disco_app 0.6.0

data/app/controllers/disco_app/charges_controller.rb

@@ -0,0 +1,30 @@
+module DiscoApp
+  class ChargesController < ApplicationController
+    include DiscoApp::AuthenticatedController
+
+    skip_before_action :verify_status, only: [:create, :activate]
+
+    # Display a "pre-charge" page, giving the opportunity to explain why a charge needs to be made.
+    def new
+    end
+
+    # Create a new charge for the currently logged in shop, then redirect to the charge's confirmation URL.
+    def create
+      if (shopify_charge = DiscoApp::ChargesService.create(@shop)).nil?
+        redirect_to action: :new and return
+      end
+      redirect_to shopify_charge.confirmation_url
+    end
+
+    # Attempt to activate a charge after a user has accepted or declined it. Redirect to the main application's root URL
+    # immediately afterwards - if the charge wasn't accepted, the flow will start again.
+    def activate
+      if (shopify_charge = DiscoApp::ChargesService.get_accepted_charge(@shop, params[:charge_id])).nil?
+        redirect_to action: :new and return
+      end
+      DiscoApp::ChargesService.activate(@shop, shopify_charge)
+      redirect_to main_app.root_url
+    end
+
+  end
+end

data/app/controllers/disco_app/install_controller.rb

@@ -0,0 +1,26 @@
+module DiscoApp
+  class InstallController < ApplicationController
+    include DiscoApp::AuthenticatedController
+
+    # Start the installation process for the current shop, then redirect to the installing screen.
+    def install
+      AppInstalledJob.perform_later(@shop.shopify_domain)
+      redirect_to action: :installing
+    end
+
+    # Display an "installing" page.
+    def installing
+      if @shop.installed?
+        redirect_to main_app.root_path
+      end
+    end
+
+    # Display an "uninstalling" page. Should be almost never used.
+    def uninstalling
+      if @shop.uninstalled?
+        redirect_to main_app.root_path
+      end
+    end
+
+  end
+end

data/app/controllers/disco_app/webhooks_controller.rb

@@ -0,0 +1,42 @@
+module DiscoApp
+  class WebhooksController < ActionController::Base
+
+    before_action :verify_webhook
+
+    def process_webhook
+      # Get the topic and domain for this webhook.
+      topic = request.headers['HTTP_X_SHOPIFY_TOPIC']
+      domain = request.headers['HTTP_X_SHOPIFY_SHOP_DOMAIN']
+
+      # Ensure a domain was provided in the headers.
+      unless domain
+        head :bad_request
+      end
+
+      # Try to find a matching background job task for the given topic using class name.
+      job_class = DiscoApp::WebhookService.find_job_class(topic)
+
+      # Return bad request if we couldn't match a job class.
+      unless job_class.present?
+        head :bad_request
+      end
+
+      # Decode the body data and enqueue the appropriate job.
+      data = ActiveSupport::JSON::decode(request.body.read)
+      job_class.perform_later(domain, data)
+
+      render nothing: true
+    end
+
+    private
+
+      # Verify a webhook request.
+      def verify_webhook
+        unless DiscoApp::WebhookService.is_valid_hmac?(request.body.read.to_s, ShopifyApp.configuration.secret, request.headers['HTTP_X_SHOPIFY_HMAC_SHA256'])
+          head :unauthorized
+        end
+        request.body.rewind
+      end
+
+  end
+end

data/app/helpers/disco_app/application_helper.rb

@@ -0,0 +1,4 @@
+module DiscoApp
+  module ApplicationHelper
+  end
+end

data/app/jobs/disco_app/app_installed_job.rb

@@ -0,0 +1,41 @@
+module DiscoApp
+  class AppInstalledJob < DiscoApp::ShopJob
+
+    before_enqueue { @shop.awaiting_install! }
+    before_perform { @shop.installing! }
+    after_perform { @shop.installed! }
+
+    def perform(domain)
+
+      # Install webhooks.
+      (base_webhook_topics + webhook_topics).each do |topic|
+        ShopifyAPI::Webhook.create(topic: topic, address: webhooks_url, format: 'json')
+      end
+
+      # Perform initial update of shop information.
+      DiscoApp::ShopUpdateJob.perform_now(domain)
+
+    end
+
+    protected
+
+      # Return a list of additional webhook topics to listen for.
+      # This method should be overridden in the application.
+      def webhook_topics
+        []
+      end
+
+    private
+
+      # Return a list of webhook topics that will always be set up for the application.
+      def base_webhook_topics
+        [:'app/uninstalled', :'shop/update']
+      end
+
+      # Return the absolute URL to the webhooks endpoint.
+      def webhooks_url
+        DiscoApp::Engine.routes.url_helpers.webhooks_url
+      end
+
+  end
+end

data/app/jobs/disco_app/app_uninstalled_job.rb

@@ -0,0 +1,3 @@
+class DiscoApp::AppUninstalledJob < DiscoApp::ShopJob
+  include DiscoApp::Concerns::AppUninstalledJob
+end

data/app/jobs/disco_app/concerns/app_uninstalled_job.rb

@@ -0,0 +1,19 @@
+module DiscoApp::Concerns::AppUninstalledJob
+  extend ActiveSupport::Concern
+
+  included do
+
+    before_enqueue { @shop.awaiting_uninstall! }
+    before_perform { @shop.uninstalling! }
+    after_perform { @shop.uninstalled! }
+
+  end
+
+  def perform(domain, shop_data)
+    # Mark the shop's charge status as "cancelled" unless charges have been waived.
+    unless @shop.charge_waived?
+      @shop.charge_cancelled!
+    end
+  end
+
+end

data/app/jobs/disco_app/shop_job.rb

@@ -0,0 +1,29 @@
+# The base class for all jobs that should be performed in the context of a particular Shop's API session. The first
+# argument to any job inheriting from this class must be the domain of the relevant store, so that the appropriate
+# Shop model can be fetched and the temporary API session created.
+
+module DiscoApp
+  class ShopJob < ActiveJob::Base
+
+    queue_as :default
+
+    before_perform { |job| find_shop(job) }
+    before_enqueue { |job| find_shop(job) }
+
+    around_enqueue { |job, block| shop_context(job, block) }
+    around_perform { |job, block| shop_context(job, block) }
+
+    private
+
+      def find_shop(job)
+        @shop ||= Shop.find_by!(shopify_domain: job.arguments.first)
+      end
+
+      def shop_context(job, block)
+        @shop.temp {
+          block.call(job.arguments)
+        }
+      end
+
+  end
+end

data/app/jobs/disco_app/shop_update_job.rb

@@ -0,0 +1,16 @@
+module DiscoApp
+  class ShopUpdateJob < DiscoApp::ShopJob
+
+    def perform(domain, shop_data = nil)
+      # If we weren't provided with shop data (eg from a webhook), fetch it.
+      shop_data ||= ActiveSupport::JSON::decode(ShopifyAPI::Shop.current.to_json)
+
+      # Ensure we can access shop data through symbols.
+      shop_data = HashWithIndifferentAccess.new(shop_data)
+
+      # Update model attributes present in both our model and the data hash.
+      @shop.update_attributes(shop_data.except(:id, :created_at).slice(*DiscoApp::Shop.column_names))
+    end
+
+  end
+end

data/app/models/disco_app/concerns/plan.rb

@@ -0,0 +1,14 @@
+module DiscoApp::Concerns::Plan
+  extend ActiveSupport::Concern
+
+  included do
+
+    has_many :subscriptions
+    has_many :shops, through: :subscriptions
+
+    enum status: [:available, :unavailable, :hidden]
+
+    scope :available, -> { where status: statuses[:available] }
+
+  end
+end

data/app/models/disco_app/concerns/shop.rb

@@ -0,0 +1,62 @@
+module DiscoApp::Concerns::Shop
+  extend ActiveSupport::Concern
+
+  included do
+    include ShopifyApp::Shop
+
+    # Define relationships to plans and subscriptions.
+    has_many :subscriptions
+    has_many :plans, through: :subscriptions
+
+    # Define possible installation statuses as an enum.
+    enum status: [:never_installed, :awaiting_install, :installing, :installed, :awaiting_uninstall, :uninstalling, :uninstalled]
+
+    # Define possible charge statuses as an enum.
+    enum charge_status: [:charge_none, :charge_pending, :charge_accepted, :charge_declined, :charge_active, :charge_cancelled, :charge_waived]
+
+    # Define some useful scopes.
+    scope :status, -> (status) { where status: status }
+    scope :installed, -> { where status: statuses[:installed] }
+    scope :has_active_shopify_plan, -> { where.not(plan_name: [:cancelled, :frozen]) }
+
+    # Alias 'with_shopify_session' as 'temp', as per our existing conventions.
+    alias_method :temp, :with_shopify_session
+
+    # Return a hash of attributes that should be used to create a new charge for this shop.
+    # This method can be overridden by the inheriting Shop class in order to provide charges
+    # customised to a particular shop. Otherwise, the default settings configured in application.rb
+    # will be used.
+    def new_charge_attributes
+      {
+          type: Rails.configuration.x.shopify_charges_default_type,
+          name: Rails.configuration.x.shopify_app_name,
+          price: Rails.configuration.x.shopify_charges_default_price,
+          trial_days: Rails.configuration.x.shopify_charges_default_trial_days,
+      }
+    end
+
+    # Update this Shop's charge_status attribute based on the given Shopify charge object.
+    def update_charge_status(shopify_charge)
+      status_update_method_name = "charge_#{shopify_charge.status}!"
+      self.public_send(status_update_method_name) if self.respond_to? status_update_method_name
+    end
+
+    # Convenience method to get the currently active subscription for this Shop.
+    def current_subscription
+      subscriptions.active.first
+    end
+
+    # Return the absolute URL to the shop's storefront.
+    # @TODO: Account for HTTPS.
+    def url
+      "http://#{domain}"
+    end
+
+    # Return the absolute URL to the shop's admin.
+    def admin_url
+      "https://#{shopify_domain}/admin"
+    end
+
+  end
+
+end

data/app/models/disco_app/concerns/subscription.rb

@@ -0,0 +1,14 @@
+module DiscoApp::Concerns::Subscription
+  extend ActiveSupport::Concern
+
+  included do
+
+    belongs_to :shop
+    belongs_to :plan
+
+    enum status: [:active, :replaced, :cancelled]
+
+    scope :active, -> { where status: statuses[:active] }
+
+  end
+end

data/app/models/disco_app/plan.rb

@@ -0,0 +1,3 @@
+class DiscoApp::Plan < ActiveRecord::Base
+  include DiscoApp::Concerns::Plan
+end

data/app/models/disco_app/session_storage.rb

@@ -0,0 +1,18 @@
+module DiscoApp
+  class SessionStorage
+    def self.store(session)
+      shop = Shop.find_or_initialize_by(shopify_domain: session.url)
+      shop.shopify_token = session.token
+      shop.save!
+      shop.id
+    end
+
+    def self.retrieve(id)
+      return unless id
+      shop = Shop.find(id)
+      ShopifyAPI::Session.new(shop.shopify_domain, shop.shopify_token)
+    rescue ActiveRecord::RecordNotFound
+      nil
+    end
+  end
+end

data/app/models/disco_app/shop.rb

@@ -0,0 +1,3 @@
+class DiscoApp::Shop < ActiveRecord::Base
+  include DiscoApp::Concerns::Shop
+end

data/app/models/disco_app/subscription.rb

@@ -0,0 +1,3 @@
+class DiscoApp::Subscription < ActiveRecord::Base
+  include DiscoApp::Concerns::Subscription
+end

data/app/services/disco_app/charges_service.rb

@@ -0,0 +1,73 @@
+module DiscoApp
+  class ChargesService
+
+    # Create a new charge for the given Shop using the Shopify API.
+    #
+    # The attributes of the charge are fetched using the shop's `new_charge_attributes` method, which can be overriden
+    # to provide custom charge types for individual shops.
+    #
+    # Returns the new Shopify charge model on success, nil otherwise.
+    def self.create(shop)
+      shopify_charge = shop.temp {
+        self.charge_api_class(shop).create(self.new_charge_attributes(shop))
+      }
+
+      # If the charge was successfully created, update the charge status on the shop.
+      shop.update_charge_status(shopify_charge) if shopify_charge
+
+      # Return the charge.
+      shopify_charge
+    end
+
+    # Fetch the specified charge for the given Shop using the Shopify API and check that it has been actioned (either
+    # accepted or declined). Updates the shop object's charge status, then returns the charge if it was accepted or
+    # nil otherwise.
+    def self.get_accepted_charge(shop, charge_id)
+      begin
+        shopify_charge = shop.temp {
+          self.charge_api_class(shop).find(charge_id)
+        }
+
+        # If the charge was successfully fetched, update the status for the shop accordingly.
+        shop.update_charge_status(shopify_charge) if shopify_charge
+
+        shopify_charge
+      rescue
+        nil
+      end
+    end
+
+    # Attempt to activate the given Shopify charge for the given Shop using the Shopify API.
+    # Returns true on successful activation, false otherwise.
+    def self.activate(shop, shopify_charge)
+      begin
+        shop.temp {
+          shopify_charge.activate
+        }
+        shop.charge_active!
+        true
+      rescue
+        false
+      end
+    end
+
+    # Merge the new_charge_attributes returned by the given shop model and merge them with some application-level
+    # charge attributes.
+    def self.new_charge_attributes(shop)
+      shop.new_charge_attributes.merge(
+        return_url: DiscoApp::Engine.routes.url_helpers.activate_charge_url,
+        test: !Rails.configuration.x.shopify_charges_real,
+      )
+    end
+
+    # Get the appropriate Shopify API class for the given shop (either ApplicationCharge or RecurringApplicationCharge).
+    def self.charge_api_class(shop)
+      if shop.new_charge_attributes[:type] == :one_time
+        ShopifyAPI::ApplicationCharge
+      else
+        ShopifyAPI::RecurringApplicationCharge
+      end
+    end
+
+  end
+end

data/app/services/disco_app/subscription_service.rb

@@ -0,0 +1,25 @@
+class DiscoApp::SubscriptionService
+
+  # Subscribe the given shop to the given plan.
+  def self.subscribe(shop, plan)
+    # Mark all existing active subscriptions as replaced.
+    shop.subscriptions.active.update_all(status: DiscoApp::Subscription.statuses[:replaced])
+
+    # Add the new subscription.
+    DiscoApp::Subscription.create!(
+      shop: shop,
+      plan: plan,
+      status: DiscoApp::Subscription.statuses[:active],
+      name: plan.name,
+      charge_type: plan.charge_type,
+      price: plan.default_price,
+      trial_days: plan.default_trial_days
+    )
+  end
+
+  # Cancel any active subscription for the given shop.
+  def self.cancel(shop)
+    shop.subscriptions.active.update_all(status: DiscoApp::Subscription.statuses[:cancelled])
+  end
+
+end

data/app/services/disco_app/webhook_service.rb

@@ -0,0 +1,30 @@
+class DiscoApp::WebhookService
+
+  # Return true iff the provided hmac_to_verify matches that calculated from the
+  # give data and secret.
+  def self.is_valid_hmac?(body, secret, hmac_to_verify)
+    self.calculated_hmac(body, secret) == hmac_to_verify
+  end
+
+  # Calculate the HMAC for the given data and secret.
+  def self.calculated_hmac(body, secret)
+    digest  = OpenSSL::Digest.new('sha256')
+    Base64.encode64(OpenSSL::HMAC.digest(digest, secret, body)).strip
+  end
+
+  # Try to find a job class for the given webhook topic.
+  def self.find_job_class(topic)
+    begin
+      # First try to find a top-level matching job class.
+      "#{topic}_job".gsub('/', '_').classify.constantize
+    rescue NameError
+      # If that fails, try to find a DiscoApp:: prefixed job class.
+      begin
+        %Q{DiscoApp::#{"#{topic}_job".gsub('/', '_').classify}}.constantize
+      rescue NameError
+        nil
+      end
+    end
+  end
+
+end

data/app/views/disco_app/charges/activate.html.erb

@@ -0,0 +1 @@
+activate_charge

data/app/views/disco_app/charges/create.html.erb

@@ -0,0 +1 @@
+create_charge

data/app/views/disco_app/charges/new.html.erb

@@ -0,0 +1,45 @@
+<% provide(:title, 'Thankyou') %>
+
+<div class="row">
+  <% if @shop.charge_declined? %>
+    <div class="alert alert-warning">
+      <p>
+        Oops! Looks like you declined the charge.
+        Unfortunately, you'll have to accept the charge on the next screen in order to continue installing the application.
+      </p>
+    </div>
+  <% elsif @shop.charge_cancelled? %>
+    <div class="alert alert-warning">
+      <p>
+        Your authorized charge for this application has expired.
+        This could have occurred if:
+      </p>
+      <ul>
+        <li>You uninstalled and reinstalled the application; or</li>
+        <li>Your plan level has changed.</li>
+      </ul>
+      <p>
+        In either case, it's no problem!
+        Simply click okay and you'll be asked to authorize a new charge.
+        Don't worry - you *wont'* be billed twice.
+      </p>
+    </div>
+  <% else %>
+    <div class="alert alert-success">
+      <p>
+        Thanks for installing <%= Rails.configuration.x.shopify_app_name %>!
+      </p>
+      <p>
+        Before we start setting things up, we need you to authorize a charge for the application.
+      </p>
+    </div>
+  <% end %>
+</div>
+
+<div class="row">
+  <%= form_tag disco_app.create_charge_path, method: 'POST', target: '_parent' do %>
+    <div class="form-group">
+      <%= submit_tag 'Okay', class: 'form-input' %>
+    </div>
+  <% end %>
+</div>

data/app/views/disco_app/install/installing.html.erb

@@ -0,0 +1,7 @@
+<% content_for :extra_head do %>
+  <meta http-equiv="refresh" content="5">
+<% end %>
+
+<p>
+  Installing, please wait...
+</p>

data/app/views/disco_app/install/uninstalling.html.erb

@@ -0,0 +1 @@
+uninstalling

data/app/views/disco_app/proxy_errors/404.html.erb

@@ -0,0 +1 @@
+404 Not Found

data/app/views/disco_app/shared/_card.html.erb

@@ -0,0 +1,16 @@
+<% disabled ||= false %>
+<div class="next-card <% if disabled %>next-card--disabled<% end %>">
+  <% if content_for?(:card_header) %>
+    <header class="next-card__header">
+      <%= content_for :card_header %>
+    </header>
+  <% end %>
+  <section class="next-card__section">
+    <%= content_for :card_content %>
+  </section>
+  <% if content_for?(:card_footer) %>
+    <footer class="next-card__footer">
+      <%= content_for :card_footer %>
+    </footer>
+  <% end %>
+</div>

data/app/views/disco_app/shared/_section.html.erb

@@ -0,0 +1,17 @@
+<section class="section">
+  <div class="layout-content">
+
+    <aside class="layout-content__sidebar layout-content__first">
+      <% if content_for?(:section_summary) %>
+      <div class="section-summary">
+        <%= content_for :section_summary %>
+      </div>
+      <% end %>
+    </aside>
+
+    <section class="layout-content__main">
+      <%= content_for :section_content %>
+    </section>
+
+  </div>
+</section>

data/app/views/layouts/application.html.erb

@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title><%= yield(:title) %></title>
+
+  <%= stylesheet_link_tag 'application', media: 'all', 'data-turbolinks-track' => true %>
+
+  <%= csrf_meta_tags %>
+
+  <%= yield :extra_head %>
+</head>
+<body>
+
+  <%= yield %>
+
+  <%= javascript_include_tag 'application', 'data-turbolinks-track' => true %>
+</body>
+</html>

data/app/views/layouts/embedded_app.html.erb

@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title><%= yield(:title) %></title>
+
+  <script src="//cdn.shopify.com/s/assets/external/app.js?<%= Time.now.strftime('%Y%m%d%H') %>"></script>
+  <script type="text/javascript">
+    // Initialise the Shopify App.
+    ShopifyApp.init({
+      "apiKey": "<%= ShopifyApp.configuration.api_key %>",
+      "shopOrigin": "<%= "https://#{ @shop_session.url }" if @shop_session %>",
+      "debug": <%= Rails.env.development? ? 'true' : 'false' %>
+    });
+  </script>
+
+  <%= stylesheet_link_tag 'application', media: 'all', 'data-turbolinks-track' => true %>
+
+  <%= csrf_meta_tags %>
+
+  <%= yield :extra_head %>
+</head>
+<body>
+  <script type="text/javascript">
+    ShopifyApp.Bar.initialize({
+      title: "<%= yield(:title) %>",
+      icon: "<%= image_url("disco_app/icon.svg") %>",
+      buttons: <%= content_for?(:buttons) ? content_for(:buttons) : '{}' %>
+    });
+  </script>
+
+  <%= yield %>
+
+  <% flash.each do |key, message| %>
+  <script type="text/javascript">
+    ShopifyApp.flash<%= (key == 'error') ? 'Error' : 'Notice' %>('<%= message %>');
+  </script>
+  <% end %>
+
+  <%= javascript_include_tag 'application', 'data-turbolinks-track' => true %>
+</body>
+</html>

data/app/views/sessions/new.html.erb

@@ -0,0 +1,26 @@
+<% provide(:title, 'Install') %>
+
+<%= form_tag shopify_app.login_path do %>
+    <div class="modal-dialog">
+      <div class="modal-content">
+        <div class="modal-body">
+
+          <% flash.each do |message_type, message| %>
+              <div class="alert alert-<%= message_type %>"><%= message %></div>
+          <% end %>
+
+          <div class="form-group">
+            <div class="input-group">
+              <div class="input-group-addon">http://</div>
+              <input type="text" class="form-control" id="shop" name="shop" placeholder="your-store" autocomplete="off" autofocus="on" />
+              <div class="input-group-addon">.myshopify.com</div>
+            </div>
+          </div>
+
+        </div>
+        <div class="modal-footer">
+          <button type="submit" class="btn btn-primary">Install</button>
+        </div>
+      </div>
+    </div>
+<% end %>