shopify_app 15.0.1 → 17.0.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/build.yml +38 -0
- data/.github/workflows/release.yml +24 -0
- data/.github/workflows/rubocop.yml +1 -7
- data/.gitignore +0 -2
- data/CHANGELOG.md +24 -0
- data/Gemfile.lock +256 -0
- data/README.md +36 -15
- data/app/assets/images/storage_access.svg +1 -2
- data/app/controllers/concerns/shopify_app/ensure_authenticated_links.rb +22 -0
- data/app/controllers/shopify_app/callback_controller.rb +10 -8
- data/app/controllers/shopify_app/sessions_controller.rb +1 -15
- data/app/views/shopify_app/partials/_button_styles.html.erb +41 -36
- data/app/views/shopify_app/partials/_card_styles.html.erb +3 -3
- data/app/views/shopify_app/partials/_empty_state_styles.html.erb +28 -59
- data/app/views/shopify_app/partials/_form_styles.html.erb +56 -0
- data/app/views/shopify_app/partials/_layout_styles.html.erb +16 -1
- data/app/views/shopify_app/partials/_typography_styles.html.erb +6 -6
- data/app/views/shopify_app/sessions/enable_cookies.html.erb +1 -1
- data/app/views/shopify_app/sessions/new.html.erb +38 -110
- data/app/views/shopify_app/sessions/request_storage_access.html.erb +1 -1
- data/app/views/shopify_app/sessions/top_level_interaction.html.erb +20 -15
- data/config/locales/de.yml +11 -11
- data/config/locales/vi.yml +22 -0
- data/config/locales/zh-CN.yml +1 -1
- data/docs/Releasing.md +5 -3
- data/lib/generators/shopify_app/home_controller/home_controller_generator.rb +16 -7
- data/lib/generators/shopify_app/home_controller/templates/index.html.erb +10 -10
- data/lib/generators/shopify_app/install/install_generator.rb +5 -0
- data/lib/generators/shopify_app/install/templates/shopify_app.rb.tt +15 -12
- data/lib/shopify_app/configuration.rb +3 -0
- data/lib/shopify_app/controller_concerns/itp.rb +0 -2
- data/lib/shopify_app/controller_concerns/login_protection.rb +3 -13
- data/lib/shopify_app/session/jwt.rb +2 -0
- data/lib/shopify_app/version.rb +1 -1
- data/package.json +1 -1
- data/shopify_app.gemspec +1 -1
- data/translation.yml +1 -1
- metadata +14 -3
- data/.travis.yml +0 -27
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 00c45ff5e3c6ab4df81d1e28f068661e60e261ec521673d6b667745490c938d9
|
4
|
+
data.tar.gz: d4757699fa3dac3eea23a29a60ad0ae4972feca489355df86ed8119906e4f929
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f56f3e3ef32065a340c20d50525b493120d56e0a4b2b2c37c38a77ad8631788852dfaa396a98308760370e268316f74cb78ab344850215fba88b023da40688c8
|
7
|
+
data.tar.gz: 7751267b60e9c0b2a5c83dfb826772d41edbea1682875ac0587adb47e6fef219b70d42a3f44095d5869c59e0a963b0b580a9366ed1fa429239c2eac35fd570ff
|
@@ -0,0 +1,38 @@
|
|
1
|
+
name: CI
|
2
|
+
|
3
|
+
on:
|
4
|
+
push:
|
5
|
+
|
6
|
+
jobs:
|
7
|
+
build:
|
8
|
+
runs-on: macos-latest # prevents intermittent Chrome Headless error unlike ubuntu
|
9
|
+
name: Ruby ${{ matrix.version }}
|
10
|
+
strategy:
|
11
|
+
matrix:
|
12
|
+
version: [2.5, 2.6, 2.7]
|
13
|
+
|
14
|
+
steps:
|
15
|
+
- uses: actions/checkout@v2
|
16
|
+
- name: Cache node modules
|
17
|
+
uses: actions/cache@v2
|
18
|
+
with:
|
19
|
+
# npm cache files are stored in `~/.npm` on Linux/macOS
|
20
|
+
path: ~/.npm
|
21
|
+
key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }}
|
22
|
+
- name: Set up Ruby ${{ matrix.version }}
|
23
|
+
uses: ruby/setup-ruby@v1
|
24
|
+
with:
|
25
|
+
ruby-version: ${{ matrix.version }}
|
26
|
+
bundler-cache: true
|
27
|
+
- name: Set up Node
|
28
|
+
uses: actions/setup-node@v2-beta
|
29
|
+
with:
|
30
|
+
node-version: '12'
|
31
|
+
- name: Install Dependencies
|
32
|
+
run: |
|
33
|
+
yarn
|
34
|
+
- name: Run Tests
|
35
|
+
run: |
|
36
|
+
yarn test
|
37
|
+
bundle exec rake test
|
38
|
+
|
@@ -0,0 +1,24 @@
|
|
1
|
+
name: Create Release
|
2
|
+
|
3
|
+
on:
|
4
|
+
push:
|
5
|
+
tags:
|
6
|
+
- 'v*'
|
7
|
+
|
8
|
+
jobs:
|
9
|
+
create-release:
|
10
|
+
runs-on: ubuntu-latest
|
11
|
+
steps:
|
12
|
+
- name: Extract tag name
|
13
|
+
id: tag
|
14
|
+
run: echo "::set-output name=value::${GITHUB_REF##*/}"
|
15
|
+
- uses: actions/checkout@v2
|
16
|
+
|
17
|
+
- name: Create Release
|
18
|
+
id: create_release
|
19
|
+
uses: actions/create-release@v1
|
20
|
+
env:
|
21
|
+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
22
|
+
with:
|
23
|
+
tag_name: ${{ steps.tag.outputs.value }}
|
24
|
+
release_name: ${{ steps.tag.outputs.value }}
|
@@ -12,13 +12,7 @@ jobs:
|
|
12
12
|
uses: ruby/setup-ruby@v1
|
13
13
|
with:
|
14
14
|
ruby-version: 2.7
|
15
|
-
|
16
|
-
uses: actions/cache@v1
|
17
|
-
with:
|
18
|
-
path: vendor/bundle
|
19
|
-
key: ${{ runner.os }}-rubocop-${{ hashFiles('**/Gemfile.lock') }}
|
20
|
-
restore-keys: |
|
21
|
-
${{ runner.os }}-rubocop-
|
15
|
+
bundler-cache: true
|
22
16
|
- name: Install gems
|
23
17
|
run: |
|
24
18
|
bundle config path vendor/bundle
|
data/.gitignore
CHANGED
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,27 @@
|
|
1
|
+
Unreleased
|
2
|
+
----------
|
3
|
+
|
4
|
+
17.0.2 (January 20, 2021)
|
5
|
+
------
|
6
|
+
* Fix failing script tags and webhooks installs after completing OAuth [#1151](https://github.com/Shopify/shopify_app/pull/1151)
|
7
|
+
|
8
|
+
17.0.1 (January 18, 2021)
|
9
|
+
------
|
10
|
+
* Don't attempt to read Shopify environment variables when the generators are running, since they may not be present yet [#1144](https://github.com/Shopify/shopify_app/pull/1144)
|
11
|
+
|
12
|
+
17.0.0 (January 13, 2021)
|
13
|
+
------
|
14
|
+
* Rails 6.1 is not yet supported [#1134](https://github.com/Shopify/shopify_app/pull/1134)
|
15
|
+
|
16
|
+
16.1.0
|
17
|
+
------
|
18
|
+
* Use Session Token auth strategy by default for new embedded apps [#1111](https://github.com/Shopify/shopify_app/pull/1111)
|
19
|
+
* Create optional `EnsureAuthenticatedLinks` concern to authenticate deep links using Turbolinks [#1118](https://github.com/Shopify/shopify_app/pull/1118)
|
20
|
+
|
21
|
+
16.0.0
|
22
|
+
------
|
23
|
+
* Update all `html.erb` and `css` files to correspond with updated store admin design language [#1102](https://github.com/Shopify/shopify_app/pull/1102)
|
24
|
+
|
1
25
|
15.0.1
|
2
26
|
------
|
3
27
|
* Allow JWT session token `sub` field to be parsed as a string [#1103](https://github.com/Shopify/shopify_app/pull/1103)
|
data/Gemfile.lock
ADDED
@@ -0,0 +1,256 @@
|
|
1
|
+
PATH
|
2
|
+
remote: .
|
3
|
+
specs:
|
4
|
+
shopify_app (17.0.2)
|
5
|
+
browser_sniffer (~> 1.2.2)
|
6
|
+
jwt (~> 2.2.1)
|
7
|
+
omniauth-shopify-oauth2 (~> 2.2.2)
|
8
|
+
rails (> 5.2.1, < 6.1)
|
9
|
+
redirect_safely (~> 1.0)
|
10
|
+
shopify_api (~> 9.1)
|
11
|
+
|
12
|
+
GEM
|
13
|
+
remote: https://rubygems.org/
|
14
|
+
specs:
|
15
|
+
actioncable (6.0.3.3)
|
16
|
+
actionpack (= 6.0.3.3)
|
17
|
+
nio4r (~> 2.0)
|
18
|
+
websocket-driver (>= 0.6.1)
|
19
|
+
actionmailbox (6.0.3.3)
|
20
|
+
actionpack (= 6.0.3.3)
|
21
|
+
activejob (= 6.0.3.3)
|
22
|
+
activerecord (= 6.0.3.3)
|
23
|
+
activestorage (= 6.0.3.3)
|
24
|
+
activesupport (= 6.0.3.3)
|
25
|
+
mail (>= 2.7.1)
|
26
|
+
actionmailer (6.0.3.3)
|
27
|
+
actionpack (= 6.0.3.3)
|
28
|
+
actionview (= 6.0.3.3)
|
29
|
+
activejob (= 6.0.3.3)
|
30
|
+
mail (~> 2.5, >= 2.5.4)
|
31
|
+
rails-dom-testing (~> 2.0)
|
32
|
+
actionpack (6.0.3.3)
|
33
|
+
actionview (= 6.0.3.3)
|
34
|
+
activesupport (= 6.0.3.3)
|
35
|
+
rack (~> 2.0, >= 2.0.8)
|
36
|
+
rack-test (>= 0.6.3)
|
37
|
+
rails-dom-testing (~> 2.0)
|
38
|
+
rails-html-sanitizer (~> 1.0, >= 1.2.0)
|
39
|
+
actiontext (6.0.3.3)
|
40
|
+
actionpack (= 6.0.3.3)
|
41
|
+
activerecord (= 6.0.3.3)
|
42
|
+
activestorage (= 6.0.3.3)
|
43
|
+
activesupport (= 6.0.3.3)
|
44
|
+
nokogiri (>= 1.8.5)
|
45
|
+
actionview (6.0.3.3)
|
46
|
+
activesupport (= 6.0.3.3)
|
47
|
+
builder (~> 3.1)
|
48
|
+
erubi (~> 1.4)
|
49
|
+
rails-dom-testing (~> 2.0)
|
50
|
+
rails-html-sanitizer (~> 1.1, >= 1.2.0)
|
51
|
+
activejob (6.0.3.3)
|
52
|
+
activesupport (= 6.0.3.3)
|
53
|
+
globalid (>= 0.3.6)
|
54
|
+
activemodel (6.0.3.3)
|
55
|
+
activesupport (= 6.0.3.3)
|
56
|
+
activemodel-serializers-xml (1.0.2)
|
57
|
+
activemodel (> 5.x)
|
58
|
+
activesupport (> 5.x)
|
59
|
+
builder (~> 3.1)
|
60
|
+
activerecord (6.0.3.3)
|
61
|
+
activemodel (= 6.0.3.3)
|
62
|
+
activesupport (= 6.0.3.3)
|
63
|
+
activeresource (5.1.1)
|
64
|
+
activemodel (>= 5.0, < 7)
|
65
|
+
activemodel-serializers-xml (~> 1.0)
|
66
|
+
activesupport (>= 5.0, < 7)
|
67
|
+
activestorage (6.0.3.3)
|
68
|
+
actionpack (= 6.0.3.3)
|
69
|
+
activejob (= 6.0.3.3)
|
70
|
+
activerecord (= 6.0.3.3)
|
71
|
+
marcel (~> 0.3.1)
|
72
|
+
activesupport (6.0.3.3)
|
73
|
+
concurrent-ruby (~> 1.0, >= 1.0.2)
|
74
|
+
i18n (>= 0.7, < 2)
|
75
|
+
minitest (~> 5.1)
|
76
|
+
tzinfo (~> 1.1)
|
77
|
+
zeitwerk (~> 2.2, >= 2.2.2)
|
78
|
+
addressable (2.7.0)
|
79
|
+
public_suffix (>= 2.0.2, < 5.0)
|
80
|
+
ast (2.4.1)
|
81
|
+
binding_of_caller (0.8.0)
|
82
|
+
debug_inspector (>= 0.0.1)
|
83
|
+
browser_sniffer (1.2.2)
|
84
|
+
builder (3.2.4)
|
85
|
+
byebug (11.1.3)
|
86
|
+
coderay (1.1.3)
|
87
|
+
concurrent-ruby (1.1.7)
|
88
|
+
crack (0.4.4)
|
89
|
+
crass (1.0.6)
|
90
|
+
debug_inspector (0.0.3)
|
91
|
+
erubi (1.9.0)
|
92
|
+
faraday (1.3.0)
|
93
|
+
faraday-net_http (~> 1.0)
|
94
|
+
multipart-post (>= 1.2, < 3)
|
95
|
+
ruby2_keywords
|
96
|
+
faraday-net_http (1.0.1)
|
97
|
+
globalid (0.4.2)
|
98
|
+
activesupport (>= 4.2.0)
|
99
|
+
graphql (1.11.7)
|
100
|
+
graphql-client (0.16.0)
|
101
|
+
activesupport (>= 3.0)
|
102
|
+
graphql (~> 1.8)
|
103
|
+
hashdiff (1.0.1)
|
104
|
+
hashie (4.1.0)
|
105
|
+
i18n (1.8.5)
|
106
|
+
concurrent-ruby (~> 1.0)
|
107
|
+
jwt (2.2.2)
|
108
|
+
loofah (2.7.0)
|
109
|
+
crass (~> 1.0.2)
|
110
|
+
nokogiri (>= 1.5.9)
|
111
|
+
mail (2.7.1)
|
112
|
+
mini_mime (>= 0.1.1)
|
113
|
+
marcel (0.3.3)
|
114
|
+
mimemagic (~> 0.3.2)
|
115
|
+
method_source (0.9.2)
|
116
|
+
mimemagic (0.3.5)
|
117
|
+
mini_mime (1.0.2)
|
118
|
+
mini_portile2 (2.5.0)
|
119
|
+
minitest (5.14.2)
|
120
|
+
mocha (1.11.2)
|
121
|
+
multi_json (1.15.0)
|
122
|
+
multi_xml (0.6.0)
|
123
|
+
multipart-post (2.1.1)
|
124
|
+
nio4r (2.5.4)
|
125
|
+
nokogiri (1.11.1)
|
126
|
+
mini_portile2 (~> 2.5.0)
|
127
|
+
racc (~> 1.4)
|
128
|
+
oauth2 (1.4.4)
|
129
|
+
faraday (>= 0.8, < 2.0)
|
130
|
+
jwt (>= 1.0, < 3.0)
|
131
|
+
multi_json (~> 1.3)
|
132
|
+
multi_xml (~> 0.5)
|
133
|
+
rack (>= 1.2, < 3)
|
134
|
+
omniauth (1.9.1)
|
135
|
+
hashie (>= 3.4.6)
|
136
|
+
rack (>= 1.6.2, < 3)
|
137
|
+
omniauth-oauth2 (1.5.0)
|
138
|
+
oauth2 (~> 1.1)
|
139
|
+
omniauth (~> 1.2)
|
140
|
+
omniauth-shopify-oauth2 (2.2.3)
|
141
|
+
activesupport
|
142
|
+
omniauth-oauth2 (~> 1.5.0)
|
143
|
+
parallel (1.20.1)
|
144
|
+
parser (2.7.2.0)
|
145
|
+
ast (~> 2.4.1)
|
146
|
+
pry (0.12.2)
|
147
|
+
coderay (~> 1.1.0)
|
148
|
+
method_source (~> 0.9.0)
|
149
|
+
pry-nav (0.3.0)
|
150
|
+
pry (>= 0.9.10, < 0.13.0)
|
151
|
+
pry-stack_explorer (0.4.9.3)
|
152
|
+
binding_of_caller (>= 0.7)
|
153
|
+
pry (>= 0.9.11)
|
154
|
+
public_suffix (4.0.6)
|
155
|
+
racc (1.5.2)
|
156
|
+
rack (2.2.3)
|
157
|
+
rack-test (1.1.0)
|
158
|
+
rack (>= 1.0, < 3)
|
159
|
+
rails (6.0.3.3)
|
160
|
+
actioncable (= 6.0.3.3)
|
161
|
+
actionmailbox (= 6.0.3.3)
|
162
|
+
actionmailer (= 6.0.3.3)
|
163
|
+
actionpack (= 6.0.3.3)
|
164
|
+
actiontext (= 6.0.3.3)
|
165
|
+
actionview (= 6.0.3.3)
|
166
|
+
activejob (= 6.0.3.3)
|
167
|
+
activemodel (= 6.0.3.3)
|
168
|
+
activerecord (= 6.0.3.3)
|
169
|
+
activestorage (= 6.0.3.3)
|
170
|
+
activesupport (= 6.0.3.3)
|
171
|
+
bundler (>= 1.3.0)
|
172
|
+
railties (= 6.0.3.3)
|
173
|
+
sprockets-rails (>= 2.0.0)
|
174
|
+
rails-controller-testing (1.0.5)
|
175
|
+
actionpack (>= 5.0.1.rc1)
|
176
|
+
actionview (>= 5.0.1.rc1)
|
177
|
+
activesupport (>= 5.0.1.rc1)
|
178
|
+
rails-dom-testing (2.0.3)
|
179
|
+
activesupport (>= 4.2.0)
|
180
|
+
nokogiri (>= 1.6)
|
181
|
+
rails-html-sanitizer (1.3.0)
|
182
|
+
loofah (~> 2.3)
|
183
|
+
railties (6.0.3.3)
|
184
|
+
actionpack (= 6.0.3.3)
|
185
|
+
activesupport (= 6.0.3.3)
|
186
|
+
method_source
|
187
|
+
rake (>= 0.8.7)
|
188
|
+
thor (>= 0.20.3, < 2.0)
|
189
|
+
rainbow (3.0.0)
|
190
|
+
rake (13.0.1)
|
191
|
+
rb-readline (0.5.5)
|
192
|
+
redirect_safely (1.0.0)
|
193
|
+
activemodel
|
194
|
+
regexp_parser (2.0.0)
|
195
|
+
rexml (3.2.4)
|
196
|
+
rubocop (1.5.2)
|
197
|
+
parallel (~> 1.10)
|
198
|
+
parser (>= 2.7.1.5)
|
199
|
+
rainbow (>= 2.2.2, < 4.0)
|
200
|
+
regexp_parser (>= 1.8, < 3.0)
|
201
|
+
rexml
|
202
|
+
rubocop-ast (>= 1.2.0, < 2.0)
|
203
|
+
ruby-progressbar (~> 1.7)
|
204
|
+
unicode-display_width (>= 1.4.0, < 2.0)
|
205
|
+
rubocop-ast (1.3.0)
|
206
|
+
parser (>= 2.7.1.5)
|
207
|
+
rubocop-shopify (1.0.7)
|
208
|
+
rubocop (~> 1.4)
|
209
|
+
ruby-progressbar (1.10.1)
|
210
|
+
ruby2_keywords (0.0.4)
|
211
|
+
shopify_api (9.2.0)
|
212
|
+
activeresource (>= 4.1.0, < 6.0.0)
|
213
|
+
graphql-client
|
214
|
+
rack
|
215
|
+
sprockets (4.0.2)
|
216
|
+
concurrent-ruby (~> 1.0)
|
217
|
+
rack (> 1, < 3)
|
218
|
+
sprockets-rails (3.2.2)
|
219
|
+
actionpack (>= 4.0)
|
220
|
+
activesupport (>= 4.0)
|
221
|
+
sprockets (>= 3.0.0)
|
222
|
+
sqlite3 (1.4.2)
|
223
|
+
thor (1.0.1)
|
224
|
+
thread_safe (0.3.6)
|
225
|
+
tzinfo (1.2.7)
|
226
|
+
thread_safe (~> 0.1)
|
227
|
+
unicode-display_width (1.7.0)
|
228
|
+
webmock (3.9.1)
|
229
|
+
addressable (>= 2.3.6)
|
230
|
+
crack (>= 0.3.2)
|
231
|
+
hashdiff (>= 0.4.0, < 2.0.0)
|
232
|
+
websocket-driver (0.7.3)
|
233
|
+
websocket-extensions (>= 0.1.0)
|
234
|
+
websocket-extensions (0.1.5)
|
235
|
+
zeitwerk (2.4.0)
|
236
|
+
|
237
|
+
PLATFORMS
|
238
|
+
ruby
|
239
|
+
|
240
|
+
DEPENDENCIES
|
241
|
+
byebug
|
242
|
+
minitest
|
243
|
+
mocha
|
244
|
+
pry
|
245
|
+
pry-nav
|
246
|
+
pry-stack_explorer
|
247
|
+
rails-controller-testing
|
248
|
+
rake
|
249
|
+
rb-readline
|
250
|
+
rubocop-shopify
|
251
|
+
shopify_app!
|
252
|
+
sqlite3 (~> 1.4)
|
253
|
+
webmock
|
254
|
+
|
255
|
+
BUNDLED WITH
|
256
|
+
2.1.4
|
data/README.md
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
Shopify App
|
2
2
|
===========
|
3
|
-
[![Version][gem]][gem_url] [![Build Status](https://
|
3
|
+
[![Version][gem]][gem_url] [![Build Status](https://github.com/Shopify/shopify_app/workflows/CI/badge.svg)](https://github.com/Shopify/shopify_app/actions?query=workflow%3ACI)
|
4
4
|
|
5
5
|
[gem]: https://img.shields.io/gem/v/shopify_app.svg
|
6
6
|
[gem_url]: https://rubygems.org/gems/shopify_app
|
@@ -8,6 +8,8 @@ Shopify App
|
|
8
8
|
|
9
9
|
Shopify Application Rails engine and generator
|
10
10
|
|
11
|
+
### NOTE: Rails 6.1 or above is not yet supported due to the new `cookies_same_site_protection` setting.
|
12
|
+
|
11
13
|
#### NOTE: Versions 8.0.0 through 8.2.3 contained a CSRF vulnerability that was addressed in version 8.2.4. Please update to version 8.2.4 if you're using an old version.
|
12
14
|
|
13
15
|
Table of Contents
|
@@ -72,28 +74,31 @@ The latest version of shopify_app is compatible with Rails `>= 5`. Use version `
|
|
72
74
|
Generators
|
73
75
|
----------
|
74
76
|
|
75
|
-
###
|
77
|
+
### API Keys
|
78
|
+
<!-- This anchor name `#api-keys` is linked to from user output in `templates/shopify_app.rb.tt` so beware of changing -->
|
79
|
+
Before starting the app, you'll need to ensure it can read the Shopify environment variables `SHOPIFY_API_KEY` and `SHOPIFY_API_SECRET`.
|
76
80
|
|
77
|
-
|
81
|
+
In a development environment, a common approach is to use the [dotenv-rails](https://github.com/bkeepers/dotenv) gem, along with an `.env` file in the following format:
|
78
82
|
|
79
|
-
```
|
80
|
-
|
83
|
+
```
|
84
|
+
SHOPIFY_API_KEY=your api key
|
85
|
+
SHOPIFY_API_SECRET=your api secret
|
81
86
|
```
|
82
87
|
|
83
|
-
|
88
|
+
These values can be found on the "App Setup" page in the [Shopify Partners Dashboard][dashboard].
|
89
|
+
(If you are using [shopify-app-cli](https://github.com/Shopify/shopify-app-cli) this `.env` file will be created automatically).
|
90
|
+
If you are checking your code into a code repository, ensure your `.gitignore` prevents your `.env` file from being checked into any publicly accessible code.
|
84
91
|
|
85
|
-
###
|
92
|
+
### Default Generator
|
86
93
|
|
87
|
-
The default
|
94
|
+
The default generator will run the `install`, `shop`, `authenticated_controller`, and `home_controller` generators. This is the recommended way to start a new app from scratch:
|
88
95
|
|
89
|
-
```
|
90
|
-
|
91
|
-
SHOPIFY_API_SECRET=your api secret
|
96
|
+
```sh
|
97
|
+
$ rails generate shopify_app
|
92
98
|
```
|
93
99
|
|
94
|
-
|
100
|
+
After running the generator, you will need to run `rails db:migrate` to add new tables to your database. You can start your app with `bundle exec rails server` and install your app by visiting `http://localhost` in your web browser.
|
95
101
|
|
96
|
-
**You will need to load the ENV variables into your environment, you can do this with the [dot-env](https://github.com/bkeepers/dotenv) gem or any other method you wish to.**
|
97
102
|
|
98
103
|
### Install Generator
|
99
104
|
|
@@ -107,6 +112,7 @@ Options include:
|
|
107
112
|
(e.g. `--scope read_products, write_orders, write_products` or `--scope "read_products, write_orders, write_products"`)
|
108
113
|
For more information, refer to the [docs](http://docs.shopify.com/api/tutorials/oauth).
|
109
114
|
* `embedded` - the default is to generate an [embedded app](http://docs.shopify.com/embedded-app-sdk), if you want a legacy non-embedded app then set this to false, `--embedded false`
|
115
|
+
* __[Not recommended for embedded apps]__ `with-cookie-authentication` - sets up the authentication strategy of the app to use cookies. By default, it uses JWT based session tokens.
|
110
116
|
|
111
117
|
You can update any of these settings later on easily; the arguments are simply for convenience.
|
112
118
|
|
@@ -121,10 +127,10 @@ After running the `install` generator, you can start your app with `bundle exec
|
|
121
127
|
$ rails generate shopify_app:home_controller
|
122
128
|
```
|
123
129
|
|
124
|
-
This generator creates an example home controller and view which fetches and displays products using the Shopify API.
|
130
|
+
This generator creates an example home controller and view which fetches and displays products using the Shopify API. By default, this generator creates an unauthenticated home_controller and a sample protected products_controller.
|
125
131
|
|
126
132
|
Options include:
|
127
|
-
* __[
|
133
|
+
* __[Not recommended for embedded apps]__ `with-cookie-authentication` - This flag generates an authenticated home_controller, where the authentication strategy relies on cookies. By default, this generator creates an unauthenticated home_controller and protected sample products_controller.
|
128
134
|
|
129
135
|
### Products Controller Generator
|
130
136
|
|
@@ -279,6 +285,21 @@ The engine provides a `ShopifyApp::Authenticated` concern which should be includ
|
|
279
285
|
|
280
286
|
For backwards compatibility, the engine still provides a controller called `ShopifyApp::AuthenticatedController` which includes the `ShopifyApp::Authenticated` concern. Note that it inherits directly from `ActionController::Base`, so you will not be able to share functionality between it and your application's `ApplicationController`.
|
281
287
|
|
288
|
+
### EnsureAuthenticatedLinks
|
289
|
+
|
290
|
+
The `ShopifyApp::EnsureAuthenticatedLinks` concern helps authenticate users that access protected pages of your app directly.
|
291
|
+
|
292
|
+
Include this concern in your app's `AuthenticatedController` if your app uses session tokens with [Turbolinks](https://shopify.dev/tutorials/authenticate-server-side-rendered-apps-with-session-tokens-app-bridge-turbolinks). It adds a `before_action` filter that detects whether a session token is present or not. If a session is not found, the user is redirected to your app's splash page path (`root_path`) along with `return_to` and `shop` parameters.
|
293
|
+
|
294
|
+
Example `AuthenticatedController`:
|
295
|
+
|
296
|
+
```rb
|
297
|
+
class AuthenticatedController < ApplicationController
|
298
|
+
include ShopifyApp::EnsureAuthenticatedLinks
|
299
|
+
include ShopifyApp::Authenticated
|
300
|
+
end
|
301
|
+
```
|
302
|
+
|
282
303
|
### AfterAuthenticate Job
|
283
304
|
|
284
305
|
If your app needs to perform specific actions after the user is authenticated successfully (i.e. every time a new session is created), ShopifyApp can queue or run a job of your choosing (note that we already provide support for automatically creating Webhooks and Scripttags). To configure the after authenticate job, update your initializer as follows:
|