whop 1.0.3 → 1.0.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +15 -0
- data/lib/generators/whop/install/templates/whop_iframe.rb +6 -0
- data/lib/whop/iframe_helper.rb +78 -0
- data/lib/whop/version.rb +1 -1
- metadata +2 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ba25e2187ff6be4ded65c7b7a17cc1d3ab7d450a962929fbc4f487042f51481e
|
|
4
|
+
data.tar.gz: 88877e474fc48d922a48f0876b2c754f2dcc7cae7ee1b81bc44ad3a233ba16ec
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 7ac76a99d56ef1a6555d9d07b44470a0f0811ae0729b57b56762c99ef435c06489bc0504787dfe4f18b1af83bf6d9942337f9e26cf24f5538e31e3d731e9e328
|
|
7
|
+
data.tar.gz: b67aad3ba1659706a4ba9a09c94c998bd78569ff577f8b208d5f76265e4c0617142a88de68a3a7ebedb313f06164e7e2329f703996caaa300f450a9f64e48a22
|
data/README.md
CHANGED
|
@@ -116,6 +116,21 @@ curl -i -X POST http://localhost:3000/whop/webhooks \
|
|
|
116
116
|
```
|
|
117
117
|
|
|
118
118
|
## Using the client
|
|
119
|
+
# Frontend (iframe) helper
|
|
120
|
+
|
|
121
|
+
Add the SDK tags in your layout head (includes UMD + ESM fallback and turbo:load re-init):
|
|
122
|
+
|
|
123
|
+
```erb
|
|
124
|
+
<%= extend(Whop::IframeHelper) && whop_iframe_sdk_tags %>
|
|
125
|
+
```
|
|
126
|
+
|
|
127
|
+
Ensure your CSP allows Whop domains; the installer adds `config/initializers/whop_iframe.rb` with sensible defaults (script/connect/frame to unpkg.com, esm.sh, whop.com/*).
|
|
128
|
+
If you prefer not to expose `WHOP_APP_ID` to the layout, add it to body:
|
|
129
|
+
|
|
130
|
+
```erb
|
|
131
|
+
<body data-whop-app-id="<%= ENV['WHOP_APP_ID'] %>">
|
|
132
|
+
```
|
|
133
|
+
|
|
119
134
|
|
|
120
135
|
```ruby
|
|
121
136
|
# With app/company context from env
|
|
@@ -4,6 +4,12 @@ Rails.application.config.action_dispatch.default_headers.delete('X-Frame-Options
|
|
|
4
4
|
|
|
5
5
|
Rails.application.config.content_security_policy do |policy|
|
|
6
6
|
policy.frame_ancestors :self, "https://whop.com", "https://*.whop.com"
|
|
7
|
+
# Allow Whop iframe SDK (UMD) and ESM fallback
|
|
8
|
+
policy.script_src :self, :https, "https://unpkg.com", "https://esm.sh"
|
|
9
|
+
# Allow network calls to Whop API from the browser as needed
|
|
10
|
+
policy.connect_src :self, :https, "https://whop.com", "https://*.whop.com"
|
|
11
|
+
# Allow embedding Whop frames
|
|
12
|
+
policy.frame_src :self, "https://whop.com", "https://*.whop.com"
|
|
7
13
|
end
|
|
8
14
|
|
|
9
15
|
|
|
@@ -0,0 +1,78 @@
|
|
|
1
|
+
require "erb"
|
|
2
|
+
|
|
3
|
+
module Whop
|
|
4
|
+
module IframeHelper
|
|
5
|
+
# Renders the Whop iframe SDK UMD script and a small inline initializer that creates
|
|
6
|
+
# a global window.iframeSdk instance. The initializer uses the provided app_id, or
|
|
7
|
+
# falls back to ENV["WHOP_APP_ID"] / Whop.config.app_id, then finally to
|
|
8
|
+
# document.body.dataset.whopAppId if present.
|
|
9
|
+
#
|
|
10
|
+
# Usage in layout head:
|
|
11
|
+
# <%= whop_iframe_sdk_tags %>
|
|
12
|
+
# Optionally add <body data-whop-app-id="..."> if you prefer not to expose ENV.
|
|
13
|
+
def whop_iframe_sdk_tags(app_id: nil, nonce: nil)
|
|
14
|
+
resolved_app_id = app_id || ENV["WHOP_APP_ID"] || (Whop.config.app_id rescue nil) || ""
|
|
15
|
+
begin
|
|
16
|
+
# Prefer CSP nonce from Rails if available
|
|
17
|
+
nonce ||= respond_to?(:content_security_policy_nonce) ? content_security_policy_nonce : nil
|
|
18
|
+
rescue StandardError
|
|
19
|
+
# ignore
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
nonce_attr = nonce ? " nonce=\"#{ERB::Util.html_escape(nonce)}\"" : ""
|
|
23
|
+
init = <<~JS
|
|
24
|
+
(function () {
|
|
25
|
+
try {
|
|
26
|
+
var g = window;
|
|
27
|
+
var create = (g.WhopIframe && g.WhopIframe.createSdk) ||
|
|
28
|
+
(g.WhopIframeSdk && g.WhopIframeSdk.createSdk) ||
|
|
29
|
+
g.createWhopIframeSdk ||
|
|
30
|
+
g.createSdk;
|
|
31
|
+
if (create && !g.iframeSdk) {
|
|
32
|
+
var appId = #{resolved_app_id.to_s.strip.empty? ? '""' : ERB::Util.html_escape(resolved_app_id).inspect};
|
|
33
|
+
if (!appId) {
|
|
34
|
+
var body = document.body;
|
|
35
|
+
appId = (body && body.dataset && body.dataset.whopAppId) || "";
|
|
36
|
+
}
|
|
37
|
+
if (appId) {
|
|
38
|
+
g.iframeSdk = create({ appId: appId });
|
|
39
|
+
}
|
|
40
|
+
}
|
|
41
|
+
} catch (e) {
|
|
42
|
+
// swallow init errors
|
|
43
|
+
}
|
|
44
|
+
})();
|
|
45
|
+
JS
|
|
46
|
+
|
|
47
|
+
# ESM fallback: if iframeSdk wasn't created by UMD, import from esm.sh and init on DOM load and Turbo
|
|
48
|
+
module_bootstrap = <<~JS
|
|
49
|
+
(function(){
|
|
50
|
+
function _init() {
|
|
51
|
+
try {
|
|
52
|
+
if (window.iframeSdk) return;
|
|
53
|
+
var appId = document.body && document.body.dataset && document.body.dataset.whopAppId || #{resolved_app_id.to_s.strip.empty? ? '""' : ERB::Util.html_escape(resolved_app_id).inspect};
|
|
54
|
+
if (!appId) return;
|
|
55
|
+
import("https://esm.sh/@whop/iframe@latest").then(function(mod){
|
|
56
|
+
var create = mod && (mod.createSdk || mod.default && mod.default.createSdk);
|
|
57
|
+
if (typeof create === "function" && !window.iframeSdk) {
|
|
58
|
+
window.iframeSdk = create({ appId: appId });
|
|
59
|
+
}
|
|
60
|
+
}).catch(function(){});
|
|
61
|
+
} catch(e) {}
|
|
62
|
+
}
|
|
63
|
+
if (document.readyState === "loading") {
|
|
64
|
+
document.addEventListener("DOMContentLoaded", _init);
|
|
65
|
+
} else {
|
|
66
|
+
_init();
|
|
67
|
+
}
|
|
68
|
+
window.addEventListener && window.addEventListener("turbo:load", _init);
|
|
69
|
+
})();
|
|
70
|
+
JS
|
|
71
|
+
|
|
72
|
+
html = %Q(<script src="https://unpkg.com/@whop/iframe@latest"#{nonce_attr}></script>\n<script#{nonce_attr}>#{init.strip}</script>\n<script type="module"#{nonce_attr}>#{module_bootstrap.strip}</script>)
|
|
73
|
+
html.respond_to?(:html_safe) ? html.html_safe : html
|
|
74
|
+
end
|
|
75
|
+
end
|
|
76
|
+
end
|
|
77
|
+
|
|
78
|
+
|
data/lib/whop/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: whop
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.
|
|
4
|
+
version: 1.0.5
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Nikhil Nelson
|
|
@@ -175,6 +175,7 @@ files:
|
|
|
175
175
|
- lib/whop/dsl.rb
|
|
176
176
|
- lib/whop/dsl_prelude.rb
|
|
177
177
|
- lib/whop/error.rb
|
|
178
|
+
- lib/whop/iframe_helper.rb
|
|
178
179
|
- lib/whop/token.rb
|
|
179
180
|
- lib/whop/version.rb
|
|
180
181
|
- lib/whop/webhooks/engine.rb
|