@paakd/api 0.0.1

package/src/interceptors.spec.ts

@@ -0,0 +1,1343 @@
+import type {
+  StreamRequest,
+  StreamResponse,
+  UnaryRequest,
+  UnaryResponse,
+} from '@connectrpc/connect'
+import { Code, ConnectError } from '@connectrpc/connect'
+import { type MockedFunction } from 'vitest'
+import {
+  createAuthenticationInterceptor,
+  createCustomerAuthenticationInterceptor,
+  createHeadersInterceptor,
+  createLoggingInterceptor,
+  type RequestLogger,
+} from './interceptors'
+
+// Mock the checkout config
+vi.mock('@paakd/config', () => ({
+  Checkout: {} as any,
+}))
+
+vi.mock('./compressor/brotli', () => ({
+  brotliCompression: {
+    name: 'brotli',
+    compress: vi.fn(),
+    decompress: vi.fn(),
+  },
+}))
+
+describe('interceptors', () => {
+  describe('createLoggingInterceptor', () => {
+    let mockLogger: RequestLogger
+    let mockNext: MockedFunction<
+      (
+        req: UnaryRequest | StreamRequest
+      ) => Promise<UnaryResponse | StreamResponse>
+    >
+    let mockRequest: any
+    let mockResponse: any
+
+    beforeEach(() => {
+      mockLogger = {
+        onRequestHeader: vi.fn(),
+        onRequestMessage: vi.fn(),
+        onResponseHeader: vi.fn(),
+        onResponseMessage: vi.fn(),
+        onResponseTrailer: vi.fn(),
+        onError: vi.fn(),
+      }
+
+      mockNext = vi.fn() as MockedFunction<
+        (
+          req: UnaryRequest | StreamRequest
+        ) => Promise<UnaryResponse | StreamResponse>
+      >
+
+      mockRequest = {
+        stream: false,
+        method: {
+          methodKind: 'unary',
+          toString: () => 'TestService/TestMethod',
+        },
+        header: new Headers(),
+        message: { $typeName: 'test.Message' },
+      }
+
+      mockResponse = {
+        stream: false,
+        header: new Headers(),
+        message: { $typeName: 'test.Message' },
+        trailer: new Headers(),
+      }
+    })
+
+    it('should create a logging interceptor with default logger', () => {
+      const interceptor = createLoggingInterceptor()
+      expect(typeof interceptor).toBe('function')
+    })
+
+    it('should create a logging interceptor with custom logger', () => {
+      const customLogger = vi.fn().mockReturnValue(mockLogger)
+      const interceptor = createLoggingInterceptor(customLogger)
+      expect(typeof interceptor).toBe('function')
+    })
+
+    it('should log unary request and response', async () => {
+      const customLogger = vi.fn().mockReturnValue(mockLogger)
+      const interceptor = createLoggingInterceptor(customLogger)
+      const interceptorFn = interceptor(mockNext)
+
+      mockNext.mockResolvedValue(mockResponse)
+
+      const result = await interceptorFn(mockRequest)
+
+      expect(customLogger).toHaveBeenCalledWith(mockRequest)
+      expect(mockLogger.onRequestHeader).toHaveBeenCalledWith(
+        mockRequest.header
+      )
+      expect(mockLogger.onRequestMessage).toHaveBeenCalledWith(
+        mockRequest.message
+      )
+      expect(mockLogger.onResponseHeader).toHaveBeenCalledWith(
+        mockResponse.header
+      )
+      expect(mockLogger.onResponseMessage).toHaveBeenCalledWith(
+        mockResponse.message
+      )
+      expect(mockLogger.onResponseTrailer).toHaveBeenCalledWith(
+        mockResponse.trailer
+      )
+      expect(result).toBe(mockResponse)
+    })
+
+    it('should handle stream requests with multiple messages', async () => {
+      const customLogger = vi.fn().mockReturnValue(mockLogger)
+      const interceptor = createLoggingInterceptor(customLogger)
+      const interceptorFn = interceptor(mockNext)
+
+      const messages = [
+        { $typeName: 'test.Message', id: 1 },
+        { $typeName: 'test.Message', id: 2 },
+        { $typeName: 'test.Message', id: 3 },
+      ]
+
+      const streamRequest = {
+        ...mockRequest,
+        stream: true,
+        message: (async function* () {
+          for (const msg of messages) {
+            yield msg
+          }
+        })(),
+      }
+
+      const streamResponse = {
+        ...mockResponse,
+        stream: true,
+        message: (async function* () {
+          for (const msg of messages) {
+            yield msg
+          }
+        })(),
+      }
+
+      mockNext.mockResolvedValue(streamResponse)
+
+      const result = await interceptorFn(streamRequest as any)
+
+      expect(customLogger).toHaveBeenCalledWith(streamRequest)
+      expect(mockLogger.onRequestHeader).toHaveBeenCalledWith(
+        streamRequest.header
+      )
+      expect(result).toBeDefined()
+      expect(result.stream).toBe(true)
+
+      // Consume the stream to trigger message logging
+      const responseMessages = []
+      for await (const msg of result.message as AsyncIterable<any>) {
+        responseMessages.push(msg)
+      }
+
+      expect(responseMessages).toHaveLength(3)
+      expect(mockLogger.onResponseMessage).toHaveBeenCalledTimes(3)
+      expect(mockLogger.onResponseTrailer).toHaveBeenCalledWith(
+        mockResponse.trailer
+      )
+    })
+
+    it('should log errors in stream and rethrow', async () => {
+      const customLogger = vi.fn().mockReturnValue(mockLogger)
+      const interceptor = createLoggingInterceptor(customLogger)
+      const interceptorFn = interceptor(mockNext)
+
+      const streamError = new Error('Stream processing error')
+
+      const streamRequest = {
+        ...mockRequest,
+        stream: true,
+        message: (async function* () {
+          yield { $typeName: 'test.Message' }
+          throw streamError
+        })(),
+      }
+
+      const streamResponse = {
+        ...mockResponse,
+        stream: true,
+        message: (async function* () {
+          throw streamError
+        })(),
+      }
+
+      mockNext.mockResolvedValue(streamResponse)
+
+      const result = await interceptorFn(streamRequest as any)
+
+      // Consume the response stream to trigger error
+      await expect(async () => {
+        for await (const msg of result.message as AsyncIterable<any>) {
+          // Iterate through messages
+        }
+      }).rejects.toThrow('Stream processing error')
+
+      expect(mockLogger.onError).toHaveBeenCalledWith(streamError)
+    })
+
+    it('should log errors and rethrow them in unary calls', async () => {
+      const customLogger = vi.fn().mockReturnValue(mockLogger)
+      const interceptor = createLoggingInterceptor(customLogger)
+      const interceptorFn = interceptor(mockNext)
+
+      const error = new Error('Test error')
+      mockNext.mockRejectedValue(error)
+
+      await expect(interceptorFn(mockRequest)).rejects.toThrow('Test error')
+      expect(mockLogger.onError).toHaveBeenCalledWith(error)
+    })
+
+    it('should log ConnectError during request processing', async () => {
+      const customLogger = vi.fn().mockReturnValue(mockLogger)
+      const interceptor = createLoggingInterceptor(customLogger)
+      const interceptorFn = interceptor(mockNext)
+
+      const connectError = new ConnectError(
+        'Service unavailable',
+        Code.Unavailable
+      )
+      mockNext.mockRejectedValue(connectError)
+
+      await expect(interceptorFn(mockRequest)).rejects.toThrow()
+      expect(mockLogger.onError).toHaveBeenCalledWith(connectError)
+    })
+
+    it('should use default logger when none provided', async () => {
+      const consoleSpy = vi.spyOn(console, 'log').mockImplementation(() => {})
+
+      const interceptor = createLoggingInterceptor()
+      const interceptorFn = interceptor(mockNext)
+
+      mockNext.mockResolvedValue(mockResponse)
+
+      await interceptorFn(mockRequest)
+
+      expect(consoleSpy).toHaveBeenCalled()
+      const calls = consoleSpy.mock.calls.filter(call =>
+        call[0]?.includes('TestService')
+      )
+      expect(calls.length).toBeGreaterThan(0)
+
+      consoleSpy.mockRestore()
+    })
+
+    it('should handle partial logger implementation', async () => {
+      const partialLogger: RequestLogger = {
+        onRequestHeader: vi.fn(),
+        // Missing other callbacks
+      }
+
+      const customLogger = vi.fn().mockReturnValue(partialLogger)
+      const interceptor = createLoggingInterceptor(customLogger)
+      const interceptorFn = interceptor(mockNext)
+
+      mockNext.mockResolvedValue(mockResponse)
+
+      // Should not throw even with missing callbacks
+      await expect(interceptorFn(mockRequest)).resolves.toBeDefined()
+      expect(partialLogger.onRequestHeader).toHaveBeenCalled()
+    })
+
+    it('should pass correct method info to logger function', async () => {
+      const customLogger = vi.fn().mockReturnValue(mockLogger)
+      const interceptor = createLoggingInterceptor(customLogger)
+      const interceptorFn = interceptor(mockNext)
+
+      mockNext.mockResolvedValue(mockResponse)
+
+      const testRequest = {
+        ...mockRequest,
+        method: {
+          methodKind: 'unary',
+          toString: () => 'CustomService/CustomMethod',
+        },
+      }
+
+      await interceptorFn(testRequest)
+
+      expect(customLogger).toHaveBeenCalledWith(testRequest)
+      const loggerResult = customLogger.mock.results[0].value
+      expect(loggerResult).toBeDefined()
+    })
+
+    it('should handle stream response completion without error', async () => {
+      const customLogger = vi.fn().mockReturnValue(mockLogger)
+      const interceptor = createLoggingInterceptor(customLogger)
+      const interceptorFn = interceptor(mockNext)
+
+      const streamResponse = {
+        ...mockResponse,
+        stream: true,
+        message: (async function* () {
+          yield { $typeName: 'test.Message', id: 1 }
+          // Stream ends normally
+        })(),
+      }
+
+      mockNext.mockResolvedValue(streamResponse)
+
+      const result = await interceptorFn(mockRequest)
+
+      // Consume the stream
+      const messages = []
+      for await (const msg of result.message as AsyncIterable<any>) {
+        messages.push(msg)
+      }
+
+      expect(messages).toHaveLength(1)
+      expect(mockLogger.onResponseTrailer).toHaveBeenCalled()
+    })
+
+    it('should handle stream iterator with throw method', async () => {
+      const customLogger = vi.fn().mockReturnValue(mockLogger)
+      const interceptor = createLoggingInterceptor(customLogger)
+      const interceptorFn = interceptor(mockNext)
+
+      const mockIterator = {
+        next: vi.fn().mockResolvedValue({
+          done: false,
+          value: { $typeName: 'test.Message' },
+        }),
+        throw: vi.fn().mockRejectedValue(new Error('Thrown error')),
+        return: vi.fn().mockResolvedValue({ done: true }),
+      }
+
+      const streamResponse = {
+        ...mockResponse,
+        stream: true,
+        message: {
+          [Symbol.asyncIterator]: () => mockIterator,
+        },
+      }
+
+      mockNext.mockResolvedValue(streamResponse)
+
+      const result = await interceptorFn(mockRequest as any)
+
+      // Get the intercepted iterator
+      const interceptedIterator = (result.message as AsyncIterable<any>)[
+        Symbol.asyncIterator
+      ]()
+
+      // The intercepted iterator should have throw and return methods
+      expect(typeof interceptedIterator.throw).toBe('function')
+      expect(typeof interceptedIterator.return).toBe('function')
+    })
+
+    it('should handle stream iterator without throw method', async () => {
+      const customLogger = vi.fn().mockReturnValue(mockLogger)
+      const interceptor = createLoggingInterceptor(customLogger)
+      const interceptorFn = interceptor(mockNext)
+
+      const mockIterator = {
+        next: vi.fn().mockResolvedValue({
+          done: false,
+          value: { $typeName: 'test.Message' },
+        }),
+        // No throw or return methods
+      }
+
+      const streamResponse = {
+        ...mockResponse,
+        stream: true,
+        message: {
+          [Symbol.asyncIterator]: () => mockIterator,
+        },
+      }
+
+      mockNext.mockResolvedValue(streamResponse)
+
+      const result = await interceptorFn(mockRequest as any)
+
+      const interceptedIterator = (result.message as AsyncIterable<any>)[
+        Symbol.asyncIterator
+      ]()
+
+      // Should work without throw/return methods
+      const msg = await interceptedIterator.next()
+      expect(msg.value).toBeDefined()
+    })
+  })
+
+  describe('createAuthenticationInterceptor', () => {
+    let mockNext: MockedFunction<
+      (
+        req: UnaryRequest | StreamRequest
+      ) => Promise<UnaryResponse | StreamResponse>
+    >
+    let mockRequest: any
+    let mockResponse: any
+    let mockCheckoutConfig: any
+
+    beforeEach(() => {
+      mockNext = vi.fn() as MockedFunction<
+        (
+          req: UnaryRequest | StreamRequest
+        ) => Promise<UnaryResponse | StreamResponse>
+      >
+
+      mockRequest = {
+        header: new Headers(),
+      }
+
+      mockResponse = {
+        header: new Headers(),
+        message: { $typeName: 'test.Message' },
+        trailer: new Headers(),
+      }
+
+      mockCheckoutConfig = {
+        hostname: 'example.com',
+        cmsRemoteURL: 'https://cms.example.com',
+        enterpriseRemoteURL: 'https://enterprise.example.com',
+        cmsURL: 'https://cms-local.example.com',
+        enterpriseURL: 'https://enterprise.example.com',
+        secureCookiePassword: 'secure-cookie-password',
+        forestAPIKey: 'forest-api-key',
+        saleChannelAccessKey: 'test-sales-channel-access',
+        salesChannelAPISecret: 'test-sales-channel-secret',
+        storeAccessKey: 'test-store-access',
+        storeAPISecret: 'test-store-secret',
+        isProduction: false,
+        posthogKey: 'posthog-key',
+        posthogDomain: 'posthog.example.com',
+        posthogHost: 'posthog.example.com',
+        assetsPath: '/assets',
+        assetsDomain: 'assets.example.com',
+        turnstileKey: 'turnstile-key',
+        turnstileSecret: 'turnstile-secret',
+        redis: {
+          user: 'redis-user',
+          host: 'localhost',
+          password: 'redis-password',
+          port: 6379,
+        },
+      } as any
+    })
+
+    it('should create an authentication interceptor', () => {
+      const interceptor = createAuthenticationInterceptor(mockCheckoutConfig)
+      expect(typeof interceptor).toBe('function')
+    })
+
+    it('should set all authentication headers', async () => {
+      const interceptor = createAuthenticationInterceptor(mockCheckoutConfig)
+      const interceptorFn = interceptor(mockNext)
+
+      mockNext.mockResolvedValue(mockResponse)
+
+      const result = await interceptorFn(mockRequest as any)
+
+      expect(mockRequest.header.get('X-Store-Key')).toBe('test-store-secret')
+      expect(mockRequest.header.get('X-SA-Key')).toBe('test-store-access')
+      expect(mockRequest.header.get('X-CH-Key')).toBe(
+        'test-sales-channel-secret'
+      )
+      expect(mockRequest.header.get('X-CHA-Key')).toBe(
+        'test-sales-channel-access'
+      )
+      expect(mockNext).toHaveBeenCalledWith(mockRequest)
+      expect(result).toBe(mockResponse)
+    })
+
+    it('should set headers exactly once per call', async () => {
+      const interceptor = createAuthenticationInterceptor(mockCheckoutConfig)
+      const interceptorFn = interceptor(mockNext)
+
+      mockNext.mockResolvedValue(mockResponse)
+
+      await interceptorFn(mockRequest as any)
+
+      // Verify headers are set exactly once
+      const headerSetCalls = mockRequest.header.set.mock?.calls || []
+      // Headers.set might not be mockable, so we verify via get
+      expect(mockRequest.header.get('X-Store-Key')).toBe('test-store-secret')
+      expect(mockRequest.header.get('X-SA-Key')).toBe('test-store-access')
+      expect(mockRequest.header.get('X-CH-Key')).toBe(
+        'test-sales-channel-secret'
+      )
+      expect(mockRequest.header.get('X-CHA-Key')).toBe(
+        'test-sales-channel-access'
+      )
+    })
+
+    it('should work with stream requests', async () => {
+      const interceptor = createAuthenticationInterceptor(mockCheckoutConfig)
+      const interceptorFn = interceptor(mockNext)
+
+      const streamRequest = {
+        ...mockRequest,
+        stream: true,
+      }
+
+      mockNext.mockResolvedValue(mockResponse)
+
+      const result = await interceptorFn(streamRequest as any)
+
+      expect(streamRequest.header.get('X-Store-Key')).toBe('test-store-secret')
+      expect(streamRequest.header.get('X-SA-Key')).toBe('test-store-access')
+      expect(streamRequest.header.get('X-CH-Key')).toBe(
+        'test-sales-channel-secret'
+      )
+      expect(streamRequest.header.get('X-CHA-Key')).toBe(
+        'test-sales-channel-access'
+      )
+      expect(result).toBe(mockResponse)
+    })
+
+    it('should pass request unchanged to next interceptor', async () => {
+      const interceptor = createAuthenticationInterceptor(mockCheckoutConfig)
+      const interceptorFn = interceptor(mockNext)
+
+      mockNext.mockResolvedValue(mockResponse)
+
+      const originalRequest = mockRequest
+      await interceptorFn(originalRequest)
+
+      expect(mockNext).toHaveBeenCalledWith(originalRequest)
+    })
+
+    it('should handle empty config values', async () => {
+      const emptyConfig = {
+        hostname: 'example.com',
+        cmsRemoteURL: 'https://cms.example.com',
+        enterpriseRemoteURL: 'https://enterprise.example.com',
+        cmsURL: 'https://cms-local.example.com',
+        enterpriseURL: 'https://enterprise.example.com',
+        secureCookiePassword: 'secure-cookie-password',
+        forestAPIKey: 'forest-api-key',
+        saleChannelAccessKey: '',
+        salesChannelAPISecret: '',
+        storeAccessKey: '',
+        storeAPISecret: '',
+        isProduction: false,
+        posthogKey: 'posthog-key',
+        posthogDomain: 'posthog.example.com',
+        posthogHost: 'posthog.example.com',
+        assetsPath: '/assets',
+        assetsDomain: 'assets.example.com',
+        turnstileKey: 'turnstile-key',
+        turnstileSecret: 'turnstile-secret',
+        redis: {
+          user: 'redis-user',
+          host: 'localhost',
+          password: 'redis-password',
+          port: 6379,
+        },
+      } as any
+
+      const interceptor = createAuthenticationInterceptor(emptyConfig)
+      const interceptorFn = interceptor(mockNext)
+
+      mockNext.mockResolvedValue(mockResponse)
+
+      const result = await interceptorFn(mockRequest as any)
+
+      expect(mockRequest.header.get('X-Store-Key')).toBe('')
+      expect(mockRequest.header.get('X-SA-Key')).toBe('')
+      expect(result).toBe(mockResponse)
+    })
+
+    it('should propagate response from next interceptor', async () => {
+      const interceptor = createAuthenticationInterceptor(mockCheckoutConfig)
+      const interceptorFn = interceptor(mockNext)
+
+      const customResponse = {
+        ...mockResponse,
+        message: { $typeName: 'custom.Message', data: 'custom' },
+      }
+
+      mockNext.mockResolvedValue(customResponse)
+
+      const result = await interceptor(mockNext)(mockRequest as any)
+
+      expect(result).toBe(customResponse)
+      expect((result.message as any).data).toBe('custom')
+    })
+  })
+
+  describe('createCustomerAuthenticationInterceptor', () => {
+    let mockNext: MockedFunction<
+      (
+        req: UnaryRequest | StreamRequest
+      ) => Promise<UnaryResponse | StreamResponse>
+    >
+    let mockRequest: any
+    let mockResponse: any
+
+    beforeEach(() => {
+      mockNext = vi.fn() as MockedFunction<
+        (
+          req: UnaryRequest | StreamRequest
+        ) => Promise<UnaryResponse | StreamResponse>
+      >
+
+      mockRequest = {
+        header: new Headers(),
+      }
+
+      mockResponse = {
+        header: new Headers(),
+        message: { $typeName: 'test.Message' },
+        trailer: new Headers(),
+      }
+    })
+
+    it('should create a customer authentication interceptor', () => {
+      const interceptor =
+        createCustomerAuthenticationInterceptor('test-jwt-token')
+      expect(typeof interceptor).toBe('function')
+    })
+
+    it('should set Authorization header with Bearer token', async () => {
+      const jwtToken = 'test-jwt-token'
+      const interceptor = createCustomerAuthenticationInterceptor(jwtToken)
+      const interceptorFn = interceptor(mockNext)
+
+      mockNext.mockResolvedValue(mockResponse)
+
+      const result = await interceptorFn(mockRequest as any)
+
+      expect(mockRequest.header.get('Authorization')).toBe(`Bearer ${jwtToken}`)
+      expect(mockNext).toHaveBeenCalledWith(mockRequest)
+      expect(result).toBe(mockResponse)
+    })
+
+    it('should work with various JWT token formats', async () => {
+      const tokens = [
+        'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c',
+        'simple-token',
+        'token-with-many-dashes-123-456-789',
+      ]
+
+      for (const token of tokens) {
+        const interceptor = createCustomerAuthenticationInterceptor(token)
+        const interceptorFn = interceptor(mockNext)
+
+        mockNext.mockResolvedValue(mockResponse)
+
+        const request = { header: new Headers() }
+        await interceptorFn(request as any)
+
+        expect(request.header.get('Authorization')).toBe(`Bearer ${token}`)
+      }
+    })
+
+    it('should work with stream requests', async () => {
+      const jwtToken = 'test-jwt-token'
+      const interceptor = createCustomerAuthenticationInterceptor(jwtToken)
+      const interceptorFn = interceptor(mockNext)
+
+      const streamRequest = {
+        ...mockRequest,
+        stream: true,
+      }
+
+      mockNext.mockResolvedValue(mockResponse)
+
+      const result = await interceptorFn(streamRequest as any)
+
+      expect(streamRequest.header.get('Authorization')).toBe(
+        `Bearer ${jwtToken}`
+      )
+      expect(result).toBe(mockResponse)
+    })
+
+    it('should throw error for empty JWT token', async () => {
+      const interceptor = createCustomerAuthenticationInterceptor('')
+      const interceptorFn = interceptor(mockNext)
+
+      try {
+        await interceptorFn(mockRequest as any)
+        expect.fail('Should have thrown error')
+      } catch (error) {
+        expect(error).toBeInstanceOf(ConnectError)
+      }
+    })
+
+    it('should throw Unauthenticated error code for empty JWT', async () => {
+      const interceptor = createCustomerAuthenticationInterceptor('')
+      const interceptorFn = interceptor(mockNext)
+
+      try {
+        await interceptorFn(mockRequest as any)
+        expect.fail('Should have thrown error')
+      } catch (error) {
+        expect(error).toBeInstanceOf(ConnectError)
+        expect((error as ConnectError).code).toBe(Code.Unauthenticated)
+      }
+    })
+
+    it('should throw error for null JWT token', async () => {
+      const interceptor = createCustomerAuthenticationInterceptor(null as any)
+      const interceptorFn = interceptor(mockNext)
+
+      await expect(interceptorFn(mockRequest as any)).rejects.toThrow()
+    })
+
+    it('should throw error for undefined JWT token', async () => {
+      const interceptor = createCustomerAuthenticationInterceptor(
+        undefined as any
+      )
+      const interceptorFn = interceptor(mockNext)
+
+      await expect(interceptorFn(mockRequest as any)).rejects.toThrow()
+    })
+
+    it('should not call next when JWT validation fails', async () => {
+      const interceptor = createCustomerAuthenticationInterceptor('')
+      const interceptorFn = interceptor(mockNext)
+
+      await expect(interceptorFn(mockRequest as any)).rejects.toThrow()
+
+      // next should never be called if validation fails
+      expect(mockNext).not.toHaveBeenCalled()
+    })
+
+    it('should propagate response from next interceptor', async () => {
+      const jwtToken = 'test-jwt-token'
+      const interceptor = createCustomerAuthenticationInterceptor(jwtToken)
+      const interceptorFn = interceptor(mockNext)
+
+      const customResponse = {
+        ...mockResponse,
+        message: { $typeName: 'custom.Message', userId: 'user123' },
+      }
+
+      mockNext.mockResolvedValue(customResponse)
+
+      const result = await interceptorFn(mockRequest)
+
+      expect(result).toBe(customResponse)
+      expect((result.message as any).userId).toBe('user123')
+    })
+  })
+
+  describe('createHeadersInterceptor', () => {
+    let mockNext: MockedFunction<
+      (
+        req: UnaryRequest | StreamRequest
+      ) => Promise<UnaryResponse | StreamResponse>
+    >
+    let mockRequest: any
+    let mockResponse: any
+
+    beforeEach(() => {
+      mockNext = vi.fn() as MockedFunction<
+        (
+          req: UnaryRequest | StreamRequest
+        ) => Promise<UnaryResponse | StreamResponse>
+      >
+
+      mockRequest = {
+        header: new Headers(),
+      }
+
+      mockResponse = {
+        header: new Headers(),
+        message: { $typeName: 'test.Message' },
+        trailer: new Headers(),
+      }
+    })
+
+    it('should set expected headers from header mapping', async () => {
+      const customHeaders = {
+        'x-original-host': 'example.com',
+        'x-shop-id': 'shop123',
+        'x-sitepath': '/path',
+        'x-locale': 'en',
+        'x-region': 'US',
+      }
+      const interceptor = createHeadersInterceptor(customHeaders)
+      const interceptorFn = interceptor(mockNext)
+
+      mockNext.mockResolvedValue(mockResponse)
+
+      const result = await interceptorFn(mockRequest as any)
+
+      expect(mockRequest.header.get('X-Original-Host')).toBe('example.com')
+      expect(mockRequest.header.get('X-shop-id')).toBe('shop123')
+      expect(mockRequest.header.get('X-Sitepath')).toBe('/path')
+      expect(mockRequest.header.get('X-locale')).toBe('en')
+      expect(mockRequest.header.get('X-region')).toBe('US')
+
+      expect(mockNext).toHaveBeenCalledWith(mockRequest)
+      expect(result).toBe(mockResponse)
+    })
+
+    it('should throw error when x-original-host is missing', async () => {
+      const customHeaders = {
+        'x-shop-id': 'shop123',
+        'x-sitepath': '/path',
+        'x-locale': 'en',
+        'x-region': 'US',
+      }
+      const interceptor = createHeadersInterceptor(customHeaders as any)
+      const interceptorFn = interceptor(mockNext)
+
+      try {
+        await interceptorFn(mockRequest as any)
+        expect.fail('Should have thrown error')
+      } catch (error) {
+        expect(error).toBeInstanceOf(ConnectError)
+        expect((error as ConnectError).code).toBe(Code.InvalidArgument)
+        expect((error as ConnectError).message).toContain('Original host')
+      }
+    })
+
+    it('should throw error when x-shop-id is missing', async () => {
+      const customHeaders = {
+        'x-original-host': 'example.com',
+        'x-sitepath': '/path',
+        'x-locale': 'en',
+        'x-region': 'US',
+      }
+      const interceptor = createHeadersInterceptor(customHeaders as any)
+      const interceptorFn = interceptor(mockNext)
+
+      try {
+        await interceptorFn(mockRequest as any)
+        expect.fail('Should have thrown error')
+      } catch (error) {
+        expect(error).toBeInstanceOf(ConnectError)
+        expect((error as ConnectError).message).toContain('Shop id')
+      }
+    })
+
+    it('should throw error when x-sitepath is missing', async () => {
+      const customHeaders = {
+        'x-original-host': 'example.com',
+        'x-shop-id': 'shop123',
+        'x-locale': 'en',
+        'x-region': 'US',
+      }
+      const interceptor = createHeadersInterceptor(customHeaders as any)
+      const interceptorFn = interceptor(mockNext)
+
+      try {
+        await interceptorFn(mockRequest as any)
+        expect.fail('Should have thrown error')
+      } catch (error) {
+        expect(error).toBeInstanceOf(ConnectError)
+        expect((error as ConnectError).message).toContain('Sitepath')
+      }
+    })
+
+    it('should throw error when x-locale is missing', async () => {
+      const customHeaders = {
+        'x-original-host': 'example.com',
+        'x-shop-id': 'shop123',
+        'x-sitepath': '/path',
+        'x-region': 'US',
+      }
+      const interceptor = createHeadersInterceptor(customHeaders as any)
+      const interceptorFn = interceptor(mockNext)
+
+      try {
+        await interceptorFn(mockRequest as any)
+        expect.fail('Should have thrown error')
+      } catch (error) {
+        expect(error).toBeInstanceOf(ConnectError)
+        expect((error as ConnectError).message).toContain('Locale')
+      }
+    })
+
+    it('should throw error when x-region is missing', async () => {
+      const customHeaders = {
+        'x-original-host': 'example.com',
+        'x-shop-id': 'shop123',
+        'x-sitepath': '/path',
+        'x-locale': 'en',
+      }
+      const interceptor = createHeadersInterceptor(customHeaders as any)
+      const interceptorFn = interceptor(mockNext)
+
+      try {
+        await interceptorFn(mockRequest as any)
+        expect.fail('Should have thrown error')
+      } catch (error) {
+        expect(error).toBeInstanceOf(ConnectError)
+        expect((error as ConnectError).message).toContain('Region')
+      }
+    })
+
+    it('should throw error when x-original-host is null', async () => {
+      const customHeaders = {
+        'x-original-host': null,
+        'x-shop-id': 'shop123',
+        'x-sitepath': '/path',
+        'x-locale': 'en',
+        'x-region': 'US',
+      }
+      const interceptor = createHeadersInterceptor(customHeaders)
+      const interceptorFn = interceptor(mockNext)
+
+      await expect(interceptorFn(mockRequest)).rejects.toThrow()
+    })
+
+    it('should throw error when x-shop-id is null', async () => {
+      const customHeaders = {
+        'x-original-host': 'example.com',
+        'x-shop-id': null,
+        'x-sitepath': '/path',
+        'x-locale': 'en',
+        'x-region': 'US',
+      }
+      const interceptor = createHeadersInterceptor(customHeaders)
+      const interceptorFn = interceptor(mockNext)
+
+      await expect(interceptorFn(mockRequest)).rejects.toThrow()
+    })
+
+    it('should throw error when x-sitepath is null', async () => {
+      const customHeaders = {
+        'x-original-host': 'example.com',
+        'x-shop-id': 'shop123',
+        'x-sitepath': null,
+        'x-locale': 'en',
+        'x-region': 'US',
+      }
+      const interceptor = createHeadersInterceptor(customHeaders)
+      const interceptorFn = interceptor(mockNext)
+
+      await expect(interceptorFn(mockRequest)).rejects.toThrow()
+    })
+
+    it('should throw error when x-locale is null', async () => {
+      const customHeaders = {
+        'x-original-host': 'example.com',
+        'x-shop-id': 'shop123',
+        'x-sitepath': '/path',
+        'x-locale': null,
+        'x-region': 'US',
+      }
+      const interceptor = createHeadersInterceptor(customHeaders)
+      const interceptorFn = interceptor(mockNext)
+
+      await expect(interceptorFn(mockRequest)).rejects.toThrow()
+    })
+
+    it('should throw error when x-region is null', async () => {
+      const customHeaders = {
+        'x-original-host': 'example.com',
+        'x-shop-id': 'shop123',
+        'x-sitepath': '/path',
+        'x-locale': 'en',
+        'x-region': null,
+      }
+      const interceptor = createHeadersInterceptor(customHeaders)
+      const interceptorFn = interceptor(mockNext)
+
+      await expect(interceptorFn(mockRequest)).rejects.toThrow()
+    })
+
+    it('should work with stream requests', async () => {
+      const customHeaders = {
+        'x-original-host': 'example.com',
+        'x-shop-id': 'shop123',
+        'x-sitepath': '/path',
+        'x-locale': 'en',
+        'x-region': 'US',
+      }
+      const interceptor = createHeadersInterceptor(customHeaders)
+      const interceptorFn = interceptor(mockNext)
+
+      const streamRequest = {
+        header: new Headers(),
+        stream: true,
+      }
+
+      mockNext.mockResolvedValue(mockResponse)
+
+      const result = await interceptorFn(streamRequest as any)
+
+      expect(streamRequest.header.get('X-Original-Host')).toBe('example.com')
+      expect(streamRequest.header.get('X-shop-id')).toBe('shop123')
+      expect(result).toBe(mockResponse)
+    })
+
+    it('should not call next when header validation fails', async () => {
+      const customHeaders = {
+        'x-original-host': 'example.com',
+        // Missing x-shop-id
+        'x-sitepath': '/path',
+        'x-locale': 'en',
+        'x-region': 'US',
+      }
+      const interceptor = createHeadersInterceptor(customHeaders as any)
+      const interceptorFn = interceptor(mockNext)
+
+      await expect(interceptorFn(mockRequest)).rejects.toThrow()
+
+      // next should never be called if validation fails
+      expect(mockNext).not.toHaveBeenCalled()
+    })
+
+    it('should propagate response from next interceptor', async () => {
+      const customHeaders = {
+        'x-original-host': 'example.com',
+        'x-shop-id': 'shop123',
+        'x-sitepath': '/path',
+        'x-locale': 'en',
+        'x-region': 'US',
+      }
+      const interceptor = createHeadersInterceptor(customHeaders)
+      const interceptorFn = interceptor(mockNext)
+
+      const customResponse = {
+        ...mockResponse,
+        message: { $typeName: 'custom.Message', requestId: 'req123' },
+      }
+
+      mockNext.mockResolvedValue(customResponse)
+
+      const result = await interceptor(mockNext)(mockRequest as any)
+
+      expect(result).toBe(customResponse)
+      expect((result.message as any).requestId).toBe('req123')
+    })
+
+    it('should handle headers with special characters', async () => {
+      const customHeaders = {
+        'x-original-host': 'example.com:8080',
+        'x-shop-id': 'shop-123-456',
+        'x-sitepath': '/en-GB/products',
+        'x-locale': 'en_GB',
+        'x-region': 'EU-West-1',
+      }
+      const interceptor = createHeadersInterceptor(customHeaders)
+      const interceptorFn = interceptor(mockNext)
+
+      mockNext.mockResolvedValue(mockResponse)
+
+      const result = await interceptorFn(mockRequest)
+
+      expect(mockRequest.header.get('X-Original-Host')).toBe('example.com:8080')
+      expect(mockRequest.header.get('X-shop-id')).toBe('shop-123-456')
+      expect(mockRequest.header.get('X-Sitepath')).toBe('/en-GB/products')
+      expect(result).toBe(mockResponse)
+    })
+
+    it('should handle empty string headers (should fail validation)', async () => {
+      const customHeaders = {
+        'x-original-host': '',
+        'x-shop-id': 'shop123',
+        'x-sitepath': '/path',
+        'x-locale': 'en',
+        'x-region': 'US',
+      }
+      const interceptor = createHeadersInterceptor(customHeaders)
+      const interceptorFn = interceptor(mockNext)
+
+      // Empty string is falsy, so validation should fail
+      await expect(interceptorFn(mockRequest)).rejects.toThrow()
+    })
+  })
+
+  describe('interceptor integration', () => {
+    it('should chain multiple interceptors in order', async () => {
+      const jwtToken = 'test-jwt'
+      const mockNext = vi.fn() as any
+
+      mockNext.mockResolvedValue({
+        header: new Headers(),
+        message: { $typeName: 'test.Message' },
+        trailer: new Headers(),
+      })
+
+      const mockCheckoutConfig = {
+        hostname: 'example.com',
+        cmsRemoteURL: 'https://cms.example.com',
+        enterpriseRemoteURL: 'https://enterprise.example.com',
+        cmsURL: 'https://cms-local.example.com',
+        enterpriseURL: 'https://enterprise.example.com',
+        secureCookiePassword: 'secure-cookie-password',
+        forestAPIKey: 'forest-api-key',
+        saleChannelAccessKey: 'test-sales-channel-access',
+        salesChannelAPISecret: 'test-sales-channel-secret',
+        storeAccessKey: 'test-store-access',
+        storeAPISecret: 'test-store-secret',
+        isProduction: false,
+        posthogKey: 'posthog-key',
+        posthogDomain: 'posthog.example.com',
+        posthogHost: 'posthog.example.com',
+        assetsPath: '/assets',
+        assetsDomain: 'assets.example.com',
+        turnstileKey: 'turnstile-key',
+        turnstileSecret: 'turnstile-secret',
+        redis: {
+          user: 'redis-user',
+          host: 'localhost',
+          password: 'redis-password',
+          port: 6379,
+        },
+      } as any
+
+      // Create interceptors
+      const authInterceptor = createAuthenticationInterceptor(
+        mockCheckoutConfig as any
+      )
+      const customerAuthInterceptor =
+        createCustomerAuthenticationInterceptor(jwtToken)
+      const loggingInterceptor = createLoggingInterceptor()
+
+      // Chain them together
+      const chainedInterceptor = authInterceptor(
+        customerAuthInterceptor(loggingInterceptor(mockNext))
+      )
+
+      const mockRequest = {
+        header: new Headers(),
+        method: {
+          toString: () => 'TestService/TestMethod',
+        },
+        message: { $typeName: 'test.Message' },
+      }
+
+      await chainedInterceptor(mockRequest as any)
+
+      // Verify all headers are set
+      expect(mockRequest.header.get('X-Store-Key')).toBe('test-store-secret')
+      expect(mockRequest.header.get('X-SA-Key')).toBe('test-store-access')
+      expect(mockRequest.header.get('Authorization')).toBe(`Bearer ${jwtToken}`)
+      expect(mockNext).toHaveBeenCalled()
+    })
+
+    it('should handle errors in chained interceptors', async () => {
+      const jwtToken = ''
+
+      const mockNext = vi.fn() as any
+      mockNext.mockResolvedValue({
+        header: new Headers(),
+        message: { $typeName: 'test.Message' },
+        trailer: new Headers(),
+      })
+
+      const mockCheckoutConfig = {
+        hostname: 'example.com',
+        cmsRemoteURL: 'https://cms.example.com',
+        enterpriseRemoteURL: 'https://enterprise.example.com',
+        cmsURL: 'https://cms-local.example.com',
+        enterpriseURL: 'https://enterprise.example.com',
+        secureCookiePassword: 'secure-cookie-password',
+        forestAPIKey: 'forest-api-key',
+        saleChannelAccessKey: 'test-sales-channel-access',
+        salesChannelAPISecret: 'test-sales-channel-secret',
+        storeAccessKey: 'test-store-access',
+        storeAPISecret: 'test-store-secret',
+        isProduction: false,
+        posthogKey: 'posthog-key',
+        posthogDomain: 'posthog.example.com',
+        posthogHost: 'posthog.example.com',
+        assetsPath: '/assets',
+        assetsDomain: 'assets.example.com',
+        turnstileKey: 'turnstile-key',
+        turnstileSecret: 'turnstile-secret',
+        redis: {
+          user: 'redis-user',
+          host: 'localhost',
+          password: 'redis-password',
+          port: 6379,
+        },
+      } as any
+
+      // Chain: auth -> customer auth (will fail) -> logging
+      const authInterceptor = createAuthenticationInterceptor(
+        mockCheckoutConfig as any
+      )
+      const customerAuthInterceptor =
+        createCustomerAuthenticationInterceptor(jwtToken)
+      const loggingInterceptor = createLoggingInterceptor()
+
+      const chainedInterceptor = authInterceptor(
+        customerAuthInterceptor(loggingInterceptor(mockNext))
+      )
+
+      const mockRequest = {
+        header: new Headers(),
+        method: {
+          toString: () => 'TestService/TestMethod',
+        },
+        message: { $typeName: 'test.Message' },
+      }
+
+      // Should fail at customer auth interceptor
+      await expect(chainedInterceptor(mockRequest as any)).rejects.toThrow()
+
+      // Auth headers should still be set before error
+      expect(mockRequest.header.get('X-Store-Key')).toBe('test-store-secret')
+
+      // But next should not be called
+      expect(mockNext).not.toHaveBeenCalled()
+    })
+
+    it('should work with all interceptors including headers', async () => {
+      const jwtToken = 'test-jwt'
+      const mockNext = vi.fn() as any
+
+      mockNext.mockResolvedValue({
+        header: new Headers(),
+        message: { $typeName: 'test.Message' },
+        trailer: new Headers(),
+      })
+
+      const mockCheckoutConfig = {
+        hostname: 'example.com',
+        cmsRemoteURL: 'https://cms.example.com',
+        enterpriseRemoteURL: 'https://enterprise.example.com',
+        cmsURL: 'https://cms-local.example.com',
+        enterpriseURL: 'https://enterprise.example.com',
+        secureCookiePassword: 'secure-cookie-password',
+        forestAPIKey: 'forest-api-key',
+        saleChannelAccessKey: 'test-sales-channel-access',
+        salesChannelAPISecret: 'test-sales-channel-secret',
+        storeAccessKey: 'test-store-access',
+        storeAPISecret: 'test-store-secret',
+        isProduction: false,
+        posthogKey: 'posthog-key',
+        posthogDomain: 'posthog.example.com',
+        posthogHost: 'posthog.example.com',
+        assetsPath: '/assets',
+        assetsDomain: 'assets.example.com',
+        turnstileKey: 'turnstile-key',
+        turnstileSecret: 'turnstile-secret',
+        redis: {
+          user: 'redis-user',
+          host: 'localhost',
+          password: 'redis-password',
+          port: 6379,
+        },
+      } as any
+
+      const customHeaders = {
+        'x-original-host': 'example.com',
+        'x-shop-id': 'shop123',
+        'x-sitepath': '/path',
+        'x-locale': 'en',
+        'x-region': 'US',
+      }
+
+      // Chain all interceptors
+      const headersInterceptor = createHeadersInterceptor(customHeaders)
+      const authInterceptor = createAuthenticationInterceptor(
+        mockCheckoutConfig as any
+      )
+      const customerAuthInterceptor =
+        createCustomerAuthenticationInterceptor(jwtToken)
+      const loggingInterceptor = createLoggingInterceptor()
+
+      const chainedInterceptor = headersInterceptor(
+        authInterceptor(customerAuthInterceptor(loggingInterceptor(mockNext)))
+      )
+
+      const mockRequest = {
+        header: new Headers(),
+        method: {
+          toString: () => 'TestService/TestMethod',
+        },
+        message: { $typeName: 'test.Message' },
+      }
+
+      await chainedInterceptor(mockRequest as any)
+
+      // Verify all headers from all interceptors are set
+      expect(mockRequest.header.get('X-Original-Host')).toBe('example.com')
+      expect(mockRequest.header.get('X-shop-id')).toBe('shop123')
+      expect(mockRequest.header.get('X-Store-Key')).toBe('test-store-secret')
+      expect(mockRequest.header.get('Authorization')).toBe(`Bearer ${jwtToken}`)
+      expect(mockNext).toHaveBeenCalled()
+    })
+
+    it('should validate headers before auth in chain', async () => {
+      const mockNext = vi.fn() as any
+      mockNext.mockResolvedValue({
+        header: new Headers(),
+        message: { $typeName: 'test.Message' },
+        trailer: new Headers(),
+      })
+
+      const mockCheckoutConfig = {
+        hostname: 'example.com',
+        cmsRemoteURL: 'https://cms.example.com',
+        enterpriseRemoteURL: 'https://enterprise.example.com',
+        cmsURL: 'https://cms-local.example.com',
+        enterpriseURL: 'https://enterprise.example.com',
+        secureCookiePassword: 'secure-cookie-password',
+        forestAPIKey: 'forest-api-key',
+        saleChannelAccessKey: 'test-sales-channel-access',
+        salesChannelAPISecret: 'test-sales-channel-secret',
+        storeAccessKey: 'test-store-access',
+        storeAPISecret: 'test-store-secret',
+        isProduction: false,
+        posthogKey: 'posthog-key',
+        posthogDomain: 'posthog.example.com',
+        posthogHost: 'posthog.example.com',
+        assetsPath: '/assets',
+        assetsDomain: 'assets.example.com',
+        turnstileKey: 'turnstile-key',
+        turnstileSecret: 'turnstile-secret',
+        redis: {
+          user: 'redis-user',
+          host: 'localhost',
+          password: 'redis-password',
+          port: 6379,
+        },
+      } as any
+
+      const invalidHeaders = {
+        // Missing x-shop-id
+        'x-original-host': 'example.com',
+        'x-sitepath': '/path',
+        'x-locale': 'en',
+        'x-region': 'US',
+      }
+
+      const headersInterceptor = createHeadersInterceptor(invalidHeaders as any)
+      const authInterceptor = createAuthenticationInterceptor(
+        mockCheckoutConfig as any
+      )
+
+      const chainedInterceptor = headersInterceptor(authInterceptor(mockNext))
+
+      const mockRequest = {
+        header: new Headers(),
+        message: { $typeName: 'test.Message' },
+      }
+
+      // Should fail at headers validation
+      await expect(chainedInterceptor(mockRequest as any)).rejects.toThrow()
+
+      // Auth headers should not be set because headers validation failed
+      expect(mockRequest.header.get('X-Store-Key')).toBeNull()
+    })
+  })
+})