RubyGems - spree_api - Versions diffs - 4.5.5 → 4.6.0 - Mend

spree_api 4.5.5 → 4.6.0

Files changed (29) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4b4744bbb79cc84cafabdf5daa80d40600a688ba99fe5c4a6b6fc0f07ea00351
-  data.tar.gz: 765911a0d3a372569fa939902d201a5317606af2aae1cb4cafb9abed76c61be1
+  metadata.gz: 6324feb2fed1bf0f72361c80626006ad1de52f6516c0799993ab83ae61251166
+  data.tar.gz: c0006992c93b9bdafcc04cd0ac4934f92b08d0c5056b5981e54cbe847cb0a969
 SHA512:
-  metadata.gz: f701f555fbdd2c77bbd701284fef558b049f9ac2b030735c2745086be486984d1d131d00816390f70016a6135bfcb045835123d4261836b2301a896f95492f06
-  data.tar.gz: f612d41f16fde6b35ccb7b270eed3485de6032010f04579376178fcc3eec916bd6b2f587e67d71a27146048090b4a10c8b9256ccbcb761efe40900477df6b1e7
+  metadata.gz: b4e71a7c23dc66e6a93df0fea81e8882bf2934de213ecc0d4eee6a260622dbdd82a71c46d8bddcb71147b8b8c3395786ea06dbd3b2f8f23353adf5c8a2139238
+  data.tar.gz: cc8b2ecef98e57554dce21a75608562389d65c4a9a8b049ea26cdf8e38d1729ddf30fde834b1cf4c928b1ae970597a2039a303ef2fd7a5cd665eadafc9f4fc75

data/app/controllers/concerns/spree/api/v2/product_list_includes.rb CHANGED Viewed

@@ -8,7 +8,8 @@ module Spree
             option_types: [],
             variant_images: [],
             master: product_variant_includes,
-            variants: product_variant_includes
+            variants: product_variant_includes,
+            translations: []
           }
         end

data/app/controllers/spree/api/v2/base_controller.rb CHANGED Viewed

@@ -82,6 +82,8 @@ module Spree
           @spree_current_user ||= doorkeeper_token.resource_owner
         end
+        alias try_spree_current_user spree_current_user  # for compatibility with spree_legacy_frontend
         def spree_authorize!(action, subject, *args)
           authorize!(action, subject, *args)
         end

data/app/controllers/spree/api/v2/data_feeds/google_controller.rb ADDED Viewed

@@ -0,0 +1,24 @@
+module Spree
+  module Api
+    module V2
+      module DataFeeds
+        class GoogleController < ::Spree::Api::V2::BaseController
+          def rss_feed
+            send_data data_feeds_google_rss_service.value[:file], filename: 'products.rss', type: 'text/xml'
+          end
+          private
+          def settings
+            @settings ||= Spree::DataFeed::Google.find_by!(store: current_store, slug: params[:slug], active: true)
+          end
+          def data_feeds_google_rss_service
+            Spree::Dependencies.data_feeds_google_rss_service.constantize.new.call(settings)
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v2/platform/data_feeds_controller.rb ADDED Viewed

@@ -0,0 +1,15 @@
+module Spree
+  module Api
+    module V2
+      module Platform
+        class DataFeedsController < ResourceController
+          private
+          def model_class
+            Spree::DataFeed
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v2/resource_controller.rb CHANGED Viewed

@@ -35,7 +35,7 @@ module Spree
           base_scope = model_class.for_store(current_store)
           base_scope = base_scope.accessible_by(current_ability, :show) unless skip_cancancan
           base_scope = base_scope.includes(scope_includes) if scope_includes.any? && action_name == 'index'
-          base_scope
+          model_class.include?(TranslatableResource) ? base_scope.i18n : base_scope
         end
         def scope_includes

data/app/controllers/spree/api/v2/storefront/products_controller.rb CHANGED Viewed

@@ -16,7 +16,7 @@ module Spree
           end
           def resource
-            @resource ||= scope.find_by(slug: params[:id]) || scope.find(params[:id])
+            @resource ||= find_with_fallback_default_locale { scope.find_by(slug: params[:id]) } || scope.find(params[:id])
           end
           def collection_sorter

data/app/controllers/spree/api/v2/storefront/taxons_controller.rb CHANGED Viewed

@@ -22,7 +22,7 @@ module Spree
           end
           def resource
-            @resource ||= scope.find_by(permalink: params[:id]) || scope.find(params[:id])
+            @resource ||= find_with_fallback_default_locale { scope.find_by(permalink: params[:id]) } || scope.find(params[:id])
           end
           def model_class
@@ -30,13 +30,14 @@ module Spree
           end
           def scope_includes
-            node_includes = %i[icon parent taxonomy]
+            node_includes = %i[icon parent taxonomy translations]
             {
               parent: node_includes,
               children: node_includes,
               taxonomy: [root: node_includes],
-              icon: [attachment_attachment: :blob]
+              icon: [attachment_attachment: :blob],
+              translations: []
             }
           end

data/app/helpers/spree/api/v2/collection_options_helpers.rb CHANGED Viewed

@@ -23,7 +23,7 @@ module Spree
         # leaving this method in public scope so it's still possible to modify
         # those params to support non-standard non-JSON API parameters
         def collection_permitted_params
-          params.permit(:format, :page, :per_page, :sort, :include, fields: {}, filter: {})
+          params.permit(:format, :page, :per_page, :sort, :include, :locale, fields: {}, filter: {})
         end
         private

data/app/models/spree/webhooks/event.rb CHANGED Viewed

@@ -7,6 +7,14 @@ module Spree
       self.whitelisted_ransackable_associations = %w[subscriber]
       self.whitelisted_ransackable_attributes = %w[name request_errors response_code success url]
+      # Computes the base64-encoded HMAC SHA256 signature of the event for the given payload.
+      #
+      # @param payload [Hash, String] The payload for to the webhook subscriber.
+      # @return [String]
+      def signature_for(payload)
+        EventSignature.new(self, payload).computed_signature
+      end
     end
   end
 end

data/app/models/spree/webhooks/event_signature.rb ADDED Viewed

@@ -0,0 +1,33 @@
+require 'base64'
+require 'openssl'
+module Spree
+  module Webhooks
+    class EventSignature
+      def initialize(event, payload)
+        @event = event
+        @payload = payload
+      end
+      # Generates a base64-encoded HMAC SHA256 signature for the payload of the event.
+      #
+      # By using the stringified payload, the signature is made tamper-proof as any
+      # alterations of the data during transit will lead to an incorrect signature
+      # comparison by the client.
+      #
+      # @return [String] The computed signature
+      def computed_signature
+        @computed_signature ||=
+          Base64.strict_encode64(
+            OpenSSL::HMAC.digest('sha256', @event.subscriber.secret_key, payload)
+          )
+      end
+      private
+      def payload
+        @payload.is_a?(String) ? @payload : @payload.to_json
+      end
+    end
+  end
+end

data/app/models/spree/webhooks/subscriber.rb CHANGED Viewed

@@ -5,10 +5,11 @@ module Spree
         include Spree::VendorConcern
       end
+      has_secure_token :secret_key
       has_many :events, inverse_of: :subscriber
       validates :url, 'spree/url': true, presence: true
       validate :check_uri_path
       self.whitelisted_ransackable_attributes = %w[active subscriptions url]

data/app/serializers/spree/api/v2/platform/data_feed_serializer.rb ADDED Viewed

@@ -0,0 +1,13 @@
+module Spree
+  module Api
+    module V2
+      module Platform
+        class DataFeedSerializer < BaseSerializer
+          set_type :data_feed
+          attributes :name, :type, :slug, :active
+        end
+      end
+    end
+  end
+end

data/app/serializers/spree/api/v2/platform/user_serializer.rb CHANGED Viewed

@@ -5,7 +5,7 @@ module Spree
         class UserSerializer < BaseSerializer
           set_type :user
-          attributes :email, :first_name, :last_name, :created_at, :updated_at, :public_metadata, :private_metadata
+          attributes :email, :first_name, :last_name, :created_at, :updated_at, :public_metadata, :private_metadata, :selected_locale
           attribute :average_order_value do |user, params|
             price_stats(user.report_values_for(:average_order_value, params[:store]))

data/app/serializers/spree/v2/storefront/product_serializer.rb CHANGED Viewed

@@ -44,6 +44,10 @@ module Spree
           display_compare_at_price(product, params[:currency])
         end
+        attribute :localized_slugs do |product, params|
+          product.localized_slugs_for_store(params[:store])
+        end
         has_many :variants
         has_many :option_types
         has_many :product_properties

data/app/serializers/spree/v2/storefront/taxon_serializer.rb CHANGED Viewed

@@ -19,6 +19,10 @@ module Spree
           taxon.leaf?
         end
+        attribute :localized_slugs do |taxon, params|
+          taxon.localized_slugs_for_store(params[:store])
+        end
         belongs_to :parent,   record_type: :taxon, serializer: :taxon
         belongs_to :taxonomy, record_type: :taxonomy

data/app/serializers/spree/v2/storefront/user_serializer.rb CHANGED Viewed

@@ -4,7 +4,7 @@ module Spree
       class UserSerializer < BaseSerializer
         set_type :user
-        attributes :email, :first_name, :last_name, :public_metadata
+        attributes :email, :first_name, :selected_locale, :last_name, :public_metadata
         attribute :store_credits do |user|
           user.total_available_store_credit

data/app/services/spree/webhooks/subscribers/handle_request.rb CHANGED Viewed

@@ -39,7 +39,11 @@ module Spree
         def request
           @request ||=
-            Spree::Webhooks::Subscribers::MakeRequest.new(webhook_payload_body: body_with_event_metadata, url: url)
+            Spree::Webhooks::Subscribers::MakeRequest.new(
+              signature: event.signature_for(body_with_event_metadata),
+              url: url,
+              webhook_payload_body: body_with_event_metadata
+            )
         end
         alias make_request request

data/app/services/spree/webhooks/subscribers/make_request.rb CHANGED Viewed

@@ -4,8 +4,9 @@ module Spree
   module Webhooks
     module Subscribers
       class MakeRequest
-        def initialize(url:, webhook_payload_body:)
+        def initialize(signature:, url:, webhook_payload_body:)
           @execution_time_in_milliseconds = 0
+          @signature = signature
           @url = url
           @webhook_payload_body = webhook_payload_body
           @webhooks_timeout = ENV['SPREE_WEBHOOKS_TIMEOUT']
@@ -49,7 +50,7 @@ module Spree
         end
         def request
-          req = Net::HTTP::Post.new(uri_path, HEADERS)
+          req = Net::HTTP::Post.new(uri_path, HEADERS.merge('X-Spree-Hmac-SHA256' => @signature))
           req.body = webhook_payload_body
           @request ||= begin
             start_time = Process.clock_gettime(Process::CLOCK_MONOTONIC)

data/brakeman.ignore ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "ignored_warnings": [
+  ],
+  "updated": "2022-12-29 09:29:46 +0100",
+  "brakeman_version": "5.4.0"
+}

data/config/routes.rb CHANGED Viewed

@@ -196,6 +196,9 @@ Spree::Core::Engine.add_routes do
         # Store API
         resources :stores
+        # Data Feeds API
+        resources :data_feeds
         # Configurations API
         resources :payment_methods
         resources :shipping_categories
@@ -207,6 +210,11 @@ Spree::Core::Engine.add_routes do
           resources :subscribers
         end
       end
+      namespace :data_feeds do
+        # google data feed API
+        get '/google/:slug', to: 'google#rss_feed'
+      end
     end
   end
 end

data/db/migrate/20221221122100_add_secret_key_to_spree_webhooks_subscribers.rb ADDED Viewed

@@ -0,0 +1,5 @@
+class AddSecretKeyToSpreeWebhooksSubscribers < ActiveRecord::Migration[6.1]
+  def change
+    add_column :spree_webhooks_subscribers, :secret_key, :string, null: true
+  end
+end

data/db/migrate/20230116204600_backfill_secret_key_for_spree_webhooks_subscribers.rb ADDED Viewed

@@ -0,0 +1,5 @@
+class BackfillSecretKeyForSpreeWebhooksSubscribers < ActiveRecord::Migration[6.1]
+  def change
+    Spree::Webhooks::Subscriber.where(secret_key: nil).find_each(&:regenerate_secret_key)
+  end
+end

data/db/migrate/20230116205000_change_secret_key_to_non_null_column.rb ADDED Viewed

@@ -0,0 +1,5 @@
+class ChangeSecretKeyToNonNullColumn < ActiveRecord::Migration[6.1]
+  def change
+    change_column_null :spree_webhooks_subscribers, :secret_key, false
+  end
+end

data/docs/oauth/index.yml CHANGED Viewed

@@ -2,7 +2,7 @@ openapi: 3.0.3
 servers:
   - url: 'https://demo.spreecommerce.org'
     description: demo
-  - url: 'http://localhost:3000'
+  - url: 'http://localhost:4000'
     description: localhost
 info:
   version: 1.0.0
@@ -139,7 +139,7 @@ components:
         - expires_in
         - refresh_token
         - created_at
-      x-internal: true
+      x-internal: false
     CreateTokenBody:
       type: object
       x-examples:
@@ -152,7 +152,7 @@ components:
           username: spree@example.com
           password: spree123
           scope: admin
-      x-internal: true
+      x-internal: false
       title: 'Create a new token (grant_type: password)'
       description: ''
       properties:
@@ -186,7 +186,7 @@ components:
         example-1:
           grant_type: refresh_token
           refresh_token: SqJDIwX00fehqHxS6xmb-kzqAlrYe_0EHgekMexVT8k
-      x-internal: true
+      x-internal: false
       title: 'Create a new token (grant_type: client_credentials)'
       description: ''
       properties:
@@ -213,7 +213,7 @@ components:
         example-1:
           grant_type: refresh_token
           refresh_token: SqJDIwX00fehqHxS6xmb-kzqAlrYe_0EHgekMexVT8k
-      x-internal: true
+      x-internal: false
       title: 'Refresh an existing token (grant_type: refresh_token)'
       description: ''
       properties: