From 94adc6be986302beacd53e49cc6f1f6070ac5147 Mon Sep 17 00:00:00 2001
From: TheSecurityDev <dt052901@gmail.com>
Date: Wed, 23 Nov 2022 09:18:30 -0600
Subject: [PATCH] try to prevent double redirect

---
 package.json                    |  2 +-
 src/top-level-oauth-redirect.ts | 26 ++++++++++++++++----------
 2 files changed, 17 insertions(+), 11 deletions(-)

diff --git a/package.json b/package.json
index 4dd23aa..2edf49c 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "simple-koa-shopify-auth",
-  "version": "2.1.9",
+  "version": "2.1.10",
   "description": "A better, simplified version of the (no longer supported) @Shopify/koa-shopify-auth middleware library. It removes the use of cookies for sessions (which greatly smooths the auth process), replaces a deprecated API call, and supports v2 of the official @shopify/shopify-api package.",
   "author": "TheSecurityDev",
   "license": "MIT",
diff --git a/src/top-level-oauth-redirect.ts b/src/top-level-oauth-redirect.ts
index ccbc76c..1dfaa2e 100644
--- a/src/top-level-oauth-redirect.ts
+++ b/src/top-level-oauth-redirect.ts
@@ -65,6 +65,10 @@ async function getTopLevelRedirectScript(host: string, redirectTo: string, apiKe
       document.addEventListener('DOMContentLoaded', function() {
         const apiKey = '${apiKey}';
         const redirectUrl = '${redirectTo}';
+        const host = '${encodeURI(host)}';
+        const hostManual = '${encodeURI(
+          Buffer.from(`admin.shopify.com/store/${shopName}`, "utf8").toString("base64")
+        )}'; // This is the manual host that we use to redirect to the new admin
         if (window.top === window.self) {
           // If the current window is the 'parent', change the URL by setting location.href
           window.location.href = redirectUrl;
@@ -74,9 +78,9 @@ async function getTopLevelRedirectScript(host: string, redirectTo: string, apiKe
           var createApp = AppBridge.default;
           var Redirect = AppBridge.actions.Redirect;
           try {
-            var app = createApp({
+            var app = createApp({ 
               apiKey,
-              host: "${encodeURI(host)}",
+              host
             });
             var redirect = Redirect.create(app);
             redirect.dispatch(Redirect.Action.REMOTE, redirectUrl);
@@ -84,14 +88,16 @@ async function getTopLevelRedirectScript(host: string, redirectTo: string, apiKe
             console.error(e);
           }
           try {
-            // For some reason, we get the old host parameter sometimes when using the new admin.shopify.com domain, and this causes issues with the redirect.
-            // So we will create a second redirect using the new host, just in case.
-            var app = createApp({
-              apiKey,
-              host: encodeURI(btoa("admin.shopify.com/store/" + "${shopName}")),
-            });
-            var redirect = Redirect.create(app);
-            redirect.dispatch(Redirect.Action.REMOTE, redirectUrl);
+            if (atob(host) !== atob(hostManual)) {
+              // For some reason, we get the old host parameter sometimes when using the new admin.shopify.com domain, and this causes issues with the redirect.
+              // So we will create a second redirect using the new host, just in case.
+              var app = createApp({
+                apiKey,
+                host: hostManual
+              });
+              var redirect = Redirect.create(app);
+              redirect.dispatch(Redirect.Action.REMOTE, redirectUrl);
+            }
           } catch (e) {
             console.error(e);
           }