shopify_app 13.5.0

data/app/controllers/shopify_app/extension_verification_controller.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module ShopifyApp
+  class ExtensionVerificationController < ActionController::Base
+    include ShopifyApp::PayloadVerification
+    protect_from_forgery with: :null_session
+    before_action :verify_request
+
+    private
+
+    def verify_request
+      head(:unauthorized) unless hmac_valid?(request.body.read)
+    end
+  end
+end

data/app/controllers/shopify_app/sessions_controller.rb

@@ -0,0 +1,184 @@
+# frozen_string_literal: true
+module ShopifyApp
+  class SessionsController < ActionController::Base
+    include ShopifyApp::LoginProtection
+
+    layout false, only: :new
+
+    after_action only: [:new, :create] do |controller|
+      controller.response.headers.except!('X-Frame-Options')
+    end
+
+    def new
+      authenticate if sanitized_shop_name.present?
+    end
+
+    def create
+      authenticate
+    end
+
+    def enable_cookies
+      return unless validate_shop_presence
+
+      render(:enable_cookies, layout: false, locals: {
+        does_not_have_storage_access_url: top_level_interaction_path(
+          shop: sanitized_shop_name,
+          return_to: params[:return_to]
+        ),
+        has_storage_access_url: login_url_with_optional_shop(top_level: true),
+        app_target_url: granted_storage_access_path(
+          shop: sanitized_shop_name,
+          return_to: params[:return_to]
+        ),
+        current_shopify_domain: current_shopify_domain,
+      })
+    end
+
+    def top_level_interaction
+      @url = login_url_with_optional_shop(top_level: true)
+      validate_shop_presence
+    end
+
+    def granted_storage_access
+      return unless validate_shop_presence
+
+      session['shopify.granted_storage_access'] = true
+
+      copy_return_to_param_to_session
+
+      redirect_to(return_address_with_params({ shop: @shop }))
+    end
+
+    def destroy
+      reset_session
+      flash[:notice] = I18n.t('.logged_out')
+      redirect_to(login_url_with_optional_shop)
+    end
+
+    private
+
+    def authenticate
+      return render_invalid_shop_error unless sanitized_shop_name.present?
+      session['shopify.omniauth_params'] = { shop: sanitized_shop_name }
+
+      copy_return_to_param_to_session
+
+      set_user_tokens_option
+
+      if user_agent_can_partition_cookies
+        authenticate_with_partitioning
+      else
+        authenticate_normally
+      end
+    end
+
+    def authenticate_normally
+      if request_storage_access?
+        redirect_to_request_storage_access
+      elsif authenticate_in_context?
+        authenticate_in_context
+      else
+        authenticate_at_top_level
+      end
+    end
+
+    def authenticate_with_partitioning
+      if session['shopify.cookies_persist']
+        clear_top_level_oauth_cookie
+        authenticate_in_context
+      else
+        set_top_level_oauth_cookie
+        enable_cookie_access
+      end
+    end
+
+    # rubocop:disable Lint/SuppressedException
+    def set_user_tokens_option
+      if shop_session.blank?
+        session[:user_tokens] = false
+        return
+      end
+
+      session[:user_tokens] = ShopifyApp::SessionRepository.user_storage.present?
+
+      ShopifyAPI::Session.temp(
+        domain: shop_session.domain,
+        token: shop_session.token,
+        api_version: shop_session.api_version
+      ) do
+        ShopifyAPI::Metafield.find(:token_validity_bogus_check)
+      end
+    rescue ActiveResource::UnauthorizedAccess
+      session[:user_tokens] = false
+    rescue StandardError
+    end
+    # rubocop:enable Lint/SuppressedException
+
+    def validate_shop_presence
+      @shop = sanitized_shop_name
+      unless @shop
+        render_invalid_shop_error
+        return false
+      end
+
+      true
+    end
+
+    def copy_return_to_param_to_session
+      session[:return_to] = RedirectSafely.make_safe(params[:return_to], '/') if params[:return_to]
+    end
+
+    def render_invalid_shop_error
+      flash[:error] = I18n.t('invalid_shop_url')
+      redirect_to(return_address)
+    end
+
+    def enable_cookie_access
+      fullpage_redirect_to(enable_cookies_path(
+        shop: sanitized_shop_name,
+        return_to: session[:return_to]
+      ))
+    end
+
+    def authenticate_in_context
+      redirect_to("#{main_app.root_path}auth/shopify")
+    end
+
+    def authenticate_at_top_level
+      fullpage_redirect_to(login_url_with_optional_shop(top_level: true))
+    end
+
+    def authenticate_in_context?
+      return true unless ShopifyApp.configuration.embedded_app?
+      params[:top_level]
+    end
+
+    def request_storage_access?
+      return false unless ShopifyApp.configuration.embedded_app?
+      return false if params[:top_level]
+      return false if user_agent_is_mobile
+      return false if user_agent_is_pos
+
+      !session['shopify.granted_storage_access']
+    end
+
+    def redirect_to_request_storage_access
+      render(
+        :request_storage_access,
+        layout: false,
+        locals: {
+          does_not_have_storage_access_url: top_level_interaction_path(
+            shop: sanitized_shop_name,
+            return_to: session[:return_to]
+          ),
+          has_storage_access_url: login_url_with_optional_shop(top_level: true),
+          app_target_url: granted_storage_access_path(
+            shop: sanitized_shop_name,
+            return_to: session[:return_to]
+          ),
+          current_shopify_domain: current_shopify_domain,
+        }
+      )
+    end
+  end
+end

data/app/controllers/shopify_app/webhooks_controller.rb

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+module ShopifyApp
+  class MissingWebhookJobError < StandardError; end
+
+  class WebhooksController < ActionController::Base
+    include ShopifyApp::WebhookVerification
+
+    def receive
+      params.permit!
+      job_args = { shop_domain: shop_domain, webhook: webhook_params.to_h }
+      webhook_job_klass.perform_later(job_args)
+      head(:ok)
+    end
+
+    private
+
+    def webhook_params
+      params.except(:controller, :action, :type)
+    end
+
+    def webhook_job_klass
+      webhook_job_klass_name.safe_constantize || raise(ShopifyApp::MissingWebhookJobError)
+    end
+
+    def webhook_job_klass_name(type = webhook_type)
+      [webhook_namespace, "#{type}_job"].compact.join('/').classify
+    end
+
+    def webhook_type
+      params[:type]
+    end
+
+    def webhook_namespace
+      ShopifyApp.configuration.webhook_jobs_namespace
+    end
+  end
+end

data/app/views/shopify_app/partials/_button_styles.html.erb

@@ -0,0 +1,104 @@
+<style>
+  .Polaris-Button {
+    fill:#637381;
+    position:relative;
+    display:-webkit-inline-box;
+    display:-ms-inline-flexbox;
+    display:inline-flex;
+    -webkit-box-align:center;
+    -ms-flex-align:center;
+    align-items:center;
+    -webkit-box-pack:center;
+    -ms-flex-pack:center;
+    justify-content:center;
+    min-height:3.6rem;
+    min-width:3.6rem;
+    margin:0;
+    padding:0.7rem 1.6rem;
+    background:linear-gradient(to bottom, white, #f9fafb);
+    border:1px solid #c4cdd5;
+    box-shadow:0 1px 0 0 rgba(22, 29, 37, 0.05);
+    border-radius:3px;
+    line-height:1;
+    color:#212b36;
+    text-align:center;
+    cursor:pointer;
+    -webkit-user-select:none;
+    -moz-user-select:none;
+    -ms-user-select:none;
+    user-select:none;
+    text-decoration:none;
+    transition-property:background, border, box-shadow;
+    transition-duration:200ms;
+    transition-timing-function:cubic-bezier(0.64, 0, 0.35, 1);
+  }
+
+  .Polaris-Button:hover {
+    background:linear-gradient(to bottom, #f9fafb, #f4f6f8);
+    border-color:#c4cdd5;
+  }
+
+  .Polaris-Button:focus {
+    border-color:#5c6ac4;
+    outline:0;
+    box-shadow:0 0 0 1px #5c6ac4;
+  }
+
+  .Polaris-Button:active {
+    background:linear-gradient(to bottom, #f4f6f8, #f4f6f8);
+    border-color:#c4cdd5;
+    box-shadow:0 0 0 0 transparent, inset 0 1px 1px 0 rgba(99, 115, 129, 0.1), inset 0 1px 4px 0 rgba(99, 115, 129, 0.2);
+  }
+
+  .Polaris-Button__Content {
+    font-size:1.5rem;
+    font-weight:400;
+    line-height:1.6rem;
+    text-transform:initial;
+    letter-spacing:initial;
+    position:relative;
+    display:-webkit-box;
+    display:-ms-flexbox;
+    display:flex;
+    -webkit-box-pack:center;
+    -ms-flex-pack:center;
+    justify-content:center;
+    -webkit-box-align:center;
+    -ms-flex-align:center;
+    align-items:center;
+    min-width:1px;
+    min-height:1px;
+  }
+
+  @media (min-width: 40em) {
+    .Polaris-Button__Content {
+      font-size:1.4rem;
+    }
+  }
+
+  .Polaris-Button--primary {
+    background:linear-gradient(to bottom, #6371c7, #5563c1);
+    border-color:#3f4eae;
+    box-shadow:inset 0 1px 0 0 #6774c8, 0 1px 0 0 rgba(22, 29, 37, 0.05), 0 0 0 0 transparent;
+    color:white;
+    fill:white;
+  }
+
+  .Polaris-Button--primary:hover {
+    background:linear-gradient(to bottom, #5c6ac4, #4959bd);
+    border-color:#3f4eae;
+    color:white;
+    text-decoration:none;
+  }
+
+  .Polaris-Button--primary:focus {
+    border-color:#202e78;
+    box-shadow:inset 0 1px 0 0 #6f7bcb, 0 1px 0 0 rgba(22, 29, 37, 0.05), 0 0 0 1px #202e78;
+  }
+
+  .Polaris-Button--primary:active {
+    background:linear-gradient(to bottom, #3f4eae, #3f4eae);
+    border-color:#38469b;
+    box-shadow:inset 0 0 0 0 transparent, 0 1px 0 0 rgba(22, 29, 37, 0.05), 0 0 1px 0 #38469b;
+  }
+</style>

data/app/views/shopify_app/partials/_card_styles.html.erb

@@ -0,0 +1,33 @@
+<style>
+  .Polaris-Card {
+    overflow:hidden;
+    background-color:white;
+    box-shadow:0 0 0 1px rgba(63, 63, 68, 0.05), 0 1px 3px 0 rgba(63, 63, 68, 0.15);
+  }
+
+  .Polaris-Card + .Polaris-Card {
+    margin-top:2rem;
+  }
+
+  @media (min-width: 30.625em) {
+    .Polaris-Card {
+      border-radius:3px;
+    }
+  }
+
+  .Polaris-Card__Header {
+    padding:2rem 2rem 0;
+  }
+
+  .Polaris-Card__Section {
+    padding:2rem;
+  }
+
+  .Polaris-Card__Section + .Polaris-Card__Section {
+    border-top:1px solid #dfe3e8;
+  }
+
+  .Polaris-Card__Section--subdued {
+    background-color:#f9fafb;
+  }
+</style>

data/app/views/shopify_app/partials/_empty_state_styles.html.erb

@@ -0,0 +1,129 @@
+<style>
+  .Polaris-EmptyState {
+    display:-webkit-box;
+    display:-ms-flexbox;
+    display:flex;
+    -webkit-box-orient:vertical;
+    -webkit-box-direction:normal;
+    -ms-flex-direction:column;
+    flex-direction:column;
+    -webkit-box-align:center;
+    -ms-flex-align:center;
+    align-items:center;
+    width:100%;
+    margin:2rem auto 0 auto;
+    padding:2rem 0;
+    max-width:99.8rem;
+  }
+
+  @media (min-width: 46.5em) {
+    .Polaris-EmptyState--imageContained .Polaris-EmptyState__Image {
+      position:initial;
+      width:100%;
+    }
+  }
+
+  .Polaris-EmptyState__Section {
+    position:relative;
+    display:-webkit-box;
+    display:-ms-flexbox;
+    display:flex;
+    -webkit-box-orient:vertical;
+    -webkit-box-direction:normal;
+    -ms-flex-direction:column;
+    flex-direction:column;
+    -webkit-box-flex:1;
+    -ms-flex:1 1 auto;
+    flex:1 1 auto;
+    width:100%;
+  }
+
+  @media (min-width: 46.5em) {
+    .Polaris-EmptyState__Section {
+      left:2rem;
+      -webkit-box-orient:horizontal;
+      -webkit-box-direction:normal;
+      -ms-flex-direction:row;
+      flex-direction:row;
+      -webkit-box-align:center;
+      -ms-flex-align:center;
+      align-items:center;
+    }
+  }
+
+  .Polaris-EmptyState__ImageContainer,
+  .Polaris-EmptyState__DetailsContainer {
+    -webkit-box-flex:1;
+    -ms-flex:1 1 auto;
+    flex:1 1 auto;
+    padding:0;
+    margin:0; 
+  }
+
+  @media (min-width: 46.5em) {
+    .Polaris-EmptyState__ImageContainer,
+    .Polaris-EmptyState__DetailsContainer {
+      -ms-flex-preferred-size:50%;
+      flex-basis:50%;
+    }
+  }
+
+  @media (max-width: 30.625em) {
+    .Polaris-EmptyState__ImageContainer,
+    .Polaris-EmptyState__DetailsContainer {
+      overflow-x:hidden;
+    }
+  }
+
+  .Polaris-EmptyState__Details {
+    position:relative;
+    z-index:10;
+    padding:0 1.6rem;
+    width:33.6rem;
+  }
+
+  @media (min-width: 30.625em) {
+    .Polaris-EmptyState__Details {
+      padding:0;
+    }
+  }
+
+  .Polaris-EmptyState__Content {
+    font-size:1.6rem;
+    font-weight:400;
+    line-height:2.4rem;
+    color:#637381;
+  }
+
+  @media (min-width: 40em) {
+    .Polaris-EmptyState__Content {
+      font-size:2rem;
+      line-height:2.8rem;
+    }
+  }
+
+  .Polaris-EmptyState__Actions {
+    margin-top:1.6rem;
+  }
+
+  .Polaris-EmptyState__Image {
+    display: none;
+  }
+
+  @media (min-width: 30.625em) {
+    .Polaris-EmptyState__Image {
+      display: block;
+      margin-left:-60%;
+      margin-top:-30%;
+      width:200%;
+    }
+  }
+
+  @media (min-width: 46.5em) {
+    .Polaris-EmptyState__Image {
+      margin-top:0;
+      margin-left:-90%;
+      width:200%;
+    } 
+  }
+</style>