shopify_app 21.1.1 → 21.3.0

data/lib/generators/shopify_app/add_gdpr_jobs/templates/customers_data_request_job.rb.tt

@@ -0,0 +1,22 @@
+class CustomersDataRequestJob < ActiveJob::Base
+  extend ShopifyAPI::Webhooks::Handler
+
+  class << self
+    def handle(topic:, shop:, body:)
+      perform_later(topic: topic, shop_domain: shop, webhook: body)
+    end
+  end
+
+  def perform(topic:, shop_domain:, webhook:)
+    shop = Shop.find_by(shopify_domain: shop_domain)
+
+    if shop.nil?
+      logger.error("#{self.class} failed: cannot find shop with domain '#{shop_domain}'")
+      
+      raise ActiveRecord::RecordNotFound, "Shop Not Found"
+    end
+
+    shop.with_shopify_session do
+    end
+  end
+end

data/lib/generators/shopify_app/add_gdpr_jobs/templates/customers_redact_job.rb.tt

@@ -0,0 +1,22 @@
+class CustomersRedactJob < ActiveJob::Base
+  extend ShopifyAPI::Webhooks::Handler
+
+  class << self
+    def handle(topic:, shop:, body:)
+      perform_later(topic: topic, shop_domain: shop, webhook: body)
+    end
+  end
+
+  def perform(topic:, shop_domain:, webhook:)
+    shop = Shop.find_by(shopify_domain: shop_domain)
+
+    if shop.nil?
+      logger.error("#{self.class} failed: cannot find shop with domain '#{shop_domain}'")
+      
+      raise ActiveRecord::RecordNotFound, "Shop Not Found"
+    end
+
+    shop.with_shopify_session do
+    end
+  end
+end

data/lib/generators/shopify_app/add_gdpr_jobs/templates/shop_redact_job.rb.tt

@@ -0,0 +1,22 @@
+class ShopRedactJob < ActiveJob::Base
+  extend ShopifyAPI::Webhooks::Handler
+
+  class << self
+    def handle(topic:, shop:, body:)
+      perform_later(topic: topic, shop_domain: shop, webhook: body)
+    end
+  end
+
+  def perform(topic:, shop_domain:, webhook:)
+    shop = Shop.find_by(shopify_domain: shop_domain)
+
+    if shop.nil?
+      logger.error("#{self.class} failed: cannot find shop with domain '#{shop_domain}'")
+      
+      raise ActiveRecord::RecordNotFound, "Shop Not Found"
+    end
+
+    shop.with_shopify_session do
+    end
+  end
+end

data/lib/generators/shopify_app/add_marketing_activity_extension/add_marketing_activity_extension_generator.rb

@@ -8,6 +8,7 @@ module ShopifyApp
       source_root File.expand_path("../templates", __FILE__)
 
       def generate_app_extension
+        ShopifyApp::Logger.deprecated("MarketingActivitiesController will be removed in an upcoming version", "22.0.0")
         template("marketing_activities_controller.rb", "app/controllers/marketing_activities_controller.rb")
         generate_routes
       end

data/lib/generators/shopify_app/add_marketing_activity_extension/templates/marketing_activities_controller.rb

@@ -55,7 +55,8 @@ class MarketingActivitiesController < ShopifyApp::ExtensionVerificationControlle
     request_id = params[:request_id]
     message = params[:message]
 
-    Rails.logger.info("[Marketing Activity App Error Feedback] Request id: #{request_id}, message: #{message}")
+    ShopifyApp::Logger.info("[Marketing Activity App Error Feedback]"\
+      "Request id: #{request_id}, message: #{message}")
 
     render(json: {}, status: :ok)
   end

data/lib/generators/shopify_app/add_webhook/templates/webhook_job.rb.tt

@@ -12,7 +12,8 @@ class <%= @job_class_name %> < ActiveJob::Base
 
     if shop.nil?
       logger.error("#{self.class} failed: cannot find shop with domain '#{shop_domain}'")
-      return
+      
+      raise ActiveRecord::RecordNotFound, "Shop Not Found"
     end
 
     shop.with_shopify_session do

data/lib/generators/shopify_app/authenticated_controller/templates/authenticated_controller.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 class AuthenticatedController < ApplicationController
-  include ShopifyApp::Authenticated
+  include ShopifyApp::EnsureHasSession
 end

data/lib/generators/shopify_app/home_controller/templates/index.html.erb

@@ -24,7 +24,7 @@
           });
 
           var fetchProducts = function() {
-            var headers = new Headers({ "Authorization": "Bearer " + window.sessionToken });
+            var headers = new Headers({ "Content-Type": "text/javascript", "Authorization": "Bearer " + window.sessionToken });
             return fetch("/products", { headers })
               .then(response => response.json())
               .then(data => {

data/lib/generators/shopify_app/home_controller/templates/unauthenticated_home_controller.rb

@@ -2,7 +2,7 @@
 
 class HomeController < ApplicationController
   include ShopifyApp::EmbeddedApp
-  include ShopifyApp::RequireKnownShop
+  include ShopifyApp::EnsureInstalled
   include ShopifyApp::ShopAccessScopesVerification
 
   def index

data/lib/generators/shopify_app/install/templates/shopify_app.rb.tt

@@ -7,8 +7,14 @@ ShopifyApp.configure do |config|
   config.after_authenticate_job = false
   config.api_version = "<%= @api_version %>"
   config.shop_session_repository = 'Shop'
-
+  config.log_level = :info
   config.reauth_on_access_scope_changes = true
+  config.webhooks = [
+    { topic: "app/uninstalled", address: "webhooks/app_uninstalled"},
+    { topic: "customers/data_request", address: "webhooks/customers_data_request" },
+    { topic: "customer/redact", address: "webhooks/customers_redact"},
+    { topic: "shop/redact", address: "webhooks/shop_redact"}
+  ]
 
   config.api_key = ENV.fetch('SHOPIFY_API_KEY', '').presence
   config.secret = ENV.fetch('SHOPIFY_API_SECRET', '').presence
@@ -42,7 +48,7 @@ Rails.application.config.after_initialize do
       scope: ShopifyApp.configuration.scope,
       is_private: !ENV.fetch('SHOPIFY_APP_PRIVATE_SHOP', '').empty?,
       is_embedded: ShopifyApp.configuration.embedded_app,
-      session_storage: ShopifyApp::SessionRepository,
+      log_level: :info,
       logger: Rails.logger,
       private_shop: ENV.fetch('SHOPIFY_APP_PRIVATE_SHOP', nil),
       user_agent_prefix: "ShopifyApp/#{ShopifyApp::VERSION}"

data/lib/generators/shopify_app/rotate_shopify_token_job/templates/rotate_shopify_token_job.rb

@@ -27,7 +27,7 @@ module Shopify
     private
 
     def log_error(message)
-      Rails.logger.error(message)
+      ShopifyApp::Logger.error(message)
     end
 
     def no_access_token_error_message

data/lib/generators/shopify_app/shopify_app_generator.rb

@@ -9,6 +9,8 @@ module ShopifyApp
       end
 
       def run_all_generators
+        generate("shopify_app:add_app_uninstalled_job")
+        generate("shopify_app:add_gdpr_jobs")
         generate("shopify_app:install #{@opts.join(" ")}")
         generate("shopify_app:shop_model #{@opts.join(" ")}")
         generate("shopify_app:authenticated_controller")

data/lib/shopify_app/access_scopes/noop_strategy.rb

@@ -7,6 +7,10 @@ module ShopifyApp
         def update_access_scopes?(*_args)
           false
         end
+
+        def covers_scopes?(*_args)
+          true
+        end
       end
     end
   end

data/lib/shopify_app/access_scopes/user_strategy.rb

@@ -12,6 +12,11 @@ module ShopifyApp
             "#update_access_scopes? requires user_id or shopify_user_id parameter inputs")
         end
 
+        def covers_scopes?(current_shopify_session)
+          # NOTE: this not Ruby's `covers?` method, it is defined in ShopifyAPI::Auth::AuthScopes
+          current_shopify_session.scope.to_a.empty? || current_shopify_session.scope.covers?(ShopifyAPI::Context.scope)
+        end
+
         private
 
         def update_access_scopes_for_user_id?(user_id)

data/lib/shopify_app/configuration.rb

@@ -20,6 +20,7 @@ module ShopifyApp
     attr_accessor :api_version
 
     attr_accessor :reauth_on_access_scope_changes
+    attr_accessor :log_level
 
     # customise urls
     attr_accessor :root_url
@@ -82,7 +83,17 @@ module ShopifyApp
       ShopifyApp::AccessScopes::ShopStrategy
     end
 
+    def user_access_scopes_strategy=(class_name)
+      unless class_name.is_a?(String)
+        raise ConfigurationError, "Invalid user access scopes strategy - expected a string"
+      end
+
+      @user_access_scopes_strategy = class_name.safe_constantize
+    end
+
     def user_access_scopes_strategy
+      return @user_access_scopes_strategy if @user_access_scopes_strategy
+
       return ShopifyApp::AccessScopes::NoopStrategy unless reauth_on_access_scope_changes
 
       ShopifyApp::AccessScopes::UserStrategy

data/lib/shopify_app/controller_concerns/ensure_billing.rb

@@ -28,6 +28,7 @@ module ShopifyApp
       unless has_payment
         if request.xhr?
           add_top_level_redirection_headers(url: confirmation_url, ignore_response_code: true)
+          ShopifyApp::Logger.debug("Responding with 401 unauthorized")
           head(:unauthorized)
         else
           redirect_to(confirmation_url, allow_other_host: true)
@@ -55,6 +56,7 @@ module ShopifyApp
     end
 
     def has_subscription?(session)
+      ShopifyApp::Logger.debug("Checking if shop has subscription")
       response = run_query(session: session, query: RECURRING_PURCHASES_QUERY)
       subscriptions = response.body["data"]["currentAppInstallation"]["activeSubscriptions"]
 
@@ -70,6 +72,7 @@ module ShopifyApp
     end
 
     def has_one_time_payment?(session)
+      ShopifyApp::Logger.debug("Checking if has one time payment")
       purchases = nil
       end_cursor = nil
 

data/lib/shopify_app/controller_concerns/itp.rb

@@ -3,6 +3,11 @@
 module ShopifyApp
   # Cookie management helpers required for ITP implementation
   module Itp
+    extend ActiveSupport::Concern
+    included do
+      ShopifyApp::Logger.deprecated("Itp will be removed in an upcoming version", "22.0.0")
+    end
+
     private
 
     def set_test_cookie

data/lib/shopify_app/controller_concerns/login_protection.rb

@@ -5,11 +5,17 @@ require "browser_sniffer"
 module ShopifyApp
   module LoginProtection
     extend ActiveSupport::Concern
-    include ShopifyApp::Itp
     include ShopifyApp::SanitizedParams
 
     included do
-      after_action :set_test_cookie
+      if ancestors.include?(ShopifyApp::RequireKnownShop || ShopifyApp::EnsureInstalled)
+        message = <<~EOS
+          We detected the use of incompatible concerns (RequireKnownShop/EnsureInstalled and LoginProtection) in #{name},
+          which may lead to unpredictable behavior. In a future release of this library this will raise an error.
+        EOS
+        ShopifyApp::Logger.deprecated(message, "22.0.0")
+      end
+
       rescue_from ShopifyAPI::Errors::HttpResponseError, with: :handle_http_error
     end
 
@@ -18,20 +24,21 @@ module ShopifyApp
     def activate_shopify_session
       if current_shopify_session.blank?
         signal_access_token_required
+        ShopifyApp::Logger.debug("No session found, redirecting to login")
         return redirect_to_login
       end
 
-      unless current_shopify_session.scope.to_a.empty? ||
-          current_shopify_session.scope.covers?(ShopifyAPI::Context.scope)
-
+      unless ShopifyApp.configuration.user_access_scopes_strategy.covers_scopes?(current_shopify_session)
         clear_shopify_session
         return redirect_to_login
       end
 
       begin
+        ShopifyApp::Logger.debug("Activating Shopify session")
         ShopifyAPI::Context.activate_session(current_shopify_session)
         yield
       ensure
+        ShopifyApp::Logger.debug("Deactivating session")
         ShopifyAPI::Context.deactivate_session
       end
     end
@@ -39,14 +46,16 @@ module ShopifyApp
     def current_shopify_session
       @current_shopify_session ||= begin
         cookie_name = ShopifyAPI::Auth::Oauth::SessionCookie::SESSION_COOKIE_NAME
-        ShopifyAPI::Utils::SessionUtils.load_current_session(
+        load_current_session(
           auth_header: request.headers["HTTP_AUTHORIZATION"],
           cookies: { cookie_name => cookies.encrypted[cookie_name] },
-          is_online: user_session_expected?,
+          is_online: online_token_configured?,
         )
       rescue ShopifyAPI::Errors::CookieNotFoundError
+        ShopifyApp::Logger.warn("No cookies have been found - cookie name: #{cookie_name}")
         nil
       rescue ShopifyAPI::Errors::InvalidJwtTokenError
+        ShopifyApp::Logger.warn("Invalid JWT token for current Shopify session")
         nil
       end
     end
@@ -54,6 +63,7 @@ module ShopifyApp
     def login_again_if_different_user_or_shop
       return unless session_id_conflicts_with_params || session_shop_conflicts_with_params
 
+      ShopifyApp::Logger.debug("Clearing session and redirecting to login")
       clear_shopify_session
       redirect_to_login
     end
@@ -71,10 +81,13 @@ module ShopifyApp
 
     def add_top_level_redirection_headers(url: nil, ignore_response_code: false)
       if request.xhr? && (ignore_response_code || response.code.to_i == 401)
+        ShopifyApp::Logger.debug("Adding top level redirection headers")
         # Make sure the shop is set in the redirection URL
         unless params[:shop]
+          ShopifyApp::Logger.debug("Setting current shop session")
           params[:shop] = if current_shopify_session
             current_shopify_session.shop
+
           elsif (matches = request.headers["HTTP_AUTHORIZATION"]&.match(/^Bearer (.+)$/))
             jwt_payload = ShopifyAPI::Auth::JwtPayload.new(T.must(matches[1]))
             jwt_payload.shop
@@ -83,6 +96,7 @@ module ShopifyApp
 
         url ||= login_url_with_optional_shop
 
+        ShopifyApp::Logger.debug("Setting Reauthorize-Url to #{url}")
         response.set_header("X-Shopify-API-Request-Failure-Reauthorize", "1")
         response.set_header("X-Shopify-API-Request-Failure-Reauthorize-Url", url)
       end
@@ -103,8 +117,9 @@ module ShopifyApp
     end
 
     def redirect_to_login
-      if request.xhr?
+      if requested_by_javascript?
         add_top_level_redirection_headers(ignore_response_code: true)
+        ShopifyApp::Logger.debug("Login redirect request is a XHR")
         head(:unauthorized)
       else
         if request.get?
@@ -117,12 +132,15 @@ module ShopifyApp
           query = query.merge(sanitized_params).to_query
         end
         session[:return_to] = query.blank? ? path.to_s : "#{path}?#{query}"
+        ShopifyApp::Logger.debug("Redirecting to #{login_url_with_optional_shop}")
         redirect_to(login_url_with_optional_shop)
       end
     end
 
     def close_session
       clear_shopify_session
+      ShopifyApp::Logger.debug("Closing session")
+      ShopifyApp::Logger.debug("Redirecting to #{login_url_with_optional_shop}")
       redirect_to(login_url_with_optional_shop)
     end
 
@@ -167,6 +185,10 @@ module ShopifyApp
         query_params[:host] ||= host
       end
 
+      if params[:access_scopes].present?
+        query_params[:scope] = params[:access_scopes].join(",")
+      end
+
       query_params[:top_level] = true if top_level
       query_params
     end
@@ -178,6 +200,8 @@ module ShopifyApp
 
     def fullpage_redirect_to(url)
       if ShopifyApp.configuration.embedded_app?
+        raise ::ShopifyApp::ShopifyDomainNotFound if current_shopify_domain.nil?
+
         render("shopify_app/shared/redirect", layout: false,
           locals: { url: url, current_shopify_domain: current_shopify_domain })
       else
@@ -187,13 +211,13 @@ module ShopifyApp
 
     def current_shopify_domain
       shopify_domain = sanitized_shop_name || current_shopify_session&.shop
-
-      return shopify_domain if shopify_domain.present?
-
-      raise ::ShopifyApp::ShopifyDomainNotFound
+      ShopifyApp::Logger.info("Installed store  - #{shopify_domain} deduced from user session")
+      shopify_domain
     end
 
     def return_address
+      return base_return_address if current_shopify_domain.nil?
+
       return_address_with_params(shop: current_shopify_domain, host: host)
     rescue ::ShopifyApp::ShopifyDomainNotFound, ::ShopifyApp::ShopifyHostNotFound
       base_return_address
@@ -228,11 +252,30 @@ module ShopifyApp
       ShopifyApp::SessionRepository.retrieve_shop_session_by_shopify_domain(sanitize_shop_param(params))
     end
 
+    def online_token_configured?
+      !ShopifyApp.configuration.user_session_repository.blank? && ShopifyApp::SessionRepository.user_storage.present?
+    end
+
     def user_session_expected?
       return false if shop_session.nil?
       return false if ShopifyApp.configuration.shop_access_scopes_strategy.update_access_scopes?(shop_session.shop)
 
-      !ShopifyApp.configuration.user_session_repository.blank? && ShopifyApp::SessionRepository.user_storage.present?
+      online_token_configured?
+    end
+
+    def load_current_session(auth_header: nil, cookies: nil, is_online: false)
+      return ShopifyAPI::Context.load_private_session if ShopifyAPI::Context.private?
+
+      session_id = ShopifyAPI::Utils::SessionUtils.current_session_id(auth_header, cookies, is_online)
+      return nil unless session_id
+
+      ShopifyApp::SessionRepository.load_session(session_id)
+    end
+
+    def requested_by_javascript?
+      request.xhr? ||
+        request.content_type == "text/javascript" ||
+        request.content_type == "application/javascript"
     end
   end
 end

data/lib/shopify_app/controller_concerns/redirect_for_embedded.rb

@@ -16,7 +16,10 @@ module ShopifyApp
 
     def redirect_for_embedded
       # Don't actually redirect if we're already in the redirect route - we want the request to reach the FE
-      redirect_to(redirect_uri_for_embedded) unless request.path == ShopifyApp.configuration.embedded_redirect_url
+      unless request.path == ShopifyApp.configuration.embedded_redirect_url
+        ShopifyApp::Logger.debug("Redirecting to #{redirect_uri_for_embedded}")
+        redirect_to(redirect_uri_for_embedded)
+      end
     end
 
     def redirect_uri_for_embedded

data/lib/shopify_app/controller_concerns/webhook_verification.rb

@@ -14,7 +14,10 @@ module ShopifyApp
 
     def verify_request
       data = request.raw_post
-      return head(:unauthorized) unless hmac_valid?(data)
+      unless hmac_valid?(data)
+        ShopifyApp::Logger.debug("Webhook verification failed - HMAC invalid")
+        head(:unauthorized)
+      end
     end
 
     def shop_domain

data/lib/shopify_app/logger.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+module ShopifyApp
+  class Logger < ShopifyAPI::Logger
+    class << self
+      def deprecated(message, version)
+        return unless enabled_for_log_level?(:warn)
+
+        raise ShopifyAPI::Errors::FeatureDeprecatedError unless valid_version(version)
+
+        ActiveSupport::Deprecation.warn("[#{version}] #{context(:warn)} #{message}")
+      end
+
+      private
+
+      def context(log_level)
+        current_shop = ShopifyAPI::Context.active_session&.shop || "Shop Not Found"
+        "[ ShopifyApp | #{log_level.to_s.upcase} | #{current_shop} ]"
+      end
+
+      def valid_version(version)
+        current_version = Gem::Version.create(ShopifyApp::VERSION)
+        deprecate_version = Gem::Version.create(version)
+        current_version < deprecate_version
+      end
+    end
+  end
+end

data/lib/shopify_app/managers/scripttags_manager.rb

@@ -24,6 +24,7 @@ module ShopifyApp
     attr_reader :required_scripttags, :shop_domain
 
     def initialize(scripttags, shop_domain)
+      ShopifyApp::Logger.deprecated("The ScripttagsManager will become deprecated in an upcoming version", "22.0.0")
       @required_scripttags = scripttags
       @shop_domain = shop_domain
     end

data/lib/shopify_app/managers/webhooks_manager.rb

@@ -15,6 +15,8 @@ module ShopifyApp
       def create_webhooks(session:)
         return unless ShopifyApp.configuration.has_webhooks?
 
+        ShopifyApp::Logger.debug("Creating webhooks #{ShopifyApp.configuration.webhooks}")
+
         ShopifyAPI::Webhooks::Registry.register_all(session: session)
       end
 
@@ -23,12 +25,15 @@ module ShopifyApp
         return unless ShopifyApp.configuration.has_webhooks?
 
         add_registrations
+
+        ShopifyApp::Logger.debug("Recreating webhooks")
         ShopifyAPI::Webhooks::Registry.register_all(session: session)
       end
 
       def destroy_webhooks
         return unless ShopifyApp.configuration.has_webhooks?
 
+        ShopifyApp::Logger.debug("Destroying webhooks")
         ShopifyApp.configuration.webhooks.each do |attributes|
           ShopifyAPI::Webhooks::Registry.unregister(topic: attributes[:topic])
         end
@@ -37,6 +42,7 @@ module ShopifyApp
       def add_registrations
         return unless ShopifyApp.configuration.has_webhooks?
 
+        ShopifyApp::Logger.debug("Adding registrations to webhooks")
         ShopifyApp.configuration.webhooks.each do |attributes|
           webhook_path = path(attributes)
 

data/lib/shopify_app/session/jwt.rb

@@ -35,7 +35,7 @@ module ShopifyApp
       payload, _ = parse_token_data(ShopifyApp.configuration&.secret, ShopifyApp.configuration&.old_secret)
       @payload = validate_payload(payload)
     rescue *WARN_EXCEPTIONS => error
-      Rails.logger.warn("[ShopifyApp::JWT] Failed to validate JWT: [#{error.class}] #{error}")
+      ShopifyApp::Logger.warn("Failed to validate JWT: [#{error.class}] #{error}")
       nil
     end
 

data/lib/shopify_app/session/session_repository.rb

@@ -45,8 +45,11 @@ module ShopifyApp
       # ShopifyAPI::Auth::SessionStorage override
       def store_session(session)
         if session.online?
-          user_storage.store(session, session.associated_user)
+          user = session.associated_user
+          ShopifyApp::Logger.debug("Storing online user session - session: #{session.id}")
+          user_storage.store(session, user)
         else
+          ShopifyApp::Logger.debug("Storing offline store session - session: #{session.id}")
           shop_storage.store(session)
         end
       end
@@ -55,9 +58,13 @@ module ShopifyApp
       def load_session(id)
         match = id.match(/^offline_(.*)/)
         if match
-          retrieve_shop_session_by_shopify_domain(match[1])
+          domain = match[1]
+          ShopifyApp::Logger.debug("Loading session by domain - domain: #{domain}")
+          retrieve_shop_session_by_shopify_domain(domain)
         else
-          retrieve_user_session_by_shopify_user_id(id.split("_").last)
+          user = id.split("_").last
+          ShopifyApp::Logger.debug("Loading session by user_id - user: #{user}")
+          retrieve_user_session_by_shopify_user_id(user)
         end
       end
 
@@ -66,9 +73,13 @@ module ShopifyApp
         match = id.match(/^offline_(.*)/)
 
         record = if match
+          domain = match[1]
+          ShopifyApp::Logger.debug("Destroying session by domain - domain: #{domain}")
           Shop.find_by(shopify_domain: match[1])
         else
-          User.find_by(shopify_user_id: id.split("_").last)
+          shopify_user_id = id.split("_").last
+          ShopifyApp::Logger.debug("Destroying session by user - user_id: #{shopify_user_id}")
+          User.find_by(shopify_user_id: shopify_user_id)
         end
 
         record.destroy

data/lib/shopify_app/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module ShopifyApp
-  VERSION = "21.1.1"
+  VERSION = "21.3.0"
 end

data/lib/shopify_app.rb

@@ -37,6 +37,8 @@ module ShopifyApp
   # errors
   require "shopify_app/errors"
 
+  require "shopify_app/logger"
+
   # controller concerns
   require "shopify_app/controller_concerns/csrf_protection"
   require "shopify_app/controller_concerns/localization"

data/shopify_app.gemspec

@@ -19,7 +19,7 @@ Gem::Specification.new do |s|
   s.add_runtime_dependency("jwt", ">= 2.2.3")
   s.add_runtime_dependency("rails", "> 5.2.1")
   s.add_runtime_dependency("redirect_safely", "~> 1.0")
-  s.add_runtime_dependency("shopify_api", "~> 12.2")
+  s.add_runtime_dependency("shopify_api", "~> 12.3")
   s.add_runtime_dependency("sprockets-rails", ">= 2.0.0")
 
   s.add_development_dependency("byebug")
@@ -30,6 +30,7 @@ Gem::Specification.new do |s|
   s.add_development_dependency("pry-stack_explorer")
   s.add_development_dependency("rake")
   s.add_development_dependency("rb-readline")
+  s.add_development_dependency("ruby-lsp")
   s.add_development_dependency("sqlite3", "~> 1.4")
   s.add_development_dependency("webmock")