@revenexx/cover 0.1.0 → 0.1.2

package/server/utils/revenexxSdk.ts

@@ -0,0 +1,213 @@
+import {
+	Carts,
+	Client,
+	Customers,
+	Inventories,
+	Markets,
+	Orders,
+	Payments,
+	Prices,
+	Products,
+	RevenexxException,
+	Search,
+	Shipping,
+} from "@revenexx/sdk";
+
+/**
+ * The generated revenexx web SDK, configured for the BFF. Every live
+ * "api"-keyed implementation goes through these service instances.
+ *
+ * Auth model: tenant API key (server-side only, never reaches the client).
+ * Configure via runtime config / env:
+ *   NUXT_REVENEXX_API_URL   (default https://api.revenexx.com)
+ *   NUXT_REVENEXX_TENANT    (tenant slug, e.g. "revenexx")
+ *   NUXT_REVENEXX_API_KEY   (rvxk_… gateway key)
+ */
+
+// Re-exported so route handlers can narrow SDK failures without importing
+// from the package themselves (Nitro auto-imports this util's exports).
+export { RevenexxException };
+
+export interface RevenexxSdkCallOptions {
+	readonly query?: Record<string, string | number | boolean | undefined>;
+	readonly body?: unknown;
+}
+
+export interface RevenexxSdk {
+	readonly client: Client;
+	readonly carts: Carts;
+	readonly customers: Customers;
+	readonly inventories: Inventories;
+	readonly markets: Markets;
+	readonly orders: Orders;
+	readonly payments: Payments;
+	readonly prices: Prices;
+	readonly products: Products;
+	readonly search: Search;
+	readonly shipping: Shipping;
+	/**
+	 * Low-level escape hatch over the SDK transport (same auth, same error
+	 * type) for the few operations whose gateway contracts are not complete
+	 * yet — list query parameters and auth/me's session check. Each call
+	 * site documents the missing contract piece; once the apps declare it
+	 * and the SDK regenerates, the call moves to the typed method.
+	 */
+	call<T>(method: "GET" | "POST" | "PUT" | "DELETE", path: string, options?: RevenexxSdkCallOptions): Promise<T>;
+}
+
+/**
+ * Expected user-facing failures (wrong credentials, duplicate email, …) are
+ * forwarded to the client as-is; everything else is an infrastructure error.
+ */
+const API_USER_ERROR_STATUS = new Set([400, 401, 404, 409, 429]);
+
+export function isApiUserError(err: unknown): err is RevenexxException {
+	return err instanceof RevenexxException && API_USER_ERROR_STATUS.has(err.code);
+}
+
+/**
+ * The customers app's auth passthrough answers with a generic error envelope
+ * (no machine type). Map the HTTP status onto the platform error types the
+ * client-side auth store already translates, so mock/api modes produce
+ * identical UX for the standard failures.
+ */
+export function apiAuthErrorType(err: RevenexxException): string {
+	switch (err.code) {
+		case 401: return "user_invalid_credentials";
+		case 404: return "user_not_found";
+		case 409: return "user_email_already_exists";
+		case 429: return "general_rate_limit_exceeded";
+		default: return err.type || "api_error";
+	}
+}
+
+/** Diagnostic fields for structured logs — never includes the API key. */
+export function apiErrorContext(err: unknown): Record<string, unknown> {
+	if (err instanceof RevenexxException) {
+		return { apiStatus: err.code, apiType: err.type, apiMessage: err.message };
+	}
+	return { errorMessage: err instanceof Error ? err.message : String(err) };
+}
+
+let sdk: RevenexxSdk | null = null;
+
+/**
+ * The platform's per-invocation tenant context (ADR-0057 §8): on a deployed
+ * Site the entrypoint resolves the tenant from the request Host and injects
+ *   x-revenexx-tenant   the tenant slug
+ *   x-revenexx-context  the brokered per-tenant JWT for gateway calls
+ * When present, they win over the env credentials — the same theme build
+ * serves any tenant. Resolution uses Nitro's async context (no event
+ * threading); outside a request, or without the headers, the env-configured
+ * tenant API key applies (local dev, the demo shop, previews).
+ */
+function brokeredContext(): { tenant: string; jwt: string } | null {
+	try {
+		const event = useEvent();
+		const tenant = getRequestHeader(event, "x-revenexx-tenant");
+		if (!tenant) {
+			return null;
+		}
+		return { tenant, jwt: getRequestHeader(event, "x-revenexx-context") ?? "" };
+	}
+	catch {
+		// No async context (e.g. startup code) — fall back to env credentials.
+		return null;
+	}
+}
+
+/**
+ * The tenant slug the current request's SDK calls are scoped to — the cache
+ * key for any server-side cache of gateway data (markets, categories, …).
+ * Module-level caches MUST be partitioned by this, or a multi-tenant theme
+ * leaks one tenant's data into another's pages.
+ */
+export function revenexxTenantKey(): string {
+	const brokered = brokeredContext();
+	if (brokered) {
+		return brokered.tenant;
+	}
+	const config = useRuntimeConfig();
+	return String(config.revenexxTenant || "");
+}
+
+export function useRevenexxSdk(): RevenexxSdk {
+	const brokered = brokeredContext();
+	if (!brokered && sdk) {
+		return sdk;
+	}
+
+	const config = useRuntimeConfig();
+	const endpoint = String(config.revenexxApiUrl || "https://api.revenexx.com").replace(/\/+$/, "");
+	const tenant = brokered?.tenant ?? String(config.revenexxTenant || "");
+	const apiKey = String(config.revenexxApiKey || "");
+
+	if (!tenant || (!brokered?.jwt && !apiKey)) {
+		throw new RevenexxException(
+			"revenexx API credentials are not configured (NUXT_REVENEXX_TENANT / NUXT_REVENEXX_API_KEY)",
+			503,
+			"api_not_configured",
+			"",
+		);
+	}
+
+	const client = new Client()
+		.setEndpoint(endpoint)
+		.setTenant(tenant);
+	if (brokered?.jwt) {
+		client.setBearerAuth(brokered.jwt);
+	}
+	else {
+		client.setApiKeyAuth(apiKey);
+	}
+
+	async function call<T>(
+		method: "GET" | "POST" | "PUT" | "DELETE",
+		path: string,
+		options: RevenexxSdkCallOptions = {},
+	): Promise<T> {
+		const url = new URL(endpoint + path);
+		const query: Record<string, string> = {};
+		for (const [key, value] of Object.entries(options.query ?? {})) {
+			if (value !== undefined) {
+				query[key] = String(value);
+			}
+		}
+
+		if (method === "GET") {
+			// client.call appends flattened params to the URL for GET requests
+			return await client.call("get", url, {}, query) as T;
+		}
+
+		for (const [key, value] of Object.entries(query)) {
+			url.searchParams.set(key, value);
+		}
+		return await client.call(
+			method.toLowerCase(),
+			url,
+			{ "content-type": "application/json" },
+			(options.body ?? {}) as never,
+		) as T;
+	}
+
+	const instance: RevenexxSdk = {
+		client,
+		carts: new Carts(client),
+		customers: new Customers(client),
+		inventories: new Inventories(client),
+		markets: new Markets(client),
+		orders: new Orders(client),
+		payments: new Payments(client),
+		prices: new Prices(client),
+		products: new Products(client),
+		search: new Search(client),
+		shipping: new Shipping(client),
+		call,
+	};
+	// Brokered instances are request-scoped (the JWT rotates per invocation)
+	// — only the env-credential client is a process-wide singleton.
+	if (!brokered) {
+		sdk = instance;
+	}
+	return instance;
+}

package/app/validations/companyName.ts

@@ -1,18 +0,0 @@
-import type { SimpleValidator } from "./types";
-
-// checks if the input is a valid company name (basic validation)
-export const companyName: SimpleValidator = (value) => {
-	const companyNameRegex = /^[a-zA-Z0-9äöüÄÖÜß\s.,'-]+$/;
-
-	if (typeof value !== "string") {
-		return null; // Not a string, let other validators handle this
-	}
-
-	const trimmedValue = value.trim();
-
-	if (!companyNameRegex.test(trimmedValue)) {
-		return "invalidCompanyName"; // Invalid company name format
-	}
-
-	return null; // Valid company name
-};

package/app/validations/maxLength.ts

@@ -1,12 +0,0 @@
-import type { SimpleValidator } from "./types";
-
-export const maxLength: SimpleValidator = (value, options) => {
-	const max = (options?.max as number) ?? Infinity;
-	if (typeof value !== "string") {
-		return null;
-	}
-	if (value.trim().length > max) {
-		return "maxLength";
-	}
-	return null;
-};

package/app/validations/optionalCompanyName.ts

@@ -1,23 +0,0 @@
-import type { SimpleValidator } from "./types";
-
-// Validates company name only when a value is present — field is optional.
-// Options { min, max } are forwarded to minLength/maxLength translation keys.
-export const optionalCompanyName: SimpleValidator = (value) => {
-	if (typeof value !== "string" || value.trim() === "") {
-		return null;
-	}
-	const trimmed = value.trim();
-	const min = 3;
-	const max = 64;
-	if (trimmed.length < min) {
-		return "minLength";
-	}
-	if (trimmed.length > max) {
-		return "maxLength";
-	}
-	const companyNameRegex = /^[a-zA-Z0-9äöüÄÖÜß\s.,'-]+$/;
-	if (!companyNameRegex.test(trimmed)) {
-		return "invalidCompanyName";
-	}
-	return null;
-};

package/app/validations/phoneNumber.ts

@@ -1,19 +0,0 @@
-import type { SimpleValidator } from "./types";
-
-// checks if the input is a valid phone number (basic validation)
-export const phoneNumber: SimpleValidator = (value) => {
-	if (typeof value !== "string") {
-		return null; // Not a string, let other validators handle this
-	}
-
-	const trimmedValue = value.trim();
-
-	// Basic regex for phone numbers (allows digits, spaces, dashes, parentheses, and plus sign)
-	const phoneRegex = /^[+\d]?(?:[\d\s-().]*)$/;
-
-	if (!phoneRegex.test(trimmedValue)) {
-		return "invalidPhoneNumber"; // Invalid phone number format
-	}
-
-	return null; // Valid phone number
-};

package/app/validations/termsRequired.ts

@@ -1,4 +0,0 @@
-import type { SimpleValidator } from "./types";
-
-export const termsRequired: SimpleValidator = value =>
-	value !== true ? "termsRequired" : null;

package/app/validations/zipCode.ts

@@ -1,15 +0,0 @@
-import type { SimpleValidator } from "./types";
-
-export const zipCode: SimpleValidator = (value) => {
-	if (typeof value !== "string") {
-		return "invalidZipCode";
-	}
-	const trimmed = value.trim();
-	if (!/^\d{3,5}$/.test(trimmed)) {
-		return "invalidZipCode";
-	}
-	if (/^0+$/.test(trimmed) || trimmed === "99999") {
-		return "invalidZipCode";
-	}
-	return null;
-};

package/server/services/SdkAccountService.ts

@@ -1,56 +0,0 @@
-import type { H3Event } from "h3";
-
-import type { StoredSession } from "../../app/interfaces/auth";
-import type { AccountUser, IAccountService } from "../interfaces/account";
-
-function createInitials(name: string): string {
-	const parts = name
-		.trim()
-		.split(/\s+/)
-		.filter(Boolean);
-	if (parts.length === 0) {
-		return "";
-	}
-	return parts
-		.slice(0, 2)
-		.map(part => part[0]?.toUpperCase() ?? "")
-		.join("");
-}
-
-/**
- * Live identity implementation backed by the revenexx web SDK.
- * Resolves the current user from the request's session cookie and the
- * platform account endpoint. Requires the NUXT_WEB_SDK_* runtime config.
- * Register via app.config → accountService: "sdk".
- */
-export class SdkAccountService implements IAccountService {
-	async getUser(event?: H3Event): Promise<AccountUser> {
-		if (!event) {
-			throw createError({ statusCode: 500, statusMessage: "SdkAccountService requires the request event" });
-		}
-
-		const rawSession = getCookie(event, SESSION_COOKIE_NAME);
-		if (!rawSession) {
-			throw createError({ statusCode: 401, statusMessage: "Unauthorized" });
-		}
-
-		let session: StoredSession;
-		try {
-			session = JSON.parse(rawSession) as StoredSession;
-		}
-		catch {
-			throw createError({ statusCode: 401, statusMessage: "Unauthorized" });
-		}
-		if (!session.fallbackCookie) {
-			throw createError({ statusCode: 401, statusMessage: "Unauthorized" });
-		}
-
-		const accountUser = await useAuthenticatedAccount(session.fallbackCookie).accountGet();
-		return {
-			id: accountUser.$id,
-			name: accountUser.name,
-			email: accountUser.email,
-			initials: createInitials(accountUser.name),
-		};
-	}
-}

package/server/services/SdkAuthService.ts

@@ -1,83 +0,0 @@
-import type { H3Event } from "h3";
-
-import type { AuthUser, StoredSession } from "../../app/interfaces/auth";
-import type { AuthLoginResult, IAuthService } from "../interfaces/auth";
-
-/**
- * Live authentication via the revenexx web SDK. Session state is carried in
- * the same cookie as the mock implementation (with fallbackCookie set), so
- * the client-side flow is identical. Requires NUXT_WEB_SDK_* runtime config.
- */
-export class SdkAuthService implements IAuthService {
-	async login(event: H3Event, email: string, password: string): Promise<AuthLoginResult> {
-		const { result: session, fallbackCookie } = await withCookieCapture(
-			() => useShopSdkAccount().accountCreateEmailPasswordSession({ email, password }),
-		);
-
-		const user = await useAuthenticatedAccount(fallbackCookie).accountGet();
-
-		const storedSession: StoredSession = {
-			id: session.$id,
-			expire: session.expire,
-			fallbackCookie,
-		};
-		setCookie(event, SESSION_COOKIE_NAME, JSON.stringify(storedSession), sessionCookieOptions(session.expire));
-
-		return {
-			user: { $id: user.$id, name: user.name, email: user.email },
-			session: { id: session.$id, expire: session.expire },
-		};
-	}
-
-	async me(event: H3Event): Promise<AuthUser | null> {
-		const raw = getCookie(event, SESSION_COOKIE_NAME);
-		if (!raw) {
-			return null;
-		}
-
-		let parsed: StoredSession;
-		try {
-			parsed = JSON.parse(raw) as StoredSession;
-		}
-		catch (err) {
-			getLogService().error("Failed to parse session cookie", toErrorContext(err));
-			deleteCookie(event, SESSION_COOKIE_NAME, sessionCookieOptions());
-			return null;
-		}
-
-		if (!parsed.fallbackCookie) {
-			deleteCookie(event, SESSION_COOKIE_NAME, sessionCookieOptions());
-			return null;
-		}
-
-		try {
-			const user = await useAuthenticatedAccount(parsed.fallbackCookie).accountGet();
-			return { $id: user.$id, name: user.name, email: user.email };
-		}
-		catch (err) {
-			if (!isSdkUserError(err)) {
-				getLogService().error("SDK request failed: me/accountGet", sdkErrorContext(err));
-			}
-			deleteCookie(event, SESSION_COOKIE_NAME, sessionCookieOptions());
-			return null;
-		}
-	}
-
-	async logout(event: H3Event): Promise<void> {
-		const raw = getCookie(event, SESSION_COOKIE_NAME);
-		if (raw) {
-			try {
-				const parsed = JSON.parse(raw) as StoredSession;
-				if (parsed.fallbackCookie) {
-					const sessionId = parsed.id || "current";
-					await useAuthenticatedAccount(parsed.fallbackCookie).accountDeleteSession({ sessionId });
-				}
-			}
-			catch (err) {
-				getLogService().error("SDK request failed: logout", sdkErrorContext(err));
-				// always clear the cookie regardless of SDK result
-			}
-		}
-		deleteCookie(event, SESSION_COOKIE_NAME, sessionCookieOptions());
-	}
-}

package/server/utils/revenexxApi.ts

@@ -1,136 +0,0 @@
-/**
- * Mini client for the public revenexx gateway (api.revenexx.com) — the
- * stand-in for the generated web SDKs that do not exist yet. Every live
- * "api"-keyed BFF implementation goes through this client; once the real
- * SDKs land, only the service implementations swap, the BFF contracts stay.
- *
- * Auth model: tenant API key (server-side only, never reaches the client).
- * Configure via runtime config / env:
- *   NUXT_REVENEXX_API_URL   (default https://api.revenexx.com)
- *   NUXT_REVENEXX_TENANT    (tenant slug, e.g. "revenexx")
- *   NUXT_REVENEXX_API_KEY   (rvxk_… gateway key)
- */
-
-export class RevenexxApiError extends Error {
-	readonly statusCode: number;
-	readonly type: string;
-
-	constructor(statusCode: number, type: string, message: string) {
-		super(message);
-		this.name = "RevenexxApiError";
-		this.statusCode = statusCode;
-		this.type = type;
-	}
-}
-
-/**
- * Expected user-facing failures (wrong credentials, duplicate email, …) are
- * forwarded to the client as-is; everything else is an infrastructure error.
- */
-const API_USER_ERROR_STATUS = new Set([400, 401, 404, 409, 429]);
-
-export function isApiUserError(err: unknown): err is RevenexxApiError {
-	return err instanceof RevenexxApiError && API_USER_ERROR_STATUS.has(err.statusCode);
-}
-
-/**
- * The customers app's auth passthrough answers with a generic error envelope
- * (no machine type). Map the HTTP status onto the platform error types the
- * client-side auth store already translates, so mock/sdk/api modes produce
- * identical UX for the standard failures.
- */
-export function apiAuthErrorType(err: RevenexxApiError): string {
-	switch (err.statusCode) {
-		case 401: return "user_invalid_credentials";
-		case 404: return "user_not_found";
-		case 409: return "user_email_already_exists";
-		case 429: return "general_rate_limit_exceeded";
-		default: return err.type;
-	}
-}
-
-/** Diagnostic fields for structured logs — never includes the API key. */
-export function apiErrorContext(err: unknown): Record<string, unknown> {
-	if (err instanceof RevenexxApiError) {
-		return { apiStatus: err.statusCode, apiType: err.type, apiMessage: err.message };
-	}
-	return { errorMessage: err instanceof Error ? err.message : String(err) };
-}
-
-export interface RevenexxApiRequest {
-	readonly method?: "GET" | "POST" | "PUT" | "DELETE";
-	readonly query?: Record<string, string | number | boolean | undefined>;
-	readonly body?: unknown;
-}
-
-export interface RevenexxApiClient {
-	request<T>(path: string, options?: RevenexxApiRequest): Promise<T>;
-	get<T>(path: string, query?: RevenexxApiRequest["query"]): Promise<T>;
-	post<T>(path: string, body?: unknown): Promise<T>;
-	put<T>(path: string, body?: unknown): Promise<T>;
-}
-
-let client: RevenexxApiClient | null = null;
-
-export function useRevenexxApi(): RevenexxApiClient {
-	if (client) {
-		return client;
-	}
-
-	const config = useRuntimeConfig();
-	const baseUrl = String(config.revenexxApiUrl || "https://api.revenexx.com").replace(/\/+$/, "");
-	const tenant = String(config.revenexxTenant || "");
-	const apiKey = String(config.revenexxApiKey || "");
-
-	async function request<T>(path: string, options: RevenexxApiRequest = {}): Promise<T> {
-		if (!tenant || !apiKey) {
-			throw new RevenexxApiError(503, "api_not_configured", "revenexx API credentials are not configured (NUXT_REVENEXX_TENANT / NUXT_REVENEXX_API_KEY)");
-		}
-
-		const url = new URL(baseUrl + path);
-		for (const [key, value] of Object.entries(options.query ?? {})) {
-			if (value !== undefined) {
-				url.searchParams.set(key, String(value));
-			}
-		}
-
-		const response = await fetch(url, {
-			method: options.method ?? "GET",
-			headers: {
-				"X-Revenexx-Tenant": tenant,
-				"X-Revenexx-Api-Key": apiKey,
-				"Accept": "application/json",
-				...(options.body !== undefined ? { "Content-Type": "application/json" } : {}),
-			},
-			...(options.body !== undefined ? { body: JSON.stringify(options.body) } : {}),
-		});
-
-		const text = await response.text();
-		let payload: unknown = null;
-		try {
-			payload = text ? JSON.parse(text) : null;
-		}
-		catch {
-			payload = null;
-		}
-
-		if (!response.ok) {
-			const envelope = (payload ?? {}) as { type?: string; message?: string; error?: string };
-			throw new RevenexxApiError(
-				response.status,
-				envelope.type ?? "api_error",
-				envelope.message ?? envelope.error ?? `revenexx API responded with ${response.status}`,
-			);
-		}
-
-		return payload as T;
-	}
-
-	client = {
-		request,
-		get: (path, query) => request(path, { query }),
-		post: (path, body) => request(path, { method: "POST", body }),
-		put: (path, body) => request(path, { method: "PUT", body }),
-	};
-	return client;
-}

package/server/utils/shopSdk.ts

@@ -1,88 +0,0 @@
-import { Account, Client, RevenexxException } from "@revenexx/sdk";
-
-let baseClient: Client | null = null;
-
-function getBaseClient(): Client {
-	if (baseClient) {
-		return baseClient;
-	}
-	const config = useRuntimeConfig();
-	baseClient = new Client();
-	baseClient
-		.setEndpoint(config.webSdkApiUrl as string)
-		.setProject(config.webSdkProject as string)
-		.setDevKey(config.webSdkDevKey as string);
-	return baseClient;
-}
-
-export function useShopSdkAccount(): Account {
-	return new Account(getBaseClient());
-}
-
-export function useAuthenticatedAccount(fallbackCookie: string): Account {
-	const config = useRuntimeConfig();
-	const client = new Client();
-	client
-		.setEndpoint(config.webSdkApiUrl as string)
-		.setProject(config.webSdkProject as string)
-		.setDevKey(config.webSdkDevKey as string);
-	client.headers["X-Fallback-Cookies"] = fallbackCookie;
-	return new Account(client);
-}
-
-const SDK_USER_ERROR_TYPES = new Set([
-	"user_invalid_credentials",
-	"user_not_found",
-	"user_blocked",
-	"general_rate_limit_exceeded",
-	"user_session_already_exists",
-	"user_email_already_exists",
-	"user_invalid_token",
-	"general_argument_invalid",
-	"password_recently_used",
-]);
-
-/**
- * Returns true for expected user-facing errors (wrong credentials, rate limit, etc.)
- * that should be forwarded to the client as-is without server-side logging.
- * Everything else is treated as an infrastructure error.
- */
-export function isSdkUserError(err: unknown): err is RevenexxException {
-	return err instanceof RevenexxException && SDK_USER_ERROR_TYPES.has(err.type);
-}
-
-/**
- * Extracts diagnostic fields from an SDK error for structured log entries.
- * Does not include secrets (API key is never logged).
- */
-export function sdkErrorContext(err: unknown): Record<string, unknown> {
-	if (err instanceof RevenexxException) {
-		return { sdkCode: err.code, sdkType: err.type, sdkMessage: err.message };
-	}
-	return { errorMessage: err instanceof Error ? err.message : String(err) };
-}
-
-export async function withCookieCapture<T>(
-	fn: () => Promise<T>,
-): Promise<{ result: T; fallbackCookie: string }> {
-	let fallbackCookie = "";
-	const origFetch = globalThis.fetch;
-	globalThis.fetch = async (
-		input: RequestInfo | URL,
-		init?: RequestInit,
-	) => {
-		const res = await origFetch(input, init);
-		const header = res.headers.get("x-fallback-cookies");
-		if (header) {
-			fallbackCookie = header;
-		}
-		return res;
-	};
-	try {
-		const result = await fn();
-		return { result, fallbackCookie };
-	}
-	finally {
-		globalThis.fetch = origFetch;
-	}
-}