@neowhale/storefront 0.2.13 → 0.2.20

package/dist/{client-Ca8Otk-R.d.ts → client-BSO263Uv.d.ts}

@@ -1,6 +1,7 @@
 interface PixelConfig {
     provider: string;
     pixel_id: string;
+    measurement_id?: string;
 }
 interface StorefrontConfig {
     object: 'storefront_config';
@@ -84,6 +85,7 @@ interface LoyaltyAccount {
     points_balance: number;
     tier: string;
     lifetime_points: number;
+    redemption_mode?: 'cash' | 'rewards_only';
 }
 interface LoyaltyReward {
     id: string;
@@ -92,6 +94,8 @@ interface LoyaltyReward {
     points_cost: number;
     reward_type: string;
     is_active: boolean;
+    reward_category?: string;
+    reward_product_tier?: string;
 }
 interface LoyaltyTransaction {
     id: string;
@@ -119,13 +123,19 @@ interface ShippingRate {
     estimated_days_min: number | null;
     estimated_days_max: number | null;
 }
-interface CouponValidation {
+interface DealValidation {
     valid: boolean;
     code: string;
+    deal_id?: string;
+    name?: string;
     discount_type: string | null;
     discount_value: number | null;
+    apply_to?: string;
+    badge_text?: string | null;
     message: string | null;
 }
+/** @deprecated Use DealValidation instead */
+type CouponValidation = DealValidation;
 interface CheckoutSession {
     id: string;
     cart_id: string;
@@ -365,7 +375,7 @@ interface QRLandingData {
 }
 interface LandingSection {
     id: string;
-    type: 'hero' | 'text' | 'image' | 'video' | 'gallery' | 'cta' | 'stats' | 'product_card' | 'coa_viewer' | 'social_links' | 'divider' | 'custom';
+    type: 'hero' | 'text' | 'image' | 'video' | 'gallery' | 'cta' | 'stats' | 'product_card' | 'coa_viewer' | 'social_links' | 'divider' | 'lead_capture' | 'custom';
     content: Record<string, unknown>;
     order: number;
     config?: Record<string, unknown>;
@@ -401,6 +411,29 @@ interface LandingPageRenderData {
         document_name: string;
     } | null;
 }
+interface ReferralEnrollment {
+    object: 'referral_enrollment';
+    affiliate_id: string;
+    referral_code: string;
+    share_url: string;
+    qr_code_id: string;
+    wallet_pass_id: string;
+}
+interface ReferralStatus {
+    object: 'referral_status';
+    enrolled: boolean;
+    referral_code: string | null;
+    share_url: string | null;
+    total_referrals: number;
+    pending_referrals: number;
+    points_earned: number;
+    wallet_pass_id: string | null;
+    referred_by: {
+        affiliate_id: string;
+        referral_code: string;
+        referrer_name: string;
+    } | null;
+}
 
 /**
  * Extended query methods and static utilities for WhaleClient.
@@ -447,7 +480,7 @@ declare class WhaleClient {
     }): Promise<CartItem>;
     updateCartItem(cartId: string, itemId: string, quantity: number): Promise<Cart>;
     removeCartItem(cartId: string, itemId: string): Promise<void>;
-    checkout(cartId: string, customerEmail?: string, payment?: PaymentData): Promise<Order>;
+    checkout(cartId: string, customerEmail?: string, payment?: PaymentData, referralCode?: string): Promise<Order>;
     findCustomer(query: string): Promise<Customer[]>;
     getCustomer(id: string): Promise<Customer>;
     createCustomer(data: {
@@ -456,6 +489,12 @@ declare class WhaleClient {
         email: string;
         phone?: string;
     }): Promise<Customer>;
+    updateProfile(customerId: string, data: {
+        first_name: string;
+        last_name: string;
+        phone?: string;
+        date_of_birth?: string;
+    }): Promise<Customer>;
     listOrders(params?: {
         customer_id?: string;
         limit?: number;
@@ -474,17 +513,37 @@ declare class WhaleClient {
     /** Fetch landing page data by slug (public, no auth needed). */
     fetchLandingPage(slug: string): Promise<LandingPageRenderData>;
     createSession(params: {
+        visitor_id?: string;
         user_agent?: string;
         referrer?: string;
+        page_url?: string;
+        device?: string;
+        utm_source?: string;
+        utm_medium?: string;
+        utm_campaign?: string;
+        utm_content?: string;
+        utm_term?: string;
+        gclid?: string;
+        fbclid?: string;
     }): Promise<StorefrontSession>;
     updateSession(sessionId: string, params: {
         last_active_at?: string;
         customer_id?: string;
+        customer_first_name?: string;
+        customer_last_name?: string;
+        cart_id?: string;
+        cart_item_count?: number;
+        cart_total?: number;
+        order_id?: string;
+        fingerprint_id?: string;
+        status?: string;
+        current_page?: string;
     }): Promise<StorefrontSession>;
     trackEvent(params: {
         session_id: string;
         event_type: EventType;
         event_data?: Record<string, unknown>;
+        visitor_id?: string;
     }): Promise<void>;
     createCheckoutSession(params: {
         cart_id: string;
@@ -493,6 +552,9 @@ declare class WhaleClient {
         billing_address?: Address;
         shipping_method_id?: string;
         coupon_code?: string;
+        referral_code?: string;
+        loyalty_reward_id?: string;
+        selected_product_id?: string;
     }): Promise<CheckoutSession>;
     getCheckoutSession(sessionId: string): Promise<CheckoutSession>;
     updateCheckoutSession(sessionId: string, params: {
@@ -502,7 +564,10 @@ declare class WhaleClient {
         shipping_method_id?: string;
         coupon_code?: string;
     }): Promise<CheckoutSession>;
-    completeCheckout(sessionId: string, payment?: PaymentData): Promise<Order>;
+    completeCheckout(sessionId: string, payment?: PaymentData, opts?: {
+        loyalty_reward_id?: string;
+        selected_product_id?: string;
+    }): Promise<Order>;
     searchProducts(params: {
         query: string;
         category_id?: string;
@@ -521,6 +586,11 @@ declare class WhaleClient {
         limit?: number;
         starting_after?: string;
     }): Promise<ListResponse<LoyaltyTransaction>>;
+    listLoyaltyProducts(params: {
+        category: string;
+        location_id: string;
+        tier?: string;
+    }): Promise<ListResponse<Product>>;
     redeemLoyaltyReward(customerId: string, rewardId: string): Promise<{
         success: boolean;
         points_remaining: number;
@@ -558,13 +628,28 @@ declare class WhaleClient {
     }): Promise<{
         data: ShippingRate[];
     }>;
+    validateDeal(code: string, params?: {
+        cart_id?: string;
+    }): Promise<DealValidation>;
+    applyDeal(cartId: string, code: string): Promise<Cart>;
+    removeDeal(cartId: string): Promise<Cart>;
+    /** @deprecated Use validateDeal instead */
     validateCoupon(code: string, params?: {
         cart_id?: string;
-    }): Promise<CouponValidation>;
+    }): Promise<DealValidation>;
+    /** @deprecated Use applyDeal instead */
     applyCoupon(cartId: string, code: string): Promise<Cart>;
+    /** @deprecated Use removeDeal instead */
     removeCoupon(cartId: string): Promise<Cart>;
+    enrollReferral(customerId: string): Promise<ReferralEnrollment>;
+    getReferralStatus(customerId: string): Promise<ReferralStatus>;
+    attributeReferral(customerId: string, referralCode: string): Promise<{
+        success: boolean;
+        affiliate_id?: string;
+        error?: string;
+    }>;
     static encodeBase64Url: typeof encodeBase64Url;
     static signMedia: typeof signMedia;
 }
 
-export { type Address as A, type StorefrontSession as B, type Cart as C, type WhaleStorefrontConfig as D, type EventType as E, type WishlistItem as F, type LandingPageConfig as L, type Order as O, type PaymentData as P, type QRLandingData as Q, type Recommendation as R, type SendCodeResponse as S, type TaxBreakdown as T, type VerifyCodeResponse as V, WhaleClient as W, type CartItem as a, type Category as b, type CategoryTreeNode as c, type CheckoutSession as d, type CouponValidation as e, type Customer as f, type CustomerAnalytics as g, type LandingPageRenderData as h, type LandingSection as i, type ListResponse as j, type Location as k, type LoyaltyAccount as l, type LoyaltyReward as m, type LoyaltyTransaction as n, type OrderItem as o, type PixelConfig as p, type PricingTier as q, type Product as r, type ProductVariation as s, type QRLandingPage as t, type QRLandingStore as u, type Review as v, type ReviewSummary as w, type ShippingMethod as x, type ShippingRate as y, type StorefrontConfig as z };
+export { type Address as A, type StorefrontSession as B, type Cart as C, type DealValidation as D, type EventType as E, type WhaleStorefrontConfig as F, type WishlistItem as G, type ReferralStatus as H, type ReferralEnrollment as I, type LandingPageConfig as L, type Order as O, type PaymentData as P, type QRLandingData as Q, type Recommendation as R, type SendCodeResponse as S, type TaxBreakdown as T, type VerifyCodeResponse as V, WhaleClient as W, type CartItem as a, type Category as b, type CategoryTreeNode as c, type CheckoutSession as d, type CouponValidation as e, type Customer as f, type CustomerAnalytics as g, type LandingPageRenderData as h, type LandingSection as i, type ListResponse as j, type Location as k, type LoyaltyAccount as l, type LoyaltyReward as m, type LoyaltyTransaction as n, type OrderItem as o, type PixelConfig as p, type PricingTier as q, type Product as r, type ProductVariation as s, type QRLandingPage as t, type QRLandingStore as u, type Review as v, type ReviewSummary as w, type ShippingMethod as x, type ShippingRate as y, type StorefrontConfig as z };

package/dist/index.cjs

@@ -1,21 +1,21 @@
 'use strict';
 
-var chunkBTGOSNMP_cjs = require('./chunk-BTGOSNMP.cjs');
-var chunk3VKRKDPL_cjs = require('./chunk-3VKRKDPL.cjs');
+var chunk7KXJLHGA_cjs = require('./chunk-7KXJLHGA.cjs');
+var chunkVAA2KKCH_cjs = require('./chunk-VAA2KKCH.cjs');
 
 
 
 Object.defineProperty(exports, "PixelManager", {
   enumerable: true,
-  get: function () { return chunkBTGOSNMP_cjs.PixelManager; }
+  get: function () { return chunk7KXJLHGA_cjs.PixelManager; }
 });
 Object.defineProperty(exports, "WhaleClient", {
   enumerable: true,
-  get: function () { return chunk3VKRKDPL_cjs.WhaleClient; }
+  get: function () { return chunkVAA2KKCH_cjs.WhaleClient; }
 });
 Object.defineProperty(exports, "resilientSend", {
   enumerable: true,
-  get: function () { return chunk3VKRKDPL_cjs.resilientSend; }
+  get: function () { return chunkVAA2KKCH_cjs.resilientSend; }
 });
 //# sourceMappingURL=index.cjs.map
 //# sourceMappingURL=index.cjs.map

package/dist/index.d.cts

@@ -1,5 +1,5 @@
-export { A as Address, C as Cart, a as CartItem, b as Category, c as CategoryTreeNode, d as CheckoutSession, e as CouponValidation, f as Customer, g as CustomerAnalytics, E as EventType, L as LandingPageConfig, h as LandingPageRenderData, i as LandingSection, j as ListResponse, k as Location, l as LoyaltyAccount, m as LoyaltyReward, n as LoyaltyTransaction, O as Order, o as OrderItem, P as PaymentData, p as PixelConfig, q as PricingTier, r as Product, s as ProductVariation, Q as QRLandingData, t as QRLandingPage, u as QRLandingStore, R as Recommendation, v as Review, w as ReviewSummary, S as SendCodeResponse, x as ShippingMethod, y as ShippingRate, z as StorefrontConfig, B as StorefrontSession, T as TaxBreakdown, V as VerifyCodeResponse, W as WhaleClient, D as WhaleStorefrontConfig, F as WishlistItem } from './client-Ca8Otk-R.cjs';
-export { P as PixelManager } from './pixel-manager-CIR16DXY.cjs';
+export { A as Address, C as Cart, a as CartItem, b as Category, c as CategoryTreeNode, d as CheckoutSession, e as CouponValidation, f as Customer, g as CustomerAnalytics, D as DealValidation, E as EventType, L as LandingPageConfig, h as LandingPageRenderData, i as LandingSection, j as ListResponse, k as Location, l as LoyaltyAccount, m as LoyaltyReward, n as LoyaltyTransaction, O as Order, o as OrderItem, P as PaymentData, p as PixelConfig, q as PricingTier, r as Product, s as ProductVariation, Q as QRLandingData, t as QRLandingPage, u as QRLandingStore, R as Recommendation, v as Review, w as ReviewSummary, S as SendCodeResponse, x as ShippingMethod, y as ShippingRate, z as StorefrontConfig, B as StorefrontSession, T as TaxBreakdown, V as VerifyCodeResponse, W as WhaleClient, F as WhaleStorefrontConfig, G as WishlistItem } from './client-BSO263Uv.cjs';
+export { P as PixelManager } from './pixel-manager-DJ9m2FaQ.cjs';
 
 /**
  * Resilient HTTP sender for analytics/event payloads.

package/dist/index.d.ts

@@ -1,5 +1,5 @@
-export { A as Address, C as Cart, a as CartItem, b as Category, c as CategoryTreeNode, d as CheckoutSession, e as CouponValidation, f as Customer, g as CustomerAnalytics, E as EventType, L as LandingPageConfig, h as LandingPageRenderData, i as LandingSection, j as ListResponse, k as Location, l as LoyaltyAccount, m as LoyaltyReward, n as LoyaltyTransaction, O as Order, o as OrderItem, P as PaymentData, p as PixelConfig, q as PricingTier, r as Product, s as ProductVariation, Q as QRLandingData, t as QRLandingPage, u as QRLandingStore, R as Recommendation, v as Review, w as ReviewSummary, S as SendCodeResponse, x as ShippingMethod, y as ShippingRate, z as StorefrontConfig, B as StorefrontSession, T as TaxBreakdown, V as VerifyCodeResponse, W as WhaleClient, D as WhaleStorefrontConfig, F as WishlistItem } from './client-Ca8Otk-R.js';
-export { P as PixelManager } from './pixel-manager-CIZKghfx.js';
+export { A as Address, C as Cart, a as CartItem, b as Category, c as CategoryTreeNode, d as CheckoutSession, e as CouponValidation, f as Customer, g as CustomerAnalytics, D as DealValidation, E as EventType, L as LandingPageConfig, h as LandingPageRenderData, i as LandingSection, j as ListResponse, k as Location, l as LoyaltyAccount, m as LoyaltyReward, n as LoyaltyTransaction, O as Order, o as OrderItem, P as PaymentData, p as PixelConfig, q as PricingTier, r as Product, s as ProductVariation, Q as QRLandingData, t as QRLandingPage, u as QRLandingStore, R as Recommendation, v as Review, w as ReviewSummary, S as SendCodeResponse, x as ShippingMethod, y as ShippingRate, z as StorefrontConfig, B as StorefrontSession, T as TaxBreakdown, V as VerifyCodeResponse, W as WhaleClient, F as WhaleStorefrontConfig, G as WishlistItem } from './client-BSO263Uv.js';
+export { P as PixelManager } from './pixel-manager-BcL95odX.js';
 
 /**
  * Resilient HTTP sender for analytics/event payloads.

package/dist/index.js

@@ -1,4 +1,4 @@
-export { PixelManager } from './chunk-NLH3W6JA.js';
-export { WhaleClient, resilientSend } from './chunk-M2MR6C55.js';
+export { PixelManager } from './chunk-PXS2DPVL.js';
+export { WhaleClient, resilientSend } from './chunk-3Q7CPJBA.js';
 //# sourceMappingURL=index.js.map
 //# sourceMappingURL=index.js.map

package/dist/next/index.cjs

@@ -1,6 +1,6 @@
 'use strict';
 
-var chunk3VKRKDPL_cjs = require('../chunk-3VKRKDPL.cjs');
+var chunkVAA2KKCH_cjs = require('../chunk-VAA2KKCH.cjs');
 var server = require('next/server');
 
 // src/next/headers.ts
@@ -54,7 +54,7 @@ function whaleGatewayRewrite(gatewayUrl = "https://whale-gateway.fly.dev", proxy
 
 // src/next/server.ts
 function createServerClient(config) {
-  return new chunk3VKRKDPL_cjs.WhaleClient({
+  return new chunkVAA2KKCH_cjs.WhaleClient({
     storeId: config?.storeId || process.env.NEXT_PUBLIC_STORE_ID || process.env.NEXT_PUBLIC_WHALE_STORE_ID || "",
     apiKey: config?.apiKey || process.env.NEXT_PUBLIC_API_KEY || process.env.NEXT_PUBLIC_WHALE_API_KEY || "",
     gatewayUrl: config?.gatewayUrl || process.env.NEXT_PUBLIC_API_URL || process.env.NEXT_PUBLIC_WHALE_GATEWAY_URL || "https://whale-gateway.fly.dev",
@@ -80,14 +80,15 @@ function snapWidth(w) {
 }
 function createImageLoader(config) {
   return ({ src, width, quality }) => {
-    if (!src.includes(config.supabaseHost)) {
-      return src;
+    const cleanSrc = src.replace(/[?&]_r=\d+/, "");
+    if (!cleanSrc.includes(config.supabaseHost)) {
+      return cleanSrc;
     }
     const w = String(snapWidth(width));
     const q = String(quality || 80);
     const f = "webp";
-    const encoded = chunk3VKRKDPL_cjs.WhaleClient.encodeBase64Url(src);
-    const s = chunk3VKRKDPL_cjs.WhaleClient.signMedia(config.signingSecret, encoded, w, q, f);
+    const encoded = chunkVAA2KKCH_cjs.WhaleClient.encodeBase64Url(cleanSrc);
+    const s = chunkVAA2KKCH_cjs.WhaleClient.signMedia(config.signingSecret, encoded, w, q, f);
     return `${config.gatewayUrl}/v1/stores/${config.storeId}/media?url=${encoded}&w=${w}&q=${q}&f=${f}&s=${s}`;
   };
 }

package/dist/next/index.cjs.map

@@ -1 +1 @@
-{"version":3,"sources":["../../src/next/headers.ts","../../src/next/rewrite.ts","../../src/next/server.ts","../../src/next/image-loader.ts","../../src/next/middleware.ts"],"names":["WhaleClient","NextResponse"],"mappings":";;;;;;AAIO,IAAM,eAAA,GAAkB;AAAA,EAC7B;AAAA,IACE,GAAA,EAAK,wBAAA;AAAA,IACL,KAAA,EAAO;AAAA,GACT;AAAA,EACA;AAAA,IACE,GAAA,EAAK,2BAAA;AAAA,IACL,KAAA,EAAO;AAAA,GACT;AAAA,EACA;AAAA,IACE,GAAA,EAAK,wBAAA;AAAA,IACL,KAAA,EAAO;AAAA,GACT;AAAA,EACA;AAAA,IACE,GAAA,EAAK,iBAAA;AAAA,IACL,KAAA,EAAO;AAAA,GACT;AAAA,EACA;AAAA,IACE,GAAA,EAAK,kBAAA;AAAA,IACL,KAAA,EAAO;AAAA,GACT;AAAA,EACA;AAAA,IACE,GAAA,EAAK,iBAAA;AAAA,IACL,KAAA,EAAO;AAAA,GACT;AAAA,EACA;AAAA,IACE,GAAA,EAAK,oBAAA;AAAA,IACL,KAAA,EAAO;AAAA;AAEX;AAWO,SAAS,oBACd,KAAA,EACgF;AAChF,EAAA,MAAM,aAAa,KAAA,GAAQ,CAAC,GAAG,eAAA,EAAiB,GAAG,KAAK,CAAA,GAAI,eAAA;AAC5D,EAAA,OAAO,YAAY;AAAA,IACjB;AAAA,MACE,MAAA,EAAQ,SAAA;AAAA,MACR,OAAA,EAAS;AAAA;AACX,GACF;AACF;;;ACxCO,SAAS,mBAAA,CACd,UAAA,GAAa,+BAAA,EACb,SAAA,GAAY,SAAA,EAC6B;AACzC,EAAA,OAAO;AAAA,IACL,MAAA,EAAQ,GAAG,SAAS,CAAA,OAAA,CAAA;AAAA,IACpB,WAAA,EAAa,GAAG,UAAU,CAAA,OAAA;AAAA,GAC5B;AACF;;;ACfO,SAAS,mBAAmB,MAAA,EAAsD;AACvF,EAAA,OAAO,IAAIA,6BAAA,CAAY;AAAA,IACrB,OAAA,EAAS,QAAQ,OAAA,IAAW,OAAA,CAAQ,IAAI,oBAAA,IAAwB,OAAA,CAAQ,IAAI,0BAAA,IAA8B,EAAA;AAAA,IAC1G,MAAA,EAAQ,QAAQ,MAAA,IAAU,OAAA,CAAQ,IAAI,mBAAA,IAAuB,OAAA,CAAQ,IAAI,yBAAA,IAA6B,EAAA;AAAA,IACtG,UAAA,EAAY,QAAQ,UAAA,IAAc,OAAA,CAAQ,IAAI,mBAAA,IAAuB,OAAA,CAAQ,IAAI,6BAAA,IAAiC,+BAAA;AAAA,IAClH,WAAW,MAAA,EAAQ;AAAA,GACpB,CAAA;AACH;AAMA,eAAsB,eAAe,OAAA,EAOd;AACrB,EAAA,MAAM,MAAA,GAAS,OAAA,EAAS,MAAA,IAAU,kBAAA,EAAmB;AACrD,EAAA,OAAO,OAAO,cAAA,CAAe;AAAA,IAC3B,MAAA,EAAQ,WAAA;AAAA,IACR,UAAA,EAAY,SAAS,UAAA,IAAc,EAAA;AAAA,IACnC,QAAQ,OAAA,EAAS;AAAA,GAClB,CAAA;AACH;;;AChCA,IAAM,cAAA,GAAiB,CAAC,EAAA,EAAI,EAAA,EAAI,GAAA,EAAK,GAAA,EAAK,GAAA,EAAK,GAAA,EAAK,GAAA,EAAK,IAAA,EAAM,IAAA,EAAM,IAAI,CAAA;AAEzE,SAAS,UAAU,CAAA,EAAmB;AACpC,EAAA,KAAA,MAAW,MAAM,cAAA,EAAgB;AAC/B,IAAA,IAAI,EAAA,IAAM,GAAG,OAAO,EAAA;AAAA,EACtB;AACA,EAAA,OAAO,cAAA,CAAe,cAAA,CAAe,MAAA,GAAS,CAAC,CAAA;AACjD;AAsBO,SAAS,kBAAkB,MAAA,EAKQ;AACxC,EAAA,OAAO,CAAC,EAAE,GAAA,EAAK,KAAA,EAAO,SAAQ,KAAiC;AAC7D,IAAA,IAAI,CAAC,GAAA,CAAI,QAAA,CAAS,MAAA,CAAO,YAAY,CAAA,EAAG;AACtC,MAAA,OAAO,GAAA;AAAA,IACT;AAEA,IAAA,MAAM,CAAA,GAAI,MAAA,CAAO,SAAA,CAAU,KAAK,CAAC,CAAA;AACjC,IAAA,MAAM,CAAA,GAAI,MAAA,CAAO,OAAA,IAAW,EAAE,CAAA;AAC9B,IAAA,MAAM,CAAA,GAAI,MAAA;AACV,IAAA,MAAM,OAAA,GAAUA,6BAAA,CAAY,eAAA,CAAgB,GAAG,CAAA;AAC/C,IAAA,MAAM,CAAA,GAAIA,8BAAY,SAAA,CAAU,MAAA,CAAO,eAAe,OAAA,EAAS,CAAA,EAAG,GAAG,CAAC,CAAA;AAEtE,IAAA,OAAO,CAAA,EAAG,MAAA,CAAO,UAAU,CAAA,WAAA,EAAc,OAAO,OAAO,CAAA,WAAA,EAAc,OAAO,CAAA,GAAA,EAAM,CAAC,CAAA,GAAA,EAAM,CAAC,CAAA,GAAA,EAAM,CAAC,MAAM,CAAC,CAAA,CAAA;AAAA,EAC1G,CAAA;AACF;AC9BO,SAAS,qBAAqB,OAAA,EAIlC;AACD,EAAA,MAAM,EAAE,cAAA,EAAgB,SAAA,EAAW,UAAA,GAAa,iBAAgB,GAAI,OAAA;AAEpE,EAAA,OAAO,SAAS,WAAW,OAAA,EAAsB;AAC/C,IAAA,MAAM,EAAE,QAAA,EAAS,GAAI,OAAA,CAAQ,OAAA;AAG7B,IAAA,IAAI,aAAa,SAAA,IAAa,QAAA,CAAS,WAAW,CAAA,EAAG,SAAS,GAAG,CAAA,EAAG;AAClE,MAAA,OAAOC,oBAAa,IAAA,EAAK;AAAA,IAC3B;AAGA,IAAA,MAAM,cAAc,cAAA,CAAe,IAAA;AAAA,MACjC,CAAC,MAAM,QAAA,KAAa,CAAA,IAAK,SAAS,UAAA,CAAW,CAAA,EAAG,CAAC,CAAA,CAAA,CAAG;AAAA,KACtD;AAEA,IAAA,IAAI,CAAC,WAAA,EAAa;AAChB,MAAA,OAAOA,oBAAa,IAAA,EAAK;AAAA,IAC3B;AAGA,IAAA,MAAM,KAAA,GAAQ,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,UAAU,CAAA,EAAG,KAAA;AAE/C,IAAA,IAAI,CAAC,KAAA,EAAO;AACV,MAAA,MAAM,GAAA,GAAM,OAAA,CAAQ,OAAA,CAAQ,KAAA,EAAM;AAClC,MAAA,GAAA,CAAI,QAAA,GAAW,SAAA;AACf,MAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,UAAA,EAAY,QAAQ,CAAA;AACzC,MAAA,OAAOA,mBAAA,CAAa,SAAS,GAAG,CAAA;AAAA,IAClC;AAEA,IAAA,OAAOA,oBAAa,IAAA,EAAK;AAAA,EAC3B,CAAA;AACF","file":"index.cjs","sourcesContent":["/**\n * Security headers for Next.js storefronts.\n */\n\nexport const securityHeaders = [\n  {\n    key: 'X-DNS-Prefetch-Control',\n    value: 'on',\n  },\n  {\n    key: 'Strict-Transport-Security',\n    value: 'max-age=63072000; includeSubDomains; preload',\n  },\n  {\n    key: 'X-Content-Type-Options',\n    value: 'nosniff',\n  },\n  {\n    key: 'X-Frame-Options',\n    value: 'SAMEORIGIN',\n  },\n  {\n    key: 'X-XSS-Protection',\n    value: '1; mode=block',\n  },\n  {\n    key: 'Referrer-Policy',\n    value: 'strict-origin-when-cross-origin',\n  },\n  {\n    key: 'Permissions-Policy',\n    value: 'camera=(), microphone=(), geolocation=(self), interest-cohort=()',\n  },\n]\n\n/**\n * Returns a Next.js `headers()` config with security headers applied to all routes.\n * Use in next.config.ts:\n *\n * ```ts\n * import { withSecurityHeaders } from '@neowhale/storefront/next'\n * export default { headers: withSecurityHeaders() }\n * ```\n */\nexport function withSecurityHeaders(\n  extra?: { key: string; value: string }[]\n): () => Promise<{ source: string; headers: { key: string; value: string }[] }[]> {\n  const allHeaders = extra ? [...securityHeaders, ...extra] : securityHeaders\n  return async () => [\n    {\n      source: '/:path*',\n      headers: allHeaders,\n    },\n  ]\n}\n","/**\n * Gateway rewrite rule for Next.js.\n * Proxies client-side /api/gw/* requests to whale-gateway to avoid CORS.\n *\n * Usage in next.config.ts:\n * ```ts\n * import { whaleGatewayRewrite } from '@neowhale/storefront/next'\n * export default {\n *   async rewrites() {\n *     return [whaleGatewayRewrite()]\n *   }\n * }\n * ```\n */\nexport function whaleGatewayRewrite(\n  gatewayUrl = 'https://whale-gateway.fly.dev',\n  proxyPath = '/api/gw'\n): { source: string; destination: string } {\n  return {\n    source: `${proxyPath}/:path*`,\n    destination: `${gatewayUrl}/:path*`,\n  }\n}\n","import { WhaleClient } from '../client.js'\nimport type { Product, WhaleStorefrontConfig } from '../types.js'\n\n/**\n * Creates a server-side WhaleClient.\n * Reads from env vars by default — override with explicit config.\n */\nexport function createServerClient(config?: Partial<WhaleStorefrontConfig>): WhaleClient {\n  return new WhaleClient({\n    storeId: config?.storeId || process.env.NEXT_PUBLIC_STORE_ID || process.env.NEXT_PUBLIC_WHALE_STORE_ID || '',\n    apiKey: config?.apiKey || process.env.NEXT_PUBLIC_API_KEY || process.env.NEXT_PUBLIC_WHALE_API_KEY || '',\n    gatewayUrl: config?.gatewayUrl || process.env.NEXT_PUBLIC_API_URL || process.env.NEXT_PUBLIC_WHALE_GATEWAY_URL || 'https://whale-gateway.fly.dev',\n    proxyPath: config?.proxyPath,\n  })\n}\n\n/**\n * Server-side: fetch all published products with ISR caching.\n * Drop-in replacement for Flora's `getAllProducts()`.\n */\nexport async function getAllProducts(options?: {\n  /** Revalidate interval in seconds. Defaults to 60. */\n  revalidate?: number\n  /** Filter function to exclude products (e.g. hidden categories, out of stock) */\n  filter?: (product: Product) => boolean\n  /** Override client config */\n  client?: WhaleClient\n}): Promise<Product[]> {\n  const client = options?.client ?? createServerClient()\n  return client.getAllProducts({\n    status: 'published',\n    revalidate: options?.revalidate ?? 60,\n    filter: options?.filter,\n  })\n}\n","import { WhaleClient } from '../client.js'\n\nconst ALLOWED_WIDTHS = [64, 96, 128, 256, 384, 640, 828, 1080, 1280, 1920]\n\nfunction snapWidth(w: number): number {\n  for (const aw of ALLOWED_WIDTHS) {\n    if (aw >= w) return aw\n  }\n  return ALLOWED_WIDTHS[ALLOWED_WIDTHS.length - 1]\n}\n\ninterface ImageLoaderParams {\n  src: string\n  width: number\n  quality?: number\n}\n\n/**\n * Creates a Next.js custom image loader that proxies Supabase images through gateway.\n *\n * Usage in a loader file (e.g. src/lib/image-loader.ts):\n * ```ts\n * import { createImageLoader } from '@neowhale/storefront/next'\n * export default createImageLoader({\n *   storeId: process.env.NEXT_PUBLIC_STORE_ID!,\n *   gatewayUrl: 'https://whale-gateway.fly.dev',\n *   supabaseHost: 'your-project.supabase.co',\n *   signingSecret: process.env.NEXT_PUBLIC_MEDIA_SIGNING_SECRET!,\n * })\n * ```\n */\nexport function createImageLoader(config: {\n  storeId: string\n  gatewayUrl: string\n  supabaseHost: string\n  signingSecret: string\n}): (params: ImageLoaderParams) => string {\n  return ({ src, width, quality }: ImageLoaderParams): string => {\n    if (!src.includes(config.supabaseHost)) {\n      return src\n    }\n\n    const w = String(snapWidth(width))\n    const q = String(quality || 80)\n    const f = 'webp'\n    const encoded = WhaleClient.encodeBase64Url(src)\n    const s = WhaleClient.signMedia(config.signingSecret, encoded, w, q, f)\n\n    return `${config.gatewayUrl}/v1/stores/${config.storeId}/media?url=${encoded}&w=${w}&q=${q}&f=${f}&s=${s}`\n  }\n}\n","import type { NextRequest } from 'next/server'\nimport { NextResponse } from 'next/server'\n\n/**\n * Creates a Next.js middleware that protects routes requiring authentication.\n *\n * Checks for a session token cookie or localStorage indicator.\n * Since middleware runs on the edge and can't access localStorage,\n * this checks for a cookie-based token instead.\n *\n * Usage in middleware.ts:\n * ```ts\n * import { createAuthMiddleware } from '@neowhale/storefront/next'\n * export const middleware = createAuthMiddleware({\n *   protectedPaths: ['/account'],\n *   loginPath: '/account',\n * })\n * export const config = { matcher: ['/account/:path*'] }\n * ```\n */\nexport function createAuthMiddleware(options: {\n  protectedPaths: string[]\n  loginPath: string\n  cookieName?: string\n}) {\n  const { protectedPaths, loginPath, cookieName = 'whale-session' } = options\n\n  return function middleware(request: NextRequest) {\n    const { pathname } = request.nextUrl\n\n    // Never gate the login path itself — prevents redirect loops\n    if (pathname === loginPath || pathname.startsWith(`${loginPath}/`)) {\n      return NextResponse.next()\n    }\n\n    // Check if this is a protected path\n    const isProtected = protectedPaths.some(\n      (p) => pathname === p || pathname.startsWith(`${p}/`)\n    )\n\n    if (!isProtected) {\n      return NextResponse.next()\n    }\n\n    // Check for session cookie\n    const token = request.cookies.get(cookieName)?.value\n\n    if (!token) {\n      const url = request.nextUrl.clone()\n      url.pathname = loginPath\n      url.searchParams.set('redirect', pathname)\n      return NextResponse.redirect(url)\n    }\n\n    return NextResponse.next()\n  }\n}\n"]}
+{"version":3,"sources":["../../src/next/headers.ts","../../src/next/rewrite.ts","../../src/next/server.ts","../../src/next/image-loader.ts","../../src/next/middleware.ts"],"names":["WhaleClient","NextResponse"],"mappings":";;;;;;AAIO,IAAM,eAAA,GAAkB;AAAA,EAC7B;AAAA,IACE,GAAA,EAAK,wBAAA;AAAA,IACL,KAAA,EAAO;AAAA,GACT;AAAA,EACA;AAAA,IACE,GAAA,EAAK,2BAAA;AAAA,IACL,KAAA,EAAO;AAAA,GACT;AAAA,EACA;AAAA,IACE,GAAA,EAAK,wBAAA;AAAA,IACL,KAAA,EAAO;AAAA,GACT;AAAA,EACA;AAAA,IACE,GAAA,EAAK,iBAAA;AAAA,IACL,KAAA,EAAO;AAAA,GACT;AAAA,EACA;AAAA,IACE,GAAA,EAAK,kBAAA;AAAA,IACL,KAAA,EAAO;AAAA,GACT;AAAA,EACA;AAAA,IACE,GAAA,EAAK,iBAAA;AAAA,IACL,KAAA,EAAO;AAAA,GACT;AAAA,EACA;AAAA,IACE,GAAA,EAAK,oBAAA;AAAA,IACL,KAAA,EAAO;AAAA;AAEX;AAWO,SAAS,oBACd,KAAA,EACgF;AAChF,EAAA,MAAM,aAAa,KAAA,GAAQ,CAAC,GAAG,eAAA,EAAiB,GAAG,KAAK,CAAA,GAAI,eAAA;AAC5D,EAAA,OAAO,YAAY;AAAA,IACjB;AAAA,MACE,MAAA,EAAQ,SAAA;AAAA,MACR,OAAA,EAAS;AAAA;AACX,GACF;AACF;;;ACxCO,SAAS,mBAAA,CACd,UAAA,GAAa,+BAAA,EACb,SAAA,GAAY,SAAA,EAC6B;AACzC,EAAA,OAAO;AAAA,IACL,MAAA,EAAQ,GAAG,SAAS,CAAA,OAAA,CAAA;AAAA,IACpB,WAAA,EAAa,GAAG,UAAU,CAAA,OAAA;AAAA,GAC5B;AACF;;;ACfO,SAAS,mBAAmB,MAAA,EAAsD;AACvF,EAAA,OAAO,IAAIA,6BAAA,CAAY;AAAA,IACrB,OAAA,EAAS,QAAQ,OAAA,IAAW,OAAA,CAAQ,IAAI,oBAAA,IAAwB,OAAA,CAAQ,IAAI,0BAAA,IAA8B,EAAA;AAAA,IAC1G,MAAA,EAAQ,QAAQ,MAAA,IAAU,OAAA,CAAQ,IAAI,mBAAA,IAAuB,OAAA,CAAQ,IAAI,yBAAA,IAA6B,EAAA;AAAA,IACtG,UAAA,EAAY,QAAQ,UAAA,IAAc,OAAA,CAAQ,IAAI,mBAAA,IAAuB,OAAA,CAAQ,IAAI,6BAAA,IAAiC,+BAAA;AAAA,IAClH,WAAW,MAAA,EAAQ;AAAA,GACpB,CAAA;AACH;AAMA,eAAsB,eAAe,OAAA,EAOd;AACrB,EAAA,MAAM,MAAA,GAAS,OAAA,EAAS,MAAA,IAAU,kBAAA,EAAmB;AACrD,EAAA,OAAO,OAAO,cAAA,CAAe;AAAA,IAC3B,MAAA,EAAQ,WAAA;AAAA,IACR,UAAA,EAAY,SAAS,UAAA,IAAc,EAAA;AAAA,IACnC,QAAQ,OAAA,EAAS;AAAA,GAClB,CAAA;AACH;;;AChCA,IAAM,cAAA,GAAiB,CAAC,EAAA,EAAI,EAAA,EAAI,GAAA,EAAK,GAAA,EAAK,GAAA,EAAK,GAAA,EAAK,GAAA,EAAK,IAAA,EAAM,IAAA,EAAM,IAAI,CAAA;AAEzE,SAAS,UAAU,CAAA,EAAmB;AACpC,EAAA,KAAA,MAAW,MAAM,cAAA,EAAgB;AAC/B,IAAA,IAAI,EAAA,IAAM,GAAG,OAAO,EAAA;AAAA,EACtB;AACA,EAAA,OAAO,cAAA,CAAe,cAAA,CAAe,MAAA,GAAS,CAAC,CAAA;AACjD;AAsBO,SAAS,kBAAkB,MAAA,EAKQ;AACxC,EAAA,OAAO,CAAC,EAAE,GAAA,EAAK,KAAA,EAAO,SAAQ,KAAiC;AAE7D,IAAA,MAAM,QAAA,GAAW,GAAA,CAAI,OAAA,CAAQ,YAAA,EAAc,EAAE,CAAA;AAE7C,IAAA,IAAI,CAAC,QAAA,CAAS,QAAA,CAAS,MAAA,CAAO,YAAY,CAAA,EAAG;AAC3C,MAAA,OAAO,QAAA;AAAA,IACT;AAEA,IAAA,MAAM,CAAA,GAAI,MAAA,CAAO,SAAA,CAAU,KAAK,CAAC,CAAA;AACjC,IAAA,MAAM,CAAA,GAAI,MAAA,CAAO,OAAA,IAAW,EAAE,CAAA;AAC9B,IAAA,MAAM,CAAA,GAAI,MAAA;AACV,IAAA,MAAM,OAAA,GAAUA,6BAAA,CAAY,eAAA,CAAgB,QAAQ,CAAA;AACpD,IAAA,MAAM,CAAA,GAAIA,8BAAY,SAAA,CAAU,MAAA,CAAO,eAAe,OAAA,EAAS,CAAA,EAAG,GAAG,CAAC,CAAA;AAEtE,IAAA,OAAO,CAAA,EAAG,MAAA,CAAO,UAAU,CAAA,WAAA,EAAc,OAAO,OAAO,CAAA,WAAA,EAAc,OAAO,CAAA,GAAA,EAAM,CAAC,CAAA,GAAA,EAAM,CAAC,CAAA,GAAA,EAAM,CAAC,MAAM,CAAC,CAAA,CAAA;AAAA,EAC1G,CAAA;AACF;ACjCO,SAAS,qBAAqB,OAAA,EAIlC;AACD,EAAA,MAAM,EAAE,cAAA,EAAgB,SAAA,EAAW,UAAA,GAAa,iBAAgB,GAAI,OAAA;AAEpE,EAAA,OAAO,SAAS,WAAW,OAAA,EAAsB;AAC/C,IAAA,MAAM,EAAE,QAAA,EAAS,GAAI,OAAA,CAAQ,OAAA;AAG7B,IAAA,IAAI,aAAa,SAAA,IAAa,QAAA,CAAS,WAAW,CAAA,EAAG,SAAS,GAAG,CAAA,EAAG;AAClE,MAAA,OAAOC,oBAAa,IAAA,EAAK;AAAA,IAC3B;AAGA,IAAA,MAAM,cAAc,cAAA,CAAe,IAAA;AAAA,MACjC,CAAC,MAAM,QAAA,KAAa,CAAA,IAAK,SAAS,UAAA,CAAW,CAAA,EAAG,CAAC,CAAA,CAAA,CAAG;AAAA,KACtD;AAEA,IAAA,IAAI,CAAC,WAAA,EAAa;AAChB,MAAA,OAAOA,oBAAa,IAAA,EAAK;AAAA,IAC3B;AAGA,IAAA,MAAM,KAAA,GAAQ,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,UAAU,CAAA,EAAG,KAAA;AAE/C,IAAA,IAAI,CAAC,KAAA,EAAO;AACV,MAAA,MAAM,GAAA,GAAM,OAAA,CAAQ,OAAA,CAAQ,KAAA,EAAM;AAClC,MAAA,GAAA,CAAI,QAAA,GAAW,SAAA;AACf,MAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,UAAA,EAAY,QAAQ,CAAA;AACzC,MAAA,OAAOA,mBAAA,CAAa,SAAS,GAAG,CAAA;AAAA,IAClC;AAEA,IAAA,OAAOA,oBAAa,IAAA,EAAK;AAAA,EAC3B,CAAA;AACF","file":"index.cjs","sourcesContent":["/**\n * Security headers for Next.js storefronts.\n */\n\nexport const securityHeaders = [\n  {\n    key: 'X-DNS-Prefetch-Control',\n    value: 'on',\n  },\n  {\n    key: 'Strict-Transport-Security',\n    value: 'max-age=63072000; includeSubDomains; preload',\n  },\n  {\n    key: 'X-Content-Type-Options',\n    value: 'nosniff',\n  },\n  {\n    key: 'X-Frame-Options',\n    value: 'SAMEORIGIN',\n  },\n  {\n    key: 'X-XSS-Protection',\n    value: '1; mode=block',\n  },\n  {\n    key: 'Referrer-Policy',\n    value: 'strict-origin-when-cross-origin',\n  },\n  {\n    key: 'Permissions-Policy',\n    value: 'camera=(), microphone=(), geolocation=(self), interest-cohort=()',\n  },\n]\n\n/**\n * Returns a Next.js `headers()` config with security headers applied to all routes.\n * Use in next.config.ts:\n *\n * ```ts\n * import { withSecurityHeaders } from '@neowhale/storefront/next'\n * export default { headers: withSecurityHeaders() }\n * ```\n */\nexport function withSecurityHeaders(\n  extra?: { key: string; value: string }[]\n): () => Promise<{ source: string; headers: { key: string; value: string }[] }[]> {\n  const allHeaders = extra ? [...securityHeaders, ...extra] : securityHeaders\n  return async () => [\n    {\n      source: '/:path*',\n      headers: allHeaders,\n    },\n  ]\n}\n","/**\n * Gateway rewrite rule for Next.js.\n * Proxies client-side /api/gw/* requests to whale-gateway to avoid CORS.\n *\n * Usage in next.config.ts:\n * ```ts\n * import { whaleGatewayRewrite } from '@neowhale/storefront/next'\n * export default {\n *   async rewrites() {\n *     return [whaleGatewayRewrite()]\n *   }\n * }\n * ```\n */\nexport function whaleGatewayRewrite(\n  gatewayUrl = 'https://whale-gateway.fly.dev',\n  proxyPath = '/api/gw'\n): { source: string; destination: string } {\n  return {\n    source: `${proxyPath}/:path*`,\n    destination: `${gatewayUrl}/:path*`,\n  }\n}\n","import { WhaleClient } from '../client.js'\nimport type { Product, WhaleStorefrontConfig } from '../types.js'\n\n/**\n * Creates a server-side WhaleClient.\n * Reads from env vars by default — override with explicit config.\n */\nexport function createServerClient(config?: Partial<WhaleStorefrontConfig>): WhaleClient {\n  return new WhaleClient({\n    storeId: config?.storeId || process.env.NEXT_PUBLIC_STORE_ID || process.env.NEXT_PUBLIC_WHALE_STORE_ID || '',\n    apiKey: config?.apiKey || process.env.NEXT_PUBLIC_API_KEY || process.env.NEXT_PUBLIC_WHALE_API_KEY || '',\n    gatewayUrl: config?.gatewayUrl || process.env.NEXT_PUBLIC_API_URL || process.env.NEXT_PUBLIC_WHALE_GATEWAY_URL || 'https://whale-gateway.fly.dev',\n    proxyPath: config?.proxyPath,\n  })\n}\n\n/**\n * Server-side: fetch all published products with ISR caching.\n * Drop-in replacement for Flora's `getAllProducts()`.\n */\nexport async function getAllProducts(options?: {\n  /** Revalidate interval in seconds. Defaults to 60. */\n  revalidate?: number\n  /** Filter function to exclude products (e.g. hidden categories, out of stock) */\n  filter?: (product: Product) => boolean\n  /** Override client config */\n  client?: WhaleClient\n}): Promise<Product[]> {\n  const client = options?.client ?? createServerClient()\n  return client.getAllProducts({\n    status: 'published',\n    revalidate: options?.revalidate ?? 60,\n    filter: options?.filter,\n  })\n}\n","import { WhaleClient } from '../client.js'\n\nconst ALLOWED_WIDTHS = [64, 96, 128, 256, 384, 640, 828, 1080, 1280, 1920]\n\nfunction snapWidth(w: number): number {\n  for (const aw of ALLOWED_WIDTHS) {\n    if (aw >= w) return aw\n  }\n  return ALLOWED_WIDTHS[ALLOWED_WIDTHS.length - 1]\n}\n\ninterface ImageLoaderParams {\n  src: string\n  width: number\n  quality?: number\n}\n\n/**\n * Creates a Next.js custom image loader that proxies Supabase images through gateway.\n *\n * Usage in a loader file (e.g. src/lib/image-loader.ts):\n * ```ts\n * import { createImageLoader } from '@neowhale/storefront/next'\n * export default createImageLoader({\n *   storeId: process.env.NEXT_PUBLIC_STORE_ID!,\n *   gatewayUrl: 'https://whale-gateway.fly.dev',\n *   supabaseHost: 'your-project.supabase.co',\n *   signingSecret: process.env.NEXT_PUBLIC_MEDIA_SIGNING_SECRET!,\n * })\n * ```\n */\nexport function createImageLoader(config: {\n  storeId: string\n  gatewayUrl: string\n  supabaseHost: string\n  signingSecret: string\n}): (params: ImageLoaderParams) => string {\n  return ({ src, width, quality }: ImageLoaderParams): string => {\n    // Strip retry cache-bust params (_r=N) so retries hit the same gateway cache key\n    const cleanSrc = src.replace(/[?&]_r=\\d+/, '')\n\n    if (!cleanSrc.includes(config.supabaseHost)) {\n      return cleanSrc\n    }\n\n    const w = String(snapWidth(width))\n    const q = String(quality || 80)\n    const f = 'webp'\n    const encoded = WhaleClient.encodeBase64Url(cleanSrc)\n    const s = WhaleClient.signMedia(config.signingSecret, encoded, w, q, f)\n\n    return `${config.gatewayUrl}/v1/stores/${config.storeId}/media?url=${encoded}&w=${w}&q=${q}&f=${f}&s=${s}`\n  }\n}\n","import type { NextRequest } from 'next/server'\nimport { NextResponse } from 'next/server'\n\n/**\n * Creates a Next.js middleware that protects routes requiring authentication.\n *\n * Checks for a session token cookie or localStorage indicator.\n * Since middleware runs on the edge and can't access localStorage,\n * this checks for a cookie-based token instead.\n *\n * Usage in middleware.ts:\n * ```ts\n * import { createAuthMiddleware } from '@neowhale/storefront/next'\n * export const middleware = createAuthMiddleware({\n *   protectedPaths: ['/account'],\n *   loginPath: '/account',\n * })\n * export const config = { matcher: ['/account/:path*'] }\n * ```\n */\nexport function createAuthMiddleware(options: {\n  protectedPaths: string[]\n  loginPath: string\n  cookieName?: string\n}) {\n  const { protectedPaths, loginPath, cookieName = 'whale-session' } = options\n\n  return function middleware(request: NextRequest) {\n    const { pathname } = request.nextUrl\n\n    // Never gate the login path itself — prevents redirect loops\n    if (pathname === loginPath || pathname.startsWith(`${loginPath}/`)) {\n      return NextResponse.next()\n    }\n\n    // Check if this is a protected path\n    const isProtected = protectedPaths.some(\n      (p) => pathname === p || pathname.startsWith(`${p}/`)\n    )\n\n    if (!isProtected) {\n      return NextResponse.next()\n    }\n\n    // Check for session cookie\n    const token = request.cookies.get(cookieName)?.value\n\n    if (!token) {\n      const url = request.nextUrl.clone()\n      url.pathname = loginPath\n      url.searchParams.set('redirect', pathname)\n      return NextResponse.redirect(url)\n    }\n\n    return NextResponse.next()\n  }\n}\n"]}

package/dist/next/index.d.cts

@@ -1,4 +1,4 @@
-import { D as WhaleStorefrontConfig, W as WhaleClient, r as Product } from '../client-Ca8Otk-R.cjs';
+import { F as WhaleStorefrontConfig, W as WhaleClient, r as Product } from '../client-BSO263Uv.cjs';
 import { NextRequest, NextResponse } from 'next/server';
 
 /**

package/dist/next/index.d.ts

@@ -1,4 +1,4 @@
-import { D as WhaleStorefrontConfig, W as WhaleClient, r as Product } from '../client-Ca8Otk-R.js';
+import { F as WhaleStorefrontConfig, W as WhaleClient, r as Product } from '../client-BSO263Uv.js';
 import { NextRequest, NextResponse } from 'next/server';
 
 /**

package/dist/next/index.js

@@ -1,4 +1,4 @@
-import { WhaleClient } from '../chunk-M2MR6C55.js';
+import { WhaleClient } from '../chunk-3Q7CPJBA.js';
 import { NextResponse } from 'next/server';
 
 // src/next/headers.ts
@@ -78,13 +78,14 @@ function snapWidth(w) {
 }
 function createImageLoader(config) {
   return ({ src, width, quality }) => {
-    if (!src.includes(config.supabaseHost)) {
-      return src;
+    const cleanSrc = src.replace(/[?&]_r=\d+/, "");
+    if (!cleanSrc.includes(config.supabaseHost)) {
+      return cleanSrc;
     }
     const w = String(snapWidth(width));
     const q = String(quality || 80);
     const f = "webp";
-    const encoded = WhaleClient.encodeBase64Url(src);
+    const encoded = WhaleClient.encodeBase64Url(cleanSrc);
     const s = WhaleClient.signMedia(config.signingSecret, encoded, w, q, f);
     return `${config.gatewayUrl}/v1/stores/${config.storeId}/media?url=${encoded}&w=${w}&q=${q}&f=${f}&s=${s}`;
   };

package/dist/next/index.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../src/next/headers.ts","../../src/next/rewrite.ts","../../src/next/server.ts","../../src/next/image-loader.ts","../../src/next/middleware.ts"],"names":[],"mappings":";;;;AAIO,IAAM,eAAA,GAAkB;AAAA,EAC7B;AAAA,IACE,GAAA,EAAK,wBAAA;AAAA,IACL,KAAA,EAAO;AAAA,GACT;AAAA,EACA;AAAA,IACE,GAAA,EAAK,2BAAA;AAAA,IACL,KAAA,EAAO;AAAA,GACT;AAAA,EACA;AAAA,IACE,GAAA,EAAK,wBAAA;AAAA,IACL,KAAA,EAAO;AAAA,GACT;AAAA,EACA;AAAA,IACE,GAAA,EAAK,iBAAA;AAAA,IACL,KAAA,EAAO;AAAA,GACT;AAAA,EACA;AAAA,IACE,GAAA,EAAK,kBAAA;AAAA,IACL,KAAA,EAAO;AAAA,GACT;AAAA,EACA;AAAA,IACE,GAAA,EAAK,iBAAA;AAAA,IACL,KAAA,EAAO;AAAA,GACT;AAAA,EACA;AAAA,IACE,GAAA,EAAK,oBAAA;AAAA,IACL,KAAA,EAAO;AAAA;AAEX;AAWO,SAAS,oBACd,KAAA,EACgF;AAChF,EAAA,MAAM,aAAa,KAAA,GAAQ,CAAC,GAAG,eAAA,EAAiB,GAAG,KAAK,CAAA,GAAI,eAAA;AAC5D,EAAA,OAAO,YAAY;AAAA,IACjB;AAAA,MACE,MAAA,EAAQ,SAAA;AAAA,MACR,OAAA,EAAS;AAAA;AACX,GACF;AACF;;;ACxCO,SAAS,mBAAA,CACd,UAAA,GAAa,+BAAA,EACb,SAAA,GAAY,SAAA,EAC6B;AACzC,EAAA,OAAO;AAAA,IACL,MAAA,EAAQ,GAAG,SAAS,CAAA,OAAA,CAAA;AAAA,IACpB,WAAA,EAAa,GAAG,UAAU,CAAA,OAAA;AAAA,GAC5B;AACF;;;ACfO,SAAS,mBAAmB,MAAA,EAAsD;AACvF,EAAA,OAAO,IAAI,WAAA,CAAY;AAAA,IACrB,OAAA,EAAS,QAAQ,OAAA,IAAW,OAAA,CAAQ,IAAI,oBAAA,IAAwB,OAAA,CAAQ,IAAI,0BAAA,IAA8B,EAAA;AAAA,IAC1G,MAAA,EAAQ,QAAQ,MAAA,IAAU,OAAA,CAAQ,IAAI,mBAAA,IAAuB,OAAA,CAAQ,IAAI,yBAAA,IAA6B,EAAA;AAAA,IACtG,UAAA,EAAY,QAAQ,UAAA,IAAc,OAAA,CAAQ,IAAI,mBAAA,IAAuB,OAAA,CAAQ,IAAI,6BAAA,IAAiC,+BAAA;AAAA,IAClH,WAAW,MAAA,EAAQ;AAAA,GACpB,CAAA;AACH;AAMA,eAAsB,eAAe,OAAA,EAOd;AACrB,EAAA,MAAM,MAAA,GAAS,OAAA,EAAS,MAAA,IAAU,kBAAA,EAAmB;AACrD,EAAA,OAAO,OAAO,cAAA,CAAe;AAAA,IAC3B,MAAA,EAAQ,WAAA;AAAA,IACR,UAAA,EAAY,SAAS,UAAA,IAAc,EAAA;AAAA,IACnC,QAAQ,OAAA,EAAS;AAAA,GAClB,CAAA;AACH;;;AChCA,IAAM,cAAA,GAAiB,CAAC,EAAA,EAAI,EAAA,EAAI,GAAA,EAAK,GAAA,EAAK,GAAA,EAAK,GAAA,EAAK,GAAA,EAAK,IAAA,EAAM,IAAA,EAAM,IAAI,CAAA;AAEzE,SAAS,UAAU,CAAA,EAAmB;AACpC,EAAA,KAAA,MAAW,MAAM,cAAA,EAAgB;AAC/B,IAAA,IAAI,EAAA,IAAM,GAAG,OAAO,EAAA;AAAA,EACtB;AACA,EAAA,OAAO,cAAA,CAAe,cAAA,CAAe,MAAA,GAAS,CAAC,CAAA;AACjD;AAsBO,SAAS,kBAAkB,MAAA,EAKQ;AACxC,EAAA,OAAO,CAAC,EAAE,GAAA,EAAK,KAAA,EAAO,SAAQ,KAAiC;AAC7D,IAAA,IAAI,CAAC,GAAA,CAAI,QAAA,CAAS,MAAA,CAAO,YAAY,CAAA,EAAG;AACtC,MAAA,OAAO,GAAA;AAAA,IACT;AAEA,IAAA,MAAM,CAAA,GAAI,MAAA,CAAO,SAAA,CAAU,KAAK,CAAC,CAAA;AACjC,IAAA,MAAM,CAAA,GAAI,MAAA,CAAO,OAAA,IAAW,EAAE,CAAA;AAC9B,IAAA,MAAM,CAAA,GAAI,MAAA;AACV,IAAA,MAAM,OAAA,GAAU,WAAA,CAAY,eAAA,CAAgB,GAAG,CAAA;AAC/C,IAAA,MAAM,CAAA,GAAI,YAAY,SAAA,CAAU,MAAA,CAAO,eAAe,OAAA,EAAS,CAAA,EAAG,GAAG,CAAC,CAAA;AAEtE,IAAA,OAAO,CAAA,EAAG,MAAA,CAAO,UAAU,CAAA,WAAA,EAAc,OAAO,OAAO,CAAA,WAAA,EAAc,OAAO,CAAA,GAAA,EAAM,CAAC,CAAA,GAAA,EAAM,CAAC,CAAA,GAAA,EAAM,CAAC,MAAM,CAAC,CAAA,CAAA;AAAA,EAC1G,CAAA;AACF;AC9BO,SAAS,qBAAqB,OAAA,EAIlC;AACD,EAAA,MAAM,EAAE,cAAA,EAAgB,SAAA,EAAW,UAAA,GAAa,iBAAgB,GAAI,OAAA;AAEpE,EAAA,OAAO,SAAS,WAAW,OAAA,EAAsB;AAC/C,IAAA,MAAM,EAAE,QAAA,EAAS,GAAI,OAAA,CAAQ,OAAA;AAG7B,IAAA,IAAI,aAAa,SAAA,IAAa,QAAA,CAAS,WAAW,CAAA,EAAG,SAAS,GAAG,CAAA,EAAG;AAClE,MAAA,OAAO,aAAa,IAAA,EAAK;AAAA,IAC3B;AAGA,IAAA,MAAM,cAAc,cAAA,CAAe,IAAA;AAAA,MACjC,CAAC,MAAM,QAAA,KAAa,CAAA,IAAK,SAAS,UAAA,CAAW,CAAA,EAAG,CAAC,CAAA,CAAA,CAAG;AAAA,KACtD;AAEA,IAAA,IAAI,CAAC,WAAA,EAAa;AAChB,MAAA,OAAO,aAAa,IAAA,EAAK;AAAA,IAC3B;AAGA,IAAA,MAAM,KAAA,GAAQ,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,UAAU,CAAA,EAAG,KAAA;AAE/C,IAAA,IAAI,CAAC,KAAA,EAAO;AACV,MAAA,MAAM,GAAA,GAAM,OAAA,CAAQ,OAAA,CAAQ,KAAA,EAAM;AAClC,MAAA,GAAA,CAAI,QAAA,GAAW,SAAA;AACf,MAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,UAAA,EAAY,QAAQ,CAAA;AACzC,MAAA,OAAO,YAAA,CAAa,SAAS,GAAG,CAAA;AAAA,IAClC;AAEA,IAAA,OAAO,aAAa,IAAA,EAAK;AAAA,EAC3B,CAAA;AACF","file":"index.js","sourcesContent":["/**\n * Security headers for Next.js storefronts.\n */\n\nexport const securityHeaders = [\n  {\n    key: 'X-DNS-Prefetch-Control',\n    value: 'on',\n  },\n  {\n    key: 'Strict-Transport-Security',\n    value: 'max-age=63072000; includeSubDomains; preload',\n  },\n  {\n    key: 'X-Content-Type-Options',\n    value: 'nosniff',\n  },\n  {\n    key: 'X-Frame-Options',\n    value: 'SAMEORIGIN',\n  },\n  {\n    key: 'X-XSS-Protection',\n    value: '1; mode=block',\n  },\n  {\n    key: 'Referrer-Policy',\n    value: 'strict-origin-when-cross-origin',\n  },\n  {\n    key: 'Permissions-Policy',\n    value: 'camera=(), microphone=(), geolocation=(self), interest-cohort=()',\n  },\n]\n\n/**\n * Returns a Next.js `headers()` config with security headers applied to all routes.\n * Use in next.config.ts:\n *\n * ```ts\n * import { withSecurityHeaders } from '@neowhale/storefront/next'\n * export default { headers: withSecurityHeaders() }\n * ```\n */\nexport function withSecurityHeaders(\n  extra?: { key: string; value: string }[]\n): () => Promise<{ source: string; headers: { key: string; value: string }[] }[]> {\n  const allHeaders = extra ? [...securityHeaders, ...extra] : securityHeaders\n  return async () => [\n    {\n      source: '/:path*',\n      headers: allHeaders,\n    },\n  ]\n}\n","/**\n * Gateway rewrite rule for Next.js.\n * Proxies client-side /api/gw/* requests to whale-gateway to avoid CORS.\n *\n * Usage in next.config.ts:\n * ```ts\n * import { whaleGatewayRewrite } from '@neowhale/storefront/next'\n * export default {\n *   async rewrites() {\n *     return [whaleGatewayRewrite()]\n *   }\n * }\n * ```\n */\nexport function whaleGatewayRewrite(\n  gatewayUrl = 'https://whale-gateway.fly.dev',\n  proxyPath = '/api/gw'\n): { source: string; destination: string } {\n  return {\n    source: `${proxyPath}/:path*`,\n    destination: `${gatewayUrl}/:path*`,\n  }\n}\n","import { WhaleClient } from '../client.js'\nimport type { Product, WhaleStorefrontConfig } from '../types.js'\n\n/**\n * Creates a server-side WhaleClient.\n * Reads from env vars by default — override with explicit config.\n */\nexport function createServerClient(config?: Partial<WhaleStorefrontConfig>): WhaleClient {\n  return new WhaleClient({\n    storeId: config?.storeId || process.env.NEXT_PUBLIC_STORE_ID || process.env.NEXT_PUBLIC_WHALE_STORE_ID || '',\n    apiKey: config?.apiKey || process.env.NEXT_PUBLIC_API_KEY || process.env.NEXT_PUBLIC_WHALE_API_KEY || '',\n    gatewayUrl: config?.gatewayUrl || process.env.NEXT_PUBLIC_API_URL || process.env.NEXT_PUBLIC_WHALE_GATEWAY_URL || 'https://whale-gateway.fly.dev',\n    proxyPath: config?.proxyPath,\n  })\n}\n\n/**\n * Server-side: fetch all published products with ISR caching.\n * Drop-in replacement for Flora's `getAllProducts()`.\n */\nexport async function getAllProducts(options?: {\n  /** Revalidate interval in seconds. Defaults to 60. */\n  revalidate?: number\n  /** Filter function to exclude products (e.g. hidden categories, out of stock) */\n  filter?: (product: Product) => boolean\n  /** Override client config */\n  client?: WhaleClient\n}): Promise<Product[]> {\n  const client = options?.client ?? createServerClient()\n  return client.getAllProducts({\n    status: 'published',\n    revalidate: options?.revalidate ?? 60,\n    filter: options?.filter,\n  })\n}\n","import { WhaleClient } from '../client.js'\n\nconst ALLOWED_WIDTHS = [64, 96, 128, 256, 384, 640, 828, 1080, 1280, 1920]\n\nfunction snapWidth(w: number): number {\n  for (const aw of ALLOWED_WIDTHS) {\n    if (aw >= w) return aw\n  }\n  return ALLOWED_WIDTHS[ALLOWED_WIDTHS.length - 1]\n}\n\ninterface ImageLoaderParams {\n  src: string\n  width: number\n  quality?: number\n}\n\n/**\n * Creates a Next.js custom image loader that proxies Supabase images through gateway.\n *\n * Usage in a loader file (e.g. src/lib/image-loader.ts):\n * ```ts\n * import { createImageLoader } from '@neowhale/storefront/next'\n * export default createImageLoader({\n *   storeId: process.env.NEXT_PUBLIC_STORE_ID!,\n *   gatewayUrl: 'https://whale-gateway.fly.dev',\n *   supabaseHost: 'your-project.supabase.co',\n *   signingSecret: process.env.NEXT_PUBLIC_MEDIA_SIGNING_SECRET!,\n * })\n * ```\n */\nexport function createImageLoader(config: {\n  storeId: string\n  gatewayUrl: string\n  supabaseHost: string\n  signingSecret: string\n}): (params: ImageLoaderParams) => string {\n  return ({ src, width, quality }: ImageLoaderParams): string => {\n    if (!src.includes(config.supabaseHost)) {\n      return src\n    }\n\n    const w = String(snapWidth(width))\n    const q = String(quality || 80)\n    const f = 'webp'\n    const encoded = WhaleClient.encodeBase64Url(src)\n    const s = WhaleClient.signMedia(config.signingSecret, encoded, w, q, f)\n\n    return `${config.gatewayUrl}/v1/stores/${config.storeId}/media?url=${encoded}&w=${w}&q=${q}&f=${f}&s=${s}`\n  }\n}\n","import type { NextRequest } from 'next/server'\nimport { NextResponse } from 'next/server'\n\n/**\n * Creates a Next.js middleware that protects routes requiring authentication.\n *\n * Checks for a session token cookie or localStorage indicator.\n * Since middleware runs on the edge and can't access localStorage,\n * this checks for a cookie-based token instead.\n *\n * Usage in middleware.ts:\n * ```ts\n * import { createAuthMiddleware } from '@neowhale/storefront/next'\n * export const middleware = createAuthMiddleware({\n *   protectedPaths: ['/account'],\n *   loginPath: '/account',\n * })\n * export const config = { matcher: ['/account/:path*'] }\n * ```\n */\nexport function createAuthMiddleware(options: {\n  protectedPaths: string[]\n  loginPath: string\n  cookieName?: string\n}) {\n  const { protectedPaths, loginPath, cookieName = 'whale-session' } = options\n\n  return function middleware(request: NextRequest) {\n    const { pathname } = request.nextUrl\n\n    // Never gate the login path itself — prevents redirect loops\n    if (pathname === loginPath || pathname.startsWith(`${loginPath}/`)) {\n      return NextResponse.next()\n    }\n\n    // Check if this is a protected path\n    const isProtected = protectedPaths.some(\n      (p) => pathname === p || pathname.startsWith(`${p}/`)\n    )\n\n    if (!isProtected) {\n      return NextResponse.next()\n    }\n\n    // Check for session cookie\n    const token = request.cookies.get(cookieName)?.value\n\n    if (!token) {\n      const url = request.nextUrl.clone()\n      url.pathname = loginPath\n      url.searchParams.set('redirect', pathname)\n      return NextResponse.redirect(url)\n    }\n\n    return NextResponse.next()\n  }\n}\n"]}
+{"version":3,"sources":["../../src/next/headers.ts","../../src/next/rewrite.ts","../../src/next/server.ts","../../src/next/image-loader.ts","../../src/next/middleware.ts"],"names":[],"mappings":";;;;AAIO,IAAM,eAAA,GAAkB;AAAA,EAC7B;AAAA,IACE,GAAA,EAAK,wBAAA;AAAA,IACL,KAAA,EAAO;AAAA,GACT;AAAA,EACA;AAAA,IACE,GAAA,EAAK,2BAAA;AAAA,IACL,KAAA,EAAO;AAAA,GACT;AAAA,EACA;AAAA,IACE,GAAA,EAAK,wBAAA;AAAA,IACL,KAAA,EAAO;AAAA,GACT;AAAA,EACA;AAAA,IACE,GAAA,EAAK,iBAAA;AAAA,IACL,KAAA,EAAO;AAAA,GACT;AAAA,EACA;AAAA,IACE,GAAA,EAAK,kBAAA;AAAA,IACL,KAAA,EAAO;AAAA,GACT;AAAA,EACA;AAAA,IACE,GAAA,EAAK,iBAAA;AAAA,IACL,KAAA,EAAO;AAAA,GACT;AAAA,EACA;AAAA,IACE,GAAA,EAAK,oBAAA;AAAA,IACL,KAAA,EAAO;AAAA;AAEX;AAWO,SAAS,oBACd,KAAA,EACgF;AAChF,EAAA,MAAM,aAAa,KAAA,GAAQ,CAAC,GAAG,eAAA,EAAiB,GAAG,KAAK,CAAA,GAAI,eAAA;AAC5D,EAAA,OAAO,YAAY;AAAA,IACjB;AAAA,MACE,MAAA,EAAQ,SAAA;AAAA,MACR,OAAA,EAAS;AAAA;AACX,GACF;AACF;;;ACxCO,SAAS,mBAAA,CACd,UAAA,GAAa,+BAAA,EACb,SAAA,GAAY,SAAA,EAC6B;AACzC,EAAA,OAAO;AAAA,IACL,MAAA,EAAQ,GAAG,SAAS,CAAA,OAAA,CAAA;AAAA,IACpB,WAAA,EAAa,GAAG,UAAU,CAAA,OAAA;AAAA,GAC5B;AACF;;;ACfO,SAAS,mBAAmB,MAAA,EAAsD;AACvF,EAAA,OAAO,IAAI,WAAA,CAAY;AAAA,IACrB,OAAA,EAAS,QAAQ,OAAA,IAAW,OAAA,CAAQ,IAAI,oBAAA,IAAwB,OAAA,CAAQ,IAAI,0BAAA,IAA8B,EAAA;AAAA,IAC1G,MAAA,EAAQ,QAAQ,MAAA,IAAU,OAAA,CAAQ,IAAI,mBAAA,IAAuB,OAAA,CAAQ,IAAI,yBAAA,IAA6B,EAAA;AAAA,IACtG,UAAA,EAAY,QAAQ,UAAA,IAAc,OAAA,CAAQ,IAAI,mBAAA,IAAuB,OAAA,CAAQ,IAAI,6BAAA,IAAiC,+BAAA;AAAA,IAClH,WAAW,MAAA,EAAQ;AAAA,GACpB,CAAA;AACH;AAMA,eAAsB,eAAe,OAAA,EAOd;AACrB,EAAA,MAAM,MAAA,GAAS,OAAA,EAAS,MAAA,IAAU,kBAAA,EAAmB;AACrD,EAAA,OAAO,OAAO,cAAA,CAAe;AAAA,IAC3B,MAAA,EAAQ,WAAA;AAAA,IACR,UAAA,EAAY,SAAS,UAAA,IAAc,EAAA;AAAA,IACnC,QAAQ,OAAA,EAAS;AAAA,GAClB,CAAA;AACH;;;AChCA,IAAM,cAAA,GAAiB,CAAC,EAAA,EAAI,EAAA,EAAI,GAAA,EAAK,GAAA,EAAK,GAAA,EAAK,GAAA,EAAK,GAAA,EAAK,IAAA,EAAM,IAAA,EAAM,IAAI,CAAA;AAEzE,SAAS,UAAU,CAAA,EAAmB;AACpC,EAAA,KAAA,MAAW,MAAM,cAAA,EAAgB;AAC/B,IAAA,IAAI,EAAA,IAAM,GAAG,OAAO,EAAA;AAAA,EACtB;AACA,EAAA,OAAO,cAAA,CAAe,cAAA,CAAe,MAAA,GAAS,CAAC,CAAA;AACjD;AAsBO,SAAS,kBAAkB,MAAA,EAKQ;AACxC,EAAA,OAAO,CAAC,EAAE,GAAA,EAAK,KAAA,EAAO,SAAQ,KAAiC;AAE7D,IAAA,MAAM,QAAA,GAAW,GAAA,CAAI,OAAA,CAAQ,YAAA,EAAc,EAAE,CAAA;AAE7C,IAAA,IAAI,CAAC,QAAA,CAAS,QAAA,CAAS,MAAA,CAAO,YAAY,CAAA,EAAG;AAC3C,MAAA,OAAO,QAAA;AAAA,IACT;AAEA,IAAA,MAAM,CAAA,GAAI,MAAA,CAAO,SAAA,CAAU,KAAK,CAAC,CAAA;AACjC,IAAA,MAAM,CAAA,GAAI,MAAA,CAAO,OAAA,IAAW,EAAE,CAAA;AAC9B,IAAA,MAAM,CAAA,GAAI,MAAA;AACV,IAAA,MAAM,OAAA,GAAU,WAAA,CAAY,eAAA,CAAgB,QAAQ,CAAA;AACpD,IAAA,MAAM,CAAA,GAAI,YAAY,SAAA,CAAU,MAAA,CAAO,eAAe,OAAA,EAAS,CAAA,EAAG,GAAG,CAAC,CAAA;AAEtE,IAAA,OAAO,CAAA,EAAG,MAAA,CAAO,UAAU,CAAA,WAAA,EAAc,OAAO,OAAO,CAAA,WAAA,EAAc,OAAO,CAAA,GAAA,EAAM,CAAC,CAAA,GAAA,EAAM,CAAC,CAAA,GAAA,EAAM,CAAC,MAAM,CAAC,CAAA,CAAA;AAAA,EAC1G,CAAA;AACF;ACjCO,SAAS,qBAAqB,OAAA,EAIlC;AACD,EAAA,MAAM,EAAE,cAAA,EAAgB,SAAA,EAAW,UAAA,GAAa,iBAAgB,GAAI,OAAA;AAEpE,EAAA,OAAO,SAAS,WAAW,OAAA,EAAsB;AAC/C,IAAA,MAAM,EAAE,QAAA,EAAS,GAAI,OAAA,CAAQ,OAAA;AAG7B,IAAA,IAAI,aAAa,SAAA,IAAa,QAAA,CAAS,WAAW,CAAA,EAAG,SAAS,GAAG,CAAA,EAAG;AAClE,MAAA,OAAO,aAAa,IAAA,EAAK;AAAA,IAC3B;AAGA,IAAA,MAAM,cAAc,cAAA,CAAe,IAAA;AAAA,MACjC,CAAC,MAAM,QAAA,KAAa,CAAA,IAAK,SAAS,UAAA,CAAW,CAAA,EAAG,CAAC,CAAA,CAAA,CAAG;AAAA,KACtD;AAEA,IAAA,IAAI,CAAC,WAAA,EAAa;AAChB,MAAA,OAAO,aAAa,IAAA,EAAK;AAAA,IAC3B;AAGA,IAAA,MAAM,KAAA,GAAQ,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,UAAU,CAAA,EAAG,KAAA;AAE/C,IAAA,IAAI,CAAC,KAAA,EAAO;AACV,MAAA,MAAM,GAAA,GAAM,OAAA,CAAQ,OAAA,CAAQ,KAAA,EAAM;AAClC,MAAA,GAAA,CAAI,QAAA,GAAW,SAAA;AACf,MAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,UAAA,EAAY,QAAQ,CAAA;AACzC,MAAA,OAAO,YAAA,CAAa,SAAS,GAAG,CAAA;AAAA,IAClC;AAEA,IAAA,OAAO,aAAa,IAAA,EAAK;AAAA,EAC3B,CAAA;AACF","file":"index.js","sourcesContent":["/**\n * Security headers for Next.js storefronts.\n */\n\nexport const securityHeaders = [\n  {\n    key: 'X-DNS-Prefetch-Control',\n    value: 'on',\n  },\n  {\n    key: 'Strict-Transport-Security',\n    value: 'max-age=63072000; includeSubDomains; preload',\n  },\n  {\n    key: 'X-Content-Type-Options',\n    value: 'nosniff',\n  },\n  {\n    key: 'X-Frame-Options',\n    value: 'SAMEORIGIN',\n  },\n  {\n    key: 'X-XSS-Protection',\n    value: '1; mode=block',\n  },\n  {\n    key: 'Referrer-Policy',\n    value: 'strict-origin-when-cross-origin',\n  },\n  {\n    key: 'Permissions-Policy',\n    value: 'camera=(), microphone=(), geolocation=(self), interest-cohort=()',\n  },\n]\n\n/**\n * Returns a Next.js `headers()` config with security headers applied to all routes.\n * Use in next.config.ts:\n *\n * ```ts\n * import { withSecurityHeaders } from '@neowhale/storefront/next'\n * export default { headers: withSecurityHeaders() }\n * ```\n */\nexport function withSecurityHeaders(\n  extra?: { key: string; value: string }[]\n): () => Promise<{ source: string; headers: { key: string; value: string }[] }[]> {\n  const allHeaders = extra ? [...securityHeaders, ...extra] : securityHeaders\n  return async () => [\n    {\n      source: '/:path*',\n      headers: allHeaders,\n    },\n  ]\n}\n","/**\n * Gateway rewrite rule for Next.js.\n * Proxies client-side /api/gw/* requests to whale-gateway to avoid CORS.\n *\n * Usage in next.config.ts:\n * ```ts\n * import { whaleGatewayRewrite } from '@neowhale/storefront/next'\n * export default {\n *   async rewrites() {\n *     return [whaleGatewayRewrite()]\n *   }\n * }\n * ```\n */\nexport function whaleGatewayRewrite(\n  gatewayUrl = 'https://whale-gateway.fly.dev',\n  proxyPath = '/api/gw'\n): { source: string; destination: string } {\n  return {\n    source: `${proxyPath}/:path*`,\n    destination: `${gatewayUrl}/:path*`,\n  }\n}\n","import { WhaleClient } from '../client.js'\nimport type { Product, WhaleStorefrontConfig } from '../types.js'\n\n/**\n * Creates a server-side WhaleClient.\n * Reads from env vars by default — override with explicit config.\n */\nexport function createServerClient(config?: Partial<WhaleStorefrontConfig>): WhaleClient {\n  return new WhaleClient({\n    storeId: config?.storeId || process.env.NEXT_PUBLIC_STORE_ID || process.env.NEXT_PUBLIC_WHALE_STORE_ID || '',\n    apiKey: config?.apiKey || process.env.NEXT_PUBLIC_API_KEY || process.env.NEXT_PUBLIC_WHALE_API_KEY || '',\n    gatewayUrl: config?.gatewayUrl || process.env.NEXT_PUBLIC_API_URL || process.env.NEXT_PUBLIC_WHALE_GATEWAY_URL || 'https://whale-gateway.fly.dev',\n    proxyPath: config?.proxyPath,\n  })\n}\n\n/**\n * Server-side: fetch all published products with ISR caching.\n * Drop-in replacement for Flora's `getAllProducts()`.\n */\nexport async function getAllProducts(options?: {\n  /** Revalidate interval in seconds. Defaults to 60. */\n  revalidate?: number\n  /** Filter function to exclude products (e.g. hidden categories, out of stock) */\n  filter?: (product: Product) => boolean\n  /** Override client config */\n  client?: WhaleClient\n}): Promise<Product[]> {\n  const client = options?.client ?? createServerClient()\n  return client.getAllProducts({\n    status: 'published',\n    revalidate: options?.revalidate ?? 60,\n    filter: options?.filter,\n  })\n}\n","import { WhaleClient } from '../client.js'\n\nconst ALLOWED_WIDTHS = [64, 96, 128, 256, 384, 640, 828, 1080, 1280, 1920]\n\nfunction snapWidth(w: number): number {\n  for (const aw of ALLOWED_WIDTHS) {\n    if (aw >= w) return aw\n  }\n  return ALLOWED_WIDTHS[ALLOWED_WIDTHS.length - 1]\n}\n\ninterface ImageLoaderParams {\n  src: string\n  width: number\n  quality?: number\n}\n\n/**\n * Creates a Next.js custom image loader that proxies Supabase images through gateway.\n *\n * Usage in a loader file (e.g. src/lib/image-loader.ts):\n * ```ts\n * import { createImageLoader } from '@neowhale/storefront/next'\n * export default createImageLoader({\n *   storeId: process.env.NEXT_PUBLIC_STORE_ID!,\n *   gatewayUrl: 'https://whale-gateway.fly.dev',\n *   supabaseHost: 'your-project.supabase.co',\n *   signingSecret: process.env.NEXT_PUBLIC_MEDIA_SIGNING_SECRET!,\n * })\n * ```\n */\nexport function createImageLoader(config: {\n  storeId: string\n  gatewayUrl: string\n  supabaseHost: string\n  signingSecret: string\n}): (params: ImageLoaderParams) => string {\n  return ({ src, width, quality }: ImageLoaderParams): string => {\n    // Strip retry cache-bust params (_r=N) so retries hit the same gateway cache key\n    const cleanSrc = src.replace(/[?&]_r=\\d+/, '')\n\n    if (!cleanSrc.includes(config.supabaseHost)) {\n      return cleanSrc\n    }\n\n    const w = String(snapWidth(width))\n    const q = String(quality || 80)\n    const f = 'webp'\n    const encoded = WhaleClient.encodeBase64Url(cleanSrc)\n    const s = WhaleClient.signMedia(config.signingSecret, encoded, w, q, f)\n\n    return `${config.gatewayUrl}/v1/stores/${config.storeId}/media?url=${encoded}&w=${w}&q=${q}&f=${f}&s=${s}`\n  }\n}\n","import type { NextRequest } from 'next/server'\nimport { NextResponse } from 'next/server'\n\n/**\n * Creates a Next.js middleware that protects routes requiring authentication.\n *\n * Checks for a session token cookie or localStorage indicator.\n * Since middleware runs on the edge and can't access localStorage,\n * this checks for a cookie-based token instead.\n *\n * Usage in middleware.ts:\n * ```ts\n * import { createAuthMiddleware } from '@neowhale/storefront/next'\n * export const middleware = createAuthMiddleware({\n *   protectedPaths: ['/account'],\n *   loginPath: '/account',\n * })\n * export const config = { matcher: ['/account/:path*'] }\n * ```\n */\nexport function createAuthMiddleware(options: {\n  protectedPaths: string[]\n  loginPath: string\n  cookieName?: string\n}) {\n  const { protectedPaths, loginPath, cookieName = 'whale-session' } = options\n\n  return function middleware(request: NextRequest) {\n    const { pathname } = request.nextUrl\n\n    // Never gate the login path itself — prevents redirect loops\n    if (pathname === loginPath || pathname.startsWith(`${loginPath}/`)) {\n      return NextResponse.next()\n    }\n\n    // Check if this is a protected path\n    const isProtected = protectedPaths.some(\n      (p) => pathname === p || pathname.startsWith(`${p}/`)\n    )\n\n    if (!isProtected) {\n      return NextResponse.next()\n    }\n\n    // Check for session cookie\n    const token = request.cookies.get(cookieName)?.value\n\n    if (!token) {\n      const url = request.nextUrl.clone()\n      url.pathname = loginPath\n      url.searchParams.set('redirect', pathname)\n      return NextResponse.redirect(url)\n    }\n\n    return NextResponse.next()\n  }\n}\n"]}

package/dist/{pixel-manager-CIZKghfx.d.ts → pixel-manager-BcL95odX.d.ts}

@@ -1,4 +1,4 @@
-import { p as PixelConfig } from './client-Ca8Otk-R.js';
+import { p as PixelConfig } from './client-BSO263Uv.js';
 
 declare class PixelManager {
     private providers;

package/dist/{pixel-manager-CIR16DXY.d.cts → pixel-manager-DJ9m2FaQ.d.cts}

@@ -1,4 +1,4 @@
-import { p as PixelConfig } from './client-Ca8Otk-R.cjs';
+import { p as PixelConfig } from './client-BSO263Uv.cjs';
 
 declare class PixelManager {
     private providers;