@decocms/apps 0.22.0 → 0.23.1

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@decocms/apps",
-  "version": "0.22.0",
+  "version": "0.23.1",
   "type": "module",
   "description": "Deco commerce apps for TanStack Start - Shopify, VTEX, commerce types, analytics utils",
   "exports": {

package/vtex/client.ts

@@ -4,6 +4,7 @@
  */
 
 import { type FetchCacheOptions, fetchWithCache } from "./utils/fetchCache";
+import { SEGMENT_COOKIE_NAME, parseSegment } from "./utils/segment";
 
 // ---------------------------------------------------------------------------
 // URL sanitization (ported from deco-cx/apps vtex/utils/fetchVTEX.ts)
@@ -176,6 +177,22 @@ function authHeaders(): Record<string, string> {
 	return headers;
 }
 
+/**
+ * Read regionId from the current request's vtex_segment cookie.
+ * Returns null when no cookie provider is registered or no regionId is set.
+ */
+function extractRegionIdFromCookies(): string | null {
+	if (!_getCookieHeader) return null;
+	const cookies = _getCookieHeader();
+	if (!cookies) return null;
+	const match = cookies.match(
+		new RegExp(`(?:^|;\\s*)${SEGMENT_COOKIE_NAME}=([^;]+)`),
+	);
+	if (!match?.[1]) return null;
+	const segment = parseSegment(match[1]);
+	return segment?.regionId ?? null;
+}
+
 export async function vtexFetchResponse(
 	path: string,
 	init?: RequestInit,
@@ -293,7 +310,7 @@ export async function vtexFetchWithCookies<T>(
 export async function intelligentSearch<T>(
 	path: string,
 	params?: Record<string, string>,
-	opts?: { cookieHeader?: string; locale?: string },
+	opts?: { cookieHeader?: string; locale?: string; regionId?: string },
 ): Promise<T> {
 	const url = new URL(`${isUrl()}${path}`);
 	if (params) {
@@ -309,6 +326,11 @@ export async function intelligentSearch<T>(
 		url.searchParams.set("locale", locale);
 	}
 
+	const regionId = opts?.regionId ?? extractRegionIdFromCookies();
+	if (regionId) {
+		url.searchParams.set("regionId", regionId);
+	}
+
 	const headers: Record<string, string> = { ...authHeaders() };
 	if (opts?.cookieHeader) {
 		headers.cookie = opts.cookieHeader;
@@ -316,8 +338,6 @@ export async function intelligentSearch<T>(
 
 	const fullUrl = url.toString();
 
-	// IS GET requests go through SWR cache (3 min TTL via status-based defaults).
-	// The doFetch callback throws on non-ok responses, so null is never returned.
 	return fetchWithCache<T>(fullUrl, async () => {
 		const response = await _fetch(fullUrl, { headers });
 		if (!response.ok) {
@@ -463,13 +483,15 @@ export function initVtexFromBlocks(blocks: Record<string, any>) {
 		console.warn("[VTEX] No vtex.json block found.");
 		return;
 	}
+	const appKey = typeof vtexBlock.appKey === "string" ? vtexBlock.appKey : undefined;
+	const appToken = typeof vtexBlock.appToken === "string" ? vtexBlock.appToken : undefined;
 	configureVtex({
 		account: vtexBlock.account,
 		publicUrl: vtexBlock.publicUrl,
 		salesChannel: vtexBlock.salesChannel || "1",
 		locale: vtexBlock.locale || vtexBlock.defaultLocale,
-		appKey: vtexBlock.appKey,
-		appToken: vtexBlock.appToken,
+		appKey,
+		appToken,
 		country: vtexBlock.country,
 		domain: vtexBlock.domain,
 	});

package/vtex/invoke.ts

@@ -42,7 +42,7 @@ import {
   type UploadAttachmentOpts,
   type CreateDocumentResult,
 } from "./actions/masterData";
-import { createSession } from "./actions/session";
+import { createSession, editSession, type SessionData } from "./actions/session";
 import { subscribe, type SubscribeProps } from "./actions/newsletter";
 import { notifyMe, type NotifyMeProps } from "./actions/misc";
 import type { OrderForm } from "./types";
@@ -168,6 +168,14 @@ export const invoke = {
         { unwrap: true },
       ),
 
+      editSession: createInvokeFn(
+        (input: { public: Record<string, { value: string }> }) =>
+          editSession(input.public),
+        { unwrap: true },
+      ) as unknown as (ctx: {
+        data: { public: Record<string, { value: string }> };
+      }) => Promise<SessionData>,
+
       // -- MasterData -------------------------------------------------------
 
       createDocument: createInvokeFn(

package/vtex/middleware.ts

@@ -52,6 +52,12 @@ export interface VtexRequestContext {
   email?: string;
   /** Sales channel derived from segment. */
   salesChannel: string;
+  /**
+   * VTEX region ID from the segment cookie.
+   * Present when the user has set a postal code (CEP) for regionalization.
+   * Null when no region is set (anonymous default segment).
+   */
+  regionId: string | null;
   /** Whether this request carries price tables (B2B). */
   hasCustomPricing: boolean;
   /** Intelligent Search session cookie. */
@@ -123,6 +129,7 @@ export function extractVtexContext(request: Request): VtexRequestContext {
     isLoggedIn: authInfo?.isLoggedIn ?? false,
     email: authInfo?.email,
     salesChannel: segment.channel ?? "1",
+    regionId: segment.regionId ?? null,
     hasCustomPricing: Boolean(
       segment.priceTables && segment.priceTables.length > 0,
     ),
@@ -217,7 +224,9 @@ export function buildSegmentSetCookie(
  */
 export function vtexCacheKeySuffix(ctx: VtexRequestContext): string {
   if (ctx.isLoggedIn) return "__vtex_auth";
-  return `__vtex_sc=${ctx.salesChannel}`;
+  const parts = [`sc=${ctx.salesChannel}`];
+  if (ctx.regionId) parts.push(`r=${ctx.regionId}`);
+  return `__vtex_${parts.join("_")}`;
 }
 
 // -------------------------------------------------------------------------

package/vtex/utils/cookies.ts

@@ -10,32 +10,73 @@ interface Cookie {
   sameSite?: "Strict" | "Lax" | "None";
 }
 
+function parseSingleSetCookie(raw: string): Cookie | null {
+  const parts = raw.split(";").map((p) => p.trim());
+  const [nameValue, ...attrs] = parts;
+  const eqIdx = nameValue.indexOf("=");
+  if (eqIdx < 0) return null;
+  const cookie: Cookie = {
+    name: nameValue.slice(0, eqIdx),
+    value: nameValue.slice(eqIdx + 1),
+  };
+  for (const attr of attrs) {
+    const [k, v] = attr.split("=").map((s) => s.trim());
+    const lower = k.toLowerCase();
+    if (lower === "domain") cookie.domain = v;
+    else if (lower === "path") cookie.path = v;
+    else if (lower === "secure") cookie.secure = true;
+    else if (lower === "httponly") cookie.httpOnly = true;
+    else if (lower === "samesite") cookie.sameSite = v as Cookie["sameSite"];
+  }
+  return cookie;
+}
+
+/**
+ * Extract individual Set-Cookie values from a Headers object.
+ *
+ * Uses Headers.getSetCookie() (available in Cloudflare Workers and Node 18+)
+ * which returns each Set-Cookie as a separate string — unlike Headers.get()
+ * or Headers.forEach() which join multiple values with ", " and corrupt
+ * cookie strings that contain commas in Expires dates.
+ */
 function getSetCookies(headers: Headers): Cookie[] {
+  const rawCookies: string[] =
+    typeof headers.getSetCookie === "function"
+      ? headers.getSetCookie()
+      : getRawSetCookiesFallback(headers);
+
   const cookies: Cookie[] = [];
-  headers.forEach((value, key) => {
-    if (key.toLowerCase() !== "set-cookie") return;
-    const parts = value.split(";").map((p) => p.trim());
-    const [nameValue, ...attrs] = parts;
-    const eqIdx = nameValue.indexOf("=");
-    if (eqIdx < 0) return;
-    const cookie: Cookie = {
-      name: nameValue.slice(0, eqIdx),
-      value: nameValue.slice(eqIdx + 1),
-    };
-    for (const attr of attrs) {
-      const [k, v] = attr.split("=").map((s) => s.trim());
-      const lower = k.toLowerCase();
-      if (lower === "domain") cookie.domain = v;
-      else if (lower === "path") cookie.path = v;
-      else if (lower === "secure") cookie.secure = true;
-      else if (lower === "httponly") cookie.httpOnly = true;
-      else if (lower === "samesite") cookie.sameSite = v as Cookie["sameSite"];
-    }
-    cookies.push(cookie);
-  });
+  for (const raw of rawCookies) {
+    const cookie = parseSingleSetCookie(raw);
+    if (cookie) cookies.push(cookie);
+  }
   return cookies;
 }
 
+/**
+ * Fallback for runtimes without Headers.getSetCookie().
+ * Splits the comma-joined string heuristically — not perfect for cookies
+ * with Expires containing commas, but better than the old approach.
+ */
+function getRawSetCookiesFallback(headers: Headers): string[] {
+  const joined = headers.get("set-cookie");
+  if (!joined) return [];
+  const results: string[] = [];
+  let current = "";
+  for (const segment of joined.split(",")) {
+    const trimmed = segment.trimStart();
+    const looksLikeNewCookie = /^[^=;]+=[^;]/.test(trimmed) && current.length > 0;
+    if (looksLikeNewCookie) {
+      results.push(current.trim());
+      current = trimmed;
+    } else {
+      current += (current ? "," : "") + segment;
+    }
+  }
+  if (current.trim()) results.push(current.trim());
+  return results;
+}
+
 function setCookie(headers: Headers, cookie: Cookie): void {
   let str = `${cookie.name}=${cookie.value}`;
   if (cookie.domain) str += `; Domain=${cookie.domain}`;

package/vtex/utils/proxy.ts

@@ -104,10 +104,20 @@ function buildOriginUrl(
   return new URL(`https://${originHost}${url.pathname}${url.search}`);
 }
 
+/**
+ * Copy headers excluding hop-by-hop and Set-Cookie.
+ *
+ * Set-Cookie is excluded intentionally: Headers.forEach / .set() joins
+ * multiple Set-Cookie values with ", " which corrupts cookies containing
+ * commas (e.g. Expires dates). proxySetCookie handles Set-Cookie
+ * separately using Headers.getSetCookie() for correct multi-cookie support.
+ */
 function filterHeaders(headers: Headers): Headers {
   const filtered = new Headers();
   headers.forEach((value, key) => {
-    if (!HOP_BY_HOP_HEADERS.has(key.toLowerCase())) {
+    const lower = key.toLowerCase();
+    if (lower === "set-cookie") return;
+    if (!HOP_BY_HOP_HEADERS.has(lower)) {
       filtered.set(key, value);
     }
   });
@@ -148,7 +158,7 @@ export async function proxyToVtex(
     }
   }
 
-  if (config.appKey && config.appToken) {
+  if (typeof config.appKey === "string" && typeof config.appToken === "string") {
     forwardHeaders.set("X-VTEX-API-AppKey", config.appKey);
     forwardHeaders.set("X-VTEX-API-AppToken", config.appToken);
   }
@@ -169,13 +179,13 @@ export async function proxyToVtex(
 
   const responseHeaders = filterHeaders(new Headers(originResponse.headers));
 
-  if (options?.rewriteCookieDomain !== false) {
-    proxySetCookie(
-      originResponse.headers,
-      responseHeaders,
-      new URL(request.url).origin,
-    );
-  }
+  proxySetCookie(
+    originResponse.headers,
+    responseHeaders,
+    options?.rewriteCookieDomain !== false
+      ? new URL(request.url).origin
+      : undefined,
+  );
 
   if (originResponse.status >= 300 && originResponse.status < 400) {
     const location = originResponse.headers.get("location");