shopify_api 1.2.5 → 2.0.0

data/lib/shopify_api/resources/event.rb

@@ -0,0 +1,10 @@
+module ShopifyAPI
+  class Event < Base
+    self.prefix = "/admin/:resource/:resource_id/"
+    
+    # Hack to allow both Shop and other Events in through the same AR class
+    def self.prefix(options={})
+      options[:resource].nil? ? "/admin/" : "/admin/#{options[:resource]}/#{options[:resource_id]}/"
+    end
+  end
+end

data/lib/shopify_api/resources/fulfillment.rb

@@ -0,0 +1,5 @@
+module ShopifyAPI
+  class Fulfillment < Base
+    self.prefix = "/admin/orders/:order_id/"
+  end
+end

data/lib/shopify_api/resources/image.rb

@@ -0,0 +1,16 @@
+module ShopifyAPI
+  class Image < Base
+    self.prefix = "/admin/products/:product_id/"
+    
+    # generate a method for each possible image variant
+    [:pico, :icon, :thumb, :small, :compact, :medium, :large, :grande, :original].each do |m|
+      reg_exp_match = "/\\1_#{m}.\\2"
+      define_method(m) { src.gsub(/\/(.*)\.(\w{2,4})/, reg_exp_match) }
+    end
+    
+    def attach_image(data, filename = nil)
+      attributes['attachment'] = Base64.encode64(data)
+      attributes['filename'] = filename unless filename.nil?
+    end
+  end
+end

data/lib/shopify_api/resources/line_item.rb

@@ -0,0 +1,4 @@
+module ShopifyAPI
+  class LineItem < Base 
+  end
+end

data/lib/shopify_api/resources/metafield.rb

@@ -0,0 +1,15 @@
+module ShopifyAPI
+  class Metafield < Base
+    self.prefix = "/admin/:resource/:resource_id/"
+    
+    # Hack to allow both Shop and other Metafields in through the same AR class
+    def self.prefix(options={})
+      options[:resource].nil? ? "/admin/" : "/admin/#{options[:resource]}/#{options[:resource_id]}/"
+    end
+            
+    def value
+      return if attributes["value"].nil?
+      attributes["value_type"] == "integer" ? attributes["value"].to_i : attributes["value"]
+    end
+  end
+end

data/lib/shopify_api/resources/note_attribute.rb

@@ -0,0 +1,4 @@
+module ShopifyAPI
+  class NoteAttribute < Base
+  end
+end

data/lib/shopify_api/resources/option.rb

@@ -0,0 +1,4 @@
+module ShopifyAPI
+  class Option < Base
+  end
+end

data/lib/shopify_api/resources/order.rb

@@ -0,0 +1,25 @@
+module ShopifyAPI
+  class Order < Base
+    include Events
+    include Metafields
+
+    def close;  load_attributes_from_response(post(:close, {}, only_id)); end
+    def open;   load_attributes_from_response(post(:open, {}, only_id)); end
+
+    def cancel(options = {})
+      load_attributes_from_response(post(:cancel, options, only_id))
+    end
+
+    def transactions
+      Transaction.find(:all, :params => { :order_id => id })
+    end
+
+    def capture(amount = "")
+      Transaction.create(:amount => amount, :kind => "capture", :order_id => id)
+    end
+
+    def only_id
+      encode(:only => :id, :include => [], :methods => [], :fields => [])
+    end
+  end
+end

data/lib/shopify_api/resources/page.rb

@@ -0,0 +1,6 @@
+module ShopifyAPI
+  class Page < Base
+    include Events
+    include Metafields
+  end
+end

data/lib/shopify_api/resources/payment_details.rb

@@ -0,0 +1,4 @@
+module ShopifyAPI
+  class PaymentDetails < Base
+  end
+end

data/lib/shopify_api/resources/product.rb

@@ -0,0 +1,33 @@
+module ShopifyAPI
+  class Product < Base
+    include Events
+    include Metafields
+
+    # compute the price range
+    def price_range
+      prices = variants.collect(&:price)
+      format =  "%0.2f"
+      if prices.min != prices.max
+        "#{format % prices.min} - #{format % prices.max}"
+      else
+        format % prices.min
+      end
+    end
+    
+    def collections
+      CustomCollection.find(:all, :params => {:product_id => self.id})
+    end
+    
+    def smart_collections
+      SmartCollection.find(:all, :params => {:product_id => self.id})
+    end
+    
+    def add_to_collection(collection)
+      collection.add_product(self)
+    end
+    
+    def remove_from_collection(collection)
+      collection.remove_product(self)
+    end
+  end
+end

data/lib/shopify_api/resources/product_search_engine.rb

@@ -0,0 +1,4 @@
+module ShopifyAPI
+  class ProductSearchEngine < Base
+  end
+end

data/lib/shopify_api/resources/province.rb

@@ -0,0 +1,5 @@
+module ShopifyAPI
+  class Province < Base
+    self.prefix = "/admin/countries/:country_id/"
+  end
+end

data/lib/shopify_api/resources/receipt.rb

@@ -0,0 +1,4 @@
+module ShopifyAPI
+  class Receipt < Base
+  end
+end

data/lib/shopify_api/resources/recurring_application_charge.rb

@@ -0,0 +1,23 @@
+module ShopifyAPI
+  class RecurringApplicationCharge < Base
+    undef_method :test
+    
+    class << self
+      def current
+        all.find { |c| c.status == 'active' }
+      end
+
+      [:pending, :cancelled, :accepted, :declined].each do |status|
+        define_method(status) { all.select { |c| c.status == status.to_s } }
+      end
+    end
+    
+    def cancel
+      load_attributes_from_response(self.destroy)
+    end
+    
+    def activate
+      load_attributes_from_response(post(:activate))
+    end
+  end
+end

data/lib/shopify_api/resources/redirect.rb

@@ -0,0 +1,4 @@
+module ShopifyAPI
+  class Redirect < Base
+  end
+end

data/lib/shopify_api/resources/rule.rb

@@ -0,0 +1,4 @@
+module ShopifyAPI
+  class Rule < Base
+  end
+end

data/lib/shopify_api/resources/script_tag.rb

@@ -0,0 +1,4 @@
+module ShopifyAPI
+  class ScriptTag < Base
+  end
+end

data/lib/shopify_api/resources/shipping_address.rb

@@ -0,0 +1,4 @@
+module ShopifyAPI
+  class ShippingAddress < Base
+  end
+end

data/lib/shopify_api/resources/shipping_line.rb

@@ -0,0 +1,4 @@
+module ShopifyAPI
+  class ShippingLine < Base
+  end  
+end

data/lib/shopify_api/resources/shop.rb

@@ -0,0 +1,23 @@
+module ShopifyAPI
+  # Shop object. Use Shop.current to receive 
+  # the shop.
+  class Shop < Base
+    def self.current
+      find(:one, :from => "/admin/shop.#{format.extension}")
+    end
+    
+    def metafields
+      Metafield.find(:all)
+    end
+    
+    def add_metafield(metafield)
+      raise ArgumentError, "You can only add metafields to resource that has been saved" if new?      
+      metafield.save
+      metafield
+    end
+    
+    def events
+      Event.find(:all)
+    end
+  end               
+end

data/lib/shopify_api/resources/smart_collection.rb

@@ -0,0 +1,10 @@
+module ShopifyAPI
+  class SmartCollection < Base
+    include Events
+    include Metafields
+
+    def products
+      Product.find(:all, :params => {:collection_id => self.id})
+    end
+  end
+end

data/lib/shopify_api/resources/tax_line.rb

@@ -0,0 +1,4 @@
+module ShopifyAPI
+  class TaxLine < Base
+  end
+end

data/lib/shopify_api/resources/theme.rb

@@ -0,0 +1,4 @@
+module ShopifyAPI
+  class Theme < Base
+  end
+end

data/lib/shopify_api/resources/transaction.rb

@@ -0,0 +1,5 @@
+module ShopifyAPI
+  class Transaction < Base
+    self.prefix = "/admin/orders/:order_id/"
+  end
+end

data/lib/shopify_api/resources/variant.rb

@@ -0,0 +1,11 @@
+module ShopifyAPI
+  class Variant < Base
+    include Metafields
+
+    self.prefix = "/admin/products/:product_id/"
+    
+    def self.prefix(options={})
+      options[:product_id].nil? ? "/admin/" : "/admin/products/#{options[:product_id]}/"
+    end
+  end
+end

data/lib/shopify_api/resources/webhook.rb

@@ -0,0 +1,4 @@
+module ShopifyAPI
+  class Webhook < Base
+  end
+end

data/lib/shopify_api/session.rb

@@ -0,0 +1,165 @@
+module ShopifyAPI
+  # 
+  #  The Shopify API authenticates each call via HTTP Authentication, using
+  #    * the application's API key as the username, and
+  #    * a hex digest of the application's shared secret and an 
+  #      authentication token as the password.
+  #  
+  #  Generation & acquisition of the beforementioned looks like this:
+  # 
+  #    0. Developer (that's you) registers Application (and provides a
+  #       callback url) and receives an API key and a shared secret
+  # 
+  #    1. User visits Application and are told they need to authenticate the
+  #       application first for read/write permission to their data (needs to
+  #       happen only once). User is asked for their shop url.
+  # 
+  #    2. Application redirects to Shopify : GET <user's shop url>/admin/api/auth?api_key=<API key>
+  #       (See Session#create_permission_url)
+  # 
+  #    3. User logs-in to Shopify, approves application permission request
+  # 
+  #    4. Shopify redirects to the Application's callback url (provided during
+  #       registration), including the shop's name, and an authentication token in the parameters:
+  #         GET client.com/customers?shop=snake-oil.myshopify.com&t=a94a110d86d2452eb3e2af4cfb8a3828
+  # 
+  #    5. Authentication password computed using the shared secret and the
+  #       authentication token (see Session#computed_password)
+  # 
+  #    6. Profit!
+  #       (API calls can now authenticate through HTTP using the API key, and
+  #       computed password)
+  # 
+  #  LoginController and ShopifyLoginProtection use the Session class to set Shopify::Base.site
+  #  so that all API calls are authorized transparently and end up just looking like this:
+  # 
+  #    # get 3 products
+  #    @products = ShopifyAPI::Product.find(:all, :params => {:limit => 3})
+  #    
+  #    # get latest 3 orders
+  #    @orders = ShopifyAPI::Order.find(:all, :params => {:limit => 3, :order => "created_at DESC" })
+  # 
+  #  As an example of what your LoginController should look like, take a look
+  #  at the following:
+  # 
+  #    class LoginController < ApplicationController
+  #      def index
+  #        # Ask user for their #{shop}.myshopify.com address
+  #      end
+  #    
+  #      def authenticate
+  #        redirect_to ShopifyAPI::Session.new(params[:shop]).create_permission_url
+  #      end
+  #    
+  #      # Shopify redirects the logged-in user back to this action along with
+  #      # the authorization token t.
+  #      # 
+  #      # This token is later combined with the developer's shared secret to form
+  #      # the password used to call API methods.
+  #      def finalize
+  #        shopify_session = ShopifyAPI::Session.new(params[:shop], params[:t])
+  #        if shopify_session.valid?
+  #          session[:shopify] = shopify_session
+  #          flash[:notice] = "Logged in to shopify store."
+  #    
+  #          return_address = session[:return_to] || '/home'
+  #          session[:return_to] = nil
+  #          redirect_to return_address
+  #        else
+  #          flash[:error] = "Could not log in to Shopify store."
+  #          redirect_to :action => 'index'
+  #        end
+  #      end
+  #    
+  #      def logout
+  #        session[:shopify] = nil
+  #        flash[:notice] = "Successfully logged out."
+  #    
+  #        redirect_to :action => 'index'
+  #      end
+  #    end
+  # 
+  class Session
+    cattr_accessor :api_key
+    cattr_accessor :secret
+    cattr_accessor :protocol 
+    self.protocol = 'https'
+
+    attr_accessor :url, :token, :name
+    
+    class << self
+    
+      def setup(params)
+        params.each { |k,value| send("#{k}=", value) }
+      end
+      
+      def temp(domain, token, &block)
+        session = new(domain, token)
+
+        original_site = ShopifyAPI::Base.site
+        begin
+          ShopifyAPI::Base.site = session.site
+          yield
+        ensure
+          ShopifyAPI::Base.site = original_site
+        end
+      end
+      
+      def prepare_url(url)
+        return nil if url.blank?
+        url.gsub!(/https?:\/\//, '')                            # remove http:// or https://
+        url.concat(".myshopify.com") unless url.include?('.')   # extend url to myshopify.com if no host is given
+      end
+      
+      def validate_signature(params)
+        return false unless signature = params[:signature]
+
+        sorted_params = params.except(:signature, :action, :controller).collect{|k,v|"#{k}=#{v}"}.sort.join
+        Digest::MD5.hexdigest(secret + sorted_params) == signature
+      end
+    
+    end
+    
+    def initialize(url, token = nil, params = nil)
+      self.url, self.token = url, token
+
+      if params
+        unless self.class.validate_signature(params) && params[:timestamp].to_i > 24.hours.ago.utc.to_i
+          raise "Invalid Signature: Possible malicious login" 
+        end
+      end
+
+      self.class.prepare_url(self.url)
+    end
+    
+    def shop
+      Shop.current
+    end
+    
+    def create_permission_url
+      return nil if url.blank? || api_key.blank?
+      "http://#{url}/admin/api/auth?api_key=#{api_key}"
+    end
+
+    # Used by ActiveResource::Base to make all non-authentication API calls
+    # 
+    # (ShopifyAPI::Base.site set in ShopifyLoginProtection#shopify_session)
+    def site
+      "#{protocol}://#{api_key}:#{computed_password}@#{url}/admin"
+    end
+
+    def valid?
+      url.present? && token.present?
+    end
+
+    private
+
+    # The secret is computed by taking the shared_secret which we got when 
+    # registring this third party application and concating the request_to it, 
+    # and then calculating a MD5 hexdigest. 
+    def computed_password
+      Digest::MD5.hexdigest(secret + token.to_s)
+    end
+    
+  end
+end