mirror of
https://github.com/stripe/stripe-ruby.git
synced 2025-06-04 00:01:12 -04:00
44766516d9
* Convert library to use built-in `Net::HTTP`
Moves the library off of Faraday and over onto the standard library's
built-in `Net::HTTP` module. The upside of the transition is that we
break away from a few dependencies that have caused us a fair bit of
trouble in the past, the downside is that we need more of our own code
to do things (although surprisingly, not that much more).
The biggest new pieces are:
* `ConnectionManager`: A per-thread class that manages a connection to
each Stripe infrastructure URL (like `api.stripe.com`,
`connect.stripe.com`, etc.) so that we can reuse them between
requests. It's also responsible for setting up and configuring new
`Net::HTTP` connections, which is a little more heavyweight
code-wise compared to other libraries. All of this could have lived in
`StripeClient`, but I extracted it because that class has gotten so
big.
* `MultipartEncoder`: A class that does multipart form encoding for file
uploads. Unfortunately, Ruby doesn't bundle anything like this. I
built this by referencing the Go implementation because the original
RFC is not very detailed or well-written. I also made sure that it was
behaving similarly to our other custom implementations like
stripe-node, and that it can really upload a file outside the test
suite.
There's some risk here in that it's easy to miss something across one of
these big transitions. I've tried to test out various error cases
through tests, but also by leaving scripts running as I terminate my
network connection and bring it back. That said, we'd certainly release
on a major version bump because some of the interface (like setting
`Stripe.default_client`) changes.
* Drop support for old versions of Ruby
Drops support for Ruby 2.1 (EOL March 31, 2017) and 2.2 (EOL March 31,
2018). They're removed from `.travis.yml` and the gemspec and RuboCop
configuration have also been updated to the new lower bound.
Most of the diff here are minor updates to styling as required by
RuboCop:
* String literals are frozen by default, so the `.freeze` we had
everywhere is now considered redundant.
* We can now use Ruby 1.9 style hash syntax with string keys like `{
"foo": "bar" }`.
* Converted a few heredocs over to use squiggly (leading whitespace
removed) syntax.
As discussed in Slack, I didn't drop support for Ruby 2.3 (EOL March 31,
2019) as we still have quite a few users on it. As far as I know
dropping it doesn't get us access to any major syntax improvements or
anything, so it's probably not a big deal.
* Make `CardError`'s `code` parameter named instead of positional (#816)
Makes the `code` parameter on `CardError` named instead of positional.
This makes it more consistent with the rest of the constructor's
parameters and makes instantiating `CardError` from `StripeClient`
cleaner.
This is a minor breaking change so we're aiming to release it for the
next major version of stripe-ruby.
* Bump Rubocop to latest version (#818)
* Ruby minimum version increase followup (#819)
* Remove old deprecated methods (#820)
* Remove all alias for list methods (#823)
* Remove UsageRecord.create method (#826)
* Remove IssuerFraudRecord (#827)
* Add ErrorObject to StripeError exceptions (#811)
* Tweak retry logic to be a little more like stripe-node (#828)
Tweaks the retry logic to be a little more like stripe-node's. In
particular, we also retry under these conditions:
* If we receive a 500 on a non-`POST` request.
* If we receive a 503.
I made it slightly different from stripe-node which checks for a 500
with `>= 500`. I don't really like that -- if we want to retry specific
status codes we should be explicit about it.
We're actively re-examining ways on how to make it easier for clients to
figure out when to retry right now, but I figure V5 is a good time to
tweak this because the modifications change the method signature of
`should_retry?` slightly, and it's technically a public method.
* Fix inverted sign for 500 retries (#830)
I messed up in #828 by (1) accidentally flipping the comparison against
`:post` when checking whether to retry on 500, and (2) forgetting to
write new tests for the condition, which is how (1) got through.
This patch fixes both those problems.
* Remove a few more very old deprecated methods (#831)
I noticed that we had a couple of other deprecated methods on `Stripe`
and `StripeObject` that have been around for a long time. May as well
get rid of them too -- luckily they were using `Gem::Deprecate` so
they've been producing annoying deprecated warnings for quite a while
now.
* Remove extraneous slash at the end of the line
* Reset connections when connection-changing configuration changes (#829)
Adds a few basic features around connection and connection manager
management:
* `clear` on connection manager, which calls `finish` on each active
connection and then disposes of it.
* A centralized cross-thread tracking system for connection managers in
`StripeClient` and `clear_all_connection_managers` which clears all
known connection managers across all threads in a thread-safe way.
The addition of these allow us to modify the implementation of some of
our configuration on `Stripe` so that it can reset all currently open
connections when its value changes.
This fixes a currently problem with the library whereby certain
configuration must be set before the first request or it remains fixed
on any open connections. For example, if `Stripe.proxy` is set after a
request is made from the library, it has no effect because the proxy
must have been set when the connection was originally being initialized.
The impetus for getting this out is that I noticed that we will need
this internally in a few places when we're upgrading to stripe-ruby V5.
Those spots used to be able to hack around the unavailability of this
feature by just accessing the Faraday connection directly and resetting
state on it, but in V5 `StripeClient#conn` is gone, and that's no longer
possible.
* Minor cleanup in `StripeClient` (#832)
I ended up having to relax the maximum method line length in a few
previous PRs, so I wanted to try one more cleanup pass in
`execute_request` to see if I could get it back at all.
The answer was "not by much" (without reducing clarity), but I found a
few places that could be tweaked. Unfortunately, ~50 lines is probably
the "right" length for this method in that you _could_ extract it
further, but you'd end up passing huge amounts of state all over the
place in method parameters, and it really wouldn't look that good.
* Do better bookkeeping when tracking state in `Thread.current` (#833)
This is largely just another cleanup patch, but does a couple main
things:
* Hoists the `last_response` value into thread state. This is a very
minor nicety, but effectively makes `StripeClient` fully thread-safe,
which seems like a minor nicety. Two calls to `#request` to the same
`StripeObject` can now be executed on two different threads and their
results won't interfere with each other.
* Moves state off one-off `Thread.current` keys and into a single one
for the whole client which stores a new simple type of record called
`ThreadContext`. Again, this doesn't change much, but adds some minor
type safety and lets us document each field we expect to have in a
thread's context.
* Add Invoice.list_upcoming_line_items method (#834)
340 lines
11 KiB
Ruby
340 lines
11 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
require "cgi"
|
|
|
|
module Stripe
|
|
module Util
|
|
# Options that a user is allowed to specify.
|
|
OPTS_USER_SPECIFIED = Set[
|
|
:api_key,
|
|
:idempotency_key,
|
|
:stripe_account,
|
|
:stripe_version
|
|
].freeze
|
|
|
|
# Options that should be copyable from one StripeObject to another
|
|
# including options that may be internal.
|
|
OPTS_COPYABLE = (
|
|
OPTS_USER_SPECIFIED + Set[:api_base]
|
|
).freeze
|
|
|
|
# Options that should be persisted between API requests. This includes
|
|
# client, which is an object containing an HTTP client to reuse.
|
|
OPTS_PERSISTABLE = (
|
|
OPTS_USER_SPECIFIED + Set[:client] - Set[:idempotency_key]
|
|
).freeze
|
|
|
|
def self.objects_to_ids(obj)
|
|
case obj
|
|
when APIResource
|
|
obj.id
|
|
when Hash
|
|
res = {}
|
|
obj.each { |k, v| res[k] = objects_to_ids(v) unless v.nil? }
|
|
res
|
|
when Array
|
|
obj.map { |v| objects_to_ids(v) }
|
|
else
|
|
obj
|
|
end
|
|
end
|
|
|
|
def self.object_classes
|
|
@object_classes ||= Stripe::ObjectTypes.object_names_to_classes
|
|
end
|
|
|
|
def self.object_name_matches_class?(object_name, klass)
|
|
Util.object_classes[object_name] == klass
|
|
end
|
|
|
|
# Converts a hash of fields or an array of hashes into a +StripeObject+ or
|
|
# array of +StripeObject+s. These new objects will be created as a concrete
|
|
# type as dictated by their `object` field (e.g. an `object` value of
|
|
# `charge` would create an instance of +Charge+), but if `object` is not
|
|
# present or of an unknown type, the newly created instance will fall back
|
|
# to being a +StripeObject+.
|
|
#
|
|
# ==== Attributes
|
|
#
|
|
# * +data+ - Hash of fields and values to be converted into a StripeObject.
|
|
# * +opts+ - Options for +StripeObject+ like an API key that will be reused
|
|
# on subsequent API calls.
|
|
def self.convert_to_stripe_object(data, opts = {})
|
|
opts = normalize_opts(opts)
|
|
|
|
case data
|
|
when Array
|
|
data.map { |i| convert_to_stripe_object(i, opts) }
|
|
when Hash
|
|
# Try converting to a known object class. If none available, fall back
|
|
# to generic StripeObject
|
|
object_classes.fetch(data[:object], StripeObject)
|
|
.construct_from(data, opts)
|
|
else
|
|
data
|
|
end
|
|
end
|
|
|
|
def self.log_error(message, data = {})
|
|
if !Stripe.logger.nil? ||
|
|
!Stripe.log_level.nil? && Stripe.log_level <= Stripe::LEVEL_ERROR
|
|
log_internal(message, data, color: :cyan, level: Stripe::LEVEL_ERROR,
|
|
logger: Stripe.logger, out: $stderr)
|
|
end
|
|
end
|
|
|
|
def self.log_info(message, data = {})
|
|
if !Stripe.logger.nil? ||
|
|
!Stripe.log_level.nil? && Stripe.log_level <= Stripe::LEVEL_INFO
|
|
log_internal(message, data, color: :cyan, level: Stripe::LEVEL_INFO,
|
|
logger: Stripe.logger, out: $stdout)
|
|
end
|
|
end
|
|
|
|
def self.log_debug(message, data = {})
|
|
if !Stripe.logger.nil? ||
|
|
!Stripe.log_level.nil? && Stripe.log_level <= Stripe::LEVEL_DEBUG
|
|
log_internal(message, data, color: :blue, level: Stripe::LEVEL_DEBUG,
|
|
logger: Stripe.logger, out: $stdout)
|
|
end
|
|
end
|
|
|
|
def self.symbolize_names(object)
|
|
case object
|
|
when Hash
|
|
new_hash = {}
|
|
object.each do |key, value|
|
|
key = (begin
|
|
key.to_sym
|
|
rescue StandardError
|
|
key
|
|
end) || key
|
|
new_hash[key] = symbolize_names(value)
|
|
end
|
|
new_hash
|
|
when Array
|
|
object.map { |value| symbolize_names(value) }
|
|
else
|
|
object
|
|
end
|
|
end
|
|
|
|
# Encodes a hash of parameters in a way that's suitable for use as query
|
|
# parameters in a URI or as form parameters in a request body. This mainly
|
|
# involves escaping special characters from parameter keys and values (e.g.
|
|
# `&`).
|
|
def self.encode_parameters(params)
|
|
Util.flatten_params(params)
|
|
.map { |k, v| "#{url_encode(k)}=#{url_encode(v)}" }.join("&")
|
|
end
|
|
|
|
# Encodes a string in a way that makes it suitable for use in a set of
|
|
# query parameters in a URI or in a set of form parameters in a request
|
|
# body.
|
|
def self.url_encode(key)
|
|
CGI.escape(key.to_s).
|
|
# Don't use strict form encoding by changing the square bracket control
|
|
# characters back to their literals. This is fine by the server, and
|
|
# makes these parameter strings easier to read.
|
|
gsub("%5B", "[").gsub("%5D", "]")
|
|
end
|
|
|
|
def self.flatten_params(params, parent_key = nil)
|
|
result = []
|
|
|
|
# do not sort the final output because arrays (and arrays of hashes
|
|
# especially) can be order sensitive, but do sort incoming parameters
|
|
params.each do |key, value|
|
|
calculated_key = parent_key ? "#{parent_key}[#{key}]" : key.to_s
|
|
if value.is_a?(Hash)
|
|
result += flatten_params(value, calculated_key)
|
|
elsif value.is_a?(Array)
|
|
result += flatten_params_array(value, calculated_key)
|
|
else
|
|
result << [calculated_key, value]
|
|
end
|
|
end
|
|
|
|
result
|
|
end
|
|
|
|
def self.flatten_params_array(value, calculated_key)
|
|
result = []
|
|
value.each_with_index do |elem, i|
|
|
if elem.is_a?(Hash)
|
|
result += flatten_params(elem, "#{calculated_key}[#{i}]")
|
|
elsif elem.is_a?(Array)
|
|
result += flatten_params_array(elem, calculated_key)
|
|
else
|
|
result << ["#{calculated_key}[#{i}]", elem]
|
|
end
|
|
end
|
|
result
|
|
end
|
|
|
|
def self.normalize_id(id)
|
|
if id.is_a?(Hash) # overloaded id
|
|
params_hash = id.dup
|
|
id = params_hash.delete(:id)
|
|
else
|
|
params_hash = {}
|
|
end
|
|
[id, params_hash]
|
|
end
|
|
|
|
# The secondary opts argument can either be a string or hash
|
|
# Turn this value into an api_key and a set of headers
|
|
def self.normalize_opts(opts)
|
|
case opts
|
|
when String
|
|
{ api_key: opts }
|
|
when Hash
|
|
check_api_key!(opts.fetch(:api_key)) if opts.key?(:api_key)
|
|
opts.clone
|
|
else
|
|
raise TypeError, "normalize_opts expects a string or a hash"
|
|
end
|
|
end
|
|
|
|
def self.check_string_argument!(key)
|
|
raise TypeError, "argument must be a string" unless key.is_a?(String)
|
|
|
|
key
|
|
end
|
|
|
|
def self.check_api_key!(key)
|
|
raise TypeError, "api_key must be a string" unless key.is_a?(String)
|
|
|
|
key
|
|
end
|
|
|
|
# Normalizes header keys so that they're all lower case and each
|
|
# hyphen-delimited section starts with a single capitalized letter. For
|
|
# example, `request-id` becomes `Request-Id`. This is useful for extracting
|
|
# certain key values when the user could have set them with a variety of
|
|
# diffent naming schemes.
|
|
def self.normalize_headers(headers)
|
|
headers.each_with_object({}) do |(k, v), new_headers|
|
|
k = k.to_s.tr("_", "-") if k.is_a?(Symbol)
|
|
k = k.split("-").reject(&:empty?).map(&:capitalize).join("-")
|
|
|
|
new_headers[k] = v
|
|
end
|
|
end
|
|
|
|
# Generates a Dashboard link to inspect a request ID based off of a request
|
|
# ID value and an API key, which is used to attempt to extract whether the
|
|
# environment is livemode or testmode.
|
|
def self.request_id_dashboard_url(request_id, api_key)
|
|
env = !api_key.nil? && api_key.start_with?("sk_live") ? "live" : "test"
|
|
"https://dashboard.stripe.com/#{env}/logs/#{request_id}"
|
|
end
|
|
|
|
# Constant time string comparison to prevent timing attacks
|
|
# Code borrowed from ActiveSupport
|
|
def self.secure_compare(str_a, str_b)
|
|
return false unless str_a.bytesize == str_b.bytesize
|
|
|
|
l = str_a.unpack "C#{str_a.bytesize}"
|
|
|
|
res = 0
|
|
str_b.each_byte { |byte| res |= byte ^ l.shift }
|
|
res.zero?
|
|
end
|
|
|
|
#
|
|
# private
|
|
#
|
|
|
|
COLOR_CODES = {
|
|
black: 0, light_black: 60,
|
|
red: 1, light_red: 61,
|
|
green: 2, light_green: 62,
|
|
yellow: 3, light_yellow: 63,
|
|
blue: 4, light_blue: 64,
|
|
magenta: 5, light_magenta: 65,
|
|
cyan: 6, light_cyan: 66,
|
|
white: 7, light_white: 67,
|
|
default: 9,
|
|
}.freeze
|
|
private_constant :COLOR_CODES
|
|
|
|
# Uses an ANSI escape code to colorize text if it's going to be sent to a
|
|
# TTY.
|
|
def self.colorize(val, color, isatty)
|
|
return val unless isatty
|
|
|
|
mode = 0 # default
|
|
foreground = 30 + COLOR_CODES.fetch(color)
|
|
background = 40 + COLOR_CODES.fetch(:default)
|
|
|
|
"\033[#{mode};#{foreground};#{background}m#{val}\033[0m"
|
|
end
|
|
private_class_method :colorize
|
|
|
|
# Turns an integer log level into a printable name.
|
|
def self.level_name(level)
|
|
case level
|
|
when LEVEL_DEBUG then "debug"
|
|
when LEVEL_ERROR then "error"
|
|
when LEVEL_INFO then "info"
|
|
else level
|
|
end
|
|
end
|
|
private_class_method :level_name
|
|
|
|
def self.log_internal(message, data = {}, color:, level:, logger:, out:)
|
|
data_str = data.reject { |_k, v| v.nil? }
|
|
.map do |(k, v)|
|
|
format("%<key>s=%<value>s",
|
|
key: colorize(k, color, logger.nil? && !out.nil? && out.isatty),
|
|
value: wrap_logfmt_value(v))
|
|
end.join(" ")
|
|
|
|
if !logger.nil?
|
|
# the library's log levels are mapped to the same values as the
|
|
# standard library's logger
|
|
logger.log(level,
|
|
format("message=%<message>s %<data_str>s",
|
|
message: wrap_logfmt_value(message),
|
|
data_str: data_str))
|
|
elsif out.isatty
|
|
out.puts format("%<level>s %<message>s %<data_str>s",
|
|
level: colorize(level_name(level)[0, 4].upcase,
|
|
color, out.isatty),
|
|
message: message,
|
|
data_str: data_str)
|
|
else
|
|
out.puts format("message=%<message>s level=%<level>s %<data_str>s",
|
|
message: wrap_logfmt_value(message),
|
|
level: level_name(level),
|
|
data_str: data_str)
|
|
end
|
|
end
|
|
private_class_method :log_internal
|
|
|
|
# Wraps a value in double quotes if it looks sufficiently complex so that
|
|
# it can be read by logfmt parsers.
|
|
def self.wrap_logfmt_value(val)
|
|
# If value is any kind of number, just allow it to be formatted directly
|
|
# to a string (this will handle integers or floats).
|
|
return val if val.is_a?(Numeric)
|
|
|
|
# Hopefully val is a string, but protect in case it's not.
|
|
val = val.to_s
|
|
|
|
if %r{[^\w\-/]} =~ val
|
|
# If the string contains any special characters, escape any double
|
|
# quotes it has, remove newlines, and wrap the whole thing in quotes.
|
|
format(%("%<value>s"), value: val.gsub('"', '\"').delete("\n"))
|
|
else
|
|
# Otherwise use the basic value if it looks like a standard set of
|
|
# characters (and allow a few special characters like hyphens, and
|
|
# slashes)
|
|
val
|
|
end
|
|
end
|
|
private_class_method :wrap_logfmt_value
|
|
end
|
|
end
|