npm - @doswiftly/storefront-operations - Versions diffs - 22.0.0 → 22.2.0 - Mend

@doswiftly/storefront-operations 22.0.0 → 22.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/AGENTS.md CHANGED Viewed

@@ -27,7 +27,7 @@ consumer's `codegen.ts` references this package's `.graphql` files as
 live in the consumer's repo.
 <!-- AUTOGEN:STATS:BEGIN — auto-regenerated, do not edit by hand -->
-- **Schema version**: 22.0.0
+- **Schema version**: 22.2.0
 - **Queries**: 52
 - **Mutations**: 44
 - **Fragments**: 105

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,51 @@
 # Changelog
+## 22.2.0
+### Minor Changes
+- 27934d1: Server `getStorefrontClient`: forwarded-IP signing is now **opt-in** via `getBuyerIp`.
+  Previously the server client auto-read the buyer IP through `next/headers` on every
+  request. That is a dynamic API and is illegal in statically-generated / ISR routes —
+  it crashed such pages with "Page changed from static to dynamic at runtime".
+  Forwarded-IP is now wired only when you pass `getBuyerIp`, which you should do **only
+  on routes that are already dynamic** (per-request rendered). Without it the client is
+  a fully static-safe, inert pass-through.
+  Migration — to keep forwarding the buyer IP, pass `getBuyerIp` on your dynamic routes:
+  ```typescript
+  import { headers } from "next/headers";
+  getStorefrontClient({
+    apiUrl,
+    shopSlug,
+    getBuyerIp: async () => (await headers()).get("cf-connecting-ip"),
+  });
+  ```
+## 22.1.0
+### Minor Changes
+- 32ee745: Forward the real buyer IP from server-rendered storefronts (per-buyer rate limiting)
+  A server-rendered (BFF) storefront fetches from its own server, so the API sees one
+  source IP for every buyer and per-IP rate limits collapse onto that single address.
+  The server client now forwards the real buyer IP to the API so rate limiting applies
+  per buyer again.
+  **Automatic on the server — no wiring, fully backward-compatible.** Call
+  `getStorefrontClient({ apiUrl, shopSlug })` as before; forwarding configures itself
+  and stays inert when it cannot apply, so existing setups are unaffected. Server-only.
+  Non-Next server runtimes can supply the buyer IP explicitly via `getBuyerIp` (and
+  `getForwardedIpSecret`). The lower-level `forwardedIpMiddleware` is also exported.
+  (`@doswiftly/storefront-operations` is a version-sync bump — no code change.)
 ## 22.0.0
 ### Major Changes

package/llms-full.txt CHANGED Viewed

@@ -1,6 +1,6 @@
 # DoSwiftly Storefront Operations — Full Reference
-> Schema version: **22.0.0**
+> Schema version: **22.2.0**
 > 52 queries · 44 mutations · 105 fragments
 Auto-generated from `.graphql` source files. Do not edit by hand — this file is

package/operations.json CHANGED Viewed

@@ -1,5 +1,5 @@
 {
-  "schemaVersion": "22.0.0",
+  "schemaVersion": "22.2.0",
   "queries": [
     {
       "name": "Shop",

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@doswiftly/storefront-operations",
-  "version": "22.0.0",
+  "version": "22.2.0",
   "description": "GraphQL operations for DoSwiftly Storefront - SSOT from backend",
   "homepage": "https://doswiftly.pl",
   "publishConfig": {
@@ -41,6 +41,7 @@
   "scripts": {
     "sync": "node scripts/sync-operations.js",
     "validate": "node scripts/validate-operations.js",
+    "check:breaking": "node scripts/schema-breaking-gate.js",
     "build": "npm run sync",
     "test": "node --test scripts/__tests__/*.test.js",
     "yalc:push": "yalc publish --push"