@doswiftly/storefront-sdk 17.0.0 → 18.0.0

package/dist/react/stores/auth.store.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"auth.store.d.ts","sourceRoot":"","sources":["../../../src/react/stores/auth.store.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAKH,MAAM,WAAW,YAAY;IAC3B,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,SAAS;IAExB,QAAQ,EAAE,YAAY,GAAG,IAAI,CAAC;IAC9B,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,eAAe,EAAE,OAAO,CAAC;IACzB,SAAS,EAAE,OAAO,CAAC;IAGnB,OAAO,EAAE,CAAC,QAAQ,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,KAAK,IAAI,CAAC;IAC/D,SAAS,EAAE,MAAM,IAAI,CAAC;IACtB,cAAc,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC,YAAY,CAAC,KAAK,IAAI,CAAC;IACzD,UAAU,EAAE,CAAC,SAAS,EAAE,OAAO,KAAK,IAAI,CAAC;CAC1C;AAED,eAAO,MAAM,eAAe,GAAI,gCAA8B;;;;;sBAkEtC,YAAY,GAAG,IAAI;6BACZ,OAAO;;;;;;;;sBADd,YAAY,GAAG,IAAI;6BACZ,OAAO;;;CAUnC,CAAC"}
+{"version":3,"file":"auth.store.d.ts","sourceRoot":"","sources":["../../../src/react/stores/auth.store.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAKH;;;;GAIG;AACH,eAAO,MAAM,gBAAgB,iBAAiB,CAAC;AAE/C,MAAM,WAAW,YAAY;IAC3B,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,SAAS;IAExB,QAAQ,EAAE,YAAY,GAAG,IAAI,CAAC;IAC9B,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B;;;;;OAKG;IACH,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,eAAe,EAAE,OAAO,CAAC;IACzB,SAAS,EAAE,OAAO,CAAC;IAGnB,OAAO,EAAE,CAAC,QAAQ,EAAE,YAAY,GAAG,IAAI,EAAE,WAAW,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,KAAK,IAAI,CAAC;IACjG,SAAS,EAAE,MAAM,IAAI,CAAC;IACtB;;;;OAIG;IACH,YAAY,EAAE,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI,KAAK,IAAI,CAAC;IACjD,cAAc,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC,YAAY,CAAC,KAAK,IAAI,CAAC;IACzD,UAAU,EAAE,CAAC,SAAS,EAAE,OAAO,KAAK,IAAI,CAAC;CAC1C;AAED,MAAM,WAAW,sBAAsB;IACrC;;;;OAIG;IACH,sBAAsB,CAAC,EAAE,OAAO,CAAC;IACjC;;;;;;;;OAQG;IACH,kBAAkB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACnC;;;;;OAKG;IACH,gBAAgB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAClC;AAED,eAAO,MAAM,eAAe,GAAI,UAAU,sBAAsB;;;;;sBAyExC,YAAY,GAAG,IAAI;6BACZ,OAAO;;;;;;;;sBADd,YAAY,GAAG,IAAI;6BACZ,OAAO;;;CAUnC,CAAC"}

package/dist/react/stores/auth.store.js

@@ -9,21 +9,31 @@
  */
 import { createStore } from 'zustand/vanilla';
 import { persist } from 'zustand/middleware';
-export const createAuthStore = (initialIsAuthenticated = false) => createStore()(persist((set) => ({
+/**
+ * localStorage key for the persisted auth slice (customer + isAuthenticated only —
+ * accessToken is excluded by `partialize`, XSS hardening). Exported so tests and
+ * future migrations can reference a single source of truth.
+ */
+export const AUTH_STORAGE_KEY = 'auth-storage';
+export const createAuthStore = (options) => createStore()(persist((set) => ({
     customer: null,
-    accessToken: null,
-    isAuthenticated: initialIsAuthenticated,
+    accessToken: options?.initialAccessToken ?? null,
+    expiresAt: options?.initialExpiresAt ?? null,
+    isAuthenticated: options?.initialIsAuthenticated ?? !!options?.initialAccessToken,
     isLoading: false,
-    setAuth: (customer, accessToken) => set({
+    setAuth: (customer, accessToken, expiresAt) => set({
         customer,
         accessToken,
+        expiresAt: expiresAt ?? null,
         isAuthenticated: true,
     }),
     clearAuth: () => set({
         customer: null,
         accessToken: null,
+        expiresAt: null,
         isAuthenticated: false,
     }),
+    setExpiresAt: (expiresAt) => set({ expiresAt }),
     updateCustomer: (updates) => set((state) => ({
         customer: state.customer
             ? { ...state.customer, ...updates }
@@ -31,7 +41,7 @@ export const createAuthStore = (initialIsAuthenticated = false) => createStore()
     })),
     setLoading: (isLoading) => set({ isLoading }),
 }), {
-    name: 'auth-storage',
+    name: AUTH_STORAGE_KEY,
     version: 3, // v3 (Iteracja 2 — XSS fix): accessToken DROP'owany z localStorage
     // persistence. Token żyje tylko w-memory + httpOnly cookie (browser auto-sent).
     // Non-browser klienci (mobile native, server-to-server) ustawiają token explicit
@@ -53,8 +63,10 @@ export const createAuthStore = (initialIsAuthenticated = false) => createStore()
         return {
             ...currentState,
             customer: persisted.customer ?? currentState.customer,
-            // accessToken NIE persistowany — initialize zawsze na null (in-memory only)
-            // Server cookie is the authority — never let stale localStorage override it
+            // accessToken NIE persistowany w localStorage (Inv-5 XSS hardening) — spread
+            // `...currentState` propaguje wartość z factory: `null` (default) lub seed
+            // z `options.initialAccessToken` gdy konsumer podał token server-side.
+            // Server cookie is the authority — never let stale localStorage override it.
             isAuthenticated: currentState.isAuthenticated,
         };
     },

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@doswiftly/storefront-sdk",
-  "version": "17.0.0",
+  "version": "18.0.0",
   "description": "Storefront runtime SDK for DoSwiftly Commerce — layered transport, middleware pipeline, React providers, Zustand stores, cache strategies. 0 runtime dependencies in core.",
   "type": "module",
   "sideEffects": false,
@@ -84,6 +84,8 @@
     "test:contract": "vitest run src/__tests__/contract/",
     "test:coverage": "vitest run --coverage",
     "doctor": "node scripts/doctor.cjs",
-    "validate:cart": "node scripts/validate-cart-operations.cjs --strict"
+    "validate:cart": "node scripts/validate-cart-operations.cjs --strict",
+    "yalc:push": "pnpm build && yalc publish --push",
+    "yalc:watch": "node scripts/yalc-watcher.cjs"
   }
 }