Shopify tools generate code that is incomplete and broken.
Besides Shopify does not supply tools that allow me to thouroughly test my code. I cannot generate events such as: webhooks firing, app install and app uninstall to test my code.
This is my story. I generated an App about two weeks ago with an app extension using the latest version of the cli, with the React App Bridge and the whole thing. I got a nice looking app that I could install in a development store. I added the code specific to the app and the app seemed to be working in the development store without any problem.
I submit the app and I get a few minutes later an email telling me that the app is rejected for the following reasons:
1.App must set security headers to protect against clickjacking. My feeling is that the code generated by the cli is broken or incomplete. It should include those headers.
CAN SOMEBODY HELP? Which code do I put, in which position, in which file?
2. App must verify the authenticity of the request from Shopify. Again my feeling is that the code supplied by Shopify for the webhooks should include this necessary code. What is worse, looking at the server code supplied by Shopify is seems that this is the case. Look at the code generated by the cli
==============
router.post("/webhook_app_uninstalled", async (ctx) => {
try {
await Shopify.Webhooks.Registry.process(ctx.req, ctx.res);
console.log(`Webhook processed, returned status code 200`);
}
catch
....
===================
I though that the call to Shopify.Webhooks.Registry.process() was taking care of the whole job, checking for the authenticity and sending status 200. Moreover, you feel that this is the case when you look at the console.log telling you that the Webhook had been processed and returned status code 200.
The code supplied by Shopify is incomplete or broken and probably misleading. It is broken for sure, the call to Shopify.Webhooks.Registry.process() times out. Now, I do not know if I should delete that code that times out or if the code is doing something important, because I do not find an explanation anywhere.
I CANNOT TEST THE CODE FOR THE WEBOOKS. Since Shopify does not give me a way (or I could not find it) to fire the webhooks I cannot test the code for the webhooks and I do not know if the code works. Had I been able to test the webhooks I would have seen before submitting the App that the code supplied by Shopify did not work.
What is worse, when I write code to check the authenticity of the request from Shopify I will not know if it works because I cannot test it!
Finally when you register a web hook, what does this webhookHandler thingy do?
===========
webhookHandler: async (topic, shop, body)
delete ACTIVE_SHOPIFY_SHOPS[shop],
================================
Should I use this area to put ALL my code to handle the web hook of do I do put the code it in the actual body of the Webhook router handler? Where do they explain what webhookHandler do?
In my book nothing beats complete working code!
Shopify gives me a ton of pages (some outdated) with pieces of code and they do not tell me in which file to use that code. The info they supply is voluminous but INCOMPLETE
Example:
I cannot find anywhere an explanation of where to insert the code to the graphql api to generate the Billing for the app. Do I register a
APP_SUBSCRIPTIONS_UPDATE webhook and put the code in the router call to that webhook, or do I put the code on the authentication call
async afterAuth(ctx) { } where I can ascertain by looking at my redis database that this is a new shop that just installed the app? Or do I put the code in both places and maybe I send to the api duplicate calls to generate the Billing for the app?Since I cannot fire an App Install event I cannot test my code.
My feeling is that Shopify gives us too many pieces of piecemeal, incomplete information that fails to be totally useful. I'm forced to use google too much and still I'm not getting the info I exactly need and since I cannot test all the aspects of the code I will be getting angry emails from Shopify rejecting my app until I get it right.
It is not my intention to offend anybody. Thank you all.
