Merge pull request #1370 from Shopify/local-dev-kludges

Support internal Shopify hosts

Author: Shinomix

CHANGELOG.md

@@ -5,6 +5,7 @@ Note: For changes to the API, see https://shopify.dev/changelog?filter=api
 
 - [#1362](https://github.com/Shopify/shopify-api-ruby/pull/1362) Add support for client credentials grant
 - [#1369](https://github.com/Shopify/shopify-api-ruby/pull/1369) Make `sub` and `sid` jwt claims optional (Checkout ui extension support)
+- [#1370](https://github.com/Shopify/shopify-api-ruby/pull/1370) Add support for Shopify internal hosts
 
 ## 14.8.0
 

lib/shopify_api/auth/oauth.rb

@@ -46,8 +46,8 @@ def begin_auth(shop:, redirect_path:, is_online: true, scope_override: nil)
           }
 
           query_string = URI.encode_www_form(query)
+          auth_route = auth_base_uri(shop) + "/oauth/authorize?#{query_string}"
 
-          auth_route = "https://#{shop}/admin/oauth/authorize?#{query_string}"
           { auth_route: auth_route, cookie: cookie }
         end
 
@@ -106,6 +106,20 @@ def validate_auth_callback(cookies:, auth_query:)
 
           { session: session, cookie: cookie }
         end
+
+        private
+
+        sig { params(shop: String).returns(String) }
+        def auth_base_uri(shop)
+          return "https://#{shop}/admin" unless defined?(DevServer)
+
+          # For first-party apps in development only, we leverage DevServer to build the admin base URI
+          admin_web = T.unsafe(Object.const_get("DevServer")).new("web") # rubocop:disable Sorbet/ConstantsFromStrings
+          admin_host = admin_web.host!(nonstandard_host_prefix: "admin")
+          shop_name = shop.split(".").first
+
+          "https://#{admin_host}/store/#{shop_name}"
+        end
       end
     end
   end

lib/shopify_api/clients/http_client.rb

@@ -40,13 +40,17 @@ def request(request, response_as_struct: false)
         headers["Content-Type"] = T.must(request.body_type) if request.body_type
         headers = headers.merge(T.must(request.extra_headers)) if request.extra_headers
 
+        parsed_uri = URI(request_url(request))
+
+        headers = append_first_party_development_headers(headers, parsed_uri)
+
         tries = 0
         response = HttpResponse.new(code: 0, headers: {}, body: "")
         while tries < request.tries
           tries += 1
           res = T.cast(HTTParty.send(
             request.http_method,
-            request_url(request),
+            parsed_uri.to_s,
             headers: headers,
             query: request.query,
             body: request.body.class == Hash ? T.unsafe(request.body).to_json : request.body,
@@ -115,6 +119,27 @@ def serialized_error(response)
         end
         body.to_json
       end
+
+      private
+
+      sig do
+        params(
+          headers: T::Hash[T.any(Symbol, String), T.untyped],
+          parsed_uri: URI::Generic,
+        ).returns(T::Hash[T.any(Symbol, String), T.untyped])
+      end
+      def append_first_party_development_headers(headers, parsed_uri)
+        return headers unless defined?(DevServer)
+        return headers unless headers["Host"]&.include?(".my.shop.dev") || parsed_uri.host&.include?(".my.shop.dev")
+
+        # These headers are only used for first party applications in development mode
+        headers["x-forwarded-host"] = headers["Host"] || parsed_uri.host
+        headers["Host"] = T.unsafe(
+          Object.const_get("DevServer::Core"), # rubocop:disable Sorbet/ConstantsFromStrings
+        ).new.host!(:app)
+
+        headers
+      end
     end
   end
 end