Add ShopHost concern for fetching and saving host

CHANGELOG.md

@@ -4,8 +4,9 @@
 18.1.0 (Jan 28, 2022)
 ----------
 * Support Rails 7 [#1354](https://github.com/Shopify/shopify_app/pull/1354)
-* Fix webhooks handling in Ruby 3 [#1342](https://github.com/Shopify/shopify_app/pull/1342) 
+* Fix webhooks handling in Ruby 3 [#1342](https://github.com/Shopify/shopify_app/pull/1342)
 * Update to Ruby 3 and drop support to Ruby 2.5 [#1359](https://github.com/Shopify/shopify_app/pull/1359)
+* Add ShopHost concern for fetching and saving host [#1360](https://github.com/Shopify/shopify_app/pull/1360)
 
 18.0.4 (Jan 27, 2022)
 ----------
@@ -28,7 +29,7 @@
 
 18.0.0 (May 3, 2021)
 ----------
-* Support OmniAuth 2.x 
+* Support OmniAuth 2.x
   * If your app has custom OmniAuth configuration, please refer to the [OmniAuth 2.0 upgrade guide](https://github.com/omniauth/omniauth/wiki/Upgrading-to-2.0).
 * Support App Bridge version 2.x in the Embedded App layout. [#1241](https://github.com/Shopify/shopify_app/pull/1241)
 
@@ -58,7 +59,7 @@
 
 17.0.4 (January 25, 2021)
 ----------
-* Redirect user to login page if shopify domain is not found in the `EnsureAuthenticatedLinks` concern [#1158](https://github.com/Shopify/shopify_app/pull/1158) 
+* Redirect user to login page if shopify domain is not found in the `EnsureAuthenticatedLinks` concern [#1158](https://github.com/Shopify/shopify_app/pull/1158)
 
 17.0.3 (January 22, 2021)
 ----------

app/controllers/concerns/shopify_app/ensure_authenticated_links.rb

@@ -14,7 +14,7 @@ def splash_page
       splash_page_with_params(
         return_to: request.fullpath,
         shop: current_shopify_domain,
-        host: params[:host]
+        host: @host
       )
     end
 

app/controllers/concerns/shopify_app/shop_host.rb

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+module ShopifyApp
+  module ShopHost
+    extend ActiveSupport::Concern
+
+    SHOP_HOST_COOKIE = :shop_host
+
+    included do
+      before_action :set_shop_host
+    end
+
+    def set_shop_host
+      @host = fetch_host_from_params
+      @host ||= fetch_host_from_cookies
+      save_shop_host(@host) if @host
+      @host
+    end
+
+    private
+
+    def fetch_host_from_params
+      params[:host]
+    end
+
+    def fetch_host_from_cookies
+      cookies[SHOP_HOST_COOKIE]
+    end
+
+    def save_shop_host(host)
+      cookies[SHOP_HOST_COOKIE] = {
+        value: host,
+        expires: 1.day.from_now,
+      }
+    end
+  end
+end

app/controllers/shopify_app/callback_controller.rb

@@ -3,6 +3,7 @@
 module ShopifyApp
   # Performs login after OAuth completes
   class CallbackController < ActionController::Base
+    include ShopifyApp::ShopHost
     include ShopifyApp::LoginProtection
 
     def callback

app/controllers/shopify_app/sessions_controller.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 module ShopifyApp
   class SessionsController < ActionController::Base
+    include ShopifyApp::ShopHost
     include ShopifyApp::LoginProtection
 
     layout false, only: :new

docs/shopify_app/authentication.md

@@ -1,10 +1,10 @@
 # Authentication
 
-The Shopify App gem implements [OAuth 2.0](https://shopify.dev/tutorials/authenticate-with-oauth) to get [access tokens](https://shopify.dev/concepts/about-apis/authentication#api-access-modes). These are used to authenticate requests made by the app to the Shopify API. 
+The Shopify App gem implements [OAuth 2.0](https://shopify.dev/tutorials/authenticate-with-oauth) to get [access tokens](https://shopify.dev/concepts/about-apis/authentication#api-access-modes). These are used to authenticate requests made by the app to the Shopify API.
 
-By default, the gem generates an embedded app frontend that uses [Shopify App Bridge](https://shopify.dev/tools/app-bridge) to fetch [session tokens](https://shopify.dev/concepts/apps/building-embedded-apps-using-session-tokens). Session tokens are used by the embedded app to make authenticated requests to the app backend. 
+By default, the gem generates an embedded app frontend that uses [Shopify App Bridge](https://shopify.dev/tools/app-bridge) to fetch [session tokens](https://shopify.dev/concepts/apps/building-embedded-apps-using-session-tokens). Session tokens are used by the embedded app to make authenticated requests to the app backend.
 
-See [*Authenticate an embedded app using session tokens*](https://shopify.dev/tutorials/authenticate-your-app-using-session-tokens) to learn more. 
+See [*Authenticate an embedded app using session tokens*](https://shopify.dev/tutorials/authenticate-your-app-using-session-tokens) to learn more.
 
 > ⚠️ Be sure you understand the differences between the types of authentication schemes before reading this guide.
 
@@ -121,4 +121,20 @@ class AuthenticatedController < ApplicationController
 end
 ```
 
-See [Authenticate server-side rendered embedded apps using Rails and Turbolinks](https://shopify.dev/tutorials/authenticate-server-side-rendered-embedded-apps-using-rails-and-turbolinks) for more information.
+See [Authenticate server-side rendered embedded apps using Rails and Turbolinks](https://shopify.dev/tutorials/authenticate-server-side-rendered-embedded-apps-using-rails-and-turbolinks) for more information.
+
+### `ShopifyApp::ShopHost`
+
+The [`ShopifyApp::ShopHost`](/app/controllers/concerns/shopify_app/shop_host.rb) concern handles fetching and caching `host` param in App Bridge 2.0 apps.
+
+Include this concern in yours app's `SplashPageController` and `AuthenticatedController` if your app uses App Bridge 2.0. It adds `before_action` that sets `@host` variable from params or cookies and saves existing host into cookies. If host is missing in both params and cookies then `ShopifyHostNotFound` exception is raised.
+
+*Example:*
+
+```rb
+class AuthenticatedController < ApplicationController
+  include ShopifyApp::ShopHost
+  include ShopifyApp::EnsureAuthenticatedLinks
+  include ShopifyApp::Authenticated
+end
+```

lib/generators/shopify_app/home_controller/templates/home_controller.rb

@@ -1,18 +1,11 @@
 # frozen_string_literal: true
 
 class HomeController < AuthenticatedController
+  include ShopifyApp::ShopHost
   include ShopifyApp::ShopAccessScopesVerification
 
-  before_action :set_host
-
   def index
     @products = ShopifyAPI::Product.find(:all, params: { limit: 10 })
     @webhooks = ShopifyAPI::Webhook.find(:all)
   end
-
-  private
-
-  def set_host
-    @host = params[:host]
-  end
 end

lib/generators/shopify_app/home_controller/templates/unauthenticated_home_controller.rb

@@ -1,12 +1,12 @@
 # frozen_string_literal: true
 
 class HomeController < ApplicationController
+  include ShopifyApp::ShopHost
   include ShopifyApp::EmbeddedApp
   include ShopifyApp::RequireKnownShop
   include ShopifyApp::ShopAccessScopesVerification
 
   def index
     @shop_origin = current_shopify_domain
-    @host = params[:host]
   end
 end

lib/shopify_app/controller_concerns/login_protection.rb

@@ -112,7 +112,7 @@ def jwt_shopify_user_id
     end
 
     def host
-      return params[:host] if params[:host].present?
+      return @host if @host.present?
 
       raise ShopifyHostNotFound
     end

test/controllers/concerns/ensure_authenticated_links_test.rb

@@ -4,6 +4,7 @@
 
 class EnsureAuthenticatedLinksTest < ActionController::TestCase
   class TurbolinksTestController < ActionController::Base
+    include ShopifyApp::ShopHost
     include ShopifyApp::EnsureAuthenticatedLinks
 
     def root