digiwin_dsp 0.3.0 → 0.3.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6a72275c796b57bd858c4d7c5a67b7074e2738985ae92a9011836c0db9383321
-  data.tar.gz: 78db9041211bbc64cf7b9cb9cbfccb5f1dbef00efbfc4d5aa7b7a9e44d458f63
+  metadata.gz: 3cfde42cbd2b4448e9c5e4927e9ecb65f61ae19a46474154ae1349d73cd2461c
+  data.tar.gz: 6d35ad2fd9430c5440f626b15f3c98c9a8dd627c2732bb349bc355f6693d9de3
 SHA512:
-  metadata.gz: 82cc7dbb4ca9194b851ee1bdcd853fc6c084d13ae41d6d1c38ebefec8fba80be722bf40e77e332db7ef1e821aec8d8522358740bcd4531e21744fcb66844f9fa
-  data.tar.gz: ba67eb5115c8aa4d978b71f52c1ac063eb2643bdaccdfa30cb9ed3f3dfd1022b3378497c04cfc468d317a211453d983751ce2cfba635eeceb6d9e8c98044655c
+  metadata.gz: 95d2787c766fa0a316542b37d0b5620738e9dcff687562875698e5c1d0f3a3ffaaa2e93a81f24b34e0f6e27047a9c53d22e1368725879f36a6f48116b02f2b7c
+  data.tar.gz: c8f1b7781c06e3fa745d4e2a6770d7442dd443a38e10ca4ce6767b5aaa82bbf1016ef8aeb961922ebe9f41321d6702be561a1c82810223335a0a340c6f6eb27b

data/CHANGELOG.md

@@ -6,6 +6,27 @@ The format follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/), and
 
 ## [Unreleased]
 
+## [0.3.1] - 2026-06-12
+
+Hardening patch from a full gem + docs review. All fixes grounded in the vendor YAML specs.
+
+### Fixed
+
+- **TLS failures now raise `DigiwinDsp::NetworkError`.** `Faraday::SSLError` sits directly under `Faraday::Error` (not `ConnectionFailed`), so certificate problems previously leaked as raw Faraday exceptions that `rescue DigiwinDsp::Error` could not catch.
+- **Three more DSP failure messages classify into typed exceptions** instead of falling through to generic `Error`:
+  - `Shipped:訂單已出貨，不可取消` (DSPOOFFICIAL002) → `ValidationError` — permanent; the order left the warehouse
+  - `Processing:新增訂單處理中，不可取消` (DSPOOFFICIAL002) → `RateLimitError` — retryable once ERP processes the add
+  - `SalesNotCreate:銷貨單未成立` (DSPOOFFICIAL004) → `RateLimitError` — retryable once ERP converts the sales doc
+  Sidekiq/ActiveJob retry strategies can now distinguish "don't retry" from "retry later" on cancel and invoice flows.
+- **`Webhooks::Event.parse_json` / `.extract_request` are now private class methods.** They were internal helpers accidentally exposed on all three event classes.
+- **`WebhookSubscription` rejects non-`https://` callback addresses** at registration time. DSPOOFFICIAL100 mandates HTTPS callbacks, and with no HMAC signing a plaintext callback would be indefensible. (Previously the README claimed this was enforced when it wasn't.)
+
+### Docs
+
+- `dsp-api-spec.md`: corrected the e-invoice carrier field name — `Resources::Invoice` sends **`carrier_type`** (DSPOOFFICIAL004:164), not `carrier_code`. `carrier_code` is only on `Resources::Order` and the inbound webhook. Optional fields aren't validated client-side, so the wrong name silently drops carrier data.
+- `dsp-api-spec.md`: failure-message table now covers 002 (cancel) and 004 (invoice) sources, not just 001.
+- README: webhook security bullet now describes the actual https enforcement.
+
 ## [0.3.0] - 2026-05-28
 
 DSP webhook support (DSPOOFFICIAL100). Lets a Rails app register a callback URL with DSP, then receive and parse the three documented ERP-originated push events: inventory updates, shipping/logistics status, and invoice issuance.
@@ -205,7 +226,8 @@ Initial release. Covers the four Self-hosted Website Module (自有官網模組)
 - The gem is **synchronous on purpose**. Callers wrap requests in their own background job runner (e.g. ActiveJob) when needed.
 - Idempotency: clients can send `X-Idempotency-Key` via the `idempotency_key:` kwarg. DSP also dedupes server-side by `form_no + platform_id`.
 
-[Unreleased]: https://github.com/7a6163/digiwin_dsp/compare/v0.3.0...HEAD
+[Unreleased]: https://github.com/7a6163/digiwin_dsp/compare/v0.3.1...HEAD
+[0.3.1]: https://github.com/7a6163/digiwin_dsp/compare/v0.3.0...v0.3.1
 [0.3.0]: https://github.com/7a6163/digiwin_dsp/compare/v0.2.4...v0.3.0
 [0.2.4]: https://github.com/7a6163/digiwin_dsp/compare/v0.2.3...v0.2.4
 [0.2.3]: https://github.com/7a6163/digiwin_dsp/compare/v0.2.2...v0.2.3

data/README.md

@@ -213,7 +213,7 @@ end
 ```
 
 > ⚠️ **DSP does NOT sign inbound webhooks.** There is no HMAC header. Defend the callback endpoint with:
-> - HTTPS-only (the gem's `address` validation requires this implicitly via `allowed_hosts` if you register through it)
+> - HTTPS-only — `WebhookSubscription` rejects non-`https://` addresses at registration time (DSP's own spec mandates HTTPS callbacks)
 > - An unguessable URL path (treat it as a secret)
 > - An IP allowlist for DSP's egress range if your network team can get one
 > - Replying `200 OK` within 30 seconds (DSP will retry and may eventually block your endpoint if too many calls fail)

data/lib/digiwin_dsp/client.rb

@@ -33,6 +33,9 @@ module DigiwinDsp
       [/Duplicated:/, DuplicateRequestError], # order already exists
       [/Processing:資料處理中/, RateLimitError], # transient; retry later
       [/Processing:取消訂單處理中/, ValidationError], # cancel in flight
+      [/Processing:新增訂單處理中/, RateLimitError], # add in flight; cancel retryable after ERP processes (002)
+      [/Shipped:/, ValidationError], # already shipped — cancel permanently impossible (002)
+      [/SalesNotCreate:/, RateLimitError], # ERP hasn't converted sales doc yet; invoice retryable (004)
       [/WrongStatus:/, ValidationError], # bad payload
       [/系統異常:/, ServerError] # DSP internal error
     ].freeze
@@ -52,7 +55,10 @@ module DigiwinDsp
         req.body = body
       end
       handle_response(response)
-    rescue Faraday::ConnectionFailed, Faraday::TimeoutError => e
+    rescue Faraday::ConnectionFailed, Faraday::TimeoutError, Faraday::SSLError => e
+      # SSLError sits directly under Faraday::Error (not ConnectionFailed),
+      # so it needs an explicit entry — otherwise TLS failures leak as raw
+      # Faraday exceptions that `rescue DigiwinDsp::Error` won't catch.
       raise NetworkError, e.message
     end
 

data/lib/digiwin_dsp/resources/webhook_subscription.rb

@@ -43,6 +43,11 @@ module DigiwinDsp
                 "action must be one of #{ACTIONS.inspect} (got #{action.inspect})"
         end
         raise DigiwinDsp::ValidationError, "address is required" if address.nil? || address.to_s.empty?
+
+        # DSPOOFFICIAL100 mandates HTTPS for the callback ("必須在 30 秒內以
+        # HTTPS 回應") — and with no HMAC signing, a plaintext callback URL
+        # would be indefensible anyway.
+        raise DigiwinDsp::ValidationError, "address must be an https:// URL (got #{address.inspect})" unless address.start_with?("https://")
         return unless address.length > ADDRESS_MAX_LENGTH
 
         raise DigiwinDsp::ValidationError,

data/lib/digiwin_dsp/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module DigiwinDsp
-  VERSION = "0.3.0"
+  VERSION = "0.3.1"
 end

data/lib/digiwin_dsp/webhooks/event.rb

@@ -30,6 +30,8 @@ module DigiwinDsp
           raise(ParseError, "envelope missing digi_body.std_data.parameter.request")
       end
 
+      private_class_method :parse_json, :extract_request
+
       def initialize(digi_header:, request:, raw:)
         @digi_header = digi_header
         @request = request

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: digiwin_dsp
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 0.3.1
 platform: ruby
 authors:
 - Zac
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2026-05-28 00:00:00.000000000 Z
+date: 2026-06-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday