@faststore/api 2.2.0-alpha.0 → 2.2.0-alpha.10

package/dist/index.d.ts

@@ -124,7 +124,7 @@ export declare const getResolvers: (options: Options) => {
                     parentAssemblyBinding: import("./__generated__/schema").Maybe<string>;
                     productCategoryIds: string;
                     priceTags: string[];
-                    manualPrice: number;
+                    manualPrice: number | null;
                     measurementUnit: string;
                     additionalInfo: {
                         brandName: string;
@@ -139,7 +139,7 @@ export declare const getResolvers: (options: Options) => {
                     sellerChain: string[];
                     availability: string;
                     unitMultiplier: number;
-                    skuSpecifications: import("./platforms/vtex/clients/commerce/types/OrderForm").SKUSpecification[];
+                    skuSpecifications?: import("./platforms/vtex/clients/commerce/types/OrderForm").SKUSpecification[] | null | undefined;
                     priceDefinition: {
                         calculatedSellingPrice: number;
                         sellingPrices: import("./platforms/vtex/clients/commerce/types/OrderForm").SellingPrice[];

package/dist/platforms/vtex/clients/commerce/index.d.ts

@@ -64,7 +64,6 @@ export declare const VtexCommerce: ({ account, environment, incrementAddress }:
         address: ({ postalCode, country, }: AddressInput) => Promise<Address>;
     };
     session: (search: string) => Promise<Session>;
-    getSessionOrder: () => Promise<Session>;
     subscribeToNewsletter: (data: {
         name: string;
         email: string;

package/dist/platforms/vtex/clients/commerce/types/OrderForm.d.ts

@@ -31,7 +31,7 @@ export interface OrderFormItem {
     parentAssemblyBinding: string | null;
     productCategoryIds: string;
     priceTags: string[];
-    manualPrice: number;
+    manualPrice: number | null;
     measurementUnit: string;
     additionalInfo: {
         brandName: string;
@@ -46,7 +46,7 @@ export interface OrderFormItem {
     sellerChain: string[];
     availability: string;
     unitMultiplier: number;
-    skuSpecifications: SKUSpecification[];
+    skuSpecifications?: SKUSpecification[] | null;
     priceDefinition: {
         calculatedSellingPrice: number;
         sellingPrices: SellingPrice[];
@@ -127,7 +127,7 @@ export interface OrderForm {
             currencyGroupSize: number;
             startsWithCurrencySymbol: boolean;
         };
-        currencyLocale: string;
+        currencyLocale: number;
         currencySymbol: string;
         saveUserData: boolean;
         timeZone: string;
@@ -138,7 +138,7 @@ export interface OrderForm {
     customData: OrderFormCustomData | null;
     itemMetadata: {
         items: MetadataItem[];
-    };
+    } | null;
     hooksData: any | null;
     ratesAndBenefitsData: {
         rateAndBenefitsIdentifiers: any[];
@@ -217,21 +217,21 @@ export interface PaymentData {
     availableTokens: any[];
 }
 export interface ClientProfileData {
-    email: string;
-    firstName: string;
-    lastName: string;
-    document: string;
-    documentType: string;
-    phone: string;
-    corporateName: string;
-    tradeName: string;
-    corporateDocument: string;
-    stateInscription: string;
-    corporatePhone: string;
+    email: string | null;
+    firstName: string | null;
+    lastName: string | null;
+    document: string | null;
+    documentType: string | null;
+    phone: string | null;
+    corporateName: string | null;
+    tradeName: string | null;
+    corporateDocument: string | null;
+    stateInscription: string | null;
+    corporatePhone: string | null;
     isCorporate: boolean;
     profileCompleteOnLoading: boolean;
     profileErrorOnLoading: boolean;
-    customerClass: string;
+    customerClass: string | null;
 }
 export interface ShippingData {
     address: CheckoutAddress | null;
@@ -295,7 +295,7 @@ export interface AvailableDeliveryWindows {
     startDateUtc: string;
     endDateUtc: string;
     price: number;
-    listPrice: number;
+    lisPrice?: number;
     tax: number;
 }
 export interface DeliveryId {

package/dist/platforms/vtex/clients/index.d.ts

@@ -57,7 +57,6 @@ export declare const getClients: (options: Options, ctx: Context) => {
             address: ({ postalCode, country, }: import("./commerce/types/Address").AddressInput) => Promise<import("./commerce/types/Address").Address>;
         };
         session: (search: string) => Promise<import("./commerce/types/Session").Session>;
-        getSessionOrder: () => Promise<import("./commerce/types/Session").Session>;
         subscribeToNewsletter: (data: {
             name: string;
             email: string;

package/dist/platforms/vtex/index.d.ts

@@ -152,7 +152,7 @@ export declare const getResolvers: (_: Options) => {
                     parentAssemblyBinding: string | null;
                     productCategoryIds: string;
                     priceTags: string[];
-                    manualPrice: number;
+                    manualPrice: number | null;
                     measurementUnit: string;
                     additionalInfo: {
                         brandName: string;
@@ -167,7 +167,7 @@ export declare const getResolvers: (_: Options) => {
                     sellerChain: string[];
                     availability: string;
                     unitMultiplier: number;
-                    skuSpecifications: import("./clients/commerce/types/OrderForm").SKUSpecification[];
+                    skuSpecifications?: import("./clients/commerce/types/OrderForm").SKUSpecification[] | null | undefined;
                     priceDefinition: {
                         calculatedSellingPrice: number;
                         sellingPrices: import("./clients/commerce/types/OrderForm").SellingPrice[];

package/dist/platforms/vtex/resolvers/mutation.d.ts

@@ -25,7 +25,7 @@ export declare const Mutation: {
                 parentAssemblyBinding: string | null;
                 productCategoryIds: string;
                 priceTags: string[];
-                manualPrice: number;
+                manualPrice: number | null;
                 measurementUnit: string;
                 additionalInfo: {
                     brandName: string;
@@ -40,7 +40,7 @@ export declare const Mutation: {
                 sellerChain: string[];
                 availability: string;
                 unitMultiplier: number;
-                skuSpecifications: import("../clients/commerce/types/OrderForm").SKUSpecification[];
+                skuSpecifications?: import("../clients/commerce/types/OrderForm").SKUSpecification[] | null | undefined;
                 priceDefinition: {
                     calculatedSellingPrice: number;
                     sellingPrices: import("../clients/commerce/types/OrderForm").SellingPrice[];

package/dist/platforms/vtex/resolvers/validateCart.d.ts

@@ -39,7 +39,7 @@ export declare const validateCart: (_: unknown, { cart: { order }, session }: Mu
             parentAssemblyBinding: string | null;
             productCategoryIds: string;
             priceTags: string[];
-            manualPrice: number;
+            manualPrice: number | null;
             measurementUnit: string;
             additionalInfo: {
                 brandName: string;
@@ -54,7 +54,7 @@ export declare const validateCart: (_: unknown, { cart: { order }, session }: Mu
             sellerChain: string[];
             availability: string;
             unitMultiplier: number;
-            skuSpecifications: import("../clients/commerce/types/OrderForm").SKUSpecification[];
+            skuSpecifications?: import("../clients/commerce/types/OrderForm").SKUSpecification[] | null | undefined;
             priceDefinition: {
                 calculatedSellingPrice: number;
                 sellingPrices: import("../clients/commerce/types/OrderForm").SellingPrice[];

package/dist/platforms/vtex/utils/sanitizeHtml.d.ts

@@ -0,0 +1,17 @@
+import sanitizeHtmlLib from 'sanitize-html';
+/**
+ * For now, we're using sanitize-html's default set
+ * of allowed tags and attributes, which don't even include img elements
+ *
+ * It is known many client depends on pontentially vulnerable tags, such as script tags
+ * We chose to be restrictive at first, and document those restrictions later.
+ *
+ * When expanding the set of allowed tags and attributes, please consider performance, privacy and security.
+ *
+ * This possibily breaks compatibility with Portal and Store Framework,
+ * which both allows an enormous amount of tags and attributes
+ *
+ * This was a thoughtful decision that can be reviewed in the future given
+ * research was made to back up those changes.
+ */
+export declare const sanitizeHtml: (dirty: Parameters<typeof sanitizeHtmlLib>[0], options?: Parameters<typeof sanitizeHtmlLib>[1]) => string;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@faststore/api",
-  "version": "2.2.0-alpha.0",
+  "version": "2.2.0-alpha.10",
   "license": "MIT",
   "main": "dist/index.js",
   "typings": "dist/index.d.ts",
@@ -32,15 +32,17 @@
     "dataloader": "^2.1.0",
     "fast-deep-equal": "^3.1.3",
     "isomorphic-unfetch": "^3.1.0",
-    "p-limit": "^3.1.0"
+    "p-limit": "^3.1.0",
+    "sanitize-html": "^2.11.0"
   },
   "devDependencies": {
     "@envelop/core": "^2.6.0",
-    "@faststore/eslint-config": "^2.2.0-alpha.0",
-    "@faststore/shared": "^2.2.0-alpha.0",
+    "@faststore/eslint-config": "^2.2.0-alpha.10",
+    "@faststore/shared": "^2.2.0-alpha.10",
     "@graphql-codegen/cli": "2.2.0",
     "@graphql-codegen/typescript": "2.2.2",
     "@types/express": "^4.17.16",
+    "@types/sanitize-html": "^2.9.1",
     "concurrently": "^6.2.1",
     "eslint": "7.32.0",
     "express": "^4.17.3",
@@ -56,5 +58,5 @@
     "@envelop/core": "^1 || ^2",
     "graphql": "^15.6.0"
   },
-  "gitHead": "356e52b6eae13cc4000c6915985009d45e7ae0c6"
+  "gitHead": "183808da50c3c697de08a478918d1da1dcd8d938"
 }

package/src/platforms/vtex/clients/commerce/index.ts

@@ -15,7 +15,6 @@ import type {
 } from './types/Simulation'
 import type { Session } from './types/Session'
 import type { Channel } from '../../utils/channel'
-import { getCookie } from '../../utils/getCookies'
 import type { SalesChannel } from './types/SalesChannel'
 import { MasterDataResponse } from './types/Newsletter'
 import type { Address, AddressInput } from './types/Address'
@@ -122,7 +121,6 @@ export const VtexCommerce = (
           selectedAddresses: selectedAddresses,
           clearAddressIfPostalCodeNotFound: incrementAddress,
         }
-
         return fetchAPI(
           `${base}/api/checkout/pub/orderForm/${id}/attachments/shippingData`,
           {
@@ -131,7 +129,7 @@ export const VtexCommerce = (
             headers: {
               'content-type': 'application/json',
               cookie: ctx.headers.cookie,
-            }
+            },
           }
         )
       },
@@ -150,10 +148,19 @@ export const VtexCommerce = (
           refreshOutdatedData: refreshOutdatedData.toString(),
           sc: salesChannel,
         })
+        const requestInit: RequestInit = ctx.headers
+          ? {
+              ...BASE_INIT,
+              headers: {
+                'content-type': 'application/json',
+                cookie: ctx.headers.cookie,
+              },
+            }
+          : BASE_INIT
 
         return fetchAPI(
           `${base}/api/checkout/pub/orderForm/${id}?${params.toString()}`,
-          BASE_INIT
+          requestInit
         )
       },
       updateOrderFormItems: ({
@@ -174,16 +181,31 @@ export const VtexCommerce = (
           sc: salesChannel,
         })
 
+        const items = JSON.stringify({
+          orderItems,
+          noSplitItem: !shouldSplitItem,
+        })
+
+        const requestInit: RequestInit = ctx.headers
+          ? {
+              headers: {
+                'content-type': 'application/json',
+                cookie: ctx.headers.cookie,
+              },
+              body: items,
+              method: 'PATCH',
+            }
+          : {
+              headers: {
+                'content-type': 'application/json',
+              },
+              body: items,
+              method: 'PATCH',
+            }
+
         return fetchAPI(
           `${base}/api/checkout/pub/orderForm/${id}/items?${params}`,
-          {
-            ...BASE_INIT,
-            body: JSON.stringify({
-              orderItems,
-              noSplitItem: !shouldSplitItem,
-            }),
-            method: 'PATCH',
-          }
+          requestInit
         )
       },
       setCustomData: ({
@@ -243,34 +265,13 @@ export const VtexCommerce = (
         'items',
         'profile.id,profile.email,profile.firstName,profile.lastName,store.channel,store.countryCode,store.cultureInfo,store.currencyCode,store.currencySymbol'
       )
-      if (getCookie('vtex_session', ctx.headers.cookie)) {
-        // cookie set
-        return fetchAPI(`${base}/api/sessions?${params.toString()}`, {
-          method: 'GET',
-          headers: {
-            'content-type': 'application/json',
-            cookie: ctx.headers.cookie,
-          },
-        })
-      } else {
-        // cookie unset -> create session
-        return fetchAPI(`${base}/api/sessions?${params.toString()}`, {
-          method: 'POST',
-          headers: {
-            'content-type': 'application/json',
-            cookie: ctx.headers.cookie,
-          },
-          body: '{}',
-        })
-      }
-    },
-    getSessionOrder: (): Promise<Session> => {
-      return fetchAPI(`${base}/api/sessions?items=public.orderFormId`, {
-        method: 'GET',
+      return fetchAPI(`${base}/api/sessions?${params.toString()}`, {
+        method: 'POST',
         headers: {
           'content-type': 'application/json',
           cookie: ctx.headers.cookie,
         },
+        body: '{}',
       })
     },
     subscribeToNewsletter: (data: {

package/src/platforms/vtex/clients/commerce/types/OrderForm.ts

@@ -33,7 +33,7 @@ export interface OrderFormItem {
   parentAssemblyBinding: string | null
   productCategoryIds: string
   priceTags: string[]
-  manualPrice: number
+  manualPrice: number | null
   measurementUnit: string
   additionalInfo: {
     brandName: string
@@ -48,7 +48,7 @@ export interface OrderFormItem {
   sellerChain: string[]
   availability: string
   unitMultiplier: number
-  skuSpecifications: SKUSpecification[]
+  skuSpecifications?: SKUSpecification[] | null
   priceDefinition: {
     calculatedSellingPrice: number
     sellingPrices: SellingPrice[]
@@ -135,7 +135,7 @@ export interface OrderForm {
       currencyGroupSize: number
       startsWithCurrencySymbol: boolean
     }
-    currencyLocale: string
+    currencyLocale: number
     currencySymbol: string
     saveUserData: boolean
     timeZone: string
@@ -146,7 +146,7 @@ export interface OrderForm {
   customData: OrderFormCustomData | null
   itemMetadata: {
     items: MetadataItem[]
-  }
+  } | null
   hooksData: any | null
   ratesAndBenefitsData: {
     rateAndBenefitsIdentifiers: any[]
@@ -229,21 +229,21 @@ export interface PaymentData {
 }
 
 export interface ClientProfileData {
-  email: string
-  firstName: string
-  lastName: string
-  document: string
-  documentType: string
-  phone: string
-  corporateName: string
-  tradeName: string
-  corporateDocument: string
-  stateInscription: string
-  corporatePhone: string
+  email: string | null
+  firstName: string | null
+  lastName: string | null
+  document: string | null
+  documentType: string | null
+  phone: string | null
+  corporateName: string | null
+  tradeName: string | null
+  corporateDocument: string | null
+  stateInscription: string | null
+  corporatePhone: string | null
   isCorporate: boolean
   profileCompleteOnLoading: boolean
   profileErrorOnLoading: boolean
-  customerClass: string
+  customerClass: string | null
 }
 
 export interface ShippingData {
@@ -314,7 +314,7 @@ export interface AvailableDeliveryWindows {
   startDateUtc: string,
   endDateUtc: string,
   price: number,
-  listPrice: number,
+  lisPrice?: number,
   tax: number,
 }
 

package/src/platforms/vtex/index.ts

@@ -35,7 +35,7 @@ export interface Options {
   channel: string
   locale: string
   hideUnavailableItems: boolean
-  incrementAddress: boolean,
+  incrementAddress: boolean
   flags?: FeatureFlags
 }
 

package/src/platforms/vtex/resolvers/validateCart.ts

@@ -1,7 +1,6 @@
 import deepEquals from 'fast-deep-equal'
 
 import { mutateChannelContext, mutateLocaleContext } from '../utils/contex'
-import { getCookie } from '../utils/getCookies'
 import { md5 } from '../utils/md5'
 import {
   attachmentToPropertyValue,
@@ -128,7 +127,10 @@ const joinItems = (form: OrderForm) => {
       const [item] = items
       const quantity = items.reduce((acc, i) => acc + i.quantity, 0)
       const totalPrice = items.reduce(
-        (acc, i) => acc + i.quantity * i.sellingPrice,
+        (acc, i) =>
+          acc +
+          (i?.priceDefinition?.total ??
+            (i?.quantity ?? 0) * (i?.sellingPrice ?? 0)),
         0
       )
 
@@ -205,19 +207,6 @@ const isOrderFormStale = (form: OrderForm) => {
   return newEtag !== oldEtag
 }
 
-async function getOrderNumberFromSession(
-  headers: Record<string, string> = {},
-  commerce: Context['clients']['commerce']
-) {
-  const cookieSession = getCookie('vtex_session', headers.cookie)
-
-  if (cookieSession) {
-    const { namespaces } = await commerce.getSessionOrder()
-    return namespaces.public?.orderFormId?.value ?? undefined
-  }
-  return
-}
-
 // Returns the regionalized orderForm
 const getOrderForm = async (id: string, { clients: { commerce } }: Context) => {
   return commerce.checkout.orderForm({
@@ -301,15 +290,10 @@ export const validateCart = async (
   { cart: { order }, session }: MutationValidateCartArgs,
   ctx: Context
 ) => {
-  const {
-    orderNumber: orderNumberFromCart,
-    acceptedOffer,
-    shouldSplitItem,
-  } = order
+  const { orderNumber, acceptedOffer, shouldSplitItem } = order
   const {
     clients: { commerce },
     loaders: { skuLoader },
-    headers,
   } = ctx
 
   const channel = session?.channel
@@ -323,25 +307,10 @@ export const validateCart = async (
     mutateLocaleContext(ctx, locale)
   }
 
-  const orderNumberFromSession = await getOrderNumberFromSession(
-    headers,
-    commerce
-  )
-  const orderNumber = orderNumberFromSession ?? orderNumberFromCart ?? ''
-
   // Step1: Get OrderForm from VTEX Commerce
   const orderForm = await getOrderForm(orderNumber, ctx)
 
-  // Step1.1: Checks if the orderForm id has changed. There are three cases for this:
-  // Social Selling: the vtex_session cookie contains a new orderForm id with Social Selling data
-  // My Orders: the customer clicks on reordering through generating a new cart and when returning to the faststore, this information needs to be returned by vtex_session cookie.
-  // New session: a new user enters the website and has no orderForm attributed to it (has no relation to the vtex_session cookie).
-  // In all cases, the origin orderForm should replace the copy that's in the browser
-  if (orderForm.orderFormId != orderNumberFromCart) {
-    return orderFormToCart(orderForm, skuLoader)
-  }
-
-  // Step1.2: Check if another system changed the orderForm with this orderNumber
+  // Step1.5: Check if another system changed the orderForm with this orderNumber
   // If so, this means the user interacted with this cart elsewhere and expects
   // to see this new cart state instead of what's stored on the user's browser.
   const isStale = isOrderFormStale(orderForm)
@@ -403,7 +372,6 @@ export const validateCart = async (
   if (changes.length === 0) {
     return null
   }
-
   // Step4: Apply delta changes to order form
   const updatedOrderForm = await commerce.checkout
     // update orderForm items

package/src/platforms/vtex/utils/enhanceSku.ts

@@ -1,8 +1,18 @@
 import type { Product, Item } from '../clients/search/types/ProductSearchResult'
+import { sanitizeHtml } from './sanitizeHtml'
 
 export type EnhancedSku = Item & { isVariantOf: Product }
 
+function sanitizeProduct(product: Product): Product {
+  return {
+    ...product,
+    description: product.description
+      ? sanitizeHtml(product.description)
+      : product.description,
+  }
+}
+
 export const enhanceSku = (item: Item, product: Product): EnhancedSku => ({
   ...item,
-  isVariantOf: product,
+  isVariantOf: sanitizeProduct(product),
 })

package/src/platforms/vtex/utils/sanitizeHtml.ts

@@ -0,0 +1,21 @@
+import sanitizeHtmlLib from 'sanitize-html'
+
+/**
+ * For now, we're using sanitize-html's default set
+ * of allowed tags and attributes, which don't even include img elements
+ *
+ * It is known many client depends on pontentially vulnerable tags, such as script tags
+ * We chose to be restrictive at first, and document those restrictions later.
+ *
+ * When expanding the set of allowed tags and attributes, please consider performance, privacy and security.
+ *
+ * This possibily breaks compatibility with Portal and Store Framework,
+ * which both allows an enormous amount of tags and attributes
+ *
+ * This was a thoughtful decision that can be reviewed in the future given
+ * research was made to back up those changes.
+ */
+export const sanitizeHtml = (
+  dirty: Parameters<typeof sanitizeHtmlLib>[0],
+  options?: Parameters<typeof sanitizeHtmlLib>[1]
+) => sanitizeHtmlLib(dirty, options)