disco_app 0.12.5

data/app/models/disco_app/concerns/renders_assets.rb

@@ -0,0 +1,166 @@
+require 'render_anywhere'
+require 'uglifier'
+
+module DiscoApp::Concerns::RendersAssets
+  extend ActiveSupport::Concern
+
+  included do
+    include RenderAnywhere
+    after_commit :queue_render_asset_group_job
+  end
+
+  class_methods do
+
+    # Ruby "macro" that allows the definition of a number of Shopify assets that
+    # should be rendered and uploaded when certain attributes on the including
+    # class change. This assumes that the including class (1) is an ActiveRecord
+    # model that supports an `after_commit` callback; and (2) that the model has
+    # a `shop` method (or attribute) that references the DiscoApp::Shop instance
+    # associated with the current model.
+    #
+    # Options
+    #
+    #   assets:           Required. A list of asset templates to be rendered and
+    #                     uploaded to Shopify. The order of assets matters only
+    #                     in that subsequent asset templates will have access to
+    #                     the public CDN url of earlier-rendered assets through
+    #                     a "@public_urls" context variable.
+    #
+    #   triggered_by:     Optional. A list of attributes that should trigger the
+    #                     re-rendering and upload of the assets defined by the
+    #                     `assets` option, provided as a list of string. If
+    #                     empty or nil, nothing will be triggered.
+    #
+    #   script_tags:      Optional. A list of assets that should have script
+    #                     tags created or updated after being rendered to the
+    #                     storefront.
+    #
+    #   minify:           Optional. Whether Javascript assets should be minified
+    #                     after being rendered. Defaults to true in production
+    #                     environments, false otherwise. Note that stylesheet
+    #                     assets, when uploaded as .scss files, are
+    #                     automatically minified by Shopify, so we don't need to
+    #                     do it on our end.
+    #
+    def renders_assets(*asset_groups)
+      options = asset_groups.last.is_a?(Hash) ? asset_groups.pop : {}
+      options = renders_assets_default_options.merge(options)
+
+      # Ensure assets, triggered by and script tag options are arrays.
+      options[:assets] = options[:assets] ? Array(options[:assets]).map(&:to_sym) : []
+      options[:triggered_by] = options[:triggered_by] ? Array(options[:triggered_by]).map(&:to_s) : []
+      options[:script_tags] = options[:script_tags] ? Array(options[:script_tags]).map(&:to_sym) : []
+
+      asset_groups.each do |asset_group|
+        renderable_asset_groups[asset_group.to_sym] = options
+      end
+    end
+
+    # Return a list of renderable asset groups, along with their options.
+    def renderable_asset_groups
+      @renderable_asset_groups ||= {}
+    end
+
+    # Return the default options for the `renders_assets` macro.
+    def renders_assets_default_options
+      {
+        assets: nil,
+        triggered_by: nil,
+        script_tags: nil,
+        minify: Rails.env.production?
+      }
+    end
+
+  end
+
+  # Callback, triggered after a model save. Iterates through each asset group
+  # defined on the model and queues a render job if any of the changed
+  # attributes are found in the asset group's triggered_by list.
+  def queue_render_asset_group_job
+    renderable_asset_groups.each do |asset_group, options|
+      unless (previous_changes.keys & options[:triggered_by]).empty?
+        DiscoApp::RenderAssetGroupJob.perform_later(shop, self, asset_group.to_s)
+      end
+    end
+  end
+
+  # Copies the class-level hash of assets with symbol asset name as keys and
+  # their corresponding options as values to the instance.
+  def renderable_asset_groups
+    @renderable_asset_groups ||= self.class.renderable_asset_groups.dup
+  end
+
+  # Render the specified asset group and upload the result to Shopify.
+  def render_asset_group(asset_group)
+    options = renderable_asset_groups[asset_group]
+    public_urls = {}.with_indifferent_access
+
+    options[:assets].each do |asset|
+      # Create/replace the asset via the Shopify API.
+      shopify_asset = shop.with_api_context {
+        ShopifyAPI::Asset.create(
+          key: asset,
+          value: render_asset_group_asset(asset, public_urls, options)
+        )
+      }
+
+      # Store the public URL to this asset, so that we're able to use it in
+      # subsequent template renders. Adds a .css suffix to .scss assets, so that
+      # we use the Shopify-compiled version of any SCSS stylesheets.
+      if shopify_asset.public_url.present?
+        public_urls[asset] = shopify_asset.public_url.gsub(/\.scss\?/, '.scss.css?')
+      end
+    end
+
+    # If we specified the creation of any script tags based on newly rendered
+    # assets, do that now.
+    unless options[:script_tags].empty?
+      render_asset_script_tags(options, public_urls)
+    end
+  end
+
+  private
+
+    # Render an individual asset within an asset group.
+    def render_asset_group_asset(asset, public_urls, options)
+      rendered_asset = render_asset_renderer.render_to_string(
+        template: asset,
+        layout: nil,
+        locals: {
+          :"@#{self.class.name.underscore}" => self,
+          :@public_urls => public_urls
+        }
+      )
+
+      if should_be_minified?(asset, options)
+        ::Uglifier.compile(rendered_asset)
+      else
+        rendered_asset
+      end
+    end
+
+    # Return true if the given asset should be minified with Uglifier.
+    def should_be_minified?(asset, options)
+      asset.to_s.end_with?('.js') and options[:minify]
+    end
+
+    def render_asset_renderer
+      @render_asset_renderer ||= self.class.const_get('RenderingController').new
+    end
+
+    # Render any script tags defined by the :script_tags options that we have
+    # a public URL for.
+    def render_asset_script_tags(options, public_urls)
+      # Fetch the current set of script tags for the store.
+      current_script_tags = shop.with_api_context { ShopifyAPI::ScriptTag.find(:all) }
+
+      # Iterate each script tag for which we have a known public URL and create
+      # or update the corresponding script tag resource.
+      public_urls.slice(*options[:script_tags]).each do |asset, public_url|
+        script_tag = current_script_tags.find(lambda { ShopifyAPI::ScriptTag.new(event: 'onload') }) { |script_tag| script_tag.src.include?("#{asset}?") }
+        script_tag.src = public_url
+        shop.with_api_context { script_tag.save }
+      end
+    end
+
+end

data/app/models/disco_app/concerns/shop.rb

@@ -0,0 +1,96 @@
+module DiscoApp::Concerns::Shop
+  extend ActiveSupport::Concern
+
+  included do
+    include ShopifyApp::Shop
+    include ActionView::Helpers::DateHelper
+
+    # Define relationships to plans and subscriptions.
+    has_many :subscriptions
+    has_many :plans, through: :subscriptions
+
+    # Define relationship to sessions.
+    has_many :sessions, class_name: 'DiscoApp::Session', dependent: :destroy
+
+    # Define possible installation statuses as an enum.
+    enum status: [:never_installed, :awaiting_install, :installing, :installed, :awaiting_uninstall, :uninstalling, :uninstalled]
+
+    # Define some useful scopes.
+    scope :status, -> (status) { where status: status }
+    scope :installed, -> { where status: statuses[:installed] }
+    scope :has_active_shopify_plan, -> { where.not(plan_name: [:cancelled, :frozen, :fraudulent]) }
+
+    # Alias 'with_shopify_session' as 'with_api_context' for better readability, but also as 'temp' for
+    # backward compatibility.
+    alias_method :with_api_context, :with_shopify_session
+    alias_method :temp, :with_shopify_session
+
+    # Return true if the shop is considered as in development mode.
+    def development?
+      ['staff', 'custom', 'affiliate'].include?(plan_name)
+    end
+
+    # Convenience method to check if this shop has a current subscription.
+    def current_subscription?
+      current_subscription.present?
+    end
+
+    # Convenience method to get the current subscription for this shop, if any.
+    def current_subscription
+      subscriptions.current.first
+    end
+
+    # Convenience method to get the current plan for this shop, if any.
+    def current_plan
+      current_subscription&.plan
+    end
+
+    # Return the absolute URL to the shop's storefront.
+    def url
+      "#{protocol}://#{domain}"
+    end
+
+    # Return the protocol the shop's storefront uses. This should now always be
+    # https as all Shopify stores have SSL enabled.
+    def protocol
+      'https'
+    end
+
+    # Return the absolute URL to the shop's admin.
+    def admin_url
+      "https://#{shopify_domain}/admin"
+    end
+
+    # Convenience method to get the email of the shop's admin, to display in Rollbar.
+    def email
+      self.data['email']
+    end
+
+    def installed_duration
+      distance_of_time_in_words_to_now(created_at.time)
+    end
+
+    # Return the shop's configured timezone. If none can be parsed from the
+    # shop's "data" hash, return the default Rails zone (which should be UTC).
+    def time_zone
+      @time_zone ||= begin
+        Time.find_zone!(data['timezone'].to_s.gsub(/^\(.+\)\s/, ''))
+      rescue ArgumentError
+        Time.zone
+      end
+    end
+
+    # Return the shop's configured locale as a symbol. If none exists for some
+    # reason, 'en' is returned.
+    def locale
+      (data['primary_locale'] || 'en').to_sym
+    end
+
+    # Return an instance of the Disco API client.
+    def disco_api_client
+      @api_client ||= DiscoApp::ApiClient.new(self, ENV['DISCO_API_URL'])
+    end
+
+  end
+
+end

data/app/models/disco_app/concerns/subscription.rb

@@ -0,0 +1,66 @@
+module DiscoApp::Concerns::Subscription
+  extend ActiveSupport::Concern
+
+  included do
+
+    belongs_to :shop
+    belongs_to :plan
+    belongs_to :plan_code
+
+    has_many :one_time_charges, class_name: 'DiscoApp::ApplicationCharge', dependent: :destroy
+    has_many :recurring_charges, class_name: 'DiscoApp::RecurringApplicationCharge', dependent: :destroy
+
+    enum status: [:trial, :active, :cancelled]
+    enum subscription_type: [:recurring, :one_time]
+
+    scope :current, -> { where status: [statuses[:trial], statuses[:active]] }
+
+    after_commit :cancel_charge
+
+  end
+
+  # Only require an active charge if the amount to be charged is > 0.
+  def requires_active_charge?
+    amount > 0
+  end
+
+  # Convenience method to check if this subscription has an active charge.
+  def active_charge?
+    active_charge.present?
+  end
+
+  # Convenience method to get the active charge for this subscription.
+  def active_charge
+    charges.active.first
+  end
+
+  # Return the appropriate set of charges for this subscription's type.
+  def charges
+    recurring? ? recurring_charges : one_time_charges
+  end
+
+  def charge_class
+    recurring? ? DiscoApp::RecurringApplicationCharge : DiscoApp::ApplicationCharge
+  end
+
+  def shopify_charge_class
+    recurring? ? ShopifyAPI::RecurringApplicationCharge : ShopifyAPI::ApplicationCharge
+  end
+
+  def as_json(options = {})
+    super.merge(
+      'active_charge' => active_charge
+    )
+  end
+
+  private
+
+    # If the amount or trial period for this subscription changes, clear any
+    # active charge, as the user will need to re-authorize the charge.
+    def cancel_charge
+      return if (previous_changes.keys & ['amount', 'trial_period_days']).empty?
+      return unless active_charge?
+      active_charge.cancelled!
+    end
+
+end

data/app/models/disco_app/concerns/synchronises.rb

@@ -0,0 +1,58 @@
+module DiscoApp::Concerns::Synchronises
+  extend ActiveSupport::Concern
+
+  class_methods do
+
+    # Define the number of resources per page to fetch.
+    SYNCHRONISES_PAGE_LIMIT = 250
+
+    def should_synchronise?(shop, data)
+      true
+    end
+
+    def synchronise_by(shop, data)
+      { id: data[:id] }
+    end
+
+    def synchronise(shop, data)
+      data = data.with_indifferent_access
+
+      return unless should_synchronise?(shop, data)
+
+      begin
+        instance = self.find_or_create_by!(self.synchronise_by(shop, data)) do |instance|
+          instance.shop = shop
+          instance.data = data
+        end
+      rescue ActiveRecord::RecordNotUnique, PG::UniqueViolation
+        retry
+      end
+
+      instance.update(data: data)
+
+      instance
+    end
+
+    def should_synchronise_deletion?(shop, data)
+      true
+    end
+
+    def synchronise_deletion(shop, data)
+      data = data.with_indifferent_access
+
+      return unless should_synchronise_deletion?(shop, data)
+
+      self.destroy_all(shop: shop, id: data[:id])
+    end
+
+    def synchronise_all(shop, params = {})
+      resource_count = shop.with_api_context { self::SHOPIFY_API_CLASS.count(params) }
+
+      (1..(resource_count / SYNCHRONISES_PAGE_LIMIT.to_f).ceil).each do |page|
+        DiscoApp::SynchroniseResourcesJob.perform_later(shop, self.name, params.merge(page: page, limit: SYNCHRONISES_PAGE_LIMIT))
+      end
+    end
+
+  end
+
+end

data/app/models/disco_app/concerns/taggable.rb

@@ -0,0 +1,16 @@
+module DiscoApp::Concerns::Taggable
+  extend ActiveSupport::Concern
+
+  def tags
+    data['tags'].split(',').map(&:strip)
+  end
+
+  def add_tag(tag)
+    data['tags'] = (tags + [tag]).uniq.join(',')
+  end
+
+  def remove_tag(tag)
+    data['tags'] = (tags - [tag]).uniq.join(',')
+  end
+
+end

data/app/models/disco_app/plan.rb

@@ -0,0 +1,3 @@
+class DiscoApp::Plan < ActiveRecord::Base
+  include DiscoApp::Concerns::Plan
+end

data/app/models/disco_app/plan_code.rb

@@ -0,0 +1,3 @@
+class DiscoApp::PlanCode < ActiveRecord::Base
+  include DiscoApp::Concerns::PlanCode
+end

data/app/models/disco_app/recurring_application_charge.rb

@@ -0,0 +1,18 @@
+class DiscoApp::RecurringApplicationCharge < ActiveRecord::Base
+
+  belongs_to :shop
+  belongs_to :subscription
+
+  enum status: [:pending, :accepted, :declined, :active, :cancelled, :expired]
+
+  scope :active, -> { where status: statuses[:active] }
+
+  def recurring?
+    true
+  end
+
+  def activate_url
+    DiscoApp::Engine.routes.url_helpers.activate_subscription_charge_url(subscription, self)
+  end
+
+end

data/app/models/disco_app/session_storage.rb

@@ -0,0 +1,18 @@
+module DiscoApp
+  class SessionStorage
+    def self.store(session)
+      shop = Shop.find_or_initialize_by(shopify_domain: session.url)
+      shop.shopify_token = session.token
+      shop.save!
+      shop.id
+    end
+
+    def self.retrieve(id)
+      return unless id
+      shop = Shop.find(id)
+      ShopifyAPI::Session.new(shop.shopify_domain, shop.shopify_token)
+    rescue ActiveRecord::RecordNotFound
+      nil
+    end
+  end
+end

data/app/models/disco_app/shop.rb

@@ -0,0 +1,3 @@
+class DiscoApp::Shop < ActiveRecord::Base
+  include DiscoApp::Concerns::Shop
+end

data/app/models/disco_app/subscription.rb

@@ -0,0 +1,3 @@
+class DiscoApp::Subscription < ActiveRecord::Base
+  include DiscoApp::Concerns::Subscription
+end

data/app/resources/disco_app/admin/resources/concerns/shop_resource.rb

@@ -0,0 +1,100 @@
+require 'jsonapi/resource'
+
+module DiscoApp::Admin::Resources::Concerns::ShopResource
+  extend ActiveSupport::Concern
+
+  included do
+
+    attributes :domain, :status, :created_at
+    attributes :email, :country_name, :currency, :plan_display_name
+    attributes :current_subscription_id, :current_subscription_display_amount, :current_subscription_display_plan, :current_subscription_display_plan_code, :current_subscription_source
+    attributes :installed_duration
+
+    model_name 'DiscoApp::Shop'
+
+    filters :query, :status
+
+    # Adjust the base records method to ensure only models for the authenticated domain are retrieved.
+    def self.records(options = {})
+      records = DiscoApp::Shop.order(created_at: :desc)
+      records
+    end
+
+    # Apply filters.
+    def self.apply_filter(records, filter, value, options)
+      return records if value.blank?
+
+      # Perform appropriate filtering.
+      case filter
+        when :query
+          return records.where('name LIKE ? OR shopify_domain LIKE ? OR domain LIKE ?', "%#{value.first}%", "%#{value.first}%", "%#{value.first}%")
+        when :status
+          return records.where(status: value.map { |v| DiscoApp::Shop.statuses[v.to_sym] } )
+        else
+          return super(records, filter, value)
+      end
+    end
+
+    # Don't allow the update of any fields via the API.
+    def self.updatable_fields(context)
+      []
+    end
+
+    # Don't allow the creation of any fields via the API.
+    def self.creatable_fields(context)
+      []
+    end
+
+    def email
+      @model.data['email']
+    end
+
+    def country_name
+      @model.data['country_name']
+    end
+
+    def currency
+      @model.data['currency']
+    end
+
+    def plan_display_name
+      @model.data['plan_display_name']
+    end
+
+    def current_subscription_id
+      if @model.current_subscription?
+        @model.current_subscription.id
+      end
+    end
+
+    def current_subscription_display_amount
+      if @model.current_subscription?
+        @model.current_subscription.amount
+      else
+        '-'
+      end
+    end
+
+    def current_subscription_display_plan
+      if @model.current_subscription?
+        @model.current_plan.name
+      else
+        'None'
+      end
+    end
+
+    def current_subscription_display_plan_code
+      @model.current_subscription&.plan_code&.code
+    end
+
+    def current_subscription_source
+      if @model.current_subscription?
+        @model.current_subscription.source || '-'
+      else
+        '-'
+      end
+    end
+
+  end
+
+end

data/app/resources/disco_app/admin/resources/shop_resource.rb

@@ -0,0 +1,4 @@
+class DiscoApp::Admin::Resources::ShopResource < JSONAPI::Resource
+  include DiscoApp::Admin::Resources::Concerns::ShopResource
+
+end

data/app/services/disco_app/carrier_request_service.rb

@@ -0,0 +1,15 @@
+class DiscoApp::CarrierRequestService
+
+  # Return true iff the provided hmac_to_verify matches that calculated from the
+  # given data and secret.
+  def self.is_valid_hmac?(body, secret, hmac_to_verify)
+    ActiveSupport::SecurityUtils.secure_compare(self.calculated_hmac(body, secret), hmac_to_verify.to_s)
+  end
+
+  # Calculate the HMAC for the given data and secret.
+  def self.calculated_hmac(body, secret)
+    digest  = OpenSSL::Digest.new('sha256')
+    Base64.encode64(OpenSSL::HMAC.digest(digest, secret, body)).strip
+  end
+
+end

data/app/services/disco_app/charges_service.rb

@@ -0,0 +1,81 @@
+class DiscoApp::ChargesService
+
+  # Create the appropriate type of Shopify charge for the given subscription
+  # (either one-time or recurring) and return.
+  def self.create(shop, subscription)
+    # Create the charge object locally first.
+    charge = subscription.charge_class.create!(
+      shop: shop,
+      subscription: subscription,
+    )
+
+    # Create the charge object on Shopify.
+    shopify_charge = shop.with_api_context {
+      subscription.shopify_charge_class.create(
+        name: subscription.plan.name,
+        price: '%.2f' % (subscription.amount.to_f / 100.0),
+        trial_days: subscription.plan.has_trial? ? subscription.trial_period_days : nil,
+        return_url: charge.activate_url,
+        test: !DiscoApp.configuration.real_charges?
+      )
+    }
+
+    # If we couldn't create the charge on Shopify, return nil.
+    if shopify_charge.nil?
+      return nil
+    end
+
+    # Update the local record of the charge from Shopify's created charge, then
+    # return it.
+    charge.update(
+      shopify_id: shopify_charge.id,
+      confirmation_url: shopify_charge.confirmation_url
+    )
+    charge
+  end
+
+  # Attempt to activate the given Shopify charge for the given Shop using the
+  # Shopify API. Returns true on successful activation, false otherwise.
+  def self.activate(shop, charge)
+    begin
+      # Start by fetching the Shopify charge to check that it was accepted.
+      shopify_charge = shop.with_api_context {
+        charge.subscription.shopify_charge_class.find(charge.shopify_id)
+      }
+
+      # Update the status of the local charge based on the Shopify charge.
+      charge.send("#{shopify_charge.status}!") if charge.respond_to? "#{shopify_charge.status}!"
+
+      # If the charge wasn't accepted, fail and return.
+      return false unless charge.accepted?
+
+      # If the charge was indeed accepted, activate it via Shopify.
+      charge.shop.with_api_context {
+        shopify_charge.activate
+      }
+
+      # If the charge was recurring, make sure that all other local recurring
+      # charges are marked inactive.
+      if charge.recurring?
+        self.cancel_recurring_charges(shop, charge)
+      end
+
+      charge.active!
+
+      true
+    rescue
+      false
+    end
+  end
+
+  # Cancel all recurring charges for the given shop. If the optional charge
+  # parameter is given, it will be excluded from the cancellation.
+  def self.cancel_recurring_charges(shop, charge = nil)
+    charges = DiscoApp::RecurringApplicationCharge.where(shop: shop)
+    if charge.present?
+      charges = charges.where.not(id: charge)
+    end
+    charges.update_all(status: DiscoApp::RecurringApplicationCharge.statuses[:cancelled])
+  end
+
+end

data/app/services/disco_app/proxy_service.rb

@@ -0,0 +1,17 @@
+class DiscoApp::ProxyService
+
+  # Return true iff the signature provided in the given query string matches
+  # that calculated from the remaining query parameters and the given secret.
+  def self.proxy_signature_is_valid?(query_string, secret)
+    query_hash = Rack::Utils.parse_query(query_string)
+    signature = query_hash.delete('signature').to_s
+    ActiveSupport::SecurityUtils.variable_size_secure_compare(self.calculated_signature(query_hash, secret), signature)
+  end
+
+  # Return the calculated signature for the given query hash and secret.
+  def self.calculated_signature(query_hash, secret)
+    sorted_params = query_hash.collect{ |k, v| "#{k}=#{Array(v).join(',')}" }.sort.join
+    OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), secret, sorted_params)
+  end
+
+end