RubyGems - shopify_app - Versions diffs - 11.2.0 → 11.5.0 - Mend

shopify_app 11.2.0 → 11.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (35) hide show

checksums.yaml +4 -4
data/.travis.yml +0 -2
data/CHANGELOG.md +30 -0
data/README.md +116 -101
data/app/controllers/concerns/shopify_app/authenticated.rb +1 -1
data/app/controllers/shopify_app/callback_controller.rb +8 -2
data/config/locales/de.yml +3 -3
data/config/locales/nl.yml +7 -7
data/config/locales/pt-BR.yml +5 -5
data/lib/generators/shopify_app/add_marketing_activity_extension/add_marketing_activity_extension_generator.rb +39 -0
data/lib/generators/shopify_app/add_marketing_activity_extension/templates/marketing_activities_controller.rb +66 -0
data/lib/generators/shopify_app/install/install_generator.rb +20 -9
data/lib/generators/shopify_app/install/templates/embedded_app.html.erb +5 -1
data/lib/generators/shopify_app/install/templates/shopify_app_index.js +2 -0
data/lib/generators/shopify_app/install/templates/shopify_provider.rb +1 -0
data/lib/generators/shopify_app/user_model/templates/db/migrate/create_users.erb +16 -0
data/lib/generators/shopify_app/user_model/templates/user.rb +7 -0
data/lib/generators/shopify_app/user_model/templates/users.yml +4 -0
data/lib/generators/shopify_app/user_model/user_model_generator.rb +38 -0
data/lib/shopify_app.rb +46 -29
data/lib/shopify_app/configuration.rb +8 -0
data/lib/shopify_app/controller_concerns/login_protection.rb +22 -3
data/lib/shopify_app/controllers/extension_verification_controller.rb +18 -0
data/lib/shopify_app/session/in_memory_session_store.rb +1 -1
data/lib/shopify_app/session/session_repository.rb +2 -2
data/lib/shopify_app/session/session_storage.rb +14 -15
data/lib/shopify_app/session/storage_strategies/shop_storage_strategy.rb +24 -0
data/lib/shopify_app/session/storage_strategies/user_storage_strategy.rb +26 -0
data/lib/shopify_app/version.rb +1 -1
data/package-lock.json +1218 -1221
data/package.json +1 -2
data/service.yml +1 -1
data/shopify_app.gemspec +5 -2
data/yarn.lock +14 -14
metadata +56 -4

data/lib/generators/shopify_app/add_marketing_activity_extension/templates/marketing_activities_controller.rb ADDED

@@ -0,0 +1,66 @@
+# frozen_string_literal: true
+class MarketingActivitiesController < ExtensionVerificationController
+  def preload_form_data
+    preload_data = {
+      "form_data": {
+        "budget": {
+          "currency": "USD",
+        }
+      }
+    }
+    render(json: preload_data, status: :ok)
+  end
+  def update
+    render(json: {}, status: :accepted)
+  end
+  def pause
+    render(json: {}, status: :accepted)
+  end
+  def resume
+    render(json: {}, status: :accepted)
+  end
+  def delete
+    render(json: {}, status: :accepted)
+  end
+  def preview
+    placeholder_img = "https://cdn.shopify.com/s/files/1/0533/2089/files/placeholder-images-image_small.png"
+    preview_response = {
+      "desktop": {
+        "preview_url": placeholder_img,
+        "content_type": "text/html",
+        "width": 360,
+        "height": 200
+      },
+      "mobile": {
+        "preview_url": placeholder_img,
+        "content_type": "text/html",
+        "width": 360,
+        "height": 200
+      }
+    }
+    render(json: preview_response, status: :ok)
+  end
+  def create
+    render(json: {}, status: :ok)
+  end
+  def republish
+    render(json: {}, status: :accepted)
+  end
+  def errors
+    request_id = params[:request_id]
+    message = params[:message]
+    Rails.logger.info("[Marketing Activity App Error Feedback] Request id: #{request_id}, message: #{message}")
+    render(json: {}, status: :ok)
+  end
+end

data/lib/generators/shopify_app/install/install_generator.rb CHANGED

@@ -11,10 +11,6 @@ module ShopifyApp
       class_option :embedded, type: :string, default: 'true'
       class_option :api_version, type: :string, default: nil
-      def add_dotenv_gem
-        gem('dotenv-rails', group: [:test, :development])
-      end
       def create_shopify_app_initializer
         @application_name = format_array_argument(options['application_name'])
         @scope = format_array_argument(options['scope'])
@@ -40,12 +36,19 @@ module ShopifyApp
       end
       def create_embedded_app_layout
-        if embedded_app?
-          copy_file 'embedded_app.html.erb', 'app/views/layouts/embedded_app.html.erb'
+        return unless embedded_app?
+        copy_file 'embedded_app.html.erb', 'app/views/layouts/embedded_app.html.erb'
+        copy_file '_flash_messages.html.erb', 'app/views/layouts/_flash_messages.html.erb'
+        if ShopifyApp.use_webpacker?
+          copy_file('shopify_app.js', 'app/javascript/shopify_app/shopify_app.js')
+          copy_file('flash_messages.js', 'app/javascript/shopify_app/flash_messages.js')
+          copy_file('shopify_app_index.js', 'app/javascript/shopify_app/index.js')
+          append_to_file('app/javascript/packs/application.js', 'require("shopify_app")')
+        else
           copy_file('shopify_app.js', 'app/assets/javascripts/shopify_app.js')
-          copy_file '_flash_messages.html.erb', 'app/views/layouts/_flash_messages.html.erb'
-          copy_file('flash_messages.js',
-            'app/assets/javascripts/flash_messages.js')
+          copy_file('flash_messages.js', 'app/assets/javascripts/flash_messages.js')
         end
       end
@@ -57,6 +60,14 @@ module ShopifyApp
         route "mount ShopifyApp::Engine, at: '/'"
       end
+      def insert_hosts_into_development_config
+        inject_into_file(
+          'config/environments/development.rb',
+          "  config.hosts = (config.hosts rescue []) << /\\h+.ngrok.io/\n",
+          after: "Rails.application.configure do\n"
+        )
+      end
       private
       def embedded_app?

data/lib/generators/shopify_app/install/templates/embedded_app.html.erb CHANGED

@@ -5,7 +5,11 @@
     <% application_name = ShopifyApp.configuration.application_name %>
     <title><%= application_name %></title>
     <%= stylesheet_link_tag 'application' %>
-    <%= javascript_include_tag 'application', "data-turbolinks-track" => true %>
+    <% if ShopifyApp.use_webpacker? %>
+      <%= javascript_pack_tag 'application', 'data-turbolinks-track': 'reload' %>
+    <% else %>
+      <%= javascript_include_tag 'application', "data-turbolinks-track" => true %>
+    <% end %>
     <%= csrf_meta_tags %>
   </head>

data/lib/generators/shopify_app/install/templates/shopify_app_index.js ADDED

	@@ -0,0 +1,2 @@
1	+ require('./shopify_app')
2	+ require('./flash_messages')

data/lib/generators/shopify_app/install/templates/shopify_provider.rb CHANGED

@@ -4,6 +4,7 @@ provider :shopify,
   ShopifyApp.configuration.api_key,
   ShopifyApp.configuration.secret,
   scope: ShopifyApp.configuration.scope,
+  per_user_permissions: ShopifyApp.configuration.per_user_tokens,
   setup: lambda { |env|
     strategy = env['omniauth.strategy']

data/lib/generators/shopify_app/user_model/templates/db/migrate/create_users.erb ADDED

@@ -0,0 +1,16 @@
+class CreateUsers < ActiveRecord::Migration[<%= rails_migration_version %>]
+  def self.up
+    create_table :users do |t|
+      t.bigint :shopify_user_id, null: false
+      t.string :shopify_domain, null: false
+      t.string :shopify_token, null: false
+      t.timestamps
+    end
+    add_index :users, :shopify_user_id, unique: true
+  end
+  def self.down
+    drop_table :users
+  end
+end

data/lib/generators/shopify_app/user_model/templates/user.rb ADDED

@@ -0,0 +1,7 @@
+class User < ActiveRecord::Base
+  include ShopifyApp::SessionStorage
+  def api_version
+    ShopifyApp.configuration.api_version
+  end
+end

data/lib/generators/shopify_app/user_model/templates/users.yml ADDED

@@ -0,0 +1,4 @@
+regular_user:
+  shopify_domain: 'regular-shop.myshopify.com'
+  shopify_token: 'token'
+  shopify_user_id: 1

data/lib/generators/shopify_app/user_model/user_model_generator.rb ADDED

@@ -0,0 +1,38 @@
+require 'rails/generators/base'
+require 'rails/generators/active_record'
+module ShopifyApp
+  module Generators
+    class UserModelGenerator < Rails::Generators::Base
+      include Rails::Generators::Migration
+      source_root File.expand_path('../templates', __FILE__)
+      def create_user_model
+        copy_file 'user.rb', 'app/models/user.rb'
+      end
+      def create_user_migration
+        migration_template 'db/migrate/create_users.erb', 'db/migrate/create_users.rb'
+      end
+      def update_shopify_app_initializer
+        gsub_file 'config/initializers/shopify_app.rb', 'ShopifyApp::InMemorySessionStore', 'User'
+      end
+      def create_user_fixtures
+        copy_file 'users.yml', 'test/fixtures/users.yml'
+      end
+      private
+      def rails_migration_version
+        Rails.version.match(/\d\.\d/)[0]
+      end
+      # for generating a timestamp when using `create_migration`
+      def self.next_migration_number(dir)
+        ActiveRecord::Generators::Base.next_migration_number(dir)
+      end
+    end
+  end
+end

data/lib/shopify_app.rb CHANGED

@@ -4,32 +4,49 @@ require 'shopify_app/version'
 require 'shopify_api'
 require 'omniauth-shopify-oauth2'
-# config
-require 'shopify_app/configuration'
-# engine
-require 'shopify_app/engine'
-# utils
-require 'shopify_app/utils'
-# controller concerns
-require 'shopify_app/controller_concerns/localization'
-require 'shopify_app/controller_concerns/itp'
-require 'shopify_app/controller_concerns/login_protection'
-require 'shopify_app/controller_concerns/embedded_app'
-require 'shopify_app/controller_concerns/webhook_verification'
-require 'shopify_app/controller_concerns/app_proxy_verification'
-# jobs
-require 'shopify_app/jobs/webhooks_manager_job'
-require 'shopify_app/jobs/scripttags_manager_job'
-# managers
-require 'shopify_app/managers/webhooks_manager'
-require 'shopify_app/managers/scripttags_manager'
-# session
-require 'shopify_app/session/session_storage'
-require 'shopify_app/session/session_repository'
-require 'shopify_app/session/in_memory_session_store'
+module ShopifyApp
+  def self.rails6?
+    Rails::VERSION::MAJOR >= 6
+  end
+  def self.use_webpacker?
+    rails6? &&
+      defined?(Webpacker) == 'constant' &&
+      !configuration.disable_webpacker
+  end
+  # config
+  require 'shopify_app/configuration'
+  # engine
+  require 'shopify_app/engine'
+  # utils
+  require 'shopify_app/utils'
+  # controllers
+  require 'shopify_app/controllers/extension_verification_controller'
+  # controller concerns
+  require 'shopify_app/controller_concerns/localization'
+  require 'shopify_app/controller_concerns/itp'
+  require 'shopify_app/controller_concerns/login_protection'
+  require 'shopify_app/controller_concerns/embedded_app'
+  require 'shopify_app/controller_concerns/webhook_verification'
+  require 'shopify_app/controller_concerns/app_proxy_verification'
+  # jobs
+  require 'shopify_app/jobs/webhooks_manager_job'
+  require 'shopify_app/jobs/scripttags_manager_job'
+  # managers
+  require 'shopify_app/managers/webhooks_manager'
+  require 'shopify_app/managers/scripttags_manager'
+  # session
+  require 'shopify_app/session/storage_strategies/shop_storage_strategy'
+  require 'shopify_app/session/storage_strategies/user_storage_strategy'
+  require 'shopify_app/session/session_storage'
+  require 'shopify_app/session/session_repository'
+  require 'shopify_app/session/in_memory_session_store'
+end

data/lib/shopify_app/configuration.rb CHANGED

@@ -15,6 +15,8 @@ module ShopifyApp
     attr_accessor :scripttags
     attr_accessor :after_authenticate_job
     attr_accessor :session_repository
+    attr_accessor :per_user_tokens
+    alias_method :per_user_tokens?, :per_user_tokens
     attr_accessor :api_version
     # customise urls
@@ -28,6 +30,9 @@ module ShopifyApp
     # configure myshopify domain for local shopify development
     attr_accessor :myshopify_domain
+    # ability to have webpacker installed but not used in this gem and the generators
+    attr_accessor :disable_webpacker
     # allow namespacing webhook jobs
     attr_accessor :webhook_jobs_namespace
@@ -36,6 +41,8 @@ module ShopifyApp
       @myshopify_domain = 'myshopify.com'
       @scripttags_manager_queue_name = Rails.application.config.active_job.queue_name
       @webhooks_manager_queue_name = Rails.application.config.active_job.queue_name
+      @per_user_tokens = false
+      @disable_webpacker = ENV['SHOPIFY_APP_DISABLE_WEBPACKER'].present?
     end
     def login_url
@@ -59,6 +66,7 @@ module ShopifyApp
     def has_scripttags?
       scripttags.present?
     end
   end
   def self.configuration

data/lib/shopify_app/controller_concerns/login_protection.rb CHANGED

@@ -27,12 +27,30 @@ module ShopifyApp
     end
     def shop_session
-      return unless session[:shopify]
-      @shop_session ||= ShopifyApp::SessionRepository.retrieve(session[:shopify])
+      if ShopifyApp.configuration.per_user_tokens?
+        return unless session[:shopify_user]
+        @shop_session ||= ShopifyApp::SessionRepository.retrieve(session[:shopify_user]['id'])
+      else
+        return unless session[:shopify]
+        @shop_session ||= ShopifyApp::SessionRepository.retrieve(session[:shopify])
+      end
     end
-    def login_again_if_different_shop
+    def login_again_if_different_user_or_shop
+      if ShopifyApp.configuration.per_user_tokens?
+        valid_session_data = session[:user_session].present? && params[:session].present? # session data was sent/stored correctly
+        sessions_do_not_match = session[:user_session] != params[:session] # current user is different from stored user
+        if valid_session_data && sessions_do_not_match
+          clear_session = true
+        end
+      end
       if shop_session && params[:shop] && params[:shop].is_a?(String) && (shop_session.domain != params[:shop])
+        clear_session = true
+      end
+      if clear_session
         clear_shop_session
         redirect_to_login
       end
@@ -60,6 +78,7 @@ module ShopifyApp
       session[:shopify] = nil
       session[:shopify_domain] = nil
       session[:shopify_user] = nil
+      session[:user_session] = nil
     end
     def login_url_with_optional_shop(top_level: false)

data/lib/shopify_app/controllers/extension_verification_controller.rb ADDED

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+class ExtensionVerificationController < ActionController::Base
+  protect_from_forgery with: :null_session
+  before_action :verify_request
+  private
+  def verify_request
+    hmac_header = request.headers['HTTP_X_SHOPIFY_HMAC_SHA256']
+    request_body = request.body.read
+    secret = ShopifyApp.configuration.secret
+    digest = OpenSSL::Digest.new('sha256')
+    expected_hmac = Base64.strict_encode64(OpenSSL::HMAC.digest(digest, secret, request_body))
+    head(:unauthorized) unless ActiveSupport::SecurityUtils.secure_compare(expected_hmac, hmac_header)
+  end
+end

data/lib/shopify_app/session/in_memory_session_store.rb CHANGED

@@ -6,7 +6,7 @@ module ShopifyApp
       repo[id]
     end
-    def self.store(session)
+    def self.store(session, *args)
       id = SecureRandom.uuid
       repo[id] = session
       id

data/lib/shopify_app/session/session_repository.rb CHANGED

@@ -15,8 +15,8 @@ module ShopifyApp
         storage.retrieve(id)
       end
-      def store(session)
-        storage.store(session)
+      def store(session, *args)
+        storage.store(session, *args)
       end
       def storage

data/lib/shopify_app/session/session_storage.rb CHANGED

@@ -3,9 +3,12 @@ module ShopifyApp
     extend ActiveSupport::Concern
     included do
-      validates :shopify_domain, presence: true, uniqueness: { case_sensitive: false }
       validates :shopify_token, presence: true
       validates :api_version, presence: true
+      validates :shopify_domain, presence: true,
+        if: Proc.new {|_| ShopifyApp.configuration.per_user_tokens? }
+      validates :shopify_domain, presence: true, uniqueness: { case_sensitive: false },
+        if: Proc.new {|_| !ShopifyApp.configuration.per_user_tokens? }
     end
     def with_shopify_session(&block)
@@ -18,23 +21,19 @@ module ShopifyApp
     end
     class_methods do
-      def store(session)
-        shop = find_or_initialize_by(shopify_domain: session.domain)
-        shop.shopify_token = session.token
-        shop.save!
-        shop.id
+      def strategy_klass
+        ShopifyApp.configuration.per_user_tokens? ?
+          ShopifyApp::SessionStorage::UserStorageStrategy :
+          ShopifyApp::SessionStorage::ShopStorageStrategy
       end
-      def retrieve(id)
-        return unless id
+      def store(auth_session, user: nil)
+        strategy_klass.store(auth_session, user)
+      end
-        if shop = self.find_by(id: id)
-          ShopifyAPI::Session.new(
-            domain: shop.shopify_domain,
-            token: shop.shopify_token,
-            api_version: shop.api_version
-          )
-        end
+      def retrieve(id)
+        strategy_klass.retrieve(id)
       end
     end
   end