@blamejs/blamejs-shop 0.1.1 → 0.1.2

package/CHANGELOG.md

@@ -8,6 +8,8 @@ upgrading across more than a few patches at a time.
 
 ## v0.1.x
 
+- v0.1.2 (2026-05-25) — **Apple Pay and Google Pay express checkout.** The pay page now offers one-tap wallet checkout. Stripe's Express Checkout Element renders Apple Pay and Google Pay buttons above the card form on eligible devices, confirming the same PaymentIntent as the card path — so the webhook and order flow are unchanged. To turn the wallets on, the operator registers the shop's web domain with Stripe once via the admin API; Stripe performs Apple merchant validation and hosts the domain-association file, so no Apple Developer account is needed. **Added:** *Wallet buttons on the pay page* — The Stripe Express Checkout Element mounts above the card form and auto-renders Apple Pay / Google Pay (and Link) when the device and the shop's registered domain make them available. It stays hidden until Stripe reports an available wallet, and confirms the existing per-order PaymentIntent — the payment-completion path (webhook → order FSM) is identical to the card flow. · *Payment-method domain registration* — `POST /admin/payment-method-domains` (with `{ "domain_name": "shop.example.com" }`) registers a domain with Stripe to enable the wallets; `GET /admin/payment-method-domains` lists registered domains and their per-method status. The payment adapter gains `registerPaymentMethodDomain` + `listPaymentMethodDomains`. Apex, www, and each subdomain register separately; a live-mode registration also covers sandbox.
+
 - v0.1.1 (2026-05-25) — **Admin setup wizard + a browser-accessible admin console.** The admin is now reachable from a browser, not just the bearer-token JSON API. Sign in once at /admin by pasting the ADMIN_API_KEY and a sealed, /admin-scoped session cookie carries you through the guided setup wizard (shop name, contact email, default currency, support URL — saved to shop config) and the analytics dashboard. The shop name set in the wizard drives the storefront header, page titles, and the admin header. **Added:** *Browser admin sign-in* — `/admin` renders a sign-in form; pasting the ADMIN_API_KEY sets a sealed `shop_admin` session cookie (SameSite=Strict, scoped to /admin) so the rendered admin pages are reachable from a browser. The JSON API stays bearer-only; the dashboard accepts either the cookie or the bearer token. · *Setup wizard* — `/admin/setup` is a guided form for the shop's core identity — name, contact email, default currency, support URL — validated (ISO-4217 currency, RFC-shaped email, http(s) support URL) and saved to shop config. The landing nags until setup is complete; the shop name then drives the storefront and admin headers.
 
 - v0.1.0 (2026-05-25) — **Responsive cart + storefront cookie handling moved onto the framework primitive.** A storefront polish pass. The cart, order-confirmation, and account-history tables now reflow into stacked, labelled cards on phones and fit their column on wider screens — no more inner horizontal scroll. The quantity field reads clearly and accepts up to 99,999. The line actions (Update / Save for later / Remove) are compact with a clear hierarchy. Under the hood, all storefront cookie handling now composes the framework's cookie primitive (RFC 6265 parse/serialize plus vault-sealed read/write) instead of hand-built headers, and a malformed session cookie can no longer turn the cart — or any page that shows the cart count — into a 500. **Changed:** *Quantity field is readable and accepts up to 99,999* — The cart quantity input is wide enough to read a five-digit quantity, and the per-line maximum is raised to 99,999 (enforced on the server). · *Compact, clearly-ranked line actions* — Update is a small accent button, Save for later a quiet secondary, Remove a danger-tinted secondary — so the primary checkout call stays dominant. · *Cookie handling composes the framework primitive* — Session, authentication, WebAuthn-challenge, and payment cookies are all parsed and written through the framework cookie primitive (sealed read/write for the authenticated-session cookie), replacing hand-built Set-Cookie strings and manual header parsing. Cookie lifetimes are expressed through the framework's duration constants. **Fixed:** *Cart tables no longer scroll sideways* — The cart, order-confirmation, and account order-history tables reflow into one labelled card per row below 48rem and are sized to fit their column on wider layouts, so content is never trapped behind an inner horizontal scrollbar. · *Malformed session cookie no longer 500s the storefront* — A `shop_sid` cookie carrying a value that isn't a well-formed session id now reads as "no session" instead of reaching the cart lookup (which rejected it and surfaced a 500 on every page that renders the cart count). · *Account dashboard controls wrap on narrow screens* — The row of account actions (Wishlist / Saved for later / Recently viewed / Addresses / Returns / Sign out) now wraps instead of overflowing the viewport on a phone.

package/README.md

@@ -57,7 +57,7 @@ Every primitive is composed on the vendored blamejs surface — no npm runtime d
 | **`lib/pricing.js`** | Pure-function money math — `lineTotal`, `subtotal`, `totals`, `format`. Multi-currency refused, banker's-style rounding, locale-aware via `Intl.NumberFormat`. |
 | **`lib/tax.js`** | Operator-table adapter. Country / state / postal_prefix → rate_bps. Most-specific-first match, banker's rounding. Pluggable adapter shape for future Stripe Tax / TaxJar / Avalara. |
 | **`lib/shipping.js`** | Operator-table adapter. Services with zones (flat or per-gram + base + min/max), free-over-threshold, `digital_only` flag. |
-| **`lib/payment.js`** | Stripe adapter — verify webhook (HMAC-SHA256 via upstream `b.webhook.verify` alg `hmac-sha256-stripe`), create / retrieve / confirm / cancel PaymentIntent, refund. No `stripe` npm dep — outbound through `b.httpClient` (SSRF-gated, retried, circuit-broken). |
+| **`lib/payment.js`** | Stripe adapter — verify webhook (HMAC-SHA256 via upstream `b.webhook.verify` alg `hmac-sha256-stripe`), create / retrieve / confirm / cancel PaymentIntent, refund, register / list payment-method domains (Apple Pay + Google Pay enablement for the Express Checkout Element). No `stripe` npm dep — outbound through `b.httpClient` (SSRF-gated, retried, circuit-broken). |
 | **`lib/order.js`** | FSM-driven post-checkout record via upstream `b.fsm`. States: pending → paid → fulfilling → shipped → delivered (+ refunded / cancelled). Every transition appends to `order_transitions`. |
 | **`lib/checkout.js`** | Orchestrator. `quote()` returns priced quote; `confirm()` creates PaymentIntent + persists order in pending; `handleStripeEvent()` verifies webhook + fires the FSM transition (idempotent on re-delivery). |
 | **`lib/email.js`** | Transactional templates — order receipt, ship notification, refund confirmation. Strict `{{var}}` renderer with HTML escape + refusal of unknown / unused placeholders. Composed on `b.mail` (DKIM/SPF/DMARC/BIMI upstream). |

package/lib/admin.js

@@ -789,6 +789,31 @@ function mount(router, deps) {
     }));
   }
 
+  // ---- payment-method domains (Apple Pay / Google Pay enablement) -----
+  //
+  // Registering the shop's web domain with Stripe enables the wallet
+  // methods for the Express Checkout Element on the pay page. Stripe
+  // performs Apple merchant validation + hosts the association file, so
+  // there's no Apple Developer account to wire — this is the operator's
+  // one-shot action. Disabled when the payment dep is absent.
+  if (payment) {
+    router.post("/admin/payment-method-domains", W("payment_domain.register", async function (req, res) {
+      var body = req.body || {};
+      var domainName = body.domain_name;
+      var result = await payment.registerPaymentMethodDomain(domainName);
+      _json(res, 201, result);
+      return { id: (result && result.id) || domainName };
+    }));
+
+    router.get("/admin/payment-method-domains", R(async function (req, res) {
+      var url = req.url ? new URL(req.url, "http://localhost") : null;
+      var domainName = url && url.searchParams.get("domain_name");
+      var filter = domainName ? { domain_name: domainName } : {};
+      var result = await payment.listPaymentMethodDomains(filter);
+      _json(res, 200, result);
+    }));
+  }
+
   // ---- webhooks -------------------------------------------------------
 
   var webhooks = deps.webhooks || null;

package/lib/payment.js

@@ -370,6 +370,33 @@ function stripe(opts) {
                           {}, idempotencyKey);
     },
 
+    // Register a web domain so Stripe enables the wallet methods (Apple
+    // Pay / Google Pay / Link / PayPal) for the Express Checkout Element
+    // served from it. Stripe performs Apple merchant validation + hosts
+    // the domain-association file — the operator does not need an Apple
+    // Developer account. Registering in live mode also registers
+    // sandbox. One-shot operator action (admin endpoint). `domainName`
+    // is a bare hostname — apex, www, and subdomains register separately.
+    registerPaymentMethodDomain: function (domainName, idempotencyKey) {
+      if (typeof domainName !== "string" ||
+          !/^[a-z0-9]([a-z0-9-]*[a-z0-9])?(\.[a-z0-9]([a-z0-9-]*[a-z0-9])?)+$/i.test(domainName)) {
+        throw new TypeError("payment.registerPaymentMethodDomain: domainName must be a bare hostname (no scheme / path / port)");
+      }
+      return _stripeCall(opts, "POST", "/payment_method_domains", { domain_name: domainName }, idempotencyKey);
+    },
+
+    // List registered payment-method domains (optionally filtered to one
+    // hostname) with each method's enablement status. Read-only.
+    listPaymentMethodDomains: function (filter) {
+      filter = filter || {};
+      var path = "/payment_method_domains";
+      if (filter.domain_name) {
+        if (typeof filter.domain_name !== "string") throw new TypeError("payment.listPaymentMethodDomains: domain_name must be a string");
+        path += "?domain_name=" + encodeURIComponent(filter.domain_name);
+      }
+      return _stripeCall(opts, "GET", path, null, null);
+    },
+
     refund: function (input, idempotencyKey) {
       if (!input || typeof input !== "object") throw new TypeError("payment.refund: input object required");
       _assertSecret(input.payment_intent, "refund.payment_intent");

package/lib/storefront.js

@@ -1617,6 +1617,10 @@ var PAY_PAGE =
   "    <p class=\"section-head__lede\">Order <code class=\"inline-code\">{{order_id}}</code> · the Stripe Payment Element is mounted below in a same-origin form.</p>\n" +
   "  </header>\n" +
   "  <div class=\"pay-card\">\n" +
+  "    <div id=\"express-checkout\" class=\"pay-card__express\" hidden>\n" +
+  "      <div id=\"express-checkout-element\"></div>\n" +
+  "      <div class=\"pay-card__divider\"><span>or pay with card</span></div>\n" +
+  "    </div>\n" +
   "    <div id=\"payment-element\" class=\"pay-card__element\"></div>\n" +
   "    <button id=\"submit\" type=\"button\" class=\"btn-primary pay-card__submit\">Pay {{grand_total}}</button>\n" +
   "    <p id=\"payment-message\" class=\"pay-card__message\"></p>\n" +
@@ -1626,14 +1630,29 @@ var PAY_PAGE =
   "    (function () {\n" +
   "      var stripe = Stripe({{pk_json}});\n" +
   "      var elements = stripe.elements({ clientSecret: {{client_secret_json}}, appearance: { theme: \"stripe\" } });\n" +
-  "      var paymentElement = elements.create(\"payment\");\n" +
-  "      paymentElement.mount(\"#payment-element\");\n" +
-  "      document.getElementById(\"submit\").addEventListener(\"click\", function () {\n" +
-  "        document.getElementById(\"payment-message\").textContent = \"Processing...\";\n" +
-  "        stripe.confirmPayment({ elements: elements, confirmParams: { return_url: window.location.origin + \"/orders/{{order_id}}\" } }).then(function (result) {\n" +
-  "          if (result.error) { document.getElementById(\"payment-message\").textContent = result.error.message || \"Payment failed.\"; }\n" +
+  "      var returnUrl = window.location.origin + \"/orders/{{order_id}}\";\n" +
+  "      var message = document.getElementById(\"payment-message\");\n" +
+  "      function confirm() {\n" +
+  "        message.textContent = \"Processing...\";\n" +
+  "        return stripe.confirmPayment({ elements: elements, confirmParams: { return_url: returnUrl } }).then(function (result) {\n" +
+  "          if (result.error) { message.textContent = result.error.message || \"Payment failed.\"; }\n" +
   "        });\n" +
+  "      }\n" +
+  "      // Express Checkout Element — renders Apple Pay / Google Pay /\n" +
+  "      // Link wallet buttons when the device + the shop's registered\n" +
+  "      // payment-method domain make them available. It confirms the\n" +
+  "      // same PaymentIntent as the card form, so the webhook + order\n" +
+  "      // FSM are identical. Hidden until Stripe reports an available\n" +
+  "      // wallet so the divider never sits over an empty box.\n" +
+  "      var ece = elements.create(\"expressCheckout\");\n" +
+  "      ece.on(\"ready\", function (ev) {\n" +
+  "        if (ev && ev.availablePaymentMethods) { document.getElementById(\"express-checkout\").hidden = false; }\n" +
   "      });\n" +
+  "      ece.on(\"confirm\", function () { confirm(); });\n" +
+  "      ece.mount(\"#express-checkout-element\");\n" +
+  "      var paymentElement = elements.create(\"payment\");\n" +
+  "      paymentElement.mount(\"#payment-element\");\n" +
+  "      document.getElementById(\"submit\").addEventListener(\"click\", function () { confirm(); });\n" +
   "    })();\n" +
   "  </script>\n" +
   "</section>\n";

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@blamejs/blamejs-shop",
-  "version": "0.1.1",
+  "version": "0.1.2",
   "description": "Open-source framework built on blamejs. Vendored stack, zero npm runtime deps, PQC-first crypto, security-on by default.",
   "main": "lib/index.js",
   "scripts": {