app.get("/shopify", (req, res) => {
    const shopName = req.query.shop;
    if (shopName) {

        const shopState = nonce();

        const redirectURL = forwardingAddress + "/shopify/callback";

        // install url for app install
        const installUrl =
            "https://" +
            shopName +
            "/admin/oauth/authorize?client_id=" +
            apiKey +
            "&scope;=" +
            scopes +
            "&state;=" +
            shopState +
            "&redirect;_uri=" +
            redirectURL;
        res.cookie("state", shopState);
        // redirect the user to the installUrl
        res.redirect(installUrl);
    } else {
        return res.status(400).send('Missing "Shop Name" parameter!!');
    }
})
function verifyHmac(queryParams: any) {
    const { hmac, ...params } = queryParams;
    const sortedParams = Object.keys(params)
        .sort()
        .map((key) => `${key}=${params[key]}`)
        .join('&');

    const calculatedHmac = crypto
        .createHmac('sha256', process.env.SHOPIFY_API_SECRET)
        .update(sortedParams)
        .digest('hex');

    return hmac === calculatedHmac;
}

app.get("/shopify/callback", (req, res) => {
    const { shop, hmac, code, shopState } = req.query;
    const stateCookie = cookie.parse(req.headers.cookie).shopState;
    const validation = verifyHmac(req.query)

    if (!validation) {
        return res.status(400).send("HMAC validation failed");
    }

    const accessTokenRequestUrl =
        "https://" + shop + "/admin/oauth/access_token";
    const accessTokenPayload = {
        client_id: process.env.SHOPIFY_API_KEY,
        client_secret: process.env.SHOPIFY_API_SECRET,
        code,
    };
    request
        .post(accessTokenRequestUrl, { json: accessTokenPayload })

        .then((accessTokenResponse: any) => {
            console.log(accessTokenResponse)
        })

        .catch((error: any) => {
            res.status(error.statusCode).send(error.error.error_description);
        });
})