loopstak-shopify-sinatra-app 1.0.0

data/example/.gitignore

@@ -0,0 +1,3 @@
+.env
+*.sqlite3
+.byebug_history

data/example/Gemfile

@@ -0,0 +1,28 @@
+source 'https://rubygems.org'
+ruby '2.5.3'
+
+gem 'shopify-sinatra-app', path: '../'
+gem 'sinatra-activerecord'
+gem 'rack-flash3', require: 'rack-flash'
+
+group :production do
+  gem 'pg'
+end
+
+group :development, :test do
+  gem 'sqlite3'
+  gem 'byebug'
+end
+
+group :development do
+  gem 'rake'
+  gem 'foreman'
+  gem 'dotenv'
+end
+
+group :test do
+  gem 'mocha', require: false
+  gem 'minitest'
+  gem 'rack-test'
+  gem 'fakeweb'
+end

data/example/Procfile

@@ -0,0 +1 @@
+web: bundle exec rackup config.ru -p $PORT

data/example/README.md

@@ -0,0 +1,4 @@
+New Shopify-Sinatra-App
+=======================
+
+Fill me in!

data/example/Rakefile

@@ -0,0 +1,37 @@
+require 'sinatra/activerecord/rake'
+require 'rake/testtask'
+require './src/app'
+
+task :creds2heroku do
+  Bundler.with_clean_env do
+    File.readlines('.env').each do |var|
+      pipe = IO.popen("heroku config:set #{var}")
+      while (line = pipe.gets)
+        print line
+      end
+    end
+  end
+end
+
+task :deploy2heroku do
+  pipe = IO.popen('git push heroku master --force')
+  while (line = pipe.gets)
+    print line
+  end
+end
+
+namespace :test do
+  task :prepare do
+    `RACK_ENV=test rake db:create`
+    `RACK_ENV=test rake db:migrate`
+    `RACK_ENV=test SECRET=secret rake db:seed`
+  end
+end
+
+task :test do
+  Rake::TestTask.new do |t|
+    t.pattern = 'test/*_test.rb'
+    t.libs << 'test'
+    t.verbose = true
+  end
+end

data/example/config.ru

@@ -0,0 +1,7 @@
+if Gem::Specification.find_all_by_name('dotenv').any?
+  require 'dotenv'
+  Dotenv.load
+end
+
+require './src/app'
+SinatraApp.run!

data/example/config/database.yml

@@ -0,0 +1,12 @@
+development:
+  adapter: sqlite3
+  database: db/development.sqlite3
+  pool: 5
+
+production:
+  url: <%= ENV['DATABASE_URL'] %>
+
+test:
+  adapter: sqlite3
+  database: "db/test.sqlite3"
+  pool: 8

data/example/db/migrate/20140413221328_create_shops.rb

@@ -0,0 +1,12 @@
+class CreateShops < ActiveRecord::Migration[5.1]
+  def self.up
+    create_table :shops do |t|
+      t.string :name
+      t.string :token_encrypted
+    end
+  end
+
+  def self.down
+    drop_table :shops
+  end
+end

data/example/db/migrate/20140414042317_add_index_to_shops.rb

@@ -0,0 +1,9 @@
+class AddIndexToShops < ActiveRecord::Migration[5.1]
+  def self.up
+    add_index :shops, :name
+  end
+
+  def self.down
+    remove_index :shops, :name
+  end
+end

data/example/db/schema.rb

@@ -0,0 +1,21 @@
+# This file is auto-generated from the current state of the database. Instead
+# of editing this file, please use the migrations feature of Active Record to
+# incrementally modify your database, and then regenerate this schema definition.
+#
+# Note that this schema.rb definition is the authoritative source for your
+# database schema. If you need to create the application database on another
+# system, you should be using db:schema:load, not running all the migrations
+# from scratch. The latter is a flawed and unsustainable approach (the more migrations
+# you'll amass, the slower it'll run and the greater likelihood for issues).
+#
+# It's strongly recommended that you check this file into your version control system.
+
+ActiveRecord::Schema.define(version: 2014_04_14_042317) do
+
+  create_table "shops", force: :cascade do |t|
+    t.string "name"
+    t.string "token_encrypted"
+    t.index ["name"], name: "index_shops_on_name"
+  end
+
+end

data/example/db/seeds.rb

@@ -0,0 +1 @@
+shop = Shop.create(name: 'testshop.myshopify.com', token: 'token')

data/example/src/app.rb

@@ -0,0 +1,54 @@
+require 'sinatra/shopify-sinatra-app'
+
+class SinatraApp < Sinatra::Base
+  register Sinatra::Shopify
+
+  # set the scope that your app needs, read more here:
+  # http://docs.shopify.com/api/tutorials/oauth
+  set :scope, 'read_products, read_orders'
+
+  # Your App's Home page
+  # this is a simple example that fetches some products
+  # from Shopify and displays them inside your app
+  get '/' do
+    shopify_session do |shop_name|
+      @shop = ShopifyAPI::Shop.current
+      @products = ShopifyAPI::Product.find(:all, params: { limit: 10 })
+      erb :home
+    end
+  end
+
+  # this endpoint recieves the uninstall webhook
+  # and cleans up data, add to this endpoint as your app
+  # stores more data.
+  post '/uninstall' do
+    shopify_webhook do |shop_name, params|
+      Shop.find_by(name: shop_name).destroy
+    end
+  end
+
+  private
+
+  # This method gets called when your app is installed.
+  # setup any webhooks or services you need on Shopify
+  # inside here.
+  def after_shopify_auth
+    # shopify_session do
+      # create an uninstall webhook, this webhook gets sent
+      # when your app is uninstalled from a shop. It is good
+      # practice to clean up any data from a shop when they
+      # uninstall your app:
+
+      # uninstall_webhook = ShopifyAPI::Webhook.new(
+      #   topic: 'app/uninstalled',
+      #   address: "#{base_url}/uninstall",
+      #   format: 'json'
+      # )
+      # begin
+      #   uninstall_webhook.save!
+      # rescue => e
+      #   raise unless uninstall_webhook.persisted?
+      # end
+    # end
+  end
+end

data/example/test/app_test.rb

@@ -0,0 +1,80 @@
+require 'test_helper'
+require './src/app'
+
+class MockShop
+  def initialize(shop_name)
+    @shop_name = shop_name
+  end
+
+  def myshopify_domain
+    @shop_name
+  end
+end
+
+class AppTest < Minitest::Test
+  def app
+    SinatraApp
+  end
+
+  def setup
+    @shop_name = 'testshop.myshopify.com'
+    @shopify_shop = MockShop.new(@shop_name)
+  end
+
+  def test_root_with_session
+    set_session
+    fake 'https://testshop.myshopify.com/admin/shop.json', body: {myshopify_domain: @shop_name}.to_json
+    fake 'https://testshop.myshopify.com/admin/products.json?limit=10', body: '{}'
+    get '/'
+    assert last_response.ok?
+  end
+
+  def test_root_with_session_activates_api
+    set_session
+    SinatraApp.any_instance.expects(:activate_shopify_api).with(@shop_name, 'token')
+    ShopifyAPI::Shop.expects(:current).returns(@shopify_shop)
+    ShopifyAPI::Product.expects(:find).returns([])
+    get '/'
+    assert last_response.ok?
+  end
+
+  def test_root_without_session_redirects_to_install
+    get '/'
+    assert_equal 302, last_response.status
+    assert_equal 'http://example.org/install', last_response.location
+  end
+
+  def test_root_with_shop_redirects_to_auth
+    get '/?shop=othertestshop.myshopify.com'
+    assert_match '/auth/shopify?shop=othertestshop.myshopify.com', last_response.body
+  end
+
+  def test_root_with_session_and_new_shop_redirects_to_auth
+    set_session
+    get '/?shop=othertestshop.myshopify.com'
+    assert_match '/auth/shopify?shop=othertestshop.myshopify.com', last_response.body
+  end
+
+  def test_root_rescues_UnauthorizedAccess_clears_session_and_redirects
+    set_session
+    SinatraApp.any_instance.expects(:activate_shopify_api).with(@shop_name, 'token')
+    SinatraApp.any_instance.expects(:clear_session)
+    ShopifyAPI::Shop.expects(:current).raises(ActiveResource::UnauthorizedAccess.new('UnauthorizedAccess'))
+    get '/'
+    assert_equal 302, last_response.status
+    assert_equal 'http://example.org/', last_response.location
+  end
+
+  def test_uninstall_webhook_endpoint
+    SinatraApp.any_instance.expects(:verify_shopify_webhook).returns(true)
+    Shop.any_instance.expects(:destroy)
+    post '/uninstall', '{}', 'HTTP_X_SHOPIFY_SHOP_DOMAIN' => @shop_name
+    assert last_response.ok?
+  end
+
+  private
+
+  def set_session(shop = 'testshop.myshopify.com', token = 'token')
+    SinatraApp.any_instance.stubs(:session).returns(shopify: { shop: shop, token: token })
+  end
+end

data/example/test/test_helper.rb

@@ -0,0 +1,31 @@
+$VERBOSE = nil
+
+ENV['RACK_ENV'] = 'test'
+ENV['SECRET'] = 'secret'
+
+require 'minitest/autorun'
+require 'rack/test'
+require 'mocha/setup'
+require 'fakeweb'
+
+FakeWeb.allow_net_connect = false
+
+module Helpers
+  include Rack::Test::Methods
+
+  def load_fixture(name)
+    File.read("./test/fixtures/#{name}")
+  end
+
+  def fake(url, options = {})
+    method = options.delete(:method) || :get
+    body = options.delete(:body) || '{}'
+    format = options.delete(:format) || :json
+
+    FakeWeb.register_uri(method, url, { body: body, status: 200, content_type: "application/#{format}" }.merge(options))
+  end
+end
+
+class Minitest::Test
+  include Helpers
+end

data/example/views/_flash_messages.erb

@@ -0,0 +1,11 @@
+<script type="text/javascript">
+  ShopifyApp.ready(function(){
+    <% if flash[:notice] %>
+      ShopifyApp.flashNotice("<%= flash[:notice] %>");
+    <% end %>
+
+    <% if flash[:error] %>
+      ShopifyApp.flashError("<%= flash[:error] %>");
+    <% end %>
+  });
+</script>

data/example/views/_top_bar.erb

@@ -0,0 +1,7 @@
+<script type="text/javascript">
+  ShopifyApp.ready(function(){
+    ShopifyApp.Bar.initialize({
+      icon: '<%= "#{base_url}/icon.png" %>'
+    });
+  });
+</script>

data/example/views/home.erb

@@ -0,0 +1,9 @@
+<h3>Shopify Sinatra App</h3>
+<p>Welcome!</p>
+
+<h3>Products</h3>
+<ul>
+  <% @products.each do |product| %>
+    <li><a href=<%="https://#{@shop.myshopify_domain}/admin/products/#{product.id}"%> target="_blank"> <%= product.id %> </a></li>
+  <% end %>
+</ul>

data/example/views/install.erb

@@ -0,0 +1,40 @@
+<link href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" rel="stylesheet" integrity="sha256-7s5uDGW3AHqw6xtJmNNtr+OBRJUlgkNJEo78P4b0yRw= sha512-nNo+yCHEyn0smMxSswnf/OnX6/KwJuZTlNZBjauKhTK0c+zT+q5JOCx0UFhXQ6rJR9jg6Es8gPuD2uZcYDLqSw==" crossorigin="anonymous">
+
+<style>
+  body {
+    background: #fff url(<%="#{base_url}/legend.gif"%>) no-repeat fixed right 130px;
+  }
+
+  .form-large input {
+    font-size: 18px;
+    padding: 8px;
+    height: auto;
+    line-height: normal;
+  }
+
+  .form-wide {
+    width: 480px;
+  }
+</style>
+
+<body>
+  <div style="margin-top: 100px"></div>
+
+  <div class="container">
+    <h1>Shopify Sinatra App</h1>
+    <h2><small>This app requires you to login to start using it.</small></h2>
+  </div>
+
+  <div style="margin-top: 30px"></div>
+
+  <div class="container">
+    <form role="form" class="form-large" action="/login" method="post">
+        <div class="input-group form-wide">
+          <input class="form-control" type="url" name="shop" placeholder="Shop URL">
+          <span class="input-group-btn">
+            <input class="btn" type="submit" value="Install App" />
+          </span>
+        </div>
+    </form>
+  </div>
+</body>

data/example/views/layouts/application.erb

@@ -0,0 +1,22 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <script src="https://cdn.shopify.com/s/assets/external/app.js"></script>
+  <script type="text/javascript">
+    ShopifyApp.init({
+      apiKey: "<%= SinatraApp.settings.api_key %>",
+      shopOrigin: "<%= shop_origin %>",
+      debug: true
+    });
+  </script>
+  <link href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" rel="stylesheet" integrity="sha256-7s5uDGW3AHqw6xtJmNNtr+OBRJUlgkNJEo78P4b0yRw= sha512-nNo+yCHEyn0smMxSswnf/OnX6/KwJuZTlNZBjauKhTK0c+zT+q5JOCx0UFhXQ6rJR9jg6Es8gPuD2uZcYDLqSw==" crossorigin="anonymous">
+</head>
+
+<body>
+  <div class="container">
+    <%= erb :'_top_bar', layout: false, locals: locals %>
+    <%= erb :'_flash_messages', layout: false, locals: locals %>
+    <%= yield %>
+  </div>
+</body>
+</html>

data/lib/sinatra/shopify-sinatra-app.rb

@@ -0,0 +1,267 @@
+require 'sinatra/base'
+require 'sinatra/activerecord'
+
+require 'rack-flash'
+require 'attr_encrypted'
+require 'active_support/all'
+
+require 'shopify_api'
+require 'omniauth-shopify-oauth2'
+
+module Sinatra
+  module Shopify
+    module Methods
+
+      # designed to be overriden
+      def after_shopify_auth
+      end
+
+      def logout
+        session.delete(:shopify)
+        session.clear
+      end
+
+      # for the esdk initializer
+      def shop_origin
+        "https://#{session[:shopify][:shop]}"
+      end
+
+      def shopify_session(&blk)
+        return_to = request.path
+        return_params = request.params
+
+        if no_session?
+          authenticate(return_to, return_params)
+        elsif different_shop?
+          logout
+          authenticate(return_to, return_params)
+        else
+          shop_name = session[:shopify][:shop]
+          token = session[:shopify][:token]
+          activate_shopify_api(shop_name, token)
+          yield shop_name
+        end
+      rescue ActiveResource::UnauthorizedAccess
+        clear_session shop_name
+        redirect request.path
+      end
+
+      def shopify_webhook(&blk)
+        return unless verify_shopify_webhook
+        shop_name = request.env['HTTP_X_SHOPIFY_SHOP_DOMAIN']
+        webhook_body = ActiveSupport::JSON.decode(request.body.read.to_s)
+        yield shop_name, webhook_body
+        status 200
+      end
+
+      private
+
+      def request_protocol
+        request.secure? ? 'https' : 'http'
+      end
+
+      def base_url
+        "#{request_protocol}://#{request.env['HTTP_HOST']}"
+      end
+
+      def no_session?
+        !session.key?(:shopify)
+      end
+
+      def different_shop?
+        params[:shop].present? && session[:shopify][:shop] != sanitize_shop_param(params)
+      end
+
+      def authenticate(return_to = '/', return_params = nil)
+        if shop_name = sanitized_shop_name
+          session[:return_params] = return_params if return_params
+          redirect_url = "/auth/shopify?shop=#{shop_name}&return_to=#{base_url}#{return_to}"
+          redirect_javascript redirect_url
+        else
+          redirect '/install'
+        end
+      end
+
+      def activate_shopify_api(shop_name, token)
+        api_session = ShopifyAPI::Session.new(domain: shop_name, token: token, api_version: ENV['SHOPIFY_API_VERSION'] || '2020-01')
+        ShopifyAPI::Base.activate_session(api_session)
+      end
+
+      def clear_session(shop_name)
+        logout
+        shop = Shop.find_by(name: shop_name)
+        shop.token = nil
+        shop.save
+      end
+
+      def redirect_javascript(url)
+        erb %(
+          <!DOCTYPE html>
+          <html lang="en">
+          <head>
+            <meta charset="utf-8" />
+            <base target="_top">
+            <title>Redirecting…</title>
+
+            <script type='text/javascript'>
+              // If the current window is the 'parent', change the URL by setting location.href
+              if (window.top == window.self) {
+                window.top.location.href = #{url.to_json};
+
+              // If the current window is the 'child', change the parent's URL with postMessage
+              } else {
+                message = JSON.stringify({
+                  message: 'Shopify.API.remoteRedirect',
+                  data: { location: window.location.origin + #{url.to_json} }
+                });
+                window.parent.postMessage(message, 'https://#{sanitized_shop_name}');
+              }
+            </script>
+          </head>
+          <body>
+          </body>
+        </html>
+        ), layout: false
+      end
+
+      def sanitized_shop_name
+        @sanitized_shop_name ||= sanitize_shop_param(params)
+      end
+
+      def sanitize_shop_param(params)
+        return unless params[:shop].present?
+        name = params[:shop].to_s.strip
+        name += '.myshopify.com' if !name.include?('myshopify.com') && !name.include?('.')
+        name.gsub!('https://', '')
+        name.gsub!('http://', '')
+
+        u = URI("http://#{name}")
+        u.host.ends_with?('.myshopify.com') ? u.host : nil
+      end
+
+      def verify_shopify_webhook
+        data = request.body.read.to_s
+        digest = OpenSSL::Digest.new('sha256')
+        calculated_hmac = Base64.encode64(OpenSSL::HMAC.digest(digest, settings.shared_secret, data)).strip
+        request.body.rewind
+
+        if calculated_hmac == request.env['HTTP_X_SHOPIFY_HMAC_SHA256']
+          true
+        else
+          puts 'Shopify Webhook verifictation failed!'
+          false
+        end
+      end
+    end
+
+    def self.registered(app)
+      app.helpers Shopify::Methods
+      app.register Sinatra::ActiveRecordExtension
+
+      app.set :database_file, File.expand_path('config/database.yml')
+      app.set :views, File.expand_path('views')
+      app.set :public_folder, File.expand_path('public')
+      app.set :erb, layout: :'layouts/application'
+      app.set :protection, except: :frame_options
+
+      app.enable :sessions
+      app.enable :inline_templates
+
+      app.set :scope, 'read_products, read_orders'
+
+      app.set :api_key, ENV['SHOPIFY_API_KEY']
+      app.set :shared_secret, ENV['SHOPIFY_SHARED_SECRET']
+      app.set :secret, ENV['SECRET']
+
+      app.use Rack::Flash, sweep: true
+      app.use Rack::MethodOverride
+      app.use Rack::Session::Cookie, key: 'rack.session',
+                                     path: '/',
+                                     secret: app.settings.secret,
+                                     expire_after: 60 * 30 # half an hour in seconds
+
+      app.use OmniAuth::Builder do
+        provider :shopify,
+                 app.settings.api_key,
+                 app.settings.shared_secret,
+
+                 scope: app.settings.scope,
+
+                 setup: lambda { |env|
+                   params = Rack::Utils.parse_query(env['QUERY_STRING'])
+                   site_url = "https://#{params['shop']}"
+                   env['omniauth.strategy'].options[:client_options][:site] = site_url
+                 }
+      end
+
+      ShopifyAPI::Session.setup(
+        api_key: app.settings.api_key,
+        secret: app.settings.shared_secret
+      )
+
+      app.get '/install' do
+        if params[:shop].present?
+          authenticate
+        else
+          erb :install, layout: false
+        end
+      end
+
+      app.post '/login' do
+        authenticate
+      end
+
+      app.get '/logout' do
+        logout
+        redirect '/install'
+      end
+
+      app.get '/auth/shopify/callback' do
+        shop_name = params['shop']
+        token = request.env['omniauth.auth']['credentials']['token']
+
+        shop = Shop.find_or_initialize_by(name: shop_name)
+        shop.token = token
+        shop.save!
+
+        session[:shopify] = {
+          shop: shop_name,
+          token: token
+        }
+
+        after_shopify_auth()
+
+        return_to = env['omniauth.params']['return_to']
+        return_params = session[:return_params]
+        session.delete(:return_params)
+
+        return_to += "?#{return_params.to_query}" if return_params.present?
+
+        redirect return_to
+      end
+
+      app.get '/auth/failure' do
+        erb "<h1>Authentication Failed:</h1>
+             <h3>message:<h3> <pre>#{params}</pre>", layout: false
+      end
+    end
+  end
+
+  register Shopify
+end
+
+class Shop < ActiveRecord::Base
+  def self.secret
+    @secret ||= ENV['SECRET']
+  end
+
+  attr_encrypted :token,
+    key: secret,
+    attribute: 'token_encrypted',
+    mode: :single_iv_and_salt,
+    algorithm: 'aes-256-cbc',
+    insecure_mode: true
+
+  validates_presence_of :name
+  validates_presence_of :token, on: :create
+end