@blamejs/blamejs-shop 0.3.67 → 0.3.69

package/lib/cart.js

@@ -35,6 +35,12 @@ var DEFAULT_TTL_MS  = C.TIME.days(30);
 var MAX_QTY         = 99999;
 var SESSION_ID_RE   = /^[A-Za-z0-9_-]{16,64}$/;   // shape-only; sealed-cookie origin
 var CURRENCY_RE     = /^[A-Z]{3}$/;
+// Discount-code shape — the string a shopper types on the cart page. Same
+// alnum + dot + hyphen + underscore family the autoDiscount unlock_code +
+// couponStacking primitives accept, so the three surfaces agree on what a
+// "code" is. Refuses whitespace + control bytes; caps length.
+var DISCOUNT_CODE_RE = /^[A-Za-z0-9][A-Za-z0-9._-]{0,63}$/;
+var MAX_CODES_PER_CART = 16;
 
 // ---- validators ---------------------------------------------------------
 
@@ -62,6 +68,12 @@ function _status(s) {
     throw new TypeError("cart: status must be one of " + CART_STATUSES.join(", "));
   }
 }
+function _discountCode(s) {
+  if (typeof s !== "string" || !DISCOUNT_CODE_RE.test(s)) {
+    throw new TypeError("cart: discount code must match /^[A-Za-z0-9][A-Za-z0-9._-]*$/ (≤ 64 chars)");
+  }
+  return s;
+}
 
 function _now() { return Date.now(); }
 
@@ -255,6 +267,27 @@ function create(opts) {
           );
         }
       }
+      // Carry the anonymous cart's applied discount codes onto the
+      // surviving cart so a code typed before sign-in isn't silently
+      // dropped on login. A code already on the destination cart wins
+      // (INSERT OR IGNORE against the UNIQUE (cart_id, code_lower)).
+      // Best-effort: the cart_discount_codes table may not be migrated on a
+      // given deploy (the coupon feature is additive), so a missing table
+      // degrades to "codes not carried" rather than failing the whole login
+      // merge — the line merge is the load-bearing part.
+      try {
+        var fromCodes = (await query(
+          "SELECT * FROM cart_discount_codes WHERE cart_id = ?1", [fromCartId],
+        )).rows;
+        for (var ci = 0; ci < fromCodes.length; ci += 1) {
+          var fc = fromCodes[ci];
+          await query(
+            "INSERT OR IGNORE INTO cart_discount_codes (id, cart_id, code, code_lower, rule_slug, applied_at) " +
+            "VALUES (?1, ?2, ?3, ?4, ?5, ?6)",
+            [b.uuid.v7(), toCartId, fc.code, fc.code_lower, fc.rule_slug, ts],
+          );
+        }
+      } catch (_e) { /* cart_discount_codes unmigrated — codes simply don't carry */ }
       await query("UPDATE carts SET status = 'abandoned', updated_at = ?1 WHERE id = ?2", [ts, fromCartId]);
       await query("UPDATE carts SET updated_at = ?1 WHERE id = ?2", [ts, toCartId]);
       return (await query("SELECT * FROM carts WHERE id = ?1", [toCartId])).rows[0];
@@ -283,6 +316,77 @@ function create(opts) {
       if (r.rowCount === 0) return null;
       return (await query("SELECT * FROM carts WHERE id = ?1", [cartId])).rows[0];
     },
+
+    // ---- applied discount codes ---------------------------------------
+    //
+    // A cart carries the discount codes a shopper applied on the cart page.
+    // The codes are stored as typed; `code_lower` is the case-insensitive
+    // key the UNIQUE (cart_id, code_lower) constraint + the rule lookup
+    // both use, so applying the same code twice is idempotent rather than
+    // stacking duplicate rows. These methods own ONLY the storage; the
+    // caller validates a code against the discount engine before applying
+    // (the cart never decides a code is valid — it persists what the
+    // storefront route accepted).
+
+    // Persist an accepted code on the cart. `rule_slug` snapshots which
+    // discount rule the code resolved to at apply time (audit convenience).
+    // Idempotent on (cart_id, code_lower): re-applying refreshes the
+    // snapshot + timestamp rather than erroring. Returns the stored row.
+    addDiscountCode: async function (cartId, code, ruleSlug) {
+      _uuid(cartId, "cart_id");
+      _discountCode(code);
+      var lower = code.toLowerCase();
+      var ts = _now();
+      var existing = (await query(
+        "SELECT id FROM cart_discount_codes WHERE cart_id = ?1 AND code_lower = ?2 LIMIT 1",
+        [cartId, lower],
+      )).rows[0];
+      if (existing) {
+        await query(
+          "UPDATE cart_discount_codes SET code = ?1, rule_slug = ?2, applied_at = ?3 WHERE id = ?4",
+          [code, ruleSlug == null ? null : String(ruleSlug), ts, existing.id],
+        );
+        return { id: existing.id, cart_id: cartId, code: code, code_lower: lower, rule_slug: ruleSlug == null ? null : String(ruleSlug), applied_at: ts };
+      }
+      // Cap the codes a single cart can carry so a scripted apply loop can't
+      // grow the row set unbounded.
+      var countRow = (await query(
+        "SELECT COUNT(*) AS n FROM cart_discount_codes WHERE cart_id = ?1",
+        [cartId],
+      )).rows[0] || {};
+      if ((Number(countRow.n) || 0) >= MAX_CODES_PER_CART) {
+        throw new TypeError("cart.addDiscountCode: cart already carries the maximum of " + MAX_CODES_PER_CART + " codes");
+      }
+      var id = b.uuid.v7();
+      await query(
+        "INSERT INTO cart_discount_codes (id, cart_id, code, code_lower, rule_slug, applied_at) " +
+        "VALUES (?1, ?2, ?3, ?4, ?5, ?6)",
+        [id, cartId, code, lower, ruleSlug == null ? null : String(ruleSlug), ts],
+      );
+      return { id: id, cart_id: cartId, code: code, code_lower: lower, rule_slug: ruleSlug == null ? null : String(ruleSlug), applied_at: ts };
+    },
+
+    // The cart's applied codes, apply order. Returns the stored rows.
+    listDiscountCodes: async function (cartId) {
+      _uuid(cartId, "cart_id");
+      var r = await query(
+        "SELECT * FROM cart_discount_codes WHERE cart_id = ?1 ORDER BY applied_at ASC, id ASC",
+        [cartId],
+      );
+      return r.rows;
+    },
+
+    // Remove one applied code (case-insensitive). Returns true when a row
+    // was removed, false when the code wasn't on the cart.
+    removeDiscountCode: async function (cartId, code) {
+      _uuid(cartId, "cart_id");
+      _discountCode(code);
+      var r = await query(
+        "DELETE FROM cart_discount_codes WHERE cart_id = ?1 AND code_lower = ?2",
+        [cartId, code.toLowerCase()],
+      );
+      return Number(r.rowCount || 0) > 0;
+    },
   };
 }
 

package/lib/checkout.js

@@ -284,7 +284,7 @@ function create(deps) {
   // the subtotal — the order total can therefore never go negative,
   // and a customer can never be charged less than zero or credited
   // more than the cart is worth.
-  async function _resolveAutoDiscount(lines, subtotalMinor, customerId) {
+  async function _resolveAutoDiscount(lines, subtotalMinor, customerId, codes) {
     if (!autoDiscount || typeof autoDiscount.evaluate !== "function") {
       return { discount_minor: 0, applied: [] };
     }
@@ -304,6 +304,10 @@ function create(deps) {
           lines:          evalLines,
         },
         customer_id: customerId || undefined,
+        // Shopper-presented coupon codes unlock code-gated rules. Absent /
+        // empty leaves only the pure-automatic rules in play, so a quote
+        // with no codes is byte-identical to the pre-code behaviour.
+        codes: Array.isArray(codes) && codes.length ? codes : undefined,
       });
       var appliedRaw = res && Array.isArray(res.applied) ? res.applied : [];
       var total   = 0;
@@ -660,7 +664,7 @@ function create(deps) {
     // resolver clamps the result to [0, subtotal] and falls back to 0
     // on any failure, so the total math below is identical to the
     // un-wired flow whenever no rule applies.
-    var autoDisc = await _resolveAutoDiscount(lines, sub.amount_minor, c.customer_id || null);
+    var autoDisc = await _resolveAutoDiscount(lines, sub.amount_minor, c.customer_id || null, input.codes);
 
     var totals = pricing.totals(c, lines, {
       tax_minor:      taxRow.tax_minor,