@huloglobal/vendure-plugin-geo-block 0.1.0

package/dist/plugin.d.ts

@@ -0,0 +1,47 @@
+import { Type } from '@vendure/core';
+export interface GeoBlockPluginOptions {
+    /** Public-facing host of the Vendure server. Used in licence
+     *  domain matching — must match one of the JWT's `allowedDomains`. */
+    publicBaseUrl: string;
+    /** JWT licence key. Without it, the public site-config endpoint
+     *  still resolves the rules but always returns `enabled: false`. */
+    licenceKey?: string;
+}
+export declare function getOptions(): GeoBlockPluginOptions;
+/**
+ * `@huloglobal/vendure-plugin-geo-block`
+ *
+ * Per-channel geo-restriction for Vendure storefronts. The plugin owns
+ * a flat `/geo-block/site-config` endpoint the storefront polls (cached
+ * client-side) plus an admin page for configuring region presets,
+ * extra allowed countries, denylist, and UK-region subfilter.
+ *
+ * Add to your Vendure config:
+ *
+ * ```ts
+ * import { GeoBlockPlugin } from '@huloglobal/vendure-plugin-geo-block';
+ *
+ * export const config: VendureConfig = {
+ *   plugins: [
+ *     GeoBlockPlugin.init({
+ *       publicBaseUrl: 'https://shop.example.com',
+ *       licenceKey: process.env.HULO_LICENCE_KEY,
+ *     }),
+ *   ],
+ * };
+ * ```
+ */
+export declare class GeoBlockPlugin {
+    private static revocation;
+    static init(options: GeoBlockPluginOptions): Type<GeoBlockPlugin>;
+    static uiExtensions: {
+        extensionPath: string;
+        ngModules: {
+            type: "lazy";
+            route: string;
+            ngModuleFileName: string;
+            ngModuleName: string;
+        }[];
+    };
+}
+//# sourceMappingURL=plugin.d.ts.map

package/dist/plugin.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"plugin.d.ts","sourceRoot":"","sources":["../src/plugin.ts"],"names":[],"mappings":"AAAA,OAAO,EAAoC,IAAI,EAAiB,MAAM,eAAe,CAAC;AAItF,MAAM,WAAW,qBAAqB;IAClC;0EACsE;IACtE,aAAa,EAAE,MAAM,CAAC;IACtB;wEACoE;IACpE,UAAU,CAAC,EAAE,MAAM,CAAC;CACvB;AAiBD,wBAAgB,UAAU,IAAI,qBAAqB,CAA0B;AAE7E;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,qBAiDa,cAAc;IACvB,OAAO,CAAC,MAAM,CAAC,UAAU,CAAkC;IAE3D,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,qBAAqB,GAAG,IAAI,CAAC,cAAc,CAAC;IA6BjE,MAAM,CAAC,YAAY;;;;;;;;MAUjB;CACL"}

package/dist/plugin.js

@@ -0,0 +1,140 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var GeoBlockPlugin_1;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.GeoBlockPlugin = void 0;
+exports.getOptions = getOptions;
+const core_1 = require("@vendure/core");
+const vendure_licence_sdk_1 = require("@huloglobal/vendure-licence-sdk");
+const geo_block_controller_1 = require("./geo-block.controller");
+const HULO_PUBLIC_KEY = `-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoLmNM5UljRqe71drM6lR
+Ba5vXrLOcV3GAHkYvnVFQSqdE0avrge/jsD7WdA6x8qQFNRugxQcxDJa2l0+C+BH
+SbU9TimGwhA1yusHHfuz9LAXks5IQ48+2e6Pulh7iThXPJUnIKqKZUN5HhL79aaK
+vrZKIgSfVhwE5PMPXWZ+Ij5IRf74PLIUn1Er75qhBXlDJ4vF8y8/3owURNC1XiUB
+DGElwV/LYNoqAQei4oixe4EAxPGvFi11pgHiGuRxuWckA88y6ZHLt6urfAY9sCkj
+kF+2dc2yS3j7lD+SYAaV5LQYYjePP1CYvxCZ7HHRKqthHopxY1hsK2tBtni3f7/c
+UwIDAQAB
+-----END PUBLIC KEY-----`;
+const PLUGIN_ID = 'vendure-plugin-geo-block';
+const REVOCATION_URL = process.env.HULO_LICENCE_REVOCATION_URL
+    || 'https://elite.charity/licence/revoked.json';
+let cachedOptions = { publicBaseUrl: 'http://localhost:3000' };
+function getOptions() { return cachedOptions; }
+/**
+ * `@huloglobal/vendure-plugin-geo-block`
+ *
+ * Per-channel geo-restriction for Vendure storefronts. The plugin owns
+ * a flat `/geo-block/site-config` endpoint the storefront polls (cached
+ * client-side) plus an admin page for configuring region presets,
+ * extra allowed countries, denylist, and UK-region subfilter.
+ *
+ * Add to your Vendure config:
+ *
+ * ```ts
+ * import { GeoBlockPlugin } from '@huloglobal/vendure-plugin-geo-block';
+ *
+ * export const config: VendureConfig = {
+ *   plugins: [
+ *     GeoBlockPlugin.init({
+ *       publicBaseUrl: 'https://shop.example.com',
+ *       licenceKey: process.env.HULO_LICENCE_KEY,
+ *     }),
+ *   ],
+ * };
+ * ```
+ */
+let GeoBlockPlugin = GeoBlockPlugin_1 = class GeoBlockPlugin {
+    static init(options) {
+        cachedOptions = options;
+        if (!GeoBlockPlugin_1.revocation) {
+            GeoBlockPlugin_1.revocation = new vendure_licence_sdk_1.RevocationChecker(REVOCATION_URL);
+            GeoBlockPlugin_1.revocation.start();
+        }
+        const host = (options.publicBaseUrl || '')
+            .replace(/^https?:\/\//, '').replace(/\/.*$/, '');
+        const status = (0, vendure_licence_sdk_1.verifyLicence)({
+            licenceKey: options.licenceKey,
+            pluginId: PLUGIN_ID,
+            host,
+            publicKey: HULO_PUBLIC_KEY,
+            revokedIds: GeoBlockPlugin_1.revocation.getRevokedIds(),
+        });
+        if (!status.valid) {
+            // eslint-disable-next-line no-console
+            console.warn(`[@huloglobal/vendure-plugin-geo-block] ${status.message}` +
+                ` — Running in unlicensed mode (settings still saveable, but the public endpoint always reports enabled=false). Purchase a key at https://elite-software.co.uk/licence/buy/${PLUGIN_ID}`);
+        }
+        return GeoBlockPlugin_1;
+    }
+};
+exports.GeoBlockPlugin = GeoBlockPlugin;
+GeoBlockPlugin.revocation = null;
+GeoBlockPlugin.uiExtensions = {
+    extensionPath: __dirname + '/../ui',
+    ngModules: [
+        {
+            type: 'lazy',
+            route: 'geo-block',
+            ngModuleFileName: 'geo-block.module.ts',
+            ngModuleName: 'GeoBlockModule',
+        },
+    ],
+};
+exports.GeoBlockPlugin = GeoBlockPlugin = GeoBlockPlugin_1 = __decorate([
+    (0, core_1.VendurePlugin)({
+        imports: [core_1.PluginCommonModule],
+        controllers: [geo_block_controller_1.GeoBlockController],
+        compatibility: '^3.0.0',
+        configuration: config => {
+            config.customFields.Channel = (config.customFields.Channel || []).concat([
+                {
+                    name: 'geoBlockEnabled', type: 'boolean', public: true, defaultValue: false,
+                    label: [{ languageCode: core_1.LanguageCode.en, value: 'Site: Geo-block enabled' }],
+                    description: [{ languageCode: core_1.LanguageCode.en, value: 'When on, visitors outside the allowed countries (and UK regions, if GB is allowed) see a "down for maintenance" page instead of the storefront.' }],
+                },
+                {
+                    name: 'geoBlockAllowedRegions', type: 'string', list: true, public: true,
+                    defaultValue: [],
+                    label: [{ languageCode: core_1.LanguageCode.en, value: 'Site: Geo-block allowed regions (presets)' }],
+                    description: [{ languageCode: core_1.LanguageCode.en, value: 'One-click region presets. Combine with extra/blocked countries below.' }],
+                    options: [
+                        { value: 'UK_ONLY', label: [{ languageCode: core_1.LanguageCode.en, value: 'United Kingdom only' }] },
+                        { value: 'BRITISH_ISLES', label: [{ languageCode: core_1.LanguageCode.en, value: 'British Isles (GB, IE, IoM, CI, Faroes)' }] },
+                        { value: 'EU', label: [{ languageCode: core_1.LanguageCode.en, value: 'European Union (27)' }] },
+                        { value: 'EEA', label: [{ languageCode: core_1.LanguageCode.en, value: 'EEA (EU + IS, LI, NO)' }] },
+                        { value: 'EUROPE', label: [{ languageCode: core_1.LanguageCode.en, value: 'Whole Europe (incl. UK, RU, UA, micro-states)' }] },
+                        { value: 'NORTH_AMERICA', label: [{ languageCode: core_1.LanguageCode.en, value: 'North America (US, CA, MX)' }] },
+                        { value: 'OCEANIA', label: [{ languageCode: core_1.LanguageCode.en, value: 'Oceania (AU, NZ)' }] },
+                        { value: 'WORLDWIDE', label: [{ languageCode: core_1.LanguageCode.en, value: 'Worldwide — only blocked countries excluded' }] },
+                    ],
+                },
+                {
+                    name: 'geoBlockAllowedCountries', type: 'string', list: true, public: true,
+                    defaultValue: [],
+                    label: [{ languageCode: core_1.LanguageCode.en, value: 'Site: Extra allowed countries (ISO 3166-1 alpha-2)' }],
+                    description: [{ languageCode: core_1.LanguageCode.en, value: 'Countries allowed on top of the selected regions. Use ISO codes (GB, IE, FR, US…).' }],
+                },
+                {
+                    name: 'geoBlockBlockedCountries', type: 'string', list: true, public: true,
+                    defaultValue: [],
+                    label: [{ languageCode: core_1.LanguageCode.en, value: 'Site: Always-blocked countries' }],
+                    description: [{ languageCode: core_1.LanguageCode.en, value: 'Subtracted from the resolved allow-list. Useful for blocking specific countries inside a region you otherwise allow.' }],
+                },
+                {
+                    name: 'geoBlockAllowedGbRegions', type: 'string', list: true, public: true,
+                    defaultValue: [],
+                    label: [{ languageCode: core_1.LanguageCode.en, value: 'Site: Geo-block allowed UK regions' }],
+                    description: [{ languageCode: core_1.LanguageCode.en, value: 'When GB is resolved as allowed, additionally restrict to ENG / WLS / SCT / NIR. Empty = whole UK allowed.' }],
+                },
+            ]);
+            return config;
+        },
+    })
+], GeoBlockPlugin);
+//# sourceMappingURL=plugin.js.map

package/dist/plugin.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"plugin.js","sourceRoot":"","sources":["../src/plugin.ts"],"names":[],"mappings":";;;;;;;;;;AA4BA,gCAA6E;AA5B7E,wCAAsF;AACtF,yEAAmF;AACnF,iEAA4D;AAW5D,MAAM,eAAe,GAAG;;;;;;;;yBAQC,CAAC;AAE1B,MAAM,SAAS,GAAG,0BAA0B,CAAC;AAC7C,MAAM,cAAc,GAAG,OAAO,CAAC,GAAG,CAAC,2BAA2B;OACvD,4CAA4C,CAAC;AAEpD,IAAI,aAAa,GAA0B,EAAE,aAAa,EAAE,uBAAuB,EAAE,CAAC;AACtF,SAAgB,UAAU,KAA4B,OAAO,aAAa,CAAC,CAAC,CAAC;AAE7E;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAkDI,IAAM,cAAc,sBAApB,MAAM,cAAc;IAGvB,MAAM,CAAC,IAAI,CAAC,OAA8B;QACtC,aAAa,GAAG,OAAO,CAAC;QAExB,IAAI,CAAC,gBAAc,CAAC,UAAU,EAAE,CAAC;YAC7B,gBAAc,CAAC,UAAU,GAAG,IAAI,uCAAiB,CAAC,cAAc,CAAC,CAAC;YAClE,gBAAc,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;QACtC,CAAC;QAED,MAAM,IAAI,GAAG,CAAC,OAAO,CAAC,aAAa,IAAI,EAAE,CAAC;aACrC,OAAO,CAAC,cAAc,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;QACtD,MAAM,MAAM,GAAG,IAAA,mCAAa,EAAC;YACzB,UAAU,EAAE,OAAO,CAAC,UAAU;YAC9B,QAAQ,EAAE,SAAS;YACnB,IAAI;YACJ,SAAS,EAAE,eAAe;YAC1B,UAAU,EAAE,gBAAc,CAAC,UAAU,CAAC,aAAa,EAAE;SACxD,CAAC,CAAC;QAEH,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;YAChB,sCAAsC;YACtC,OAAO,CAAC,IAAI,CACR,0CAA0C,MAAM,CAAC,OAAO,EAAE;gBAC1D,6KAA6K,SAAS,EAAE,CAC3L,CAAC;QACN,CAAC;QAED,OAAO,gBAAc,CAAC;IAC1B,CAAC;;AA9BQ,wCAAc;AACR,yBAAU,GAA6B,IAAI,AAAjC,CAAkC;AA+BpD,2BAAY,GAAG;IAClB,aAAa,EAAE,SAAS,GAAG,QAAQ;IACnC,SAAS,EAAE;QACP;YACI,IAAI,EAAE,MAAe;YACrB,KAAK,EAAE,WAAW;YAClB,gBAAgB,EAAE,qBAAqB;YACvC,YAAY,EAAE,gBAAgB;SACjC;KACJ;CACJ,AAVkB,CAUjB;yBA1CO,cAAc;IAjD1B,IAAA,oBAAa,EAAC;QACX,OAAO,EAAE,CAAC,yBAAkB,CAAC;QAC7B,WAAW,EAAE,CAAC,yCAAkB,CAAC;QACjC,aAAa,EAAE,QAAQ;QACvB,aAAa,EAAE,MAAM,CAAC,EAAE;YACpB,MAAM,CAAC,YAAY,CAAC,OAAO,GAAG,CAAC,MAAM,CAAC,YAAY,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC;gBACrE;oBACI,IAAI,EAAE,iBAAiB,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,IAAI,EAAE,YAAY,EAAE,KAAK;oBAC3E,KAAK,EAAE,CAAC,EAAE,YAAY,EAAE,mBAAY,CAAC,EAAE,EAAE,KAAK,EAAE,yBAAyB,EAAE,CAAC;oBAC5E,WAAW,EAAE,CAAC,EAAE,YAAY,EAAE,mBAAY,CAAC,EAAE,EAAE,KAAK,EAAE,iJAAiJ,EAAE,CAAC;iBAC7M;gBACD;oBACI,IAAI,EAAE,wBAAwB,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI;oBACxE,YAAY,EAAE,EAAE;oBAChB,KAAK,EAAE,CAAC,EAAE,YAAY,EAAE,mBAAY,CAAC,EAAE,EAAE,KAAK,EAAE,2CAA2C,EAAE,CAAC;oBAC9F,WAAW,EAAE,CAAC,EAAE,YAAY,EAAE,mBAAY,CAAC,EAAE,EAAE,KAAK,EAAE,uEAAuE,EAAE,CAAC;oBAChI,OAAO,EAAE;wBACL,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC,EAAE,YAAY,EAAE,mBAAY,CAAC,EAAE,EAAE,KAAK,EAAE,qBAAqB,EAAE,CAAC,EAAE;wBAC9F,EAAE,KAAK,EAAE,eAAe,EAAE,KAAK,EAAE,CAAC,EAAE,YAAY,EAAE,mBAAY,CAAC,EAAE,EAAE,KAAK,EAAE,yCAAyC,EAAE,CAAC,EAAE;wBACxH,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,EAAE,YAAY,EAAE,mBAAY,CAAC,EAAE,EAAE,KAAK,EAAE,qBAAqB,EAAE,CAAC,EAAE;wBACzF,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,EAAE,YAAY,EAAE,mBAAY,CAAC,EAAE,EAAE,KAAK,EAAE,uBAAuB,EAAE,CAAC,EAAE;wBAC5F,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,EAAE,YAAY,EAAE,mBAAY,CAAC,EAAE,EAAE,KAAK,EAAE,+CAA+C,EAAE,CAAC,EAAE;wBACvH,EAAE,KAAK,EAAE,eAAe,EAAE,KAAK,EAAE,CAAC,EAAE,YAAY,EAAE,mBAAY,CAAC,EAAE,EAAE,KAAK,EAAE,4BAA4B,EAAE,CAAC,EAAE;wBAC3G,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC,EAAE,YAAY,EAAE,mBAAY,CAAC,EAAE,EAAE,KAAK,EAAE,kBAAkB,EAAE,CAAC,EAAE;wBAC3F,EAAE,KAAK,EAAE,WAAW,EAAE,KAAK,EAAE,CAAC,EAAE,YAAY,EAAE,mBAAY,CAAC,EAAE,EAAE,KAAK,EAAE,6CAA6C,EAAE,CAAC,EAAE;qBAC3H;iBACJ;gBACD;oBACI,IAAI,EAAE,0BAA0B,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI;oBAC1E,YAAY,EAAE,EAAE;oBAChB,KAAK,EAAE,CAAC,EAAE,YAAY,EAAE,mBAAY,CAAC,EAAE,EAAE,KAAK,EAAE,oDAAoD,EAAE,CAAC;oBACvG,WAAW,EAAE,CAAC,EAAE,YAAY,EAAE,mBAAY,CAAC,EAAE,EAAE,KAAK,EAAE,oFAAoF,EAAE,CAAC;iBAChJ;gBACD;oBACI,IAAI,EAAE,0BAA0B,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI;oBAC1E,YAAY,EAAE,EAAE;oBAChB,KAAK,EAAE,CAAC,EAAE,YAAY,EAAE,mBAAY,CAAC,EAAE,EAAE,KAAK,EAAE,gCAAgC,EAAE,CAAC;oBACnF,WAAW,EAAE,CAAC,EAAE,YAAY,EAAE,mBAAY,CAAC,EAAE,EAAE,KAAK,EAAE,sHAAsH,EAAE,CAAC;iBAClL;gBACD;oBACI,IAAI,EAAE,0BAA0B,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI;oBAC1E,YAAY,EAAE,EAAE;oBAChB,KAAK,EAAE,CAAC,EAAE,YAAY,EAAE,mBAAY,CAAC,EAAE,EAAE,KAAK,EAAE,oCAAoC,EAAE,CAAC;oBACvF,WAAW,EAAE,CAAC,EAAE,YAAY,EAAE,mBAAY,CAAC,EAAE,EAAE,KAAK,EAAE,2GAA2G,EAAE,CAAC;iBACvK;aACJ,CAAC,CAAC;YACH,OAAO,MAAM,CAAC;QAClB,CAAC;KACJ,CAAC;GACW,cAAc,CA2C1B"}

package/dist/proxy-headers.d.ts

@@ -0,0 +1,37 @@
+import { Request } from 'express';
+/**
+ * Reverse-proxy aware visitor IP extraction.
+ *
+ * Order of precedence:
+ *   1. Cloudflare's `CF-Connecting-IP` (always the real client IP,
+ *      regardless of how many proxies sit in front of the worker).
+ *   2. `True-Client-IP` (Akamai / Cloudflare Enterprise).
+ *   3. `X-Real-IP` (nginx / Caddy default when proxying).
+ *   4. First entry in `X-Forwarded-For` (RFC 7239 ancestor; the
+ *      left-most entry is the original client when the upstream proxy
+ *      is trusted).
+ *   5. Express's `req.ip` — only useful when `app.set('trust proxy', ...)`
+ *      has been set on the Vendure host, otherwise this is the socket
+ *      address of the last hop.
+ *
+ * Returns `null` if none of the headers are populated and `req.ip`
+ * isn't available — the caller should treat this as "unknown" and
+ * skip IP-dependent enrichment rather than fail.
+ */
+export declare function getRealIp(req: Request): string | null;
+/**
+ * Cloudflare / Akamai populate the visitor's resolved country on the
+ * inbound request when the corresponding feature is enabled. Reading
+ * the upstream value avoids a per-request GeoIP lookup. Returns the
+ * ISO 3166-1 alpha-2 country code or `null` if no proxy header is
+ * present.
+ */
+export declare function getResolvedCountry(req: Request): string | null;
+/**
+ * Cloudflare's `cf-region-code` carries the ISO 3166-2 subdivision
+ * (e.g. `ENG`, `SCT`, `CA`) when the "Send subdivision data" option is
+ * enabled in the dashboard. Returns the bare code without the country
+ * prefix, or `null` if unavailable.
+ */
+export declare function getResolvedRegion(req: Request): string | null;
+//# sourceMappingURL=proxy-headers.d.ts.map

package/dist/proxy-headers.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"proxy-headers.d.ts","sourceRoot":"","sources":["../src/proxy-headers.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAElC;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,SAAS,CAAC,GAAG,EAAE,OAAO,GAAG,MAAM,GAAG,IAAI,CAkBrD;AAED;;;;;;GAMG;AACH,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,OAAO,GAAG,MAAM,GAAG,IAAI,CAe9D;AAED;;;;;GAKG;AACH,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,OAAO,GAAG,MAAM,GAAG,IAAI,CAK7D"}

package/dist/proxy-headers.js

@@ -0,0 +1,81 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getRealIp = getRealIp;
+exports.getResolvedCountry = getResolvedCountry;
+exports.getResolvedRegion = getResolvedRegion;
+/**
+ * Reverse-proxy aware visitor IP extraction.
+ *
+ * Order of precedence:
+ *   1. Cloudflare's `CF-Connecting-IP` (always the real client IP,
+ *      regardless of how many proxies sit in front of the worker).
+ *   2. `True-Client-IP` (Akamai / Cloudflare Enterprise).
+ *   3. `X-Real-IP` (nginx / Caddy default when proxying).
+ *   4. First entry in `X-Forwarded-For` (RFC 7239 ancestor; the
+ *      left-most entry is the original client when the upstream proxy
+ *      is trusted).
+ *   5. Express's `req.ip` — only useful when `app.set('trust proxy', ...)`
+ *      has been set on the Vendure host, otherwise this is the socket
+ *      address of the last hop.
+ *
+ * Returns `null` if none of the headers are populated and `req.ip`
+ * isn't available — the caller should treat this as "unknown" and
+ * skip IP-dependent enrichment rather than fail.
+ */
+function getRealIp(req) {
+    var _a;
+    const headers = req.headers || {};
+    const cfIp = String(headers['cf-connecting-ip'] || '').trim();
+    if (cfIp)
+        return cfIp;
+    const trueClient = String(headers['true-client-ip'] || '').trim();
+    if (trueClient)
+        return trueClient;
+    const realIp = String(headers['x-real-ip'] || '').trim();
+    if (realIp)
+        return realIp;
+    const xff = String(headers['x-forwarded-for'] || '').trim();
+    if (xff) {
+        const first = (_a = xff.split(',')[0]) === null || _a === void 0 ? void 0 : _a.trim();
+        if (first)
+            return first;
+    }
+    return req.ip || null;
+}
+/**
+ * Cloudflare / Akamai populate the visitor's resolved country on the
+ * inbound request when the corresponding feature is enabled. Reading
+ * the upstream value avoids a per-request GeoIP lookup. Returns the
+ * ISO 3166-1 alpha-2 country code or `null` if no proxy header is
+ * present.
+ */
+function getResolvedCountry(req) {
+    const headers = req.headers || {};
+    const cf = String(headers['cf-ipcountry'] || '').trim().toUpperCase();
+    if (cf && cf !== 'XX' && cf !== 'T1')
+        return cf;
+    const akamai = String(headers['x-akamai-edgescape'] || '').trim();
+    if (akamai) {
+        const m = akamai.match(/country_code=([A-Z]{2})/i);
+        if (m)
+            return m[1].toUpperCase();
+    }
+    const fastly = String(headers['x-country-code'] || '').trim().toUpperCase();
+    if (fastly && /^[A-Z]{2}$/.test(fastly))
+        return fastly;
+    return null;
+}
+/**
+ * Cloudflare's `cf-region-code` carries the ISO 3166-2 subdivision
+ * (e.g. `ENG`, `SCT`, `CA`) when the "Send subdivision data" option is
+ * enabled in the dashboard. Returns the bare code without the country
+ * prefix, or `null` if unavailable.
+ */
+function getResolvedRegion(req) {
+    const headers = req.headers || {};
+    const cf = String(headers['cf-region-code'] || '').trim().toUpperCase();
+    if (cf && /^[A-Z0-9]{1,4}$/.test(cf))
+        return cf;
+    return null;
+}
+//# sourceMappingURL=proxy-headers.js.map

package/dist/proxy-headers.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"proxy-headers.js","sourceRoot":"","sources":["../src/proxy-headers.ts"],"names":[],"mappings":";;AAqBA,8BAkBC;AASD,gDAeC;AAQD,8CAKC;AA1ED;;;;;;;;;;;;;;;;;;GAkBG;AACH,SAAgB,SAAS,CAAC,GAAY;;IAClC,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,IAAI,EAAE,CAAC;IAClC,MAAM,IAAI,GAAG,MAAM,CAAC,OAAO,CAAC,kBAAkB,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IAC9D,IAAI,IAAI;QAAE,OAAO,IAAI,CAAC;IAEtB,MAAM,UAAU,GAAG,MAAM,CAAC,OAAO,CAAC,gBAAgB,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IAClE,IAAI,UAAU;QAAE,OAAO,UAAU,CAAC;IAElC,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IACzD,IAAI,MAAM;QAAE,OAAO,MAAM,CAAC;IAE1B,MAAM,GAAG,GAAG,MAAM,CAAC,OAAO,CAAC,iBAAiB,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IAC5D,IAAI,GAAG,EAAE,CAAC;QACN,MAAM,KAAK,GAAG,MAAA,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,0CAAE,IAAI,EAAE,CAAC;QACxC,IAAI,KAAK;YAAE,OAAO,KAAK,CAAC;IAC5B,CAAC;IAED,OAAQ,GAAW,CAAC,EAAE,IAAI,IAAI,CAAC;AACnC,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,kBAAkB,CAAC,GAAY;IAC3C,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,IAAI,EAAE,CAAC;IAClC,MAAM,EAAE,GAAG,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IACtE,IAAI,EAAE,IAAI,EAAE,KAAK,IAAI,IAAI,EAAE,KAAK,IAAI;QAAE,OAAO,EAAE,CAAC;IAEhD,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,oBAAoB,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IAClE,IAAI,MAAM,EAAE,CAAC;QACT,MAAM,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAC;QACnD,IAAI,CAAC;YAAE,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;IACrC,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,gBAAgB,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC5E,IAAI,MAAM,IAAI,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC;QAAE,OAAO,MAAM,CAAC;IAEvD,OAAO,IAAI,CAAC;AAChB,CAAC;AAED;;;;;GAKG;AACH,SAAgB,iBAAiB,CAAC,GAAY;IAC1C,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,IAAI,EAAE,CAAC;IAClC,MAAM,EAAE,GAAG,MAAM,CAAC,OAAO,CAAC,gBAAgB,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IACxE,IAAI,EAAE,IAAI,iBAAiB,CAAC,IAAI,CAAC,EAAE,CAAC;QAAE,OAAO,EAAE,CAAC;IAChD,OAAO,IAAI,CAAC;AAChB,CAAC"}

package/package.json

@@ -0,0 +1,41 @@
+{
+    "name": "@huloglobal/vendure-plugin-geo-block",
+    "version": "0.1.0",
+    "description": "Geo-restrict your Vendure storefront by country, UK region or curated region presets (EU, EEA, British Isles, Europe, North America, Oceania, Worldwide-with-denylist). Per-channel settings exposed as Channel custom fields plus a dedicated admin page with a live preview of the resolved allow-list.",
+    "license": "SEE LICENSE IN LICENSE",
+    "author": "Wayne Garrison <wayne@garrison.me.uk>",
+    "homepage": "https://github.com/exceeded/vendure-plugin-geo-block",
+    "repository": {
+        "type": "git",
+        "url": "git+https://github.com/exceeded/vendure-plugin-geo-block.git"
+    },
+    "main": "dist/index.js",
+    "types": "dist/index.d.ts",
+    "files": ["dist", "ui", "README.md", "CHANGELOG.md", "LICENSE"],
+    "scripts": {
+        "build": "tsc -p tsconfig.json",
+        "prepublishOnly": "yarn build"
+    },
+    "dependencies": {
+        "@huloglobal/vendure-licence-sdk": "^0.1.0"
+    },
+    "peerDependencies": {
+        "@vendure/core": ">=3.0.0",
+        "@nestjs/common": ">=10.0.0",
+        "typeorm": ">=0.3.0"
+    },
+    "devDependencies": {
+        "@huloglobal/vendure-licence-sdk": "^0.1.0",
+        "@nestjs/common": "^10.0.0",
+        "@vendure/core": "^3.6.0",
+        "typeorm": "^0.3.0",
+        "typescript": "^5.4.0"
+    },
+    "keywords": [
+        "vendure",
+        "vendure-plugin",
+        "geo-block",
+        "geo-restriction",
+        "geoip"
+    ]
+}