Refactor: Update QBO connection handling to use QboConnectionService for consistency across services and controllers

app/services/billing_Validator.rb

@@ -0,0 +1,21 @@
+#The MIT License (MIT)
+#
+#Copyright (c) 2016 - 2026 rick barrette
+#
+#Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+#
+#The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+#
+#THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+
+class BillingValidator
+
+  # Validates that the given issue is eligible for billing by checking for the presence of the issue, its associated customer, assigned employee, and an active QBO connection. Raises descriptive errors if any of these conditions are not met.
+  def self.validate!(issue)
+    raise "Issue not found" unless issue
+    raise I18n.t(:label_billing_error_no_customer) unless issue.customer
+    raise I18n.t(:label_billing_error_no_employee) unless issue.assigned_to&.employee_id.present?
+    raise I18n.t(:label_billing_error_no_qbo) unless Qbo.exists?
+  end
+end

app/services/invoice_push_service.rb

@@ -22,7 +22,7 @@ class InvoicePushService
 
     @invoice.update_column(:qbo_sync_locked, true)
 
-    qbo = Qbo.first
+    qbo = QboConnectionService.current!
 
     qbo.perform_authenticated_request do |access_token|
       service = Quickbooks::Service::Invoice.new( company_id: qbo.realm_id, access_token: access_token)

app/services/pdf_service_base.rb

@@ -28,7 +28,7 @@ class PdfServiceBase
     @qbo.perform_authenticated_request do |access_token|
       service_class = "Quickbooks::Service::#{@entity.name}".constantize
       service = service_class.new(company_id: @qbo.realm_id, access_token: access_token)
-
+      
       return single_pdf(service, doc_ids.first) if doc_ids.size == 1
 
       combined_pdf(service, doc_ids)

app/services/qbo_connection_service.rb

@@ -0,0 +1,32 @@
+#The MIT License (MIT)
+#
+#Copyright (c) 2016 - 2026 rick barrette
+#
+#Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+#
+#The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+#
+#THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+class QboConnectionService
+
+  # Replaces the existing QBO connection with new credentials. Deletes all existing records and creates a new one with the provided token, refresh token, and realm ID. Refreshes the token immediately after creation.
+  def self.replace!(token:, refresh_token:, realm_id:)
+    Qbo.transaction do
+      Qbo.destroy_all
+      qbo = Qbo.create!(
+        oauth2_access_token: token,
+        oauth2_refresh_token: refresh_token,
+        realm_id: realm_id
+      )
+      qbo.refresh_token!
+      qbo
+    end
+  end
+
+  # Returns the current QBO connection record. Raises an error if no connection exists.
+  def self.current!
+    Qbo.first || raise("QBO not connected")
+  end
+
+end

app/services/qbo_oauth_service.rb

@@ -0,0 +1,33 @@
+#The MIT License (MIT)
+#
+#Copyright (c) 2016 - 2026 rick barrette
+#
+#Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+#
+#The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+#
+#THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+class QboOauthService
+
+  # Generates the QuickBooks OAuth authorization URL with the specified callback URL. The URL includes necessary parameters such as response type, state, and scope.
+  def self.authorization_url(callback_url:)
+    client.auth_code.authorize_url(
+      redirect_uri: callback_url,
+      response_type: "code",
+      state: SecureRandom.hex(12),
+      scope: "com.intuit.quickbooks.accounting"
+    )
+  end
+
+  # Exchanges the authorization code for access and refresh tokens. Creates or replaces the QBO connection record with the new credentials and refreshes the token immediately after creation.
+  def self.exchange!(code:, callback_url:, realm_id:)
+    resp = client.auth_code.get_token(code, redirect_uri: callback_url)
+    QboConnectionService.replace!( token: resp.token, refresh_token: resp.refresh_token, realm_id: realm_id )
+  end
+
+  # Constructs and returns an OAuth2 client instance configured with the application's credentials and settings.
+  def self.client
+    Qbo.construct_oauth2_client
+  end
+end

app/services/qbo_webhook_verifier_service.rb

@@ -0,0 +1,24 @@
+#The MIT License (MIT)
+#
+#Copyright (c) 2016 - 2026 rick barrette
+#
+#Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+#
+#The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+#
+#THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+class QboWebhookVerifierService
+
+  # Validates the QuickBooks webhook request by computing the HMAC signature and comparing it to the provided signature.
+  def self.valid?(body:, signature:, secret:)
+    return false if signature.blank? || secret.blank?
+
+    digest = OpenSSL::Digest.new('sha256')
+    computed = Base64.strict_encode64(
+      OpenSSL::HMAC.digest(digest, secret, body)
+    )
+
+    ActiveSupport::SecurityUtils.secure_compare(computed, signature)
+  end
+end

app/services/sync_service_base.rb

@@ -29,7 +29,7 @@ class SyncServiceBase
     @qbo.perform_authenticated_request do |access_token|
       service_class = "Quickbooks::Service::#{@entity.name}".constantize
       service = service_class.new(company_id: @qbo.realm_id, access_token: access_token)
-
+      
       page = 1
       loop do
         collection = fetch_page(service, page, full_sync)