Add ALLOWED_DOMAIN_PATTERN env (#200)

Co-authored-by: Krzysztof Żuraw <9116238+krzysztofzuraw@users.noreply.github.com>

.changeset/itchy-bikes-smash.md

@@ -0,0 +1,5 @@
+---
+"saleor-app-payment-stripe": minor
+---
+
+Added "ALLOWED_DOMAIN_PATTERN" env that can be used to allow/disallow specific Saleor instances

src/lib/env.mjs

@@ -24,6 +24,7 @@ export const env = createEnv({
     UPSTASH_TOKEN: z.string().optional(),
     REST_APL_ENDPOINT: z.string().optional(),
     REST_APL_TOKEN: z.string().optional(),
+    ALLOWED_DOMAIN_PATTERN: z.string().optional(),
   },
 
   /*
@@ -56,5 +57,6 @@ export const env = createEnv({
     UPSTASH_TOKEN: process.env.UPSTASH_TOKEN,
     REST_APL_ENDPOINT: process.env.REST_APL_ENDPOINT,
     REST_APL_TOKEN: process.env.REST_APL_TOKEN,
+    ALLOWED_DOMAIN_PATTERN: process.env.ALLOWED_DOMAIN_PATTERN,
   },
 });

src/pages/api/register.ts

@@ -1,6 +1,9 @@
 import { createAppRegisterHandler } from "@saleor/app-sdk/handlers/next";
 
 import { saleorApp } from "../../saleor-app";
+import { env } from "@/lib/env.mjs";
+
+const allowedUrlsPattern = env.ALLOWED_DOMAIN_PATTERN;
 
 /**
  * Required endpoint, called by Saleor to install app.
@@ -9,17 +12,14 @@ import { saleorApp } from "../../saleor-app";
 export default createAppRegisterHandler({
   apl: saleorApp.apl,
   allowedSaleorUrls: [
-    /**
-     * You may want your app to work only for certain Saleor instances.
-     *
-     * Your app can work for every Saleor that installs it, but you can
-     * limit it here
-     *
-     * By default, every url is allowed.
-     *
-     * URL should be a full graphQL address, usually starting with https:// and ending with /graphql/
-     *
-     * Alternatively pass a function
-     */
+    (url) => {
+      if (allowedUrlsPattern) {
+        const regex = new RegExp(allowedUrlsPattern);
+
+        return regex.test(url);
+      }
+
+      return true;
+    },
   ],
 });