shopify_app 13.2.0 → 20.2.0

data/lib/shopify_app/managers/webhooks_manager.rb

@@ -1,62 +1,82 @@
 # frozen_string_literal: true
+
+require "uri"
+
 module ShopifyApp
   class WebhooksManager
-    class CreationFailed < StandardError; end
-
-    def self.queue(shop_domain, shop_token, webhooks)
-      ShopifyApp::WebhooksManagerJob.perform_later(
-        shop_domain: shop_domain,
-        shop_token: shop_token,
-        webhooks: webhooks
-      )
-    end
+    class << self
+      def queue(shop_domain, shop_token)
+        ShopifyApp::WebhooksManagerJob.perform_later(
+          shop_domain: shop_domain,
+          shop_token: shop_token
+        )
+      end
 
-    attr_reader :required_webhooks
+      def create_webhooks(session:)
+        return unless ShopifyApp.configuration.has_webhooks?
 
-    def initialize(webhooks)
-      @required_webhooks = webhooks
-    end
+        ShopifyAPI::Webhooks::Registry.register_all(session: session)
+      end
 
-    def recreate_webhooks!
-      destroy_webhooks
-      create_webhooks
-    end
+      def recreate_webhooks!(session:)
+        destroy_webhooks
+        return unless ShopifyApp.configuration.has_webhooks?
 
-    def create_webhooks
-      return unless required_webhooks.present?
+        add_registrations
+        ShopifyAPI::Webhooks::Registry.register_all(session: session)
+      end
 
-      required_webhooks.each do |webhook|
-        create_webhook(webhook) unless webhook_exists?(webhook[:topic])
+      def destroy_webhooks
+        return unless ShopifyApp.configuration.has_webhooks?
+
+        ShopifyApp.configuration.webhooks.each do |attributes|
+          ShopifyAPI::Webhooks::Registry.unregister(topic: attributes[:topic])
+        end
       end
-    end
 
-    def destroy_webhooks
-      ShopifyAPI::Webhook.all.to_a.each do |webhook|
-        ShopifyAPI::Webhook.delete(webhook.id) if required_webhook?(webhook)
+      def add_registrations
+        return unless ShopifyApp.configuration.has_webhooks?
+
+        ShopifyApp.configuration.webhooks.each do |attributes|
+          webhook_path = path(attributes)
+
+          ShopifyAPI::Webhooks::Registry.add_registration(
+            topic: attributes[:topic],
+            delivery_method: attributes[:delivery_method] || :http,
+            path: webhook_path,
+            handler: webhook_job_klass(webhook_path),
+            fields: attributes[:fields]
+          )
+        end
       end
 
-      @current_webhooks = nil
-    end
+      private
 
-    private
+      def path(webhook_attributes)
+        path = webhook_attributes[:path]
+        address = webhook_attributes[:address]
+        uri = URI(address) if address
 
-    def required_webhook?(webhook)
-      required_webhooks.map { |w| w[:address] }.include?(webhook.address)
-    end
+        if path.present?
+          path
+        elsif uri&.path&.present?
+          uri.path
+        else
+          raise ::ShopifyApp::MissingWebhookJobError,
+            "The :path attribute is required for webhook registration."
+        end
+      end
 
-    def create_webhook(attributes)
-      attributes.reverse_merge!(format: 'json')
-      webhook = ShopifyAPI::Webhook.create(attributes)
-      raise CreationFailed, webhook.errors.full_messages.to_sentence unless webhook.persisted?
-      webhook
-    end
+      def webhook_job_klass(path)
+        webhook_job_klass_name(path).safe_constantize || raise(::ShopifyApp::MissingWebhookJobError)
+      end
 
-    def webhook_exists?(topic)
-      current_webhooks[topic]
-    end
+      def webhook_job_klass_name(path)
+        job_file_name = Pathname(path.to_s).basename
 
-    def current_webhooks
-      @current_webhooks ||= ShopifyAPI::Webhook.all.to_a.index_by(&:topic)
+        [ShopifyApp.configuration.webhook_jobs_namespace,
+         "#{job_file_name}_job",].compact.join("/").classify
+      end
     end
   end
 end

data/lib/shopify_app/middleware/jwt_middleware.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module ShopifyApp
   class JWTMiddleware
     TOKEN_REGEX = /^Bearer\s+(.*?)$/
@@ -23,7 +25,7 @@ module ShopifyApp
     end
 
     def authorization_header(env)
-      env['HTTP_AUTHORIZATION']
+      env["HTTP_AUTHORIZATION"]
     end
 
     def extract_token(env)
@@ -34,8 +36,9 @@ module ShopifyApp
     def set_env_variables(token, env)
       jwt = ShopifyApp::JWT.new(token)
 
-      env['jwt.shopify_domain'] = jwt.shopify_domain
-      env['jwt.shopify_user_id'] = jwt.shopify_user_id
+      env["jwt.shopify_domain"] = jwt.shopify_domain
+      env["jwt.shopify_user_id"] = jwt.shopify_user_id
+      env["jwt.expire_at"] = jwt.expire_at
     end
   end
 end

data/lib/shopify_app/session/in_memory_session_store.rb

@@ -1,10 +1,9 @@
 # frozen_string_literal: true
+
 module ShopifyApp
   # rubocop:disable Style/ClassVars
   # Class var repo is needed here in order to share data between the 2 child classes.
   class InMemorySessionStore
-    class EnvironmentError < StandardError; end
-
     def self.retrieve(id)
       repo[id]
     end
@@ -21,7 +20,7 @@ module ShopifyApp
 
     def self.repo
       if Rails.env.production?
-        raise EnvironmentError, "Cannot use InMemorySessionStore in a Production environment. \
+        raise ::ShopifyApp::EnvironmentError, "Cannot use InMemorySessionStore in a Production environment. \
           Please initialize ShopifyApp with a model that can store and retrieve sessions"
       end
       @@repo ||= {}

data/lib/shopify_app/session/in_memory_shop_session_store.rb

@@ -1,14 +1,17 @@
 # frozen_string_literal: true
+
 module ShopifyApp
   class InMemoryShopSessionStore < InMemorySessionStore
-    def self.store(session, *args)
-      id = super
-      repo[session.domain] = session
-      id
-    end
+    class << self
+      def store(session, *args)
+        id = super
+        repo[session.shop] = session
+        id
+      end
 
-    def self.retrieve_by_shopify_domain(shopify_domain)
-      repo[shopify_domain]
+      def retrieve_by_shopify_domain(shopify_domain)
+        repo[shopify_domain]
+      end
     end
   end
 end

data/lib/shopify_app/session/in_memory_user_session_store.rb

@@ -1,14 +1,17 @@
 # frozen_string_literal: true
+
 module ShopifyApp
   class InMemoryUserSessionStore < InMemorySessionStore
-    def self.store(session, user)
-      id = super
-      repo[user.shopify_user_id] = session
-      id
-    end
+    class << self
+      def store(session, user)
+        id = super
+        repo[user.shopify_user_id] = session
+        id
+      end
 
-    def self.retrieve_by_shopify_user_id(user_id)
-      repo[user_id]
+      def retrieve_by_shopify_user_id(user_id)
+        repo[user_id]
+      end
     end
   end
 end

data/lib/shopify_app/session/jwt.rb

@@ -1,18 +1,15 @@
 # frozen_string_literal: true
+
 module ShopifyApp
   class JWT
-    class InvalidDestinationError < StandardError; end
-    class MismatchedHostsError < StandardError; end
-    class InvalidAudienceError < StandardError; end
-
     WARN_EXCEPTIONS = [
       ::JWT::DecodeError,
       ::JWT::ExpiredSignature,
       ::JWT::ImmatureSignature,
       ::JWT::VerificationError,
-      InvalidAudienceError,
-      InvalidDestinationError,
-      MismatchedHostsError,
+      ::ShopifyApp::InvalidAudienceError,
+      ::ShopifyApp::InvalidDestinationError,
+      ::ShopifyApp::MismatchedHostsError,
     ]
 
     def initialize(token)
@@ -21,11 +18,15 @@ module ShopifyApp
     end
 
     def shopify_domain
-      @payload && ShopifyApp::Utils.sanitize_shop_domain(@payload['dest'])
+      @payload && ShopifyApp::Utils.sanitize_shop_domain(@payload["dest"])
     end
 
     def shopify_user_id
-      @payload && @payload['sub']
+      @payload["sub"].to_i if @payload && @payload["sub"]
+    end
+
+    def expire_at
+      @payload["exp"].to_i if @payload && @payload["exp"]
     end
 
     private
@@ -39,21 +40,23 @@ module ShopifyApp
     end
 
     def parse_token_data(secret, old_secret)
-      ::JWT.decode(@token, secret, true, { algorithm: 'HS256' })
+      ::JWT.decode(@token, secret, true, { algorithm: "HS256" })
     rescue ::JWT::VerificationError
       raise unless old_secret
 
-      ::JWT.decode(@token, old_secret, true, { algorithm: 'HS256' })
+      ::JWT.decode(@token, old_secret, true, { algorithm: "HS256" })
     end
 
     def validate_payload(payload)
-      dest_host = ShopifyApp::Utils.sanitize_shop_domain(payload['dest'])
-      iss_host = ShopifyApp::Utils.sanitize_shop_domain(payload['iss'])
+      dest_host = ShopifyApp::Utils.sanitize_shop_domain(payload["dest"])
+      iss_host = ShopifyApp::Utils.sanitize_shop_domain(payload["iss"])
       api_key = ShopifyApp.configuration.api_key
 
-      raise InvalidAudienceError, "'aud' claim does not match api_key" unless payload['aud'] == api_key
-      raise InvalidDestinationError, "'dest' claim host not a valid shopify host" unless dest_host
-      raise MismatchedHostsError, "'dest' claim host does not match 'iss' claim host" unless dest_host == iss_host
+      raise ::ShopifyApp::InvalidAudienceError,
+        "'aud' claim does not match api_key" unless payload["aud"] == api_key
+      raise ::ShopifyApp::InvalidDestinationError, "'dest' claim host not a valid shopify host" unless dest_host
+      raise ::ShopifyApp::MismatchedHostsError,
+        "'dest' claim host does not match 'iss' claim host" unless dest_host == iss_host
 
       payload
     end

data/lib/shopify_app/session/null_user_session_store.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+
 module ShopifyApp
   class NullUserSessionStore
     class << self
@@ -7,7 +8,7 @@ module ShopifyApp
       end
 
       def store(_, _)
-        raise SessionRepository::ConfigurationError, 'user_storage is not configured'
+        raise ::ShopifyApp::ConfigurationError, "user_storage is not configured"
       end
 
       def retrieve_by_shopify_user_id(_)

data/lib/shopify_app/session/session_repository.rb

@@ -1,7 +1,8 @@
 # frozen_string_literal: true
+
 module ShopifyApp
   class SessionRepository
-    class ConfigurationError < StandardError; end
+    extend ShopifyAPI::Auth::SessionStorage
 
     class << self
       attr_writer :shop_storage
@@ -33,22 +34,59 @@ module ShopifyApp
       end
 
       def shop_storage
-        load_shop_storage || raise(ConfigurationError, "ShopifySessionRepository.shop_storage is not configured!")
+        load_shop_storage || raise(::ShopifyApp::ConfigurationError,
+          "ShopifySessionRepository.shop_storage is not configured!")
       end
 
       def user_storage
         load_user_storage
       end
 
+      # ShopifyAPI::Auth::SessionStorage override
+      def store_session(session)
+        if session.online?
+          user_storage.store(session, session.associated_user)
+        else
+          shop_storage.store(session)
+        end
+      end
+
+      # ShopifyAPI::Auth::SessionStorage override
+      def load_session(id)
+        match = id.match(/^offline_(.*)/)
+        if match
+          retrieve_shop_session_by_shopify_domain(match[1])
+        else
+          retrieve_user_session_by_shopify_user_id(id.split("_").last)
+        end
+      end
+
+      # ShopifyAPI::Auth::SessionStorage override
+      def delete_session(id)
+        match = id.match(/^offline_(.*)/)
+
+        record = if match
+          Shop.find_by(shopify_domain: match[1])
+        else
+          User.find_by(shopify_user_id: id.split("_").last)
+        end
+
+        record.destroy
+
+        true
+      end
+
       private
 
       def load_shop_storage
         return unless @shop_storage
+
         @shop_storage.respond_to?(:safe_constantize) ? @shop_storage.safe_constantize : @shop_storage
       end
 
       def load_user_storage
         return NullUserSessionStore unless @user_storage
+
         @user_storage.respond_to?(:safe_constantize) ? @user_storage.safe_constantize : @user_storage
       end
     end

data/lib/shopify_app/session/session_storage.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+
 module ShopifyApp
   module SessionStorage
     extend ActiveSupport::Concern
@@ -9,12 +10,9 @@ module ShopifyApp
     end
 
     def with_shopify_session(&block)
-      ShopifyAPI::Session.temp(
-        domain: shopify_domain,
-        token: shopify_token,
-        api_version: api_version,
-        &block
-      )
+      ShopifyAPI::Auth::Session.temp(shop: shopify_domain, access_token: shopify_token) do
+        yield block
+      end
     end
   end
 end

data/lib/shopify_app/session/shop_session_storage.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+
 module ShopifyApp
   module ShopSessionStorage
     extend ActiveSupport::Concern
@@ -10,8 +11,8 @@ module ShopifyApp
 
     class_methods do
       def store(auth_session, *_args)
-        shop = find_or_initialize_by(shopify_domain: auth_session.domain)
-        shop.shopify_token = auth_session.token
+        shop = find_or_initialize_by(shopify_domain: auth_session.shop)
+        shop.shopify_token = auth_session.access_token
         shop.save!
         shop.id
       end
@@ -31,10 +32,9 @@ module ShopifyApp
       def construct_session(shop)
         return unless shop
 
-        ShopifyAPI::Session.new(
-          domain: shop.shopify_domain,
-          token: shop.shopify_token,
-          api_version: shop.api_version,
+        ShopifyAPI::Auth::Session.new(
+          shop: shop.shopify_domain,
+          access_token: shop.shopify_token
         )
       end
     end

data/lib/shopify_app/session/shop_session_storage_with_scopes.rb

@@ -0,0 +1,57 @@
+# frozen_string_literal: true
+
+module ShopifyApp
+  module ShopSessionStorageWithScopes
+    extend ActiveSupport::Concern
+    include ::ShopifyApp::SessionStorage
+
+    included do
+      validates :shopify_domain, presence: true, uniqueness: { case_sensitive: false }
+    end
+
+    class_methods do
+      def store(auth_session, *_args)
+        shop = find_or_initialize_by(shopify_domain: auth_session.shop)
+        shop.shopify_token = auth_session.access_token
+        shop.access_scopes = auth_session.scope.to_s
+
+        shop.save!
+        shop.id
+      end
+
+      def retrieve(id)
+        shop = find_by(id: id)
+        construct_session(shop)
+      end
+
+      def retrieve_by_shopify_domain(domain)
+        shop = find_by(shopify_domain: domain)
+        construct_session(shop)
+      end
+
+      private
+
+      def construct_session(shop)
+        return unless shop
+
+        ShopifyAPI::Auth::Session.new(
+          shop: shop.shopify_domain,
+          access_token: shop.shopify_token,
+          scope: shop.access_scopes
+        )
+      end
+    end
+
+    def access_scopes=(scopes)
+      super(scopes)
+    rescue NotImplementedError, NoMethodError
+      raise NotImplementedError, "#access_scopes= must be defined to handle storing access scopes: #{scopes}"
+    end
+
+    def access_scopes
+      super
+    rescue NotImplementedError, NoMethodError
+      raise NotImplementedError, "#access_scopes= must be defined to hook into stored access scopes"
+    end
+  end
+end

data/lib/shopify_app/session/user_session_storage.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+
 module ShopifyApp
   module UserSessionStorage
     extend ActiveSupport::Concern
@@ -10,9 +11,9 @@ module ShopifyApp
 
     class_methods do
       def store(auth_session, user)
-        user = find_or_initialize_by(shopify_user_id: user[:id])
-        user.shopify_token = auth_session.token
-        user.shopify_domain = auth_session.domain
+        user = find_or_initialize_by(shopify_user_id: user.id)
+        user.shopify_token = auth_session.access_token
+        user.shopify_domain = auth_session.shop
         user.save!
         user.id
       end
@@ -31,10 +32,22 @@ module ShopifyApp
 
       def construct_session(user)
         return unless user
-        ShopifyAPI::Session.new(
-          domain: user.shopify_domain,
-          token: user.shopify_token,
-          api_version: user.api_version,
+
+        associated_user = ShopifyAPI::Auth::AssociatedUser.new(
+          id: user.shopify_user_id,
+          first_name: "",
+          last_name: "",
+          email: "",
+          email_verified: false,
+          account_owner: false,
+          locale: "",
+          collaborator: false
+        )
+
+        ShopifyAPI::Auth::Session.new(
+          shop: user.shopify_domain,
+          access_token: user.shopify_token,
+          associated_user: associated_user
         )
       end
     end

data/lib/shopify_app/session/user_session_storage_with_scopes.rb

@@ -0,0 +1,71 @@
+# frozen_string_literal: true
+
+module ShopifyApp
+  module UserSessionStorageWithScopes
+    extend ActiveSupport::Concern
+    include ::ShopifyApp::SessionStorage
+
+    included do
+      validates :shopify_domain, presence: true
+    end
+
+    class_methods do
+      def store(auth_session, user)
+        user = find_or_initialize_by(shopify_user_id: user.id)
+        user.shopify_token = auth_session.access_token
+        user.shopify_domain = auth_session.shop
+        user.access_scopes = auth_session.scope.to_s
+
+        user.save!
+        user.id
+      end
+
+      def retrieve(id)
+        user = find_by(id: id)
+        construct_session(user)
+      end
+
+      def retrieve_by_shopify_user_id(user_id)
+        user = find_by(shopify_user_id: user_id)
+        construct_session(user)
+      end
+
+      private
+
+      def construct_session(user)
+        return unless user
+
+        associated_user = ShopifyAPI::Auth::AssociatedUser.new(
+          id: user.shopify_user_id,
+          first_name: "",
+          last_name: "",
+          email: "",
+          email_verified: false,
+          account_owner: false,
+          locale: "",
+          collaborator: false
+        )
+
+        ShopifyAPI::Auth::Session.new(
+          shop: user.shopify_domain,
+          access_token: user.shopify_token,
+          scope: user.access_scopes,
+          associated_user_scope: user.access_scopes,
+          associated_user: associated_user
+        )
+      end
+    end
+
+    def access_scopes=(scopes)
+      super(scopes)
+    rescue NotImplementedError, NoMethodError
+      raise NotImplementedError, "#access_scopes= must be defined to handle storing access scopes: #{scopes}"
+    end
+
+    def access_scopes
+      super
+    rescue NotImplementedError, NoMethodError
+      raise NotImplementedError, "#access_scopes= must be defined to hook into stored access scopes"
+    end
+  end
+end

data/lib/shopify_app/test_helpers/all.rb

@@ -1,2 +1,3 @@
 # frozen_string_literal: true
-require 'shopify_app/test_helpers/webhook_verification_helper'
+
+require "shopify_app/test_helpers/webhook_verification_helper"

data/lib/shopify_app/test_helpers/webhook_verification_helper.rb

@@ -1,16 +1,17 @@
 # frozen_string_literal: true
+
 module ShopifyApp
   module TestHelpers
     module WebhookVerificationHelper
       def authorized_webhook_verification_headers!(params = {})
-        digest = OpenSSL::Digest.new('sha256')
+        digest = OpenSSL::Digest.new("sha256")
         secret = ShopifyApp.configuration.secret
         valid_hmac = Base64.encode64(OpenSSL::HMAC.digest(digest, secret, params.to_query)).strip
-        @request.headers['HTTP_X_SHOPIFY_HMAC_SHA256'] = valid_hmac
+        @request.headers["HTTP_X_SHOPIFY_HMAC_SHA256"] = valid_hmac
       end
 
       def unauthorized_webhook_verification_headers!
-        @request.headers['HTTP_X_SHOPIFY_HMAC_SHA256'] = "invalid_hmac"
+        @request.headers["HTTP_X_SHOPIFY_HMAC_SHA256"] = "invalid_hmac"
       end
     end
   end

data/lib/shopify_app/utils.rb

@@ -1,11 +1,12 @@
 # frozen_string_literal: true
+
 module ShopifyApp
   module Utils
     def self.sanitize_shop_domain(shop_domain)
       myshopify_domain = ShopifyApp.configuration.myshopify_domain
       name = shop_domain.to_s.downcase.strip
       name += ".#{myshopify_domain}" if !name.include?(myshopify_domain.to_s) && !name.include?(".")
-      name.sub!(%r|https?://|, '')
+      name.sub!(%r|https?://|, "")
 
       u = URI("http://#{name}")
       u.host if u.host&.match(/^[a-z0-9][a-z0-9\-]*[a-z0-9]\.#{Regexp.escape(myshopify_domain)}$/)
@@ -13,12 +14,18 @@ module ShopifyApp
       nil
     end
 
-    def self.fetch_known_api_versions
-      Rails.logger.info("[ShopifyAPI::ApiVersion] Fetching known Admin API Versions from Shopify...")
-      ShopifyAPI::ApiVersion.fetch_known_versions
-      Rails.logger.info("[ShopifyAPI::ApiVersion] Known API Versions: #{ShopifyAPI::ApiVersion.versions.keys}")
-    rescue ActiveResource::ConnectionError
-      logger.error("[ShopifyAPI::ApiVersion] Unable to fetch api_versions from Shopify")
+    def self.shop_login_url(shop:, host:, return_to:)
+      return ShopifyApp.configuration.login_url unless shop
+
+      url = URI(ShopifyApp.configuration.login_url)
+
+      url.query = URI.encode_www_form(
+        shop: shop,
+        host: host,
+        return_to: return_to,
+      )
+
+      url.to_s
     end
   end
 end