shopify_app 22.3.1 → 22.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2b4b936b4f5a91a7a73e53ec4e1df8d46d7cd75a67663ade6035524a32b01642
-  data.tar.gz: b9b5b3b9cc461fdee3d9b6447f888e68ed2bcd7e504084550118d2c9929e5072
+  metadata.gz: d8a8d6fb5b227bbe3070fba9050497eb007e4191a782bc89b12a84546470ed65
+  data.tar.gz: 5f8d8e4486585b07a93ad7f6abddaebde7a263568dc78e757627476aba37d38b
 SHA512:
-  metadata.gz: 5c0c813ac266810468a1100dfa7c9baf1af7c889f9a9dc865d796c19baea2d0bcaea7c8f79f6f27e1cbb7fa918f237563eac954735d4dcd77e6aa9f89038b34c
-  data.tar.gz: fe5fdd935be6cf251ab74ecc110178c3a5a07cfdf5aafc7a568db34fea7568bbca218c99c8223d18555079cdc080bd96ba951c4f800937acb94809e3ae89ca0f
+  metadata.gz: 2a0b7ad073c42b6fbe5033aa686fa365050d8d56305507746b15f938a1511e979eecd49dcaefbe2793114c6ca4c4ef4f986085b743651115dc816faab404da15
+  data.tar.gz: a8896ed834816ef8fd35f17db67aef3efcd401fa2a46900e2a2bce8d5b96f863db3eaa0335e73d63b6c48e6382d52d9103c46fce7a7252568e1abe7e503d2075

data/.github/workflows/build.yml

@@ -12,7 +12,7 @@ jobs:
     name: Ruby ${{ matrix.version }}
     strategy:
       matrix:
-        version: ['3.0', '3.1', '3.2']
+        version: ['3.0', '3.1', '3.2', '3.3']
 
     steps:
       - uses: actions/checkout@v3

data/CHANGELOG.md

@@ -1,6 +1,17 @@
 Unreleased
 ----------
 
+22.5.0 (November 28, 2024)
+----------
+- Add support for filters in webhook registration [1923](https://github.com/Shopify/shopify_app/pull/1923)
+-  Make `ShopifyApp.configuration.scope` default to empty list `[]` [1913](https://github.com/Shopify/shopify_app/pull/1913)
+
+22.4.0 (August 22, 2024)
+----------
+- Add the `unified_admin_domain` configuration option for the unified admin domain.
+- Add new generators for webhook subscriptions defined in the `shopify.app.toml` file [1882](https://github.com/Shopify/shopify_app/pull/1882)
+- Fix test stubbing for Token Exchange auth [1897](https://github.com/Shopify/shopify_app/pull/1897)
+
 22.3.1 (July 26, 2024)
 ----------
 - Handle edge case where we attempted to redirect to login when already at the top level [#1887](https://github.com/Shopify/shopify_app/pull/1887)

data/Gemfile.lock

@@ -1,80 +1,80 @@
 PATH
   remote: .
   specs:
-    shopify_app (22.3.1)
+    shopify_app (22.5.0)
       activeresource
       addressable (~> 2.7)
       jwt (>= 2.2.3)
       rails (> 5.2.1)
       redirect_safely (~> 1.0)
-      shopify_api (>= 14.3.0, < 15.0)
+      shopify_api (>= 14.7.0, < 15.0)
       sprockets-rails (>= 2.0.0)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    actioncable (6.1.7.8)
-      actionpack (= 6.1.7.8)
-      activesupport (= 6.1.7.8)
+    actioncable (6.1.7.9)
+      actionpack (= 6.1.7.9)
+      activesupport (= 6.1.7.9)
       nio4r (~> 2.0)
       websocket-driver (>= 0.6.1)
-    actionmailbox (6.1.7.8)
-      actionpack (= 6.1.7.8)
-      activejob (= 6.1.7.8)
-      activerecord (= 6.1.7.8)
-      activestorage (= 6.1.7.8)
-      activesupport (= 6.1.7.8)
+    actionmailbox (6.1.7.9)
+      actionpack (= 6.1.7.9)
+      activejob (= 6.1.7.9)
+      activerecord (= 6.1.7.9)
+      activestorage (= 6.1.7.9)
+      activesupport (= 6.1.7.9)
       mail (>= 2.7.1)
-    actionmailer (6.1.7.8)
-      actionpack (= 6.1.7.8)
-      actionview (= 6.1.7.8)
-      activejob (= 6.1.7.8)
-      activesupport (= 6.1.7.8)
+    actionmailer (6.1.7.9)
+      actionpack (= 6.1.7.9)
+      actionview (= 6.1.7.9)
+      activejob (= 6.1.7.9)
+      activesupport (= 6.1.7.9)
       mail (~> 2.5, >= 2.5.4)
       rails-dom-testing (~> 2.0)
-    actionpack (6.1.7.8)
-      actionview (= 6.1.7.8)
-      activesupport (= 6.1.7.8)
+    actionpack (6.1.7.9)
+      actionview (= 6.1.7.9)
+      activesupport (= 6.1.7.9)
       rack (~> 2.0, >= 2.0.9)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actiontext (6.1.7.8)
-      actionpack (= 6.1.7.8)
-      activerecord (= 6.1.7.8)
-      activestorage (= 6.1.7.8)
-      activesupport (= 6.1.7.8)
+    actiontext (6.1.7.9)
+      actionpack (= 6.1.7.9)
+      activerecord (= 6.1.7.9)
+      activestorage (= 6.1.7.9)
+      activesupport (= 6.1.7.9)
       nokogiri (>= 1.8.5)
-    actionview (6.1.7.8)
-      activesupport (= 6.1.7.8)
+    actionview (6.1.7.9)
+      activesupport (= 6.1.7.9)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.1, >= 1.2.0)
-    activejob (6.1.7.8)
-      activesupport (= 6.1.7.8)
+    activejob (6.1.7.9)
+      activesupport (= 6.1.7.9)
       globalid (>= 0.3.6)
-    activemodel (6.1.7.8)
-      activesupport (= 6.1.7.8)
+    activemodel (6.1.7.9)
+      activesupport (= 6.1.7.9)
     activemodel-serializers-xml (1.0.2)
       activemodel (> 5.x)
       activesupport (> 5.x)
       builder (~> 3.1)
-    activerecord (6.1.7.8)
-      activemodel (= 6.1.7.8)
-      activesupport (= 6.1.7.8)
-    activeresource (6.1.0)
+    activerecord (6.1.7.9)
+      activemodel (= 6.1.7.9)
+      activesupport (= 6.1.7.9)
+    activeresource (6.1.3)
       activemodel (>= 6.0)
       activemodel-serializers-xml (~> 1.0)
       activesupport (>= 6.0)
-    activestorage (6.1.7.8)
-      actionpack (= 6.1.7.8)
-      activejob (= 6.1.7.8)
-      activerecord (= 6.1.7.8)
-      activesupport (= 6.1.7.8)
+    activestorage (6.1.7.9)
+      actionpack (= 6.1.7.9)
+      activejob (= 6.1.7.9)
+      activerecord (= 6.1.7.9)
+      activesupport (= 6.1.7.9)
       marcel (~> 1.0)
       mini_mime (>= 1.1.0)
-    activesupport (6.1.7.8)
+    activesupport (6.1.7.9)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)
@@ -88,21 +88,21 @@ GEM
     builder (3.3.0)
     byebug (11.1.3)
     coderay (1.1.3)
-    concurrent-ruby (1.3.3)
+    concurrent-ruby (1.3.4)
     crack (0.4.5)
       rexml
     crass (1.0.6)
-    date (3.3.3)
+    date (3.3.4)
     debug_inspector (1.1.0)
     erubi (1.13.0)
-    globalid (1.1.0)
-      activesupport (>= 5.0)
+    globalid (1.2.1)
+      activesupport (>= 6.1)
     hash_diff (1.1.1)
     hashdiff (1.0.1)
     httparty (0.21.0)
       mini_mime (>= 1.0.0)
       multi_xml (>= 0.5.2)
-    i18n (1.14.5)
+    i18n (1.14.6)
       concurrent-ruby (~> 1.0)
     json (2.7.2)
     jwt (2.7.0)
@@ -117,26 +117,26 @@ GEM
       net-smtp
     marcel (1.0.2)
     method_source (1.0.0)
-    mini_mime (1.1.2)
+    mini_mime (1.1.5)
     minitest (5.18.0)
     mocha (2.0.2)
       ruby2_keywords (>= 0.0.5)
     multi_xml (0.6.0)
-    net-imap (0.3.4)
+    net-imap (0.4.17)
       date
       net-protocol
     net-pop (0.1.2)
       net-protocol
-    net-protocol (0.2.1)
+    net-protocol (0.2.2)
       timeout
-    net-smtp (0.3.3)
+    net-smtp (0.5.0)
       net-protocol
     nio4r (2.5.9)
-    nokogiri (1.16.6-arm64-darwin)
+    nokogiri (1.16.7-arm64-darwin)
       racc (~> 1.4)
-    nokogiri (1.16.6-x86_64-darwin)
+    nokogiri (1.16.7-x86_64-darwin)
       racc (~> 1.4)
-    nokogiri (1.16.6-x86_64-linux)
+    nokogiri (1.16.7-x86_64-linux)
       racc (~> 1.4)
     oj (3.14.3)
     openssl (3.1.0)
@@ -154,24 +154,24 @@ GEM
       binding_of_caller (~> 1.0)
       pry (~> 0.13)
     public_suffix (5.0.1)
-    racc (1.8.0)
-    rack (2.2.9)
+    racc (1.8.1)
+    rack (2.2.10)
     rack-test (2.1.0)
       rack (>= 1.3)
-    rails (6.1.7.8)
-      actioncable (= 6.1.7.8)
-      actionmailbox (= 6.1.7.8)
-      actionmailer (= 6.1.7.8)
-      actionpack (= 6.1.7.8)
-      actiontext (= 6.1.7.8)
-      actionview (= 6.1.7.8)
-      activejob (= 6.1.7.8)
-      activemodel (= 6.1.7.8)
-      activerecord (= 6.1.7.8)
-      activestorage (= 6.1.7.8)
-      activesupport (= 6.1.7.8)
+    rails (6.1.7.9)
+      actioncable (= 6.1.7.9)
+      actionmailbox (= 6.1.7.9)
+      actionmailer (= 6.1.7.9)
+      actionpack (= 6.1.7.9)
+      actiontext (= 6.1.7.9)
+      actionview (= 6.1.7.9)
+      activejob (= 6.1.7.9)
+      activemodel (= 6.1.7.9)
+      activerecord (= 6.1.7.9)
+      activestorage (= 6.1.7.9)
+      activesupport (= 6.1.7.9)
       bundler (>= 1.15.0)
-      railties (= 6.1.7.8)
+      railties (= 6.1.7.9)
       sprockets-rails (>= 2.0.0)
     rails-controller-testing (1.0.5)
       actionpack (>= 5.0.1.rc1)
@@ -184,9 +184,9 @@ GEM
     rails-html-sanitizer (1.6.0)
       loofah (~> 2.21)
       nokogiri (~> 1.14)
-    railties (6.1.7.8)
-      actionpack (= 6.1.7.8)
-      activesupport (= 6.1.7.8)
+    railties (6.1.7.9)
+      actionpack (= 6.1.7.9)
+      activesupport (= 6.1.7.9)
       method_source
       rake (>= 12.2)
       thor (~> 1.0)
@@ -196,8 +196,7 @@ GEM
     redirect_safely (1.0.0)
       activemodel
     regexp_parser (2.9.0)
-    rexml (3.3.2)
-      strscan
+    rexml (3.3.9)
     rubocop (1.62.1)
       json (~> 2.3)
       language_server-protocol (>= 3.17.0)
@@ -220,7 +219,7 @@ GEM
     ruby-progressbar (1.13.0)
     ruby2_keywords (0.0.5)
     securerandom (0.2.2)
-    shopify_api (14.3.0)
+    shopify_api (14.7.0)
       activesupport
       concurrent-ruby
       hash_diff
@@ -242,11 +241,10 @@ GEM
     sqlite3 (1.7.3-arm64-darwin)
     sqlite3 (1.7.3-x86_64-darwin)
     sqlite3 (1.7.3-x86_64-linux)
-    strscan (3.1.0)
     syntax_tree (6.1.1)
       prettier_print (>= 1.2.0)
     thor (1.2.2)
-    timeout (0.3.2)
+    timeout (0.4.1)
     tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
     unicode-display_width (2.5.0)
@@ -257,7 +255,7 @@ GEM
     websocket-driver (0.7.5)
       websocket-extensions (>= 0.1.0)
     websocket-extensions (0.1.5)
-    zeitwerk (2.6.16)
+    zeitwerk (2.6.18)
 
 PLATFORMS
   arm64-darwin-21

data/README.md

@@ -169,10 +169,11 @@ ShopifyApp.configure do |config|
 end
 
 ```
-3. Handle special callback logic. If your app has overridden the OAuth CallbackController to run special tasks post authorization, 
+3. Handle special callback logic. If your app has overridden the OAuth CallbackController to run special tasks post authorization,
 you'll need to create and configure a custom PostAuthenticateTasks class to run these tasks after the token exchange. The original
 OAuth CallbackController will not be triggered anymore. See [Post Authenticate Tasks documentation](/docs/shopify_app/authentication.md#post-authenticate-tasks) for more information.
-4. Enjoy a smoother and faster app installation process.
+4. Make sure your `embedded_app` layout is correct. If your app has any controller which includes `ShopifyApp::EnsureInstalled`, they will now also include the `ShopifyApp::EmbeddedApp` concern, which sets `layout 'embedded_app'` for the current controller by default. In cases where the controller originally looked for another layout file, this can cause unexpected behavior. See [`EmbeddedApp` concern's documentation](/docs/shopify_app/controller-concerns.md#embeddedapp) for more information on the effects of this concern and how to disable the layout change if needed.
+5. Enjoy a smoother and faster app installation process.
 
 ### API Versioning
 

data/docs/Quickstart.md

@@ -34,8 +34,15 @@ HOST='https://some-random-words.trycloudflare.com/'
 
 ## Use Shopify App Bridge to embed your app in the Shopify Admin
 
-A basic example of using [*Shopify App Bridge*](https://shopify.dev/tools/app-bridge) is included in the install generator. An instance Shopify App Bridge is automatically initialized in [shopify_app.js](https://github.com/Shopify/shopify_app/blob/master/lib/generators/shopify_app/install/templates/shopify_app.js). 
+A basic example of using [*Shopify App Bridge*](https://shopify.dev/tools/app-bridge) is included in the install generator. An instance Shopify App Bridge is automatically initialized in [shopify_app.js](https://github.com/Shopify/shopify_app/blob/master/lib/generators/shopify_app/install/templates/shopify_app.js).
 
-The [flash_messages.js](https://github.com/Shopify/shopify_app/blob/master/lib/generators/shopify_app/install/templates/flash_messages.js) file converts Rails [flash messages](https://api.rubyonrails.org/classes/ActionDispatch/Flash.html) to App Bridge Toast actions automatically. By default, this library is included via [unpkg in the embedded_app layout](https://github.com/Shopify/shopify_app/blob/master/lib/generators/shopify_app/install/templates/embedded_app.html.erb#L27). 
+If you are using the `shopify_app` gem **without** the [frontend react template](https://github.com/Shopify/shopify-frontend-template-react), the [flash_messages.js](https://github.com/Shopify/shopify_app/blob/master/lib/generators/shopify_app/install/templates/flash_messages.js) file converts Rails [flash messages](https://api.rubyonrails.org/classes/ActionDispatch/Flash.html) to App Bridge Toast actions automatically. If your app is embedded and you want to display flash messages you will need to update the session storage to allow for 3rd party cookies. So that the flash messages can be save in the session cookie.
+
+```ruby
+#session_store.rb
+Rails.application.config.session_store(:cookie_store, key: '_example_session', expire_after: 14.days, secure: true, same_site: 'None')
+```
+
+By default, this library is included via [unpkg in the embedded_app layout](https://github.com/Shopify/shopify_app/blob/master/lib/generators/shopify_app/install/templates/embedded_app.html.erb#L27).
 
 For more advanced uses it is recommended to [install App Bridge via npm or yarn](https://help.shopify.com/en/api/embedded-apps/app-bridge/getting-started#set-up-shopify-app-bridge-in-your-app).

data/docs/shopify_app/authentication.md

@@ -63,6 +63,26 @@ Using token exchange will ensure that the access token retrieved will always hav
 Authorization code grant flow is the OAuth flow that requires the app to redirect the user 
 to Shopify for installation/authorization of the app to access the shop's data. It is still required for apps that are not embedded.
 
+If your app is not using [Shopify managed installation](https://shopify.dev/docs/apps/auth/installation#shopify-managed-installation) with declared scopes in your `.toml` file, you can change the requested access scopes during OAuth flow 
+by adding the `scope` to your configurations - `ShopifyApp.configuration` & `ShopifyAPI::Context.setup`.
+
+
+```ruby
+# config/initializers/shopify_app.rb
+
+ShopifyApp.configure do |config|
+  ...
+  config.scope = ["read_discounts", "write_products"]
+  ...
+end
+
+ShopifyAPI::Context.setup(
+  ...
+  scope: ShopifyApp.configuration.scope,
+  ...
+)
+```
+
 To perform [authorization code grant flow](https://shopify.dev/docs/apps/auth/get-access-tokens/authorization-code-grant), you app will need to handle
 [begin OAuth](#begin-oauth) and [OAuth callback](#oauth-callback) routes.
 
@@ -195,6 +215,17 @@ config.secret = Rails.application.secrets.shopify_secret
 config.old_secret = Rails.application.secrets.old_shopify_secret
 ```
 
+Also make sure the old secret is specified when setting up `ShopifyAPI::Context` as well:
+
+```ruby
+ShopifyAPI::Context.setup(
+  api_key: ShopifyApp.configuration.api_key,
+  api_secret_key: ShopifyApp.configuration.secret,
+  # ...
+  old_api_secret_key: ShopifyApp.configuration.old_secret,
+)
+```
+
 We've provided a generator which creates the job and an example rake task:
 
 ```sh

data/docs/shopify_app/webhooks.md

@@ -2,13 +2,26 @@
 
 #### Table of contents
 
-[Manage webhooks using `ShopifyApp::WebhooksManager`](#manage-webhooks-using-shopifyappwebhooksmanager)
+[App-specific webhooks in shopify.app.toml (recommended)](#subscribing-to-webhooks-in-the-app-configuration-file)
+[Manage shop-specific webhooks using `ShopifyApp::WebhooksManager`](#manage-webhooks-using-shopifyappwebhooksmanager)
 [Mandatory Privacy Webhooks](#mandatory-privacy-webhooks)
 
-## Manage webhooks using `ShopifyApp::WebhooksManager`
+## App-specific webhooks in shopify.app.toml (recommended)
+You can specify app-specific webhooks to subscribe to in the `shopify.app.toml` file. These subscriptions are easier to manage because they are kept up to date by Shopify. In many cases they will be sufficient. Please read [app-specific vs shop-specific subscriptions](https://shopify.dev/docs/apps/build/webhooks/subscribe#app-specific-vs-shop-specific-subscriptions) to understand when you might need shop-specific webhooks.
 
-See [`ShopifyApp::WebhooksManager`](/lib/shopify_app/managers/webhooks_manager.rb)
-ShopifyApp can manage your app's webhooks for you if you set which webhooks you require in the initializer:
+### Consuming app-specific webhooks events
+To consume app-specific webhooks events from the `shopify.app.toml` file, you can scaffold the necessary files by running the following generator.
+
+```bash
+rails g shopify_app:add_declarative_webhook --topic carts/update --path webhooks/carts_update
+```
+
+This will add a new controller, job, and route to your application. The controller will verify the webhook and queue the job to process the webhook. The job will be responsible for processing the webhook data.
+
+## Manage shop-specific webhooks using `ShopifyApp::WebhooksManager`
+
+See [`ShopifyApp::WebhooksManager`](/lib/shopify_app/managers/webhooks_manager.rb).
+ShopifyApp can manage your app's shop-specific webhooks for you if you set which webhooks you require in the initializer:
 
 ```ruby
 ShopifyApp.configure do |config|
@@ -18,6 +31,8 @@ ShopifyApp.configure do |config|
 end
 ```
 
+This method should only be used if you have a good reason not to use app-specific webhooks (such as requiring different topics for different shops).
+
 When the [OAuth callback](/docs/shopify_app/authentication.md#oauth-callback) or token exchange is completed successfully, ShopifyApp will queue a background job which will ensure all the specified webhooks exist for that shop. Because this runs on every OAuth callback, it means your app will always have the webhooks it needs even if the user uninstalls and re-installs the app.
 
 ShopifyApp also provides a [WebhooksController](/app/controllers/shopify_app/webhooks_controller.rb) that receives webhooks and queues a job based on the received topic. For example, if you register the webhook from above, then all you need to do is create a job called `CartsUpdateJob`. The job will be queued with 2 params: `shop_domain` and `webhook` (which is the webhook body).
@@ -47,13 +62,27 @@ ShopifyApp.configure do |config|
   config.webhooks = [
     {
       topic: 'orders/create',
-      path: 'api/webhooks/order_create',
+      path: 'api/webhooks/orders_create',
       metafield_namespaces: ['app-namespace'],
     },
   ]
 end
 ```
 
+If you need to filter by webhook fields, you can register a webhook with a `filter` parameter. The documentation for Webhook filters can be found [here](https://shopify.dev/docs/apps/build/webhooks/customize/filters).
+
+```ruby
+ShopifyApp.configure do |config|
+  config.webhooks = [
+    {
+      topic: 'products/update',
+      path: 'api/webhooks/products_update',
+      filter: "variants.price:>=10.00",
+    },
+  ]
+end
+```
+
 If you'd rather implement your own controller then you'll want to use the [`ShopifyApp::WebhookVerification`](/lib/shopify_app/controller_concerns/webhook_verification.rb) module to verify your webhooks, example:
 
 ```ruby

data/lib/generators/shopify_app/add_declarative_webhook/add_declarative_webhook_generator.rb

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+require "rails/generators/base"
+
+module ShopifyApp
+  module Generators
+    class AddDeclarativeWebhookGenerator < Rails::Generators::Base
+      source_root File.expand_path("../templates", __FILE__)
+      class_option :topic, type: :string, aliases: "-t", required: true
+      class_option :path, type: :string, aliases: "-p", required: true
+
+      hook_for :test_framework, as: :job, in: :rails do |instance, generator|
+        instance.invoke(generator, [instance.send(:file_name)])
+      end
+
+      def add_webhook_job
+        namespace = ShopifyApp.configuration.webhook_jobs_namespace
+        @job_file_name = if namespace.present?
+          "#{namespace}/#{file_name}_job"
+        else
+          "#{file_name}_job"
+        end
+        @job_class_name = @job_file_name.classify
+        template("webhook_job.rb", "app/jobs/#{@job_file_name}.rb")
+      end
+
+      def add_webhook_controller
+        @controller_file_name = "#{file_name}_controller"
+        @controller_class_name = @controller_file_name.classify
+        template("webhook_controller.rb", "app/controllers/webhooks/#{@controller_file_name}.rb")
+      end
+
+      def add_webhook_route
+        route = "\t\t\tpost '#{file_name}', to: '#{file_name}#receive'\n"
+        inject_into_file("config/routes.rb", route, after: /namespace :webhooks do\n/)
+      end
+
+      private
+
+      def file_name
+        path.split("/").last
+      end
+
+      def topic
+        options["topic"]
+      end
+
+      def path
+        options["path"]
+      end
+    end
+  end
+end

data/lib/generators/shopify_app/add_declarative_webhook/templates/webhook_controller.rb.tt

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module Webhooks
+  class <%= @controller_class_name %> < ApplicationController
+    include ShopifyApp::WebhookVerification
+
+    def receive
+      webhook_request = ShopifyAPI::Webhooks::Request.new(raw_body: request.raw_post, headers: request.headers.to_h)
+      <%= @job_class_name %>.perform_later(shop_domain: webhook_request.shop, webhook: webhook_request.parsed_body)
+      head(:no_content)
+    end
+  end
+end

data/lib/generators/shopify_app/add_declarative_webhook/templates/webhook_job.rb.tt

@@ -0,0 +1,15 @@
+class <%= @job_class_name %> < ActiveJob::Base
+
+  def perform(shop_domain:, webhook:)
+    shop = Shop.find_by(shopify_domain: shop_domain)
+
+    if shop.nil?
+      logger.error("#{self.class} failed: cannot find shop with domain '#{shop_domain}'")
+
+      raise ActiveRecord::RecordNotFound, "Shop Not Found"
+    end
+
+    shop.with_shopify_session do |session|
+    end
+  end
+end

data/lib/generators/shopify_app/add_webhook/templates/webhook_job.rb.tt

@@ -17,6 +17,7 @@ class <%= @job_class_name %> < ActiveJob::Base
     end
 
     shop.with_shopify_session do |session|
+    ## webhook processing logic
     end
   end
 end

data/lib/shopify_app/configuration.rb

@@ -39,6 +39,9 @@ module ShopifyApp
     # configure myshopify domain for local shopify development
     attr_accessor :myshopify_domain
 
+    # configure the unified admin domain for local shopify development
+    attr_accessor :unified_admin_domain
+
     # ability to have webpacker installed but not used in this gem and the generators
     attr_accessor :disable_webpacker
 
@@ -54,9 +57,11 @@ module ShopifyApp
     def initialize
       @root_url = "/"
       @myshopify_domain = "myshopify.com"
+      @unified_admin_domain = "shopify.com"
       @scripttags_manager_queue_name = Rails.application.config.active_job.queue_name
       @webhooks_manager_queue_name = Rails.application.config.active_job.queue_name
       @disable_webpacker = ENV["SHOPIFY_APP_DISABLE_WEBPACKER"].present?
+      @scope = []
 
       log_v23_deprecations
     end

data/lib/shopify_app/controller_concerns/frame_ancestors.rb

@@ -8,7 +8,7 @@ module ShopifyApp
       content_security_policy do |policy|
         policy.frame_ancestors(-> do
           domain_host = current_shopify_domain || "*.#{::ShopifyApp.configuration.myshopify_domain}"
-          "#{ShopifyAPI::Context.host_scheme}://#{domain_host} https://admin.shopify.com"
+          "#{ShopifyAPI::Context.host_scheme}://#{domain_host} https://admin.#{::ShopifyApp.configuration.unified_admin_domain}"
         end)
       end
     end

data/lib/shopify_app/managers/webhooks_manager.rb

@@ -52,6 +52,7 @@ module ShopifyApp
             path: webhook_path,
             handler: delivery_method == :http ? webhook_job_klass(webhook_path) : nil,
             fields: attributes[:fields],
+            filter: attributes[:filter],
             metafield_namespaces: attributes[:metafield_namespaces],
           )
         end

data/lib/shopify_app/test_helpers/shopify_session_helper.rb

@@ -7,6 +7,7 @@ module ShopifyApp
         ShopifyAPI::Auth::Session.new(id: session_id, shop: shop_domain).tap do |session|
           ShopifyApp::SessionRepository.stubs(:load_session).returns(session)
           ShopifyAPI::Utils::SessionUtils.stubs(:current_session_id).returns(session.id)
+          ShopifyAPI::Utils::SessionUtils.stubs(:session_id_from_shopify_id_token).returns(session.id)
           ShopifyAPI::Context.activate_session(session)
         end
       end

data/lib/shopify_app/utils.rb

@@ -44,7 +44,7 @@ module ShopifyApp
         if spin_env
           "https://admin.web.#{spin_env}/store/#{shop}"
         else
-          "https://admin.shopify.com/store/#{shop}"
+          "https://admin.#{unified_admin_domain}/store/#{shop}"
         end
       end
 
@@ -54,6 +54,10 @@ module ShopifyApp
         ShopifyApp.configuration.myshopify_domain
       end
 
+      def unified_admin_domain
+        ShopifyApp.configuration.unified_admin_domain
+      end
+
       def trusted_domains
         trusted_domains = TRUSTED_SHOPIFY_DOMAINS.dup
         trusted_domains.append(myshopify_domain).uniq! if myshopify_domain

data/lib/shopify_app/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module ShopifyApp
-  VERSION = "22.3.1"
+  VERSION = "22.5.0"
 end

data/package.json

@@ -1,6 +1,6 @@
 {
   "name": "shopify_app",
-  "version": "22.3.1",
+  "version": "22.5.0",
   "repository": "git@github.com:Shopify/shopify_app.git",
   "author": "Shopify",
   "license": "MIT",
@@ -18,7 +18,7 @@
     "mocha": "^10.2.0",
     "sinon": "^9.0.3",
     "sinon-chai": "^3.2.0",
-    "webpack": "^5.89.0"
+    "webpack": "^5.94.0"
   },
   "scripts": {
     "test": "./node_modules/.bin/karma start --browsers ChromeHeadless --single-run"