@commercetools-backend/express 22.30.3 → 22.32.0

package/dist/commercetools-backend-express.cjs.dev.js

@@ -4,7 +4,6 @@ Object.defineProperty(exports, '__esModule', { value: true });
 
 var _defineProperty = require('@babel/runtime-corejs3/helpers/defineProperty');
 var _URL = require('@babel/runtime-corejs3/core-js-stable/url');
-var _concatInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/instance/concat');
 var _startsWithInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/instance/starts-with');
 var _Promise = require('@babel/runtime-corejs3/core-js-stable/promise');
 var _Object$keys = require('@babel/runtime-corejs3/core-js-stable/object/keys');
@@ -25,7 +24,6 @@ var _Array$isArray = require('@babel/runtime-corejs3/core-js-stable/array/is-arr
 function _interopDefault (e) { return e && e.__esModule ? e : { 'default': e }; }
 
 var _URL__default = /*#__PURE__*/_interopDefault(_URL);
-var _concatInstanceProperty__default = /*#__PURE__*/_interopDefault(_concatInstanceProperty);
 var _startsWithInstanceProperty__default = /*#__PURE__*/_interopDefault(_startsWithInstanceProperty);
 var _Promise__default = /*#__PURE__*/_interopDefault(_Promise);
 var _Object$keys__default = /*#__PURE__*/_interopDefault(_Object$keys);
@@ -87,20 +85,20 @@ const getFirstHeaderValueOrThrow = (headers, headerKey, errorMessage) => {
 };
 
 function ownKeys(e, r) { var t = _Object$keys__default["default"](e); if (_Object$getOwnPropertySymbols__default["default"]) { var o = _Object$getOwnPropertySymbols__default["default"](e); r && (o = _filterInstanceProperty__default["default"](o).call(o, function (r) { return _Object$getOwnPropertyDescriptor__default["default"](e, r).enumerable; })), t.push.apply(t, o); } return t; }
-function _objectSpread(e) { for (var r = 1; r < arguments.length; r++) { var _context3, _context4; var t = null != arguments[r] ? arguments[r] : {}; r % 2 ? _forEachInstanceProperty__default["default"](_context3 = ownKeys(Object(t), !0)).call(_context3, function (r) { _defineProperty(e, r, t[r]); }) : _Object$getOwnPropertyDescriptors__default["default"] ? _Object$defineProperties__default["default"](e, _Object$getOwnPropertyDescriptors__default["default"](t)) : _forEachInstanceProperty__default["default"](_context4 = ownKeys(Object(t))).call(_context4, function (r) { _Object$defineProperty__default["default"](e, r, _Object$getOwnPropertyDescriptor__default["default"](t, r)); }); } return e; }
+function _objectSpread(e) { for (var r = 1; r < arguments.length; r++) { var _context, _context2; var t = null != arguments[r] ? arguments[r] : {}; r % 2 ? _forEachInstanceProperty__default["default"](_context = ownKeys(Object(t), !0)).call(_context, function (r) { _defineProperty(e, r, t[r]); }) : _Object$getOwnPropertyDescriptors__default["default"] ? _Object$defineProperties__default["default"](e, _Object$getOwnPropertyDescriptors__default["default"](t)) : _forEachInstanceProperty__default["default"](_context2 = ownKeys(Object(t))).call(_context2, function (r) { _Object$defineProperty__default["default"](e, r, _Object$getOwnPropertyDescriptor__default["default"](t, r)); }); } return e; }
 const decodedTokenKey = 'decoded_token';
 // Assign a session object to the request object.
 const writeSessionContext = request => {
   const decodedToken = request[decodedTokenKey];
   if (decodedToken) {
-    const publicClaimForProjectKey = "".concat(decodedToken.iss, "/claims/project_key");
-    const publicClaimForUserPermissionsKey = "".concat(decodedToken.iss, "/claims/user_permissions");
+    const publicClaimForProjectKey = `${decodedToken.iss}/claims/project_key`;
+    const publicClaimForUserPermissionsKey = `${decodedToken.iss}/claims/user_permissions`;
     request.session = {
       userId: decodedToken.sub,
       projectKey: decodedToken[publicClaimForProjectKey]
     };
     const userPermissions = decodedToken[publicClaimForUserPermissionsKey];
-    if (Boolean(userPermissions === null || userPermissions === void 0 ? void 0 : userPermissions.length)) {
+    if (Boolean(userPermissions?.length)) {
       request.session.userPermissions = userPermissions;
     }
   }
@@ -150,16 +148,16 @@ const throwIfIssuerIsNotAValidUrl = issuer => {
   try {
     new _URL__default["default"](issuer);
   } catch (error) {
-    throw new Error("Invalid issuer URL \"".concat(issuer, "\". Expected a valid URL to the Merchant Center API Gateway, or a cloud identifier to one of the available cloud regions. See https://docs.commercetools.com/merchant-center-customizations/concepts/merchant-center-api#hostnames."));
+    throw new Error(`Invalid issuer URL "${issuer}". Expected a valid URL to the Merchant Center API Gateway, or a cloud identifier to one of the available cloud regions. See https://docs.commercetools.com/merchant-center-customizations/concepts/merchant-center-api#hostnames.`);
   }
 };
 // Validates required option values.
 const validateRequiredValues = options => {
   if (!options.audience) {
-    throw new Error("Missing required option \"audience\"");
+    throw new Error(`Missing required option "audience"`);
   }
   if (!options.issuer) {
-    throw new Error("Missing required option \"issuer\"");
+    throw new Error(`Missing required option "issuer"`);
   }
 };
 // Attempt to parse the given issuer. If the value is a cloud identifier, it will
@@ -177,19 +175,17 @@ const getConfiguredDefaultIssuer = options => {
 // If the request path is `/`, do not append it to the audience, otherwise
 // the token validation might fail because of mismatching audiences.
 const getConfiguredAudience = (options, requestPath) => {
-  var _context;
   // remove the trailing slash
-  const url = new _URL__default["default"](_concatInstanceProperty__default["default"](_context = "".concat(options.audience.replace(/\/?$/, ''))).call(_context, requestPath));
+  const url = new _URL__default["default"](`${options.audience.replace(/\/?$/, '')}${requestPath}`);
   switch (options.audiencePolicy) {
     case 'forward-url-origin':
       return url.origin;
     default:
       {
-        var _context2;
         if (requestPath === '/') {
           return url.origin;
         }
-        return _concatInstanceProperty__default["default"](_context2 = "".concat(url.origin)).call(_context2, url.pathname);
+        return `${url.origin}${url.pathname}`;
       }
   }
 };
@@ -199,22 +195,20 @@ function createSessionAuthVerifier(options) {
 
   // Returns an async HTTP handler.
   return async (request, response) => {
-    var _mapCloudIdentifierTo, _request$originalUrl;
     // Get the cloud identifier header, forwarded by the `/proxy/forward-to` endpoint.
-    const cloudIdentifierHeader = getFirstHeaderValueOrThrow(request.headers, MC_API_PROXY_HEADERS.CLOUD_IDENTIFIER, "Missing \"X-MC-API-Cloud-Identifier\" header.");
-    let issuer = options.inferIssuer && cloudIdentifierHeader ? (_mapCloudIdentifierTo = mapCloudIdentifierToIssuer(cloudIdentifierHeader)) !== null && _mapCloudIdentifierTo !== void 0 ? _mapCloudIdentifierTo : configuredDefaultIssuer : configuredDefaultIssuer;
+    const cloudIdentifierHeader = getFirstHeaderValueOrThrow(request.headers, MC_API_PROXY_HEADERS.CLOUD_IDENTIFIER, `Missing "X-MC-API-Cloud-Identifier" header.`);
+    let issuer = options.inferIssuer && cloudIdentifierHeader ? mapCloudIdentifierToIssuer(cloudIdentifierHeader) ?? configuredDefaultIssuer : configuredDefaultIssuer;
 
     // Get the `Accept-version` header, forwarded by the `/proxy/forward-to` endpoint.
     // The version should be sent by the client making the request, to use the features of v2.
-    const proxyForwardVersion = getFirstHeaderValueOrThrow(request.headers, MC_API_PROXY_HEADERS.FORWARD_TO_VERSION, "Missing \"X-MC-API-Forward-To-Version\" header.");
+    const proxyForwardVersion = getFirstHeaderValueOrThrow(request.headers, MC_API_PROXY_HEADERS.FORWARD_TO_VERSION, `Missing "X-MC-API-Forward-To-Version" header.`);
     if (proxyForwardVersion === 'v1') {
-      var _mapToLegacyIssuer;
       // Fall back to legacy issuer domains
-      issuer = (_mapToLegacyIssuer = mapToLegacyIssuer(cloudIdentifierHeader)) !== null && _mapToLegacyIssuer !== void 0 ? _mapToLegacyIssuer : issuer;
+      issuer = mapToLegacyIssuer(cloudIdentifierHeader) ?? issuer;
     }
-    const requestUrlPath = options.getRequestUrl ? options.getRequestUrl(request) : (_request$originalUrl = request.originalUrl) !== null && _request$originalUrl !== void 0 ? _request$originalUrl : request.url;
+    const requestUrlPath = options.getRequestUrl ? options.getRequestUrl(request) : request.originalUrl ?? request.url;
     if (!requestUrlPath || !_startsWithInstanceProperty__default["default"](requestUrlPath).call(requestUrlPath, '/')) {
-      throw new Error("Invalid request URI path \"".concat(requestUrlPath, "\". Please make sure that the \"request\" object has either a property \"originalUrl\" or \"url\". If not, you should implement the \"getRequestUrl\" function and make sure to return a valid URI path value starting with \"/\". More info at https://docs.commercetools.com/merchant-center-customizations/concepts/integrate-with-your-own-api#validating-the-json-web-token"));
+      throw new Error(`Invalid request URI path "${requestUrlPath}". Please make sure that the "request" object has either a property "originalUrl" or "url". If not, you should implement the "getRequestUrl" function and make sure to return a valid URI path value starting with "/". More info at https://docs.commercetools.com/merchant-center-customizations/concepts/integrate-with-your-own-api#validating-the-json-web-token`);
     }
     const audience = getConfiguredAudience(options, requestUrlPath);
     return new _Promise__default["default"]((resolve, reject) => {
@@ -228,7 +222,7 @@ function createSessionAuthVerifier(options) {
           jwksRequestsPerMinute: 5
         }, options.jwks || {}), {}, {
           // This should be set by the middleware, no matter what.
-          jwksUri: "".concat(issuer, "/.well-known/jwks.json")
+          jwksUri: `${issuer}/.well-known/jwks.json`
         })),
         requestProperty: decodedTokenKey,
         // Validate the audience and the issuer.
@@ -236,7 +230,7 @@ function createSessionAuthVerifier(options) {
         issuer,
         algorithms: ['RS256']
         // @ts-ignore: the middleware expects an Express.js Request/Response objects
-      })(request, response !== null && response !== void 0 ? response : {}, error => {
+      })(request, response ?? {}, error => {
         if (error) {
           reject(error);
         } else {

package/dist/commercetools-backend-express.cjs.prod.js

@@ -4,7 +4,6 @@ Object.defineProperty(exports, '__esModule', { value: true });
 
 var _defineProperty = require('@babel/runtime-corejs3/helpers/defineProperty');
 var _URL = require('@babel/runtime-corejs3/core-js-stable/url');
-var _concatInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/instance/concat');
 var _startsWithInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/instance/starts-with');
 var _Promise = require('@babel/runtime-corejs3/core-js-stable/promise');
 var _Object$keys = require('@babel/runtime-corejs3/core-js-stable/object/keys');
@@ -25,7 +24,6 @@ var _Array$isArray = require('@babel/runtime-corejs3/core-js-stable/array/is-arr
 function _interopDefault (e) { return e && e.__esModule ? e : { 'default': e }; }
 
 var _URL__default = /*#__PURE__*/_interopDefault(_URL);
-var _concatInstanceProperty__default = /*#__PURE__*/_interopDefault(_concatInstanceProperty);
 var _startsWithInstanceProperty__default = /*#__PURE__*/_interopDefault(_startsWithInstanceProperty);
 var _Promise__default = /*#__PURE__*/_interopDefault(_Promise);
 var _Object$keys__default = /*#__PURE__*/_interopDefault(_Object$keys);
@@ -87,20 +85,20 @@ const getFirstHeaderValueOrThrow = (headers, headerKey, errorMessage) => {
 };
 
 function ownKeys(e, r) { var t = _Object$keys__default["default"](e); if (_Object$getOwnPropertySymbols__default["default"]) { var o = _Object$getOwnPropertySymbols__default["default"](e); r && (o = _filterInstanceProperty__default["default"](o).call(o, function (r) { return _Object$getOwnPropertyDescriptor__default["default"](e, r).enumerable; })), t.push.apply(t, o); } return t; }
-function _objectSpread(e) { for (var r = 1; r < arguments.length; r++) { var _context3, _context4; var t = null != arguments[r] ? arguments[r] : {}; r % 2 ? _forEachInstanceProperty__default["default"](_context3 = ownKeys(Object(t), !0)).call(_context3, function (r) { _defineProperty(e, r, t[r]); }) : _Object$getOwnPropertyDescriptors__default["default"] ? _Object$defineProperties__default["default"](e, _Object$getOwnPropertyDescriptors__default["default"](t)) : _forEachInstanceProperty__default["default"](_context4 = ownKeys(Object(t))).call(_context4, function (r) { _Object$defineProperty__default["default"](e, r, _Object$getOwnPropertyDescriptor__default["default"](t, r)); }); } return e; }
+function _objectSpread(e) { for (var r = 1; r < arguments.length; r++) { var _context, _context2; var t = null != arguments[r] ? arguments[r] : {}; r % 2 ? _forEachInstanceProperty__default["default"](_context = ownKeys(Object(t), !0)).call(_context, function (r) { _defineProperty(e, r, t[r]); }) : _Object$getOwnPropertyDescriptors__default["default"] ? _Object$defineProperties__default["default"](e, _Object$getOwnPropertyDescriptors__default["default"](t)) : _forEachInstanceProperty__default["default"](_context2 = ownKeys(Object(t))).call(_context2, function (r) { _Object$defineProperty__default["default"](e, r, _Object$getOwnPropertyDescriptor__default["default"](t, r)); }); } return e; }
 const decodedTokenKey = 'decoded_token';
 // Assign a session object to the request object.
 const writeSessionContext = request => {
   const decodedToken = request[decodedTokenKey];
   if (decodedToken) {
-    const publicClaimForProjectKey = "".concat(decodedToken.iss, "/claims/project_key");
-    const publicClaimForUserPermissionsKey = "".concat(decodedToken.iss, "/claims/user_permissions");
+    const publicClaimForProjectKey = `${decodedToken.iss}/claims/project_key`;
+    const publicClaimForUserPermissionsKey = `${decodedToken.iss}/claims/user_permissions`;
     request.session = {
       userId: decodedToken.sub,
       projectKey: decodedToken[publicClaimForProjectKey]
     };
     const userPermissions = decodedToken[publicClaimForUserPermissionsKey];
-    if (Boolean(userPermissions === null || userPermissions === void 0 ? void 0 : userPermissions.length)) {
+    if (Boolean(userPermissions?.length)) {
       request.session.userPermissions = userPermissions;
     }
   }
@@ -150,16 +148,16 @@ const throwIfIssuerIsNotAValidUrl = issuer => {
   try {
     new _URL__default["default"](issuer);
   } catch (error) {
-    throw new Error("Invalid issuer URL \"".concat(issuer, "\". Expected a valid URL to the Merchant Center API Gateway, or a cloud identifier to one of the available cloud regions. See https://docs.commercetools.com/merchant-center-customizations/concepts/merchant-center-api#hostnames."));
+    throw new Error(`Invalid issuer URL "${issuer}". Expected a valid URL to the Merchant Center API Gateway, or a cloud identifier to one of the available cloud regions. See https://docs.commercetools.com/merchant-center-customizations/concepts/merchant-center-api#hostnames.`);
   }
 };
 // Validates required option values.
 const validateRequiredValues = options => {
   if (!options.audience) {
-    throw new Error("Missing required option \"audience\"");
+    throw new Error(`Missing required option "audience"`);
   }
   if (!options.issuer) {
-    throw new Error("Missing required option \"issuer\"");
+    throw new Error(`Missing required option "issuer"`);
   }
 };
 // Attempt to parse the given issuer. If the value is a cloud identifier, it will
@@ -177,19 +175,17 @@ const getConfiguredDefaultIssuer = options => {
 // If the request path is `/`, do not append it to the audience, otherwise
 // the token validation might fail because of mismatching audiences.
 const getConfiguredAudience = (options, requestPath) => {
-  var _context;
   // remove the trailing slash
-  const url = new _URL__default["default"](_concatInstanceProperty__default["default"](_context = "".concat(options.audience.replace(/\/?$/, ''))).call(_context, requestPath));
+  const url = new _URL__default["default"](`${options.audience.replace(/\/?$/, '')}${requestPath}`);
   switch (options.audiencePolicy) {
     case 'forward-url-origin':
       return url.origin;
     default:
       {
-        var _context2;
         if (requestPath === '/') {
           return url.origin;
         }
-        return _concatInstanceProperty__default["default"](_context2 = "".concat(url.origin)).call(_context2, url.pathname);
+        return `${url.origin}${url.pathname}`;
       }
   }
 };
@@ -199,22 +195,20 @@ function createSessionAuthVerifier(options) {
 
   // Returns an async HTTP handler.
   return async (request, response) => {
-    var _mapCloudIdentifierTo, _request$originalUrl;
     // Get the cloud identifier header, forwarded by the `/proxy/forward-to` endpoint.
-    const cloudIdentifierHeader = getFirstHeaderValueOrThrow(request.headers, MC_API_PROXY_HEADERS.CLOUD_IDENTIFIER, "Missing \"X-MC-API-Cloud-Identifier\" header.");
-    let issuer = options.inferIssuer && cloudIdentifierHeader ? (_mapCloudIdentifierTo = mapCloudIdentifierToIssuer(cloudIdentifierHeader)) !== null && _mapCloudIdentifierTo !== void 0 ? _mapCloudIdentifierTo : configuredDefaultIssuer : configuredDefaultIssuer;
+    const cloudIdentifierHeader = getFirstHeaderValueOrThrow(request.headers, MC_API_PROXY_HEADERS.CLOUD_IDENTIFIER, `Missing "X-MC-API-Cloud-Identifier" header.`);
+    let issuer = options.inferIssuer && cloudIdentifierHeader ? mapCloudIdentifierToIssuer(cloudIdentifierHeader) ?? configuredDefaultIssuer : configuredDefaultIssuer;
 
     // Get the `Accept-version` header, forwarded by the `/proxy/forward-to` endpoint.
     // The version should be sent by the client making the request, to use the features of v2.
-    const proxyForwardVersion = getFirstHeaderValueOrThrow(request.headers, MC_API_PROXY_HEADERS.FORWARD_TO_VERSION, "Missing \"X-MC-API-Forward-To-Version\" header.");
+    const proxyForwardVersion = getFirstHeaderValueOrThrow(request.headers, MC_API_PROXY_HEADERS.FORWARD_TO_VERSION, `Missing "X-MC-API-Forward-To-Version" header.`);
     if (proxyForwardVersion === 'v1') {
-      var _mapToLegacyIssuer;
       // Fall back to legacy issuer domains
-      issuer = (_mapToLegacyIssuer = mapToLegacyIssuer(cloudIdentifierHeader)) !== null && _mapToLegacyIssuer !== void 0 ? _mapToLegacyIssuer : issuer;
+      issuer = mapToLegacyIssuer(cloudIdentifierHeader) ?? issuer;
     }
-    const requestUrlPath = options.getRequestUrl ? options.getRequestUrl(request) : (_request$originalUrl = request.originalUrl) !== null && _request$originalUrl !== void 0 ? _request$originalUrl : request.url;
+    const requestUrlPath = options.getRequestUrl ? options.getRequestUrl(request) : request.originalUrl ?? request.url;
     if (!requestUrlPath || !_startsWithInstanceProperty__default["default"](requestUrlPath).call(requestUrlPath, '/')) {
-      throw new Error("Invalid request URI path \"".concat(requestUrlPath, "\". Please make sure that the \"request\" object has either a property \"originalUrl\" or \"url\". If not, you should implement the \"getRequestUrl\" function and make sure to return a valid URI path value starting with \"/\". More info at https://docs.commercetools.com/merchant-center-customizations/concepts/integrate-with-your-own-api#validating-the-json-web-token"));
+      throw new Error(`Invalid request URI path "${requestUrlPath}". Please make sure that the "request" object has either a property "originalUrl" or "url". If not, you should implement the "getRequestUrl" function and make sure to return a valid URI path value starting with "/". More info at https://docs.commercetools.com/merchant-center-customizations/concepts/integrate-with-your-own-api#validating-the-json-web-token`);
     }
     const audience = getConfiguredAudience(options, requestUrlPath);
     return new _Promise__default["default"]((resolve, reject) => {
@@ -228,7 +222,7 @@ function createSessionAuthVerifier(options) {
           jwksRequestsPerMinute: 5
         }, options.jwks || {}), {}, {
           // This should be set by the middleware, no matter what.
-          jwksUri: "".concat(issuer, "/.well-known/jwks.json")
+          jwksUri: `${issuer}/.well-known/jwks.json`
         })),
         requestProperty: decodedTokenKey,
         // Validate the audience and the issuer.
@@ -236,7 +230,7 @@ function createSessionAuthVerifier(options) {
         issuer,
         algorithms: ['RS256']
         // @ts-ignore: the middleware expects an Express.js Request/Response objects
-      })(request, response !== null && response !== void 0 ? response : {}, error => {
+      })(request, response ?? {}, error => {
         if (error) {
           reject(error);
         } else {

package/dist/commercetools-backend-express.esm.js

@@ -1,6 +1,5 @@
 import _defineProperty from '@babel/runtime-corejs3/helpers/esm/defineProperty';
 import _URL from '@babel/runtime-corejs3/core-js-stable/url';
-import _concatInstanceProperty from '@babel/runtime-corejs3/core-js-stable/instance/concat';
 import _startsWithInstanceProperty from '@babel/runtime-corejs3/core-js-stable/instance/starts-with';
 import _Promise from '@babel/runtime-corejs3/core-js-stable/promise';
 import _Object$keys from '@babel/runtime-corejs3/core-js-stable/object/keys';
@@ -64,20 +63,20 @@ const getFirstHeaderValueOrThrow = (headers, headerKey, errorMessage) => {
 };
 
 function ownKeys(e, r) { var t = _Object$keys(e); if (_Object$getOwnPropertySymbols) { var o = _Object$getOwnPropertySymbols(e); r && (o = _filterInstanceProperty(o).call(o, function (r) { return _Object$getOwnPropertyDescriptor(e, r).enumerable; })), t.push.apply(t, o); } return t; }
-function _objectSpread(e) { for (var r = 1; r < arguments.length; r++) { var _context3, _context4; var t = null != arguments[r] ? arguments[r] : {}; r % 2 ? _forEachInstanceProperty(_context3 = ownKeys(Object(t), !0)).call(_context3, function (r) { _defineProperty(e, r, t[r]); }) : _Object$getOwnPropertyDescriptors ? _Object$defineProperties(e, _Object$getOwnPropertyDescriptors(t)) : _forEachInstanceProperty(_context4 = ownKeys(Object(t))).call(_context4, function (r) { _Object$defineProperty(e, r, _Object$getOwnPropertyDescriptor(t, r)); }); } return e; }
+function _objectSpread(e) { for (var r = 1; r < arguments.length; r++) { var _context, _context2; var t = null != arguments[r] ? arguments[r] : {}; r % 2 ? _forEachInstanceProperty(_context = ownKeys(Object(t), !0)).call(_context, function (r) { _defineProperty(e, r, t[r]); }) : _Object$getOwnPropertyDescriptors ? _Object$defineProperties(e, _Object$getOwnPropertyDescriptors(t)) : _forEachInstanceProperty(_context2 = ownKeys(Object(t))).call(_context2, function (r) { _Object$defineProperty(e, r, _Object$getOwnPropertyDescriptor(t, r)); }); } return e; }
 const decodedTokenKey = 'decoded_token';
 // Assign a session object to the request object.
 const writeSessionContext = request => {
   const decodedToken = request[decodedTokenKey];
   if (decodedToken) {
-    const publicClaimForProjectKey = "".concat(decodedToken.iss, "/claims/project_key");
-    const publicClaimForUserPermissionsKey = "".concat(decodedToken.iss, "/claims/user_permissions");
+    const publicClaimForProjectKey = `${decodedToken.iss}/claims/project_key`;
+    const publicClaimForUserPermissionsKey = `${decodedToken.iss}/claims/user_permissions`;
     request.session = {
       userId: decodedToken.sub,
       projectKey: decodedToken[publicClaimForProjectKey]
     };
     const userPermissions = decodedToken[publicClaimForUserPermissionsKey];
-    if (Boolean(userPermissions === null || userPermissions === void 0 ? void 0 : userPermissions.length)) {
+    if (Boolean(userPermissions?.length)) {
       request.session.userPermissions = userPermissions;
     }
   }
@@ -127,16 +126,16 @@ const throwIfIssuerIsNotAValidUrl = issuer => {
   try {
     new _URL(issuer);
   } catch (error) {
-    throw new Error("Invalid issuer URL \"".concat(issuer, "\". Expected a valid URL to the Merchant Center API Gateway, or a cloud identifier to one of the available cloud regions. See https://docs.commercetools.com/merchant-center-customizations/concepts/merchant-center-api#hostnames."));
+    throw new Error(`Invalid issuer URL "${issuer}". Expected a valid URL to the Merchant Center API Gateway, or a cloud identifier to one of the available cloud regions. See https://docs.commercetools.com/merchant-center-customizations/concepts/merchant-center-api#hostnames.`);
   }
 };
 // Validates required option values.
 const validateRequiredValues = options => {
   if (!options.audience) {
-    throw new Error("Missing required option \"audience\"");
+    throw new Error(`Missing required option "audience"`);
   }
   if (!options.issuer) {
-    throw new Error("Missing required option \"issuer\"");
+    throw new Error(`Missing required option "issuer"`);
   }
 };
 // Attempt to parse the given issuer. If the value is a cloud identifier, it will
@@ -154,19 +153,17 @@ const getConfiguredDefaultIssuer = options => {
 // If the request path is `/`, do not append it to the audience, otherwise
 // the token validation might fail because of mismatching audiences.
 const getConfiguredAudience = (options, requestPath) => {
-  var _context;
   // remove the trailing slash
-  const url = new _URL(_concatInstanceProperty(_context = "".concat(options.audience.replace(/\/?$/, ''))).call(_context, requestPath));
+  const url = new _URL(`${options.audience.replace(/\/?$/, '')}${requestPath}`);
   switch (options.audiencePolicy) {
     case 'forward-url-origin':
       return url.origin;
     default:
       {
-        var _context2;
         if (requestPath === '/') {
           return url.origin;
         }
-        return _concatInstanceProperty(_context2 = "".concat(url.origin)).call(_context2, url.pathname);
+        return `${url.origin}${url.pathname}`;
       }
   }
 };
@@ -176,22 +173,20 @@ function createSessionAuthVerifier(options) {
 
   // Returns an async HTTP handler.
   return async (request, response) => {
-    var _mapCloudIdentifierTo, _request$originalUrl;
     // Get the cloud identifier header, forwarded by the `/proxy/forward-to` endpoint.
-    const cloudIdentifierHeader = getFirstHeaderValueOrThrow(request.headers, MC_API_PROXY_HEADERS.CLOUD_IDENTIFIER, "Missing \"X-MC-API-Cloud-Identifier\" header.");
-    let issuer = options.inferIssuer && cloudIdentifierHeader ? (_mapCloudIdentifierTo = mapCloudIdentifierToIssuer(cloudIdentifierHeader)) !== null && _mapCloudIdentifierTo !== void 0 ? _mapCloudIdentifierTo : configuredDefaultIssuer : configuredDefaultIssuer;
+    const cloudIdentifierHeader = getFirstHeaderValueOrThrow(request.headers, MC_API_PROXY_HEADERS.CLOUD_IDENTIFIER, `Missing "X-MC-API-Cloud-Identifier" header.`);
+    let issuer = options.inferIssuer && cloudIdentifierHeader ? mapCloudIdentifierToIssuer(cloudIdentifierHeader) ?? configuredDefaultIssuer : configuredDefaultIssuer;
 
     // Get the `Accept-version` header, forwarded by the `/proxy/forward-to` endpoint.
     // The version should be sent by the client making the request, to use the features of v2.
-    const proxyForwardVersion = getFirstHeaderValueOrThrow(request.headers, MC_API_PROXY_HEADERS.FORWARD_TO_VERSION, "Missing \"X-MC-API-Forward-To-Version\" header.");
+    const proxyForwardVersion = getFirstHeaderValueOrThrow(request.headers, MC_API_PROXY_HEADERS.FORWARD_TO_VERSION, `Missing "X-MC-API-Forward-To-Version" header.`);
     if (proxyForwardVersion === 'v1') {
-      var _mapToLegacyIssuer;
       // Fall back to legacy issuer domains
-      issuer = (_mapToLegacyIssuer = mapToLegacyIssuer(cloudIdentifierHeader)) !== null && _mapToLegacyIssuer !== void 0 ? _mapToLegacyIssuer : issuer;
+      issuer = mapToLegacyIssuer(cloudIdentifierHeader) ?? issuer;
     }
-    const requestUrlPath = options.getRequestUrl ? options.getRequestUrl(request) : (_request$originalUrl = request.originalUrl) !== null && _request$originalUrl !== void 0 ? _request$originalUrl : request.url;
+    const requestUrlPath = options.getRequestUrl ? options.getRequestUrl(request) : request.originalUrl ?? request.url;
     if (!requestUrlPath || !_startsWithInstanceProperty(requestUrlPath).call(requestUrlPath, '/')) {
-      throw new Error("Invalid request URI path \"".concat(requestUrlPath, "\". Please make sure that the \"request\" object has either a property \"originalUrl\" or \"url\". If not, you should implement the \"getRequestUrl\" function and make sure to return a valid URI path value starting with \"/\". More info at https://docs.commercetools.com/merchant-center-customizations/concepts/integrate-with-your-own-api#validating-the-json-web-token"));
+      throw new Error(`Invalid request URI path "${requestUrlPath}". Please make sure that the "request" object has either a property "originalUrl" or "url". If not, you should implement the "getRequestUrl" function and make sure to return a valid URI path value starting with "/". More info at https://docs.commercetools.com/merchant-center-customizations/concepts/integrate-with-your-own-api#validating-the-json-web-token`);
     }
     const audience = getConfiguredAudience(options, requestUrlPath);
     return new _Promise((resolve, reject) => {
@@ -205,7 +200,7 @@ function createSessionAuthVerifier(options) {
           jwksRequestsPerMinute: 5
         }, options.jwks || {}), {}, {
           // This should be set by the middleware, no matter what.
-          jwksUri: "".concat(issuer, "/.well-known/jwks.json")
+          jwksUri: `${issuer}/.well-known/jwks.json`
         })),
         requestProperty: decodedTokenKey,
         // Validate the audience and the issuer.
@@ -213,7 +208,7 @@ function createSessionAuthVerifier(options) {
         issuer,
         algorithms: ['RS256']
         // @ts-ignore: the middleware expects an Express.js Request/Response objects
-      })(request, response !== null && response !== void 0 ? response : {}, error => {
+      })(request, response ?? {}, error => {
         if (error) {
           reject(error);
         } else {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@commercetools-backend/express",
-  "version": "22.30.3",
+  "version": "22.32.0",
   "description": "Zero-config HTTP server as Express.js to facilitate development",
   "bugs": "https://github.com/commercetools/merchant-center-application-kit/issues",
   "repository": {