@decocms/start 0.43.0 → 1.1.0

package/src/cms/sectionMixins.ts

@@ -0,0 +1,76 @@
+/**
+ * Section Loader Mixins
+ *
+ * Reusable section loader factories for common patterns like device detection,
+ * mobile flag injection, and search param extraction. Eliminates repetitive
+ * `(props, req) => ({ ...props, device: detectDevice(...) })` boilerplate.
+ *
+ * @example
+ * ```ts
+ * import { withDevice, withMobile, compose } from "@decocms/start/cms";
+ *
+ * registerSectionLoaders({
+ *   "site/sections/Product/ProductShelf.tsx": withDevice(),
+ *   "site/sections/Images/Carousel.tsx": withMobile(),
+ *   "site/sections/Header/Header.tsx": compose(withDevice(), withSearchParam()),
+ * });
+ * ```
+ */
+import { detectDevice } from "../sdk/useDevice";
+import type { SectionLoaderFn } from "./sectionLoaders";
+
+/**
+ * Injects `device: "mobile" | "desktop" | "tablet"` from the request User-Agent.
+ */
+export function withDevice(): SectionLoaderFn {
+  return (props, req) => ({
+    ...props,
+    device: detectDevice(req.headers.get("user-agent") ?? ""),
+  });
+}
+
+/**
+ * Injects `isMobile: boolean` (true for mobile and tablet) from the request User-Agent.
+ */
+export function withMobile(): SectionLoaderFn {
+  return (props, req) => {
+    const d = detectDevice(req.headers.get("user-agent") ?? "");
+    return { ...props, isMobile: d === "mobile" || d === "tablet" };
+  };
+}
+
+const REGEX_QUERY_VALUE = /[?&]q=([^&]*)/;
+
+/**
+ * Injects `currentSearchParam: string | undefined` extracted from the `?q=` URL parameter.
+ */
+export function withSearchParam(): SectionLoaderFn {
+  return (props, req) => {
+    const match = req.url.match(REGEX_QUERY_VALUE);
+    return {
+      ...props,
+      currentSearchParam: match ? decodeURIComponent(match[1]) : undefined,
+    };
+  };
+}
+
+/**
+ * Composes multiple section loader mixins into a single loader.
+ * Each mixin's result is merged left-to-right (later mixins override earlier ones).
+ *
+ * @example
+ * ```ts
+ * compose(withDevice(), withSearchParam())
+ * // Equivalent to: (props, req) => ({ ...props, device: ..., currentSearchParam: ... })
+ * ```
+ */
+export function compose(...mixins: SectionLoaderFn[]): SectionLoaderFn {
+  return async (props, req) => {
+    let result = { ...props };
+    for (const mixin of mixins) {
+      const partial = await mixin(result, req);
+      result = { ...result, ...partial };
+    }
+    return result;
+  };
+}

package/src/hooks/DecoRootLayout.tsx

@@ -0,0 +1,111 @@
+import { useEffect, type ReactNode } from "react";
+import { HeadContent, Scripts, ScriptOnce } from "@tanstack/react-router";
+import { LiveControls } from "./LiveControls";
+import { ANALYTICS_SCRIPT } from "../sdk/analytics";
+import { NavigationProgress } from "./NavigationProgress";
+import { StableOutlet } from "./StableOutlet";
+
+declare global {
+	interface Window {
+		__deco_ready?: boolean;
+	}
+}
+
+function buildDecoEventsBootstrap(account?: string): string {
+	const accountJson = JSON.stringify(account ?? "");
+	return `
+window.__RUNTIME__ = window.__RUNTIME__ || { account: ${accountJson} };
+window.DECO = window.DECO || {};
+window.DECO.events = window.DECO.events || {
+  _q: [],
+  _subs: [],
+  dispatch: function(e) {
+    this._q.push(e);
+    for (var i = 0; i < this._subs.length; i++) {
+      try { this._subs[i](e); } catch(err) { console.error('[DECO.events]', err); }
+    }
+  },
+  subscribe: function(fn) {
+    this._subs.push(fn);
+    for (var i = 0; i < this._q.length; i++) {
+      try { fn(this._q[i]); } catch(err) {}
+    }
+  }
+};
+window.dataLayer = window.dataLayer || [];
+`;
+}
+
+export interface DecoRootLayoutProps {
+	/** Language attribute for the <html> tag. Default: "en" */
+	lang?: string;
+	/** DaisyUI data-theme attribute. Default: "light" */
+	dataTheme?: string;
+	/** Site name for LiveControls (admin iframe communication). Required. */
+	siteName: string;
+	/** Commerce platform account name for analytics bootstrap (e.g. VTEX account). */
+	account?: string;
+	/** CSS class for <body>. Default: "bg-base-200 text-base-content" */
+	bodyClassName?: string;
+	/** Delay in ms before firing deco:ready event. Default: 500 */
+	decoReadyDelay?: number;
+	/**
+	 * Extra content rendered inside <body> after the main outlet
+	 * (e.g. Toast, custom analytics components).
+	 */
+	children?: ReactNode;
+}
+
+/**
+ * Standard Deco root layout component for use in __root.tsx.
+ *
+ * Provides:
+ * - NavigationProgress (loading bar during SPA nav)
+ * - StableOutlet (height-preserved content area)
+ * - DECO.events bootstrap (via ScriptOnce — runs before hydration, once)
+ * - LiveControls for admin
+ * - Analytics script (via ScriptOnce)
+ * - deco:ready hydration signal
+ *
+ * QueryClientProvider should be configured via createDecoRouter's `Wrap` option
+ * (per TanStack docs — non-DOM providers go on the router, not in components).
+ *
+ * Sites that need full control should compose from the individual exported
+ * pieces (NavigationProgress, StableOutlet, etc.) instead.
+ */
+export function DecoRootLayout({
+	lang = "en",
+	dataTheme = "light",
+	siteName,
+	account,
+	bodyClassName = "bg-base-200 text-base-content",
+	decoReadyDelay = 500,
+	children,
+}: DecoRootLayoutProps) {
+	useEffect(() => {
+		const id = setTimeout(() => {
+			window.__deco_ready = true;
+			document.dispatchEvent(new Event("deco:ready"));
+		}, decoReadyDelay);
+		return () => clearTimeout(id);
+	}, [decoReadyDelay]);
+
+	return (
+		<html lang={lang} data-theme={dataTheme} suppressHydrationWarning>
+			<head>
+				<HeadContent />
+			</head>
+			<body className={bodyClassName} suppressHydrationWarning>
+				<ScriptOnce children={buildDecoEventsBootstrap(account)} />
+				<NavigationProgress />
+				<main>
+					<StableOutlet />
+				</main>
+				{children}
+				<LiveControls site={siteName} />
+				<ScriptOnce children={ANALYTICS_SCRIPT} />
+				<Scripts />
+			</body>
+		</html>
+	);
+}

package/src/hooks/NavigationProgress.tsx

@@ -0,0 +1,21 @@
+import { useRouterState } from "@tanstack/react-router";
+
+const PROGRESS_CSS = `
+@keyframes progressSlide { from { transform: translateX(-100%); } to { transform: translateX(100%); } }
+.nav-progress-bar { animation: progressSlide 1s ease-in-out infinite; }
+`;
+
+/**
+ * Top-of-page loading bar that appears during SPA navigation.
+ * Uses the router's isLoading state — no extra dependencies.
+ */
+export function NavigationProgress() {
+	const isLoading = useRouterState({ select: (s) => s.isLoading });
+	if (!isLoading) return null;
+	return (
+		<div className="fixed top-0 left-0 right-0 z-[9999] h-1 bg-brand-primary-500/20 overflow-hidden">
+			<style dangerouslySetInnerHTML={{ __html: PROGRESS_CSS }} />
+			<div className="nav-progress-bar h-full w-1/3 bg-brand-primary-500 rounded-full" />
+		</div>
+	);
+}

package/src/hooks/StableOutlet.tsx

@@ -0,0 +1,30 @@
+import { useEffect, useRef } from "react";
+import { Outlet, useRouterState } from "@tanstack/react-router";
+
+/**
+ * Preserves the content area height during SPA navigation so the
+ * footer doesn't jump up while the new page is loading.
+ */
+export function StableOutlet() {
+	const isLoading = useRouterState({ select: (s) => s.isLoading });
+	const ref = useRef<HTMLDivElement>(null);
+	const savedHeight = useRef<number | undefined>(undefined);
+
+	useEffect(() => {
+		if (isLoading && ref.current) {
+			savedHeight.current = ref.current.offsetHeight;
+		}
+		if (!isLoading) {
+			savedHeight.current = undefined;
+		}
+	}, [isLoading]);
+
+	return (
+		<div
+			ref={ref}
+			style={savedHeight.current ? { minHeight: savedHeight.current } : undefined}
+		>
+			<Outlet />
+		</div>
+	);
+}

package/src/hooks/index.ts

@@ -6,3 +6,6 @@ export {
 export { isBelowFold, LazySection, type LazySectionProps } from "./LazySection";
 export { LiveControls } from "./LiveControls";
 export { SectionErrorBoundary } from "./SectionErrorFallback";
+export { NavigationProgress } from "./NavigationProgress";
+export { StableOutlet } from "./StableOutlet";
+export { DecoRootLayout, type DecoRootLayoutProps } from "./DecoRootLayout";

package/src/sdk/abTesting.ts

@@ -0,0 +1,398 @@
+/**
+ * A/B Testing wrapper for Cloudflare Worker entries.
+ *
+ * Provides KV-driven traffic splitting between the current TanStack Start
+ * worker ("worker" bucket) and a fallback origin ("fallback" bucket, e.g.
+ * legacy Deco/Fresh site). Designed for migration-period A/B testing.
+ *
+ * Features:
+ * - FNV-1a IP hashing for stable, deterministic bucket assignment
+ * - Sticky bucketing via cookie ("bucket:timestamp" format)
+ * - Query param override for QA (?_deco_bucket=worker)
+ * - Circuit breaker: worker errors auto-fallback to legacy origin
+ * - Fallback proxy with hostname rewriting (Set-Cookie, Location, body)
+ * - Configurable bypass for paths that must always use the worker
+ *   (e.g. VTEX checkout proxy paths)
+ *
+ * @example
+ * ```ts
+ * import { createDecoWorkerEntry } from "@decocms/start/sdk/workerEntry";
+ * import { withABTesting } from "@decocms/start/sdk/abTesting";
+ *
+ * const decoWorker = createDecoWorkerEntry(serverEntry, { ... });
+ *
+ * export default withABTesting(decoWorker, {
+ *   kvBinding: "SITES_KV",
+ *   shouldBypassAB: (request, url) => isVtexPath(url.pathname),
+ * });
+ * ```
+ */
+
+// ---------------------------------------------------------------------------
+// Types
+// ---------------------------------------------------------------------------
+
+interface WorkerExecutionContext {
+	waitUntil(promise: Promise<unknown>): void;
+	passThroughOnException(): void;
+}
+
+export interface WorkerHandler {
+	fetch(
+		request: Request,
+		env: Record<string, unknown>,
+		ctx: WorkerExecutionContext,
+	): Promise<Response>;
+}
+
+interface KVNamespace {
+	get<T = string>(key: string, type: "json"): Promise<T | null>;
+	get(key: string, type?: "text"): Promise<string | null>;
+}
+
+/** KV value shape — same as the original cf-gateway config. */
+export interface SiteConfig {
+	workerName: string;
+	fallbackOrigin: string;
+	abTest?: { ratio: number };
+}
+
+export type Bucket = "worker" | "fallback";
+
+export interface ABTestConfig {
+	/** KV namespace binding name. @default "SITES_KV" */
+	kvBinding?: string;
+
+	/** Cookie name for bucket persistence. @default "_deco_bucket" */
+	cookieName?: string;
+
+	/** Cookie max-age in seconds. @default 86400 (1 day) */
+	cookieMaxAge?: number;
+
+	/** Auto-fallback to legacy on worker errors. @default true */
+	circuitBreaker?: boolean;
+
+	/**
+	 * Return `true` to bypass A/B for this request — always serve from
+	 * the worker regardless of bucket assignment.
+	 *
+	 * Useful for commerce backend paths (checkout, /api/*) that must
+	 * not be proxied through the fallback origin.
+	 */
+	shouldBypassAB?: (request: Request, url: URL) => boolean;
+
+	/**
+	 * Called before the A/B logic runs. Return a `Response` to short-circuit
+	 * (e.g. for CMS redirects), or `null` to continue with A/B.
+	 */
+	preHandler?: (
+		request: Request,
+		url: URL,
+	) => Response | Promise<Response | null> | null;
+}
+
+// ---------------------------------------------------------------------------
+// FNV-1a 32-bit — fast, good distribution for short strings like IPs.
+// Same hash used by the original cf-gateway.
+// ---------------------------------------------------------------------------
+
+function fnv1a(str: string): number {
+	let hash = 0x811c9dc5;
+	for (let i = 0; i < str.length; i++) {
+		hash ^= str.charCodeAt(i);
+		hash = Math.imul(hash, 0x01000193);
+	}
+	return Math.abs(hash);
+}
+
+// ---------------------------------------------------------------------------
+// Cookie helpers
+// ---------------------------------------------------------------------------
+
+function parseCookies(header: string): Record<string, string> {
+	return Object.fromEntries(
+		header.split(";").map((c) => {
+			const [k, ...v] = c.trim().split("=");
+			return [k, v.join("=")];
+		}),
+	);
+}
+
+/**
+ * Parse the bucket cookie value.
+ *
+ * New format: "worker:1711540800" (bucket + unix timestamp).
+ * Legacy format: "worker" or "fallback" (no timestamp — old 30d cookie).
+ */
+function parseBucketCookie(
+	raw: string | undefined,
+): { bucket: Bucket; ts: number } | null {
+	if (!raw) return null;
+
+	const colonIdx = raw.indexOf(":");
+	if (colonIdx > 0) {
+		const bucket = raw.slice(0, colonIdx);
+		const ts = parseInt(raw.slice(colonIdx + 1), 10);
+		if ((bucket === "worker" || bucket === "fallback") && !isNaN(ts)) {
+			return { bucket, ts };
+		}
+	}
+
+	if (raw === "worker" || raw === "fallback") {
+		return { bucket: raw, ts: 0 };
+	}
+
+	return null;
+}
+
+// ---------------------------------------------------------------------------
+// Public helpers (exported for custom composition)
+// ---------------------------------------------------------------------------
+
+/**
+ * Deterministically assign a bucket based on:
+ * 1. Query param override (?_deco_bucket=worker)
+ * 2. Existing cookie (stickiness)
+ * 3. IP hash against ratio threshold
+ */
+export function getStableBucket(
+	request: Request,
+	ratio: number,
+	url: URL,
+	cookieName: string = "_deco_bucket",
+): Bucket {
+	const override = url.searchParams.get(cookieName);
+	if (override === "worker" || override === "fallback") return override;
+
+	const cookies = parseCookies(request.headers.get("cookie") ?? "");
+	const parsed = parseBucketCookie(cookies[cookieName]);
+	if (parsed) return parsed.bucket;
+
+	if (ratio <= 0) return "fallback";
+	if (ratio >= 1) return "worker";
+
+	const ip =
+		request.headers.get("cf-connecting-ip") ?? Math.random().toString();
+	return fnv1a(ip) % 100 < ratio * 100 ? "worker" : "fallback";
+}
+
+/**
+ * Tag a response with the bucket assignment and refresh the sticky cookie
+ * if needed (missing, changed, or stale).
+ */
+export function tagBucket(
+	response: Response,
+	bucket: Bucket,
+	hostname: string,
+	request: Request,
+	cookieName: string = "_deco_bucket",
+	maxAge: number = 86400,
+): Response {
+	const res = new Response(response.body, response);
+	res.headers.set("x-deco-bucket", bucket);
+
+	const cookies = parseCookies(request.headers.get("cookie") ?? "");
+	const parsed = parseBucketCookie(cookies[cookieName]);
+	const now = Math.floor(Date.now() / 1000);
+
+	const needsSet =
+		!parsed || parsed.bucket !== bucket || now - parsed.ts > maxAge;
+
+	if (needsSet) {
+		res.headers.append(
+			"set-cookie",
+			`${cookieName}=${bucket}:${now}; Path=/; Max-Age=${maxAge}; Domain=${hostname}; SameSite=Lax`,
+		);
+	}
+
+	return res;
+}
+
+/**
+ * Proxy a request to the fallback origin with full hostname rewriting.
+ *
+ * Rewrites:
+ * 1. URL hostname → fallback origin
+ * 2. Set-Cookie Domain → real hostname
+ * 3. Body text: fallback hostname → real hostname (for Fresh partial URLs)
+ * 4. Location header → real hostname
+ */
+export async function proxyToFallback(
+	request: Request,
+	url: URL,
+	fallbackOrigin: string,
+): Promise<Response> {
+	const target = new URL(url.toString());
+	target.hostname = fallbackOrigin;
+
+	const headers = new Headers(request.headers);
+	headers.delete("host");
+	headers.set("x-forwarded-host", url.hostname);
+
+	const init: RequestInit = {
+		method: request.method,
+		headers,
+	};
+	if (request.method !== "GET" && request.method !== "HEAD") {
+		init.body = request.body;
+		// @ts-expect-error -- needed for streaming body in Workers
+		init.duplex = "half";
+	}
+	const response = await fetch(target.toString(), init);
+
+	const ct = response.headers.get("content-type") ?? "";
+	const isText =
+		ct.includes("text/") || ct.includes("json") || ct.includes("javascript");
+
+	let body: BodyInit | null = response.body;
+	if (isText && response.body) {
+		const text = await response.text();
+		body = text.replaceAll(fallbackOrigin, url.hostname);
+	}
+
+	const rewritten = new Response(body, response);
+
+	const setCookies = response.headers.getSetCookie?.() ?? [];
+	if (setCookies.length > 0) {
+		rewritten.headers.delete("set-cookie");
+		for (const cookie of setCookies) {
+			rewritten.headers.append(
+				"set-cookie",
+				cookie.replace(
+					new RegExp(
+						`Domain=\\.?${fallbackOrigin.replace(/\./g, "\\.")}`,
+						"gi",
+					),
+					`Domain=.${url.hostname}`,
+				),
+			);
+		}
+	}
+
+	const location = response.headers.get("location");
+	if (location?.includes(fallbackOrigin)) {
+		rewritten.headers.set(
+			"location",
+			location.replaceAll(fallbackOrigin, url.hostname),
+		);
+	}
+
+	return rewritten;
+}
+
+// ---------------------------------------------------------------------------
+// Main wrapper
+// ---------------------------------------------------------------------------
+
+/**
+ * Wrap a Deco worker entry with A/B testing support.
+ *
+ * Reads config from Cloudflare KV by hostname, assigns buckets,
+ * and proxies fallback traffic to the legacy origin.
+ *
+ * When no KV binding is available or no config exists for the hostname,
+ * all traffic goes directly to the inner handler (no A/B).
+ */
+export function withABTesting(
+	handler: WorkerHandler,
+	config: ABTestConfig = {},
+): WorkerHandler {
+	const {
+		kvBinding = "SITES_KV",
+		cookieName = "_deco_bucket",
+		cookieMaxAge = 86400,
+		circuitBreaker = true,
+		shouldBypassAB,
+		preHandler,
+	} = config;
+
+	return {
+		async fetch(
+			request: Request,
+			env: Record<string, unknown>,
+			ctx: WorkerExecutionContext,
+		): Promise<Response> {
+			const url = new URL(request.url);
+
+			// Pre-handler (e.g. CMS redirects) — runs before A/B
+			if (preHandler) {
+				const pre = await preHandler(request, url);
+				if (pre) return pre;
+			}
+
+			const kv = env[kvBinding] as KVNamespace | undefined;
+			if (!kv) {
+				return handler.fetch(request, env, ctx);
+			}
+
+			const siteConfig = await kv.get<SiteConfig>(url.hostname, "json");
+			if (!siteConfig?.fallbackOrigin) {
+				return handler.fetch(request, env, ctx);
+			}
+
+			// Bypass A/B for certain paths (e.g. checkout, API)
+			if (shouldBypassAB?.(request, url)) {
+				return handler.fetch(request, env, ctx);
+			}
+
+			const ratio = siteConfig.abTest?.ratio ?? 0;
+			const bucket = getStableBucket(request, ratio, url, cookieName);
+
+			try {
+				if (bucket === "fallback") {
+					const response = await proxyToFallback(
+						request,
+						url,
+						siteConfig.fallbackOrigin,
+					);
+					return tagBucket(
+						response,
+						bucket,
+						url.hostname,
+						request,
+						cookieName,
+						cookieMaxAge,
+					);
+				}
+
+				// Worker bucket
+				try {
+					const response = await handler.fetch(request, env, ctx);
+					return tagBucket(
+						response,
+						bucket,
+						url.hostname,
+						request,
+						cookieName,
+						cookieMaxAge,
+					);
+				} catch (err) {
+					if (!circuitBreaker) throw err;
+					console.error(
+						"[A/B] Worker error, circuit breaker → fallback:",
+						err,
+					);
+					const response = await proxyToFallback(
+						request,
+						url,
+						siteConfig.fallbackOrigin,
+					);
+					return tagBucket(
+						response,
+						"fallback",
+						url.hostname,
+						request,
+						cookieName,
+						cookieMaxAge,
+					);
+				}
+			} catch (err) {
+				console.error(
+					"[A/B] Fatal proxy error, passing through to handler:",
+					err,
+				);
+				return handler.fetch(request, env, ctx);
+			}
+		},
+	};
+}