RubyGems - shopify-sinatra-app - Versions diffs - 0.8.0 → 1.0.0 - Mend

shopify-sinatra-app 0.8.0 → 1.0.0

Files changed (21) hide show

checksums.yaml +4 -4
data/.circleci/config.yml +15 -0
data/.github/dependabot.yml +14 -0
data/CHANGELOG +32 -0
data/README.md +13 -69
data/{test.sh → bin/ci.sh} +2 -2
data/example/Gemfile +3 -5
data/example/Rakefile +0 -18
data/example/config.ru +1 -5
data/example/db/schema.rb +5 -5
data/example/src/app.rb +4 -4
data/example/test/app_test.rb +6 -5
data/example/views/_flash_messages.erb +23 -9
data/example/views/_top_bar.erb +7 -4
data/example/views/home.erb +2 -0
data/example/views/layouts/application.erb +5 -3
data/example/views/{install.erb → login.erb} +10 -8
data/lib/sinatra/shopify-sinatra-app.rb +77 -99
data/shopify-sinatra-app.gemspec +6 -6
metadata +41 -29
data/.travis.yml +0 -13

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e65e3d915b446765b3c72cbe5e67cc296aca66b5833a494ba78c8dbe6fb1ad33
-  data.tar.gz: 22aabb580d8abf787149e05ae6f1c32d15015960ebbfa3be028b39242b4fe48c
+  metadata.gz: 46049e2afcd7dce3a1d3f115ba665a731d4fcb1b5344dcc9ff84649cfd30beda
+  data.tar.gz: 2ba425471b1cbb5e40f91178d646d8c0dd4da456321518a0772afb7ec4359058
 SHA512:
-  metadata.gz: cca5d08f7d50b3bb3a4772a0fa4a5bac1d51bb2354dc2b54c57828ecfb38f85ce0eab8cc9055446ff35ba8975753d73b10b6b4a1fd24776952358bfe64fb39c8
-  data.tar.gz: b21f1e83888d7f67856429d0c7f914cfd64a6b04c95a492443bd9c57495efb1c7bda651a94bd4e2db1cf4266f4a3c8befc70986bd093aa377db14d5073d7ace1
+  metadata.gz: c7223a2223ba1a71865bdbf05ef3d20585723da858cc99b2ac3872c13c29a3cb6db4e03502a8412f329393e6458e4d2c8038355abcd81247992bd44cf4ff8826
+  data.tar.gz: 81f547ba807a56f66802482746ff9a7d6d4ccacf7c9c5d3650491e3cabde7280fed22ce576b42a901f0ce5a57f36cef355108ac12f82223aeca33b9dc8ca1ac3

data/.circleci/config.yml ADDED Viewed

@@ -0,0 +1,15 @@
+version: 2.1
+orbs:
+  ruby: circleci/ruby@0.1.2
+jobs:
+  build:
+    docker:
+      - image: circleci/ruby:2.6.6
+    executor: ruby/default
+    steps:
+      - checkout
+      - ruby/bundle-install
+      - run:
+          name: Tests
+          command: ./bin/ci.sh

data/.github/dependabot.yml ADDED Viewed

@@ -0,0 +1,14 @@
+version: 2
+updates:
+- package-ecosystem: bundler
+  directory: "/"
+  schedule:
+    interval: daily
+    time: "09:00"
+    timezone: America/Toronto
+  open-pull-requests-limit: 3
+  ignore:
+  - dependency-name: omniauth
+    versions:
+    - 2.0.2
+    - 2.0.3

data/CHANGELOG CHANGED Viewed

@@ -1,3 +1,35 @@
+1.0.0
+-----
+* Update to omniauth 2.0.4 and add rack protection authenticity token
+  * All forms will need an authenticity_token param added like in the login view
+  * Refactored the provided routes to be simpler. Now only login and logout (no more install)
+  * shopify_webhook now defines the route because it needs to also configure ignoring csrf for the route
+  * refactored other internal methods to simplify and reduce surface area
+* Removed heroku rake tasks. They are out of date and don't encourage best practises
+0.12.0
+------
+* Update to use the Shopify AppBridge instead of the ESDK
+  * This change is mostly to generated files so you'll need to apply those updates
+    to your own versions.
+* shop_origin no longer includes protocol
+* return_to re-worked to function with the AppBridge
+0.11.0
+------
+* remove rack-flash3 use sinatra-flash instead
+* remove a duplicate config of sessions that was breaking the same_site fix
+* remove a runtime dependency that didn't end up being used for the same_site fix but was added anyways
+* update ruby and rake versions
+0.10.0
+------
+* Add the api_version to settings and update to 2019-07
+0.9.0
+-----
+* set secure and and same_site options on the session cookie. Fixes auth with the upcoming chrome 80 release
 0.8.0
 -----
 * Shopify updated the way sessions are created: https://github.com/Shopify/shopify_api/blob/master/README.md#-breaking-change-notice-for-version-700-, updating code to reflect these changes.

data/README.md CHANGED Viewed

@@ -58,7 +58,10 @@ This will create a new skeleton shopify-sinatra-app. The generator will create s
 ### Setting the app to use your Shopify API credentials
-You'll need to create a Shopify Partner Account and a new application. You can make an account [here](http://www.shopify.ca/partners) and see this [tutorial](http://docs.shopify.com/api/the-basics/getting-started) for creating a new application. This app uses the default redirect_uri from omniauth `<your domain>/auth/shopify/callback` so set it accordingly when creating your app.
+You'll need to create a Shopify Partner Account and a new application. You can make an account [here](http://www.shopify.ca/partners) and see this [tutorial](http://docs.shopify.com/api/the-basics/getting-started) for creating a new application. The requires 2 redirects configured:
+  * the default redirect_uri from omniauth `<your domain>/auth/shopify/callback`
+  * and `<your domain>/login`
 Note - The shopify-sinatra-app creates an embedded app! You need change the embedded setting to `enabled` in the [Shopify Partner area](https://app.shopify.com/services/partners/api_clients) for your app. If you don't want your app to be embedded then remove the related code in `layout/application.erb` and delete the `layout/_top_bar.erb` file and the references to it in the other views.
@@ -87,13 +90,11 @@ get '/products.json' do
 end
 ```
-**shopify_webhook** - This method is for an endpoint that receives a webhook from Shopify. Webhooks are a great way to keep your app in sync with a shop's data without polling. You can read more about webhooks [here](http://docs.shopify.com/api/tutorials/using-webhooks). This method also takes a block and yields the `shop_name` and `webhook_body` as a hash (note only works for json webhooks, don't use xml). Here is an example that listens to an order creation webhook:
+**shopify_webhook** - This method defines a `post` endpoint that receives a webhook from Shopify. Webhooks are a great way to keep your app in sync with a shop's data without polling. You can read more about webhooks [here](http://docs.shopify.com/api/tutorials/using-webhooks). This method also takes a block and yields the `shop_name` and `webhook_body` as a hash (note only works for json webhooks, don't use xml). Here is an example that listens to an order creation webhook:
 ```ruby
-post '/order.json' do
-  shopify_webhook do |shop_name, webhook_data|
-    # do something with the data
-  end
+shopify_webhook('/order.json') do |shop_name, webhook_data|
+  # do something with the data
 end
 ```
@@ -107,14 +108,11 @@ ShopifyAPI::Base.activate_session(api_session)
 It's impossible to control the flow of webhooks to your app from Shopify especially if a larger store installs your app or if a shop has a flash sale. To prevent your app from getting overloaded with webhook requests it is best practise to process webhooks in a background queue and return a `200` to Shopify immediately. Ruby has several good background job frameworks that work with Sinatra including [Sidekiq](https://github.com/mperham/sidekiq) and [Resque](https://github.com/resque/resque).
 **after_shopify_auth** - This is a private method provided with the framework that gets called whenever the app is authorized. You should fill this method in with anything you need to initialize, for example webhooks and services on Shopify or any other database models you have created specific to a shop. Note that this method will be called anytime the auth flow is completed so this method should be idempotent (running it twice has the same effect as running it once).
-**logout** - This method clears the current session
 shopify-sinatra-app includes sinatra/activerecord for creating models that can be persisted in the database. You might want to read more about sinatra/activerecord and the methods it makes available to you: [https://github.com/janko-m/sinatra-activerecord](https://github.com/janko-m/sinatra-activerecord)
-shopify-sinatra-app also includes `rack-flash3` and the flash messages are forwarded to the Shopify Embedded App SDK (see the code in `views/layouts/application.erb`). Flash messages are useful for signalling to your users that a request was successful without changing the page. The following is an example of how to use a flash message in a route:
+shopify-sinatra-app also includes `sinatra-flash` and the flash messages are forwarded to the Shopify Embedded App SDK (see the code in `views/layouts/application.erb`). Flash messages are useful for signalling to your users that a request was successful without changing the page. The following is an example of how to use a flash message in a route:
 ```ruby
 post '/flash_message' do
@@ -128,17 +126,17 @@ note - a flash must be followed by a redirect or it won't work!
 Developing
 ----------
-The embedded app sdk won't load non https content so you'll need to use a forwarding service like [ngrok](https://ngrok.com/) or [forwardhq](https://forwardhq.com/). Set your application url in the [Shopify Partner area](https://app.shopify.com/services/partners/api_clients) to your forwarded url. However The redirect_uri should still be `http://localhost:4567/auth/shopify/callback` which will allow you to install your app on a live shop while running it locally.
+The embedded app sdk won't load non https content so you'll need to use a real domain or a forwarding service like [ngrok](https://ngrok.com/). Set your application url in the [Shopify Partner area](https://app.shopify.com/services/partners/api_clients) to your forwarded url and set the redirect_uri to your forwarded url + `/auth/shopify/callback` which will allow you to install your app on a live shop while running it locally.
-To run the app locally we use `foreman` which comes with the [Heroku Toolbelt](https://devcenter.heroku.com/articles/quickstart). Foreman handles running our application and setting our credentials as environment variables. To run the application type:
+To run the app locally we use [overmind](https://github.com/DarthSim/overmind) a tool for running multiple process and setting our credentials as environment variables. To run the application run:
 ```
-PORT=4567 foreman run web
+overmind start
 ```
-Note - we use `foreman run ...` not `foreman start ...` because we only want to start the single process that is our app. This means if you add a debugger in your app it will trigger properly in the command line when the debugger is hit. If you don't have any debuggers feel free to use `foreman start -p 4567`.
+To connect to a single process to use a debugger/break point use `overmind connect <process>`
-To debug your app simply add `require 'byebug'` at the top and then type `byebug` where you would like to drop into an interactive session. You may also want to try out [Pry](http://pryrepl.org/).
+To debug your app add `require 'byebug'` at the top and then add `byebug` to your code where you would like to drop into an interactive session. You may also want to try out [Pry](http://pryrepl.org/).
 If you are testing webhooks locally make sure they also go through the forwarded url and not `localhost`.
@@ -158,60 +156,6 @@ bundle exec rake test
 Checkout the contents of the `app_test.rb` file and the `test_helper.rb` and modify them as you add functionality to your app. You can also check the tests of other apps using this framework to see more about how to write tests for your own app.
-Deploying
----------
-This template was created with deploying to Heroku in mind. Heroku is a cloud based app hosting provider that makes it easy to get an application into a product environment.
-Before you can get started with Heroku you need to create a git repo for you application:
-```
-git init
-git add .
-git commit -m "initial commit"
-```
-Now you can create a new heroku application. Download the [Heroku Toolbelt](https://devcenter.heroku.com/articles/quickstart) and run the following command to create a new application:
-```
-heroku apps:create <your new app name>
-```
-You will also need to add the following (free) add-ons to your new Heroku app:
-```
-heroku addons:add heroku-postgresql
-```
-Now we can deploy the new application to Heroku. Deploying to Heroku is as simple as pushing the code using git:
-```
-git push heroku master
-```
-A `rake deploy2heroku` command is included in the generated Rakefile which does just this.
-Now that our application is deployed we need to run `rake db:migrate` to initialize our database on Heroku. To do this run:
-```
-heroku run rake db:migrate
-```
-We also need to set our environment variables on Heroku. The environment variables are stored in `.env` and are not tracked by git. This is to protect your credentials in the case of a source control breach. Heroku provides a command to set environment variables: `heroku config:set VAR=foo`. In the generated Rakefile there is a helper method that will properly set all the variables in your `.env` file:
-```
-rake creds2heroku
-```
-and make sure you have at least 1 dyno for web:
-```
-heroku scale web=1
-```
-Make sure you set your shopify apps url to your Heroku app url (and make sure to use the `https` version or else the Embedded App SDK won't work) in the Shopify Partner area https://app.shopify.com/services/partners/api_clients.
 Apps using this framework
 -------------------------

data/{test.sh → bin/ci.sh} RENAMED Viewed

@@ -1,10 +1,10 @@
 #!/bin/bash
+set -e
 cd example
 bundle install
 bundle exec rake db:migrate
 bundle exec rake test:prepare
 bundle exec rake test
-cd ../../..

data/example/Gemfile CHANGED Viewed

@@ -1,9 +1,9 @@
 source 'https://rubygems.org'
-ruby '2.5.3'
+ruby '2.6.6'
 gem 'shopify-sinatra-app', path: '../'
 gem 'sinatra-activerecord'
-gem 'rack-flash3', require: 'rack-flash'
+gem 'sinatra-flash'
 group :production do
   gem 'pg'
@@ -15,9 +15,7 @@ group :development, :test do
 end
 group :development do
-  gem 'rake'
-  gem 'foreman'
-  gem 'dotenv'
+  gem 'rake', '>= 12.3.3'
 end
 group :test do

data/example/Rakefile CHANGED Viewed

@@ -2,24 +2,6 @@ require 'sinatra/activerecord/rake'
 require 'rake/testtask'
 require './src/app'
-task :creds2heroku do
-  Bundler.with_clean_env do
-    File.readlines('.env').each do |var|
-      pipe = IO.popen("heroku config:set #{var}")
-      while (line = pipe.gets)
-        print line
-      end
-    end
-  end
-end
-task :deploy2heroku do
-  pipe = IO.popen('git push heroku master --force')
-  while (line = pipe.gets)
-    print line
-  end
-end
 namespace :test do
   task :prepare do
     `RACK_ENV=test rake db:create`

data/example/config.ru CHANGED Viewed

@@ -1,7 +1,3 @@
-if Gem::Specification.find_all_by_name('dotenv').any?
-  require 'dotenv'
-  Dotenv.load
-end
 require './src/app'
+SinatraApp.set :bind, '0.0.0.0'
 SinatraApp.run!

data/example/db/schema.rb CHANGED Viewed

@@ -2,11 +2,11 @@
 # of editing this file, please use the migrations feature of Active Record to
 # incrementally modify your database, and then regenerate this schema definition.
 #
-# Note that this schema.rb definition is the authoritative source for your
-# database schema. If you need to create the application database on another
-# system, you should be using db:schema:load, not running all the migrations
-# from scratch. The latter is a flawed and unsustainable approach (the more migrations
-# you'll amass, the slower it'll run and the greater likelihood for issues).
+# This file is the source Rails uses to define your schema when running `bin/rails
+# db:schema:load`. When creating a new database, `bin/rails db:schema:load` tends to
+# be faster and is potentially less error prone than running all of your
+# migrations from scratch. Old migrations may fail to apply correctly if those
+# migrations use external dependencies or application code.
 #
 # It's strongly recommended that you check this file into your version control system.

data/example/src/app.rb CHANGED Viewed

@@ -1,7 +1,9 @@
 require 'sinatra/shopify-sinatra-app'
+require 'sinatra/flash'
 class SinatraApp < Sinatra::Base
   register Sinatra::Shopify
+  register Sinatra::Flash
   # set the scope that your app needs, read more here:
   # http://docs.shopify.com/api/tutorials/oauth
@@ -21,10 +23,8 @@ class SinatraApp < Sinatra::Base
   # this endpoint recieves the uninstall webhook
   # and cleans up data, add to this endpoint as your app
   # stores more data.
-  post '/uninstall' do
-    shopify_webhook do |shop_name, params|
-      Shop.find_by(name: shop_name).destroy
-    end
+  shopify_webhook '/uninstall' do |shop_name, params|
+    Shop.find_by(name: shop_name).destroy
   end
   private

data/example/test/app_test.rb CHANGED Viewed

@@ -23,8 +23,9 @@ class AppTest < Minitest::Test
   def test_root_with_session
     set_session
-    fake 'https://testshop.myshopify.com/admin/shop.json', body: {myshopify_domain: @shop_name}.to_json
-    fake 'https://testshop.myshopify.com/admin/products.json?limit=10', body: '{}'
+    api_url = "https://testshop.myshopify.com/admin/api/#{app.settings.api_version}"
+    fake "#{api_url}/shop.json", body: {myshopify_domain: @shop_name}.to_json
+    fake "#{api_url}/products.json?limit=10", body: '{}'
     get '/'
     assert last_response.ok?
   end
@@ -41,18 +42,18 @@ class AppTest < Minitest::Test
   def test_root_without_session_redirects_to_install
     get '/'
     assert_equal 302, last_response.status
-    assert_equal 'http://example.org/install', last_response.location
+    assert_equal 'http://example.org/login', last_response.location
   end
   def test_root_with_shop_redirects_to_auth
     get '/?shop=othertestshop.myshopify.com'
-    assert_match '/auth/shopify?shop=othertestshop.myshopify.com', last_response.body
+    assert_equal 'http://example.org/login?shop=othertestshop.myshopify.com', last_response.location
   end
   def test_root_with_session_and_new_shop_redirects_to_auth
     set_session
     get '/?shop=othertestshop.myshopify.com'
-    assert_match '/auth/shopify?shop=othertestshop.myshopify.com', last_response.body
+    assert_equal 'http://example.org/login?shop=othertestshop.myshopify.com', last_response.location
   end
   def test_root_rescues_UnauthorizedAccess_clears_session_and_redirects

data/example/views/_flash_messages.erb CHANGED Viewed

@@ -1,11 +1,25 @@
 <script type="text/javascript">
-  ShopifyApp.ready(function(){
-    <% if flash[:notice] %>
-      ShopifyApp.flashNotice("<%= flash[:notice] %>");
-    <% end %>
-    <% if flash[:error] %>
-      ShopifyApp.flashError("<%= flash[:error] %>");
-    <% end %>
-  });
+  var AppBridge = window['app-bridge'];
+  var actions = AppBridge.actions;
+  var Toast = actions.Toast;
+  <% if flash[:notice] %>
+    var notice = Toast.create(app, {
+      message: "<%= flash[:notice] %>",
+      duration: 5000
+    });
+    notice.dispatch(Toast.Action.SHOW);
+  <% end %>
+  <% if flash[:error] %>
+    var notice = Toast.create(app, {
+      message: "<%= flash[:error] %>",
+      duration: 5000,
+      isError: true,
+    });
+    notice.dispatch(Toast.Action.SHOW);
+  <% end %>
 </script>

data/example/views/_top_bar.erb CHANGED Viewed

@@ -1,7 +1,10 @@
 <script type="text/javascript">
-  ShopifyApp.ready(function(){
-    ShopifyApp.Bar.initialize({
-      icon: '<%= "#{base_url}/icon.png" %>'
-    });
+  var AppBridge = window['app-bridge'];
+  var actions = AppBridge.actions;
+  var TitleBar = actions.TitleBar;
+  var titleBar = TitleBar.create(app, {
+    icon: '<%= "#{base_url}/icon.png" %>'
   });
 </script>

data/example/views/home.erb CHANGED Viewed

@@ -7,3 +7,5 @@
     <li><a href=<%="https://#{@shop.myshopify_domain}/admin/products/#{product.id}"%> target="_blank"> <%= product.id %> </a></li>
   <% end %>
 </ul>
+<a href="/logout">Logout</a>

data/example/views/layouts/application.erb CHANGED Viewed

@@ -1,12 +1,14 @@
 <!DOCTYPE html>
 <html lang="en">
 <head>
-  <script src="https://cdn.shopify.com/s/assets/external/app.js"></script>
+  <script src="https://unpkg.com/@shopify/app-bridge"></script>
   <script type="text/javascript">
-    ShopifyApp.init({
+    var AppBridge = window['app-bridge'];
+    var createApp = AppBridge.default;
+    var app = createApp({
       apiKey: "<%= SinatraApp.settings.api_key %>",
       shopOrigin: "<%= shop_origin %>",
-      debug: true
     });
   </script>
   <link href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" rel="stylesheet" integrity="sha256-7s5uDGW3AHqw6xtJmNNtr+OBRJUlgkNJEo78P4b0yRw= sha512-nNo+yCHEyn0smMxSswnf/OnX6/KwJuZTlNZBjauKhTK0c+zT+q5JOCx0UFhXQ6rJR9jg6Es8gPuD2uZcYDLqSw==" crossorigin="anonymous">

data/example/views/{install.erb → login.erb} RENAMED Viewed

@@ -28,13 +28,15 @@
   <div style="margin-top: 30px"></div>
   <div class="container">
-    <form role="form" class="form-large" action="/login" method="post">
-        <div class="input-group form-wide">
-          <input class="form-control" type="url" name="shop" placeholder="Shop URL">
-          <span class="input-group-btn">
-            <input class="btn" type="submit" value="Install App" />
-          </span>
-        </div>
+    <form id="login" role="form" class="form-large" action="/auth/shopify" method="post">
+      <input type="hidden" name="authenticity_token" value="<%= env['rack.session'][:csrf] %>" />
+      <div class="input-group form-wide">
+        <input class="form-control" name="shop" value="<%= params['shop'] %>" placeholder="your-shop-url.myshopify.com">
+        <span class="input-group-btn">
+          <input class="btn" type="submit" value="Login" />
+        </span>
+      </div>
     </form>
   </div>
-</body>
+ </body>

data/lib/sinatra/shopify-sinatra-app.rb CHANGED Viewed

@@ -1,7 +1,6 @@
 require 'sinatra/base'
 require 'sinatra/activerecord'
-require 'rack-flash'
 require 'attr_encrypted'
 require 'active_support/all'
@@ -12,18 +11,13 @@ module Sinatra
   module Shopify
     module Methods
-      # designed to be overriden
+      # designed to be overridden
       def after_shopify_auth
       end
-      def logout
-        session.delete(:shopify)
-        session.clear
-      end
-      # for the esdk initializer
+      # for the app bridge initializer
       def shop_origin
-        "https://#{session[:shopify][:shop]}"
+        "#{session[:shopify][:shop]}"
       end
       def shopify_session(&blk)
@@ -32,35 +26,42 @@ module Sinatra
         if no_session?
           authenticate(return_to, return_params)
         elsif different_shop?
-          logout
+          clear_session
           authenticate(return_to, return_params)
         else
           shop_name = session[:shopify][:shop]
           token = session[:shopify][:token]
           activate_shopify_api(shop_name, token)
           yield shop_name
         end
       rescue ActiveResource::UnauthorizedAccess
-        clear_session shop_name
-        redirect request.path
-      end
+        clear_session
-      def shopify_webhook(&blk)
-        return unless verify_shopify_webhook
-        shop_name = request.env['HTTP_X_SHOPIFY_SHOP_DOMAIN']
-        webhook_body = ActiveSupport::JSON.decode(request.body.read.to_s)
-        yield shop_name, webhook_body
-        status 200
+        shop = Shop.find_by(name: shop_name)
+        shop.token = nil
+        shop.save
+        redirect request.path
       end
       private
-      def request_protocol
-        request.secure? ? 'https' : 'http'
+      def authenticate(return_to = '/', return_params = nil)
+        session[:return_params] = return_params if return_params
+        if shop_name = sanitized_shop_param(params)
+          redirect "/login?shop=#{shop_name}"
+        else
+          redirect '/login'
+        end
       end
       def base_url
+        request_protocol = request.secure? ? 'https' : 'http'
         "#{request_protocol}://#{request.env['HTTP_HOST']}"
       end
@@ -69,66 +70,28 @@ module Sinatra
       end
       def different_shop?
-        params[:shop].present? && session[:shopify][:shop] != sanitize_shop_param(params)
+        params[:shop].present? && session[:shopify][:shop] != sanitized_shop_param(params)
       end
-      def authenticate(return_to = '/', return_params = nil)
-        if shop_name = sanitized_shop_name
-          session[:return_params] = return_params if return_params
-          redirect_url = "/auth/shopify?shop=#{shop_name}&return_to=#{base_url}#{return_to}"
-          redirect_javascript redirect_url
-        else
-          redirect '/install'
-        end
+      def clear_session
+        session.delete(:shopify)
+        session.clear
       end
       def activate_shopify_api(shop_name, token)
-        api_session = ShopifyAPI::Session.new(domain: shop_name, token: token, api_version: '2019-04')
+        api_session = ShopifyAPI::Session.new(domain: shop_name, token: token, api_version: settings.api_version)
         ShopifyAPI::Base.activate_session(api_session)
       end
-      def clear_session(shop_name)
-        logout
-        shop = Shop.find_by(name: shop_name)
-        shop.token = nil
-        shop.save
-      end
-      def redirect_javascript(url)
-        erb %(
-          <!DOCTYPE html>
-          <html lang="en">
-          <head>
-            <meta charset="utf-8" />
-            <base target="_top">
-            <title>Redirecting…</title>
-            <script type='text/javascript'>
-              // If the current window is the 'parent', change the URL by setting location.href
-              if (window.top == window.self) {
-                window.top.location.href = #{url.to_json};
-              // If the current window is the 'child', change the parent's URL with postMessage
-              } else {
-                message = JSON.stringify({
-                  message: 'Shopify.API.remoteRedirect',
-                  data: { location: window.location.origin + #{url.to_json} }
-                });
-                window.parent.postMessage(message, 'https://#{sanitized_shop_name}');
-              }
-            </script>
-          </head>
-          <body>
-          </body>
-        </html>
-        ), layout: false
-      end
-      def sanitized_shop_name
-        @sanitized_shop_name ||= sanitize_shop_param(params)
+      def receive_webhook(&blk)
+        return unless verify_shopify_webhook
+        shop_name = request.env['HTTP_X_SHOPIFY_SHOP_DOMAIN']
+        webhook_body = ActiveSupport::JSON.decode(request.body.read.to_s)
+        yield shop_name, webhook_body
+        status 200
       end
-      def sanitize_shop_param(params)
+      def sanitized_shop_param(params)
         return unless params[:shop].present?
         name = params[:shop].to_s.strip
         name += '.myshopify.com' if !name.include?('myshopify.com') && !name.include?('.')
@@ -148,50 +111,73 @@ module Sinatra
         if calculated_hmac == request.env['HTTP_X_SHOPIFY_HMAC_SHA256']
           true
         else
-          puts 'Shopify Webhook verifictation failed!'
+          puts 'Shopify Webhook verification failed!'
           false
         end
       end
     end
+    def shopify_webhook(route, &blk)
+      settings.webhook_routes << route
+      post(route) do
+        receive_webhook(&blk)
+      end
+    end
     def self.registered(app)
       app.helpers Shopify::Methods
       app.register Sinatra::ActiveRecordExtension
       app.set :database_file, File.expand_path('config/database.yml')
+      app.set :erb, layout: :'layouts/application'
       app.set :views, File.expand_path('views')
       app.set :public_folder, File.expand_path('public')
-      app.set :erb, layout: :'layouts/application'
-      app.set :protection, except: :frame_options
-      app.enable :sessions
       app.enable :inline_templates
+      app.set :protection, except: :frame_options
+      app.set :api_version, '2019-07'
       app.set :scope, 'read_products, read_orders'
       app.set :api_key, ENV['SHOPIFY_API_KEY']
       app.set :shared_secret, ENV['SHOPIFY_SHARED_SECRET']
       app.set :secret, ENV['SECRET']
-      app.use Rack::Flash, sweep: true
+      # csrf needs to be disabled for webhook routes
+      app.set :webhook_routes, ['/uninstall']
+      # add support for put/patch/delete
       app.use Rack::MethodOverride
       app.use Rack::Session::Cookie, key: 'rack.session',
                                      path: '/',
+                                     secure: true,
+                                     same_site: 'None',
                                      secret: app.settings.secret,
                                      expire_after: 60 * 30 # half an hour in seconds
+      app.use Rack::Protection::AuthenticityToken, allow_if: lambda { |env|
+        app.settings.webhook_routes.include?(env["PATH_INFO"])
+      }
+      OmniAuth.config.allowed_request_methods = [:post]
       app.use OmniAuth::Builder do
         provider :shopify,
-                 app.settings.api_key,
-                 app.settings.shared_secret,
+          app.settings.api_key,
+          app.settings.shared_secret,
+          scope: app.settings.scope,
+          setup: lambda { |env|
+            shop = if env['REQUEST_METHOD'] == 'POST'
+              env['rack.request.form_hash']['shop']
+            else
+              Rack::Utils.parse_query(env['QUERY_STRING'])['shop']
+            end
-                 scope: app.settings.scope,
-                 setup: lambda { |env|
-                   params = Rack::Utils.parse_query(env['QUERY_STRING'])
-                   site_url = "https://#{params['shop']}"
-                   env['omniauth.strategy'].options[:client_options][:site] = site_url
-                 }
+            site_url = "https://#{shop}"
+            env['omniauth.strategy'].options[:client_options][:site] = site_url
+          }
       end
       ShopifyAPI::Session.setup(
@@ -199,21 +185,13 @@ module Sinatra
         secret: app.settings.shared_secret
       )
-      app.get '/install' do
-        if params[:shop].present?
-          authenticate
-        else
-          erb :install, layout: false
-        end
-      end
-      app.post '/login' do
-        authenticate
+      app.get '/login' do
+        erb :login, layout: false
       end
       app.get '/logout' do
-        logout
-        redirect '/install'
+        clear_session
+        redirect '/login'
       end
       app.get '/auth/shopify/callback' do
@@ -231,10 +209,10 @@ module Sinatra
         after_shopify_auth()
-        return_to = env['omniauth.params']['return_to']
         return_params = session[:return_params]
         session.delete(:return_params)
+        return_to = '/'
         return_to += "?#{return_params.to_query}" if return_params.present?
         redirect return_to

data/shopify-sinatra-app.gemspec CHANGED Viewed

@@ -1,6 +1,6 @@
 Gem::Specification.new do |s|
   s.name = 'shopify-sinatra-app'
-  s.version = '0.8.0'
+  s.version = '1.0.0'
   s.summary     = 'A classy shopify app'
   s.description = 'A Sinatra extension for building Shopify Apps. Akin to the shopify_app gem but for Sinatra'
@@ -13,16 +13,16 @@ Gem::Specification.new do |s|
   s.files = `git ls-files`.split("\n")
   s.executables << 'shopify-sinatra-app-generator'
-  s.add_runtime_dependency 'sinatra', '~> 2.0.2'
+  s.add_runtime_dependency 'sinatra', '>= 2.0.2', '< 2.2.0'
   s.add_runtime_dependency 'sinatra-activerecord', '~> 2.0.9'
-  s.add_runtime_dependency 'rack-flash3', '~> 1.0.5'
   s.add_runtime_dependency 'activesupport'
   s.add_runtime_dependency 'attr_encrypted', '~> 3.1.0'
-  s.add_runtime_dependency 'shopify_api', '~> 7.0.1'
-  s.add_runtime_dependency 'omniauth-shopify-oauth2'
+  s.add_runtime_dependency 'shopify_api', '>= 7.0.1', '< 9.4.0'
+  s.add_runtime_dependency 'omniauth-shopify-oauth2', '>= 2.3.2'
+  s.add_runtime_dependency 'omniauth', '>= 2.0.4'
-  s.add_development_dependency 'rake'
+  s.add_development_dependency 'rake', '>= 12.3.3'
   s.add_development_dependency 'sqlite3'
   s.add_development_dependency 'minitest'
   s.add_development_dependency 'rack-test'

metadata CHANGED Viewed

@@ -1,29 +1,35 @@
 --- !ruby/object:Gem::Specification
 name: shopify-sinatra-app
 version: !ruby/object:Gem::Version
-  version: 0.8.0
+  version: 1.0.0
 platform: ruby
 authors:
 - Kevin Hughes
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-04-26 00:00:00.000000000 Z
+date: 2021-06-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: sinatra
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: 2.0.2
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 2.2.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: 2.0.2
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 2.2.0
 - !ruby/object:Gem::Dependency
   name: sinatra-activerecord
   requirement: !ruby/object:Gem::Requirement
@@ -38,20 +44,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 2.0.9
-- !ruby/object:Gem::Dependency
-  name: rack-flash3
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 1.0.5
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 1.0.5
 - !ruby/object:Gem::Dependency
   name: activesupport
   requirement: !ruby/object:Gem::Requirement
@@ -84,44 +76,64 @@ dependencies:
   name: shopify_api
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: 7.0.1
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 9.4.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: 7.0.1
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 9.4.0
 - !ruby/object:Gem::Dependency
   name: omniauth-shopify-oauth2
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 2.3.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 2.3.2
+- !ruby/object:Gem::Dependency
+  name: omniauth
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.0.4
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.0.4
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 12.3.3
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 12.3.3
 - !ruby/object:Gem::Dependency
   name: sqlite3
   requirement: !ruby/object:Gem::Requirement
@@ -200,12 +212,14 @@ executables:
 extensions: []
 extra_rdoc_files: []
 files:
+- ".circleci/config.yml"
+- ".github/dependabot.yml"
 - ".gitignore"
-- ".travis.yml"
 - CHANGELOG
 - Gemfile
 - LICENSE
 - README.md
+- bin/ci.sh
 - bin/shopify-sinatra-app-generator
 - example/.gitignore
 - example/Gemfile
@@ -226,11 +240,10 @@ files:
 - example/views/_flash_messages.erb
 - example/views/_top_bar.erb
 - example/views/home.erb
-- example/views/install.erb
 - example/views/layouts/application.erb
+- example/views/login.erb
 - lib/sinatra/shopify-sinatra-app.rb
 - shopify-sinatra-app.gemspec
-- test.sh
 homepage: https://github.com/kevinhughes27/shopify-sinatra-app/
 licenses:
 - MIT
@@ -250,8 +263,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project:
-rubygems_version: 2.7.6
+rubygems_version: 3.0.3
 signing_key:
 specification_version: 4
 summary: A classy shopify app

data/.travis.yml DELETED Viewed

@@ -1,13 +0,0 @@
-language: ruby
-rvm:
-  - 2.5.3
-gemfile: example/Gemfile
-script: "./test.sh"
-notifications:
-  email:
-    on_success: never
-    on_failure: never