@faststore/api 2.2.0-alpha.1 → 2.2.0-alpha.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/api.esm.js CHANGED
@@ -2,6 +2,7 @@ import { makeExecutableSchema } from '@graphql-tools/schema';
2
2
  import fetch from 'isomorphic-unfetch';
3
3
  import DataLoader from 'dataloader';
4
4
  import pLimit from 'p-limit';
5
+ import sanitizeHtmlLib from 'sanitize-html';
5
6
  import deepEquals from 'fast-deep-equal';
6
7
  import crypto from 'crypto';
7
8
  import { GraphQLScalarType, print, Kind as Kind$1 } from 'graphql';
@@ -18,7 +19,7 @@ import { trace, context, SpanKind } from '@opentelemetry/api';
18
19
  import { SeverityNumber } from '@opentelemetry/api-logs';
19
20
 
20
21
  var name = "@faststore/api";
21
- var version = "2.2.0-alpha.0";
22
+ var version = "2.2.0-alpha.10";
22
23
  var license = "MIT";
23
24
  var main = "dist/index.js";
24
25
  var typings = "dist/index.d.ts";
@@ -50,15 +51,17 @@ var dependencies = {
50
51
  dataloader: "^2.1.0",
51
52
  "fast-deep-equal": "^3.1.3",
52
53
  "isomorphic-unfetch": "^3.1.0",
53
- "p-limit": "^3.1.0"
54
+ "p-limit": "^3.1.0",
55
+ "sanitize-html": "^2.11.0"
54
56
  };
55
57
  var devDependencies = {
56
58
  "@envelop/core": "^2.6.0",
57
- "@faststore/eslint-config": "^2.2.0-alpha.0",
58
- "@faststore/shared": "^2.2.0-alpha.0",
59
+ "@faststore/eslint-config": "^2.2.0-alpha.10",
60
+ "@faststore/shared": "^2.2.0-alpha.10",
59
61
  "@graphql-codegen/cli": "2.2.0",
60
62
  "@graphql-codegen/typescript": "2.2.2",
61
63
  "@types/express": "^4.17.16",
64
+ "@types/sanitize-html": "^2.9.1",
62
65
  concurrently: "^6.2.1",
63
66
  eslint: "7.32.0",
64
67
  express: "^4.17.3",
@@ -201,7 +204,14 @@ const VtexCommerce = ({
201
204
  refreshOutdatedData: refreshOutdatedData.toString(),
202
205
  sc: salesChannel
203
206
  });
204
- return fetchAPI(`${base}/api/checkout/pub/orderForm/${id}?${params.toString()}`, BASE_INIT);
207
+ const requestInit = ctx.headers ? {
208
+ ...BASE_INIT,
209
+ headers: {
210
+ 'content-type': 'application/json',
211
+ cookie: ctx.headers.cookie
212
+ }
213
+ } : BASE_INIT;
214
+ return fetchAPI(`${base}/api/checkout/pub/orderForm/${id}?${params.toString()}`, requestInit);
205
215
  },
206
216
  updateOrderFormItems: ({
207
217
  id,
@@ -214,14 +224,25 @@ const VtexCommerce = ({
214
224
  allowOutdatedData,
215
225
  sc: salesChannel
216
226
  });
217
- return fetchAPI(`${base}/api/checkout/pub/orderForm/${id}/items?${params}`, {
218
- ...BASE_INIT,
219
- body: JSON.stringify({
220
- orderItems,
221
- noSplitItem: !shouldSplitItem
222
- }),
223
- method: 'PATCH'
227
+ const items = JSON.stringify({
228
+ orderItems,
229
+ noSplitItem: !shouldSplitItem
224
230
  });
231
+ const requestInit = ctx.headers ? {
232
+ headers: {
233
+ 'content-type': 'application/json',
234
+ cookie: ctx.headers.cookie
235
+ },
236
+ body: items,
237
+ method: 'PATCH'
238
+ } : {
239
+ headers: {
240
+ 'content-type': 'application/json'
241
+ },
242
+ body: items,
243
+ method: 'PATCH'
244
+ };
245
+ return fetchAPI(`${base}/api/checkout/pub/orderForm/${id}/items?${params}`, requestInit);
225
246
  },
226
247
  setCustomData: ({
227
248
  id,
@@ -493,9 +514,32 @@ const getSimulationLoader = (_, clients) => {
493
514
  });
494
515
  };
495
516
 
517
+ /**
518
+ * For now, we're using sanitize-html's default set
519
+ * of allowed tags and attributes, which don't even include img elements
520
+ *
521
+ * It is known many client depends on pontentially vulnerable tags, such as script tags
522
+ * We chose to be restrictive at first, and document those restrictions later.
523
+ *
524
+ * When expanding the set of allowed tags and attributes, please consider performance, privacy and security.
525
+ *
526
+ * This possibily breaks compatibility with Portal and Store Framework,
527
+ * which both allows an enormous amount of tags and attributes
528
+ *
529
+ * This was a thoughtful decision that can be reviewed in the future given
530
+ * research was made to back up those changes.
531
+ */
532
+ const sanitizeHtml = (dirty, options) => sanitizeHtmlLib(dirty, options);
533
+
534
+ function sanitizeProduct(product) {
535
+ return {
536
+ ...product,
537
+ description: product.description ? sanitizeHtml(product.description) : product.description
538
+ };
539
+ }
496
540
  const enhanceSku = (item, product) => ({
497
541
  ...item,
498
- isVariantOf: product
542
+ isVariantOf: sanitizeProduct(product)
499
543
  });
500
544
 
501
545
  class FastStoreError extends Error {
@@ -998,55 +1042,31 @@ function getPropertyId(item) {
998
1042
  }
999
1043
 
1000
1044
  const shouldUpdateShippingData = (orderForm, session) => {
1001
- var _orderForm$shippingDa;
1045
+ var _orderForm$shippingDa, _orderForm$shippingDa2;
1002
1046
  if (!hasSessionPostalCodeOrGeoCoordinates(session)) {
1003
1047
  return {
1004
1048
  updateShipping: false,
1005
1049
  addressChanged: false
1006
1050
  };
1007
1051
  }
1008
- const selectedAddress = (_orderForm$shippingDa = orderForm.shippingData) == null ? void 0 : _orderForm$shippingDa.selectedAddresses[0];
1009
- if (checkPostalCode(selectedAddress, session.postalCode)) {
1010
- return {
1011
- updateShipping: true,
1012
- addressChanged: true
1013
- };
1014
- }
1015
- if (checkGeoCoordinates(selectedAddress, session.geoCoordinates, session.postalCode)) {
1052
+ if (!hasItems(orderForm)) {
1016
1053
  return {
1017
- updateShipping: true,
1018
- addressChanged: true
1054
+ updateShipping: false,
1055
+ addressChanged: false
1019
1056
  };
1020
1057
  }
1021
- if (checkAddressType(selectedAddress, session.addressType)) {
1058
+ const [selectedAddress] = (_orderForm$shippingDa = orderForm == null ? void 0 : (_orderForm$shippingDa2 = orderForm.shippingData) == null ? void 0 : _orderForm$shippingDa2.selectedAddresses) != null ? _orderForm$shippingDa : [];
1059
+ if (checkPostalCode(selectedAddress, session.postalCode) || checkGeoCoordinates(selectedAddress, session.geoCoordinates) || checkAddressType(selectedAddress, session.addressType)) {
1022
1060
  return {
1023
1061
  updateShipping: true,
1024
1062
  addressChanged: true
1025
1063
  };
1026
1064
  }
1027
- if (!hasItems(orderForm)) {
1028
- return {
1029
- updateShipping: false,
1030
- addressChanged: false
1031
- };
1032
- }
1033
1065
  // The logisticsInfo will always exist if there´s at least one item inside the cart
1034
1066
  const {
1035
1067
  logisticsInfo
1036
1068
  } = orderForm.shippingData;
1037
- if (shouldUpdateDeliveryChannel(logisticsInfo, session)) {
1038
- return {
1039
- updateShipping: true,
1040
- addressChanged: false
1041
- };
1042
- }
1043
- if (shouldUpdateDeliveryMethod(logisticsInfo, session)) {
1044
- return {
1045
- updateShipping: true,
1046
- addressChanged: false
1047
- };
1048
- }
1049
- if (shouldUpdateDeliveryWindow(logisticsInfo, session)) {
1069
+ if (shouldUpdateDeliveryInfo(logisticsInfo, session)) {
1050
1070
  return {
1051
1071
  updateShipping: true,
1052
1072
  addressChanged: false
@@ -1059,15 +1079,16 @@ const shouldUpdateShippingData = (orderForm, session) => {
1059
1079
  };
1060
1080
  // Validate if theres any postal Code or GeoCoordinates set at the session
1061
1081
  const hasSessionPostalCodeOrGeoCoordinates = session => {
1062
- return !!session.postalCode || session.geoCoordinates && session.geoCoordinates.latitude && session.geoCoordinates.longitude;
1082
+ var _session$geoCoordinat, _session$geoCoordinat2;
1083
+ return !!session.postalCode || ((_session$geoCoordinat = session.geoCoordinates) == null ? void 0 : _session$geoCoordinat.latitude) && ((_session$geoCoordinat2 = session.geoCoordinates) == null ? void 0 : _session$geoCoordinat2.longitude);
1063
1084
  };
1064
1085
  // Validate if theres a difference between the session postal code and orderForm postal code
1065
1086
  const checkPostalCode = (address, postalCode) => {
1066
1087
  return typeof postalCode === 'string' && (address == null ? void 0 : address.postalCode) !== postalCode;
1067
1088
  };
1068
1089
  // Validate if theres a difference between the session geoCoords and orderForm geoCoords
1069
- const checkGeoCoordinates = (address, geoCoordinates, postalCode) => {
1070
- return typeof (geoCoordinates == null ? void 0 : geoCoordinates.latitude) === 'number' && typeof (geoCoordinates == null ? void 0 : geoCoordinates.longitude) === 'number' && ((address == null ? void 0 : address.geoCoordinates[0]) !== (geoCoordinates == null ? void 0 : geoCoordinates.longitude) || (address == null ? void 0 : address.geoCoordinates[1]) !== (geoCoordinates == null ? void 0 : geoCoordinates.latitude)) && (address == null ? void 0 : address.postalCode) !== postalCode;
1090
+ const checkGeoCoordinates = (address, geoCoordinates) => {
1091
+ return typeof (geoCoordinates == null ? void 0 : geoCoordinates.latitude) === 'number' && typeof (geoCoordinates == null ? void 0 : geoCoordinates.longitude) === 'number' && ((address == null ? void 0 : address.geoCoordinates[0]) !== (geoCoordinates == null ? void 0 : geoCoordinates.longitude) || (address == null ? void 0 : address.geoCoordinates[1]) !== (geoCoordinates == null ? void 0 : geoCoordinates.latitude));
1071
1092
  };
1072
1093
  const checkAddressType = (address, addressType) => {
1073
1094
  return typeof addressType === 'string' && (address == null ? void 0 : address.addressType) !== addressType;
@@ -1076,67 +1097,29 @@ const checkAddressType = (address, addressType) => {
1076
1097
  const hasItems = orderForm => {
1077
1098
  return orderForm.items.length !== 0;
1078
1099
  };
1079
- // Validate if the deliveryChannel from the session is different from the selected delivery channel
1080
- // and if so needs to validate if the deliveryChannel for the session is available inside the slas for the item
1081
- const shouldUpdateDeliveryChannel = (logisticsInfo, session) => {
1082
- var _session$deliveryMode;
1083
- if (!(session != null && (_session$deliveryMode = session.deliveryMode) != null && _session$deliveryMode.deliveryChannel)) {
1084
- return false;
1085
- }
1086
- const {
1087
- deliveryChannel
1088
- } = session.deliveryMode;
1089
- for (const item of logisticsInfo) {
1090
- if (item.selectedDeliveryChannel !== deliveryChannel) {
1091
- const matchingSla = item.slas.find(sla => sla.deliveryChannel === deliveryChannel);
1092
- if (matchingSla) {
1093
- return true;
1094
- }
1095
- }
1096
- }
1097
- return false;
1098
- };
1099
- // Validate if the deliveryMethod from the session is different from the selectedSLA
1100
- // and if so needs to validate if the deliveryMethod for the session is available inside the slas for the item
1101
- const shouldUpdateDeliveryMethod = (logisticsInfo, session) => {
1102
- var _session$deliveryMode2;
1103
- if (!(session != null && (_session$deliveryMode2 = session.deliveryMode) != null && _session$deliveryMode2.deliveryMethod)) {
1104
- return false;
1105
- }
1106
- const {
1107
- deliveryMethod
1108
- } = session.deliveryMode;
1109
- for (const item of logisticsInfo) {
1110
- if (item.selectedSla !== deliveryMethod) {
1111
- const matchingSla = item.slas.find(sla => sla.id === deliveryMethod);
1112
- if (matchingSla) {
1113
- return true;
1114
- }
1115
- }
1116
- }
1117
- return false;
1118
- };
1119
- // Validate if the deliveryWindow from the session is different from the deliveryWindow of the SLA
1120
- // and if so needs to validate if the deliveryWindow for the session is available inside the availableDeliveryWindows for the item
1121
- const shouldUpdateDeliveryWindow = (logisticsInfo, session) => {
1122
- var _session$deliveryMode3, _session$deliveryMode4, _session$deliveryMode5, _session$deliveryMode6;
1123
- if (!(session != null && (_session$deliveryMode3 = session.deliveryMode) != null && (_session$deliveryMode4 = _session$deliveryMode3.deliveryWindow) != null && _session$deliveryMode4.startDate) || !(session != null && (_session$deliveryMode5 = session.deliveryMode) != null && (_session$deliveryMode6 = _session$deliveryMode5.deliveryWindow) != null && _session$deliveryMode6.endDate)) {
1124
- return false;
1125
- }
1100
+ const shouldUpdateDeliveryInfo = (logisticsInfo, session) => {
1101
+ var _session$deliveryMode, _session$deliveryMode2, _session$deliveryMode3;
1102
+ const deliveryChannel = session == null ? void 0 : (_session$deliveryMode = session.deliveryMode) == null ? void 0 : _session$deliveryMode.deliveryChannel;
1103
+ const deliveryMethod = session == null ? void 0 : (_session$deliveryMode2 = session.deliveryMode) == null ? void 0 : _session$deliveryMode2.deliveryMethod;
1126
1104
  const {
1127
1105
  startDate,
1128
1106
  endDate
1129
- } = session.deliveryMode.deliveryWindow;
1130
- for (const item of logisticsInfo) {
1131
- for (const sla of item.slas) {
1132
- var _sla$availableDeliver;
1133
- const matchingWindow = (_sla$availableDeliver = sla.availableDeliveryWindows) == null ? void 0 : _sla$availableDeliver.some(window => window.startDateUtc === startDate && window.endDateUtc === endDate);
1134
- if (matchingWindow) {
1107
+ } = (session == null ? void 0 : (_session$deliveryMode3 = session.deliveryMode) == null ? void 0 : _session$deliveryMode3.deliveryWindow) || {};
1108
+ return logisticsInfo.some(({
1109
+ selectedDeliveryChannel,
1110
+ selectedSla,
1111
+ slas
1112
+ }) => {
1113
+ const checkDeliveryChannel = deliveryChannel && selectedDeliveryChannel !== deliveryChannel;
1114
+ const checkDeliveryMethod = deliveryMethod && selectedSla !== deliveryMethod;
1115
+ return slas == null ? void 0 : slas.some(sla => {
1116
+ var _sla$deliveryWindow, _sla$deliveryWindow2, _sla$availableDeliver;
1117
+ if (checkDeliveryChannel && sla.deliveryChannel === deliveryChannel || checkDeliveryMethod && sla.id === deliveryMethod) {
1135
1118
  return true;
1136
1119
  }
1137
- }
1138
- }
1139
- return false;
1120
+ return startDate && endDate && sla.deliveryChannel === deliveryChannel && sla.id === deliveryMethod && (!(sla != null && sla.deliveryWindow) || (sla == null ? void 0 : (_sla$deliveryWindow = sla.deliveryWindow) == null ? void 0 : _sla$deliveryWindow.startDateUtc) !== startDate || (sla == null ? void 0 : (_sla$deliveryWindow2 = sla.deliveryWindow) == null ? void 0 : _sla$deliveryWindow2.endDateUtc) !== endDate) && ((_sla$availableDeliver = sla.availableDeliveryWindows) == null ? void 0 : _sla$availableDeliver.some(window => (window == null ? void 0 : window.startDateUtc) === startDate && (window == null ? void 0 : window.endDateUtc) === endDate));
1121
+ });
1122
+ });
1140
1123
  };
1141
1124
 
1142
1125
  const getAddressOrderForm = (orderForm, session, addressChanged) => {