Skip to content

Feat/ensure store api key#28

Merged
willymwai merged 4 commits into
mainfrom
feat/ensure-store-api-key
Jun 13, 2026
Merged

Feat/ensure store api key#28
willymwai merged 4 commits into
mainfrom
feat/ensure-store-api-key

Conversation

@Elias-3817

Copy link
Copy Markdown
Contributor

Shops cloned by the stale worker (v2.1.5, before May 12) have no publishable API key -> Storefront shows "Something went wrong."

This PR adds POST /api/v2/platform/clone-store/ensure-api-key.

Send it a storefront URL, get back the resolved store's id and publishable API key (minted on demand if missing).

Why

The prod Sidekiq worker ran v2.1.5 (commit ad7663f) from April 11 through. That version had no key-minting step when cloning. All shops cloned in that window have a Spree store but no API key → "Something went wrong." on the storefront.

Re-polling the existing /clone-store/:id endpoint cannot fix these shops, the clone job finished. We need ed a side-channel mint. This endpoint is that side-channel, called by Olitt's reconciliation task.

Behaviour

Scenario Response
URL resolves to a store, key already exists 200 — returns existing key unchanged
URL resolves to a store, no key yet 200 — creates key, returns it
URL doesn't resolve to any store 404, errors: ["Store not found..."]`

Design notes

  • Same store finder as the storefront (Spree.current_store_finder), guarantees we mint on the store customers actually hit, automatically handling the duplicate-store case.
  • StoreApiKeyProvisioner is a new standalone service, deliberately does not refactor CloneRequestProvisioner#ensure_public_api_key! to mitigate risk of breaking the working clone path.
  • Payload shape matches the existing clone-status response (data.id, meta.status, meta.public_api_key.token/store_id) so Olitt's existing parser needs no changes.

Files changed

  • config/routes.rb -- one new route
  • app/services/spree/olitt/clone_store/store_api_key_provisioner.rb -- new
  • app/controllers/spree/api/v2/platform/clone_stores_controller.rb --new action + 4 private helpers
  • spec/services/.../store_api_key_provisioner_spec.rb -- new
  • spec/controllers/.../clone_stores_controller_spec.rb -- new describe block

…e keys

This commit introduces a new API endpoint, POST /clone-store/ensure-api-key, which allows clients to request the provisioning
of missing publishable API keys for cloned stores.
The endpoint accepts a store ID and checks if the associated publishable key exists.
If the key is missing, it generates a new one and returns it in the response.
This enhancement ensures that cloned stores have the necessary credentials to operate seamlessly without manual intervention.
adds a test to ensure that when two stores share the same URL,
the API key is minted for the oldest store. this verifies
correct behavior in the #ensure_api_key method for
duplicate store scenarios.
@qodo-code-review

Copy link
Copy Markdown

Qodo reviews are paused for this user.

Troubleshooting steps vary by plan Learn more →

On a Teams plan?
Reviews resume once this user has a paid seat and their Git account is linked in Qodo.
Link Git account →

Using GitHub Enterprise Server, GitLab Self-Managed, or Bitbucket Data Center?
These require an Enterprise plan - Contact us
Contact us →

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR introduces a new platform API endpoint to remediate stores cloned by an older worker version that failed to mint a publishable storefront API key, by resolving a store from a storefront URL and ensuring a publishable key exists (creating it if missing).

Changes:

  • Add POST /api/v2/platform/clone-store/ensure-api-key route and controller action.
  • Introduce StoreApiKeyProvisioner service to mint/find an existing publishable key (idempotently).
  • Add service and controller specs covering key minting, idempotency, and not-found behavior.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
config/routes.rb Adds the new ensure-api-key route under the platform clone-store API.
app/controllers/spree/api/v2/platform/clone_stores_controller.rb Implements ensure_api_key action + payload/error helpers for returning store id and publishable key.
app/services/spree/olitt/clone_store/store_api_key_provisioner.rb Adds a dedicated service to fetch-or-create a publishable API key for a store.
spec/services/spree/olitt/clone_store/store_api_key_provisioner_spec.rb Verifies key creation and idempotency at the service level.
spec/controllers/spree/api/v2/platform/clone_stores_controller_spec.rb Adds controller coverage for ensure-api-key success, idempotency, and 404 behavior.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread app/services/spree/olitt/clone_store/store_api_key_provisioner.rb Outdated
Comment thread app/controllers/spree/api/v2/platform/clone_stores_controller.rb
Comment thread app/controllers/spree/api/v2/platform/clone_stores_controller.rb Outdated
Order publishable key fetch by created_at desc for deterministic results
on stores with data drift. Strip and blank-check the url param before
passing to the store finder. Serialize store id as string for JSON:API
compliance.

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 5 out of 5 changed files in this pull request and generated 3 comments.

Comment thread spec/controllers/spree/api/v2/platform/clone_stores_controller_spec.rb Outdated
Comment thread spec/controllers/spree/api/v2/platform/clone_stores_controller_spec.rb Outdated
Order publishable key fetch by created_at desc for deterministic results
on stores with data drift. Strip and blank-check the url param before
passing to the store finder. Serialize store id as string for JSON:API
compliance.

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 5 out of 5 changed files in this pull request and generated 3 comments.

Comment thread app/controllers/spree/api/v2/platform/clone_stores_controller.rb
Comment thread app/controllers/spree/api/v2/platform/clone_stores_controller.rb
@willymwai willymwai merged commit e4378d1 into main Jun 13, 2026
4 checks passed
@willymwai willymwai deleted the feat/ensure-store-api-key branch June 13, 2026 05:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants