From fe0ffdf89b5b8f072ddbb9b8030200a968618669 Mon Sep 17 00:00:00 2001
From: Richard Powell <richard.powell@shopify.com>
Date: Wed, 6 Sep 2023 09:32:09 -0400
Subject: [PATCH] [WIP] - Spike of what authenticating flow requests might look
 like

---
 packages/shopify-app-remix/package.json       |  2 +-
 .../server/authenticate/flow/authenticate.ts  | 54 +++++++++++++++++++
 .../src/server/authenticate/flow/types.ts     |  0
 3 files changed, 55 insertions(+), 1 deletion(-)
 create mode 100644 packages/shopify-app-remix/src/server/authenticate/flow/authenticate.ts
 create mode 100644 packages/shopify-app-remix/src/server/authenticate/flow/types.ts

diff --git a/packages/shopify-app-remix/package.json b/packages/shopify-app-remix/package.json
index 3f0e4b9759..ef0443ddfb 100644
--- a/packages/shopify-app-remix/package.json
+++ b/packages/shopify-app-remix/package.json
@@ -63,7 +63,7 @@
   },
   "dependencies": {
     "@remix-run/server-runtime": "^1.17.1",
-    "@shopify/shopify-api": "7.6.0",
+    "@shopify/shopify-api": "/Users/richard.powell/src/github.com/Shopify/shopify-api-js/shopify-shopify-api-7.6.0.tgz",
     "@shopify/shopify-app-session-storage": "^1.1.8",
     "isbot": "^3.6.5",
     "semver": "^7.5.0",
diff --git a/packages/shopify-app-remix/src/server/authenticate/flow/authenticate.ts b/packages/shopify-app-remix/src/server/authenticate/flow/authenticate.ts
new file mode 100644
index 0000000000..09125a5afb
--- /dev/null
+++ b/packages/shopify-app-remix/src/server/authenticate/flow/authenticate.ts
@@ -0,0 +1,54 @@
+import {adminClientFactory} from 'src/server/clients/admin';
+import {BasicParams} from 'src/server/types';
+
+export function authenticateFlowFactory(params: BasicParams) {
+  const {api, config, logger} = params;
+
+  return async function authenticate(request: Request) {
+    logger.info('Authenticating flow request');
+
+    if (request.method !== 'POST') {
+      logger.debug(
+        'Received a non-POST request for flow. Only POST requests are allowed.',
+        {url: request.url, method: request.method},
+      );
+      throw new Response(undefined, {
+        status: 405,
+        statusText: 'Method not allowed',
+      });
+    }
+
+    const rawBody = await request.text();
+    const {valid} = await api.flow.validate({
+      rawBody,
+      rawRequest: request,
+    });
+
+    if (!valid) {
+      throw new Response(undefined, {
+        status: 400,
+        statusText: 'Bad Request',
+      });
+    }
+
+    const payload = JSON.parse(rawBody);
+    const sessionId = api.session.getOfflineId(payload.shopify_domain);
+    const session = await config.sessionStorage.loadSession(sessionId);
+
+    if (!session) {
+      logger.info('Flow request could not find session', {
+        shop: payload.shopify_domain,
+      });
+      throw new Response(undefined, {
+        status: 400,
+        statusText: 'Bad Request',
+      });
+    }
+
+    return {
+      session,
+      payload,
+      admin: adminClientFactory({params, session}),
+    };
+  };
+}
diff --git a/packages/shopify-app-remix/src/server/authenticate/flow/types.ts b/packages/shopify-app-remix/src/server/authenticate/flow/types.ts
new file mode 100644
index 0000000000..e69de29bb2