disco_app 0.8.9

data/app/models/disco_app/app_settings.rb

@@ -0,0 +1,3 @@
+class DiscoApp::AppSettings < ActiveRecord::Base
+  include DiscoApp::Concerns::AppSettings
+end

data/app/models/disco_app/application_charge.rb

@@ -0,0 +1,18 @@
+class DiscoApp::ApplicationCharge < ActiveRecord::Base
+
+  belongs_to :shop
+  belongs_to :subscription
+
+  enum status: [:pending, :accepted, :declined, :expired, :active]
+
+  scope :active, -> { where status: statuses[:active] }
+
+  def recurring?
+    false
+  end
+
+  def activate_url
+    DiscoApp::Engine.routes.url_helpers.activate_subscription_charge_url(subscription, self)
+  end
+
+end

data/app/models/disco_app/concerns/app_settings.rb

@@ -0,0 +1,7 @@
+module DiscoApp::Concerns::AppSettings
+  extend ActiveSupport::Concern
+
+  included do
+    acts_as_singleton
+  end
+end

data/app/models/disco_app/concerns/plan.rb

@@ -0,0 +1,26 @@
+module DiscoApp::Concerns::Plan
+  extend ActiveSupport::Concern
+
+  included do
+
+    has_many :subscriptions
+    has_many :shops, through: :subscriptions
+    has_many :plan_codes
+
+    accepts_nested_attributes_for :plan_codes
+
+    enum status: [:available, :unavailable]
+    enum plan_type: [:recurring, :one_time]
+    enum interval: [:month, :year]
+
+    scope :available, -> { where status: statuses[:available] }
+
+    validates_presence_of :name
+
+  end
+
+  def has_trial?
+    trial_period_days.present? and trial_period_days > 0
+  end
+
+end

data/app/models/disco_app/concerns/plan_code.rb

@@ -0,0 +1,15 @@
+module DiscoApp::Concerns::PlanCode
+  extend ActiveSupport::Concern
+
+  included do
+
+    belongs_to :plan
+
+    enum status: [:available, :unavailable]
+
+    validates_presence_of :code
+    validates_presence_of :amount
+
+  end
+
+end

data/app/models/disco_app/concerns/shop.rb

@@ -0,0 +1,80 @@
+module DiscoApp::Concerns::Shop
+  extend ActiveSupport::Concern
+
+  included do
+    include ShopifyApp::Shop
+    include ActionView::Helpers::DateHelper
+
+    # Define relationships to plans and subscriptions.
+    has_many :subscriptions
+    has_many :plans, through: :subscriptions
+
+    # Define relationship to sessions.
+    has_many :sessions, class_name: 'DiscoApp::Session', dependent: :destroy
+
+    # Define possible installation statuses as an enum.
+    enum status: [:never_installed, :awaiting_install, :installing, :installed, :awaiting_uninstall, :uninstalling, :uninstalled]
+
+    # Define some useful scopes.
+    scope :status, -> (status) { where status: status }
+    scope :installed, -> { where status: statuses[:installed] }
+    scope :has_active_shopify_plan, -> { where.not(plan_name: [:cancelled, :frozen, :fraudulent]) }
+
+    # Alias 'with_shopify_session' as 'temp', as per our existing conventions.
+    alias_method :temp, :with_shopify_session
+
+    # Return a hash of attributes that should be used to create a new charge for this shop.
+    # This method can be overridden by the inheriting Shop class in order to provide charges
+    # customised to a particular shop. Otherwise, the default settings configured in application.rb
+    # will be used.
+    def new_charge_attributes
+      {
+          type: Rails.configuration.x.shopify_charges_default_type,
+          name: DiscoApp.configuration.app_name,
+          price: Rails.configuration.x.shopify_charges_default_price,
+          trial_days: Rails.configuration.x.shopify_charges_default_trial_days,
+      }
+    end
+
+    # Convenience method to check if this shop has a current subscription.
+    def current_subscription?
+      current_subscription.present?
+    end
+
+    # Convenience method to get the current subscription for this shop, if any.
+    def current_subscription
+      subscriptions.current.first
+    end
+
+    # Convenience method to get the current plan for this shop, if any.
+    def current_plan
+      current_subscription&.plan
+    end
+
+    # Return the absolute URL to the shop's storefront.
+    def url
+      "#{protocol}://#{domain}"
+    end
+
+    # Return the protocol the shop's storefront uses. This should now always be
+    # https as all Shopify stores have SSL enabled.
+    def protocol
+      'https'
+    end
+
+    # Return the absolute URL to the shop's admin.
+    def admin_url
+      "https://#{shopify_domain}/admin"
+    end
+
+    def installed_duration
+      distance_of_time_in_words_to_now(created_at.time)
+    end
+
+    def pretty_created_at
+        created_at.strftime("%B %d, %Y")
+    end
+
+  end
+
+end

data/app/models/disco_app/concerns/subscription.rb

@@ -0,0 +1,48 @@
+module DiscoApp::Concerns::Subscription
+  extend ActiveSupport::Concern
+
+  included do
+
+    belongs_to :shop
+    belongs_to :plan
+    belongs_to :plan_code
+
+    has_many :one_time_charges, class_name: 'DiscoApp::ApplicationCharge', dependent: :destroy
+    has_many :recurring_charges, class_name: 'DiscoApp::RecurringApplicationCharge', dependent: :destroy
+
+    enum status: [:trial, :active, :cancelled]
+    enum subscription_type: [:recurring, :one_time]
+
+    scope :current, -> { where status: [statuses[:trial], statuses[:active]] }
+
+  end
+
+  # Only require an active charge if the amount to be charged is > 0.
+  def requires_active_charge?
+    amount > 0
+  end
+
+  # Convenience method to check if this subscription has an active charge.
+  def active_charge?
+    active_charge.present?
+  end
+
+  # Convenience method to get the active charge for this subscription.
+  def active_charge
+    charges.active.first
+  end
+
+  # Return the appropriate set of charges for this subscription's type.
+  def charges
+    recurring? ? recurring_charges : one_time_charges
+  end
+
+  def charge_class
+    recurring? ? DiscoApp::RecurringApplicationCharge : DiscoApp::ApplicationCharge
+  end
+
+  def shopify_charge_class
+    recurring? ? ShopifyAPI::RecurringApplicationCharge : ShopifyAPI::ApplicationCharge
+  end
+
+end

data/app/models/disco_app/concerns/synchronises.rb

@@ -0,0 +1,39 @@
+module DiscoApp::Concerns::Synchronises
+  extend ActiveSupport::Concern
+
+  class_methods do
+
+    def should_synchronise?(shop, data)
+      true
+    end
+
+    def synchronise(shop, data)
+      data = data.with_indifferent_access
+
+      return unless should_synchronise?(shop, data)
+
+      instance = self.find_or_create_by!(id: data[:id]) do |instance|
+        instance.shop = shop
+        instance.data = data
+      end
+
+      instance.update(data: data)
+
+      instance
+    end
+
+    def should_synchronise_deletion?(shop, data)
+      true
+    end
+
+    def synchronise_deletion(shop, data)
+      data = data.with_indifferent_access
+
+      return unless should_synchronise_deletion?(shop, data)
+
+      self.destroy_all(shop: shop, id: data[:id])
+    end
+
+  end
+
+end

data/app/models/disco_app/plan.rb

@@ -0,0 +1,3 @@
+class DiscoApp::Plan < ActiveRecord::Base
+  include DiscoApp::Concerns::Plan
+end

data/app/models/disco_app/plan_code.rb

@@ -0,0 +1,3 @@
+class DiscoApp::PlanCode < ActiveRecord::Base
+  include DiscoApp::Concerns::PlanCode
+end

data/app/models/disco_app/recurring_application_charge.rb

@@ -0,0 +1,18 @@
+class DiscoApp::RecurringApplicationCharge < ActiveRecord::Base
+
+  belongs_to :shop
+  belongs_to :subscription
+
+  enum status: [:pending, :accepted, :declined, :active, :cancelled, :expired]
+
+  scope :active, -> { where status: statuses[:active] }
+
+  def recurring?
+    true
+  end
+
+  def activate_url
+    DiscoApp::Engine.routes.url_helpers.activate_subscription_charge_url(subscription, self)
+  end
+
+end

data/app/models/disco_app/session_storage.rb

@@ -0,0 +1,18 @@
+module DiscoApp
+  class SessionStorage
+    def self.store(session)
+      shop = Shop.find_or_initialize_by(shopify_domain: session.url)
+      shop.shopify_token = session.token
+      shop.save!
+      shop.id
+    end
+
+    def self.retrieve(id)
+      return unless id
+      shop = Shop.find(id)
+      ShopifyAPI::Session.new(shop.shopify_domain, shop.shopify_token)
+    rescue ActiveRecord::RecordNotFound
+      nil
+    end
+  end
+end

data/app/models/disco_app/shop.rb

@@ -0,0 +1,3 @@
+class DiscoApp::Shop < ActiveRecord::Base
+  include DiscoApp::Concerns::Shop
+end

data/app/models/disco_app/subscription.rb

@@ -0,0 +1,3 @@
+class DiscoApp::Subscription < ActiveRecord::Base
+  include DiscoApp::Concerns::Subscription
+end

data/app/resources/disco_app/admin/resources/concerns/shop_resource.rb

@@ -0,0 +1,45 @@
+require 'jsonapi/resource'
+
+module DiscoApp::Admin::Resources::Concerns::ShopResource
+  extend ActiveSupport::Concern
+
+  included do
+
+    attributes :shopify_domain, :status, :email, :country_name
+    attributes :currency, :domain, :plan_display_name, :created_at 
+    attributes :pretty_created_at, :installed_duration
+
+    model_name 'DiscoApp::Shop'
+
+    filters :status
+
+    # Adjust the base records method to ensure only models for the authenticated domain are retrieved.
+    def self.records(options = {})
+      records = DiscoApp::Shop.order(created_at: :desc)
+      records
+    end
+
+    # Apply filters.
+    def self.apply_filter(records, filter, value, options)
+      return records if value.blank?
+
+      # Perform appropriate filtering.
+      case filter
+        when :status
+          return records.where(status: value.map { |v| DiscoApp::Shop.statuses[v.to_sym] } )
+        else
+          return super(records, filter, value)
+      end
+    end
+
+    # Don't allow the update of any fields via the API.
+    def self.updatable_fields(context)
+      []
+    end
+
+    # Don't allow the creation of any fields via the API.
+    def self.creatable_fields(context)
+      []
+    end
+  end
+end

data/app/resources/disco_app/admin/resources/shop_resource.rb

@@ -0,0 +1,4 @@
+class DiscoApp::Admin::Resources::ShopResource < JSONAPI::Resource
+  include DiscoApp::Admin::Resources::Concerns::ShopResource
+
+end

data/app/services/disco_app/carrier_request_service.rb

@@ -0,0 +1,15 @@
+class DiscoApp::CarrierRequestService
+
+  # Return true iff the provided hmac_to_verify matches that calculated from the
+  # given data and secret.
+  def self.is_valid_hmac?(body, secret, hmac_to_verify)
+    ActiveSupport::SecurityUtils.secure_compare(self.calculated_hmac(body, secret), hmac_to_verify.to_s)
+  end
+
+  # Calculate the HMAC for the given data and secret.
+  def self.calculated_hmac(body, secret)
+    digest  = OpenSSL::Digest.new('sha256')
+    Base64.encode64(OpenSSL::HMAC.digest(digest, secret, body)).strip
+  end
+
+end

data/app/services/disco_app/charges_service.rb

@@ -0,0 +1,81 @@
+class DiscoApp::ChargesService
+
+  # Create the appropriate type of Shopify charge for the given subscription
+  # (either one-time or recurring) and return.
+  def self.create(shop, subscription)
+    # Create the charge object locally first.
+    charge = subscription.charge_class.create!(
+      shop: shop,
+      subscription: subscription,
+    )
+
+    # Create the charge object on Shopify.
+    shopify_charge = shop.temp {
+      subscription.shopify_charge_class.create(
+        name: subscription.plan.name,
+        price: '%.2f' % (subscription.amount.to_f / 100.0),
+        trial_days: subscription.plan.has_trial? ? subscription.trial_period_days : nil,
+        return_url: charge.activate_url,
+        test: !DiscoApp.configuration.real_charges?
+      )
+    }
+
+    # If we couldn't create the charge on Shopify, return nil.
+    if shopify_charge.nil?
+      return nil
+    end
+
+    # Update the local record of the charge from Shopify's created charge, then
+    # return it.
+    charge.update(
+      shopify_id: shopify_charge.id,
+      confirmation_url: shopify_charge.confirmation_url
+    )
+    charge
+  end
+
+  # Attempt to activate the given Shopify charge for the given Shop using the
+  # Shopify API. Returns true on successful activation, false otherwise.
+  def self.activate(shop, charge)
+    begin
+      # Start by fetching the Shopify charge to check that it was accepted.
+      shopify_charge = shop.temp {
+        charge.subscription.shopify_charge_class.find(charge.shopify_id)
+      }
+
+      # Update the status of the local charge based on the Shopify charge.
+      charge.send("#{shopify_charge.status}!") if charge.respond_to? "#{shopify_charge.status}!"
+
+      # If the charge wasn't accepted, fail and return.
+      return false unless charge.accepted?
+
+      # If the charge was indeed accepted, activate it via Shopify.
+      charge.shop.temp {
+        shopify_charge.activate
+      }
+
+      # If the charge was recurring, make sure that all other local recurring
+      # charges are marked inactive.
+      if charge.recurring?
+        self.cancel_recurring_charges(shop, charge)
+      end
+
+      charge.active!
+
+      true
+    rescue
+      false
+    end
+  end
+
+  # Cancel all recurring charges for the given shop. If the optional charge
+  # parameter is given, it will be excluded from the cancellation.
+  def self.cancel_recurring_charges(shop, charge = nil)
+    charges = DiscoApp::RecurringApplicationCharge.where(shop: shop)
+    if charge.present?
+      charges = charges.where.not(id: charge)
+    end
+    charges.update_all(status: DiscoApp::RecurringApplicationCharge.statuses[:cancelled])
+  end
+
+end

data/app/services/disco_app/proxy_service.rb

@@ -0,0 +1,17 @@
+class DiscoApp::ProxyService
+
+  # Return true iff the signature provided in the given query string matches
+  # that calculated from the remaining query parameters and the given secret.
+  def self.proxy_signature_is_valid?(query_string, secret)
+    query_hash = Rack::Utils.parse_query(query_string)
+    signature = query_hash.delete('signature').to_s
+    ActiveSupport::SecurityUtils.variable_size_secure_compare(self.calculated_signature(query_hash, secret), signature)
+  end
+
+  # Return the calculated signature for the given query hash and secret.
+  def self.calculated_signature(query_hash, secret)
+    sorted_params = query_hash.collect{ |k, v| "#{k}=#{Array(v).join(',')}" }.sort.join
+    OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), secret, sorted_params)
+  end
+
+end

data/app/services/disco_app/subscription_service.rb

@@ -0,0 +1,46 @@
+class DiscoApp::SubscriptionService
+
+  # Subscribe the given shop to the given plan, optionally using the given plan
+  # code and optionally tracking the subscription source.
+  def self.subscribe(shop, plan, plan_code = nil, source = nil)
+
+    # If a plan code was provided, fetch it for the given plan.
+    plan_code_instance = nil
+    if plan_code.present?
+      plan_code_instance = DiscoApp::PlanCode.available.find_by(plan: plan, code: plan_code)
+    end
+
+    # Cancel any existing current subscriptions.
+    shop.subscriptions.current.update_all(
+      status: DiscoApp::Subscription.statuses[:cancelled],
+      cancelled_at: Time.now
+    )
+
+    # Get the amount that should be charged for the subscription.
+    subscription_amount = plan_code_instance.present? ? plan_code_instance.amount : plan.amount
+
+    # Get the date the subscription trial should end.
+    subscription_trial_period_days = plan_code_instance.present? ? plan_code_instance.trial_period_days : plan.trial_period_days
+
+    # Create the new subscription.
+    new_subscription = DiscoApp::Subscription.create!(
+      shop: shop,
+      plan: plan,
+      plan_code: plan_code_instance,
+      status: DiscoApp::Subscription.statuses[plan.has_trial? ? :trial : :active],
+      subscription_type: plan.plan_type,
+      amount: subscription_amount,
+      trial_period_days: plan.has_trial? ? subscription_trial_period_days : nil,
+      trial_start_at: plan.has_trial? ? Time.now : nil,
+      trial_end_at: plan.has_trial? ? subscription_trial_period_days.days.from_now : nil,
+      source: source
+    )
+
+    # Enqueue the subscription changed background job.
+    DiscoApp::SubscriptionChangedJob.perform_later(shop.shopify_domain, new_subscription)
+
+    # Return the new subscription.
+    new_subscription
+  end
+
+end

data/app/services/disco_app/webhook_service.rb

@@ -0,0 +1,30 @@
+class DiscoApp::WebhookService
+
+  # Return true iff the provided hmac_to_verify matches that calculated from the
+  # given data and secret.
+  def self.is_valid_hmac?(body, secret, hmac_to_verify)
+    ActiveSupport::SecurityUtils.secure_compare(self.calculated_hmac(body, secret), hmac_to_verify.to_s)
+  end
+
+  # Calculate the HMAC for the given data and secret.
+  def self.calculated_hmac(body, secret)
+    digest  = OpenSSL::Digest.new('sha256')
+    Base64.encode64(OpenSSL::HMAC.digest(digest, secret, body)).strip
+  end
+
+  # Try to find a job class for the given webhook topic.
+  def self.find_job_class(topic)
+    begin
+      # First try to find a top-level matching job class.
+      "#{topic}_job".gsub('/', '_').classify.constantize
+    rescue NameError
+      # If that fails, try to find a DiscoApp:: prefixed job class.
+      begin
+        %Q{DiscoApp::#{"#{topic}_job".gsub('/', '_').classify}}.constantize
+      rescue NameError
+        nil
+      end
+    end
+  end
+
+end

data/app/views/disco_app/admin/app_settings/edit.html.erb

@@ -0,0 +1,5 @@
+<% provide(:title, 'App Settings') %>
+
+<p>Update 'app/views/disco_app/admin/app_settings/edit.html.erb' on your own rails app.</p>
+
+

data/app/views/disco_app/admin/plans/_form.html.erb

@@ -0,0 +1,75 @@
+<section class="section">
+  <div class="layout-content">
+    <section class="layout-content__main">
+      <div class="row">
+        <div class="col-md-12">
+          <div class="next-card">
+
+              <header class="next-card__header">
+                <h3>Plan</h3>
+              </header>
+
+              <section class="next-card__section">
+                <div class="form-group">
+                  <%= f.label(:name, 'Name') %>
+                  <%= f.text_field(:name) %>
+                </div>
+
+                <div class="form-group">
+                <%= f.label(:status, 'Status') %>
+                <%= f.select(:status, DiscoApp::Plan.statuses.map { |s| [s.first.humanize, s.first] }) %>
+                </div>
+
+                <div class="form-group">
+                <%= f.label(:plan_type, 'Plan Type') %>
+                <%= f.select(:plan_type, DiscoApp::Plan.plan_types.map { |s| [s.first.humanize, s.first] }) %>
+                </div>
+
+                <div class="form-group">
+                <%= f.label(:trial_period_days, 'Trial Period Days') %>
+                <%= f.number_field(:trial_period_days) %>
+                </div>
+
+                <div class="form-group">
+                <%= f.label(:amount, 'Amount') %>
+                <%= f.number_field(:amount) %>
+                </div>
+              </section>
+          </div>
+        </div>
+        <div class="col-md-12">
+          <div class="next-card">
+
+              <header class="next-card__header">
+                <h3>Plan Codes</h3>
+              </header>
+
+              <section class="next-card__section">
+                <%= f.fields_for :plan_codes do |plan_code| %>
+                  <div class="row">
+                    <div class="col-md-24">
+                      <%= plan_code.label(:code, 'Code') %>
+                      <%= plan_code.text_field(:code) %>
+
+                      <%= plan_code.label(:trial_period_days, 'Trial Period Days') %>
+                      <%= plan_code.number_field(:trial_period_days) %>
+
+                      <%= plan_code.label(:amount, 'Amount') %>
+                      <%= plan_code.number_field(:amount) %>
+                      <hr>
+                    </div>
+                  </div>
+                <% end %>
+              </section>
+          </div>
+        </div>
+      </div>
+      <hr />
+      <div class="row">
+        <div class="col-md-12">
+          <%= f.submit 'Save', { class: 'btn btn-primary' } %>
+        </div>
+      </div>
+    </section>
+  </div>
+</section>

data/app/views/disco_app/admin/plans/edit.html.erb

@@ -0,0 +1,7 @@
+<% provide(:title, 'Edit Plan') %>
+
+<%= form_for(@plan, url: admin_plan_path(@plan)) do |f| %>
+  <%= render 'form', f: f %>
+<% end %>
+
+<%= link_to 'Back', admin_plans_path, { class: 'btn btn-default' } %>