replace deprecated maxAge property in lru cache to fix warning

Author: TheSecurityDev

package.json

@@ -1,6 +1,6 @@
 {
   "name": "simple-koa-shopify-auth",
-  "version": "2.1.15",
+  "version": "2.1.16",
   "description": "A better, simplified version of the (no longer supported) @Shopify/koa-shopify-auth middleware library. It removes the use of cookies for sessions (which greatly smooths the auth process), replaces a deprecated API call, and supports v2 of the official @shopify/shopify-api package.",
   "author": "TheSecurityDev",
   "license": "MIT",

src/top-level-oauth-redirect.ts

@@ -8,6 +8,8 @@ export const TOP_LEVEL_OAUTH_COOKIE_NAME = "shopifyTopLevelOAuth"; // If this is
 const RELATIVE_APP_BRIDGE_PATH = "../app-bridge/[email protected]";
 const APP_BRIDGE_FILE_PATH = resolvePath(__dirname, RELATIVE_APP_BRIDGE_PATH); // Get global path from relative path to this module
 
+// NOTE: Top level means we're in the top level window, not embedded in an iframe
+
 export function shouldPerformTopLevelOAuth({ cookies }: Context) {
   return Boolean(cookies.get(TOP_LEVEL_OAUTH_COOKIE_NAME));
 }
@@ -46,6 +48,7 @@ export async function startTopLevelOauthRedirect(ctx: Context, apiKey: string, p
   );
 }
 
+// TODO: We should refactor this ugly mess and remove the parts we don't need anymore.
 async function getTopLevelRedirectScript(host: string, redirectTo: string, apiKey: string) {
   let shopName = "";
   try {

src/verify-request.ts

@@ -121,10 +121,12 @@ async function clearSession(ctx: Context, accessMode = defaultOptions.accessMode
   }
 }
 
+// Cache the results of the verify access token request
 const VERIFY_TOKEN_REQUEST_CACHE = new LRUCache({
   max: 1000,
-  maxAge: 1000 * 60 * 60, // 1 hour
-}); // Cache the results of the verify access token request
+  ttl: 1000 * 60 * 60, // 1 hour
+  // Don't use the fetchMethod, because we want to catch errors and I think it might handle the error without throwing
+});
 
 async function checkSessionOnShopifyAPI(session: Session) {
   const { shop, accessToken } = session;
@@ -134,7 +136,7 @@ async function checkSessionOnShopifyAPI(session: Session) {
   const cacheKey = `${shop}:${accessToken}`;
   if (!VERIFY_TOKEN_REQUEST_CACHE.get(cacheKey)) {
     // We haven't verified this access token yet, so make a request to make sure the token is valid on Shopify's end.
-    // If it's not valid, we'll get a 401 and have to re-authorize.
+    // If it's not valid, it will throw a 401 error and have to re-authorize.
     const client = new Shopify.Clients.Rest(shop, accessToken);
     await client.get({ path: "shop" }); // Fetch /shop route on Shopify to verify the token is valid
     VERIFY_TOKEN_REQUEST_CACHE.set(cacheKey, true); // Cache the result