candy_check 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 84e1244d6bb30895e3ee8ca24c694c906f75594b
+  data.tar.gz: ffb09d52c05badfde0b6e6b4de556d35c6424eaa
+SHA512:
+  metadata.gz: fb4c732e8cf98ddd4c1678a817ce73e4a3301b42aff1482829cdfd6d010e2c015125c28fcdbf74b31b9e141a57f7788ad208282b9a15a9a12a832a1b3a86fa9c
+  data.tar.gz: ae4c8f3878780f0610107f154e46962892472dee8ede6f7d10a84cc6efc53418bb0377a635dc58b827336b52340871ca7d0e2fdaf6071df919da6f24a2587fd1

data/.gitignore

@@ -0,0 +1,5 @@
+/Gemfile.lock
+/pkg/
+/coverage/
+.yardoc
+doc

data/.rubocop.yml

@@ -0,0 +1,6 @@
+AllCops:
+  Exclude:
+    - 'spec/support/*'
+    - 'bin/*'
+Style/Documentation:
+  Enabled: false

data/.ruby-version

@@ -0,0 +1 @@
+2.1.5

data/.travis.yml

@@ -0,0 +1,16 @@
+language: ruby
+sudo: false
+rvm:
+  - '2.2'
+  - '2.1'
+  - '2.0'
+  - '1.9.3'
+  - ruby-head
+  - rbx-2
+  - jruby-19mode
+  - jruby-head
+matrix:
+  allow_failures:
+    - rvm: ruby-head
+    - rvm: jruby-head
+  fast_finish: true

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in candy_check.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2015 Jonas Thiel
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,157 @@
+# candy_check
+
+[![Gem Version](https://badge.fury.io/rb/candy_check.svg)](http://badge.fury.io/rb/candy_check)
+[![Build Status](https://travis-ci.org/jnbt/candy_check.svg?branch=master)](https://travis-ci.org/jnbt/candy_check)
+[![Coverage Status](https://coveralls.io/repos/jnbt/candy_check/badge.svg?branch=master)](https://coveralls.io/r/jnbt/candy_check?branch=master)
+[![Inline docs](http://inch-ci.org/github/jnbt/candy_check.svg?branch=master)](http://inch-ci.org/github/jnbt/candy_check)
+[![Yard Docs](http://img.shields.io/badge/yard-docs-blue.svg?style=flat)](http://www.rubydoc.info/github/jnbt/candy_check/master)
+
+Check and verify in-app receipts from the AppStore and the PlayStore.
+
+## Installation
+
+```Bash
+gem install candy_check
+```
+
+## Introduction
+
+This gem tries to simplify the process of server-side in-app purchase validation for Apple's AppStore and
+Google's PlayStore.
+
+### AppStore
+
+If you have set up an iOS app and it's in-app items correctly and the in-app store is working your app should receive a
+`SKPaymentTransaction`. Currently this gem assumes that you use the old [`transactionReceipt`](https://developer.apple.com/library/ios/documentation/StoreKit/Reference/SKPaymentTransaction_Class/index.html#//apple_ref/occ/instp/SKPaymentTransaction/transactionReceipt) 
+which is returned per transaction. The `transactionReceipt` is a base64 encoded binary blob which you should send to your 
+server for the validation process.
+
+To validate a receipt one normally has to choose between the two different endpoints "production" and "sandbox" which are provided from 
+[Apple](https://developer.apple.com/library/ios/releasenotes/General/ValidateAppStoreReceipt/Chapters/ValidateRemotely.html#//apple_ref/doc/uid/TP40010573-CH104-SW1). 
+During development your app gets receipts from the sandbox while when released from the production system. A special case is the
+review process because the review team uses the release version of your app but processes payment against the sandbox.
+Only for receipts that contain auto-renewable subscriptions you need your app's shared secret (a hexadecimal string),
+
+Please keep in mind that you have to use test user account from the iTunes connect portal to test in-app purchases during
+your app's development.
+
+### PlayStore
+
+Google's PlayStore has different kind of server-to-server API to check purchases and requires that you register a so
+called "[service account](https://developers.google.com/accounts/docs/OAuth2ServiceAccount)". You have to register a 
+new account by yourself, export the generated certificate file and grant the correct permissions to the account for
+your app using the [Google Developer Console](https://console.developers.google.com).
+
+Further more this gem uses the [official Ruby SDK](https://github.com/google/google-api-ruby-client) for the API interactions
+which suggest to use a locally cached service discovery. If you don't omit the `cache_file` configuration this is done
+automatically.
+
+If you have set up the Android app correctly you should get a [`purchaseToken`](http://developer.android.com/google/play/billing/billing_reference.html#getBuyIntent) per purchased item. You should use this string in combination with `packageName` and `productId`
+to verify the purchase.
+
+## Usage
+
+### AppStore
+
+First you should initialize a verifier instance for your application:
+
+```ruby
+config = CandyCheck::AppStore::Config.new(
+  environment: :production # or :sandbox
+)
+verifier = CandyCheck::AppStore::Verifier.new(config)
+```
+
+For the AppStore the client should deliver a base64 encoded receipt data string
+which can be verified by using the following call:
+
+```ruby
+verifier.verify(your_receipt_data) # => Receipt or VerificationFailure
+# or by using a shared secret for subscriptions
+verifier.verify(your_receipt_data, your_secret)
+```
+
+Please see the class documenations [`CandyCheck::AppStore::Receipt`](http://www.rubydoc.info/github/jnbt/candy_check/master/CandyCheck/AppStore/Receipt) and [`CandyCheck::AppStore::VerificationFailure`](http://www.rubydoc.info/github/jnbt/candy_check/master/CandyCheck/AppStore/VerificationFailure) for further details about the responses.
+
+### PlayStore
+
+First initialize and **boot** a verifier instance for your application. This loads the API discovery and 
+fetches the needed OAuth access token. When configuring a `cache_file` the discovery is loaded (or dumped) to 
+this file:
+
+```ruby
+config = CandyCheck::PlayStore::Config.new(
+  application_name: 'YourApplication',
+  application_version: '1.0',
+  issuer: 'abcdefg@developer.gserviceaccount.com',
+  key_file: 'local/google.p12',
+  key_secret: 'notasecret',
+  cache_file: 'tmp/candy_check_play_store_cache'
+)
+verifier = CandyCheck::PlayStore::Verifier.new(config)
+verifier.boot!
+```
+
+For the PlayStore your client should deliver the purchases token, package name and product id:
+
+```ruby
+verifier.verify(package, product_id, token) # => Receipt or VerificationFailure
+```
+
+Please see the class documenations [`CandyCheck::PlayStore::Receipt`](http://www.rubydoc.info/github/jnbt/candy_check/master/CandyCheck/PlayStore/Receipt) and [`CandyCheck::PlayStore::VerificationFailure`](http://www.rubydoc.info/github/jnbt/candy_check/master/CandyCheck/PlayStore/VerificationFailure) for further details about the responses.
+
+## CLI
+
+This gem ships with two executables to verify in-app purchases directly from your terminal:
+
+### AppStore
+
+You only need to specify the base64 encoded receipt:
+
+```bash
+$ cc_appstore --receipt YOUR_RECEIPT_STRING
+```
+
+See all options:
+
+```bash
+$ cc_appstore --help
+```
+
+### PlayStore
+
+For the PlayStore you need to specify at least the issuer, the key file, your package name, the product and the actual
+purchase token:
+
+```bash
+$ cc_playstore --issuer ISSUER_EMAIL --key-file KEY_FILE \ 
+               --package PACKAGE_NAME --product-id PRODUCT_ID --token PURCHASE_TOKEN
+```
+
+See all options:
+
+```bash
+$ cc_playstore --help
+```
+
+
+## Todos
+
+* Allow using the combined StoreKit receipt data
+* Find a ways to run integration tests
+
+## Bugs and Issues
+
+Please submit them here https://github.com/jnbt/candy_check/issues
+
+## Test
+
+Simple run
+
+```Bash
+rake
+```
+
+## Copyright
+
+Copyright © 2015 Jonas Thiel. See LICENSE.txt for details.

data/Rakefile

@@ -0,0 +1,15 @@
+#!/usr/bin/env rake
+
+require 'bundler/gem_tasks'
+require 'rake/testtask'
+require 'rubocop/rake_task'
+
+Rake::TestTask.new(:spec) do |test|
+  test.test_files = FileList['spec/**/*_spec.rb']
+  test.libs << 'spec'
+  test.verbose = true
+end
+
+RuboCop::RakeTask.new
+
+task default: [:spec, :rubocop]

data/bin/cc_appstore

@@ -0,0 +1,90 @@
+#!/usr/bin/env ruby
+
+require 'bundler/setup'
+require 'optparse'
+require 'ostruct'
+require 'pp'
+require 'candy_check'
+
+class InputParser
+  attr_reader :config, :secret, :receipt
+
+  def initialize
+    @config = {
+      environment: :production
+    }
+    configure!
+  end
+
+  def parse!(args)
+    @parser.parse!(args)
+    help! unless @receipt
+  end
+
+  private
+
+  def configure!
+    @parser = OptionParser.new do |opts|
+      @opts = opts
+      opts.banner = 'Usage cc_appstore [options]'
+      opts.separator ''
+      opts.separator 'Required options:'
+
+      opts.on('-r', '--receipt RECEIPT', 'a base64 encoded receipt data string') do |v|
+        @receipt = v
+      end
+      opts.separator ''
+      opts.separator 'Optional options:'
+      opts.on('-e', '--environment ENVIRONMENT', 'production (default) or sandbox') do |v|
+        config[:environment] = v.to_sym
+      end
+      opts.on('-s', '--secret SECRET', 'shared secret for auto-renewable subscriptions') do |v|
+        @secret = v
+      end
+      opts.separator ''
+      opts.separator 'Further functions:'
+      opts.on_tail('-v', '--version', 'Show version') do
+        puts CandyCheck::VERSION
+        exit
+      end
+      opts.on_tail('-h', '--help', 'Show help') do
+        help!
+      end
+    end
+  end
+
+  def help!
+    puts @opts
+    exit
+  end
+end
+
+class App
+  attr_reader :input
+
+  def initialize
+    @input = InputParser.new
+    load_config
+    perform
+  end
+
+  private
+
+  def load_config
+    input.parse!(ARGV)
+  end
+
+  def perform
+    config   = CandyCheck::AppStore::Config.new(input.config)
+    puts 'Configuration'
+    pp config
+    puts
+    verifier = CandyCheck::AppStore::Verifier.new(config)
+    result   = verifier.verify(input.receipt, input.secret)
+    puts
+    puts "#{result.class}:"
+    pp result
+  end
+end
+
+App.new

data/bin/cc_playstore

@@ -0,0 +1,119 @@
+#!/usr/bin/env ruby
+
+require 'bundler/setup'
+require 'optparse'
+require 'ostruct'
+require 'pp'
+require 'candy_check'
+
+class InputParser
+  attr_reader :config, :package, :product_id, :token
+
+  def initialize
+    @config = {
+      application_name: 'CandyCheck',
+      application_version: version,
+      key_secret: 'notasecret'
+    }
+    configure!
+  end
+
+  def parse!(args)
+    @parser.parse!(args)
+    help! unless @package && @product_id && @token
+  end
+
+  private
+
+  def configure!
+    @parser = OptionParser.new do |opts|
+      @opts = opts
+      opts.banner = 'Usage cc_playstore [options]'
+      opts.separator ''
+      opts.separator 'Required options:'
+
+      opts.on('-e', '--issuer ISSUER', 'your service account\'s email') do |v|
+        config[:issuer] = v
+      end
+      opts.on('-k', '--key-file KEY_FILE', 'the key file to use') do |v|
+        config[:key_file] = v
+      end
+      opts.on('-p', '--package NAME', 'your app\'s package name') do |v|
+        @package = v
+      end
+      opts.on('-i', '--product-id ID', 'your product\'s id') do |v|
+        @product_id = v
+      end
+      opts.on('-t', '--token TOKEN', 'your the purchase token') do |v|
+        @token = v
+      end
+      opts.separator ''
+      opts.separator 'Optional options:'
+      opts.on('-s', '--secret SECRET', 'the secret to decrypt the key file, defaults to \'notasecret\'') do |v|
+        config[:key_secret] = v
+      end
+      opts.on('-a', '--app-name NAME', 'your application\'s name, default to \'CandyCheck\'') do |v|
+        config[:application_name] = v
+      end
+      opts.on('-r', '--app-version VERSION', "your application's version, default to '#{version}'") do |v|
+        config[:application_version] = v
+      end
+      opts.separator ''
+      opts.separator 'Further functions:'
+      opts.on_tail('-v', '--version', 'Show version') do
+        puts version
+        exit
+      end
+      opts.on_tail('-h', '--help', 'Show help') do
+        help!
+      end
+    end
+  end
+
+  def help!
+    puts @opts
+    exit
+  end
+
+  def version
+    CandyCheck::VERSION
+  end
+end
+
+class App
+  attr_reader :input
+
+  def initialize
+    @input = InputParser.new
+    load_config
+    perform
+  end
+
+  private
+
+  def load_config
+    input.parse!(ARGV)
+  end
+
+  def perform
+    puts "Package: #{input.package}"
+    puts "Product: #{input.product_id}"
+    puts "Token:   #{input.token}"
+    puts
+    config   = CandyCheck::PlayStore::Config.new(input.config)
+    puts 'Configuration'
+    pp config
+    puts
+    verifier = CandyCheck::PlayStore::Verifier.new(config)
+    puts 'Booting'
+    verifier.boot!
+    puts '-> done'
+    puts
+    result = verifier.verify(input.package, input.product_id, input.token)
+    puts
+    puts "#{result.class}:"
+    pp result
+  end
+end
+
+App.new