Merge branch 'main' into centralize_ruby_version

Author: paulomarg

CHANGELOG.md

@@ -7,6 +7,9 @@ Note: For changes to the API, see https://shopify.dev/changelog?filter=api
 - [#1071](https://github.com/Shopify/shopify-api-ruby/issues/1071) Fix FulfillmentEvent class types
 - Fix: InventoryItem class `harmonized_system_code` attribute type which can be either integer, string or nil
 - Fix: Variant class `inventory_quantity` attribute type which can be either integer, string or nil
+- [1293](https://github.com/Shopify/shopify-api-ruby/issues/1293) Add support for using Storefront private access tokens.
+- Deprecated passing the public Storefront access token as a positional parameter to the Storefront GraphQL client in favor of using the named parameter. (You probably want to use the private access token for this client anyway.)
+- [1305](https://github.com/Shopify/shopify-api-ruby/pull/1305/) Adds support for the `2024-04` API version.
 
 ## 14.0.1
 - [#1288](https://github.com/Shopify/shopify-api-ruby/pull/1288) Fix FeatureDeprecatedError being raised without a message.

Gemfile.lock

@@ -141,6 +141,7 @@ GEM
 
 PLATFORMS
   arm64-darwin-21
+  arm64-darwin-23
   universal-darwin-22
   x86_64-linux
 

docs/usage/graphql_storefront.md

@@ -1,19 +1,21 @@
 # Make a Storefront API call
 
-The library also allows you to send GraphQL requests to the [Shopify Storefront API](https://shopify.dev/docs/api/storefront). To do that, you can use `ShopifyAPI::Clients::Graphql::Storefront` with the current session and a `storefrontAccessToken`.
+The library also allows you to send GraphQL requests to the [Shopify Storefront API](https://shopify.dev/docs/api/storefront). To do that, you can use `ShopifyAPI::Clients::Graphql::Storefront` with either a [private or public Storefront access token](https://shopify.dev/docs/api/usage/authentication#access-tokens-for-the-storefront-api).
 
 You can obtain Storefront API access tokens for both private apps and sales channels. Please read [our documentation](https://shopify.dev/docs/custom-storefronts/building-with-the-storefront-api/getting-started) to learn more about Storefront Access Tokens.
 
 Below is an example of how you may query the Storefront API:
 
 ```ruby
 # Load the access token as per instructions above
-storefront_access_token = ''
+storefront_private_access_token = ''
 # your shop domain
 shop_url = 'shop.myshopify.com'
 
-# initialize the client with session and storefront access token
-client = ShopifyAPI::Clients::Graphql::Storefront.new(shop_url, storefront_access_token)
+# initialize the client with session and a private Storefront access token
+client = ShopifyAPI::Clients::Graphql::Storefront.new(shop_url, private_token: storefront_private_access_token)
+# or, alternatively with a public Storefront access token:
+# client = ShopifyAPI::Clients::Graphql::Storefront.new(shop_url, public_token: storefront_public_access_token)
 
 query = <<~QUERY
   {
@@ -35,14 +37,19 @@ query = <<~QUERY
   }
 QUERY
 
-response = client.query(query: query)
+# You may not need the "Shopify-Storefront-Buyer-IP" header, see its documentation: 
+# https://shopify.dev/docs/api/usage/authentication#making-server-side-requests
+response = client.query(query: query, headers: { "Shopify-Storefront-Buyer-IP": request.ip })
 # do something with the returned data
 ```
 
 By default, the client uses the API version configured in `ShopifyAPI`.  To use a different API version, set the optional `api_version` parameter.  To experiment with prerelease API features, use `"unstable"` for the API version.
 
 ```ruby
-client = ShopifyAPI::Clients::Graphql::Storefront.new(shop_url, storefront_access_token, api_version: "unstable")
+client = ShopifyAPI::Clients::Graphql::Storefront.new(shop_url,
+  private_token: storefront_private_access_token,
+  api_version: "unstable"
+)
 ```
 
 Want to make calls to the Admin API? Click [here](graphql.md)

lib/shopify_api/admin_versions.rb

@@ -5,6 +5,7 @@ module ShopifyAPI
   module AdminVersions
     SUPPORTED_ADMIN_VERSIONS = T.let([
       "unstable",
+      "2024-04",
       "2024-01",
       "2023-10",
       "2023-07",
@@ -16,7 +17,7 @@ module AdminVersions
       "2022-01",
     ], T::Array[String])
 
-    LATEST_SUPPORTED_ADMIN_VERSION = T.let("2024-01", String)
+    LATEST_SUPPORTED_ADMIN_VERSION = T.let("2024-04", String)
   end
 
   SUPPORTED_ADMIN_VERSIONS = ShopifyAPI::AdminVersions::SUPPORTED_ADMIN_VERSIONS

lib/shopify_api/clients/graphql/storefront.rb

@@ -5,16 +5,38 @@ module ShopifyAPI
   module Clients
     module Graphql
       class Storefront < Client
-        sig { params(shop: String, storefront_access_token: String, api_version: T.nilable(String)).void }
-        def initialize(shop, storefront_access_token, api_version: nil)
+        sig do
+          params(
+            shop: String,
+            storefront_access_token: T.nilable(String),
+            private_token: T.nilable(String),
+            public_token: T.nilable(String),
+            api_version: T.nilable(String),
+          ).void
+        end
+        def initialize(shop, storefront_access_token = nil, private_token: nil, public_token: nil, api_version: nil)
+          unless storefront_access_token.nil?
+            warning = <<~WARNING
+              DEPRECATED: Use the named parameters for the Storefront token instead of passing
+              the public token as the second argument. Also, you may want to look into using
+              the Storefront private access token instead:
+              https://shopify.dev/docs/api/usage/authentication#getting-started-with-private-access
+            WARNING
+            ShopifyAPI::Logger.deprecated(warning, "15.0.0")
+          end
+
           session = Auth::Session.new(
             id: shop,
             shop: shop,
             access_token: "",
             is_online: false,
           )
           super(session: session, base_path: "/api", api_version: api_version)
-          @storefront_access_token = storefront_access_token
+          @storefront_access_token = T.let(T.must(private_token || public_token || storefront_access_token), String)
+          @storefront_auth_header = T.let(
+            private_token.nil? ? "X-Shopify-Storefront-Access-Token" : "Shopify-Storefront-Private-Token",
+            String,
+          )
         end
 
         sig do
@@ -26,7 +48,7 @@ def initialize(shop, storefront_access_token, api_version: nil)
           ).returns(HttpResponse)
         end
         def query(query:, variables: nil, headers: {}, tries: 1)
-          T.must(headers).merge!({ "X-Shopify-Storefront-Access-Token": @storefront_access_token })
+          T.must(headers).merge!({ @storefront_auth_header => @storefront_access_token })
           super(query: query, variables: variables, headers: headers, tries: tries)
         end
       end

lib/shopify_api/rest/resources/2024_04/abandoned_checkout.rb

@@ -0,0 +1,194 @@
+# typed: false
+# frozen_string_literal: true
+
+########################################################################################################################
+# This file is auto-generated. If you have an issue, please create a GitHub issue.                                     #
+########################################################################################################################
+
+module ShopifyAPI
+  class AbandonedCheckout < ShopifyAPI::Rest::Base
+    extend T::Sig
+
+    @prev_page_info = T.let(Concurrent::ThreadLocalVar.new { nil }, Concurrent::ThreadLocalVar)
+    @next_page_info = T.let(Concurrent::ThreadLocalVar.new { nil }, Concurrent::ThreadLocalVar)
+
+    @api_call_limit = T.let(Concurrent::ThreadLocalVar.new { nil }, Concurrent::ThreadLocalVar)
+    @retry_request_after = T.let(Concurrent::ThreadLocalVar.new { nil }, Concurrent::ThreadLocalVar)
+
+    sig { params(session: T.nilable(ShopifyAPI::Auth::Session), from_hash: T.nilable(T::Hash[T.untyped, T.untyped])).void }
+    def initialize(session: ShopifyAPI::Context.active_session, from_hash: nil)
+
+      @abandoned_checkout_url = T.let(nil, T.nilable(String))
+      @billing_address = T.let(nil, T.nilable(T::Hash[T.untyped, T.untyped]))
+      @buyer_accepts_marketing = T.let(nil, T.nilable(T::Boolean))
+      @buyer_accepts_sms_marketing = T.let(nil, T.nilable(T::Boolean))
+      @cart_token = T.let(nil, T.nilable(String))
+      @closed_at = T.let(nil, T.nilable(String))
+      @completed_at = T.let(nil, T.nilable(String))
+      @created_at = T.let(nil, T.nilable(String))
+      @currency = T.let(nil, T.nilable(Currency))
+      @customer = T.let(nil, T.nilable(Customer))
+      @customer_locale = T.let(nil, T.nilable(String))
+      @device_id = T.let(nil, T.nilable(Integer))
+      @discount_codes = T.let(nil, T.nilable(T::Array[T.untyped]))
+      @email = T.let(nil, T.nilable(String))
+      @gateway = T.let(nil, T.nilable(String))
+      @id = T.let(nil, T.nilable(Integer))
+      @landing_site = T.let(nil, T.nilable(String))
+      @line_items = T.let(nil, T.nilable(T::Hash[T.untyped, T.untyped]))
+      @location_id = T.let(nil, T.nilable(Integer))
+      @note = T.let(nil, T.nilable(String))
+      @phone = T.let(nil, T.nilable(String))
+      @presentment_currency = T.let(nil, T.nilable(String))
+      @referring_site = T.let(nil, T.nilable(String))
+      @shipping_address = T.let(nil, T.nilable(T::Hash[T.untyped, T.untyped]))
+      @shipping_lines = T.let(nil, T.nilable(T::Hash[T.untyped, T.untyped]))
+      @sms_marketing_phone = T.let(nil, T.nilable(String))
+      @source_name = T.let(nil, T.nilable(String))
+      @subtotal_price = T.let(nil, T.nilable(String))
+      @tax_lines = T.let(nil, T.nilable(T::Hash[T.untyped, T.untyped]))
+      @taxes_included = T.let(nil, T.nilable(T::Boolean))
+      @token = T.let(nil, T.nilable(String))
+      @total_discounts = T.let(nil, T.nilable(String))
+      @total_duties = T.let(nil, T.nilable(String))
+      @total_line_items_price = T.let(nil, T.nilable(String))
+      @total_price = T.let(nil, T.nilable(String))
+      @total_tax = T.let(nil, T.nilable(String))
+      @total_weight = T.let(nil, T.nilable(Integer))
+      @updated_at = T.let(nil, T.nilable(String))
+      @user_id = T.let(nil, T.nilable(Integer))
+
+      super(session: session, from_hash: from_hash)
+    end
+
+    @has_one = T.let({
+      currency: Currency,
+      customer: Customer
+    }, T::Hash[Symbol, Class])
+    @has_many = T.let({
+      discount_codes: DiscountCode
+    }, T::Hash[Symbol, Class])
+    @paths = T.let([
+      {http_method: :get, operation: :checkouts, ids: [], path: "checkouts.json"},
+      {http_method: :get, operation: :checkouts, ids: [], path: "checkouts.json"}
+    ], T::Array[T::Hash[String, T.any(T::Array[Symbol], String, Symbol)]])
+
+    sig { returns(T.nilable(String)) }
+    attr_reader :abandoned_checkout_url
+    sig { returns(T.nilable(T::Hash[T.untyped, T.untyped])) }
+    attr_reader :billing_address
+    sig { returns(T.nilable(T::Boolean)) }
+    attr_reader :buyer_accepts_marketing
+    sig { returns(T.nilable(T::Boolean)) }
+    attr_reader :buyer_accepts_sms_marketing
+    sig { returns(T.nilable(String)) }
+    attr_reader :cart_token
+    sig { returns(T.nilable(String)) }
+    attr_reader :closed_at
+    sig { returns(T.nilable(String)) }
+    attr_reader :completed_at
+    sig { returns(T.nilable(String)) }
+    attr_reader :created_at
+    sig { returns(T.nilable(Currency)) }
+    attr_reader :currency
+    sig { returns(T.nilable(Customer)) }
+    attr_reader :customer
+    sig { returns(T.nilable(String)) }
+    attr_reader :customer_locale
+    sig { returns(T.nilable(Integer)) }
+    attr_reader :device_id
+    sig { returns(T.nilable(T::Array[DiscountCode])) }
+    attr_reader :discount_codes
+    sig { returns(T.nilable(String)) }
+    attr_reader :email
+    sig { returns(T.nilable(String)) }
+    attr_reader :gateway
+    sig { returns(T.nilable(Integer)) }
+    attr_reader :id
+    sig { returns(T.nilable(String)) }
+    attr_reader :landing_site
+    sig { returns(T.nilable(T::Hash[T.untyped, T.untyped])) }
+    attr_reader :line_items
+    sig { returns(T.nilable(Integer)) }
+    attr_reader :location_id
+    sig { returns(T.nilable(String)) }
+    attr_reader :note
+    sig { returns(T.nilable(String)) }
+    attr_reader :phone
+    sig { returns(T.nilable(String)) }
+    attr_reader :presentment_currency
+    sig { returns(T.nilable(String)) }
+    attr_reader :referring_site
+    sig { returns(T.nilable(T::Hash[T.untyped, T.untyped])) }
+    attr_reader :shipping_address
+    sig { returns(T.nilable(T::Hash[T.untyped, T.untyped])) }
+    attr_reader :shipping_lines
+    sig { returns(T.nilable(String)) }
+    attr_reader :sms_marketing_phone
+    sig { returns(T.nilable(String)) }
+    attr_reader :source_name
+    sig { returns(T.nilable(String)) }
+    attr_reader :subtotal_price
+    sig { returns(T.nilable(T::Hash[T.untyped, T.untyped])) }
+    attr_reader :tax_lines
+    sig { returns(T.nilable(T::Boolean)) }
+    attr_reader :taxes_included
+    sig { returns(T.nilable(String)) }
+    attr_reader :token
+    sig { returns(T.nilable(String)) }
+    attr_reader :total_discounts
+    sig { returns(T.nilable(String)) }
+    attr_reader :total_duties
+    sig { returns(T.nilable(String)) }
+    attr_reader :total_line_items_price
+    sig { returns(T.nilable(String)) }
+    attr_reader :total_price
+    sig { returns(T.nilable(String)) }
+    attr_reader :total_tax
+    sig { returns(T.nilable(Integer)) }
+    attr_reader :total_weight
+    sig { returns(T.nilable(String)) }
+    attr_reader :updated_at
+    sig { returns(T.nilable(Integer)) }
+    attr_reader :user_id
+
+    class << self
+      sig do
+        params(
+          since_id: T.untyped,
+          created_at_min: T.untyped,
+          created_at_max: T.untyped,
+          updated_at_min: T.untyped,
+          updated_at_max: T.untyped,
+          status: T.untyped,
+          limit: T.untyped,
+          session: Auth::Session,
+          kwargs: T.untyped
+        ).returns(T.untyped)
+      end
+      def checkouts(
+        since_id: nil,
+        created_at_min: nil,
+        created_at_max: nil,
+        updated_at_min: nil,
+        updated_at_max: nil,
+        status: nil,
+        limit: nil,
+        session: ShopifyAPI::Context.active_session,
+        **kwargs
+      )
+        request(
+          http_method: :get,
+          operation: :checkouts,
+          session: session,
+          ids: {},
+          params: {since_id: since_id, created_at_min: created_at_min, created_at_max: created_at_max, updated_at_min: updated_at_min, updated_at_max: updated_at_max, status: status, limit: limit}.merge(kwargs).compact,
+          body: {},
+          entity: nil,
+        )
+      end
+
+    end
+
+  end
+end

lib/shopify_api/rest/resources/2024_04/access_scope.rb

@@ -0,0 +1,62 @@
+# typed: false
+# frozen_string_literal: true
+
+########################################################################################################################
+# This file is auto-generated. If you have an issue, please create a GitHub issue.                                     #
+########################################################################################################################
+
+module ShopifyAPI
+  class AccessScope < ShopifyAPI::Rest::Base
+    extend T::Sig
+
+    @prev_page_info = T.let(Concurrent::ThreadLocalVar.new { nil }, Concurrent::ThreadLocalVar)
+    @next_page_info = T.let(Concurrent::ThreadLocalVar.new { nil }, Concurrent::ThreadLocalVar)
+
+    @api_call_limit = T.let(Concurrent::ThreadLocalVar.new { nil }, Concurrent::ThreadLocalVar)
+    @retry_request_after = T.let(Concurrent::ThreadLocalVar.new { nil }, Concurrent::ThreadLocalVar)
+
+    sig { params(session: T.nilable(ShopifyAPI::Auth::Session), from_hash: T.nilable(T::Hash[T.untyped, T.untyped])).void }
+    def initialize(session: ShopifyAPI::Context.active_session, from_hash: nil)
+
+      @handle = T.let(nil, T.nilable(String))
+      @access_scopes = T.let(nil, T.nilable(T::Array[T.untyped]))
+
+      super(session: session, from_hash: from_hash)
+    end
+
+    @has_one = T.let({}, T::Hash[Symbol, Class])
+    @has_many = T.let({}, T::Hash[Symbol, Class])
+    @custom_prefix = T.let("/admin/oauth", T.nilable(String))
+    @paths = T.let([
+      {http_method: :get, operation: :get, ids: [], path: "access_scopes.json"}
+    ], T::Array[T::Hash[String, T.any(T::Array[Symbol], String, Symbol)]])
+
+    sig { returns(T.nilable(String)) }
+    attr_reader :handle
+    sig { returns(T.nilable(T::Array[T::Hash[T.untyped, T.untyped]])) }
+    attr_reader :access_scopes
+
+    class << self
+      sig do
+        params(
+          session: Auth::Session,
+          kwargs: T.untyped
+        ).returns(T::Array[AccessScope])
+      end
+      def all(
+        session: ShopifyAPI::Context.active_session,
+        **kwargs
+      )
+        response = base_find(
+          session: session,
+          ids: {},
+          params: {}.merge(kwargs).compact,
+        )
+
+        T.cast(response, T::Array[AccessScope])
+      end
+
+    end
+
+  end
+end