Shopify
Add Session to verifyRequest middleware
WHY are these changes introduced?
The verifyRequest middleware makes a request to OAuth in order to load the current session, loadCurrentSession from Shopify api utils also does this. This leads to scenarios where 2 requests are being made for the same session where only 1 is needed.
For example in the current products-count example on main, verifyRequest is making a request and loadCurrentSession is making a request
app.get("/products-count", verifyRequest(app), async (req, res) => {
const session = await Shopify.Utils.loadCurrentSession(req, res, true);
const { Product } = await import(
`@shopify/shopify-api/dist/rest-resources/${Shopify.Context.API_VERSION}/index.js`
);
const countData = await Product.count({ session });
res.status(200).send(countData);
});
WHAT is this pull request doing?
All this pull request is doing is making the app variable optional, since it is only used to get the use-online-tokens Boolean and adding an optional useOnlineTokens Boolean defaulting to true. This is so the end user doesn't have to extract the express app into its own file for instantiation every time the middleware needs to be used just to grab a Boolean.
Then we're saving the session in a local, valid through the lifetime of the request. See express docs on locals
Now the end user just has to access the session through the local without needing an extra import or lifting the express app.
Proof of concept
