square_event 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: ecf0821b8d28696caefd11c54078e6b888e97f95a307936a6e6c66039af135ac
+  data.tar.gz: ff07a0237ec567e9a691c23946b78384d3d441ecfc06c61f8bf1d24f959d5282
+SHA512:
+  metadata.gz: 66e0ddd01436b3546cb7f3f45b2489156ed89728228c2f25df2a72d5100c432b687a425644fee368bf2d6e3cdb98199d52320a269bfec967e2211d956571afa1
+  data.tar.gz: ab0c50a053176902c6271b2e84f4be2e9b3a3c424225ad63571df2cf17d96df28f4729b48437f05e7b3977d4b0087912372ef4c2f9efc55cb219733b23717558

data/.gitignore

@@ -0,0 +1,12 @@
+.bundle/
+log/*.log
+pkg/
+spec/dummy/db/*.sqlite3
+spec/dummy/log/*.log
+spec/dummy/tmp/
+spec/dummy/.sass-cache
+Gemfile.lock
+gemfiles/*.lock
+coverage/*
+.ruby-version
+.ruby-gemset

data/.rspec

@@ -0,0 +1,2 @@
+--colour
+--format documentation

data/.travis.yml

@@ -0,0 +1,35 @@
+language: ruby
+cache: bundler
+
+rvm:
+  - 2.5
+  - 2.6
+  - 2.7
+  - 3.0
+
+gemfile:
+  - gemfiles/rails5.1.gemfile
+  - gemfiles/rails5.2.gemfile
+  - gemfiles/rails6.0.gemfile
+  - gemfiles/rails6.1.gemfile
+  - gemfiles/rails_master.gemfile
+
+matrix:
+  include:
+    - rvm: 2.3
+      gemfile: gemfiles/rails3.2.gemfile
+    - rvm: 2.3
+      gemfile: gemfiles/rails4.2.gemfile
+    - rvm: 2.4
+      gemfile: gemfiles/rails4.2.gemfile
+    - rvm: 2.7
+      gemfile: gemfiles/rails_master.gemfile
+    - rvm: 3.0
+      gemfile: gemfiles/rails_master.gemfile
+  allow_failures:
+    - gemfile: gemfiles/rails_master.gemfile
+  fast_finish: true
+
+notifications:
+  email:
+    - andy@andycallaghan.com

data/Appraisals

@@ -0,0 +1,23 @@
+# appraise "rails4.2" do
+#   gem "rails", "~> 4.2.0"
+# end
+
+appraise "rails5.1" do
+  gem "rails", "~> 5.1.0"
+end
+
+appraise "rails5.2" do
+  gem "rails", "~> 5.2.0"
+end
+
+appraise "rails6.0" do
+  gem "rails", "~> 6.0.0"
+end
+
+appraise "rails6.1" do
+  gem "rails", "~> 6.1.0"
+end
+
+appraise "rails_master" do
+  gem "rails", github: "rails"
+end

data/CHANGELOG.md

@@ -0,0 +1,4 @@
+### 1.0.0 Initial release (2021/03/22)
+
+- Forked code from integrallis/stripe_event gem (a Stripe specific version of this)
+- Replaced Stripe specific webhook code for Square

data/CONTRIBUTING.md

@@ -0,0 +1,43 @@
+## Want to Contribute?
+
+Awesome. We love help, but before getting started, please read:
+
+**[Don't "Push" Your Pull Requests](http://www.igvita.com/2011/12/19/dont-push-your-pull-requests/)**
+
+## Ready for a Pull-Request?
+
+1. Fork the repo.
+
+2. Run the tests. We only take pull requests with passing tests, and it's great
+to know that you have a clean slate: `bundle && appraisal && bundle exec rake`
+
+3. Add a test for your change. Only refactoring and documentation changes
+require no new tests. If you are adding functionality or fixing a bug, we need
+a test!
+
+4. Make the test pass.
+
+5. Push to your fork and submit a pull request.
+
+At this point you're waiting on us. We like to at least comment on, if not
+accept, pull requests within three business days (and, typically, one business
+day). We may suggest some changes or improvements or alternatives.
+
+Some things that will increase the chance that your pull request is accepted,
+taken straight from the Ruby on Rails guide:
+
+## Conventions
+
+* Use Rails idioms and helpers.
+* Include tests that fail without your code, and pass with your code.
+* Update the documentation, the surrounding one, examples elsewhere, guides,
+  whatever is affected by your contribution
+
+Syntax:
+
+* Two spaces, no tabs.
+* No trailing whitespace. Blank lines should not have any space.
+* Prefer `&&`/`||` over `and`/`or`.
+* `MyClass.my_method(my_arg)` not `my_method( my_arg )` or `my_method my_arg`.
+* `a = b` not `a=b`.
+* Follow the conventions you see used in the source already.

data/Gemfile

@@ -0,0 +1,3 @@
+source "https://rubygems.org"
+gemspec
+ruby '3.0.0'

data/LICENSE.md

@@ -0,0 +1,23 @@
+The MIT License
+
+Copyright 2020-2021 Andy Callaghan - Stripe modifications
+Copyright 2012-2020 Integrallis Software - original work
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,146 @@
+# SquareEvent
+
+<!-- [![Build Status](https://secure.travis-ci.org/jammed-org/square_event.svg)](http://travis-ci.org/integrallis/stripe_event)
+[![Gem Version](https://badge.fury.io/rb/stripe_event.svg)](http://badge.fury.io/rb/stripe_event)
+[![Code Climate](https://codeclimate.com/github/integrallis/stripe_event.svg)](https://codeclimate.com/github/integrallis/stripe_event)
+[![Coverage Status](https://coveralls.io/repos/integrallis/stripe_event/badge.svg)](https://coveralls.io/r/integrallis/stripe_event)
+[![Gem Downloads](https://img.shields.io/gem/dt/stripe_event.svg)](https://rubygems.org/gems/stripe_event) -->
+
+SquareEvent is built on the [ActiveSupport::Notifications API](http://api.rubyonrails.org/classes/ActiveSupport/Notifications.html). Incoming webhook requests are [authenticated with the webhook signature](#authenticating-webhooks-with-signatures). Define subscribers to handle specific event types. Subscribers can be a block or an object that responds to `#call`.
+
+The gem is based on the excellent [Stripe Event](https://github.com/integrallis/stripe_event) work from Integrallis Software, it has been adapted and re-written to work with Square webhooks.
+
+## Install
+
+```ruby
+# Gemfile
+gem 'square_event'
+```
+
+```ruby
+# config/routes.rb
+mount SquareEvent::Engine, at: '/my-chosen-path' # provide a custom path
+```
+
+## Usage
+
+```ruby
+# config/initializers/stripe.rb
+SquareEvent.signing_secret   = Rails.application.credentials.square[Rails.env][:webhook_secret]
+SquareEvent.notification_url = Rails.application.credentials.square[Rails.env][:webhook_url]
+
+SquareEvent.configure do |events|
+  events.subscribe 'payment.created' do |event|
+    # Define subscriber behavior based on the event object
+    event.class       #=> SquareEvent::Event
+    event.type        #=> "payment.created"
+    event.data        #=> data": { "type": "payment", "id": "KkAkhdMs...
+  end
+
+  events.all do |event|
+    # Handle all event types - logging, etc.
+  end
+end
+```
+
+### Subscriber or interactor objects that respond to #call
+
+```ruby
+class CustomerCreated
+  def call(event)
+    # Event handling
+  end
+end
+
+class BillingEventLogger
+  def initialize(logger)
+    @logger = logger
+  end
+
+  def call(event)
+    @logger.info "BILLING:#{event.type}:#{event.id}"
+  end
+end
+```
+
+```ruby
+SquareEvent.configure do |events|
+  events.all BillingEventLogger.new(Rails.logger)
+  events.subscribe 'customer.created', CustomerCreated.new
+end
+```
+
+### Subscribing to a namespace of event types
+
+```ruby
+SquareEvent.subscribe 'customer.' do |event|
+  # Will be triggered for any customer.* events
+end
+```
+
+## Securing your webhook endpoint
+
+### Authenticating webhooks with signatures
+
+Square will cryptographically sign webhook payloads with a signature that is included in a special header sent with the request. Verifying this signature lets your application properly authenticate the request originated from Square. SquareEvent mandates that this is used for every request. Please set the `signing_secret` and `notification_url` configuration values:
+
+```ruby
+SquareEvent.signing_secret = Rails.application.credentials.square[Rails.env][:webhook_secret]
+SquareEvent.notification_url = Rails.application.credentials.square[Rails.env][:notification_url]
+```
+
+Please refer to Square's documentation for more details: https://developer.squareup.com/docs/webhooks-api/validate-notifications
+
+### Sandbox and live mode
+
+If you'd like to ignore particular webhook events (perhaps to ignore test webhooks in production, you can do so by returning `nil` in your custom `event_filter`. For example:
+
+```ruby
+SquareEvent.event_filter = lambda do |event|
+  return nil if Rails.env.production? && !event.sandbox?
+  event
+end
+```
+
+## Without Rails
+
+SquareEvent can be used outside of Rails applications as well. Here is a basic Sinatra implementation:
+
+```ruby
+require 'json'
+require 'sinatra'
+require 'stripe_event'
+
+SquareEvent.signing_secret   = ENV['SQUARE_SIGNING_SECRET']
+SquareEvent.notification_url = ENV['SQUARE_NOTIFICATION_URL']
+
+SquareEvent.subscribe 'payment.created' do |event|
+  # Look ma, no Rails!
+end
+
+post '/_billing_events' do
+  data = JSON.parse(request.body.read, symbolize_names: true)
+  SquareEvent.instrument(data)
+  200
+end
+```
+
+## Testing
+
+Handling webhooks is a critical piece of modern billing systems. Verifying the behavior of SquareEvent subscribers can be done fairly easily by stubbing out the HTTP signature header used to authenticate the webhook request. Tools like [Webmock](https://github.com/bblimke/webmock) and [VCR](https://github.com/vcr/vcr) work well. [RequestBin](https://requestbin.com/) is great for collecting the payloads. For exploratory phases of development, [UltraHook](http://www.ultrahook.com/) and other tools can forward webhook requests directly to localhost. 
+
+The Square ruby library does not currently offer an `Event` object to use to create or refer to webhook with, so their testing in Ruby is harder than with Stripe. 
+
+### Maintainers
+
+* [Andy Callaghan](https://github.com/acallaghan)
+
+Special thanks to all the [contributors](https://github.com/jammed-org/square_event/graphs/contributors).
+
+### Versioning
+
+Semantic Versioning 2.0 as defined at <http://semver.org>.
+
+### License
+
+[MIT License](https://github.com/jammed-org/square_event/blob/master/LICENSE.md). Copyright 2020-2021 Andy Callaghan, Square work. Copyright 2012-2015 Integrallis Software original Stripe work.

data/Rakefile

@@ -0,0 +1,15 @@
+require 'rubygems'
+require 'bundler/setup'
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
+
+RSpec::Core::RakeTask.new(:spec)
+
+if ENV['CI']
+  task default: :spec
+else
+  require 'appraisal'
+  task :default do
+    system('bundle exec rake appraisal spec')
+  end
+end

data/app/controllers/square_event/webhook_controller.rb

@@ -0,0 +1,47 @@
+require 'square_event/webhook'
+require 'square_event/errors'
+
+module SquareEvent
+  class WebhookController < ActionController::Base
+    SECRET_ERROR       = 'There was no webhook signing secret provided for this webhook'.freeze
+    NOTIFICATION_ERROR = 'There was no webhook notification URL provided for this webhook. Make sure it exactly matches and starts with https://'.freeze
+
+    if Rails.application.config.action_controller.default_protect_from_forgery
+      skip_before_action :verify_authenticity_token
+    end
+
+    def event
+      SquareEvent.instrument(verified_event)
+      head :ok
+    rescue SquareEvent::SignatureVerificationError => e
+      log_error(e)
+      head :bad_request
+    end
+
+    private
+
+    def verified_event
+      payload          = request.raw_post
+      signature        = request.headers['X-Square-Signature']
+      environment      = request.headers['square-environment']
+      timestamp        = request.headers['square-initial-delivery-timestamp']
+      secret           = SquareEvent.signing_secret
+      notification_url = SquareEvent.notification_url
+
+      if secret.nil?
+        raise SignatureVerificationError.new(SECRET_ERROR)
+      end
+
+      if notification_url.nil?
+        raise SignatureVerificationError.new(NOTIFICATION_ERROR)
+      end
+
+      SquareEvent::Webhook.construct_event(payload, signature, secret, notification_url, environment, timestamp)
+    end
+
+    def log_error(e)
+      logger.error e.message
+      e.backtrace.each { |line| logger.error "  #{line}" }
+    end
+  end
+end

data/config/routes.rb

@@ -0,0 +1,3 @@
+SquareEvent::Engine.routes.draw do
+  root to: 'webhook#event', via: :post
+end

data/gemfiles/rails5.1.gemfile

@@ -0,0 +1,7 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "rails", "~> 5.1.0"
+
+gemspec path: "../"

data/gemfiles/rails5.2.gemfile

@@ -0,0 +1,7 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "rails", "~> 5.2.0"
+
+gemspec path: "../"

data/gemfiles/rails6.0.gemfile

@@ -0,0 +1,7 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "rails", "~> 6.0.0"
+
+gemspec path: "../"

data/gemfiles/rails6.1.gemfile

@@ -0,0 +1,7 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "rails", "~> 6.1.0"
+
+gemspec path: "../"

data/gemfiles/rails_master.gemfile

@@ -0,0 +1,7 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "rails", github: "rails"
+
+gemspec path: "../"

data/lib/square_event.rb

@@ -0,0 +1,65 @@
+require "active_support/notifications"
+require "square_event/engine" if defined?(Rails)
+require "square_event/errors"
+require "square_event/event"
+
+module SquareEvent
+  class << self
+    attr_accessor :adapter, :backend, :namespace, :event_filter, :notification_url, :signing_secret
+
+    def configure(&block)
+      raise ArgumentError, "must provide a block" unless block_given?
+      block.arity.zero? ? instance_eval(&block) : yield(self)
+    end
+    alias :setup :configure
+
+    def instrument(event)
+      event = event_filter.call(event)
+      backend.instrument namespace.call(event.type), event if event
+    end
+
+    def subscribe(name, callable = nil, &block)
+      callable ||= block
+      backend.subscribe namespace.to_regexp(name), adapter.call(callable)
+    end
+
+    def all(callable = nil, &block)
+      callable ||= block
+      subscribe nil, callable
+    end
+
+    def listening?(name)
+      namespaced_name = namespace.call(name)
+      backend.notifier.listening?(namespaced_name)
+    end
+  end
+
+  class Namespace < Struct.new(:value, :delimiter)
+    def call(name = nil)
+      "#{value}#{delimiter}#{name}"
+    end
+
+    def to_regexp(name = nil)
+      %r{^#{Regexp.escape call(name)}}
+    end
+  end
+
+  class NotificationAdapter < Struct.new(:subscriber)
+    def self.call(callable)
+      new(callable)
+    end
+
+    def call(*args)
+      payload = args.last
+      subscriber.call(payload)
+    end
+  end
+
+  class Error < StandardError; end
+  class UnauthorizedError < Error; end
+
+  self.adapter = NotificationAdapter
+  self.backend = ActiveSupport::Notifications
+  self.namespace = Namespace.new("square_event", ".")
+  self.event_filter = lambda { |event| event }
+end