RubyGems - shopify_app - Versions diffs - 13.2.0 → 20.2.0 - Mend

shopify_app 13.2.0 → 20.2.0

Files changed (167) hide show

checksums.yaml +4 -4
data/.github/CODEOWNERS +1 -0
data/.github/ISSUE_TEMPLATE/bug-report.md +63 -0
data/.github/ISSUE_TEMPLATE/config.yml +1 -0
data/.github/ISSUE_TEMPLATE/feature-request.md +33 -0
data/.github/PULL_REQUEST_TEMPLATE.md +22 -0
data/.github/workflows/build.yml +40 -0
data/.github/workflows/cla.yml +22 -0
data/.github/workflows/close-waiting-for-response-issues.yml +20 -0
data/.github/workflows/release.yml +24 -0
data/.github/workflows/remove-labels-on-activity.yml +16 -0
data/.github/workflows/rubocop.yml +22 -0
data/.github/workflows/stale.yml +31 -0
data/.gitignore +1 -2
data/.nvmrc +1 -1
data/.rubocop.yml +2 -0
data/.ruby-version +1 -1
data/CHANGELOG.md +221 -0
data/CONTRIBUTING.md +81 -0
data/Gemfile +5 -2
data/Gemfile.lock +248 -0
data/README.md +74 -563
data/Rakefile +4 -3
data/SECURITY.md +59 -0
data/app/assets/images/storage_access.svg +1 -2
data/app/assets/javascripts/shopify_app/app_bridge_3.1.1.js +10 -0
data/app/assets/javascripts/shopify_app/app_bridge_redirect.js +22 -0
data/app/assets/javascripts/shopify_app/app_bridge_utils_3.1.1.js +1 -0
data/app/assets/javascripts/shopify_app/post_redirect.js +9 -0
data/app/assets/javascripts/shopify_app/redirect.js +10 -14
data/app/assets/javascripts/shopify_app/storage_access.js +5 -10
data/app/assets/javascripts/shopify_app/top_level_interaction.js +1 -1
data/app/controllers/concerns/shopify_app/authenticated.rb +4 -0
data/app/controllers/concerns/shopify_app/ensure_authenticated_links.rb +39 -0
data/app/controllers/concerns/shopify_app/require_known_shop.rb +48 -0
data/app/controllers/concerns/shopify_app/shop_access_scopes_verification.rb +40 -0
data/app/controllers/shopify_app/authenticated_controller.rb +1 -0
data/app/controllers/shopify_app/callback_controller.rb +56 -77
data/app/controllers/shopify_app/extension_verification_controller.rb +2 -7
data/app/controllers/shopify_app/sessions_controller.rb +33 -117
data/app/controllers/shopify_app/webhooks_controller.rb +5 -26
data/app/views/shopify_app/partials/_button_styles.html.erb +41 -36
data/app/views/shopify_app/partials/_card_styles.html.erb +3 -3
data/app/views/shopify_app/partials/_empty_state_styles.html.erb +28 -59
data/app/views/shopify_app/partials/_form_styles.html.erb +56 -0
data/app/views/shopify_app/partials/_layout_styles.html.erb +16 -1
data/app/views/shopify_app/partials/_typography_styles.html.erb +6 -6
data/app/views/shopify_app/sessions/enable_cookies.html.erb +2 -7
data/app/views/shopify_app/sessions/new.html.erb +38 -110
data/app/views/shopify_app/sessions/request_storage_access.html.erb +12 -12
data/app/views/shopify_app/sessions/top_level_interaction.html.erb +21 -22
data/app/views/shopify_app/shared/post_redirect_to_auth_shopify.html.erb +13 -0
data/app/views/shopify_app/shared/redirect.html.erb +2 -2
data/config/locales/de.yml +11 -11
data/config/locales/ja.yml +4 -4
data/config/locales/nl.yml +2 -2
data/config/locales/th.yml +4 -4
data/config/locales/vi.yml +22 -0
data/config/locales/zh-CN.yml +2 -2
data/config/routes.rb +20 -12
data/docs/Quickstart.md +19 -83
data/docs/Releasing.md +18 -15
data/docs/Troubleshooting.md +140 -5
data/docs/Upgrading.md +247 -0
data/docs/shopify_app/authentication.md +128 -0
data/docs/shopify_app/content-security-policy.md +10 -0
data/docs/shopify_app/engine.md +82 -0
data/docs/shopify_app/generators.md +127 -0
data/docs/shopify_app/handling-access-scopes-changes.md +24 -0
data/docs/shopify_app/script-tags.md +28 -0
data/docs/shopify_app/session-repository.md +88 -0
data/docs/shopify_app/testing.md +38 -0
data/docs/shopify_app/webhooks.md +72 -0
data/karma.conf.js +1 -1
data/lib/generators/shopify_app/add_after_authenticate_job/add_after_authenticate_job_generator.rb +10 -9
data/lib/generators/shopify_app/add_after_authenticate_job/templates/after_authenticate_job.rb +1 -0
data/lib/generators/shopify_app/add_marketing_activity_extension/add_marketing_activity_extension_generator.rb +4 -3
data/lib/generators/shopify_app/add_webhook/add_webhook_generator.rb +15 -14
data/lib/generators/shopify_app/add_webhook/templates/webhook_job.rb.tt +9 -1
data/lib/generators/shopify_app/app_proxy_controller/app_proxy_controller_generator.rb +7 -6
data/lib/generators/shopify_app/app_proxy_controller/templates/app_proxy_controller.rb +2 -1
data/lib/generators/shopify_app/app_proxy_controller/templates/app_proxy_route.rb +1 -1
data/lib/generators/shopify_app/authenticated_controller/authenticated_controller_generator.rb +4 -4
data/lib/generators/shopify_app/controllers/controllers_generator.rb +5 -4
data/lib/generators/shopify_app/home_controller/home_controller_generator.rb +27 -4
data/lib/generators/shopify_app/home_controller/templates/home_controller.rb +12 -2
data/lib/generators/shopify_app/home_controller/templates/index.html.erb +74 -16
data/lib/generators/shopify_app/home_controller/templates/unauthenticated_home_controller.rb +16 -0
data/lib/generators/shopify_app/install/install_generator.rb +52 -40
data/lib/generators/shopify_app/install/templates/embedded_app.html.erb +5 -2
data/lib/generators/shopify_app/install/templates/flash_messages.js +0 -2
data/lib/generators/shopify_app/install/templates/session_store.rb +2 -1
data/lib/generators/shopify_app/install/templates/shopify_app.js +1 -1
data/lib/generators/shopify_app/install/templates/shopify_app.rb.tt +43 -5
data/lib/generators/shopify_app/install/templates/shopify_app_importmap.js +13 -0
data/lib/generators/shopify_app/products_controller/products_controller_generator.rb +19 -0
data/lib/generators/shopify_app/products_controller/templates/products_controller.rb +8 -0
data/lib/generators/shopify_app/rotate_shopify_token_job/rotate_shopify_token_job_generator.rb +4 -4
data/lib/generators/shopify_app/rotate_shopify_token_job/templates/rotate_shopify_token.rake +1 -0
data/lib/generators/shopify_app/rotate_shopify_token_job/templates/rotate_shopify_token_job.rb +1 -1
data/lib/generators/shopify_app/routes/routes_generator.rb +6 -5
data/lib/generators/shopify_app/routes/templates/routes.rb +5 -5
data/lib/generators/shopify_app/shop_model/shop_model_generator.rb +35 -7
data/lib/generators/shopify_app/shop_model/templates/db/migrate/add_shop_access_scopes_column.erb +5 -0
data/lib/generators/shopify_app/shop_model/templates/shop.rb +2 -1
data/lib/generators/shopify_app/shopify_app_generator.rb +4 -3
data/lib/generators/shopify_app/user_model/templates/db/migrate/add_user_access_scopes_column.erb +5 -0
data/lib/generators/shopify_app/user_model/templates/user.rb +2 -1
data/lib/generators/shopify_app/user_model/user_model_generator.rb +35 -7
data/lib/generators/shopify_app/views/views_generator.rb +5 -4
data/lib/shopify_app/access_scopes/noop_strategy.rb +13 -0
data/lib/shopify_app/access_scopes/shop_strategy.rb +24 -0
data/lib/shopify_app/access_scopes/user_strategy.rb +41 -0
data/lib/shopify_app/configuration.rb +58 -11
data/lib/shopify_app/controller_concerns/app_proxy_verification.rb +4 -4
data/lib/shopify_app/controller_concerns/csrf_protection.rb +16 -0
data/lib/shopify_app/controller_concerns/embedded_app.rb +6 -3
data/lib/shopify_app/controller_concerns/ensure_billing.rb +243 -0
data/lib/shopify_app/controller_concerns/frame_ancestors.rb +16 -0
data/lib/shopify_app/controller_concerns/itp.rb +3 -3
data/lib/shopify_app/controller_concerns/localization.rb +1 -0
data/lib/shopify_app/controller_concerns/login_protection.rb +105 -90
data/lib/shopify_app/controller_concerns/payload_verification.rb +25 -0
data/lib/shopify_app/controller_concerns/redirect_for_embedded.rb +36 -0
data/lib/shopify_app/controller_concerns/sanitized_params.rb +36 -0
data/lib/shopify_app/controller_concerns/webhook_verification.rb +3 -18
data/lib/shopify_app/engine.rb +26 -11
data/lib/shopify_app/errors.rb +34 -0
data/lib/shopify_app/jobs/scripttags_manager_job.rb +2 -2
data/lib/shopify_app/jobs/webhooks_manager_job.rb +4 -5
data/lib/shopify_app/managers/scripttags_manager.rb +12 -6
data/lib/shopify_app/managers/webhooks_manager.rb +62 -42
data/lib/shopify_app/middleware/jwt_middleware.rb +6 -3
data/lib/shopify_app/session/in_memory_session_store.rb +2 -3
data/lib/shopify_app/session/in_memory_shop_session_store.rb +10 -7
data/lib/shopify_app/session/in_memory_user_session_store.rb +10 -7
data/lib/shopify_app/session/jwt.rb +19 -16
data/lib/shopify_app/session/null_user_session_store.rb +2 -1
data/lib/shopify_app/session/session_repository.rb +40 -2
data/lib/shopify_app/session/session_storage.rb +4 -6
data/lib/shopify_app/session/shop_session_storage.rb +6 -6
data/lib/shopify_app/session/shop_session_storage_with_scopes.rb +57 -0
data/lib/shopify_app/session/user_session_storage.rb +20 -7
data/lib/shopify_app/session/user_session_storage_with_scopes.rb +71 -0
data/lib/shopify_app/test_helpers/all.rb +2 -1
data/lib/shopify_app/test_helpers/webhook_verification_helper.rb +4 -3
data/lib/shopify_app/utils.rb +14 -7
data/lib/shopify_app/version.rb +2 -1
data/lib/shopify_app.rb +52 -29
data/package.json +7 -8
data/service.yml +1 -5
data/shopify_app.gemspec +22 -20
data/translation.yml +1 -1
data/yarn.lock +2173 -2206
metadata +110 -56
data/.github/ISSUE_TEMPLATE.md +0 -14
data/.github/probots.yml +0 -2
data/.travis.yml +0 -28
data/config/locales/hi.yml +0 -23
data/config/locales/ms.yml +0 -22
data/docs/install-on-dev-shop.png +0 -0
data/docs/test-your-app.png +0 -0
data/lib/generators/shopify_app/install/templates/omniauth.rb +0 -3
data/lib/generators/shopify_app/install/templates/shopify_provider.rb +0 -20
data/lib/generators/shopify_app/install/templates/user_agent.rb +0 -6
data/lib/shopify_app/middleware/same_site_cookie_middleware.rb +0 -34
data/package-lock.json +0 -7245

data/lib/generators/shopify_app/home_controller/templates/index.html.erb CHANGED Viewed

@@ -1,21 +1,79 @@
-<h2>Products</h2>
+<!DOCTYPE html>
+<html lang="<%= I18n.locale %>">
+  <head>
+    <meta charset="utf-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1" />
+    <link
+      rel="stylesheet"
+      href="https://unpkg.com/@shopify/polaris@4.25.0/styles.min.css"
+      />
+    <% if embedded_app? %>
+      <script type="module">
+        async function displayProducts() {
+          var SessionToken = window["app-bridge"].actions.SessionToken
+          var app = window.app;
-<ul>
-  <% @products.each do |product| %>
-    <li><%= link_to product.title, "https://#{@current_shopify_session.domain}/admin/products/#{product.id}", target: "_top" %></li>
-  <% end %>
-</ul>
+          app.dispatch(
+            SessionToken.request(),
+          );
+          // Save a session token for future requests
+          window.sessionToken = await new Promise((resolve) => {
+            app.subscribe(SessionToken.Action.RESPOND, (data) => {
+              resolve(data.sessionToken || "");
+            });
+          });
-<hr>
+          var fetchProducts = function() {
+            var headers = new Headers({ "Authorization": "Bearer " + window.sessionToken });
+            return fetch("/products", { headers })
+              .then(response => response.json())
+              .then(data => {
+                var products = data.products;
-<h2>Webhooks</h2>
+                if (products === undefined || products.length == 0) {
+                  document.getElementById("products").innerHTML = "<br>No products to display.";
+                } else {
+                  var list = "";
+                  products.forEach((product) => {
+                    var link = `<a target="_top" href="https://<%%= @shop_origin %>/admin/products/${product.id}">`
+                    list += "<li>" + link + product.title + "</a></li>";
+                  });
+                  document.getElementById("products").innerHTML = "<ul>" + list + "</ul>";
+                }
+              });
+          }();
+        };
-<% if @webhooks.present? %>
-  <ul>
-    <% @webhooks.each do |webhook| %>
-      <li><%= webhook.topic %> : <%= webhook.address %></li>
+        <% if ShopifyApp.use_importmap? %>
+          import "lib/shopify_app"
+          displayProducts();
+        <% else %>
+          document.addEventListener("DOMContentLoaded", displayProducts);
+        <% end %>
+      </script>
     <% end %>
-  </ul>
-<% else %>
-  <p>This app has not created any webhooks for this Shop. Add webhooks to your ShopifyApp initializer if you need webhooks</p>
-<% end %>
+  </head>
+  <body>
+    <h2>Products</h2>
+<% if embedded_app? %>    <div id="products"><br>Loading...</div><% else %>
+    <ul>
+      <%% @products.each do |product| %>
+        <li><%%= link_to product.title, "https://#{@current_shopify_session.shop}/admin/products/#{product.id}", target: "_top" %></li>
+      <%% end %>
+    </ul>
+    <hr>
+    <% end %>
+    <h2>Webhooks</h2>
+    <%% if @webhooks.present? %>
+    <ul>
+      <%% @webhooks.each do |webhook| %>
+      <li><%%= webhook.topic %> : <%%= webhook.address %></li>
+      <%% end %>
+    </ul>
+    <%% else %>
+    <p>This app has not created any webhooks for this Shop. Add webhooks to your ShopifyApp initializer if you need webhooks</p>
+    <%% end %>
+  </body>
+</html>

data/lib/generators/shopify_app/home_controller/templates/unauthenticated_home_controller.rb ADDED Viewed

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+class HomeController < ApplicationController
+  include ShopifyApp::EmbeddedApp
+  include ShopifyApp::RequireKnownShop
+  include ShopifyApp::ShopAccessScopesVerification
+  def index
+    if ShopifyAPI::Context.embedded? && (!params[:embedded].present? || params[:embedded] != "1")
+      redirect_to(ShopifyAPI::Auth.embedded_app_url(params[:host]) + request.path, allow_other_host: true)
+    else
+      @shop_origin = current_shopify_domain
+      @host = params[:host]
+    end
+  end
+end

data/lib/generators/shopify_app/install/install_generator.rb CHANGED Viewed

@@ -1,82 +1,94 @@
 # frozen_string_literal: true
-require 'rails/generators/base'
+require "rails/generators/base"
 module ShopifyApp
   module Generators
     class InstallGenerator < Rails::Generators::Base
       include Rails::Generators::Migration
-      source_root File.expand_path('../templates', __FILE__)
+      source_root File.expand_path("../templates", __FILE__)
-      class_option :application_name, type: :array, default: ['My', 'Shopify', 'App']
-      class_option :scope, type: :array, default: ['read_products']
-      class_option :embedded, type: :string, default: 'true'
+      class_option :application_name, type: :array, default: ["My", "Shopify", "App"]
+      class_option :scope, type: :array, default: ["read_products"]
+      class_option :embedded, type: :string, default: "true"
       class_option :api_version, type: :string, default: nil
+      NGROK_HOST = "/\[-\\w]+\\.ngrok\\.io/"
+      CLOUDFLARE_HOST = "/\[-\\w]+\\.trycloudflare\\.com/"
       def create_shopify_app_initializer
-        @application_name = format_array_argument(options['application_name'])
-        @scope = format_array_argument(options['scope'])
-        @api_version = options['api_version'] || ShopifyAPI::Meta.admin_versions.find(&:latest_supported).handle
+        @application_name = format_array_argument(options["application_name"])
+        @scope = format_array_argument(options["scope"])
+        @api_version = options["api_version"] || ShopifyAPI::LATEST_SUPPORTED_ADMIN_VERSION
-        template('shopify_app.rb', 'config/initializers/shopify_app.rb')
+        template("shopify_app.rb", "config/initializers/shopify_app.rb")
       end
       def create_session_store_initializer
-        copy_file('session_store.rb', 'config/initializers/session_store.rb')
-      end
-      def create_and_inject_into_omniauth_initializer
-        unless File.exist?("config/initializers/omniauth.rb")
-          copy_file('omniauth.rb', 'config/initializers/omniauth.rb')
-        end
-        inject_into_file(
-          'config/initializers/omniauth.rb',
-          File.read(File.expand_path(find_in_source_paths('shopify_provider.rb'))),
-          after: "Rails.application.config.middleware.use(OmniAuth::Builder) do\n"
-        )
+        copy_file("session_store.rb", "config/initializers/session_store.rb")
       end
       def create_embedded_app_layout
         return unless embedded_app?
-        copy_file('embedded_app.html.erb', 'app/views/layouts/embedded_app.html.erb')
-        copy_file('_flash_messages.html.erb', 'app/views/layouts/_flash_messages.html.erb')
+        copy_file("embedded_app.html.erb", "app/views/layouts/embedded_app.html.erb")
+        copy_file("_flash_messages.html.erb", "app/views/layouts/_flash_messages.html.erb")
         if ShopifyApp.use_webpacker?
-          copy_file('shopify_app.js', 'app/javascript/shopify_app/shopify_app.js')
-          copy_file('flash_messages.js', 'app/javascript/shopify_app/flash_messages.js')
-          copy_file('shopify_app_index.js', 'app/javascript/shopify_app/index.js')
-          append_to_file('app/javascript/packs/application.js', "require(\"shopify_app\")\n")
+          copy_file("shopify_app.js", "app/javascript/shopify_app/shopify_app.js")
+          copy_file("flash_messages.js", "app/javascript/shopify_app/flash_messages.js")
+          copy_file("shopify_app_index.js", "app/javascript/shopify_app/index.js")
+          append_to_file("app/javascript/packs/application.js", "require(\"shopify_app\")\n")
+        elsif ShopifyApp.use_importmap?
+          copy_file("shopify_app_importmap.js", "app/javascript/lib/shopify_app.js")
+          copy_file("flash_messages.js", "app/javascript/lib/flash_messages.js")
+          append_to_file("config/importmap.rb", "pin_all_from \"app/javascript/lib\", under: \"lib\"\n")
         else
-          copy_file('shopify_app.js', 'app/assets/javascripts/shopify_app.js')
-          copy_file('flash_messages.js', 'app/assets/javascripts/flash_messages.js')
+          copy_file("shopify_app.js", "app/assets/javascripts/shopify_app.js")
+          copy_file("flash_messages.js", "app/assets/javascripts/flash_messages.js")
         end
       end
-      def create_user_agent_initializer
-        template('user_agent.rb', 'config/initializers/user_agent.rb')
-      end
       def mount_engine
         route("mount ShopifyApp::Engine, at: '/'")
       end
       def insert_hosts_into_development_config
+        "Rails.application.configure do\n"
+          .then { insert_tunnel_host_rules("ngrok", _1, NGROK_HOST + "\n") }
+          .then { insert_tunnel_host_rules("Cloudflare", _1, CLOUDFLARE_HOST + "\n") }
+      end
+      private
+      def add_comment_explaining_tunnel_host(provider_name, insert_after_line)
+        comment = "  # Allow #{provider_name} tunnels for secure Shopify OAuth redirects\n"
         inject_into_file(
-          'config/environments/development.rb',
-          "  config.hosts = (config.hosts rescue []) << /\\h+.ngrok.io/\n",
-          after: "Rails.application.configure do\n"
+          "config/environments/development.rb",
+          comment,
+          after: insert_after_line
         )
+        comment
       end
-      private
+      def insert_tunnel_host_rules(provider_name, insert_after_line, provider_host_domain)
+        explaination_comment = add_comment_explaining_tunnel_host(provider_name, insert_after_line)
+        host_line = "  config.hosts = (config.hosts rescue []) << #{provider_host_domain}"
+        inject_into_file(
+          "config/environments/development.rb",
+          host_line,
+          after: explaination_comment
+        )
+        host_line
+      end
       def embedded_app?
-        options['embedded'] == 'true'
+        options["embedded"] == "true"
       end
       def format_array_argument(array)
-        array.join(' ').tr('"', '')
+        array.join(" ").tr('"', "")
       end
     end
   end

data/lib/generators/shopify_app/install/templates/embedded_app.html.erb CHANGED Viewed

@@ -7,6 +7,8 @@
     <%= stylesheet_link_tag 'application' %>
     <% if ShopifyApp.use_webpacker? %>
       <%= javascript_pack_tag 'application', 'data-turbolinks-track': 'reload' %>
+    <% elsif ShopifyApp.use_importmap? %>
+      <%= javascript_importmap_tags %>
     <% else %>
       <%= javascript_include_tag 'application', "data-turbolinks-track" => true %>
     <% end %>
@@ -24,11 +26,12 @@
     <%= render 'layouts/flash_messages' %>
-    <script src="https://unpkg.com/@shopify/app-bridge"></script>
+    <script src="https://unpkg.com/@shopify/app-bridge@2"></script>
     <%= content_tag(:div, nil, id: 'shopify-app-init', data: {
       api_key: ShopifyApp.configuration.api_key,
-      shop_origin: (@current_shopify_session.domain if @current_shopify_session),
+      shop_origin: @shop_origin || (@current_shopify_session.shop if @current_shopify_session),
+      host: @host,
       debug: Rails.env.development?
     } ) %>

data/lib/generators/shopify_app/install/templates/flash_messages.js CHANGED Viewed

@@ -20,7 +20,5 @@ if (!document.documentElement.hasAttribute("data-turbolinks-preview")) {
         isError: true,
       }).dispatch(Toast.Action.SHOW);
     }
-    document.removeEventListener(eventName, flash)
   });
 }

data/lib/generators/shopify_app/install/templates/session_store.rb CHANGED Viewed

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
 # Be sure to restart your server when you modify this file.
-Rails.application.config.session_store(:cookie_store, key: '_example_session', expire_after: 14.days)
+Rails.application.config.session_store(:cookie_store, key: "_example_session", expire_after: 14.days)

data/lib/generators/shopify_app/install/templates/shopify_app.js CHANGED Viewed

@@ -4,7 +4,7 @@ document.addEventListener('DOMContentLoaded', () => {
   var createApp = AppBridge.default;
   window.app = createApp({
     apiKey: data.apiKey,
-    shopOrigin: data.shopOrigin,
+    host: data.host,
   });
   var actions = AppBridge.actions;

data/lib/generators/shopify_app/install/templates/shopify_app.rb.tt CHANGED Viewed

@@ -1,15 +1,53 @@
 ShopifyApp.configure do |config|
   config.application_name = "<%= @application_name %>"
-  config.api_key = ENV['SHOPIFY_API_KEY']
-  config.secret = ENV['SHOPIFY_API_SECRET']
   config.old_secret = "<%= @old_secret %>"
   config.scope = "<%= @scope %>" # Consult this page for more scope options:
-                                 # https://help.shopify.com/en/api/getting-started/authentication/oauth/scopes
+                                  # https://help.shopify.com/en/api/getting-started/authentication/oauth/scopes
   config.embedded_app = <%= embedded_app? %>
   config.after_authenticate_job = false
   config.api_version = "<%= @api_version %>"
   config.shop_session_repository = 'Shop'
+  config.reauth_on_access_scope_changes = true
+  config.api_key = ENV.fetch('SHOPIFY_API_KEY', '').presence
+  config.secret = ENV.fetch('SHOPIFY_API_SECRET', '').presence
+  # You may want to charge merchants for using your app. Setting the billing configuration will cause the Authenticated
+  # controller concern to check that the session is for a merchant that has an active one-time payment or subscription.
+  # If no payment is found, it starts off the process and sends the merchant to a confirmation URL so that they can
+  # approve the purchase.
+  #
+  # Learn more about billing in our documentation: https://shopify.dev/apps/billing
+  # config.billing = ShopifyApp::BillingConfiguration.new(
+  #   charge_name: "My app billing charge",
+  #   amount: 5,
+  #   interval: ShopifyApp::BillingConfiguration::INTERVAL_EVERY_30_DAYS,
+  #   currency_code: "USD", # Only supports USD for now
+  # )
+  if defined? Rails::Server
+    raise('Missing SHOPIFY_API_KEY. See https://github.com/Shopify/shopify_app#requirements') unless config.api_key
+    raise('Missing SHOPIFY_API_SECRET. See https://github.com/Shopify/shopify_app#requirements') unless config.secret
+  end
 end
-# ShopifyApp::Utils.fetch_known_api_versions                        # Uncomment to fetch known api versions from shopify servers on boot
-# ShopifyAPI::ApiVersion.version_lookup_mode = :raise_on_unknown    # Uncomment to raise an error if attempting to use an api version that was not previously known
+Rails.application.config.after_initialize do
+  if ShopifyApp.configuration.api_key.present? && ShopifyApp.configuration.secret.present?
+    ShopifyAPI::Context.setup(
+      api_key: ShopifyApp.configuration.api_key,
+      api_secret_key: ShopifyApp.configuration.secret,
+      api_version: ShopifyApp.configuration.api_version,
+      host_name: URI(ENV.fetch('HOST', '')).host || '',
+      scope: ShopifyApp.configuration.scope,
+      is_private: !ENV.fetch('SHOPIFY_APP_PRIVATE_SHOP', '').empty?,
+      is_embedded: ShopifyApp.configuration.embedded_app,
+      session_storage: ShopifyApp::SessionRepository,
+      logger: Rails.logger,
+      private_shop: ENV.fetch('SHOPIFY_APP_PRIVATE_SHOP', nil),
+      user_agent_prefix: "ShopifyApp/#{ShopifyApp::VERSION}"
+    )
+    ShopifyApp::WebhooksManager.add_registrations
+  end
+end

data/lib/generators/shopify_app/install/templates/shopify_app_importmap.js ADDED Viewed

@@ -0,0 +1,13 @@
+var data = document.getElementById('shopify-app-init').dataset;
+var AppBridge = window['app-bridge'];
+var createApp = AppBridge.default;
+window.app = createApp({
+  apiKey: data.apiKey,
+  host: data.host,
+});
+var actions = AppBridge.actions;
+var TitleBar = actions.TitleBar;
+TitleBar.create(app, {
+  title: data.page,
+});

data/lib/generators/shopify_app/products_controller/products_controller_generator.rb ADDED Viewed

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+require "rails/generators/base"
+module ShopifyApp
+  module Generators
+    class ProductsControllerGenerator < Rails::Generators::Base
+      source_root File.expand_path("../templates", __FILE__)
+      def create_products_controller
+        template("products_controller.rb", "app/controllers/products_controller.rb")
+      end
+      def add_products_route
+        route("get '/products', :to => 'products#index'")
+      end
+    end
+  end
+end

data/lib/generators/shopify_app/products_controller/templates/products_controller.rb ADDED Viewed

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+class ProductsController < AuthenticatedController
+  def index
+    @products = ShopifyAPI::Product.all(limit: 10)
+    render(json: { products: @products })
+  end
+end

data/lib/generators/shopify_app/rotate_shopify_token_job/rotate_shopify_token_job_generator.rb CHANGED Viewed

@@ -1,15 +1,15 @@
 # frozen_string_literal: true
-require 'rails/generators/base'
+require "rails/generators/base"
 module ShopifyApp
   module Generators
     class RotateShopifyTokenJobGenerator < Rails::Generators::Base
-      source_root File.expand_path('../templates', __FILE__)
+      source_root File.expand_path("../templates", __FILE__)
       def add_rotate_shopify_token_job
-        copy_file('rotate_shopify_token_job.rb', "app/jobs/shopify/rotate_shopify_token_job.rb")
-        copy_file('rotate_shopify_token.rake', "lib/tasks/shopify/rotate_shopify_token.rake")
+        copy_file("rotate_shopify_token_job.rb", "app/jobs/shopify/rotate_shopify_token_job.rb")
+        copy_file("rotate_shopify_token.rake", "lib/tasks/shopify/rotate_shopify_token.rake")
       end
     end
   end

data/lib/generators/shopify_app/rotate_shopify_token_job/templates/rotate_shopify_token.rake CHANGED Viewed

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
 namespace :shopify do
   desc "Rotate shopify tokens for all active shops"
   task :rotate_shopify_tokens, [:refresh_token] => :environment do |_t, args|

data/lib/generators/shopify_app/rotate_shopify_token_job/templates/rotate_shopify_token_job.rb CHANGED Viewed

@@ -18,7 +18,7 @@ module Shopify
       @response = Net::HTTP.post_form(uri, post_data)
       return log_error(response_exception_error_message) unless @response.is_a?(Net::HTTPSuccess)
-      access_token = JSON.parse(@response.body)['access_token']
+      access_token = JSON.parse(@response.body)["access_token"]
       return log_error(no_access_token_error_message) unless access_token
       @shop.update(shopify_token: access_token)

data/lib/generators/shopify_app/routes/routes_generator.rb CHANGED Viewed

@@ -1,10 +1,11 @@
 # frozen_string_literal: true
-require 'rails/generators/base'
+require "rails/generators/base"
 module ShopifyApp
   module Generators
     class RoutesGenerator < Rails::Generators::Base
-      source_root File.expand_path('../templates', __FILE__)
+      source_root File.expand_path("../templates", __FILE__)
       def inject_shopify_app_routes_into_application_routes
         route(session_routes)
@@ -12,9 +13,9 @@ module ShopifyApp
       def disable_engine_routes
         gsub_file(
-          'config/routes.rb',
+          "config/routes.rb",
           "mount ShopifyApp::Engine, at: '/'",
-          ''
+          ""
         )
       end
@@ -25,7 +26,7 @@ module ShopifyApp
       end
       def routes_file_path
-        File.expand_path(find_in_source_paths('routes.rb'))
+        File.expand_path(find_in_source_paths("routes.rb"))
       end
     end
   end

data/lib/generators/shopify_app/routes/templates/routes.rb CHANGED Viewed

@@ -1,12 +1,12 @@
 # frozen_string_literal: true
 controller :sessions do
-  get 'login' => :new, :as => :login
-  post 'login' => :create, :as => :authenticate
-  get 'auth/shopify/callback' => :callback
-  get 'logout' => :destroy, :as => :logout
+  get "login" => :new, :as => :login
+  post "login" => :create, :as => :authenticate
+  get "auth/shopify/callback" => :callback
+  get "logout" => :destroy, :as => :logout
 end
 namespace :webhooks do
-  post ':type' => :receive
+  post ":type" => :receive
 end

data/lib/generators/shopify_app/shop_model/shop_model_generator.rb CHANGED Viewed

@@ -1,31 +1,59 @@
 # frozen_string_literal: true
-require 'rails/generators/base'
-require 'rails/generators/active_record'
+require "rails/generators/base"
+require "rails/generators/active_record"
 module ShopifyApp
   module Generators
     class ShopModelGenerator < Rails::Generators::Base
       include Rails::Generators::Migration
-      source_root File.expand_path('../templates', __FILE__)
+      source_root File.expand_path("../templates", __FILE__)
+      class_option :new_shopify_cli_app, type: :boolean, default: false
       def create_shop_model
-        copy_file('shop.rb', 'app/models/shop.rb')
+        copy_file("shop.rb", "app/models/shop.rb")
       end
       def create_shop_migration
-        migration_template('db/migrate/create_shops.erb', 'db/migrate/create_shops.rb')
+        migration_template("db/migrate/create_shops.erb", "db/migrate/create_shops.rb")
+      end
+      def create_shop_with_access_scopes_migration
+        scopes_column_prompt = <<~PROMPT
+          It is highly recommended that apps record the access scopes granted by \
+          merchants during app installation. See app/models/shop.rb to modify how \
+          access scopes are stored and retrieved.
+          [WARNING] You will need to update the access_scopes accessors in the Shop model \
+          to allow shopify_app to store and retrieve scopes when going through OAuth.
+          The following migration will add an `access_scopes` column to the Shop model. \
+          Do you want to include this migration? [y/n]
+        PROMPT
+        if new_shopify_cli_app? || Rails.env.test? || yes?(scopes_column_prompt)
+          migration_template(
+            "db/migrate/add_shop_access_scopes_column.erb",
+            "db/migrate/add_shop_access_scopes_column.rb"
+          )
+        end
       end
       def update_shopify_app_initializer
-        gsub_file('config/initializers/shopify_app.rb', 'ShopifyApp::InMemoryShopSessionStore', 'Shop')
+        gsub_file("config/initializers/shopify_app.rb", "ShopifyApp::InMemoryShopSessionStore", "Shop")
       end
       def create_shop_fixtures
-        copy_file('shops.yml', 'test/fixtures/shops.yml')
+        copy_file("shops.yml", "test/fixtures/shops.yml")
       end
       private
+      def new_shopify_cli_app?
+        options["new_shopify_cli_app"]
+      end
       def rails_migration_version
         Rails.version.match(/\d\.\d/)[0]
       end

data/lib/generators/shopify_app/shop_model/templates/db/migrate/add_shop_access_scopes_column.erb ADDED Viewed

@@ -0,0 +1,5 @@
+class AddShopAccessScopesColumn < ActiveRecord::Migration[<%= rails_migration_version %>]
+  def change
+    add_column :shops, :access_scopes, :string
+  end
+end

data/lib/generators/shopify_app/shop_model/templates/shop.rb CHANGED Viewed

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 class Shop < ActiveRecord::Base
-  include ShopifyApp::ShopSessionStorage
+  include ShopifyApp::ShopSessionStorageWithScopes
   def api_version
     ShopifyApp.configuration.api_version

data/lib/generators/shopify_app/shopify_app_generator.rb CHANGED Viewed

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
 module ShopifyApp
   module Generators
     class ShopifyAppGenerator < Rails::Generators::Base
@@ -8,10 +9,10 @@ module ShopifyApp
       end
       def run_all_generators
-        generate("shopify_app:install #{@opts.join(' ')}")
-        generate("shopify_app:shop_model")
+        generate("shopify_app:install #{@opts.join(" ")}")
+        generate("shopify_app:shop_model #{@opts.join(" ")}")
         generate("shopify_app:authenticated_controller")
-        generate("shopify_app:home_controller")
+        generate("shopify_app:home_controller #{@opts.join(" ")}")
       end
     end
   end

data/lib/generators/shopify_app/user_model/templates/db/migrate/add_user_access_scopes_column.erb ADDED Viewed

@@ -0,0 +1,5 @@
+class AddUserAccessScopesColumn < ActiveRecord::Migration[<%= rails_migration_version %>]
+  def change
+    add_column :users, :access_scopes, :string
+  end
+end

data/lib/generators/shopify_app/user_model/templates/user.rb CHANGED Viewed

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 class User < ActiveRecord::Base
-  include ShopifyApp::UserSessionStorage
+  include ShopifyApp::UserSessionStorageWithScopes
   def api_version
     ShopifyApp.configuration.api_version