@akinon/next 2.0.0-beta.11 → 2.0.0-beta.13

package/middlewares/locale.ts

@@ -69,7 +69,6 @@ const withLocale =
         req.method === 'GET'
       ) {
         // Redirect to existing or default locale
-
         url.pathname = getUrlPathWithLocale(
           url.pathname,
           req.cookies.get('pz-locale')?.value

package/middlewares/masterpass-rest-callback.ts

@@ -0,0 +1,220 @@
+import { NextFetchEvent, NextMiddleware, NextResponse } from 'next/server';
+import Settings from 'settings';
+import logger from '../utils/log';
+import { getUrlPathWithLocale } from '../utils/localization';
+import { PzNextRequest } from '.';
+import { getCheckoutPath } from '../utils';
+
+const withMasterpassRestCallback =
+  (middleware: NextMiddleware) =>
+  async (req: PzNextRequest, event: NextFetchEvent) => {
+    const url = req.nextUrl.clone();
+    const ip = req.headers.get('x-forwarded-for') ?? '';
+    const sessionId = req.cookies.get('osessionid');
+
+    if (!url.pathname.includes('/orders/masterpass-rest-callback')) {
+      return middleware(req, event);
+    }
+
+    if (req.method !== 'POST') {
+      logger.warn('Invalid request method for masterpass REST callback', {
+        middleware: 'masterpass-rest-callback',
+        method: req.method,
+        ip
+      });
+
+      return NextResponse.redirect(
+        `${url.origin}${getUrlPathWithLocale(
+          '/orders/checkout/',
+          req.cookies.get('pz-locale')?.value
+        )}`,
+        303
+      );
+    }
+
+    const responseCode = url.searchParams.get('responseCode');
+    const token = url.searchParams.get('token');
+
+    if (!responseCode || !token) {
+      logger.warn('Missing required parameters for masterpass REST callback', {
+        middleware: 'masterpass-rest-callback',
+        responseCode,
+        token,
+        ip
+      });
+
+      return NextResponse.redirect(
+        `${url.origin}${getUrlPathWithLocale(
+          '/orders/checkout/',
+          req.cookies.get('pz-locale')?.value
+        )}`,
+        303
+      );
+    }
+
+    try {
+      const formData = await req.formData();
+      const body: Record<string, string> = {};
+
+      Array.from(formData.entries()).forEach(([key, value]) => {
+        body[key] = value.toString();
+      });
+
+      if (!sessionId) {
+        logger.warn(
+          'Make sure that the SESSION_COOKIE_SAMESITE environment variable is set to None in Commerce.',
+          {
+            middleware: 'masterpass-rest-callback',
+            ip
+          }
+        );
+
+        return NextResponse.redirect(
+          `${url.origin}${getUrlPathWithLocale(
+            '/orders/checkout/',
+            req.cookies.get('pz-locale')?.value
+          )}`,
+          303
+        );
+      }
+
+      const isPostCheckout = req.cookies.get('pz-post-checkout-flow')?.value === 'true';
+      const requestUrl = new URL(getCheckoutPath(isPostCheckout), Settings.commerceUrl);
+      requestUrl.searchParams.set('page', 'MasterpassRestCompletePage');
+      requestUrl.searchParams.set('responseCode', responseCode);
+      requestUrl.searchParams.set('token', token);
+      requestUrl.searchParams.set(
+        'three_d_secure',
+        body.transactionType?.includes('3D') ? 'true' : 'false'
+      );
+      requestUrl.searchParams.set(
+        'transactionType',
+        body.transactionType || ''
+      );
+
+      const requestHeaders = {
+        'Content-Type': 'application/x-www-form-urlencoded',
+        'X-Requested-With': 'XMLHttpRequest',
+        Cookie: req.headers.get('cookie') ?? '',
+        'x-currency': req.cookies.get('pz-currency')?.value ?? '',
+        'x-forwarded-for': ip,
+        'User-Agent': req.headers.get('user-agent') ?? ''
+      };
+
+      const request = await fetch(requestUrl.toString(), {
+        method: 'POST',
+        headers: requestHeaders,
+        body: new URLSearchParams(body)
+      });
+
+      logger.info('Masterpass REST callback request', {
+        requestUrl: requestUrl.toString(),
+        status: request.status,
+        requestHeaders,
+        ip
+      });
+
+      const response = await request.json();
+
+      const { context_list: contextList, errors } = response;
+
+      let redirectUrl = response.redirect_url;
+
+      if (!redirectUrl && contextList && contextList.length > 0) {
+        for (const context of contextList) {
+          if (context.page_context && context.page_context.redirect_url) {
+            redirectUrl = context.page_context.redirect_url;
+            break;
+          }
+        }
+      }
+
+      if (errors && Object.keys(errors).length) {
+        logger.error('Error while processing masterpass REST callback', {
+          middleware: 'masterpass-rest-callback',
+          errors,
+          requestHeaders,
+          ip
+        });
+
+        return NextResponse.redirect(
+          `${url.origin}${getUrlPathWithLocale(
+            '/orders/checkout/',
+            req.cookies.get('pz-locale')?.value
+          )}`,
+          {
+            status: 303,
+            headers: {
+              'Set-Cookie': `pz-pos-error=${JSON.stringify(errors)}; path=/;`
+            }
+          }
+        );
+      }
+
+      logger.info('Masterpass REST callback response', {
+        middleware: 'masterpass-rest-callback',
+        contextList,
+        redirectUrl,
+        ip
+      });
+
+      if (!redirectUrl) {
+        logger.warn(
+          'No redirection url found in response. Redirecting to checkout page.',
+          {
+            middleware: 'masterpass-rest-callback',
+            requestHeaders,
+            response: JSON.stringify(response),
+            ip
+          }
+        );
+
+        const redirectUrlWithLocale = `${url.origin}${getUrlPathWithLocale(
+          '/orders/checkout/',
+          req.cookies.get('pz-locale')?.value
+        )}`;
+
+        return NextResponse.redirect(redirectUrlWithLocale, 303);
+      }
+
+      const redirectUrlWithLocale = `${url.origin}${getUrlPathWithLocale(
+        redirectUrl,
+        req.cookies.get('pz-locale')?.value
+      )}`;
+
+      logger.info('Redirecting after masterpass REST callback', {
+        middleware: 'masterpass-rest-callback',
+        redirectUrlWithLocale,
+        ip
+      });
+
+      const nextResponse = NextResponse.redirect(redirectUrlWithLocale, 303);
+
+      nextResponse.headers.set(
+        'Set-Cookie',
+        request.headers.get('set-cookie') ?? ''
+      );
+
+      return nextResponse;
+    } catch (error) {
+      logger.error('Error while processing masterpass REST callback', {
+        middleware: 'masterpass-rest-callback',
+        error,
+        requestHeaders: {
+          Cookie: req.headers.get('cookie') ?? '',
+          'x-currency': req.cookies.get('pz-currency')?.value ?? ''
+        },
+        ip
+      });
+
+      return NextResponse.redirect(
+        `${url.origin}${getUrlPathWithLocale(
+          '/orders/checkout/',
+          req.cookies.get('pz-locale')?.value
+        )}`,
+        303
+      );
+    }
+  };
+
+export default withMasterpassRestCallback;

package/middlewares/pretty-url.ts

@@ -1,17 +1,33 @@
 import { Cache, CacheKey } from '../lib/cache';
-import { NextFetchEvent, NextMiddleware, NextRequest } from 'next/server';
-import { ROUTES } from 'routes';
+import { NextFetchEvent, NextMiddleware } from 'next/server';
 import { URLS } from '../data/urls';
 import Settings from 'settings';
 import { urlLocaleMatcherRegex } from '../utils';
 import { PzNextRequest } from '.';
 import logger from '../utils/log';
+import { ROUTES } from 'routes';
 
 type PrettyUrlResult = {
   matched: boolean;
   path?: string;
 };
 
+let APP_ROUTES: string[] = [];
+
+const legacyRoutes = Object.values(ROUTES);
+
+try {
+  const generatedRoutes = require('routes/generated-routes');
+  const allRoutes = [...legacyRoutes, ...(generatedRoutes || [])];
+  APP_ROUTES = Array.from(new Set(allRoutes));
+  logger.debug('Loaded merged routes (legacy + generated)', {
+    count: APP_ROUTES.length
+  });
+} catch (error) {
+  APP_ROUTES = legacyRoutes;
+  logger.debug('Loaded only legacy routes', { count: APP_ROUTES.length });
+}
+
 const resolvePrettyUrlHandler =
   (pathname: string, ip: string | null) => async () => {
     let results = <{ old_path: string }[]>[];
@@ -53,7 +69,8 @@ const resolvePrettyUrl = async (
     locale,
     resolvePrettyUrlHandler(pathname, ip),
     {
-      useProxy: true
+      useProxy: true,
+      compressed: true
     }
   );
 };
@@ -73,9 +90,7 @@ const withPrettyUrl =
     const isValidPrettyUrlPath = (pathname: string) => {
       return (
         new RegExp(/^\/[a-zA-Z0-9/]+(?:-[a-zA-Z0-9/]+)*$/).test(pathname) &&
-        !Object.entries(ROUTES).find(([, value]) =>
-          new RegExp(`^${value}$`).test(pathname)
-        )
+        !APP_ROUTES.some((route) => new RegExp(`^${route}$`).test(pathname))
       );
     };
     const ip = req.headers.get('x-forwarded-for') ?? '';
@@ -108,8 +123,6 @@ const withPrettyUrl =
       return middleware(req, event);
     }
 
-    req.middlewareParams.found = false;
-
     return middleware(req, event);
   };
 

package/middlewares/redirection-payment.ts

@@ -4,6 +4,7 @@ import Settings from 'settings';
 import logger from '../utils/log';
 import { PzNextRequest } from '.';
 import { getUrlPathWithLocale } from '../utils/localization';
+import { getCheckoutPath } from '../utils';
 
 const streamToString = async (stream: ReadableStream<Uint8Array> | null) => {
   if (stream) {
@@ -35,18 +36,22 @@ const withRedirectionPayment =
     const searchParams = new URLSearchParams(url.search);
     const ip = req.headers.get('x-forwarded-for') ?? '';
     const sessionId = req.cookies.get('osessionid');
+    const currentLocale = req.middlewareParams?.rewrites?.locale;
 
     if (searchParams.get('page') !== 'RedirectionPageCompletePage') {
       return middleware(req, event);
     }
 
-    const requestUrl = `${Settings.commerceUrl}/orders/checkout/${url.search}`;
+    const isPostCheckout = req.cookies.get('pz-post-checkout-flow')?.value === 'true';
+    const requestUrl = `${Settings.commerceUrl}${getCheckoutPath(isPostCheckout)}${url.search}`;
     const requestHeaders = {
       'X-Requested-With': 'XMLHttpRequest',
       'Content-Type': 'application/x-www-form-urlencoded',
       Cookie: req.headers.get('cookie') ?? '',
       'x-currency': req.cookies.get('pz-currency')?.value ?? '',
-      'x-forwarded-for': ip
+      'x-forwarded-for': ip,
+      'Accept-Language':
+        currentLocale ?? req.cookies.get('pz-locale')?.value ?? ''
     };
 
     try {
@@ -60,17 +65,9 @@ const withRedirectionPayment =
             ip
           }
         );
-
-        return NextResponse.redirect(
-          `${url.origin}${getUrlPathWithLocale(
-            '/orders/checkout/',
-            req.cookies.get('pz-locale')?.value
-          )}`,
-          303
-        );
       }
 
-      const request = await fetch(requestUrl, {
+      const fetchResponse = await fetch(requestUrl, {
         method: 'POST',
         headers: requestHeaders,
         body
@@ -78,14 +75,14 @@ const withRedirectionPayment =
 
       logger.info('Complete redirection payment request', {
         requestUrl,
-        status: request.status,
+        status: fetchResponse.status,
         requestHeaders,
         ip
       });
 
-      const response = await request.json();
+      const responseData = await fetchResponse.json();
 
-      const { context_list: contextList, errors } = response;
+      const { context_list: contextList, errors } = responseData;
       const redirectionContext = contextList?.find(
         (context) => context.page_context?.redirect_url
       );
@@ -99,18 +96,27 @@ const withRedirectionPayment =
           ip
         });
 
-        return NextResponse.redirect(
+        const errorResponse = NextResponse.redirect(
           `${url.origin}${getUrlPathWithLocale(
             '/orders/checkout/',
             req.cookies.get('pz-locale')?.value
           )}`,
-          {
-            status: 303,
-            headers: {
-              'Set-Cookie': `pz-pos-error=${JSON.stringify(errors)}; path=/;`
-            }
-          }
+          303
+        );
+
+        // Forward set-cookie headers from the upstream response
+        const setCookies = fetchResponse.headers.getSetCookie?.() ?? [];
+        setCookies.forEach((cookie) => {
+          errorResponse.headers.append('Set-Cookie', cookie);
+        });
+
+        // Add error cookie
+        errorResponse.headers.append(
+          'Set-Cookie',
+          `pz-pos-error=${JSON.stringify(errors)}; path=/;`
         );
+
+        return errorResponse;
       }
 
       logger.info('Order success page context list', {
@@ -125,7 +131,7 @@ const withRedirectionPayment =
           {
             middleware: 'redirection-payment',
             requestHeaders,
-            response: JSON.stringify(response),
+            response: JSON.stringify(responseData),
             ip
           }
         );
@@ -153,10 +159,11 @@ const withRedirectionPayment =
       // So we use 303 status code to change the method to GET
       const nextResponse = NextResponse.redirect(redirectUrlWithLocale, 303);
 
-      nextResponse.headers.set(
-        'Set-Cookie',
-        request.headers.get('set-cookie') ?? ''
-      );
+      // Forward all set-cookie headers from the upstream response
+      const setCookies = fetchResponse.headers.getSetCookie?.() ?? [];
+      setCookies.forEach((cookie) => {
+        nextResponse.headers.append('Set-Cookie', cookie);
+      });
 
       return nextResponse;
     } catch (error) {

package/middlewares/saved-card-redirection.ts

@@ -4,6 +4,8 @@ import { Buffer } from 'buffer';
 import logger from '../utils/log';
 import { getUrlPathWithLocale } from '../utils/localization';
 import { PzNextRequest } from '.';
+import { ServerVariables } from '../utils/server-variables';
+import { getCheckoutPath } from '../utils';
 
 const streamToString = async (stream: ReadableStream<Uint8Array> | null) => {
   if (stream) {
@@ -34,18 +36,22 @@ const withSavedCardRedirection =
     const url = req.nextUrl.clone();
     const ip = req.headers.get('x-forwarded-for') ?? '';
     const sessionId = req.cookies.get('osessionid');
+    const currentLocale = req.middlewareParams?.rewrites?.locale;
 
     if (url.search.indexOf('SavedCardThreeDSecurePage') === -1) {
       return middleware(req, event);
     }
 
-    const requestUrl = `${Settings.commerceUrl}/orders/checkout/${url.search}`;
+    const isPostCheckout = req.cookies.get('pz-post-checkout-flow')?.value === 'true';
+    const requestUrl = `${Settings.commerceUrl}${getCheckoutPath(isPostCheckout)}${url.search}`;
     const requestHeaders = {
       'X-Requested-With': 'XMLHttpRequest',
       'Content-Type': 'application/x-www-form-urlencoded',
       Cookie: req.headers.get('cookie') ?? '',
       'x-currency': req.cookies.get('pz-currency')?.value ?? '',
-      'x-forwarded-for': ip
+      'x-forwarded-for': ip,
+      'Accept-Language':
+        currentLocale ?? req.cookies.get('pz-locale')?.value ?? ''
     };
 
     try {
@@ -59,17 +65,9 @@ const withSavedCardRedirection =
             ip
           }
         );
-
-        return NextResponse.redirect(
-          `${url.origin}${getUrlPathWithLocale(
-            '/orders/checkout/',
-            req.cookies.get('pz-locale')?.value
-          )}`,
-          303
-        );
       }
 
-      const request = await fetch(requestUrl, {
+      const fetchResponse = await fetch(requestUrl, {
         method: 'POST',
         headers: requestHeaders,
         body
@@ -77,14 +75,14 @@ const withSavedCardRedirection =
 
       logger.info('Complete 3D payment request', {
         requestUrl,
-        status: request.status,
+        status: fetchResponse.status,
         requestHeaders,
         ip
       });
 
-      const response = await request.json();
+      const responseData = await fetchResponse.json();
 
-      const { context_list: contextList, errors } = response;
+      const { context_list: contextList, errors } = responseData;
       const redirectionContext = contextList?.find(
         (context) => context.page_context?.redirect_url
       );
@@ -98,18 +96,27 @@ const withSavedCardRedirection =
           ip
         });
 
-        return NextResponse.redirect(
+        const errorResponse = NextResponse.redirect(
           `${url.origin}${getUrlPathWithLocale(
             '/orders/checkout/',
             req.cookies.get('pz-locale')?.value
           )}`,
-          {
-            status: 303,
-            headers: {
-              'Set-Cookie': `pz-pos-error=${JSON.stringify(errors)}; path=/;`
-            }
-          }
+          303
+        );
+
+        // Forward set-cookie headers from the upstream response
+        const setCookies = fetchResponse.headers.getSetCookie?.() ?? [];
+        setCookies.forEach((cookie) => {
+          errorResponse.headers.append('Set-Cookie', cookie);
+        });
+
+        // Add error cookie
+        errorResponse.headers.append(
+          'Set-Cookie',
+          `pz-pos-error=${JSON.stringify(errors)}; path=/;`
         );
+
+        return errorResponse;
       }
 
       logger.info('Order success page context list', {
@@ -124,7 +131,7 @@ const withSavedCardRedirection =
           {
             middleware: 'saved-card-redirection',
             requestHeaders,
-            response: JSON.stringify(response),
+            response: JSON.stringify(responseData),
             ip
           }
         );
@@ -152,10 +159,11 @@ const withSavedCardRedirection =
       // So we use 303 status code to change the method to GET
       const nextResponse = NextResponse.redirect(redirectUrlWithLocale, 303);
 
-      nextResponse.headers.set(
-        'Set-Cookie',
-        request.headers.get('set-cookie') ?? ''
-      );
+      // Forward all set-cookie headers from the upstream response
+      const setCookies = fetchResponse.headers.getSetCookie?.() ?? [];
+      setCookies.forEach((cookie) => {
+        nextResponse.headers.append('Set-Cookie', cookie);
+      });
 
       return nextResponse;
     } catch (error) {

package/middlewares/three-d-redirection.ts

@@ -4,6 +4,7 @@ import { Buffer } from 'buffer';
 import logger from '../utils/log';
 import { getUrlPathWithLocale } from '../utils/localization';
 import { PzNextRequest } from '.';
+import { getCheckoutPath } from '../utils';
 
 const streamToString = async (stream: ReadableStream<Uint8Array> | null) => {
   if (stream) {
@@ -34,18 +35,22 @@ const withThreeDRedirection =
     const url = req.nextUrl.clone();
     const ip = req.headers.get('x-forwarded-for') ?? '';
     const sessionId = req.cookies.get('osessionid');
+    const currentLocale = req.middlewareParams?.rewrites?.locale;
 
     if (url.search.indexOf('CreditCardThreeDSecurePage') === -1) {
       return middleware(req, event);
     }
 
-    const requestUrl = `${Settings.commerceUrl}/orders/checkout/${url.search}`;
+    const isPostCheckout = req.cookies.get('pz-post-checkout-flow')?.value === 'true';
+    const requestUrl = `${Settings.commerceUrl}${getCheckoutPath(isPostCheckout)}${url.search}`;
     const requestHeaders = {
       'X-Requested-With': 'XMLHttpRequest',
       'Content-Type': 'application/x-www-form-urlencoded',
       Cookie: req.headers.get('cookie') ?? '',
       'x-currency': req.cookies.get('pz-currency')?.value ?? '',
-      'x-forwarded-for': ip
+      'x-forwarded-for': ip,
+      'Accept-Language':
+        currentLocale ?? req.cookies.get('pz-locale')?.value ?? ''
     };
 
     try {
@@ -59,17 +64,9 @@ const withThreeDRedirection =
             ip
           }
         );
-
-        return NextResponse.redirect(
-          `${url.origin}${getUrlPathWithLocale(
-            '/orders/checkout/',
-            req.cookies.get('pz-locale')?.value
-          )}`,
-          303
-        );
       }
 
-      const request = await fetch(requestUrl, {
+      const fetchResponse = await fetch(requestUrl, {
         method: 'POST',
         headers: requestHeaders,
         body
@@ -77,14 +74,14 @@ const withThreeDRedirection =
 
       logger.info('Complete 3D payment request', {
         requestUrl,
-        status: request.status,
+        status: fetchResponse.status,
         requestHeaders,
         ip
       });
 
-      const response = await request.json();
+      const responseData = await fetchResponse.json();
 
-      const { context_list: contextList, errors } = response;
+      const { context_list: contextList, errors } = responseData;
       const redirectionContext = contextList?.find(
         (context) => context.page_context?.redirect_url
       );
@@ -98,18 +95,27 @@ const withThreeDRedirection =
           ip
         });
 
-        return NextResponse.redirect(
+        const errorResponse = NextResponse.redirect(
           `${url.origin}${getUrlPathWithLocale(
             '/orders/checkout/',
             req.cookies.get('pz-locale')?.value
           )}`,
-          {
-            status: 303,
-            headers: {
-              'Set-Cookie': `pz-pos-error=${JSON.stringify(errors)}; path=/;`
-            }
-          }
+          303
+        );
+
+        // Forward set-cookie headers from the upstream response
+        const setCookies = fetchResponse.headers.getSetCookie?.() ?? [];
+        setCookies.forEach((cookie) => {
+          errorResponse.headers.append('Set-Cookie', cookie);
+        });
+
+        // Add error cookie
+        errorResponse.headers.append(
+          'Set-Cookie',
+          `pz-pos-error=${JSON.stringify(errors)}; path=/;`
         );
+
+        return errorResponse;
       }
 
       logger.info('Order success page context list', {
@@ -124,7 +130,7 @@ const withThreeDRedirection =
           {
             middleware: 'three-d-redirection',
             requestHeaders,
-            response: JSON.stringify(response),
+            response: JSON.stringify(responseData),
             ip
           }
         );
@@ -152,10 +158,11 @@ const withThreeDRedirection =
       // So we use 303 status code to change the method to GET
       const nextResponse = NextResponse.redirect(redirectUrlWithLocale, 303);
 
-      nextResponse.headers.set(
-        'Set-Cookie',
-        request.headers.get('set-cookie') ?? ''
-      );
+      // Forward all set-cookie headers from the upstream response
+      const setCookies = fetchResponse.headers.getSetCookie?.() ?? [];
+      setCookies.forEach((cookie) => {
+        nextResponse.headers.append('Set-Cookie', cookie);
+      });
 
       return nextResponse;
     } catch (error) {