Skip to content

Tremendous new component #14351

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 7 commits into from
Nov 5, 2024
Merged

Tremendous new component #14351

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
efa948e
App and package updates
GTFalcao Oct 18, 2024
a0fcd9f
pnpm
GTFalcao Oct 18, 2024
15cbeb5
Create Order action
GTFalcao Oct 18, 2024
48f13d2
Prop definitions and requests
GTFalcao Oct 18, 2024
8d7b98e
Type adjustment
GTFalcao Oct 18, 2024
ade3114
Import fix
GTFalcao Oct 18, 2024
6f0a79b
Adding and adjusting several props
GTFalcao Oct 31, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
107 changes: 107 additions & 0 deletions components/tremendous/actions/create-order-email-reward/create-order-email-reward.mjs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,107 @@
import app from "../../tremendous.app.mjs";
import { DELIVERY_METHOD_OPTIONS } from "../../common/constants.mjs";

export default {
name: "Create Order Email Reward",
version: "0.0.1",
key: "tremendous-create-order-email-reward",
description: "Create an order to send out a reward. [See the documentation](https://developers.tremendous.com/reference/create-order)",
type: "action",
props: {
app,
campaignId: {
propDefinition: [
app,
"campaignId",
],
optional: true,
},
products: {
propDefinition: [
app,
"products",
],
optional: true,
},
Comment on lines +12 to +25
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Add runtime validation for campaign/products requirement.

While the info box alerts users that either Products or Campaign ID must be specified, there's no runtime validation enforcing this requirement. This could lead to invalid API calls.

Add validation in the run method:

 async run({ $ }) {
+  if (!this.campaignId && !this.products) {
+    throw new Error("Either Campaign ID or Products must be specified");
+  }
   const response = await this.app.createOrder({

Also applies to: 26-30

infoBox: {
type: "alert",
alertType: "info",
content: "Either `Products` or `Campaign ID` must be specified. [See the documentation](https://developers.tremendous.com/reference/create-order) for more information.",
},
fundingSourceId: {
propDefinition: [
app,
"fundingSourceId",
],
default: "balance",
},
externalId: {
type: "string",
label: "External ID",
description: "Reference for this order. If set, any subsequent requests with the same `External ID` will not create any further orders, and simply return the initially created order.",
optional: true,
},
valueAmount: {
type: "string",
label: "Value Amount",
description: "Amount of the reward.",
},
valueCurrencyCode: {
type: "string",
label: "Value Currency Code",
description: "Currency of the reward.",
},
Comment on lines +44 to +53
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Add validation for value amount and currency code.

The valueAmount and valueCurrencyCode fields lack format validation:

  1. Amount should be a valid numeric string
  2. Currency code should follow ISO 4217 format (e.g., USD, EUR)

Add validation:

 valueAmount: {
   type: "string",
   label: "Value Amount",
   description: "Amount of the reward.",
+  validate: (value) => {
+    if (!/^\d+(\.\d{1,2})?$/.test(value)) {
+      throw new Error("Value amount must be a valid number with up to 2 decimal places");
+    }
+  },
 },
 valueCurrencyCode: {
   type: "string",
   label: "Value Currency Code",
   description: "Currency of the reward.",
+  validate: (value) => {
+    if (!/^[A-Z]{3}$/.test(value)) {
+      throw new Error("Currency code must be a 3-letter ISO 4217 code (e.g., USD)");
+    }
+  },
 },
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
valueAmount: {
type: "string",
label: "Value Amount",
description: "Amount of the reward.",
},
valueCurrencyCode: {
type: "string",
label: "Value Currency Code",
description: "Currency of the reward.",
},
valueAmount: {
type: "string",
label: "Value Amount",
description: "Amount of the reward.",
validate: (value) => {
if (!/^\d+(\.\d{1,2})?$/.test(value)) {
throw new Error("Value amount must be a valid number with up to 2 decimal places");
}
},
},
valueCurrencyCode: {
type: "string",
label: "Value Currency Code",
description: "Currency of the reward.",
validate: (value) => {
if (!/^[A-Z]{3}$/.test(value)) {
throw new Error("Currency code must be a 3-letter ISO 4217 code (e.g., USD)");
}
},
},

recipientName: {
type: "string",
label: "Recipient Name",
description: "Name of the recipient.",
},
recipientEmail: {
type: "string",
label: "Recipient Email",
description: "Email address of the recipient.",
},
recipientPhone: {
type: "string",
label: "Recipient Phone",
description: "Phone number of the recipient. For non-US phone numbers, specify the country code (prefixed with `+`).",
},
Comment on lines +64 to +68
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Enhance phone number validation.

While the description specifies the format for international phone numbers, there's no validation to ensure compliance.

Add validation for phone numbers:

 recipientPhone: {
   type: "string",
   label: "Recipient Phone",
   description: "Phone number of the recipient. For non-US phone numbers, specify the country code (prefixed with `+`).",
+  validate: (value) => {
+    if (!/^\+?[1-9]\d{1,14}$/.test(value)) {
+      throw new Error("Invalid phone number format. Use E.164 format (e.g., +1234567890)");
+    }
+  },
   optional: true,
 },
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
recipientPhone: {
type: "string",
label: "Recipient Phone",
description: "Phone number of the recipient. For non-US phone numbers, specify the country code (prefixed with `+`).",
},
recipientPhone: {
type: "string",
label: "Recipient Phone",
description: "Phone number of the recipient. For non-US phone numbers, specify the country code (prefixed with `+`).",
validate: (value) => {
if (!/^\+?[1-9]\d{1,14}$/.test(value)) {
throw new Error("Invalid phone number format. Use E.164 format (e.g., +1234567890)");
}
},
optional: true,
},

deliveryMethod: {
type: "string",
label: "Delivery Method",
description: "How to deliver the reward to the recipient.",
options: DELIVERY_METHOD_OPTIONS,
},
},
async run({ $ }) {
const response = await this.app.createOrder({
$,
data: {
external_id: this.externalId,
payment: {
funding_source_id: this.fundingSourceId,
},
reward: {
campaign_id: this.campaignId,
products: this.products,
value: {
denomination: this.valueAmount,
currency_code: this.valueCurrencyCode,
},
recipient: {
name: this.recipientName,
email: this.recipientEmail,
phone: this.recipientPhone,
},
delivery: {
method: this.deliveryMethod,
},
},
},
});

$.export("$summary", `Successfully created order (ID: ${response?.order?.id})`);

return response;
},
Comment on lines +76 to +106
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Enhance error handling and response validation.

The current implementation has several potential issues:

  1. No explicit error handling for API failures
  2. No validation of the response structure
  3. Unsafe optional chaining in summary message

Implement proper error handling and validation:

 async run({ $ }) {
+  if (!this.campaignId && !this.products) {
+    throw new Error("Either Campaign ID or Products must be specified");
+  }
+
   const response = await this.app.createOrder({
     $,
     data: {
       external_id: this.externalId,
       payment: {
         funding_source_id: this.fundingSourceId,
       },
       reward: {
         campaign_id: this.campaignId,
         products: this.products,
         value: {
           denomination: this.valueAmount,
           currency_code: this.valueCurrencyCode,
         },
         recipient: {
           name: this.recipientName,
           email: this.recipientEmail,
           phone: this.recipientPhone,
         },
         delivery: {
           method: this.deliveryMethod,
         },
       },
     },
   });

+  if (!response?.order?.id) {
+    throw new Error("Failed to create order: Invalid response structure");
+  }

-  $.export("$summary", `Successfully created order (ID: ${response?.order?.id})`);
+  $.export("$summary", `Successfully created order (ID: ${response.order.id})`);

   return response;
 },
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
async run({ $ }) {
const response = await this.app.createOrder({
$,
data: {
external_id: this.externalId,
payment: {
funding_source_id: this.fundingSourceId,
},
reward: {
campaign_id: this.campaignId,
products: this.products,
value: {
denomination: this.valueAmount,
currency_code: this.valueCurrencyCode,
},
recipient: {
name: this.recipientName,
email: this.recipientEmail,
phone: this.recipientPhone,
},
delivery: {
method: this.deliveryMethod,
},
},
},
});
$.export("$summary", `Successfully created order (ID: ${response?.order?.id})`);
return response;
},
async run({ $ }) {
if (!this.campaignId && !this.products) {
throw new Error("Either Campaign ID or Products must be specified");
}
const response = await this.app.createOrder({
$,
data: {
external_id: this.externalId,
payment: {
funding_source_id: this.fundingSourceId,
},
reward: {
campaign_id: this.campaignId,
products: this.products,
value: {
denomination: this.valueAmount,
currency_code: this.valueCurrencyCode,
},
recipient: {
name: this.recipientName,
email: this.recipientEmail,
phone: this.recipientPhone,
},
delivery: {
method: this.deliveryMethod,
},
},
},
});
if (!response?.order?.id) {
throw new Error("Failed to create order: Invalid response structure");
}
$.export("$summary", `Successfully created order (ID: ${response.order.id})`);
return response;
},

};
Comment on lines +1 to +107
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codebase verification

Based on the code analysis, I can now provide the final response:

PII handling is secure, but rate limiting needs attention

The code review reveals:

  • PII (email, phone) is properly handled and not explicitly logged. The platform's axios implementation only logs debug information when explicitly requested.
  • However, there's no rate limit handling implemented in either the Tremendous app or the platform's axios client.

Action items:

  • Implement rate limit handling in the Tremendous app to prevent API quota exhaustion
  • Consider adding exponential backoff for failed requests
  • Add proper error handling for 429 (Too Many Requests) responses
🔗 Analysis chain

Verify API rate limits and PII handling.

Since this component handles sensitive information (email, phone) and makes external API calls, please ensure:

  1. API rate limits are properly handled
  2. PII is not logged in debug messages

Let's check the app file for rate limit handling:

Let me gather more information about rate limiting and PII handling in the Tremendous app specifically:

Let me check the platform's axios implementation since it's being used for the HTTP client:

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check if rate limiting is implemented in the app file
rg -i "rate.?limit" --type js
# Check for any debug logging of sensitive data
rg -i "console.log|debug" --type js

Length of output: 2773

Script:

#!/bin/bash
# Check the Tremendous app file for error handling and API calls
rg -A 5 "createOrder|handleError" components/tremendous/
# Check for any HTTP client configuration
cat components/tremendous/tremendous.app.mjs

Length of output: 3697

Script:

#!/bin/bash
# Check platform's axios implementation for rate limiting and error handling
cat platform/dist/axios.js

Length of output: 6359

15 changes: 15 additions & 0 deletions components/tremendous/common/constants.mjs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
export const DELIVERY_METHOD_OPTIONS = [
{
value: "EMAIL",
label: "Deliver the reward to the recipient by email",
},
{
value: "LINK",
label: "Deliver the reward to the recipient via a link.",
},

{
value: "PHONE",
label: "Deliver the reward to the recipient by SMS",
},
];
Comment on lines +1 to +15
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Consider adding JSDoc type definitions

Adding type definitions would improve IDE support and make the code more maintainable.

Add this before the constant definition:

/**
 * @typedef {Object} DeliveryMethodOption
 * @property {('EMAIL'|'LINK'|'SMS')} value - The delivery method identifier
 * @property {string} label - Human-readable description of the delivery method
 */

/** @type {DeliveryMethodOption[]} */

18 changes: 18 additions & 0 deletions components/tremendous/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
{
"name": "@pipedream/tremendous",
"version": "0.0.1",
"description": "Pipedream Tremendous Components",
"main": "tremendous.app.mjs",
"keywords": [
"pipedream",
"tremendous"
],
"homepage": "https://pipedream.com/apps/tremendous",
"author": "Pipedream <support@pipedream.com> (https://pipedream.com/)",
"publishConfig": {
"access": "public"
},
"dependencies": {
"@pipedream/platform": "^3.0.3"
}
}
86 changes: 82 additions & 4 deletions components/tremendous/tremendous.app.mjs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,89 @@
import { axios } from "@pipedream/platform";

export default {
type: "app",
app: "tremendous",
propDefinitions: {},
propDefinitions: {
campaignId: {
type: "string",
label: "Campaign ID",
description: "ID of the campaign in your account, that defines the available products (different gift cards, charity, etc.) that the recipient can choose from.",
async options() {
const { campaigns } = await this.listCampaigns();
return campaigns?.map(({
id, name,
}) => ({
label: name,
value: id,
}));
},
Comment on lines +11 to +19
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Refactor options methods to reduce duplication

The options methods for campaignId, products, and fundingSourceId have similar implementations. Consider refactoring them into a reusable helper function to improve maintainability.

Here's an example of how you might implement a helper method:

async fetchOptions(fetchMethod, dataKey, labelKey, valueKey) {
  const response = await fetchMethod();
  const data = response[dataKey];
  return data?.map((item) => ({
    label: item[labelKey],
    value: item[valueKey],
  }));
}

Update your options methods:

-async options() {
-  const { campaigns } = await this.listCampaigns();
-  return campaigns?.map(({ id, name }) => ({
-    label: name,
-    value: id,
-  }));
-},
+options() {
+  return this.fetchOptions(
+    this.listCampaigns.bind(this),
+    "campaigns",
+    "name",
+    "id"
+  );
+},

Apply similar changes to the products and fundingSourceId options methods.

Also applies to: 25-33, 39-47

},
products: {
type: "string[]",
label: "Products",
description: "IDs of products (different gift cards, charity, etc.) that will be available to the recipient to choose from. If this and `Campaign ID` are specified, this will override the products made available by the campaign. It will not override other campaign attributes, like the message and customization of the look and feel.",
async options() {
const { products } = await this.listProducts();
return products?.map(({
id, name,
}) => ({
label: name,
value: id,
}));
},
},
fundingSourceId: {
type: "string",
label: "Funding Source ID",
description: "Tremendous ID of the funding source that will be used to pay for the order. Use `balance` to use your Tremendous's balance.",
async options() {
const response = await this.listFundingSources();
return response.funding_sources?.map(({
id, method,
}) => ({
label: `${id} - ${method}`,
value: id,
}));
},
},
},
methods: {
// this.$auth contains connected account data
authKeys() {
console.log(Object.keys(this.$auth));
_baseRequest({
$, headers, ...args
}) {
return axios($, {
headers: {
...headers,
Authorization: `Bearer ${this.$auth.api_key}`,
},
baseURL: "https://testflight.tremendous.com/api/v2",
Comment on lines +51 to +59
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Consider making the baseURL configurable for environment flexibility

The baseURL in the _baseRequest method is hardcoded to the test environment "https://testflight.tremendous.com/api/v2". This may not be suitable for production environments. Consider making the baseURL configurable to switch between test and production environments.

You can modify the code to use a configurable baseURL:

return axios($, {
  headers: {
    ...headers,
    Authorization: `Bearer ${this.$auth.api_key}`,
  },
- baseURL: "https://testflight.tremendous.com/api/v2",
+ baseURL: this.$auth.baseURL || "https://testflight.tremendous.com/api/v2",
  ...args,
});

And update your authentication configuration to include baseURL as needed.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
_baseRequest({
$, headers, ...args
}) {
return axios($, {
headers: {
...headers,
Authorization: `Bearer ${this.$auth.api_key}`,
},
baseURL: "https://testflight.tremendous.com/api/v2",
_baseRequest({
$, headers, ...args
}) {
return axios($, {
headers: {
...headers,
Authorization: `Bearer ${this.$auth.api_key}`,
},
baseURL: this.$auth.baseURL || "https://testflight.tremendous.com/api/v2",

...args,
});
},
createOrder(args) {
return this._baseRequest({
method: "POST",
url: "/orders",
...args,
});
},
listCampaigns() {
return this._baseRequest({
method: "GET",
url: "/campaigns",
});
},
listProducts() {
return this._baseRequest({
method: "GET",
url: "/products",
});
},
listFundingSources() {
return this._baseRequest({
method: "GET",
url: "/funding_sources",
});
},
},
};
6 changes: 6 additions & 0 deletions pnpm-lock.yaml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading