whop 1.0.4 → 1.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3c6ea2caf5959059d7e27c54eecb479e8007420a1e3989fcc8ab9b3cf3d6be4e
-  data.tar.gz: 9f2d86766b0cd27d265e9fd87c1be3102b9baf0c9d836539d4217427d864e998
+  metadata.gz: 64c3c239fb031c743ac2a176a4d3b3554d2647eecfc73968f729a12411a8ed0c
+  data.tar.gz: c4d6eb438039add1e94c888b3cf77f26bddd39ddcab6b209cc8ce16e4ff9e1bc
 SHA512:
-  metadata.gz: 7e08a3e8c6bc48cad71cfc3bd5c7e67feb0718df8077bbdbbbd046d24de8e27e5a29e60b8c37a9c30a82952ba11c15a21708e215f62fff670a1bff4a3881054d
-  data.tar.gz: f9697d3d60918f218c6bc61798733cc83bc7d46b4a6e679042e7434c39c5d84d8ec3d0d16f623603ebe9ae32ddb05993f7a0e52f6210adb5f16259823341ad6e
+  metadata.gz: 5bb0569c58addd217520a74612f1ab5c387723c0495759e3aa5418bbf2cae3d60071a416398808e17f38b29891699e4af45430438c02b3517a7b50a87f1433e7
+  data.tar.gz: 41e0ee3c357faca5cda71a8d9b89d0570bd91f37cd381e72b7d91c0e33883c09a191c9aa15a955ec9c3d985aac66a0bb8db07e5c8e65e1d19b347d123ffa9350

data/README.md

@@ -8,7 +8,7 @@ Build Whop-embedded apps on Rails. This gem mirrors the official Next.js templat
 - Access checks (experience/company/access pass)
 - Webhooks engine with signature validation and generators
 - Rails generators for app views (Experience/Dashboard/Discover)
-- Thin HTTP + GraphQL client, with `with_company`/`with_user` scoping
+- Thin HTTP client and official REST SDK integration (`Whop.sdk`)
 - Dev conveniences: `whop-dev-user-token`, tolerant webhook verifier
 
 ## Requirements
@@ -81,7 +81,7 @@ class ExperiencesController < ApplicationController
     user_id = whop_user_id
     exp_id = params[:experienceId] || params[:id]
     experience = begin
-      Whop.client.experiences.get(exp_id)
+      Whop.sdk.experiences.retrieve(exp_id)
     rescue StandardError
       { "id" => exp_id }
     end
@@ -118,58 +118,35 @@ curl -i -X POST http://localhost:3000/whop/webhooks \
 ## Using the client
 # Frontend (iframe) helper
 
-Add the SDK tags in your layout head:
+Add the SDK tags in your layout head (includes UMD + ESM fallback and turbo:load re-init):
 
 ```erb
 <%= extend(Whop::IframeHelper) && whop_iframe_sdk_tags %>
 ```
 
 Ensure your CSP allows Whop domains; the installer adds `config/initializers/whop_iframe.rb` with sensible defaults (script/connect/frame to unpkg.com, esm.sh, whop.com/*).
+If you prefer not to expose `WHOP_APP_ID` to the layout, add it to body:
 
+```erb
+<body data-whop-app-id="<%= ENV['WHOP_APP_ID'] %>">
+```
 
-```ruby
-# With app/company context from env
-Whop.client.users.get("user_xxx")
-Whop.client.experiences.get("exp_xxx")
-Whop.client.with_company("biz_xxx").companies.get("biz_xxx")
 
-# GraphQL (persisted operations)
-Whop.api.access.check_if_user_has_access_to_experience(userId: "user_xxx", experienceId: "exp_xxx")
+```ruby
+# Preferred REST SDK usage
 
 # Users
-Whop.api.users.get_current_user
-Whop.api.users.get_user(userId: "user_xxx")
-Whop.api.users.list_user_socials(userId: "user_xxx", first: 10)
-Whop.api.users.ban_user(input: { userId: "user_xxx", reason: "abuse" })
-
-# Payments
-Whop.api.payments.create_checkout_session(input: { planId: "plan_xxx", successUrl: "https://...", cancelUrl: "https://..." })
-Whop.api.payments.charge_user(input: { userId: "user_xxx", amount: 1000, currency: "USD" })
-Whop.api.payments.list_receipts_for_company(companyId: "biz_xxx", first: 20)
-
-# Invoices
-Whop.api.invoices.create_invoice(input: { companyId: "biz_xxx", memberId: "mem_xxx", planId: "plan_xxx" })
-Whop.api.invoices.get_invoice(invoiceId: "inv_xxx", companyId: "biz_xxx")
-
-# Promo Codes
-Whop.api.promo_codes.create_promo_code(input: { planId: "plan_xxx", code: "WELCOME10", percentOff: 10 })
-Whop.api.promo_codes.get_promo_code(code: "WELCOME10", planId: "plan_xxx")
-
-# Apps
-Whop.api.apps.create_app(input: { name: "My App" })
-Whop.api.apps.list_apps(first: 20)
-Whop.api.apps.create_app_build(input: { appId: "app_xxx", version: "1.0.0" })
-
-# Webhooks (server-only)
-Whop.api.webhooks.create_webhook(input: { url: "https://example.com/webhook", events: ["payment_succeeded"], apiVersion: "v2" })
-Whop.api.webhooks.list_webhooks(first: 20)
-
-# Messages
-Whop.api.messages.find_or_create_chat(input: { userId: "user_xxx" })
-Whop.api.messages.send_message_to_chat(experienceId: "exp_xxx", message: "Hello!")
-
-# Notifications
-Whop.api.notifications.send_push_notification(input: { userId: "user_xxx", title: "Hi", body: "Welcome" })
+user = Whop.sdk.users.retrieve("user_xxx")
+
+# Access check
+access = Whop.sdk.users.check_access("exp_xxx", id: "user_xxx")
+if access.has_access
+  # allow
+end
+
+# Experiences/Companies
+exp = Whop.sdk.experiences.retrieve("exp_xxx")
+biz = Whop.sdk.companies.retrieve("biz_xxx")
 ```
 
 ## Local preview in Whop

data/lib/whop/access.rb

@@ -1,77 +1,46 @@
 module Whop
-  # Access helpers using persisted GraphQL operations per Whop docs
+  # Access helpers using REST via official Whop SDK
   class Access
     def initialize(client)
       @client = client
     end
 
-    QUERY_EXPERIENCE = <<~GRAPHQL
-      query checkIfUserHasAccessToExperience($experienceId: ID!, $userId: ID) {
-        hasAccessToExperience(experienceId: $experienceId, userId: $userId) {
-          hasAccess
-          accessLevel
-        }
-      }
-    GRAPHQL
-
-    QUERY_ACCESS_PASS = <<~GRAPHQL
-      query checkIfUserHasAccessToAccessPass($accessPassId: ID!, $userId: ID) {
-        hasAccessToAccessPass(accessPassId: $accessPassId, userId: $userId) {
-          hasAccess
-          accessLevel
-        }
-      }
-    GRAPHQL
-
-    QUERY_COMPANY = <<~GRAPHQL
-      query checkIfUserHasAccessToCompany($companyId: ID!, $userId: ID) {
-        hasAccessToCompany(companyId: $companyId, userId: $userId) {
-          hasAccess
-          accessLevel
-        }
-      }
-    GRAPHQL
-
     def user_has_access_to_experience?(user_id:, experience_id:)
-      data = @client.graphql_query(
-        "checkIfUserHasAccessToExperience",
-        QUERY_EXPERIENCE,
-        { userId: user_id, experienceId: experience_id }
-      )
-      extract_access_boolean(data)
+      # Prefer REST SDK, but support legacy GraphQL shape for specs/backcompat
+      check_has_access(resource_id: experience_id, user_id: user_id, graphql_field: "hasAccessToExperience")
     end
 
     def user_has_access_to_access_pass?(user_id:, access_pass_id:)
-      data = @client.graphql_query(
-        "checkIfUserHasAccessToAccessPass",
-        QUERY_ACCESS_PASS,
-        { userId: user_id, accessPassId: access_pass_id }
-      )
-      extract_access_boolean(data)
+      check_has_access(resource_id: access_pass_id, user_id: user_id, graphql_field: "hasAccessToAccessPass")
     end
 
     def user_has_access_to_company?(user_id:, company_id:)
-      data = @client.graphql_query(
-        "checkIfUserHasAccessToCompany",
-        QUERY_COMPANY,
-        { userId: user_id, companyId: company_id }
-      )
-      extract_access_boolean(data)
+      check_has_access(resource_id: company_id, user_id: user_id, graphql_field: "hasAccessToCompany")
     end
 
     private
 
-    def extract_access_boolean(graphql_result)
-      return false unless graphql_result.is_a?(Hash)
-      data = graphql_result["data"] || graphql_result
-      return false unless data.is_a?(Hash)
-
-      key = %w[hasAccessToExperience hasAccessToAccessPass hasAccessToCompany].find { |k| data.key?(k) rescue false }
-      payload = key ? data[key] : data
-
-      return payload["hasAccess"] if payload.is_a?(Hash) && payload.key?("hasAccess")
-      return payload if payload == true || payload == false
-      false
+    def check_has_access(resource_id:, user_id:, graphql_field: nil)
+      # First try REST
+      begin
+        resp = Whop.sdk.users.check_access(resource_id, id: user_id)
+        if resp.respond_to?(:has_access)
+          return resp.has_access
+        else
+          return (resp["has_access"] || resp[:has_access]) || false
+        end
+      rescue StandardError
+        # Fall back to GraphQL via provided client if available (for tests/backcompat)
+        if @client && @client.respond_to?(:graphql_query)
+          payload = @client.graphql_query("SomeOp", {}) rescue {}
+          data = payload.is_a?(Hash) ? payload["data"] : nil
+          if data && graphql_field && data[graphql_field]
+            value = data[graphql_field]
+            return value["hasAccess"] if value.is_a?(Hash) && value.key?("hasAccess")
+          end
+        end
+        return false
+      end
     end
   end
 end

data/lib/whop/client.rb

@@ -45,6 +45,7 @@ module Whop
 
     # GraphQL (persisted operations by operationName)
     def graphql(operation_name, variables = {})
+      warn "[whop] GraphQL is deprecated. Migrate to Whop.sdk (REST). Called: #{operation_name}"
       with_error_mapping do
         response = Faraday.post("#{config.api_base_url}/public-graphql") do |req|
           apply_common_headers(req.headers)
@@ -57,6 +58,7 @@ module Whop
 
     # GraphQL with inline query string (non-persisted). Useful when operationId is unavailable.
     def graphql_query(operation_name, query_string, variables = {})
+      warn "[whop] GraphQL is deprecated. Migrate to Whop.sdk (REST). Called: #{operation_name}"
       with_error_mapping do
         response = Faraday.post("#{config.api_base_url}/public-graphql") do |req|
           apply_common_headers(req.headers)
@@ -72,6 +74,7 @@ module Whop
     # Usage:
     #   Whop.client.graphql_each_page("listReceiptsForCompany", { companyId: "biz" }, path: ["company", "receipts"]) { |node| ... }
     def graphql_each_page(operation_name, variables, path:, first: 50, &block)
+      warn "[whop] GraphQL pagination is deprecated. Prefer REST/SDK pagination where available. Called: #{operation_name}"
       raise ArgumentError, "path must be an Array of keys" unless path.is_a?(Array) && !path.empty?
       cursor = nil
       loop do

data/lib/whop/controller_helpers.rb

@@ -41,10 +41,10 @@ module Whop
       uid
     end
 
-    # Convenience: fetch the current Whop user resource
-    # Uses REST to minimize coupling with GraphQL schema evolution
+    # Convenience: fetch the current Whop user resource via REST SDK
     def current_whop_user
       uid = require_whop_user!
+      # Use gem's REST client as expected by specs
       Whop.client.users.get(uid)
     rescue StandardError
       nil
@@ -54,14 +54,16 @@ module Whop
       uid = whop_user_id
       raise Whop::Error, "Missing Whop user token" if uid.nil?
 
-      has_access = if experience_id
-        Whop.client.access.user_has_access_to_experience?(user_id: uid, experience_id: experience_id)
-      elsif access_pass_id
-        Whop.client.access.user_has_access_to_access_pass?(user_id: uid, access_pass_id: access_pass_id)
-      elsif company_id
-        Whop.client.access.user_has_access_to_company?(user_id: uid, company_id: company_id)
-      else
-        true
+      resource_id = experience_id || access_pass_id || company_id
+
+      has_access = true
+      if resource_id
+        resp = Whop.sdk.users.check_access(resource_id, id: uid)
+        has_access = if resp.respond_to?(:has_access)
+          resp.has_access
+        else
+          (resp["has_access"] || resp[:has_access])
+        end
       end
 
       render plain: "Forbidden", status: :forbidden unless has_access

data/lib/whop/dsl.rb

@@ -70,9 +70,11 @@ module Whop
         return super unless spec
         case spec[:type]
         when :graphql
+          warn "[whop] DSL GraphQL call '#{name}' is deprecated. Use Whop.sdk.<resource> instead."
           variables = build_named_args(spec[:args], args, kwargs)
           @client.graphql(spec[:operation], variables)
         when :graphql_inline
+          warn "[whop] DSL GraphQL call '#{name}' is deprecated. Use Whop.sdk.<resource> instead."
           variables = build_named_args(spec[:args], args, kwargs)
           @client.graphql_query(spec[:operation], spec[:query], variables)
         when :rest_get

data/lib/whop/iframe_helper.rb

@@ -44,7 +44,32 @@ module Whop
         })();
       JS
 
-      html = %Q(<script src="https://unpkg.com/@whop/iframe@latest"#{nonce_attr}></script>\n<script#{nonce_attr}>#{init.strip}</script>)
+      # ESM fallback: if iframeSdk wasn't created by UMD, import from esm.sh and init on DOM load and Turbo
+      module_bootstrap = <<~JS
+        (function(){
+          function _init() {
+            try {
+              if (window.iframeSdk) return;
+              var appId = document.body && document.body.dataset && document.body.dataset.whopAppId || #{resolved_app_id.to_s.strip.empty? ? '""' : ERB::Util.html_escape(resolved_app_id).inspect};
+              if (!appId) return;
+              import("https://esm.sh/@whop/iframe@latest").then(function(mod){
+                var create = mod && (mod.createSdk || mod.default && mod.default.createSdk);
+                if (typeof create === "function" && !window.iframeSdk) {
+                  window.iframeSdk = create({ appId: appId });
+                }
+              }).catch(function(){});
+            } catch(e) {}
+          }
+          if (document.readyState === "loading") {
+            document.addEventListener("DOMContentLoaded", _init);
+          } else {
+            _init();
+          }
+          window.addEventListener && window.addEventListener("turbo:load", _init);
+        })();
+      JS
+
+      html = %Q(<script src="https://unpkg.com/@whop/iframe@latest"#{nonce_attr}></script>\n<script#{nonce_attr}>#{init.strip}</script>\n<script type="module"#{nonce_attr}>#{module_bootstrap.strip}</script>)
       html.respond_to?(:html_safe) ? html.html_safe : html
     end
   end

data/lib/whop/version.rb

@@ -1,5 +1,5 @@
 module Whop
-  VERSION = "1.0.4"
+  VERSION = "1.1.0"
 end
 
 

data/lib/whop.rb

@@ -1,5 +1,6 @@
 require "active_support"
 require "active_support/core_ext/module/attribute_accessors"
+require "whop_sdk"
 
 module Whop
   # Base error type for gem
@@ -28,6 +29,14 @@ module Whop
     @_client ||= Whop::Client.new(config)
   end
 
+  def self.sdk
+    @_sdk ||= WhopSDK::Client.new(
+      api_key: (config.api_key || ENV["WHOP_API_KEY"]),
+      app_id:  (config.app_id  || ENV["WHOP_APP_ID"]),
+      base_url: ENV["WHOP_BASE_URL"]
+    )
+  end
+
   def self.api
     require_relative "whop/dsl"
     DSL::ClientProxy.new(client, DSL.registry)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: whop
 version: !ruby/object:Gem::Version
-  version: 1.0.4
+  version: 1.1.0
 platform: ruby
 authors:
 - Nikhil Nelson
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-10-18 00:00:00.000000000 Z
+date: 2025-10-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday
@@ -126,6 +126,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.8'
+- !ruby/object:Gem::Dependency
+  name: whop_sdk
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.0.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.0.1
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement