@faststore/core 3.57.0 → 3.58.0

package/.turbo/turbo-build.log

@@ -1,23 +1,23 @@
 
-> @faststore/core@3.56.3 prebuild /home/runner/work/faststore/faststore/packages/core
+> @faststore/core@3.57.0 prebuild /home/runner/work/faststore/faststore/packages/core
 > na run partytown && na run generate
 
 
-> @faststore/core@3.56.3 partytown /home/runner/work/faststore/faststore/packages/core
+> @faststore/core@3.57.0 partytown /home/runner/work/faststore/faststore/packages/core
 > partytown copylib ./public/~partytown
 
 Partytown lib copied to: /home/runner/work/faststore/faststore/packages/core/public/~partytown
 
-> @faststore/core@3.56.3 generate /home/runner/work/faststore/faststore/packages/core
+> @faststore/core@3.57.0 generate /home/runner/work/faststore/faststore/packages/core
 > na run generate:schema && na run generate:codegen && na run format:generated
 
 
-> @faststore/core@3.56.3 generate:schema /home/runner/work/faststore/faststore/packages/core
+> @faststore/core@3.57.0 generate:schema /home/runner/work/faststore/faststore/packages/core
 > tsx src/server/generator/generateGraphQLSchemaFile.ts
 
 Schema GraphQL file generated successfully
 
-> @faststore/core@3.56.3 generate:codegen /home/runner/work/faststore/faststore/packages/core
+> @faststore/core@3.57.0 generate:codegen /home/runner/work/faststore/faststore/packages/core
 > graphql-codegen
 
 [STARTED] Parse Configuration
@@ -37,11 +37,11 @@ Running lifecycle hook "afterStart" scripts...
 [CLI] Loading Documents
 [CLI] Generating output
 
-> @faststore/core@3.56.3 format:generated /home/runner/work/faststore/faststore/packages/core
+> @faststore/core@3.57.0 format:generated /home/runner/work/faststore/faststore/packages/core
 > prettier --write "@generated/**/*.{ts,js,tsx,jsx,json}" --loglevel error
 
 
-> @faststore/core@3.56.3 build /home/runner/work/faststore/faststore/packages/core
+> @faststore/core@3.57.0 build /home/runner/work/faststore/faststore/packages/core
 > next build
 
 ⚠ No build cache found. Please configure build caching for faster rebuilds. Read more: https://nextjs.org/docs/messages/no-cache
@@ -59,8 +59,8 @@ https://nextjs.org/telemetry
    Collecting page data ...
    Generating static pages (0/6) ...
 
   Generating static pages (1/6) 
-Warning: Dynamic Content not found for the page: home. Refer to the Dynamic Content documentation at https://developers.vtex.com/docs/guides/faststore/dynamic-content-overview for mapping the page and the corresponding data-fetching function.
 
   Generating static pages (2/6) 
+Warning: Dynamic Content not found for the page: home. Refer to the Dynamic Content documentation at https://developers.vtex.com/docs/guides/faststore/dynamic-content-overview for mapping the page and the corresponding data-fetching function.
 
   Generating static pages (4/6) 
 
 ✓ Generating static pages (6/6) 
    Finalizing page optimization ...
@@ -101,7 +101,7 @@ Route (pages)                              Size     First Load JS
   ├ chunks/framework-807b0f81cbc129f0.js   45.4 kB
   ├ chunks/main-f658704b53a96ab1.js        33.1 kB
   ├ chunks/pages/_app-eb6edb0ba4b4be67.js  16.3 kB
-  ├ chunks/webpack-39ca6907398b1ba6.js     3.7 kB
+  ├ chunks/webpack-442c329509c9052f.js     3.7 kB
   └ css/0a57ee6c7a57788c.css               3.49 kB
 
 λ  (Server)  server-side renders at runtime (uses getInitialProps or getServerSideProps)

package/.turbo/turbo-test.log

@@ -1,15 +1,15 @@
 
-> @faststore/core@3.56.3 test /home/runner/work/faststore/faststore/packages/core
+> @faststore/core@3.57.0 test /home/runner/work/faststore/faststore/packages/core
 > jest
 
-PASS test/server/cms/global.test.ts (24.316 s)
-PASS test/utils/multipleTemplates.test.ts (25.061 s)
+PASS test/server/cms/global.test.ts (24.83 s)
+PASS test/utils/multipleTemplates.test.ts (24.884 s)
 PASS test/server/cms/index.test.ts
-PASS test/server/index.test.ts (29.248 s)
+PASS test/server/index.test.ts (30.148 s)
 A worker process has failed to exit gracefully and has been force exited. This is likely caused by tests leaking due to improper teardown. Try running with --detectOpenHandles to find leaks. Active timers can also cause this, ensure that .unref() was called on them.
 
 Test Suites: 4 passed, 4 total
 Tests:       22 passed, 22 total
 Snapshots:   0 total
-Time:        30.556 s
+Time:        31.704 s
 Ran all test suites.

package/@generated/gql.ts

@@ -56,6 +56,8 @@ const documents = {
     types.ServerUserDetailsQueryDocument,
   '\n  mutation CancelOrderMutation($data: IUserOrderCancel!) {\n    cancelOrder(data: $data) {\n      data\n    }\n  }\n':
     types.CancelOrderMutationDocument,
+  '\n  query ValidateUser {\n    validateUser {\n      isValid\n    }\n  }\n':
+    types.ValidateUserDocument,
   '\n  mutation ValidateCartMutation($cart: IStoreCart!, $session: IStoreSession!) {\n    validateCart(cart: $cart, session: $session) {\n      order {\n        orderNumber\n        acceptedOffer {\n          ...CartItem\n        }\n        shouldSplitItem\n      }\n      messages {\n        ...CartMessage\n      }\n    }\n  }\n\n  fragment CartMessage on StoreCartMessage {\n    text\n    status\n  }\n\n  fragment CartItem on StoreOffer {\n    seller {\n      identifier\n    }\n    quantity\n    price\n    priceWithTaxes\n    listPrice\n    listPriceWithTaxes\n    itemOffered {\n      ...CartProductItem\n    }\n  }\n\n  fragment CartProductItem on StoreProduct {\n    sku\n    name\n    unitMultiplier\n    image {\n      url\n      alternateName\n    }\n    brand {\n      name\n    }\n    isVariantOf {\n      productGroupID\n      name\n      skuVariants {\n        activeVariations\n        slugsMap\n        availableVariations\n      }\n    }\n    gtin\n    additionalProperty {\n      propertyID\n      name\n      value\n      valueReference\n    }\n  }\n':
     types.ValidateCartMutationDocument,
   '\n  mutation SubscribeToNewsletter($data: IPersonNewsletter!) {\n    subscribeToNewsletter(data: $data) {\n      id\n    }\n  }\n':
@@ -216,6 +218,12 @@ export function gql(
 export function gql(
   source: '\n  mutation CancelOrderMutation($data: IUserOrderCancel!) {\n    cancelOrder(data: $data) {\n      data\n    }\n  }\n'
 ): typeof import('./graphql').CancelOrderMutationDocument
+/**
+ * The gql function is used to parse GraphQL queries into a document that can be used by GraphQL clients.
+ */
+export function gql(
+  source: '\n  query ValidateUser {\n    validateUser {\n      isValid\n    }\n  }\n'
+): typeof import('./graphql').ValidateUserDocument
 /**
  * The gql function is used to parse GraphQL queries into a document that can be used by GraphQL clients.
  */

package/@generated/graphql.ts

@@ -561,6 +561,8 @@ export type Query = {
   shipping: Maybe<ShippingData>
   /** Returns information about the Details of an User Order. */
   userOrder: Maybe<UserOrderResult>
+  /** Returns information about the user validation. */
+  validateUser: Maybe<ValidateUserData>
 }
 
 export type QueryAllCollectionsArgs = {
@@ -1997,6 +1999,11 @@ export type UserOrderTransactions = {
   transactionId: Maybe<Scalars['String']['output']>
 }
 
+export type ValidateUserData = {
+  /** Indicates if the user is valid. */
+  isValid: Scalars['Boolean']['output']
+}
+
 export type ProductSummary_ProductFragment = {
   slug: string
   sku: string
@@ -2459,6 +2466,10 @@ export type CancelOrderMutationMutation = {
   cancelOrder: { data: string | null } | null
 }
 
+export type ValidateUserQueryVariables = Exact<{ [key: string]: never }>
+
+export type ValidateUserQuery = { validateUser: { isValid: boolean } | null }
+
 export type ValidateCartMutationMutationVariables = Exact<{
   cart: IStoreCart
   session: IStoreSession
@@ -3546,6 +3557,15 @@ export const CancelOrderMutationDocument = {
   CancelOrderMutationMutation,
   CancelOrderMutationMutationVariables
 >
+export const ValidateUserDocument = {
+  __meta__: {
+    operationName: 'ValidateUser',
+    operationHash: '32f99c73c3de958b64d6bece1afe800469f54548',
+  },
+} as unknown as TypedDocumentString<
+  ValidateUserQuery,
+  ValidateUserQueryVariables
+>
 export const ValidateCartMutationDocument = {
   __meta__: {
     operationName: 'ValidateCartMutation',

package/@generated/persisted-documents.json

@@ -8,6 +8,7 @@
   "9f24767f16e6e05c168336701a6c6c7b6b5dc1c6": "query ServerSecurityQuery { accountName }",
   "92d9db34aa133d60d474c6d4cdcdd2fc19041a5e": "query ServerUserDetailsQuery { accountName }",
   "e2b06da6840614d3c72768e56579b9d3b8e80802": "mutation CancelOrderMutation($data: IUserOrderCancel!) { cancelOrder(data: $data) { data } }",
+  "32f99c73c3de958b64d6bece1afe800469f54548": "query ValidateUser { validateUser { isValid } }",
   "c2b3f8bff73ebf6ac79d758c66cabbc21ba9fcc0": "fragment CartItem on StoreOffer { itemOffered { ...CartProductItem } listPrice listPriceWithTaxes price priceWithTaxes quantity seller { identifier } } fragment CartMessage on StoreCartMessage { status text } fragment CartProductItem on StoreProduct { additionalProperty { name propertyID value valueReference } brand { name } gtin image { alternateName url } isVariantOf { name productGroupID skuVariants { activeVariations availableVariations slugsMap } } name sku unitMultiplier } mutation ValidateCartMutation($cart: IStoreCart!, $session: IStoreSession!) { validateCart(cart: $cart, session: $session) { messages { ...CartMessage } order { acceptedOffer { ...CartItem } orderNumber shouldSplitItem } } }",
   "feb7005103a859e2bc8cf2360d568806fd88deba": "mutation SubscribeToNewsletter($data: IPersonNewsletter!) { subscribeToNewsletter(data: $data) { id } }",
   "dc912e7272e3d9f5ced206837df87f544d39d0a5": "query ClientProductCountQuery($term: String) { productCount(term: $term) { total } }",

package/@generated/schema.graphql

@@ -710,6 +710,13 @@ type Query {
   ): UserOrderListMinimalResult @cacheControl(scope: "public", sMaxAge: 120, staleWhileRevalidate: 3600)
   """Returns the account name of the current user or the B2B contract name if applicable."""
   accountName: String @cacheControl(scope: "public", sMaxAge: 120, staleWhileRevalidate: 3600)
+  """Returns information about the user validation."""
+  validateUser: ValidateUserData @cacheControl(scope: "public", sMaxAge: 120, staleWhileRevalidate: 3600)
+}
+
+type ValidateUserData {
+  """Indicates if the user is valid."""
+  isValid: Boolean!
 }
 
 """

package/CHANGELOG.md

@@ -3,6 +3,12 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+# [3.58.0](https://github.com/vtex/faststore/compare/v3.57.0...v3.58.0) (2025-06-20)
+
+### Features
+
+- add user validation query and implement access control in MyAccount ([#2899](https://github.com/vtex/faststore/issues/2899)) ([48978bf](https://github.com/vtex/faststore/commit/48978bf90e486b5eaa38ee230e7d8f9a269fb910))
+
 # [3.57.0](https://github.com/vtex/faststore/compare/v3.56.3...v3.57.0) (2025-06-20)
 
 ### Features

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@faststore/core",
-  "version": "3.57.0",
+  "version": "3.58.0",
   "license": "MIT",
   "repository": "vtex/faststore",
   "browserslist": "supports es6-module and not dead",
@@ -44,7 +44,7 @@
     "@envelop/graphql-jit": "^8.0.3",
     "@envelop/parser-cache": "^6.0.2",
     "@envelop/validation-cache": "^6.0.2",
-    "@faststore/api": "^3.56.3",
+    "@faststore/api": "^3.58.0",
     "@faststore/graphql-utils": "^3.56.1",
     "@faststore/lighthouse": "^3.56.1",
     "@faststore/sdk": "^3.56.1",
@@ -105,5 +105,5 @@
     "ts-jest": "29.1.1",
     "typescript": "5.3.2"
   },
-  "gitHead": "9852b7744c562a56723ee8099ea534b6e5b527aa"
+  "gitHead": "714b4b286130446f08511010d3cb14309ed9a9c7"
 }

package/src/experimental/myAccountSeverSideProps.ts

@@ -14,6 +14,7 @@ import { execute } from 'src/server'
 
 import { injectGlobalSections } from 'src/server/cms/global'
 import { getMyAccountRedirect } from 'src/utils/myAccountRedirect'
+import { validateUser } from 'src/sdk/account/validateUser'
 
 export type MyAccountProps = {
   globalSections: GlobalSectionsData
@@ -31,7 +32,16 @@ export const getServerSideProps: GetServerSideProps<
   Record<string, string>,
   Locator
 > = async (context) => {
-  // TODO validate permissions here
+  const isValid = await validateUser(context)
+
+  if (!isValid) {
+    return {
+      redirect: {
+        destination: '/login',
+        permanent: false,
+      },
+    }
+  }
 
   const { isFaststoreMyAccountEnabled, redirect } = getMyAccountRedirect({
     query: context.query,

package/src/pages/account/403.tsx

@@ -23,6 +23,7 @@ import type {
   ServerAccountPageQueryQuery,
   ServerAccountPageQueryQueryVariables,
 } from '@generated/graphql'
+import { validateUser } from 'src/sdk/account/validateUser'
 
 /* A list of components that can be used in the CMS. */
 const COMPONENTS: Record<string, ComponentType<any>> = {
@@ -71,7 +72,16 @@ export const getServerSideProps: GetServerSideProps<
   Record<string, string>,
   Locator
 > = async (context) => {
-  // TODO validate permissions here
+  const isValid = await validateUser(context)
+
+  if (!isValid) {
+    return {
+      redirect: {
+        destination: '/login',
+        permanent: false,
+      },
+    }
+  }
 
   const { isFaststoreMyAccountEnabled, redirect } = getMyAccountRedirect({
     query: context.query,

package/src/pages/account/404.tsx

@@ -24,6 +24,7 @@ import type {
   ServerAccountPageQueryQuery,
   ServerAccountPageQueryQueryVariables,
 } from '@generated/graphql'
+import { validateUser } from 'src/sdk/account/validateUser'
 
 /* A list of components that can be used in the CMS. */
 const COMPONENTS: Record<string, ComponentType<any>> = {
@@ -67,7 +68,16 @@ export const getServerSideProps: GetServerSideProps<
   Record<string, string>,
   Locator
 > = async (context) => {
-  // TODO validate permissions here
+  const isValid = await validateUser(context)
+
+  if (!isValid) {
+    return {
+      redirect: {
+        destination: '/login',
+        permanent: false,
+      },
+    }
+  }
 
   const { isFaststoreMyAccountEnabled, redirect } = getMyAccountRedirect({
     query: context.query,

package/src/pages/account/[...unknown].tsx

@@ -13,8 +13,6 @@ export const getStaticProps: GetStaticProps<
   Record<string, string>,
   Locator
 > = async () => {
-  // TODO validate permissions here
-
   const { isFaststoreMyAccountEnabled, redirect } = getMyAccountRedirect({
     query: {},
   })

package/src/pages/account/index.tsx

@@ -1,3 +1,4 @@
+import { validateUser } from 'src/sdk/account/validateUser'
 import type { GetServerSideProps, NextPage } from 'next'
 import { getMyAccountRedirect } from 'src/utils/myAccountRedirect'
 
@@ -5,8 +6,20 @@ const MyAccountRedirectPage: NextPage = () => {
   return null
 }
 
-export const getServerSideProps: GetServerSideProps = async ({ query }) => {
-  // TODO validate permissions here
+export const getServerSideProps: GetServerSideProps = async ({
+  query,
+  req,
+}) => {
+  const isValid = await validateUser({ query, req } as any)
+
+  if (!isValid) {
+    return {
+      redirect: {
+        destination: '/login',
+        permanent: false,
+      },
+    }
+  }
 
   const { isFaststoreMyAccountEnabled, redirect } = getMyAccountRedirect({
     query,

package/src/pages/account/orders/[id].tsx

@@ -8,6 +8,7 @@ import RenderSections from 'src/components/cms/RenderSections'
 import { default as GLOBAL_COMPONENTS } from 'src/components/cms/global/Components'
 import CUSTOM_COMPONENTS from 'src/customizations/src/components'
 import type { MyAccountProps } from 'src/experimental/myAccountSeverSideProps'
+import { validateUser } from 'src/sdk/account/validateUser'
 
 import { gql } from '@generated'
 import type {
@@ -204,7 +205,16 @@ export const getServerSideProps: GetServerSideProps<
   Record<string, string>,
   Locator
 > = async (context) => {
-  // TODO validate permissions here
+  const isValid = await validateUser(context)
+
+  if (!isValid) {
+    return {
+      redirect: {
+        destination: '/login',
+        permanent: false,
+      },
+    }
+  }
 
   const { isFaststoreMyAccountEnabled, redirect } = getMyAccountRedirect({
     query: context.query,

package/src/pages/account/orders/index.tsx

@@ -24,6 +24,7 @@ import { groupOrderStatusByLabel } from 'src/utils/userOrderStatus'
 
 import { MyAccountListOrders } from 'src/components/account/orders/MyAccountListOrders'
 import { extractStatusFromError } from 'src/utils/utilities'
+import { validateUser } from 'src/sdk/account/validateUser'
 
 /* A list of components that can be used in the CMS. */
 const COMPONENTS: Record<string, ComponentType<any>> = {
@@ -118,7 +119,16 @@ export const getServerSideProps: GetServerSideProps<
   Record<string, string>,
   Locator
 > = async (context) => {
-  // TODO validate permissions here
+  const isValid = await validateUser(context)
+
+  if (!isValid) {
+    return {
+      redirect: {
+        destination: '/login',
+        permanent: false,
+      },
+    }
+  }
 
   const { previewData } = context
 

package/src/pages/account/profile.tsx

@@ -23,6 +23,7 @@ import type {
   ServerProfileQueryQuery,
   ServerProfileQueryQueryVariables,
 } from '@generated/graphql'
+import { validateUser } from 'src/sdk/account/validateUser'
 
 /* A list of components that can be used in the CMS. */
 const COMPONENTS: Record<string, ComponentType<any>> = {
@@ -63,7 +64,16 @@ export const getServerSideProps: GetServerSideProps<
   Record<string, string>,
   Locator
 > = async (context) => {
-  // TODO validate permissions here
+  const isValid = await validateUser(context)
+
+  if (!isValid) {
+    return {
+      redirect: {
+        destination: '/login',
+        permanent: false,
+      },
+    }
+  }
 
   const { isFaststoreMyAccountEnabled, redirect } = getMyAccountRedirect({
     query: context.query,

package/src/pages/account/security.tsx

@@ -24,6 +24,7 @@ import type {
   ServerSecurityQueryQuery,
   ServerSecurityQueryQueryVariables,
 } from '@generated/graphql'
+import { validateUser } from 'src/sdk/account/validateUser'
 
 /* A list of components that can be used in the CMS. */
 const COMPONENTS: Record<string, ComponentType<any>> = {
@@ -68,7 +69,16 @@ export const getServerSideProps: GetServerSideProps<
   Record<string, string>,
   Locator
 > = async (context) => {
-  // TODO validate permissions here
+  const isValid = await validateUser(context)
+
+  if (!isValid) {
+    return {
+      redirect: {
+        destination: '/login',
+        permanent: false,
+      },
+    }
+  }
 
   const { isFaststoreMyAccountEnabled, redirect } = getMyAccountRedirect({
     query: context.query,

package/src/pages/account/user-details.tsx

@@ -24,6 +24,7 @@ import type {
   ServerUserDetailsQueryQuery,
   ServerUserDetailsQueryQueryVariables,
 } from '@generated/graphql'
+import { validateUser } from 'src/sdk/account/validateUser'
 
 /* A list of components that can be used in the CMS. */
 const COMPONENTS: Record<string, ComponentType<any>> = {
@@ -64,7 +65,16 @@ export const getServerSideProps: GetServerSideProps<
   Record<string, string>,
   Locator
 > = async (context) => {
-  // TODO validate permissions here
+  const isValid = await validateUser(context)
+
+  if (!isValid) {
+    return {
+      redirect: {
+        destination: '/login',
+        permanent: false,
+      },
+    }
+  }
 
   const { isFaststoreMyAccountEnabled, redirect } = getMyAccountRedirect({
     query: context.query,

package/src/sdk/account/validateUser.ts

@@ -0,0 +1,32 @@
+import { gql } from '@generated/gql'
+import type {
+  ValidateUserQuery,
+  ValidateUserQueryVariables,
+} from '@generated/graphql'
+import type { GetServerSidePropsContext } from 'next'
+import { execute } from 'src/server'
+
+const query = gql(`
+  query ValidateUser {
+    validateUser {
+      isValid
+    }
+  }
+`)
+
+export async function validateUser(context: GetServerSidePropsContext) {
+  const validateUserResult = await execute<
+    ValidateUserQueryVariables,
+    ValidateUserQuery
+  >(
+    {
+      variables: {},
+      operation: query,
+    },
+    {
+      headers: { ...context.req.headers },
+    }
+  )
+
+  return validateUserResult?.data?.validateUser?.isValid
+}

package/test/server/index.test.ts

@@ -77,6 +77,7 @@ const QUERIES = [
   'userOrder',
   'listUserOrders',
   'accountName',
+  'validateUser',
 ]
 
 const MUTATIONS = [