@pradip1995/commerce-auth 1.0.0

package/src/data/guest.ts

@@ -0,0 +1,357 @@
+"use server"
+
+import { cookies, headers } from "next/headers"
+import { getGuestAuthHeaders } from "./cookies"
+import { sdk } from "@core/config"
+
+const BACKEND_URL =
+  process.env.NEXT_PUBLIC_MEDUSA_BACKEND_URL || "http://localhost:9000"
+const PUBLISHABLE_KEY = process.env.NEXT_PUBLIC_MEDUSA_PUBLISHABLE_KEY
+
+/**
+ * Compatibility wrapper for sendOTP
+ */
+export async function sendOTP(email: string, type: string = "email_verification") {
+  const res = await requestGuestOTP(email)
+  // The previous project expected a token or success.
+  // We return a dummy token if successful because the UI checks for it.
+  if (res.success) {
+    return { success: true, token: "otp_sent_successfully" }
+  }
+  return res
+}
+
+/**
+ * Compatibility wrapper for verifyOTP
+ */
+export async function verifyOTP(email: string, token: string, otp: string) {
+  // The previous implementation used 3 args, but guest.ts uses 2.
+  // We ignore the mid 'token' as per user's working code.
+  return await verifyGuestOTP(email, otp)
+}
+
+import { retrieveOrder } from "./orders"
+
+/**
+ * Compatibility wrapper for listGuestOrders
+ */
+export async function listGuestOrders(token: string) {
+  const res = await getGuestOrders(token)
+  if (!res.success) {
+    throw new Error(res.error || "Failed to fetch orders")
+  }
+
+  // Fetch full details for each order to ensure latest fulfillment_status is available
+  // because the custom list endpoint might not return all fields correctly.
+  const fullOrders = await Promise.all(
+    (res.orders || []).map(async (order: any) => {
+      try {
+        return await retrieveOrder(order.id)
+      } catch (e) {
+        return order
+      }
+    })
+  )
+
+  return { orders: fullOrders, count: fullOrders.length }
+}
+
+export async function requestGuestOTP(email: string) {
+  const headers: Record<string, string> = {
+    "Content-Type": "application/json",
+  }
+  if (PUBLISHABLE_KEY) headers["x-publishable-api-key"] = PUBLISHABLE_KEY
+
+  try {
+    const res = await fetch(`${BACKEND_URL}/store/otp/request`, {
+      method: "POST",
+      headers,
+      body: JSON.stringify({ email }),
+      cache: "no-store",
+    })
+
+    if (!res.ok) {
+      const errorData = await res.json().catch(() => ({}))
+      throw new Error(errorData.message || "Failed to send OTP")
+    }
+    return { success: true }
+  } catch (error: any) {
+    return { success: false, error: error.message }
+  }
+}
+
+export async function verifyGuestOTP(email: string, otp: string) {
+  const headers: Record<string, string> = {
+    "Content-Type": "application/json",
+  }
+  if (PUBLISHABLE_KEY) headers["x-publishable-api-key"] = PUBLISHABLE_KEY
+
+  try {
+    const res = await fetch(`${BACKEND_URL}/store/otp/verify`, {
+      method: "POST",
+      headers,
+      body: JSON.stringify({ email, otp }),
+      cache: "no-store",
+    })
+
+    if (!res.ok) {
+      const errorData = await res.json().catch(() => ({}))
+      throw new Error(errorData.message || "Failed to verify OTP")
+    }
+
+    const data = await res.json()
+
+    if (data.token) {
+      const cookieStore = await cookies()
+      cookieStore.set("_medusa_guest_jwt", data.token, {
+        httpOnly: true,
+        secure: process.env.NODE_ENV === "production",
+        maxAge: 60 * 60 * 24, // 1 day
+        path: "/",
+      })
+    } else {
+      throw new Error("No token returned")
+    }
+
+    return { success: true, token: data.token }
+  } catch (error: any) {
+    return { success: false, error: error.message }
+  }
+}
+
+export async function logoutGuest() {
+  const cookieStore = await cookies()
+  cookieStore.set("_medusa_guest_jwt", "", {
+    maxAge: -1,
+    path: "/",
+  })
+  return { success: true }
+}
+
+export async function getGuestOrders(token?: string) {
+  const cookieStore = await cookies()
+  const headersStore = await headers()
+  const authHeader = headersStore.get("authorization")
+  const headerToken = authHeader?.startsWith("Bearer ")
+    ? authHeader.split(" ")[1]
+    : undefined
+
+  const authToken = token || headerToken || cookieStore.get("_medusa_guest_jwt")?.value
+  if (!authToken) return { success: false, error: "Unauthorized" }
+
+  const requestHeaders: Record<string, string> = {
+    Authorization: `Bearer ${authToken}`,
+  }
+  if (PUBLISHABLE_KEY) requestHeaders["x-publishable-api-key"] = PUBLISHABLE_KEY
+
+  try {
+    const response = await sdk.client.fetch<any>(`/store/guest-orders`, {
+      method: "GET",
+      headers: requestHeaders,
+      query: {
+        fields:
+          "id,display_id,status,fulfillment_status,payment_status,created_at,currency_code,total,subtotal,tax_total,shipping_total,discount_total,metadata,email,*items,*items.variant,*items.variant.product",
+      },
+      cache: "no-store",
+    })
+
+    return { success: true, orders: response.orders || [] }
+  } catch (error: any) {
+    return { success: false, error: error.message }
+  }
+}
+
+export async function getGuestOrder(id: string, token?: string) {
+  const cookieStore = await cookies()
+  const headersStore = await headers()
+  const authHeader = headersStore.get("authorization")
+  const headerToken = authHeader?.startsWith("Bearer ")
+    ? authHeader.split(" ")[1]
+    : undefined
+
+  const authToken = token || headerToken || cookieStore.get("_medusa_guest_jwt")?.value
+  if (!authToken) return { success: false, error: "Unauthorized" }
+
+  const requestHeaders: Record<string, string> = {
+    Authorization: `Bearer ${authToken}`,
+  }
+  if (PUBLISHABLE_KEY) requestHeaders["x-publishable-api-key"] = PUBLISHABLE_KEY
+
+  try {
+    const response = await sdk.client.fetch<any>(`/store/orders/${id}`, {
+      method: "GET",
+      headers: requestHeaders,
+      query: {
+        fields:
+          "*payment_collections.payments,*items,*items.metadata,*items.variant,*items.variant.images,*items.variant.product,*items.variant.product.thumbnail,*items.variant.product.images,*items.product,*items.product.thumbnail,*items.product.images,*fulfillments,*fulfillments.items,*fulfillments.location_id,*returns,*returns.items,*cart,*shipping_address,*billing_address,*region,*shipping_methods",
+      },
+      cache: "no-store",
+    })
+
+    if (response.order) {
+      return { success: true, order: response.order }
+    } else {
+      return { success: false, error: "Order not found" }
+    }
+  } catch (error: any) {
+    return { success: false, error: error.message }
+  }
+}
+
+export async function cancelGuestOrder(orderId: string, token?: string) {
+  const authHeaders = await getGuestAuthHeaders()
+  const authToken = token || (authHeaders as any).authorization?.split(" ")[1]
+
+  if (!authToken) return { success: false, error: "Unauthorized" }
+
+  const requestHeaders: Record<string, string> = {
+    Authorization: `Bearer ${authToken}`,
+  }
+  if (PUBLISHABLE_KEY) requestHeaders["x-publishable-api-key"] = PUBLISHABLE_KEY
+
+  try {
+    const response = await fetch(
+      `${BACKEND_URL}/store/guest-orders/${orderId}/cancel`,
+      {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json",
+          ...requestHeaders,
+        },
+        cache: "no-store",
+      }
+    )
+
+    if (!response.ok) {
+      const errorData = await response.json().catch(() => ({}))
+      throw new Error(errorData.message || "Failed to cancel order")
+    }
+
+    return { success: true }
+  } catch (error: any) {
+    return { success: false, error: error.message }
+  }
+}
+
+export async function getGuestOrderInvoice(orderId: string, token?: string) {
+  const authHeaders = await getGuestAuthHeaders()
+  const authToken = token || (authHeaders as any).authorization?.split(" ")[1]
+
+  if (!authToken) return { success: false, error: "Unauthorized" }
+
+  const requestHeaders: Record<string, string> = {
+    Authorization: `Bearer ${authToken}`,
+  }
+  if (PUBLISHABLE_KEY) requestHeaders["x-publishable-api-key"] = PUBLISHABLE_KEY
+
+  try {
+    const response = await fetch(
+      `${BACKEND_URL}/store/guest/invoice/download/${orderId}`,
+      {
+        method: "GET",
+        headers: requestHeaders,
+        cache: "no-store",
+      }
+    )
+
+    if (!response.ok) {
+      const errorData = await response.json().catch(() => ({}))
+      throw new Error(errorData.message || "Failed to get invoice")
+    }
+
+    const contentType = response.headers.get("content-type")
+    if (contentType && contentType.includes("application/pdf")) {
+      const arrayBuffer = await response.arrayBuffer()
+      const base64 = Buffer.from(arrayBuffer).toString("base64")
+      return { success: true, type: "pdf", data: base64 }
+    } else {
+      const data = await response.json()
+      return { success: true, type: "json", data }
+    }
+  } catch (error: any) {
+    return { success: false, error: error.message }
+  }
+}
+
+export async function guestReorder(orderId: string, token?: string) {
+  const authHeaders = await getGuestAuthHeaders()
+  const authToken = token || (authHeaders as any).authorization?.split(" ")[1]
+
+  if (!authToken) return { success: false, error: "Unauthorized" }
+
+  const requestHeaders: Record<string, string> = {
+    Authorization: `Bearer ${authToken}`,
+  }
+  if (PUBLISHABLE_KEY) requestHeaders["x-publishable-api-key"] = PUBLISHABLE_KEY
+
+  try {
+    const response = await fetch(
+      `${BACKEND_URL}/store/guest-orders/${orderId}/reorder`,
+      {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json",
+          ...requestHeaders,
+        },
+        cache: "no-store",
+      }
+    )
+
+    if (!response.ok) {
+      const errorData = await response.json().catch(() => ({}))
+      throw new Error(errorData.message || "Failed to reorder")
+    }
+
+    const data = await response.json()
+    return { success: true, data }
+  } catch (error: any) {
+    return { success: false, error: error.message }
+  }
+}
+
+export async function createGuestReturn(
+  orderId: string,
+  items: { id: string; quantity: number }[],
+  reason_id?: string,
+  note?: string,
+  token?: string
+) {
+  const authHeaders = await getGuestAuthHeaders()
+  const authToken = token || (authHeaders as any).authorization?.split(" ")[1]
+
+  if (!authToken) return { success: false, error: "Unauthorized" }
+
+  const requestHeaders: Record<string, string> = {
+    Authorization: `Bearer ${authToken}`,
+  }
+  if (PUBLISHABLE_KEY) requestHeaders["x-publishable-api-key"] = PUBLISHABLE_KEY
+
+  try {
+    const response = await fetch(
+      `${BACKEND_URL}/store/guest-orders/${orderId}/returns`,
+      {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json",
+          ...requestHeaders,
+        },
+        body: JSON.stringify({
+          items,
+          reason_id,
+          note,
+        }),
+        cache: "no-store",
+      }
+    )
+
+    if (!response.ok) {
+      const errorData = await response.json().catch(() => ({}))
+      throw new Error(errorData.message || "Failed to create return request")
+    }
+
+    const data = await response.json()
+    return { success: true, data }
+  } catch (error: any) {
+    return { success: false, error: error.message }
+  }
+}

package/src/index.ts

@@ -0,0 +1,12 @@
+export { LOGIN_VIEW } from "./types/account"
+export type {
+  AccountPageData,
+  LoginSlotProps,
+  RegisterSlotProps,
+  ForgotPasswordSlotProps,
+} from "./types/account"
+
+export { default as Login } from "./components/login"
+export { default as Register } from "./components/register"
+export { default as ForgotPassword } from "./components/forgot-password"
+export { default as LoginTemplate } from "./templates/login-template"

package/src/templates/login-template.tsx

@@ -0,0 +1,44 @@
+"use client"
+
+import { useState } from "react"
+
+import { LOGIN_VIEW } from "@core/types/account"
+import Login from "@modules/account/components/login"
+import Register from "@modules/account/components/register"
+import ForgotPassword from "@modules/account/components/forgot-password"
+
+export { LOGIN_VIEW }
+
+const LoginTemplate = () => {
+  const [currentView, setCurrentView] = useState(LOGIN_VIEW.SIGN_IN)
+
+  const renderView = () => {
+    switch (currentView) {
+      case LOGIN_VIEW.REGISTER:
+        return <Register setCurrentView={setCurrentView} />
+      case LOGIN_VIEW.FORGOT_PASSWORD:
+        return <ForgotPassword setCurrentView={setCurrentView} />
+      default:
+        return <Login setCurrentView={setCurrentView} />
+    }
+  }
+
+  return (
+    <div className="min-h-screen w-full flex flex-col bg-page-bg">
+      <div className="flex-1 flex flex-col items-center justify-start px-2 min-[340px]:px-3 min-[550px]:px-4 sm:px-6 md:px-8 pt-2 min-[340px]:pt-3 min-[550px]:pt-4 sm:pt-4 md:pt-6 pb-6 min-[340px]:pb-8 min-[550px]:pb-8 sm:pb-8 md:pb-8">
+        <h1 className="text-2xl min-[340px]:text-3xl min-[550px]:text-3xl sm:text-4xl md:text-4xl font-bold text-heading mb-4 min-[340px]:mb-6 min-[550px]:mb-8 sm:mb-8 md:mb-8 text-center">
+          My Account
+        </h1>
+
+        <div
+          className="w-full bg-page-bg rounded-2xl shadow-lg p-4 min-[340px]:p-5 min-[550px]:p-6 sm:p-7 md:p-8"
+          style={{ maxWidth: "560px" }}
+        >
+          {renderView()}
+        </div>
+      </div>
+    </div>
+  )
+}
+
+export default LoginTemplate

package/src/types/account.ts

@@ -0,0 +1,21 @@
+export type AccountPageData = {
+  countryCode: string
+}
+
+export enum LOGIN_VIEW {
+  SIGN_IN = "sign-in",
+  REGISTER = "register",
+  FORGOT_PASSWORD = "forgot-password",
+}
+
+export type LoginSlotProps = {
+  setCurrentView: (view: LOGIN_VIEW) => void
+}
+
+export type RegisterSlotProps = {
+  setCurrentView: (view: LOGIN_VIEW) => void
+}
+
+export type ForgotPasswordSlotProps = {
+  setCurrentView: (view: LOGIN_VIEW) => void
+}

package/src/util-google-oauth.ts

@@ -0,0 +1,28 @@
+/**
+ * OAuth redirect_uri must exactly match a URI registered in Google Cloud Console.
+ * That is the storefront callback path (often includes country code), NOT the backend API path.
+ *
+ * Set NEXT_PUBLIC_GOOGLE_OAUTH_CALLBACK_URL to override (must match Console exactly).
+ */
+export function getGoogleOAuthCallbackUrl(countryCode?: string): string {
+  const explicit = process.env.NEXT_PUBLIC_GOOGLE_OAUTH_CALLBACK_URL?.trim()
+  if (explicit) {
+    return explicit
+  }
+
+  const base =
+    process.env.NEXT_PUBLIC_BASE_URL ||
+    process.env.STOREFRONT_URL ||
+    "http://localhost:8000"
+  const normalized = base.replace(/\/$/, "")
+  const region =
+    countryCode?.trim().toLowerCase() ||
+    process.env.NEXT_PUBLIC_DEFAULT_REGION?.trim().toLowerCase() ||
+    ""
+
+  if (region && /^[a-z]{2,3}$/i.test(region)) {
+    return `${normalized}/${region}/auth/customer/google/callback`
+  }
+
+  return `${normalized}/auth/customer/google/callback`
+}