@salesforce/lds-runtime-webruntime 1.370.0 → 1.371.0

package/dist/ldsWebruntimeOneStoreInit.js

@@ -15,8 +15,11 @@
 import { getInstrumentation } from 'o11y/client';
 import { setServices } from 'force/luvioServiceProvisioner1';
 export { default, resolve, setServices } from 'force/luvioServiceProvisioner1';
-import { executeGlobalControllerRawResponse } from 'aura';
 import { getSfapJwt } from 'force/clwrSfapExchange';
+import language from '@salesforce/i18n/lang';
+import isDesignMode from '@app/isDesignMode';
+import isPreviewMode from '@app/isPreviewMode';
+import authenticationCookieName from '@app/authenticationCookieName';
 
 /*!
  * Copyright (c) 2022, Salesforce, Inc.,
@@ -2811,6 +2814,75 @@ const platformSfapJwtResolver = {
     },
 };
 
+const METHODS_WITH_CSRF = ['POST', 'PATCH', 'PUT', 'DELETE'];
+/**
+ * Webruntime request interceptor that modifies outgoing HTTP requests with standard
+ * query parameters and security headers. This ensures the api calls for onestore adapters
+ * follow the same pattern as the equivalent luvio api calls for all CLWR endpoints.
+ *
+ * This interceptor:
+ * - Adds language query parameter from i18n settings
+ * - Adds asGuest parameter based on design/preview mode and SID cookie presence
+ * - Adds htmlEncode=false query parameter (since this is an api call by definition)
+ * - For POST/PATCH/PUT/DELETE requests, adds CSRF token to headers
+ *
+ * @param {FetchParameters} args - The fetch parameters array containing [url, requestInit]
+ * @returns Promise-like resolved with the modified fetch parameters
+ *
+ * @example
+ * ```typescript
+ * const modifiedArgs = await webruntimeRequestInterceptor(['/api/data', { method: 'GET' }]);
+ * // URL will have ?language=en_US&asGuest=false&htmlEncode=false appended
+ * ```
+ */
+async function webruntimeRequestInterceptor(args) {
+    const [url, requestInit] = args;
+    if (!(typeof url === 'string' || url instanceof URL)) {
+        return resolvedPromiseLike$3(args);
+    }
+    const urlObj = url instanceof URL ? url : new URL(url, location?.href);
+    urlObj.searchParams.append('language', language);
+    urlObj.searchParams.append('asGuest', getAsGuestParamValue().toString());
+    urlObj.searchParams.append('htmlEncode', 'false');
+    // Update the args array with the modified URL string
+    args[0] = urlObj;
+    if (requestInit?.method && METHODS_WITH_CSRF.includes(requestInit.method)) {
+        await addCSRFToken(requestInit);
+    }
+    return resolvedPromiseLike$3(args);
+}
+function hasSidCookie() {
+    const cookies = document.cookie.split(';');
+    return cookies.some((cookie) => {
+        const [name] = cookie.trim().split('=');
+        return name === authenticationCookieName;
+    });
+}
+function getAsGuestParamValue() {
+    // authenticationCookieName (__Secure-has-sid) is set in design mode or preview mode
+    if (isDesignMode || isPreviewMode) {
+        return false;
+    }
+    return !hasSidCookie();
+}
+async function addCSRFToken(params) {
+    const { csrfToken } = await getUser();
+    if (!params.headers) {
+        params.headers = {};
+    }
+    if (csrfToken) {
+        params.headers['CSRF-Token'] = csrfToken;
+    }
+}
+async function getUser() {
+    if (typeof window === 'undefined') {
+        // always make API calls as guest on the server
+        return { isGuest: true, id: null, csrfToken: null };
+    }
+    const { default: user } = await import('@app/user');
+    return user;
+}
+
 const SFAP_BASE_URL = 'api.salesforce.com';
 const sfapJwtRepository = new JwtRepository();
 const sfapJwtManager = new JwtManager(sfapJwtRepository, platformSfapJwtResolver);
@@ -2877,8 +2949,8 @@ function buildCopilotFetchServiceDescriptor(logger) {
         tags: { specialHacksFor: 'copilot' },
     };
 }
-function buildUnauthorizedFetchServiceDescriptor() {
-    const fetchService = buildServiceDescriptor();
+function buildDefaultFetchServiceDescriptor() {
+    const fetchService = buildServiceDescriptor({ request: [webruntimeRequestInterceptor] });
     return {
         ...fetchService,
         tags: { authenticationScopes: '' },
@@ -2907,23 +2979,15 @@ function buildJwtRequestInterceptor(logger) {
     return jwtRequestHeaderInterceptor;
 }
 
-function buildAuraNetworkService() {
-    return {
-        type: 'auraNetwork',
-        version: '1.0',
-        service: executeGlobalControllerRawResponse,
-    };
-}
 const loggerService = new ConsoleLogger$1('ERROR');
 const cacheServiceDescriptor = buildServiceDescriptor$4();
 const instrumentationServiceDescriptor = buildServiceDescriptor$5(loggerService);
 const inMemoryCacheInclusionPolicyServiceDescriptor = buildInMemoryCacheInclusionPolicyService(cacheServiceDescriptor.service);
 const services = [
     instrumentationServiceDescriptor,
-    buildUnauthorizedFetchServiceDescriptor(),
+    buildDefaultFetchServiceDescriptor(),
     buildJwtAuthorizedSfapFetchServiceDescriptor(loggerService),
     buildCopilotFetchServiceDescriptor(loggerService),
-    buildAuraNetworkService(),
     buildServiceDescriptor$6(instrumentationServiceDescriptor.service),
     buildServiceDescriptor$3(cacheServiceDescriptor.service, inMemoryCacheInclusionPolicyServiceDescriptor.service),
     buildServiceDescriptor$d(),
@@ -2938,4 +3002,4 @@ const services = [
     buildServiceDescriptor$2(),
 ];
 setServices(services);
-// version: 1.370.0-3ec6ffba72
+// version: 1.371.0-e11a80989c

package/dist/types/interceptors.d.ts

@@ -0,0 +1,22 @@
+import { type FetchParameters } from '@luvio/service-fetch-network/v1';
+/**
+ * Webruntime request interceptor that modifies outgoing HTTP requests with standard
+ * query parameters and security headers. This ensures the api calls for onestore adapters
+ * follow the same pattern as the equivalent luvio api calls for all CLWR endpoints.
+ *
+ * This interceptor:
+ * - Adds language query parameter from i18n settings
+ * - Adds asGuest parameter based on design/preview mode and SID cookie presence
+ * - Adds htmlEncode=false query parameter (since this is an api call by definition)
+ * - For POST/PATCH/PUT/DELETE requests, adds CSRF token to headers
+ *
+ * @param {FetchParameters} args - The fetch parameters array containing [url, requestInit]
+ * @returns Promise-like resolved with the modified fetch parameters
+ *
+ * @example
+ * ```typescript
+ * const modifiedArgs = await webruntimeRequestInterceptor(['/api/data', { method: 'GET' }]);
+ * // URL will have ?language=en_US&asGuest=false&htmlEncode=false appended
+ * ```
+ */
+export declare function webruntimeRequestInterceptor(args: FetchParameters): Promise<[input: RequestInfo | URL, init?: RequestInit | undefined]>;

package/dist/types/jwt-authorized-fetch-service.d.ts

@@ -7,4 +7,4 @@ export declare function buildJwtAuthorizedSfapFetchServiceDescriptor(logger: Log
  * copilot commands.
  */
 export declare function buildCopilotFetchServiceDescriptor(logger: LoggerService): FetchServiceDescriptor;
-export declare function buildUnauthorizedFetchServiceDescriptor(): FetchServiceDescriptor;
+export declare function buildDefaultFetchServiceDescriptor(): FetchServiceDescriptor;

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@salesforce/lds-runtime-webruntime",
-    "version": "1.370.0",
+    "version": "1.371.0",
     "license": "SEE LICENSE IN LICENSE.txt",
     "description": "LDS engine for Webruntime runtime",
     "main": "dist/ldsWebruntimeOneStoreInit.js",
@@ -61,7 +61,7 @@
         "@luvio/service-pubsub": "5.44.0",
         "@luvio/service-store": "5.44.0",
         "@luvio/utils": "5.44.0",
-        "@salesforce/lds-adapters-uiapi-lex": "^1.370.0"
+        "@salesforce/lds-adapters-uiapi-lex": "^1.371.0"
     },
     "luvioBundlesize": [
         {