harpiya_api 4.3.0.alpha

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 409c86a0349c916e9e9c52be9bd722c36448dddd00ce047f803420f3e63d4ba8
+  data.tar.gz: f968607c6a8a35226467cd989bb6857cfc2dc3aa369d6c181af1294a67222bf9
+SHA512:
+  metadata.gz: 3a1e701ab0f0b8a0b2e71592d0b89439f50a5ca48f37b68980376a1a02035bf1f8d501f23eb519cecb96c71d48acef70e39105bb7968c3d187a18f0d2eec4bea
+  data.tar.gz: bf6958a28183d38407b2f9482f25b41077888c5ae8b50e8cd24c17e6806b3f9f2830d5e17276e3098caf90638bd967a4a26a64222865eec03570c7e346477d69

data/.gitignore

@@ -0,0 +1,17 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/Gemfile

@@ -0,0 +1,5 @@
+eval_gemfile('../common_harpiya_dependencies.rb')
+
+gem 'harpiya_core', path: '../core'
+
+gemspec

data/LICENSE

@@ -0,0 +1,26 @@
+Copyright (c) 2007-2015, Harpiya Commerce, Inc. and other contributors
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+    * Neither the name Harpiya nor the names of its contributors may be used to
+      endorse or promote products derived from this software without specific
+      prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

data/Rakefile

@@ -0,0 +1,29 @@
+require 'rubygems'
+require 'rake'
+require 'rake/testtask'
+require 'rspec/core/rake_task'
+require 'harpiya/testing_support/common_rake'
+
+RSpec::Core::RakeTask.new
+
+task default: :spec
+
+desc "Generates a dummy app for testing"
+task :test_app do
+  ENV['LIB_NAME'] = 'harpiya/api'
+  Rake::Task['common:test_app'].invoke
+end
+
+namespace :rswag do
+  namespace :specs do
+    desc 'Generate Swagger JSON files from integration specs'
+    RSpec::Core::RakeTask.new('swaggerize') do |t|
+      t.pattern = ENV.fetch(
+        'PATTERN',
+        'spec/integration/**/*_spec.rb'
+      )
+
+      t.rspec_opts = ['--format Rswag::Specs::SwaggerFormatter', '--order defined']
+    end
+  end
+end

data/app/assets/javascripts/harpiya/api/main.js

@@ -0,0 +1,36 @@
+//= require harpiya
+
+var HarpiyaAPI = {
+  oauthToken: null, // user Bearer token to authorize operations for the given user
+  orderToken: null // order token to authorize operations on current order (cart)
+}
+
+HarpiyaAPI.Storefront = {}
+HarpiyaAPI.Platform = {}
+
+// API routes
+Harpiya.routes.api_v2_storefront_cart_create = Harpiya.pathFor('api/v2/storefront/cart')
+Harpiya.routes.api_v2_storefront_cart_add_item = Harpiya.pathFor('api/v2/storefront/cart/add_item')
+Harpiya.routes.api_v2_storefront_cart_apply_coupon_code = Harpiya.pathFor('api/v2/storefront/cart/apply_coupon_code')
+
+// helpers
+HarpiyaAPI.handle500error = function () {
+  alert('Internal Server Error')
+}
+
+HarpiyaAPI.prepareHeaders = function (headers) {
+  if (typeof headers === 'undefined') {
+    headers = {}
+  }
+
+  // if signed in we need to pass the Bearer authorization token
+  // so backend will recognize that actions are authorized in scope of this user
+  if (HarpiyaAPI.oauthToken) {
+    headers['Authorization'] = 'Bearer ' + HarpiyaAPI.oauthToken
+  }
+
+  // default headers, required for POST/PATCH/DELETE requests
+  headers['Accept'] = 'application/json'
+  headers['Content-Type'] = 'application/json'
+  return headers
+}

data/app/assets/javascripts/harpiya/api/storefront/cart.js

@@ -0,0 +1,49 @@
+//= require harpiya/api/main
+
+HarpiyaAPI.Storefront.createCart = function (successCallback, failureCallback) {
+  fetch(Harpiya.routes.api_v2_storefront_cart_create, {
+    method: 'POST',
+    headers: HarpiyaAPI.prepareHeaders()
+  }).then(function (response) {
+    switch (response.status) {
+      case 422:
+        response.json().then(function (json) { failureCallback(json.error) })
+        break
+      case 500:
+        HarpiyaAPI.handle500error()
+        break
+      case 201:
+        response.json().then(function (json) {
+          HarpiyaAPI.orderToken = json.data.attributes.token
+          successCallback()
+        })
+        break
+    }
+  })
+}
+
+HarpiyaAPI.Storefront.addToCart = function (variantId, quantity, options, successCallback, failureCallback) {
+  fetch(Harpiya.routes.api_v2_storefront_cart_add_item, {
+    method: 'POST',
+    headers: HarpiyaAPI.prepareHeaders({ 'X-Harpiya-Order-Token': HarpiyaAPI.orderToken }),
+    body: JSON.stringify({
+      variant_id: variantId,
+      quantity: quantity,
+      options: options
+    })
+  }).then(function (response) {
+    switch (response.status) {
+      case 422:
+        response.json().then(function (json) { failureCallback(json.error) })
+        break
+      case 500:
+        HarpiyaAPI.handle500error()
+        break
+      case 200:
+        response.json().then(function (json) {
+          successCallback(json.data)
+        })
+        break
+    }
+  })
+}

data/app/controllers/concerns/harpiya/api/v2/storefront/order_concern.rb

@@ -0,0 +1,52 @@
+module Harpiya
+  module Api
+    module V2
+      module Storefront
+        module OrderConcern
+          private
+
+          def render_order(result)
+            if result.success?
+              render_serialized_payload { serialized_current_order }
+            else
+              render_error_payload(result.error)
+            end
+          end
+
+          def ensure_order
+            raise ActiveRecord::RecordNotFound if harpiya_current_order.nil?
+          end
+
+          def order_token
+            request.headers['X-Harpiya-Order-Token'] || params[:order_token]
+          end
+
+          def harpiya_current_order
+            @harpiya_current_order ||= find_harpiya_current_order
+          end
+
+          def find_harpiya_current_order
+            Harpiya::Api::Dependencies.storefront_current_order_finder.constantize.new.execute(
+              store: current_store,
+              user: harpiya_current_user,
+              token: order_token,
+              currency: current_currency
+            )
+          end
+
+          def serialized_current_order
+            serialize_resource(harpiya_current_order)
+          end
+
+          def serialize_order(order)
+            ActiveSupport::Deprecation.warn(<<-DEPRECATION, caller)
+              `OrderConcern#serialize_order` is deprecated and will be removed in Harpiya 5.0.
+              Please use `serializer_resource` method
+            DEPRECATION
+            serialize_resource(order)
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/harpiya/api/base_controller.rb

@@ -0,0 +1,171 @@
+require_dependency 'harpiya/api/controller_setup'
+
+module Harpiya
+  module Api
+    class BaseController < ActionController::API
+      include Harpiya::Api::ControllerSetup
+      include Harpiya::Core::ControllerHelpers::Store
+      include Harpiya::Core::ControllerHelpers::StrongParameters
+      include Harpiya::Core::ControllerHelpers::Locale
+      include Harpiya::Core::ControllerHelpers::Currency
+
+      attr_accessor :current_api_user
+
+      before_action :set_content_type
+      before_action :load_user
+      before_action :authorize_for_order, if: proc { order_token.present? }
+      before_action :authenticate_user
+      before_action :load_user_roles
+
+      rescue_from ActionController::ParameterMissing, with: :error_during_processing
+      rescue_from ActiveRecord::RecordInvalid, with: :error_during_processing
+      rescue_from ActiveRecord::RecordNotFound, with: :not_found
+      rescue_from CanCan::AccessDenied, with: :unauthorized
+      rescue_from Harpiya::Core::GatewayError, with: :gateway_error
+
+      helper Harpiya::Api::ApiHelpers
+
+      # users should be able to set price when importing orders via api
+      def permitted_line_item_attributes
+        if @current_user_roles.include?('admin')
+          super + [:price, :variant_id, :sku]
+        else
+          super
+        end
+      end
+
+      def content_type
+        case params[:format]
+        when 'json'
+          'application/json; charset=utf-8'
+        when 'xml'
+          'text/xml; charset=utf-8'
+        end
+      end
+
+      private
+
+      def set_content_type
+        headers['Content-Type'] = content_type
+      end
+
+      def load_user
+        @current_api_user = Harpiya.user_class.find_by(harpiya_api_key: api_key.to_s)
+      end
+
+      def authenticate_user
+        return if @current_api_user
+
+        if requires_authentication? && api_key.blank? && order_token.blank?
+          must_specify_api_key and return
+        elsif order_token.blank? && (requires_authentication? || api_key.present?)
+          invalid_api_key and return
+        else
+          # An anonymous user
+          @current_api_user = Harpiya.user_class.new
+        end
+      end
+
+      def invalid_api_key
+        render 'harpiya/api/errors/invalid_api_key', status: 401
+      end
+
+      def must_specify_api_key
+        render 'harpiya/api/errors/must_specify_api_key', status: 401
+      end
+
+      def load_user_roles
+        @current_user_roles = @current_api_user ? @current_api_user.harpiya_roles.pluck(:name) : []
+      end
+
+      def unauthorized
+        render 'harpiya/api/errors/unauthorized', status: 401 and return
+      end
+
+      def error_during_processing(exception)
+        message = if exception.respond_to?(:original_message)
+                    exception.original_message
+                  else
+                    exception.message
+                  end
+
+        Rails.logger.error message
+        Rails.logger.error exception.backtrace.join("\n")
+
+        unprocessable_entity(message)
+      end
+
+      def unprocessable_entity(message)
+        render plain: { exception: message }.to_json, status: 422
+      end
+
+      def gateway_error(exception)
+        @order.errors.add(:base, exception.message)
+        invalid_resource!(@order)
+      end
+
+      def requires_authentication?
+        Harpiya::Api::Config[:requires_authentication]
+      end
+
+      def not_found
+        render 'harpiya/api/errors/not_found', status: 404 and return
+      end
+
+      def current_ability
+        Harpiya::Dependencies.ability_class.constantize.new(current_api_user)
+      end
+
+      def invalid_resource!(resource)
+        @resource = resource
+        render 'harpiya/api/errors/invalid_resource', status: 422
+      end
+
+      def api_key
+        request.headers['X-Harpiya-Token'] || params[:token]
+      end
+      helper_method :api_key
+
+      def order_token
+        request.headers['X-Harpiya-Order-Token'] || params[:order_token]
+      end
+
+      def find_product(id)
+        @product = product_scope.friendly.distinct(false).find(id.to_s)
+      rescue ActiveRecord::RecordNotFound
+        @product = product_scope.find_by(id: id)
+        not_found unless @product
+      end
+
+      def product_scope
+        if @current_user_roles.include?('admin')
+          scope = Product.with_deleted.accessible_by(current_ability, :show).includes(*product_includes)
+
+          scope = scope.not_deleted unless params[:show_deleted]
+          scope = scope.not_discontinued unless params[:show_discontinued]
+        else
+          scope = Product.accessible_by(current_ability, :show).active.includes(*product_includes)
+        end
+
+        scope
+      end
+
+      def variants_associations
+        [{ option_values: :option_type }, :default_price, :images]
+      end
+
+      def product_includes
+        [:option_types, :taxons, product_properties: :property, variants: variants_associations, master: variants_associations]
+      end
+
+      def order_id
+        params[:order_id] || params[:checkout_id] || params[:order_number]
+      end
+
+      def authorize_for_order
+        @order = Harpiya::Order.find_by(number: order_id)
+        authorize! :show, @order, order_token
+      end
+    end
+  end
+end

data/app/controllers/harpiya/api/errors_controller.rb

@@ -0,0 +1,9 @@
+module Harpiya
+  module Api
+    class ErrorsController < ActionController::API
+      def render_404
+        render 'harpiya/api/errors/not_found', status: 404
+      end
+    end
+  end
+end

data/app/controllers/harpiya/api/v1/addresses_controller.rb

@@ -0,0 +1,46 @@
+module Harpiya
+  module Api
+    module V1
+      class AddressesController < Harpiya::Api::BaseController
+        before_action :find_order
+
+        def show
+          authorize! :show, @order, order_token
+          @address = find_address
+          respond_with(@address)
+        end
+
+        def update
+          authorize! :update, @order, order_token
+          @address = find_address
+
+          if @address.update(address_params)
+            respond_with(@address, default_template: :show)
+          else
+            invalid_resource!(@address)
+          end
+        end
+
+        private
+
+        def address_params
+          params.require(:address).permit(permitted_address_attributes)
+        end
+
+        def find_order
+          @order = Harpiya::Order.find_by!(number: order_id)
+        end
+
+        def find_address
+          if @order.bill_address_id == params[:id].to_i
+            @order.bill_address
+          elsif @order.ship_address_id == params[:id].to_i
+            @order.ship_address
+          else
+            raise CanCan::AccessDenied
+          end
+        end
+      end
+    end
+  end
+end