@akinon/next 2.0.23-rc.0 → 2.0.24-beta.0

package/middlewares/masterpass-rest-callback.ts

@@ -7,111 +7,224 @@ import { getCheckoutPath } from '../utils';
 
 const withMasterpassRestCallback =
   (middleware: NextMiddleware) =>
-    async (req: PzNextRequest, event: NextFetchEvent) => {
-      const url = req.nextUrl.clone();
-      const ip = req.headers.get('x-forwarded-for') ?? '';
-
-      const isMasterpassCompletePage =
-        url.pathname.includes('/orders/checkout') &&
-        url.searchParams.get('page') === 'MasterpassRestCompletePage';
+  async (req: PzNextRequest, event: NextFetchEvent) => {
+    const url = req.nextUrl.clone();
+    const ip = req.headers.get('x-forwarded-for') ?? '';
+    const sessionId = req.cookies.get('osessionid');
+
+    if (!url.pathname.includes('/orders/masterpass-rest-callback')) {
+      return middleware(req, event);
+    }
+
+    if (req.method !== 'POST') {
+      logger.warn('Invalid request method for masterpass REST callback', {
+        middleware: 'masterpass-rest-callback',
+        method: req.method,
+        ip
+      });
+
+      return NextResponse.redirect(
+        `${url.origin}${getUrlPathWithLocale(
+          '/orders/checkout/',
+          req.cookies.get('pz-locale')?.value
+        )}`,
+        303
+      );
+    }
+
+    const responseCode = url.searchParams.get('responseCode');
+    const token = url.searchParams.get('token');
+
+    if (!responseCode || !token) {
+      logger.warn('Missing required parameters for masterpass REST callback', {
+        middleware: 'masterpass-rest-callback',
+        responseCode,
+        token,
+        ip
+      });
+
+      return NextResponse.redirect(
+        `${url.origin}${getUrlPathWithLocale(
+          '/orders/checkout/',
+          req.cookies.get('pz-locale')?.value
+        )}`,
+        303
+      );
+    }
+
+    try {
+      const formData = await req.formData();
+      const body: Record<string, string> = {};
+
+      Array.from(formData.entries()).forEach(([key, value]) => {
+        body[key] = value.toString();
+      });
+
+      if (!sessionId) {
+        logger.warn(
+          'Make sure that the SESSION_COOKIE_SAMESITE environment variable is set to None in Commerce.',
+          {
+            middleware: 'masterpass-rest-callback',
+            ip
+          }
+        );
 
-      if (!isMasterpassCompletePage) {
-        return middleware(req, event);
+        return NextResponse.redirect(
+          `${url.origin}${getUrlPathWithLocale(
+            '/orders/checkout/',
+            req.cookies.get('pz-locale')?.value
+          )}`,
+          303
+        );
       }
 
-      try {
-        const isPostCheckout = req.cookies.get('pz-post-checkout-flow')?.value === 'true';
-        const requestUrl = new URL(getCheckoutPath(isPostCheckout), Settings.commerceUrl);
+      const isPostCheckout = req.cookies.get('pz-post-checkout-flow')?.value === 'true';
+      const requestUrl = new URL(getCheckoutPath(isPostCheckout), Settings.commerceUrl);
+      requestUrl.searchParams.set('page', 'MasterpassRestCompletePage');
+      requestUrl.searchParams.set('responseCode', responseCode);
+      requestUrl.searchParams.set('token', token);
+      requestUrl.searchParams.set(
+        'three_d_secure',
+        body.transactionType?.includes('3D') ? 'true' : 'false'
+      );
+      requestUrl.searchParams.set(
+        'transactionType',
+        body.transactionType || ''
+      );
+
+      const requestHeaders = {
+        'Content-Type': 'application/x-www-form-urlencoded',
+        'X-Requested-With': 'XMLHttpRequest',
+        Cookie: req.headers.get('cookie') ?? '',
+        'x-currency': req.cookies.get('pz-currency')?.value ?? '',
+        'x-forwarded-for': ip,
+        'User-Agent': req.headers.get('user-agent') ?? ''
+      };
+
+      const request = await fetch(requestUrl.toString(), {
+        method: 'POST',
+        headers: requestHeaders,
+        body: new URLSearchParams(body)
+      });
+
+      logger.info('Masterpass REST callback request', {
+        requestUrl: requestUrl.toString(),
+        status: request.status,
+        requestHeaders,
+        ip
+      });
+
+      const response = await request.json();
+
+      const { context_list: contextList, errors } = response;
+
+      let redirectUrl = response.redirect_url;
+
+      if (!redirectUrl && contextList && contextList.length > 0) {
+        for (const context of contextList) {
+          if (context.page_context && context.page_context.redirect_url) {
+            redirectUrl = context.page_context.redirect_url;
+            break;
+          }
+        }
+      }
 
-        url.searchParams.forEach((value, key) => {
-          requestUrl.searchParams.set(key, value);
+      if (errors && Object.keys(errors).length) {
+        logger.error('Error while processing masterpass REST callback', {
+          middleware: 'masterpass-rest-callback',
+          errors,
+          requestHeaders,
+          ip
         });
 
-        const formData = await req.formData();
-        const body: Record<string, string> = {};
-
-        Array.from(formData.entries()).forEach(([key, value]) => {
-          body[key] = value.toString();
-        });
+        const errorResponse = NextResponse.redirect(
+          `${url.origin}${getUrlPathWithLocale(
+            '/orders/checkout/',
+            req.cookies.get('pz-locale')?.value
+          )}`,
+          {
+            status: 303,
+            headers: {
+              'Set-Cookie': `pz-pos-error=${encodeURIComponent(JSON.stringify(errors))}; path=/;`
+            }
+          }
+        );
 
-        const requestHeaders = {
-          'Content-Type': 'application/x-www-form-urlencoded',
-          'X-Requested-With': 'XMLHttpRequest',
-          Cookie: req.headers.get('cookie') ?? '',
-          'x-currency': req.cookies.get('pz-currency')?.value ?? '',
-          'x-forwarded-for': ip,
-          'User-Agent': req.headers.get('user-agent') ?? ''
-        };
-
-        const request = await fetch(requestUrl.toString(), {
-          method: 'POST',
-          headers: requestHeaders,
-          body: new URLSearchParams(body)
+        // Add error cookie
+        errorResponse.cookies.set('pz-pos-error', JSON.stringify(errors), {
+          path: '/'
         });
 
-        const response = await request.json();
-        const { errors } = response;
+        return errorResponse;
+      }
 
-        if (errors && Object.keys(errors).length) {
-          logger.error('Error while processing MasterpassRestCompletePage', {
+      logger.info('Masterpass REST callback response', {
+        middleware: 'masterpass-rest-callback',
+        contextList,
+        redirectUrl,
+        ip
+      });
+
+      if (!redirectUrl) {
+        logger.warn(
+          'No redirection url found in response. Redirecting to checkout page.',
+          {
             middleware: 'masterpass-rest-callback',
-            errors,
+            requestHeaders,
+            response: JSON.stringify(response),
             ip
-          });
-
-          const errorResponse = NextResponse.redirect(
-            `${url.origin}${getUrlPathWithLocale(
-              '/orders/checkout/',
-              req.cookies.get('pz-locale')?.value
-            )}`,
-            303
-          );
-
-          // Add error cookie
-          errorResponse.cookies.set('pz-pos-error', JSON.stringify(errors), {
-            path: '/'
-          });
-
-          return errorResponse;
-        }
-
-        const redirectUrl =
-          response.redirect_url ||
-          response.context_list?.[0]?.page_context?.redirect_url;
-
-        if (redirectUrl) {
-          const nextResponse = NextResponse.redirect(
-            `${url.origin}${getUrlPathWithLocale(redirectUrl, req.cookies.get('pz-locale')?.value)}`,
-            303
-          );
-
-          // Forward set-cookie headers from the upstream response
-          const setCookieHeader = request.headers.get('set-cookie');
-          if (setCookieHeader) {
-            setCookieHeader.split(',').forEach((cookie) => {
-              nextResponse.headers.append('Set-Cookie', cookie.trim());
-            });
           }
+        );
 
-          return nextResponse;
-        }
+        const redirectUrlWithLocale = `${url.origin}${getUrlPathWithLocale(
+          '/orders/checkout/',
+          req.cookies.get('pz-locale')?.value
+        )}`;
 
-        return NextResponse.redirect(
-          `${url.origin}${getUrlPathWithLocale('/orders/checkout/', req.cookies.get('pz-locale')?.value)}`,
-          303
-        );
-      } catch (error) {
-        logger.error('Error while processing MasterpassRestCompletePage', {
-          middleware: 'masterpass-rest-callback',
-          error,
-          ip
-        });
+        return NextResponse.redirect(redirectUrlWithLocale, 303);
+      }
 
-        return NextResponse.redirect(
-          `${url.origin}${getUrlPathWithLocale('/orders/checkout/', req.cookies.get('pz-locale')?.value)}`,
-          303
-        );
+      const redirectUrlWithLocale = `${url.origin}${getUrlPathWithLocale(
+        redirectUrl,
+        req.cookies.get('pz-locale')?.value
+      )}`;
+
+      logger.info('Redirecting after masterpass REST callback', {
+        middleware: 'masterpass-rest-callback',
+        redirectUrl: redirectUrlWithLocale,
+        ip
+      });
+
+      const nextResponse = NextResponse.redirect(redirectUrlWithLocale, 303);
+
+      // Forward set-cookie headers from the upstream response
+      const setCookieHeader = request.headers.get('set-cookie');
+      if (setCookieHeader) {
+        setCookieHeader.split(',').forEach((cookie) => {
+          nextResponse.headers.append('Set-Cookie', cookie.trim());
+        });
       }
-    };
+
+      return nextResponse;
+    } catch (error) {
+      logger.error('Error while processing masterpass REST callback', {
+        middleware: 'masterpass-rest-callback',
+        error,
+        requestHeaders: {
+          Cookie: req.headers.get('cookie') ?? '',
+          'x-currency': req.cookies.get('pz-currency')?.value ?? ''
+        },
+        ip
+      });
+
+      return NextResponse.redirect(
+        `${url.origin}${getUrlPathWithLocale(
+          '/orders/checkout/',
+          req.cookies.get('pz-locale')?.value
+        )}`,
+        303
+      );
+    }
+  };
 
 export default withMasterpassRestCallback;

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@akinon/next",
   "description": "Core package for Project Zero Next",
-  "version": "2.0.23-rc.0",
+  "version": "2.0.24-beta.0",
   "private": false,
   "license": "MIT",
   "bin": {
@@ -36,7 +36,7 @@
     "set-cookie-parser": "2.6.0"
   },
   "devDependencies": {
-    "@akinon/eslint-plugin-projectzero": "2.0.23-rc.0",
+    "@akinon/eslint-plugin-projectzero": "2.0.24-beta.0",
     "@babel/core": "7.26.10",
     "@babel/preset-env": "7.26.9",
     "@babel/preset-typescript": "7.27.0",

package/plugins.d.ts

@@ -37,16 +37,6 @@ declare module '@akinon/pz-cybersource-uc/src/redux/middleware' {
   export default middleware as any;
 }
 
-declare module '@akinon/pz-apple-pay' {}
-
-declare module '@akinon/pz-similar-products' {
-  export const SimilarProductsModal: any;
-  export const SimilarProductsFilterSidebar: any;
-  export const SimilarProductsResultsGrid: any;
-  export const SimilarProductsPlugin: any;
-  export const SimilarProductsButtonPlugin: any;
-}
-
 declare module '@akinon/pz-cybersource-uc/src/redux/reducer' {
   export default reducer as any;
 }

package/plugins.js

@@ -16,7 +16,6 @@ module.exports = [
   'pz-tabby-extension',
   'pz-apple-pay',
   'pz-tamara-extension',
-  'pz-similar-products',
   'pz-cybersource-uc',
   'pz-hepsipay',
   'pz-flow-payment',

package/redux/middlewares/checkout.ts

@@ -26,28 +26,13 @@ import {
 } from '../../redux/reducers/checkout';
 import { RootState, TypedDispatch } from 'redux/store';
 import { checkoutApi } from '../../data/client/checkout';
-import { CheckoutContext, MiddlewareAction, PreOrder } from '../../types';
+import { CheckoutContext, PreOrder } from '../../types';
 import { getCookie } from '../../utils';
 import settings from 'settings';
 import { LocaleUrlStrategy } from '../../localization';
 import { showMobile3dIframe } from '../../utils/mobile-3d-iframe';
 import { showRedirectionIframe } from '../../utils/redirection-iframe';
 
-const IFRAME_REDIRECTION_KEY = 'pz-iframe-redirection-active';
-
-const isIframeRedirectionActive = () =>
-  typeof window !== 'undefined' &&
-  sessionStorage.getItem(IFRAME_REDIRECTION_KEY) === 'true';
-
-const setIframeRedirectionActive = (active: boolean) => {
-  if (typeof window === 'undefined') return;
-  if (active) {
-    sessionStorage.setItem(IFRAME_REDIRECTION_KEY, 'true');
-  } else {
-    sessionStorage.removeItem(IFRAME_REDIRECTION_KEY);
-  }
-};
-
 interface CheckoutResult {
   payload: {
     errors?: Record<string, string[]>;
@@ -84,7 +69,7 @@ export const redirectUrlMiddleware: Middleware = () => {
     const result = next(action) as CheckoutResult;
     const redirectUrl = result?.payload?.redirect_url;
 
-    if (redirectUrl && !isIframeRedirectionActive()) {
+    if (redirectUrl) {
       const currentLocale = getCookie('pz-locale');
 
       let url = redirectUrl;
@@ -114,15 +99,8 @@ export const contextListMiddleware: Middleware = ({
     const { isMobileApp, userPhoneNumber } = getState().root;
     const result = next(action) as CheckoutResult;
     const preOrder = result?.payload?.pre_order;
-    const act = action as MiddlewareAction;
 
     if (result?.payload?.context_list) {
-      const endpointName = act.meta?.arg?.endpointName;
-      const isBinNumberResponse = endpointName === 'setBinNumber';
-      const hasCardTypeInContextList = result.payload.context_list.some(
-        (ctx) => ctx.page_context.card_type
-      );
-
       result.payload.context_list.forEach((context) => {
         const redirectUrl = context.page_context.redirect_url;
         const isIframe = context.page_context.is_iframe ?? false;
@@ -156,7 +134,6 @@ export const contextListMiddleware: Middleware = ({
           if (isMobileDevice && isIframePaymentOptionIncluded) {
             showMobile3dIframe(urlObj.toString());
           } else if (isIframe) {
-            setIframeRedirectionActive(true);
             showRedirectionIframe(urlObj.toString());
           } else {
             window.location.href = urlObj.toString();
@@ -232,34 +209,15 @@ export const contextListMiddleware: Middleware = ({
             (ctx) => ctx.page_name === 'DeliveryOptionSelectionPage'
           )
         ) {
-          const isCreditCardPayment =
-            preOrder?.payment_option?.payment_type === 'credit_card' ||
-            preOrder?.payment_option?.payment_type === 'masterpass';
-
           if (context.page_context.card_type) {
             dispatch(setCardType(context.page_context.card_type));
-          } else if (
-            isCreditCardPayment &&
-            isBinNumberResponse &&
-            !hasCardTypeInContextList
-          ) {
-            dispatch(setCardType(null));
-            dispatch(setInstallmentOptions([]));
           }
 
           if (
             context.page_context.installments &&
             preOrder?.payment_option?.payment_type !== 'masterpass_rest'
           ) {
-            if (
-              !isCreditCardPayment ||
-              context.page_context.card_type ||
-              hasCardTypeInContextList
-            ) {
-              dispatch(
-                setInstallmentOptions(context.page_context.installments)
-              );
-            }
+            dispatch(setInstallmentOptions(context.page_context.installments));
           }
         }
 

package/redux/middlewares/pre-order/installment-option.ts

@@ -14,17 +14,9 @@ export const installmentOptionMiddleware: Middleware = ({
       return result;
     }
 
-    const { installmentOptions, cardType } = getState().checkout;
+    const { installmentOptions } = getState().checkout;
     const { endpoints: apiEndpoints } = checkoutApi;
 
-    const isCreditCardPayment =
-      preOrder?.payment_option?.payment_type === 'credit_card' ||
-      preOrder?.payment_option?.payment_type === 'masterpass';
-
-    if (isCreditCardPayment && !cardType) {
-      return result;
-    }
-
     if (
       !preOrder?.installment &&
       preOrder?.payment_option?.payment_type !== 'saved_card' &&

package/types/index.ts

@@ -85,12 +85,6 @@ export interface Settings {
   };
   usePrettyUrlRoute?: boolean;
   commerceUrl: string;
-  /**
-   * This option allows you to track Sentry events on the client side, in addition to server and edge environments.
-   *
-   * It overrides process.env.NEXT_PUBLIC_SENTRY_DSN and process.env.SENTRY_DSN.
-   */
-  sentryDsn?: string;
   /**
    * CSRF cookie hardening settings.
    *
@@ -242,7 +236,6 @@ export interface Settings {
     separator?: string;
     segments: PzSegmentDefinition[];
   };
-  payloadOptimization?: import('../utils/payload-optimizer').PayloadOptimizationConfig;
 }
 
 export interface CacheOptions {
@@ -302,9 +295,7 @@ export interface PzSegmentsConfig {
 }
 
 // Search params type compatible with both Next.js resolved searchParams and URLSearchParams
-export type SearchParams =
-  | Record<string, string | string[] | undefined>
-  | URLSearchParams;
+export type SearchParams = Record<string, string | string[] | undefined> | URLSearchParams;
 
 // Raw Next 16 server prop shape, used at the middleware/HOC boundary before normalization
 export type RawSearchParams = Record<string, string | string[] | undefined>;
@@ -337,16 +328,14 @@ export interface RootLayoutProps<T = any> extends LayoutProps<T> {
 
 // Async versions for Next.js 16 generateMetadata and internal use
 export interface AsyncPageProps<T = any> {
-  params: Promise<
-    T & {
-      pz?: string;
-      commerce?: string;
-      locale?: string;
-      currency?: string;
-      url?: string;
-      [key: string]: any;
-    }
-  >;
+  params: Promise<T & {
+    pz?: string;
+    commerce?: string;
+    locale?: string;
+    currency?: string;
+    url?: string;
+    [key: string]: any;
+  }>;
   searchParams: Promise<{ [key: string]: string | string[] | undefined }>;
 }
 

package/utils/csrf.ts

@@ -31,7 +31,7 @@ export function getCsrfCookieFlags(): CsrfCookieFlags {
   const httpOnly = isCsrfHttpOnly();
   return {
     httpOnly,
-    secure: process.env.NODE_ENV === 'production',
+    secure: httpOnly && process.env.NODE_ENV === 'production',
     sameSite: 'lax'
   };
 }

package/utils/index.ts

@@ -6,6 +6,7 @@ import getRootHostname from './get-root-hostname';
 export * from './get-currency';
 export * from './menu-generator';
 export * from './generate-commerce-search-params';
+export * from './normalize-search-params';
 export * from './get-currency-label';
 export * from './pz-segments';
 export * from './get-checkout-path';

package/utils/normalize-search-params.ts

@@ -0,0 +1,42 @@
+import { SearchParams } from '../types';
+
+/**
+ * Normalize SearchParams to a plain Record<string, string | string[]>.
+ *
+ * Accepts either a URLSearchParams instance (Next 16 HOC output / v2 brands)
+ * or a plain Record (v1 brands / direct callers) and always returns a plain
+ * object. Downstream code can then safely:
+ *   - JSON.stringify it for stable cache keys (avoids the URLSearchParams
+ *     `JSON.stringify === "{}"` cache collision)
+ *   - iterate with Object.keys / Object.entries (avoids the dropped query
+ *     param bug on the PDP outbound URL builder)
+ *   - spread with { ...obj }
+ *
+ * Repeated keys in URLSearchParams (e.g. ?color=red&color=blue) collapse to
+ * a string[] value so multi-value filter semantics survive.
+ *
+ * Returns undefined when the input is undefined so downstream
+ * `if (searchParams)` guards keep working unchanged.
+ */
+export const normalizeSearchParams = (
+  searchParams?: SearchParams
+): Record<string, string | string[]> | undefined => {
+  if (!searchParams) return undefined;
+
+  if (searchParams instanceof URLSearchParams) {
+    const out: Record<string, string | string[]> = {};
+    for (const key of new Set(searchParams.keys())) {
+      const all = searchParams.getAll(key);
+      out[key] = all.length > 1 ? all : all[0];
+    }
+    return out;
+  }
+
+  // Plain object — drop undefined values so cache key serialization is stable
+  // across calls that omit some keys.
+  const out: Record<string, string | string[]> = {};
+  for (const [key, value] of Object.entries(searchParams)) {
+    if (value !== undefined) out[key] = value;
+  }
+  return out;
+};

package/with-pz-config.js

@@ -69,8 +69,7 @@ const defaultConfig = {
         acc[`@akinon/${plugin}`] = false;
         return acc;
       }, {}),
-      translations: false,
-      '@opentelemetry/exporter-jaeger': false
+      translations: false
     };
     // Ensure webpack can resolve deps from the app's node_modules when
     // compiling transpiled packages (e.g. @akinon/next) whose imports