rename project from SimpleshopTheme to Berrypod

All modules, configs, paths, and references updated.
836 tests pass, zero warnings.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

lib/berrypod_web/plugs/cache_raw_body.ex

@@ -0,0 +1,22 @@
+defmodule BerrypodWeb.Plugs.CacheRawBody do
+  @moduledoc """
+  Custom body reader that caches the raw request body for webhook signature verification.
+  Used with Plug.Parsers :body_reader option.
+  """
+
+  def read_body(conn, opts) do
+    case Plug.Conn.read_body(conn, opts) do
+      {:ok, body, conn} ->
+        conn = Plug.Conn.assign(conn, :raw_body, body)
+        {:ok, body, conn}
+
+      {:more, body, conn} ->
+        existing = conn.assigns[:raw_body] || ""
+        conn = Plug.Conn.assign(conn, :raw_body, existing <> body)
+        {:more, body, conn}
+
+      {:error, reason} ->
+        {:error, reason}
+    end
+  end
+end

lib/berrypod_web/plugs/country_detect.ex

@@ -0,0 +1,55 @@
+defmodule BerrypodWeb.Plugs.CountryDetect do
+  @moduledoc """
+  Plug that detects the visitor's country from cookies or Accept-Language.
+
+  Priority:
+  1. `shipping_country` cookie (set when user explicitly changes country)
+  2. Accept-Language header (locale tags like `en-GB` → `GB`)
+  3. Falls back to `"GB"`
+
+  The result is stored in the session as `country_code` so LiveViews can
+  read it. Only runs once per session — skips if `country_code` is already
+  set (unless the cookie has changed).
+  """
+
+  import Plug.Conn
+
+  @default_country "GB"
+  @cookie_name "shipping_country"
+
+  def init(opts), do: opts
+
+  def call(conn, _opts) do
+    cookie_country = conn.cookies[@cookie_name]
+    session_country = get_session(conn, "country_code")
+
+    cond do
+      # Cookie takes priority — user explicitly chose this country
+      cookie_country not in [nil, ""] and cookie_country != session_country ->
+        put_session(conn, "country_code", cookie_country)
+
+      # Session already set and no cookie override
+      session_country != nil ->
+        conn
+
+      # First visit: detect from Accept-Language
+      true ->
+        country = detect_from_header(conn)
+        put_session(conn, "country_code", country)
+    end
+  end
+
+  defp detect_from_header(conn) do
+    conn
+    |> get_req_header("accept-language")
+    |> List.first("")
+    |> parse_country()
+  end
+
+  defp parse_country(header) do
+    case Regex.run(~r/[a-z]{2}-([A-Z]{2})/, header) do
+      [_, country] -> country
+      nil -> @default_country
+    end
+  end
+end

lib/berrypod_web/plugs/load_theme.ex

@@ -0,0 +1,39 @@
+defmodule BerrypodWeb.Plugs.LoadTheme do
+  @moduledoc """
+  Plug that loads theme settings and generated CSS for public shop pages.
+
+  This plug:
+  1. Checks the ETS cache for pre-generated CSS
+  2. Falls back to generating CSS from theme settings on cache miss
+  3. Assigns both `theme_settings` and `generated_css` to the connection
+
+  The generated CSS contains only the active theme values (not all variants),
+  making it much smaller than the full theme-layer2-attributes.css file used
+  by the theme editor for live preview switching.
+  """
+
+  import Plug.Conn
+
+  alias Berrypod.Settings
+  alias Berrypod.Theme.{CSSGenerator, CSSCache}
+
+  def init(opts), do: opts
+
+  def call(conn, _opts) do
+    {theme_settings, generated_css} =
+      case CSSCache.get() do
+        {:ok, css} ->
+          {Settings.get_theme_settings(), css}
+
+        :miss ->
+          settings = Settings.get_theme_settings()
+          css = CSSGenerator.generate(settings)
+          CSSCache.put(css)
+          {settings, css}
+      end
+
+    conn
+    |> assign(:theme_settings, theme_settings)
+    |> assign(:generated_css, generated_css)
+  end
+end

lib/berrypod_web/plugs/verify_printful_webhook.ex

@@ -0,0 +1,67 @@
+defmodule BerrypodWeb.Plugs.VerifyPrintfulWebhook do
+  @moduledoc """
+  Verifies Printful webhook requests using a shared secret token.
+
+  Checks the `webhook_secret` stored in the Printful provider connection
+  config against the `X-PF-Webhook-Token` header (or `token` query param
+  as fallback). Can be upgraded to HMAC signature verification once the
+  exact Printful signing format is confirmed.
+
+  Expects raw body cached in conn.assigns[:raw_body] (via CacheRawBody).
+  """
+
+  import Plug.Conn
+  require Logger
+
+  alias Berrypod.Products
+
+  def init(opts), do: opts
+
+  def call(conn, _opts) do
+    with {:ok, token} <- get_token(conn),
+         {:ok, secret} <- get_webhook_secret(),
+         :ok <- verify_token(token, secret) do
+      conn
+    else
+      {:error, reason} ->
+        Logger.warning("Printful webhook verification failed: #{reason}")
+
+        conn
+        |> put_resp_content_type("application/json")
+        |> send_resp(401, Jason.encode!(%{error: "Invalid token"}))
+        |> halt()
+    end
+  end
+
+  defp get_token(conn) do
+    # Check header first, then query param
+    case get_req_header(conn, "x-pf-webhook-token") do
+      [token] when token != "" ->
+        {:ok, token}
+
+      _ ->
+        case conn.query_params["token"] || conn.params["token"] do
+          token when is_binary(token) and token != "" -> {:ok, token}
+          _ -> {:error, :missing_token}
+        end
+    end
+  end
+
+  defp get_webhook_secret do
+    case Products.get_provider_connection_by_type("printful") do
+      %{config: %{"webhook_secret" => secret}} when is_binary(secret) and secret != "" ->
+        {:ok, secret}
+
+      _ ->
+        {:error, :no_webhook_secret}
+    end
+  end
+
+  defp verify_token(token, secret) do
+    if Plug.Crypto.secure_compare(token, secret) do
+      :ok
+    else
+      {:error, :token_mismatch}
+    end
+  end
+end

lib/berrypod_web/plugs/verify_printify_webhook.ex

@@ -0,0 +1,63 @@
+defmodule BerrypodWeb.Plugs.VerifyPrintifyWebhook do
+  @moduledoc """
+  Verifies Printify webhook signatures using HMAC-SHA256.
+
+  Expects:
+  - Raw body cached in conn.assigns[:raw_body]
+  - X-Pfy-Signature header in format "sha256={hex_digest}"
+  - Webhook secret stored in provider connection config
+  """
+
+  import Plug.Conn
+  require Logger
+
+  alias Berrypod.Products
+
+  def init(opts), do: opts
+
+  def call(conn, _opts) do
+    with {:ok, signature} <- get_signature(conn),
+         {:ok, secret} <- get_webhook_secret(),
+         :ok <- verify_signature(conn.assigns[:raw_body], secret, signature) do
+      conn
+    else
+      {:error, reason} ->
+        Logger.warning("Printify webhook verification failed: #{reason}")
+
+        conn
+        |> put_resp_content_type("application/json")
+        |> send_resp(401, Jason.encode!(%{error: "Invalid signature"}))
+        |> halt()
+    end
+  end
+
+  defp get_signature(conn) do
+    case get_req_header(conn, "x-pfy-signature") do
+      ["sha256=" <> hex_digest] -> {:ok, hex_digest}
+      [_other] -> {:error, :invalid_signature_format}
+      [] -> {:error, :missing_signature}
+    end
+  end
+
+  defp get_webhook_secret do
+    case Products.get_provider_connection_by_type("printify") do
+      %{config: %{"webhook_secret" => secret}} when is_binary(secret) and secret != "" ->
+        {:ok, secret}
+
+      _ ->
+        {:error, :no_webhook_secret}
+    end
+  end
+
+  defp verify_signature(body, secret, expected_hex) do
+    computed =
+      :crypto.mac(:hmac, :sha256, secret, body || "")
+      |> Base.encode16(case: :lower)
+
+    if Plug.Crypto.secure_compare(computed, String.downcase(expected_hex)) do
+      :ok
+    else
+      {:error, :signature_mismatch}
+    end
+  end
+end