@faststore/api 3.89.4 → 3.91.0

package/src/platforms/vtex/clients/commerce/index.ts

@@ -426,7 +426,7 @@ export const VtexCommerce = (
 
       params.set(
         'items',
-        'profile.id,profile.email,profile.firstName,profile.lastName,shopper.firstName,shopper.lastName,store.channel,store.countryCode,store.cultureInfo,store.currencyCode,store.currencySymbol,authentication.customerId,authentication.storeUserId,authentication.storeUserEmail,authentication.unitId,authentication.unitName,checkout.regionId,public.postalCode'
+        'profile.id,profile.email,profile.firstName,profile.lastName,shopper.firstName,shopper.lastName,shopper.organizationManager,store.channel,store.countryCode,store.cultureInfo,store.currencyCode,store.currencySymbol,authentication.customerId,authentication.storeUserId,authentication.storeUserEmail,authentication.unitId,authentication.unitName,checkout.regionId,public.postalCode'
       )
 
       const headers: HeadersInit = withCookie({

package/src/platforms/vtex/clients/commerce/types/Session.ts

@@ -42,6 +42,7 @@ export interface Profile {
 export interface Shopper {
   firstName?: Value
   lastName?: Value
+  organizationManager?: { value: boolean }
 }
 
 export interface Checkout {

package/src/platforms/vtex/resolvers/query.ts

@@ -424,14 +424,15 @@ export const Query = {
     { orderId }: QueryUserOrderArgs,
     ctx: Context
   ) => {
-    const {
-      clients: { commerce },
-    } = ctx
-    if (!orderId) {
-      throw new BadRequestError('Missing orderId')
-    }
-
     try {
+      if (!orderId) {
+        throw new BadRequestError('Missing orderId')
+      }
+
+      const {
+        clients: { commerce },
+      } = ctx
+
       const order = await commerce.oms.userOrder({ orderId })
 
       if (!order) {
@@ -530,6 +531,7 @@ export const Query = {
     } = ctx
 
     const orders = await commerce.oms.listUserOrders(filters)
+
     return {
       list: orders.list?.map((order: UserOrderFromList) => ({
         orderId: order.orderId,
@@ -546,23 +548,11 @@ export const Query = {
       paging: orders.paging,
     }
   },
-  validateUser: async (_: unknown, __: unknown, ctx: Context) => {
-    const {
-      clients: { commerce },
-    } = ctx
-
-    // This resolver is used to validate if the user is logged in
-    // and has access to the account area.
-    // If the user is not logged in, it will throw an error.
-    // If the user is logged in, it will return true.
-    try {
-      const response = await commerce.vtexid.validate()
-
-      return {
-        isValid: response.authStatus === 'Success',
-      }
-    } catch (error) {
-      throw new ForbiddenError('You are not allowed to access this resource')
+  validateUser: async (_: unknown, __: unknown, _ctx: Context) => {
+    // Authentication is now handled by @auth directive
+    // If we reach here, validation was successful, otherwise an error would have been thrown
+    return {
+      isValid: true,
     }
   },
   // only b2b users
@@ -571,7 +561,6 @@ export const Query = {
       clients: { commerce },
     } = ctx
 
-    // const params = new URLSearchParams()
     const sessionData = await commerce.session('').catch(() => null)
 
     const shopper = sessionData?.namespaces.shopper ?? null

package/src/platforms/vtex/resolvers/validateSession.ts

@@ -97,9 +97,22 @@ export const validateSession = async (
 
   const jwt = parseJwt(getAuthCookie(headers?.cookie ?? '', account))
 
-  const isRepresentative = jwt?.isRepresentative
-  const customerId = jwt?.customerId
-  const unitId = jwt?.unitId
+  // Validate JWT token if it exists
+  let isValidJwt = false
+  if (jwt) {
+    try {
+      const vtexIdResponse = await clients.commerce.vtexid.validate()
+      isValidJwt = vtexIdResponse?.authStatus?.toLowerCase() === 'success'
+    } catch (error) {
+      console.warn('JWT validation failed:', error)
+      isValidJwt = false
+    }
+  }
+
+  // Only use JWT data if the token is valid
+  const isRepresentative = isValidJwt ? jwt?.isRepresentative : false
+  const customerId = isValidJwt ? jwt?.customerId : undefined
+  const unitId = isValidJwt ? jwt?.unitId : undefined
 
   const sessionData = await clients.commerce
     .session(params.toString())
@@ -164,13 +177,20 @@ export const validateSession = async (
           customerId: authentication?.customerId?.value ?? customerId ?? '',
           unitName: authentication?.unitName?.value ?? '',
           unitId: authentication?.unitId?.value ?? unitId ?? '',
-          firstName: shopper?.firstName?.value ?? '',
-          lastName: shopper?.lastName?.value ?? '',
+          firstName:
+            typeof shopper?.firstName?.value === 'string'
+              ? shopper.firstName.value
+              : '',
+          lastName:
+            typeof shopper?.lastName?.value === 'string'
+              ? shopper.lastName.value
+              : '',
           userName:
-            `${shopper?.firstName?.value ?? ''} ${shopper?.lastName?.value ?? ''}`.trim(),
+            `${typeof shopper?.firstName?.value === 'string' ? shopper.firstName.value : ''} ${typeof shopper?.lastName?.value === 'string' ? shopper.lastName.value : ''}`.trim(),
           userEmail: authentication?.storeUserEmail.value ?? '',
           savedPostalCode: publicData?.postalCode?.value ?? '',
           contractName: contract?.corporateName ?? '',
+          organizationManager: shopper?.organizationManager?.value ?? false,
         }
       : null,
     marketingData,

package/src/platforms/vtex/utils/auth.ts

@@ -1,4 +1,5 @@
-import { ForbiddenError } from '../../..'
+import { ForbiddenError, UnauthorizedError } from '../../..'
+import type { Context } from '../index'
 
 /**
  * Creates a function that adds VTEX API AppKey and AppToken headers to requests.
@@ -25,3 +26,36 @@ export const getWithAppKeyAndToken = () => {
     }
   }
 }
+
+/**
+ * Utility function to validate user authentication
+ * Centralized validation logic for all account-related resolvers
+ */
+export const validateUserAuthentication = async (
+  ctx: Context
+): Promise<void> => {
+  const {
+    clients: { commerce },
+  } = ctx
+
+  try {
+    const validation = await commerce.vtexid.validate()
+
+    if (validation?.authStatus?.toLowerCase() !== 'success') {
+      throw new UnauthorizedError('Authentication required')
+    }
+  } catch (error) {
+    const status = (error as any).extensions?.status ?? (error as any).status
+
+    if (status === 401) {
+      throw new UnauthorizedError('Authentication required')
+    }
+
+    if (status === 403) {
+      throw new ForbiddenError('You are not allowed to access this resource')
+    }
+
+    // For any other error, throw UnauthorizedError as it likely needs token refresh
+    throw new UnauthorizedError('Authentication required')
+  }
+}

package/src/platforms/vtex/utils/cookies.ts

@@ -6,6 +6,42 @@ export interface ContextForCookies {
   storage: Pick<Context['storage'], 'cookies'>
 }
 
+/**
+ * Normalizes cookie string by removing duplicates and keeping the last value for each key
+ * Example: "key1=value1; key2=value2; key1=value3" -> "key2=value2; key1=value3"
+ */
+const normalizeCookies = (cookieString: string): string => {
+  if (!cookieString) {
+    return cookieString
+  }
+
+  const cookieMap = new Map<string, string>()
+  const cookies = cookieString.split(';')
+  const processedKeys: string[] = []
+
+  // Process cookies to build map with last values and track order
+  cookies.forEach((cookie) => {
+    const trimmedCookie = cookie.trim()
+    if (trimmedCookie) {
+      const equalIndex = trimmedCookie.indexOf('=')
+      if (equalIndex > 0) {
+        const key = trimmedCookie.substring(0, equalIndex)
+        const value = trimmedCookie.substring(equalIndex + 1)
+
+        // If this is the first time we see this key, record its position
+        if (!cookieMap.has(key)) {
+          processedKeys.push(key)
+        }
+
+        cookieMap.set(key, value)
+      }
+    }
+  })
+
+  // Rebuild cookie string maintaining the order of first appearance
+  return processedKeys.map((key) => `${key}=${cookieMap.get(key)}`).join('; ')
+}
+
 const MATCH_FIRST_SET_COOKIE_KEY_VALUE = /^([^=]+)=([^;]*)/
 
 /**
@@ -64,10 +100,12 @@ export const getUpdatedCookie = (ctx: ContextForCookies) => {
     return null
   }
 
+  // Normalize cookies to handle duplicates (keep last value)
+  const normalizedCookie = normalizeCookies(ctx.headers.cookie)
   const contextStorageCookies = Array.from(ctx.storage.cookies.entries())
 
   if (contextStorageCookies.length === 0) {
-    return ctx.headers.cookie
+    return normalizedCookie
   }
 
   return contextStorageCookies.reduce(
@@ -77,7 +115,7 @@ export const getUpdatedCookie = (ctx: ContextForCookies) => {
         storageCookieKey,
         storageCookieValue
       ),
-    ctx.headers.cookie
+    normalizedCookie
   )
 }
 
@@ -98,7 +136,8 @@ export const getWithCookie = (ctx: ContextForCookies) =>
   }
 
 export const getAuthCookie = (cookies: string, account: string) => {
-  const parsedCookies = parse(cookies)
+  const normalizedCookies = normalizeCookies(cookies)
+  const parsedCookies = parse(normalizedCookies)
   const authCookie = parsedCookies[`VtexIdclientAutCookie_${account}`]
   return authCookie || ''
 }

package/src/typeDefs/query.graphql

@@ -216,7 +216,7 @@ type Query {
     """
     locator: [IStoreSelectedFacet!]!
   ): StoreProduct!
-    @cacheControl(scope: "public", sMaxAge: 120, staleWhileRevalidate: 3600)
+    @cacheControl(scope: "public", sMaxAge: 300, staleWhileRevalidate: 3600)
 
   """
   Returns the details of a collection based on the collection slug.
@@ -227,7 +227,7 @@ type Query {
     """
     slug: String!
   ): StoreCollection!
-    @cacheControl(scope: "public", sMaxAge: 120, staleWhileRevalidate: 3600)
+    @cacheControl(scope: "public", sMaxAge: 300, staleWhileRevalidate: 3600)
 
   """
   Returns the result of a product, facet, or suggestion search.
@@ -258,7 +258,7 @@ type Query {
     """
     sponsoredCount: Int
   ): StoreSearchResult!
-    @cacheControl(scope: "public", sMaxAge: 120, staleWhileRevalidate: 3600)
+    @cacheControl(scope: "public", sMaxAge: 300, staleWhileRevalidate: 3600)
 
   """
   Returns information about all products.
@@ -273,13 +273,13 @@ type Query {
     """
     after: String
   ): StoreProductConnection!
-    @cacheControl(scope: "public", sMaxAge: 120, staleWhileRevalidate: 3600)
+    @cacheControl(scope: "public", sMaxAge: 300, staleWhileRevalidate: 3600)
 
   """
   Returns information about selected products.
   """
   products(productIds: [String!]!): [StoreProduct!]!
-    @cacheControl(scope: "public", sMaxAge: 120, staleWhileRevalidate: 3600)
+    @cacheControl(scope: "public", sMaxAge: 300, staleWhileRevalidate: 3600)
 
   """
   Returns information about all collections.
@@ -294,7 +294,7 @@ type Query {
     """
     after: String
   ): StoreCollectionConnection!
-    @cacheControl(scope: "public", sMaxAge: 120, staleWhileRevalidate: 3600)
+    @cacheControl(scope: "public", sMaxAge: 300, staleWhileRevalidate: 3600)
 
   """
   Returns information about shipping simulation.
@@ -313,7 +313,7 @@ type Query {
     """
     country: String!
   ): ShippingData
-    @cacheControl(scope: "public", sMaxAge: 120, staleWhileRevalidate: 3600)
+    @cacheControl(scope: "public", sMaxAge: 300, staleWhileRevalidate: 3600)
 
   """
   Returns if there's a redirect for a search.
@@ -350,7 +350,7 @@ type Query {
     """
     salesChannel: String
   ): SellersData
-    @cacheControl(scope: "public", sMaxAge: 120, staleWhileRevalidate: 3600)
+    @cacheControl(scope: "public", sMaxAge: 300, staleWhileRevalidate: 3600)
 
   """
   Returns information about the profile.
@@ -361,7 +361,7 @@ type Query {
     """
     id: String!
   ): Profile
-    @cacheControl(scope: "public", sMaxAge: 120, staleWhileRevalidate: 3600)
+    @cacheControl(scope: "public", sMaxAge: 300, staleWhileRevalidate: 3600)
 
   """
   Returns the total product count information based on a specific location accessible through the VTEX segment cookie.
@@ -372,7 +372,7 @@ type Query {
     """
     term: String
   ): ProductCountResult
-    @cacheControl(scope: "public", sMaxAge: 120, staleWhileRevalidate: 3600)
+    @cacheControl(scope: "public", sMaxAge: 300, staleWhileRevalidate: 3600)
 
   """
   Returns information about the Details of an User Order.
@@ -383,7 +383,8 @@ type Query {
     """
     orderId: String!
   ): UserOrderResult
-    @cacheControl(scope: "public", sMaxAge: 120, staleWhileRevalidate: 3600)
+    @auth
+    @cacheControl(scope: "private", sMaxAge: 300, staleWhileRevalidate: 3600)
 
   """
   Returns information about the list of Orders that the User can view.
@@ -418,25 +419,29 @@ type Query {
     """
     clientEmail: String
   ): UserOrderListMinimalResult
-    @cacheControl(scope: "public", sMaxAge: 120, staleWhileRevalidate: 3600)
+    @auth
+    @cacheControl(scope: "private", sMaxAge: 300, staleWhileRevalidate: 3600)
 
   """
   Returns information about the current user details.
   """
   userDetails: StoreUserDetails!
-    @cacheControl(scope: "public", sMaxAge: 120, staleWhileRevalidate: 3600)
+    @auth
+    @cacheControl(scope: "private", sMaxAge: 300, staleWhileRevalidate: 3600)
 
   """
   Returns the account profile information for the current authenticated user (b2b or b2c user).
   """
   accountProfile: StoreAccountProfile!
-    @cacheControl(scope: "public", sMaxAge: 120, staleWhileRevalidate: 3600)
+    @auth
+    @cacheControl(scope: "private", sMaxAge: 300, staleWhileRevalidate: 3600)
 
   """
   Returns information about the user validation.
   """
   validateUser: ValidateUserData
-    @cacheControl(scope: "public", sMaxAge: 120, staleWhileRevalidate: 3600)
+    @auth
+    @cacheControl(scope: "private", sMaxAge: 300, staleWhileRevalidate: 3600)
 
   """
   Returns a list of pickup points near to the given geo coordinates.
@@ -447,7 +452,7 @@ type Query {
     """
     geoCoordinates: IStoreGeoCoordinates
   ): PickupPoints
-    @cacheControl(scope: "public", sMaxAge: 120, staleWhileRevalidate: 3600)
+    @cacheControl(scope: "public", sMaxAge: 300, staleWhileRevalidate: 3600)
 }
 
 type ValidateUserData {

package/src/typeDefs/session.graphql

@@ -199,6 +199,7 @@ type StoreB2B {
   userEmail: String
   savedPostalCode: String
   contractName: String
+  organizationManager: Boolean
 }
 
 input IStoreB2B {
@@ -212,6 +213,7 @@ input IStoreB2B {
   userEmail: String
   savedPostalCode: String
   contractName: String
+  organizationManager: Boolean
 }
 
 """