Dropleather for WooCommerce

Өзгөртүүлөр

1.1.6

• Fixed (security): Disconnect now truly revokes all access immediately, as the privacy policy promises. Previously, after clicking Disconnect, Dropleather could still push products to the store. Disconnect now (1) tells Dropleather to disconnect while the connection is still authenticated, (2) deletes the WooCommerce REST API key it created at pairing so Dropleather’s stored credentials become invalid even if Dropleather is briefly unreachable, (3) removes the Dropleather order webhooks, and (4) clears all local credentials — in that order.
• Improved: admin pages redesign. The Dropleather admin screens now run full-width to match WooCommerce’s own settings pages (the old fixed-width cap is gone), and the repeated logo header has been removed from the Settings, Status, and Support tabs for a cleaner, more focused layout.
• Improved: new Connect experience. The Settings page now opens on a centered “Connect to Dropleather” hero — logo, a one-line explainer, and a single Connect button that smoothly reveals the token field when you’re ready. The full data-transparency notice is kept intact but tucked into an expandable “What data is exchanged when you connect?” section so the first screen stays uncluttered.
• Improved: every Dropleather admin tab — Dashboard, Settings, Status and Support — now shows the same centered “Connect to Dropleather” screen until your store is connected, so you can pair from whichever page you land on instead of being bounced to Settings first.
• Improved: the Status page is now a single wide table (Name / Description / Status) with clear, industry-standard wording. Each check shows a colour-coded dot and label — green Operational (with live latency for the Dropleather API), amber Degraded, red Down / Not registered, grey Not connected — and PHP extensions read OK / Missing.
• Added: sync preferences now push to Dropleather on save. When you change the Sync Settings, the choices are saved locally first and then synced to your Dropleather account; if the API is briefly unreachable the settings are still saved and reconcile on the next connection.
• Added: the dashboard order table gains From, Total and a Dropleather order Status column. “From” shows the customer’s name, “Total” shows the order value in your store’s currency, and “Status” shows where the order is in Dropleather’s lifecycle — Unpaid, Processing, Shipped, Delivered, Expired, Overdue or Returned — as a colour-coded badge. All read from local order data with no API calls; orders not yet stamped show “—” until the hourly reconcile fills them in.
• Improved: the Tracking column now shows the tracking number in a neat boxed chip with a one-click copy button (copies just the number to your clipboard, with a brief “Copied!” confirmation). The number still links straight to the carrier’s tracking page.
• Added: an Open in Dropleather action on each order row opens that order directly in the Dropleather app in a new tab. Orders that still need attention keep their Retry button alongside it.
• Added: the dashboard order table now shows a Tracking column. Once Dropleather ships an order, the carrier and tracking number appear here as a link straight to the carrier’s tracking page (e.g. DHL) — read entirely from local order data, no API calls. Orders that failed to sync keep showing their failure reason in this column instead.
• Improved: orders with no Dropleather products are no longer listed on the dashboard. The order table and its filter tabs (All / Synced / Failed) now show only orders that Dropleather actually handles, so the “All” count reflects real Dropleather orders rather than every order in the store.
• Improved: the dashboard now renders entirely from your own WooCommerce database — zero Dropleather API reads on page load. Stats tiles (Orders Today / This Week / Last 30 Days), Net Profit, and the order list with its sync-status badges all come from local order data, so the page loads instantly and works even if the Dropleather API is briefly unreachable. The order table is paginated (20 per page) and gains status filter tabs — All / Synced / Failed — each with a live count, so the orders that need attention are one click away. Net Profit is now shown in your store’s own currency. The Dropleather API is used only for actions (Retry, Sync Now) and a background reconcile.
• Added: hourly background reconcile. A low-frequency Action Scheduler job re-checks order sync status with Dropleather and heals any status that drifted (e.g. a write-back that failed because the store was momentarily offline), keeping the local-first dashboard accurate. It uses a cursor so the common “nothing changed” case is near-free, and it is unscheduled automatically on deactivation.
• Added: per-order sync status on the dashboard. The “Dropleather Product Orders” table now shows each WooCommerce order’s real sync state with a colour-coded badge — green “Synced”, amber “Pending”, red “Failed” — plus the failure reason inline (truncated, full text on hover) and a one-click Retry button for orders that haven’t synced. The order number links straight to the WooCommerce order edit screen (HPOS-aware). Retry optimistically flips the row to “Pending…” and the dashboard confirms the real outcome on the next refresh.
• Fixed: webhook auto-repair. WooCommerce automatically disables a webhook after more than 5 consecutive delivery failures, so a prolonged API outage could silently leave the Dropleather order webhooks stuck in a “disabled” state — no further orders were delivered even after the connection recovered. The dashboard now re-activates any disabled/paused Dropleather webhook on load (cheap and idempotent) and logs each re-activation.
• Fixed: products pushed via the WooCommerce REST API with Cloudflare Images delivery URLs (e.g. https://imagedelivery.net/<hash>/<id>/zoom) no longer fail with woocommerce_product_image_upload_error. These URLs carry no file extension, so WooCommerce derived the filename “zoom” and the sideload filetype check rejected it. The plugin now repairs extension-less image sideloads by sniffing the downloaded file’s real MIME type (finfo/mime_content_type) and appending the correct extension before WordPress validates it. Legacy .jpg/.png URLs and any non-image sideloads are left untouched.
• Fixed: false-positive auto-disconnect when the Dropleather API returns 5xx/timeout/network errors. The plugin now only wipes local credentials on a definitive 401 “token revoked” signal — transient API outages render a yellow “couldn’t reach Dropleather, will retry” notice instead. Resolves the “dashboard shows Connected, plugin shows Not connected” stuck state.
• Fixed: heartbeats (and other authenticated calls) could deadlock once the 24h access token expired. The API’s origin middleware answered token-expired POSTs with 403 MISSING_ORIGIN instead of 401, but the plugin only refreshed the access token on a 401 — so the connection silently died until an unrelated settings-page request happened to refresh it. The plugin now refreshes-and-retries on 403 as well as 401, and sends its own Origin header (the store URL) on every request so server-to-server calls are no longer rejected for a missing origin.
• Improved: persistent heartbeat failures are now surfaced. After 5 consecutive failed ticks the plugin logs a single error-level entry on the Support page (one per outage streak, reset on recovery) instead of staying at debug forever. A heartbeat is also skipped — with a one-time error — when no access or refresh token is stored, since there is nothing to authenticate with.

1.1.5

• Improved: heartbeat now runs via Action Scheduler instead of wp_schedule_event so the connection-status badge stays accurate on quiet/dev/staging stores where WP-cron silently skips fires (Action Scheduler runs via its own background processor, independent of visitor traffic). Same library used by Stripe, Klaviyo, MailPoet etc.
• Added: lifecycle webhook on plugin deactivation/uninstall — Dropleather now learns within seconds when a seller deactivates or deletes the plugin, instead of waiting on the 2-hour heartbeat-stale threshold. Fixes the “I uninstalled and the dashboard still says Connected” UX gap

1.1.4

• Added: 5-minute liveness heartbeat (wp_schedule_event) so the Dropleather dashboard’s /integration page can show a real 3-state health badge (active / idle / stale) instead of a stale “Connected” pill that lies after the plugin is deactivated or the WP server goes offline. One ping fires synchronously on activation and after a successful pair so the seller is shown active immediately
• Added: dashboard orders table now refreshes via WordPress Heartbeat API delta tick — new WooCommerce orders appear within ~15 s without reloading the WP-admin tab. Steady-state cost on the api side is one indexed since lookup per tick when nothing changed
• Fixed: stable-tag mismatch in the WP.org submission (Stable tag now matches the plugin header Version)

1.1.3

• Internal: bumped to ship the orders auto-refresh code path

1.1.2

• Added: WP 6.5+ Requires Plugins: woocommerce header for native WooCommerce dependency check
• Fixed: setup wizard redirect now fires only once on activation (one-shot transient) instead of on every admin page load — addresses WordPress.org Guideline 11
• Fixed: Plugin URI now points to a live page (/integrations/woocommerce)

1.1.1

• Fix: webhook registration now purges every webhook pointing at the Dropleather delivery URL before creating new ones — prevents accumulation across reconnects, plugin delete/reinstall, or manual DB edits

1.1.0

• WordPress.org submission prep: removed the bundled GitHub update checker (plugins on WP.org are updated through WP.org’s own update channel)
• Migrated every log-table query to the native %i identifier placeholder introduced in WordPress 6.2
• Bumped minimum WordPress requirement to 6.2 and tested-up-to to 6.9
• Removed redundant load_plugin_textdomain() — translations are auto-loaded for WP.org-hosted plugins since WP 4.6
• Slug renamed to dropleather-for-woocommerce (WordPress trademark policy requires the “for woocommerce” pattern)

1.0.4

• Verification release for the GitHub-based auto-update channel

1.0.3

• Hardened PHPCS compliance — escaped version-requirement notices, prefixed global variables in uninstaller + dashboard template, renamed $order loop variable to avoid colliding with WooCommerce’s global
• Resolved PHPCS errors reported by the WordPress-Extra + WordPress.Security rulesets so CI runs clean
• Whitelisted WooCommerce’s manage_woocommerce capability in phpcs.xml.dist
• No runtime-visible changes — purely code-quality + CI hygiene

1.0.2

• Hardened logger DB queries (centralised table-name validation, back-ticked identifiers, DELETE in place of TRUNCATE for broader hosting compatibility)
• Added pre-connect privacy disclosure aligned with the full Dropleather Privacy Policy — lists every data field exchanged, two-way (store → Dropleather and Dropleather → store), retention periods (48h / 7y / 30d), sub-processors, and GDPR Article 17 handling
• Registered a suggested privacy-policy snippet via WP’s Privacy Policy Guide (Settings → Privacy → Policy Guide)

1.0.1

• Health check auto-disconnect when token is revoked on the Dropleather dashboard
• Added GitHub-based auto-update mechanism (plugin-update-checker)

1.0.0

• Initial release
• Store connection via API key pair
• Order sync via WooCommerce webhooks
• Product push from Dropleather catalog
• Fulfillment status sync with tracking numbers
• Dashboard with stats and orders table
• Status page with health checks
• Support page with error logs