@doswiftly/cli 0.2.6 → 1.0.0

package/templates/storefront-nextjs-shadcn/components/cart/cart-line.fragment.graphql

@@ -18,11 +18,11 @@ fragment CartLineFields on CartLine {
   productTitle
   productHandle
   productType
-  merchandise {
+  variant {
     id
     title
-    available
-    quantityAvailable
+    isAvailable
+    availableStock
     price {
       amount
       currencyCode
@@ -38,15 +38,15 @@ fragment CartLineFields on CartLine {
     }
   }
   cost {
-    amountPerQuantity {
+    pricePerUnit {
       amount
       currencyCode
     }
-    totalAmount {
+    total {
       amount
       currencyCode
     }
-    compareAtAmountPerQuantity {
+    compareAtPricePerUnit {
       amount
       currencyCode
     }

package/templates/storefront-nextjs-shadcn/components/discount/discount-code-input.tsx

@@ -22,7 +22,7 @@ import { Alert, AlertDescription } from "@/components/ui/alert";
 import { formatPrice } from "@doswiftly/storefront-sdk";
 
 export interface DiscountValidationResult {
-  valid: boolean;
+  isValid: boolean;
   code?: string;
   discountType?: "PERCENTAGE" | "FIXED_AMOUNT" | "FREE_SHIPPING";
   discountValue?: number;
@@ -101,7 +101,7 @@ export function DiscountCodeInput({
         const result = await onValidate(trimmedCode);
         setValidationResult(result);
 
-        if (!result.valid) {
+        if (!result.isValid) {
           setError(result.errorMessage || t("invalidCode"));
         }
       } catch (e: unknown) {
@@ -111,7 +111,7 @@ export function DiscountCodeInput({
       }
     } else {
       // No validation function, assume valid
-      setValidationResult({ valid: true, code: trimmedCode });
+      setValidationResult({ isValid: true, code: trimmedCode });
     }
   }, [code, appliedCodes, onValidate]);
 
@@ -119,12 +119,12 @@ export function DiscountCodeInput({
     const trimmedCode = code.trim().toUpperCase();
 
     // If not yet validated, validate first
-    if (!validationResult?.valid) {
+    if (!validationResult?.isValid) {
       await handleValidate();
       return;
     }
 
-    if (validationResult.valid) {
+    if (validationResult.isValid) {
       await onApply(trimmedCode);
       // Reset state after successful apply
       setCode("");
@@ -148,7 +148,7 @@ export function DiscountCodeInput({
 
   // Format discount value for display
   const getDiscountPreview = () => {
-    if (!validationResult?.valid) return null;
+    if (!validationResult?.isValid) return null;
 
     if (validationResult.estimatedSavings) {
       return t("savings", { savings: formatPrice(validationResult.estimatedSavings) });
@@ -185,7 +185,7 @@ export function DiscountCodeInput({
             disabled={disabled || isLoading}
             className={cn(
               "pl-9 pr-8 uppercase",
-              validationResult?.valid && "border-green-500 focus-visible:ring-green-500",
+              validationResult?.isValid && "border-green-500 focus-visible:ring-green-500",
               error && "border-destructive focus-visible:ring-destructive"
             )}
           />
@@ -203,11 +203,11 @@ export function DiscountCodeInput({
           type="button"
           onClick={handleApply}
           disabled={disabled || isLoading || !code.trim()}
-          variant={validationResult?.valid ? "default" : "secondary"}
+          variant={validationResult?.isValid ? "default" : "secondary"}
         >
           {isLoading ? (
             <Loader2 className="h-4 w-4 animate-spin" />
-          ) : validationResult?.valid ? (
+          ) : validationResult?.isValid ? (
             <>
               <Check className="mr-2 h-4 w-4" />
               {tc("apply")}
@@ -219,7 +219,7 @@ export function DiscountCodeInput({
       </div>
 
       {/* Validation result - success preview */}
-      {validationResult?.valid && (
+      {validationResult?.isValid && (
         <Alert className="border-green-500 bg-green-50 dark:bg-green-950/20">
           <Check className="h-4 w-4 text-green-600" />
           <AlertDescription className="text-green-700 dark:text-green-400">

package/templates/storefront-nextjs-shadcn/components/gift-card/gift-card-input.tsx

@@ -24,7 +24,7 @@ type GiftCardStatus = "ACTIVE" | "USED" | "EXPIRED" | "DISABLED";
  * Gift card validation result
  */
 export interface GiftCardValidationResult {
-  valid: boolean;
+  isValid: boolean;
   code: string;
   availableBalance?: {
     amount: string;
@@ -144,7 +144,7 @@ export function GiftCardInput({
       const result = await onValidate(code);
       setValidation(result);
 
-      if (!result.valid && result.error) {
+      if (!result.isValid && result.error) {
         setError(result.error.message);
       }
     } catch (err: unknown) {
@@ -158,7 +158,7 @@ export function GiftCardInput({
    * Apply the validated gift card
    */
   const handleApply = useCallback(() => {
-    if (validation?.valid) {
+    if (validation?.isValid) {
       onApply(code, validation);
       setCode("");
       setValidation(null);
@@ -172,7 +172,7 @@ export function GiftCardInput({
     (e: React.KeyboardEvent) => {
       if (e.key === "Enter") {
         e.preventDefault();
-        if (validation?.valid) {
+        if (validation?.isValid) {
           handleApply();
         } else {
           handleValidate();
@@ -201,13 +201,13 @@ export function GiftCardInput({
         </div>
         <Button
           type="button"
-          variant={validation?.valid ? "default" : "outline"}
-          onClick={validation?.valid ? handleApply : handleValidate}
+          variant={validation?.isValid ? "default" : "outline"}
+          onClick={validation?.isValid ? handleApply : handleValidate}
           disabled={disabled || isValidating || !code}
         >
           {isValidating ? (
             <Loader2 className="h-4 w-4 animate-spin" />
-          ) : validation?.valid ? (
+          ) : validation?.isValid ? (
             <>
               <Check className="mr-2 h-4 w-4" />
               {tc("apply")}
@@ -223,12 +223,12 @@ export function GiftCardInput({
         <div
           className={cn(
             "rounded-lg p-3 text-sm",
-            validation.valid
+            validation.isValid
               ? "bg-green-50 dark:bg-green-900/20 text-green-800 dark:text-green-200"
               : "bg-red-50 dark:bg-red-900/20 text-red-800 dark:text-red-200"
           )}
         >
-          {validation.valid ? (
+          {validation.isValid ? (
             <div className="flex items-center justify-between">
               <div className="flex items-center gap-2">
                 <Check className="h-4 w-4" />

package/templates/storefront-nextjs-shadcn/components/order/delivery-estimate.tsx

@@ -9,7 +9,7 @@ export interface DeliveryEstimateProps {
   latestDate?: string;
   address?: {
     city: string;
-    province: string;
+    state: string;
     country: string;
   };
   className?: string;
@@ -97,7 +97,7 @@ export function DeliveryEstimate({
             <div className="flex items-start gap-2 text-sm text-muted-foreground">
               <MapPin className="h-4 w-4 mt-0.5 flex-shrink-0" />
               <span>
-                Delivering to {address.city}, {address.province},{" "}
+                Delivering to {address.city}, {address.state},{" "}
                 {address.country}
               </span>
             </div>

package/templates/storefront-nextjs-shadcn/components/product/product-card.tsx

@@ -45,7 +45,7 @@ export function ProductCard({
     (tag) => tag.toLowerCase() === "new" || tag.toLowerCase() === "nowość"
   );
 
-  const isOutOfStock = !product.availableForSale;
+  const isOutOfStock = !product.isAvailable;
   const isGiftCard = product.productType === "GIFT_CARD";
 
   return (

package/templates/storefront-nextjs-shadcn/components/seo/product-json-ld.ts

@@ -84,7 +84,7 @@ export function buildProductJsonLd(
     url: productUrl,
     priceCurrency: variant.price.currencyCode,
     price: variant.price.amount,
-    availability: variant.availableForSale
+    availability: variant.isAvailable
       ? "https://schema.org/InStock"
       : "https://schema.org/OutOfStock",
     ...(variant.sku && { sku: variant.sku }),

package/templates/storefront-nextjs-shadcn/hooks/use-auth-sync.ts

@@ -1,42 +1,60 @@
 'use client';
 
 import { useEffect } from 'react';
-import { useRouter } from 'next/navigation';
 import { useAuthStore, useAuthHydrated } from '@doswiftly/storefront-sdk/react';
-import { createAuthTokenClient } from '@doswiftly/storefront-sdk';
-
-const { clearToken } = createAuthTokenClient();
 
 /**
- * Detects and fixes auth state desync between httpOnly cookie and Zustand store.
+ * Hydrate Zustand auth store z httpOnly cookie po mount klienta.
+ *
+ * Po Iteracji 2 (XSS fix) `accessToken` NIE persistuje w localStorage —
+ * token żyje tylko w-memory + httpOnly cookie (browser auto-sent w GraphQL
+ * requests). Po refresh page klient nie zna `customer` info bez round-trip.
  *
- * When server says authenticated (cookie exists → initialIsAuthenticated: true)
- * but store has no accessToken after persist hydration (localStorage empty/cleared),
- * the client can't make authenticated GraphQL requests.
+ * Hook wywołuje `/api/auth/whoami` (BFF endpoint reads cookie server-side,
+ * forward Bearer do backend, return customer + isAuthenticated). Następnie
+ * setAuth() aktualizuje store. Auth-protected queries (`enabled: isAuthenticated`)
+ * unblockują się po hydration.
  *
- * Fix: clear the stale cookie, reset auth state, redirect to login.
- * The user re-authenticates once, which correctly populates both cookie AND localStorage.
+ * Token NIE jest body response — kontynuuje życie w cookie. Klient operuje
+ * na samym `customer` info (display name, avatar etc.) i `isAuthenticated`
+ * gate; każdy GraphQL request automatycznie forward'uje cookie.
  */
 export function useAuthSync() {
-  const router = useRouter();
-  const isAuthenticated = useAuthStore((s) => s.isAuthenticated);
-  const accessToken = useAuthStore((s) => s.accessToken);
+  const setAuth = useAuthStore((s) => s.setAuth);
   const clearAuth = useAuthStore((s) => s.clearAuth);
+  const isAuthenticated = useAuthStore((s) => s.isAuthenticated);
+  const customer = useAuthStore((s) => s.customer);
   const authHydrated = useAuthHydrated();
 
   useEffect(() => {
     if (!authHydrated) return;
 
-    // Desync: cookie exists (isAuthenticated: true from server) but no token in store
-    if (isAuthenticated && !accessToken) {
-      // Reset store state immediately
-      clearAuth();
-      // Clear stale cookie THEN redirect — must await so proxy sees cleared cookie
-      clearToken()
-        .catch(() => {})
-        .finally(() => {
-          router.push('/auth/login');
-        });
-    }
-  }, [authHydrated, isAuthenticated, accessToken, clearAuth, router]);
+    // Skip jeśli store już zhydrate'owany z customer info (po świeżym login flow
+    // setAuth populuje store; cookie + store w sync, no-op).
+    if (isAuthenticated && customer) return;
+
+    let cancelled = false;
+
+    void fetch('/api/auth/whoami', { credentials: 'include' })
+      .then((res) => res.json())
+      .then((data: { isAuthenticated: boolean; customer: { id: string; email: string; firstName?: string; lastName?: string; phone?: string } | null }) => {
+        if (cancelled) return;
+
+        if (data.isAuthenticated && data.customer) {
+          // Token nie wraca w body — store dostaje tylko customer info.
+          // Empty `''` accessToken sygnalizuje "auth via cookie" (in-memory state OK,
+          // GraphQL requests używają cookie auto-sent przez fetch credentials: include).
+          setAuth(data.customer, '');
+        } else {
+          clearAuth();
+        }
+      })
+      .catch(() => {
+        // Network error — leave store as-is, retry on next mount
+      });
+
+    return () => {
+      cancelled = true;
+    };
+  }, [authHydrated, isAuthenticated, customer, setAuth, clearAuth]);
 }

package/templates/storefront-nextjs-shadcn/hooks/use-cart-actions.ts

@@ -42,7 +42,7 @@ export function useCartActions() {
     ) => {
       await api.getState().addToCart([
         {
-          merchandiseId: variantId,
+          variantId: variantId,
           quantity,
           ...(attributeSelections && attributeSelections.length > 0
             ? { attributeSelections }

package/templates/storefront-nextjs-shadcn/hooks/use-cart-sync.ts

@@ -9,7 +9,7 @@ import type { CartLineFields } from "@/lib/graphql/fragments";
 /**
  * Per-line attribute selection surfaced to cart UI (configurator choices).
  * Mirroruje CartLine.attributeSelections z GraphQL, ale ograniczony do pól
- * potrzebnych do wyświetlania — surchargeAmount kumulowany w cost.totalAmount
+ * potrzebnych do wyświetlania — surchargeAmount kumulowany w cost.total
  * (BUNDLED) lub emitowany jako child OrderItem po checkout (SEPARATE_LINE).
  */
 export interface CartItemAttributeSelection {
@@ -74,7 +74,7 @@ export function useCartSync() {
 
   // Map GraphQL lines to display-friendly items
   const items: CartItemData[] = (cart?.lines ?? []).map((line: CartLineFields) => {
-    const merchandiseTitle = line.merchandise.title ?? "";
+    const merchandiseTitle = line.variant.title ?? "";
     // Hide generic variant names like "Default" or "Default Title"
     const isDefaultVariant = /^default(\s+title)?$/i.test(merchandiseTitle);
     const productTitle = line.productTitle || merchandiseTitle;
@@ -82,19 +82,19 @@ export function useCartSync() {
 
     return {
       lineId: line.id,
-      variantId: line.merchandise.id,
-      productId: line.productId || line.merchandise.id,
+      variantId: line.variant.id,
+      productId: line.productId || line.variant.id,
       productHandle: line.productHandle ?? undefined,
       productTitle,
       variantTitle,
       productType: line.productType ?? undefined,
       quantity: line.quantity,
       price: {
-        amount: line.merchandise.price.amount,
-        currencyCode: line.merchandise.price.currencyCode,
+        amount: line.variant.price.amount,
+        currencyCode: line.variant.price.currencyCode,
       },
-      image: line.merchandise.image || null,
-      available: line.merchandise.available,
+      image: line.variant.image || null,
+      available: line.variant.isAvailable,
       // Faza 1 — configurator selections (backend snapshot).
       attributeSelections: (line.attributeSelections ?? []).map((sel) => ({
         attributeDefinitionId: sel.attributeDefinitionId,
@@ -108,17 +108,17 @@ export function useCartSync() {
   });
 
   const totalQuantity = cart?.totalQuantity ?? 0;
-  const subtotal = cart?.cost?.subtotalAmount
-    ? parseFloat(cart.cost.subtotalAmount.amount)
+  const subtotal = cart?.cost?.subtotal
+    ? parseFloat(cart.cost.subtotal.amount)
     : 0;
-  const total = cart?.cost?.totalAmount
-    ? parseFloat(cart.cost.totalAmount.amount)
+  const total = cart?.cost?.total
+    ? parseFloat(cart.cost.total.amount)
     : subtotal;
-  const currency = cart?.cost?.subtotalAmount?.currencyCode ?? "PLN";
+  const currency = cart?.cost?.subtotal?.currencyCode ?? "PLN";
 
   // Discount data from server
   const discountCodes: string[] = (cart?.discountCodes ?? [])
-    .filter((dc) => dc.applicable)
+    .filter((dc) => dc.isApplicable)
     .map((dc) => dc.code);
   const totalDiscount = subtotal - total;
 

package/templates/storefront-nextjs-shadcn/lib/graphql/hooks.ts

@@ -925,15 +925,14 @@ export function useCustomer(
   options?: Omit<UseQueryOptions<CustomerQuery>, 'queryKey' | 'queryFn' | 'enabled'>
 ) {
   const execute = useExecute();
-  const accessToken = useAuthStore((s) => s.accessToken);
+  // Token nie jest argumentem mutacji (auth context via httpOnly cookie / Bearer header).
+  // `isAuthenticated` flag (persisted) używamy do gate query — uniknąć round-trip dla guesta.
+  const isAuthenticated = useAuthStore((s) => s.isAuthenticated);
 
   return useQuery({
-    queryKey: queryKeys.customer.detail(accessToken || ''),
-    queryFn: () =>
-      execute<CustomerQuery>(CustomerDocument.toString(), {
-        customerAccessToken: accessToken!,
-      } as CustomerQueryVariables),
-    enabled: !!accessToken,
+    queryKey: queryKeys.customer.detail(isAuthenticated ? 'me' : 'guest'),
+    queryFn: () => execute<CustomerQuery>(CustomerDocument.toString()),
+    enabled: isAuthenticated,
     ...options,
   });
 }
@@ -946,15 +945,12 @@ export function useCustomerProfile(
   options?: Omit<UseQueryOptions<CustomerProfileQuery>, 'queryKey' | 'queryFn' | 'enabled'>
 ) {
   const execute = useExecute();
-  const accessToken = useAuthStore((s) => s.accessToken);
+  const isAuthenticated = useAuthStore((s) => s.isAuthenticated);
 
   return useQuery({
-    queryKey: queryKeys.customer.detail(accessToken || ''),
-    queryFn: () =>
-      execute<CustomerProfileQuery>(CustomerProfileDocument.toString(), {
-        customerAccessToken: accessToken!,
-      } as CustomerProfileQueryVariables),
-    enabled: !!accessToken,
+    queryKey: queryKeys.customer.detail(isAuthenticated ? 'me' : 'guest'),
+    queryFn: () => execute<CustomerProfileQuery>(CustomerProfileDocument.toString()),
+    enabled: isAuthenticated,
     ...options,
   });
 }
@@ -968,7 +964,7 @@ export function useCustomerOrder(
   options?: Omit<UseQueryOptions<CustomerOrderQuery>, 'queryKey' | 'queryFn' | 'enabled'>
 ) {
   const execute = useExecute();
-  const accessToken = useAuthStore((s) => s.accessToken);
+  const isAuthenticated = useAuthStore((s) => s.isAuthenticated);
   const currency = useCurrencyStore((s) => s.currency);
 
   return useQuery({
@@ -976,9 +972,8 @@ export function useCustomerOrder(
     queryFn: () =>
       execute<CustomerOrderQuery>(CustomerOrderDocument.toString(), {
         orderId,
-        customerAccessToken: accessToken!,
       } as CustomerOrderQueryVariables),
-    enabled: !!accessToken && !!orderId,
+    enabled: isAuthenticated && !!orderId,
     ...options,
   });
 }
@@ -991,14 +986,12 @@ export function useCustomerUpdate(
   options?: UseMutationOptions<CustomerUpdateMutation, Error, CustomerUpdateInput>
 ) {
   const execute = useExecute();
-  const { accessToken } = useAuthStore();
   const queryClient = useQueryClient();
 
   return useMutation({
     mutationFn: (customer: CustomerUpdateInput) =>
       execute<CustomerUpdateMutation>(CustomerUpdateDocument.toString(), {
         customer,
-        customerAccessToken: accessToken!,
       } as CustomerUpdateMutationVariables),
     onSettled: () => {
       queryClient.invalidateQueries({ queryKey: queryKeys.customer.all() });
@@ -1014,14 +1007,13 @@ export function useCustomerAddressCreate(
   options?: UseMutationOptions<CustomerAddressCreateMutation, Error, { address: Record<string, unknown> }>
 ) {
   const execute = useExecute();
-  const { accessToken } = useAuthStore();
   const queryClient = useQueryClient();
 
   return useMutation({
     mutationFn: ({ address }: { address: Record<string, unknown> }) =>
       execute<CustomerAddressCreateMutation>(
         CustomerAddressCreateDocument.toString(),
-        { address, customerAccessToken: accessToken! } as CustomerAddressCreateMutationVariables,
+        { address } as CustomerAddressCreateMutationVariables,
       ),
     onSettled: () => {
       queryClient.invalidateQueries({ queryKey: queryKeys.customer.all() });
@@ -1037,14 +1029,13 @@ export function useCustomerAddressUpdate(
   options?: UseMutationOptions<CustomerAddressUpdateMutation, Error, { id: string; address: Record<string, unknown> }>
 ) {
   const execute = useExecute();
-  const { accessToken } = useAuthStore();
   const queryClient = useQueryClient();
 
   return useMutation({
     mutationFn: ({ id, address }: { id: string; address: Record<string, unknown> }) =>
       execute<CustomerAddressUpdateMutation>(
         CustomerAddressUpdateDocument.toString(),
-        { id, address, customerAccessToken: accessToken! } as CustomerAddressUpdateMutationVariables,
+        { id, address } as CustomerAddressUpdateMutationVariables,
       ),
     onSettled: () => {
       queryClient.invalidateQueries({ queryKey: queryKeys.customer.all() });
@@ -1060,14 +1051,13 @@ export function useCustomerAddressDelete(
   options?: UseMutationOptions<CustomerAddressDeleteMutation, Error, string>
 ) {
   const execute = useExecute();
-  const { accessToken } = useAuthStore();
   const queryClient = useQueryClient();
 
   return useMutation({
     mutationFn: (id: string) =>
       execute<CustomerAddressDeleteMutation>(
         CustomerAddressDeleteDocument.toString(),
-        { id, customerAccessToken: accessToken! } as CustomerAddressDeleteMutationVariables,
+        { id } as CustomerAddressDeleteMutationVariables,
       ),
     onSettled: () => {
       queryClient.invalidateQueries({ queryKey: queryKeys.customer.all() });
@@ -1083,14 +1073,13 @@ export function useCustomerDefaultAddressUpdate(
   options?: UseMutationOptions<CustomerDefaultAddressUpdateMutation, Error, string>
 ) {
   const execute = useExecute();
-  const { accessToken } = useAuthStore();
   const queryClient = useQueryClient();
 
   return useMutation({
     mutationFn: (addressId: string) =>
       execute<CustomerDefaultAddressUpdateMutation>(
         CustomerDefaultAddressUpdateDocument.toString(),
-        { addressId, customerAccessToken: accessToken! } as CustomerDefaultAddressUpdateMutationVariables,
+        { addressId } as CustomerDefaultAddressUpdateMutationVariables,
       ),
     onSettled: () => {
       queryClient.invalidateQueries({ queryKey: queryKeys.customer.all() });
@@ -1144,13 +1133,13 @@ export function useLoyaltyMember(
   options?: Omit<UseQueryOptions<LoyaltyMemberQuery>, 'queryKey' | 'queryFn' | 'enabled'>
 ) {
   const execute = useExecute();
-  const accessToken = useAuthStore((s) => s.accessToken);
+  const isAuthenticated = useAuthStore((s) => s.isAuthenticated);
   const currency = useCurrencyStore((s) => s.currency);
 
   return useQuery({
     queryKey: queryKeys.loyalty.member(currency),
     queryFn: () => execute<LoyaltyMemberQuery>(LoyaltyMemberDocument.toString()),
-    enabled: !!accessToken,
+    enabled: isAuthenticated,
     ...options,
   });
 }
@@ -1162,13 +1151,13 @@ export function useLoyaltyRewards(
   options?: Omit<UseQueryOptions<LoyaltyRewardsQuery>, 'queryKey' | 'queryFn' | 'enabled'>
 ) {
   const execute = useExecute();
-  const accessToken = useAuthStore((s) => s.accessToken);
+  const isAuthenticated = useAuthStore((s) => s.isAuthenticated);
   const currency = useCurrencyStore((s) => s.currency);
 
   return useQuery({
     queryKey: queryKeys.loyalty.rewards(currency),
     queryFn: () => execute<LoyaltyRewardsQuery>(LoyaltyRewardsDocument.toString()),
-    enabled: !!accessToken,
+    enabled: isAuthenticated,
     ...options,
   });
 }
@@ -1181,7 +1170,7 @@ export function useLoyaltyTransactions(
   options?: Omit<UseQueryOptions<LoyaltyTransactionsQuery>, 'queryKey' | 'queryFn' | 'enabled'>
 ) {
   const execute = useExecute();
-  const accessToken = useAuthStore((s) => s.accessToken);
+  const isAuthenticated = useAuthStore((s) => s.isAuthenticated);
   const currency = useCurrencyStore((s) => s.currency);
 
   return useQuery({
@@ -1193,7 +1182,7 @@ export function useLoyaltyTransactions(
       };
       return execute<LoyaltyTransactionsQuery>(LoyaltyTransactionsDocument.toString(), graphqlVariables);
     },
-    enabled: !!accessToken,
+    enabled: isAuthenticated,
     ...options,
   });
 }
@@ -1220,12 +1209,12 @@ export function useReferralStats(
   options?: Omit<UseQueryOptions<ReferralStatsQuery>, 'queryKey' | 'queryFn' | 'enabled'>
 ) {
   const execute = useExecute();
-  const accessToken = useAuthStore((s) => s.accessToken);
+  const isAuthenticated = useAuthStore((s) => s.isAuthenticated);
 
   return useQuery({
     queryKey: queryKeys.loyalty.referralStats(),
     queryFn: () => execute<ReferralStatsQuery>(ReferralStatsDocument.toString()),
-    enabled: !!accessToken,
+    enabled: isAuthenticated,
     ...options,
   });
 }

package/templates/storefront-nextjs-shadcn/lib/graphql/server.ts

@@ -203,11 +203,28 @@ export const fetchAvailableFilters = cache(async (
 });
 
 /**
- * Fetch customer data (requires access token)
+ * Fetch customer data (requires authenticated session — httpOnly cookie OR explicit Bearer token).
+ *
+ * Server Components: czytaj `customerAccessToken` cookie via Next.js `cookies()` API,
+ * forward jako `Authorization: Bearer` do backend. Klient nie ma JS-access do cookie
+ * (XSS-safe), ale Next.js server może go odczytać via `cookies().get()`.
+ *
+ * @param accessToken Optional — gdy SSR helper ma już token (np. po login redirect SSR);
+ *                    domyślnie czyta z `cookies()` (App Router).
  */
-export const fetchCustomer = cache(async (accessToken: string): Promise<CustomerQuery> => {
-  const variables: CustomerQueryVariables = { customerAccessToken: accessToken };
-  return request(CustomerDocument, variables);
+export const fetchCustomer = cache(async (accessToken?: string): Promise<CustomerQuery> => {
+  let token = accessToken;
+  if (!token) {
+    const { cookies } = await import('next/headers');
+    const cookieStore = await cookies();
+    token = cookieStore.get('customerAccessToken')?.value;
+  }
+
+  return request(
+    CustomerDocument,
+    {} as CustomerQueryVariables,
+    token ? { Authorization: `Bearer ${token}` } : undefined,
+  );
 });
 
 // ============================================================================

package/templates/storefront-nextjs-shadcn/messages/en.json

@@ -241,15 +241,15 @@
       "firstName": "First Name",
       "lastName": "Last Name",
       "company": "Company",
-      "address1": "Address",
-      "address1Placeholder": "Street and number",
-      "address2": "Apartment, floor",
-      "zip": "Postal Code",
-      "zipPlaceholder": "00000",
+      "streetLine1": "Address",
+      "streetLine1Placeholder": "Street and number",
+      "streetLine2": "Apartment, floor",
+      "postalCode": "Postal Code",
+      "postalCodePlaceholder": "00000",
       "city": "City",
       "country": "Country",
       "countryPlaceholder": "Select country",
-      "province": "State/Province",
+      "state": "State/Province",
       "phone": "Phone"
     },
     "validation": {