@akinon/next 1.121.0 → 1.122.0-rc.0

package/CHANGELOG.md

@@ -1,5 +1,30 @@
 # @akinon/next
 
+## 1.122.0-rc.0
+
+### Minor Changes
+
+- 8218dafa: ZERO-4160: Refactor oauth-login middleware to use fetch for login and callback responses
+- d2c0e759: ZERO-3684: Handle cross-origin iframe access in iframeURLChange function
+- ZERO-4160: Enhance oauth-login middleware with improved request handling and logging
+- b55acb76: ZERO-2577: Fix pagination bug and update usePagination hook and ensure pagination controls rendering correctly
+- 8a7fd0f4: ZERO-4065: Add '[segment]' to skipSegments in route generation
+- 760258c1: ZERO-4160: Enhance oauth-login middleware to handle fetch errors and improve response handling
+- 36143125: ZERO-3987: Add barcode scanner functionality with modal and button
+- f7e0f646: ZERO-4032: Add bfcache-headers middleware, integrate it into the default chain, and introduce a new environment variable for control.
+- 94a86fcc: ZERO-4065: Expand skipSegments array to include additional segments for route generation
+- 143be2b9: ZERO-3457: Crop styles are customizable and logic improved for rendering similar products modal
+- bcaad120: ZERO-4158: Add logging for OAuth login and callback redirects
+- cd68a97a: ZERO-4126: Enhance error handling in appFetch and related data handlers to throw notFound on 404 and 422 errors
+- 9f8cd3bc: ZERO-3449: AI Search Active Filters & Crop Style changes have been implemented
+- bfafa3f4: ZERO-4160: Refactor oauth-login middleware to use fetchCommerce for API calls and improve cookie handling
+- d99a6a7d: ZERO-3457_1: Fixed the settings prop and made sure everything is customizable.
+- 591e345e: ZERO-3855: Enhance credit card payment handling in checkout middlewares
+- 4de5303c: ZERO-2504: add cookie filter to api client request
+- 95b139dc: ZERO-3795: Remove duplicate entry for SavedCard in PluginComponents map
+- 3909d322: Edit the duplicate Plugin.SimilarProducts in the plugin-module.
+- e18836b2: ZERO-4160: Restore scope in Sentry addon configuration in akinon.json
+
 ## 1.121.0
 
 ### Minor Changes

package/api/barcode-search.ts

@@ -0,0 +1,59 @@
+import { NextRequest, NextResponse } from 'next/server';
+import Settings from 'settings';
+
+export async function GET(request: NextRequest) {
+  try {
+    const { searchParams } = new URL(request.url);
+    const barcode = searchParams.get('search_text');
+
+    if (!barcode) {
+      return NextResponse.json(
+        { error: 'Missing search_text parameter (barcode)' },
+        { status: 400 }
+      );
+    }
+
+    if (Settings.commerceUrl === 'default') {
+      return NextResponse.json(
+        { error: 'Commerce URL is not configured' },
+        { status: 500 }
+      );
+    }
+
+    const queryParams = new URLSearchParams();
+    queryParams.append('search_text', barcode);
+
+    searchParams.forEach((value, key) => {
+      if (key !== 'search_text') {
+        queryParams.append(key, value);
+      }
+    });
+
+    const apiUrl = `${Settings.commerceUrl}/list/?${queryParams.toString()}`;
+
+    const headers: Record<string, string> = {
+      Accept: 'application/json',
+      'Content-Type': 'application/json'
+    };
+
+    const response = await fetch(apiUrl, {
+      method: 'GET',
+      headers
+    });
+
+    if (!response.ok) {
+      return NextResponse.json(
+        { error: `API request failed with status: ${response.status}` },
+        { status: response.status }
+      );
+    }
+
+    const data = await response.json();
+    return NextResponse.json(data);
+  } catch (error) {
+    return NextResponse.json(
+      { error: (error as Error).message },
+      { status: 500 }
+    );
+  }
+}

package/bin/pz-generate-routes.js

@@ -25,7 +25,16 @@ const generateRoutes = () => {
   const routes = [];
   const excludedDirs = ['api', 'pz-not-found'];
 
-  const skipSegments = ['[commerce]', '[locale]', '[currency]'];
+  const skipSegments = [
+    '[commerce]',
+    '[locale]',
+    '[currency]',
+    '[session]',
+    '[segment]',
+    '[url]',
+    '[theme]',
+    '[member_type]'
+  ];
   const skipCatchAllRoutes = ['[...prettyurl]', '[...not_found]'];
 
   const walkDirectory = (dir, basePath = '') => {

package/components/plugin-module.tsx

@@ -55,6 +55,7 @@ export enum Component {
   SavedCard = 'SavedCardOption',
   VirtualTryOnPlugin = 'VirtualTryOnPlugin',
   BasketVirtualTryOn = 'BasketVirtualTryOn',
+  BarcodeScannerPlugin = 'BarcodeScannerPlugin',
   IyzicoSavedCard = 'IyzicoSavedCardOption',
   Hepsipay = 'Hepsipay',
   FlowPayment = 'FlowPayment',
@@ -113,11 +114,10 @@ const PluginComponents = new Map([
     ]
   ],
   [Plugin.SavedCard, [Component.SavedCard, Component.IyzicoSavedCard]],
-  [Plugin.SavedCard, [Component.SavedCard]],
   [Plugin.FlowPayment, [Component.FlowPayment]],
   [
     Plugin.VirtualTryOn,
-    [Component.VirtualTryOnPlugin, Component.BasketVirtualTryOn]
+    [Component.VirtualTryOnPlugin, Component.BasketVirtualTryOn, Component.BarcodeScannerPlugin]
   ],
   [Plugin.Hepsipay, [Component.Hepsipay]],
   [Plugin.MasterpassRest, [Component.MasterpassRest]],

package/data/urls.ts

@@ -183,7 +183,11 @@ export const product = {
   breadcrumbUrl: (menuitemmodel: string) =>
     `/menus/generate_breadcrumb/?item=${menuitemmodel}&generator_name=menu_item`,
   bundleProduct: (productPk: string, queryString: string) =>
-    `/bundle-product/${productPk}/?${queryString}`
+    `/bundle-product/${productPk}/?${queryString}`,
+  similarProducts: (params?: string) =>
+    `/similar-products${params ? `?${params}` : ''}`,
+  similarProductsList: (params?: string) =>
+    `/similar-product-list${params ? `?${params}` : ''}`
 };
 
 export const wishlist = {

package/middlewares/bfcache-headers.ts

@@ -0,0 +1,18 @@
+import { NextMiddleware } from 'next/server';
+
+const withBfcacheHeaders = (middleware: NextMiddleware): NextMiddleware => {
+  return async (req, event) => {
+    const response = await middleware(req, event);
+
+    if (process.env.BF_CACHE === 'true' && response) {
+      response.headers.set(
+        'Cache-Control',
+        'private, no-cache, max-age=0, must-revalidate'
+      );
+    }
+
+    return response;
+  };
+};
+
+export default withBfcacheHeaders;

package/middlewares/default.ts

@@ -14,7 +14,8 @@ import {
   withUrlRedirection,
   withCompleteWallet,
   withWalletCompleteRedirection,
-  withMasterpassRestCallback
+  withMasterpassRestCallback,
+  withBfcacheHeaders
 } from '.';
 import { urlLocaleMatcherRegex } from '../utils';
 import withCurrency from './currency';
@@ -255,10 +256,11 @@ const withPzDefault =
                           withCompleteWallet(
                             withWalletCompleteRedirection(
                               withMasterpassRestCallback(
-                                async (
-                                  req: PzNextRequest,
-                                  event: NextFetchEvent
-                                ) => {
+                                withBfcacheHeaders(
+                                  async (
+                                    req: PzNextRequest,
+                                    event: NextFetchEvent
+                                  ) => {
                                   let middlewareResult: NextResponse | void =
                                     NextResponse.next();
 
@@ -498,7 +500,7 @@ const withPzDefault =
                                   }
 
                                   return middlewareResult;
-                                }
+                                })
                               )
                             )
                           )

package/middlewares/index.ts

@@ -12,6 +12,7 @@ import withSavedCardRedirection from './saved-card-redirection';
 import withCompleteWallet from './complete-wallet';
 import withWalletCompleteRedirection from './wallet-complete-redirection';
 import withMasterpassRestCallback from './masterpass-rest-callback';
+import withBfcacheHeaders from './bfcache-headers';
 import { NextRequest } from 'next/server';
 
 export {
@@ -28,7 +29,8 @@ export {
   withSavedCardRedirection,
   withCompleteWallet,
   withWalletCompleteRedirection,
-  withMasterpassRestCallback
+  withMasterpassRestCallback,
+  withBfcacheHeaders
 };
 
 export interface PzNextRequest extends NextRequest {

package/middlewares/oauth-login.ts

@@ -6,78 +6,221 @@ import {
 } from 'next/server';
 import Settings from 'settings';
 import { getUrlPathWithLocale } from '../utils/localization';
+import logger from '../utils/log';
 
-const withOauthLogin =
-  (middleware: NextMiddleware) =>
-  async (req: NextRequest, event: NextFetchEvent) => {
-    const url = req.nextUrl.clone();
-    const loginUrlMatcherRegex = new RegExp(/^\/(\w+)\/login\/?$/);
-    const loginCallbackUrlMatcherRegex = new RegExp(
-      /^\/(\w+)\/login\/callback\/?$/
-    );
-    const ip = req.headers.get('x-forwarded-for') ?? '';
-
-    const headers = {
-      'x-forwarded-host':
-        req.headers.get('x-forwarded-host') || req.headers.get('host') || '',
-      'x-currency': req.cookies.get('pz-currency')?.value ?? '',
-      'x-forwarded-for': ip
+const LOGIN_URL_REGEX = /^\/(\w+)\/login\/?$/;
+const CALLBACK_URL_REGEX = /^\/(\w+)\/login\/callback\/?$/;
+
+function buildCommerceHeaders(req: NextRequest): Record<string, string> {
+  return {
+    'x-forwarded-host':
+      req.headers.get('x-forwarded-host') || req.headers.get('host') || '',
+    'x-forwarded-for': req.headers.get('x-forwarded-for') ?? '',
+    'x-forwarded-proto': req.headers.get('x-forwarded-proto') || 'https',
+    'x-currency': req.cookies.get('pz-currency')?.value ?? '',
+    cookie: req.headers.get('cookie') ?? ''
+  };
+}
+
+async function getRequestBody(
+  req: NextRequest
+): Promise<{ content: string; contentType: string } | undefined> {
+  if (req.method !== 'POST') return undefined;
+
+  const content = await req.text();
+  if (!content.length) return undefined;
+
+  return {
+    content,
+    contentType:
+      req.headers.get('content-type') ?? 'application/x-www-form-urlencoded'
+  };
+}
+
+function fetchCommerce(
+  url: string,
+  req: NextRequest,
+  body?: { content: string; contentType: string }
+): Promise<Response> {
+  const headers = buildCommerceHeaders(req);
+
+  if (body) {
+    headers['content-type'] = body.contentType;
+  }
+
+  return fetch(url, {
+    method: body ? 'POST' : 'GET',
+    headers,
+    body: body?.content,
+    redirect: 'manual'
+  });
+}
+
+function forwardCookies(from: Response, to: NextResponse): void {
+  from.headers.getSetCookie().forEach((cookie) => {
+    to.headers.append('set-cookie', cookie);
+  });
+}
+
+function buildRedirectResponse(
+  commerceResponse: Response,
+  location: string,
+  origin: string
+): NextResponse {
+  const response = NextResponse.redirect(new URL(location, origin));
+  forwardCookies(commerceResponse, response);
+  return response;
+}
+
+function commercePassthrough(commerceResponse: Response): NextResponse {
+  return new NextResponse(commerceResponse.body, {
+    status: commerceResponse.status,
+    headers: commerceResponse.headers
+  });
+}
+
+function buildOAuthCallbackCookie(referer: string): string {
+  return `pz-oauth-callback-url=${encodeURIComponent(referer)}; Path=/`;
+}
+
+async function handleLogin(
+  req: NextRequest,
+  provider: string
+): Promise<{ response: NextResponse; redirected: boolean }> {
+  const commerceResponse = await fetchCommerce(
+    `${Settings.commerceUrl}/${provider}/login/`,
+    req
+  );
+
+  const location = commerceResponse.headers.get('location');
+  if (!location) {
+    return {
+      response: commercePassthrough(commerceResponse),
+      redirected: false
     };
+  }
 
-    if (loginUrlMatcherRegex.test(url.pathname)) {
-      const provider = url.pathname.match(loginUrlMatcherRegex)[1];
-      const response = NextResponse.rewrite(
-        `${Settings.commerceUrl}/${provider}/login/`,
-        {
-          headers
-        }
-      );
+  const response = buildRedirectResponse(
+    commerceResponse,
+    location,
+    req.nextUrl.origin
+  );
 
-      if (req.headers.get('referer')) {
-        response.cookies.set(
-          'pz-oauth-callback-url',
-          req.headers.get('referer')
-        );
-      }
+  response.headers.append(
+    'set-cookie',
+    buildOAuthCallbackCookie(req.headers.get('referer') || '')
+  );
 
-      return response;
-    }
+  return { response, redirected: true };
+}
 
-    if (loginCallbackUrlMatcherRegex.test(url.pathname)) {
-      const provider = url.pathname.match(loginCallbackUrlMatcherRegex)[1];
+async function handleCallback(
+  req: NextRequest,
+  provider: string,
+  search: string
+): Promise<{ response: NextResponse; redirected: boolean }> {
+  const body = await getRequestBody(req);
+  const commerceResponse = await fetchCommerce(
+    `${Settings.commerceUrl}/${provider}/login/callback/${search}`,
+    req,
+    body
+  );
 
-      return NextResponse.rewrite(
-        `${Settings.commerceUrl}/${provider}/login/callback/${url.search}`,
-        {
-          headers
-        }
-      );
-    }
+  const location = commerceResponse.headers.get('location');
+  if (!location) {
+    return {
+      response: commercePassthrough(commerceResponse),
+      redirected: false
+    };
+  }
+
+  return {
+    response: buildRedirectResponse(
+      commerceResponse,
+      location,
+      req.nextUrl.origin
+    ),
+    redirected: true
+  };
+}
+
+function handleBasketRedirect(req: NextRequest): NextResponse | null {
+  const hasSession = req.cookies.get('osessionid');
+  const messages = req.cookies.get('messages')?.value;
+
+  if (!messages) return null;
+  if (!messages.includes('Successfully signed in') && !hasSession) return null;
+
+  let redirectUrl = `${req.nextUrl.origin}${getUrlPathWithLocale(
+    '/auth/oauth-login',
+    req.cookies.get('pz-locale')?.value
+  )}`;
+
+  const callbackUrl = req.cookies.get('pz-oauth-callback-url')?.value ?? '';
+  if (callbackUrl.length) {
+    redirectUrl += `?next=${encodeURIComponent(callbackUrl)}`;
+  }
+
+  const response = NextResponse.redirect(redirectUrl);
+  response.cookies.delete('messages');
+  response.cookies.delete('pz-oauth-callback-url');
+  return response;
+}
 
-    if (!url.pathname.startsWith('/baskets/basket')) {
+const withOauthLogin =
+  (middleware: NextMiddleware) =>
+  async (req: NextRequest, event: NextFetchEvent) => {
+    const { pathname, search } = req.nextUrl;
+
+    if (!pathname.includes('/login') && !pathname.startsWith('/baskets/basket')) {
       return middleware(req, event);
     }
 
-    const currentSessionId = req.cookies.get('osessionid');
+    logger.info('OAuth login redirect', {
+      host: req.headers.get('host'),
+      'x-forwarded-host': req.headers.get('x-forwarded-host'),
+      'x-forwarded-for': req.headers.get('x-forwarded-for')
+    });
 
-    if (
-      req.cookies.get('messages')?.value.includes('Successfully signed in') ||
-      (currentSessionId && req.cookies.get('messages'))
-    ) {
-      let redirectUrlWithLocale = `${url.origin}${getUrlPathWithLocale(
-        '/auth/oauth-login',
-        req.cookies.get('pz-locale')?.value
-      )}`;
-      let callbackUrl = req.cookies.get('pz-oauth-callback-url')?.value ?? '';
+    const loginMatch = LOGIN_URL_REGEX.exec(pathname);
+    if (loginMatch) {
+      try {
+        const { response, redirected } = await handleLogin(req, loginMatch[1]);
+        if (!redirected) {
+          logger.warn('OAuth login: no redirect from commerce', {
+            provider: loginMatch[1]
+          });
+        }
+        return response;
+      } catch (error) {
+        logger.error('OAuth login fetch failed', { error });
+        return middleware(req, event);
+      }
+    }
 
-      if (callbackUrl.length) {
-        redirectUrlWithLocale += `?next=${encodeURIComponent(callbackUrl)}`;
+    const callbackMatch = CALLBACK_URL_REGEX.exec(pathname);
+    if (callbackMatch) {
+      try {
+        const { response, redirected } = await handleCallback(
+          req,
+          callbackMatch[1],
+          search
+        );
+        if (!redirected) {
+          logger.warn('OAuth callback: no redirect from commerce', {
+            provider: callbackMatch[1]
+          });
+        }
+        return response;
+      } catch (error) {
+        logger.error('OAuth callback fetch failed', { error });
+        return middleware(req, event);
       }
+    }
 
-      const response = NextResponse.redirect(redirectUrlWithLocale);
-      response.cookies.delete('messages');
-      response.cookies.delete('pz-oauth-callback-url');
-      return response;
+    if (pathname.startsWith('/baskets/basket')) {
+      const response = handleBasketRedirect(req);
+      if (response) return response;
     }
 
     return middleware(req, event);

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@akinon/next",
   "description": "Core package for Project Zero Next",
-  "version": "1.121.0",
+  "version": "1.122.0-rc.0",
   "private": false,
   "license": "MIT",
   "bin": {
@@ -35,7 +35,7 @@
     "set-cookie-parser": "2.6.0"
   },
   "devDependencies": {
-    "@akinon/eslint-plugin-projectzero": "1.121.0",
+    "@akinon/eslint-plugin-projectzero": "1.122.0-rc.0",
     "@babel/core": "7.26.10",
     "@babel/preset-env": "7.26.9",
     "@babel/preset-typescript": "7.27.0",

package/plugins.d.ts

@@ -37,6 +37,16 @@ declare module '@akinon/pz-cybersource-uc/src/redux/middleware' {
   export default middleware as any;
 }
 
+declare module '@akinon/pz-apple-pay' {}
+
+declare module '@akinon/pz-similar-products' {
+  export const SimilarProductsModal: any;
+  export const SimilarProductsFilterSidebar: any;
+  export const SimilarProductsResultsGrid: any;
+  export const SimilarProductsPlugin: any;
+  export const SimilarProductsButtonPlugin: any;
+}
+
 declare module '@akinon/pz-cybersource-uc/src/redux/reducer' {
   export default reducer as any;
 }

package/plugins.js

@@ -16,6 +16,7 @@ module.exports = [
   'pz-tabby-extension',
   'pz-apple-pay',
   'pz-tamara-extension',
+  'pz-similar-products',
   'pz-cybersource-uc',
   'pz-hepsipay',
   'pz-flow-payment',

package/redux/middlewares/checkout.ts

@@ -204,15 +204,25 @@ export const contextListMiddleware: Middleware = ({
             (ctx) => ctx.page_name === 'DeliveryOptionSelectionPage'
           )
         ) {
+          const isCreditCardPayment =
+            preOrder?.payment_option?.payment_type === 'credit_card' ||
+            preOrder?.payment_option?.payment_type === 'masterpass';
+
           if (context.page_context.card_type) {
             dispatch(setCardType(context.page_context.card_type));
+          } else if (isCreditCardPayment) {
+            dispatch(setCardType(null));
           }
 
           if (
             context.page_context.installments &&
             preOrder?.payment_option?.payment_type !== 'masterpass_rest'
           ) {
-            dispatch(setInstallmentOptions(context.page_context.installments));
+            if (!isCreditCardPayment || context.page_context.card_type) {
+              dispatch(
+                setInstallmentOptions(context.page_context.installments)
+              );
+            }
           }
         }
 

package/redux/middlewares/pre-order/installment-option.ts

@@ -14,9 +14,17 @@ export const installmentOptionMiddleware: Middleware = ({
       return result;
     }
 
-    const { installmentOptions } = getState().checkout;
+    const { installmentOptions, cardType } = getState().checkout;
     const { endpoints: apiEndpoints } = checkoutApi;
 
+    const isCreditCardPayment =
+      preOrder?.payment_option?.payment_type === 'credit_card' ||
+      preOrder?.payment_option?.payment_type === 'masterpass';
+
+    if (isCreditCardPayment && !cardType) {
+      return result;
+    }
+
     if (
       !preOrder?.installment &&
       preOrder?.payment_option?.payment_type !== 'saved_card' &&

package/types/index.ts

@@ -83,6 +83,12 @@ export interface Settings {
   };
   usePrettyUrlRoute?: boolean;
   commerceUrl: string;
+  /**
+   * This option allows you to track Sentry events on the client side, in addition to server and edge environments.
+   *
+   * It overrides process.env.NEXT_PUBLIC_SENTRY_DSN and process.env.SENTRY_DSN.
+   */
+  sentryDsn?: string;
   redis: {
     defaultExpirationTime: number;
   };

package/utils/app-fetch.ts

@@ -2,6 +2,7 @@ import Settings from 'settings';
 import logger from '../utils/log';
 import { headers, cookies } from 'next/headers';
 import { ServerVariables } from './server-variables';
+import { notFound } from 'next/navigation';
 
 export enum FetchResponseType {
   JSON = 'json',
@@ -60,13 +61,15 @@ const appFetch = async <T>({
     status = req.status;
     logger.debug(`FETCH END ${url}`, { status: req.status, ip });
 
-    if (responseType === FetchResponseType.JSON) {
-      response = (await req.json()) as T;
-    } else {
-      response = (await req.text()) as unknown as T;
-    }
+    if (req.ok) {
+      if (responseType === FetchResponseType.JSON) {
+        response = (await req.json()) as T;
+      } else {
+        response = (await req.text()) as unknown as T;
+      }
 
-    logger.trace(`FETCH RESPONSE`, { url, response, ip });
+      logger.trace(`FETCH RESPONSE`, { url, response, ip });
+    }
   } catch (error) {
     const logType = status === 500 ? 'fatal' : 'error';
 
@@ -75,6 +78,10 @@ const appFetch = async <T>({
     }
   }
 
+  if (status === 422) {
+    notFound();
+  }
+
   return response;
 };
 

package/utils/mobile-3d-iframe.ts

@@ -1,8 +1,14 @@
 const iframeURLChange = (iframe, callback) => {
   iframe.addEventListener('load', () => {
     setTimeout(() => {
-      if (iframe?.contentWindow?.location) {
-        callback(iframe.contentWindow.location);
+      try {
+        if (iframe?.contentWindow?.location) {
+          const iframeLocation = iframe.contentWindow.location;
+
+          callback(iframeLocation);
+        }
+      } catch (error) {
+        // Expected: browser blocks cross-origin iframe access for security
       }
     }, 0);
   });

package/utils/redirection-iframe.ts

@@ -1,8 +1,14 @@
 const iframeURLChange = (iframe, callback) => {
   iframe.addEventListener('load', () => {
     setTimeout(() => {
-      if (iframe?.contentWindow?.location) {
-        callback(iframe.contentWindow.location);
+      try {
+        if (iframe?.contentWindow?.location) {
+          const iframeLocation = iframe.contentWindow.location;
+
+          callback(iframeLocation);
+        }
+      } catch (error) {
+        // Expected: browser blocks cross-origin iframe access for security
       }
     }, 0);
   });