shopify_api 13.2.0 → 13.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b83eabed3d0c78f619d6061eb4bb92c389e1d15afca55225c243c0200a73f1f9
-  data.tar.gz: 2d6858dda679bb4a65f2eddbbc3d746f6177eda1808109a1ebcce943ae5cb9b9
+  metadata.gz: 3242835d9dedea2805ab36b498f6fc5b1e778584b6edf05d07c894cf87bf1dec
+  data.tar.gz: 6953d7096849c3ee5b685ec708ef3d0191252f6c48adaa97c163487c73c52687
 SHA512:
-  metadata.gz: fb175ef43080cec7459eff1a7a40c3d0c48aabc8b69bd8fe10fba1bdcfb3c3ca9a9d4e5e5bd6184421a0639f06b18097efa151c912439198f28838a6f60b5b67
-  data.tar.gz: 121a72ef9cc5b608b96d5be67a9404f739598708e9649fd720b21fa7614f2d53f162d2e12872441bf4419318d5cb7f13721606239ce21f9bbfa3868e1c4153f8
+  metadata.gz: c407661dca2a62ba8815cc42371471eccc5a6cf4a1633aac95b9506ade343e89b5d4831376ff8a994093a7a721b2f4ac1708f736b1c4f8df7c17a978407188c0
+  data.tar.gz: c7eb834293eb3c5101b6fe17fb2ee4bc7771e8e9cf9f747c77f2cdb5ba123346cad392eef52b1c4cf323270ee9e26bdc60e475a38512d4d7b097f54744d93caa

data/.github/CODEOWNERS

@@ -1 +1 @@
-*       @shopify/learn-libs-superteam
+*       @Shopify/client-libraries-app-templates

data/.github/workflows/build.yml

@@ -20,6 +20,10 @@ jobs:
         uses: ruby/setup-ruby@v1
         with:
           ruby-version: ${{ matrix.version }}
+      - name: Install OpenSSL
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y libssl-dev
       - name: Run Bundle Commands
         run: |
           bundle config set --with docs

data/CHANGELOG.md

@@ -4,6 +4,12 @@ Note: For changes to the API, see https://shopify.dev/changelog?filter=api
 
 ## Unreleased
 
+## 13.3.0
+
+- [#1241](https://github.com/Shopify/shopify-api-ruby/pull/1241) Add `api_host` to `ShopifyAPI::Context.setup`, allowing the API host to be overridden in `ShopifyAPI::Clients::HttpClient`. This context option is intended for internal Shopify use only.
+- [#1237](https://github.com/Shopify/shopify-api-ruby/pull/1237) Skip mandatory webhook topic registration/unregistrations
+- [#1239](https://github.com/Shopify/shopify-api-ruby/pull/1239) Update `OAuth.validate_auth_callback` to use `ShopifyApi::Clients::HttpClient`.
+
 ## 13.2.0
 
 - [#1183](https://github.com/Shopify/shopify-api-ruby/pull/1189) Added string array support for fields parameter in Webhook::Registry

data/CONTRIBUTING.md

@@ -1,9 +1,34 @@
 
 Submitting Issues
 -----------------
+Submitting Issues
 
 Please open an issue here if you encounter a specific bug with this API client library or if something is documented here https://shopify.dev/docs/apps but is missing from this package.
 
 General questions about the Shopify API and usage of this package (not necessarily a bug) should be posted on the [Shopify forums](https://community.shopify.com/c/partners-and-developers/ct-p/appdev).
 
 When in doubt, post on the forum first. You'll likely have your questions answered more quickly if you post there; more people monitor the forum than Github.
+
+In order for us to best triage the issue, please include steps to reproduce the issue as well as the impacted feature.
+
+## Roadmap
+
+The focus of development efforts by maintainers of this project a roadmap will be proposed via PR and accessible at any point in the ROADMAP.md file.
+
+Working with a pull request modify the [ROADMAP.md](https://github.com/Shopify/shopify-api-ruby/blob/aa0b7f9a5a9095ca11f3f93f9aecc72e8daa6bce/ROADMAP.md) allows us to invite community feedback on the direction while not adding another communication avenue. While there are certainly better tools for the job than a markdown file for this, we are aiming to keep a minimal toolset to help us better manage the communication channels that we have open.
+
+If there are concerns with the direction and priorities of the maintainers, this roadmap PR is the appropriate place to share your concerns.
+
+## Submitting Pull Requests
+
+We welcome pull requests and help from the community! PRs fixing bugs will take priority to triaging proposed net new functionality. If you do want to add a feature, we recommend opening an issue first exploring the appetite of the community / maintainers to ensure there is alignment on direction before you spend time on the PR.
+
+## Gem Architecture
+Understanding how all the components of the Shopify App development stack work together will help best understand what level of abstraction a feature is meant to be applied. Please consider this architecture before introducing new functionally to ensure it is in the right place:
+
+| Gem Name | Job |
+|---|---|
+| Shopify API (this gem) | Obtain a session, clients for APIs (REST, GraphQL), error handling, webhook management |
+| REST Resources | Interfaces to the APIs. Response casting into defined objects with attributes/methods |
+| Shopify App | Build Shopify app using Rails conventions. Oauth, webhook processing, persistence, etc |
+| App Template | Template demonstrating how to use all these components in one starting boilerplate application |

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    shopify_api (13.2.0)
+    shopify_api (13.3.0)
       activesupport
       concurrent-ruby
       hash_diff
@@ -40,7 +40,6 @@ GEM
       concurrent-ruby (~> 1.0)
     json (2.6.2)
     jwt (2.7.1)
-    language_server-protocol (3.17.0.1)
     method_source (1.0.0)
     mini_mime (1.1.5)
     minitest (5.15.0)
@@ -50,9 +49,9 @@ GEM
     oj (3.16.0)
     openssl (3.1.0)
     parallel (1.22.1)
-    parser (3.1.2.1)
+    parser (3.2.2.4)
       ast (~> 2.4.1)
-    prettier_print (0.1.0)
+      racc
     pry (0.14.1)
       coderay (~> 1.1)
       method_source (~> 1.0)
@@ -60,6 +59,7 @@ GEM
       byebug (~> 11.0)
       pry (>= 0.13, < 0.15)
     public_suffix (4.0.6)
+    racc (1.7.1)
     rainbow (3.1.1)
     rake (13.0.6)
     rbi (0.0.15)
@@ -85,10 +85,6 @@ GEM
       rubocop (~> 1.35)
     rubocop-sorbet (0.6.11)
       rubocop (>= 0.90.0)
-    ruby-lsp (0.3.2)
-      language_server-protocol (~> 3.17.0)
-      sorbet-runtime
-      syntax_tree (>= 3.4)
     ruby-progressbar (1.11.0)
     securerandom (0.2.2)
     sorbet (0.5.10438)
@@ -104,8 +100,6 @@ GEM
       sorbet (>= 0.5.9204)
       sorbet-runtime (>= 0.5.9204)
       thor (>= 0.19.2)
-    syntax_tree (3.6.1)
-      prettier_print
     tapioca (0.10.2)
       bundler (>= 1.17.3)
       netrc (>= 0.11.0)
@@ -149,7 +143,6 @@ DEPENDENCIES
   rubocop
   rubocop-shopify
   rubocop-sorbet
-  ruby-lsp
   shopify_api!
   sorbet
   tapioca

data/ROADMAP.md

@@ -0,0 +1,10 @@
+# Roadmap
+
+|Priority|Description|Delivery Time frame|
+|---|---|---|
+|P0|Respond timely to open issues/Pull Requests|Ongoing|
+|P1|Minor API release with support for 10-23 API version|Oct 6 - 13|
+|P2|Restore dot notation access to GraphQL responses|Oct 26 - Dec 7|
+|P2|Restrospection GQL queries to define types for GQL resources|October 26- Dec 7|
+|P2|New token exchange authentication via optional feature flag|October 26- Dec 7|
+|P3|[Extract REST resources into their own gem](https://github.com/Shopify/shopify-api-ruby/issues/1194)|Oct 26 - Dec 7|

data/lib/shopify_api/auth/jwt_payload.rb

@@ -75,8 +75,8 @@ module ShopifyAPI
       def decode_token(token, api_secret_key)
         JWT.decode(token, api_secret_key, true,
           { exp_leeway: JWT_EXPIRATION_LEEWAY, algorithm: "HS256" })[0]
-      rescue
-        raise ShopifyAPI::Errors::InvalidJwtTokenError, "Failed to parse session token '#{token}'"
+      rescue JWT::DecodeError => err
+        raise ShopifyAPI::Errors::InvalidJwtTokenError, "Error decoding session token: #{err.message}"
       end
     end
   end

data/lib/shopify_api/auth/oauth.rb

@@ -70,15 +70,25 @@ module ShopifyAPI
           raise Errors::InvalidOauthError,
             "Invalid state in OAuth callback." unless state == auth_query.state
 
-          # TODO: replace this call with the HTTP client once it is built
+          null_session = Auth::Session.new(shop: auth_query.shop)
           body = { client_id: Context.api_key, client_secret: Context.api_secret_key, code: auth_query.code }
-          response = HTTParty.post("https://#{auth_query.shop}/admin/oauth/access_token", body: body)
-          unless response.ok?
+
+          client = Clients::HttpClient.new(session: null_session, base_path: "/admin/oauth")
+          response = begin
+            client.request(
+              Clients::HttpRequest.new(
+                http_method: :post,
+                path: "access_token",
+                body: body,
+                body_type: "application/json",
+              ),
+            )
+          rescue ShopifyAPI::Errors::HttpResponseError => e
             raise Errors::RequestAccessTokenError,
-              "Cannot complete OAuth process. Received a #{response.code} error while requesting access token."
+              "Cannot complete OAuth process. Received a #{e.code} error while requesting access token."
           end
-          session_params = response.to_h
 
+          session_params = T.cast(response.body, T::Hash[String, T.untyped]).to_h
           session = create_new_session(session_params, auth_query.shop)
 
           cookie = if Context.embedded?

data/lib/shopify_api/clients/http_client.rb

@@ -13,7 +13,9 @@ module ShopifyAPI
         session ||= Context.active_session
         raise Errors::NoActiveSessionError, "No passed or active session" unless session
 
-        @base_uri = T.let("https://#{session.shop}", String)
+        api_host = Context.api_host
+
+        @base_uri = T.let("https://#{api_host || session.shop}", String)
         @base_uri_and_path = T.let("#{@base_uri}#{base_path}", String)
 
         user_agent_prefix = Context.user_agent_prefix.nil? ? "" : "#{Context.user_agent_prefix} | "
@@ -23,6 +25,8 @@ module ShopifyAPI
           "Accept": "application/json",
         }, T::Hash[T.any(Symbol, String), T.untyped])
 
+        @headers["Host"] = session.shop unless api_host.nil?
+
         unless session.access_token.nil? || T.must(session.access_token).empty?
           @headers["X-Shopify-Access-Token"] = T.cast(session.access_token, String)
         end

data/lib/shopify_api/context.rb

@@ -8,6 +8,7 @@ module ShopifyAPI
     @api_key = T.let("", String)
     @api_secret_key = T.let("", String)
     @api_version = T.let(LATEST_SUPPORTED_ADMIN_VERSION, String)
+    @api_host = T.let(nil, T.nilable(String))
     @scope = T.let(Auth::AuthScopes.new, Auth::AuthScopes)
     @is_private = T.let(false, T::Boolean)
     @private_shop = T.let(nil, T.nilable(String))
@@ -41,6 +42,7 @@ module ShopifyAPI
           private_shop: T.nilable(String),
           user_agent_prefix: T.nilable(String),
           old_api_secret_key: T.nilable(String),
+          api_host: T.nilable(String),
         ).void
       end
       def setup(
@@ -56,7 +58,8 @@ module ShopifyAPI
         host: ENV["HOST"] || "https://#{host_name}",
         private_shop: nil,
         user_agent_prefix: nil,
-        old_api_secret_key: nil
+        old_api_secret_key: nil,
+        api_host: nil
       )
         unless ShopifyAPI::AdminVersions::SUPPORTED_ADMIN_VERSIONS.include?(api_version)
           raise Errors::UnsupportedVersionError,
@@ -66,6 +69,7 @@ module ShopifyAPI
         @api_key = api_key
         @api_secret_key = api_secret_key
         @api_version = api_version
+        @api_host = api_host
         @host = T.let(host, T.nilable(String))
         @is_private = is_private
         @scope = Auth::AuthScopes.new(scope)
@@ -130,7 +134,7 @@ module ShopifyAPI
       end
 
       sig { returns(T.nilable(String)) }
-      attr_reader :private_shop, :user_agent_prefix, :old_api_secret_key, :host
+      attr_reader :private_shop, :user_agent_prefix, :old_api_secret_key, :host, :api_host
 
       sig { returns(T::Boolean) }
       def embedded?

data/lib/shopify_api/version.rb

@@ -2,5 +2,5 @@
 # frozen_string_literal: true
 
 module ShopifyAPI
-  VERSION = "13.2.0"
+  VERSION = "13.3.0"
 end

data/lib/shopify_api/webhooks/registry.rb

@@ -5,6 +5,11 @@ module ShopifyAPI
   module Webhooks
     class Registry
       @registry = T.let({}, T::Hash[String, Registration])
+      MANDATORY_TOPICS = T.let([
+        "shop/redact",
+        "customers/redact",
+        "customers/data_request",
+      ].freeze, T::Array[String])
 
       class << self
         extend T::Sig
@@ -17,6 +22,8 @@ module ShopifyAPI
             metafield_namespaces: T.nilable(T::Array[String])).void
         end
         def add_registration(topic:, delivery_method:, path:, handler: nil, fields: nil, metafield_namespaces: nil)
+          return if mandatory_webhook_topic?(topic)
+
           @registry[topic] = case delivery_method
           when :pub_sub
             Registrations::PubSub.new(topic: topic, path: path, fields: fields,
@@ -101,6 +108,8 @@ module ShopifyAPI
           ).returns(T::Hash[String, T.untyped])
         end
         def unregister(topic:, session:)
+          return { "response": nil } if mandatory_webhook_topic?(topic)
+
           client = Clients::Graphql::Admin.new(session: session)
 
           webhook_id = get_webhook_id(topic: topic, client: client)
@@ -213,6 +222,13 @@ module ShopifyAPI
         def registration_sucessful?(body, mutation_name)
           !body.dig("data", mutation_name, "webhookSubscription").nil?
         end
+
+        # Mandatory webhooks are subscribed to via the partner dashboard not the API
+        # https://shopify.dev/docs/apps/webhooks/configuration/mandatory-webhooks
+        sig { params(topic: String).returns(T::Boolean) }
+        def mandatory_webhook_topic?(topic)
+          MANDATORY_TOPICS.include?(topic)
+        end
       end
     end
   end

data/shopify_api.gemspec

@@ -48,7 +48,6 @@ Gem::Specification.new do |s|
   s.add_development_dependency("rubocop")
   s.add_development_dependency("rubocop-shopify")
   s.add_development_dependency("rubocop-sorbet")
-  s.add_development_dependency("ruby-lsp")
   s.add_development_dependency("sorbet")
   s.add_development_dependency("tapioca")
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: shopify_api
 version: !ruby/object:Gem::Version
-  version: 13.2.0
+  version: 13.3.0
 platform: ruby
 authors:
 - Shopify
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-10-10 00:00:00.000000000 Z
+date: 2023-11-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -220,20 +220,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-- !ruby/object:Gem::Dependency
-  name: ruby-lsp
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
 - !ruby/object:Gem::Dependency
   name: sorbet
   requirement: !ruby/object:Gem::Requirement
@@ -296,6 +282,7 @@ files:
 - LICENSE
 - README.md
 - RELEASING.md
+- ROADMAP.md
 - Rakefile
 - SECURITY.md
 - bin/tapioca
@@ -970,7 +957,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.20
+rubygems_version: 3.4.21
 signing_key: 
 specification_version: 4
 summary: The gem for accessing the Shopify API