purchasekit-pay 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: e5043601031b8440098cdc344c6a9986d3add5bce85f1c5523dfa9506c05a363
+  data.tar.gz: e3570d5b0d442e19144b797c964923818d02f477596f0d6eb542a458cb99842a
+SHA512:
+  metadata.gz: f7a68f3b375bfd13268907f4c3002d1b728b75fbbfc08221aea8e0ee2c753c334fc56b786b0d89e68e6c8d08467fb0e8e4869855547601fe54e83662027f6e4e
+  data.tar.gz: e09eafd1dd15c6d228cfa57d460fd4f78f98dae7b02da02cac200bfe36610d0fe0e311fba6f430cb22117e793c57e419552986d182580c1be02847fa313f32a2

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2025 Joe Masilotti
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,159 @@
+# PurchaseKit::Pay
+
+PurchaseKit payment processor for the [Pay gem](https://github.com/pay-rails/pay).
+
+Add mobile in-app purchases (IAP) to your Rails app with [PurchaseKit](https://purchasekit.dev) and Pay.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem "purchasekit-pay"
+```
+
+And then execute:
+
+```bash
+bundle install
+```
+
+## Configuration
+
+Configure your PurchaseKit API key:
+
+```ruby
+# config/initializers/purchasekit.rb
+PurchaseKit::Pay.configure do |config|
+  config.api_key = Rails.application.credentials.dig(:purchasekit, :api_key)
+  config.app_id = Rails.application.credentials.dig(:purchasekit, :app_id)
+  config.webhook_secret = Rails.application.credentials.dig(:purchasekit, :webhook_secret)
+end
+```
+
+Mount the engine in your routes:
+
+```ruby
+# config/routes.rb
+mount PurchaseKit::Pay::Engine, at: "/purchasekit"
+```
+
+### JavaScript setup
+
+Import the Turbo Stream actions in your application:
+
+```javascript
+// app/javascript/application.js
+import "purchasekit-pay/turbo_actions"
+```
+
+Register the gem's Stimulus controllers:
+
+```javascript
+// app/javascript/controllers/index.js
+import { application } from "controllers/application"
+import { eagerLoadControllersFrom } from "@hotwired/stimulus-loading"
+
+eagerLoadControllersFrom("controllers", application)
+eagerLoadControllersFrom("purchasekit-pay", application)
+```
+
+## Usage
+
+### Adding a paywall
+
+First, ensure your user has a PurchaseKit payment processor:
+
+```ruby
+current_user.set_payment_processor(:purchasekit)
+```
+
+Fetch products in your controller:
+
+```ruby
+@annual = PurchaseKit::Product.find("prod_XXX")
+@monthly = PurchaseKit::Product.find("prod_YYY")
+```
+
+Then render a paywall using the builder pattern:
+
+```erb
+<%# Subscribe to ActionCable for real-time redirect after purchase %>
+<%= turbo_stream_from dom_id(current_user.payment_processor) %>
+
+<%= purchasekit_paywall customer: current_user.payment_processor, success_path: dashboard_path do |paywall| %>
+  <%= paywall.plan_option product: @annual, selected: true do %>
+    <span>Annual</span>
+    <%= paywall.price %>
+  <% end %>
+
+  <%= paywall.plan_option product: @monthly do %>
+    <span>Monthl</span>
+    <%= paywall.price %>
+  <% end %>
+
+  <%= paywall.submit "Subscribe", class: "btn btn-primary" %>
+  <%= paywall.restore_link %>
+<% end %>
+```
+
+### Paywall helper options
+
+- `customer:` (required) - A `Pay::Customer` instance
+- `success_path:` - Where to redirect after successful purchase (defaults to `root_path`)
+
+### Builder methods
+
+- `plan_option(product:, selected: false)` - Radio button and label for a plan
+- `price` - Displays the localized price (must be inside `plan_option` block)
+- `submit(text)` - Submit button (disabled until prices load)
+- `restore_link(text: "Restore purchases")` - Link to restore previous purchases
+
+### How it works
+
+1. Page loads, Stimulus controller requests prices from native app via Hotwire Native Bridge
+2. User selects a plan and taps subscribe
+3. Form submits to PurchasesController, which creates a purchase intent with PurchaseKit
+4. Native app handles the App Store/Play Store purchase flow
+5. PurchaseKit receives webhook from Apple/Google, normalizes it, and POSTs to your app
+6. Webhook handler creates `Pay::Subscription` and broadcasts a Turbo Stream redirect
+7. User is redirected to `success_path`
+
+## Webhook events
+
+The gem handles these webhook events from the PurchaseKit:
+
+- `subscription.created` - Creates a new `Pay::Subscription`
+- `subscription.updated` - Updates subscription status and period
+- `subscription.canceled` - Marks subscription as canceled
+- `subscription.expired` - Marks subscription as expired
+
+## Requirements
+
+- Ruby 3.1+
+- Rails 7.0 - 8.x
+- Pay 11.4+
+- Turbo Rails (for ActionCable broadcasts)
+- Stimulus
+- Hotwire Native app with PurchaseKit bridge component
+
+### JavaScript dependencies
+
+This gem vendors and pins:
+
+- **@hotwired/hotwire-native-bridge** (v1.2.2)
+
+If your app already pins this package, your version takes precedence.
+
+## Development
+
+After cloning the repo, run:
+
+```bash
+bundle install
+bundle exec rake test
+```
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,10 @@
+require "bundler/gem_tasks"
+require "rake/testtask"
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << "test"
+  t.test_files = FileList["test/**/*_test.rb"].exclude("test/dummy/**/*")
+  t.verbose = false
+end
+
+task default: :test

data/app/controllers/purchase_kit/pay/application_controller.rb

@@ -0,0 +1,2 @@
+class PurchaseKit::Pay::ApplicationController < ActionController::Base
+end

data/app/controllers/purchase_kit/pay/purchases_controller.rb

@@ -0,0 +1,32 @@
+class PurchaseKit::Pay::PurchasesController < PurchaseKit::Pay::ApplicationController
+  rescue_from PurchaseKit::Pay::SubscriptionRequiredError, with: :subscription_required
+
+  def create
+    @customer = ::Pay::Customer.find(params[:customer_id])
+
+    @intent = PurchaseKit::Purchase::Intent.create(
+      product_id: params[:product_id],
+      customer_id: @customer.id,
+      success_path: params[:success_path],
+      environment: params[:environment]
+    )
+
+    respond_to do |format|
+      format.turbo_stream
+    end
+  end
+
+  private
+
+  def subscription_required(exception)
+    respond_to do |format|
+      format.turbo_stream do
+        render turbo_stream: turbo_stream.replace(
+          "purchasekit_paywall",
+          partial: "purchase_kit/pay/purchases/subscription_required",
+          locals: {message: exception.message}
+        )
+      end
+    end
+  end
+end

data/app/controllers/purchase_kit/pay/webhooks_controller.rb

@@ -0,0 +1,32 @@
+class PurchaseKit::Pay::WebhooksController < PurchaseKit::Pay::ApplicationController
+  skip_forgery_protection
+
+  def create
+    PurchaseKit::Pay::Webhook.queue(verified_event)
+    head :ok
+  rescue SignatureVerificationError => e
+    Rails.logger.error "[PurchaseKit] Webhook signature error: #{e.message}"
+    head :bad_request
+  end
+
+  private
+
+  def verified_event
+    payload = request.raw_post
+    signature = request.headers["X-PurchaseKit-Signature"]
+    secret = PurchaseKit::Pay.config.webhook_secret
+
+    return JSON.parse(payload, symbolize_names: true) if secret.blank?
+
+    raise SignatureVerificationError, "Missing signature" if signature.blank?
+
+    expected = OpenSSL::HMAC.hexdigest("SHA256", secret, payload)
+    unless ActiveSupport::SecurityUtils.secure_compare(signature, expected)
+      raise SignatureVerificationError, "Invalid signature"
+    end
+
+    JSON.parse(payload, symbolize_names: true)
+  end
+
+  class SignatureVerificationError < StandardError; end
+end

data/app/helpers/purchase_kit/pay/paywall_helper.rb

@@ -0,0 +1,85 @@
+module PurchaseKit::Pay::PaywallHelper
+  # Wrapper for paywall with bridge controller
+  # Renders a form that posts to the purchases endpoint
+  # Yields a builder for plan options and buttons
+  # Requires a Pay::Customer - call user.set_payment_processor(:purchasekit) first
+  def purchasekit_paywall(customer:, success_path: main_app.root_path, **options)
+    raise ArgumentError, "Must provide customer: parameter. Call user.set_payment_processor(:purchasekit) first." unless customer
+
+    builder = PurchaseKit::Pay::PaywallBuilder.new(self, customer)
+
+    form_data = (options.delete(:data) || {}).merge(
+      controller: "purchasekit-pay--paywall",
+      purchasekit_pay__paywall_customer_id_value: customer.id
+    )
+
+    form_with(url: purchasekit_pay.purchases_path, id: "purchasekit_paywall", data: form_data, **options) do |form|
+      hidden = hidden_field_tag(:customer_id, customer.id)
+      hidden += hidden_field_tag(:success_path, success_path)
+      hidden += hidden_field_tag(:environment, "sandbox", data: {purchasekit_pay__paywall_target: "environment"})
+      hidden + capture { yield builder }
+    end
+  end
+end
+
+class PurchaseKit::Pay::PaywallBuilder
+  def initialize(template, customer)
+    @template = template
+    @customer = customer
+    @current_product = nil
+  end
+
+  def plan_option(product:, selected: false, input_class: nil, **options, &block)
+    input_id = "purchasekit_plan_#{product.id.parameterize.underscore}"
+
+    radio = @template.radio_button_tag(
+      :product_id,
+      product.id,
+      selected,
+      id: input_id,
+      class: input_class,
+      autocomplete: "off",
+      data: {
+        purchasekit_pay__paywall_target: "planRadio",
+        apple_store_product_id: product.apple_product_id,
+        google_store_product_id: product.google_product_id
+      }
+    )
+
+    @current_product = product
+    label = @template.label_tag(input_id, **options) { @template.capture(&block) }
+    @current_product = nil
+
+    radio + label
+  end
+
+  def price(**options, &block)
+    raise "price must be called within a plan_option block" unless @current_product
+
+    data = (options.delete(:data) || {}).merge(
+      purchasekit_pay__paywall_target: "price",
+      apple_store_product_id: @current_product.apple_product_id,
+      google_store_product_id: @current_product.google_product_id
+    )
+
+    loading_content = block ? @template.capture(&block) : "Loading..."
+    @template.content_tag(:span, loading_content, data: data, **options)
+  end
+
+  def submit(text = "Subscribe", **options)
+    data = (options.delete(:data) || {}).merge(
+      purchasekit_pay__paywall_target: "submitButton",
+      turbo_submits_with: text
+    )
+
+    @template.submit_tag(text, disabled: true, data: data, **options)
+  end
+
+  def restore_link(text: "Restore purchases", **options)
+    data = (options.delete(:data) || {}).merge(
+      action: "click->purchasekit-pay--paywall#restore"
+    )
+
+    @template.link_to(text, "#", data: data, **options)
+  end
+end

data/app/javascript/controllers/purchasekit_pay/paywall_controller.js

@@ -0,0 +1,111 @@
+import { BridgeComponent } from "@hotwired/hotwire-native-bridge"
+
+export default class extends BridgeComponent {
+  static component = "paywall"
+  static targets = ["planRadio", "price", "submitButton", "response", "environment"]
+
+  connect() {
+    super.connect()
+    this.#fetchPrices()
+  }
+
+  responseTargetConnected(element) {
+    const correlationId = element.dataset.correlationId
+    const productIds = this.#productIds(element)
+
+    element.remove()
+    this.#disableForm()
+    this.#triggerNativePurchase(productIds, correlationId)
+  }
+
+  restore(event) {
+    event.preventDefault()
+    this.send("restore")
+  }
+
+  #triggerNativePurchase(productIds, correlationId) {
+    this.send("purchase", { ...productIds, correlationId }, message => {
+      const { status, error } = message.data
+
+      if (error) {
+        console.error(error)
+        alert(`Purchase error: ${error}`)
+        this.#enableForm()
+      }
+
+      if (status == "cancelled") {
+        this.#enableForm()
+      }
+
+      // On success, keep showing processing state.
+      // Turbo Stream will update the UI when webhook completes.
+    })
+  }
+
+  #fetchPrices() {
+    const products = this.priceTargets.map(el => this.#productIds(el))
+
+    this.send("prices", { products }, message => {
+      const { prices, environment, error } = message.data
+
+      if (error) {
+        console.error(error)
+        return
+      }
+
+      if (prices) {
+        this.#setPrices(prices)
+        this.#setEnvironment(environment)
+        this.#enableForm()
+      }
+    })
+  }
+
+  #setEnvironment(environment) {
+    if (this.hasEnvironmentTarget && environment) {
+      this.environmentTarget.value = environment
+    }
+  }
+
+  #setPrices(prices) {
+    this.priceTargets.forEach(el => {
+      const { appleStoreProductId, googleStoreProductId } = this.#productIds(el)
+      const price = prices[appleStoreProductId] || prices[googleStoreProductId]
+
+      if (price) {
+        el.textContent = price
+      } else {
+        console.error(`No price found for product.`)
+      }
+    })
+  }
+
+  #productIds(element) {
+    return {
+      appleStoreProductId: element.dataset.appleStoreProductId,
+      googleStoreProductId: element.dataset.googleStoreProductId
+    }
+  }
+
+  #enableForm() {
+    this.planRadioTargets.forEach(radio => radio.disabled = false)
+    if (this.hasSubmitButtonTarget) {
+      this.submitButtonTarget.disabled = false
+      if (this.#originalButtonText) {
+        this.submitButtonTarget.innerHTML = this.#originalButtonText
+      }
+    }
+  }
+
+  #disableForm() {
+    this.planRadioTargets.forEach(radio => radio.disabled = true)
+    if (this.hasSubmitButtonTarget) {
+      this.#originalButtonText = this.submitButtonTarget.innerHTML
+      this.submitButtonTarget.disabled = true
+      const processingText = this.submitButtonTarget.dataset.processingText || "Processing..."
+      this.submitButtonTarget.innerHTML = processingText
+    }
+  }
+
+  #originalButtonText = null
+}

data/app/javascript/purchasekit_pay/turbo_actions.js

@@ -0,0 +1,4 @@
+// Custom Turbo Stream action for redirects after new subscription.
+Turbo.StreamActions.redirect = function() {
+  Turbo.visit(this.getAttribute("url"), {action: "replace"})
+}

data/app/models/pay/purchasekit/charge.rb

@@ -0,0 +1,9 @@
+module Pay
+  module Purchasekit
+    class Charge < Pay::Charge
+      def refund!(amount = nil)
+        raise Pay::Purchasekit::Error, "Refunds must be processed through App Store Connect or Google Play Console."
+      end
+    end
+  end
+end

data/app/models/pay/purchasekit/customer.rb

@@ -0,0 +1,22 @@
+module Pay
+  module Purchasekit
+    class Customer < Pay::Customer
+      # Use base class name for dom_id to keep stream names consistent
+      def self.model_name
+        Pay::Customer.model_name
+      end
+
+      def charge(amount, options = {})
+        raise Pay::Purchasekit::Error, "One-time charges not supported. Use in-app purchases."
+      end
+
+      def subscribe(name: Pay.default_product_name, plan: Pay.default_plan_name, **options)
+        raise Pay::Purchasekit::Error, "Subscriptions must be initiated through the native app."
+      end
+
+      def add_payment_method(payment_method_id, default: false)
+        raise Pay::Purchasekit::Error, "Payment methods managed by App Store or Google Play."
+      end
+    end
+  end
+end

data/app/models/pay/purchasekit/subscription.rb

@@ -0,0 +1,33 @@
+module Pay
+  module Purchasekit
+    class Subscription < Pay::Subscription
+      def cancel(**options)
+        raise Pay::Purchasekit::Error, "Cancel through App Store or Google Play."
+      end
+
+      def cancel_now!(**options)
+        raise Pay::Purchasekit::Error, "Cancel through App Store or Google Play."
+      end
+
+      def resume
+        raise Pay::Purchasekit::Error, "Resume through App Store or Google Play."
+      end
+
+      def swap(plan, **options)
+        raise Pay::Purchasekit::Error, "Change plans through App Store or Google Play."
+      end
+
+      def change_quantity(quantity, **options)
+        raise Pay::Purchasekit::Error, "Quantity changes not supported for in-app purchases."
+      end
+
+      def paused?
+        false
+      end
+
+      def pause(**options)
+        raise Pay::Purchasekit::Error, "Pause through App Store or Google Play."
+      end
+    end
+  end
+end

data/app/views/purchase_kit/pay/purchases/_subscription_required.html.erb

@@ -0,0 +1,3 @@
+<div id="purchasekit_paywall" class="purchasekit-error">
+  <p><%= message %></p>
+</div>

data/app/views/purchase_kit/pay/purchases/create.turbo_stream.erb

@@ -0,0 +1,7 @@
+<%= turbo_stream.append "purchasekit_paywall" do %>
+  <div data-purchasekit-pay--paywall-target="response"
+       data-correlation-id="<%= @intent.uuid %>"
+       data-apple-store-product-id="<%= @intent.product.apple_product_id %>"
+       data-google-store-product-id="<%= @intent.product.google_product_id %>">
+  </div>
+<% end %>

data/config/importmap.rb

@@ -0,0 +1,8 @@
+# Pin Hotwire Native Bridge dependency
+# Note: If your app already pins this package, your version will take precedence
+# since the app's importmap.rb loads after the gem's importmap.rb
+pin "@hotwired/hotwire-native-bridge", to: "@hotwired--hotwire-native-bridge.js" # @1.2.2
+
+pin_all_from PurchaseKit::Pay::Engine.root.join("app/javascript/controllers"), under: "purchasekit-pay", to: "controllers"
+
+pin "purchasekit-pay/turbo_actions", to: "purchasekit_pay/turbo_actions.js"

data/config/routes.rb

@@ -0,0 +1,4 @@
+PurchaseKit::Pay::Engine.routes.draw do
+  resources :purchases, only: [:create]
+  resource :webhooks, only: [:create]
+end

data/lib/pay/purchasekit.rb

@@ -0,0 +1,25 @@
+module Pay
+  module Purchasekit
+    class Error < Pay::Error
+    end
+
+    module_function
+
+    def enabled?
+      true
+    end
+
+    def setup
+      # No setup required
+    end
+
+    def configure_webhooks
+      Pay::Webhooks.configure do |events|
+        events.subscribe "purchasekit.subscription.created", PurchaseKit::Pay::Webhooks::SubscriptionCreated.new
+        events.subscribe "purchasekit.subscription.updated", PurchaseKit::Pay::Webhooks::SubscriptionUpdated.new
+        events.subscribe "purchasekit.subscription.canceled", PurchaseKit::Pay::Webhooks::SubscriptionCanceled.new
+        events.subscribe "purchasekit.subscription.expired", PurchaseKit::Pay::Webhooks::SubscriptionExpired.new
+      end
+    end
+  end
+end

data/lib/purchasekit/api_client.rb

@@ -0,0 +1,38 @@
+require "httparty"
+
+module PurchaseKit
+  class ApiClient
+    def get(path)
+      request(:get, path)
+    end
+
+    def post(path, body = {})
+      request(:post, path, body)
+    end
+
+    private
+
+    def request(method, path, body = nil)
+      options = {headers: headers}
+      options[:body] = body.to_json if body
+
+      HTTParty.public_send(method, url(path), options)
+    end
+
+    def url(path)
+      "#{config.api_url}/api/v1/apps/#{config.app_id}#{path}"
+    end
+
+    def headers
+      {
+        "Authorization" => "Bearer #{config.api_key}",
+        "Accept" => "application/json",
+        "Content-Type" => "application/json"
+      }
+    end
+
+    def config
+      PurchaseKit::Pay.config
+    end
+  end
+end

data/lib/purchasekit/pay/configuration.rb

@@ -0,0 +1,23 @@
+module PurchaseKit
+  module Pay
+    class Configuration
+      attr_accessor :api_key, :api_url, :app_id, :webhook_secret
+
+      def initialize
+        @api_url = "https://purchasekit.dev"
+      end
+    end
+
+    class << self
+      attr_writer :config
+
+      def config
+        @config ||= Configuration.new
+      end
+
+      def configure
+        yield(config)
+      end
+    end
+  end
+end

data/lib/purchasekit/pay/engine.rb

@@ -0,0 +1,35 @@
+module PurchaseKit
+  module Pay
+    class Engine < ::Rails::Engine
+      isolate_namespace PurchaseKit::Pay
+
+      initializer "purchasekit_pay.register_processor", before: :load_config_initializers do
+        ::Pay.enabled_processors << :purchasekit unless ::Pay.enabled_processors.include?(:purchasekit)
+      end
+
+      initializer "purchasekit_pay.webhooks", after: :load_config_initializers do
+        ::Pay::Purchasekit.configure_webhooks
+      end
+
+      initializer "purchasekit_pay.helpers" do
+        ActiveSupport.on_load(:action_controller_base) do
+          helper PurchaseKit::Pay::PaywallHelper
+        end
+      end
+
+      initializer "purchasekit_pay.importmap", before: "importmap" do |app|
+        if app.config.respond_to?(:importmap)
+          app.config.importmap.paths << Engine.root.join("config/importmap.rb")
+          app.config.importmap.cache_sweepers << root.join("app/javascript")
+        end
+      end
+
+      initializer "purchasekit_pay.assets" do |app|
+        if app.config.respond_to?(:assets) && app.config.assets.respond_to?(:paths)
+          app.config.assets.paths << root.join("app/javascript")
+          app.config.assets.precompile += %w[purchasekit-pay/manifest.js]
+        end
+      end
+    end
+  end
+end

data/lib/purchasekit/pay/error.rb

@@ -0,0 +1,12 @@
+module PurchaseKit
+  module Pay
+    class Error < ::Pay::Error
+    end
+
+    class NotFoundError < Error
+    end
+
+    class SubscriptionRequiredError < Error
+    end
+  end
+end

data/lib/purchasekit/pay/version.rb

@@ -0,0 +1,5 @@
+module PurchaseKit
+  module Pay
+    VERSION = "0.1.0"
+  end
+end

data/lib/purchasekit/pay/webhook.rb

@@ -0,0 +1,36 @@
+module PurchaseKit
+  module Pay
+    class Webhook
+      def self.queue(event)
+        new(event).queue
+      end
+
+      def initialize(event)
+        @event = event
+      end
+
+      def queue
+        return unless listening?
+
+        record = ::Pay::Webhook.create!(processor: :purchasekit, event_type:, event: @event)
+        ProcessWebhookJob.perform_later(record.id)
+      end
+
+      private
+
+      def event_type
+        @event[:type]
+      end
+
+      def listening?
+        ::Pay::Webhooks.delegator.listening?("purchasekit.#{event_type}")
+      end
+
+      class ProcessWebhookJob < ::ActiveJob::Base
+        def perform(webhook_id)
+          ::Pay::Webhook.find(webhook_id).process!
+        end
+      end
+    end
+  end
+end

data/lib/purchasekit/pay/webhooks/base.rb

@@ -0,0 +1,25 @@
+module PurchaseKit
+  module Pay
+    module Webhooks
+      class Base
+        private
+
+        def update_subscription(event, attributes)
+          pay_subscription = find_subscription(event)
+          return unless pay_subscription
+
+          pay_subscription.update!(attributes)
+        end
+
+        def find_subscription(event)
+          ::Pay::Subscription.find_by(processor_id: event["subscription_id"])
+        end
+
+        def parse_time(value)
+          return nil if value.blank?
+          Time.zone.parse(value)
+        end
+      end
+    end
+  end
+end

data/lib/purchasekit/pay/webhooks/subscription_canceled.rb

@@ -0,0 +1,11 @@
+module PurchaseKit
+  module Pay
+    module Webhooks
+      class SubscriptionCanceled < Base
+        def call(event)
+          update_subscription(event, status: :canceled, ends_at: parse_time(event["ends_at"]))
+        end
+      end
+    end
+  end
+end

data/lib/purchasekit/pay/webhooks/subscription_created.rb

@@ -0,0 +1,39 @@
+module PurchaseKit
+  module Pay
+    module Webhooks
+      class SubscriptionCreated < Base
+        include ActionView::RecordIdentifier
+        include Turbo::Streams::ActionHelper
+
+        def call(event)
+          customer = ::Pay::Customer.find(event["customer_id"])
+
+          subscription = ::Pay::Purchasekit::Subscription.find_or_initialize_by(
+            customer: customer,
+            processor_id: event["subscription_id"]
+          )
+          is_new = subscription.new_record?
+
+          subscription.update!(
+            name: event["subscription_name"] || ::Pay.default_product_name,
+            processor_plan: event["store_product_id"],
+            status: :active,
+            quantity: 1,
+            current_period_start: parse_time(event["current_period_start"]),
+            current_period_end: parse_time(event["current_period_end"]),
+            ends_at: parse_time(event["ends_at"]),
+            data: (subscription.data || {}).merge("store" => event["store"])
+          )
+
+          return unless is_new
+
+          redirect_path = event["success_path"] || Rails.application.routes.url_helpers.root_path
+          Turbo::StreamsChannel.broadcast_stream_to(
+            dom_id(customer),
+            content: turbo_stream_action_tag(:redirect, url: redirect_path)
+          )
+        end
+      end
+    end
+  end
+end

data/lib/purchasekit/pay/webhooks/subscription_expired.rb

@@ -0,0 +1,11 @@
+module PurchaseKit
+  module Pay
+    module Webhooks
+      class SubscriptionExpired < Base
+        def call(event)
+          update_subscription(event, status: :expired)
+        end
+      end
+    end
+  end
+end

data/lib/purchasekit/pay/webhooks/subscription_updated.rb

@@ -0,0 +1,32 @@
+module PurchaseKit
+  module Pay
+    module Webhooks
+      class SubscriptionUpdated < Base
+        include ActionView::RecordIdentifier
+        include Turbo::Streams::ActionHelper
+
+        def call(event)
+          update_subscription(event,
+            processor_plan: event["store_product_id"],
+            status: event["status"],
+            current_period_start: parse_time(event["current_period_start"]),
+            current_period_end: parse_time(event["current_period_end"]),
+            ends_at: parse_time(event["ends_at"])
+          )
+
+          broadcast_redirect(event) if event["success_path"].present?
+        end
+
+        private
+
+        def broadcast_redirect(event)
+          customer = ::Pay::Customer.find(event["customer_id"])
+          Turbo::StreamsChannel.broadcast_stream_to(
+            dom_id(customer),
+            content: turbo_stream_action_tag(:redirect, url: event["success_path"])
+          )
+        end
+      end
+    end
+  end
+end

data/lib/purchasekit/pay/webhooks.rb

@@ -0,0 +1,11 @@
+module PurchaseKit
+  module Pay
+    module Webhooks
+      autoload :Base, "purchasekit/pay/webhooks/base"
+      autoload :SubscriptionCreated, "purchasekit/pay/webhooks/subscription_created"
+      autoload :SubscriptionUpdated, "purchasekit/pay/webhooks/subscription_updated"
+      autoload :SubscriptionCanceled, "purchasekit/pay/webhooks/subscription_canceled"
+      autoload :SubscriptionExpired, "purchasekit/pay/webhooks/subscription_expired"
+    end
+  end
+end

data/lib/purchasekit/product.rb

@@ -0,0 +1,38 @@
+module PurchaseKit
+  class Product
+    attr_reader :id, :apple_product_id, :google_product_id
+
+    def initialize(id:, apple_product_id: nil, google_product_id: nil)
+      @id = id
+      @apple_product_id = apple_product_id
+      @google_product_id = google_product_id
+    end
+
+    def store_product_id(platform:)
+      case platform
+      when :apple then apple_product_id
+      when :google then google_product_id
+      else raise ArgumentError, "Unknown platform: #{platform}"
+      end
+    end
+
+    class << self
+      def find(id)
+        response = ApiClient.new.get("/products/#{id}")
+
+        case response.code
+        when 200
+          new(
+            id: response["id"],
+            apple_product_id: response["apple_product_id"],
+            google_product_id: response["google_product_id"]
+          )
+        when 404
+          raise PurchaseKit::Pay::NotFoundError, "Product not found: #{id}"
+        else
+          raise PurchaseKit::Pay::Error, "API error: #{response.code} #{response.message}"
+        end
+      end
+    end
+  end
+end

data/lib/purchasekit/purchase/intent.rb

@@ -0,0 +1,41 @@
+module PurchaseKit
+  module Purchase
+    class Intent
+      attr_reader :id, :uuid, :product
+
+      def initialize(id:, uuid:, product:)
+        @id = id
+        @uuid = uuid
+        @product = product
+      end
+
+      class << self
+        def create(product_id:, customer_id:, success_path: nil, environment: nil)
+          response = ApiClient.new.post("/purchase/intents", {
+            product_id: product_id,
+            customer_id: customer_id,
+            success_path: success_path,
+            environment: environment
+          })
+
+          case response.code
+          when 201
+            product_data = response["product"]
+            product = Product.new(
+              id: product_data["id"],
+              apple_product_id: product_data["apple_product_id"],
+              google_product_id: product_data["google_product_id"]
+            )
+            new(id: response["id"], uuid: response["uuid"], product: product)
+          when 402
+            raise PurchaseKit::Pay::SubscriptionRequiredError, response["error"] || "Subscription required for production purchases"
+          when 404
+            raise PurchaseKit::Pay::NotFoundError, "App or product not found"
+          else
+            raise PurchaseKit::Pay::Error, "API error: #{response.code} #{response.message}"
+          end
+        end
+      end
+    end
+  end
+end

data/lib/purchasekit-pay.rb

@@ -0,0 +1,11 @@
+require "pay"
+require "purchasekit/pay/version"
+require "purchasekit/pay/configuration"
+require "purchasekit/pay/error"
+require "purchasekit/pay/engine"
+require "purchasekit/pay/webhooks"
+require "purchasekit/pay/webhook"
+require "purchasekit/api_client"
+require "purchasekit/product"
+require "purchasekit/purchase/intent"
+require "pay/purchasekit"

metadata

@@ -0,0 +1,153 @@
+--- !ruby/object:Gem::Specification
+name: purchasekit-pay
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Joe Masilotti
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2025-12-23 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: httparty
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.22'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.22'
+- !ruby/object:Gem::Dependency
+  name: pay
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '11.4'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '11.4'
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '7.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '9'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '7.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '9'
+- !ruby/object:Gem::Dependency
+  name: vcr
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '6.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '6.0'
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+description: Add mobile in-app purchases to your Rails app with PurchaseKit and Pay.
+email:
+- joe@masilotti.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- MIT-LICENSE
+- README.md
+- Rakefile
+- app/controllers/purchase_kit/pay/application_controller.rb
+- app/controllers/purchase_kit/pay/purchases_controller.rb
+- app/controllers/purchase_kit/pay/webhooks_controller.rb
+- app/helpers/purchase_kit/pay/paywall_helper.rb
+- app/javascript/controllers/purchasekit_pay/paywall_controller.js
+- app/javascript/purchasekit_pay/turbo_actions.js
+- app/models/pay/purchasekit/charge.rb
+- app/models/pay/purchasekit/customer.rb
+- app/models/pay/purchasekit/subscription.rb
+- app/views/purchase_kit/pay/purchases/_subscription_required.html.erb
+- app/views/purchase_kit/pay/purchases/create.turbo_stream.erb
+- config/importmap.rb
+- config/routes.rb
+- lib/pay/purchasekit.rb
+- lib/purchasekit-pay.rb
+- lib/purchasekit/api_client.rb
+- lib/purchasekit/pay/configuration.rb
+- lib/purchasekit/pay/engine.rb
+- lib/purchasekit/pay/error.rb
+- lib/purchasekit/pay/version.rb
+- lib/purchasekit/pay/webhook.rb
+- lib/purchasekit/pay/webhooks.rb
+- lib/purchasekit/pay/webhooks/base.rb
+- lib/purchasekit/pay/webhooks/subscription_canceled.rb
+- lib/purchasekit/pay/webhooks/subscription_created.rb
+- lib/purchasekit/pay/webhooks/subscription_expired.rb
+- lib/purchasekit/pay/webhooks/subscription_updated.rb
+- lib/purchasekit/product.rb
+- lib/purchasekit/purchase/intent.rb
+homepage: https://purchasekit.dev
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://purchasekit.dev
+  source_code_uri: https://github.com/purchasekit/purchasekit-pay
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '3.1'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.4.10
+signing_key:
+specification_version: 4
+summary: PurchaseKit payment processor for Pay
+test_files: []