disco_app 0.8.8

data/app/controllers/disco_app/admin/concerns/plans_controller.rb

@@ -0,0 +1,51 @@
+module DiscoApp::Admin::Concerns::PlansController
+  extend ActiveSupport::Concern
+
+  included do
+    before_action :find_plan, only: [:edit, :update]
+  end
+
+  def index
+    @plans = DiscoApp::Plan.all
+  end
+
+  def new
+    @plan = DiscoApp::Plan.new
+    @plan.plan_codes.build
+  end
+
+  def create
+    @plan = DiscoApp::Plan.new(plan_params)
+    if @plan.save
+      redirect_to admin_plans_path
+    else
+      render 'new'
+    end
+  end
+
+  def edit
+    @plan.plan_codes.build
+  end
+
+  def update
+    if @plan.update_attributes(plan_params)
+      redirect_to admin_plans_path
+    else
+      render 'edit'
+    end
+  end
+
+  private
+
+    def find_plan
+      @plan = DiscoApp::Plan.find(params[:id])
+    end
+
+    def plan_params
+      params.require(:plan).permit(
+        :name, :status, :plan_type, :trial_period_days, :amount,
+        :plan_codes_attributes => [:code, :trial_period_days, :amount]
+      )
+    end
+
+end

data/app/controllers/disco_app/admin/concerns/shops_controller.rb

@@ -0,0 +1,7 @@
+module DiscoApp::Admin::Concerns::ShopsController
+  extend ActiveSupport::Concern
+
+  def index
+  end
+
+end

data/app/controllers/disco_app/admin/plans_controller.rb

@@ -0,0 +1,3 @@
+class DiscoApp::Admin::PlansController < DiscoApp::Admin::ApplicationController
+  include DiscoApp::Admin::Concerns::PlansController
+end

data/app/controllers/disco_app/admin/resources/shops_controller.rb

@@ -0,0 +1,3 @@
+class DiscoApp::Admin::Resources::ShopsController < JSONAPI::ResourceController
+  include DiscoApp::Admin::Concerns::AuthenticatedController
+end

data/app/controllers/disco_app/admin/shops_controller.rb

@@ -0,0 +1,3 @@
+class DiscoApp::Admin::ShopsController < DiscoApp::Admin::ApplicationController
+  include DiscoApp::Admin::Concerns::ShopsController
+end

data/app/controllers/disco_app/charges_controller.rb

@@ -0,0 +1,47 @@
+class DiscoApp::ChargesController < ApplicationController
+  include DiscoApp::Concerns::AuthenticatedController
+
+  skip_before_action :check_active_charge
+  before_action :find_subscription
+
+  # Display a "pre-charge" page, giving the opportunity to explain why a charge
+  # needs to be made.
+  def new
+  end
+
+  # Attempt to create a new charge for the logged in shop and selected
+  # subscription. If successful, redirect to the (external) charge confirmation
+  # URL. If it fails, redirect back to the new charge page.
+  def create
+    if(charge = DiscoApp::ChargesService.create(@shop, @subscription)).nil?
+      redirect_to action: :new
+    else
+      redirect_to charge.confirmation_url
+    end
+  end
+
+  # Attempt to activate a charge after a user has accepted or declined it.
+  # Redirect to the main application's root URL immediately afterwards - if the
+  # charge wasn't accepted, the flow will start again.
+  def activate
+    # First attempt to find a matching charge.
+    if(charge = @subscription.charges.find_by(id: params[:id], shopify_id: params[:charge_id])).nil?
+      redirect_to action: :new and return
+    end
+    if DiscoApp::ChargesService.activate(@shop, charge)
+      redirect_to main_app.root_url
+    else
+      redirect_to action: :new
+    end
+  end
+
+  private
+
+    def find_subscription
+      @subscription = @shop.subscriptions.find_by_id!(params[:subscription_id])
+      unless @subscription.requires_active_charge? and not @subscription.active_charge?
+        redirect_to main_app.root_url
+      end
+    end
+
+end

data/app/controllers/disco_app/concerns/app_proxy_controller.rb

@@ -0,0 +1,40 @@
+module DiscoApp::Concerns::AppProxyController
+  extend ActiveSupport::Concern
+
+  included do
+    before_action :verify_proxy_signature
+    before_action :shopify_shop
+    after_action :add_liquid_header
+
+    rescue_from ActiveRecord::RecordNotFound do |exception|
+      render_error 404
+    end
+  end
+
+  private
+
+    def verify_proxy_signature
+      unless proxy_signature_is_valid?
+        head :unauthorized
+      end
+    end
+
+    def proxy_signature_is_valid?
+      return true if Rails.env.development? and DiscoApp.configuration.skip_proxy_verification?
+      DiscoApp::ProxyService.proxy_signature_is_valid?(request.query_string, ShopifyApp.configuration.secret)
+    end
+
+    def shopify_shop
+      @shop = DiscoApp::Shop.find_by_shopify_domain!(params[:shop])
+    end
+
+    def add_liquid_header
+      response.headers['Content-Type'] = 'application/liquid'
+    end
+
+    def render_error(status)
+      add_liquid_header
+      render "disco_app/proxy_errors/#{status}", status: status
+    end
+
+end

data/app/controllers/disco_app/concerns/authenticated_controller.rb

@@ -0,0 +1,56 @@
+module DiscoApp::Concerns::AuthenticatedController
+  extend ActiveSupport::Concern
+
+  included do
+    before_action :login_again_if_different_shop
+    before_action :shopify_shop
+    before_action :check_installed
+    before_action :check_current_subscription
+    before_action :check_active_charge
+    around_filter :shopify_session
+    layout 'embedded_app'
+  end
+
+  private
+
+    def shopify_shop
+      if shop_session
+        @shop = DiscoApp::Shop.find_by!(shopify_domain: @shop_session.url)
+      else
+        redirect_to_login
+      end
+    end
+
+    def check_installed
+      if @shop.awaiting_install? or @shop.installing?
+        redirect_if_not_current_path disco_app.installing_path
+        return
+      end
+      if @shop.awaiting_uninstall? or @shop.uninstalling?
+        redirect_if_not_current_path disco_app.uninstalling_path
+        return
+      end
+      unless @shop.installed?
+        redirect_if_not_current_path disco_app.install_path
+      end
+    end
+
+    def check_current_subscription
+      unless @shop.current_subscription?
+        redirect_if_not_current_path disco_app.new_subscription_path
+      end
+    end
+
+    def check_active_charge
+      if @shop.current_subscription? and @shop.current_subscription.requires_active_charge? and not @shop.current_subscription.active_charge?
+        redirect_if_not_current_path disco_app.new_subscription_charge_path(@shop.current_subscription)
+      end
+    end
+
+    def redirect_if_not_current_path(target)
+      if request.path != target
+        redirect_to target
+      end
+    end
+
+end

data/app/controllers/disco_app/concerns/carrier_request_controller.rb

@@ -0,0 +1,21 @@
+module DiscoApp::Concerns::CarrierRequestController
+  extend ActiveSupport::Concern
+
+  included do
+    before_action :verify_carrier_request
+  end
+
+  private
+
+    def verify_carrier_request
+      unless carrier_request_signature_is_valid?
+        head :unauthorized
+      end
+    end
+
+    def carrier_request_signature_is_valid?
+      return true if Rails.env.development? and DiscoApp.configuration.skip_carrier_request_verification?
+      DiscoApp::CarrierRequestService.is_valid_hmac?(request.body.read.to_s, ShopifyApp.configuration.secret, request.headers['HTTP_X_SHOPIFY_HMAC_SHA256'])
+    end
+
+end

data/app/controllers/disco_app/frame_controller.rb

@@ -0,0 +1,9 @@
+class DiscoApp::FrameController < ActionController::Base
+
+  layout nil
+
+  def frame
+
+  end
+
+end

data/app/controllers/disco_app/install_controller.rb

@@ -0,0 +1,27 @@
+class DiscoApp::InstallController < ApplicationController
+  include DiscoApp::Concerns::AuthenticatedController
+
+  skip_before_action :check_current_subscription
+  skip_before_action :check_active_charge
+
+  # Start the installation process for the current shop, then redirect to the installing screen.
+  def install
+    DiscoApp::AppInstalledJob.perform_later(@shop.shopify_domain)
+    redirect_to action: :installing
+  end
+
+  # Display an "installing" page.
+  def installing
+    if @shop.installed?
+      redirect_to main_app.root_path
+    end
+  end
+
+  # Display an "uninstalling" page. Should be almost never used.
+  def uninstalling
+    if @shop.uninstalled?
+      redirect_to main_app.root_path
+    end
+  end
+
+end

data/app/controllers/disco_app/subscriptions_controller.rb

@@ -0,0 +1,40 @@
+class DiscoApp::SubscriptionsController < ApplicationController
+  include DiscoApp::Concerns::AuthenticatedController
+
+  skip_before_action :check_current_subscription
+
+  def new
+    @subscription = DiscoApp::Subscription.new
+  end
+
+  def create
+    # Get the selected plan. If it's not available or couldn't be found,
+    # redirect back to the plan selection page.
+    if(plan = DiscoApp::Plan.available.find_by_id(subscription_params[:plan])).nil?
+      redirect_to action: :new and return
+    end
+
+    # If a plan code was provided, check that it's (a) valid and available and
+    # (b) valid for the selected plan.
+    plan_code = nil
+    if subscription_params[:plan_code].present?
+      if(plan_code = DiscoApp::PlanCode.available.find_by(plan: plan, code: subscription_params[:plan_code])).nil?
+        redirect_to action: :new and return
+      end
+    end
+
+    # Subscribe the current shop to the selected plan.
+    if(subscription = DiscoApp::SubscriptionService.subscribe(@shop, plan, plan_code)).nil?
+      redirect_to action: :new
+    else
+      redirect_to main_app.root_path
+    end
+  end
+
+  private
+
+    def subscription_params
+      params.require(:subscription).permit(:plan, :plan_code)
+    end
+
+end

data/app/controllers/disco_app/webhooks_controller.rb

@@ -0,0 +1,46 @@
+module DiscoApp
+  class WebhooksController < ActionController::Base
+
+    before_action :verify_webhook
+
+    def process_webhook
+      # Get the topic and domain for this webhook.
+      topic = request.headers['HTTP_X_SHOPIFY_TOPIC']
+      domain = request.headers['HTTP_X_SHOPIFY_SHOP_DOMAIN']
+
+      # Ensure a domain was provided in the headers.
+      unless domain
+        head :bad_request
+      end
+
+      # Try to find a matching background job task for the given topic using class name.
+      job_class = DiscoApp::WebhookService.find_job_class(topic)
+
+      # Return bad request if we couldn't match a job class.
+      unless job_class.present?
+        head :bad_request
+      end
+
+      # Decode the body data and enqueue the appropriate job.
+      data = ActiveSupport::JSON::decode(request.body.read).with_indifferent_access
+      job_class.perform_later(domain, data)
+
+      render nothing: true
+    end
+
+    private
+
+      def verify_webhook
+        unless webhook_is_valid?
+          head :unauthorized
+        end
+        request.body.rewind
+      end
+
+      def webhook_is_valid?
+        return true if Rails.env.development? and DiscoApp.configuration.skip_webhook_verification?
+        DiscoApp::WebhookService.is_valid_hmac?(request.body.read.to_s, ShopifyApp.configuration.secret, request.headers['HTTP_X_SHOPIFY_HMAC_SHA256'])
+      end
+
+  end
+end

data/app/controllers/sessions_controller.rb

@@ -0,0 +1,22 @@
+class SessionsController < ApplicationController
+  include ShopifyApp::SessionsController
+
+  protected
+
+    # Override the authenticate method to allow skipping OAuth in development
+    # mode. Skipping OAuth still requires a shop with Shopify domain specified
+    # by the `shop` parameter to be present in the local database.
+    def authenticate
+      if Rails.env.development? and DiscoApp.configuration.skip_oauth?
+        shop = DiscoApp::Shop.find_by_shopify_domain!(sanitized_shop_name)
+
+        sess = ShopifyAPI::Session.new(shop.shopify_domain, shop.shopify_token)
+        session[:shopify] = ShopifyApp::SessionRepository.store(sess)
+        session[:shopify_domain] = sanitized_shop_name
+
+        redirect_to disco_app.frame_path and return
+      end
+      super
+    end
+
+end

data/app/helpers/disco_app/application_helper.rb

@@ -0,0 +1,28 @@
+module DiscoApp::ApplicationHelper
+
+  # Generates a link pointing to an object (such as an order or customer) inside
+  # the given shop's Shopify admin. This helper makes it easy to  create links
+  # to objects within the admin that support both right-clicking and opening in
+  # a new tab as well as capturing a left click and redirecting to the relevant
+  # object using `ShopifyApp.redirect()`.
+  def link_to_shopify_admin(shop, name, admin_path, options = {})
+    options[:onclick] = "ShopifyApp.redirect('#{admin_path}'); return false;"
+    options[:'data-no-turbolink'] = true
+    link_to(name, "https://#{shop.shopify_domain}/admin/#{admin_path}", options)
+  end
+
+  # Generate a link that will open its href in an embedded Shopify modal.
+  def link_to_modal(name, path, options = {})
+    modal_options = {
+      src: path,
+      title: options.delete(:modal_title),
+      width: options.delete(:modal_width),
+      height: options.delete(:modal_height),
+      buttons: options.delete(:modal_buttons),
+    }
+    options[:onclick] = "ShopifyApp.Modal.open(#{modal_options.to_json}); return false;"
+    options[:onclick].gsub!(/"function(.*?)"/, 'function\1')
+    link_to(name, path, options)
+  end
+
+end

data/app/jobs/disco_app/app_installed_job.rb

@@ -0,0 +1,3 @@
+class DiscoApp::AppInstalledJob < DiscoApp::ShopJob
+  include DiscoApp::Concerns::AppInstalledJob
+end

data/app/jobs/disco_app/app_uninstalled_job.rb

@@ -0,0 +1,3 @@
+class DiscoApp::AppUninstalledJob < DiscoApp::ShopJob
+  include DiscoApp::Concerns::AppUninstalledJob
+end

data/app/jobs/disco_app/concerns/app_installed_job.rb

@@ -0,0 +1,39 @@
+module DiscoApp::Concerns::AppInstalledJob
+  extend ActiveSupport::Concern
+
+  included do
+    before_enqueue { @shop.awaiting_install! }
+    before_perform { @shop.installing! }
+    after_perform { @shop.installed! }
+  end
+
+  # Perform application installation.
+  #
+  # - Synchronise webhooks.
+  # - Synchronise carrier service, if required.
+  # - Perform initial update of shop information.
+  # - Subscribe to default plan, if any exists.
+  #
+  def perform(shopify_domain)
+    DiscoApp::SynchroniseWebhooksJob.perform_now(shopify_domain)
+    DiscoApp::SynchroniseCarrierServiceJob.perform_now(shopify_domain)
+    DiscoApp::ShopUpdateJob.perform_now(shopify_domain)
+
+    @shop.reload
+
+    if default_plan.present?
+      DiscoApp::SubscriptionService.subscribe(@shop, default_plan)
+    end
+  end
+
+  # Provide an overridable hook for applications to examine the @shop object
+  # and return the default plan, if any, the shop should be subscribed to. If
+  # nil is returned, no automatic subscription will take place and the store
+  # owner will be forced to choose a plan after installation.
+  #
+  # If implementing this method, it should be memoized.
+  def default_plan
+    nil
+  end
+
+end

data/app/jobs/disco_app/concerns/app_uninstalled_job.rb

@@ -0,0 +1,20 @@
+module DiscoApp::Concerns::AppUninstalledJob
+  extend ActiveSupport::Concern
+
+  included do
+    before_enqueue { @shop.awaiting_uninstall! }
+    before_perform { @shop.uninstalling! }
+    after_perform { @shop.uninstalled! }
+  end
+
+  # Perform application uninstallation.
+  #
+  # - Mark any recurring application charges as cancelled.
+  # - Remove any stored sessions for the shop.
+  #
+  def perform(domain, shop_data)
+    DiscoApp::ChargesService.cancel_recurring_charges(@shop)
+    @shop.sessions.delete_all
+  end
+
+end

data/app/jobs/disco_app/concerns/shop_update_job.rb

@@ -0,0 +1,16 @@
+module DiscoApp::Concerns::ShopUpdateJob
+  extend ActiveSupport::Concern
+
+  # Perform an update of the current shop's information.
+  def perform(shopify_domain, shop_data = nil)
+    # If we weren't provided with shop data (eg from a webhook), fetch it.
+    shop_data ||= ActiveSupport::JSON::decode(ShopifyAPI::Shop.current.to_json)
+
+    # Ensure we can access shop data through symbols.
+    shop_data = HashWithIndifferentAccess.new(shop_data)
+
+    # Update model attributes present in both our model and the data hash.
+    @shop.update_attributes(shop_data.except(:id, :created_at).slice(*DiscoApp::Shop.column_names))
+  end
+
+end

data/app/jobs/disco_app/concerns/subscription_changed_job.rb

@@ -0,0 +1,7 @@
+module DiscoApp::Concerns::SubscriptionChangedJob
+  extend ActiveSupport::Concern
+
+  def perform(shopify_domain, subscription)
+  end
+
+end

data/app/jobs/disco_app/concerns/synchronise_carrier_service_job.rb

@@ -0,0 +1,52 @@
+module DiscoApp::Concerns::SynchroniseCarrierServiceJob
+  extend ActiveSupport::Concern
+
+  # Ensure that any carrier service required by our app is registered.
+  def perform(shopify_domain)
+    # Don't proceed unless we have a name and callback url.
+    return unless carrier_service_name and callback_url
+
+    # Registered the carrier service if it hasn't been registered yet.
+    unless current_carrier_service_names.include?(carrier_service_name)
+      ShopifyAPI::CarrierService.create(
+        name: carrier_service_name,
+        callback_url: callback_url,
+        service_discovery: true,
+        format: :json
+      )
+    end
+
+    # Ensure any existing carrier services (with the correct name) are active
+    # and have a current callback URL.
+    current_carrier_services.each do |carrier_service|
+      if carrier_service.name == carrier_service_name
+        carrier_service.callback_url = callback_url
+        carrier_service.active = true
+        carrier_service.save
+      end
+    end
+  end
+
+  protected
+
+    def carrier_service_name
+      DiscoApp.configuration.app_name
+    end
+
+    def callback_url
+      nil
+    end
+
+  private
+
+    # Return a list of currently registered carrier service names.
+    def current_carrier_service_names
+      current_carrier_services.map(&:name)
+    end
+
+    # Return a list of currently registered carrier services.
+    def current_carrier_services
+      @current_carrier_service ||= ShopifyAPI::CarrierService.find(:all)
+    end
+
+end

data/app/jobs/disco_app/concerns/synchronise_webhooks_job.rb

@@ -0,0 +1,61 @@
+module DiscoApp::Concerns::SynchroniseWebhooksJob
+  extend ActiveSupport::Concern
+
+  # Ensure the webhooks registered with our shop are the same as those listed
+  # in our application configuration.
+  def perform(shopify_domain)
+    # Get the full list of expected webhook topics.
+    expected_topics = [:'app/uninstalled', :'shop/update'] + topics
+
+    # Registered any webhooks that haven't been registered yet.
+    (expected_topics - current_topics).each do |topic|
+      ShopifyAPI::Webhook.create(
+        topic: topic,
+        address: webhooks_url,
+        format: 'json'
+      )
+    end
+
+    # Remove any extraneous topics.
+    current_webhooks.each do |webhook|
+      unless expected_topics.include?(webhook.topic.to_sym)
+        ShopifyAPI::Webhook.delete(webhook.id)
+      end
+    end
+
+    # Ensure webhook addresses are current.
+    current_webhooks.each do |webhook|
+      unless webhook.address == webhooks_url
+        webhook.address = webhooks_url
+        webhook.save
+      end
+    end
+  end
+
+  protected
+
+    # Return a list of additional webhook topics to listen for. This method
+    # can be overridden in the application to provide a list of app-specific
+    # webhooks that should be created during synchronisation.
+    def topics
+      []
+    end
+
+  private
+
+    # Return a list of currently registered topics.
+    def current_topics
+      current_webhooks.map(&:topic).map(&:to_sym)
+    end
+
+    # Return a list of current registered webhooks.
+    def current_webhooks
+      @current_webhooks ||= ShopifyAPI::Webhook.find(:all)
+    end
+
+    # Return the absolute URL to the webhooks endpoint.
+    def webhooks_url
+      DiscoApp::Engine.routes.url_helpers.webhooks_url
+    end
+
+end

data/app/jobs/disco_app/shop_job.rb

@@ -0,0 +1,27 @@
+# The base class for all jobs that should be performed in the context of a
+# particular Shop's API session. The first argument to any job inheriting from
+# this class must be the domain of the relevant store, so that the appropriate
+# Shop model can be fetched and the temporary API session created.
+class DiscoApp::ShopJob < ActiveJob::Base
+
+  queue_as :default
+
+  before_perform { |job| find_shop(job) }
+  before_enqueue { |job| find_shop(job) }
+
+  around_enqueue { |job, block| shop_context(job, block) }
+  around_perform { |job, block| shop_context(job, block) }
+
+  private
+
+    def find_shop(job)
+      @shop ||= DiscoApp::Shop.find_by!(shopify_domain: job.arguments.first)
+    end
+
+    def shop_context(job, block)
+      @shop.temp {
+        block.call(job.arguments)
+      }
+    end
+
+end

data/app/jobs/disco_app/shop_update_job.rb

@@ -0,0 +1,3 @@
+class DiscoApp::ShopUpdateJob < DiscoApp::ShopJob
+  include DiscoApp::Concerns::ShopUpdateJob
+end

data/app/jobs/disco_app/subscription_changed_job.rb

@@ -0,0 +1,3 @@
+class DiscoApp::SubscriptionChangedJob < DiscoApp::ShopJob
+  include DiscoApp::Concerns::SubscriptionChangedJob
+end

data/app/jobs/disco_app/synchronise_carrier_service_job.rb

@@ -0,0 +1,3 @@
+class DiscoApp::SynchroniseCarrierServiceJob < DiscoApp::ShopJob
+  include DiscoApp::Concerns::SynchroniseCarrierServiceJob
+end

data/app/jobs/disco_app/synchronise_webhooks_job.rb

@@ -0,0 +1,3 @@
+class DiscoApp::SynchroniseWebhooksJob < DiscoApp::ShopJob
+  include DiscoApp::Concerns::SynchroniseWebhooksJob
+end