@exdst-sitecore-content-sdk/astro 0.0.16 → 0.0.19

package/src/editing/utils.test.ts

@@ -7,13 +7,14 @@ import {
   QUERY_PARAM_EDITING_SECRET,
   DesignLibraryMode,
   PREVIEW_KEY,
-} from '@sitecore-content-sdk/core/editing';
-import { DEFAULT_VARIANT } from '@sitecore-content-sdk/core/personalize';
-import { SITE_KEY } from '@sitecore-content-sdk/core/site';
+} from '@sitecore-content-sdk/content/editing';
+import { DEFAULT_VARIANT } from '@sitecore-content-sdk/content/personalize';
+import { SITE_KEY } from '@sitecore-content-sdk/content/site';
 import { NativeDataFetcher } from '@sitecore-content-sdk/core';
 import {
   getEditingSecretFromRequest,
   mapEditingParams,
+  getAllowedQueryParams,
   cleanupPreviewCookies,
   getPreviewCookies,
   getRequiredEditingParamsList,
@@ -28,7 +29,7 @@ import {
   QUERY_PARAM_VERCEL_PROTECTION_BYPASS,
   QUERY_PARAM_VERCEL_SET_BYPASS_COOKIE,
 } from './constants';
-import { mockRequest } from '../test-data/helpers';
+import { mockRequest } from '../tests/helpers';
 
 chai.use(sinonChai);
 
@@ -186,6 +187,352 @@ describe('editing/utils', () => {
     });
   });
 
+  describe('getAllowedQueryParams', () => {
+    it('should return empty results when allowedParams is undefined', () => {
+      const queryParams = { param1: 'value1', param2: 'value2' };
+
+      const result = getAllowedQueryParams(queryParams);
+
+      expect(result).to.deep.equal({
+        missingAllowedParams: [],
+        allowedQueryParams: {},
+      });
+    });
+
+    it('should return empty results when allowedParams is an empty array', () => {
+      const queryParams = { param1: 'value1', param2: 'value2' };
+
+      const result = getAllowedQueryParams(queryParams, []);
+
+      expect(result).to.deep.equal({
+        missingAllowedParams: [],
+        allowedQueryParams: {},
+      });
+    });
+
+    it('should extract allowed parameters when they exist in queryParams', () => {
+      const queryParams = {
+        param1: 'value1',
+        param2: 'value2',
+        param3: 'value3',
+      };
+      const allowedParams = [{ name: 'param1' }, { name: 'param3' }];
+
+      const result = getAllowedQueryParams(queryParams, allowedParams);
+
+      expect(result).to.deep.equal({
+        missingAllowedParams: [],
+        allowedQueryParams: {
+          param1: 'value1',
+          param3: 'value3',
+        },
+      });
+    });
+
+    it('should handle missing required parameters', () => {
+      const queryParams = { param1: 'value1' };
+      const allowedParams = [
+        { name: 'param1', required: true },
+        { name: 'param2', required: true },
+        { name: 'param3', required: true },
+      ];
+
+      const result = getAllowedQueryParams(queryParams, allowedParams);
+
+      expect(result).to.deep.equal({
+        missingAllowedParams: ['param2', 'param3'],
+        allowedQueryParams: {
+          param1: 'value1',
+        },
+      });
+    });
+
+    it('should not include missing optional parameters in missingAllowedParams', () => {
+      const queryParams = { param1: 'value1' };
+      const allowedParams = [
+        { name: 'param1' },
+        { name: 'param2' },
+        { name: 'param3', required: false },
+      ];
+
+      const result = getAllowedQueryParams(queryParams, allowedParams);
+
+      expect(result).to.deep.equal({
+        missingAllowedParams: [],
+        allowedQueryParams: {
+          param1: 'value1',
+        },
+      });
+    });
+
+    it('should handle mixed required and optional parameters', () => {
+      const queryParams = {
+        requiredParam1: 'value1',
+        optionalParam1: 'value2',
+      };
+      const allowedParams = [
+        { name: 'requiredParam1', required: true },
+        { name: 'requiredParam2', required: true },
+        { name: 'optionalParam1' },
+        { name: 'optionalParam2' },
+      ];
+
+      const result = getAllowedQueryParams(queryParams, allowedParams);
+
+      expect(result).to.deep.equal({
+        missingAllowedParams: ['requiredParam2'],
+        allowedQueryParams: {
+          requiredParam1: 'value1',
+          optionalParam1: 'value2',
+        },
+      });
+    });
+
+    it('should call resolver function with query parameter keys', () => {
+      const queryParams = {
+        param1: 'value1',
+        param2: 'value2',
+        param3: 'value3',
+      };
+      const resolver = sandbox
+        .stub()
+        .returns([{ name: 'param1', required: true }, { name: 'param2' }]);
+
+      const result = getAllowedQueryParams(queryParams, resolver);
+
+      expect(resolver).to.have.been.calledOnce;
+      expect(resolver).to.have.been.calledWith(['param1', 'param2', 'param3']);
+      expect(result).to.deep.equal({
+        missingAllowedParams: [],
+        allowedQueryParams: {
+          param1: 'value1',
+          param2: 'value2',
+        },
+      });
+    });
+
+    it('should handle resolver function returning empty array', () => {
+      const queryParams = { param1: 'value1' };
+      const resolver = sandbox.stub().returns([]);
+
+      const result = getAllowedQueryParams(queryParams, resolver);
+
+      expect(resolver).to.have.been.calledOnce;
+      expect(result).to.deep.equal({
+        missingAllowedParams: [],
+        allowedQueryParams: {},
+      });
+    });
+
+    it('should handle resolver function with missing required parameters', () => {
+      const queryParams = { param1: 'value1' };
+      const resolver = sandbox.stub().returns([
+        { name: 'param1', required: true },
+        { name: 'param2', required: true },
+      ]);
+
+      const result = getAllowedQueryParams(queryParams, resolver);
+
+      expect(result).to.deep.equal({
+        missingAllowedParams: ['param2'],
+        allowedQueryParams: {
+          param1: 'value1',
+        },
+      });
+    });
+
+    it('should handle undefined query parameter values correctly', () => {
+      const queryParams = {
+        param1: 'value1',
+        param2: undefined,
+        param3: 'value3',
+      };
+      const allowedParams = [
+        { name: 'param1' },
+        { name: 'param2', required: true },
+        { name: 'param3' },
+      ];
+
+      const result = getAllowedQueryParams(queryParams, allowedParams);
+
+      expect(result).to.deep.equal({
+        missingAllowedParams: ['param2'],
+        allowedQueryParams: {
+          param1: 'value1',
+          param3: 'value3',
+        },
+      });
+    });
+
+    it('should handle various data types in query parameter values', () => {
+      const queryParams = {
+        stringParam: 'string-value',
+        numberParam: 123,
+        booleanParam: true,
+        arrayParam: ['val1', 'val2'],
+        objectParam: { nested: 'value' },
+      };
+      const allowedParams = [
+        { name: 'stringParam' },
+        { name: 'numberParam' },
+        { name: 'booleanParam' },
+        { name: 'arrayParam' },
+        { name: 'objectParam' },
+      ];
+
+      const result = getAllowedQueryParams(queryParams, allowedParams);
+
+      expect(result).to.deep.equal({
+        missingAllowedParams: [],
+        allowedQueryParams: {
+          stringParam: 'string-value',
+          numberParam: 123,
+          booleanParam: true,
+          arrayParam: ['val1', 'val2'],
+          objectParam: { nested: 'value' },
+        },
+      });
+    });
+
+    it('should handle empty queryParams object', () => {
+      const queryParams = {};
+      const allowedParams = [{ name: 'param1', required: true }, { name: 'param2' }];
+
+      const result = getAllowedQueryParams(queryParams, allowedParams);
+
+      expect(result).to.deep.equal({
+        missingAllowedParams: ['param1'],
+        allowedQueryParams: {},
+      });
+    });
+
+    it('should handle null and false values as valid (not undefined)', () => {
+      const queryParams = {
+        nullParam: null,
+        falseParam: false,
+        zeroParam: 0,
+        emptyStringParam: '',
+      };
+      const allowedParams = [
+        { name: 'nullParam' },
+        { name: 'falseParam' },
+        { name: 'zeroParam' },
+        { name: 'emptyStringParam' },
+      ];
+
+      const result = getAllowedQueryParams(queryParams, allowedParams);
+
+      expect(result).to.deep.equal({
+        missingAllowedParams: [],
+        allowedQueryParams: {
+          nullParam: null,
+          falseParam: false,
+          zeroParam: 0,
+          emptyStringParam: '',
+        },
+      });
+    });
+
+    it('should handle array with string parameters (optional by default)', () => {
+      const queryParams = {
+        param1: 'value1',
+        param2: 'value2',
+        param3: 'value3',
+      };
+      const allowedParams = ['param1', 'param2', 'missingParam'];
+
+      const result = getAllowedQueryParams(queryParams, allowedParams);
+
+      expect(result).to.deep.equal({
+        missingAllowedParams: [],
+        allowedQueryParams: {
+          param1: 'value1',
+          param2: 'value2',
+        },
+      });
+    });
+
+    it('should handle mixed array with strings and objects', () => {
+      const queryParams = {
+        stringParam1: 'value1',
+        stringParam2: 'value2',
+        requiredParam: 'required-value',
+        optionalParam: 'optional-value',
+      };
+      const allowedParams = [
+        'stringParam1',
+        'stringParam2',
+        'missingStringParam',
+        { name: 'requiredParam', required: true },
+        { name: 'optionalParam', required: false },
+        { name: 'missingRequiredParam', required: true },
+      ];
+
+      const result = getAllowedQueryParams(queryParams, allowedParams);
+
+      expect(result).to.deep.equal({
+        missingAllowedParams: ['missingRequiredParam'],
+        allowedQueryParams: {
+          stringParam1: 'value1',
+          stringParam2: 'value2',
+          requiredParam: 'required-value',
+          optionalParam: 'optional-value',
+        },
+      });
+    });
+
+    it('should handle resolver function returning strings', () => {
+      const queryParams = {
+        prefixedParam1: 'value1',
+        prefixedParam2: 'value2',
+        otherParam: 'value3',
+      };
+      const resolver = sandbox.stub().returns(['prefixedParam1', 'prefixedParam2']);
+
+      const result = getAllowedQueryParams(queryParams, resolver);
+
+      expect(resolver).to.have.been.calledOnce;
+      expect(result).to.deep.equal({
+        missingAllowedParams: [],
+        allowedQueryParams: {
+          prefixedParam1: 'value1',
+          prefixedParam2: 'value2',
+        },
+      });
+    });
+
+    it('should handle resolver function returning mixed strings and objects', () => {
+      const queryParams = {
+        stringParam1: 'value1',
+        stringParam2: 'value2',
+        requiredParam: 'required-value',
+        optionalParam: 'optional-value',
+      };
+      const resolver = sandbox
+        .stub()
+        .returns([
+          'stringParam1',
+          'stringParam2',
+          { name: 'requiredParam', required: true },
+          { name: 'optionalParam', required: false },
+          { name: 'missingRequiredParam', required: true },
+        ]);
+
+      const result = getAllowedQueryParams(queryParams, resolver);
+
+      expect(resolver).to.have.been.calledOnce;
+      expect(result).to.deep.equal({
+        missingAllowedParams: ['missingRequiredParam'],
+        allowedQueryParams: {
+          stringParam1: 'value1',
+          stringParam2: 'value2',
+          requiredParam: 'required-value',
+          optionalParam: 'optional-value',
+        },
+      });
+    });
+  });
+
   describe('cleanupPreviewCookies', () => {
     it('should return null when cookies is null', () => {
       const result = cleanupPreviewCookies(null);
@@ -793,6 +1140,19 @@ describe('editing/utils', () => {
 
       expect(result).to.equal('http://localhost:3000');
     });
+
+    it('should use x-forwarded-host header when present', () => {
+      const req = mockRequest({
+        headers: {
+          'x-forwarded-host': 'proxy.example.com',
+          host: 'internal-host.local',
+        },
+      });
+
+      const result = resolveServerUrl(req);
+
+      expect(result).to.equal('http://proxy.example.com');
+    });
   });
 
   describe('getCSPHeader', () => {

package/src/editing/utils.ts

@@ -6,9 +6,9 @@ import {
   LayoutKind,
   PREVIEW_KEY,
   QUERY_PARAM_EDITING_SECRET,
-} from '@sitecore-content-sdk/core/editing';
-import { DEFAULT_VARIANT } from '@sitecore-content-sdk/core/personalize';
-import { SITE_KEY } from '@sitecore-content-sdk/core/site';
+} from '@sitecore-content-sdk/content/editing';
+import { DEFAULT_VARIANT } from '@sitecore-content-sdk/content/personalize';
+import { SITE_KEY } from '@sitecore-content-sdk/content/site';
 import {
   EDITING_PASS_THROUGH_HEADERS,
   QUERY_PARAM_VERCEL_PROTECTION_BYPASS,
@@ -16,7 +16,8 @@ import {
 } from './constants';
 import { IncomingHttpHeaders } from 'http';
 import { NativeDataFetcher } from '@sitecore-content-sdk/core';
-import { getAllowedOriginsFromEnv } from '@sitecore-content-sdk/core/utils';
+import { getAllowedOriginsFromEnv } from '@sitecore-content-sdk/core/tools';
+import { AllowedQueryParams, GetAllowedQueryParamsResult } from './types';
 
 /**
  * Gets editing secret value from request
@@ -66,8 +67,49 @@ export const mapEditingParams = (query: {
   return params;
 };
 
+/**
+ * Parses the query parameters based on the provided allowed parameters or a resolver function, to extract additional parameters that should be allowed.
+ * @param {{ [key: string]: string | undefined }} queryParams Object of query parameters from incoming URL.
+ * @param {AllowedQueryParams} allowedParams Allowed parameters to map.
+ * @returns Object containing the list of missing required parameters and the allowed query parameters that were extracted.
+ * @internal
+ */
+export const getAllowedQueryParams = (
+  queryParams: { [key: string]: unknown },
+  allowedParams?: AllowedQueryParams
+): GetAllowedQueryParamsResult => {
+  const allowedQueryParamsList =
+    typeof allowedParams === 'function'
+      ? allowedParams(Object.keys(queryParams))
+      : Array.isArray(allowedParams)
+      ? allowedParams
+      : [];
+
+  if (!allowedQueryParamsList.length) return { missingAllowedParams: [], allowedQueryParams: {} };
+
+  return allowedQueryParamsList.reduce(
+    (acc, param) => {
+      const name = typeof param === 'string' ? param : param.name;
+      const required = typeof param === 'string' ? false : param.required;
+
+      const value = queryParams[name];
+      if (value !== undefined) {
+        acc.allowedQueryParams[name] = value;
+
+        return acc;
+      }
+
+      if (required) acc.missingAllowedParams.push(name);
+
+      return acc;
+    },
+    { missingAllowedParams: [], allowedQueryParams: {} } as GetAllowedQueryParamsResult
+  );
+};
+
 /**
  * Preview cookies enum
+ * @public
  */
 export enum PreviewCookies {
   PREVIEW_DATA = '_preview_data',
@@ -127,6 +169,7 @@ export const getRequiredEditingParamsList = (mode: EditingRenderQueryParams['mod
  * Gets query parameters that should be passed along to subsequent requests (e.g. for deployment protection bypass)
  * @param {object} query URLSearchParams object from incoming URL
  * @returns object of approved query parameters
+ * @internal
  */
 export const getQueryParamsForPropagation = (
   query: Partial<{ [key: string]: string | string[] }>
@@ -149,6 +192,7 @@ export const getQueryParamsForPropagation = (
  * Get headers that should be passed along to subsequent requests
  * @param {IncomingHttpHeaders | Headers} headers Incoming HTTP Headers
  * @returns Object of approved headers
+ * @internal
  */
 export const getHeadersForPropagation = (
   headers: IncomingHttpHeaders | Headers
@@ -229,6 +273,7 @@ export const getEditingRequestHtml = async (
  * @param {object} data preview data to check
  * @returns true if the data is EditingPreviewData
  * @see EditingPreviewData
+ * @public
  */
 export const isDesignLibraryPreviewData = (
   data: unknown
@@ -257,24 +302,23 @@ export const isDesignLibraryPreviewData = (
  * @param {Request} req
  */
 export const resolveServerUrl = (req: Request) => {
-  const internalHostUrl =
-    import.meta.env?.SITECORE_INTERNAL_EDITING_HOST_URL ||
-    process.env.SITECORE_INTERNAL_EDITING_HOST_URL;
+  const internalHostUrl = process.env.SITECORE_INTERNAL_EDITING_HOST_URL;
   if (internalHostUrl) {
     return internalHostUrl;
   }
 
   // in xmc deployment we always use localhost:3000
-  if (import.meta.env?.SITECORE || process.env.SITECORE) {
+  if (process.env.SITECORE) {
     return 'http://localhost:3000';
   }
 
   // to preserve auth headers, use https if we're in our 3 main hosting options
-  const useHttps =
-    (import.meta.env?.VERCEL || process.env.VERCEL ||
-     import.meta.env?.NETLIFY || process.env.NETLIFY) !== undefined;
+  const useHttps = (process.env.VERCEL || process.env.NETLIFY) !== undefined;
+
+  const host = req.headers.get('x-forwarded-host') || req.headers.get('host');
+
   // use https for requests with auth but also support unsecured http rendering hosts
-  return `${useHttps ? 'https' : 'http'}://${req.headers.get('host') ?? undefined}`;
+  return `${useHttps ? 'https' : 'http'}://${host || undefined}`;
 };
 
 /**
@@ -293,20 +337,34 @@ export const getCSPHeader = () => {
  * @returns object with query params
  */
 export const getEditingRenderQueryParams = (query: URLSearchParams): EditingRenderQueryParams => {
-  const params = Object.fromEntries(query.entries());
+  const params: Record<string, string | string[]> = {};
+  query.forEach((_, key) => {
+    if (!(key in params)) {
+      const values = query.getAll(key);
+      params[key] = values.length === 1 ? values[0] : values;
+    }
+  });
+
+  const find = (key: string): string | undefined => {
+    const lowerKey = key.toLowerCase();
+    const match = Object.keys(params).find((k) => k.toLowerCase() === lowerKey);
+    if (!match) return undefined;
+    const value = params[match];
+    return Array.isArray(value) ? value[0] : value;
+  };
 
   return {
     ...params,
-    secret: params.secret ?? '',
-    sc_lang: params.sc_lang ?? '',
-    sc_itemid: params.sc_itemid ?? '',
-    sc_site: params.sc_site ?? '',
-    route: params.route ?? '',
-    mode: params.mode as EditingRenderQueryParams['mode'],
-    sc_layoutKind: params.sc_layoutkind as LayoutKind,
-    sc_variant: params.sc_variant ?? undefined,
-    sc_version: params.sc_version ?? undefined,
-    sc_renderingId: params.sc_renderingid ?? undefined,
-    dataSourceId: params.datasourceid ?? undefined,
+    secret: find('secret') ?? '',
+    sc_lang: find('sc_lang') ?? '',
+    sc_itemid: find('sc_itemid') ?? '',
+    sc_site: find('sc_site') ?? '',
+    route: find('route') ?? '',
+    mode: find('mode') as EditingRenderQueryParams['mode'],
+    sc_layoutKind: find('sc_layoutKind') as LayoutKind,
+    sc_variant: find('sc_variant') ?? undefined,
+    sc_version: find('sc_version') ?? undefined,
+    sc_renderingId: find('sc_renderingId') ?? undefined,
+    dataSourceId: find('dataSourceId') ?? undefined,
   };
 };

package/src/enhancers/WithEmptyFieldEditingComponent.astro

@@ -8,7 +8,7 @@ import {
   Field,
   isFieldValueEmpty,
   FieldMetadata,
-} from '@sitecore-content-sdk/core/layout';
+} from '@sitecore-content-sdk/content/layout';
 import { AstroContentSdkComponent } from '../sharedTypes/component-props';
 
 interface FieldComponentProps {