@betterstore/sdk 0.2.2 → 0.2.3

package/.prettierignore

@@ -1,3 +1,3 @@
-node_modules
-dist
+node_modules
+dist
 pnpm-lock.yaml

package/CHANGELOG.md

@@ -1,5 +1,11 @@
 # @betterstore/sdk
 
+## 0.2.3
+
+### Patch Changes
+
+- cors added to next.js handler
+
 ## 0.2.2
 
 ### Patch Changes

package/LICENSE

@@ -1,21 +1,21 @@
-MIT License
-
-Copyright (c) 2025 Better Store
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
+MIT License
+
+Copyright (c) 2025 Better Store
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/dist/index.d.mts

@@ -204,6 +204,7 @@ declare class Products {
 }
 
 type NextjsRouteConfig = {
+    apiKey?: string;
     productionAllowedOrigins?: string[];
 };
 type BSClient = InstanceType<typeof BetterStore>;

package/dist/index.d.ts

@@ -204,6 +204,7 @@ declare class Products {
 }
 
 type NextjsRouteConfig = {
+    apiKey?: string;
     productionAllowedOrigins?: string[];
 };
 type BSClient = InstanceType<typeof BetterStore>;

package/dist/index.js

@@ -374,13 +374,37 @@ var defaultBetterStoreRoutes = {
     })
   }
 };
+function addCORSHeaders(response, origin, allowedOrigins) {
+  if (origin && allowedOrigins.includes(origin)) {
+    response.headers.set("Access-Control-Allow-Origin", origin);
+  }
+  response.headers.set(
+    "Access-Control-Allow-Methods",
+    "GET, POST, PUT, DELETE, OPTIONS"
+  );
+  response.headers.set(
+    "Access-Control-Allow-Headers",
+    "Content-Type, Authorization"
+  );
+  return response;
+}
 function createNextJSHandler(betterStore, config = {}) {
-  const { productionAllowedOrigins = [] } = config;
+  const { apiKey, productionAllowedOrigins = [] } = config;
   const isProduction = process.env.NODE_ENV === "production";
   function validateRequest(req) {
     return __async(this, null, function* () {
+      if (apiKey) {
+        const authHeader = req.headers.get("Authorization");
+        const providedKey = authHeader == null ? void 0 : authHeader.replace("Bearer ", "");
+        if (!providedKey || providedKey !== apiKey) {
+          return new Response("Unauthorized", {
+            status: 401,
+            headers: { "WWW-Authenticate": "Bearer" }
+          });
+        }
+      }
+      const origin = req.headers.get("origin");
       if (isProduction && productionAllowedOrigins.length > 0) {
-        const origin = req.headers.get("origin");
         if (!origin || !productionAllowedOrigins.includes(origin)) {
           return new Response("Unauthorized", { status: 403 });
         }
@@ -398,52 +422,108 @@ function createNextJSHandler(betterStore, config = {}) {
       return __async(this, null, function* () {
         var _a2;
         const validationError = yield validateRequest(req);
-        if (validationError) return validationError;
+        if (validationError)
+          return addCORSHeaders(
+            validationError,
+            req.headers.get("origin"),
+            productionAllowedOrigins
+          );
         const route = getRouteFromPath(new URL(req.url).pathname);
         const handler = (_a2 = defaultBetterStoreRoutes[route]) == null ? void 0 : _a2.GET;
         if (!handler) {
-          return new Response(`Route not found: ${route}`, { status: 404 });
+          return addCORSHeaders(
+            new Response(`Route not found: ${route}`, { status: 404 }),
+            req.headers.get("origin"),
+            productionAllowedOrigins
+          );
         }
-        return handler(req, betterStore);
+        const response = yield handler(req, betterStore);
+        return addCORSHeaders(
+          response,
+          req.headers.get("origin"),
+          productionAllowedOrigins
+        );
       });
     },
     POST(req) {
       return __async(this, null, function* () {
         var _a2;
         const validationError = yield validateRequest(req);
-        if (validationError) return validationError;
+        if (validationError)
+          return addCORSHeaders(
+            validationError,
+            req.headers.get("origin"),
+            productionAllowedOrigins
+          );
         const route = getRouteFromPath(new URL(req.url).pathname);
         const handler = (_a2 = defaultBetterStoreRoutes[route]) == null ? void 0 : _a2.POST;
         if (!handler) {
-          return new Response(`Route not found: ${route}`, { status: 404 });
+          return addCORSHeaders(
+            new Response(`Route not found: ${route}`, { status: 404 }),
+            req.headers.get("origin"),
+            productionAllowedOrigins
+          );
         }
-        return handler(req, betterStore);
+        const response = yield handler(req, betterStore);
+        return addCORSHeaders(
+          response,
+          req.headers.get("origin"),
+          productionAllowedOrigins
+        );
       });
     },
     PUT(req) {
       return __async(this, null, function* () {
         var _a2;
         const validationError = yield validateRequest(req);
-        if (validationError) return validationError;
+        if (validationError)
+          return addCORSHeaders(
+            validationError,
+            req.headers.get("origin"),
+            productionAllowedOrigins
+          );
         const route = getRouteFromPath(new URL(req.url).pathname);
         const handler = (_a2 = defaultBetterStoreRoutes[route]) == null ? void 0 : _a2.PUT;
         if (!handler) {
-          return new Response(`Route not found: ${route}`, { status: 404 });
+          return addCORSHeaders(
+            new Response(`Route not found: ${route}`, { status: 404 }),
+            req.headers.get("origin"),
+            productionAllowedOrigins
+          );
         }
-        return handler(req, betterStore);
+        const response = yield handler(req, betterStore);
+        return addCORSHeaders(
+          response,
+          req.headers.get("origin"),
+          productionAllowedOrigins
+        );
       });
     },
     DELETE(req) {
       return __async(this, null, function* () {
         var _a2;
         const validationError = yield validateRequest(req);
-        if (validationError) return validationError;
+        if (validationError)
+          return addCORSHeaders(
+            validationError,
+            req.headers.get("origin"),
+            productionAllowedOrigins
+          );
         const route = getRouteFromPath(new URL(req.url).pathname);
         const handler = (_a2 = defaultBetterStoreRoutes[route]) == null ? void 0 : _a2.DELETE;
         if (!handler) {
-          return new Response(`Route not found: ${route}`, { status: 404 });
+          return addCORSHeaders(
+            new Response(`Route not found: ${route}`, { status: 404 }),
+            req.headers.get("origin"),
+            productionAllowedOrigins
+          );
         }
-        return handler(req, betterStore);
+        const response = yield handler(req, betterStore);
+        return addCORSHeaders(
+          response,
+          req.headers.get("origin"),
+          productionAllowedOrigins
+        );
       });
     }
   };

package/dist/index.mjs

@@ -338,13 +338,37 @@ var defaultBetterStoreRoutes = {
     })
   }
 };
+function addCORSHeaders(response, origin, allowedOrigins) {
+  if (origin && allowedOrigins.includes(origin)) {
+    response.headers.set("Access-Control-Allow-Origin", origin);
+  }
+  response.headers.set(
+    "Access-Control-Allow-Methods",
+    "GET, POST, PUT, DELETE, OPTIONS"
+  );
+  response.headers.set(
+    "Access-Control-Allow-Headers",
+    "Content-Type, Authorization"
+  );
+  return response;
+}
 function createNextJSHandler(betterStore, config = {}) {
-  const { productionAllowedOrigins = [] } = config;
+  const { apiKey, productionAllowedOrigins = [] } = config;
   const isProduction = process.env.NODE_ENV === "production";
   function validateRequest(req) {
     return __async(this, null, function* () {
+      if (apiKey) {
+        const authHeader = req.headers.get("Authorization");
+        const providedKey = authHeader == null ? void 0 : authHeader.replace("Bearer ", "");
+        if (!providedKey || providedKey !== apiKey) {
+          return new Response("Unauthorized", {
+            status: 401,
+            headers: { "WWW-Authenticate": "Bearer" }
+          });
+        }
+      }
+      const origin = req.headers.get("origin");
       if (isProduction && productionAllowedOrigins.length > 0) {
-        const origin = req.headers.get("origin");
         if (!origin || !productionAllowedOrigins.includes(origin)) {
           return new Response("Unauthorized", { status: 403 });
         }
@@ -362,52 +386,108 @@ function createNextJSHandler(betterStore, config = {}) {
       return __async(this, null, function* () {
         var _a2;
         const validationError = yield validateRequest(req);
-        if (validationError) return validationError;
+        if (validationError)
+          return addCORSHeaders(
+            validationError,
+            req.headers.get("origin"),
+            productionAllowedOrigins
+          );
         const route = getRouteFromPath(new URL(req.url).pathname);
         const handler = (_a2 = defaultBetterStoreRoutes[route]) == null ? void 0 : _a2.GET;
         if (!handler) {
-          return new Response(`Route not found: ${route}`, { status: 404 });
+          return addCORSHeaders(
+            new Response(`Route not found: ${route}`, { status: 404 }),
+            req.headers.get("origin"),
+            productionAllowedOrigins
+          );
         }
-        return handler(req, betterStore);
+        const response = yield handler(req, betterStore);
+        return addCORSHeaders(
+          response,
+          req.headers.get("origin"),
+          productionAllowedOrigins
+        );
       });
     },
     POST(req) {
       return __async(this, null, function* () {
         var _a2;
         const validationError = yield validateRequest(req);
-        if (validationError) return validationError;
+        if (validationError)
+          return addCORSHeaders(
+            validationError,
+            req.headers.get("origin"),
+            productionAllowedOrigins
+          );
         const route = getRouteFromPath(new URL(req.url).pathname);
         const handler = (_a2 = defaultBetterStoreRoutes[route]) == null ? void 0 : _a2.POST;
         if (!handler) {
-          return new Response(`Route not found: ${route}`, { status: 404 });
+          return addCORSHeaders(
+            new Response(`Route not found: ${route}`, { status: 404 }),
+            req.headers.get("origin"),
+            productionAllowedOrigins
+          );
         }
-        return handler(req, betterStore);
+        const response = yield handler(req, betterStore);
+        return addCORSHeaders(
+          response,
+          req.headers.get("origin"),
+          productionAllowedOrigins
+        );
       });
     },
     PUT(req) {
       return __async(this, null, function* () {
         var _a2;
         const validationError = yield validateRequest(req);
-        if (validationError) return validationError;
+        if (validationError)
+          return addCORSHeaders(
+            validationError,
+            req.headers.get("origin"),
+            productionAllowedOrigins
+          );
         const route = getRouteFromPath(new URL(req.url).pathname);
         const handler = (_a2 = defaultBetterStoreRoutes[route]) == null ? void 0 : _a2.PUT;
         if (!handler) {
-          return new Response(`Route not found: ${route}`, { status: 404 });
+          return addCORSHeaders(
+            new Response(`Route not found: ${route}`, { status: 404 }),
+            req.headers.get("origin"),
+            productionAllowedOrigins
+          );
         }
-        return handler(req, betterStore);
+        const response = yield handler(req, betterStore);
+        return addCORSHeaders(
+          response,
+          req.headers.get("origin"),
+          productionAllowedOrigins
+        );
       });
     },
     DELETE(req) {
       return __async(this, null, function* () {
         var _a2;
         const validationError = yield validateRequest(req);
-        if (validationError) return validationError;
+        if (validationError)
+          return addCORSHeaders(
+            validationError,
+            req.headers.get("origin"),
+            productionAllowedOrigins
+          );
         const route = getRouteFromPath(new URL(req.url).pathname);
         const handler = (_a2 = defaultBetterStoreRoutes[route]) == null ? void 0 : _a2.DELETE;
         if (!handler) {
-          return new Response(`Route not found: ${route}`, { status: 404 });
+          return addCORSHeaders(
+            new Response(`Route not found: ${route}`, { status: 404 }),
+            req.headers.get("origin"),
+            productionAllowedOrigins
+          );
         }
-        return handler(req, betterStore);
+        const response = yield handler(req, betterStore);
+        return addCORSHeaders(
+          response,
+          req.headers.get("origin"),
+          productionAllowedOrigins
+        );
       });
     }
   };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@betterstore/sdk",
-  "version": "0.2.2",
+  "version": "0.2.3",
   "description": "E-commerce for Developers",
   "private": false,
   "publishConfig": {
@@ -9,6 +9,15 @@
   "main": "dist/index.js",
   "module": "dist/index.mjs",
   "types": "dist/index.d.ts",
+  "scripts": {
+    "prepublish": "changeset && changeset version && git add .",
+    "build": "tsup src/index.ts --format cjs,esm --dts",
+    "lint": "tsc",
+    "format:check": "prettier --check --ignore-path .prettierignore .",
+    "format": "prettier --write --ignore-path .prettierignore .",
+    "ci": "pnpm run lint && pnpm run format:check && pnpm run build",
+    "release": "pnpm run ci && changeset publish"
+  },
   "keywords": [
     "betterstore",
     "ecommerce",
@@ -26,14 +35,6 @@
     "typescript": "^5.8.2"
   },
   "dependencies": {
-    "axios": "^1.8.1"
-  },
-  "scripts": {
-    "build": "tsup src/index.ts --format cjs,esm --dts",
-    "lint": "tsc",
-    "format:check": "prettier --check --ignore-path .prettierignore .",
-    "format": "prettier --write --ignore-path .prettierignore .",
-    "ci": "pnpm run lint && pnpm run format:check && pnpm run build",
-    "release": "pnpm run ci && changeset publish"
+    "axios": "^1.8.2"
   }
-}
+}