@akinon/next 2.0.0-beta.2 → 2.0.0-beta.21

package/api/auth.ts

@@ -1,15 +1,18 @@
-import { NextApiRequest, NextApiResponse } from 'next';
 import NextAuth, { Session } from 'next-auth';
-import CredentialProvider from 'next-auth/providers/credentials';
+import Credentials from 'next-auth/providers/credentials';
 import { ROUTES } from 'routes';
 import { URLS, user } from '../data/urls';
 import Settings from 'settings';
 import { urlLocaleMatcherRegex } from '../utils';
 import logger from '@akinon/next/utils/log';
 import { AuthError } from '../types';
+import getRootHostname from '../utils/get-root-hostname';
+import { LocaleUrlStrategy } from '../localization';
+import { cookies, headers } from 'next/headers';
 
+// Shared helper
 async function getCurrentUser(sessionId: string, currency = '') {
-  const headers = {
+  const reqHeaders = {
     'Content-Type': 'application/json',
     Cookie: `osessionid=${sessionId}`,
     'x-currency': currency
@@ -17,7 +20,7 @@ async function getCurrentUser(sessionId: string, currency = '') {
 
   const currentUser = await (
     await fetch(URLS.user.currentUser, {
-      headers
+      headers: reqHeaders
     })
   ).json();
 
@@ -40,14 +43,305 @@ async function getCurrentUser(sessionId: string, currency = '') {
   };
 }
 
-const nextAuthOptions = (req: NextApiRequest, res: NextApiResponse) => {
+// Runtime-detected error throwing: uses CredentialsSignin on v5, plain Error on v4
+function throwAuthError(errors: AuthError[]): never {
+  const nextAuthModule = require('next-auth');
+  if (nextAuthModule.CredentialsSignin) {
+    class PzCredentialsError extends nextAuthModule.CredentialsSignin {
+      code = 'credentials';
+      constructor(errs: AuthError[]) {
+        super();
+        this.code = JSON.stringify(errs);
+      }
+    }
+    throw new PzCredentialsError(errors);
+  }
+  throw new Error(JSON.stringify(errors));
+}
+
+// Shared credential config used by both v4 and v5 error handling
+function buildFieldErrors(response: any) {
+  const errors = [] as AuthError[];
+
+  const fieldErrors = Object.keys(response ?? {})
+    .filter((key) => key !== 'non_field_errors')
+    .map((key) => ({
+      name: key,
+      value: response[key]
+    }));
+
+  if (response.redirect_url?.includes('captcha')) {
+    errors.push({ type: 'captcha' });
+  } else if (fieldErrors.length) {
+    errors.push({ type: 'field_errors', data: fieldErrors });
+  } else if (response.non_field_errors) {
+    errors.push({ type: 'non_field_errors', data: response.non_field_errors });
+  }
+
+  return errors;
+}
+
+// ============================================================
+// v5 (App Router / next-auth v5) — named export for new brands
+// ============================================================
+
+const getDefaultAuthConfig = () => {
   return {
     providers: [
-      CredentialProvider({
+      Credentials({
         id: 'oauth',
         name: 'credentials',
         credentials: {},
-        authorize: async (credentials) => {
+        authorize: async (credentials: any) => {
+          const cookieStore = await cookies();
+          const sessionId = cookieStore.get('osessionid')?.value;
+
+          if (!sessionId) {
+            return null;
+          }
+
+          const currentUser = await getCurrentUser(
+            sessionId,
+            cookieStore.get('pz-currency')?.value ?? ''
+          );
+          return currentUser;
+        }
+      }),
+      Credentials({
+        id: 'default',
+        name: 'credentials',
+        credentials: {
+          email: { label: 'Email', type: 'email', placeholder: 'Email' },
+          password: {
+            label: 'Password',
+            type: 'password',
+            placeholder: 'Password'
+          },
+          formType: {},
+          locale: {},
+          captchaValidated: {}
+        },
+        authorize: async (credentials: any) => {
+          const cookieStore = await cookies();
+          const headerStore = await headers();
+
+          const reqHeaders: HeadersInit = new Headers();
+          const language = Settings.localization.locales.find(
+            (item: any) => item.value === credentials.locale
+          ).apiValue;
+          const userIp = headerStore.get('x-forwarded-for') ?? '';
+
+          reqHeaders.set('Content-Type', 'application/json');
+          reqHeaders.set('cookie', headerStore.get('cookie') ?? '');
+          reqHeaders.set('Accept-Language', `${language}`);
+          reqHeaders.set(
+            'x-currency',
+            cookieStore.get('pz-currency')?.value ?? ''
+          );
+          reqHeaders.set('x-forwarded-for', userIp);
+          reqHeaders.set(
+            'x-app-device',
+            headerStore.get('x-app-device') ?? ''
+          );
+
+          reqHeaders.set(
+            'x-frontend-id',
+            cookieStore.get('pz-frontend-id')?.value || ''
+          );
+
+          logger.debug('Trying to login/register', {
+            formType: credentials.formType,
+            userIp
+          });
+
+          const checkCurrentUser = await getCurrentUser(
+            cookieStore.get('osessionid')?.value ?? '',
+            cookieStore.get('pz-currency')?.value ?? ''
+          );
+
+          if (checkCurrentUser?.pk) {
+            const sessionCookie = reqHeaders
+              .get('cookie')
+              ?.match(/osessionid=\w+/)?.[0]
+              .replace(/osessionid=/, '');
+            if (sessionCookie) {
+              reqHeaders.set('cookie', sessionCookie);
+            }
+          }
+
+          const apiRequest = await fetch(
+            `${Settings.commerceUrl}${user[credentials.formType]}`,
+            {
+              method: 'POST',
+              headers: reqHeaders,
+              body: JSON.stringify(credentials)
+            }
+          );
+
+          logger.info(`Login/Register request result: ${apiRequest.status}`, {
+            userIp
+          });
+
+          const response = (await apiRequest.json()) as {
+            key: string;
+            non_field_errors: string[];
+            redirect_url: string;
+          };
+
+          logger.debug(`Login/Register response: ${JSON.stringify(response)}`);
+
+          let sessionId = '';
+          const setCookieHeader = apiRequest.headers.get('set-cookie');
+          if (setCookieHeader) {
+            sessionId =
+              setCookieHeader
+                .match(/osessionid=\w+/)?.[0]
+                .replace(/osessionid=/, '') || '';
+
+            logger.debug(`Login/Register session id: ${sessionId}`);
+          } else {
+            logger.warn('No set-cookie header found in response');
+          }
+
+          if (sessionId) {
+            const maxAge = 30 * 24 * 60 * 60;
+            const { localeUrlStrategy } = Settings.localization;
+
+            const fallbackHost =
+              headerStore.get('x-forwarded-host') ||
+              headerStore.get('host');
+            const hostname =
+              process.env.NEXT_PUBLIC_URL || `https://${fallbackHost}`;
+            const rootHostname =
+              localeUrlStrategy === LocaleUrlStrategy.Subdomain
+                ? getRootHostname(hostname)
+                : null;
+
+            const cookieOptions = {
+              path: '/',
+              httpOnly: true,
+              secure: true,
+              maxAge,
+              ...(rootHostname ? { domain: rootHostname } : {})
+            };
+
+            cookieStore.set('osessionid', sessionId, cookieOptions);
+            cookieStore.set('sessionid', sessionId, cookieOptions);
+          }
+
+          if (!response.key) {
+            const errors = buildFieldErrors(response);
+
+            if (apiRequest.status === 202) {
+              errors.push({ type: 'otp' });
+            }
+
+            if (errors.length) {
+              throwAuthError(errors);
+            }
+          }
+
+          const currentUser = await getCurrentUser(
+            sessionId,
+            cookieStore.get('pz-currency')?.value ?? ''
+          );
+          return currentUser;
+        }
+      })
+    ],
+    callbacks: {
+      jwt: async ({ token, user }: any) => {
+        if (user) {
+          token.user = user;
+        }
+
+        return token;
+      },
+      async session({ session, token }: any) {
+        session.user = token.user as any;
+        return session;
+      },
+      async redirect({ url, baseUrl }: { url: string; baseUrl: string }) {
+        const headerStore = await headers();
+        const pathname = url.startsWith('/') ? url : url.replace(baseUrl, '');
+        const pathnameWithoutLocale = pathname.replace(
+          urlLocaleMatcherRegex,
+          ''
+        );
+
+        const localeResults = headerStore
+          .get('referer')
+          ?.replace(baseUrl, '')
+          ?.match(urlLocaleMatcherRegex);
+
+        return `${baseUrl}${localeResults?.[0] || ''}${pathnameWithoutLocale}`;
+      }
+    },
+    events: {
+      signIn: () => {
+        logger.debug('Successfully signed in');
+      },
+      signOut: async () => {
+        const cookieStore = await cookies();
+        cookieStore.set('osessionid', '', {
+          path: '/',
+          maxAge: 0
+        });
+        cookieStore.set('sessionid', '', {
+          path: '/',
+          maxAge: 0
+        });
+        logger.debug('Successfully signed out');
+      }
+    },
+    pages: {
+      signIn: ROUTES.AUTH,
+      error: ROUTES.AUTH
+    }
+  };
+};
+
+export const createAuth = (customOptions?: () => Partial<any>) => {
+  const baseConfig = getDefaultAuthConfig();
+  const customConfig = customOptions ? customOptions() : {};
+
+  const mergedConfig = {
+    trustHost: true,
+    ...baseConfig,
+    ...customConfig,
+    providers: [
+      ...baseConfig.providers,
+      ...(customConfig.providers || [])
+    ],
+    callbacks: {
+      ...baseConfig.callbacks,
+      ...customConfig.callbacks
+    },
+    events: {
+      ...baseConfig.events,
+      ...customConfig.events
+    },
+    pages: {
+      ...baseConfig.pages,
+      ...customConfig.pages
+    }
+  };
+
+  return (NextAuth as any)(mergedConfig);
+};
+
+// ============================================================
+// v4 (Pages Router / next-auth v4) — default export for backward compat
+// ============================================================
+
+const defaultNextAuthOptionsV4 = (req: any, res: any) => {
+  return {
+    providers: [
+      Credentials({
+        id: 'oauth',
+        name: 'credentials',
+        credentials: {},
+        authorize: async () => {
           const sessionId = req.cookies['osessionid'];
 
           if (!sessionId) {
@@ -61,7 +355,7 @@ const nextAuthOptions = (req: NextApiRequest, res: NextApiResponse) => {
           return currentUser;
         }
       }),
-      CredentialProvider({
+      Credentials({
         id: 'default',
         name: 'credentials',
         credentials: {
@@ -75,33 +369,50 @@ const nextAuthOptions = (req: NextApiRequest, res: NextApiResponse) => {
           locale: {},
           captchaValidated: {}
         },
-        authorize: async (credentials) => {
-          const headers: HeadersInit = new Headers();
+        authorize: async (credentials: any) => {
+          const reqHeaders: HeadersInit = new Headers();
           const language = Settings.localization.locales.find(
-            (item) => item.value === credentials.locale
+            (item: any) => item.value === credentials.locale
           ).apiValue;
           const userIp = req.headers['x-forwarded-for']?.toString() ?? '';
 
-          headers.set('Content-Type', 'application/json');
-          headers.set('cookie', `${req.headers.cookie}`);
-          headers.set('Accept-Language', `${language}`);
-          headers.set('x-currency', req.cookies['pz-currency'] ?? '');
-          headers.set('x-forwarded-for', userIp);
-          headers.set(
+          reqHeaders.set('Content-Type', 'application/json');
+          reqHeaders.set('cookie', `${req.headers.cookie}`);
+          reqHeaders.set('Accept-Language', `${language}`);
+          reqHeaders.set('x-currency', req.cookies['pz-currency'] ?? '');
+          reqHeaders.set('x-forwarded-for', userIp);
+          reqHeaders.set(
             'x-app-device',
             req.headers['x-app-device']?.toString() ?? ''
           );
 
+          reqHeaders.set('x-frontend-id', req.cookies['pz-frontend-id'] || '');
+
           logger.debug('Trying to login/register', {
             formType: credentials.formType,
             userIp
           });
 
+          const checkCurrentUser = await getCurrentUser(
+            req.cookies['osessionid'] ?? '',
+            req.cookies['pz-currency'] ?? ''
+          );
+
+          if (checkCurrentUser?.pk) {
+            const sessionCookie = reqHeaders
+              .get('cookie')
+              ?.match(/osessionid=\w+/)?.[0]
+              .replace(/osessionid=/, '');
+            if (sessionCookie) {
+              reqHeaders.set('cookie', sessionCookie);
+            }
+          }
+
           const apiRequest = await fetch(
             `${Settings.commerceUrl}${user[credentials.formType]}`,
             {
               method: 'POST',
-              headers,
+              headers: reqHeaders,
               body: JSON.stringify(credentials)
             }
           );
@@ -132,54 +443,36 @@ const nextAuthOptions = (req: NextApiRequest, res: NextApiResponse) => {
           }
 
           if (sessionId) {
-            const maxAge = 30 * 24 * 60 * 60; // 30 days in seconds
-            const cookieOptions = `Path=/; HttpOnly; Secure; Max-Age=${maxAge}`;
+            const maxAge = 30 * 24 * 60 * 60;
+            const { localeUrlStrategy } = Settings.localization;
+
+            const fallbackHost =
+              req.headers['x-forwarded-host']?.toString() ||
+              req.headers.host?.toString();
+            const hostname =
+              process.env.NEXT_PUBLIC_URL || `https://${fallbackHost}`;
+            const rootHostname =
+              localeUrlStrategy === LocaleUrlStrategy.Subdomain
+                ? getRootHostname(hostname)
+                : null;
+            const domainOption = rootHostname ? `Domain=${rootHostname};` : '';
+            const cookieOptions = `Path=/; HttpOnly; Secure; Max-Age=${maxAge}; ${domainOption}`;
 
             res.setHeader('Set-Cookie', [
               `osessionid=${sessionId}; ${cookieOptions}`,
-              `sessionid=${sessionId}; ${cookieOptions}` // required to get 3D redirection form
+              `sessionid=${sessionId}; ${cookieOptions}`
             ]);
           }
 
           if (!response.key) {
-            const errors = [] as AuthError[];
-
-            const fieldErrors = Object.keys(response ?? {})
-              .filter((key) => key !== 'non_field_errors')
-              .map((key) => {
-                return {
-                  name: key,
-                  value: response[key]
-                };
-              });
-
-            if (response.redirect_url?.includes('captcha')) {
-              errors.push({
-                type: 'captcha'
-              });
-
-              logger.debug('Captcha required', {
-                email: credentials.email,
-                formType: credentials.formType
-              });
-            } else if (apiRequest.status === 202) {
-              errors.push({
-                type: 'otp'
-              });
-            } else if (fieldErrors.length) {
-              errors.push({
-                type: 'field_errors',
-                data: fieldErrors
-              });
-            } else if (response.non_field_errors) {
-              errors.push({
-                type: 'non_field_errors',
-                data: response.non_field_errors
-              });
+            const errors = buildFieldErrors(response);
+
+            if (apiRequest.status === 202) {
+              errors.push({ type: 'otp' });
             }
 
             if (errors.length) {
-              throw new Error(JSON.stringify(errors));
+              throwAuthError(errors);
             }
           }
 
@@ -192,14 +485,14 @@ const nextAuthOptions = (req: NextApiRequest, res: NextApiResponse) => {
       })
     ],
     callbacks: {
-      jwt: async ({ token, user }) => {
+      jwt: async ({ token, user }: any) => {
         if (user) {
           token.user = user;
         }
 
         return token;
       },
-      async session({ session, user, token }) {
+      async session({ session, user, token }: any) {
         session.user = token.user as Session['user'];
         return session;
       },
@@ -236,8 +529,36 @@ const nextAuthOptions = (req: NextApiRequest, res: NextApiResponse) => {
   };
 };
 
-const Auth = (req, res) => {
-  return NextAuth(req, res, nextAuthOptions(req, res));
+const Auth = (
+  req: any,
+  res: any,
+  customOptions?: (req: any, res: any) => Partial<any>
+) => {
+  const baseOptions = defaultNextAuthOptionsV4(req, res);
+  const customOptionsResult = customOptions ? customOptions(req, res) : {};
+
+  const mergedOptions = {
+    ...baseOptions,
+    ...customOptionsResult,
+    providers: [
+      ...baseOptions.providers,
+      ...(customOptionsResult.providers || [])
+    ],
+    callbacks: {
+      ...baseOptions.callbacks,
+      ...customOptionsResult.callbacks
+    },
+    events: {
+      ...baseOptions.events,
+      ...customOptionsResult.events
+    },
+    pages: {
+      ...baseOptions.pages,
+      ...customOptionsResult.pages
+    }
+  };
+
+  return (NextAuth as any)(req, res, mergedOptions);
 };
 
 export default Auth;

package/api/barcode-search.ts

@@ -0,0 +1,59 @@
+import { NextRequest, NextResponse } from 'next/server';
+import Settings from 'settings';
+
+export async function GET(request: NextRequest) {
+  try {
+    const { searchParams } = new URL(request.url);
+    const barcode = searchParams.get('search_text');
+
+    if (!barcode) {
+      return NextResponse.json(
+        { error: 'Missing search_text parameter (barcode)' },
+        { status: 400 }
+      );
+    }
+
+    if (Settings.commerceUrl === 'default') {
+      return NextResponse.json(
+        { error: 'Commerce URL is not configured' },
+        { status: 500 }
+      );
+    }
+
+    const queryParams = new URLSearchParams();
+    queryParams.append('search_text', barcode);
+
+    searchParams.forEach((value, key) => {
+      if (key !== 'search_text') {
+        queryParams.append(key, value);
+      }
+    });
+
+    const apiUrl = `${Settings.commerceUrl}/list/?${queryParams.toString()}`;
+
+    const headers: Record<string, string> = {
+      Accept: 'application/json',
+      'Content-Type': 'application/json'
+    };
+
+    const response = await fetch(apiUrl, {
+      method: 'GET',
+      headers
+    });
+
+    if (!response.ok) {
+      return NextResponse.json(
+        { error: `API request failed with status: ${response.status}` },
+        { status: response.status }
+      );
+    }
+
+    const data = await response.json();
+    return NextResponse.json(data);
+  } catch (error) {
+    return NextResponse.json(
+      { error: (error as Error).message },
+      { status: 500 }
+    );
+  }
+}

package/api/cache.ts

@@ -21,20 +21,56 @@ async function handleRequest(...args) {
   }
 
   const formData = await req.formData();
-  const body = {} as { key: string; value?: string; expire?: number };
+  const body = {} as {
+    key: string;
+    value?: string;
+    expire?: number;
+    keyValuePairs?: string;
+    compressed?: string;
+  };
 
   formData.forEach((value, key) => {
     body[key] = value;
   });
 
-  const { key, value, expire } = body;
-  let response: string | boolean;
+  const { key, value, expire, keyValuePairs, compressed } = body;
+  let response: any;
 
   try {
     if (req.method === 'POST') {
-      response = await Cache.get(key);
+      // GET request - check if compressed flag is set
+      if (compressed === 'true') {
+        response = await Cache.getCompressed(key);
+      } else {
+        response = await Cache.get(key);
+      }
     } else if (req.method === 'PUT') {
-      response = await Cache.set(key, value, expire);
+      if (keyValuePairs) {
+        try {
+          const parsedKeyValuePairs = JSON.parse(keyValuePairs);
+          if (
+            typeof parsedKeyValuePairs !== 'object' ||
+            parsedKeyValuePairs === null ||
+            Array.isArray(parsedKeyValuePairs)
+          ) {
+            throw new Error('Invalid keyValuePairs format - must be an object');
+          }
+          response = await Cache.mset(parsedKeyValuePairs, expire);
+        } catch (error) {
+          logger.error('Invalid keyValuePairs in mset request', { error });
+          return NextResponse.json(
+            { error: 'Invalid keyValuePairs format' },
+            { status: 400 }
+          );
+        }
+      } else {
+        // SET request - check if compressed flag is set
+        if (compressed === 'true') {
+          response = await Cache.setCompressed(key, value, expire);
+        } else {
+          response = await Cache.set(key, value, expire);
+        }
+      }
     }
   } catch (error) {
     logger.error(error);