@faststore/api 2.2.0-alpha.1 → 2.2.0-alpha.12

package/dist/api.cjs.development.js

@@ -6,6 +6,7 @@ var schema = require('@graphql-tools/schema');
 var fetch = _interopDefault(require('isomorphic-unfetch'));
 var DataLoader = _interopDefault(require('dataloader'));
 var pLimit = _interopDefault(require('p-limit'));
+var sanitizeHtmlLib = _interopDefault(require('sanitize-html'));
 var deepEquals = _interopDefault(require('fast-deep-equal'));
 var crypto = _interopDefault(require('crypto'));
 var graphql = require('graphql');
@@ -22,7 +23,7 @@ var api = require('@opentelemetry/api');
 var apiLogs = require('@opentelemetry/api-logs');
 
 var name = "@faststore/api";
-var version = "2.2.0-alpha.0";
+var version = "2.2.0-alpha.10";
 var license = "MIT";
 var main = "dist/index.js";
 var typings = "dist/index.d.ts";
@@ -54,15 +55,17 @@ var dependencies = {
 	dataloader: "^2.1.0",
 	"fast-deep-equal": "^3.1.3",
 	"isomorphic-unfetch": "^3.1.0",
-	"p-limit": "^3.1.0"
+	"p-limit": "^3.1.0",
+	"sanitize-html": "^2.11.0"
 };
 var devDependencies = {
 	"@envelop/core": "^2.6.0",
-	"@faststore/eslint-config": "^2.2.0-alpha.0",
-	"@faststore/shared": "^2.2.0-alpha.0",
+	"@faststore/eslint-config": "^2.2.0-alpha.10",
+	"@faststore/shared": "^2.2.0-alpha.10",
 	"@graphql-codegen/cli": "2.2.0",
 	"@graphql-codegen/typescript": "2.2.2",
 	"@types/express": "^4.17.16",
+	"@types/sanitize-html": "^2.9.1",
 	concurrently: "^6.2.1",
 	eslint: "7.32.0",
 	express: "^4.17.3",
@@ -205,7 +208,14 @@ const VtexCommerce = ({
           refreshOutdatedData: refreshOutdatedData.toString(),
           sc: salesChannel
         });
-        return fetchAPI(`${base}/api/checkout/pub/orderForm/${id}?${params.toString()}`, BASE_INIT);
+        const requestInit = ctx.headers ? {
+          ...BASE_INIT,
+          headers: {
+            'content-type': 'application/json',
+            cookie: ctx.headers.cookie
+          }
+        } : BASE_INIT;
+        return fetchAPI(`${base}/api/checkout/pub/orderForm/${id}?${params.toString()}`, requestInit);
       },
       updateOrderFormItems: ({
         id,
@@ -218,14 +228,25 @@ const VtexCommerce = ({
           allowOutdatedData,
           sc: salesChannel
         });
-        return fetchAPI(`${base}/api/checkout/pub/orderForm/${id}/items?${params}`, {
-          ...BASE_INIT,
-          body: JSON.stringify({
-            orderItems,
-            noSplitItem: !shouldSplitItem
-          }),
-          method: 'PATCH'
+        const items = JSON.stringify({
+          orderItems,
+          noSplitItem: !shouldSplitItem
         });
+        const requestInit = ctx.headers ? {
+          headers: {
+            'content-type': 'application/json',
+            cookie: ctx.headers.cookie
+          },
+          body: items,
+          method: 'PATCH'
+        } : {
+          headers: {
+            'content-type': 'application/json'
+          },
+          body: items,
+          method: 'PATCH'
+        };
+        return fetchAPI(`${base}/api/checkout/pub/orderForm/${id}/items?${params}`, requestInit);
       },
       setCustomData: ({
         id,
@@ -497,9 +518,32 @@ const getSimulationLoader = (_, clients) => {
   });
 };
 
+/**
+ * For now, we're using sanitize-html's default set
+ * of allowed tags and attributes, which don't even include img elements
+ *
+ * It is known many client depends on pontentially vulnerable tags, such as script tags
+ * We chose to be restrictive at first, and document those restrictions later.
+ *
+ * When expanding the set of allowed tags and attributes, please consider performance, privacy and security.
+ *
+ * This possibily breaks compatibility with Portal and Store Framework,
+ * which both allows an enormous amount of tags and attributes
+ *
+ * This was a thoughtful decision that can be reviewed in the future given
+ * research was made to back up those changes.
+ */
+const sanitizeHtml = (dirty, options) => sanitizeHtmlLib(dirty, options);
+
+function sanitizeProduct(product) {
+  return {
+    ...product,
+    description: product.description ? sanitizeHtml(product.description) : product.description
+  };
+}
 const enhanceSku = (item, product) => ({
   ...item,
-  isVariantOf: product
+  isVariantOf: sanitizeProduct(product)
 });
 
 class FastStoreError extends Error {
@@ -1002,55 +1046,31 @@ function getPropertyId(item) {
 }
 
 const shouldUpdateShippingData = (orderForm, session) => {
-  var _orderForm$shippingDa;
+  var _orderForm$shippingDa, _orderForm$shippingDa2;
   if (!hasSessionPostalCodeOrGeoCoordinates(session)) {
     return {
       updateShipping: false,
       addressChanged: false
     };
   }
-  const selectedAddress = (_orderForm$shippingDa = orderForm.shippingData) == null ? void 0 : _orderForm$shippingDa.selectedAddresses[0];
-  if (checkPostalCode(selectedAddress, session.postalCode)) {
-    return {
-      updateShipping: true,
-      addressChanged: true
-    };
-  }
-  if (checkGeoCoordinates(selectedAddress, session.geoCoordinates, session.postalCode)) {
+  if (!hasItems(orderForm)) {
     return {
-      updateShipping: true,
-      addressChanged: true
+      updateShipping: false,
+      addressChanged: false
     };
   }
-  if (checkAddressType(selectedAddress, session.addressType)) {
+  const [selectedAddress] = (_orderForm$shippingDa = orderForm == null ? void 0 : (_orderForm$shippingDa2 = orderForm.shippingData) == null ? void 0 : _orderForm$shippingDa2.selectedAddresses) != null ? _orderForm$shippingDa : [];
+  if (checkPostalCode(selectedAddress, session.postalCode) || checkGeoCoordinates(selectedAddress, session.geoCoordinates) || checkAddressType(selectedAddress, session.addressType)) {
     return {
       updateShipping: true,
       addressChanged: true
     };
   }
-  if (!hasItems(orderForm)) {
-    return {
-      updateShipping: false,
-      addressChanged: false
-    };
-  }
   // The logisticsInfo will always exist if there´s at least one item inside the cart
   const {
     logisticsInfo
   } = orderForm.shippingData;
-  if (shouldUpdateDeliveryChannel(logisticsInfo, session)) {
-    return {
-      updateShipping: true,
-      addressChanged: false
-    };
-  }
-  if (shouldUpdateDeliveryMethod(logisticsInfo, session)) {
-    return {
-      updateShipping: true,
-      addressChanged: false
-    };
-  }
-  if (shouldUpdateDeliveryWindow(logisticsInfo, session)) {
+  if (shouldUpdateDeliveryInfo(logisticsInfo, session)) {
     return {
       updateShipping: true,
       addressChanged: false
@@ -1063,15 +1083,16 @@ const shouldUpdateShippingData = (orderForm, session) => {
 };
 // Validate if theres any postal Code or GeoCoordinates set at the session
 const hasSessionPostalCodeOrGeoCoordinates = session => {
-  return !!session.postalCode || session.geoCoordinates && session.geoCoordinates.latitude && session.geoCoordinates.longitude;
+  var _session$geoCoordinat, _session$geoCoordinat2;
+  return !!session.postalCode || ((_session$geoCoordinat = session.geoCoordinates) == null ? void 0 : _session$geoCoordinat.latitude) && ((_session$geoCoordinat2 = session.geoCoordinates) == null ? void 0 : _session$geoCoordinat2.longitude);
 };
 // Validate if theres a difference between the session postal code and orderForm postal code
 const checkPostalCode = (address, postalCode) => {
   return typeof postalCode === 'string' && (address == null ? void 0 : address.postalCode) !== postalCode;
 };
 // Validate if theres a difference between the session geoCoords and orderForm geoCoords
-const checkGeoCoordinates = (address, geoCoordinates, postalCode) => {
-  return typeof (geoCoordinates == null ? void 0 : geoCoordinates.latitude) === 'number' && typeof (geoCoordinates == null ? void 0 : geoCoordinates.longitude) === 'number' && ((address == null ? void 0 : address.geoCoordinates[0]) !== (geoCoordinates == null ? void 0 : geoCoordinates.longitude) || (address == null ? void 0 : address.geoCoordinates[1]) !== (geoCoordinates == null ? void 0 : geoCoordinates.latitude)) && (address == null ? void 0 : address.postalCode) !== postalCode;
+const checkGeoCoordinates = (address, geoCoordinates) => {
+  return typeof (geoCoordinates == null ? void 0 : geoCoordinates.latitude) === 'number' && typeof (geoCoordinates == null ? void 0 : geoCoordinates.longitude) === 'number' && ((address == null ? void 0 : address.geoCoordinates[0]) !== (geoCoordinates == null ? void 0 : geoCoordinates.longitude) || (address == null ? void 0 : address.geoCoordinates[1]) !== (geoCoordinates == null ? void 0 : geoCoordinates.latitude));
 };
 const checkAddressType = (address, addressType) => {
   return typeof addressType === 'string' && (address == null ? void 0 : address.addressType) !== addressType;
@@ -1080,67 +1101,29 @@ const checkAddressType = (address, addressType) => {
 const hasItems = orderForm => {
   return orderForm.items.length !== 0;
 };
-// Validate if the deliveryChannel from the session is different from the selected delivery channel
-// and if so needs to validate if the deliveryChannel for the session is available inside the slas for the item
-const shouldUpdateDeliveryChannel = (logisticsInfo, session) => {
-  var _session$deliveryMode;
-  if (!(session != null && (_session$deliveryMode = session.deliveryMode) != null && _session$deliveryMode.deliveryChannel)) {
-    return false;
-  }
-  const {
-    deliveryChannel
-  } = session.deliveryMode;
-  for (const item of logisticsInfo) {
-    if (item.selectedDeliveryChannel !== deliveryChannel) {
-      const matchingSla = item.slas.find(sla => sla.deliveryChannel === deliveryChannel);
-      if (matchingSla) {
-        return true;
-      }
-    }
-  }
-  return false;
-};
-// Validate if the deliveryMethod from the session is different from the selectedSLA
-// and if so needs to validate if the deliveryMethod for the session is available inside the slas for the item
-const shouldUpdateDeliveryMethod = (logisticsInfo, session) => {
-  var _session$deliveryMode2;
-  if (!(session != null && (_session$deliveryMode2 = session.deliveryMode) != null && _session$deliveryMode2.deliveryMethod)) {
-    return false;
-  }
-  const {
-    deliveryMethod
-  } = session.deliveryMode;
-  for (const item of logisticsInfo) {
-    if (item.selectedSla !== deliveryMethod) {
-      const matchingSla = item.slas.find(sla => sla.id === deliveryMethod);
-      if (matchingSla) {
-        return true;
-      }
-    }
-  }
-  return false;
-};
-// Validate if the deliveryWindow from the session is different from the deliveryWindow of the SLA
-// and if so needs to validate if the deliveryWindow for the session is available inside the availableDeliveryWindows for the item
-const shouldUpdateDeliveryWindow = (logisticsInfo, session) => {
-  var _session$deliveryMode3, _session$deliveryMode4, _session$deliveryMode5, _session$deliveryMode6;
-  if (!(session != null && (_session$deliveryMode3 = session.deliveryMode) != null && (_session$deliveryMode4 = _session$deliveryMode3.deliveryWindow) != null && _session$deliveryMode4.startDate) || !(session != null && (_session$deliveryMode5 = session.deliveryMode) != null && (_session$deliveryMode6 = _session$deliveryMode5.deliveryWindow) != null && _session$deliveryMode6.endDate)) {
-    return false;
-  }
+const shouldUpdateDeliveryInfo = (logisticsInfo, session) => {
+  var _session$deliveryMode, _session$deliveryMode2, _session$deliveryMode3;
+  const deliveryChannel = session == null ? void 0 : (_session$deliveryMode = session.deliveryMode) == null ? void 0 : _session$deliveryMode.deliveryChannel;
+  const deliveryMethod = session == null ? void 0 : (_session$deliveryMode2 = session.deliveryMode) == null ? void 0 : _session$deliveryMode2.deliveryMethod;
   const {
     startDate,
     endDate
-  } = session.deliveryMode.deliveryWindow;
-  for (const item of logisticsInfo) {
-    for (const sla of item.slas) {
-      var _sla$availableDeliver;
-      const matchingWindow = (_sla$availableDeliver = sla.availableDeliveryWindows) == null ? void 0 : _sla$availableDeliver.some(window => window.startDateUtc === startDate && window.endDateUtc === endDate);
-      if (matchingWindow) {
+  } = (session == null ? void 0 : (_session$deliveryMode3 = session.deliveryMode) == null ? void 0 : _session$deliveryMode3.deliveryWindow) || {};
+  return logisticsInfo.some(({
+    selectedDeliveryChannel,
+    selectedSla,
+    slas
+  }) => {
+    const checkDeliveryChannel = deliveryChannel && selectedDeliveryChannel !== deliveryChannel;
+    const checkDeliveryMethod = deliveryMethod && selectedSla !== deliveryMethod;
+    return slas == null ? void 0 : slas.some(sla => {
+      var _sla$deliveryWindow, _sla$deliveryWindow2, _sla$availableDeliver;
+      if (checkDeliveryChannel && sla.deliveryChannel === deliveryChannel || checkDeliveryMethod && sla.id === deliveryMethod) {
         return true;
       }
-    }
-  }
-  return false;
+      return startDate && endDate && sla.deliveryChannel === deliveryChannel && sla.id === deliveryMethod && (!(sla != null && sla.deliveryWindow) || (sla == null ? void 0 : (_sla$deliveryWindow = sla.deliveryWindow) == null ? void 0 : _sla$deliveryWindow.startDateUtc) !== startDate || (sla == null ? void 0 : (_sla$deliveryWindow2 = sla.deliveryWindow) == null ? void 0 : _sla$deliveryWindow2.endDateUtc) !== endDate) && ((_sla$availableDeliver = sla.availableDeliveryWindows) == null ? void 0 : _sla$availableDeliver.some(window => (window == null ? void 0 : window.startDateUtc) === startDate && (window == null ? void 0 : window.endDateUtc) === endDate));
+    });
+  });
 };
 
 const getAddressOrderForm = (orderForm, session, addressChanged) => {