string {
+  const timestamp = Date.now().toString();
+  const data = `${campaignId}:${userId}:${timestamp}`;
+  return Buffer.from(data).toString('base64');
+}
+
+// Valider et décoder le state OAuth
+export function validateOAuthState(state: string): { campaignId: string; userId: string; timestamp: number } | null {
+  try {
+    const decoded = Buffer.from(state, 'base64').toString();
+    const parts = decoded.split(':');
+    
+    if (parts.length !== 3) {
+      return null;
+    }
+    
+    const [campaignId, userId, timestampStr] = parts;
+    const timestamp = parseInt(timestampStr);
+    
+    // Vérifier que le state n'est pas trop ancien (30 minutes max)
+    const maxAge = 30 * 60 * 1000; // 30 minutes
+    if (Date.now() - timestamp > maxAge) {
+      console.error('OAuth state expired');
+      return null;
+    }
+    
+    return { campaignId, userId, timestamp };
+  } catch (error) {
+    console.error('Invalid OAuth state:', error);
+    return null;
+  }
+}
+
+// Types pour les objets Shopify
+export interface ShopifyOrder {
+  id: number;
+  total_price: string;
+  currency: string;
+  customer: {
+    id: number;
+    email: string;
+  };
+  line_items: Array<{
+    id: number;
+    title: string;
+    quantity: number;
+    price: string;
+  }>;
+  created_at: string;
+}
+
+export interface ShopifyWebhookData {
+  shop_domain: string;
+  order?: ShopifyOrder;
+  [key: string]: any;
+}