polar_sh 0.1.0 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 371122cf10062244b6f2cafb31ac73d645e49841b0bad4ecac8a518c9af1b28f
-  data.tar.gz: ff56e2717b3ce2a12e049c0a03ab3e3e295380c407224f9cdface848af98a0e6
+  metadata.gz: 84bce050ddccdcfb7709e2815db0ead0e4591cca1fe007972be02b217c5172da
+  data.tar.gz: 30c54873668cabb778e3134b69b1ddf19c12fcbb72d75a65c3f43ad35d938cdc
 SHA512:
-  metadata.gz: f840ba134ff22fa70445c3c7c7fe8b5a0328f82c4be9b399ee72384d69f64a36ed5267e9e0dad021db0e67937a6a1f61c44952552ad2ddef3e5c8f8407de80a0
-  data.tar.gz: 53ceece89858ba6e827495753cd2a569084e5aa51f2edb4f518296fb3eff77740b1a6ce5819ba67175464fc841356929e3176929a3f21bdf0d402b5584f5fb30
+  metadata.gz: '078fcb5ab44cd333d9fc3cf935d22c55386c1395626d7d0c181792267be2c6f7515610f5ee7755670ed82d82d79c94b8c9b9f6b06e25e5740af836777fdf06ac'
+  data.tar.gz: 7365e3ebcf7953f097af85d56164769da44b36856661c369adf86d2c91eefd91b29ce9eeaa2cacf5794017489f433f426917138cca9c95729baa55e783952413

data/CHANGELOG.md

@@ -1,5 +1,8 @@
-## [Unreleased]
+## 0.2.0
 
-## [0.1.0] - 2024-12-20
+- Add `Polar::Webhook`
+- Add more resources
+
+## 0.1.0
 
 - Initial release

data/README.md

@@ -1,38 +1,72 @@
-# PolarSh
+# Polar.sh Ruby API client
 
-TODO: Delete this and the text below, and describe your gem
-
-Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/polar_sh`. To experiment with that code, run `bin/console` for an interactive prompt.
+Still in development. [API docs](https://docs.polar.sh/api)
 
 ## Installation
 
-TODO: Replace `UPDATE_WITH_YOUR_GEM_NAME_IMMEDIATELY_AFTER_RELEASE_TO_RUBYGEMS_ORG` with your gem name right after releasing it to RubyGems.org. Please do not do it earlier due to security reasons. Alternatively, replace this section with instructions to install your gem from git if you don't plan to release to RubyGems.org.
-
-Install the gem and add to the application's Gemfile by executing:
-
 ```bash
-bundle add UPDATE_WITH_YOUR_GEM_NAME_IMMEDIATELY_AFTER_RELEASE_TO_RUBYGEMS_ORG
+bundle add polar_sh
 ```
 
-If bundler is not being used to manage dependencies, install the gem by executing:
+## Usage
 
-```bash
-gem install UPDATE_WITH_YOUR_GEM_NAME_IMMEDIATELY_AFTER_RELEASE_TO_RUBYGEMS_ORG
-```
+```ruby
+Polar.configure do |config|
+  config.access_token = "polar_..."
+  config.sandbox = true
+  config.webhook_secret = "xyz..."
+end
 
-## Usage
+class CheckoutsController < ApplicationController
+  def create
+    checkout = Polar::Checkout::Custom.create(
+      customer_email: current_user.email,
+      metadata: {user_id: current_user.id},
+      product_id: "xyzxyz-...",
+      success_url: root_path
+    )
 
-TODO: Write usage instructions here
+    redirect_to(checkout.url, allow_other_host: true)
+  end
+end
 
-## Development
+class WebhooksController < ApplicationController
+  skip_before_action :verify_authenticity_token
+
+  def handle_polar
+    event = Polar::Webhook.verify(request)
 
-After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake test` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+    Rails.logger.info("Received Polar webhook: #{event.type}")
 
-To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and the created tag, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+    case event.type
+    when "order.created"
+      process_order(event.object)
+    end
+
+    head(:ok)
+  end
+
+  private
+
+  def process_order(order)
+    return unless order.status == "paid"
+    return unless (user = User.find(order.metadata[:user_id]))
+
+    # ...
+  end
+end
+```
+
+## Development
+
+```sh
+bundle
+rake spec
+```
 
 ## Contributing
 
-Bug reports and pull requests are welcome on GitHub at https://github.com/mikker/polar_sh.
+Bug reports and pull requests are welcome on GitHub at <https://github.com/mikker/polar_sh>.
 
 ## License
 

data/lib/polar/client.rb

@@ -9,7 +9,7 @@ module Polar
         @connection ||= HTTP
           .persistent(Polar.config.endpoint)
           .follow
-          .auth("Bearer #{Polar.config.api_key}")
+          .auth("Bearer #{Polar.config.access_token}")
           .headers(
             accept: "application/json",
             content_type: "application/json",

data/lib/polar/configuration.rb

@@ -2,8 +2,9 @@
 
 module Polar
   class Configuration
-    attr_accessor :api_key
+    attr_accessor :access_token
     attr_accessor :sandbox
+    attr_accessor :webhook_secret
 
     alias sandbox? sandbox
 

data/lib/polar/resources/benefit.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+module Polar
+  class Benefit < Resource
+    def self.list(params = {})
+      response = Client.get_request("/v1/benefits", **params)
+      handle_list(response)
+    end
+
+    def self.create(params)
+      response = Client.post_request("/v1/benefits", **params)
+      handle_one(response)
+    end
+
+    def self.get(id)
+      response = Client.get_request("/v1/benefits/#{id}")
+      handle_one(response)
+    end
+
+    def self.update(id, params)
+      response = Client.patch_request("/v1/benefits/#{id}", **params)
+      handle_one(response)
+    end
+
+    def self.delete(id)
+      response = Client.delete_request("/v1/benefits/#{id}")
+      handle_one(response)
+    end
+  end
+end
+

data/lib/polar/resources/benefit_grant.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+module Polar
+  class BenefitGrant < Resource
+    def self.list(params = {})
+      response = Client.get_request("/v1/benefits/grants", **params)
+      handle_list(response)
+    end
+  end
+end

data/lib/polar/resources/order.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+module Polar
+  class Order < Resource
+    def self.list(params = {})
+      response = Client.get_request("/v1/orders", **params)
+      handle_list(response)
+    end
+
+    def self.get(id)
+      response = Client.get_request("/v1/orders/#{id}")
+      handle_one(response)
+    end
+
+    def self.get_invoice(id)
+      response = Client.get_request("/v1/orders/#{id}/invoice")
+      handle_one(response, Invoice)
+    end
+  end
+end

data/lib/polar/resources/refund.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module Polar
+  class Refund < Resource
+    def self.list(params = {})
+      response = Client.get_request("/v1/refunds", **params)
+      handle_list(response)
+    end
+
+    def self.create(params)
+      response = Client.post_request("/v1/refunds", **params)
+      handle_one(response)
+    end
+  end
+end 

data/lib/polar/resources/subscription.rb

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+module Polar
+  class Subscription < Resource
+    def self.list(params = {})
+      response = Client.get_request("/v1/subscriptions", **params)
+      handle_list(response)
+    end
+
+    def self.export(params = {})
+      response = Client.get_request("/v1/subscriptions/export", **params)
+      handle_list(response)
+    end
+
+    def self.get(id)
+      response = Client.get_request("/v1/subscriptions/#{id}")
+      handle_one(response)
+    end
+
+    def self.update(id, params)
+      response = Client.patch_request("/v1/subscriptions/#{id}", **params)
+      handle_one(response)
+    end
+
+    def self.delete(id)
+      response = Client.delete_request("/v1/subscriptions/#{id}")
+      handle_one(response)
+    end
+
+    # Customer Portal methods
+    def self.list_for_customer(params = {})
+      response = Client.get_request("/v1/customer-portal/subscriptions", **params)
+      handle_list(response)
+    end
+
+    def self.get_for_customer(id)
+      response = Client.get_request("/v1/customer-portal/subscriptions/#{id}")
+      handle_one(response)
+    end
+
+    def self.update_for_customer(id, params)
+      response = Client.patch_request("/v1/customer-portal/subscriptions/#{id}", **params)
+      handle_one(response)
+    end
+
+    def self.delete_for_customer(id)
+      response = Client.delete_request("/v1/customer-portal/subscriptions/#{id}")
+      handle_one(response)
+    end
+  end
+end
+

data/lib/polar/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Polar
-  VERSION = "0.1.0"
+  VERSION = "0.2.0"
 end

data/lib/polar/webhook.rb

@@ -0,0 +1,49 @@
+module Polar
+  class Webhook
+    def initialize(request, secret: nil)
+      unless (unencoded_secret = secret || Polar.config.webhook_secret) && unencoded_secret != ""
+        raise ArgumentError, "No webhook secret provided, set Polar.config.webhook_secret"
+      end
+
+      @secret = Base64.encode64(unencoded_secret)
+      @request = request
+      @payload = JSON.parse(request.raw_post, symbolize_names: true)
+      @type = @payload[:type]
+      @object = cast_object
+    end
+
+    attr_reader :secret, :request, :payload, :type, :object
+
+    def verify
+      StandardWebhooks::Webhook.new(@secret).verify(request.raw_post, request.headers)
+      self
+    end
+
+    def cast_object
+      case type
+      when /^checkout\./
+        Checkout::Custom.handle_one(payload[:data])
+      when /^order\./
+        Order.handle_one(payload[:data])
+      when /^subscription\./
+        Subscription.handle_one(payload[:data])
+      when /^refund\./
+        Refund.handle_one(payload[:data])
+      when /^product\./
+        Product.handle_one(payload[:data])
+      when /^pledge\./
+        Pledge.handle_one(payload[:data])
+      when /^organization\./
+        Organization.handle_one(payload[:data])
+      when /^benefit\./
+        Benefit.handle_one(payload[:data])
+      when /^benefit_grant\./
+        BenefitGrant.handle_one(payload[:data])
+      end
+    end
+
+    def self.verify(request, secret: nil)
+      new(request, secret: secret).verify
+    end
+  end
+end

data/lib/polar.rb

@@ -4,20 +4,27 @@ require "ostruct"
 require "http"
 
 require_relative "polar/version"
+require "standard_webhooks"
 
 module Polar
   autoload :Configuration, "polar/configuration"
   autoload :Client, "polar/client"
   autoload :Error, "polar/error"
   autoload :Resource, "polar/resource"
+  autoload :Webhook, "polar/webhook"
 
+  autoload :Benefit, "polar/resources/benefit"
+  autoload :BenefitGrant, "polar/resources/benefit_grant"
   autoload :Customer, "polar/resources/customer"
   autoload :CustomerSession, "polar/resources/customer_session"
   autoload :Discount, "polar/resources/discount"
   autoload :Checkout, "polar/resources/checkout"
   autoload :LicenseKey, "polar/resources/license_key"
+  autoload :Order, "polar/resources/order"
   autoload :Organization, "polar/resources/organization"
   autoload :Product, "polar/resources/product"
+  autoload :Refund, "polar/resources/refund"
+  autoload :Subscription, "polar/resources/subscription"
   autoload :User, "polar/resources/user"
 
   class << self

data/lib/standard_webhooks.rb

@@ -0,0 +1,137 @@
+# frozen_string_literal: true
+
+require "json"
+require "openssl"
+require "base64"
+require "uri"
+
+# Constant time string comparison, for fixed length strings.
+# Code borrowed from ActiveSupport
+# https://github.com/rails/rails/blob/75ac626c4e21129d8296d4206a1960563cc3d4aa/activesupport/lib/active_support/security_utils.rb#L33
+#
+# The values compared should be of fixed length, such as strings
+# that have already been processed by HMAC. Raises in case of length mismatch.
+module StandardWebhooks
+  if defined?(OpenSSL.fixed_length_secure_compare)
+    def fixed_length_secure_compare(a, b)
+      OpenSSL.fixed_length_secure_compare(a, b)
+    end
+  else
+    def fixed_length_secure_compare(a, b)
+      raise ArgumentError, "string length mismatch." unless a.bytesize == b.bytesize
+
+      l = a.unpack("C#{a.bytesize}")
+
+      res = 0
+      b.each_byte { |byte| res |= byte ^ l.shift }
+      res == 0
+    end
+  end
+
+  module_function :fixed_length_secure_compare
+
+  # Secure string comparison for strings of variable length.
+  #
+  # While a timing attack would not be able to discern the content of
+  # a secret compared via secure_compare, it is possible to determine
+  # the secret length. This should be considered when using secure_compare
+  # to compare weak, short secrets to user input.
+  def secure_compare(a, b)
+    a.length == b.length && fixed_length_secure_compare(a, b)
+  end
+
+  module_function :secure_compare
+
+  class StandardWebhooksError < StandardError
+    attr_reader :message
+
+    def initialize(message = nil)
+      @message = message
+    end
+  end
+
+  class WebhookVerificationError < StandardWebhooksError
+  end
+
+  class WebhookSigningError < StandardWebhooksError
+  end
+
+  class Webhook
+    def self.new_using_raw_bytes(secret)
+      self.new(secret.pack("C*").force_encoding("UTF-8"))
+    end
+
+    def initialize(secret)
+      if secret.start_with?(SECRET_PREFIX)
+        secret = secret[SECRET_PREFIX.length..-1]
+      end
+
+      @secret = Base64.decode64(secret)
+    end
+
+    def verify(payload, headers)
+      msg_id = headers["webhook-id"]
+      msg_signature = headers["webhook-signature"]
+      msg_timestamp = headers["webhook-timestamp"]
+
+      if !msg_signature || !msg_id || !msg_timestamp
+        raise WebhookVerificationError, "Missing required headers"
+      end
+
+      verify_timestamp(msg_timestamp)
+
+      _, signature = sign(msg_id, msg_timestamp, payload).split(",", 2)
+
+      passed_signatures = msg_signature.split(" ")
+
+      passed_signatures.each do |versioned_signature|
+        version, expected_signature = versioned_signature.split(",", 2)
+
+        if version != "v1"
+          next
+        end
+
+        if ::StandardWebhooks::secure_compare(signature, expected_signature)
+          return JSON.parse(payload, symbolize_names: true)
+        end
+      end
+
+      raise WebhookVerificationError, "No matching signature found"
+    end
+
+    def sign(msg_id, timestamp, payload)
+      begin
+        now = Integer(timestamp)
+      rescue
+        raise WebhookSigningError, "Invalid timestamp"
+      end
+
+      to_sign = "#{msg_id}.#{timestamp}.#{payload}"
+      signature = Base64.encode64(OpenSSL::HMAC.digest(OpenSSL::Digest.new("sha256"), @secret, to_sign)).strip
+
+      return "v1,#{signature}"
+    end
+
+    private
+
+    SECRET_PREFIX = "whsec_"
+    TOLERANCE = 5 * 60
+
+    def verify_timestamp(timestamp_header)
+      begin
+        now = Integer(Time.now)
+        timestamp = Integer(timestamp_header)
+      rescue
+        raise WebhookVerificationError, "Invalid Signature Headers"
+      end
+
+      if timestamp < (now - TOLERANCE)
+        raise WebhookVerificationError, "Message timestamp too old"
+      end
+
+      if timestamp > (now + TOLERANCE)
+        raise WebhookVerificationError, "Message timestamp too new"
+      end
+    end
+  end
+end

metadata

@@ -1,14 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: polar_sh
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.2.0
 platform: ruby
-original_platform: ''
 authors:
 - Mikkel Malmberg
 bindir: bin
 cert_chain: []
-date: 2024-12-20 00:00:00.000000000 Z
+date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: http
@@ -24,6 +23,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '5'
+- !ruby/object:Gem::Dependency
+  name: ostruct
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.6'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.6'
 description: Interact with the Polar API
 email:
 - mikkel@brnbw.com
@@ -40,17 +53,24 @@ files:
 - lib/polar/configuration.rb
 - lib/polar/error.rb
 - lib/polar/resource.rb
+- lib/polar/resources/benefit.rb
+- lib/polar/resources/benefit_grant.rb
 - lib/polar/resources/checkout.rb
 - lib/polar/resources/checkout/custom.rb
 - lib/polar/resources/customer.rb
 - lib/polar/resources/customer_session.rb
 - lib/polar/resources/discount.rb
 - lib/polar/resources/license_key.rb
+- lib/polar/resources/order.rb
 - lib/polar/resources/organization.rb
 - lib/polar/resources/product.rb
+- lib/polar/resources/refund.rb
+- lib/polar/resources/subscription.rb
 - lib/polar/resources/user.rb
 - lib/polar/version.rb
+- lib/polar/webhook.rb
 - lib/polar_sh.rb
+- lib/standard_webhooks.rb
 homepage: https://github.com/mikker/polar_sh
 licenses:
 - MIT
@@ -72,7 +92,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.6.1
+rubygems_version: 3.6.9
 specification_version: 4
 summary: API client for Polar.sh
 test_files: []