purchasekit 0.2.1

data/lib/purchasekit/pay/engine.rb

@@ -0,0 +1,35 @@
+module PurchaseKit
+  module Pay
+    class Engine < ::Rails::Engine
+      isolate_namespace PurchaseKit::Pay
+
+      initializer "purchasekit_pay.register_processor", before: :load_config_initializers do
+        ::Pay.enabled_processors << :purchasekit unless ::Pay.enabled_processors.include?(:purchasekit)
+      end
+
+      initializer "purchasekit_pay.webhooks", after: :load_config_initializers do
+        ::Pay::Purchasekit.configure_webhooks
+      end
+
+      initializer "purchasekit_pay.helpers" do
+        ActiveSupport.on_load(:action_controller_base) do
+          helper PurchaseKit::Pay::PaywallHelper
+        end
+      end
+
+      initializer "purchasekit_pay.importmap", before: "importmap" do |app|
+        if app.config.respond_to?(:importmap)
+          app.config.importmap.paths << Engine.root.join("config/importmap.rb")
+          app.config.importmap.cache_sweepers << root.join("app/javascript")
+        end
+      end
+
+      initializer "purchasekit_pay.assets" do |app|
+        if app.config.respond_to?(:assets) && app.config.assets.respond_to?(:paths)
+          app.config.assets.paths << root.join("app/javascript")
+          app.config.assets.precompile += %w[purchasekit-pay/manifest.js]
+        end
+      end
+    end
+  end
+end

data/lib/purchasekit/pay/error.rb

@@ -0,0 +1,12 @@
+module PurchaseKit
+  module Pay
+    class Error < ::Pay::Error
+    end
+
+    class NotFoundError < Error
+    end
+
+    class SubscriptionRequiredError < Error
+    end
+  end
+end

data/lib/purchasekit/pay/version.rb

@@ -0,0 +1,5 @@
+module PurchaseKit
+  module Pay
+    VERSION = "0.1.4"
+  end
+end

data/lib/purchasekit/pay/webhook.rb

@@ -0,0 +1,36 @@
+module PurchaseKit
+  module Pay
+    class Webhook
+      def self.queue(event)
+        new(event).queue
+      end
+
+      def initialize(event)
+        @event = event
+      end
+
+      def queue
+        return unless listening?
+
+        record = ::Pay::Webhook.create!(processor: :purchasekit, event_type:, event: @event)
+        ProcessWebhookJob.perform_later(record.id)
+      end
+
+      private
+
+      def event_type
+        @event[:type]
+      end
+
+      def listening?
+        ::Pay::Webhooks.delegator.listening?("purchasekit.#{event_type}")
+      end
+
+      class ProcessWebhookJob < ::ActiveJob::Base
+        def perform(webhook_id)
+          ::Pay::Webhook.find(webhook_id).process!
+        end
+      end
+    end
+  end
+end

data/lib/purchasekit/pay/webhooks/base.rb

@@ -0,0 +1,25 @@
+module PurchaseKit
+  module Pay
+    module Webhooks
+      class Base
+        private
+
+        def update_subscription(event, attributes)
+          pay_subscription = find_subscription(event)
+          return unless pay_subscription
+
+          pay_subscription.update!(attributes)
+        end
+
+        def find_subscription(event)
+          ::Pay::Subscription.find_by(processor_id: event["subscription_id"])
+        end
+
+        def parse_time(value)
+          return nil if value.blank?
+          Time.zone.parse(value)
+        end
+      end
+    end
+  end
+end

data/lib/purchasekit/pay/webhooks/subscription_canceled.rb

@@ -0,0 +1,11 @@
+module PurchaseKit
+  module Pay
+    module Webhooks
+      class SubscriptionCanceled < Base
+        def call(event)
+          update_subscription(event, status: :canceled, ends_at: parse_time(event["ends_at"]))
+        end
+      end
+    end
+  end
+end

data/lib/purchasekit/pay/webhooks/subscription_created.rb

@@ -0,0 +1,39 @@
+module PurchaseKit
+  module Pay
+    module Webhooks
+      class SubscriptionCreated < Base
+        include ActionView::RecordIdentifier
+        include Turbo::Streams::ActionHelper
+
+        def call(event)
+          customer = ::Pay::Customer.find(event["customer_id"])
+
+          subscription = ::Pay::Purchasekit::Subscription.find_or_initialize_by(
+            customer: customer,
+            processor_id: event["subscription_id"]
+          )
+          is_new = subscription.new_record?
+
+          subscription.update!(
+            name: event["subscription_name"] || ::Pay.default_product_name,
+            processor_plan: event["store_product_id"],
+            status: :active,
+            quantity: 1,
+            current_period_start: parse_time(event["current_period_start"]),
+            current_period_end: parse_time(event["current_period_end"]),
+            ends_at: parse_time(event["ends_at"]),
+            data: (subscription.data || {}).merge("store" => event["store"])
+          )
+
+          return unless is_new
+
+          redirect_path = event["success_path"] || Rails.application.routes.url_helpers.root_path
+          Turbo::StreamsChannel.broadcast_stream_to(
+            dom_id(customer),
+            content: turbo_stream_action_tag(:redirect, url: redirect_path)
+          )
+        end
+      end
+    end
+  end
+end

data/lib/purchasekit/pay/webhooks/subscription_expired.rb

@@ -0,0 +1,11 @@
+module PurchaseKit
+  module Pay
+    module Webhooks
+      class SubscriptionExpired < Base
+        def call(event)
+          update_subscription(event, status: :expired)
+        end
+      end
+    end
+  end
+end

data/lib/purchasekit/pay/webhooks/subscription_updated.rb

@@ -0,0 +1,31 @@
+module PurchaseKit
+  module Pay
+    module Webhooks
+      class SubscriptionUpdated < Base
+        include ActionView::RecordIdentifier
+        include Turbo::Streams::ActionHelper
+
+        def call(event)
+          update_subscription(event,
+            processor_plan: event["store_product_id"],
+            status: event["status"],
+            current_period_start: parse_time(event["current_period_start"]),
+            current_period_end: parse_time(event["current_period_end"]),
+            ends_at: parse_time(event["ends_at"]))
+
+          broadcast_redirect(event) if event["success_path"].present?
+        end
+
+        private
+
+        def broadcast_redirect(event)
+          customer = ::Pay::Customer.find(event["customer_id"])
+          Turbo::StreamsChannel.broadcast_stream_to(
+            dom_id(customer),
+            content: turbo_stream_action_tag(:redirect, url: event["success_path"])
+          )
+        end
+      end
+    end
+  end
+end

data/lib/purchasekit/pay/webhooks.rb

@@ -0,0 +1,11 @@
+module PurchaseKit
+  module Pay
+    module Webhooks
+      autoload :Base, "purchasekit/pay/webhooks/base"
+      autoload :SubscriptionCreated, "purchasekit/pay/webhooks/subscription_created"
+      autoload :SubscriptionUpdated, "purchasekit/pay/webhooks/subscription_updated"
+      autoload :SubscriptionCanceled, "purchasekit/pay/webhooks/subscription_canceled"
+      autoload :SubscriptionExpired, "purchasekit/pay/webhooks/subscription_expired"
+    end
+  end
+end

data/lib/purchasekit/product/demo.rb

@@ -0,0 +1,23 @@
+module PurchaseKit
+  class Product
+    # Demo implementation of Product for local development.
+    #
+    # Reads product data from PurchaseKit.config.demo_products instead
+    # of making API calls. Designed for use with Xcode's StoreKit testing.
+    #
+    class Demo
+      class << self
+        def find(id)
+          product_data = PurchaseKit.config.demo_products[id]
+          raise PurchaseKit::NotFoundError, "Product not found: #{id}" unless product_data
+
+          Product.new(
+            id: id,
+            apple_product_id: product_data[:apple_product_id],
+            google_product_id: product_data[:google_product_id]
+          )
+        end
+      end
+    end
+  end
+end

data/lib/purchasekit/product/remote.rb

@@ -0,0 +1,26 @@
+module PurchaseKit
+  class Product
+    # Production implementation of Product that fetches from PurchaseKit API.
+    #
+    class Remote
+      class << self
+        def find(id)
+          response = ApiClient.new.get("/products/#{id}")
+
+          case response.code
+          when 200
+            Product.new(
+              id: response["id"],
+              apple_product_id: response["apple_product_id"],
+              google_product_id: response["google_product_id"]
+            )
+          when 404
+            raise PurchaseKit::NotFoundError, "Product not found: #{id}"
+          else
+            raise PurchaseKit::Error, "API error: #{response.code} #{response.message}"
+          end
+        end
+      end
+    end
+  end
+end

data/lib/purchasekit/product.rb

@@ -0,0 +1,52 @@
+module PurchaseKit
+  # Represents a product configured in the PurchaseKit dashboard.
+  #
+  # Products contain the store-specific product IDs for Apple and Google.
+  # Display text (name, description, price) should be fetched from the
+  # stores at runtime or defined in your views for i18n support.
+  #
+  # Example:
+  #   product = PurchaseKit::Product.find("prod_XXXXX")
+  #   product.apple_product_id  # => "com.example.pro.annual"
+  #   product.google_product_id # => "pro_annual"
+  #
+  class Product
+    attr_reader :id, :apple_product_id, :google_product_id
+
+    def initialize(id:, apple_product_id: nil, google_product_id: nil)
+      @id = id
+      @apple_product_id = apple_product_id
+      @google_product_id = google_product_id
+    end
+
+    # Get the store-specific product ID for a platform.
+    #
+    # @param platform [Symbol] :apple or :google
+    # @return [String] The store product ID
+    #
+    def store_product_id(platform:)
+      case platform
+      when :apple then apple_product_id
+      when :google then google_product_id
+      else raise ArgumentError, "Unknown platform: #{platform}"
+      end
+    end
+
+    # Find a product by ID.
+    #
+    # In demo mode, reads from configured demo_products.
+    # In production, fetches from the PurchaseKit API.
+    #
+    # @param id [String] The product ID (e.g., "prod_XXXXX" or a demo key)
+    # @return [Product]
+    # @raise [NotFoundError] if product doesn't exist
+    #
+    def self.find(id)
+      if PurchaseKit.config.demo_mode?
+        Demo.find(id)
+      else
+        Remote.find(id)
+      end
+    end
+  end
+end

data/lib/purchasekit/purchase/intent/demo.rb

@@ -0,0 +1,59 @@
+require "securerandom"
+
+module PurchaseKit
+  module Purchase
+    class Intent
+      # Demo implementation of Intent for local development.
+      #
+      # Stores intents in memory instead of making API calls.
+      # Designed for use with Xcode's StoreKit testing.
+      #
+      class Demo < Intent
+        attr_reader :customer_id
+
+        def initialize(id:, uuid:, product:, customer_id:, success_path:)
+          super(id: id, uuid: uuid, product: product, success_path: success_path)
+          @customer_id = customer_id
+        end
+
+        # URL for Xcode StoreKit testing to simulate purchase completion
+        def xcode_completion_url
+          "/purchasekit/purchase/completions/#{uuid}"
+        end
+
+        class << self
+          def find(uuid)
+            intent = store[uuid]
+            raise PurchaseKit::NotFoundError, "Intent not found: #{uuid}" unless intent
+            intent
+          end
+
+          def create(product_id:, customer_id:, success_path: nil, environment: nil)
+            product = Product.find(product_id)
+            uuid = SecureRandom.uuid
+            id = "intent_#{SecureRandom.hex(8)}"
+
+            intent = new(
+              id: id,
+              uuid: uuid,
+              product: product,
+              customer_id: customer_id,
+              success_path: success_path
+            )
+            store[uuid] = intent
+            intent
+          end
+
+          def store
+            @store ||= {}
+          end
+
+          # Clear the in-memory store (useful for tests)
+          def clear_store!
+            @store = {}
+          end
+        end
+      end
+    end
+  end
+end

data/lib/purchasekit/purchase/intent/remote.rb

@@ -0,0 +1,37 @@
+module PurchaseKit
+  module Purchase
+    class Intent
+      # Production implementation of Intent that creates via PurchaseKit API.
+      #
+      class Remote < Intent
+        class << self
+          def create(product_id:, customer_id:, success_path: nil, environment: nil)
+            response = ApiClient.new.post("/purchase/intents", {
+              product_id: product_id,
+              customer_id: customer_id,
+              success_path: success_path,
+              environment: environment
+            })
+
+            case response.code
+            when 201
+              product_data = response["product"]
+              product = Product.new(
+                id: product_data["id"],
+                apple_product_id: product_data["apple_product_id"],
+                google_product_id: product_data["google_product_id"]
+              )
+              new(id: response["id"], uuid: response["uuid"], product: product, success_path: success_path)
+            when 402
+              raise PurchaseKit::SubscriptionRequiredError, response["error"] || "Subscription required for production purchases"
+            when 404
+              raise PurchaseKit::NotFoundError, "App or product not found"
+            else
+              raise PurchaseKit::Error, "API error: #{response.code} #{response.message}"
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/purchasekit/purchase/intent.rb

@@ -0,0 +1,55 @@
+module PurchaseKit
+  module Purchase
+    # Represents a purchase intent - the record created before a user
+    # initiates an in-app purchase.
+    #
+    # The intent contains a UUID that gets passed to the store as the
+    # appAccountToken (Apple) or obfuscatedAccountId (Google). This allows
+    # PurchaseKit to correlate the store's webhook with your user.
+    #
+    # Example:
+    #   intent = PurchaseKit::Purchase::Intent.create(
+    #     product_id: "prod_XXXXX",
+    #     customer_id: current_user.payment_processor.id,
+    #     success_path: "/dashboard",
+    #     environment: "sandbox"
+    #   )
+    #
+    #   intent.uuid     # => Pass to native app for store purchase
+    #   intent.product  # => Contains store product IDs
+    #
+    class Intent
+      attr_reader :id, :uuid, :product, :success_path
+
+      def initialize(id:, uuid:, product:, success_path: nil)
+        @id = id
+        @uuid = uuid
+        @product = product
+        @success_path = success_path
+      end
+
+      # Override in subclasses if needed
+      def xcode_completion_url
+        nil
+      end
+
+      # Create a new purchase intent.
+      #
+      # @param product_id [String] The PurchaseKit product ID
+      # @param customer_id [Integer, String] Your customer/user ID (will be included in webhooks)
+      # @param success_path [String] Where to redirect after successful purchase
+      # @param environment [String] "sandbox" or "production"
+      # @return [Intent]
+      # @raise [NotFoundError] if product doesn't exist
+      # @raise [SubscriptionRequiredError] if PurchaseKit subscription needed for production
+      #
+      def self.create(product_id:, customer_id:, success_path: nil, environment: nil)
+        if PurchaseKit.config.demo_mode?
+          Demo.create(product_id:, customer_id:, success_path:)
+        else
+          Remote.create(product_id:, customer_id:, success_path:, environment:)
+        end
+      end
+    end
+  end
+end

data/lib/purchasekit/version.rb

@@ -0,0 +1,3 @@
+module PurchaseKit
+  VERSION = "0.2.1"
+end

data/lib/purchasekit/webhook_signature.rb

@@ -0,0 +1,60 @@
+require "openssl"
+require "json"
+
+module PurchaseKit
+  # Verifies HMAC-SHA256 signatures on incoming webhooks.
+  #
+  # The PurchaseKit SaaS signs all webhook payloads with your webhook secret.
+  # This class verifies those signatures to ensure webhooks are authentic.
+  #
+  # Example:
+  #   PurchaseKit::WebhookSignature.verify!(
+  #     payload: request.raw_post,
+  #     signature: request.headers["X-PurchaseKit-Signature"],
+  #     secret: PurchaseKit.config.webhook_secret
+  #   )
+  #
+  class WebhookSignature
+    attr_reader :payload, :signature, :secret
+
+    def initialize(payload:, signature:, secret:)
+      @payload = payload
+      @signature = signature
+      @secret = secret
+    end
+
+    # Verify the signature. Raises SignatureVerificationError if invalid.
+    def verify!
+      if secret.blank?
+        raise SignatureVerificationError, "webhook_secret must be configured"
+      end
+
+      if signature.blank?
+        raise SignatureVerificationError, "Missing signature"
+      end
+
+      expected = OpenSSL::HMAC.hexdigest("SHA256", secret, payload)
+      unless ActiveSupport::SecurityUtils.secure_compare(signature, expected)
+        raise SignatureVerificationError, "Invalid signature"
+      end
+
+      true
+    end
+
+    # Verify the signature and return the parsed JSON payload.
+    def verified_payload
+      verify!
+      JSON.parse(payload, symbolize_names: true)
+    end
+
+    class << self
+      def verify!(payload:, signature:, secret:)
+        new(payload: payload, signature: signature, secret: secret).verify!
+      end
+
+      def verified_payload(payload:, signature:, secret:)
+        new(payload: payload, signature: signature, secret: secret).verified_payload
+      end
+    end
+  end
+end

data/lib/purchasekit-pay.rb

@@ -0,0 +1,15 @@
+require "pay"
+require "purchasekit/pay/version"
+require "purchasekit/pay/configuration"
+require "purchasekit/pay/error"
+require "purchasekit/pay/engine"
+require "purchasekit/pay/webhooks"
+require "purchasekit/pay/webhook"
+require "purchasekit/api_client"
+require "purchasekit/product"
+require "purchasekit/product/demo"
+require "purchasekit/product/remote"
+require "purchasekit/purchase/intent"
+require "purchasekit/purchase/intent/demo"
+require "purchasekit/purchase/intent/remote"
+require "pay/purchasekit"

data/lib/purchasekit.rb

@@ -0,0 +1,60 @@
+# PurchaseKit - In-app purchase webhooks for Rails
+#
+# This gem handles:
+# - Configuration and API client
+# - Product and purchase intent management
+# - Webhook signature verification
+# - Event callbacks for subscription lifecycle
+# - Rails engine with webhooks controller and paywall helpers
+# - Pay gem integration (auto-detected when Pay is present)
+
+require "active_support"
+require "active_support/core_ext/object/blank"
+require "active_support/core_ext/hash/indifferent_access"
+require "active_support/notifications"
+require "active_support/security_utils"
+
+require "purchasekit/version"
+require "purchasekit/configuration"
+require "purchasekit/error"
+require "purchasekit/events"
+require "purchasekit/webhook_signature"
+require "purchasekit/api_client"
+require "purchasekit/product"
+require "purchasekit/product/demo"
+require "purchasekit/product/remote"
+require "purchasekit/purchase/intent"
+require "purchasekit/purchase/intent/demo"
+require "purchasekit/purchase/intent/remote"
+require "purchasekit/engine"
+
+module PurchaseKit
+  class << self
+    def config
+      @config ||= Configuration.new
+    end
+
+    def configure
+      yield(config)
+    end
+
+    def reset_config!
+      @config = Configuration.new
+    end
+
+    def pay_enabled?
+      defined?(::Pay)
+    end
+
+    def queue_pay_webhook(event)
+      PurchaseKit::Pay::Webhook.queue(event)
+    end
+  end
+end
+
+# Load Pay integration if Pay gem is available
+if PurchaseKit.pay_enabled?
+  require "purchasekit/pay/webhooks"
+  require "purchasekit/pay/webhook"
+  require "pay/purchasekit"
+end