@revenexx/cover 0.1.6 → 0.1.7

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@revenexx/cover",
-  "version": "0.1.6",
+  "version": "0.1.7",
   "description": "Cover \u2014 revenexx design system for Nuxt. Distributed as a Nuxt layer: generic UI components, theming tokens and stores shared by the demo shop, custom storefronts and the Blokkli theme.",
   "type": "module",
   "main": "./nuxt.config.ts",

package/server/api/account/context.get.ts

@@ -7,7 +7,7 @@ export default defineEventHandler(async (event) => {
 	const user = await getAuthService(event).me(event);
 
 	try {
-		return await getB2BContextService(event).getContext(user?.$id ?? null);
+		return await getB2BContextService(event).getContext(user?.$id ?? null, user?.role ?? null);
 	}
 	catch (err) {
 		getLogService().error("Service error: account/context", toErrorContext(err));

package/server/api/cart/calculate.post.ts

@@ -15,7 +15,7 @@ export default defineEventHandler(async (event) => {
 	const user = await getAuthService(event).me(event);
 
 	try {
-		const context = await getB2BContextService(event).getContext(user?.$id ?? null);
+		const context = await getB2BContextService(event).getContext(user?.$id ?? null, user?.role ?? null);
 		return await getCartCalculationService().calculate(body, context, locale);
 	}
 	catch (err) {

package/server/api/cart/export.post.ts

@@ -14,7 +14,7 @@ export default defineEventHandler(async (event) => {
 
 	const locale = resolveLocale(event);
 	const user = await getAuthService(event).me(event);
-	const context = await getB2BContextService(event).getContext(user?.$id ?? null);
+	const context = await getB2BContextService(event).getContext(user?.$id ?? null, user?.role ?? null);
 
 	if (!context.settings.cart.exportEnabled) {
 		throw createError({ statusCode: 403, message: "Cart export is disabled" });

package/server/api/orders/index.post.ts

@@ -38,6 +38,30 @@ function isNonEmptyString(v: unknown): v is string {
 	return typeof v === "string" && v.trim().length > 0;
 }
 
+// Customer addresses may carry the country as a display name ("Deutschland",
+// "Austria") — the payments app's eligibility check expects ISO 3166-1
+// alpha-2 codes. Two-letter values pass through unchanged.
+const COUNTRY_NAME_TO_ISO: Record<string, string> = {
+	deutschland: "DE", germany: "DE",
+	österreich: "AT", austria: "AT",
+	schweiz: "CH", switzerland: "CH",
+	niederlande: "NL", netherlands: "NL",
+	frankreich: "FR", france: "FR",
+	italien: "IT", italy: "IT",
+	spanien: "ES", spain: "ES",
+	belgien: "BE", belgium: "BE",
+	polen: "PL", poland: "PL",
+	tschechien: "CZ", "czech republic": "CZ", czechia: "CZ",
+};
+
+function toIsoCountry(value: unknown): string {
+	const raw = String(value ?? "").trim();
+	if (/^[A-Za-z]{2}$/.test(raw)) {
+		return raw.toUpperCase();
+	}
+	return COUNTRY_NAME_TO_ISO[raw.toLowerCase()] ?? raw;
+}
+
 function validateAddress(address: Record<string, unknown>, customerType: "business" | "private"): string | null {
 	const requiredFields = customerType === "private"
 		? REQUIRED_ADDRESS_FIELDS_PRIVATE
@@ -122,7 +146,7 @@ export default defineEventHandler(async (event) => {
 		// Approval limits are checked at order time: exceeding a blocking
 		// limit turns the order into an approval request (it does not fail).
 		const user = await getAuthService(event).me(event);
-		const context = await getB2BContextService(event).getContext(user?.$id ?? null);
+		const context = await getB2BContextService(event).getContext(user?.$id ?? null, user?.role ?? null);
 		const locale = resolveLocale(event);
 		const calculation = await getCartCalculationService().calculate(
 			{
@@ -240,7 +264,7 @@ export default defineEventHandler(async (event) => {
 			const billing = address?.billingAddressSameAsShipping === false
 				? address?.billing as Record<string, unknown> | undefined
 				: address;
-			const country = String(body.billingCountry ?? billing?.country ?? "");
+			const country = toIsoCountry(body.billingCountry ?? billing?.country ?? "");
 			try {
 				const created = await useRevenexxSdk().payments.paymentsCreate({
 					methodCode: payment.method,
@@ -273,6 +297,7 @@ export default defineEventHandler(async (event) => {
 					throw err;
 				}
 				if (err instanceof RevenexxException && (err.code === 400 || err.code === 422)) {
+					getLogService().error("Payment rejected", apiErrorContext(err));
 					throw createError({ status: 422, message: err.message });
 				}
 				getLogService().error("Payment creation failed", apiErrorContext(err));

package/server/api/requisitions/index.post.ts

@@ -25,7 +25,7 @@ export default defineEventHandler(async (event) => {
 		throw createError({ statusCode: 400, message: "workflowId and items[] required" });
 	}
 
-	const context = await getB2BContextService(event).getContext(user.$id);
+	const context = await getB2BContextService(event).getContext(user.$id, user.role ?? null);
 	if (!context.settings.workflows.enabled) {
 		throw createError({ statusCode: 403, message: "Workflows are disabled" });
 	}

package/server/data/forms/checkout/add-address.json

@@ -7,8 +7,8 @@
 		"$formkit": "text",
 		"name": "postalCode",
 		"label": "fields.postalCode",
-		"validation": "required|matches:/^[0-9]{4,10}$/",
-		"validationMessages": { "matches": "validation.postalCodeFormat" },
+		"validation": "required|matches:/^[0-9]+$/|length:4,10",
+		"validationMessages": { "matches": "validation.postalCodeFormat", "length": "validation.postalCodeFormat" },
 		"autocomplete": "postal-code",
 		"inputmode": "numeric"
 	},

package/server/interfaces/b2bContext.ts

@@ -1,4 +1,4 @@
-import type { B2BContext, Requisition } from "../../app/interfaces/b2b";
+import type { B2BContext, B2BRole, Requisition } from "../../app/interfaces/b2b";
 
 /**
  * Service contract for the per-user B2B context: organization settings,
@@ -7,8 +7,12 @@ import type { B2BContext, Requisition } from "../../app/interfaces/b2b";
  * Register the active implementation via app.config → b2bService.
  */
 export interface IB2BContextService {
-	/** Context for a user; `null` userId returns the guest context. */
-	getContext(userId: string | null): Promise<B2BContext>;
+	/**
+	 * Context for a user; `null` userId returns the guest context.
+	 * `fallbackRole` is the authenticated session's role — it applies when
+	 * the user has no persona record (live logins against the public API).
+	 */
+	getContext(userId: string | null, fallbackRole?: B2BRole | null): Promise<B2BContext>;
 }
 
 /**

package/server/services/MockB2BContextService.ts

@@ -1,4 +1,4 @@
-import type { B2BContext, ApprovalLimit, ApprovalWorkflow, CostCenter, OrganizationSettings, Requisition } from "../../app/interfaces/b2b";
+import type { B2BContext, B2BRole, ApprovalLimit, ApprovalWorkflow, CostCenter, OrganizationSettings, Requisition } from "../../app/interfaces/b2b";
 import type { AuthRole } from "../../app/interfaces/auth";
 
 import type { IB2BContextService, IRequisitionService } from "../interfaces/b2bContext";
@@ -30,7 +30,7 @@ const GUEST_ROLE = null;
 export class MockB2BContextService implements IB2BContextService {
 	constructor(private readonly settingsOverride?: Partial<OrganizationSettings>) {}
 
-	async getContext(userId: string | null): Promise<B2BContext> {
+	async getContext(userId: string | null, fallbackRole?: B2BRole | null): Promise<B2BContext> {
 		const org = await readCoverConfigJson<OrganizationConfig>("account/organization.json");
 		const settings = this.mergeSettings(org.settings);
 
@@ -47,6 +47,8 @@ export class MockB2BContextService implements IB2BContextService {
 
 		const personas = await readCoverConfigJson<PersonaConfig[]>("account/personas.json");
 		const persona = personas.find(p => p.id === userId);
+		// Live logins have no persona record — the session's role applies.
+		const role = persona?.role ?? fallbackRole ?? GUEST_ROLE;
 		const overrides = await readGovernanceOverrides();
 
 		const baseWorkflows = await readCoverConfigJson<ApprovalWorkflow[]>("account/workflows.json");
@@ -67,7 +69,7 @@ export class MockB2BContextService implements IB2BContextService {
 		// Approval limits only apply when actually ordering — requesters never
 		// order directly, so their context carries none (limits are not
 		// checked for requisitions).
-		const limitsApply = settings.approvals.enabled && persona?.role !== "requester";
+		const limitsApply = settings.approvals.enabled && role !== "requester";
 
 		const costCenterLimits = limitsApply
 			? costCenters.flatMap(cc => (cc.limit ? [cc.limit] : []))
@@ -83,7 +85,7 @@ export class MockB2BContextService implements IB2BContextService {
 			: [];
 
 		return {
-			role: persona?.role ?? GUEST_ROLE,
+			role,
 			settings,
 			costCenters,
 			defaultCostCenterId: settings.costCenters.enabled

package/server/utils/revenexxSdk.ts

@@ -84,7 +84,7 @@ export function apiAuthErrorType(err: RevenexxException): string {
 /** Diagnostic fields for structured logs — never includes the API key. */
 export function apiErrorContext(err: unknown): Record<string, unknown> {
 	if (err instanceof RevenexxException) {
-		return { apiStatus: err.code, apiType: err.type, apiMessage: err.message };
+		return { apiStatus: err.code, apiType: err.type, apiMessage: err.message, apiResponse: String(err.response ?? "").slice(0, 600) };
 	}
 	return { errorMessage: err instanceof Error ? err.message : String(err) };
 }