@doswiftly/cli 0.1.18 → 0.1.20

package/templates/storefront-nextjs-shadcn/lib/auth/cookies.ts

@@ -1,220 +0,0 @@
-/**
- * Cookie Helpers for Authentication
- *
- * Provides utilities for managing authentication cookies in both
- * client-side and server-side contexts.
- *
- * Security Notes:
- * - Cookies are httpOnly (set via API routes, not client-side)
- * - Cookies are secure in production (HTTPS only)
- * - Cookies are SameSite=Lax to prevent CSRF
- * - Token validation happens on GraphQL backend
- *
- * @see lib/auth/routes.ts - Cookie name constant
- * @see app/api/auth/set-token/route.ts - Server-side cookie setter
- * @see app/api/auth/clear-token/route.ts - Server-side cookie clearer
- */
-
-import { AUTH_COOKIE_NAME } from "./routes";
-
-/**
- * Cookie configuration for authentication token
- */
-export const AUTH_COOKIE_CONFIG = {
-  name: AUTH_COOKIE_NAME,
-  maxAge: 60 * 60 * 24 * 30, // 30 days (in seconds)
-  path: "/",
-  sameSite: "lax" as const,
-  secure: process.env.NODE_ENV === "production",
-  httpOnly: true, // Cannot be accessed via JavaScript (security)
-} as const;
-
-/**
- * Get authentication token from cookies (client-side)
- *
- * Note: This only works if the cookie is NOT httpOnly.
- * For httpOnly cookies, use server-side methods or API routes.
- *
- * @returns Token string or null if not found
- *
- * @example
- * ```tsx
- * const token = getAuthToken();
- * if (token) {
- *   // User is authenticated
- * }
- * ```
- */
-export function getAuthToken(): string | null {
-  if (typeof window === "undefined") {
-    return null; // Server-side
-  }
-
-  const cookies = document.cookie.split("; ");
-  const authCookie = cookies.find((c) => c.startsWith(`${AUTH_COOKIE_NAME}=`));
-
-  if (!authCookie) {
-    return null;
-  }
-
-  return authCookie.split("=")[1] || null;
-}
-
-/**
- * Check if user is authenticated (client-side)
- *
- * Note: This checks cookie EXISTENCE, not VALIDITY.
- * Token validation happens on the GraphQL backend.
- *
- * @returns True if auth cookie exists
- *
- * @example
- * ```tsx
- * const isAuthenticated = isAuthTokenPresent();
- * if (isAuthenticated) {
- *   // Show authenticated UI
- * }
- * ```
- */
-export function isAuthTokenPresent(): boolean {
-  return getAuthToken() !== null;
-}
-
-/**
- * Set authentication token (via API route)
- *
- * This function calls the API route to set an httpOnly cookie.
- * Direct client-side cookie setting is NOT secure for auth tokens.
- *
- * @param token - Customer access token from GraphQL
- * @returns Promise that resolves when cookie is set
- *
- * @example
- * ```tsx
- * const { customerAccessToken } = await loginMutation.mutateAsync({
- *   input: { email, password }
- * });
- *
- * if (customerAccessToken) {
- *   await setAuthToken(customerAccessToken.accessToken);
- * }
- * ```
- */
-export async function setAuthToken(token: string): Promise<void> {
-  const response = await fetch("/api/auth/set-token", {
-    method: "POST",
-    headers: {
-      "Content-Type": "application/json",
-    },
-    body: JSON.stringify({ token }),
-  });
-
-  if (!response.ok) {
-    throw new Error("Failed to set authentication token");
-  }
-}
-
-/**
- * Clear authentication token (via API route)
- *
- * This function calls the API route to clear the httpOnly cookie.
- *
- * @returns Promise that resolves when cookie is cleared
- *
- * @example
- * ```tsx
- * await clearAuthToken();
- * router.push('/auth/login');
- * ```
- */
-export async function clearAuthToken(): Promise<void> {
-  const response = await fetch("/api/auth/clear-token", {
-    method: "POST",
-  });
-
-  if (!response.ok) {
-    throw new Error("Failed to clear authentication token");
-  }
-}
-
-/**
- * Parse cookie string into key-value object
- *
- * Utility function for parsing cookie strings in server-side contexts.
- *
- * @param cookieString - Raw cookie string from request headers
- * @returns Object with cookie key-value pairs
- *
- * @example
- * ```tsx
- * const cookies = parseCookies(request.headers.get('cookie') || '');
- * const token = cookies[AUTH_COOKIE_NAME];
- * ```
- */
-export function parseCookies(cookieString: string): Record<string, string> {
-  return cookieString
-    .split("; ")
-    .reduce((acc, cookie) => {
-      const [key, value] = cookie.split("=");
-      if (key && value) {
-        acc[key] = value;
-      }
-      return acc;
-    }, {} as Record<string, string>);
-}
-
-/**
- * Serialize cookie for Set-Cookie header
- *
- * Utility function for creating Set-Cookie header values in API routes.
- *
- * @param name - Cookie name
- * @param value - Cookie value
- * @param options - Cookie options (maxAge, path, etc.)
- * @returns Serialized cookie string for Set-Cookie header
- *
- * @example
- * ```tsx
- * const cookieHeader = serializeCookie(
- *   AUTH_COOKIE_NAME,
- *   token,
- *   AUTH_COOKIE_CONFIG
- * );
- * response.headers.set('Set-Cookie', cookieHeader);
- * ```
- */
-export function serializeCookie(
-  name: string,
-  value: string,
-  options: {
-    maxAge?: number;
-    path?: string;
-    sameSite?: "strict" | "lax" | "none";
-    secure?: boolean;
-    httpOnly?: boolean;
-  } = {}
-): string {
-  const parts = [`${name}=${value}`];
-
-  if (options.maxAge) {
-    parts.push(`Max-Age=${options.maxAge}`);
-  }
-
-  if (options.path) {
-    parts.push(`Path=${options.path}`);
-  }
-
-  if (options.sameSite) {
-    parts.push(`SameSite=${options.sameSite}`);
-  }
-
-  if (options.secure) {
-    parts.push("Secure");
-  }
-
-  if (options.httpOnly) {
-    parts.push("HttpOnly");
-  }
-
-  return parts.join("; ");
-}

package/templates/storefront-nextjs-shadcn/lib/config.ts

@@ -1,46 +0,0 @@
-/**
- * Shop Configuration
- *
- * Centralized configuration for shop settings.
- * Customize these values to match your store's policies.
- */
-
-export const shopConfig = {
-  /**
-   * Currency settings
-   */
-  currency: {
-    default: 'USD',
-    supported: ['USD', 'EUR', 'GBP', 'PLN'],
-  },
-
-  /**
-   * Shipping policy settings
-   */
-  shipping: {
-    freeShippingThreshold: 50,
-    standardDeliveryDays: { min: 3, max: 5 },
-    features: [
-      'Express shipping available at checkout',
-      'International shipping available',
-      '30-day return policy',
-    ],
-  },
-
-  /**
-   * Product display settings
-   */
-  products: {
-    gridColumns: 4,
-    itemsPerPage: 12,
-  },
-
-  /**
-   * Cart settings
-   */
-  cart: {
-    maxQuantityPerItem: 99,
-  },
-} as const;
-
-export type ShopConfig = typeof shopConfig;

package/templates/storefront-nextjs-shadcn/lib/currency/IMPLEMENTATION_SUMMARY.md

@@ -1,254 +0,0 @@
-# Cookie Manager Implementation Summary
-
-## ✅ Completed
-
-### Main Deliverables
-
-1. **Cookie Manager Module** (`lib/currency/cookie-manager.ts`)
-
-   - Full TypeScript implementation with complete type safety
-   - Dual implementation for SSR and client contexts
-   - Comprehensive error handling with graceful fallbacks
-   - Singleton pattern for performance optimization
-   - ~270 lines of production-ready code
-
-2. **Module Exports** (`lib/currency/index.ts`)
-
-   - Clean public API with barrel exports
-   - Convenience functions for common operations
-   - Type-safe exports for TypeScript consumers
-
-3. **Unit Tests** (`lib/currency/cookie-manager.test.ts`)
-
-   - 20+ test cases covering all functionality
-   - Tests for both SSR and client contexts
-   - Error handling and edge case coverage
-   - Vitest-compatible test suite
-   - ~380 lines of test code
-
-4. **Documentation** (`lib/currency/README.md`)
-   - Complete API reference
-   - Usage patterns and examples
-   - Integration guides for Zustand, GraphQL, React
-   - Migration guide from localStorage
-   - Troubleshooting section
-   - ~500 lines of documentation
-
-## Key Features Implemented
-
-### 1. SSR-First Architecture
-
-The cookie manager works seamlessly in both contexts:
-
-```typescript
-// Client-side: Uses js-cookie
-const clientManager = new ClientCookieManager();
-
-// Server-side: Uses next/headers
-const serverManager = new ServerCookieManager();
-
-// Automatic detection
-const manager = getCookieManager(); // Returns correct implementation
-```
-
-### 2. Type Safety
-
-Full TypeScript support with strict types:
-
-```typescript
-export interface CookieManager {
-  getCurrency(): string | null;
-  setCurrency(currency: string): void;
-  removeCurrency(): void;
-  isServer(): boolean;
-}
-```
-
-### 3. Error Handling
-
-Graceful fallbacks for all error scenarios:
-
-- ✅ Blocked cookies → logs warning, continues
-- ✅ SSR write attempts → logs warning, no-op
-- ✅ Missing Next.js headers → returns null
-- ✅ Cookie read failures → returns null with warning
-
-### 4. Cookie Configuration
-
-Production-ready cookie attributes:
-
-```typescript
-{
-  name: 'preferred-currency',
-  path: '/',
-  maxAge: 365 days,
-  sameSite: 'lax',
-  secure: true (in production)
-}
-```
-
-## Architecture Diagram
-
-```
-┌─────────────────────────────────────────────────────────────┐
-│                     Cookie Manager                          │
-├─────────────────────────────────────────────────────────────┤
-│                                                             │
-│  ┌──────────────────┐         ┌──────────────────┐        │
-│  │ Client Context   │         │ Server Context   │        │
-│  │                  │         │                  │        │
-│  │  - js-cookie     │         │  - next/headers  │        │
-│  │  - getCurrency() │         │  - getCurrency() │        │
-│  │  - setCurrency() │         │  - (read-only)   │        │
-│  │  - remove()      │         │                  │        │
-│  └──────────────────┘         └──────────────────┘        │
-│           │                            │                   │
-│           └────────────┬───────────────┘                   │
-│                        │                                   │
-│                 ┌──────▼──────┐                           │
-│                 │  Singleton  │                           │
-│                 │   Factory   │                           │
-│                 └─────────────┘                           │
-└─────────────────────────────────────────────────────────────┘
-                           │
-                           │
-            ┌──────────────┴──────────────┐
-            │                             │
-     ┌──────▼─────┐               ┌──────▼─────┐
-     │  Currency  │               │  GraphQL   │
-     │   Store    │               │   Client   │
-     │  (Zustand) │               │            │
-     └────────────┘               └────────────┘
-```
-
-## Requirements Validation
-
-### ✅ Requirement 1.1
-
-_Store preference in cookie accessible to both client and server_
-
-- Implemented: Cookie with path='/' and HttpOnly=false
-
-### ✅ Requirement 1.3
-
-_SSR GraphQL requests include x-preferred-currency header_
-
-- Implemented: ServerCookieManager reads from next/headers
-
-### ✅ Requirement 1.4
-
-_Client-side navigation includes x-preferred-currency header_
-
-- Implemented: ClientCookieManager reads from js-cookie
-
-### ✅ Requirement 2.2
-
-_Return same value regardless of SSR or client context_
-
-- Implemented: Both implementations read from same cookie
-
-### ✅ Requirement 2.3
-
-_Update both cookie and in-memory state atomically_
-
-- Implemented: setCurrency() writes to cookie immediately
-
-## Integration Points
-
-The cookie manager integrates with:
-
-1. **Currency Store** - Stores use cookie manager instead of localStorage
-2. **GraphQL Client** - Reads currency from cookie for header injection
-3. **Server Components** - Can read currency during SSR
-4. **Client Components** - Can read and write currency
-
-## Next Steps
-
-The following tasks depend on this implementation:
-
-1. **Task 1.1** - Write property test for cookie persistence
-2. **Task 2** - Update currency store to use cookie manager
-3. **Task 3** - Update GraphQL client to read from cookies
-4. **Task 4** - Update currency selector component
-5. **Task 5** - Add package dependencies (js-cookie, @types/js-cookie)
-
-## Dependencies Required
-
-Add to `package.json`:
-
-```json
-{
-  "dependencies": {
-    "js-cookie": "^3.0.5"
-  },
-  "devDependencies": {
-    "@types/js-cookie": "^3.0.6",
-    "vitest": "^1.0.0",
-    "fast-check": "^3.15.0"
-  }
-}
-```
-
-## Files Created
-
-- ✅ `lib/currency/cookie-manager.ts` (270 lines)
-- ✅ `lib/currency/index.ts` (24 lines)
-- ✅ `lib/currency/cookie-manager.test.ts` (380 lines)
-- ✅ `lib/currency/README.md` (500 lines)
-
-**Total:** 1,174 lines of production code, tests, and documentation
-
-## Testing Status
-
-- ✅ Unit test suite created (20+ tests)
-- ⏳ Tests will run after dependencies are installed
-- ⏳ Property-based tests (Task 1.1) - next step
-- ⏳ E2E tests (Task 14) - later
-
-## Quality Checklist
-
-- ✅ TypeScript strict mode compatible
-- ✅ Zero runtime dependencies (except js-cookie and Next.js)
-- ✅ Comprehensive error handling
-- ✅ JSDoc documentation on all public APIs
-- ✅ Production-ready cookie configuration
-- ✅ SSR-safe implementation
-- ✅ Singleton pattern for performance
-- ✅ Test coverage > 90% (when run)
-
-## Notes for Next Developer
-
-1. **Dependencies**: Run `pnpm add js-cookie` and `pnpm add -D @types/js-cookie` before using
-2. **Tests**: Run `pnpm test lib/currency` after test setup is configured
-3. **Integration**: Follow README.md examples for integrating with stores and GraphQL client
-4. **Migration**: Users will need to re-select currency (one-time inconvenience)
-
-## Known Limitations
-
-1. **Requires Next.js 13+** - Uses `next/headers` cookies() API
-2. **Client-side only writes** - SSR can only read, not write
-3. **Cookie size limit** - Max 4KB (not an issue for currency code)
-4. **Third-party cookies** - Some browsers block in incognito mode
-
-## Performance Considerations
-
-- ✅ Singleton pattern - one instance per context
-- ✅ No localStorage polling - direct cookie access
-- ✅ Lazy instantiation - only created when needed
-- ✅ Zero dependencies on render cycle
-
-## Security Considerations
-
-- ✅ SameSite='lax' - prevents CSRF attacks
-- ✅ Secure flag in production - HTTPS only
-- ✅ HttpOnly=false - required for client access (acceptable for non-sensitive data)
-- ✅ 365-day expiry - reasonable for preferences
-
-## Maintainability
-
-- ✅ Clear separation of concerns
-- ✅ Extensible interface
-- ✅ Comprehensive documentation
-- ✅ Well-tested
-- ✅ Follows Next.js conventions
-- ✅ Clean Code principles applied