npm - @blamejs/blamejs-shop - Versions diffs - 0.4.22 → 0.4.24 - Mend

@blamejs/blamejs-shop 0.4.22 → 0.4.24

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (30) hide show

package/CHANGELOG.md +4 -0
package/README.md +6 -1
package/SECURITY.md +13 -0
package/lib/admin.js +1273 -15
package/lib/asset-manifest.json +5 -5
package/lib/checkout.js +70 -0
package/lib/customers.js +53 -0
package/lib/cycle-counting.js +24 -4
package/lib/gift-card-ledger.js +81 -10
package/lib/giftcards.js +88 -0
package/lib/inventory-allocations.js +33 -14
package/lib/inventory-receive.js +116 -20
package/lib/inventory-writeoffs.js +53 -64
package/lib/loyalty-earn-rules.js +117 -0
package/lib/loyalty.js +79 -0
package/lib/newsletter.js +39 -2
package/lib/operator-accounts.js +52 -1
package/lib/operator-audit-log.js +186 -6
package/lib/operator-inbox.js +202 -9
package/lib/order.js +227 -27
package/lib/payment.js +178 -69
package/lib/quotes.js +107 -15
package/lib/referrals.js +71 -0
package/lib/security-middleware.js +27 -1
package/lib/stock-transfers.js +185 -53
package/lib/storefront.js +1088 -129
package/lib/translations.js +1 -0
package/lib/webhook-receiver.js +15 -19
package/lib/wishlist-alerts.js +37 -0
package/package.json +1 -1

package/lib/translations.js CHANGED Viewed

@@ -606,6 +606,7 @@ var CHROME_DEFAULTS = Object.freeze({
   footer_operators_heading: "Your account",
   footer_operators_account: "Account",
   footer_operators_orders:  "Orders",
+  footer_operators_suggestions: "Suggestion box",
   footer_operators_contact: "Contact",
   footer_copy_suffix:  "built on blamejs · Apache 2.0 licensed.",

package/lib/webhook-receiver.js CHANGED Viewed

@@ -104,12 +104,12 @@ var SLUG_RE       = /^[a-z0-9][a-z0-9_\-]{0,63}$/;
 var MAX_HEADER_NAME_LEN = 128;
 var HEADER_NAME_RE      = /^[A-Za-z0-9][A-Za-z0-9_\-]{0,127}$/;
-var MAX_IDEMPOTENCY_KEY_LEN = 256;
-// Idempotency keys are third-party-supplied opaque strings. Conservative
-// alphabet: printable ASCII excluding controls + quote characters that
-// could break a stored-comparison shape. Refuse zero-width / control
-// bytes to defeat downstream visual-spoofing in the dashboard.
-var IDEMPOTENCY_KEY_RE = /^[\x21-\x7e]{1,256}$/;
+// Idempotency keys are third-party-supplied opaque strings. Validation is
+// delegated to the framework's idempotency-key guard (strict profile:
+// ≤256 bytes, ASCII-only) which additionally refuses path-traversal
+// shapes — `/`, `\`, and `..` runs — that the earlier printable-ASCII
+// regex let through. Strict allows a literal space (security-neutral for
+// a stored-comparison key) and does NOT NFC-normalize the input.
 var MAX_OUTCOME_LEN = 280;
 var MAX_REASON_LEN  = 1024;
@@ -228,20 +228,16 @@ function _retry(v) {
 function _idempotencyKey(s) {
   if (s == null) return null;
-  if (typeof s !== "string") {
-    throw new TypeError("webhookReceiver: idempotency_key must be a string when provided");
-  }
-  if (s.length === 0 || s.length > MAX_IDEMPOTENCY_KEY_LEN) {
-    throw new TypeError(
-      "webhookReceiver: idempotency_key must be 1.." + MAX_IDEMPOTENCY_KEY_LEN + " printable ASCII characters"
-    );
+  // The framework guard owns the alphabet + length policy. It refuses
+  // empty keys, control bytes, non-ASCII, over-length, and the
+  // path-traversal shapes (`/`, `\`, `..`) the prior regex admitted.
+  // Translate its structured error to this primitive's TypeError shape
+  // so callers keep a uniform validation-failure surface.
+  try {
+    return b.guardIdempotencyKey.validate(s, { profile: "strict" });
+  } catch (e) {
+    throw new TypeError("webhookReceiver: idempotency_key — " + (e && e.message || "invalid idempotency key"));
   }
-  if (!IDEMPOTENCY_KEY_RE.test(s)) {
-    throw new TypeError(
-      "webhookReceiver: idempotency_key must be printable ASCII (no control / non-ASCII bytes)"
-    );
-  }
-  return s;
 }
 function _eventId(s) {

package/lib/wishlist-alerts.js CHANGED Viewed

@@ -77,6 +77,13 @@
  *       paths don't double-deliver the same restock signal. Without
  *       it, every back_in_stock match fires regardless of stockAlerts
  *       state.
+ *     - emailSuppressions (optional) — when wired, the scanner
+ *       short-circuits sends to addresses on the marketing-scope
+ *       suppression list (hard bounce / spam complaint / unsubscribe)
+ *       and accounts them as `suppressed` without consuming a
+ *       dedupe / weekly-cap slot. These alerts are marketing mail and
+ *       honour the same suppression list every other marketing path
+ *       consults.
  *
  *   Monotonic clock: a per-factory monotonic timestamp ensures that
  *   two alerts written in the same wall-clock millisecond carry
@@ -269,6 +276,16 @@ function create(opts) {
   if (stockAlerts && typeof stockAlerts.isSubscribed !== "function") {
     throw new TypeError("wishlistAlerts.create: opts.stockAlerts must expose isSubscribed when wired");
   }
+  // Marketing suppression list. When wired the scanner short-circuits
+  // sends to addresses that hard-bounced, filed a spam complaint, or
+  // unsubscribed — these price-drop / back-in-stock notices are
+  // marketing-scope mail and must honour the same suppression list every
+  // other marketing path consults. Optional so an operator running only
+  // the cron without the suppression primitive still dispatches.
+  var emailSuppressions = opts.emailSuppressions || null;
+  if (emailSuppressions && typeof emailSuppressions.isSuppressed !== "function") {
+    throw new TypeError("wishlistAlerts.create: opts.emailSuppressions must expose isSuppressed when wired");
+  }
   // Pagination cursor secret — same posture as wishlist.create.
   if (typeof opts.cursorSecret !== "string" || !opts.cursorSecret.length) {
@@ -831,6 +848,7 @@ function create(opts) {
       weekly_cap_reached:           0,
       recent_dedupe:                0,
       no_email:                     0,
+      suppressed:                   0,
       email_dispatch_failed:        0,
       no_baseline_price:            0,
       no_current_price:             0,
@@ -892,6 +910,25 @@ function create(opts) {
           skipped += 1; skippedBy.no_email += 1; continue;
         }
+        // Marketing-suppression short-circuit. A hard-bounced /
+        // spam-complaint / unsubscribed address must not be mailed.
+        // Checked BEFORE the ledger claim so a suppressed customer never
+        // consumes a dedupe / weekly-cap slot for a send that can't
+        // happen — if they later resubscribe the next sweep can deliver.
+        if (emailSuppressions) {
+          var suppressed = false;
+          try {
+            var supView = await emailSuppressions.isSuppressed({
+              email: customerEmail,
+              scope: "marketing",
+            });
+            suppressed = !!(supView && supView.suppressed === true);
+          } catch (_eSup) { suppressed = false; }
+          if (suppressed) {
+            skipped += 1; skippedBy.suppressed += 1; continue;
+          }
+        }
         // Atomic dedupe + weekly-cap CLAIM. The conditional INSERT is the
         // serialization point: two concurrent sweeps can't both pass the
         // dedupe/cap guard and then both write — the loser's INSERT...

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@blamejs/blamejs-shop",
-  "version": "0.4.22",
+  "version": "0.4.24",
   "description": "Open-source framework built on blamejs. Vendored stack, zero npm runtime deps, PQC-first crypto, security-on by default.",
   "main": "lib/index.js",
   "scripts": {