boutique 0.0.9 → 0.0.10

data/LICENSE.md

@@ -1,19 +1,23 @@
-Copyright (C) 2011 by Hugh Bien
+Copyright (c) 2012, Hugh Bien
+All rights reserved.
 
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
 
-The above copyright notice and this permission notice shall be included in
-all copies or substantial portions of the Software.
+Redistributions of source code must retain the above copyright notice, this list
+of conditions and the following disclaimer.
 
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.
+Redistributions in binary form must reproduce the above copyright notice, this
+list of conditions and the following disclaimer in the documentation and/or
+other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
+ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

data/README.md

@@ -1,57 +1,34 @@
 Description
 ===========
 
-Boutique is a Sinatra module for selling digital goods.  Still under development.
+Boutique is a Sinatra app for drip emails (and soon-to-be product checkouts).
+Still in development!
 
 Installation
 ============
 
-    % gem install boutique
+    $ gem install boutique
 
-You'll need some private/public certificates:
-
-    % openssl genrsa -out private.pem 1024
-    % openssl req -new -key private.pem -x509 -days 1095 -out public.pem
-
-Make sure the email you use is the same as your PayPal merchant email, or else
-PayPal will reject it.
-
-You can download PayPal's public certificate under `Profile > Encrypted
-Payment Settings`.  Click the download button for PayPal Public Certificate.
-Rename this certificate to something like `paypal.pem`.
-
-While you're there, upload the `public.pem` certificate you just generated.  Copy
-the `Cert ID`, you'll use it for the `pem_cert_id` field in your config.  You
-can block unencrypted requests from `Website Payment Preferences`.
-
-Setup a `config.ru` file and run it like any other Sinatra application.  You
-can configure what products you sell here:
+Setup a `config.ru` file and run it like any other Sinatra app:
 
     require 'rubygems'
     require 'boutique'
 
     Boutique.configure do |c|
       c.dev_email      'dev@mailinator.com'
-      c.pem_cert_id    'LONGCERTID'
-      c.pem_private    '/path/to/private.pem'
-      c.pem_public     '/path/to/public.pem'
-      c.pem_paypal     '/path/to/paypal.pem'
+      c.stripe_api_key 'sk_test_abcdefghijklmnopqrstuvwxyz'
       c.download_dir   '/path/to/download'
       c.download_path  '/download'
-      c.db_adapter     'mysql'
-      c.db_host        'localhost'
-      c.db_username    'root'
-      c.db_password    'secret'
-      c.db_database    'boutique'
-      c.pp_email       'paypal_biz@mailinator.com'
-      c.pp_url         'https://www.sandbox.paypal.com/cgi-bin/webscr'
+
+      c.db_options(adapter: 'postgresql', host: 'localhost',
+        username: 'root', password: 'secret', database: 'boutique')
+      c.email_options(via: :smtp, via_options: {host: 'smtp.example.org'})
     end
 
-    Boutique.product('icon-set') do |p|
-      p.name       'Icon Set'
-      p.files      '/path/to/icon-set.tgz'  # array for multiple files
-      p.price      10.5
-      p.return_url 'http://zincmade.com/thankyou'
+    Boutique.list('learn-ruby') do |l|
+      l.from   'Hugh <hugh@mailinator.com>'
+      l.emails '/path/to/emails-dir'
+      l.url    'http://example.com'
     end
 
     run Boutique::App if !ENV['BOUTIQUE_CMD']
@@ -61,29 +38,77 @@ Stick this in your `bashrc` or `zshrc`:
     BOUTIQUE_CONFIG='/path/to/config.ru'
 
 Now setup the database tables (assuming you've already created the database and
-credentials):
+credentials) and stick the `.css` and `.js` files in your project.  Note that
+`boutique.js` is dependent on jQuery.
+
+    $ boutique --migrate
+    $ boutique --assets
+       new -- boutique.js
+       new -- boutique.css
+    $ mv boutique.js boutique.css /path/to/project/assets/.
+
+Drip Emails
+===========
+
+Emails can be written in any templating format that `Tilt` accepts.  Stick them
+in `/path/to/emails-dir` (configured above in `config.ru`).  Emails use
+front-matter YAML for passing information to Boutique.  The required fields are
+`day`, `subject`, and `key`.  The day is how many days should pass until the
+email is sent.  The key is a unique key assigned to each email to guard against
+sending multiples to the same recipient.  You'll also have access to three
+local variables:
+
+* `subscribe_url` - URL to open subscribe UI
+* `confirm_url` - URL for double opt-in confirmation
+* `unsubscribe_url` - URL to unsubscribe in one click
 
-    % boutique --migrate
+Here's an example email:
 
-With the settings above, a normal flow would look like:
+    ---
+    day: 1
+    subject: First Email
+    key: first-email
+    ---
 
-1. On your site, link the user to `/buy/icon-set/` to purchase
-2. User is redirected to paypal
-3. After completing paypal, user is redirected to 
-   `http://zincmade.com/thankyou?b=order-id`
-4. On this page, issue an AJAX request to `/purchases/order-id`.
-   The `downloads` field of the JSON will include the download URLs.
+    Hi,
 
-Usage
-=====
+    This is the first email in the series.
 
-The web application is for customers, to get information about your products use
-the included command line application.
+    Thanks,
+    - Hugh
 
-    % boutique --stats productcode
-    % boutique --expire
-    % boutique --expire id
-    % boutique --delete id
+    [Click here to unsubscribe.](<%= unsubscribe_url %>)
+
+This will be in the file `/path/to/emails-dir/first-email.md.erb`.  Based on
+the file extensions, Boutique will run it through ERB first followed by Markdown.
+
+Also note, the directory should contain a special **zero day** email.  This is
+the email used to confirm when a new person signs up, also called the double
+opt-in email:
+
+    ---
+    day: 0
+    subject: Please confirm your email address
+    key: confirm-email
+    ---
+
+    Hi,
+
+    Thanks for signing up.  But wait, you're not done yet!  Please
+    [click here to confirm your email address.](<%= confirm_url %>)
+
+    If you subscribed or received this email by mistake, please feel free to
+    ignore it.  You will not receive any further emails.
+
+    Thanks!
+    - Hugh
+
+Emails are sent out using the command line tool `boutique --drip`.  This should
+be run everyday.  It's idempotent, so it's fine if it gets run multiple times a
+day by mistake.  Use cron to schedule drips:
+
+    $ crontab -e
+    0 8 * * * boutique --drip
 
 Development
 ===========
@@ -91,13 +116,20 @@ Development
 Tests are setup to run individually via `ruby test/*_test.rb` or run them all
 via `rake`.
 
+To start the server for local development:
+
+    $ BOUTIQUE_DEV=1 shotgun
+
 TODO
 ====
 
-* BUG: logs are required especially for errors
+* implement UI opening on subscribe_url
+* switch to Stripe
+* add customizable? email integration for purchase receipts + recover
+* add re-usable UI for purchasing, downloading, recover
 
 License
 =======
 
-Copyright 2011 Hugh Bien - http://hughbien.com.
-Released under MIT License, see LICENSE.md for more info.
+Copyright Hugh Bien - http://hughbien.com.
+Released under BSD License, see LICENSE.md for more info.

data/boutique

@@ -9,36 +9,24 @@ ENV['BOUTIQUE_CMD'] = '1'
 
 module Boutique
   class Command
-    def self.delete(id)
-      purchase = expire(id)
-      purchase.destroy if !purchase.nil?
+    JS_FILE = File.join(File.dirname(__FILE__), 'public/boutique/script.js')
+    CSS_FILE = File.join(File.dirname(__FILE__), 'public/boutique/styles.css')
+
+    def self.assets
+      File.exist?('boutique.js') ?
+        puts("exists -- boutique.js") :
+        FileUtils.copy(JS_FILE, "boutique.js") || puts("   new -- boutique.js")
+      File.exist?('boutique.css') ?
+        puts("exists -- boutique.css") :
+        FileUtils.copy(CSS_FILE, "boutique.css") || puts("   new -- boutique.css")
     end
 
-    def self.expire(id)
+    def self.drip
       load_config
-      purchase = Boutique::Purchase.get(id.to_i)
-      if purchase.nil?
-        puts "Purchase #{id} not found"
-        return
+      Boutique::List.to_a.each do |list_key|
+        emailer = Boutique::Emailer.new(List[list_key])
+        emailer.drip
       end
-      purchase.downloads.each do |download|
-        FileUtils.rm_rf(File.dirname(
-          "#{Boutique.config.download_dir}#{download.sub(Boutique.config.download_path, '')}"))
-      end
-      purchase
-    end
-
-    def self.expire_old
-      load_config
-      threshold = (Date.today - 1).strftime("%Y%m%d")
-      dirs = Dir.glob("#{Boutique.config.download_dir}/*").
-        map {|f| File.basename(f) }.
-        select {|f| f < threshold }
-      dirs.each {|d| FileUtils.rm_rf("#{Boutique.config.download_dir}/#{d}") }
-
-      Boutique::Purchase.all(
-        :transaction_id => nil,
-        :created_at.lt => (Date.today - 1)).destroy
     end
 
     def self.migrate
@@ -49,35 +37,6 @@ module Boutique
       load_config
     end
 
-    def self.stats(code)
-      load_config
-      product = Boutique::Product.first(:code => code)
-      if product.nil?
-        puts "Product #{code} not found"
-        return
-      end
-
-      puts "Code:   #{product.code}"
-      puts "Name:   #{product.name}"
-      puts "Files:  #{product.files.join("\n        ")}"
-      printf("Price:  $%.2f\n" % product.price)
-      puts "Return: #{product.return_url}"
-      puts "Email:  #{product.support_email}"
-
-      puts ('-' * 40)
-
-      purchases = product.purchases
-      puts "* #{purchases.select {|p| p.completed?}.size} purchases have been completed"
-      puts "* #{purchases.reduce(0) {|sum,p| sum + p.counter}} downloads linked"
-
-      puts ('-' * 40)
-
-      puts "id, links, email" if purchases.size > 0
-      purchases.sort_by {|p| p.counter }.reverse.each do |purchase|
-        puts "* #{purchase.id}, #{purchase.counter}, #{purchase.email}" if purchase.completed?
-      end
-    end
-
     private
     def self.load_config
       load(ENV['BOUTIQUE_CONFIG'] || 'config.ru')
@@ -89,11 +48,9 @@ ARGV.options do |o|
   o.set_summary_indent('  ')
   o.banner =    "Usage: #{File.basename($0)} [OPTION]"
   o.define_head "Admin for boutique"
-  o.on('-d', '--delete [id]', 'delete purchase') { |id| Boutique::Command.delete(id); exit }
-  o.on('-e', '--expire [id]', 'expire purchase') { |id| Boutique::Command.expire(id); exit }
-  o.on('-E', '--expire-old', 'expire old data') { Boutique::Command.expire_old; exit }
+  o.on('-a', '--assets', 'create css/js assets') { Boutique::Command.assets; exit }
+  o.on('-d', '--drip', 'drip out emails') { Boutique::Command.drip; exit }
   o.on('-m', '--migrate', 'initial migration') { Boutique::Command.migrate; exit }
-  o.on('-s', '--stats [product]', String, 'show stats on product') { |p| Boutique::Command.stats(p); exit }
   o.on('-h', '--help', 'show this help message') { puts o; exit }
   o.parse!
   puts o

data/config.ru

@@ -1,28 +1,29 @@
 require File.expand_path('lib/boutique', File.dirname(__FILE__))
 
-Boutique.configure(!ENV['BOUTIQUE_CMD'].nil?) do |c|
-  c.dev_email     'dev@localhost'
-  c.pem_cert_id   'LONGCERTID'
-  c.pem_private   File.expand_path('certs/private.pem', File.dirname(__FILE__))
-  c.pem_public    File.expand_path('certs/public.pem', File.dirname(__FILE__))
-  c.pem_paypal    File.expand_path('certs/paypal.pem', File.dirname(__FILE__))
-  c.download_path '/download'
-  c.download_dir  File.expand_path('temp', File.dirname(__FILE__))
-  c.db_adapter    'sqlite3'
-  c.db_host       'localhost'
-  c.db_username   'root'
-  c.db_password   'secret'
-  c.db_database   'db.sqlite3'
-  c.pp_email      'paypal_biz@mailinator.com'
-  c.pp_url        'http://localhost'
+Boutique.configure(ENV['BOUTIQUE_DEV'] || !ENV['BOUTIQUE_CMD'].nil?) do |c|
+  #c.dev_email      'dev@localhost'
+  c.stripe_api_key 'sk_test_abcdefghijklmnopqrstuvwxyz'
+  c.download_path  '/download'
+  c.download_dir   File.expand_path('temp', File.dirname(__FILE__))
+  c.db_options(
+    adapter: 'sqlite3',
+    host: 'localhost',
+    username: 'root',
+    password: 'secret',
+    database: 'db.sqlite3')
+  c.email_options(via: :sendmail)
 end
 
 Boutique.product('readme') do |p|
-  p.name          'README document'
-  p.files         File.expand_path('README.md', File.dirname(__FILE__))
-  p.price         1.5
-  p.return_url    'http://localhost'
-  p.support_email 'support@localhost'
+  p.from 'support@localhost'
+  p.files File.expand_path('README.md', File.dirname(__FILE__))
+  p.price 1.5
+end
+
+Boutique.list('learn-ruby') do |l|
+  l.from   'Hugh <hugh@localhost>'
+  l.emails File.expand_path('emails', File.dirname(__FILE__))
+  l.url    'http://example.com'
 end
 
 run Boutique::App if !ENV['BOUTIQUE_CMD']

data/lib/boutique.rb

@@ -1,291 +1,303 @@
 require 'rubygems'
+require 'bundler/setup'
 require 'sinatra/base'
 require 'dm-core'
 require 'dm-types'
 require 'dm-timestamps'
+require 'dm-validations'
 require 'date'
 require 'digest/sha1'
 require 'json'
 require 'openssl'
 require 'pony'
+require 'preamble'
+require 'tilt'
+require 'tempfile'
+require 'uri'
+require 'cgi'
 
 DataMapper::Model.raise_on_save_failure = true
 
 module Boutique
-  VERSION = '0.0.9'
+  VERSION = '0.0.10'
 
   class << self
     def configure(setup_db=true)
-      yield Config
-      DataMapper.setup(:default,
-        :adapter  => config.db_adapter,
-        :host     => config.db_host,
-        :username => config.db_username,
-        :password => config.db_password,
-        :database => config.db_database
-      ) if setup_db
+      yield config
+      DataMapper.setup(:default, config.db_options) if setup_db
+      Pony.options = config.email_options if !config.email_options.nil?
     end
 
     def config
-      Config
+      @config ||= Config.new('config')
     end
 
-    def product(code)
-      builder = ProductBuilder.new
-      builder.code(code)
-      yield builder
-      product = Product.first_or_create({:code => code}, builder.to_hash)
-      product.save
-      product
+    def product(key)
+      yield Product.new(key)
     end
-  end
 
-  class Config
-    def self.dev_email(value=nil)
-      @dev_email = value if !value.nil?
-      @dev_email
+    def list(key)
+      yield List.new(key)
     end
+  end
 
-    def self.pem_cert_id(value=nil)
-      @pem_cert_id = value if !value.nil?
-      @pem_cert_id
-    end
+  module MemoryResource
+    def self.included(base)
+      base.extend(ClassMethods)
+      base.attr_resource :key
+      base.reset_db
+    end
+
+    module ClassMethods
+      def attr_resource(*names)
+        names.each do |name|
+          define_method(name) do |*args|
+            value = args[0]
+            instance_variable_set("@#{name}".to_sym, value) if !value.nil?
+            instance_variable_get("@#{name}".to_sym)
+          end
+        end
+      end
 
-    def self.pem_private(value=nil)
-      @pem_private = value if !value.nil?
-      @pem_private
-    end
+      def reset_db
+        @db = {}
+      end
 
-    def self.pem_public(value=nil)
-      @pem_public = value if !value.nil?
-      @pem_public
-    end
+      def [](key)
+        @db[key]
+      end
 
-    def self.pem_paypal(value=nil)
-      @pem_paypal = value if !value.nil?
-      @pem_paypal
-    end
+      def []=(key, value)
+        @db[key] = value
+      end
 
-    def self.download_path(value=nil)
-      @download_path = value if !value.nil?
-      @download_path
-    end
+      def include?(key)
+        self.to_a.include?(key)
+      end
 
-    def self.download_dir(value=nil)
-      @download_dir = value if !value.nil?
-      @download_dir
+      def to_a
+        @db.keys
+      end
     end
 
-    def self.db_adapter(value=nil)
-      @db_adapter = value if !value.nil?
-      @db_adapter
+    def initialize(key)
+      @key = key
+      self.class[key] = self
     end
+  end
 
-    def self.db_host(value=nil)
-      @db_host = value if !value.nil?
-      @db_host
+  class Emailer
+    def initialize(list)
+      @list = list
     end
 
-    def self.db_username(value=nil)
-      @db_username = value if !value.nil?
-      @db_username
-    end
+    def render(path, locals = {}, preamble = false)
+      path = full_path(path)
+      raise "File not found: #{path}" if !File.exist?(path)
 
-    def self.db_password(value=nil)
-      @db_password = value if !value.nil?
-      @db_password
-    end
+      yaml, body = Preamble.load(path)
+      templates_for(path).each do |template|
+        blk = proc { body }
+        body = template.new(path, &blk).render(self, locals)
+      end
 
-    def self.db_database(value=nil)
-      @db_database = value if !value.nil?
-      @db_database
+      preamble ? [yaml, body] : body
+    end
+
+    def deliver(subscriber, path, locals = {})
+      locals = locals.merge(
+        subscribe_url: @list.subscribe_url,
+        confirm_url: subscriber.confirm_url,
+        unsubscribe_url: subscriber.unsubscribe_url)
+      yaml, body = self.render(path, locals, true)
+      if yaml['day'] == 0
+        ymd = Date.today.strftime("%Y-%m-%d")
+        Email.create(email_key: "#{yaml['key']}-#{ymd}", subscriber: subscriber)
+      else
+        raise "Unconfirmed #{subscriber.email} for #{yaml['key']}" if !subscriber.confirmed?
+        Email.create(email_key: yaml['key'], subscriber: subscriber)
+      end
+      Pony.mail(
+        to: subscriber.email,
+        from: @list.from,
+        subject: yaml['subject'],
+        headers: {'Content-Type' => 'text/html'},
+        body: body)
+    rescue DataMapper::SaveFailureError
+      raise "Duplicate email #{yaml['key']} to #{subscriber.email}"
+    end
+
+    def deliver_zero(subscriber)
+      self.deliver(subscriber, emails[0])
+    end
+
+    def blast(path, locals = {})
+      yaml, body = Preamble.load(full_path(path))
+      email_key = yaml['key']
+      @list.subscribers.all(confirmed: true).each do |subscriber|
+        # TODO: speed up by moving filter outside of loop
+        if Email.first(email_key: yaml['key'], subscriber: subscriber).nil?
+          self.deliver(subscriber, path, locals)
+        end
+      end
     end
 
-    def self.pp_email(value=nil)
-      @pp_email = value if !value.nil?
-      @pp_email
+    def drip
+      today = Date.today
+      max_day = emails.keys.max || 0
+      subscribers = @list.subscribers.all(
+        :confirmed => true,
+        :drip_on.lt => today,
+        :drip_day.lt => max_day)
+      subscribers.each do |subscriber|
+        subscriber.drip_on = today
+        subscriber.drip_day += 1
+        subscriber.save
+        if (email_path = emails[subscriber.drip_day])
+          self.deliver(subscriber, email_path)
+        end
+      end
     end
 
-    def self.pp_url(value=nil)
-      @pp_url = value if !value.nil?
-      @pp_url
+    private
+    def full_path(path)
+      File.join(@list.emails, path)
+    end
+
+    def templates_for(path)
+      basename = File.basename(path)
+      basename.split('.')[1..-1].reverse.map { |ext| Tilt[ext] }
+    end
+
+    def emails
+      @emails ||= begin
+        emails = {}
+        Dir.entries(@list.emails).each do |filename|
+          next if File.directory?(filename)
+          # TODO: stop duplicating calls to Preamble, store in memory
+          yaml, body = Preamble.load(full_path(filename))
+          if yaml && yaml['day'] && yaml['key']
+            emails[yaml['day']] = filename
+          end
+        end
+        emails
+      end
     end
   end
 
-  class ProductBuilder
-    def code(value=nil)
-      @code = value if !value.nil?
-      @code
-    end
-
-    def name(value=nil)
-      @name = value if !value.nil?
-      @name
-    end
+  class Config
+    include MemoryResource
+    attr_resource :dev_email,
+      :stripe_api_key,
+      :download_dir,
+      :download_path,
+      :db_options,
+      :email_options
+  end
 
-    def files(value=nil)
-      @files = value if !value.nil?
-      @files
-    end
+  class Product
+    include MemoryResource
+    attr_resource :from, :files, :price
+  end
 
-    def price(value=nil)
-      @price = value if !value.nil?
-      @price
-    end
+  class List
+    include MemoryResource
+    attr_resource :from, :emails, :url
 
-    def return_url(value=nil)
-      @return_url = value if !value.nil?
-      @return_url
+    def subscribers
+      Subscriber.all(list_key: self.key)
     end
 
-    def support_email(value=nil)
-      @support_email = value if !value.nil?
-      @support_email
-    end
-
-    def to_hash
-      {:code => @code,
-       :name => @name,
-       :files => @files,
-       :price => @price,
-       :return_url => @return_url,
-       :support_email => @support_email}
+    def subscribe_url
+      url = URI.parse(self.url)
+      params = [url.query]
+      params << "boutique=subscribe/#{CGI.escape(self.key)}"
+      url.query = params.compact.join('&')
+      url.to_s
     end
   end
 
-  class Product
-    include DataMapper::Resource
-
-    property :id, Serial
-    property :code, String, :required => true, :unique => true
-    property :name, String, :required => true, :unique => true
-    property :files, CommaSeparatedList, :required => true
-    property :price, Decimal, :required => true
-    property :return_url, String, :required => true
-    property :support_email, String, :required => true
-
-    has n, :purchases
-  end
-
   class Purchase
     include DataMapper::Resource
 
     property :id, Serial
+    property :product_key, String, required: true
     property :created_at, DateTime
-    property :counter, Integer, :required => true
-    property :secret, String, :required => true
+    property :counter, Integer, required: true
+    property :secret, String, required: true
     property :transaction_id, String
     property :email, String
-    property :name, String
+    property :name, String, format: :email_address
     property :completed_at, DateTime
     property :downloads, CommaSeparatedList
+  end
 
-    belongs_to :product
+  class Subscriber
+    include DataMapper::Resource
 
-    def initialize(attr = {})
-      attr[:counter] ||= 0
-      attr[:secret] ||= random_hash
+    property :id, Serial
+    property :list_key, String, required: true, unique_index: :list_key_email
+    property :email, String, required: true, unique_index: :list_key_email, format: :email_address
+    property :secret, String, required: true
+    property :confirmed, Boolean
+    property :created_at, DateTime
+    property :drip_on, Date, required: true
+    property :drip_day, Integer, required: true, default: 0
+
+    validates_within :list_key, set: List
+    validates_uniqueness_of :email, scope: :list_key
+
+    has n, :emails
+
+    def initialize(*args)
       super
+      self.secret ||= Digest::SHA1.hexdigest("#{rand(1000)}-#{Time.now}")[0..6]
+      self.drip_on ||= Date.today
     end
 
-    def complete(txn_id, email, name)
-      self.transaction_id = txn_id
-      self.email = email
-      self.name = name
-      self.completed_at = DateTime.now
-      link_downloads!
+    def list
+      @list ||= List[self.list_key]
     end
 
-    def completed?
-      !completed_at.nil? && !transaction_id.nil?
+    def confirm!(secret)
+      self.confirmed = true if self.secret == secret
+      self.save
     end
 
-    def maybe_refresh_downloads!
-      if self.completed? &&
-         (self.downloads.nil? ||
-          self.downloads.any? {|d| !File.exist?(d) })
-        self.link_downloads!
-        self.save
-      end
+    def unconfirm!(secret)
+      self.confirmed = false if self.secret == secret
+      self.save
     end
 
-    def link_downloads!
-      return if !completed?
-      self.downloads = product.files.map do |file|
-        linked_file = "/#{Date.today.strftime('%Y%m%d')}-#{random_hash}/#{File.basename(file)}"
-        full_dir = File.dirname("#{Boutique.config.download_dir}#{linked_file}")
-        `mkdir -p #{full_dir}`
-        `ln -s #{file} #{Boutique.config.download_dir}#{linked_file}`
-        "#{Boutique.config.download_path}#{linked_file}"
-      end
-      self.counter += 1
+    def confirm_url
+      secret_url("confirm")
     end
 
-    def boutique_id
-      (self.id.nil? || self.secret.nil?) ?
-        raise('Cannot get boutique_id for unsaved purchase') :
-        "#{self.id}-#{self.secret}"
+    def unsubscribe_url
+      secret_url("unsubscribe")
     end
 
-    def random_hash
-      Digest::SHA1.hexdigest("#{DateTime.now}#{rand}")[0..9]
+    private
+    def secret_url(action)
+      url = URI.parse(self.list.url)
+      params = [url.query]
+      params << "boutique=#{action}/#{CGI.escape(self.list_key)}/#{self.id}/#{self.secret}"
+      url.query = params.compact.join('&')
+      url.to_s
     end
+  end
 
-    def send_mail
-      raise 'Cannot send link to incomplete purchase' if !completed?
-      Pony.mail(
-        :to => self.email,
-        :from => self.product.support_email,
-        :subject => "#{self.product.name} Receipt",
-        :body => "Thanks for purchasing #{self.product.name}!  " +
-                 "To download it, follow this link:\n\n" +
-                 "    #{self.product.return_url}?b=#{boutique_id}\n\n" +
-                 "Please reply if you have any troubles.\n"
-      )
-    end
+  class Email
+    include DataMapper::Resource
 
-    def to_json
-      {
-        :id => id,
-        :counter => counter,
-        :completed => completed?,
-        :name => product.name,
-        :code => product.code,
-        :downloads => downloads
-      }.to_json
-    end
+    property :id, Serial
+    property :email_key, String, required: true
+    property :created_at, DateTime
 
-    def paypal_form(notify_url)
-      values = {
-        :business => Boutique.config.pp_email,
-        :cmd => '_xclick',
-        :item_name => product.name,
-        :item_number => product.code,
-        :amount => product.price.to_f,
-        :currency_code => 'USD',
-        :notify_url => "#{notify_url}/#{boutique_id}",
-        :return => "#{product.return_url}?b=#{boutique_id}",
-        :cert_id => Boutique.config.pem_cert_id
-      }
-      {'action' => Boutique.config.pp_url,
-       'cmd' => '_s-xclick',
-       'encrypted' => encrypt(values)}
-    end
+    validates_uniqueness_of :email_key, scope: :subscriber
+    validates_presence_of :subscriber
 
-    private
-    def encrypt(values)  
-      signed = OpenSSL::PKCS7::sign(
-        OpenSSL::X509::Certificate.new(File.read(Boutique.config.pem_public)),
-        OpenSSL::PKey::RSA.new(File.read(Boutique.config.pem_private), ''),
-        values.map { |k,v| "#{k.to_s}=#{v.to_s}" }.join("\n"),
-        [],
-        OpenSSL::PKCS7::BINARY)  
-      OpenSSL::PKCS7::encrypt(
-        [OpenSSL::X509::Certificate.new(File.read(Boutique.config.pem_paypal))],
-        signed.to_der,
-        OpenSSL::Cipher::Cipher::new("DES3"),
-        OpenSSL::PKCS7::BINARY).to_s.gsub("\n", "")  
-    end  
+    belongs_to :subscriber
   end
 
   DataMapper.finalize
@@ -297,70 +309,44 @@ module Boutique
     error do
       Pony.mail(
         :to => Boutique.config.dev_email,
-        :from => "boutique@#{Boutique.config.dev_email.split('@')[1..-1].join}",
         :subject => 'Boutique Error',
         :body => request.env['sinatra.error'].to_s
       ) if Boutique.config.dev_email
     end
 
-    get '/buy/:code' do
-      product = Boutique::Product.first(:code => params[:code])
-      if product.nil?
-        halt(404, "product #{params[:code]} not found")
-      end
-      purchase = Boutique::Purchase.new
-      product.purchases << purchase
-      product.save
-      form = purchase.paypal_form("http://#{request.host}/notify")
-      "<!doctype html><html><head><title>Redirecting to PayPal...</title>" +
-      "<meta charset='utf-8'></head><body>" +
-      "<form name='paypal' method='post' action='#{form['action']}'>" +
-      "<input type='hidden' name='cmd' value='#{form['cmd']}'>" +
-      "<input type='hidden' name='encrypted' value='#{form['encrypted']}'>" +
-      "<input type='submit' value='submit' style='visibility:hidden'>" +
-      "</form><script>document.paypal.submit();</script></body></html>"
+    post '/subscribe/:list_key' do
+      list = get_list(params[:list_key])
+      subscriber = Subscriber.first_or_create(
+        list_key: list.key,
+        email: params[:email])
+      Emailer.new(list).deliver_zero(subscriber) rescue nil
+      ''
     end
 
-    post '/notify/:boutique_id' do
-      purchase = get_purchase(params[:boutique_id])
-      if !purchase.completed? &&
-         params['txn_id'] &&
-         params['payment_status'] &&
-         params['first_name'] &&
-         params['payer_email'] &&
-         params['receiver_email'] == Boutique.config.pp_email
-        purchase.complete(params['txn_id'], params['payer_email'], params['first_name'])
-        purchase.send_mail
-        purchase.save
-      end
+    post '/confirm/:list_key/:id/:secret' do
+      list = get_list(params[:list_key])
+      subscriber = get_subscriber(params[:id], list, params[:secret])
+      subscriber.confirm!(params[:secret])
       ''
     end
 
-    post '/recover/:code' do
-      product = Boutique::Product.first(:code => params[:code])
-      purchase = product.purchases.first(:email => params['email']) if product
-      if product.nil? || purchase.nil? || !purchase.completed?
-        halt(404, "purchase #{params[:code]}/#{params['email']} not found")
-      end
-      purchase.send_mail
-      purchase.boutique_id
+    post '/unsubscribe/:list_key/:id/:secret' do
+      list = get_list(params[:list_key])
+      subscriber = get_subscriber(params[:id], list, params[:secret])
+      subscriber.unconfirm!(params[:secret])
+      ''
     end
 
-    get '/record/:boutique_id' do
-      purchase = get_purchase(params[:boutique_id])
-      purchase.maybe_refresh_downloads!
-      params['jsonp'].nil? ?
-        purchase.to_json :
-        "#{params['jsonp']}(#{purchase.to_json})"
+    private
+    def get_list(list_key)
+      List[list_key] || halt(404)
     end
 
-    def get_purchase(boutique_id)
-      id, secret = boutique_id.split('-')
-      purchase = Boutique::Purchase.get(id)
-      if purchase.nil? || purchase.secret != secret
-        halt(404, "purchase #{params[:boutique_id]} not found")
-      end
-      purchase
+    def get_subscriber(id, list, secret)
+      Subscriber.first(
+        id: params[:id],
+        list_key: list.key,
+        secret: secret) || halt(404)
     end
   end
 end