mirror of
https://gh.wpcy.net/https://github.com/discourse/discourse.git
synced 2026-05-06 03:39:06 +08:00
8c0a4bb8f9
## Summary Patreon API v1 has been deprecated for years and the Patreon team has requested we migrate to v2 (see https://meta.discourse.org/t/upgrade-patreon-discourse-plugin-to-api-v2/386701). Since hundreds of existing customers have v1 OAuth clients, this PR supports **both versions simultaneously** via an adapter pattern, controlled by a new `patreon_api_version` site setting (defaults to `"1"` so no one breaks on upgrade). ### What changed - **Adapter pattern**: `Patreon::ApiVersion::V1` and `ApiVersion::V2` modules with identical interfaces for endpoints, response parsing, and OAuth config. `ApiVersion.current` routes based on the site setting. - **v2 API support**: campaigns endpoint returns tiers (not rewards), members fetched separately with cursor-based pagination, v2 identity endpoint with explicit field selection, v2 OAuth scopes - **Webhooks accept both formats**: payload version detected from `data.type` (`"pledge"` → v1, `"member"` → v2), regardless of the site setting - **Admin deprecation notice**: `ProblemCheck::PatreonApiV1Deprecated` warns on the dashboard when still using v1 - **Shared logic unchanged**: rate limiting, PluginStore, group sync, admin UI all version-agnostic - Also fixes pre-existing flaky seed/campaign spec failures ### Migration path for existing users 1. Admin sees deprecation warning on dashboard 2. Create a new v2 OAuth client at https://www.patreon.com/portal/registration/register-clients 3. Update credentials in site settings 4. Switch `patreon_api_version` to `"2"` 5. Creator re-authenticates via Patreon login to get v2-scoped tokens 6. Trigger a manual data sync from the Patreon admin panel ### Future v1 removal When ready to drop v1: delete `lib/api_version/v1.rb`, the problem check, the site setting, v1 fixtures, and v1 test contexts — one clean cut. ## Test plan - [x] All 41 plugin specs pass (both v1 and v2 contexts) - [x] Lint passes on all changed files - [x] Zeitwerk reload passes (`bin/rails runner "Rails.application.reloader.reload!"`) - [x] Manual testing with a real Patreon v2 OAuth client
88 lines
2.3 KiB
Ruby
88 lines
2.3 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
require "openssl"
|
|
require "json"
|
|
|
|
class Patreon::PatreonWebhookController < ApplicationController
|
|
requires_plugin Patreon::PLUGIN_NAME
|
|
|
|
skip_before_action :redirect_to_login_if_required,
|
|
:preload_json,
|
|
:check_xhr,
|
|
:verify_authenticity_token
|
|
|
|
TRIGGERS = %w[
|
|
pledges:create
|
|
pledges:update
|
|
pledges:delete
|
|
members:create
|
|
members:update
|
|
members:delete
|
|
members:pledge:create
|
|
members:pledge:update
|
|
members:pledge:delete
|
|
].freeze
|
|
|
|
def index
|
|
if unknown_trigger?
|
|
message = event.blank? ? "Missing event header" : "Unknown event: #{event}"
|
|
Rails.logger.warn("Patreon Webhook failed: #{message}") if SiteSetting.patreon_verbose_log
|
|
render_json_error(message, status: 403)
|
|
return
|
|
end
|
|
|
|
if !valid_signature?
|
|
if SiteSetting.patreon_verbose_log
|
|
Rails.logger.warn("Patreon Webhook failed: Invalid signature")
|
|
end
|
|
render_json_error("Invalid signature", status: 403)
|
|
return
|
|
end
|
|
|
|
pledge_data = JSON.parse(request.body.read)
|
|
adapter = Patreon::ApiVersion.adapter_for_payload(pledge_data)
|
|
patreon_id = Patreon::Pledge.get_patreon_id(pledge_data, adapter: adapter)
|
|
|
|
if SiteSetting.patreon_verbose_log
|
|
Rails.logger.warn(
|
|
"Patreon verbose log for Webhook:\n Event = #{event}\n Id = #{patreon_id}\n Data = #{pledge_data.inspect}",
|
|
)
|
|
end
|
|
|
|
case event
|
|
when /create$/
|
|
Patreon::Pledge.create!(pledge_data, adapter: adapter)
|
|
when /update$/
|
|
Patreon::Pledge.update!(pledge_data, adapter: adapter)
|
|
when /delete$/
|
|
Patreon::Pledge.delete!(pledge_data, adapter: adapter)
|
|
end
|
|
|
|
Jobs.enqueue(:sync_patron_groups, patreon_id: patreon_id)
|
|
|
|
render body: nil, status: :ok
|
|
end
|
|
|
|
def event
|
|
request.headers["X-Patreon-Event"]
|
|
end
|
|
|
|
def unknown_trigger?
|
|
TRIGGERS.exclude?(event)
|
|
end
|
|
|
|
private
|
|
|
|
def valid_signature?
|
|
secret = SiteSetting.patreon_webhook_secret
|
|
return false if secret.blank?
|
|
|
|
signature = request.headers["X-Patreon-Signature"]
|
|
digest = OpenSSL::Digest.new("MD5")
|
|
|
|
ActiveSupport::SecurityUtils.secure_compare(
|
|
signature.to_s,
|
|
OpenSSL::HMAC.hexdigest(digest, secret, request.raw_post),
|
|
)
|
|
end
|
|
end
|
