@akinon/projectzero 2.0.0-beta.21 → 2.0.0-beta.22

package/CHANGELOG.md

@@ -1,5 +1,11 @@
 # @akinon/projectzero
 
+## 2.0.0-beta.22
+
+### Patch Changes
+
+- 11eae558: ZERO-4336: Add migrate-auth-v5 codemod for brand projects
+
 ## 2.0.0-beta.21
 
 ## 2.0.0-beta.20

package/app-template/CHANGELOG.md

@@ -1,5 +1,37 @@
 # projectzeronext
 
+## 2.0.0-beta.22
+
+### Patch Changes
+
+- @akinon/next@2.0.0-beta.22
+- @akinon/pz-akifast@2.0.0-beta.22
+- @akinon/pz-apple-pay@2.0.0-beta.22
+- @akinon/pz-b2b@2.0.0-beta.22
+- @akinon/pz-basket-gift-pack@2.0.0-beta.22
+- @akinon/pz-bkm@2.0.0-beta.22
+- @akinon/pz-checkout-gift-pack@2.0.0-beta.22
+- @akinon/pz-click-collect@2.0.0-beta.22
+- @akinon/pz-credit-payment@2.0.0-beta.22
+- @akinon/pz-cybersource-uc@2.0.0-beta.22
+- @akinon/pz-flow-payment@2.0.0-beta.22
+- @akinon/pz-google-pay@2.0.0-beta.22
+- @akinon/pz-gpay@2.0.0-beta.22
+- @akinon/pz-haso@2.0.0-beta.22
+- @akinon/pz-hepsipay@2.0.0-beta.22
+- @akinon/pz-masterpass@2.0.0-beta.22
+- @akinon/pz-masterpass-rest@2.0.0-beta.22
+- @akinon/pz-multi-basket@2.0.0-beta.22
+- @akinon/pz-one-click-checkout@2.0.0-beta.22
+- @akinon/pz-otp@2.0.0-beta.22
+- @akinon/pz-pay-on-delivery@2.0.0-beta.22
+- @akinon/pz-saved-card@2.0.0-beta.22
+- @akinon/pz-similar-products@2.0.0-beta.22
+- @akinon/pz-tabby-extension@2.0.0-beta.22
+- @akinon/pz-tamara-extension@2.0.0-beta.22
+- @akinon/pz-theme@2.0.0-beta.22
+- @akinon/pz-virtual-try-on@2.0.0-beta.22
+
 ## 2.0.0-beta.21
 
 ### Patch Changes

package/app-template/package.json

@@ -1,6 +1,6 @@
 {
   "name": "projectzeronext",
-  "version": "2.0.0-beta.21",
+  "version": "2.0.0-beta.22",
   "private": true,
   "license": "MIT",
   "scripts": {
@@ -24,33 +24,33 @@
     "test:middleware": "jest middleware-matcher.test.ts --bail"
   },
   "dependencies": {
-    "@akinon/next": "2.0.0-beta.21",
-    "@akinon/pz-akifast": "2.0.0-beta.21",
-    "@akinon/pz-apple-pay": "2.0.0-beta.21",
-    "@akinon/pz-b2b": "2.0.0-beta.21",
-    "@akinon/pz-basket-gift-pack": "2.0.0-beta.21",
-    "@akinon/pz-bkm": "2.0.0-beta.21",
-    "@akinon/pz-checkout-gift-pack": "2.0.0-beta.21",
-    "@akinon/pz-click-collect": "2.0.0-beta.21",
-    "@akinon/pz-credit-payment": "2.0.0-beta.21",
-    "@akinon/pz-cybersource-uc": "2.0.0-beta.21",
-    "@akinon/pz-flow-payment": "2.0.0-beta.21",
-    "@akinon/pz-google-pay": "2.0.0-beta.21",
-    "@akinon/pz-gpay": "2.0.0-beta.21",
-    "@akinon/pz-haso": "2.0.0-beta.21",
-    "@akinon/pz-hepsipay": "2.0.0-beta.21",
-    "@akinon/pz-masterpass": "2.0.0-beta.21",
-    "@akinon/pz-masterpass-rest": "2.0.0-beta.21",
-    "@akinon/pz-multi-basket": "2.0.0-beta.21",
-    "@akinon/pz-one-click-checkout": "2.0.0-beta.21",
-    "@akinon/pz-otp": "2.0.0-beta.21",
-    "@akinon/pz-pay-on-delivery": "2.0.0-beta.21",
-    "@akinon/pz-saved-card": "2.0.0-beta.21",
-    "@akinon/pz-similar-products": "2.0.0-beta.21",
-    "@akinon/pz-tabby-extension": "2.0.0-beta.21",
-    "@akinon/pz-tamara-extension": "2.0.0-beta.21",
-    "@akinon/pz-theme": "2.0.0-beta.21",
-    "@akinon/pz-virtual-try-on": "2.0.0-beta.21",
+    "@akinon/next": "2.0.0-beta.22",
+    "@akinon/pz-akifast": "2.0.0-beta.22",
+    "@akinon/pz-apple-pay": "2.0.0-beta.22",
+    "@akinon/pz-b2b": "2.0.0-beta.22",
+    "@akinon/pz-basket-gift-pack": "2.0.0-beta.22",
+    "@akinon/pz-bkm": "2.0.0-beta.22",
+    "@akinon/pz-checkout-gift-pack": "2.0.0-beta.22",
+    "@akinon/pz-click-collect": "2.0.0-beta.22",
+    "@akinon/pz-credit-payment": "2.0.0-beta.22",
+    "@akinon/pz-cybersource-uc": "2.0.0-beta.22",
+    "@akinon/pz-flow-payment": "2.0.0-beta.22",
+    "@akinon/pz-google-pay": "2.0.0-beta.22",
+    "@akinon/pz-gpay": "2.0.0-beta.22",
+    "@akinon/pz-haso": "2.0.0-beta.22",
+    "@akinon/pz-hepsipay": "2.0.0-beta.22",
+    "@akinon/pz-masterpass": "2.0.0-beta.22",
+    "@akinon/pz-masterpass-rest": "2.0.0-beta.22",
+    "@akinon/pz-multi-basket": "2.0.0-beta.22",
+    "@akinon/pz-one-click-checkout": "2.0.0-beta.22",
+    "@akinon/pz-otp": "2.0.0-beta.22",
+    "@akinon/pz-pay-on-delivery": "2.0.0-beta.22",
+    "@akinon/pz-saved-card": "2.0.0-beta.22",
+    "@akinon/pz-similar-products": "2.0.0-beta.22",
+    "@akinon/pz-tabby-extension": "2.0.0-beta.22",
+    "@akinon/pz-tamara-extension": "2.0.0-beta.22",
+    "@akinon/pz-theme": "2.0.0-beta.22",
+    "@akinon/pz-virtual-try-on": "2.0.0-beta.22",
     "@hookform/resolvers": "2.9.0",
     "@next/third-parties": "16.1.6",
     "@react-google-maps/api": "2.17.1",
@@ -73,7 +73,7 @@
     "yup": "0.32.11"
   },
   "devDependencies": {
-    "@akinon/eslint-plugin-projectzero": "2.0.0-beta.21",
+    "@akinon/eslint-plugin-projectzero": "2.0.0-beta.22",
     "@semantic-release/changelog": "6.0.2",
     "@semantic-release/exec": "6.0.3",
     "@semantic-release/git": "10.0.1",

package/codemods/migrate-auth-v5/index.js

@@ -0,0 +1,339 @@
+/**
+ * next-auth v4 -> v5 migration codemod for Project Zero brands.
+ *
+ * Handles two brand patterns:
+ *   Tip A (re-export only): brand's [...nextauth].ts is a 3-line
+ *     `import Auth from '@akinon/next/api/auth'; export default Auth;`
+ *     → fully automated; brand's auth.ts + route.ts are generated.
+ *
+ *   Tip B (custom nextAuthOptions): brand has its own config using
+ *     Pages API req/res. Skeleton is generated and original logic is
+ *     transferred with TODO markers. Manual conversion of req/res to
+ *     cookies()/headers() is required afterwards.
+ *
+ * In both cases, client usage `getServerSession` is rewritten to `auth`
+ * via the sibling `transform.js` jscodeshift script.
+ *
+ * Usage:
+ *   cd <brand-root>
+ *   node <pz-next>/packages/projectzero/codemods/migrate-auth-v5/index.js [--dry-run]
+ *
+ * Or via the projectzero CLI:
+ *   npx @akinon/projectzero codemod --codemod=migrate-auth-v5
+ */
+
+const path = require('path');
+const fs = require('fs');
+const jscodeshift = require('jscodeshift/src/Runner');
+
+const TIP_A_SIZE_LIMIT = 256;
+
+const TIP_A_AUTH_CONTENT = `import { createAuth } from '@akinon/next/api/auth';
+
+export const { handlers, auth, signIn, signOut } = createAuth();
+`;
+
+const ROUTE_CONTENT = `import { handlers } from 'auth';
+
+export const { GET, POST } = handlers;
+`;
+
+const TIP_B_HEADER = `/**
+ * NOTE: This file was generated by \`migrate-auth-v5\`.
+ * It replaces \`src/pages/api/auth/[...nextauth].ts\` which used
+ * the Pages API \`req\`/\`res\` objects that next-auth v5 (App Router)
+ * no longer provides.
+ *
+ * MANUAL MIGRATION STEPS (required before first run):
+ *
+ *   1. \`req.cookies['X']\`
+ *        -> \`(await cookies()).get('X')?.value\`
+ *
+ *   2. \`req.headers['X']\`  or  \`req.headers.X\`
+ *        -> \`(await headers()).get('X') ?? ''\`
+ *
+ *   3. \`res.setHeader('Set-Cookie', ['name=value; Path=/; HttpOnly; ...'])\`
+ *        -> \`(await cookies()).set('name', value, { path: '/', httpOnly: true, secure: true, maxAge })\`
+ *
+ *   4. \`throw new Error(JSON.stringify(errors))\`
+ *        -> \`class PzCredentialsError extends CredentialsSignin { constructor(errs) { super(); this.code = JSON.stringify(errs); } }\`
+ *        -> \`throw new PzCredentialsError(errors)\`
+ *        (Import \`CredentialsSignin\` from \`'next-auth'\`.)
+ *
+ *   5. Each \`authorize\` callback is now \`async\` and no longer receives
+ *      the outer \`req\`/\`res\`. Wrap cookie/header reads in \`await\`.
+ *
+ * Reference implementation (copy the shape as needed):
+ *   packages/akinon-next/api/auth.ts on the pz-next beta branch.
+ *
+ * Search for \`TODO:v5\` markers below for spots that definitely need work.
+ */`;
+
+function log(msg) {
+  const ts = new Date().toISOString().replace('T', ' ').slice(0, 19);
+  console.log(`[${ts}] ${msg}`);
+}
+
+function detectAuthType(cwd) {
+  const oldPath = path.join(cwd, 'src', 'pages', 'api', 'auth', '[...nextauth].ts');
+  if (!fs.existsSync(oldPath)) {
+    return { type: null, oldPath };
+  }
+
+  const stats = fs.statSync(oldPath);
+  const content = fs.readFileSync(oldPath, 'utf-8');
+
+  const isReExport =
+    stats.size < TIP_A_SIZE_LIMIT &&
+    /from\s+['"]@akinon\/next\/api\/auth['"]/.test(content) &&
+    /export\s+default\s+Auth/.test(content);
+
+  return { type: isReExport ? 'A' : 'B', oldPath, content };
+}
+
+function ensureParentDir(filePath, { dryRun }) {
+  const dir = path.dirname(filePath);
+  if (!fs.existsSync(dir)) {
+    if (dryRun) {
+      log(`[DRY] mkdir -p ${dir}`);
+    } else {
+      fs.mkdirSync(dir, { recursive: true });
+    }
+  }
+}
+
+function writeFileSafe(filePath, content, { dryRun }) {
+  ensureParentDir(filePath, { dryRun });
+  if (dryRun) {
+    log(`[DRY] CREATE ${filePath} (${content.length} bytes)`);
+    return;
+  }
+  if (fs.existsSync(filePath)) {
+    log(`  WARN: ${filePath} already exists; overwriting`);
+  }
+  fs.writeFileSync(filePath, content, 'utf-8');
+  log(`  CREATE ${filePath}`);
+}
+
+function deleteFileSafe(filePath, { dryRun }) {
+  if (!fs.existsSync(filePath)) return;
+  if (dryRun) {
+    log(`[DRY] DELETE ${filePath}`);
+    return;
+  }
+  fs.unlinkSync(filePath);
+  log(`  DELETE ${filePath}`);
+}
+
+function cleanupEmptyAuthPagesDir(cwd, { dryRun }) {
+  const authDir = path.join(cwd, 'src', 'pages', 'api', 'auth');
+  if (!fs.existsSync(authDir)) return;
+  const remaining = fs.readdirSync(authDir);
+  if (remaining.length > 0) return;
+  if (dryRun) {
+    log(`[DRY] rmdir ${authDir}`);
+    return;
+  }
+  fs.rmdirSync(authDir);
+  log(`  RMDIR ${authDir}`);
+}
+
+function migrateTipA(cwd, { dryRun, oldPath }) {
+  const authPath = path.join(cwd, 'src', 'auth.ts');
+  const routePath = path.join(
+    cwd,
+    'src',
+    'app',
+    'api',
+    'auth',
+    '[...nextauth]',
+    'route.ts'
+  );
+
+  log(`Tip A migration`);
+  deleteFileSafe(oldPath, { dryRun });
+  writeFileSafe(authPath, TIP_A_AUTH_CONTENT, { dryRun });
+  writeFileSafe(routePath, ROUTE_CONTENT, { dryRun });
+  cleanupEmptyAuthPagesDir(cwd, { dryRun });
+}
+
+function transformTipBSource(original) {
+  let src = original;
+
+  src = src.replace(
+    /import\s*\{\s*NextApiRequest\s*,\s*NextApiResponse\s*\}\s*from\s*['"]next['"];?\s*\n/,
+    ''
+  );
+
+  src = src.replace(
+    /import\s+NextAuth(?:\s*,\s*\{([^}]*)\})?\s+from\s+['"]next-auth['"];?\s*\n/,
+    (_match, typeImports) => {
+      const lines = [
+        `import { createAuth } from '@akinon/next/api/auth';`,
+        `import { cookies, headers } from 'next/headers';`
+      ];
+      if (typeImports && typeImports.trim()) {
+        const cleaned = typeImports
+          .split(',')
+          .map((s) => s.trim())
+          .filter(Boolean)
+          .join(', ');
+        if (cleaned) {
+          lines.push(`import type { ${cleaned} } from 'next-auth';`);
+        }
+      }
+      return lines.join('\n') + '\n';
+    }
+  );
+
+  src = src.replace(
+    /const\s+nextAuthOptions\s*=\s*\(\s*req\s*:\s*NextApiRequest\s*,\s*res\s*:\s*NextApiResponse\s*\)\s*=>\s*\{/,
+    `const getCustomAuthConfig = () => {\n  // TODO:v5 See migration notes at top of file.`
+  );
+
+  src = src.replace(
+    /const\s+nextAuthOptions\s*=\s*\(\s*req\s*,\s*res\s*\)\s*=>\s*\{/,
+    `const getCustomAuthConfig = () => {\n  // TODO:v5 See migration notes at top of file.`
+  );
+
+  src = src.replace(
+    /const\s+Auth\s*=\s*\(\s*req[^)]*\)\s*=>\s*\{\s*return\s+NextAuth\(\s*req\s*,\s*res\s*,\s*nextAuthOptions\(\s*req\s*,\s*res\s*\)\s*\);\s*\};?\s*\n/,
+    ''
+  );
+
+  src = src.replace(
+    /const\s+Auth\s*=\s*\(\s*req[^)]*\)\s*=>\s*NextAuth\([^;]*\);\s*\n/,
+    ''
+  );
+
+  src = src.replace(
+    /export\s+default\s+Auth\s*;?\s*$/m,
+    `export const { handlers, auth, signIn, signOut } = createAuth(getCustomAuthConfig);\n`
+  );
+
+  src = src.replace(
+    /\b(req\.cookies(?:\?\.|\.)[a-zA-Z_$][\w$]*|req\.cookies\[[^\]]+\])/g,
+    '/* TODO:v5 cookies() */ $1'
+  );
+  src = src.replace(
+    /\b(req\.headers(?:\?\.|\.)[a-zA-Z_$][\w$]*|req\.headers\[[^\]]+\])/g,
+    '/* TODO:v5 headers() */ $1'
+  );
+  src = src.replace(
+    /\b(req\.body(?:\?\.|\.)?[a-zA-Z_$]?[\w$]*)/g,
+    '/* TODO:v5 read body via credentials */ $1'
+  );
+  src = src.replace(
+    /\b(res\.[a-zA-Z_$][\w$]*\()/g,
+    '/* TODO:v5 cookies().set */ $1'
+  );
+  src = src.replace(
+    /\bthrow\s+new\s+Error\(JSON\.stringify\(errors\)\)/g,
+    '/* TODO:v5 CredentialsSignin */ throw new Error(JSON.stringify(errors))'
+  );
+
+  return `${TIP_B_HEADER}\n\n${src}`;
+}
+
+function migrateTipB(cwd, { dryRun, oldPath, content }) {
+  const authPath = path.join(cwd, 'src', 'auth.ts');
+  const routePath = path.join(
+    cwd,
+    'src',
+    'app',
+    'api',
+    'auth',
+    '[...nextauth]',
+    'route.ts'
+  );
+
+  log(`Tip B migration (${content.length} bytes to transfer)`);
+
+  const newAuthContent = transformTipBSource(content);
+
+  writeFileSafe(authPath, newAuthContent, { dryRun });
+  writeFileSafe(routePath, ROUTE_CONTENT, { dryRun });
+  deleteFileSafe(oldPath, { dryRun });
+  cleanupEmptyAuthPagesDir(cwd, { dryRun });
+
+  log(`  Manual work left: req/res -> cookies()/headers() conversions inside ${authPath}`);
+  log(`  Grep for 'TODO:v5' to find spots.`);
+}
+
+function runClientTransform(cwd, { dryRun }) {
+  const transformPath = path.resolve(__dirname, 'transform.js');
+  const targets = ['src'].map((d) => path.join(cwd, d)).filter(fs.existsSync);
+  if (targets.length === 0) {
+    log(`No src/ directory found, skipping client transform`);
+    return Promise.resolve();
+  }
+
+  log(`Running client transform (getServerSession -> auth)`);
+
+  return jscodeshift
+    .run(transformPath, targets, {
+      verbose: 0,
+      dry: Boolean(dryRun),
+      print: Boolean(dryRun),
+      extensions: 'ts,tsx',
+      parser: 'tsx',
+      ignorePattern: '**/node_modules/**',
+      silent: true
+    })
+    .then(
+      (stats) => {
+        log(
+          `  Client transform: ${stats.ok} changed, ${stats.nochange} unchanged, ${stats.error} errored`
+        );
+      },
+      (err) => {
+        log(`  Client transform error: ${err.message}`);
+      }
+    );
+}
+
+const transform = () => {
+  const workingDir = path.resolve(process.cwd());
+  const dryRun = process.argv.includes('--dry-run');
+
+  log(
+    `migrate-auth-v5 starting in ${workingDir}${dryRun ? ' (DRY RUN)' : ''}`
+  );
+
+  const detection = detectAuthType(workingDir);
+
+  if (!detection.type) {
+    log(`No src/pages/api/auth/[...nextauth].ts found, nothing to migrate.`);
+    return Promise.resolve();
+  }
+
+  log(`Detected pattern: Tip ${detection.type}`);
+
+  if (detection.type === 'A') {
+    migrateTipA(workingDir, { dryRun, oldPath: detection.oldPath });
+  } else {
+    migrateTipB(workingDir, {
+      dryRun,
+      oldPath: detection.oldPath,
+      content: detection.content
+    });
+  }
+
+  return runClientTransform(workingDir, { dryRun }).then(() => {
+    log(`migrate-auth-v5 done`);
+  });
+};
+
+module.exports = {
+  transform
+};
+
+if (require.main === module) {
+  const result = transform();
+  if (result && typeof result.then === 'function') {
+    result.catch((err) => {
+      console.error(err);
+      process.exit(1);
+    });
+  }
+}

package/codemods/migrate-auth-v5/transform.js

@@ -0,0 +1,86 @@
+/**
+ * jscodeshift transform: client-side next-auth v4 -> v5 migration.
+ *
+ * Converts:
+ *   import { getServerSession } from 'next-auth/next';
+ *   const session = await getServerSession();
+ *
+ * Into:
+ *   import { auth } from 'auth';
+ *   const session = await auth();
+ *
+ * Arguments passed to `getServerSession(authOptions, ...)` are dropped,
+ * since `auth()` needs none when using the root `src/auth.ts` config.
+ */
+
+const AUTH_IMPORT_SOURCES = ['next-auth/next', 'next-auth'];
+
+function transform(fileInfo, api) {
+  const j = api.jscodeshift;
+  const root = j(fileInfo.source);
+  let changed = false;
+
+  AUTH_IMPORT_SOURCES.forEach((sourceValue) => {
+    const imports = root.find(j.ImportDeclaration, {
+      source: { value: sourceValue }
+    });
+
+    imports.forEach((pathNode) => {
+      const specifiers = pathNode.node.specifiers || [];
+      const getServerSessionSpec = specifiers.find(
+        (s) =>
+          s.type === 'ImportSpecifier' &&
+          s.imported &&
+          s.imported.name === 'getServerSession'
+      );
+
+      if (!getServerSessionSpec) {
+        return;
+      }
+
+      const localName = getServerSessionSpec.local
+        ? getServerSessionSpec.local.name
+        : 'getServerSession';
+
+      const otherSpecs = specifiers.filter((s) => s !== getServerSessionSpec);
+
+      if (otherSpecs.length === 0) {
+        pathNode.node.specifiers = [
+          j.importSpecifier(j.identifier('auth'))
+        ];
+        pathNode.node.source = j.literal('auth');
+      } else {
+        pathNode.node.specifiers = otherSpecs;
+        const authImport = j.importDeclaration(
+          [j.importSpecifier(j.identifier('auth'))],
+          j.literal('auth')
+        );
+        pathNode.insertAfter(authImport);
+      }
+
+      root
+        .find(j.CallExpression, { callee: { name: localName } })
+        .forEach((callPath) => {
+          callPath.node.callee = j.identifier('auth');
+          callPath.node.arguments = [];
+        });
+
+      changed = true;
+    });
+  });
+
+  AUTH_IMPORT_SOURCES.forEach((sourceValue) => {
+    root
+      .find(j.ImportDeclaration, { source: { value: sourceValue } })
+      .forEach((pathNode) => {
+        if (!pathNode.node.specifiers || pathNode.node.specifiers.length === 0) {
+          j(pathNode).remove();
+          changed = true;
+        }
+      });
+  });
+
+  return changed ? root.toSource({ quote: 'single' }) : null;
+}
+
+module.exports = transform;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@akinon/projectzero",
-  "version": "2.0.0-beta.21",
+  "version": "2.0.0-beta.22",
   "private": false,
   "description": "CLI tool to manage your Project Zero Next project",
   "bin": {