ruby_native 0.5.0 → 0.5.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2a9874ed5b3d89d70bbfdc1823dc9fdb9f21d069d9d7c2929f2d8a03fa4c7054
-  data.tar.gz: ac20022d1ec9d8572303dc5e88797446363b7b7da0681aad49b5698ad49552b7
+  metadata.gz: d81a713c1634d9c87271bd6411bcc9b4056d872c80c41e202815e6e71e5d05b1
+  data.tar.gz: 758f9b00e03c0f1b4193a90ea81f16bf41dfab67c4a3998e381cc504e0a7278f
 SHA512:
-  metadata.gz: '00951e78cd2b45e19baae4563e1bdbed1b292ddc2996ad4e698482dd5ea5fa322d596a1679411c2dadb7ea26d0a1e12a84f6bddab8dfb819f721a00bc8b126fd'
-  data.tar.gz: 85f23e39ddfd0ebc4890d5a30ad02431855f4e8bf986e5fee7810ee362a357a0daec754e95bcbc926aef28f0e277dfb17c70729eb5b60da01beb167d9080b20a
+  metadata.gz: fed068320e56b295729ee0faab82405f37c2e23ba71475eebf0db6202ac415f030f050b8d63a154daabb25a0bf35574839c28a90738af74321fdc13596223f05
+  data.tar.gz: f2172a6767322cd9a2b61be6001db63ad7e2ca7aea7e640a70e8b2e27036d2a704dcf75b3e980305a7c7e3c45c38b24e978fcc8d7463bf46d252f80c4cf414a8

data/app/controllers/ruby_native/iap/completions_controller.rb

@@ -0,0 +1,67 @@
+module RubyNative
+  module IAP
+    class CompletionsController < ::ActionController::Base
+      include Verifiable
+      include Decodable
+
+      skip_forgery_protection
+
+      def create
+        intent = PurchaseIntent.find_by!(uuid: params[:uuid])
+        return head :ok if intent.completed?
+
+        transaction = verify_transaction!(intent)
+
+        intent.update!(status: :completed, environment: transaction["environment"]&.downcase)
+
+        event = Event.new(
+          type: "subscription.created",
+          status: "active",
+          owner_token: intent.customer_id,
+          product_id: transaction["productId"],
+          original_transaction_id: transaction["originalTransactionId"],
+          transaction_id: transaction["transactionId"],
+          purchase_date: parse_timestamp(transaction["purchaseDate"]),
+          expires_date: parse_timestamp(transaction["expiresDate"]),
+          environment: transaction["environment"]&.downcase,
+          notification_uuid: SecureRandom.uuid,
+          success_path: intent.success_path
+        )
+
+        RubyNative.fire_subscription_callbacks(event)
+        head :ok
+      rescue ActiveRecord::RecordNotFound
+        head :not_found
+      rescue VerificationError, JWT::DecodeError => e
+        Rails.logger.warn "[RubyNative] Completion verification failed: #{e.message}"
+        head :unprocessable_entity
+      end
+
+      private
+
+      def verify_transaction!(intent)
+        signed_transaction = params[:signed_transaction]
+
+        if signed_transaction.present?
+          transaction = decode_and_verify_jws(signed_transaction)
+          if transaction["appAccountToken"] != intent.uuid
+            raise VerificationError, "appAccountToken does not match intent UUID"
+          end
+          transaction
+        elsif Rails.env.local?
+          # Allow unsigned completions for Xcode StoreKit testing in development.
+          {
+            "productId" => intent.product_id,
+            "originalTransactionId" => "xcode_#{intent.uuid}",
+            "transactionId" => "xcode_#{intent.uuid}",
+            "purchaseDate" => (Time.current.to_f * 1000).to_i,
+            "expiresDate" => (1.year.from_now.to_f * 1000).to_i,
+            "environment" => "Xcode"
+          }
+        else
+          raise VerificationError, "Missing signed_transaction"
+        end
+      end
+    end
+  end
+end

data/app/controllers/ruby_native/iap/purchases_controller.rb

@@ -0,0 +1,18 @@
+module RubyNative
+  module IAP
+    class PurchasesController < ::ActionController::Base
+      skip_forgery_protection
+
+      def create
+        intent = PurchaseIntent.create!(
+          customer_id: params[:customer_id],
+          product_id: params[:product_id],
+          success_path: params[:success_path],
+          environment: params[:environment] || "production"
+        )
+
+        render json: {uuid: intent.uuid, product_id: intent.product_id}
+      end
+    end
+  end
+end

data/app/controllers/ruby_native/iap/restores_controller.rb

@@ -0,0 +1,43 @@
+module RubyNative
+  module IAP
+    class RestoresController < ::ActionController::Base
+      include Verifiable
+      include Decodable
+
+      skip_forgery_protection
+
+      def create
+        customer_id = params[:customer_id]
+        return head :bad_request if customer_id.blank?
+
+        transactions = Array(params[:signed_transactions])
+        return head :bad_request if transactions.empty?
+
+        transactions.each do |signed_transaction|
+          transaction = decode_and_verify_jws(signed_transaction)
+
+          event = Event.new(
+            type: "subscription.created",
+            status: "active",
+            owner_token: customer_id,
+            product_id: transaction["productId"],
+            original_transaction_id: transaction["originalTransactionId"],
+            transaction_id: transaction["transactionId"],
+            purchase_date: parse_timestamp(transaction["purchaseDate"]),
+            expires_date: parse_timestamp(transaction["expiresDate"]),
+            environment: transaction["environment"]&.downcase,
+            notification_uuid: SecureRandom.uuid,
+            success_path: params[:success_path]
+          )
+
+          RubyNative.fire_subscription_callbacks(event)
+        end
+
+        head :ok
+      rescue VerificationError, JWT::DecodeError => e
+        Rails.logger.warn "[RubyNative] Restore verification failed: #{e.message}"
+        head :unprocessable_entity
+      end
+    end
+  end
+end

data/app/controllers/ruby_native/webhooks/apple_controller.rb

@@ -0,0 +1,30 @@
+module RubyNative
+  module Webhooks
+    class AppleController < ::ActionController::Base
+      skip_forgery_protection
+
+      def create
+        payload = JSON.parse(request.raw_post)
+        signed_payload = payload["signedPayload"]
+        return head :ok unless signed_payload
+
+        # TEST notifications from Apple have no transaction data to process.
+        decoded = JWT.decode(signed_payload, nil, false).first
+        return head :ok if decoded["notificationType"] == "TEST"
+
+        processor = RubyNative::IAP::AppleWebhookProcessor.new
+        processor.process(signed_payload)
+
+        head :ok
+      rescue JSON::ParserError
+        head :bad_request
+      rescue RubyNative::IAP::VerificationError, JWT::DecodeError => e
+        Rails.logger.error "[RubyNative] Apple webhook verification failed: #{e.message}"
+        head :unprocessable_entity
+      rescue => e
+        Rails.logger.error "[RubyNative] Apple webhook error: #{e.message}"
+        head :internal_server_error
+      end
+    end
+  end
+end

data/app/models/ruby_native/iap/purchase_intent.rb

@@ -0,0 +1,20 @@
+module RubyNative
+  module IAP
+    class PurchaseIntent < ::ActiveRecord::Base
+      self.table_name = "ruby_native_purchase_intents"
+
+      before_create :generate_uuid
+
+      enum :status, {pending: "pending", completed: "completed"}
+      enum :environment, {sandbox: "sandbox", production: "production", xcode: "xcode"}
+
+      validates :customer_id, presence: true
+
+      private
+
+      def generate_uuid
+        self.uuid ||= SecureRandom.uuid
+      end
+    end
+  end
+end

data/config/routes.rb

@@ -7,4 +7,12 @@ RubyNative::Engine.routes.draw do
     get "start/:provider", to: "start#show", as: :start
     resource :session, only: :show
   end
+  namespace :webhooks do
+    resource :apple, only: :create, controller: "apple"
+  end
+  namespace :iap do
+    resources :purchases, only: :create
+    post "completions/:uuid", to: "completions#create", as: :completion
+    resource :restore, only: :create
+  end
 end

data/lib/generators/ruby_native/iap_generator.rb

@@ -0,0 +1,38 @@
+require "rails/generators"
+require "rails/generators/migration"
+
+module RubyNative
+  module Generators
+    class IapGenerator < Rails::Generators::Base
+      include Rails::Generators::Migration
+
+      source_root File.expand_path("templates", __dir__)
+
+      def self.next_migration_number(dirname)
+        Time.now.utc.strftime("%Y%m%d%H%M%S")
+      end
+
+      def copy_migration
+        migration_template "create_ruby_native_purchase_intents.rb",
+          "db/migrate/create_ruby_native_purchase_intents.rb"
+      end
+
+      def print_next_steps
+        say ""
+        say "Ruby Native IAP installed!", :green
+        say ""
+        say "  1. Run migrations: bin/rails db:migrate"
+        say "  2. Add your callback in config/initializers/ruby_native.rb:"
+        say ""
+        say '     RubyNative.on_subscription_change do |event|'
+        say '       user = User.find_by(id: event.owner_token)'
+        say '       user&.update!(subscribed: event.active?)'
+        say '     end'
+        say ""
+        say "  3. Set your App Store Server Notification URL to:"
+        say "     https://yourapp.com/native/webhooks/apple"
+        say ""
+      end
+    end
+  end
+end

data/lib/generators/ruby_native/templates/create_ruby_native_purchase_intents.rb

@@ -0,0 +1,17 @@
+class CreateRubyNativePurchaseIntents < ActiveRecord::Migration[7.1]
+  def change
+    create_table :ruby_native_purchase_intents do |t|
+      t.string :uuid, null: false
+      t.string :customer_id, null: false
+      t.string :product_id
+      t.string :success_path
+      t.string :status, null: false, default: "pending"
+      t.string :environment
+
+      t.timestamps
+    end
+
+    add_index :ruby_native_purchase_intents, :uuid, unique: true
+    add_index :ruby_native_purchase_intents, :customer_id
+  end
+end

data/lib/ruby_native/engine.rb

@@ -2,6 +2,16 @@ module RubyNative
   class Engine < ::Rails::Engine
     isolate_namespace RubyNative
 
+    initializer "ruby_native.inflections", before: "ruby_native.helpers" do
+      ActiveSupport::Inflector.inflections(:en) do |inflect|
+        inflect.acronym "IAP"
+      end
+    end
+
+    initializer "ruby_native.filter_params" do |app|
+      app.config.filter_parameters += [:signedPayload]
+    end
+
     initializer "ruby_native.helpers" do
       ActiveSupport.on_load(:action_controller_base) do
         include RubyNative::NativeDetection

data/lib/ruby_native/iap/apple_webhook_processor.rb

@@ -0,0 +1,41 @@
+module RubyNative
+  module IAP
+    class AppleWebhookProcessor
+      include Verifiable
+      include Decodable
+      include Normalizable
+
+      def process(signed_payload)
+        notification = parse_notification(signed_payload)
+        intent = PurchaseIntent.find_by(uuid: notification.app_account_token)
+
+        event = build_event(notification, intent)
+
+        intent&.update!(status: :completed) if intent&.pending?
+
+        RubyNative.fire_subscription_callbacks(event)
+        event
+      end
+
+      private
+
+      def build_event(notification, intent)
+        type = normalized_type(notification)
+
+        Event.new(
+          type: type,
+          status: STATUS_MAPPING[type] || "active",
+          owner_token: intent&.customer_id,
+          product_id: notification.product_id,
+          original_transaction_id: notification.original_transaction_id,
+          transaction_id: notification.transaction_id,
+          purchase_date: notification.purchase_date,
+          expires_date: notification.expires_date,
+          environment: notification.environment,
+          notification_uuid: notification.notification_uuid,
+          success_path: intent&.success_path
+        )
+      end
+    end
+  end
+end

data/lib/ruby_native/iap/decodable.rb

@@ -0,0 +1,55 @@
+require "jwt"
+
+module RubyNative
+  module IAP
+    module Decodable
+      Notification = Data.define(
+        :notification_type,
+        :subtype,
+        :notification_uuid,
+        :bundle_id,
+        :app_account_token,
+        :product_id,
+        :original_transaction_id,
+        :transaction_id,
+        :purchase_date,
+        :expires_date,
+        :offer_type,
+        :environment
+      )
+
+      private
+
+      def parse_notification(signed_payload)
+        payload = decode_and_verify_jws(signed_payload)
+        transaction_info = decode_and_verify_jws(payload["data"]["signedTransactionInfo"])
+
+        Notification.new(
+          notification_type: payload["notificationType"],
+          subtype: payload["subtype"],
+          notification_uuid: payload["notificationUUID"],
+          bundle_id: payload["data"]["bundleId"],
+          app_account_token: transaction_info["appAccountToken"],
+          product_id: transaction_info["productId"],
+          original_transaction_id: transaction_info["originalTransactionId"],
+          transaction_id: transaction_info["transactionId"],
+          purchase_date: parse_timestamp(transaction_info["purchaseDate"]),
+          expires_date: parse_timestamp(transaction_info["expiresDate"]),
+          offer_type: transaction_info["offerType"],
+          environment: payload["data"]["environment"]&.downcase
+        )
+      end
+
+      def decode_and_verify_jws(jws)
+        JWT.decode(jws, nil, true, algorithm: "ES256") { |header|
+          verify_certificate_chain(header["x5c"])
+        }.first
+      end
+
+      def parse_timestamp(milliseconds)
+        return nil if milliseconds.nil?
+        Time.at(milliseconds / 1000.0).utc
+      end
+    end
+  end
+end

data/lib/ruby_native/iap/event.rb

@@ -0,0 +1,42 @@
+module RubyNative
+  module IAP
+    class Event
+      attr_reader :type, :status, :owner_token, :product_id,
+                  :original_transaction_id, :transaction_id,
+                  :purchase_date, :expires_date, :environment,
+                  :notification_uuid, :success_path
+
+      def initialize(type:, status:, owner_token:, product_id:, original_transaction_id:,
+                     transaction_id:, purchase_date:, expires_date:, environment:,
+                     notification_uuid:, success_path:)
+        @type = type
+        @status = status
+        @owner_token = owner_token
+        @product_id = product_id
+        @original_transaction_id = original_transaction_id
+        @transaction_id = transaction_id
+        @purchase_date = purchase_date
+        @expires_date = expires_date
+        @environment = environment
+        @notification_uuid = notification_uuid
+        @success_path = success_path
+      end
+
+      def active?
+        status == "active"
+      end
+
+      def expired?
+        status == "expired"
+      end
+
+      def created?
+        type == "subscription.created"
+      end
+
+      def canceled?
+        type == "subscription.canceled"
+      end
+    end
+  end
+end

data/lib/ruby_native/iap/normalizable.rb

@@ -0,0 +1,41 @@
+module RubyNative
+  module IAP
+    module Normalizable
+      TYPE_MAPPING = {
+        "SUBSCRIBED" => "subscription.created",
+        "DID_RENEW" => "subscription.updated",
+        "DID_CHANGE_RENEWAL_STATUS" => {
+          "AUTO_RENEW_DISABLED" => "subscription.canceled",
+          "AUTO_RENEW_ENABLED" => "subscription.updated"
+        },
+        "DID_CHANGE_RENEWAL_INFO" => {
+          "UPGRADE" => "subscription.updated",
+          "DOWNGRADE" => "subscription.updated"
+        },
+        "EXPIRED" => "subscription.expired",
+        "DID_FAIL_TO_RENEW" => "subscription.updated",
+        "GRACE_PERIOD_EXPIRED" => "subscription.expired",
+        "REFUND" => "subscription.expired"
+      }.freeze
+
+      STATUS_MAPPING = {
+        "subscription.created" => "active",
+        "subscription.updated" => "active",
+        "subscription.canceled" => "active",
+        "subscription.expired" => "expired"
+      }.freeze
+
+      private
+
+      def normalized_type(notification)
+        mapping = TYPE_MAPPING[notification.notification_type]
+
+        if mapping.is_a?(Hash)
+          mapping[notification.subtype] || "subscription.updated"
+        else
+          mapping || "subscription.updated"
+        end
+      end
+    end
+  end
+end

data/lib/ruby_native/iap/verifiable.rb

@@ -0,0 +1,37 @@
+module RubyNative
+  module IAP
+    class VerificationError < StandardError; end
+
+    module Verifiable
+      APPLE_ROOT_CERT_PATH = File.join(__dir__, "..", "certs", "AppleRootCA-G3.cer")
+
+      private
+
+      def verify_certificate_chain(x5c_certs)
+        raise VerificationError, "Missing x5c certificates" if x5c_certs.nil? || x5c_certs.empty?
+
+        certs = x5c_certs.map do |cert_base64|
+          OpenSSL::X509::Certificate.new(Base64.decode64(cert_base64))
+        end
+
+        unless certs.last.to_der == apple_root_certificate.to_der
+          raise VerificationError, "Root certificate does not match Apple's known root"
+        end
+
+        certs.each_cons(2) do |child, parent|
+          unless child.verify(parent.public_key)
+            raise VerificationError, "Certificate chain verification failed"
+          end
+        end
+
+        certs.first.public_key
+      end
+
+      def apple_root_certificate
+        @apple_root_certificate ||= OpenSSL::X509::Certificate.new(
+          File.read(APPLE_ROOT_CERT_PATH)
+        )
+      end
+    end
+  end
+end

data/lib/ruby_native/version.rb

@@ -1,3 +1,3 @@
 module RubyNative
-  VERSION = "0.5.0"
+  VERSION = "0.5.3"
 end

data/lib/ruby_native.rb

@@ -5,10 +5,24 @@ require "ruby_native/native_detection"
 require "ruby_native/inertia_support"
 require "ruby_native/oauth_middleware"
 require "ruby_native/tunnel_cookie_middleware"
+require "ruby_native/iap/event"
+require "ruby_native/iap/verifiable"
+require "ruby_native/iap/decodable"
+require "ruby_native/iap/normalizable"
+require "ruby_native/iap/apple_webhook_processor"
 require "ruby_native/engine"
 
 module RubyNative
   mattr_accessor :config
+  mattr_accessor :subscription_callbacks, default: []
+
+  def self.on_subscription_change(&block)
+    subscription_callbacks << block
+  end
+
+  def self.fire_subscription_callbacks(event)
+    subscription_callbacks.each { |cb| cb.call(event) }
+  end
 
   def self.load_config
     path = Rails.root.join("config", "ruby_native.yml")

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ruby_native
 version: !ruby/object:Gem::Version
-  version: 0.5.0
+  version: 0.5.3
 platform: ruby
 authors:
 - Joe Masilotti
@@ -37,6 +37,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
 description: Turn your existing Rails app into a native iOS and Android app with Ruby
   Native.
 email:
@@ -52,7 +66,11 @@ files:
 - app/controllers/ruby_native/auth/sessions_controller.rb
 - app/controllers/ruby_native/auth/start_controller.rb
 - app/controllers/ruby_native/config_controller.rb
+- app/controllers/ruby_native/iap/completions_controller.rb
+- app/controllers/ruby_native/iap/purchases_controller.rb
+- app/controllers/ruby_native/iap/restores_controller.rb
 - app/controllers/ruby_native/push/devices_controller.rb
+- app/controllers/ruby_native/webhooks/apple_controller.rb
 - app/javascript/ruby_native/back.js
 - app/javascript/ruby_native/bridge/badge_controller.js
 - app/javascript/ruby_native/bridge/button_controller.js
@@ -65,14 +83,18 @@ files:
 - app/javascript/ruby_native/bridge/tabs_controller.js
 - app/javascript/ruby_native/react.js
 - app/javascript/ruby_native/vue.js
+- app/models/ruby_native/iap/purchase_intent.rb
 - app/views/ruby_native/auth/start/show.html.erb
 - config/importmap.rb
 - config/routes.rb
 - exe/ruby_native
+- lib/generators/ruby_native/iap_generator.rb
 - lib/generators/ruby_native/install_generator.rb
 - lib/generators/ruby_native/templates/CLAUDE.md
+- lib/generators/ruby_native/templates/create_ruby_native_purchase_intents.rb
 - lib/generators/ruby_native/templates/ruby_native.yml
 - lib/ruby_native.rb
+- lib/ruby_native/certs/AppleRootCA-G3.cer
 - lib/ruby_native/cli.rb
 - lib/ruby_native/cli/credentials.rb
 - lib/ruby_native/cli/deploy.rb
@@ -81,6 +103,11 @@ files:
 - lib/ruby_native/cli/screenshots.rb
 - lib/ruby_native/engine.rb
 - lib/ruby_native/helper.rb
+- lib/ruby_native/iap/apple_webhook_processor.rb
+- lib/ruby_native/iap/decodable.rb
+- lib/ruby_native/iap/event.rb
+- lib/ruby_native/iap/normalizable.rb
+- lib/ruby_native/iap/verifiable.rb
 - lib/ruby_native/inertia_support.rb
 - lib/ruby_native/native_detection.rb
 - lib/ruby_native/native_version.rb