@chevre/domain 21.20.0-alpha.74 → 21.20.0-alpha.76

package/lib/chevre/service/offer/event/authorize.js

@@ -114,7 +114,7 @@ function authorize(params) {
 exports.authorize = authorize;
 function validateCreateRequest(params) {
     return (repos) => __awaiter(this, void 0, void 0, function* () {
-        var _a, _b;
+        var _a, _b, _c;
         const transaction = yield repos.transaction.findInProgressById({
             typeOf: factory.transactionType.PlaceOrder,
             id: params.transaction.id
@@ -122,7 +122,11 @@ function validateCreateRequest(params) {
         if (transaction.agent.id !== params.agent.id) {
             throw new factory.errors.Forbidden('Transaction not yours');
         }
-        if (typeof ((_a = params.object.reservationFor) === null || _a === void 0 ? void 0 : _a.id) !== 'string' || params.object.reservationFor.id.length === 0) {
+        // クライアント検証(2024-02-07~)
+        if (((_a = transaction.object.clientUser) === null || _a === void 0 ? void 0 : _a.client_id) !== params.store.id) {
+            throw new factory.errors.Forbidden('client not match that of the transaction');
+        }
+        if (typeof ((_b = params.object.reservationFor) === null || _b === void 0 ? void 0 : _b.id) !== 'string' || params.object.reservationFor.id.length === 0) {
             throw new factory.errors.ArgumentNull('object.reservationFor.id');
         }
         // イベント取得属性最適化(2023-01-23~)
@@ -130,7 +134,7 @@ function validateCreateRequest(params) {
         const event = yield repos.event.findMinimizedIndividualEventById({
             id: params.object.reservationFor.id
         });
-        let offeredThrough = (_b = event.offers) === null || _b === void 0 ? void 0 : _b.offeredThrough;
+        let offeredThrough = (_c = event.offers) === null || _c === void 0 ? void 0 : _c.offeredThrough;
         if (offeredThrough === undefined) {
             offeredThrough = { typeOf: 'WebAPI', identifier: factory.service.webAPI.Identifier.Chevre };
         }

package/lib/chevre/service/offer/eventServiceByCOA/authorize.d.ts

@@ -38,6 +38,12 @@ export declare function authorize(params: {
     transaction: {
         id: string;
     };
+    store: {
+        /**
+         * 販売アプリケーションID
+         */
+        id: string;
+    };
     result: {
         requestBody: factory.action.authorize.offer.eventService.IRequestBody<WebAPIIdentifier.COA>;
         responseBody: factory.action.authorize.offer.eventService.IResponseBody<WebAPIIdentifier.COA>;

package/lib/chevre/service/offer/eventServiceByCOA/authorize.js

@@ -22,6 +22,7 @@ exports.WebAPIIdentifier = factory.service.webAPI.Identifier;
 function authorize(params) {
     // tslint:disable-next-line:max-func-body-length
     return (repos) => __awaiter(this, void 0, void 0, function* () {
+        var _a;
         const transaction = yield repos.transaction.findInProgressById({
             typeOf: factory.transactionType.PlaceOrder,
             id: params.transaction.id
@@ -29,6 +30,10 @@ function authorize(params) {
         if (transaction.agent.id !== params.agent.id) {
             throw new factory.errors.Forbidden('Transaction not yours');
         }
+        // クライアント検証(2024-02-07~)
+        if (((_a = transaction.object.clientUser) === null || _a === void 0 ? void 0 : _a.client_id) !== params.store.id) {
+            throw new factory.errors.Forbidden('client not match that of the transaction');
+        }
         let screeningEvent;
         let acceptedOffers;
         const pendingTransaction = {

package/lib/chevre/service/payment/creditCard.js

@@ -113,7 +113,7 @@ function authorize(params, paymentServiceId, options) {
 }
 exports.authorize = authorize;
 function processAuthorizeCreditCard(params) {
-    // tslint:disable-next-line:max-func-body-length
+    // tslint:disable-next-line:cyclomatic-complexity max-func-body-length
     return () => __awaiter(this, void 0, void 0, function* () {
         var _a, _b, _c, _d, _e, _f;
         // GMOオーソリ取得
@@ -126,22 +126,12 @@ function processAuthorizeCreditCard(params) {
             useFetch: credentials_1.credentials.gmo.useFetch
         }, { timeout: credentials_1.credentials.gmo.timeout });
         const creditCard = params.object.creditCard;
-        const memberId = creditCard.memberId;
-        const cardSeq = creditCard.cardSeq;
+        const { cardSeq, memberId } = creditCard;
         if (typeof memberId === 'string' && memberId.length > 0 && typeof cardSeq === 'number') {
             // 決済承認時のuseUsernameAsGMOMemberId判定を廃止(2024-01-04~)
-            // 特殊なプロジェクトのみユーザーネームに自動変換(新旧会員互換性維持対応)
-            // memberIdはPersonIDが指定されてくる想定
-            // const useUsernameAsGMOMemberId = params.projectSettings?.useUsernameAsGMOMemberId === true;
-            // if (useUsernameAsGMOMemberId) {
-            //     try {
-            //         const customer = await repos.person.findById({ userId: memberId });
-            //         memberId = await person2username(customer);
-            //     } catch (error) {
-            //         throw error;
-            //     }
-            // }
         }
+        const { cardNo, cardPass, expire } = creditCard;
+        const { token } = creditCard;
         const retUrl = creditCard === null || creditCard === void 0 ? void 0 : creditCard.retUrl;
         // 3DS拡張(2024-01-02~)
         if (params.processPublishPaymentUrl === true && typeof retUrl === 'string' && retUrl.length > 0) {
@@ -171,23 +161,7 @@ function processAuthorizeCreditCard(params) {
                 tds2Type: GMO.utils.util.Tds2Type.Error
             };
             entryTranResult = yield creditCardService.entryTran(entryTranArgs);
-            execTranArgs = {
-                accessId: entryTranResult.accessId,
-                accessPass: entryTranResult.accessPass,
-                orderId: params.orderId,
-                method: params.object.method,
-                siteId: (_a = params.availableChannel.credentials) === null || _a === void 0 ? void 0 : _a.siteId,
-                sitePass: (_b = params.availableChannel.credentials) === null || _b === void 0 ? void 0 : _b.sitePass,
-                cardNo: creditCard.cardNo,
-                cardPass: creditCard.cardPass,
-                expire: creditCard.expire,
-                token: creditCard.token,
-                memberId: memberId,
-                cardSeq: cardSeq,
-                seqMode: GMO.utils.util.SeqMode.Physics,
-                retUrl,
-                callbackType: (params.callbackType3ds === 'GET') ? GMO.utils.util.CallbackType.Get : GMO.utils.util.CallbackType.Post
-            };
+            execTranArgs = Object.assign(Object.assign(Object.assign(Object.assign(Object.assign(Object.assign({ accessId: entryTranResult.accessId, accessPass: entryTranResult.accessPass, orderId: params.orderId, method: params.object.method, siteId: (_a = params.availableChannel.credentials) === null || _a === void 0 ? void 0 : _a.siteId, sitePass: (_b = params.availableChannel.credentials) === null || _b === void 0 ? void 0 : _b.sitePass, seqMode: GMO.utils.util.SeqMode.Physics, retUrl, callbackType: (params.callbackType3ds === 'GET') ? GMO.utils.util.CallbackType.Get : GMO.utils.util.CallbackType.Post }, (typeof cardNo === 'string') ? { cardNo } : undefined), (typeof cardPass === 'string') ? { cardPass } : undefined), (typeof expire === 'string') ? { expire } : undefined), (typeof token === 'string') ? { token } : undefined), (typeof memberId === 'string') ? { memberId } : undefined), (typeof cardSeq === 'number') ? { cardSeq } : undefined);
             execTranResult = yield creditCardService.execTran3ds(execTranArgs);
         }
         else {
@@ -203,21 +177,7 @@ function processAuthorizeCreditCard(params) {
                 sitePass: (_d = params.availableChannel.credentials) === null || _d === void 0 ? void 0 : _d.sitePass
             };
             entryTranResult = yield creditCardService.entryTran(entryTranArgs);
-            execTranArgs = {
-                accessId: entryTranResult.accessId,
-                accessPass: entryTranResult.accessPass,
-                orderId: params.orderId,
-                method: params.object.method,
-                siteId: (_e = params.availableChannel.credentials) === null || _e === void 0 ? void 0 : _e.siteId,
-                sitePass: (_f = params.availableChannel.credentials) === null || _f === void 0 ? void 0 : _f.sitePass,
-                cardNo: creditCard.cardNo,
-                cardPass: creditCard.cardPass,
-                expire: creditCard.expire,
-                token: creditCard.token,
-                memberId: memberId,
-                cardSeq: cardSeq,
-                seqMode: GMO.utils.util.SeqMode.Physics
-            };
+            execTranArgs = Object.assign(Object.assign(Object.assign(Object.assign(Object.assign(Object.assign({ accessId: entryTranResult.accessId, accessPass: entryTranResult.accessPass, orderId: params.orderId, method: params.object.method, siteId: (_e = params.availableChannel.credentials) === null || _e === void 0 ? void 0 : _e.siteId, sitePass: (_f = params.availableChannel.credentials) === null || _f === void 0 ? void 0 : _f.sitePass, seqMode: GMO.utils.util.SeqMode.Physics }, (typeof cardNo === 'string') ? { cardNo } : undefined), (typeof cardPass === 'string') ? { cardPass } : undefined), (typeof expire === 'string') ? { expire } : undefined), (typeof token === 'string') ? { token } : undefined), (typeof memberId === 'string') ? { memberId } : undefined), (typeof cardSeq === 'number') ? { cardSeq } : undefined);
             execTranResult = yield creditCardService.execTran(execTranArgs);
         }
         return { entryTranArgs, entryTranResult, execTranArgs, execTranResult };

package/package.json

@@ -111,5 +111,5 @@
     "postversion": "git push origin --tags",
     "prepublishOnly": "npm run clean && npm run build && npm test && npm run doc"
   },
-  "version": "21.20.0-alpha.74"
+  "version": "21.20.0-alpha.76"
 }