shopify_app 22.5.2 → 23.0.0

metadata

@@ -1,28 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: shopify_app
 version: !ruby/object:Gem::Version
-  version: 22.5.2
+  version: 23.0.0
 platform: ruby
 authors:
 - Shopify
 bindir: bin
 cert_chain: []
-date: 2025-03-17 00:00:00.000000000 Z
+date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
-- !ruby/object:Gem::Dependency
-  name: activeresource
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
 - !ruby/object:Gem::Dependency
   name: addressable
   requirement: !ruby/object:Gem::Requirement
@@ -41,16 +27,22 @@ dependencies:
   name: rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 5.2.1
+        version: '7.1'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '9'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 5.2.1
+        version: '7.1'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '9'
 - !ruby/object:Gem::Dependency
   name: redirect_safely
   requirement: !ruby/object:Gem::Requirement
@@ -69,52 +61,46 @@ dependencies:
   name: shopify_api
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 14.7.0
-    - - "<"
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '15.0'
+        version: '16.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 14.7.0
-    - - "<"
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '15.0'
+        version: '16.0'
 - !ruby/object:Gem::Dependency
   name: sprockets-rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 2.0.0
+        version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 2.0.0
+        version: '0'
 - !ruby/object:Gem::Dependency
-  name: jwt
+  name: byebug
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 2.2.3
-  type: :runtime
+        version: '0'
+  type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 2.2.3
+        version: '0'
 - !ruby/object:Gem::Dependency
-  name: byebug
+  name: csv
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -127,6 +113,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.2.3
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.2.3
 - !ruby/object:Gem::Dependency
   name: minitest
   requirement: !ruby/object:Gem::Requirement
@@ -143,6 +143,20 @@ dependencies:
         version: '0'
 - !ruby/object:Gem::Dependency
   name: mocha
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.1.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.1.0
+- !ruby/object:Gem::Dependency
+  name: mutex_m
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -243,16 +257,16 @@ dependencies:
   name: sqlite3
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.4'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.4'
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: webmock
   requirement: !ruby/object:Gem::Requirement
@@ -278,6 +292,7 @@ files:
 - ".github/ISSUE_TEMPLATE/config.yml"
 - ".github/ISSUE_TEMPLATE/feature-request.md"
 - ".github/PULL_REQUEST_TEMPLATE.md"
+- ".github/dependabot.yaml"
 - ".github/workflows/build.yml"
 - ".github/workflows/cla.yml"
 - ".github/workflows/close-waiting-for-response-issues.yml"
@@ -308,6 +323,8 @@ files:
 - app/controllers/shopify_app/extension_verification_controller.rb
 - app/controllers/shopify_app/sessions_controller.rb
 - app/controllers/shopify_app/webhooks_controller.rb
+- app/jobs/shopify_app/script_tags_manager_job.rb
+- app/jobs/shopify_app/webhooks_manager_job.rb
 - app/views/shopify_app/layouts/app_bridge.html.erb
 - app/views/shopify_app/partials/_button_styles.html.erb
 - app/views/shopify_app/partials/_card_styles.html.erb
@@ -351,6 +368,7 @@ files:
 - docs/shopify_app/generators.md
 - docs/shopify_app/handling-access-scopes-changes.md
 - docs/shopify_app/logging.md
+- docs/shopify_app/script-tags.md
 - docs/shopify_app/sessions.md
 - docs/shopify_app/testing.md
 - docs/shopify_app/webhooks.md
@@ -398,6 +416,7 @@ files:
 - lib/generators/shopify_app/routes/templates/routes.rb
 - lib/generators/shopify_app/shop_model/shop_model_generator.rb
 - lib/generators/shopify_app/shop_model/templates/db/migrate/add_shop_access_scopes_column.erb
+- lib/generators/shopify_app/shop_model/templates/db/migrate/add_shop_access_token_expiry_columns.erb
 - lib/generators/shopify_app/shop_model/templates/db/migrate/create_shops.erb
 - lib/generators/shopify_app/shop_model/templates/shop.rb
 - lib/generators/shopify_app/shop_model/templates/shops.yml
@@ -432,14 +451,12 @@ files:
 - lib/shopify_app/controller_concerns/with_shopify_id_token.rb
 - lib/shopify_app/engine.rb
 - lib/shopify_app/errors.rb
-- lib/shopify_app/jobs/webhooks_manager_job.rb
 - lib/shopify_app/logger.rb
+- lib/shopify_app/managers/script_tags_manager.rb
 - lib/shopify_app/managers/webhooks_manager.rb
-- lib/shopify_app/middleware/jwt_middleware.rb
 - lib/shopify_app/session/in_memory_session_store.rb
 - lib/shopify_app/session/in_memory_shop_session_store.rb
 - lib/shopify_app/session/in_memory_user_session_store.rb
-- lib/shopify_app/session/jwt.rb
 - lib/shopify_app/session/null_user_session_store.rb
 - lib/shopify_app/session/session_repository.rb
 - lib/shopify_app/session/session_storage.rb
@@ -469,14 +486,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '3.0'
+      version: '3.2'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.6.5
+rubygems_version: 3.7.2
 specification_version: 4
 summary: This gem is used to get quickly started with the Shopify API
 test_files: []

data/lib/shopify_app/middleware/jwt_middleware.rb

@@ -1,48 +0,0 @@
-# frozen_string_literal: true
-
-module ShopifyApp
-  class JWTMiddleware
-    TOKEN_REGEX = /^Bearer (.+)$/
-    ID_TOKEN_QUERY_PARAM = "id_token"
-
-    def initialize(app)
-      @app = app
-    end
-
-    def call(env)
-      return call_next(env) unless ShopifyApp.configuration.embedded_app?
-
-      token = token_from_authorization_header(env) || token_from_query_string(env)
-      return call_next(env) unless token
-
-      set_env_variables(token, env)
-      call_next(env)
-    end
-
-    private
-
-    def call_next(env)
-      @app.call(env)
-    end
-
-    def token_from_authorization_header(env)
-      env["HTTP_AUTHORIZATION"]&.match(TOKEN_REGEX)&.[](1)
-    end
-
-    def token_from_query_string(env)
-      Rack::Utils.parse_nested_query(env["QUERY_STRING"])[ID_TOKEN_QUERY_PARAM]
-    end
-
-    def set_env_variables(token, env)
-      jwt = ShopifyAPI::Auth::JwtPayload.new(token)
-
-      env["jwt.token"] = token
-      env["jwt.shopify_domain"] = jwt.shopify_domain
-      env["jwt.shopify_user_id"] = jwt.shopify_user_id
-      env["jwt.expire_at"] = jwt.expire_at
-    rescue ShopifyAPI::Errors::InvalidJwtTokenError
-      # ShopifyApp::JWT did not raise any exceptions, ensuring behaviour does not change
-      nil
-    end
-  end
-end

data/lib/shopify_app/session/jwt.rb

@@ -1,73 +0,0 @@
-# frozen_string_literal: true
-
-module ShopifyApp
-  class JWT
-    WARN_EXCEPTIONS = [
-      ::JWT::DecodeError,
-      ::JWT::ExpiredSignature,
-      ::JWT::ImmatureSignature,
-      ::JWT::VerificationError,
-      ::ShopifyApp::InvalidAudienceError,
-      ::ShopifyApp::InvalidDestinationError,
-      ::ShopifyApp::MismatchedHostsError,
-    ]
-
-    def initialize(token)
-      warn_deprecation
-      @token = token
-      set_payload
-    end
-
-    def shopify_domain
-      @payload && ShopifyApp::Utils.sanitize_shop_domain(@payload["dest"])
-    end
-
-    def shopify_user_id
-      @payload["sub"].to_i if @payload && @payload["sub"]
-    end
-
-    def expire_at
-      @payload["exp"].to_i if @payload && @payload["exp"]
-    end
-
-    private
-
-    def set_payload
-      payload, _ = parse_token_data(ShopifyApp.configuration&.secret, ShopifyApp.configuration&.old_secret)
-      @payload = validate_payload(payload)
-    rescue *WARN_EXCEPTIONS
-      nil
-    end
-
-    def parse_token_data(secret, old_secret)
-      ::JWT.decode(@token, secret, true, { algorithm: "HS256" })
-    rescue ::JWT::VerificationError
-      raise unless old_secret
-
-      ::JWT.decode(@token, old_secret, true, { algorithm: "HS256" })
-    end
-
-    def validate_payload(payload)
-      dest_host = ShopifyApp::Utils.sanitize_shop_domain(payload["dest"])
-      iss_host = ShopifyApp::Utils.sanitize_shop_domain(payload["iss"])
-      api_key = ShopifyApp.configuration.api_key
-
-      raise ::ShopifyApp::InvalidAudienceError,
-        "'aud' claim does not match api_key" unless payload["aud"] == api_key
-      raise ::ShopifyApp::InvalidDestinationError, "'dest' claim host not a valid shopify host" unless dest_host
-
-      raise ::ShopifyApp::MismatchedHostsError,
-        "'dest' claim host does not match 'iss' claim host" unless dest_host == iss_host
-
-      payload
-    end
-
-    def warn_deprecation
-      message = <<~EOS
-        "ShopifyApp::JWT will be deprecated, use ShopifyAPI::Auth::JwtPayload to parse JWT token instead."
-      EOS
-
-      ShopifyApp::Logger.deprecated(message, "23.0.0")
-    end
-  end
-end