boutique 0.0.1 → 0.0.2

data/README.md

@@ -8,6 +8,15 @@ Installation
 
     % gem install boutique
 
+You'll need some private/public certificates:
+
+    % openssl genrsa -out private.pem 1024
+    % openssl req -new -key private.pem -x509 -days 365 -out public.pem
+
+You can download PayPal's public certificate under `My Account > Encrypted
+Payment Settings`.  Click the download button for PayPal Public Certificate.
+Rename this certificate to something like `paypal.pem`.
+
 Setup a `config.ru` file and run it like any other Sinatra application.  You
 can configure what products you sell here:
 
@@ -15,25 +24,46 @@ can configure what products you sell here:
     require 'boutique'
 
     Boutique.configure do |c|
-      c.store_path    'boutique'
-      c.download_path 'download'
-      c.paypal_key    'paypalapikey'
-      c.db_username   'username'
-      c.db_password   'password'
+      c.pem_private    '/path/to/private.pem'
+      c.pem_public     '/path/to/public.pem'
+      c.pem_paypal     '/path/to/paypal.pem'
+      c.download_dir   '/path/to/download'
+      c.download_path  '/download'
+      c.db_adapter     'mysql'
+      c.db_host        'localhost'
+      c.db_username    'root'
+      c.db_password    'secret'
+      c.db_database    'boutique'
+      c.pp_email       'paypal_biz@mailinator.com'
+      c.pp_url         'http://https://www.sandbox.paypal.com/cgi-bin/webscr'
     end
 
-    Boutique.add('Icon Set') do |p|
-      p.id          'icon-set'
-      p.file        '/home/hugh/icon-set.tgz'
-      p.price       10.5
-      p.return_url  'http://zincmade.com/'
-      p.description '50 different icons in three sizes and four colors'
+    Boutique.product('icon-set') do |p|
+      p.name       'Icon Set'
+      p.files      '/path/to/icon-set.tgz'  # array for multiple files
+      p.price      10.5
+      p.return_url 'http://zincmade.com/thankyou'
     end
 
-    # start purchase at /boutique/icon-set/
-    # download page at  /boutique/long-random-hex-hash/
-    # actual file at    /download/long-random-hex-hash/icon-set.tgz
-    run Boutique::App
+    run Boutique::App if !ENV['BOUTIQUE_CMD']
+
+Stick this in your `bashrc` or `zshrc`:
+
+    BOUTIQUE_CONFIG='/path/to/config.ru'
+
+Now setup the database tables (assuming you've already created the database and
+credentials):
+
+    % boutique --migrate
+
+With the settings above, a normal flow would look like:
+
+1. On your site, link the user to `/boutique/buy/icon-set/` to purchase
+2. User is redirected to paypal
+3. After completing paypal, user is redirected to 
+   `http://zincmade.com/thankyou?b=order-id`
+4. On this page, issue an AJAX request to `/boutique/purchases/order-id`.
+   The `downloads` field of the JSON will include the download URLs.
 
 Usage
 =====
@@ -41,15 +71,23 @@ Usage
 The web application is for customers, to get information about your products use
 the included command line application.
 
-    % boutique --list
-    % boutique --stats id --after date --before date
+    % boutique --stats productcode
+    % boutique --expire
+    % boutique --expire id
+    % boutique --remove id
 
 Development
 ===========
 
-The `config.ru` is for local development.  Start the server via `shotgun`
-command.  Tests are setup to run individually via `ruby test/*_test.rb` or
-run them all via `rake`.
+Tests are setup to run individually via `ruby test/*_test.rb` or run them all
+via `rake`.
+
+TODO
+====
+
+* boutique command line
+* email customer + recover action
+* email exceptions to developer
 
 License
 =======

data/boutique

@@ -1,4 +1,25 @@
 #!/usr/bin/env ruby
-require File.expand_path('../lib/boutique', File.dirname(__FILE__))
+require 'optparse'
+require File.expand_path('lib/boutique', File.dirname(__FILE__))
+require 'dm-migrations'
 
-Boutique.run!
+ENV['BOUTIQUE_CMD'] = '1'
+load(ENV['BOUTIQUE_CONFIG'] || 'config.ru')
+
+module Boutique
+  class Command
+    def self.migrate
+      DataMapper.auto_upgrade!
+    end
+  end
+end
+
+ARGV.options do |o|
+  o.set_summary_indent('  ')
+  o.banner =    "Usage: #{File.basename($0)} [OPTION]"
+  o.define_head "Admin for boutique"
+  o.on('-m', '--migrate', 'initial migration') { Boutique::Command.migrate; exit }
+  o.on('-h', '--help', 'show this help message') { puts o; exit }
+  o.parse!
+  puts o
+end

data/config.ru

@@ -1,3 +1,18 @@
 require File.expand_path('lib/boutique', File.dirname(__FILE__))
 
-run Boutique::App
+Boutique.configure(!ENV['BOUTIQUE_CMD'].nil?) do |c|
+  c.pem_private   File.expand_path('certs/private.pem', File.dirname(__FILE__))
+  c.pem_public    File.expand_path('certs/public.pem', File.dirname(__FILE__))
+  c.pem_paypal    File.expand_path('certs/paypal.pem', File.dirname(__FILE__))
+  c.download_path '/download'
+  c.download_dir  File.expand_path('temp', File.dirname(__FILE__))
+  c.db_adapter    'sqlite3'
+  c.db_host       'localhost'
+  c.db_username   'root'
+  c.db_password   'secret'
+  c.db_database   'db.sqlite3'
+  c.pp_email      'paypal_biz@mailinator.com'
+  c.pp_url        'http://localhost'
+end
+
+run Boutique::App if !ENV['BOUTIQUE_CMD']

data/lib/boutique.rb

@@ -1,12 +1,307 @@
 require 'rubygems'
 require 'sinatra/base'
+require 'dm-core'
+require 'dm-types'
+require 'cgi'
+require 'date'
+require 'digest/sha1'
+require 'json'
+require 'openssl'
 
 module Boutique
-  VERSION = '0.0.1'
+  VERSION = '0.0.2'
+
+  class << self
+    def configure(setup_db=true)
+      yield Config
+      DataMapper.setup(:default,
+        :adapter  => config.db_adapter,
+        :host     => config.db_host,
+        :username => config.db_username,
+        :password => config.db_password,
+        :database => config.db_database
+      ) if setup_db
+    end
+
+    def config
+      Config
+    end
+
+    def product(code)
+      builder = ProductBuilder.new
+      builder.code(code)
+      yield builder
+      product = Product.first_or_create({:code => code}, builder.to_hash)
+      product.save
+      product
+    end
+  end
+
+  class Config
+    def self.pem_private(value=nil)
+      @pem_private = value if !value.nil?
+      @pem_private
+    end
+
+    def self.pem_public(value=nil)
+      @pem_public = value if !value.nil?
+      @pem_public
+    end
+
+    def self.pem_paypal(value=nil)
+      @pem_paypal = value if !value.nil?
+      @pem_paypal
+    end
+
+    def self.download_path(value=nil)
+      @download_path = value if !value.nil?
+      @download_path
+    end
+
+    def self.download_dir(value=nil)
+      @download_dir = value if !value.nil?
+      @download_dir
+    end
+
+    def self.db_adapter(value=nil)
+      @db_adapter = value if !value.nil?
+      @db_adapter
+    end
+
+    def self.db_host(value=nil)
+      @db_host = value if !value.nil?
+      @db_host
+    end
+
+    def self.db_username(value=nil)
+      @db_username = value if !value.nil?
+      @db_username
+    end
+
+    def self.db_password(value=nil)
+      @db_password = value if !value.nil?
+      @db_password
+    end
+
+    def self.db_database(value=nil)
+      @db_database = value if !value.nil?
+      @db_database
+    end
+
+    def self.pp_email(value=nil)
+      @pp_email = value if !value.nil?
+      @pp_email
+    end
+
+    def self.pp_url(value=nil)
+      @pp_url = value if !value.nil?
+      @pp_url
+    end
+  end
+
+  class ProductBuilder
+    def code(value=nil)
+      @code = value if !value.nil?
+      @code
+    end
+
+    def name(value=nil)
+      @name = value if !value.nil?
+      @name
+    end
+
+    def files(value=nil)
+      @files = value if !value.nil?
+      @files
+    end
+
+    def price(value=nil)
+      @price = value if !value.nil?
+      @price
+    end
+
+    def return_url(value=nil)
+      @return_url = value if !value.nil?
+      @return_url
+    end
+
+    def to_hash
+      {:code => @code,
+       :name => @name,
+       :files => @files,
+       :price => @price,
+       :return_url => @return_url}
+    end
+  end
+
+  class Product
+    include DataMapper::Resource
+
+    property :id, Serial
+    property :code, String, :required => true, :unique => true
+    property :name, String, :required => true, :unique => true
+    property :files, CommaSeparatedList, :required => true
+    property :price, Decimal, :required => true
+    property :return_url, String, :required => true
+
+    has n, :purchases
+  end
+
+  class Purchase
+    include DataMapper::Resource
+
+    property :id, Serial
+    property :created_at, DateTime
+    property :counter, Integer, :required => true
+    property :secret, String, :required => true
+    property :transaction_id, String
+    property :email, String
+    property :name, String
+    property :completed_at, DateTime
+    property :downloads, CommaSeparatedList
+
+    belongs_to :product
+
+    def initialize(attr = {})
+      attr[:counter] ||= 0
+      attr[:secret] ||= random_hash
+      super
+    end
+
+    def complete(txn_id, email, name)
+      self.transaction_id = txn_id
+      self.email = email
+      self.name = name
+      self.completed_at = DateTime.now
+      link_downloads!
+    end
+
+    def completed?
+      !completed_at.nil? && !transaction_id.nil?
+    end
+
+    def maybe_refresh_downloads!
+      if self.completed? &&
+         (self.downloads.nil? ||
+          self.downloads.any? {|d| !File.exist?(d) })
+        self.link_downloads!
+        self.save
+      end
+    end
+
+    def link_downloads!
+      return if !completed?
+      self.downloads = product.files.map do |file|
+        linked_file = "/#{Date.today.strftime('%Y%m%d')}-#{random_hash}/#{File.basename(file)}"
+        full_dir = File.dirname("#{Boutique.config.download_dir}#{linked_file}")
+        `mkdir -p #{full_dir}`
+        `ln -s #{file} #{Boutique.config.download_dir}#{linked_file}`
+        "#{Boutique.config.download_path}#{linked_file}"
+      end
+      self.counter += 1
+    end
+
+    def boutique_id
+      (self.id.nil? || self.secret.nil?) ?
+        raise('Cannot get boutique_id for unsaved purchase') :
+        "#{self.id}-#{self.secret}"
+    end
+
+    def random_hash
+      Digest::SHA1.hexdigest("#{DateTime.now}#{rand}")[0..9]
+    end
+
+    def to_json
+      {
+        :id => id,
+        :counter => counter,
+        :completed => completed?,
+        :name => product.name,
+        :code => product.code,
+        :downloads => downloads
+      }.to_json
+    end
+
+    def paypal_form(notify_url)
+      values = {
+        :business => Boutique.config.pp_email,
+        :cmd => '_xclick',
+        :item_name => product.name,
+        :item_number => product.code,
+        :amount => product.price,
+        :currency_code => 'USD',
+        :notify_url => "#{notify_url}/#{boutique_id}",
+        :return => "#{product.return_url}?b=#{boutique_id}"
+      }
+      {'action' => Boutique.config.pp_url,
+       'cmd' => '_s-xclick',
+       'encrypted' => encrypt(values)}
+    end
+
+    private
+    def encrypt(values)  
+      signed = OpenSSL::PKCS7::sign(
+        OpenSSL::X509::Certificate.new(File.read(Boutique.config.pem_public)),
+        OpenSSL::PKey::RSA.new(File.read(Boutique.config.pem_private), ''),
+        values.map { |k,v| "#{CGI.escape(k.to_s)}=#{CGI.escape(v.to_s)}" }.join("\n"),
+        [],
+        OpenSSL::PKCS7::BINARY)  
+      OpenSSL::PKCS7::encrypt(
+        [OpenSSL::X509::Certificate.new(File.read(Boutique.config.pem_paypal))],
+        signed.to_der,
+        OpenSSL::Cipher::Cipher::new("DES3"),
+        OpenSSL::PKCS7::BINARY).to_s.gsub("\n", "")  
+    end  
+  end
+
+  DataMapper.finalize
 
   class App < Sinatra::Base
-    get '/' do
-      'test'
+    post '/boutique/buy/:code' do
+      product = Boutique::Product.first(:code => params[:code])
+      if product.nil?
+        halt(404, "product #{params[:code]} not found")
+      end
+      purchase = Boutique::Purchase.new
+      product.purchases << purchase
+      product.save
+      form = purchase.paypal_form("http://#{request.host}/notify")
+      "<!doctype html><html><head><title>Redirecting to PayPal...</title>" +
+      "<meta charset='utf-8'></head><body>" +
+      "<form name='paypal' action='#{form['action']}'>" +
+      "<input type='hidden' name='cmd' value='#{form['cmd']}'>" +
+      "<input type='hidden' name='encrypted' value='#{form['encrypted']}'>" +
+      "<input type='submit' value='submit' style='visibility:hidden'>" +
+      "</form><script>document.paypal.submit();</script></body></html>"
+    end
+
+    post '/boutique/notify/:boutique_id' do
+      purchase = get_purchase(params[:boutique_id])
+      if !purchase.completed? &&
+         params['txn_id'] &&
+         params['payment_status'] &&
+         params['receiver_email'] == Boutique.config.pp_email
+        purchase.complete(params['txn_id'], params['payer_email'], params['first_name'])
+        purchase.save
+      end
+      ''
+    end
+
+    get '/boutique/record/:boutique_id' do
+      purchase = get_purchase(params[:boutique_id])
+      purchase.maybe_refresh_downloads!
+      params['jsonp'].nil? ?
+        purchase.to_json :
+        "#{params['jsonp']}(#{purchase.to_json})"
+    end
+
+    def get_purchase(boutique_id)
+      id, secret = boutique_id.split('-')
+      purchase = Boutique::Purchase.get(id)
+      if purchase.nil? || purchase.secret != secret
+        halt(404, "purchase #{params[:boutique_id]} not found")
+      end
+      purchase
     end
   end
 end

data/test/app_test.rb

@@ -1,16 +1,62 @@
-require 'rubygems'
-require 'minitest/autorun'
-require 'rack'
-require 'rack/test'
-require 'rack/server'
+require File.expand_path('helper', File.dirname(__FILE__))
 
-class BoutiqueTest < MiniTest::Unit::TestCase
+class AppTest < BoutiqueTest
   include Rack::Test::Methods
 
-  def test_ok
-    get '/'
-    assert last_response.ok?
-    assert_equal 'test', last_response.body
+  def test_redirect_to_paypal
+    ebook_product.save
+    post '/boutique/buy/ebook'
+
+    purchase = Boutique::Purchase.first
+    refute(purchase.nil?)
+    assert(last_response.ok?)
+  end
+
+  def test_purchase_non_existing_product
+    post '/boutique/buy/non-existing-product'
+    assert(last_response.not_found?)
+  end
+
+  def test_notify
+    product = ebook_product
+    purchase = Boutique::Purchase.new
+    product.purchases << purchase
+    product.save
+    refute(purchase.completed?)
+
+    post "/boutique/notify/#{purchase.boutique_id}?payment_status=Completed&txn_id=1337&receiver_email=#{Boutique.config.pp_email}"
+    assert(last_response.ok?)
+
+    purchase.reload
+    assert(purchase.completed?)
+    assert_equal('1337', purchase.transaction_id)
+  end
+
+  def test_notify_not_found
+    post "/boutique/notify/99-notfound"
+    assert(last_response.not_found?)
+  end
+
+  def test_record
+    product = ebook_product
+    purchase = Boutique::Purchase.new
+    product.purchases << purchase
+    product.save
+
+    get "/boutique/record/#{purchase.boutique_id}"
+    assert(last_response.ok?)
+
+    json = JSON.parse(last_response.body)
+    assert(json['id'])
+    assert_equal('ebook', json['code'])
+    assert_equal('Ebook', json['name'])
+    assert_equal(0, json['counter'])
+    refute(json['completed'])
+  end
+
+  def test_record_not_found
+    get "/boutique/record/99-notfound"
+    assert(last_response.not_found?)
   end
 
   private

data/test/config_test.rb

@@ -0,0 +1,18 @@
+require File.expand_path('helper', File.dirname(__FILE__))
+
+class ConfigTest < BoutiqueTest
+  def test_db
+    assert_equal(File.expand_path('../certs/private.pem', File.dirname(__FILE__)), Boutique.config.pem_private)
+    assert_equal(File.expand_path('../certs/public.pem', File.dirname(__FILE__)), Boutique.config.pem_public)
+    assert_equal(File.expand_path('../certs/private.pem', File.dirname(__FILE__)), Boutique.config.pem_private)
+    assert_equal('/download', Boutique.config.download_path)
+    assert_equal(File.expand_path('../temp', File.dirname(__FILE__)), Boutique.config.download_dir)
+    assert_equal('sqlite3', Boutique.config.db_adapter)
+    assert_equal('localhost', Boutique.config.db_host)
+    assert_equal('root', Boutique.config.db_username)
+    assert_equal('secret', Boutique.config.db_password)
+    assert_equal('db.sqlite3', Boutique.config.db_database)
+    assert_equal('paypal_biz@mailinator.com', Boutique.config.pp_email)
+    assert_equal('http://localhost', Boutique.config.pp_url)
+  end
+end

data/test/helper.rb

@@ -0,0 +1,45 @@
+require File.expand_path('../lib/boutique', File.dirname(__FILE__))
+require 'dm-migrations'
+require 'minitest/autorun'
+require 'rack'
+require 'rack/test'
+require 'rack/server'
+require 'fileutils'
+
+DataMapper.setup(:default, 'sqlite::memory:')
+DataMapper.auto_migrate!
+
+class BoutiqueTest < MiniTest::Unit::TestCase
+  def setup
+    Boutique::Purchase.all.destroy
+    Boutique::Product.all.destroy
+    Boutique.configure(false) do |c|
+      c.pem_private   File.expand_path('../certs/private.pem', File.dirname(__FILE__))
+      c.pem_public    File.expand_path('../certs/public.pem', File.dirname(__FILE__))
+      c.pem_paypal    File.expand_path('../certs/paypal.pem', File.dirname(__FILE__))
+      c.download_path '/download'
+      c.download_dir  File.expand_path('../temp', File.dirname(__FILE__))
+      c.db_adapter    'sqlite3'
+      c.db_host       'localhost'
+      c.db_username   'root'
+      c.db_password   'secret'
+      c.db_database   'db.sqlite3'
+      c.pp_email      'paypal_biz@mailinator.com'
+      c.pp_url        'http://localhost'
+    end
+  end
+
+  def teardown
+    FileUtils.rm_rf(File.expand_path('../temp', File.dirname(__FILE__)))
+  end
+
+  private
+  def ebook_product
+    Boutique::Product.new(
+      :code => 'ebook',
+      :name => 'Ebook',
+      :files => [File.expand_path('../README.md', File.dirname(__FILE__))],
+      :price => 10.5,
+      :return_url => 'http://zincmade.com')
+  end
+end

data/test/model_test.rb

@@ -0,0 +1,67 @@
+require File.expand_path('helper', File.dirname(__FILE__))
+
+class ModelTest < BoutiqueTest
+  def test_purchase_create
+    product = ebook_product
+    product.save
+    count = Boutique::Purchase.count
+    purchase = Boutique::Purchase.create({})
+    product.purchases << purchase
+    product.save
+
+    assert_equal(count + 1, Boutique::Purchase.count)
+    assert_equal(0, purchase.counter)
+    assert_nil(purchase.transaction_id)
+    assert_nil(purchase.completed_at)
+    assert_nil(purchase.downloads)
+    refute_nil(purchase.secret)
+    refute(purchase.completed?)
+
+    purchase.complete('1', 'john@mailinator.com', 'John')
+    purchase.save
+    assert_equal('1', purchase.transaction_id)
+    refute_nil(purchase.completed_at)
+    assert(purchase.completed?)
+    assert_match(%r(/download/[^/]+/README.md), purchase.downloads[0])
+
+    old_download = purchase.downloads[0]
+    `rm #{Boutique.config.download_dir}#{old_download.sub(Boutique.config.download_path, '')}`
+    purchase.maybe_refresh_downloads!
+    refute_equal(old_download, purchase.downloads[0])
+
+    bid = purchase.boutique_id
+    assert_equal(purchase.id, bid.split('-')[0].to_i)
+    assert_equal(10, bid.split('-')[1].size)
+
+    form = purchase.paypal_form('http://localhost/notify')
+    assert_equal('http://localhost', form['action'])
+    assert_equal('_s-xclick', form['cmd'])
+    refute_nil(form['encrypted'])
+
+    json = JSON.parse(purchase.to_json)
+    assert_equal(purchase.id, json['id'])
+    assert_equal(2, json['counter'])
+    assert(json['completed'])
+    assert_equal('Ebook', json['name'])
+    assert_equal('ebook', json['code'])
+    refute_nil(json['downloads'])
+  end
+
+  def test_product_create
+    count = Boutique::Product.count
+    Boutique.product('icon-set') do |p|
+      p.name       'Icon Set'
+      p.files      [File.expand_path('../README.md', File.dirname(__FILE__))]
+      p.price      10.5
+      p.return_url 'http://zincmade.com'
+    end
+    assert_equal(count + 1, Boutique::Product.count)
+
+    set = Boutique::Product.first(:code => 'icon-set')
+    assert_equal('Icon Set', set.name)
+    assert_equal(File.expand_path('../README.md', File.dirname(__FILE__)), set.files[0])
+    assert_equal(10.5, set.price)
+    assert_equal('http://zincmade.com', set.return_url)
+    assert_equal(0, set.purchases.size)
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: boutique
 version: !ruby/object:Gem::Version
-  version: 0.0.1
+  version: 0.0.2
   prerelease: 
 platform: ruby
 authors:
@@ -9,11 +9,11 @@ authors:
 autorequire: 
 bindir: .
 cert_chain: []
-date: 2012-01-26 00:00:00.000000000 Z
+date: 2012-01-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: sinatra
-  requirement: &70112066891200 !ruby/object:Gem::Requirement
+  requirement: &70111143120740 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -21,10 +21,10 @@ dependencies:
         version: '0'
   type: :runtime
   prerelease: false
-  version_requirements: *70112066891200
+  version_requirements: *70111143120740
 - !ruby/object:Gem::Dependency
   name: minitest
-  requirement: &70112066876420 !ruby/object:Gem::Requirement
+  requirement: &70111143120020 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -32,10 +32,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70112066876420
+  version_requirements: *70111143120020
 - !ruby/object:Gem::Dependency
   name: shotgun
-  requirement: &70112066875860 !ruby/object:Gem::Requirement
+  requirement: &70111143119480 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -43,7 +43,7 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70112066875860
+  version_requirements: *70111143119480
 description: A Sinatra module which accepts payments via PayPal and gives customers
   a secret URL to download your product.
 email:
@@ -59,6 +59,9 @@ files:
 - boutique
 - lib/boutique.rb
 - test/app_test.rb
+- test/config_test.rb
+- test/helper.rb
+- test/model_test.rb
 - ./boutique
 homepage: https://github.com/hughbien/boutique
 licenses: []