@faststore/api 2.2.0-alpha.0 → 2.2.0-alpha.10

package/dist/api.esm.js

@@ -2,6 +2,7 @@ import { makeExecutableSchema } from '@graphql-tools/schema';
 import fetch from 'isomorphic-unfetch';
 import DataLoader from 'dataloader';
 import pLimit from 'p-limit';
+import sanitizeHtmlLib from 'sanitize-html';
 import deepEquals from 'fast-deep-equal';
 import crypto from 'crypto';
 import { GraphQLScalarType, print, Kind as Kind$1 } from 'graphql';
@@ -18,7 +19,7 @@ import { trace, context, SpanKind } from '@opentelemetry/api';
 import { SeverityNumber } from '@opentelemetry/api-logs';
 
 var name = "@faststore/api";
-var version = "2.1.78";
+var version = "2.2.0-alpha.6";
 var license = "MIT";
 var main = "dist/index.js";
 var typings = "dist/index.d.ts";
@@ -50,15 +51,17 @@ var dependencies = {
 	dataloader: "^2.1.0",
 	"fast-deep-equal": "^3.1.3",
 	"isomorphic-unfetch": "^3.1.0",
-	"p-limit": "^3.1.0"
+	"p-limit": "^3.1.0",
+	"sanitize-html": "^2.11.0"
 };
 var devDependencies = {
 	"@envelop/core": "^2.6.0",
-	"@faststore/eslint-config": "^2.1.78",
-	"@faststore/shared": "^2.1.78",
+	"@faststore/eslint-config": "^2.2.0-alpha.1",
+	"@faststore/shared": "^2.2.0-alpha.1",
 	"@graphql-codegen/cli": "2.2.0",
 	"@graphql-codegen/typescript": "2.2.2",
 	"@types/express": "^4.17.16",
+	"@types/sanitize-html": "^2.9.1",
 	concurrently: "^6.2.1",
 	eslint: "7.32.0",
 	express: "^4.17.3",
@@ -107,16 +110,6 @@ const fetchAPI = async (info, init) => {
   throw new Error(text);
 };
 
-const getCookie = (name, cookie) => {
-  const value = `; ${cookie}`;
-  const parts = value.split(`; ${name}=`);
-  if (parts.length === 2) {
-    var _parts$pop$split$shif, _parts$pop;
-    return (_parts$pop$split$shif = parts == null ? void 0 : (_parts$pop = parts.pop()) == null ? void 0 : _parts$pop.split(';').shift()) != null ? _parts$pop$split$shif : '';
-  }
-  return '';
-};
-
 const BASE_INIT = {
   method: 'POST',
   headers: {
@@ -211,7 +204,14 @@ const VtexCommerce = ({
           refreshOutdatedData: refreshOutdatedData.toString(),
           sc: salesChannel
         });
-        return fetchAPI(`${base}/api/checkout/pub/orderForm/${id}?${params.toString()}`, BASE_INIT);
+        const requestInit = ctx.headers ? {
+          ...BASE_INIT,
+          headers: {
+            'content-type': 'application/json',
+            cookie: ctx.headers.cookie
+          }
+        } : BASE_INIT;
+        return fetchAPI(`${base}/api/checkout/pub/orderForm/${id}?${params.toString()}`, requestInit);
       },
       updateOrderFormItems: ({
         id,
@@ -224,14 +224,25 @@ const VtexCommerce = ({
           allowOutdatedData,
           sc: salesChannel
         });
-        return fetchAPI(`${base}/api/checkout/pub/orderForm/${id}/items?${params}`, {
-          ...BASE_INIT,
-          body: JSON.stringify({
-            orderItems,
-            noSplitItem: !shouldSplitItem
-          }),
-          method: 'PATCH'
+        const items = JSON.stringify({
+          orderItems,
+          noSplitItem: !shouldSplitItem
         });
+        const requestInit = ctx.headers ? {
+          headers: {
+            'content-type': 'application/json',
+            cookie: ctx.headers.cookie
+          },
+          body: items,
+          method: 'PATCH'
+        } : {
+          headers: {
+            'content-type': 'application/json'
+          },
+          body: items,
+          method: 'PATCH'
+        };
+        return fetchAPI(`${base}/api/checkout/pub/orderForm/${id}/items?${params}`, requestInit);
       },
       setCustomData: ({
         id,
@@ -271,34 +282,13 @@ const VtexCommerce = ({
     session: search => {
       const params = new URLSearchParams(search);
       params.set('items', 'profile.id,profile.email,profile.firstName,profile.lastName,store.channel,store.countryCode,store.cultureInfo,store.currencyCode,store.currencySymbol');
-      if (getCookie('vtex_session', ctx.headers.cookie)) {
-        // cookie set
-        return fetchAPI(`${base}/api/sessions?${params.toString()}`, {
-          method: 'GET',
-          headers: {
-            'content-type': 'application/json',
-            cookie: ctx.headers.cookie
-          }
-        });
-      } else {
-        // cookie unset -> create session
-        return fetchAPI(`${base}/api/sessions?${params.toString()}`, {
-          method: 'POST',
-          headers: {
-            'content-type': 'application/json',
-            cookie: ctx.headers.cookie
-          },
-          body: '{}'
-        });
-      }
-    },
-    getSessionOrder: () => {
-      return fetchAPI(`${base}/api/sessions?items=public.orderFormId`, {
-        method: 'GET',
+      return fetchAPI(`${base}/api/sessions?${params.toString()}`, {
+        method: 'POST',
         headers: {
           'content-type': 'application/json',
           cookie: ctx.headers.cookie
-        }
+        },
+        body: '{}'
       });
     },
     subscribeToNewsletter: data => {
@@ -524,9 +514,32 @@ const getSimulationLoader = (_, clients) => {
   });
 };
 
+/**
+ * For now, we're using sanitize-html's default set
+ * of allowed tags and attributes, which don't even include img elements
+ *
+ * It is known many client depends on pontentially vulnerable tags, such as script tags
+ * We chose to be restrictive at first, and document those restrictions later.
+ *
+ * When expanding the set of allowed tags and attributes, please consider performance, privacy and security.
+ *
+ * This possibily breaks compatibility with Portal and Store Framework,
+ * which both allows an enormous amount of tags and attributes
+ *
+ * This was a thoughtful decision that can be reviewed in the future given
+ * research was made to back up those changes.
+ */
+const sanitizeHtml = (dirty, options) => sanitizeHtmlLib(dirty, options);
+
+function sanitizeProduct(product) {
+  return {
+    ...product,
+    description: product.description ? sanitizeHtml(product.description) : product.description
+  };
+}
 const enhanceSku = (item, product) => ({
   ...item,
-  isVariantOf: product
+  isVariantOf: sanitizeProduct(product)
 });
 
 class FastStoreError extends Error {
@@ -1029,55 +1042,31 @@ function getPropertyId(item) {
 }
 
 const shouldUpdateShippingData = (orderForm, session) => {
-  var _orderForm$shippingDa;
+  var _orderForm$shippingDa, _orderForm$shippingDa2;
   if (!hasSessionPostalCodeOrGeoCoordinates(session)) {
     return {
       updateShipping: false,
       addressChanged: false
     };
   }
-  const selectedAddress = (_orderForm$shippingDa = orderForm.shippingData) == null ? void 0 : _orderForm$shippingDa.selectedAddresses[0];
-  if (checkPostalCode(selectedAddress, session.postalCode)) {
-    return {
-      updateShipping: true,
-      addressChanged: true
-    };
-  }
-  if (checkGeoCoordinates(selectedAddress, session.geoCoordinates, session.postalCode)) {
+  if (!hasItems(orderForm)) {
     return {
-      updateShipping: true,
-      addressChanged: true
+      updateShipping: false,
+      addressChanged: false
     };
   }
-  if (checkAddressType(selectedAddress, session.addressType)) {
+  const [selectedAddress] = (_orderForm$shippingDa = orderForm == null ? void 0 : (_orderForm$shippingDa2 = orderForm.shippingData) == null ? void 0 : _orderForm$shippingDa2.selectedAddresses) != null ? _orderForm$shippingDa : [];
+  if (checkPostalCode(selectedAddress, session.postalCode) || checkGeoCoordinates(selectedAddress, session.geoCoordinates) || checkAddressType(selectedAddress, session.addressType)) {
     return {
       updateShipping: true,
       addressChanged: true
     };
   }
-  if (!hasItems(orderForm)) {
-    return {
-      updateShipping: false,
-      addressChanged: false
-    };
-  }
   // The logisticsInfo will always exist if there´s at least one item inside the cart
   const {
     logisticsInfo
   } = orderForm.shippingData;
-  if (shouldUpdateDeliveryChannel(logisticsInfo, session)) {
-    return {
-      updateShipping: true,
-      addressChanged: false
-    };
-  }
-  if (shouldUpdateDeliveryMethod(logisticsInfo, session)) {
-    return {
-      updateShipping: true,
-      addressChanged: false
-    };
-  }
-  if (shouldUpdateDeliveryWindow(logisticsInfo, session)) {
+  if (shouldUpdateDeliveryInfo(logisticsInfo, session)) {
     return {
       updateShipping: true,
       addressChanged: false
@@ -1090,15 +1079,16 @@ const shouldUpdateShippingData = (orderForm, session) => {
 };
 // Validate if theres any postal Code or GeoCoordinates set at the session
 const hasSessionPostalCodeOrGeoCoordinates = session => {
-  return !!session.postalCode || session.geoCoordinates && session.geoCoordinates.latitude && session.geoCoordinates.longitude;
+  var _session$geoCoordinat, _session$geoCoordinat2;
+  return !!session.postalCode || ((_session$geoCoordinat = session.geoCoordinates) == null ? void 0 : _session$geoCoordinat.latitude) && ((_session$geoCoordinat2 = session.geoCoordinates) == null ? void 0 : _session$geoCoordinat2.longitude);
 };
 // Validate if theres a difference between the session postal code and orderForm postal code
 const checkPostalCode = (address, postalCode) => {
   return typeof postalCode === 'string' && (address == null ? void 0 : address.postalCode) !== postalCode;
 };
 // Validate if theres a difference between the session geoCoords and orderForm geoCoords
-const checkGeoCoordinates = (address, geoCoordinates, postalCode) => {
-  return typeof (geoCoordinates == null ? void 0 : geoCoordinates.latitude) === 'number' && typeof (geoCoordinates == null ? void 0 : geoCoordinates.longitude) === 'number' && ((address == null ? void 0 : address.geoCoordinates[0]) !== (geoCoordinates == null ? void 0 : geoCoordinates.longitude) || (address == null ? void 0 : address.geoCoordinates[1]) !== (geoCoordinates == null ? void 0 : geoCoordinates.latitude)) && (address == null ? void 0 : address.postalCode) !== postalCode;
+const checkGeoCoordinates = (address, geoCoordinates) => {
+  return typeof (geoCoordinates == null ? void 0 : geoCoordinates.latitude) === 'number' && typeof (geoCoordinates == null ? void 0 : geoCoordinates.longitude) === 'number' && ((address == null ? void 0 : address.geoCoordinates[0]) !== (geoCoordinates == null ? void 0 : geoCoordinates.longitude) || (address == null ? void 0 : address.geoCoordinates[1]) !== (geoCoordinates == null ? void 0 : geoCoordinates.latitude));
 };
 const checkAddressType = (address, addressType) => {
   return typeof addressType === 'string' && (address == null ? void 0 : address.addressType) !== addressType;
@@ -1107,67 +1097,29 @@ const checkAddressType = (address, addressType) => {
 const hasItems = orderForm => {
   return orderForm.items.length !== 0;
 };
-// Validate if the deliveryChannel from the session is different from the selected delivery channel
-// and if so needs to validate if the deliveryChannel for the session is available inside the slas for the item
-const shouldUpdateDeliveryChannel = (logisticsInfo, session) => {
-  var _session$deliveryMode;
-  if (!(session != null && (_session$deliveryMode = session.deliveryMode) != null && _session$deliveryMode.deliveryChannel)) {
-    return false;
-  }
-  const {
-    deliveryChannel
-  } = session.deliveryMode;
-  for (const item of logisticsInfo) {
-    if (item.selectedDeliveryChannel !== deliveryChannel) {
-      const matchingSla = item.slas.find(sla => sla.deliveryChannel === deliveryChannel);
-      if (matchingSla) {
-        return true;
-      }
-    }
-  }
-  return false;
-};
-// Validate if the deliveryMethod from the session is different from the selectedSLA
-// and if so needs to validate if the deliveryMethod for the session is available inside the slas for the item
-const shouldUpdateDeliveryMethod = (logisticsInfo, session) => {
-  var _session$deliveryMode2;
-  if (!(session != null && (_session$deliveryMode2 = session.deliveryMode) != null && _session$deliveryMode2.deliveryMethod)) {
-    return false;
-  }
-  const {
-    deliveryMethod
-  } = session.deliveryMode;
-  for (const item of logisticsInfo) {
-    if (item.selectedSla !== deliveryMethod) {
-      const matchingSla = item.slas.find(sla => sla.id === deliveryMethod);
-      if (matchingSla) {
-        return true;
-      }
-    }
-  }
-  return false;
-};
-// Validate if the deliveryWindow from the session is different from the deliveryWindow of the SLA
-// and if so needs to validate if the deliveryWindow for the session is available inside the availableDeliveryWindows for the item
-const shouldUpdateDeliveryWindow = (logisticsInfo, session) => {
-  var _session$deliveryMode3, _session$deliveryMode4, _session$deliveryMode5, _session$deliveryMode6;
-  if (!(session != null && (_session$deliveryMode3 = session.deliveryMode) != null && (_session$deliveryMode4 = _session$deliveryMode3.deliveryWindow) != null && _session$deliveryMode4.startDate) || !(session != null && (_session$deliveryMode5 = session.deliveryMode) != null && (_session$deliveryMode6 = _session$deliveryMode5.deliveryWindow) != null && _session$deliveryMode6.endDate)) {
-    return false;
-  }
+const shouldUpdateDeliveryInfo = (logisticsInfo, session) => {
+  var _session$deliveryMode, _session$deliveryMode2, _session$deliveryMode3;
+  const deliveryChannel = session == null ? void 0 : (_session$deliveryMode = session.deliveryMode) == null ? void 0 : _session$deliveryMode.deliveryChannel;
+  const deliveryMethod = session == null ? void 0 : (_session$deliveryMode2 = session.deliveryMode) == null ? void 0 : _session$deliveryMode2.deliveryMethod;
   const {
     startDate,
     endDate
-  } = session.deliveryMode.deliveryWindow;
-  for (const item of logisticsInfo) {
-    for (const sla of item.slas) {
-      var _sla$availableDeliver;
-      const matchingWindow = (_sla$availableDeliver = sla.availableDeliveryWindows) == null ? void 0 : _sla$availableDeliver.some(window => window.startDateUtc === startDate && window.endDateUtc === endDate);
-      if (matchingWindow) {
+  } = (session == null ? void 0 : (_session$deliveryMode3 = session.deliveryMode) == null ? void 0 : _session$deliveryMode3.deliveryWindow) || {};
+  return logisticsInfo.some(({
+    selectedDeliveryChannel,
+    selectedSla,
+    slas
+  }) => {
+    const checkDeliveryChannel = deliveryChannel && selectedDeliveryChannel !== deliveryChannel;
+    const checkDeliveryMethod = deliveryMethod && selectedSla !== deliveryMethod;
+    return slas == null ? void 0 : slas.some(sla => {
+      var _sla$deliveryWindow, _sla$deliveryWindow2, _sla$availableDeliver;
+      if (checkDeliveryChannel && sla.deliveryChannel === deliveryChannel || checkDeliveryMethod && sla.id === deliveryMethod) {
         return true;
       }
-    }
-  }
-  return false;
+      return startDate && endDate && sla.deliveryChannel === deliveryChannel && sla.id === deliveryMethod && (!(sla != null && sla.deliveryWindow) || (sla == null ? void 0 : (_sla$deliveryWindow = sla.deliveryWindow) == null ? void 0 : _sla$deliveryWindow.startDateUtc) !== startDate || (sla == null ? void 0 : (_sla$deliveryWindow2 = sla.deliveryWindow) == null ? void 0 : _sla$deliveryWindow2.endDateUtc) !== endDate) && ((_sla$availableDeliver = sla.availableDeliveryWindows) == null ? void 0 : _sla$availableDeliver.some(window => (window == null ? void 0 : window.startDateUtc) === startDate && (window == null ? void 0 : window.endDateUtc) === endDate));
+    });
+  });
 };
 
 const getAddressOrderForm = (orderForm, session, addressChanged) => {
@@ -1301,7 +1253,10 @@ const joinItems = form => {
     items: Object.values(itemsById).map(items => {
       const [item] = items;
       const quantity = items.reduce((acc, i) => acc + i.quantity, 0);
-      const totalPrice = items.reduce((acc, i) => acc + i.quantity * i.sellingPrice, 0);
+      const totalPrice = items.reduce((acc, i) => {
+        var _i$priceDefinition$to, _i$priceDefinition, _i$quantity, _i$sellingPrice;
+        return acc + ((_i$priceDefinition$to = i == null ? void 0 : (_i$priceDefinition = i.priceDefinition) == null ? void 0 : _i$priceDefinition.total) != null ? _i$priceDefinition$to : ((_i$quantity = i == null ? void 0 : i.quantity) != null ? _i$quantity : 0) * ((_i$sellingPrice = i == null ? void 0 : i.sellingPrice) != null ? _i$sellingPrice : 0));
+      }, 0);
       return {
         ...item,
         quantity,
@@ -1360,17 +1315,6 @@ const isOrderFormStale = form => {
   const newEtag = getOrderFormEtag(form);
   return newEtag !== oldEtag;
 };
-async function getOrderNumberFromSession(headers = {}, commerce) {
-  const cookieSession = getCookie('vtex_session', headers.cookie);
-  if (cookieSession) {
-    var _namespaces$public$or, _namespaces$public, _namespaces$public$or2;
-    const {
-      namespaces
-    } = await commerce.getSessionOrder();
-    return (_namespaces$public$or = (_namespaces$public = namespaces.public) == null ? void 0 : (_namespaces$public$or2 = _namespaces$public.orderFormId) == null ? void 0 : _namespaces$public$or2.value) != null ? _namespaces$public$or : undefined;
-  }
-  return;
-}
 // Returns the regionalized orderForm
 const getOrderForm = async (id, {
   clients: {
@@ -1442,9 +1386,8 @@ const validateCart = async (_, {
   },
   session
 }, ctx) => {
-  var _ref;
   const {
-    orderNumber: orderNumberFromCart,
+    orderNumber,
     acceptedOffer,
     shouldSplitItem
   } = order;
@@ -1454,8 +1397,7 @@ const validateCart = async (_, {
     },
     loaders: {
       skuLoader
-    },
-    headers
+    }
   } = ctx;
   const channel = session == null ? void 0 : session.channel;
   const locale = session == null ? void 0 : session.locale;
@@ -1465,19 +1407,9 @@ const validateCart = async (_, {
   if (locale) {
     mutateLocaleContext(ctx, locale);
   }
-  const orderNumberFromSession = await getOrderNumberFromSession(headers, commerce);
-  const orderNumber = (_ref = orderNumberFromSession != null ? orderNumberFromSession : orderNumberFromCart) != null ? _ref : '';
   // Step1: Get OrderForm from VTEX Commerce
   const orderForm = await getOrderForm(orderNumber, ctx);
-  // Step1.1: Checks if the orderForm id has changed. There are three cases for this:
-  // Social Selling: the vtex_session cookie contains a new orderForm id with Social Selling data
-  // My Orders: the customer clicks on reordering through generating a new cart and when returning to the faststore, this information needs to be returned by vtex_session cookie.
-  // New session: a new user enters the website and has no orderForm attributed to it (has no relation to the vtex_session cookie).
-  // In all cases, the origin orderForm should replace the copy that's in the browser
-  if (orderForm.orderFormId != orderNumberFromCart) {
-    return orderFormToCart(orderForm, skuLoader);
-  }
-  // Step1.2: Check if another system changed the orderForm with this orderNumber
+  // Step1.5: Check if another system changed the orderForm with this orderNumber
   // If so, this means the user interacted with this cart elsewhere and expects
   // to see this new cart state instead of what's stored on the user's browser.
   const isStale = isOrderFormStale(orderForm);