Feat/ensure store api key#28
Conversation
…e keys This commit introduces a new API endpoint, POST /clone-store/ensure-api-key, which allows clients to request the provisioning of missing publishable API keys for cloned stores. The endpoint accepts a store ID and checks if the associated publishable key exists. If the key is missing, it generates a new one and returns it in the response. This enhancement ensures that cloned stores have the necessary credentials to operate seamlessly without manual intervention.
adds a test to ensure that when two stores share the same URL, the API key is minted for the oldest store. this verifies correct behavior in the #ensure_api_key method for duplicate store scenarios.
Qodo reviews are paused for this user.Troubleshooting steps vary by plan Learn more → On a Teams plan? Using GitHub Enterprise Server, GitLab Self-Managed, or Bitbucket Data Center? |
There was a problem hiding this comment.
Pull request overview
This PR introduces a new platform API endpoint to remediate stores cloned by an older worker version that failed to mint a publishable storefront API key, by resolving a store from a storefront URL and ensuring a publishable key exists (creating it if missing).
Changes:
- Add
POST /api/v2/platform/clone-store/ensure-api-keyroute and controller action. - Introduce
StoreApiKeyProvisionerservice to mint/find an existing publishable key (idempotently). - Add service and controller specs covering key minting, idempotency, and not-found behavior.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
config/routes.rb |
Adds the new ensure-api-key route under the platform clone-store API. |
app/controllers/spree/api/v2/platform/clone_stores_controller.rb |
Implements ensure_api_key action + payload/error helpers for returning store id and publishable key. |
app/services/spree/olitt/clone_store/store_api_key_provisioner.rb |
Adds a dedicated service to fetch-or-create a publishable API key for a store. |
spec/services/spree/olitt/clone_store/store_api_key_provisioner_spec.rb |
Verifies key creation and idempotency at the service level. |
spec/controllers/spree/api/v2/platform/clone_stores_controller_spec.rb |
Adds controller coverage for ensure-api-key success, idempotency, and 404 behavior. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Order publishable key fetch by created_at desc for deterministic results on stores with data drift. Strip and blank-check the url param before passing to the store finder. Serialize store id as string for JSON:API compliance.
Order publishable key fetch by created_at desc for deterministic results on stores with data drift. Strip and blank-check the url param before passing to the store finder. Serialize store id as string for JSON:API compliance.
Shops cloned by the stale worker (v2.1.5, before May 12) have no publishable API key -> Storefront shows "Something went wrong."
This PR adds
POST /api/v2/platform/clone-store/ensure-api-key.Send it a storefront URL, get back the resolved store's id and publishable API key (minted on demand if missing).
Why
The prod Sidekiq worker ran v2.1.5 (commit
ad7663f) from April 11 through. That version had no key-minting step when cloning. All shops cloned in that window have a Spree store but no API key → "Something went wrong." on the storefront.Re-polling the existing
/clone-store/:idendpoint cannot fix these shops, the clone job finished. We need ed a side-channel mint. This endpoint is that side-channel, called by Olitt's reconciliation task.Behaviour
200— returns existing key unchanged200— creates key, returns it404,errors: ["Store not found..."]`Design notes
Spree.current_store_finder), guarantees we mint on the store customers actually hit, automatically handling the duplicate-store case.StoreApiKeyProvisioneris a new standalone service, deliberately does not refactorCloneRequestProvisioner#ensure_public_api_key!to mitigate risk of breaking the working clone path.data.id,meta.status,meta.public_api_key.token/store_id) so Olitt's existing parser needs no changes.Files changed
config/routes.rb-- one new routeapp/services/spree/olitt/clone_store/store_api_key_provisioner.rb-- newapp/controllers/spree/api/v2/platform/clone_stores_controller.rb--new action + 4 private helpersspec/services/.../store_api_key_provisioner_spec.rb-- newspec/controllers/.../clone_stores_controller_spec.rb-- new describe block