RubyGems - spree_cm_commissioner - Versions diffs - 2.5.16.pre.pre8 → 2.5.16 - Mend

spree_cm_commissioner 2.5.16.pre.pre8 → 2.5.16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (37) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 659785b7538c0a039babbe93d0c14a08171ecc75c4131cb0de992da84d3bfac0
-  data.tar.gz: 548dff81e18f044aaedb94cc3a886cfd2c2600338a6760fc2e2c1ef04d75508c
+  metadata.gz: b8c433f50fb2876095dad4e8adbf87547a04c0bdef08f1db15f545a5f3539aa2
+  data.tar.gz: 3af1f877767be983922d340cd0249c3bfbf897e6e544ffaae3ea2bb37e00bd82
 SHA512:
-  metadata.gz: 43a7f398986a3b4ed009505986cd705d7556d9b2413f8ff003ab7f9d0bd099e52b69bd86717fd4b927e87fd1bfa4e5e1b2b6df39233b83cb1f2685dc27613b3e
-  data.tar.gz: e3e9ffda8081870c8fe88d1d4c61f1b57495825d194c62c790698e4d0c00d44a2afffe4cffe06e5b7fe99a65127fbbd2989266d37b2b494f0c1e337c732c74d5
+  metadata.gz: 7010f9de4eb7b82981659da7e3a39896a03a88fb94aa6781e2e2379cda802568626c210b303e71541fc0b9b907e42d4df29253b12da9482902f1b786b531c402
+  data.tar.gz: 42a5c84dc33246476af82617e1629c10de17caf44175ecc33afbda90f8991d5ae16534dab195bf7154f32fa40f43cecb562ceffddc0564e6ed991d8905aca470

data/Gemfile.lock CHANGED Viewed

@@ -34,7 +34,7 @@ GIT
 PATH
   remote: .
   specs:
-    spree_cm_commissioner (2.5.16.pre.pre8)
+    spree_cm_commissioner (2.5.16)
       activerecord-multi-tenant
       activerecord_json_validator (~> 2.1, >= 2.1.3)
       aws-sdk-cloudfront

data/README.md CHANGED Viewed

@@ -153,8 +153,37 @@ PIN_CODE_DEBUG_NOTIFIY_TELEGRAM_ENABLE="yes"
 EXCEPTION_NOTIFY_ENABLE="yes" # yes or no
 EXCEPTION_TELEGRAM_BOT_TOKEN=""
 EXCEPTION_NOTIFIER_TELEGRAM_CHANNEL_ID=""
+TURNSTILE_SECRET_KEY="" # Cloudflare Turnstile secret key (server-side verification)
 ```
+### Cloudflare Turnstile
+Cloudflare Turnstile is used to protect sensitive API endpoints from bots. The server-side validation is handled by `SpreeCmCommissioner::TurnstileTokenValidator` and the concern `SpreeCmCommissioner::TurnstileProtectable`.
+**Protected endpoints:**
+- `POST /api/v2/storefront/pin_code_generators`
+- `POST /api/v2/storefront/pin_code_otp_generators`
+- `POST /api/v2/storefront/user_registration_with_pin_codes`
+- `PUT  /api/v2/storefront/reset_passwords`
+- `PATCH /api/v2/storefront/checkout/complete`
+**How it works:**
+1. The client sends a Turnstile token via the `X-Turnstile-Token` HTTP header
+2. `TurnstileProtectable` reads the header and calls `TurnstileTokenValidator`
+3. The validator POSTs to Cloudflare's siteverify API with the token and `TURNSTILE_SECRET_KEY`
+4. Returns 403 if verification fails
+**Configuration:**
+1. Set `TURNSTILE_SECRET_KEY` in `.env` (obtained from [Cloudflare Turnstile dashboard](https://dash.cloudflare.com/))
+2. For local development testing, use Cloudflare's test keys:
+   - Always pass: `1x0000000000000000000000000000000AA`
+   - Always fail: `2x0000000000000000000000000000000AA`
+   - Token spent: `3x0000000000000000000000000000000AA`
 ## JSON Format Examples For Store and Tenant Preferences
 ### Asset Links Format

data/app/controllers/concerns/spree_cm_commissioner/turnstile_protectable.rb ADDED Viewed

@@ -0,0 +1,42 @@
+module SpreeCmCommissioner
+  module TurnstileProtectable
+    extend ActiveSupport::Concern
+    private
+    # Verify the Turnstile token from the X-Turnstile-Token header.
+    # Renders 403 and halts the request if verification fails.
+    #
+    # Usage:
+    #   before_action -> { verify_turnstile! }, only: :create
+    #
+    def verify_turnstile!
+      token = request.headers['X-Turnstile-Token']
+      # Skip verification if no token and Turnstile is not enforced
+      return if token.blank? && turnstile_optional?
+      result = TurnstileTokenValidator.call(
+        token: token,
+        remote_ip: request.remote_ip
+      )
+      return unless result.failure?
+      render json: {
+        errors: [{
+          status: '403',
+          title: 'Forbidden',
+          detail: result.message
+        }
+]
+      }, status: :forbidden
+    end
+    # Override in controllers to make Turnstile optional for specific actions.
+    # Default: required (returns false).
+    def turnstile_optional?
+      false
+    end
+  end
+end

data/app/controllers/spree/api/v2/organizer/invite_guests_controller.rb ADDED Viewed

@@ -0,0 +1,91 @@
+module Spree
+  module Api
+    module V2
+      module Organizer
+        class InviteGuestsController < ::Spree::Api::V2::Organizer::BaseController
+          before_action :load_invite_guest_by_token, only: :show
+          before_action :load_invite_guest, :assign_line_item_data, only: :update
+          def show
+            render_serialized_payload { serialize_resource(@invite_guest) }
+          end
+          def update
+            return render_error(:revoked) if @invite_guest.revoked?
+            return render_error(:closed) if @invite_guest.expired?
+            return render_error(:fully_claimed) if @invite_guest.fully_claimed?
+            guest = @line_item.guests.new(guest_params)
+            guest.event_id = @invite_guest.event_id
+            if guest.save
+              @invite_guest.update(claimed_status: :claimed) if @line_item.guests.count == @invite_guest.quantity
+              send_guest_claimed_invitation_telegram_alert_to_vendor(guest) if guest.event.vendor.preferred_telegram_chat_id.present?
+              render json: SpreeCmCommissioner::V2::Storefront::GuestSerializer.new(guest.reload).serializable_hash
+            else
+              render_error_payload(guest.errors.full_messages.to_sentence)
+            end
+          end
+          private
+          def send_guest_claimed_invitation_telegram_alert_to_vendor(guest)
+            title = '📣 --- [NEW GUEST CLAIMED INVITATION] ---' # Style/StringLiterals
+            chat_id = guest.event.vendor.preferred_telegram_chat_id
+            return if chat_id.blank?
+            factory = SpreeCmCommissioner::InviteGuestClaimedTelegramMessageFactory.new(
+              title: title,
+              order: @invite_guest.order,
+              guest: guest,
+              vendor: guest.event.vendor
+            )
+            SpreeCmCommissioner::TelegramNotificationSenderJob.perform_later(
+              chat_id: chat_id,
+              message: factory.message,
+              parse_mode: factory.parse_mode
+            )
+          end
+          def load_invite_guest_by_token
+            @invite_guest = SpreeCmCommissioner::InviteGuest.find_by(token: params[:id])
+          rescue ActiveRecord::RecordNotFound
+            render_error_payload(I18n.t('invite.url_not_found'))
+          end
+          def load_invite_guest
+            @invite_guest = SpreeCmCommissioner::InviteGuest.find(params[:id])
+          end
+          def assign_line_item_data
+            @line_item = @invite_guest.order.line_items.first
+            @guests = @line_item.guests
+          end
+          def render_error(message)
+            render json: { errors: message }
+          end
+          def guest_params
+            params.require(:invite_guest).permit(
+              :first_name,
+              :last_name,
+              :dob,
+              :gender,
+              :age,
+              :emergency_contact,
+              :phone_number,
+              :address,
+              :other_organization
+            )
+          end
+          def resource_serializer
+            ::Spree::V2::Organizer::InviteGuestSerializer
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v2/storefront/saved_guests_controller.rb ADDED Viewed

@@ -0,0 +1,77 @@
+module Spree
+  module Api
+    module V2
+      module Storefront
+        class SavedGuestsController < ::Spree::Api::V2::ResourceController
+          before_action :require_spree_current_user
+          before_action :load_saved_guest, only: %i[show update destroy]
+          def collection
+            spree_current_user.saved_guests.order(created_at: :desc)
+                              .page(params[:page])
+                              .per(params[:per_page])
+          end
+          def create
+            saved_guest = spree_current_user.saved_guests.new(saved_guest_params)
+            if saved_guest.save
+              render_serialized_payload(201) { serialize_resource(saved_guest) }
+            else
+              render_error_payload(saved_guest.errors.full_messages.to_sentence, 422)
+            end
+          end
+          def update
+            if @saved_guest.update(saved_guest_params)
+              render_serialized_payload { serialize_resource(@saved_guest) }
+            else
+              render_error_payload(@saved_guest.errors.full_messages.to_sentence, 400)
+            end
+          end
+          def destroy
+            @saved_guest.destroy
+            head :no_content
+          end
+          private
+          def model_class
+            SpreeCmCommissioner::SavedGuest
+          end
+          def collection_serializer
+            resource_serializer
+          end
+          def resource_serializer
+            SpreeCmCommissioner::V2::Storefront::SavedGuestSerializer
+          end
+          def load_saved_guest
+            @saved_guest = spree_current_user.saved_guests.find(params[:id])
+          end
+          def saved_guest_params
+            params.require(:saved_guest).permit(
+              :first_name,
+              :last_name,
+              :dob,
+              :age,
+              :gender,
+              :email,
+              :country_code,
+              :phone_number,
+              :intel_phone_number,
+              :nationality_id,
+              :occupation_id,
+              :nationality_group,
+              :age_group
+            )
+          end
+        end
+      end
+    end
+  end
+end

data/app/helpers/spree_cm_commissioner/transit/trip_helper.rb CHANGED Viewed

@@ -7,34 +7,6 @@ module SpreeCmCommissioner
         formatted_time = Time.zone.parse(time.to_s)
         timezone ? formatted_time.in_time_zone(timezone) : formatted_time
       end
-      # Helper to parse date strings or return date objects
-      def parse_date(date_obj)
-        return date_obj if date_obj.is_a?(Date)
-        Date.parse(date_obj.to_s)
-      rescue ArgumentError
-        nil
-      end
-      def normalize_date(value)
-        if value.respond_to?(:to_date) && value.to_date == Time.zone.now.to_date
-          Time.zone.now
-        else
-          Time.zone.parse(value.to_s)
-        end
-      end
-      def minutes_since_midnight(value)
-        case value
-        when Time, ActiveSupport::TimeWithZone
-          (value.hour * 60) + value.min
-        else
-          str = value.to_s.strip
-          h, m = str.split(':', 2).map(&:to_i)
-          (h * 60) + (m || 0)
-        end
-      end
     end
   end
 end

data/app/interactors/spree_cm_commissioner/create_vendor.rb CHANGED Viewed

@@ -11,6 +11,8 @@ module SpreeCmCommissioner
         create_logo
         create_role
       end
+      context.vendor = @vendor
     end
     private

data/app/interactors/spree_cm_commissioner/turnstile_token_validator.rb ADDED Viewed

@@ -0,0 +1,55 @@
+module SpreeCmCommissioner
+  class TurnstileTokenValidator < BaseInteractor
+    SITE_VERIFY_URL = 'https://challenges.cloudflare.com/turnstile/v0/siteverify'.freeze
+    delegate :token, :remote_ip, to: :context
+    def call
+      context.fail!(message: I18n.t('turnstile.token_missing')) if token.blank?
+      response = verify_token
+      body = JSON.parse(response.body)
+      unless body['success']
+        error_codes = body['error-codes']&.join(', ') || 'unknown'
+        Rails.logger.warn(
+          "Turnstile verification failed: #{error_codes} " \
+          "from IP #{remote_ip} | hostname=#{body['hostname']}"
+        )
+        context.fail!(message: I18n.t('turnstile.verification_failed'))
+      end
+      context.challenge_ts = body['challenge_ts']
+      context.hostname = body['hostname']
+      context.action = body['action']
+    end
+    private
+    def verify_token
+      connection.post do |req|
+        req.body = {
+          secret: secret_key,
+          response: token,
+          remoteip: remote_ip
+        }
+      end
+    rescue Faraday::TimeoutError, Faraday::ConnectionFailed => e
+      Rails.logger.error("Turnstile API error: #{e.class} - #{e.message}")
+      context.fail!(message: I18n.t('turnstile.service_unavailable'))
+    end
+    def connection
+      @connection ||= Faraday.new(url: SITE_VERIFY_URL) do |f|
+        f.request :url_encoded
+        f.options.open_timeout = 3
+        f.options.timeout = 5
+        f.adapter Faraday.default_adapter
+      end
+    end
+    def secret_key
+      ENV.fetch('TURNSTILE_SECRET_KEY')
+    end
+  end
+end

data/app/jobs/spree_cm_commissioner/cleanup_expired_access_tokens_job.rb ADDED Viewed

@@ -0,0 +1,9 @@
+module SpreeCmCommissioner
+  class CleanupExpiredAccessTokensJob < SpreeCmCommissioner::ApplicationJob
+    queue_as :default
+    def perform
+      SpreeCmCommissioner::CleanupExpiredAccessTokens.new.call
+    end
+  end
+end

data/app/models/spree_cm_commissioner/agency.rb ADDED Viewed

@@ -0,0 +1,12 @@
+module SpreeCmCommissioner
+  class Agency < Base
+    belongs_to :vendor, class_name: 'Spree::Vendor', optional: false
+    belongs_to :agency_category, class_name: 'Spree::Taxon', optional: false
+    enum approval_status: { pending: 0, approved: 1, rejected: 2 }
+    enum status: { inactive: 0, active: 1 }
+    enum paid_type: { postpaid: 0, prepaid: 1 }
+    validates :name, presence: true
+  end
+end

data/app/models/spree_cm_commissioner/role_decorator.rb CHANGED Viewed

@@ -1,6 +1,8 @@
 module SpreeCmCommissioner
   module RoleDecorator
     def self.prepended(base)
+      base.enum role_type: { internal: 0, external: 1 }
       base.has_many :role_permissions, class_name: 'SpreeCmCommissioner::RolePermission'
       base.has_many :permissions, through: :role_permissions, class_name: 'SpreeCmCommissioner::Permission'
@@ -10,6 +12,7 @@ module SpreeCmCommissioner
       base.scope :filter_by_vendor, lambda { |vendor|
         where(vendor_id: vendor)
       }
+      base.scope :filter_external, -> { where(role_type: :external) }
       base.accepts_nested_attributes_for :role_permissions, allow_destroy: true

data/app/models/spree_cm_commissioner/trip.rb CHANGED Viewed

@@ -5,8 +5,6 @@ module SpreeCmCommissioner
     attr_accessor :hours, :minutes, :seconds
-    enum trip_type: { direct: 0, multi_leg: 1 }
     # This model has no seat_layout column (polymorphic association), so we store the preload_seat_layout_id ID in public_metadata.
     # This lets us check if a seat layout exists without triggering a database query.
     # The ID is automatically updated whenever the seat_layout is saved.

data/app/models/spree_cm_commissioner/user_decorator.rb CHANGED Viewed

@@ -24,6 +24,7 @@ module SpreeCmCommissioner
       base.has_many :user_events, class_name: 'SpreeCmCommissioner::UserEvent'
       base.has_many :events, through: :user_events, class_name: 'Spree::Taxon', source: 'taxon'
       base.has_many :guests, class_name: 'SpreeCmCommissioner::Guest', dependent: :destroy
+      base.has_many :saved_guests, class_name: 'SpreeCmCommissioner::SavedGuest', dependent: :nullify
       base.has_many :google_user_identity_providers,
                     -> { where(identity_type: :google) },

data/app/queries/spree_cm_commissioner/trip_query.rb CHANGED Viewed

@@ -16,39 +16,139 @@ module SpreeCmCommissioner
     end
     def call
-      return Kaminari.paginate_array([]).page(@page).per(@per_page) if date.to_date < Date.current
+      return Kaminari.paginate_array([]) if date.to_date < Date.current
-      result = direct_trips
-      result += multi_leg_trips if result.empty? || result.size < 3 || @params[:include_multi_leg] == true
-      Kaminari.paginate_array(result).page(@page).per(@per_page)
+      paginated_relation = direct_trips
+      return Kaminari.paginate_array([]) if paginated_relation.empty?
+      unique_trips = paginated_relation.uniq(&:id)
+      results_array = unique_trips.map do |trip|
+        result = build_trip_result(trip)
+        SpreeCmCommissioner::TripQueryResult.new([result])
+      end
+      Kaminari.paginate_array(
+        results_array,
+        total_count: unique_trips.size,
+        limit: unique_trips.size,
+        offset: paginated_relation.offset_value
+      )
+    end
+    def direct_trips
+      result = trip_scope
+      result = result.where({ vendor_id: vendor_id }.compact) if vendor_id.present?
+      result = result.where(route_type: route_type) if route_type.present?
+      result = result.where(spree_vendors: { tenant_id: tenant_id }) if tenant_id.present?
+      paginate(result)
+    end
+    def product_inventory_totals
+      Spree::Product
+        .select(
+          'spree_products.id AS product_id,
+              SUM(cm_inventory_items.max_capacity) AS max_capacity,
+              SUM(cm_inventory_items.quantity_available) AS quantity_available'
+        )
+        .joins(variants: :inventory_items)
+        .where('cm_inventory_items.inventory_date = ? AND cm_inventory_items.quantity_available >= ?', @date.to_date, @number_of_guests)
+        .group('spree_products.id')
     end
     private
-    def direct_trips
-      SpreeCmCommissioner::SingleLegTripsQuery.new(
-        origin_id: origin_id,
-        destination_id: destination_id,
-        date: date,
-        route_type: route_type,
-        vendor_id: vendor_id,
-        tenant_id: tenant_id,
-        number_of_guests: number_of_guests,
-        params: params
-      ).call
-    end
-    def multi_leg_trips
-      SpreeCmCommissioner::MultiLegTripsQuery.new(
-        origin_id: origin_id,
-        destination_id: destination_id,
-        date: date,
-        route_type: route_type,
-        vendor_id: vendor_id,
-        tenant_id: tenant_id,
-        number_of_guests: number_of_guests,
-        params: params
-      ).call
+    def trip_scope
+      scope = SpreeCmCommissioner::Trip
+              .select(<<~SQL.squish)
+                cm_trips.*,
+                boarding.departure_time AS boarding_departure_time,
+                boarding.stop_place_id AS boarding_stop_id, boarding.stop_name AS boarding_stop_name,
+                drop_off.stop_name AS drop_off_stop_name, drop_off.stop_place_id AS drop_off_stop_id,
+                drop_off.arrival_time AS drop_off_arrival_time,
+                COALESCE(iv.quantity_available, 0) AS quantity_available,
+                COALESCE(iv.max_capacity, 0) AS max_capacity,
+                origin_places.name AS origin_place_name, dest_places.name AS destination_place_name,
+                prices.amount AS amount, prices.compare_at_amount AS compare_at_amount,
+                prices.currency AS currency
+              SQL
+              .includes(vendor: :logo, vehicle_type: :option_values, route: {}, open_dated_product: %i[trip variants])
+      scope = scope.joins(:vendor) if tenant_id.present?
+      scope
+        .joins(<<~SQL.squish)
+          INNER JOIN cm_trip_stops AS boarding ON boarding.trip_id = cm_trips.id AND boarding.allow_boarding = true
+          INNER JOIN cm_trip_stops AS drop_off ON drop_off.trip_id = cm_trips.id AND drop_off.allow_drop_off = true
+          INNER JOIN cm_places AS origin_places ON origin_places.id = cm_trips.origin_place_id
+          INNER JOIN cm_places AS dest_places ON dest_places.id = cm_trips.destination_place_id
+          INNER JOIN spree_variants AS master ON master.product_id = cm_trips.product_id AND master.is_master = true
+          INNER JOIN spree_prices AS prices ON prices.variant_id = master.id AND prices.deleted_at IS NULL
+        SQL
+        .where('(boarding.location_place_id = ? OR boarding.stop_place_id = ? OR cm_trips.origin_place_id = ?)
+                 AND (drop_off.location_place_id = ? OR drop_off.stop_place_id = ? OR cm_trips.destination_place_id = ?)',
+               origin_id, origin_id, origin_id, destination_id, destination_id, destination_id
+        )
+        .joins("INNER JOIN (#{inventory_sql.to_sql}) iv ON cm_trips.product_id = iv.product_id")
+    end
+    def paginate(result)
+      @per_page.to_i.positive? ? result.page(@page).per(@per_page) : result.page(@page)
+    end
+    def inventory_sql
+      @inventory_sql ||= product_inventory_totals
+    end
+    def build_trip_result(trip)
+      vehicle_type = trip&.vehicle_type
+      vendor = trip&.vendor
+      trip_result_options = {
+        id: trip&.id,
+        departure_time: trip&.departure_time,
+        duration: trip&.duration,
+        distance: trip&.distance,
+        allow_seat_selection: trip&.allow_seat_selection,
+        route_type: trip&.route_type,
+        origin_place: {
+          id: trip&.origin_place_id,
+          name: trip&.origin_place_name
+        },
+        destination_place: {
+          id: trip&.destination_place_id,
+          name: trip&.destination_place_name
+        },
+        vehicle_type_id: trip&.vehicle_type_id,
+        vehicle_type: vehicle_type,
+        vendor_id: trip&.vendor_id,
+        vendor: vendor,
+        product_id: trip&.product_id,
+        price: trip&.amount,
+        currency: trip&.currency,
+        compare_at_amount: trip&.compare_at_amount,
+        boarding: build_boarding_info(trip),
+        drop_off: build_drop_off_info(trip),
+        quantity_available: trip&.quantity_available,
+        max_capacity: trip&.max_capacity,
+        amenities: (trip.vehicle_type&.option_values || []),
+        open_dated_product: trip&.open_dated_product
+      }
+      SpreeCmCommissioner::TripResult.new(trip_result_options)
+    end
+    def build_boarding_info(trip)
+      {
+        stop_id: trip&.boarding_stop_id,
+        stop_name: trip&.boarding_stop_name,
+        departure_time: trip&.boarding_departure_time
+      }
+    end
+    def build_drop_off_info(trip)
+      {
+        stop_id: trip&.drop_off_stop_id,
+        stop_name: trip&.drop_off_stop_name,
+        arrival_time: trip&.drop_off_arrival_time
+      }
     end
   end
 end

data/app/serializers/spree/v2/organizer/invite_guest_serializer.rb ADDED Viewed

@@ -0,0 +1,13 @@
+module Spree
+  module V2
+    module Organizer
+      class InviteGuestSerializer < BaseSerializer
+        attributes :email, :quantity, :token, :invite_type, :claimed_status, :issued_to, :expiration_date,
+                   :email_send_at, :created_at, :updated_at, :remark
+        belongs_to :variant, serializer: SpreeCmCommissioner::V2::Storefront::EventVariantSerializer
+        belongs_to :order, serializer: Spree::V2::Storefront::OrderSerializer
+        belongs_to :event, serializer: Spree::V2::Storefront::TaxonSerializer
+      end
+    end
+  end
+end

data/app/serializers/spree/v2/tenant/line_item_serializer.rb CHANGED Viewed

@@ -11,7 +11,7 @@ module Spree
                    :display_amount, :number, :qr_data, :kyc, :kyc_fields, :remaining_total_guests, :number_of_guests,
                    :completion_steps, :available_social_contact_platforms, :allow_anonymous_booking,
                    :discontinue_on, :high_demand, :jwt_token, :pre_tax_amount, :display_pre_tax_amount, :public_metadata,
-                   :direction, :trip_id, :boarding_trip_stop_id, :drop_off_trip_stop_id
+                   :direction, :trip_id, :boarding_trip_stop_id, :drop_off_trip_stop_id, :passenger_count, :remark
         attribute :required_self_check_in_location, &:required_self_check_in_location?
         attribute :allowed_self_check_in, &:allowed_self_check_in?

data/app/services/spree_cm_commissioner/cleanup_expired_access_tokens.rb ADDED Viewed

@@ -0,0 +1,52 @@
+module SpreeCmCommissioner
+  class CleanupExpiredAccessTokens
+    prepend ::Spree::ServiceModule::Base
+    BATCH_SIZE = 1000
+    EXPIRATION_THRESHOLD_DAYS = 1
+    def call
+      cutoff_date = EXPIRATION_THRESHOLD_DAYS.days.ago
+      total_deleted = 0
+      Spree::OauthAccessToken
+        .where.not(expires_in: nil)
+        .where('created_at + make_interval(secs => expires_in) < ?', cutoff_date)
+        .in_batches(of: BATCH_SIZE) do |relation|
+        deleted_count = relation.delete_all
+        total_deleted += deleted_count
+      end
+      log_cleanup_result(total_deleted, cutoff_date)
+      success(total_deleted: total_deleted, cutoff_date: cutoff_date, batch_size: BATCH_SIZE, expiration_threshold_days: EXPIRATION_THRESHOLD_DAYS)
+    rescue StandardError => e
+      log_error(e)
+      failure(nil, e.message)
+    end
+    private
+    def log_cleanup_result(total_deleted, cutoff_date)
+      CmAppLogger.log(
+        label: 'SpreeCmCommissioner::CleanupExpiredAccessTokens completed',
+        data: {
+          total_deleted: total_deleted,
+          cutoff_date: cutoff_date,
+          batch_size: BATCH_SIZE,
+          expiration_threshold_days: EXPIRATION_THRESHOLD_DAYS
+        }
+      )
+    end
+    def log_error(error)
+      CmAppLogger.error(
+        label: 'SpreeCmCommissioner::CleanupExpiredAccessTokens error',
+        data: {
+          error_class: error.class.name,
+          error_message: error.message,
+          backtrace: error.backtrace&.first(5)&.join("\n")
+        }
+      )
+    end
+  end
+end