disco_app 0.9.9

data/app/assets/stylesheets/disco_app/ui-kit/_ui-layout.scss

@@ -0,0 +1,15 @@
+//
+// ui-layout.scss
+// Styles for UI layout not provided by the Channel
+// SDK UI Kit.
+// --------------------------------------------------
+
+body {
+  margin: 0;
+  padding: 0;
+}
+
+ul, ol, dl {
+  margin: 0;
+  padding: 0;
+}

data/app/assets/stylesheets/disco_app/ui-kit/_ui-page-actions.scss

@@ -0,0 +1,21 @@
+//
+// ui-page-actions.scss
+// Styles for UI page actions not provided by the
+// Channel SDK UI Kit.
+// --------------------------------------------------
+
+.ui-page-actions {
+  @include flexbox();
+  margin: 0 auto 20px auto;
+  max-width: 1036px;
+}
+
+.ui-page-actions__primary {
+  @include flex(1 1 auto);
+  padding-right: 20px;
+}
+
+.ui-page-actions__secondary {
+  @include flex(1 1 auto);
+  padding: 0 20px;
+}

data/app/assets/stylesheets/disco_app/ui-kit/_ui-tabs.scss

@@ -0,0 +1,75 @@
+//
+// ui-tabs.scss
+// Styles for tabs not provided by the Channel SDK UI
+// Kit.
+// --------------------------------------------------
+
+.next-tab__list {
+  padding: 0;
+  margin: 0;
+  list-style: none;
+  background-color: #f5f6f7;
+  overflow: visible;
+  border-radius: 3px 3px 0 0;
+
+  flex-wrap: nowrap;
+  display: flex;
+  align-items: stretch;
+
+  > li {
+    position: relative;
+    flex-grow: 0;
+    flex-shrink: 0;
+    display: flex;
+    align-items: stretch;
+
+    &:first-child .next-tab {
+      border-top-left-radius: 3px;
+    }
+  }
+}
+
+.next-tab {
+  color: rgba(0,0,0,0.56);
+  padding: 15px 20px;
+  text-decoration: none;
+  border-right: 1px solid #ebeef0;
+  border-bottom: 1px solid #ebeef0;
+  text-align: center;
+  line-height: 1;
+  cursor: pointer;
+  position: relative;
+  -webkit-box-flex: 1;
+  -webkit-flex-grow: 1;
+  -ms-flex-positive: 1;
+  flex-grow: 1;
+  display: -webkit-box;
+  display: -webkit-flex;
+  display: -ms-flexbox;
+  display: flex;
+  -webkit-box-align: center;
+  -webkit-align-items: center;
+  -ms-flex-align: center;
+  align-items: center;
+  -webkit-box-pack: center;
+  -webkit-justify-content: center;
+  -ms-flex-pack: center;
+  justify-content: center;
+
+  &:focus,
+  &:hover {
+    outline: none;
+    background-color: #fafbfc;
+    color: #0078bd;
+    text-decoration: none;
+  }
+
+  &.next-tab--is-active {
+    font-weight: normal;
+    color: rgba(0,0,0,0.9);
+    background-color: #ffffff;
+    border-bottom-color: #ffffff;
+    cursor: default;
+    text-decoration: none;
+  }
+}

data/app/assets/stylesheets/disco_app/ui-kit/_ui-type.scss

@@ -0,0 +1,13 @@
+//
+// ui-type.scss
+// Styles for type not provided by the Channel SDK UI
+// Kit.
+// --------------------------------------------------
+
+hr {
+  color: #e6e6e6;
+  background-color: #e6e6e6;
+  height: 1px;
+  padding: 0;
+  border: 0;
+}

data/app/controllers/disco_app/admin/app_settings_controller.rb

@@ -0,0 +1,3 @@
+class DiscoApp::Admin::AppSettingsController < DiscoApp::Admin::ApplicationController
+  include DiscoApp::Admin::Concerns::AppSettingsController
+end

data/app/controllers/disco_app/admin/application_controller.rb

@@ -0,0 +1,3 @@
+class DiscoApp::Admin::ApplicationController < ActionController::Base
+  include DiscoApp::Admin::Concerns::AuthenticatedController
+end

data/app/controllers/disco_app/admin/concerns/app_settings_controller.rb

@@ -0,0 +1,24 @@
+module DiscoApp::Admin::Concerns::AppSettingsController
+  extend ActiveSupport::Concern
+
+  def edit
+    @app_settings = DiscoApp::AppSettings.instance
+  end
+
+  def update
+    @app_settings = DiscoApp::AppSettings.instance
+    if @app_settings.update_attributes(app_settings_params)
+      flash[:success] = 'Settings updated.'
+      redirect_to edit_admin_app_settings_path
+    else
+      render 'edit'
+    end
+  end
+
+  private
+
+    def app_settings_params
+      params.require(:app_settings)
+    end
+
+end

data/app/controllers/disco_app/admin/concerns/authenticated_controller.rb

@@ -0,0 +1,20 @@
+module DiscoApp::Admin::Concerns::AuthenticatedController
+  extend ActiveSupport::Concern
+
+  included do
+
+    protect_from_forgery with: :exception
+    before_action :authenticate_administrator
+    layout 'admin'
+
+  end
+
+  private
+
+    def authenticate_administrator
+      authenticate_or_request_with_http_basic do |username, password|
+        (not username.blank?) && (not password.blank?) && username == ENV['ADMIN_APP_USERNAME'] && password == ENV['ADMIN_APP_PASSWORD']
+      end
+    end
+
+end

data/app/controllers/disco_app/admin/concerns/plans_controller.rb

@@ -0,0 +1,54 @@
+module DiscoApp::Admin::Concerns::PlansController
+  extend ActiveSupport::Concern
+
+  included do
+    before_action :find_plan, only: [:edit, :update, :destroy]
+  end
+
+  def index
+    @plans = DiscoApp::Plan.all
+  end
+
+  def new
+    @plan = DiscoApp::Plan.new
+  end
+
+  def create
+    @plan = DiscoApp::Plan.new(plan_params)
+    if @plan.save
+      redirect_to admin_plans_path
+    else
+      render 'new'
+    end
+  end
+
+  def edit
+  end
+
+  def update
+    if @plan.update_attributes(plan_params)
+      redirect_to edit_admin_plan_path(@plan)
+    else
+      render 'edit'
+    end
+  end
+
+  def destroy
+    @plan.destroy
+    redirect_to admin_plans_path
+  end
+
+  private
+
+    def find_plan
+      @plan = DiscoApp::Plan.find(params[:id])
+    end
+
+    def plan_params
+      params.require(:plan).permit(
+        :name, :status, :plan_type, :trial_period_days, :amount,
+        :plan_codes_attributes => [:id, :_destroy, :code, :trial_period_days, :amount]
+      )
+    end
+
+end

data/app/controllers/disco_app/admin/concerns/shops_controller.rb

@@ -0,0 +1,7 @@
+module DiscoApp::Admin::Concerns::ShopsController
+  extend ActiveSupport::Concern
+
+  def index
+  end
+
+end

data/app/controllers/disco_app/admin/concerns/subscriptions_controller.rb

@@ -0,0 +1,29 @@
+module DiscoApp::Admin::Concerns::SubscriptionsController
+  extend ActiveSupport::Concern
+
+  included do
+    before_action :find_subscription
+  end
+
+  def edit
+  end
+
+  def update
+    if @subscription.update_attributes(subscription_params)
+      redirect_to edit_admin_shop_subscription_path(@subscription.shop, @subscription)
+    else
+      render 'edit'
+    end
+  end
+
+  private
+
+    def find_subscription
+      @subscription = DiscoApp::Subscription.find_by_id(params[:id])
+    end
+
+    def subscription_params
+      params.require(:subscription).permit(:amount, :trial_period_days)
+    end
+
+end

data/app/controllers/disco_app/admin/plans_controller.rb

@@ -0,0 +1,3 @@
+class DiscoApp::Admin::PlansController < DiscoApp::Admin::ApplicationController
+  include DiscoApp::Admin::Concerns::PlansController
+end

data/app/controllers/disco_app/admin/resources/shops_controller.rb

@@ -0,0 +1,3 @@
+class DiscoApp::Admin::Resources::ShopsController < JSONAPI::ResourceController
+  include DiscoApp::Admin::Concerns::AuthenticatedController
+end

data/app/controllers/disco_app/admin/shops_controller.rb

@@ -0,0 +1,3 @@
+class DiscoApp::Admin::ShopsController < DiscoApp::Admin::ApplicationController
+  include DiscoApp::Admin::Concerns::ShopsController
+end

data/app/controllers/disco_app/admin/subscriptions_controller.rb

@@ -0,0 +1,3 @@
+class DiscoApp::Admin::SubscriptionsController < DiscoApp::Admin::ApplicationController
+  include DiscoApp::Admin::Concerns::SubscriptionsController
+end

data/app/controllers/disco_app/charges_controller.rb

@@ -0,0 +1,47 @@
+class DiscoApp::ChargesController < ApplicationController
+  include DiscoApp::Concerns::AuthenticatedController
+
+  skip_before_action :check_active_charge
+  before_action :find_subscription
+
+  # Display a "pre-charge" page, giving the opportunity to explain why a charge
+  # needs to be made.
+  def new
+  end
+
+  # Attempt to create a new charge for the logged in shop and selected
+  # subscription. If successful, redirect to the (external) charge confirmation
+  # URL. If it fails, redirect back to the new charge page.
+  def create
+    if(charge = DiscoApp::ChargesService.create(@shop, @subscription)).nil?
+      redirect_to action: :new
+    else
+      redirect_to charge.confirmation_url
+    end
+  end
+
+  # Attempt to activate a charge after a user has accepted or declined it.
+  # Redirect to the main application's root URL immediately afterwards - if the
+  # charge wasn't accepted, the flow will start again.
+  def activate
+    # First attempt to find a matching charge.
+    if(charge = @subscription.charges.find_by(id: params[:id], shopify_id: params[:charge_id])).nil?
+      redirect_to action: :new and return
+    end
+    if DiscoApp::ChargesService.activate(@shop, charge)
+      redirect_to main_app.root_url
+    else
+      redirect_to action: :new
+    end
+  end
+
+  private
+
+    def find_subscription
+      @subscription = @shop.subscriptions.find_by_id!(params[:subscription_id])
+      unless @subscription.requires_active_charge? and not @subscription.active_charge?
+        redirect_to main_app.root_url
+      end
+    end
+
+end

data/app/controllers/disco_app/concerns/app_proxy_controller.rb

@@ -0,0 +1,40 @@
+module DiscoApp::Concerns::AppProxyController
+  extend ActiveSupport::Concern
+
+  included do
+    before_action :verify_proxy_signature
+    before_action :shopify_shop
+    after_action :add_liquid_header
+
+    rescue_from ActiveRecord::RecordNotFound do |exception|
+      render_error 404
+    end
+  end
+
+  private
+
+    def verify_proxy_signature
+      unless proxy_signature_is_valid?
+        head :unauthorized
+      end
+    end
+
+    def proxy_signature_is_valid?
+      return true if Rails.env.development? and DiscoApp.configuration.skip_proxy_verification?
+      DiscoApp::ProxyService.proxy_signature_is_valid?(request.query_string, ShopifyApp.configuration.secret)
+    end
+
+    def shopify_shop
+      @shop = DiscoApp::Shop.find_by_shopify_domain!(params[:shop])
+    end
+
+    def add_liquid_header
+      response.headers['Content-Type'] = 'application/liquid'
+    end
+
+    def render_error(status)
+      add_liquid_header
+      render "disco_app/proxy_errors/#{status}", status: status
+    end
+
+end

data/app/controllers/disco_app/concerns/authenticated_controller.rb

@@ -0,0 +1,56 @@
+module DiscoApp::Concerns::AuthenticatedController
+  extend ActiveSupport::Concern
+
+  included do
+    before_action :login_again_if_different_shop
+    before_action :shopify_shop
+    before_action :check_installed
+    before_action :check_current_subscription
+    before_action :check_active_charge
+    around_filter :shopify_session
+    layout 'embedded_app'
+  end
+
+  private
+
+    def shopify_shop
+      if shop_session
+        @shop = DiscoApp::Shop.find_by!(shopify_domain: @shop_session.url)
+      else
+        redirect_to_login
+      end
+    end
+
+    def check_installed
+      if @shop.awaiting_install? or @shop.installing?
+        redirect_if_not_current_path disco_app.installing_path
+        return
+      end
+      if @shop.awaiting_uninstall? or @shop.uninstalling?
+        redirect_if_not_current_path disco_app.uninstalling_path
+        return
+      end
+      unless @shop.installed?
+        redirect_if_not_current_path disco_app.install_path
+      end
+    end
+
+    def check_current_subscription
+      unless @shop.current_subscription?
+        redirect_if_not_current_path disco_app.new_subscription_path
+      end
+    end
+
+    def check_active_charge
+      if @shop.current_subscription? and @shop.current_subscription.requires_active_charge? and not @shop.development? and not @shop.current_subscription.active_charge?
+        redirect_if_not_current_path disco_app.new_subscription_charge_path(@shop.current_subscription)
+      end
+    end
+
+    def redirect_if_not_current_path(target)
+      if request.path != target
+        redirect_to target
+      end
+    end
+
+end

data/app/controllers/disco_app/concerns/carrier_request_controller.rb

@@ -0,0 +1,21 @@
+module DiscoApp::Concerns::CarrierRequestController
+  extend ActiveSupport::Concern
+
+  included do
+    before_action :verify_carrier_request
+  end
+
+  private
+
+    def verify_carrier_request
+      unless carrier_request_signature_is_valid?
+        head :unauthorized
+      end
+    end
+
+    def carrier_request_signature_is_valid?
+      return true if Rails.env.development? and DiscoApp.configuration.skip_carrier_request_verification?
+      DiscoApp::CarrierRequestService.is_valid_hmac?(request.body.read.to_s, ShopifyApp.configuration.secret, request.headers['HTTP_X_SHOPIFY_HMAC_SHA256'])
+    end
+
+end

data/app/controllers/disco_app/frame_controller.rb

@@ -0,0 +1,9 @@
+class DiscoApp::FrameController < ActionController::Base
+
+  layout nil
+
+  def frame
+
+  end
+
+end

data/app/controllers/disco_app/install_controller.rb

@@ -0,0 +1,27 @@
+class DiscoApp::InstallController < ApplicationController
+  include DiscoApp::Concerns::AuthenticatedController
+
+  skip_before_action :check_current_subscription
+  skip_before_action :check_active_charge
+
+  # Start the installation process for the current shop, then redirect to the installing screen.
+  def install
+    DiscoApp::AppInstalledJob.perform_later(@shop, cookies[DiscoApp::CODE_COOKIE_KEY], cookies[DiscoApp::SOURCE_COOKIE_KEY])
+    redirect_to action: :installing
+  end
+
+  # Display an "installing" page.
+  def installing
+    if @shop.installed?
+      redirect_to main_app.root_path
+    end
+  end
+
+  # Display an "uninstalling" page. Should be almost never used.
+  def uninstalling
+    if @shop.uninstalled?
+      redirect_to main_app.root_path
+    end
+  end
+
+end

data/app/controllers/disco_app/subscriptions_controller.rb

@@ -0,0 +1,32 @@
+class DiscoApp::SubscriptionsController < ApplicationController
+  include DiscoApp::Concerns::AuthenticatedController
+
+  skip_before_action :check_current_subscription
+
+  def new
+    @subscription = DiscoApp::Subscription.new
+  end
+
+  def create
+    # Get the selected plan. If it's not available or couldn't be found,
+    # redirect back to the plan selection page.
+    if(plan = DiscoApp::Plan.available.find_by_id(subscription_params[:plan])).nil?
+      redirect_to action: :new and return
+    end
+
+    # Subscribe the current shop to the selected plan. Pass along any cookied
+    # plan code and source code.
+    if(subscription = DiscoApp::SubscriptionService.subscribe(@shop, plan, cookies[DiscoApp::CODE_COOKIE_KEY], cookies[DiscoApp::SOURCE_COOKIE_KEY])).nil?
+      redirect_to action: :new
+    else
+      redirect_to main_app.root_path
+    end
+  end
+
+  private
+
+    def subscription_params
+      params.require(:subscription).permit(:plan, :plan_code)
+    end
+
+end

data/app/controllers/disco_app/webhooks_controller.rb

@@ -0,0 +1,46 @@
+module DiscoApp
+  class WebhooksController < ActionController::Base
+
+    before_action :verify_webhook
+
+    def process_webhook
+      # Get the topic and domain for this webhook.
+      topic = request.headers['HTTP_X_SHOPIFY_TOPIC']
+      domain = request.headers['HTTP_X_SHOPIFY_SHOP_DOMAIN']
+
+      # Ensure a domain was provided in the headers.
+      unless domain
+        head :bad_request
+      end
+
+      # Try to find a matching background job task for the given topic using class name.
+      job_class = DiscoApp::WebhookService.find_job_class(topic)
+
+      # Return bad request if we couldn't match a job class.
+      unless job_class.present?
+        head :bad_request
+      end
+
+      # Decode the body data and enqueue the appropriate job.
+      data = ActiveSupport::JSON::decode(request.body.read).with_indifferent_access
+      job_class.perform_later(domain, data)
+
+      render nothing: true
+    end
+
+    private
+
+      def verify_webhook
+        unless webhook_is_valid?
+          head :unauthorized
+        end
+        request.body.rewind
+      end
+
+      def webhook_is_valid?
+        return true if Rails.env.development? and DiscoApp.configuration.skip_webhook_verification?
+        DiscoApp::WebhookService.is_valid_hmac?(request.body.read.to_s, ShopifyApp.configuration.secret, request.headers['HTTP_X_SHOPIFY_HMAC_SHA256'])
+      end
+
+  end
+end

data/app/controllers/sessions_controller.rb

@@ -0,0 +1,28 @@
+class SessionsController < ApplicationController
+  include ShopifyApp::SessionsController
+
+  def referral
+    cookies[DiscoApp::SOURCE_COOKIE_KEY] = params[:source] if params[:source].present?
+    cookies[DiscoApp::CODE_COOKIE_KEY] = params[:code] if params[:code].present?
+    redirect_to root_path
+  end
+
+  protected
+
+    # Override the authenticate method to allow skipping OAuth in development
+    # mode. Skipping OAuth still requires a shop with Shopify domain specified
+    # by the `shop` parameter to be present in the local database.
+    def authenticate
+      if Rails.env.development? and DiscoApp.configuration.skip_oauth?
+        shop = DiscoApp::Shop.find_by_shopify_domain!(sanitized_shop_name)
+
+        sess = ShopifyAPI::Session.new(shop.shopify_domain, shop.shopify_token)
+        session[:shopify] = ShopifyApp::SessionRepository.store(sess)
+        session[:shopify_domain] = sanitized_shop_name
+
+        redirect_to disco_app.frame_path and return
+      end
+      super
+    end
+
+end

data/app/helpers/disco_app/application_helper.rb

@@ -0,0 +1,50 @@
+module DiscoApp::ApplicationHelper
+
+  # Generates a link pointing to an object (such as an order or customer) inside
+  # the given shop's Shopify admin. This helper makes it easy to  create links
+  # to objects within the admin that support both right-clicking and opening in
+  # a new tab as well as capturing a left click and redirecting to the relevant
+  # object using `ShopifyApp.redirect()`.
+  def link_to_shopify_admin(shop, name, admin_path, options = {})
+    options[:onclick] = "ShopifyApp.redirect('#{admin_path}'); return false;"
+    options[:'data-no-turbolink'] = true
+    link_to(name, "https://#{shop.shopify_domain}/admin/#{admin_path}", options)
+  end
+
+  # Generate a link that will open its href in an embedded Shopify modal.
+  def link_to_modal(name, path, options = {})
+    modal_options = {
+      src: path,
+      title: options.delete(:modal_title),
+      width: options.delete(:modal_width),
+      height: options.delete(:modal_height),
+      buttons: options.delete(:modal_buttons),
+    }
+    options[:onclick] = "ShopifyApp.Modal.open(#{modal_options.to_json}); return false;"
+    options[:onclick].gsub!(/"function(.*?)"/, 'function\1')
+    link_to(name, path, options)
+  end
+
+  # Render a React component with inner HTML content.
+  # Thanks to https://github.com/reactjs/react-rails/pull/166#issuecomment-86178980
+  def react_component_with_content(name, args = {}, options = {}, &block)
+    args[:__html] = capture(&block) if block.present?
+    react_component(name, args, options)
+  end
+
+  # Provide link to dynamically add a new nested fields association 
+  def link_to_add_fields(name, f, association)
+    new_object = f.object.send(association).klass.new
+    id = new_object.object_id
+    fields = f.fields_for(association, new_object, child_index: id) do |builder|
+      render(association.to_s.singularize + "_fields", f: builder)
+    end
+    link_to(name, '#', class: "add_fields", data: {id: id, fields: fields.gsub("\n", "")})
+  end
+
+  # Helper method that provides detailed error information from an active record as JSON
+  def errors_to_react(record)
+    {type: record.model_name.human.downcase, errors: record.errors.keys, messages: record.errors.full_messages}.as_json
+  end
+
+end

data/app/jobs/disco_app/app_installed_job.rb

@@ -0,0 +1,3 @@
+class DiscoApp::AppInstalledJob < DiscoApp::ShopJob
+  include DiscoApp::Concerns::AppInstalledJob
+end

data/app/jobs/disco_app/app_uninstalled_job.rb

@@ -0,0 +1,3 @@
+class DiscoApp::AppUninstalledJob < DiscoApp::ShopJob
+  include DiscoApp::Concerns::AppUninstalledJob
+end