folked-venice 0.5.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: d0106d4861052d62e1deab824561dda6e8c3b1228525e209c8071b425bfbd111
+  data.tar.gz: 8a21855a20ae2842beed502519fdc08e901de61be2cb9c4d112651246145d426
+SHA512:
+  metadata.gz: 5b751b8828216313749ae85e68df5c88cf966d17d957fdb0f152379351a76cc42abc2f24c3136d93cf915deaf36efc813b5850a2b8fac08e63ccfc761c199d8a
+  data.tar.gz: f36858c2610318004fbea5c6f7acca802b4859ef7c77c44398ecec304a9cac25b4ceaf9be4bf8e5f01b5eef7a5bab1bbba20f09646e255613fceecdd5ddb65aa

data/Gemfile

@@ -0,0 +1,6 @@
+source 'https://rubygems.org'
+
+git_source(:github) {|repo_name| "https://github.com/#{repo_name}" }
+
+# Specify your gem's dependencies in hello-rspec.gemspec
+gemspec

data/LICENSE

@@ -0,0 +1,19 @@
+Copyright (c) 2013–2015 Mattt Thompson (http://mattt.me/)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,99 @@
+![Venice](https://raw.github.com/nomad/nomad.github.io/assets/venice-banner.png)
+
+[![Travis](https://img.shields.io/travis/nomad/venice.svg)](https://travis-ci.org/nomad/venice)
+
+Venice is a simple gem for verifying Apple In-App Purchase receipts, and retrieving the information associated with receipt data.
+
+There are two reasons why you should verify in-app purchase receipts on the server: First, it allows you to keep your own records of past purchases, which is useful for up-to-the-minute metrics and historical analysis. Second, server-side verification over SSL is the most reliable way to determine the authenticity of purchasing records.
+
+See Apple's [Receipt Validation Programming Guide](https://developer.apple.com/library/content/releasenotes/General/ValidateAppStoreReceipt/Introduction.html) for additional information.
+
+> Venice is named for [Venice, Italy](http://en.wikipedia.org/wiki/Venice,_Italy)—or more specifically, Shakespeare's [_The Merchant of Venice_](http://en.wikipedia.org/wiki/The_Merchant_of_Venice).
+> It's part of a series of world-class command-line utilities for iOS development, which includes [Cupertino](https://github.com/mattt/cupertino) (Apple Dev Center management), [Shenzhen](https://github.com/mattt/shenzhen) (Building & Distribution), [Houston](https://github.com/mattt/houston) (Push Notifications), [Dubai](https://github.com/mattt/dubai) (Passbook pass generation), and [Nashville](https://github.com/nomad/nashville) (iTunes Store API).
+
+## Installation
+
+    $ gem install venice
+
+## Usage
+
+### Basic
+
+```ruby
+require 'venice'
+
+data = '(Base64-Encoded Receipt Data)'
+if receipt = Venice::Receipt.verify(data)
+  p receipt.to_h
+
+  # You can refer an original JSON response via a Receipt instance.
+  case receipt.original_json_response['status'].to_i
+    when 0     then foo
+    when 21006 then bar
+  end
+end
+```
+
+### For Auto-Renewable
+
+```ruby
+require 'venice'
+
+data = '(Base64-Encoded Receipt Data)'
+
+# You must pass shared secret when verification on Auto-Renewable
+opts = { shared_secret: 'your key' }
+
+if receipt = Venice::Receipt.verify(data, opts)
+  # Renewed receipts are added into `latest_receipt_info` array.
+  p receipt.latest_receipt_info.map(&:expires_at)
+  # => [2016-05-19 20:35:59 +0000, 2016-06-18 20:35:59 +0000, 2016-07-18 20:35:59 +0000]
+end
+```
+
+## Command Line Interface
+
+Venice also comes with the `iap` binary, which provides a convenient way to verify receipts from the command line.
+
+
+    $ iap verify /path/to/receipt
+
+    +--------------------------------+------------------------------------+
+    |                               Receipt                               |
+    +--------------------------------+------------------------------------+
+    | adam_id                        | 664753504                          |
+    | application_version            | 123                                |
+    | bundle_id                      | com.example.product                |
+    | download_id                    | 30000000000005                     |
+    | expires_at                     |                                    |
+    | latest_receipt                 |                                    |
+    | original_application_version   | 123                                |
+    | original_purchase_date         | Fri, 07 Mar 2014 20:59:24 GMT      |
+    | receipt_type                   | Production                         |
+    | receipt_created_at             | Mon, 23 Jun 2014 17:59:38 GMT      |
+    | requested_at                   | Mon, 23 Jun 2014 17:59:38 GMT      |
+    +--------------------------------+------------------------------------+
+    | in_app                         | 1                                  |
+    |  - app_item_id                 |                                    |
+    |  - cancellation_at             |                                    |
+    |  - expires_at                  |                                    |
+    |  - original_purchase_date      |                                    |
+    |  - original_transaction_id     | 1000000000000001                   |
+    |  - product_id                  | com.example.product                |
+    |  - purchase_date               |                                    |
+    |  - quantity                    | 1                                  |
+    |  - transaction_id              | 1000000000000001                   |
+    |  - web_order_line_item_id      | 1000000000000001                   |
+    |  - version_external_identifier |                                    |
+    |  - is_trial_period             | true                               |
+    |  - is_in_intro_offer_period    | true                               |
+    +--------------------------------+------------------------------------+
+
+
+## Creator
+
+Mattt Thompson ([@mattt](https://twitter.com/mattt))
+
+## License
+
+Venice is available under the MIT license. See the LICENSE file for more info.

data/Rakefile

@@ -0,0 +1,6 @@
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
+
+RSpec::Core::RakeTask.new(:spec)
+
+task default: :spec

data/bin/iap

@@ -0,0 +1,64 @@
+#!/usr/bin/env ruby
+
+require 'venice'
+
+require 'commander/import'
+require 'terminal-table'
+
+HighLine.track_eof = false # Fix for built-in Ruby
+Signal.trap('INT') {} # Suppress backtrace when exiting command
+
+program :version, Venice::VERSION
+program :description, 'A command-line interface for verifying Apple In-App Purchase receipts'
+
+program :help, 'Author', 'Mattt Thompson <m@mattt.me>'
+program :help, 'Website', 'https://github.com/mattt'
+program :help_formatter, :compact
+
+default_command :help
+
+command :verify do |c|
+  c.syntax = 'iap verify RECEIPT'
+  c.summary = 'Verifies an In-App Purchase Receipt'
+  c.description = ''
+  c.option '-S', '--[no-]sandbox', 'Use sandbox verification webservice'
+  c.option '-p', '--secret SECRET', 'Use a shared secret for auto-renewable subscription receipts'
+
+  c.example 'description', 'iap verify /path/to/receipt [--secret shared_secret]'
+
+  c.action do |args, options|
+    say_error('Missing receipt argument') and abort unless file = args.first
+    say_error 'Receipt file does not exist' unless File.exist?(file)
+
+    client = options.sandbox ? Venice::Client.development : Venice::Client.production
+    client.shared_secret = options.secret if options.secret
+
+    begin
+      receipt = client.verify!(File.read(file))
+
+      table = Terminal::Table.new title: 'Receipt' do |t|
+        hash = receipt.to_h
+        hash.keys.sort.each do |key|
+          next if key == :in_app
+          t << [key, hash[key]]
+        end
+
+        if hash[:in_app]
+          index = 0
+          hash[:in_app].each do |iap|
+            index += 1
+            t << :separator
+            t << [:in_app, index]
+            iap.keys.sort.each do |key|
+              t << [" - #{key}", iap[key]]
+            end
+          end
+        end
+      end
+
+      puts table
+    rescue StandardError => error
+      say_error(error.message) and abort
+    end
+  end
+end

data/daiki44.gemspec

@@ -0,0 +1,27 @@
+$LOAD_PATH.push File.expand_path('lib', __dir__)
+
+Gem::Specification.new do |s|
+  s.name        = 'folked-venice'
+  s.authors     = ['daiki.sekiguchi']
+  s.email       = 'sekiseki0213@gmail.com'
+  s.license     = 'MIT'
+  s.homepage    = 'https://daiki-sekiguchi.com'
+  s.version     = '0.5.0.1'
+  s.platform    = Gem::Platform::RUBY
+  s.summary     = 'iTunes In-App Purchase Receipt Verification'
+  s.description = 'Ruby Gem for In-App Purchase Receipt Verification'
+
+  s.add_dependency 'commander', '~> 4.1'
+  s.add_dependency 'json'
+  s.add_dependency 'terminal-table', '~> 1.4'
+
+  s.add_development_dependency 'rake'
+  s.add_development_dependency 'rspec', '~> 3.6'
+  s.add_development_dependency 'rspec-its', '~> 1.2'
+  s.add_development_dependency 'simplecov'
+
+  s.files         = Dir['./**/*'].reject { |file| file =~ /\.\/(bin|log|pkg|script|spec|test|vendor)/ }
+  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.executables   = `git ls-files -- bin/*`.split("\n").map { |f| File.basename(f) }
+  s.require_paths = ['lib']
+end

data/lib/venice.rb

@@ -0,0 +1,5 @@
+require 'venice/version'
+require 'venice/client'
+require 'venice/in_app_receipt'
+require 'venice/receipt'
+require 'venice/pending_renewal_info'

data/lib/venice/client.rb

@@ -0,0 +1,116 @@
+require 'json'
+require 'net/https'
+require 'uri'
+
+module Venice
+  ITUNES_PRODUCTION_RECEIPT_VERIFICATION_ENDPOINT = 'https://buy.itunes.apple.com/verifyReceipt'
+  ITUNES_DEVELOPMENT_RECEIPT_VERIFICATION_ENDPOINT = 'https://sandbox.itunes.apple.com/verifyReceipt'
+
+  class Client
+    attr_accessor :verification_url
+    attr_writer :shared_secret
+    attr_writer :exclude_old_transactions
+
+    class << self
+      def development
+        client = new
+        client.verification_url = ITUNES_DEVELOPMENT_RECEIPT_VERIFICATION_ENDPOINT
+        client
+      end
+
+      def production
+        client = new
+        client.verification_url = ITUNES_PRODUCTION_RECEIPT_VERIFICATION_ENDPOINT
+        client
+      end
+    end
+
+    def initialize
+      @verification_url = ENV['IAP_VERIFICATION_ENDPOINT']
+    end
+
+    def verify!(data, options = {})
+      @shared_secret = options[:shared_secret] if options[:shared_secret]
+      @exclude_old_transactions = options[:exclude_old_transactions] if options[:exclude_old_transactions]
+
+      json = json_response_from_verifying_data(data, options)
+      receipt_attributes = json['receipt'].dup if json['receipt']
+      receipt_attributes['original_json_response'] = json if receipt_attributes
+
+      case json['status'].to_i
+      when 0, 21006
+        receipt = Receipt.new(receipt_attributes)
+
+        # From Apple docs:
+        # > Only returned for iOS 6 style transaction receipts for auto-renewable subscriptions.
+        # > The JSON representation of the receipt for the most recent renewal
+        if latest_receipt_info_attributes = json['latest_receipt_info']
+          latest_receipt_info_attributes = [latest_receipt_info_attributes] if latest_receipt_info_attributes.is_a?(Hash)
+
+          # AppStore returns 'latest_receipt_info' even if we use over iOS 6. Besides, its format is an Array.
+          if latest_receipt_info_attributes.is_a?(Array)
+            receipt.latest_receipt_info = []
+            latest_receipt_info_attributes.each do |latest_receipt_info_attribute|
+              # latest_receipt_info format is identical with in_app
+              receipt.latest_receipt_info << InAppReceipt.new(latest_receipt_info_attribute)
+            end
+          else
+            receipt.latest_receipt_info = latest_receipt_info_attributes
+          end
+        end
+
+        return receipt
+      else
+        raise Receipt::VerificationError, json
+      end
+    end
+
+    private
+
+    def json_response_from_verifying_data(data, options = {})
+      parameters = {
+        'receipt-data' => data
+      }
+
+      parameters['password'] = @shared_secret if @shared_secret
+      parameters['exclude-old-transactions'] = @exclude_old_transactions if @exclude_old_transactions
+
+      uri = URI(@verification_url)
+      http = Net::HTTP.new(uri.host, uri.port)
+      http.use_ssl = true
+      http.verify_mode = OpenSSL::SSL::VERIFY_PEER
+
+      http.open_timeout = options[:open_timeout] if options[:open_timeout]
+      http.read_timeout = options[:read_timeout] if options[:read_timeout]
+
+      request = Net::HTTP::Post.new(uri.request_uri)
+      request['Accept'] = 'application/json'
+      request['Content-Type'] = 'application/json'
+      request.body = parameters.to_json
+
+      begin
+        response = http.request(request)
+      rescue Timeout::Error
+        raise TimeoutError
+      end
+
+      begin
+        JSON.parse(response.body)
+      rescue JSON::ParserError
+        raise InvalidResponseError
+      end
+    end
+  end
+
+  class Client::TimeoutError < Timeout::Error
+    def message
+      'The App Store timed out.'
+    end
+  end
+
+  class Client::InvalidResponseError < StandardError
+    def message
+      'The App Store returned invalid response'
+    end
+  end
+end

data/lib/venice/in_app_receipt.rb

@@ -0,0 +1,121 @@
+require 'time'
+
+module Venice
+  class InAppReceipt
+    # For detailed explanations on these keys/values, see
+    # https://developer.apple.com/library/ios/releasenotes/General/ValidateAppStoreReceipt/Chapters/ReceiptFields.html#//apple_ref/doc/uid/TP40010573-CH106-SW12
+
+    # Original JSON data returned from Apple for an InAppReceipt object.
+    attr_reader :original_json_data
+
+    # The number of items purchased. This value corresponds to the quantity property of
+    # the SKPayment object stored in the transaction’s payment property.
+    attr_reader :quantity
+
+    # The product identifier of the item that was purchased. This value corresponds to
+    # the productIdentifier property of the SKPayment object stored in the transaction’s
+    # payment property.
+    attr_reader :product_id
+
+    # The transaction identifier of the item that was purchased. This value corresponds
+    # to the transaction’s transactionIdentifier property.
+    attr_reader :transaction_id
+
+    # The primary key for identifying subscription purchases. This value is a unique ID that identifies purchase events across devices, including subscription renewal purchase events.
+    # When restoring purchase, transaction_id could change
+    attr_reader :web_order_line_item_id
+
+    # The date and time this transaction occurred. This value corresponds to the
+    # transaction’s transactionDate property.
+    attr_reader :purchased_at
+
+    # A string that the App Store uses to uniquely identify the application that created
+    # the payment transaction. If your server supports multiple applications, you can use
+    # this value to differentiate between them. Applications that are executing in the
+    # sandbox do not yet have an app-item-id assigned to them, so this key is missing from
+    # receipts created by the sandbox.
+    attr_reader :app_item_id
+
+    # An arbitrary number that uniquely identifies a revision of your application. This key
+    # is missing in receipts created by the sandbox.
+    attr_reader :version_external_identifier
+
+    # For a transaction that restores a previous transaction, this is the original receipt
+    attr_accessor :original
+
+    # For auto-renewable subscriptions, returns the date the subscription will expire
+    attr_reader :expires_at
+
+    # For a transaction that was canceled by Apple customer support, the time and date of the cancellation.
+    # For an auto-renewable subscription plan that was upgraded, the time and date of the upgrade transaction.
+    attr_reader :cancellation_at
+
+    # Only present for auto-renewable subscription receipts. Value is true if the customer’s subscription is
+    # currently in the free trial period, false if not, nil if key is not present on receipt.
+    attr_reader :is_trial_period
+    # Only present for auto-renewable subscription receipts. Value is true if the customer’s subscription is
+    # currently in an introductory price period, false if not, nil if key is not present on receipt.
+    attr_reader :is_in_intro_offer_period
+
+    def initialize(attributes = {})
+      @original_json_data = attributes
+      @quantity = Integer(attributes['quantity']) if attributes['quantity']
+      @product_id = attributes['product_id']
+      @transaction_id = attributes['transaction_id']
+      @web_order_line_item_id = attributes['web_order_line_item_id']
+      @purchased_at = DateTime.parse(attributes['purchase_date']) if attributes['purchase_date']
+      @app_item_id = attributes['app_item_id']
+      @version_external_identifier = attributes['version_external_identifier']
+      @is_trial_period = attributes['is_trial_period'].to_s == 'true' if attributes['is_trial_period']
+      @is_in_intro_offer_period = attributes['is_in_intro_offer_period'] == 'true' if attributes['is_in_intro_offer_period']
+
+      # expires_date is in ms since the Epoch, Time.at expects seconds
+      if attributes['expires_date_ms']
+        @expires_at = Time.at(attributes['expires_date_ms'].to_i / 1000)
+      elsif attributes['expires_date'] && is_number?(attributes['expires_date'])
+        @expires_at = Time.at(attributes['expires_date'].to_i / 1000)
+      end
+
+      # cancellation_date is in ms since the Epoch, Time.at expects seconds
+      @cancellation_at = Time.at(attributes['cancellation_date_ms'].to_i / 1000) if attributes['cancellation_date_ms']
+
+      if attributes['original_transaction_id'] || attributes['original_purchase_date']
+        original_attributes = {
+          'transaction_id' => attributes['original_transaction_id'],
+          'purchase_date' => attributes['original_purchase_date']
+        }
+
+        self.original = InAppReceipt.new(original_attributes)
+      end
+    end
+
+    def to_hash
+      {
+        quantity: @quantity,
+        product_id: @product_id,
+        transaction_id: @transaction_id,
+        web_order_line_item_id: @web_order_line_item_id,
+        purchase_date: (@purchased_at.httpdate rescue nil),
+        original_transaction_id: (@original.transaction_id rescue nil),
+        original_purchase_date: (@original.purchased_at.httpdate rescue nil),
+        app_item_id: @app_item_id,
+        version_external_identifier: @version_external_identifier,
+        is_trial_period: @is_trial_period,
+        is_in_intro_offer_period: @is_in_intro_offer_period,
+        expires_at: (@expires_at.httpdate rescue nil),
+        cancellation_at: (@cancellation_at.httpdate rescue nil)
+      }
+    end
+    alias_method :to_h, :to_hash
+
+    def to_json
+      to_hash.to_json
+    end
+
+    private
+
+    def is_number?(string)
+      !!(string && string.to_s =~ /^[0-9]+$/)
+    end
+  end
+end