@akinon/next 1.120.0 → 1.121.0-rc.0

package/CHANGELOG.md

@@ -1,5 +1,32 @@
 # @akinon/next
 
+## 1.121.0-rc.0
+
+### Minor Changes
+
+- 8218dafa: ZERO-4160: Refactor oauth-login middleware to use fetch for login and callback responses
+- d2c0e759: ZERO-3684: Handle cross-origin iframe access in iframeURLChange function
+- b55acb76: ZERO-2577: Fix pagination bug and update usePagination hook and ensure pagination controls rendering correctly
+- 8a7fd0f4: ZERO-4065: Add '[segment]' to skipSegments in route generation
+- 760258c1: ZERO-4160: Enhance oauth-login middleware to handle fetch errors and improve response handling
+- 36143125: ZERO-3987: Add barcode scanner functionality with modal and button
+- f7e0f646: ZERO-4032: Add bfcache-headers middleware, integrate it into the default chain, and introduce a new environment variable for control.
+- 94a86fcc: ZERO-4065: Expand skipSegments array to include additional segments for route generation
+- 143be2b9: ZERO-3457: Crop styles are customizable and logic improved for rendering similar products modal
+- bcaad120: ZERO-4158: Add logging for OAuth login and callback redirects
+- cd68a97a: ZERO-4126: Enhance error handling in appFetch and related data handlers to throw notFound on 404 and 422 errors
+- 9f8cd3bc: ZERO-3449: AI Search Active Filters & Crop Style changes have been implemented
+- bfafa3f4: ZERO-4160: Refactor oauth-login middleware to use fetchCommerce for API calls and improve cookie handling
+- 49c82e1a: ZERO-4047: Remove Sentry configuration from default Next.js config
+- d99a6a7d: ZERO-3457_1: Fixed the settings prop and made sure everything is customizable.
+- d7e5178b: ZERO-3985: Add query string handling for orders redirection in middleware
+- 591e345e: ZERO-3855: Enhance credit card payment handling in checkout middlewares
+- 4de5303c: ZERO-2504: add cookie filter to api client request
+- b59fdd1c: ZERO-4009: Add password reset token validation
+- 95b139dc: ZERO-3795: Remove duplicate entry for SavedCard in PluginComponents map
+- 3909d322: Edit the duplicate Plugin.SimilarProducts in the plugin-module.
+- e18836b2: ZERO-4160: Restore scope in Sentry addon configuration in akinon.json
+
 ## 1.120.0
 
 ### Minor Changes

package/api/barcode-search.ts

@@ -0,0 +1,59 @@
+import { NextRequest, NextResponse } from 'next/server';
+import Settings from 'settings';
+
+export async function GET(request: NextRequest) {
+  try {
+    const { searchParams } = new URL(request.url);
+    const barcode = searchParams.get('search_text');
+
+    if (!barcode) {
+      return NextResponse.json(
+        { error: 'Missing search_text parameter (barcode)' },
+        { status: 400 }
+      );
+    }
+
+    if (Settings.commerceUrl === 'default') {
+      return NextResponse.json(
+        { error: 'Commerce URL is not configured' },
+        { status: 500 }
+      );
+    }
+
+    const queryParams = new URLSearchParams();
+    queryParams.append('search_text', barcode);
+
+    searchParams.forEach((value, key) => {
+      if (key !== 'search_text') {
+        queryParams.append(key, value);
+      }
+    });
+
+    const apiUrl = `${Settings.commerceUrl}/list/?${queryParams.toString()}`;
+
+    const headers: Record<string, string> = {
+      Accept: 'application/json',
+      'Content-Type': 'application/json'
+    };
+
+    const response = await fetch(apiUrl, {
+      method: 'GET',
+      headers
+    });
+
+    if (!response.ok) {
+      return NextResponse.json(
+        { error: `API request failed with status: ${response.status}` },
+        { status: response.status }
+      );
+    }
+
+    const data = await response.json();
+    return NextResponse.json(data);
+  } catch (error) {
+    return NextResponse.json(
+      { error: (error as Error).message },
+      { status: 500 }
+    );
+  }
+}

package/bin/pz-generate-routes.js

@@ -25,7 +25,16 @@ const generateRoutes = () => {
   const routes = [];
   const excludedDirs = ['api', 'pz-not-found'];
 
-  const skipSegments = ['[commerce]', '[locale]', '[currency]'];
+  const skipSegments = [
+    '[commerce]',
+    '[locale]',
+    '[currency]',
+    '[session]',
+    '[segment]',
+    '[url]',
+    '[theme]',
+    '[member_type]'
+  ];
   const skipCatchAllRoutes = ['[...prettyurl]', '[...not_found]'];
 
   const walkDirectory = (dir, basePath = '') => {

package/components/plugin-module.tsx

@@ -55,6 +55,7 @@ export enum Component {
   SavedCard = 'SavedCardOption',
   VirtualTryOnPlugin = 'VirtualTryOnPlugin',
   BasketVirtualTryOn = 'BasketVirtualTryOn',
+  BarcodeScannerPlugin = 'BarcodeScannerPlugin',
   IyzicoSavedCard = 'IyzicoSavedCardOption',
   Hepsipay = 'Hepsipay',
   FlowPayment = 'FlowPayment',
@@ -113,11 +114,10 @@ const PluginComponents = new Map([
     ]
   ],
   [Plugin.SavedCard, [Component.SavedCard, Component.IyzicoSavedCard]],
-  [Plugin.SavedCard, [Component.SavedCard]],
   [Plugin.FlowPayment, [Component.FlowPayment]],
   [
     Plugin.VirtualTryOn,
-    [Component.VirtualTryOnPlugin, Component.BasketVirtualTryOn]
+    [Component.VirtualTryOnPlugin, Component.BasketVirtualTryOn, Component.BarcodeScannerPlugin]
   ],
   [Plugin.Hepsipay, [Component.Hepsipay]],
   [Plugin.MasterpassRest, [Component.MasterpassRest]],

package/data/client/account.ts

@@ -77,6 +77,10 @@ interface LoyaltyTransactions {
   }[];
 }
 
+interface PasswordResetValidateResponse {
+  validlink: boolean;
+}
+
 const accountApi = api.injectEndpoints({
   endpoints: (builder) => ({
     updatePassword: builder.mutation<void, AccountChangePasswordFormType>({
@@ -221,6 +225,12 @@ const accountApi = api.injectEndpoints({
     }),
     getLoyaltyTransactions: builder.query<LoyaltyTransactions, void>({
       query: () => buildClientRequestUrl(account.loyaltyTransactions)
+    }),
+    getValidatePasswordResetToken: builder.query<
+      PasswordResetValidateResponse,
+      string
+    >({
+      query: (slug) => buildClientRequestUrl(account.passwordReset(slug))
     })
   }),
   overrideExisting: true
@@ -247,5 +257,6 @@ export const {
   usePasswordResetMutation,
   useAnonymizeMutation,
   useGetLoyaltyBalanceQuery,
-  useGetLoyaltyTransactionsQuery
+  useGetLoyaltyTransactionsQuery,
+  useGetValidatePasswordResetTokenQuery
 } = accountApi;

package/data/urls.ts

@@ -183,7 +183,11 @@ export const product = {
   breadcrumbUrl: (menuitemmodel: string) =>
     `/menus/generate_breadcrumb/?item=${menuitemmodel}&generator_name=menu_item`,
   bundleProduct: (productPk: string, queryString: string) =>
-    `/bundle-product/${productPk}/?${queryString}`
+    `/bundle-product/${productPk}/?${queryString}`,
+  similarProducts: (params?: string) =>
+    `/similar-products${params ? `?${params}` : ''}`,
+  similarProductsList: (params?: string) =>
+    `/similar-product-list${params ? `?${params}` : ''}`
 };
 
 export const wishlist = {

package/middlewares/bfcache-headers.ts

@@ -0,0 +1,18 @@
+import { NextMiddleware } from 'next/server';
+
+const withBfcacheHeaders = (middleware: NextMiddleware): NextMiddleware => {
+  return async (req, event) => {
+    const response = await middleware(req, event);
+
+    if (process.env.BF_CACHE === 'true' && response) {
+      response.headers.set(
+        'Cache-Control',
+        'private, no-cache, max-age=0, must-revalidate'
+      );
+    }
+
+    return response;
+  };
+};
+
+export default withBfcacheHeaders;

package/middlewares/default.ts

@@ -14,7 +14,8 @@ import {
   withUrlRedirection,
   withCompleteWallet,
   withWalletCompleteRedirection,
-  withMasterpassRestCallback
+  withMasterpassRestCallback,
+  withBfcacheHeaders
 } from '.';
 import { urlLocaleMatcherRegex } from '../utils';
 import withCurrency from './currency';
@@ -131,8 +132,13 @@ const withPzDefault =
     }
 
     if (req.nextUrl.pathname.startsWith('/orders/redirection/')) {
+      const queryString = searchParams.toString();
       return NextResponse.rewrite(
-        new URL(`${encodeURI(Settings.commerceUrl)}/orders/redirection/`)
+        new URL(
+          `${encodeURI(Settings.commerceUrl)}/orders/redirection/${
+            queryString ? `?${queryString}` : ''
+          }`
+        )
       );
     }
 
@@ -250,10 +256,11 @@ const withPzDefault =
                           withCompleteWallet(
                             withWalletCompleteRedirection(
                               withMasterpassRestCallback(
-                                async (
-                                  req: PzNextRequest,
-                                  event: NextFetchEvent
-                                ) => {
+                                withBfcacheHeaders(
+                                  async (
+                                    req: PzNextRequest,
+                                    event: NextFetchEvent
+                                  ) => {
                                   let middlewareResult: NextResponse | void =
                                     NextResponse.next();
 
@@ -493,7 +500,7 @@ const withPzDefault =
                                   }
 
                                   return middlewareResult;
-                                }
+                                })
                               )
                             )
                           )

package/middlewares/index.ts

@@ -12,6 +12,7 @@ import withSavedCardRedirection from './saved-card-redirection';
 import withCompleteWallet from './complete-wallet';
 import withWalletCompleteRedirection from './wallet-complete-redirection';
 import withMasterpassRestCallback from './masterpass-rest-callback';
+import withBfcacheHeaders from './bfcache-headers';
 import { NextRequest } from 'next/server';
 
 export {
@@ -28,7 +29,8 @@ export {
   withSavedCardRedirection,
   withCompleteWallet,
   withWalletCompleteRedirection,
-  withMasterpassRestCallback
+  withMasterpassRestCallback,
+  withBfcacheHeaders
 };
 
 export interface PzNextRequest extends NextRequest {

package/middlewares/oauth-login.ts

@@ -6,55 +6,114 @@ import {
 } from 'next/server';
 import Settings from 'settings';
 import { getUrlPathWithLocale } from '../utils/localization';
+import logger from '../utils/log';
 
-const withOauthLogin =
-  (middleware: NextMiddleware) =>
-  async (req: NextRequest, event: NextFetchEvent) => {
-    const url = req.nextUrl.clone();
-    const loginUrlMatcherRegex = new RegExp(/^\/(\w+)\/login\/?$/);
-    const loginCallbackUrlMatcherRegex = new RegExp(
-      /^\/(\w+)\/login\/callback\/?$/
-    );
-    const ip = req.headers.get('x-forwarded-for') ?? '';
-
-    const headers = {
+const LOGIN_URL_REGEX = /^\/(\w+)\/login\/?$/;
+const CALLBACK_URL_REGEX = /^\/(\w+)\/login\/callback\/?$/;
+
+function fetchCommerce(url: string, req: NextRequest): Promise<Response> {
+  return fetch(url, {
+    headers: {
       'x-forwarded-host':
         req.headers.get('x-forwarded-host') || req.headers.get('host') || '',
+      'x-forwarded-for': req.headers.get('x-forwarded-for') ?? '',
+      'x-forwarded-proto': req.headers.get('x-forwarded-proto') || 'https',
       'x-currency': req.cookies.get('pz-currency')?.value ?? '',
-      'x-forwarded-for': ip
-    };
-
-    if (loginUrlMatcherRegex.test(url.pathname)) {
-      const provider = url.pathname.match(loginUrlMatcherRegex)[1];
-      const response = NextResponse.rewrite(
-        `${Settings.commerceUrl}/${provider}/login/`,
-        {
-          headers
-        }
-      );
-
-      if (req.headers.get('referer')) {
-        response.cookies.set(
-          'pz-oauth-callback-url',
-          req.headers.get('referer')
+      cookie: req.headers.get('cookie') ?? ''
+    },
+    redirect: 'manual'
+  });
+}
+
+function forwardCookies(from: Response, to: NextResponse): void {
+  from.headers.getSetCookie().forEach((cookie) => {
+    to.headers.append('set-cookie', cookie);
+  });
+}
+
+function commerceRedirect(
+  commerceResponse: Response,
+  location: string,
+  origin: string
+): NextResponse {
+  const redirectUrl = new URL(location, origin);
+  const response = NextResponse.redirect(redirectUrl);
+  forwardCookies(commerceResponse, response);
+  return response;
+}
+
+function commercePassthrough(commerceResponse: Response): NextResponse {
+  return new NextResponse(commerceResponse.body, {
+    status: commerceResponse.status,
+    headers: commerceResponse.headers
+  });
+}
+
+const withOauthLogin =
+  (middleware: NextMiddleware) =>
+  async (req: NextRequest, event: NextFetchEvent) => {
+    const { pathname, search } = req.nextUrl;
+
+    logger.info('OAuth login redirect', {
+      host: req.headers.get('host'),
+      'x-forwarded-host': req.headers.get('x-forwarded-host'),
+      'x-forwarded-for': req.headers.get('x-forwarded-for')
+    });
+
+    const loginMatch = LOGIN_URL_REGEX.exec(pathname);
+    if (loginMatch) {
+      try {
+        const provider = loginMatch[1];
+        const commerceResponse = await fetchCommerce(
+          `${Settings.commerceUrl}/${provider}/login/`,
+          req
         );
-      }
 
-      return response;
+        const location = commerceResponse.headers.get('location');
+        if (!location) return commercePassthrough(commerceResponse);
+
+        const response = commerceRedirect(
+          commerceResponse,
+          location,
+          req.nextUrl.origin
+        );
+
+        response.headers.append(
+          'set-cookie',
+          `pz-oauth-callback-url=${encodeURIComponent(req.headers.get('referer') || '')}; Path=/`
+        );
+
+        return response;
+      } catch (error) {
+        console.error('OAuth login fetch failed:', error);
+        return middleware(req, event);
+      }
     }
 
-    if (loginCallbackUrlMatcherRegex.test(url.pathname)) {
-      const provider = url.pathname.match(loginCallbackUrlMatcherRegex)[1];
+    const callbackMatch = CALLBACK_URL_REGEX.exec(pathname);
+    if (callbackMatch) {
+      try {
+        const provider = callbackMatch[1];
+        const commerceResponse = await fetchCommerce(
+          `${Settings.commerceUrl}/${provider}/login/callback/${search}`,
+          req
+        );
+
+        const location = commerceResponse.headers.get('location');
+        if (!location) return commercePassthrough(commerceResponse);
 
-      return NextResponse.rewrite(
-        `${Settings.commerceUrl}/${provider}/login/callback/${url.search}`,
-        {
-          headers
-        }
-      );
+        return commerceRedirect(
+          commerceResponse,
+          location,
+          req.nextUrl.origin
+        );
+      } catch (error) {
+        console.error('OAuth callback fetch failed:', error);
+        return middleware(req, event);
+      }
     }
 
-    if (!url.pathname.startsWith('/baskets/basket')) {
+    if (!pathname.startsWith('/baskets/basket')) {
       return middleware(req, event);
     }
 
@@ -64,11 +123,12 @@ const withOauthLogin =
       req.cookies.get('messages')?.value.includes('Successfully signed in') ||
       (currentSessionId && req.cookies.get('messages'))
     ) {
-      let redirectUrlWithLocale = `${url.origin}${getUrlPathWithLocale(
+      let redirectUrlWithLocale = `${req.nextUrl.origin}${getUrlPathWithLocale(
         '/auth/oauth-login',
         req.cookies.get('pz-locale')?.value
       )}`;
-      let callbackUrl = req.cookies.get('pz-oauth-callback-url')?.value ?? '';
+      const callbackUrl =
+        req.cookies.get('pz-oauth-callback-url')?.value ?? '';
 
       if (callbackUrl.length) {
         redirectUrlWithLocale += `?next=${encodeURIComponent(callbackUrl)}`;

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@akinon/next",
   "description": "Core package for Project Zero Next",
-  "version": "1.120.0",
+  "version": "1.121.0-rc.0",
   "private": false,
   "license": "MIT",
   "bin": {
@@ -35,7 +35,7 @@
     "set-cookie-parser": "2.6.0"
   },
   "devDependencies": {
-    "@akinon/eslint-plugin-projectzero": "1.120.0",
+    "@akinon/eslint-plugin-projectzero": "1.121.0-rc.0",
     "@babel/core": "7.26.10",
     "@babel/preset-env": "7.26.9",
     "@babel/preset-typescript": "7.27.0",

package/plugins.d.ts

@@ -37,6 +37,16 @@ declare module '@akinon/pz-cybersource-uc/src/redux/middleware' {
   export default middleware as any;
 }
 
+declare module '@akinon/pz-apple-pay' {}
+
+declare module '@akinon/pz-similar-products' {
+  export const SimilarProductsModal: any;
+  export const SimilarProductsFilterSidebar: any;
+  export const SimilarProductsResultsGrid: any;
+  export const SimilarProductsPlugin: any;
+  export const SimilarProductsButtonPlugin: any;
+}
+
 declare module '@akinon/pz-cybersource-uc/src/redux/reducer' {
   export default reducer as any;
 }

package/plugins.js

@@ -16,6 +16,7 @@ module.exports = [
   'pz-tabby-extension',
   'pz-apple-pay',
   'pz-tamara-extension',
+  'pz-similar-products',
   'pz-cybersource-uc',
   'pz-hepsipay',
   'pz-flow-payment',

package/redux/middlewares/checkout.ts

@@ -204,15 +204,25 @@ export const contextListMiddleware: Middleware = ({
             (ctx) => ctx.page_name === 'DeliveryOptionSelectionPage'
           )
         ) {
+          const isCreditCardPayment =
+            preOrder?.payment_option?.payment_type === 'credit_card' ||
+            preOrder?.payment_option?.payment_type === 'masterpass';
+
           if (context.page_context.card_type) {
             dispatch(setCardType(context.page_context.card_type));
+          } else if (isCreditCardPayment) {
+            dispatch(setCardType(null));
           }
 
           if (
             context.page_context.installments &&
             preOrder?.payment_option?.payment_type !== 'masterpass_rest'
           ) {
-            dispatch(setInstallmentOptions(context.page_context.installments));
+            if (!isCreditCardPayment || context.page_context.card_type) {
+              dispatch(
+                setInstallmentOptions(context.page_context.installments)
+              );
+            }
           }
         }
 

package/redux/middlewares/pre-order/installment-option.ts

@@ -14,9 +14,17 @@ export const installmentOptionMiddleware: Middleware = ({
       return result;
     }
 
-    const { installmentOptions } = getState().checkout;
+    const { installmentOptions, cardType } = getState().checkout;
     const { endpoints: apiEndpoints } = checkoutApi;
 
+    const isCreditCardPayment =
+      preOrder?.payment_option?.payment_type === 'credit_card' ||
+      preOrder?.payment_option?.payment_type === 'masterpass';
+
+    if (isCreditCardPayment && !cardType) {
+      return result;
+    }
+
     if (
       !preOrder?.installment &&
       preOrder?.payment_option?.payment_type !== 'saved_card' &&

package/types/index.ts

@@ -83,6 +83,12 @@ export interface Settings {
   };
   usePrettyUrlRoute?: boolean;
   commerceUrl: string;
+  /**
+   * This option allows you to track Sentry events on the client side, in addition to server and edge environments.
+   *
+   * It overrides process.env.NEXT_PUBLIC_SENTRY_DSN and process.env.SENTRY_DSN.
+   */
+  sentryDsn?: string;
   redis: {
     defaultExpirationTime: number;
   };

package/utils/app-fetch.ts

@@ -2,6 +2,7 @@ import Settings from 'settings';
 import logger from '../utils/log';
 import { headers, cookies } from 'next/headers';
 import { ServerVariables } from './server-variables';
+import { notFound } from 'next/navigation';
 
 export enum FetchResponseType {
   JSON = 'json',
@@ -60,13 +61,15 @@ const appFetch = async <T>({
     status = req.status;
     logger.debug(`FETCH END ${url}`, { status: req.status, ip });
 
-    if (responseType === FetchResponseType.JSON) {
-      response = (await req.json()) as T;
-    } else {
-      response = (await req.text()) as unknown as T;
-    }
+    if (req.ok) {
+      if (responseType === FetchResponseType.JSON) {
+        response = (await req.json()) as T;
+      } else {
+        response = (await req.text()) as unknown as T;
+      }
 
-    logger.trace(`FETCH RESPONSE`, { url, response, ip });
+      logger.trace(`FETCH RESPONSE`, { url, response, ip });
+    }
   } catch (error) {
     const logType = status === 500 ? 'fatal' : 'error';
 
@@ -75,6 +78,10 @@ const appFetch = async <T>({
     }
   }
 
+  if (status === 422) {
+    notFound();
+  }
+
   return response;
 };
 

package/utils/mobile-3d-iframe.ts

@@ -1,8 +1,14 @@
 const iframeURLChange = (iframe, callback) => {
   iframe.addEventListener('load', () => {
     setTimeout(() => {
-      if (iframe?.contentWindow?.location) {
-        callback(iframe.contentWindow.location);
+      try {
+        if (iframe?.contentWindow?.location) {
+          const iframeLocation = iframe.contentWindow.location;
+
+          callback(iframeLocation);
+        }
+      } catch (error) {
+        // Expected: browser blocks cross-origin iframe access for security
       }
     }, 0);
   });

package/utils/redirection-iframe.ts

@@ -1,8 +1,14 @@
 const iframeURLChange = (iframe, callback) => {
   iframe.addEventListener('load', () => {
     setTimeout(() => {
-      if (iframe?.contentWindow?.location) {
-        callback(iframe.contentWindow.location);
+      try {
+        if (iframe?.contentWindow?.location) {
+          const iframeLocation = iframe.contentWindow.location;
+
+          callback(iframeLocation);
+        }
+      } catch (error) {
+        // Expected: browser blocks cross-origin iframe access for security
       }
     }, 0);
   });

package/with-pz-config.js

@@ -65,10 +65,7 @@ const defaultConfig = {
       translations: false
     };
     return config;
-  },
-  sentry: {
-    hideSourceMaps: true
-  } // TODO: This section will be reviewed again in the Sentry 8 update.
+  }
 };
 
 const withPzConfig = (