workarea-api-storefront 4.4.6

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 23b35914b434546ccc6bfb92e627936a4a7a012686f2a9eb1883390f55d75add
+  data.tar.gz: 1c3c4c602f398f541937a4229f94039c8fce1f23153f2abe6c8257ea2487f558
+SHA512:
+  metadata.gz: d362d53c468c1496de0be57d962177ad21bfc8f2ddcab962ffb06b5fe0f4b11cdce6574cb6119a46847e9f29ee310a6e4e1e683f3679bb345120411e79f372c9
+  data.tar.gz: 8fb0927dff5edcbd5cb69a842d38055d7782dab40e218512a0c96c59dd416528a92d4cca9283c29d0e8e48d8a1c4d111d08d584f5f490cffce51cc7087105d97

data/.gitignore

@@ -0,0 +1,12 @@
+.bundle/
+Gemfile.lock
+.sass-cache/
+log/*.log
+pkg/
+test/dummy/public/system/dragonfly
+test/dummy/db/*.sqlite3
+test/dummy/log/*.log
+test/dummy/tmp/
+test/dummy/.sass-cache
+**/.DS_Store
+docs/build

data/README.md

@@ -0,0 +1,58 @@
+# Workarea Storefront API
+
+Part of the [Workarea API][], the Storefront API provides programmatic
+access to operations and resources to alternative user interfaces to
+your Workarea application, like on-premises kiosks, mobile applications,
+and client-side storefront implementations.
+
+## Getting Started
+
+To use this plugin, install the **workarea-api** gem.
+
+For more information on the API as a whole, and to learn how to set up
+the API plugin, consult the [main README][Workarea API].
+
+## Authenticating
+
+The Storefront API requires the use of a temporary authentication token,
+analogous to the user ID in the session, which tells the backend of
+Workarea whether a User is authenticated. It uses the
+`Workarea::UrlToken` mixin from core to generate this token.
+
+To obtain an authentication token, make a POST request like so:
+
+```bash
+curl \
+  --request POST \
+  --data '{ "email": "your@email.address", "password": "Password1!" }' \
+  "http://yourincredibleheadlesscommercesolution.biz/api/authentication_tokens.json"
+```
+
+You should get a response that looks like this:
+
+```json
+{
+  "token": "tL6Scp6ubsufq76FZHLbhLWs",
+  "expires_at": "2018-12-25T11:58:43.674-05:00"
+}
+```
+
+Use the `token` in this response to make further authenticated requests
+to the API:
+
+
+```bash
+curl \
+  --request GET \
+  --header 'Authorization: Token token="tL6Scp6ubsufq76FZHLbhLWs"' \
+  "http://yourincredibleheadlesscommercesolution.biz/api/carts.json"
+```
+
+## Copyright & Licensing
+
+Copyright Workarea 2017-2019. All rights reserved.
+
+For licensing, contact [sales@workarea.com][].
+
+[Workarea API]: https://homebase.weblinc.com/plugins/workarea-api-admin
+[sales@workarea.com]: mailto:sales@workarea.com

data/Rakefile

@@ -0,0 +1,10 @@
+#!/usr/bin/env rake
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+# Load the dummy app's rake tasks
+APP_RAKEFILE = File.expand_path('../test/dummy/Rakefile', __FILE__)
+load 'rails/tasks/engine.rake'

data/app/controllers/workarea/api/storefront/accounts_controller.rb

@@ -0,0 +1,31 @@
+module Workarea
+  module Api
+    module Storefront
+      class AccountsController < Api::Storefront::ApplicationController
+        def show
+        end
+
+        def create
+          @user = User.create!(user_params)
+
+          Workarea::Storefront::AccountMailer
+            .creation(@user.id.to_s)
+            .deliver_later
+
+          @authentication_token = @user.authentication_tokens.create!
+        end
+
+        def update
+          current_user.update_attributes!(user_params)
+          render :show
+        end
+
+        private
+
+        def user_params
+          params.permit(:email, :password, :first_name, :last_name)
+        end
+      end
+    end
+  end
+end

data/app/controllers/workarea/api/storefront/analytics_controller.rb

@@ -0,0 +1,41 @@
+module Workarea
+  module Api
+    module Storefront
+      class AnalyticsController < ActionController::Metal
+        include ActionController::Head
+        include ActionController::Instrumentation
+
+        def category_view
+          Metrics::CategoryByDay.inc(key: { category_id: params[:category_id] }, views: 1)
+          head :ok
+        end
+
+        def product_view
+          Metrics::ProductByDay.inc(key: { product_id: params[:product_id] }, views: 1)
+          head :ok
+        end
+
+        def search
+          Metrics::SearchByDay.save_search(params[:q], params[:total_results])
+          head :ok
+        end
+
+        def search_abandonment
+          warn <<~eos
+DEPRECATION WARNING: Search abandonment tracking is deprecated and will be removed \
+in Workarea 3.5.
+          eos
+          head :ok
+        end
+
+        def filters
+          warn <<~eos
+DEPRECATION WARNING: Filter analytics tracking is deprecated and will be removed \
+in Workarea 3.5.
+          eos
+          head :ok
+        end
+      end
+    end
+  end
+end

data/app/controllers/workarea/api/storefront/application_controller.rb

@@ -0,0 +1,65 @@
+module Workarea
+  module Api
+    module Storefront
+      class ApplicationController < Workarea::ApplicationController
+        include Workarea::Storefront::HttpCaching
+        include Api::Storefront::Authentication
+        include Api::Storefront::UserActivity
+
+        respond_to :json
+
+        before_action :set_json_format
+        before_action :skip_session
+        before_action { params.permit! }
+        after_action :disable_cors_protection
+
+        rescue_from Mongoid::Errors::DocumentNotFound, with: :handle_not_found
+        rescue_from Mongoid::Errors::Validations, with: :handle_invalid
+        rescue_from Mongoid::Errors::UnknownAttribute, with: :handle_unknown_attribute
+        rescue_from Authentication::InvalidError, with: :handle_invalid_auth
+
+        helper :all
+
+        def cache_page
+          expires_in Workarea.config.page_cache_ttl, public: true
+        end
+
+        def skip_session
+          request.session_options[:skip] = true
+        end
+
+        private
+
+        def set_json_format
+          request.format = :json
+        end
+
+        def handle_not_found(e)
+          payload = { params: e.params, problem: e.problem }
+          render json: payload, status: :not_found
+        end
+
+        def handle_invalid(e)
+          render(
+            json: { problems: e.document.errors.full_messages },
+            status: :unprocessable_entity
+          )
+        end
+
+        def handle_unknown_attribute(e)
+          render json: e.as_json.slice('problem'), status: :unprocessable_entity
+        end
+
+        def handle_invalid_auth
+          request_http_token_authentication
+        end
+
+        def disable_cors_protection
+          headers['Access-Control-Allow-Origin'] = '*'
+          headers['Access-Control-Allow-Headers'] = '*'
+          headers['Access-Control-Allow-Methods'] = 'GET, POST, PATCH, PUT, DELETE, OPTIONS'
+        end
+      end
+    end
+  end
+end

data/app/controllers/workarea/api/storefront/assets_controller.rb

@@ -0,0 +1,11 @@
+module Workarea
+  module Api
+    module Storefront
+      class AssetsController < Api::Storefront::ApplicationController
+        def show
+          @asset = Content::Asset.find(params[:id])
+        end
+      end
+    end
+  end
+end

data/app/controllers/workarea/api/storefront/authentication.rb

@@ -0,0 +1,30 @@
+module Workarea
+  module Api
+    module Storefront
+      module Authentication
+        extend ActiveSupport::Concern
+
+        class InvalidError < RuntimeError; end
+
+        included do
+          helper_method :current_user
+        end
+
+        def current_user
+          return @current_user if defined?(@current_user)
+
+          user = authenticate_with_http_token do |token, options|
+            User::AuthenticationToken.authenticate(token, options).try(:user)
+          end
+
+          @current_user = user || raise(InvalidError)
+        end
+
+        def authentication?
+          regex = ActionController::HttpAuthentication::Token::TOKEN_REGEX
+          request.authorization.to_s[regex].present?
+        end
+      end
+    end
+  end
+end

data/app/controllers/workarea/api/storefront/authentication_tokens_controller.rb

@@ -0,0 +1,50 @@
+module Workarea
+  module Api
+    module Storefront
+      class AuthenticationTokensController < Api::Storefront::ApplicationController
+        before_action :ensure_not_locked, only: :create
+
+        def create
+          user = User.find_for_login(params[:email], params[:password])
+
+          if user.blank?
+            render(
+              json: { problem: t('workarea.api.storefront.authentication_tokens.error') },
+              status: :unprocessable_entity
+            )
+          else
+            @authentication_token = User::AuthenticationToken.create!(user: user)
+          end
+        end
+
+        def update
+          @authentication_token = authenticate_with_http_token do |token, options|
+            User::AuthenticationToken.refresh!(token, options)
+          end
+
+          if @authentication_token.blank?
+            render(
+              json: { problem: t('workarea.api.storefront.authentication_tokens.error') },
+              status: :unprocessable_entity
+            )
+          end
+        end
+
+        private
+
+        def ensure_not_locked
+          if User.login_locked?(params[:email])
+            render(
+              json: {
+                problem: t('workarea.api.storefront.authentication_tokens.login_locked')
+              },
+              status: :unprocessable_entity
+            )
+
+            return false
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/workarea/api/storefront/cart_items_controller.rb

@@ -0,0 +1,100 @@
+module Workarea
+  module Api
+    module Storefront
+      class CartItemsController < Api::Storefront::ApplicationController
+        include CurrentCheckout
+
+        before_action :set_checkout_view_models
+        before_action :validate_customizations, only: [:create, :update]
+
+        def create
+          current_order.add_item(item_params.to_h.merge(item_details.to_h))
+          update_cart
+          render_item
+        end
+
+        def update
+          update_params = params.permit(:sku, :quantity).to_h
+          update_params.merge!(item_details.to_h) if params[:sku].present?
+
+          current_order.update_item(params[:id], update_params)
+          update_cart
+          render_item
+        end
+
+        def destroy
+          current_order.remove_item(params[:id])
+          update_cart
+          render_item
+        end
+
+        private
+
+        def update_cart
+          current_order.save! # trigger any validation errors to raise
+          remove_unpurchasable_items
+          check_inventory
+          Pricing.perform(current_order, current_checkout.shipping)
+        end
+
+        def item_params
+          @item_params ||= params
+                             .permit(:product_id, :sku, :quantity)
+                             .merge(customizations: customization_params)
+        end
+
+        def product_id
+          @product_id ||= if params[:product_id].present?
+            params[:product_id]
+          elsif params[:sku].present?
+            Catalog::Product.find_by_sku(params[:sku]).id
+          elsif params[:id].present?
+            current_order.items.find(params[:id]).product_id
+          end
+        end
+
+        def item_details
+          ActionController::Parameters.new(
+            OrderItemDetails.find!(params[:sku]).to_h
+          ).permit!
+        end
+
+        def customizations
+          @customizations ||= Catalog::Customizations.find(
+            product_id,
+            params.to_unsafe_h
+          )
+        end
+
+        def customization_params
+          ActionController::Parameters.new(
+            customizations.try(:to_h) || {}
+          ).permit!
+        end
+
+        def validate_customizations
+          if customizations.present? && !customizations.valid?
+            flash[:error] = customizations.errors.full_messages.join(', ')
+            set_flash_header
+            render_item
+            return false
+          end
+        end
+
+        def render_item
+          if current_order.items.any? && !request.delete?
+            model = if params[:id].present?
+              current_order.items.find(params[:id])
+            else
+              current_order.items.desc(:updated_at).first
+            end
+
+            @item = Workarea::Storefront::OrderItemViewModel.wrap(model)
+          end
+
+          render template: 'workarea/api/storefront/cart_items/item'
+        end
+      end
+    end
+  end
+end

data/app/controllers/workarea/api/storefront/carts_controller.rb

@@ -0,0 +1,47 @@
+module Workarea
+  module Api
+    module Storefront
+      class CartsController < Api::Storefront::ApplicationController
+        include CurrentCheckout
+
+        before_action :set_checkout_view_models, except: [:index, :create]
+        before_action :remove_unpurchasable_items, except: [:index, :create]
+        before_action :check_inventory, except: [:index, :create]
+
+        def index
+          @orders = Workarea::Storefront::OrderViewModel.wrap(
+            Order.carts.where(user_id: current_user.id).to_a
+          )
+        end
+
+        def create
+          order = Order.new
+          order.user_id = current_user.id if authentication?
+          order.save!
+
+          @order = Workarea::Storefront::OrderViewModel.new(
+            order,
+            view_model_options
+          )
+
+          render :show
+        end
+
+        def show
+          Pricing.perform(current_order, current_checkout.shipping)
+        end
+
+        def add_promo_code
+          if Pricing.valid_promo_code?(params[:promo_code], current_checkout.email)
+            current_order.add_promo_code(params[:promo_code])
+          else
+            flash[:error] = t('workarea.storefront.flash_messages.promo_code_error')
+          end
+
+          Pricing.perform(current_order, current_checkout.shipping)
+          render :show
+        end
+      end
+    end
+  end
+end

data/app/controllers/workarea/api/storefront/categories_controller.rb

@@ -0,0 +1,25 @@
+module Workarea
+  module Api
+    module Storefront
+      class CategoriesController < Api::Storefront::ApplicationController
+        before_action :cache_page
+
+        def index
+          models = Catalog::Category.active.page(params[:page])
+          @categories = Workarea::Storefront::CategoryViewModel.wrap(
+            models,
+            view_model_options
+          )
+        end
+
+        def show
+          model = Catalog::Category.find_by(slug: params[:id])
+          @category = Workarea::Storefront::CategoryViewModel.wrap(
+            model,
+            view_model_options
+          )
+        end
+      end
+    end
+  end
+end

data/app/controllers/workarea/api/storefront/checkouts_controller.rb

@@ -0,0 +1,117 @@
+module Workarea
+  module Api
+    module Storefront
+      class CheckoutsController < Api::Storefront::ApplicationController
+        include CurrentCheckout
+
+        class InvalidCheckout < RuntimeError; end
+
+        before_action :set_checkout_view_models
+        before_action :start_checkout, only: [:show, :update]
+        before_action :validate_checkout, only: :show
+        before_action :check_inventory, only: [:show, :complete]
+        before_action :remove_unpurchasable_items, only: [:show, :complete]
+        before_action :check_lock, only: :complete
+        around_action :with_order_lock, only: [:update, :complete]
+        before_action :touch_checkout, only: [:update, :complete]
+        before_action { params.permit! }
+
+        rescue_from InvalidCheckout, with: :handle_checkout_error
+
+        def show
+          render_checkout
+        end
+
+        def update
+          success = current_checkout.update(params)
+          render_checkout(status: success ? :ok : :unprocessable_entity)
+        end
+
+        def complete
+          payment = Workarea::Checkout::Steps::Payment.new(current_checkout)
+          payment.update(params)
+
+          if payment.complete? && current_checkout.place_order
+            Workarea::Storefront::OrderMailer
+              .confirmation(current_order.id)
+              .deliver_later
+
+            @order = Workarea::Storefront::OrderViewModel.new(current_order)
+            render template: 'workarea/api/storefront/orders/show'
+          else
+            flash[:error] =
+              t('workarea.storefront.flash_messages.order_place_error')
+            render_checkout status: :unprocessable_entity
+          end
+        end
+
+        def reset
+          current_checkout.reset!
+          start_checkout
+          render_checkout
+        end
+
+        private
+
+        def render_checkout(status: :ok)
+          Pricing.perform(current_order, current_checkout.shipping)
+          render template: 'workarea/api/storefront/checkouts/show',
+                 status: status
+        end
+
+        def start_checkout
+          return if current_order.checking_out?
+
+          if authentication?
+            current_checkout.start_as(current_user)
+          else
+            current_checkout.start_as(:guest)
+          end
+        end
+
+        def validate_checkout
+          message =
+            if !current_order || current_order.no_items?
+              t('workarea.storefront.flash_messages.items_required')
+            elsif current_order.started_checkout? && !current_order.checking_out?
+              t('workarea.storefront.flash_messages.checkout_expired')
+            end
+
+          raise InvalidCheckout.new(message) if message
+        end
+
+        def with_order_lock
+          current_order.lock!
+          yield
+          current_order.unlock! if current_order
+        end
+
+        def check_lock
+          raise InvalidCheckout.new(
+            t('workarea.storefront.flash_messages.checkout_lock_error')
+          ) if current_order.locked?
+        end
+
+        def touch_checkout
+          if authentication?
+            current_order.touch_checkout!(
+              ip_address: request.remote_ip,
+              user_activity_id: current_user.id,
+              checkout_by_id: current_user.id,
+              source: 'storefront_api'
+            )
+          else
+            current_order.touch_checkout!(
+              ip_address: request.remote_ip,
+              source: 'storefront_api'
+            )
+          end
+        end
+
+        def handle_checkout_error(e)
+          render json: { problem: e.message }, status: :unprocessable_entity
+        end
+      end
+    end
+  end
+end

data/app/controllers/workarea/api/storefront/contacts_controller.rb

@@ -0,0 +1,20 @@
+module Workarea
+  module Api
+    module Storefront
+      class ContactsController < Api::Storefront::ApplicationController
+        def create
+          inquiry = Inquiry.create!(inquiry_params)
+          Workarea::Storefront::InquiryMailer.created(inquiry.id.to_s).deliver_later
+
+          render(json: { inquiry: inquiry })
+        end
+
+        private
+
+        def inquiry_params
+          params.permit(:name, :email, :order_id, :subject, :message)
+        end
+      end
+    end
+  end
+end

data/app/controllers/workarea/api/storefront/current_checkout.rb

@@ -0,0 +1,60 @@
+module Workarea
+  module Api
+    module Storefront
+      module CurrentCheckout
+        def current_order
+          return @current_order if defined?(@current_order)
+
+          options = { id: params[:cart_id].presence || params[:id] }
+          options[:user_id] = current_user.id if authentication?
+          order = Order.carts.find_by(options)
+
+          if order.user_id.present? && current_user.id.to_s != order.user_id
+            raise Authentication::InvalidError
+          end
+
+          @current_order = order
+        end
+
+        def current_checkout
+          @current_checkout ||=
+            if authentication?
+              Workarea::Checkout.new(current_order, current_user)
+            else
+              Workarea::Checkout.new(current_order)
+            end
+        end
+
+        private
+
+        def set_checkout_view_models
+          @cart = Workarea::Storefront::CartViewModel.new(
+            current_order,
+            view_model_options
+          )
+
+          @summary = Workarea::Storefront::Checkout::SummaryViewModel.new(
+            current_checkout,
+            view_model_options
+          )
+
+          @order = Workarea::Storefront::OrderViewModel.new(
+            current_order,
+            view_model_options
+          )
+        end
+
+        def remove_unpurchasable_items
+          cleaner = CartCleaner.new(current_order)
+          cleaner.clean
+          flash[:info] = cleaner.messages if cleaner.message?
+        end
+
+        def check_inventory
+          reservation = InventoryAdjustment.new(current_order).tap(&:perform)
+          flash[:error] = reservation.errors if reservation.errors.present?
+        end
+      end
+    end
+  end
+end