@commercetools-backend/express 22.2.1 → 22.3.0

package/dist/commercetools-backend-express.cjs.dev.js

@@ -62,42 +62,32 @@ const MC_API_PROXY_HEADERS = {
 
 const getHeaderByCaseInsensitiveKey = (headers, headerKey) => {
   var _context;
-
   const matchingHeader = _findInstanceProperty__default["default"](_context = _Object$entries__default["default"](headers)).call(_context, _ref => {
     let _ref2 = _slicedToArray(_ref, 1),
-        key = _ref2[0];
-
+      key = _ref2[0];
     return headerKey.toLowerCase() === key.toLowerCase();
   });
-
   if (matchingHeader && matchingHeader.length > 0) {
     const _matchingHeader = _slicedToArray(matchingHeader, 2),
-          headerValue = _matchingHeader[1];
-
+      headerValue = _matchingHeader[1];
     return _Array$isArray__default["default"](headerValue) ? headerValue[0] : headerValue;
   }
-
   return undefined;
 };
-
 const getFirstHeaderValueOrThrow = (headers, headerKey, errorMessage) => {
   const headerValue = getHeaderByCaseInsensitiveKey(headers, headerKey);
-
   if (!headerValue) {
     throw new Error(errorMessage);
   }
-
   return headerValue;
 };
 
 function ownKeys(object, enumerableOnly) { var keys = _Object$keys__default["default"](object); if (_Object$getOwnPropertySymbols__default["default"]) { var symbols = _Object$getOwnPropertySymbols__default["default"](object); enumerableOnly && (symbols = _filterInstanceProperty__default["default"](symbols).call(symbols, function (sym) { return _Object$getOwnPropertyDescriptor__default["default"](object, sym).enumerable; })), keys.push.apply(keys, symbols); } return keys; }
-
 function _objectSpread(target) { for (var i = 1; i < arguments.length; i++) { var _context3, _context4; var source = null != arguments[i] ? arguments[i] : {}; i % 2 ? _forEachInstanceProperty__default["default"](_context3 = ownKeys(Object(source), !0)).call(_context3, function (key) { _defineProperty(target, key, source[key]); }) : _Object$getOwnPropertyDescriptors__default["default"] ? _Object$defineProperties__default["default"](target, _Object$getOwnPropertyDescriptors__default["default"](source)) : _forEachInstanceProperty__default["default"](_context4 = ownKeys(Object(source))).call(_context4, function (key) { _Object$defineProperty__default["default"](target, key, _Object$getOwnPropertyDescriptor__default["default"](source, key)); }); } return target; }
-const decodedTokenKey = 'decoded_token'; // Assign a session object to the request object.
-
+const decodedTokenKey = 'decoded_token';
+// Assign a session object to the request object.
 const writeSessionContext = request => {
   const decodedToken = request[decodedTokenKey];
-
   if (decodedToken) {
     const publicClaimForProjectKey = "".concat(decodedToken.iss, "/claims/project_key");
     const publicClaimForUserPermissionsKey = "".concat(decodedToken.iss, "/claims/user_permissions");
@@ -106,143 +96,118 @@ const writeSessionContext = request => {
       projectKey: decodedToken[publicClaimForProjectKey]
     };
     const userPermissions = decodedToken[publicClaimForUserPermissionsKey];
-
     if (Boolean(userPermissions === null || userPermissions === void 0 ? void 0 : userPermissions.length)) {
       request.session.userPermissions = userPermissions;
     }
-  } // Remove the field used by the JWT middleware.
-
+  }
 
+  // Remove the field used by the JWT middleware.
   delete request.decoded_token;
-}; // Given a cloud identifier, try to map it to one of the supported
+};
+
+// Given a cloud identifier, try to map it to one of the supported
 // environments and return the MC API URL for that environment.
 // The URL points to the new hostnames.
 // https://docs.commercetools.com/custom-applications/concepts/merchant-center-api#hostnames
-
-
 const mapCloudIdentifierToIssuer = issuer => {
   switch (issuer) {
     case CLOUD_IDENTIFIERS.GCP_AU:
       return MC_API_URLS.GCP_AU;
-
     case CLOUD_IDENTIFIERS.GCP_EU:
       return MC_API_URLS.GCP_EU;
-
     case CLOUD_IDENTIFIERS.GCP_US:
       return MC_API_URLS.GCP_US;
-
     case CLOUD_IDENTIFIERS.AWS_FRA:
       return MC_API_URLS.AWS_FRA;
-
     case CLOUD_IDENTIFIERS.AWS_OHIO:
       return MC_API_URLS.AWS_OHIO;
-
     default:
       return undefined;
   }
-}; // Given a cloud identifier, try to map it to a legacy hostname.
+};
+// Given a cloud identifier, try to map it to a legacy hostname.
 // This is for backwards compatibility.
-
-
 const mapToLegacyIssuer = cloudIdentifier => {
   switch (cloudIdentifier) {
     case CLOUD_IDENTIFIERS.GCP_EU:
       return 'https://mc-api.commercetools.com';
-
     case CLOUD_IDENTIFIERS.GCP_US:
       return 'https://mc-api.commercetools.co';
-
     default:
       return undefined;
   }
-}; // Verifies that the issuer is a valid URL.
-
-
+};
+// Verifies that the issuer is a valid URL.
 const throwIfIssuerIsNotAValidUrl = issuer => {
   try {
     new _URL__default["default"](issuer);
   } catch (error) {
     throw new Error("Invalid issuer URL \"".concat(issuer, "\". Expected a valid URL to the Merchant Center API Gateway, or a cloud identifier to one of the available cloud regions. See https://docs.commercetools.com/custom-applications/concepts/merchant-center-api#hostnames."));
   }
-}; // Validates required option values.
-
-
+};
+// Validates required option values.
 const validateRequiredValues = options => {
   if (!options.audience) {
     throw new Error("Missing required option \"audience\"");
   }
-
   if (!options.issuer) {
     throw new Error("Missing required option \"issuer\"");
   }
-}; // Attempt to parse the given issuer. If the value is a cloud identifier, it will
+};
+// Attempt to parse the given issuer. If the value is a cloud identifier, it will
 // be mapped to one of the supported values. If not, we assume the value is a valid URL.
-
-
 const getConfiguredDefaultIssuer = options => {
   const issuer = mapCloudIdentifierToIssuer(options.issuer);
-
   if (!issuer) {
     throwIfIssuerIsNotAValidUrl(options.issuer);
     return options.issuer;
   }
-
   return issuer;
-}; // Construct the audience from the given option + the request path.
+};
+
+// Construct the audience from the given option + the request path.
 // If the request path is `/`, do not append it to the audience, otherwise
 // the token validation might fail because of mismatching audiences.
-
-
 const getConfiguredAudience = (options, requestPath) => {
   var _context;
-
   // remove the trailing slash
   const url = new _URL__default["default"](_concatInstanceProperty__default["default"](_context = "".concat(options.audience.replace(/\/?$/, ''))).call(_context, requestPath));
-
   switch (options.audiencePolicy) {
     case 'forward-url-origin':
       return url.origin;
-
     default:
       {
         var _context2;
-
         if (requestPath === '/') {
           return url.origin;
         }
-
         return _concatInstanceProperty__default["default"](_context2 = "".concat(url.origin)).call(_context2, url.pathname);
       }
   }
 };
-
 function createSessionAuthVerifier(options) {
   validateRequiredValues(options);
-  const configuredDefaultIssuer = getConfiguredDefaultIssuer(options); // Returns an async HTTP handler.
+  const configuredDefaultIssuer = getConfiguredDefaultIssuer(options);
 
+  // Returns an async HTTP handler.
   return async (request, response) => {
     var _mapCloudIdentifierTo, _request$originalUrl;
-
     // Get the cloud identifier header, forwarded by the `/proxy/forward-to` endpoint.
     const cloudIdentifierHeader = getFirstHeaderValueOrThrow(request.headers, MC_API_PROXY_HEADERS.CLOUD_IDENTIFIER, "Missing \"X-MC-API-Cloud-Identifier\" header.");
-    let issuer = options.inferIssuer && cloudIdentifierHeader ? (_mapCloudIdentifierTo = mapCloudIdentifierToIssuer(cloudIdentifierHeader)) !== null && _mapCloudIdentifierTo !== void 0 ? _mapCloudIdentifierTo : configuredDefaultIssuer : configuredDefaultIssuer; // Get the `Accept-version` header, forwarded by the `/proxy/forward-to` endpoint.
-    // The version should be sent by the client making the request, to use the features of v2.
+    let issuer = options.inferIssuer && cloudIdentifierHeader ? (_mapCloudIdentifierTo = mapCloudIdentifierToIssuer(cloudIdentifierHeader)) !== null && _mapCloudIdentifierTo !== void 0 ? _mapCloudIdentifierTo : configuredDefaultIssuer : configuredDefaultIssuer;
 
+    // Get the `Accept-version` header, forwarded by the `/proxy/forward-to` endpoint.
+    // The version should be sent by the client making the request, to use the features of v2.
     const proxyForwardVersion = getFirstHeaderValueOrThrow(request.headers, MC_API_PROXY_HEADERS.FORWARD_TO_VERSION, "Missing \"X-MC-API-Forward-To-Version\" header.");
-
     if (proxyForwardVersion === 'v1') {
       var _mapToLegacyIssuer;
-
       // Fall back to legacy issuer domains
       issuer = (_mapToLegacyIssuer = mapToLegacyIssuer(cloudIdentifierHeader)) !== null && _mapToLegacyIssuer !== void 0 ? _mapToLegacyIssuer : issuer;
     }
-
     const requestUrlPath = options.getRequestUrl ? options.getRequestUrl(request) : (_request$originalUrl = request.originalUrl) !== null && _request$originalUrl !== void 0 ? _request$originalUrl : request.url;
-
     if (!requestUrlPath || !_startsWithInstanceProperty__default["default"](requestUrlPath).call(requestUrlPath, '/')) {
       throw new Error("Invalid request URI path \"".concat(requestUrlPath, "\". Please make sure that the \"request\" object has either a property \"originalUrl\" or \"url\". If not, you should implement the \"getRequestUrl\" function and make sure to return a valid URI path value starting with \"/\". More info at https://docs.commercetools.com/custom-applications/concepts/integrate-with-your-own-api#validating-the-json-web-token"));
     }
-
     const audience = getConfiguredAudience(options, requestUrlPath);
     return new _Promise__default["default"]((resolve, reject) => {
       expressJwt.expressjwt({
@@ -261,8 +226,8 @@ function createSessionAuthVerifier(options) {
         // Validate the audience and the issuer.
         audience,
         issuer,
-        algorithms: ['RS256'] // @ts-ignore: the middleware expects an Express.js Request/Response objects
-
+        algorithms: ['RS256']
+        // @ts-ignore: the middleware expects an Express.js Request/Response objects
       })(request, response !== null && response !== void 0 ? response : {}, error => {
         if (error) {
           reject(error);

package/dist/commercetools-backend-express.cjs.prod.js

@@ -62,42 +62,32 @@ const MC_API_PROXY_HEADERS = {
 
 const getHeaderByCaseInsensitiveKey = (headers, headerKey) => {
   var _context;
-
   const matchingHeader = _findInstanceProperty__default["default"](_context = _Object$entries__default["default"](headers)).call(_context, _ref => {
     let _ref2 = _slicedToArray(_ref, 1),
-        key = _ref2[0];
-
+      key = _ref2[0];
     return headerKey.toLowerCase() === key.toLowerCase();
   });
-
   if (matchingHeader && matchingHeader.length > 0) {
     const _matchingHeader = _slicedToArray(matchingHeader, 2),
-          headerValue = _matchingHeader[1];
-
+      headerValue = _matchingHeader[1];
     return _Array$isArray__default["default"](headerValue) ? headerValue[0] : headerValue;
   }
-
   return undefined;
 };
-
 const getFirstHeaderValueOrThrow = (headers, headerKey, errorMessage) => {
   const headerValue = getHeaderByCaseInsensitiveKey(headers, headerKey);
-
   if (!headerValue) {
     throw new Error(errorMessage);
   }
-
   return headerValue;
 };
 
 function ownKeys(object, enumerableOnly) { var keys = _Object$keys__default["default"](object); if (_Object$getOwnPropertySymbols__default["default"]) { var symbols = _Object$getOwnPropertySymbols__default["default"](object); enumerableOnly && (symbols = _filterInstanceProperty__default["default"](symbols).call(symbols, function (sym) { return _Object$getOwnPropertyDescriptor__default["default"](object, sym).enumerable; })), keys.push.apply(keys, symbols); } return keys; }
-
 function _objectSpread(target) { for (var i = 1; i < arguments.length; i++) { var _context3, _context4; var source = null != arguments[i] ? arguments[i] : {}; i % 2 ? _forEachInstanceProperty__default["default"](_context3 = ownKeys(Object(source), !0)).call(_context3, function (key) { _defineProperty(target, key, source[key]); }) : _Object$getOwnPropertyDescriptors__default["default"] ? _Object$defineProperties__default["default"](target, _Object$getOwnPropertyDescriptors__default["default"](source)) : _forEachInstanceProperty__default["default"](_context4 = ownKeys(Object(source))).call(_context4, function (key) { _Object$defineProperty__default["default"](target, key, _Object$getOwnPropertyDescriptor__default["default"](source, key)); }); } return target; }
-const decodedTokenKey = 'decoded_token'; // Assign a session object to the request object.
-
+const decodedTokenKey = 'decoded_token';
+// Assign a session object to the request object.
 const writeSessionContext = request => {
   const decodedToken = request[decodedTokenKey];
-
   if (decodedToken) {
     const publicClaimForProjectKey = "".concat(decodedToken.iss, "/claims/project_key");
     const publicClaimForUserPermissionsKey = "".concat(decodedToken.iss, "/claims/user_permissions");
@@ -106,143 +96,118 @@ const writeSessionContext = request => {
       projectKey: decodedToken[publicClaimForProjectKey]
     };
     const userPermissions = decodedToken[publicClaimForUserPermissionsKey];
-
     if (Boolean(userPermissions === null || userPermissions === void 0 ? void 0 : userPermissions.length)) {
       request.session.userPermissions = userPermissions;
     }
-  } // Remove the field used by the JWT middleware.
-
+  }
 
+  // Remove the field used by the JWT middleware.
   delete request.decoded_token;
-}; // Given a cloud identifier, try to map it to one of the supported
+};
+
+// Given a cloud identifier, try to map it to one of the supported
 // environments and return the MC API URL for that environment.
 // The URL points to the new hostnames.
 // https://docs.commercetools.com/custom-applications/concepts/merchant-center-api#hostnames
-
-
 const mapCloudIdentifierToIssuer = issuer => {
   switch (issuer) {
     case CLOUD_IDENTIFIERS.GCP_AU:
       return MC_API_URLS.GCP_AU;
-
     case CLOUD_IDENTIFIERS.GCP_EU:
       return MC_API_URLS.GCP_EU;
-
     case CLOUD_IDENTIFIERS.GCP_US:
       return MC_API_URLS.GCP_US;
-
     case CLOUD_IDENTIFIERS.AWS_FRA:
       return MC_API_URLS.AWS_FRA;
-
     case CLOUD_IDENTIFIERS.AWS_OHIO:
       return MC_API_URLS.AWS_OHIO;
-
     default:
       return undefined;
   }
-}; // Given a cloud identifier, try to map it to a legacy hostname.
+};
+// Given a cloud identifier, try to map it to a legacy hostname.
 // This is for backwards compatibility.
-
-
 const mapToLegacyIssuer = cloudIdentifier => {
   switch (cloudIdentifier) {
     case CLOUD_IDENTIFIERS.GCP_EU:
       return 'https://mc-api.commercetools.com';
-
     case CLOUD_IDENTIFIERS.GCP_US:
       return 'https://mc-api.commercetools.co';
-
     default:
       return undefined;
   }
-}; // Verifies that the issuer is a valid URL.
-
-
+};
+// Verifies that the issuer is a valid URL.
 const throwIfIssuerIsNotAValidUrl = issuer => {
   try {
     new _URL__default["default"](issuer);
   } catch (error) {
     throw new Error("Invalid issuer URL \"".concat(issuer, "\". Expected a valid URL to the Merchant Center API Gateway, or a cloud identifier to one of the available cloud regions. See https://docs.commercetools.com/custom-applications/concepts/merchant-center-api#hostnames."));
   }
-}; // Validates required option values.
-
-
+};
+// Validates required option values.
 const validateRequiredValues = options => {
   if (!options.audience) {
     throw new Error("Missing required option \"audience\"");
   }
-
   if (!options.issuer) {
     throw new Error("Missing required option \"issuer\"");
   }
-}; // Attempt to parse the given issuer. If the value is a cloud identifier, it will
+};
+// Attempt to parse the given issuer. If the value is a cloud identifier, it will
 // be mapped to one of the supported values. If not, we assume the value is a valid URL.
-
-
 const getConfiguredDefaultIssuer = options => {
   const issuer = mapCloudIdentifierToIssuer(options.issuer);
-
   if (!issuer) {
     throwIfIssuerIsNotAValidUrl(options.issuer);
     return options.issuer;
   }
-
   return issuer;
-}; // Construct the audience from the given option + the request path.
+};
+
+// Construct the audience from the given option + the request path.
 // If the request path is `/`, do not append it to the audience, otherwise
 // the token validation might fail because of mismatching audiences.
-
-
 const getConfiguredAudience = (options, requestPath) => {
   var _context;
-
   // remove the trailing slash
   const url = new _URL__default["default"](_concatInstanceProperty__default["default"](_context = "".concat(options.audience.replace(/\/?$/, ''))).call(_context, requestPath));
-
   switch (options.audiencePolicy) {
     case 'forward-url-origin':
       return url.origin;
-
     default:
       {
         var _context2;
-
         if (requestPath === '/') {
           return url.origin;
         }
-
         return _concatInstanceProperty__default["default"](_context2 = "".concat(url.origin)).call(_context2, url.pathname);
       }
   }
 };
-
 function createSessionAuthVerifier(options) {
   validateRequiredValues(options);
-  const configuredDefaultIssuer = getConfiguredDefaultIssuer(options); // Returns an async HTTP handler.
+  const configuredDefaultIssuer = getConfiguredDefaultIssuer(options);
 
+  // Returns an async HTTP handler.
   return async (request, response) => {
     var _mapCloudIdentifierTo, _request$originalUrl;
-
     // Get the cloud identifier header, forwarded by the `/proxy/forward-to` endpoint.
     const cloudIdentifierHeader = getFirstHeaderValueOrThrow(request.headers, MC_API_PROXY_HEADERS.CLOUD_IDENTIFIER, "Missing \"X-MC-API-Cloud-Identifier\" header.");
-    let issuer = options.inferIssuer && cloudIdentifierHeader ? (_mapCloudIdentifierTo = mapCloudIdentifierToIssuer(cloudIdentifierHeader)) !== null && _mapCloudIdentifierTo !== void 0 ? _mapCloudIdentifierTo : configuredDefaultIssuer : configuredDefaultIssuer; // Get the `Accept-version` header, forwarded by the `/proxy/forward-to` endpoint.
-    // The version should be sent by the client making the request, to use the features of v2.
+    let issuer = options.inferIssuer && cloudIdentifierHeader ? (_mapCloudIdentifierTo = mapCloudIdentifierToIssuer(cloudIdentifierHeader)) !== null && _mapCloudIdentifierTo !== void 0 ? _mapCloudIdentifierTo : configuredDefaultIssuer : configuredDefaultIssuer;
 
+    // Get the `Accept-version` header, forwarded by the `/proxy/forward-to` endpoint.
+    // The version should be sent by the client making the request, to use the features of v2.
     const proxyForwardVersion = getFirstHeaderValueOrThrow(request.headers, MC_API_PROXY_HEADERS.FORWARD_TO_VERSION, "Missing \"X-MC-API-Forward-To-Version\" header.");
-
     if (proxyForwardVersion === 'v1') {
       var _mapToLegacyIssuer;
-
       // Fall back to legacy issuer domains
       issuer = (_mapToLegacyIssuer = mapToLegacyIssuer(cloudIdentifierHeader)) !== null && _mapToLegacyIssuer !== void 0 ? _mapToLegacyIssuer : issuer;
     }
-
     const requestUrlPath = options.getRequestUrl ? options.getRequestUrl(request) : (_request$originalUrl = request.originalUrl) !== null && _request$originalUrl !== void 0 ? _request$originalUrl : request.url;
-
     if (!requestUrlPath || !_startsWithInstanceProperty__default["default"](requestUrlPath).call(requestUrlPath, '/')) {
       throw new Error("Invalid request URI path \"".concat(requestUrlPath, "\". Please make sure that the \"request\" object has either a property \"originalUrl\" or \"url\". If not, you should implement the \"getRequestUrl\" function and make sure to return a valid URI path value starting with \"/\". More info at https://docs.commercetools.com/custom-applications/concepts/integrate-with-your-own-api#validating-the-json-web-token"));
     }
-
     const audience = getConfiguredAudience(options, requestUrlPath);
     return new _Promise__default["default"]((resolve, reject) => {
       expressJwt.expressjwt({
@@ -261,8 +226,8 @@ function createSessionAuthVerifier(options) {
         // Validate the audience and the issuer.
         audience,
         issuer,
-        algorithms: ['RS256'] // @ts-ignore: the middleware expects an Express.js Request/Response objects
-
+        algorithms: ['RS256']
+        // @ts-ignore: the middleware expects an Express.js Request/Response objects
       })(request, response !== null && response !== void 0 ? response : {}, error => {
         if (error) {
           reject(error);

package/dist/commercetools-backend-express.esm.js

@@ -39,42 +39,32 @@ const MC_API_PROXY_HEADERS = {
 
 const getHeaderByCaseInsensitiveKey = (headers, headerKey) => {
   var _context;
-
   const matchingHeader = _findInstanceProperty(_context = _Object$entries(headers)).call(_context, _ref => {
     let _ref2 = _slicedToArray(_ref, 1),
-        key = _ref2[0];
-
+      key = _ref2[0];
     return headerKey.toLowerCase() === key.toLowerCase();
   });
-
   if (matchingHeader && matchingHeader.length > 0) {
     const _matchingHeader = _slicedToArray(matchingHeader, 2),
-          headerValue = _matchingHeader[1];
-
+      headerValue = _matchingHeader[1];
     return _Array$isArray(headerValue) ? headerValue[0] : headerValue;
   }
-
   return undefined;
 };
-
 const getFirstHeaderValueOrThrow = (headers, headerKey, errorMessage) => {
   const headerValue = getHeaderByCaseInsensitiveKey(headers, headerKey);
-
   if (!headerValue) {
     throw new Error(errorMessage);
   }
-
   return headerValue;
 };
 
 function ownKeys(object, enumerableOnly) { var keys = _Object$keys(object); if (_Object$getOwnPropertySymbols) { var symbols = _Object$getOwnPropertySymbols(object); enumerableOnly && (symbols = _filterInstanceProperty(symbols).call(symbols, function (sym) { return _Object$getOwnPropertyDescriptor(object, sym).enumerable; })), keys.push.apply(keys, symbols); } return keys; }
-
 function _objectSpread(target) { for (var i = 1; i < arguments.length; i++) { var _context3, _context4; var source = null != arguments[i] ? arguments[i] : {}; i % 2 ? _forEachInstanceProperty(_context3 = ownKeys(Object(source), !0)).call(_context3, function (key) { _defineProperty(target, key, source[key]); }) : _Object$getOwnPropertyDescriptors ? _Object$defineProperties(target, _Object$getOwnPropertyDescriptors(source)) : _forEachInstanceProperty(_context4 = ownKeys(Object(source))).call(_context4, function (key) { _Object$defineProperty(target, key, _Object$getOwnPropertyDescriptor(source, key)); }); } return target; }
-const decodedTokenKey = 'decoded_token'; // Assign a session object to the request object.
-
+const decodedTokenKey = 'decoded_token';
+// Assign a session object to the request object.
 const writeSessionContext = request => {
   const decodedToken = request[decodedTokenKey];
-
   if (decodedToken) {
     const publicClaimForProjectKey = "".concat(decodedToken.iss, "/claims/project_key");
     const publicClaimForUserPermissionsKey = "".concat(decodedToken.iss, "/claims/user_permissions");
@@ -83,143 +73,118 @@ const writeSessionContext = request => {
       projectKey: decodedToken[publicClaimForProjectKey]
     };
     const userPermissions = decodedToken[publicClaimForUserPermissionsKey];
-
     if (Boolean(userPermissions === null || userPermissions === void 0 ? void 0 : userPermissions.length)) {
       request.session.userPermissions = userPermissions;
     }
-  } // Remove the field used by the JWT middleware.
-
+  }
 
+  // Remove the field used by the JWT middleware.
   delete request.decoded_token;
-}; // Given a cloud identifier, try to map it to one of the supported
+};
+
+// Given a cloud identifier, try to map it to one of the supported
 // environments and return the MC API URL for that environment.
 // The URL points to the new hostnames.
 // https://docs.commercetools.com/custom-applications/concepts/merchant-center-api#hostnames
-
-
 const mapCloudIdentifierToIssuer = issuer => {
   switch (issuer) {
     case CLOUD_IDENTIFIERS.GCP_AU:
       return MC_API_URLS.GCP_AU;
-
     case CLOUD_IDENTIFIERS.GCP_EU:
       return MC_API_URLS.GCP_EU;
-
     case CLOUD_IDENTIFIERS.GCP_US:
       return MC_API_URLS.GCP_US;
-
     case CLOUD_IDENTIFIERS.AWS_FRA:
       return MC_API_URLS.AWS_FRA;
-
     case CLOUD_IDENTIFIERS.AWS_OHIO:
       return MC_API_URLS.AWS_OHIO;
-
     default:
       return undefined;
   }
-}; // Given a cloud identifier, try to map it to a legacy hostname.
+};
+// Given a cloud identifier, try to map it to a legacy hostname.
 // This is for backwards compatibility.
-
-
 const mapToLegacyIssuer = cloudIdentifier => {
   switch (cloudIdentifier) {
     case CLOUD_IDENTIFIERS.GCP_EU:
       return 'https://mc-api.commercetools.com';
-
     case CLOUD_IDENTIFIERS.GCP_US:
       return 'https://mc-api.commercetools.co';
-
     default:
       return undefined;
   }
-}; // Verifies that the issuer is a valid URL.
-
-
+};
+// Verifies that the issuer is a valid URL.
 const throwIfIssuerIsNotAValidUrl = issuer => {
   try {
     new _URL(issuer);
   } catch (error) {
     throw new Error("Invalid issuer URL \"".concat(issuer, "\". Expected a valid URL to the Merchant Center API Gateway, or a cloud identifier to one of the available cloud regions. See https://docs.commercetools.com/custom-applications/concepts/merchant-center-api#hostnames."));
   }
-}; // Validates required option values.
-
-
+};
+// Validates required option values.
 const validateRequiredValues = options => {
   if (!options.audience) {
     throw new Error("Missing required option \"audience\"");
   }
-
   if (!options.issuer) {
     throw new Error("Missing required option \"issuer\"");
   }
-}; // Attempt to parse the given issuer. If the value is a cloud identifier, it will
+};
+// Attempt to parse the given issuer. If the value is a cloud identifier, it will
 // be mapped to one of the supported values. If not, we assume the value is a valid URL.
-
-
 const getConfiguredDefaultIssuer = options => {
   const issuer = mapCloudIdentifierToIssuer(options.issuer);
-
   if (!issuer) {
     throwIfIssuerIsNotAValidUrl(options.issuer);
     return options.issuer;
   }
-
   return issuer;
-}; // Construct the audience from the given option + the request path.
+};
+
+// Construct the audience from the given option + the request path.
 // If the request path is `/`, do not append it to the audience, otherwise
 // the token validation might fail because of mismatching audiences.
-
-
 const getConfiguredAudience = (options, requestPath) => {
   var _context;
-
   // remove the trailing slash
   const url = new _URL(_concatInstanceProperty(_context = "".concat(options.audience.replace(/\/?$/, ''))).call(_context, requestPath));
-
   switch (options.audiencePolicy) {
     case 'forward-url-origin':
       return url.origin;
-
     default:
       {
         var _context2;
-
         if (requestPath === '/') {
           return url.origin;
         }
-
         return _concatInstanceProperty(_context2 = "".concat(url.origin)).call(_context2, url.pathname);
       }
   }
 };
-
 function createSessionAuthVerifier(options) {
   validateRequiredValues(options);
-  const configuredDefaultIssuer = getConfiguredDefaultIssuer(options); // Returns an async HTTP handler.
+  const configuredDefaultIssuer = getConfiguredDefaultIssuer(options);
 
+  // Returns an async HTTP handler.
   return async (request, response) => {
     var _mapCloudIdentifierTo, _request$originalUrl;
-
     // Get the cloud identifier header, forwarded by the `/proxy/forward-to` endpoint.
     const cloudIdentifierHeader = getFirstHeaderValueOrThrow(request.headers, MC_API_PROXY_HEADERS.CLOUD_IDENTIFIER, "Missing \"X-MC-API-Cloud-Identifier\" header.");
-    let issuer = options.inferIssuer && cloudIdentifierHeader ? (_mapCloudIdentifierTo = mapCloudIdentifierToIssuer(cloudIdentifierHeader)) !== null && _mapCloudIdentifierTo !== void 0 ? _mapCloudIdentifierTo : configuredDefaultIssuer : configuredDefaultIssuer; // Get the `Accept-version` header, forwarded by the `/proxy/forward-to` endpoint.
-    // The version should be sent by the client making the request, to use the features of v2.
+    let issuer = options.inferIssuer && cloudIdentifierHeader ? (_mapCloudIdentifierTo = mapCloudIdentifierToIssuer(cloudIdentifierHeader)) !== null && _mapCloudIdentifierTo !== void 0 ? _mapCloudIdentifierTo : configuredDefaultIssuer : configuredDefaultIssuer;
 
+    // Get the `Accept-version` header, forwarded by the `/proxy/forward-to` endpoint.
+    // The version should be sent by the client making the request, to use the features of v2.
     const proxyForwardVersion = getFirstHeaderValueOrThrow(request.headers, MC_API_PROXY_HEADERS.FORWARD_TO_VERSION, "Missing \"X-MC-API-Forward-To-Version\" header.");
-
     if (proxyForwardVersion === 'v1') {
       var _mapToLegacyIssuer;
-
       // Fall back to legacy issuer domains
       issuer = (_mapToLegacyIssuer = mapToLegacyIssuer(cloudIdentifierHeader)) !== null && _mapToLegacyIssuer !== void 0 ? _mapToLegacyIssuer : issuer;
     }
-
     const requestUrlPath = options.getRequestUrl ? options.getRequestUrl(request) : (_request$originalUrl = request.originalUrl) !== null && _request$originalUrl !== void 0 ? _request$originalUrl : request.url;
-
     if (!requestUrlPath || !_startsWithInstanceProperty(requestUrlPath).call(requestUrlPath, '/')) {
       throw new Error("Invalid request URI path \"".concat(requestUrlPath, "\". Please make sure that the \"request\" object has either a property \"originalUrl\" or \"url\". If not, you should implement the \"getRequestUrl\" function and make sure to return a valid URI path value starting with \"/\". More info at https://docs.commercetools.com/custom-applications/concepts/integrate-with-your-own-api#validating-the-json-web-token"));
     }
-
     const audience = getConfiguredAudience(options, requestUrlPath);
     return new _Promise((resolve, reject) => {
       expressjwt({
@@ -238,8 +203,8 @@ function createSessionAuthVerifier(options) {
         // Validate the audience and the issuer.
         audience,
         issuer,
-        algorithms: ['RS256'] // @ts-ignore: the middleware expects an Express.js Request/Response objects
-
+        algorithms: ['RS256']
+        // @ts-ignore: the middleware expects an Express.js Request/Response objects
       })(request, response !== null && response !== void 0 ? response : {}, error => {
         if (error) {
           reject(error);

package/dist/declarations/src/auth.d.ts

@@ -4,10 +4,10 @@ type TDecodedJWT = {
     iss: string;
     [property: string]: string | string[];
 };
-declare const writeSessionContext: <Request_1 extends TBaseRequest>(request: Request_1 & {
+declare const writeSessionContext: <Request extends TBaseRequest>(request: Request & {
     decoded_token?: TDecodedJWT | undefined;
     session?: TSession | undefined;
 }) => void;
-export declare const getConfiguredAudience: <Request_1 extends TBaseRequest>(options: TSessionMiddlewareOptions<Request_1>, requestPath: string) => string;
+export declare const getConfiguredAudience: <Request extends TBaseRequest>(options: TSessionMiddlewareOptions<Request>, requestPath: string) => string;
 declare function createSessionAuthVerifier<Request extends TBaseRequest>(options: TSessionMiddlewareOptions<Request>): (request: Request, response?: unknown) => Promise<void>;
 export { createSessionAuthVerifier, writeSessionContext };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@commercetools-backend/express",
-  "version": "22.2.1",
+  "version": "22.3.0",
   "description": "Zero-config HTTP server as Express.js to facilitate development",
   "bugs": "https://github.com/commercetools/merchant-center-application-kit/issues",
   "repository": {
@@ -9,17 +9,30 @@
     "directory": "packages-backend/express"
   },
   "homepage": "https://docs.commercetools.com/custom-applications",
-  "keywords": ["javascript", "nodejs", "express", "http", "server", "toolkit"],
+  "keywords": [
+    "javascript",
+    "nodejs",
+    "express",
+    "http",
+    "server",
+    "toolkit"
+  ],
   "license": "MIT",
   "publishConfig": {
     "access": "public"
   },
   "main": "dist/commercetools-backend-express.cjs.js",
   "module": "dist/commercetools-backend-express.esm.js",
-  "files": ["dist", "package.json", "LICENSE", "README.md"],
+  "files": [
+    "dist",
+    "package.json",
+    "LICENSE",
+    "README.md"
+  ],
   "dependencies": {
     "@babel/runtime": "^7.20.13",
     "@babel/runtime-corejs3": "^7.20.13",
+    "@types/express": "^4.17.17",
     "@types/node": "^18.15.11",
     "express": "4.18.2",
     "express-jwt": "8.4.1",
@@ -32,4 +45,4 @@
     "jose": "2.0.6",
     "msw": "0.49.3"
   }
-}
+}