purchasekit 0.2.4 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5b61274d4dffcca3ba325b0f5864a5f8e99d84445e7ea94d9183085699af40ec
-  data.tar.gz: 66ca2d30a022636d2f25d68eb3c460b7959a921488978ba6a2e9df0d02514045
+  metadata.gz: d9deafd906c87c4b35fd61e260cfdb22027f76b92e991bf1e452e883a087c28a
+  data.tar.gz: 4cbc9675b2856e555de937efc121b4bb71688decbd596b5dbcabc7e92a7c0fd6
 SHA512:
-  metadata.gz: 45e42938f573a5638492caf1dcda2a2a61ae1b8be70286bae67aaa1c93f2ec22027de4b77f5a16387ec561ad2125382d64cda9a7e717b4a07c7fcbfc83aa4100
-  data.tar.gz: 96849a02d7f7752d2060bcb29b1267dc2ced03e2837c399479a6226a9966a6d9cab5b412c6b0f5bac101526571a0e663f80578f630f6e6ba4ef20a5ca694372f
+  metadata.gz: 80ea056afb46318429c244553a4395b4c964f08efacc25f2922a22c864d03f13c0784dbeb32ea9d2df20e658d3414cd14475a8e42c2df2ad5f05cd4ce872852c
+  data.tar.gz: 9c194d0edc5bf9ba974c4ab8c5f182bffb9630ee8e0570cf4a094262220cdecb076becea0e95088bf0ec422458774b32719cdefaf7629f80daf6ad2a6cb9da8b

data/README.md

@@ -108,6 +108,7 @@ end
 
 | Method | Description |
 |--------|-------------|
+| `event.event_id` | Unique event identifier (for idempotency) |
 | `event.customer_id` | Your user ID |
 | `event.subscription_id` | Store's subscription ID |
 | `event.store` | `"apple"` or `"google"` |
@@ -118,11 +119,17 @@ end
 | `event.ends_at` | When subscription will end |
 | `event.success_path` | Redirect path after purchase |
 
+### Idempotency
+
+Webhooks may be delivered more than once. Write idempotent callbacks using `find_or_create_by` or check `event.event_id` to avoid duplicate side effects.
+
 ## Paywall helper
 
-Build a paywall using the included helper:
+Build a paywall using the included helper. Subscribe to the Turbo Stream for real-time redirects:
 
 ```erb
+<%= turbo_stream_from "purchasekit_customer_#{current_user.id}" %>
+
 <%= purchasekit_paywall customer_id: current_user.id, success_path: dashboard_path do |paywall| %>
   <%= paywall.plan_option product: @annual, selected: true do %>
     Annual - <%= paywall.price %>/year
@@ -133,8 +140,25 @@ Build a paywall using the included helper:
   <% end %>
 
   <%= paywall.submit "Subscribe" %>
-  <%= paywall.restore_link %>
 <% end %>
+
+<%= button_to "Restore purchases", restore_purchases_path %>
+```
+
+The restore link checks your server for an active subscription. Implement the endpoint in your app:
+
+```ruby
+# routes.rb
+post "restore_purchases", to: "subscriptions#restore"
+
+# subscriptions_controller.rb
+def restore
+  if current_user.subscribed?
+    redirect_to dashboard_path, notice: "Your subscription is active."
+  else
+    redirect_to paywall_path, alert: "No active subscription found."
+  end
+end
 ```
 
 Products are fetched from the PurchaseKit API:

data/app/controllers/purchase_kit/application_controller.rb

@@ -1,5 +1,31 @@
 module PurchaseKit
   class ApplicationController < ActionController::Base
     protect_from_forgery with: :exception
+
+    rescue_from PurchaseKit::NotFoundError, with: :handle_not_found
+    rescue_from PurchaseKit::SubscriptionRequiredError, with: :handle_subscription_required
+
+    private
+
+    def handle_not_found(exception)
+      handle_error("Product not found", :not_found)
+    end
+
+    def handle_subscription_required(exception)
+      handle_error("PurchaseKit subscription required", :payment_required)
+    end
+
+    def handle_error(message, status)
+      respond_to do |format|
+        format.turbo_stream do
+          render turbo_stream: turbo_stream.append(
+            "purchasekit_paywall",
+            partial: "purchase_kit/purchases/error",
+            locals: {message: message}
+          )
+        end
+        format.json { render json: {error: message}, status: status }
+      end
+    end
   end
 end

data/app/controllers/purchase_kit/webhooks_controller.rb

@@ -13,6 +13,9 @@ module PurchaseKit
       PurchaseKit.queue_pay_webhook(event) if PurchaseKit.pay_enabled?
 
       head :ok
+    rescue JSON::ParserError => e
+      Rails.logger.error "[PurchaseKit] Invalid JSON in webhook: #{e.message}"
+      head :bad_request
     rescue PurchaseKit::SignatureVerificationError => e
       Rails.logger.error "[PurchaseKit] Webhook signature error: #{e.message}"
       head :bad_request

data/app/helpers/purchase_kit/pay/paywall_helper.rb

@@ -9,14 +9,14 @@ module PurchaseKit::Pay::PaywallHelper
     builder = PurchaseKit::Pay::PaywallBuilder.new(self, customer)
 
     form_data = (options.delete(:data) || {}).merge(
-      controller: "purchasekit-pay--paywall",
-      purchasekit_pay__paywall_customer_id_value: customer.id
+      controller: "purchasekit--paywall",
+      purchasekit__paywall_customer_id_value: customer.id
     )
 
     form_with(url: purchasekit_pay.purchases_path, id: "purchasekit_paywall", data: form_data, **options) do |form|
       hidden = hidden_field_tag(:customer_id, customer.id)
       hidden += hidden_field_tag(:success_path, success_path)
-      hidden += hidden_field_tag(:environment, "sandbox", data: {purchasekit_pay__paywall_target: "environment"})
+      hidden += hidden_field_tag(:environment, "sandbox", data: {purchasekit__paywall_target: "environment"})
       hidden + capture { yield builder }
     end
   end
@@ -40,7 +40,7 @@ class PurchaseKit::Pay::PaywallBuilder
       class: input_class,
       autocomplete: "off",
       data: {
-        purchasekit_pay__paywall_target: "planRadio",
+        purchasekit__paywall_target: "planRadio",
         apple_store_product_id: product.apple_product_id,
         google_store_product_id: product.google_product_id
       }
@@ -57,7 +57,7 @@ class PurchaseKit::Pay::PaywallBuilder
     raise "price must be called within a plan_option block" unless @current_product
 
     data = (options.delete(:data) || {}).merge(
-      purchasekit_pay__paywall_target: "price",
+      purchasekit__paywall_target: "price",
       apple_store_product_id: @current_product.apple_product_id,
       google_store_product_id: @current_product.google_product_id
     )
@@ -68,18 +68,11 @@ class PurchaseKit::Pay::PaywallBuilder
 
   def submit(text = "Subscribe", **options)
     data = (options.delete(:data) || {}).merge(
-      purchasekit_pay__paywall_target: "submitButton",
+      purchasekit__paywall_target: "submitButton",
       turbo_submits_with: text
     )
 
     @template.submit_tag(text, disabled: true, data: data, **options)
   end
 
-  def restore_link(text: "Restore purchases", **options)
-    data = (options.delete(:data) || {}).merge(
-      action: "click->purchasekit-pay--paywall#restore"
-    )
-
-    @template.link_to(text, "#", data: data, **options)
-  end
 end

data/app/helpers/purchase_kit/paywall_helper.rb

@@ -85,12 +85,5 @@ module PurchaseKit
       @template.submit_tag(text, disabled: true, data: data, **options)
     end
 
-    def restore_link(text: "Restore purchases", **options)
-      data = (options.delete(:data) || {}).merge(
-        action: "click->purchasekit--paywall#restore"
-      )
-
-      @template.link_to(text, "#", data: data, **options)
-    end
   end
 end

data/app/javascript/controllers/purchasekit/paywall_controller.js

@@ -9,7 +9,22 @@ export default class extends BridgeComponent {
     this.#fetchPrices()
   }
 
+  disconnect() {
+    if (this.#fallbackTimeoutId) {
+      clearTimeout(this.#fallbackTimeoutId)
+    }
+  }
+
   responseTargetConnected(element) {
+    const error = element.dataset.error
+
+    if (error) {
+      element.remove()
+      alert(error)
+      this.#enableForm()
+      return
+    }
+
     const correlationId = element.dataset.correlationId
     const productIds = this.#productIds(element)
     const relativeUrl = element.dataset.xcodeCompletionUrl
@@ -21,11 +36,6 @@ export default class extends BridgeComponent {
     this.#triggerNativePurchase(productIds, correlationId, xcodeCompletionUrl, successPath)
   }
 
-  restore(event) {
-    event.preventDefault()
-    this.send("restore")
-  }
-
   #triggerNativePurchase(productIds, correlationId, xcodeCompletionUrl, successPath) {
     this.send("purchase", { ...productIds, correlationId, xcodeCompletionUrl }, message => {
       const { status, error } = message.data
@@ -42,16 +52,18 @@ export default class extends BridgeComponent {
         return
       }
 
-      // On success, redirect to success path after a short delay
-      // to allow the completion callback to finish processing
-      if (status == "success" && successPath) {
-        setTimeout(() => {
+      // On success, Turbo Stream will broadcast redirect when webhook completes.
+      // Fallback: redirect after 30 seconds in case ActionCable isn't connected.
+      if (successPath) {
+        this.#fallbackTimeoutId = setTimeout(() => {
           window.Turbo.visit(successPath)
-        }, 500)
+        }, 30000)
       }
     })
   }
 
+  #fallbackTimeoutId = null
+
   #fetchPrices() {
     const products = this.priceTargets.map(el => this.#productIds(el))
 

data/app/views/purchase_kit/pay/purchases/create.turbo_stream.erb

@@ -1,5 +1,5 @@
 <%= turbo_stream.append "purchasekit_paywall" do %>
-  <div data-purchasekit-pay--paywall-target="response"
+  <div data-purchasekit--paywall-target="response"
        data-correlation-id="<%= @intent.uuid %>"
        data-apple-store-product-id="<%= @intent.product.apple_product_id %>"
        data-google-store-product-id="<%= @intent.product.google_product_id %>"

data/app/views/purchase_kit/purchases/_error.html.erb

@@ -0,0 +1,3 @@
+<div data-purchasekit--paywall-target="response"
+     data-error="<%= message %>">
+</div>

data/lib/purchasekit/api_client.rb

@@ -18,7 +18,7 @@ module PurchaseKit
     private
 
     def request(method, path, body = nil)
-      options = {headers: headers}
+      options = {headers: headers, timeout: 15}
       options[:body] = body.to_json if body
 
       HTTParty.public_send(method, url(path), options)

data/lib/purchasekit/events.rb

@@ -8,9 +8,12 @@ module PurchaseKit
     ].freeze
 
     class << self
+      include ActionView::Helpers::TagHelper
+
       # Publish an event to all registered handlers.
       #
       # Also publishes via ActiveSupport::Notifications for additional flexibility.
+      # Broadcasts redirect for subscription_created when Pay is not handling it.
       #
       # @param type [Symbol] Event type (e.g., :subscription_created)
       # @param payload [Hash] Event payload from the webhook
@@ -27,8 +30,25 @@ module PurchaseKit
         # Also publish via ActiveSupport::Notifications for subscribers
         ActiveSupport::Notifications.instrument("purchasekit.#{type}", event: event)
 
+        # Broadcast redirect for new subscriptions (Pay handles its own broadcasts)
+        if type == :subscription_created && !PurchaseKit.pay_enabled?
+          broadcast_redirect(event)
+        end
+
         event
       end
+
+      private
+
+      def broadcast_redirect(event)
+        return if event.success_path.blank?
+        return unless defined?(Turbo::StreamsChannel)
+
+        Turbo::StreamsChannel.broadcast_stream_to(
+          "purchasekit_customer_#{event.customer_id}",
+          content: tag.turbo_stream(action: :redirect, url: event.success_path)
+        )
+      end
     end
 
     # Represents a subscription event from Apple or Google.
@@ -45,6 +65,12 @@ module PurchaseKit
         @payload = payload.is_a?(Hash) ? payload.with_indifferent_access : payload
       end
 
+      # Unique identifier for this event. Use for idempotency checks.
+      # Store processed event_ids to prevent duplicate processing.
+      def event_id
+        payload[:event_id]
+      end
+
       # The customer ID you passed when creating the purchase intent.
       # Use this to look up the user in your database.
       def customer_id

data/lib/purchasekit/version.rb

@@ -1,3 +1,3 @@
 module PurchaseKit
-  VERSION = "0.2.4"
+  VERSION = "0.3.0"
 end

data/lib/purchasekit.rb

@@ -43,10 +43,11 @@ module PurchaseKit
     end
 
     def pay_enabled?
-      defined?(::Pay)
+      defined?(::Pay) && defined?(::Pay::VERSION)
     end
 
     def queue_pay_webhook(event)
+      return unless defined?(PurchaseKit::Pay::Webhook)
       PurchaseKit::Pay::Webhook.queue(event)
     end
   end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: purchasekit
 version: !ruby/object:Gem::Version
-  version: 0.2.4
+  version: 0.3.0
 platform: ruby
 authors:
 - Joe Masilotti
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2026-01-01 00:00:00.000000000 Z
+date: 2026-01-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -122,7 +122,6 @@ files:
 - app/helpers/purchase_kit/pay/paywall_helper.rb
 - app/helpers/purchase_kit/paywall_helper.rb
 - app/javascript/controllers/purchasekit/paywall_controller.js
-- app/javascript/controllers/purchasekit_pay/paywall_controller.js
 - app/javascript/purchasekit/turbo_actions.js
 - app/javascript/purchasekit_pay/turbo_actions.js
 - app/models/pay/purchasekit/charge.rb
@@ -130,6 +129,7 @@ files:
 - app/models/pay/purchasekit/subscription.rb
 - app/views/purchase_kit/pay/purchases/_subscription_required.html.erb
 - app/views/purchase_kit/pay/purchases/create.turbo_stream.erb
+- app/views/purchase_kit/purchases/_error.html.erb
 - app/views/purchase_kit/purchases/_intent.html.erb
 - config/importmap.rb
 - config/routes.rb

data/app/javascript/controllers/purchasekit_pay/paywall_controller.js

@@ -1,112 +0,0 @@
-import { BridgeComponent } from "@hotwired/hotwire-native-bridge"
-
-export default class extends BridgeComponent {
-  static component = "paywall"
-  static targets = ["planRadio", "price", "submitButton", "response", "environment"]
-
-  connect() {
-    super.connect()
-    this.#fetchPrices()
-  }
-
-  responseTargetConnected(element) {
-    const correlationId = element.dataset.correlationId
-    const productIds = this.#productIds(element)
-    const xcodeCompletionUrl = element.dataset.xcodeCompletionUrl
-
-    element.remove()
-    this.#disableForm()
-    this.#triggerNativePurchase(productIds, correlationId, xcodeCompletionUrl)
-  }
-
-  restore(event) {
-    event.preventDefault()
-    this.send("restore")
-  }
-
-  #triggerNativePurchase(productIds, correlationId, xcodeCompletionUrl) {
-    this.send("purchase", { ...productIds, correlationId, xcodeCompletionUrl }, message => {
-      const { status, error } = message.data
-
-      if (error) {
-        console.error(error)
-        alert(`Purchase error: ${error}`)
-        this.#enableForm()
-      }
-
-      if (status == "cancelled") {
-        this.#enableForm()
-      }
-
-      // On success, keep showing processing state.
-      // Turbo Stream will update the UI when webhook completes.
-    })
-  }
-
-  #fetchPrices() {
-    const products = this.priceTargets.map(el => this.#productIds(el))
-
-    this.send("prices", { products }, message => {
-      const { prices, environment, error } = message.data
-
-      if (error) {
-        console.error(error)
-        return
-      }
-
-      if (prices) {
-        this.#setPrices(prices)
-        this.#setEnvironment(environment)
-        this.#enableForm()
-      }
-    })
-  }
-
-  #setEnvironment(environment) {
-    if (this.hasEnvironmentTarget && environment) {
-      this.environmentTarget.value = environment
-    }
-  }
-
-  #setPrices(prices) {
-    this.priceTargets.forEach(el => {
-      const { appleStoreProductId, googleStoreProductId } = this.#productIds(el)
-      const price = prices[appleStoreProductId] || prices[googleStoreProductId]
-
-      if (price) {
-        el.textContent = price
-      } else {
-        console.error(`No price found for product.`)
-      }
-    })
-  }
-
-  #productIds(element) {
-    return {
-      appleStoreProductId: element.dataset.appleStoreProductId,
-      googleStoreProductId: element.dataset.googleStoreProductId
-    }
-  }
-
-  #enableForm() {
-    this.planRadioTargets.forEach(radio => radio.disabled = false)
-    if (this.hasSubmitButtonTarget) {
-      this.submitButtonTarget.disabled = false
-      if (this.#originalButtonText) {
-        this.submitButtonTarget.innerHTML = this.#originalButtonText
-      }
-    }
-  }
-
-  #disableForm() {
-    this.planRadioTargets.forEach(radio => radio.disabled = true)
-    if (this.hasSubmitButtonTarget) {
-      this.#originalButtonText = this.submitButtonTarget.innerHTML
-      this.submitButtonTarget.disabled = true
-      const processingText = this.submitButtonTarget.dataset.processingText || "Processing..."
-      this.submitButtonTarget.innerHTML = processingText
-    }
-  }
-
-  #originalButtonText = null
-}