RubyGems - spree_api - Versions diffs - 4.5.5 → 4.6.0 - Mend

spree_api 4.5.5 → 4.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (29) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4b4744bbb79cc84cafabdf5daa80d40600a688ba99fe5c4a6b6fc0f07ea00351
-  data.tar.gz: 765911a0d3a372569fa939902d201a5317606af2aae1cb4cafb9abed76c61be1
+  metadata.gz: 6324feb2fed1bf0f72361c80626006ad1de52f6516c0799993ab83ae61251166
+  data.tar.gz: c0006992c93b9bdafcc04cd0ac4934f92b08d0c5056b5981e54cbe847cb0a969
 SHA512:
-  metadata.gz: f701f555fbdd2c77bbd701284fef558b049f9ac2b030735c2745086be486984d1d131d00816390f70016a6135bfcb045835123d4261836b2301a896f95492f06
-  data.tar.gz: f612d41f16fde6b35ccb7b270eed3485de6032010f04579376178fcc3eec916bd6b2f587e67d71a27146048090b4a10c8b9256ccbcb761efe40900477df6b1e7
+  metadata.gz: b4e71a7c23dc66e6a93df0fea81e8882bf2934de213ecc0d4eee6a260622dbdd82a71c46d8bddcb71147b8b8c3395786ea06dbd3b2f8f23353adf5c8a2139238
+  data.tar.gz: cc8b2ecef98e57554dce21a75608562389d65c4a9a8b049ea26cdf8e38d1729ddf30fde834b1cf4c928b1ae970597a2039a303ef2fd7a5cd665eadafc9f4fc75

data/app/controllers/concerns/spree/api/v2/product_list_includes.rb CHANGED Viewed

@@ -8,7 +8,8 @@ module Spree
             option_types: [],
             variant_images: [],
             master: product_variant_includes,
-            variants: product_variant_includes
+            variants: product_variant_includes,
+            translations: []
           }
         end

data/app/controllers/spree/api/v2/base_controller.rb CHANGED Viewed

@@ -82,6 +82,8 @@ module Spree
           @spree_current_user ||= doorkeeper_token.resource_owner
         end
+        alias try_spree_current_user spree_current_user  # for compatibility with spree_legacy_frontend
         def spree_authorize!(action, subject, *args)
           authorize!(action, subject, *args)
         end

data/app/controllers/spree/api/v2/data_feeds/google_controller.rb ADDED Viewed

@@ -0,0 +1,24 @@
+module Spree
+  module Api
+    module V2
+      module DataFeeds
+        class GoogleController < ::Spree::Api::V2::BaseController
+          def rss_feed
+            send_data data_feeds_google_rss_service.value[:file], filename: 'products.rss', type: 'text/xml'
+          end
+          private
+          def settings
+            @settings ||= Spree::DataFeed::Google.find_by!(store: current_store, slug: params[:slug], active: true)
+          end
+          def data_feeds_google_rss_service
+            Spree::Dependencies.data_feeds_google_rss_service.constantize.new.call(settings)
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v2/platform/data_feeds_controller.rb ADDED Viewed

@@ -0,0 +1,15 @@
+module Spree
+  module Api
+    module V2
+      module Platform
+        class DataFeedsController < ResourceController
+          private
+          def model_class
+            Spree::DataFeed
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v2/resource_controller.rb CHANGED Viewed

@@ -35,7 +35,7 @@ module Spree
           base_scope = model_class.for_store(current_store)
           base_scope = base_scope.accessible_by(current_ability, :show) unless skip_cancancan
           base_scope = base_scope.includes(scope_includes) if scope_includes.any? && action_name == 'index'
-          base_scope
+          model_class.include?(TranslatableResource) ? base_scope.i18n : base_scope
         end
         def scope_includes

data/app/controllers/spree/api/v2/storefront/products_controller.rb CHANGED Viewed

@@ -16,7 +16,7 @@ module Spree
           end
           def resource
-            @resource ||= scope.find_by(slug: params[:id]) || scope.find(params[:id])
+            @resource ||= find_with_fallback_default_locale { scope.find_by(slug: params[:id]) } || scope.find(params[:id])
           end
           def collection_sorter

data/app/controllers/spree/api/v2/storefront/taxons_controller.rb CHANGED Viewed

@@ -22,7 +22,7 @@ module Spree
           end
           def resource
-            @resource ||= scope.find_by(permalink: params[:id]) || scope.find(params[:id])
+            @resource ||= find_with_fallback_default_locale { scope.find_by(permalink: params[:id]) } || scope.find(params[:id])
           end
           def model_class
@@ -30,13 +30,14 @@ module Spree
           end
           def scope_includes
-            node_includes = %i[icon parent taxonomy]
+            node_includes = %i[icon parent taxonomy translations]
             {
               parent: node_includes,
               children: node_includes,
               taxonomy: [root: node_includes],
-              icon: [attachment_attachment: :blob]
+              icon: [attachment_attachment: :blob],
+              translations: []
             }
           end

data/app/helpers/spree/api/v2/collection_options_helpers.rb CHANGED Viewed

@@ -23,7 +23,7 @@ module Spree
         # leaving this method in public scope so it's still possible to modify
         # those params to support non-standard non-JSON API parameters
         def collection_permitted_params
-          params.permit(:format, :page, :per_page, :sort, :include, fields: {}, filter: {})
+          params.permit(:format, :page, :per_page, :sort, :include, :locale, fields: {}, filter: {})
         end
         private

data/app/models/spree/webhooks/event.rb CHANGED Viewed

@@ -7,6 +7,14 @@ module Spree
       self.whitelisted_ransackable_associations = %w[subscriber]
       self.whitelisted_ransackable_attributes = %w[name request_errors response_code success url]
+      # Computes the base64-encoded HMAC SHA256 signature of the event for the given payload.
+      #
+      # @param payload [Hash, String] The payload for to the webhook subscriber.
+      # @return [String]
+      def signature_for(payload)
+        EventSignature.new(self, payload).computed_signature
+      end
     end
   end
 end

data/app/models/spree/webhooks/event_signature.rb ADDED Viewed

@@ -0,0 +1,33 @@
+require 'base64'
+require 'openssl'
+module Spree
+  module Webhooks
+    class EventSignature
+      def initialize(event, payload)
+        @event = event
+        @payload = payload
+      end
+      # Generates a base64-encoded HMAC SHA256 signature for the payload of the event.
+      #
+      # By using the stringified payload, the signature is made tamper-proof as any
+      # alterations of the data during transit will lead to an incorrect signature
+      # comparison by the client.
+      #
+      # @return [String] The computed signature
+      def computed_signature
+        @computed_signature ||=
+          Base64.strict_encode64(
+            OpenSSL::HMAC.digest('sha256', @event.subscriber.secret_key, payload)
+          )
+      end
+      private
+      def payload
+        @payload.is_a?(String) ? @payload : @payload.to_json
+      end
+    end
+  end
+end

data/app/models/spree/webhooks/subscriber.rb CHANGED Viewed

@@ -5,10 +5,11 @@ module Spree
         include Spree::VendorConcern
       end
+      has_secure_token :secret_key
       has_many :events, inverse_of: :subscriber
       validates :url, 'spree/url': true, presence: true
       validate :check_uri_path
       self.whitelisted_ransackable_attributes = %w[active subscriptions url]

data/app/serializers/spree/api/v2/platform/data_feed_serializer.rb ADDED Viewed

@@ -0,0 +1,13 @@
+module Spree
+  module Api
+    module V2
+      module Platform
+        class DataFeedSerializer < BaseSerializer
+          set_type :data_feed
+          attributes :name, :type, :slug, :active
+        end
+      end
+    end
+  end
+end

data/app/serializers/spree/api/v2/platform/user_serializer.rb CHANGED Viewed

@@ -5,7 +5,7 @@ module Spree
         class UserSerializer < BaseSerializer
           set_type :user
-          attributes :email, :first_name, :last_name, :created_at, :updated_at, :public_metadata, :private_metadata
+          attributes :email, :first_name, :last_name, :created_at, :updated_at, :public_metadata, :private_metadata, :selected_locale
           attribute :average_order_value do |user, params|
             price_stats(user.report_values_for(:average_order_value, params[:store]))

data/app/serializers/spree/v2/storefront/product_serializer.rb CHANGED Viewed

@@ -44,6 +44,10 @@ module Spree
           display_compare_at_price(product, params[:currency])
         end
+        attribute :localized_slugs do |product, params|
+          product.localized_slugs_for_store(params[:store])
+        end
         has_many :variants
         has_many :option_types
         has_many :product_properties

data/app/serializers/spree/v2/storefront/taxon_serializer.rb CHANGED Viewed

@@ -19,6 +19,10 @@ module Spree
           taxon.leaf?
         end
+        attribute :localized_slugs do |taxon, params|
+          taxon.localized_slugs_for_store(params[:store])
+        end
         belongs_to :parent,   record_type: :taxon, serializer: :taxon
         belongs_to :taxonomy, record_type: :taxonomy

data/app/serializers/spree/v2/storefront/user_serializer.rb CHANGED Viewed

@@ -4,7 +4,7 @@ module Spree
       class UserSerializer < BaseSerializer
         set_type :user
-        attributes :email, :first_name, :last_name, :public_metadata
+        attributes :email, :first_name, :selected_locale, :last_name, :public_metadata
         attribute :store_credits do |user|
           user.total_available_store_credit

data/app/services/spree/webhooks/subscribers/handle_request.rb CHANGED Viewed

@@ -39,7 +39,11 @@ module Spree
         def request
           @request ||=
-            Spree::Webhooks::Subscribers::MakeRequest.new(webhook_payload_body: body_with_event_metadata, url: url)
+            Spree::Webhooks::Subscribers::MakeRequest.new(
+              signature: event.signature_for(body_with_event_metadata),
+              url: url,
+              webhook_payload_body: body_with_event_metadata
+            )
         end
         alias make_request request

data/app/services/spree/webhooks/subscribers/make_request.rb CHANGED Viewed

@@ -4,8 +4,9 @@ module Spree
   module Webhooks
     module Subscribers
       class MakeRequest
-        def initialize(url:, webhook_payload_body:)
+        def initialize(signature:, url:, webhook_payload_body:)
           @execution_time_in_milliseconds = 0
+          @signature = signature
           @url = url
           @webhook_payload_body = webhook_payload_body
           @webhooks_timeout = ENV['SPREE_WEBHOOKS_TIMEOUT']
@@ -49,7 +50,7 @@ module Spree
         end
         def request
-          req = Net::HTTP::Post.new(uri_path, HEADERS)
+          req = Net::HTTP::Post.new(uri_path, HEADERS.merge('X-Spree-Hmac-SHA256' => @signature))
           req.body = webhook_payload_body
           @request ||= begin
             start_time = Process.clock_gettime(Process::CLOCK_MONOTONIC)

data/brakeman.ignore ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "ignored_warnings": [
+  ],
+  "updated": "2022-12-29 09:29:46 +0100",
+  "brakeman_version": "5.4.0"
+}

data/config/routes.rb CHANGED Viewed

@@ -196,6 +196,9 @@ Spree::Core::Engine.add_routes do
         # Store API
         resources :stores
+        # Data Feeds API
+        resources :data_feeds
         # Configurations API
         resources :payment_methods
         resources :shipping_categories
@@ -207,6 +210,11 @@ Spree::Core::Engine.add_routes do
           resources :subscribers
         end
       end
+      namespace :data_feeds do
+        # google data feed API
+        get '/google/:slug', to: 'google#rss_feed'
+      end
     end
   end
 end

data/db/migrate/20221221122100_add_secret_key_to_spree_webhooks_subscribers.rb ADDED Viewed

@@ -0,0 +1,5 @@
+class AddSecretKeyToSpreeWebhooksSubscribers < ActiveRecord::Migration[6.1]
+  def change
+    add_column :spree_webhooks_subscribers, :secret_key, :string, null: true
+  end
+end

data/db/migrate/20230116204600_backfill_secret_key_for_spree_webhooks_subscribers.rb ADDED Viewed

@@ -0,0 +1,5 @@
+class BackfillSecretKeyForSpreeWebhooksSubscribers < ActiveRecord::Migration[6.1]
+  def change
+    Spree::Webhooks::Subscriber.where(secret_key: nil).find_each(&:regenerate_secret_key)
+  end
+end

data/db/migrate/20230116205000_change_secret_key_to_non_null_column.rb ADDED Viewed

@@ -0,0 +1,5 @@
+class ChangeSecretKeyToNonNullColumn < ActiveRecord::Migration[6.1]
+  def change
+    change_column_null :spree_webhooks_subscribers, :secret_key, false
+  end
+end

data/docs/oauth/index.yml CHANGED Viewed

@@ -2,7 +2,7 @@ openapi: 3.0.3
 servers:
   - url: 'https://demo.spreecommerce.org'
     description: demo
-  - url: 'http://localhost:3000'
+  - url: 'http://localhost:4000'
     description: localhost
 info:
   version: 1.0.0
@@ -139,7 +139,7 @@ components:
         - expires_in
         - refresh_token
         - created_at
-      x-internal: true
+      x-internal: false
     CreateTokenBody:
       type: object
       x-examples:
@@ -152,7 +152,7 @@ components:
           username: spree@example.com
           password: spree123
           scope: admin
-      x-internal: true
+      x-internal: false
       title: 'Create a new token (grant_type: password)'
       description: ''
       properties:
@@ -186,7 +186,7 @@ components:
         example-1:
           grant_type: refresh_token
           refresh_token: SqJDIwX00fehqHxS6xmb-kzqAlrYe_0EHgekMexVT8k
-      x-internal: true
+      x-internal: false
       title: 'Create a new token (grant_type: client_credentials)'
       description: ''
       properties:
@@ -213,7 +213,7 @@ components:
         example-1:
           grant_type: refresh_token
           refresh_token: SqJDIwX00fehqHxS6xmb-kzqAlrYe_0EHgekMexVT8k
-      x-internal: true
+      x-internal: false
       title: 'Refresh an existing token (grant_type: refresh_token)'
       description: ''
       properties: