npm - @doswiftly/storefront-sdk - Versions diffs - 21.0.1 → 22.1.0 - Mend

@doswiftly/storefront-sdk 21.0.1 → 22.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (32) hide show

package/CHANGELOG.md +36 -0
package/README.md +83 -0
package/dist/core/generated/operation-types.d.ts +2 -2
package/dist/core/generated/operation-types.d.ts.map +1 -1
package/dist/core/index.d.ts +2 -0
package/dist/core/index.d.ts.map +1 -1
package/dist/core/index.js +3 -0
package/dist/core/middleware/forwarded-ip.d.ts +82 -0
package/dist/core/middleware/forwarded-ip.d.ts.map +1 -0
package/dist/core/middleware/forwarded-ip.js +109 -0
package/dist/core/referral/cookie-config.d.ts +56 -0
package/dist/core/referral/cookie-config.d.ts.map +1 -0
package/dist/core/referral/cookie-config.js +83 -0
package/dist/react/hooks/use-referral-capture.d.ts +9 -0
package/dist/react/hooks/use-referral-capture.d.ts.map +1 -0
package/dist/react/hooks/use-referral-capture.js +40 -0
package/dist/react/index.d.ts +2 -0
package/dist/react/index.d.ts.map +1 -1
package/dist/react/index.js +5 -1
package/dist/react/referral.d.ts +53 -0
package/dist/react/referral.d.ts.map +1 -0
package/dist/react/referral.js +51 -0
package/dist/react/server/cookie-readers.d.ts +7 -0
package/dist/react/server/cookie-readers.d.ts.map +1 -1
package/dist/react/server/cookie-readers.js +10 -0
package/dist/react/server/get-storefront-client.d.ts +19 -1
package/dist/react/server/get-storefront-client.d.ts.map +1 -1
package/dist/react/server/get-storefront-client.js +36 -2
package/dist/react/server/index.d.ts +1 -1
package/dist/react/server/index.d.ts.map +1 -1
package/dist/react/server/index.js +2 -2
package/package.json +1 -1

package/dist/react/server/cookie-readers.js CHANGED Viewed

@@ -24,6 +24,7 @@
  */
 import { CART_COOKIE_NAME, parseCartCookieValue, } from '../../core/cart/cookie-config';
 import { CURRENCY_COOKIE_NAME } from '../../core/currency/cookie-config';
+import { REFERRAL_COOKIE_NAME } from '../../core/referral/cookie-config';
 import { getCookie } from '../cookies';
 /**
  * Read a cookie server-first: the request cookies via `next/headers` in a Server
@@ -71,3 +72,12 @@ export async function readCartCredentials() {
 export async function readCurrencyCookie() {
     return readCookieIsomorphic(CURRENCY_COOKIE_NAME);
 }
+/**
+ * Read the first-party `referral-code` cookie (server-first, client fallback) —
+ * the referral code captured when the visitor landed through a referral share
+ * link. Useful for SSR-rendered signup forms that pre-fill the code field;
+ * pass it as `customerSignup(input: { referralCode })`.
+ */
+export async function readReferralCodeCookie() {
+    return readCookieIsomorphic(REFERRAL_COOKIE_NAME);
+}

package/dist/react/server/get-storefront-client.d.ts CHANGED Viewed

@@ -40,11 +40,29 @@ export interface ServerClientOptions extends Omit<StorefrontClientConfig, 'middl
      * ```
      */
     middleware?: Middleware[];
+    /**
+     * OPTIONAL override for the buyer-IP source. Forwarded-IP signing is
+     * auto-configured: by default the SDK reads the request's `cf-connecting-ip`
+     * via `next/headers` (a server-rendered storefront would otherwise collapse
+     * every buyer onto its own server IP for rate limiting). Provide this only for
+     * non-Next server runtimes where `next/headers` is unavailable. May be async.
+     * Server-side only.
+     */
+    getBuyerIp?: () => string | null | undefined | Promise<string | null | undefined>;
+    /**
+     * OPTIONAL override for the forwarded-IP signing secret. By default it is read
+     * from `process.env.DOSWIFTLY_FORWARDED_IP_SECRET`, set in your DoSwiftly
+     * deployment environment. Provide this getter only to override the env source —
+     * e.g. a runtime that does not expose the secret on `process.env`. Lazy getter —
+     * a rotated secret is picked up without rebuilding the client. NEVER expose this
+     * to the browser. Sync or async.
+     */
+    getForwardedIpSecret?: () => string | null | undefined | Promise<string | null | undefined>;
 }
 /**
  * Create a StorefrontClient for server-side use.
  *
- * Includes default middleware: retry → timeout → errors.
+ * Includes default middleware: forwarded-IP → retry → timeout → errors.
  * Does NOT include auth/currency middleware (server has no Zustand stores).
  * Pass headers via config.defaultHeaders or getHeaders option.
  */

package/dist/react/server/get-storefront-client.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"get-storefront-client.d.ts","sourceRoot":"","sources":["../../../src/react/server/get-storefront-client.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;~~AAMH~~,OAAO,KAAK,EAAE,gBAAgB,EAAE,sBAAsB,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAC;AAEpG,MAAM,WAAW,mBAAoB,SAAQ,IAAI,CAAC,sBAAsB,EAAE,YAAY,CAAC;IACrF;;;;;;;;;;;;;;;;;OAiBG;IACH,UAAU,CAAC,EAAE,UAAU,EAAE,CAAC;~~CAC3B~~;~~AAED~~;;;;;;GAMG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,mBAAmB,GAAG,gBAAgB,~~CAYlF~~"}
1	+ {"version":3,"file":"get-storefront-client.d.ts","sourceRoot":"","sources":["../../../src/react/server/get-storefront-client.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAOH,OAAO,KAAK,EAAE,gBAAgB,EAAE,sBAAsB,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAC;AAEpG,MAAM,WAAW,mBAAoB,SAAQ,IAAI,CAAC,sBAAsB,EAAE,YAAY,CAAC;IACrF;;;;;;;;;;;;;;;;;OAiBG;IACH,UAAU,CAAC,EAAE,UAAU,EAAE,CAAC;IAE1B;;;;;;;OAOG;IACH,UAAU,CAAC,EAAE,MAAM,MAAM,GAAG,IAAI,GAAG,SAAS,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,GAAG,SAAS,CAAC,CAAC;IAElF;;;;;;;OAOG;IACH,oBAAoB,CAAC,EAAE,MAAM,MAAM,GAAG,IAAI,GAAG,SAAS,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,GAAG,SAAS,CAAC,CAAC;CAC7F;AAqBD;;;;;;GAMG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,mBAAmB,GAAG,gBAAgB,CA4BlF"}

package/dist/react/server/get-storefront-client.js CHANGED Viewed

@@ -23,18 +23,52 @@ import { createStorefrontClient } from '../../core/client/create-client';
 import { retryMiddleware } from '../../core/middleware/retry';
 import { timeoutMiddleware } from '../../core/middleware/timeout';
 import { errorMiddleware } from '../../core/middleware/errors';
+import { forwardedIpMiddleware } from '../../core/middleware/forwarded-ip';
+/**
+ * Default buyer-IP source: the request's `cf-connecting-ip` header, read via
+ * `next/headers` (the same dynamic-import pattern used to read request cookies — a
+ * graceful no-op outside a Next request scope or in runtimes without
+ * `next/headers`). Override via `getBuyerIp` for other server frameworks.
+ */
+async function readCfConnectingIp() {
+    try {
+        const { headers } = await import('next/headers');
+        const store = await headers();
+        // Prefer a forwarded client-IP header when present: if the request was
+        // proxied, the direct `cf-connecting-ip` is the proxy's address while this
+        // header carries the original client IP. Fall back to the direct connection IP.
+        return store.get('x-doswiftly-client-ip') ?? store.get('cf-connecting-ip');
+    }
+    catch {
+        return null;
+    }
+}
 /**
  * Create a StorefrontClient for server-side use.
  *
- * Includes default middleware: retry → timeout → errors.
+ * Includes default middleware: forwarded-IP → retry → timeout → errors.
  * Does NOT include auth/currency middleware (server has no Zustand stores).
  * Pass headers via config.defaultHeaders or getHeaders option.
  */
 export function getStorefrontClient(options) {
-    const { middleware: customMiddleware = [], ...config } = options;
+    const { middleware: customMiddleware = [], getBuyerIp, getForwardedIpSecret, ...config } = options;
+    // Forward the real buyer IP for per-buyer rate limiting — fully self-configured,
+    // nothing for the storefront to wire. Buyer IP defaults to the request's
+    // `cf-connecting-ip` (via next/headers); the signing secret defaults to
+    // `process.env.DOSWIFTLY_FORWARDED_IP_SECRET` (set in the DoSwiftly deployment
+    // environment). The slug comes from the `X-Shop-Slug` header the client already
+    // sends, so the
+    // signed value matches what the backend verifies. The middleware signs ONLY when
+    // BOTH a buyer IP and a secret resolve at request time — so with no secret
+    // configured (or outside a Next request) it is an inert pass-through. Both
+    // getters can be overridden for non-Next runtimes.
+    const resolveBuyerIp = getBuyerIp ?? readCfConnectingIp;
+    const resolveSecret = getForwardedIpSecret ??
+        (() => (typeof process !== 'undefined' ? process.env?.DOSWIFTLY_FORWARDED_IP_SECRET : undefined));
     return createStorefrontClient({
         ...config,
         middleware: [
+            forwardedIpMiddleware({ getBuyerIp: resolveBuyerIp, getSecret: resolveSecret }),
             ...customMiddleware,
             retryMiddleware({ maxRetries: 2 }),
             timeoutMiddleware({ timeout: 10000 }), // Server-side: 10s timeout

package/dist/react/server/index.d.ts CHANGED Viewed

@@ -1,7 +1,7 @@
 export { getStorefrontClient, type ServerClientOptions } from './get-storefront-client';
 export { createStorefrontAuthRoute, type StorefrontAuthRouteOptions, type StorefrontAuthRouteHandlers, } from './create-storefront-auth-route';
 export { getInitialAuth, type InitialAuth } from './get-initial-auth';
-export { readCartIdCookie, readCartCredentials, readCurrencyCookie } from './cookie-readers';
+export { readCartIdCookie, readCartCredentials, readCurrencyCookie, readReferralCodeCookie } from './cookie-readers';
 export { serverCartSecretMiddleware } from '../../core/middleware/cart-secret';
 export { trustedForwardedHostValidator, originAllowlistValidator, type OriginValidator, type OriginValidatorContext, } from '../../core/auth/handlers';
 //# sourceMappingURL=index.d.ts.map

package/dist/react/server/index.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/react/server/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,KAAK,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAGxF,OAAO,EACL,yBAAyB,EACzB,KAAK,0BAA0B,EAC/B,KAAK,2BAA2B,GACjC,MAAM,gCAAgC,CAAC;AAGxC,OAAO,EAAE,cAAc,EAAE,KAAK,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAGtE,OAAO,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAC;~~AAI7F~~,OAAO,EAAE,0BAA0B,EAAE,MAAM,mCAAmC,CAAC;AAG/E,OAAO,EACL,6BAA6B,EAC7B,wBAAwB,EACxB,KAAK,eAAe,EACpB,KAAK,sBAAsB,GAC5B,MAAM,0BAA0B,CAAC"}
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/react/server/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,KAAK,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAGxF,OAAO,EACL,yBAAyB,EACzB,KAAK,0BAA0B,EAC/B,KAAK,2BAA2B,GACjC,MAAM,gCAAgC,CAAC;AAGxC,OAAO,EAAE,cAAc,EAAE,KAAK,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAGtE,OAAO,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,sBAAsB,EAAE,MAAM,kBAAkB,CAAC;AAIrH,OAAO,EAAE,0BAA0B,EAAE,MAAM,mCAAmC,CAAC;AAG/E,OAAO,EACL,6BAA6B,EAC7B,wBAAwB,EACxB,KAAK,eAAe,EACpB,KAAK,sBAAsB,GAC5B,MAAM,0BAA0B,CAAC"}

package/dist/react/server/index.js CHANGED Viewed

@@ -3,8 +3,8 @@ export { getStorefrontClient } from './get-storefront-client';
 export { createStorefrontAuthRoute, } from './create-storefront-auth-route';
 // Server-only cold-start auth seed from the first-party cookies.
 export { getInitialAuth } from './get-initial-auth';
-// Server-first readers for the readable first-party cookies (cart-id, currency).
-export { readCartIdCookie, readCartCredentials, readCurrencyCookie } from './cookie-readers';
+// Server-first readers for the readable first-party cookies (cart-id, currency, referral).
+export { readCartIdCookie, readCartCredentials, readCurrencyCookie, readReferralCodeCookie } from './cookie-readers';
 // Server cart-secret middleware — prepend to `getStorefrontClient({ middleware })`
 // with `await readCartCredentials()` so SSR / edge cart reads carry the secret.
 export { serverCartSecretMiddleware } from '../../core/middleware/cart-secret';

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@doswiftly/storefront-sdk",
-  "version": "21.0.1",
+  "version": "22.1.0",
   "description": "Storefront runtime SDK for DoSwiftly Commerce — layered transport, middleware pipeline, React providers, Zustand stores, cache strategies. 0 runtime dependencies in core.",
   "type": "module",
   "sideEffects": false,