shopify_app 21.0.0 → 22.5.0

data/lib/generators/shopify_app/add_declarative_webhook/add_declarative_webhook_generator.rb

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+require "rails/generators/base"
+
+module ShopifyApp
+  module Generators
+    class AddDeclarativeWebhookGenerator < Rails::Generators::Base
+      source_root File.expand_path("../templates", __FILE__)
+      class_option :topic, type: :string, aliases: "-t", required: true
+      class_option :path, type: :string, aliases: "-p", required: true
+
+      hook_for :test_framework, as: :job, in: :rails do |instance, generator|
+        instance.invoke(generator, [instance.send(:file_name)])
+      end
+
+      def add_webhook_job
+        namespace = ShopifyApp.configuration.webhook_jobs_namespace
+        @job_file_name = if namespace.present?
+          "#{namespace}/#{file_name}_job"
+        else
+          "#{file_name}_job"
+        end
+        @job_class_name = @job_file_name.classify
+        template("webhook_job.rb", "app/jobs/#{@job_file_name}.rb")
+      end
+
+      def add_webhook_controller
+        @controller_file_name = "#{file_name}_controller"
+        @controller_class_name = @controller_file_name.classify
+        template("webhook_controller.rb", "app/controllers/webhooks/#{@controller_file_name}.rb")
+      end
+
+      def add_webhook_route
+        route = "\t\t\tpost '#{file_name}', to: '#{file_name}#receive'\n"
+        inject_into_file("config/routes.rb", route, after: /namespace :webhooks do\n/)
+      end
+
+      private
+
+      def file_name
+        path.split("/").last
+      end
+
+      def topic
+        options["topic"]
+      end
+
+      def path
+        options["path"]
+      end
+    end
+  end
+end

data/lib/generators/shopify_app/add_declarative_webhook/templates/webhook_controller.rb.tt

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module Webhooks
+  class <%= @controller_class_name %> < ApplicationController
+    include ShopifyApp::WebhookVerification
+
+    def receive
+      webhook_request = ShopifyAPI::Webhooks::Request.new(raw_body: request.raw_post, headers: request.headers.to_h)
+      <%= @job_class_name %>.perform_later(shop_domain: webhook_request.shop, webhook: webhook_request.parsed_body)
+      head(:no_content)
+    end
+  end
+end

data/lib/generators/shopify_app/add_declarative_webhook/templates/webhook_job.rb.tt

@@ -0,0 +1,15 @@
+class <%= @job_class_name %> < ActiveJob::Base
+
+  def perform(shop_domain:, webhook:)
+    shop = Shop.find_by(shopify_domain: shop_domain)
+
+    if shop.nil?
+      logger.error("#{self.class} failed: cannot find shop with domain '#{shop_domain}'")
+
+      raise ActiveRecord::RecordNotFound, "Shop Not Found"
+    end
+
+    shop.with_shopify_session do |session|
+    end
+  end
+end

data/lib/generators/shopify_app/add_privacy_jobs/add_privacy_jobs_generator.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+require "rails/generators/base"
+
+module ShopifyApp
+  module Generators
+    class AddPrivacyJobsGenerator < Rails::Generators::Base
+      source_root File.expand_path("../templates", __FILE__)
+
+      def add_customer_data_request_job
+        template("customers_data_request_job.rb", "app/jobs/customers_data_request_job.rb")
+      end
+
+      def add_shop_redact_job
+        template("shop_redact_job.rb", "app/jobs/shop_redact_job.rb")
+      end
+
+      def add_customer_redact_job
+        template("customers_redact_job.rb", "app/jobs/customers_redact_job.rb")
+      end
+    end
+  end
+end

data/lib/generators/shopify_app/add_privacy_jobs/templates/customers_data_request_job.rb.tt

@@ -0,0 +1,22 @@
+class CustomersDataRequestJob < ActiveJob::Base
+  extend ShopifyAPI::Webhooks::Handler
+
+  class << self
+    def handle(topic:, shop:, body:)
+      perform_later(topic: topic, shop_domain: shop, webhook: body)
+    end
+  end
+
+  def perform(topic:, shop_domain:, webhook:)
+    shop = Shop.find_by(shopify_domain: shop_domain)
+
+    if shop.nil?
+      logger.error("#{self.class} failed: cannot find shop with domain '#{shop_domain}'")
+      
+      raise ActiveRecord::RecordNotFound, "Shop Not Found"
+    end
+
+    shop.with_shopify_session do
+    end
+  end
+end

data/lib/generators/shopify_app/add_privacy_jobs/templates/customers_redact_job.rb.tt

@@ -0,0 +1,22 @@
+class CustomersRedactJob < ActiveJob::Base
+  extend ShopifyAPI::Webhooks::Handler
+
+  class << self
+    def handle(topic:, shop:, body:)
+      perform_later(topic: topic, shop_domain: shop, webhook: body)
+    end
+  end
+
+  def perform(topic:, shop_domain:, webhook:)
+    shop = Shop.find_by(shopify_domain: shop_domain)
+
+    if shop.nil?
+      logger.error("#{self.class} failed: cannot find shop with domain '#{shop_domain}'")
+      
+      raise ActiveRecord::RecordNotFound, "Shop Not Found"
+    end
+
+    shop.with_shopify_session do
+    end
+  end
+end

data/lib/generators/shopify_app/add_privacy_jobs/templates/shop_redact_job.rb.tt

@@ -0,0 +1,22 @@
+class ShopRedactJob < ActiveJob::Base
+  extend ShopifyAPI::Webhooks::Handler
+
+  class << self
+    def handle(topic:, shop:, body:)
+      perform_later(topic: topic, shop_domain: shop, webhook: body)
+    end
+  end
+
+  def perform(topic:, shop_domain:, webhook:)
+    shop = Shop.find_by(shopify_domain: shop_domain)
+
+    if shop.nil?
+      logger.error("#{self.class} failed: cannot find shop with domain '#{shop_domain}'")
+      
+      raise ActiveRecord::RecordNotFound, "Shop Not Found"
+    end
+
+    shop.with_shopify_session do
+    end
+  end
+end

data/lib/generators/shopify_app/add_webhook/add_webhook_generator.rb

@@ -20,7 +20,7 @@ module ShopifyApp
         inject_into_file(
           "config/initializers/shopify_app.rb",
           "  config.webhooks = [\n  ]\n",
-          after: /ShopifyApp\.configure.*\n/
+          after: /ShopifyApp\.configure.*\n/,
         )
       end
 
@@ -28,7 +28,7 @@ module ShopifyApp
         inject_into_file(
           "config/initializers/shopify_app.rb",
           webhook_config,
-          after: "config.webhooks = ["
+          after: "config.webhooks = [",
         )
 
         initializer = load_initializer
@@ -39,7 +39,12 @@ module ShopifyApp
       end
 
       def add_webhook_job
-        @job_file_name = job_file_name + "_job"
+        namespace = ShopifyApp.configuration.webhook_jobs_namespace
+        @job_file_name = if namespace.present?
+          "#{namespace}/#{job_file_name}_job"
+        else
+          "#{job_file_name}_job"
+        end
         @job_class_name = @job_file_name.classify
         template("webhook_job.rb", "app/jobs/#{@job_file_name}.rb")
       end

data/lib/generators/shopify_app/add_webhook/templates/webhook_job.rb.tt

@@ -12,10 +12,12 @@ class <%= @job_class_name %> < ActiveJob::Base
 
     if shop.nil?
       logger.error("#{self.class} failed: cannot find shop with domain '#{shop_domain}'")
-      return
+
+      raise ActiveRecord::RecordNotFound, "Shop Not Found"
     end
 
-    shop.with_shopify_session do
+    shop.with_shopify_session do |session|
+    ## webhook processing logic
     end
   end
 end

data/lib/generators/shopify_app/app_proxy_controller/app_proxy_controller_generator.rb

@@ -19,7 +19,7 @@ module ShopifyApp
         inject_into_file(
           "config/routes.rb",
           File.read(File.expand_path(find_in_source_paths("app_proxy_route.rb"))),
-          after: "mount ShopifyApp::Engine, at: '/'\n"
+          after: "mount ShopifyApp::Engine, at: '/'\n",
         )
       end
     end

data/lib/generators/shopify_app/authenticated_controller/templates/authenticated_controller.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 class AuthenticatedController < ApplicationController
-  include ShopifyApp::Authenticated
+  include ShopifyApp::EnsureHasSession
 end

data/lib/generators/shopify_app/home_controller/templates/index.html.erb

@@ -24,7 +24,7 @@
           });
 
           var fetchProducts = function() {
-            var headers = new Headers({ "Authorization": "Bearer " + window.sessionToken });
+            var headers = new Headers({ "Content-Type": "text/javascript", "Authorization": "Bearer " + window.sessionToken });
             return fetch("/products", { headers })
               .then(response => response.json())
               .then(data => {

data/lib/generators/shopify_app/home_controller/templates/unauthenticated_home_controller.rb

@@ -2,7 +2,7 @@
 
 class HomeController < ApplicationController
   include ShopifyApp::EmbeddedApp
-  include ShopifyApp::RequireKnownShop
+  include ShopifyApp::EnsureInstalled
   include ShopifyApp::ShopAccessScopesVerification
 
   def index

data/lib/generators/shopify_app/install/install_generator.rb

@@ -13,8 +13,8 @@ module ShopifyApp
       class_option :embedded, type: :string, default: "true"
       class_option :api_version, type: :string, default: nil
 
-      NGROK_HOST = "/\[-\\w]+\\.ngrok\\.io/"
-      CLOUDFLARE_HOST = "/\[-\\w]+\\.trycloudflare\\.com/"
+      NGROK_HOST = "/[-\\w]+\\.ngrok\\.io/"
+      CLOUDFLARE_HOST = "/[-\\w]+\\.trycloudflare\\.com/"
 
       def create_shopify_app_initializer
         @application_name = format_array_argument(options["application_name"])
@@ -66,7 +66,7 @@ module ShopifyApp
         inject_into_file(
           "config/environments/development.rb",
           comment,
-          after: insert_after_line
+          after: insert_after_line,
         )
         comment
       end
@@ -78,7 +78,7 @@ module ShopifyApp
         inject_into_file(
           "config/environments/development.rb",
           host_line,
-          after: explaination_comment
+          after: explaination_comment,
         )
         host_line
       end

data/lib/generators/shopify_app/install/templates/shopify_app.rb.tt

@@ -4,11 +4,19 @@ ShopifyApp.configure do |config|
   config.scope = "<%= @scope %>" # Consult this page for more scope options:
                                   # https://help.shopify.com/en/api/getting-started/authentication/oauth/scopes
   config.embedded_app = <%= embedded_app? %>
+  config.new_embedded_auth_strategy = <%= embedded_app? %>
+
   config.after_authenticate_job = false
   config.api_version = "<%= @api_version %>"
   config.shop_session_repository = 'Shop'
-
+  config.log_level = :info
   config.reauth_on_access_scope_changes = true
+  config.webhooks = [
+    { topic: "app/uninstalled", address: "webhooks/app_uninstalled"},
+    { topic: "customers/data_request", address: "webhooks/customers_data_request" },
+    { topic: "customers/redact", address: "webhooks/customers_redact"},
+    { topic: "shop/redact", address: "webhooks/shop_redact"}
+  ]
 
   config.api_key = ENV.fetch('SHOPIFY_API_KEY', '').presence
   config.secret = ENV.fetch('SHOPIFY_API_SECRET', '').presence
@@ -24,6 +32,8 @@ ShopifyApp.configure do |config|
   #   amount: 5,
   #   interval: ShopifyApp::BillingConfiguration::INTERVAL_EVERY_30_DAYS,
   #   currency_code: "USD", # Only supports USD for now
+  #   trial_days: 0,
+  #   test: !ENV['SHOPIFY_TEST_CHARGES'].nil? ? ["true", "1"].include?(ENV['SHOPIFY_TEST_CHARGES']) : !Rails.env.production?
   # )
 
   if defined? Rails::Server
@@ -38,11 +48,11 @@ Rails.application.config.after_initialize do
       api_key: ShopifyApp.configuration.api_key,
       api_secret_key: ShopifyApp.configuration.secret,
       api_version: ShopifyApp.configuration.api_version,
-      host_name: URI(ENV.fetch('HOST', '')).host || '',
+      host: ENV['HOST'],
       scope: ShopifyApp.configuration.scope,
       is_private: !ENV.fetch('SHOPIFY_APP_PRIVATE_SHOP', '').empty?,
       is_embedded: ShopifyApp.configuration.embedded_app,
-      session_storage: ShopifyApp::SessionRepository,
+      log_level: :info,
       logger: Rails.logger,
       private_shop: ENV.fetch('SHOPIFY_APP_PRIVATE_SHOP', nil),
       user_agent_prefix: "ShopifyApp/#{ShopifyApp::VERSION}"

data/lib/generators/shopify_app/rotate_shopify_token_job/templates/rotate_shopify_token.rake

@@ -6,7 +6,7 @@ namespace :shopify do
     all_active_shops.find_each do |shop|
       Shopify::RotateShopifyTokenJob.perform_later(
         shop_domain: shop.shopify_domain,
-        refresh_token: args[:refresh_token]
+        refresh_token: args[:refresh_token],
       )
     end
   end

data/lib/generators/shopify_app/rotate_shopify_token_job/templates/rotate_shopify_token_job.rb

@@ -27,7 +27,7 @@ module Shopify
     private
 
     def log_error(message)
-      Rails.logger.error(message)
+      ShopifyApp::Logger.error(message)
     end
 
     def no_access_token_error_message

data/lib/generators/shopify_app/routes/routes_generator.rb

@@ -15,7 +15,7 @@ module ShopifyApp
         gsub_file(
           "config/routes.rb",
           "mount ShopifyApp::Engine, at: '/'",
-          ""
+          "",
         )
       end
 

data/lib/generators/shopify_app/shop_model/shop_model_generator.rb

@@ -35,7 +35,7 @@ module ShopifyApp
         if new_shopify_cli_app? || Rails.env.test? || yes?(scopes_column_prompt)
           migration_template(
             "db/migrate/add_shop_access_scopes_column.erb",
-            "db/migrate/add_shop_access_scopes_column.rb"
+            "db/migrate/add_shop_access_scopes_column.rb",
           )
         end
       end

data/lib/generators/shopify_app/shop_model/templates/db/migrate/add_shop_access_scopes_column.erb

@@ -1,5 +1,5 @@
 class AddShopAccessScopesColumn < ActiveRecord::Migration[<%= rails_migration_version %>]
   def change
-    add_column :shops, :access_scopes, :string
+    add_column :shops, :access_scopes, :string, default: "", null: false
   end
 end

data/lib/generators/shopify_app/shopify_app_generator.rb

@@ -9,6 +9,8 @@ module ShopifyApp
       end
 
       def run_all_generators
+        generate("shopify_app:add_app_uninstalled_job")
+        generate("shopify_app:add_privacy_jobs")
         generate("shopify_app:install #{@opts.join(" ")}")
         generate("shopify_app:shop_model #{@opts.join(" ")}")
         generate("shopify_app:authenticated_controller")

data/lib/generators/shopify_app/user_model/templates/db/migrate/add_user_access_scopes_column.erb

@@ -1,5 +1,5 @@
 class AddUserAccessScopesColumn < ActiveRecord::Migration[<%= rails_migration_version %>]
   def change
-    add_column :users, :access_scopes, :string
+    add_column :users, :access_scopes, :string, default: "", null: false
   end
 end

data/lib/generators/shopify_app/user_model/templates/db/migrate/add_user_expires_at_column.erb

@@ -0,0 +1,5 @@
+class AddUserExpiresAtColumn < ActiveRecord::Migration[<%= rails_migration_version %>]
+  def change
+    add_column :users, :expires_at, :datetime
+  end
+end

data/lib/generators/shopify_app/user_model/user_model_generator.rb

@@ -35,7 +35,27 @@ module ShopifyApp
         if new_shopify_cli_app? || Rails.env.test? || yes?(scopes_column_prompt)
           migration_template(
             "db/migrate/add_user_access_scopes_column.erb",
-            "db/migrate/add_user_access_scopes_column.rb"
+            "db/migrate/add_user_access_scopes_column.rb",
+          )
+        end
+      end
+
+      def create_expires_at_storage_in_user_model
+        expires_at_column_prompt = <<~PROMPT
+          It is highly recommended that apps record the User session expiry date. \
+          This will allow to check if the session has expired and re-authenticate \
+          without a first call to Shopify.
+
+          After running the migration, the `check_session_expiry_date` configuration can be enabled.
+
+          The following migration will add an `expires_at` column to the User model. \
+          Do you want to include this migration? [y/n]
+        PROMPT
+
+        if new_shopify_cli_app? || Rails.env.test? || yes?(expires_at_column_prompt)
+          migration_template(
+            "db/migrate/add_user_expires_at_column.erb",
+            "db/migrate/add_user_expires_at_column.rb",
           )
         end
       end

data/lib/shopify_app/access_scopes/noop_strategy.rb

@@ -7,6 +7,10 @@ module ShopifyApp
         def update_access_scopes?(*_args)
           false
         end
+
+        def covers_scopes?(*_args)
+          true
+        end
       end
     end
   end

data/lib/shopify_app/access_scopes/user_strategy.rb

@@ -8,8 +8,15 @@ module ShopifyApp
           return update_access_scopes_for_user_id?(user_id) if user_id
           return update_access_scopes_for_shopify_user_id?(shopify_user_id) if shopify_user_id
 
-          raise(::ShopifyApp::InvalidInput,
-            "#update_access_scopes? requires user_id or shopify_user_id parameter inputs")
+          raise(
+            ::ShopifyApp::InvalidInput,
+            "#update_access_scopes? requires user_id or shopify_user_id parameter inputs",
+          )
+        end
+
+        def covers_scopes?(current_shopify_session)
+          # NOTE: this not Ruby's `covers?` method, it is defined in ShopifyAPI::Auth::AuthScopes
+          current_shopify_session.scope.to_a.empty? || current_shopify_session.scope.covers?(ShopifyAPI::Context.scope)
         end
 
         private

data/lib/shopify_app/admin_api/with_token_refetch.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+module ShopifyApp
+  module AdminAPI
+    module WithTokenRefetch
+      def with_token_refetch(session, shopify_id_token)
+        retrying = false if retrying.nil?
+        yield
+      rescue ShopifyAPI::Errors::HttpResponseError => error
+        if error.code != 401
+          ShopifyApp::Logger.debug("Encountered error: #{error.code} - #{error.response.inspect}, re-raising")
+        elsif retrying
+          ShopifyApp::Logger.debug("Shopify API returned a 401 Unauthorized error that was not corrected " \
+            "with token exchange, re-raising error")
+        else
+          retrying = true
+          ShopifyApp::Logger.debug("Shopify API returned a 401 Unauthorized error, exchanging token and " \
+            "retrying with new session")
+          new_session = ShopifyApp::Auth::TokenExchange.perform(shopify_id_token)
+          session.copy_attributes_from(new_session)
+          retry
+        end
+        raise
+      end
+    end
+  end
+end

data/lib/shopify_app/auth/post_authenticate_tasks.rb

@@ -0,0 +1,48 @@
+# frozen_string_literal: true
+
+module ShopifyApp
+  module Auth
+    class PostAuthenticateTasks
+      class << self
+        def perform(session)
+          ShopifyApp::Logger.debug("Performing post authenticate tasks")
+          # Ensure we use the shop session to install webhooks
+          session_for_shop = session.online? ? shop_session(session) : session
+
+          install_webhooks(session_for_shop)
+
+          perform_after_authenticate_job(session)
+        end
+
+        private
+
+        def shop_session(session)
+          ShopifyApp::SessionRepository.retrieve_shop_session_by_shopify_domain(session.shop)
+        end
+
+        def install_webhooks(session)
+          ShopifyApp::Logger.debug("PostAuthenticateTasks: Installing webhooks")
+          return unless ShopifyApp.configuration.has_webhooks?
+
+          WebhooksManager.queue(session.shop, session.access_token)
+        end
+
+        def perform_after_authenticate_job(session)
+          ShopifyApp::Logger.debug("PostAuthenticateTasks: Performing after_authenticate_job")
+          config = ShopifyApp.configuration.after_authenticate_job
+
+          return unless config && config[:job].present?
+
+          job = config[:job]
+          job = job.constantize if job.is_a?(String)
+
+          if config[:inline] == true
+            job.perform_now(shop_domain: session.shop)
+          else
+            job.perform_later(shop_domain: session.shop)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/shopify_app/auth/token_exchange.rb

@@ -0,0 +1,73 @@
+# frozen_string_literal: true
+
+module ShopifyApp
+  module Auth
+    class TokenExchange
+      attr_reader :id_token
+
+      def self.perform(id_token)
+        new(id_token).perform
+      end
+
+      def initialize(id_token)
+        @id_token = id_token
+      end
+
+      def perform
+        domain = ShopifyAPI::Auth::JwtPayload.new(id_token).shopify_domain
+
+        Logger.info("Performing Token Exchange for [#{domain}] - (Offline)")
+        session = exchange_token(
+          shop: domain,
+          id_token: id_token,
+          requested_token_type: ShopifyAPI::Auth::TokenExchange::RequestedTokenType::OFFLINE_ACCESS_TOKEN,
+        )
+
+        if online_token_configured?
+          Logger.info("Performing Token Exchange for [#{domain}] - (Online)")
+          session = exchange_token(
+            shop: domain,
+            id_token: id_token,
+            requested_token_type: ShopifyAPI::Auth::TokenExchange::RequestedTokenType::ONLINE_ACCESS_TOKEN,
+          )
+        end
+
+        ShopifyApp.configuration.post_authenticate_tasks.perform(session)
+
+        session
+      end
+
+      private
+
+      def exchange_token(shop:, id_token:, requested_token_type:)
+        session = ShopifyAPI::Auth::TokenExchange.exchange_token(
+          shop: shop,
+          session_token: id_token,
+          requested_token_type: requested_token_type,
+        )
+
+        SessionRepository.store_session(session)
+
+        session
+      rescue ShopifyAPI::Errors::InvalidJwtTokenError
+        Logger.error("Invalid id token '#{id_token}' during token exchange")
+        raise
+      rescue ShopifyAPI::Errors::HttpResponseError => error
+        Logger.error(
+          "A #{error.code} error (#{error.class}) occurred during the token exchange. Response: #{error.response.body}",
+        )
+        raise
+      rescue ActiveRecord::RecordNotUnique
+        Logger.debug("Session not stored due to concurrent token exchange calls")
+        session
+      rescue => error
+        Logger.error("An error occurred during the token exchange: [#{error.class}] #{error.message}")
+        raise
+      end
+
+      def online_token_configured?
+        ShopifyApp.configuration.online_token_configured?
+      end
+    end
+  end
+end