@doswiftly/storefront-sdk 4.4.0 → 4.7.1

package/src/__tests__/unit/middleware.test.ts

@@ -1,374 +0,0 @@
-/**
- * Unit tests for middleware modules.
- *
- * Tests: authMiddleware, currencyMiddleware, retryMiddleware,
- * timeoutMiddleware, errorMiddleware.
- */
-
-import { describe, it, expect, vi } from 'vitest';
-import { authMiddleware } from '../../core/middleware/auth';
-import { currencyMiddleware } from '../../core/middleware/currency';
-import { retryMiddleware } from '../../core/middleware/retry';
-import { timeoutMiddleware } from '../../core/middleware/timeout';
-import { errorMiddleware } from '../../core/middleware/errors';
-import { StorefrontError, ErrorCodes } from '../../core/errors';
-import type { GraphQLRequest, GraphQLResponse, ExecuteFn } from '../../core/client/types';
-
-// ---------------------------------------------------------------------------
-// Helpers
-// ---------------------------------------------------------------------------
-
-function makeRequest(overrides?: Partial<GraphQLRequest>): GraphQLRequest {
-  return {
-    query: '{ shop { id } }',
-    headers: {},
-    isMutation: false,
-    ...overrides,
-  };
-}
-
-function makeResponse(overrides?: Partial<GraphQLResponse>): GraphQLResponse {
-  return {
-    data: {},
-    status: 200,
-    headers: new Headers(),
-    ...overrides,
-  };
-}
-
-function makeNext(response?: GraphQLResponse): ExecuteFn {
-  return vi.fn(async () => response ?? makeResponse());
-}
-
-// ---------------------------------------------------------------------------
-// authMiddleware
-// ---------------------------------------------------------------------------
-
-describe('authMiddleware', () => {
-  it('should add Authorization header when token is available', async () => {
-    const mw = authMiddleware(() => 'my-token');
-    const next = makeNext();
-    const req = makeRequest();
-
-    await mw(req, next);
-
-    expect(req.headers['Authorization']).toBe('Bearer my-token');
-    expect(next).toHaveBeenCalledWith(req);
-  });
-
-  it('should not add header when token is null', async () => {
-    const mw = authMiddleware(() => null);
-    const next = makeNext();
-    const req = makeRequest();
-
-    await mw(req, next);
-
-    expect(req.headers['Authorization']).toBeUndefined();
-    expect(next).toHaveBeenCalled();
-  });
-
-  it('should not add header when token is undefined', async () => {
-    const mw = authMiddleware(() => undefined);
-    const next = makeNext();
-    const req = makeRequest();
-
-    await mw(req, next);
-
-    expect(req.headers['Authorization']).toBeUndefined();
-  });
-
-  it('should resolve token lazily on each call', async () => {
-    let token: string | null = null;
-    const mw = authMiddleware(() => token);
-    const next = makeNext();
-
-    const req1 = makeRequest();
-    await mw(req1, next);
-    expect(req1.headers['Authorization']).toBeUndefined();
-
-    token = 'new-token';
-    const req2 = makeRequest();
-    await mw(req2, next);
-    expect(req2.headers['Authorization']).toBe('Bearer new-token');
-  });
-});
-
-// ---------------------------------------------------------------------------
-// currencyMiddleware
-// ---------------------------------------------------------------------------
-
-describe('currencyMiddleware', () => {
-  it('should add X-Preferred-Currency header when currency is available', async () => {
-    const mw = currencyMiddleware(() => 'EUR');
-    const next = makeNext();
-    const req = makeRequest();
-
-    await mw(req, next);
-
-    expect(req.headers['X-Preferred-Currency']).toBe('EUR');
-  });
-
-  it('should not add header when currency is null', async () => {
-    const mw = currencyMiddleware(() => null);
-    const next = makeNext();
-    const req = makeRequest();
-
-    await mw(req, next);
-
-    expect(req.headers['X-Preferred-Currency']).toBeUndefined();
-  });
-
-  it('should resolve currency lazily', async () => {
-    let currency: string | null = 'PLN';
-    const mw = currencyMiddleware(() => currency);
-    const next = makeNext();
-
-    const req1 = makeRequest();
-    await mw(req1, next);
-    expect(req1.headers['X-Preferred-Currency']).toBe('PLN');
-
-    currency = 'USD';
-    const req2 = makeRequest();
-    await mw(req2, next);
-    expect(req2.headers['X-Preferred-Currency']).toBe('USD');
-  });
-});
-
-// ---------------------------------------------------------------------------
-// retryMiddleware
-// ---------------------------------------------------------------------------
-
-describe('retryMiddleware', () => {
-  it('should return response on success', async () => {
-    const mw = retryMiddleware({ maxRetries: 2, initialDelay: 1 });
-    const successResponse = makeResponse({ data: { ok: true } });
-    const next = makeNext(successResponse);
-
-    const result = await mw(makeRequest(), next);
-    expect(result.data).toEqual({ ok: true });
-    expect(next).toHaveBeenCalledTimes(1);
-  });
-
-  it('should NEVER retry mutations', async () => {
-    const mw = retryMiddleware({ maxRetries: 3, initialDelay: 1 });
-    const next = vi.fn(async () => makeResponse({ status: 500 }));
-
-    const result = await mw(makeRequest({ isMutation: true }), next);
-    expect(result.status).toBe(500);
-    expect(next).toHaveBeenCalledTimes(1); // No retry
-  });
-
-  it('should retry on 5xx responses for queries', async () => {
-    let callCount = 0;
-    const next: ExecuteFn = vi.fn(async () => {
-      callCount++;
-      if (callCount < 3) return makeResponse({ status: 500 });
-      return makeResponse({ data: { retried: true } });
-    });
-
-    const mw = retryMiddleware({ maxRetries: 3, initialDelay: 1 });
-    const result = await mw(makeRequest(), next);
-
-    expect(result.data).toEqual({ retried: true });
-    expect(next).toHaveBeenCalledTimes(3);
-  });
-
-  it('should retry on network errors for queries', async () => {
-    let callCount = 0;
-    const next: ExecuteFn = vi.fn(async () => {
-      callCount++;
-      if (callCount < 2) throw new TypeError('fetch failed');
-      return makeResponse({ data: { recovered: true } });
-    });
-
-    const mw = retryMiddleware({ maxRetries: 2, initialDelay: 1 });
-    const result = await mw(makeRequest(), next);
-
-    expect(result.data).toEqual({ recovered: true });
-    expect(next).toHaveBeenCalledTimes(2);
-  });
-
-  it('should NOT retry 4xx errors', async () => {
-    const next: ExecuteFn = vi.fn(async () => {
-      throw new StorefrontError({ code: ErrorCodes.HTTP_ERROR, message: 'Not Found', status: 404 });
-    });
-
-    const mw = retryMiddleware({ maxRetries: 3, initialDelay: 1 });
-
-    await expect(mw(makeRequest(), next)).rejects.toThrow(StorefrontError);
-    expect(next).toHaveBeenCalledTimes(1);
-  });
-
-  it('should retry on TIMEOUT errors', async () => {
-    let callCount = 0;
-    const next: ExecuteFn = vi.fn(async () => {
-      callCount++;
-      if (callCount < 2) throw new StorefrontError({ code: ErrorCodes.TIMEOUT, message: 'timeout' });
-      return makeResponse({ data: { ok: true } });
-    });
-
-    const mw = retryMiddleware({ maxRetries: 2, initialDelay: 1 });
-    const result = await mw(makeRequest(), next);
-
-    expect(result.data).toEqual({ ok: true });
-    expect(next).toHaveBeenCalledTimes(2);
-  });
-
-  it('should throw after exhausting all retries', async () => {
-    const next: ExecuteFn = vi.fn(async () => {
-      throw new TypeError('persistent failure');
-    });
-
-    const mw = retryMiddleware({ maxRetries: 2, initialDelay: 1 });
-
-    await expect(mw(makeRequest(), next)).rejects.toThrow('persistent failure');
-    expect(next).toHaveBeenCalledTimes(3); // 1 initial + 2 retries
-  });
-});
-
-// ---------------------------------------------------------------------------
-// timeoutMiddleware
-// ---------------------------------------------------------------------------
-
-describe('timeoutMiddleware', () => {
-  it('should return response before timeout', async () => {
-    const mw = timeoutMiddleware({ timeout: 1000 });
-    const next = makeNext(makeResponse({ data: { fast: true } }));
-
-    const result = await mw(makeRequest(), next);
-    expect(result.data).toEqual({ fast: true });
-  });
-
-  it('should throw StorefrontError with TIMEOUT code on timeout', async () => {
-    const mw = timeoutMiddleware({ timeout: 10 });
-    const next: ExecuteFn = async (req) => {
-      await new Promise((resolve, reject) => {
-        const timer = setTimeout(resolve, 5000);
-        req.signal?.addEventListener('abort', () => {
-          clearTimeout(timer);
-          reject(new DOMException('aborted', 'AbortError'));
-        });
-      });
-      return makeResponse();
-    };
-
-    try {
-      await mw(makeRequest(), next);
-      expect.fail('Should have thrown');
-    } catch (err) {
-      expect(err).toBeInstanceOf(StorefrontError);
-      expect((err as StorefrontError).code).toBe(ErrorCodes.TIMEOUT);
-      expect((err as StorefrontError).isTimeout).toBe(true);
-    }
-  });
-});
-
-// ---------------------------------------------------------------------------
-// errorMiddleware
-// ---------------------------------------------------------------------------
-
-describe('errorMiddleware', () => {
-  it('should pass through successful responses with data', async () => {
-    const mw = errorMiddleware();
-    const response = makeResponse({ data: { shop: { id: '1' } } });
-    const next = makeNext(response);
-
-    const result = await mw(makeRequest(), next);
-    expect(result.data).toEqual({ shop: { id: '1' } });
-  });
-
-  it('should throw GRAPHQL_ERROR for responses with errors array', async () => {
-    const mw = errorMiddleware();
-    const next = makeNext(makeResponse({
-      data: null,
-      errors: [{ message: 'Not found' }],
-      status: 200,
-    }));
-
-    try {
-      await mw(makeRequest(), next);
-      expect.fail('Should have thrown');
-    } catch (err) {
-      expect(err).toBeInstanceOf(StorefrontError);
-      const sfErr = err as StorefrontError;
-      expect(sfErr.code).toBe(ErrorCodes.GRAPHQL_ERROR);
-      expect(sfErr.message).toBe('Not found');
-      expect(sfErr.graphqlErrors).toHaveLength(1);
-    }
-  });
-
-  it('should throw HTTP_ERROR for 4xx/5xx responses', async () => {
-    const mw = errorMiddleware();
-    const next = makeNext(makeResponse({ status: 401 }));
-
-    try {
-      await mw(makeRequest(), next);
-      expect.fail('Should have thrown');
-    } catch (err) {
-      expect(err).toBeInstanceOf(StorefrontError);
-      const sfErr = err as StorefrontError;
-      expect(sfErr.code).toBe(ErrorCodes.HTTP_ERROR);
-      expect(sfErr.status).toBe(401);
-    }
-  });
-
-  it('should throw NETWORK_ERROR for fetch failures', async () => {
-    const mw = errorMiddleware();
-    const next: ExecuteFn = async () => { throw new TypeError('fetch failed'); };
-
-    try {
-      await mw(makeRequest(), next);
-      expect.fail('Should have thrown');
-    } catch (err) {
-      expect(err).toBeInstanceOf(StorefrontError);
-      const sfErr = err as StorefrontError;
-      expect(sfErr.code).toBe(ErrorCodes.NETWORK_ERROR);
-      expect(sfErr.isNetworkError).toBe(true);
-    }
-  });
-
-  it('should throw TIMEOUT for AbortError', async () => {
-    const mw = errorMiddleware();
-    const next: ExecuteFn = async () => {
-      throw new DOMException('The operation was aborted', 'AbortError');
-    };
-
-    try {
-      await mw(makeRequest(), next);
-      expect.fail('Should have thrown');
-    } catch (err) {
-      expect(err).toBeInstanceOf(StorefrontError);
-      expect((err as StorefrontError).code).toBe(ErrorCodes.TIMEOUT);
-    }
-  });
-
-  it('should throw NO_DATA when response has null data', async () => {
-    const mw = errorMiddleware();
-    const next = makeNext(makeResponse({ data: null, status: 200 }));
-
-    try {
-      await mw(makeRequest(), next);
-      expect.fail('Should have thrown');
-    } catch (err) {
-      expect(err).toBeInstanceOf(StorefrontError);
-      expect((err as StorefrontError).code).toBe(ErrorCodes.NO_DATA);
-    }
-  });
-
-  it('should re-throw existing StorefrontErrors as-is', async () => {
-    const mw = errorMiddleware();
-    const original = new StorefrontError({
-      code: ErrorCodes.USER_ERROR,
-      message: 'validation failed',
-      userErrors: [{ message: 'Invalid email' }],
-    });
-    const next: ExecuteFn = async () => { throw original; };
-
-    try {
-      await mw(makeRequest(), next);
-      expect.fail('Should have thrown');
-    } catch (err) {
-      expect(err).toBe(original); // Same reference
-    }
-  });
-});

package/src/__tests__/unit/test-helpers.ts

@@ -1,103 +0,0 @@
-/**
- * Shared test helpers — mock fetch factory, mock client builder.
- */
-
-import type { GraphQLResponse } from '../../core/client/types';
-
-/**
- * Create a mock fetch that returns the specified GraphQL response.
- */
-export function createMockFetch(
-  responseData: unknown,
-  options?: {
-    errors?: Array<{ message: string }>;
-    status?: number;
-    delay?: number;
-  },
-): typeof globalThis.fetch {
-  const { errors, status = 200, delay: delayMs } = options ?? {};
-
-  return async (_url: string | URL | Request, _init?: RequestInit) => {
-    if (delayMs) {
-      await new Promise(r => setTimeout(r, delayMs));
-    }
-
-    // Check for abort signal
-    if (_init?.signal?.aborted) {
-      throw new DOMException('The operation was aborted', 'AbortError');
-    }
-
-    const body: Record<string, unknown> = { data: responseData };
-    if (errors) body.errors = errors;
-
-    return new Response(JSON.stringify(body), {
-      status,
-      headers: { 'Content-Type': 'application/json' },
-    });
-  };
-}
-
-/**
- * Create a mock fetch that tracks all calls and returns specified response.
- */
-export function createSpyFetch(
-  responseData: unknown,
-  options?: {
-    errors?: Array<{ message: string }>;
-    status?: number;
-  },
-) {
-  const calls: Array<{ url: string; init: RequestInit }> = [];
-  const { errors, status = 200 } = options ?? {};
-
-  const fetchFn = async (url: string | URL | Request, init?: RequestInit) => {
-    calls.push({ url: url.toString(), init: init! });
-
-    if (init?.signal?.aborted) {
-      throw new DOMException('The operation was aborted', 'AbortError');
-    }
-
-    const body: Record<string, unknown> = { data: responseData };
-    if (errors) body.errors = errors;
-
-    return new Response(JSON.stringify(body), {
-      status,
-      headers: { 'Content-Type': 'application/json' },
-    });
-  };
-
-  return { fetch: fetchFn as typeof globalThis.fetch, calls };
-}
-
-/**
- * Create a mock fetch that fails with a network error.
- */
-export function createNetworkErrorFetch(errorMessage = 'fetch failed'): typeof globalThis.fetch {
-  return async () => {
-    throw new TypeError(errorMessage);
-  };
-}
-
-/**
- * Create a mock fetch that returns different responses on subsequent calls.
- */
-export function createSequenceFetch(
-  responses: Array<{ data?: unknown; errors?: Array<{ message: string }>; status?: number }>,
-): { fetch: typeof globalThis.fetch; callCount: () => number } {
-  let index = 0;
-
-  const fetchFn = async (_url: string | URL | Request, _init?: RequestInit) => {
-    const response = responses[Math.min(index, responses.length - 1)];
-    index++;
-
-    const body: Record<string, unknown> = { data: response.data ?? null };
-    if (response.errors) body.errors = response.errors;
-
-    return new Response(JSON.stringify(body), {
-      status: response.status ?? 200,
-      headers: { 'Content-Type': 'application/json' },
-    });
-  };
-
-  return { fetch: fetchFn as typeof globalThis.fetch, callCount: () => index };
-}

package/src/core/auth/auth-client.ts

@@ -1,123 +0,0 @@
-/**
- * AuthClient — plain async API for customer authentication (no React).
- *
- * Wraps StorefrontClient.mutate/query with typed auth operations.
- * Auto-throws on userErrors via assertNoUserErrors.
- *
- * @example
- * ```typescript
- * const authClient = new AuthClient(storefrontClient);
- *
- * const result = await authClient.login('user@example.com', 'password');
- * console.log(result.accessToken); // JWT token
- *
- * const customer = await authClient.getCustomer(result.accessToken);
- * ```
- */
-
-import type { StorefrontClient } from '../client/types';
-import type { AuthResult, Customer, CustomerCreateInput } from './types';
-import { assertNoUserErrors } from '../helpers/assert-no-user-errors';
-import {
-  CUSTOMER_LOGIN,
-  CUSTOMER_LOGOUT,
-  CUSTOMER_TOKEN_RENEW,
-  CUSTOMER_CREATE,
-  CUSTOMER_QUERY,
-} from '../operations/auth';
-
-export class AuthClient {
-  constructor(private readonly client: StorefrontClient) {}
-
-  /**
-   * Login with email and password.
-   * Returns access token + expiry.
-   */
-  async login(email: string, password: string): Promise<AuthResult> {
-    const data = await this.client.mutate<{
-      customerAccessTokenCreate: {
-        customerAccessToken: { accessToken: string; expiresAt: string } | null;
-        userErrors: Array<{ message: string; field?: string[]; code?: string }>;
-      };
-    }>(CUSTOMER_LOGIN, { input: { email, password } });
-
-    assertNoUserErrors(data.customerAccessTokenCreate);
-
-    const token = data.customerAccessTokenCreate.customerAccessToken!;
-    return {
-      accessToken: token.accessToken,
-      expiresAt: token.expiresAt,
-    };
-  }
-
-  /**
-   * Logout — invalidate token on backend.
-   * Does not throw on failure (token may already be expired).
-   */
-  async logout(token: string): Promise<void> {
-    try {
-      await this.client.mutate<{
-        customerAccessTokenDelete: {
-          deletedAccessToken: string | null;
-          userErrors: Array<{ message: string; field?: string[]; code?: string }>;
-        };
-      }>(CUSTOMER_LOGOUT, { customerAccessToken: token });
-    } catch {
-      // Silently ignore — token may already be expired
-    }
-  }
-
-  /**
-   * Renew access token — extends expiry.
-   */
-  async renewToken(token: string): Promise<AuthResult> {
-    const data = await this.client.mutate<{
-      customerAccessTokenRenew: {
-        customerAccessToken: { accessToken: string; expiresAt: string } | null;
-        userErrors: Array<{ message: string; field?: string[]; code?: string }>;
-      };
-    }>(CUSTOMER_TOKEN_RENEW, { customerAccessToken: token });
-
-    assertNoUserErrors(data.customerAccessTokenRenew);
-
-    const renewed = data.customerAccessTokenRenew.customerAccessToken!;
-    return {
-      accessToken: renewed.accessToken,
-      expiresAt: renewed.expiresAt,
-    };
-  }
-
-  /**
-   * Register new customer account.
-   * Returns access token + customer data.
-   */
-  async register(input: CustomerCreateInput): Promise<AuthResult> {
-    const data = await this.client.mutate<{
-      customerCreate: {
-        customer: Customer | null;
-        customerAccessToken: { accessToken: string; expiresAt: string } | null;
-        userErrors: Array<{ message: string; field?: string[]; code?: string }>;
-      };
-    }>(CUSTOMER_CREATE, { input });
-
-    assertNoUserErrors(data.customerCreate);
-
-    const token = data.customerCreate.customerAccessToken!;
-    return {
-      accessToken: token.accessToken,
-      expiresAt: token.expiresAt,
-      customer: data.customerCreate.customer ?? undefined,
-    };
-  }
-
-  /**
-   * Fetch customer data by access token.
-   */
-  async getCustomer(accessToken: string): Promise<Customer | null> {
-    const data = await this.client.query<{
-      customer: Customer | null;
-    }>(CUSTOMER_QUERY, { customerAccessToken: accessToken });
-
-    return data.customer;
-  }
-}

package/src/core/auth/cookie-config.ts

@@ -1,23 +0,0 @@
-/**
- * Auth Cookie Configuration — platform contract.
- *
- * Backend validates cookie by name `customerAccessToken`.
- * Every storefront MUST use the same name. Security options
- * (httpOnly, secure, sameSite) are the platform standard.
- */
-
-export const AUTH_COOKIE_NAME = 'customerAccessToken';
-
-export const AUTH_COOKIE_DEFAULTS = {
-  name: AUTH_COOKIE_NAME,
-  path: '/',
-  sameSite: 'lax' as const,
-  httpOnly: true,
-  secure:
-    typeof window !== 'undefined'
-      ? window.location.protocol === 'https:'
-      : process.env.NODE_ENV === 'production',
-  maxAge: 60 * 60 * 24 * 30, // 30 days
-} as const;
-
-export type AuthCookieConfig = typeof AUTH_COOKIE_DEFAULTS;