@salesforce/pwa-kit-runtime 3.5.0-alpha.0 → 3.5.0-alpha.1

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@salesforce/pwa-kit-runtime",
-  "version": "3.5.0-alpha.0",
+  "version": "3.5.0-alpha.1",
   "description": "The PWAKit Runtime",
   "homepage": "https://github.com/SalesforceCommerceCloud/pwa-kit/tree/develop/packages/pwa-kit-runtime#readme",
   "bugs": {
@@ -37,7 +37,7 @@
     "cross-env": "^5.2.1",
     "express": "^4.19.2",
     "header-case": "1.0.1",
-    "http-proxy-middleware": "0.21.0",
+    "http-proxy-middleware": "^2.0.6",
     "merge-descriptors": "^1.0.1",
     "morgan": "^1.10.0",
     "semver": "^7.5.2",
@@ -46,11 +46,11 @@
   },
   "devDependencies": {
     "@loadable/component": "^5.15.3",
-    "@salesforce/pwa-kit-dev": "3.5.0-alpha.0",
+    "@salesforce/pwa-kit-dev": "3.5.0-alpha.1",
     "@serverless/event-mocks": "^1.1.1",
     "aws-lambda-mock-context": "^3.2.1",
     "fs-extra": "^11.1.1",
-    "internal-lib-build": "3.5.0-alpha.0",
+    "internal-lib-build": "3.5.0-alpha.1",
     "nock": "^13.3.0",
     "nodemon": "^2.0.22",
     "sinon": "^13.0.2",
@@ -58,7 +58,7 @@
     "supertest": "^4.0.2"
   },
   "peerDependencies": {
-    "@salesforce/pwa-kit-dev": "3.5.0-alpha.0"
+    "@salesforce/pwa-kit-dev": "3.5.0-alpha.1"
   },
   "peerDependenciesMeta": {
     "@salesforce/pwa-kit-dev": {
@@ -72,5 +72,5 @@
   "publishConfig": {
     "directory": "dist"
   },
-  "gitHead": "0edd6b2ea26b9c23502755b6ccc7316a538a4c7a"
+  "gitHead": "2df9f520e6de6585926743fb72bf8e77d515dcf1"
 }

package/ssr/server/build-remote-server.js

@@ -21,9 +21,11 @@ var _express2 = require("./express");
 var _http = _interopRequireDefault(require("http"));
 var _https = _interopRequireDefault(require("https"));
 var _ssrShared = require("../../utils/ssr-shared");
+var _configureProxy = require("../../utils/ssr-server/configure-proxy");
 var _awsServerlessExpress = _interopRequireDefault(require("aws-serverless-express"));
 var _morgan = _interopRequireDefault(require("morgan"));
 var _morganStream = require("../../utils/morgan-stream");
+var _httpProxyMiddleware = require("http-proxy-middleware");
 function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
 function ownKeys(e, r) { var t = Object.keys(e); if (Object.getOwnPropertySymbols) { var o = Object.getOwnPropertySymbols(e); r && (o = o.filter(function (r) { return Object.getOwnPropertyDescriptor(e, r).enumerable; })), t.push.apply(t, o); } return t; }
 function _objectSpread(e) { for (var r = 1; r < arguments.length; r++) { var t = null != arguments[r] ? arguments[r] : {}; r % 2 ? ownKeys(Object(t), !0).forEach(function (r) { _defineProperty(e, r, t[r]); }) : Object.getOwnPropertyDescriptors ? Object.defineProperties(e, Object.getOwnPropertyDescriptors(t)) : ownKeys(Object(t)).forEach(function (r) { Object.defineProperty(e, r, Object.getOwnPropertyDescriptor(t, r)); }); } return e; }
@@ -94,7 +96,14 @@ const RemoteServerFactory = exports.RemoteServerFactory = {
       strictSSL: true,
       mobify: undefined,
       // Toggle cookies being passed and set
-      localAllowCookies: false
+      localAllowCookies: false,
+      // Toggle for setting up the custom SLAS private client secret handler
+      useSLASPrivateClient: false,
+      // A regex for identifying which SLAS endpoints the custom SLAS private
+      // client secret handler will inject an Authorization header.
+      // Do not modify unless a project wants to customize additional SLAS
+      // endpoints that we currently do not support (ie. /oauth2/passwordless/token)
+      applySLASPrivateClientToEndpoints: /\/oauth2\/token/
     };
     options = _extends({}, defaults, options);
     (0, _ssrServer.setQuiet)(options.quiet || process.env.SSR_QUIET);
@@ -121,6 +130,10 @@ const RemoteServerFactory = exports.RemoteServerFactory = {
     // Toggle cookies being passed and set. Can be overridden locally,
     // always uses MRT_ALLOW_COOKIES env remotely
     options.allowCookies = this._getAllowCookies(options);
+
+    // For test only – configure the SLAS private client secret proxy endpoint
+    options.slasHostName = this._getSlasEndpoint(options);
+    options.slasTarget = options.slasTarget || `https://${options.slasHostName}`;
     return options;
   },
   /**
@@ -157,6 +170,15 @@ const RemoteServerFactory = exports.RemoteServerFactory = {
   _strictSSL(options) {
     return true;
   },
+  /**
+   * @private
+   */
+  _getSlasEndpoint(options) {
+    var _options$mobify, _options$mobify$app, _options$mobify$app$c, _options$mobify$app$c2;
+    if (!options.useSLASPrivateClient) return undefined;
+    const shortCode = (_options$mobify = options.mobify) === null || _options$mobify === void 0 ? void 0 : (_options$mobify$app = _options$mobify.app) === null || _options$mobify$app === void 0 ? void 0 : (_options$mobify$app$c = _options$mobify$app.commerceAPI) === null || _options$mobify$app$c === void 0 ? void 0 : (_options$mobify$app$c2 = _options$mobify$app$c.parameters) === null || _options$mobify$app$c2 === void 0 ? void 0 : _options$mobify$app$c2.shortCode;
+    return `${shortCode}.api.commercecloud.salesforce.com`;
+  },
   /**
    * @private
    */
@@ -245,6 +267,7 @@ const RemoteServerFactory = exports.RemoteServerFactory = {
     this._setupMetricsFlushing(app);
     this._setupHealthcheck(app);
     this._setupProxying(app, options);
+    this._setupSlasPrivateClientProxy(app, options);
 
     // Beyond this point, we know that this is not a proxy request
     // and not a bundle request, so we can apply specific
@@ -508,6 +531,61 @@ const RemoteServerFactory = exports.RemoteServerFactory = {
       });
     });
   },
+  /**
+   * @private
+   */
+  _handleMissingSlasPrivateEnvVar(app) {
+    app.use(_constants.SLAS_CUSTOM_PROXY_PATH, (_, res) => {
+      return res.status(501).json({
+        message: 'Environment variable PWA_KIT_SLAS_CLIENT_SECRET not set: Please set this environment variable to proceed.'
+      });
+    });
+  },
+  /**
+   * @private
+   */
+  _setupSlasPrivateClientProxy(app, options) {
+    var _options$mobify2, _options$mobify2$app, _options$mobify2$app$, _options$mobify2$app$2;
+    if (!options.useSLASPrivateClient) {
+      return;
+    }
+    (0, _ssrServer.localDevLog)(`Proxying ${_constants.SLAS_CUSTOM_PROXY_PATH} to ${options.slasTarget}`);
+    const clientId = (_options$mobify2 = options.mobify) === null || _options$mobify2 === void 0 ? void 0 : (_options$mobify2$app = _options$mobify2.app) === null || _options$mobify2$app === void 0 ? void 0 : (_options$mobify2$app$ = _options$mobify2$app.commerceAPI) === null || _options$mobify2$app$ === void 0 ? void 0 : (_options$mobify2$app$2 = _options$mobify2$app$.parameters) === null || _options$mobify2$app$2 === void 0 ? void 0 : _options$mobify2$app$2.clientId;
+    const clientSecret = process.env.PWA_KIT_SLAS_CLIENT_SECRET;
+    if (!clientSecret) {
+      this._handleMissingSlasPrivateEnvVar(app);
+      return;
+    }
+    const encodedSlasCredentials = Buffer.from(`${clientId}:${clientSecret}`).toString('base64');
+    app.use(_constants.SLAS_CUSTOM_PROXY_PATH, (0, _httpProxyMiddleware.createProxyMiddleware)({
+      target: options.slasTarget,
+      changeOrigin: true,
+      pathRewrite: {
+        [_constants.SLAS_CUSTOM_PROXY_PATH]: ''
+      },
+      onProxyReq: (proxyRequest, incomingRequest) => {
+        var _incomingRequest$path;
+        (0, _configureProxy.applyProxyRequestHeaders)({
+          proxyRequest,
+          incomingRequest,
+          proxyPath: _constants.SLAS_CUSTOM_PROXY_PATH,
+          targetHost: options.slasHostName,
+          targetProtocol: 'https'
+        });
+
+        // We pattern match and add client secrets only to endpoints that
+        // match the regex specified by options.applySLASPrivateClientToEndpoints.
+        // By default, this regex matches only calls to SLAS /oauth2/token
+        // (see option defaults at the top of this file).
+        // Other SLAS endpoints, ie. SLAS authenticate (/oauth2/login) and
+        // SLAS logout (/oauth2/logout), use the Authorization header for a different
+        // purpose so we don't want to overwrite the header for those calls.
+        if ((_incomingRequest$path = incomingRequest.path) !== null && _incomingRequest$path !== void 0 && _incomingRequest$path.match(options.applySLASPrivateClientToEndpoints)) {
+          proxyRequest.setHeader('Authorization', `Basic ${encodedSlasCredentials}`);
+        }
+      }
+    }));
+  },
   /**
    * @private
    */

package/ssr/server/build-remote-server.test.js

@@ -21,4 +21,16 @@ describe('the once function', () => {
     expect(fn.mock.calls).toHaveLength(1);
     expect(v1).toBe(v2); // The exact same instance
   });
+});
+describe('remote server factory test coverage', () => {
+  test('getSlasEndpoint returns undefined if useSLASPrivateClient is false', () => {
+    const endpoint = _buildRemoteServer.RemoteServerFactory._getSlasEndpoint({});
+    expect(endpoint).toBeUndefined();
+  });
+  test('getSlasEndpoint returns endpoint if useSLASPrivateClient is true', () => {
+    const endpoint = _buildRemoteServer.RemoteServerFactory._getSlasEndpoint({
+      useSLASPrivateClient: true
+    });
+    expect(endpoint).toBeDefined();
+  });
 });

package/ssr/server/constants.js

@@ -3,7 +3,7 @@
 Object.defineProperty(exports, "__esModule", {
   value: true
 });
-exports.X_ORIGINAL_CONTENT_TYPE = exports.X_MOBIFY_QUERYSTRING = exports.X_MOBIFY_FROM_CACHE = exports.STRICT_TRANSPORT_SECURITY = exports.STATIC_ASSETS = exports.SET_COOKIE = exports.PROXY_PATH_PREFIX = exports.NO_CACHE = exports.CONTENT_TYPE = exports.CONTENT_SECURITY_POLICY = exports.CONTENT_ENCODING = exports.CACHE_CONTROL = exports.BUILD = exports.APPLICATION_OCTET_STREAM = void 0;
+exports.X_ORIGINAL_CONTENT_TYPE = exports.X_MOBIFY_QUERYSTRING = exports.X_MOBIFY_FROM_CACHE = exports.STRICT_TRANSPORT_SECURITY = exports.STATIC_ASSETS = exports.SLAS_CUSTOM_PROXY_PATH = exports.SET_COOKIE = exports.PROXY_PATH_PREFIX = exports.NO_CACHE = exports.CONTENT_TYPE = exports.CONTENT_SECURITY_POLICY = exports.CONTENT_ENCODING = exports.CACHE_CONTROL = exports.BUILD = exports.APPLICATION_OCTET_STREAM = void 0;
 /*
  * Copyright (c) 2021, salesforce.com, inc.
  * All rights reserved.
@@ -24,4 +24,5 @@ const SET_COOKIE = exports.SET_COOKIE = 'set-cookie';
 const CACHE_CONTROL = exports.CACHE_CONTROL = 'cache-control';
 const NO_CACHE = exports.NO_CACHE = 'max-age=0, nocache, nostore, must-revalidate';
 const CONTENT_SECURITY_POLICY = exports.CONTENT_SECURITY_POLICY = 'content-security-policy';
-const STRICT_TRANSPORT_SECURITY = exports.STRICT_TRANSPORT_SECURITY = 'strict-transport-security';
+const STRICT_TRANSPORT_SECURITY = exports.STRICT_TRANSPORT_SECURITY = 'strict-transport-security';
+const SLAS_CUSTOM_PROXY_PATH = exports.SLAS_CUSTOM_PROXY_PATH = '/mobify/scapi/shopper/auth';

package/ssr/server/express.test.js

@@ -8,16 +8,19 @@ var _path = _interopRequireDefault(require("path"));
 var _sinon = _interopRequireDefault(require("sinon"));
 var _superagent = _interopRequireDefault(require("superagent"));
 var _supertest = _interopRequireDefault(require("supertest"));
+var _express = _interopRequireDefault(require("express"));
 var _ssrCache = require("../../utils/ssr-cache");
 var _ssrServer = require("../../utils/ssr-server");
 var ssrServerUtils = _interopRequireWildcard(require("../../utils/ssr-server/utils"));
 var _buildRemoteServer = require("./build-remote-server");
 var _constants = require("./constants");
-var _express = require("./express");
+var _express2 = require("./express");
 var _crypto = require("crypto");
 function _getRequireWildcardCache(e) { if ("function" != typeof WeakMap) return null; var r = new WeakMap(), t = new WeakMap(); return (_getRequireWildcardCache = function (e) { return e ? t : r; })(e); }
 function _interopRequireWildcard(e, r) { if (!r && e && e.__esModule) return e; if (null === e || "object" != typeof e && "function" != typeof e) return { default: e }; var t = _getRequireWildcardCache(r); if (t && t.has(e)) return t.get(e); var n = { __proto__: null }, a = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var u in e) if ("default" !== u && Object.prototype.hasOwnProperty.call(e, u)) { var i = a ? Object.getOwnPropertyDescriptor(e, u) : null; i && (i.get || i.set) ? Object.defineProperty(n, u, i) : n[u] = e[u]; } return n.default = e, t && t.set(e, n), n; }
 function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
+function asyncGeneratorStep(gen, resolve, reject, _next, _throw, key, arg) { try { var info = gen[key](arg); var value = info.value; } catch (error) { reject(error); return; } if (info.done) { resolve(value); } else { Promise.resolve(value).then(_next, _throw); } }
+function _asyncToGenerator(fn) { return function () { var self = this, args = arguments; return new Promise(function (resolve, reject) { var gen = fn.apply(self, args); function _next(value) { asyncGeneratorStep(gen, resolve, reject, _next, _throw, "next", value); } function _throw(err) { asyncGeneratorStep(gen, resolve, reject, _next, _throw, "throw", err); } _next(undefined); }); }; }
 function _extends() { _extends = Object.assign ? Object.assign.bind() : function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return _extends.apply(this, arguments); }
 function ownKeys(e, r) { var t = Object.keys(e); if (Object.getOwnPropertySymbols) { var o = Object.getOwnPropertySymbols(e); r && (o = o.filter(function (r) { return Object.getOwnPropertyDescriptor(e, r).enumerable; })), t.push.apply(t, o); } return t; }
 function _objectSpread(e) { for (var r = 1; r < arguments.length; r++) { var t = null != arguments[r] ? arguments[r] : {}; r % 2 ? ownKeys(Object(t), !0).forEach(function (r) { _defineProperty(e, r, t[r]); }) : Object.getOwnPropertyDescriptors ? Object.defineProperties(e, Object.getOwnPropertyDescriptors(t)) : ownKeys(Object(t)).forEach(function (r) { Object.defineProperty(e, r, Object.getOwnPropertyDescriptor(t, r)); }); } return e; }
@@ -78,7 +81,8 @@ const opts = (overrides = {}) => {
       https: httpsAgent
     },
     defaultCacheTimeSeconds: 123,
-    enableLegacyRemoteProxying: false
+    enableLegacyRemoteProxying: false,
+    useSLASPrivateClient: false
   };
   return _objectSpread(_objectSpread({}, defaults), overrides);
 };
@@ -203,11 +207,11 @@ describe('SSRServer operation', () => {
     app._requestMonitor._responseFinished(response1);
     expect(app._requestMonitor._pendingResponses.ids).toEqual([]);
     const promise1 = app._requestMonitor._waitForResponses();
-    expect(promise1).toBe(_express.RESOLVED_PROMISE);
+    expect(promise1).toBe(_express2.RESOLVED_PROMISE);
     app._requestMonitor._responseStarted(response1);
     expect(app._requestMonitor._pendingResponses.ids).toEqual([1]);
     const promise2 = app._requestMonitor._waitForResponses();
-    expect(promise2).not.toBe(_express.RESOLVED_PROMISE);
+    expect(promise2).not.toBe(_express2.RESOLVED_PROMISE);
     app._requestMonitor._responseStarted(response2);
     expect(app._requestMonitor._pendingResponses.ids).toEqual([1, 2]);
     const promise3 = app._requestMonitor._waitForResponses();
@@ -389,7 +393,7 @@ describe('SSRServer operation', () => {
   test('should support redirects to bundle assets', () => {
     const app = _buildRemoteServer.RemoteServerFactory._createApp(opts());
     const route = (req, res) => {
-      (0, _express.respondFromBundle)({
+      (0, _express2.respondFromBundle)({
         req,
         res
       });
@@ -517,12 +521,12 @@ describe('SSRServer persistent caching', () => {
       key: keyFromURL(req.url)
     };
     const shouldCacheResponse = (req, res) => res.statusCode >= 200 && res.statusCode < 300;
-    return Promise.resolve().then(() => (0, _express.getResponseFromCache)(cacheArgs)).then(entry => {
+    return Promise.resolve().then(() => (0, _express2.getResponseFromCache)(cacheArgs)).then(entry => {
       if (entry.found) {
-        (0, _express.sendCachedResponse)(entry);
+        (0, _express2.sendCachedResponse)(entry);
       } else {
         if (shouldCache) {
-          (0, _express.cacheResponseWhenDone)(_objectSpread({
+          (0, _express2.cacheResponseWhenDone)(_objectSpread({
             shouldCacheResponse
           }, cacheArgs));
         }
@@ -727,7 +731,7 @@ describe('SSRServer persistent caching', () => {
     });
   });
   test('Try to send non-cached response', () => {
-    expect(() => (0, _express.sendCachedResponse)(new _ssrServer.CachedResponse({}))).toThrow('non-cached');
+    expect(() => (0, _express2.sendCachedResponse)(new _ssrServer.CachedResponse({}))).toThrow('non-cached');
   });
 });
 describe('generateCacheKey', () => {
@@ -742,41 +746,41 @@ describe('generateCacheKey', () => {
     }, overrides);
   };
   test('returns expected results', () => {
-    expect((0, _express.generateCacheKey)(mockRequest({
+    expect((0, _express2.generateCacheKey)(mockRequest({
       url: '/test/1?id=abc'
     })).indexOf('/test/1')).toBe(0);
   });
   test('path affects key', () => {
-    const result1 = (0, _express.generateCacheKey)(mockRequest({
+    const result1 = (0, _express2.generateCacheKey)(mockRequest({
       url: '/test2a/'
     }));
-    expect((0, _express.generateCacheKey)(mockRequest({
+    expect((0, _express2.generateCacheKey)(mockRequest({
       url: '/testab/'
     }))).not.toEqual(result1);
   });
   test('query affects key', () => {
-    const result1 = (0, _express.generateCacheKey)(mockRequest({
+    const result1 = (0, _express2.generateCacheKey)(mockRequest({
       url: '/test3?a=1'
     }));
-    expect((0, _express.generateCacheKey)(mockRequest({
+    expect((0, _express2.generateCacheKey)(mockRequest({
       url: '/test3?a=2'
     }))).not.toEqual(result1);
   });
   test('request class affects key', () => {
-    const result1 = (0, _express.generateCacheKey)(mockRequest());
+    const result1 = (0, _express2.generateCacheKey)(mockRequest());
     const request2 = mockRequest({
       headers: {
         'x-mobify-request-class': 'bot'
       }
     });
-    expect((0, _express.generateCacheKey)(request2)).not.toEqual(result1);
-    expect((0, _express.generateCacheKey)(request2, {
+    expect((0, _express2.generateCacheKey)(request2)).not.toEqual(result1);
+    expect((0, _express2.generateCacheKey)(request2, {
       ignoreRequestClass: true
     })).toEqual(result1);
   });
   test('extras affect key', () => {
-    const result1 = (0, _express.generateCacheKey)(mockRequest());
-    expect((0, _express.generateCacheKey)(mockRequest(), {
+    const result1 = (0, _express2.generateCacheKey)(mockRequest());
+    expect((0, _express2.generateCacheKey)(mockRequest(), {
       extras: ['123']
     })).not.toEqual(result1);
   });
@@ -836,10 +840,10 @@ describe('getRuntime', () => {
     expectedRuntime
   }) => {
     process.env = _objectSpread(_objectSpread({}, process.env), env);
-    expect((0, _express.getRuntime)()).toMatchObject(matchExceptFunctionValues(expectedRuntime));
+    expect((0, _express2.getRuntime)()).toMatchObject(matchExceptFunctionValues(expectedRuntime));
   });
   test('should return a remote/development runtime bound to the correct context', () => {
-    const mockDevRuntime = (0, _express.getRuntime)();
+    const mockDevRuntime = (0, _express2.getRuntime)();
     const func = mockDevRuntime.returnMyName;
     expect(func()).toBe(MockDevServerFactory.name);
   });
@@ -873,4 +877,81 @@ describe('DevServer middleware', () => {
     }));
     expect(warn.mock.calls).toEqual([['The SSR Server has _strictSSL turned off for https requests']]);
   });
+});
+describe('SLAS private client proxy', () => {
+  const savedEnvironment = _extends({}, process.env);
+  let proxyApp;
+  const proxyPort = 12345;
+  const proxyPath = '/responseHeaders';
+  const slasTarget = `http://localhost:${proxyPort}${proxyPath}`;
+  beforeAll(() => {
+    // by setting slasTarget, rather than forwarding the request to SLAS,
+    // we send the proxy request here so we can return the request headers
+    proxyApp = (0, _express.default)();
+    proxyApp.use(proxyPath, (req, res) => {
+      res.send(req.headers);
+    });
+    proxyApp.listen(proxyPort);
+  });
+  afterEach(() => {
+    process.env = savedEnvironment;
+  });
+  afterAll(() => {
+    proxyApp.close();
+  });
+  test('should not create proxy by default', () => {
+    const app = _buildRemoteServer.RemoteServerFactory._createApp(opts());
+    return (0, _supertest.default)(app).get('/mobify/scapi/shopper/auth').expect(404);
+  });
+  test('should return HTTP 501 if PWA_KIT_SLAS_CLIENT_SECRET env var not set', () => {
+    const app = _buildRemoteServer.RemoteServerFactory._createApp(opts({
+      useSLASPrivateClient: true
+    }));
+    return (0, _supertest.default)(app).get('/mobify/scapi/shopper/auth').expect(501);
+  });
+  test('does not insert client secret if request not for /oauth2/token', /*#__PURE__*/_asyncToGenerator(function* () {
+    process.env.PWA_KIT_SLAS_CLIENT_SECRET = 'a secret';
+    const app = _buildRemoteServer.RemoteServerFactory._createApp(opts({
+      mobify: {
+        app: {
+          commerceAPI: {
+            parameters: {
+              clientId: 'clientId',
+              shortCode: 'shortCode'
+            }
+          }
+        }
+      },
+      useSLASPrivateClient: true,
+      slasTarget: slasTarget
+    }));
+    return yield (0, _supertest.default)(app).get('/mobify/scapi/shopper/auth/somePath').then(response => {
+      expect(response.body.authorization).toBeUndefined();
+      expect(response.body.host).toBe('shortCode.api.commercecloud.salesforce.com');
+      expect(response.body['x-mobify']).toBe('true');
+    });
+  }), 15000);
+  test('inserts client secret if request is for /oauth2/token', /*#__PURE__*/_asyncToGenerator(function* () {
+    process.env.PWA_KIT_SLAS_CLIENT_SECRET = 'a secret';
+    const encodedCredentials = Buffer.from('clientId:a secret').toString('base64');
+    const app = _buildRemoteServer.RemoteServerFactory._createApp(opts({
+      mobify: {
+        app: {
+          commerceAPI: {
+            parameters: {
+              clientId: 'clientId',
+              shortCode: 'shortCode'
+            }
+          }
+        }
+      },
+      useSLASPrivateClient: true,
+      slasTarget: slasTarget
+    }));
+    return yield (0, _supertest.default)(app).get('/mobify/scapi/shopper/auth/oauth2/token').then(response => {
+      expect(response.body.authorization).toBe(`Basic ${encodedCredentials}`);
+      expect(response.body.host).toBe('shortCode.api.commercecloud.salesforce.com');
+      expect(response.body['x-mobify']).toBe('true');
+    });
+  }), 15000);
 });

package/utils/ssr-server/configure-proxy.js

@@ -3,13 +3,12 @@
 Object.defineProperty(exports, "__esModule", {
   value: true
 });
-exports.configureProxyConfigs = exports.configureProxy = exports.ALLOWED_CACHING_PROXY_REQUEST_METHODS = void 0;
-var _httpProxyMiddleware = _interopRequireDefault(require("http-proxy-middleware"));
+exports.configureProxyConfigs = exports.configureProxy = exports.applyProxyRequestHeaders = exports.ALLOWED_CACHING_PROXY_REQUEST_METHODS = void 0;
+var _httpProxyMiddleware = require("http-proxy-middleware");
 var _ssrProxying = require("../ssr-proxying");
 var _ssrShared = require("../ssr-shared");
 var _processExpressResponse = require("./process-express-response");
 var _utils = require("./utils");
-function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
 /*
  * Copyright (c) 2022, Salesforce, Inc.
  * All rights reserved.
@@ -29,6 +28,73 @@ const ALLOWED_CACHING_PROXY_REQUEST_METHODS = exports.ALLOWED_CACHING_PROXY_REQU
  */
 const generalProxyPathRE = /^\/mobify\/proxy\/([^/]+)(\/.*)$/;
 
+/**
+ * Apply proxy headers to a request that is being proxied.
+ *
+ * This function is intended to be called from within a proxy's
+ * onProxyReq method.
+ *
+ * For more details on the headers being applied,
+ * see ssr-proxying.js rewriteProxyRequestHeaders method
+ * @private
+ * @function
+ * @param proxyRequest {http.ClientRequest} the request that will be
+ * sent to the target host
+ * @param incomingRequest {http.IncomingMessage} the request made to
+ * this Express app that prompted the proxying
+ * @param caching {Boolean} true for a caching proxy, false for a standard proxy
+ * @param logging {Boolean} true to log operations
+ * @param proxyPath {String} the path being proxied (e.g. /mobify/proxy/base/
+ * or /mobify/caching/base/)
+ * @param targetHost {String} the target hostname (host+port)
+ * @param targetProtocol {String} the protocol to use to make requests to
+ * the target ('http' or 'https')
+ */
+const applyProxyRequestHeaders = ({
+  proxyRequest,
+  incomingRequest,
+  caching = false,
+  logging = !(0, _utils.isRemote)() && _utils.verboseProxyLogging,
+  proxyPath,
+  targetHost,
+  targetProtocol
+}) => {
+  const url = incomingRequest.url;
+  const headers = incomingRequest.headers;
+  /* istanbul ignore next */
+  if (logging) {
+    console.log(`Proxy: request for ${proxyPath}${url} => ${targetProtocol}://${targetHost}/${url}`);
+  }
+  const newHeaders = (0, _ssrProxying.rewriteProxyRequestHeaders)({
+    caching,
+    headers,
+    headerFormat: 'http',
+    logging,
+    proxyPath,
+    targetHost,
+    targetProtocol
+  });
+
+  // Copy any new and updated headers to the proxyRequest
+  // using setHeader.
+  Object.entries(newHeaders).forEach(
+  // setHeader always replaces any current value.
+  ([key, value]) => proxyRequest.setHeader(key, value));
+
+  // Handle deletion of headers.
+  // Iterate over the keys of incomingRequest.headers - for every
+  // key, if the value is not present in newHeaders, we remove
+  // that value from proxyRequest's headers.
+  Object.keys(headers).forEach(key => {
+    // We delete the header on any falsy value, since
+    // there's no use case where we supply an empty header
+    // value.
+    if (!newHeaders[key]) {
+      proxyRequest.removeHeader(key);
+    }
+  });
+};
+
 /**
  * Configure proxying for a path.
  * @private
@@ -46,6 +112,7 @@ const generalProxyPathRE = /^\/mobify\/proxy\/([^/]+)(\/.*)$/;
  * standard proxy.
  * @returns {middleware} function to pass to expressApp.use()
  */
+exports.applyProxyRequestHeaders = applyProxyRequestHeaders;
 const configureProxy = ({
   appHostname,
   proxyPath,
@@ -105,41 +172,14 @@ const configureProxy = ({
      * this Express app that prompted the proxying
      */
     onProxyReq: (proxyRequest, incomingRequest) => {
-      const url = incomingRequest.url;
-      /* istanbul ignore next */
-      if (!(0, _utils.isRemote)() && _utils.verboseProxyLogging) {
-        console.log(`Proxy: request for ${proxyPath}${url} => ${targetOrigin}/${url}`);
-      }
-
-      // Rewrite key headers.
-      const newHeaders = (0, _ssrProxying.rewriteProxyRequestHeaders)({
+      applyProxyRequestHeaders({
+        proxyRequest,
+        incomingRequest,
         caching,
-        headers: incomingRequest.headers,
-        headerFormat: 'http',
-        logging: !(0, _utils.isRemote)() && _utils.verboseProxyLogging,
         proxyPath,
         targetHost,
         targetProtocol
       });
-
-      // Copy any new and updated headers to the proxyRequest
-      // using setHeader.
-      Object.entries(newHeaders).forEach(
-      // setHeader always replaces any current value.
-      ([key, value]) => proxyRequest.setHeader(key, value));
-
-      // Handle deletion of headers.
-      // Iterate over the keys of incomingRequest.headers - for every
-      // key, if the value is not present in newHeaders, we remove
-      // that value from proxyRequest's headers.
-      Object.keys(incomingRequest.headers).forEach(key => {
-        // We delete the header on any falsy value, since
-        // there's no use case where we supply an empty header
-        // value.
-        if (!newHeaders[key]) {
-          proxyRequest.removeHeader(key);
-        }
-      });
     },
     onProxyRes: (proxyResponse, req) => {
       /* istanbul ignore next */
@@ -183,7 +223,7 @@ const configureProxy = ({
     // The origin (protocol + host) to which we proxy
     target: targetOrigin
   };
-  const proxyFunc = (0, _httpProxyMiddleware.default)(config);
+  const proxyFunc = (0, _httpProxyMiddleware.createProxyMiddleware)(config);
 
   // For a standard proxy, we're done
   if (!caching) {