npm - @salesforce/pwa-kit-runtime - Versions diffs - 4.0.0-extensibility-preview.2 → 4.0.0-extensibility-preview.4 - Mend

@salesforce/pwa-kit-runtime 4.0.0-extensibility-preview.2 → 4.0.0-extensibility-preview.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

package/package.json +8 -8
package/ssr/server/build-remote-server.d.ts +6 -1
package/ssr/server/build-remote-server.d.ts.map +1 -1
package/ssr/server/build-remote-server.js +111 -16
package/ssr/server/build-remote-server.test.js +75 -1
package/ssr/server/constants.d.ts +1 -0
package/ssr/server/constants.d.ts.map +1 -1
package/ssr/server/constants.js +2 -1
package/ssr/server/express.lambda.test.js +89 -33
package/ssr/server/express.test.js +82 -1
package/utils/ssr-server/metrics-sender.d.ts.map +1 -1
package/utils/ssr-server/metrics-sender.js +5 -1

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@salesforce/pwa-kit-runtime",
-  "version": "4.0.0-extensibility-preview.2",
+  "version": "4.0.0-extensibility-preview.4",
   "description": "The PWAKit Runtime",
   "homepage": "https://github.com/SalesforceCommerceCloud/pwa-kit/tree/develop/packages/pwa-kit-runtime#readme",
   "bugs": {
@@ -46,13 +46,13 @@
   },
   "devDependencies": {
     "@loadable/component": "^5.15.3",
-    "@salesforce/pwa-kit-dev": "4.0.0-extensibility-preview.2",
-    "@salesforce/pwa-kit-extension-sdk": "4.0.0-extensibility-preview.2",
+    "@salesforce/pwa-kit-dev": "4.0.0-extensibility-preview.4",
+    "@salesforce/pwa-kit-extension-sdk": "4.0.0-extensibility-preview.4",
     "@serverless/event-mocks": "^1.1.1",
     "@types/express": "^4.17.21",
     "aws-lambda-mock-context": "^3.2.1",
     "fs-extra": "^11.1.1",
-    "internal-lib-build": "4.0.0-extensibility-preview.2",
+    "internal-lib-build": "4.0.0-extensibility-preview.4",
     "nock": "^13.3.0",
     "nodemon": "^2.0.22",
     "sinon": "^13.0.2",
@@ -60,7 +60,7 @@
     "supertest": "^4.0.2"
   },
   "peerDependencies": {
-    "@salesforce/pwa-kit-dev": "4.0.0-extensibility-preview.2"
+    "@salesforce/pwa-kit-dev": "4.0.0-extensibility-preview.4"
   },
   "peerDependenciesMeta": {
     "@salesforce/pwa-kit-dev": {
@@ -68,11 +68,11 @@
     }
   },
   "engines": {
-    "node": "^16.11.0 || ^18.0.0 || ^20.0.0",
-    "npm": "^8.0.0 || ^9.0.0 || ^10.0.0"
+    "node": "^16.11.0 || ^18.0.0 || ^20.0.0 || ^22.0.0",
+    "npm": "^8.0.0 || ^9.0.0 || ^10.0.0 || ^11.0.0"
   },
   "publishConfig": {
     "directory": "dist"
   },
-  "gitHead": "6b5da20f750f39d89c490cf77f1bf160c7e3d8f7"
+  "gitHead": "5ad3b1f0e598cfe0fbdec5b1212b4dabc0a8733c"
 }

package/ssr/server/build-remote-server.d.ts CHANGED Viewed

@@ -74,6 +74,11 @@ export namespace RemoteServerFactory {
      * @private
      */
     function _addSDKInternalHandlers(app: any): void;
+    /**
+     * Set x-forward-* headers into locals, this is primarily used to facilitate react sdk hook `useOrigin`
+     * @private
+     */
+    function _setForwardedHeaders(app: any, options: any): void;
     /**
      * @private
      */
@@ -156,7 +161,7 @@ export namespace RemoteServerFactory {
      * @param app {Express} - an Express App
      * @private
      */
-    function _createHandler(app: Express): {
+    function _createHandler(app: Express, options: any): {
         handler: (event: any, context: any, callback: any) => void;
         server: any;
         app: Express;

package/ssr/server/build-remote-server.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"build-remote-server.d.ts","sourceRoot":"","sources":["../../../src/ssr/server/build-remote-server.js"],"names":[],"mappings":"~~AAoEA~~;;;;GAIG;AACH,gDAKC;;IAWG;;OAEG;IACH,~~uCAgFC~~;IAED;;OAEG;IAEH,gDAEC;IAED;;OAEG;IAEH,iDAEC;IAED;;OAEG;IAEH,4CAEC;IAED;;OAEG;IACH,uDAEC;IAED;;OAEG;IAEH,2CAEC;IAED;;OAEG;IACH,6CAEC;IAED;;OAEG;IACH,4DAIC;IAED;;OAEG;IAEH,yCAEC;IAED;;OAEG;IAEH,uCA6CC;IAED;;;OAGG;IACH,uCAcC;IAED;;OAEG;IAEH,+CAEC;IAED;;OAEG;IACH,kDAEC;IAED;;OAEG;IACH,oDAEC;IAED;;OAEG;IACH,+~~EA0CC~~;IAED;;OAEG;IACH,~~sFAyDC~~;IAED;;OAEG;IAEH,iDAEC;IAED;;OAEG;IACH,6DAwLC;IAED;;OAEG;IAEH,sDAOC;IAED;;OAEG;IACH,yDAOC;IAED;;OAEG;IACH,~~oEAuEC~~;IAED;;OAEG;IACH,2CAIC;IAED;;OAEG;IACH,~~8DAaC~~;IAED;;OAEG;IACH,oDA0EC;IAED;;OAEG;IACH,wCAEC;IAED;;OAEG;IACH,gDAGC;IAED;;;;;;;;;;;OAWG;IACH,~~sDAwBC~~;IAED;;;;;;;OAOG;IACH,wFAKC;IAED;;OAEG;IACH,4FASC;IAED;;;;;;;;;;OAUG;IACH,6DAWC;IAED;;;;;;;OAOG;IACH;;;;~~MA8EC~~;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;;OA2BG;IACH;;;;;;;;;;;;MAKC;IAED;;OAEG;IAEH,8CAEC;;~~AAyFE~~,uDASN"}
1	+ {"version":3,"file":"build-remote-server.d.ts","sourceRoot":"","sources":["../../../src/ssr/server/build-remote-server.js"],"names":[],"mappings":"AAsEA;;;;GAIG;AACH,gDAKC;;IAWG;;OAEG;IACH,uCAiFC;IAED;;OAEG;IAEH,gDAEC;IAED;;OAEG;IAEH,iDAEC;IAED;;OAEG;IAEH,4CAEC;IAED;;OAEG;IACH,uDAEC;IAED;;OAEG;IAEH,2CAEC;IAED;;OAEG;IACH,6CAEC;IAED;;OAEG;IACH,4DAIC;IAED;;OAEG;IAEH,yCAEC;IAED;;OAEG;IAEH,uCA6CC;IAED;;;OAGG;IACH,uCAcC;IAED;;OAEG;IAEH,+CAEC;IAED;;OAEG;IACH,kDAEC;IAED;;OAEG;IACH,oDAEC;IAED;;OAEG;IACH,+EA2CC;IAED;;OAEG;IACH,sFA2DC;IAED;;OAEG;IAEH,iDAEC;IAED;;;OAGG;IACH,4DAWC;IAED;;OAEG;IACH,6DAwLC;IAED;;OAEG;IAEH,sDAOC;IAED;;OAEG;IACH,yDAOC;IAED;;OAEG;IACH,oEA2EC;IAED;;OAEG;IACH,2CAIC;IAED;;OAEG;IACH,8DAiBC;IAED;;OAEG;IACH,oDA0EC;IAED;;OAEG;IACH,wCAEC;IAED;;OAEG;IACH,gDAGC;IAED;;;;;;;;;;;OAWG;IACH,sDA2CC;IAED;;;;;;;OAOG;IACH,wFAKC;IAED;;OAEG;IACH,4FASC;IAED;;;;;;;;;;OAUG;IACH,6DAWC;IAED;;;;;;;OAOG;IACH;;;;MAmGC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;;OA2BG;IACH;;;;;;;;;;;;MAKC;IAED;;OAEG;IAEH,8CAEC;;AA2HE,uDASN"}

package/ssr/server/build-remote-server.js CHANGED Viewed

@@ -103,9 +103,9 @@ const RemoteServerFactory = exports.RemoteServerFactory = {
       useSLASPrivateClient: false,
       // A regex for identifying which SLAS endpoints the custom SLAS private
       // client secret handler will inject an Authorization header.
-      // Do not modify unless a project wants to customize additional SLAS
-      // endpoints that we currently do not support (ie. /oauth2/passwordless/token)
-      applySLASPrivateClientToEndpoints: /\/oauth2\/token/
+      // To allow additional SLAS endpoints, users can override this value in
+      // their project's ssr.js.
+      applySLASPrivateClientToEndpoints: /\/oauth2\/(token|passwordless\/(login|token)|password\/(reset|action))/
     };
     options = _extends({}, defaults, options);
     (0, _ssrServer.setQuiet)(options.quiet || process.env.SSR_QUIET);
@@ -297,6 +297,7 @@ const RemoteServerFactory = exports.RemoteServerFactory = {
     // want request-processors applied to development views.
     this._addSDKInternalHandlers(app);
     this._setupSSRRequestProcessorMiddleware(app);
+    this._setForwardedHeaders(app, options);
     this._setupLogging(app);
     this._setupMetricsFlushing(app);
     this._setupHealthcheck(app);
@@ -319,6 +320,8 @@ const RemoteServerFactory = exports.RemoteServerFactory = {
     app.disable('x-powered-by');
     const mixin = {
       options,
+      // Forcing a GC is no longer necessary, and will be
+      // skipped by default (unless FORCE_GC env-var is set).
       _collectGarbage() {
         // Do global.gc in a separate 'then' handler so
         // that all major variables are out of scope and
@@ -371,6 +374,22 @@ const RemoteServerFactory = exports.RemoteServerFactory = {
   _addSDKInternalHandlers(app) {
     // This method is used by the dev server, but is not needed here.
   },
+  /**
+   * Set x-forward-* headers into locals, this is primarily used to facilitate react sdk hook `useOrigin`
+   * @private
+   */
+  _setForwardedHeaders(app, options) {
+    app.use((req, res, next) => {
+      var _req$headers, _req$headers2;
+      const xForwardedHost = (_req$headers = req.headers) === null || _req$headers === void 0 ? void 0 : _req$headers['x-forwarded-host'];
+      const xForwardedProto = (_req$headers2 = req.headers) === null || _req$headers2 === void 0 ? void 0 : _req$headers2['x-forwarded-proto'];
+      if (xForwardedHost) {
+        // prettier-ignore
+        res.locals.xForwardedOrigin = `${xForwardedProto || options.protocol}://${xForwardedHost}`;
+      }
+      next();
+    });
+  },
   /**
    * @private
    */
@@ -584,7 +603,7 @@ const RemoteServerFactory = exports.RemoteServerFactory = {
         [_ssrNamespacePaths.slasPrivateProxyPath]: ''
       },
       onProxyReq: (proxyRequest, incomingRequest) => {
-        var _incomingRequest$path;
+        var _incomingRequest$path, _incomingRequest$path2;
         (0, _configureProxy.applyProxyRequestHeaders)({
           proxyRequest,
           incomingRequest,
@@ -594,8 +613,7 @@ const RemoteServerFactory = exports.RemoteServerFactory = {
         });
         // We pattern match and add client secrets only to endpoints that
-        // match the regex specified by options.applySLASPrivateClientToEndpoints.
-        // By default, this regex matches only calls to SLAS /oauth2/token
+        // match the regex specified by options.applySLASPrivateClientToEndpoints
         // (see option defaults at the top of this file).
         // Other SLAS endpoints, ie. SLAS authenticate (/oauth2/login) and
         // SLAS logout (/oauth2/logout), use the Authorization header for a different
@@ -603,6 +621,11 @@ const RemoteServerFactory = exports.RemoteServerFactory = {
         if ((_incomingRequest$path = incomingRequest.path) !== null && _incomingRequest$path !== void 0 && _incomingRequest$path.match(options.applySLASPrivateClientToEndpoints)) {
           proxyRequest.setHeader('Authorization', `Basic ${encodedSlasCredentials}`);
         }
+        // /oauth2/trusted-agent/token endpoint requires a different auth header
+        if ((_incomingRequest$path2 = incomingRequest.path) !== null && _incomingRequest$path2 !== void 0 && _incomingRequest$path2.match(/\/oauth2\/trusted-agent\/token/)) {
+          proxyRequest.setHeader('_sfdc_client_auth', encodedSlasCredentials);
+        }
       },
       onProxyRes: (proxyRes, req) => {
         if (proxyRes.statusCode && proxyRes.statusCode >= 400) {
@@ -646,6 +669,9 @@ const RemoteServerFactory = exports.RemoteServerFactory = {
     // NOTE: Think about changing the name of this function to `applyApplicationExtensions`. First look into
     // what a common pattern is for application enhancement.
     (0, _express3.applyApplicationExtensions)(app);
+    if (options !== null && options !== void 0 && options.encodeNonAsciiHttpHeaders) {
+      app.use(encodeNonAsciiMiddleware);
+    }
     applyPatches(options);
   },
   /**
@@ -740,8 +766,27 @@ const RemoteServerFactory = exports.RemoteServerFactory = {
       encoding: 'utf8'
     });
+    // If the service worker is not updated when content security policy headers inside
+    // ssr.js are changed, then service worker initiated requests will continue to use
+    // the old CSP headers.
+    //
+    // This is problematic in stacked CDN setups where an old service worker with
+    // old CSPs can remain cached if the content of the service worker itself is not changed.
+    //
+    // To ensure the service worker is refetched when CSPs are changed, we factor in
+    // the CSP headers when generating the Etag.
+    //
+    // See https://gus.lightning.force.com/lightning/r/ADM_Work__c/a07EE000025yeu9YAA/view
+    // and https://salesforce-internal.slack.com/archives/C01GLHLBPT5/p1730739370922629
+    // for more details.
+    const contentSecurityPolicyHeader = res.getHeaders()[_constants.CONTENT_SECURITY_POLICY] || '';
     // Serve the file, with a strong ETag
-    res.set('etag', (0, _ssrServer.getHashForString)(content));
+    // For this to be a valid ETag, the string must be placed between  ""
+    // See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/ETag#etag_value for
+    // more details
+    res.set('etag', `"${(0, _ssrServer.getHashForString)(content + contentSecurityPolicyHeader)}"`);
     res.set(_constants.CONTENT_TYPE, 'application/javascript');
     res.send(content);
   },
@@ -804,13 +849,29 @@ const RemoteServerFactory = exports.RemoteServerFactory = {
    * @param app {Express} - an Express App
    * @private
    */
-  _createHandler(app) {
+  _createHandler(app, options) {
     // This flag is initially false, and is set true on the first request
     // handled by a Lambda. If it is true on entry to the handler function,
     // it indicates that the Lambda container has been reused.
     let lambdaContainerReused = false;
     const server = _awsServerlessExpress.default.createServer(app, null, binaryMimeTypes);
     const handler = (event, context, callback) => {
+      // encode non ASCII request headers
+      if (options !== null && options !== void 0 && options.encodeNonAsciiHttpHeaders) {
+        Object.keys(event.headers).forEach(key => {
+          if (!isASCII(event.headers[key])) {
+            event.headers[key] = encodeURIComponent(event.headers[key]);
+            // x-encoded-headers keeps track of which headers have been modified and encoded
+            if (event.headers[_constants.X_ENCODED_HEADERS]) {
+              // append header key
+              event.headers[_constants.X_ENCODED_HEADERS] = `${event.headers[_constants.X_ENCODED_HEADERS]},${key}`;
+            } else {
+              event.headers[_constants.X_ENCODED_HEADERS] = key;
+            }
+          }
+        });
+      }
       // We don't want to wait for an empty event loop once the response
       // has been sent. Setting this to false will "send the response
       // right away when the callback executes", but any pending events
@@ -829,12 +890,15 @@ const RemoteServerFactory = exports.RemoteServerFactory = {
       // the response to the browser.
       context.callbackWaitsForEmptyEventLoop = false;
       if (lambdaContainerReused) {
-        // DESKTOP-434 If this Lambda container is being reused,
-        // clean up memory now, so that we start with low usage.
-        // These regular GC calls take about 80-100 mS each, as opposed
-        // to forced GC calls, which occur randomly and can take several
-        // hundred mS.
-        app._collectGarbage();
+        const forceGarbageCollection = process.env.FORCE_GC;
+        if (forceGarbageCollection && forceGarbageCollection.toLowerCase() === 'true') {
+          // DESKTOP-434 If this Lambda container is being reused,
+          // clean up memory now, so that we start with low usage.
+          // These regular GC calls take about 80-100 mS each, as opposed
+          // to forced GC calls, which occur randomly and can take several
+          // hundred mS.
+          app._collectGarbage();
+        }
         app.sendMetric('LambdaReused');
       } else {
         // This is the first use of this container, so set the
@@ -912,8 +976,8 @@ const RemoteServerFactory = exports.RemoteServerFactory = {
   createHandler(options, customizeApp) {
     process.on('unhandledRejection', _ssrServer.catchAndLog);
     const app = this._createApp(options);
-    customizeApp(app);
-    return this._createHandler(app);
+    customizeApp(app, options);
+    return this._createHandler(app, options);
   },
   /**
    * @private
@@ -996,6 +1060,37 @@ const errorHandlerMiddleware = (err, req, res, next) => {
   res.sendStatus(500);
 };
+/**
+ * Helper function that checks if a string is composed of ASCII characters
+ * We only check printable ASCII characters and not special ASCII characters
+ * such as NULL
+ *
+ * @private
+ */
+const isASCII = str => {
+  return /^[\x20-\x7E]*$/.test(str);
+};
+/**
+ * Express Middleware applied to responses that encode any non ASCII headers
+ *
+ * @private
+ */
+const encodeNonAsciiMiddleware = (req, res, next) => {
+  const originalSetHeader = res.setHeader;
+  res.setHeader = function (key, value) {
+    if (!isASCII(value)) {
+      originalSetHeader.call(this, key, encodeURIComponent(value));
+      let encodedHeaders = res.getHeader(_constants.X_ENCODED_HEADERS);
+      encodedHeaders = encodedHeaders ? `${encodedHeaders},${key}` : key;
+      originalSetHeader.call(this, _constants.X_ENCODED_HEADERS, encodedHeaders);
+    } else {
+      originalSetHeader.call(this, key, value);
+    }
+  };
+  next();
+};
 /**
  * Wrap the function fn in such a way that it will be called at most once. Subsequent
  * calls will always return the same value.

package/ssr/server/build-remote-server.test.js CHANGED Viewed

@@ -2,6 +2,8 @@
 var _supertest = _interopRequireDefault(require("supertest"));
 var _buildRemoteServer = require("./build-remote-server");
+var _constants = require("./constants");
+var _awsServerlessExpress = _interopRequireDefault(require("aws-serverless-express"));
 function _interopRequireDefault(e) { return e && e.__esModule ? e : { default: e }; }
 function ownKeys(e, r) { var t = Object.keys(e); if (Object.getOwnPropertySymbols) { var o = Object.getOwnPropertySymbols(e); r && (o = o.filter(function (r) { return Object.getOwnPropertyDescriptor(e, r).enumerable; })), t.push.apply(t, o); } return t; }
 function _objectSpread(e) { for (var r = 1; r < arguments.length; r++) { var t = null != arguments[r] ? arguments[r] : {}; r % 2 ? ownKeys(Object(t), !0).forEach(function (r) { _defineProperty(e, r, t[r]); }) : Object.getOwnPropertyDescriptors ? Object.defineProperties(e, Object.getOwnPropertyDescriptors(t)) : ownKeys(Object(t)).forEach(function (r) { Object.defineProperty(e, r, Object.getOwnPropertyDescriptor(t, r)); }); } return e; }
@@ -13,6 +15,12 @@ function _toPrimitive(t, r) { if ("object" != typeof t || !t) return t; var e =
  * SPDX-License-Identifier: BSD-3-Clause
  * For full license text, see the LICENSE file in the repo root or https://opensource.org/licenses/BSD-3-Clause
  */
+jest.mock('aws-serverless-express', () => {
+  return {
+    createServer: jest.fn(),
+    proxy: jest.fn()
+  };
+});
 const opts = (overrides = {}) => {
   const defaults = {
     buildDir: './src/ssr/server/test_fixtures',
@@ -178,4 +186,70 @@ describe('remote server factory test coverage', () => {
 //             ]
 //         ]).toF
 //     })
-// })
+// })
+describe('encodeNonAsciiHttpHeaders flag in options to createHandler', () => {
+  test('encodes request headers', () => {
+    const mockApp = {
+      sendMetric: jest.fn()
+    };
+    const mockOptions = {
+      encodeNonAsciiHttpHeaders: true
+    };
+    const originalHeaders = {
+      'x-non-ascii-header-one': 'テスト',
+      'x-non-ascii-header-two': '测试',
+      'x-regular-header': 'ascii-str'
+    };
+    const event = {
+      headers: _objectSpread({}, originalHeaders)
+    };
+    const expectedHeaders = {
+      'x-non-ascii-header-one': '%E3%83%86%E3%82%B9%E3%83%88',
+      'x-non-ascii-header-two': '%E6%B5%8B%E8%AF%95',
+      'x-encoded-headers': 'x-non-ascii-header-one,x-non-ascii-header-two',
+      'x-regular-header': 'ascii-str'
+    };
+    const {
+      handler
+    } = _buildRemoteServer.RemoteServerFactory._createHandler(mockApp, mockOptions);
+    expect(event.headers).toEqual(originalHeaders);
+    handler(event, {}, {});
+    expect(event.headers).toEqual(expectedHeaders);
+    expect(decodeURIComponent(event.headers['x-non-ascii-header-one'])).toEqual(originalHeaders['x-non-ascii-header-one']);
+  });
+  test('encodes response headers', () => {
+    const mockApp = {
+      use: jest.fn()
+    };
+    const mockOptions = {
+      encodeNonAsciiHttpHeaders: true
+    };
+    const res = {
+      headers: {},
+      setHeader: (key, value) => {
+        res.headers[key] = value;
+      },
+      getHeader: key => {
+        return res.headers[key];
+      }
+    };
+    const nonASCIIheader = 'x-non-ascii-header';
+    const nonASCIIstr = 'テスト';
+    const expectedEncoding = '%E3%83%86%E3%82%B9%E3%83%88';
+    const regularHeaderKey = 'x-regular-header';
+    const regularHeaderValue = 'ascii-str';
+    _buildRemoteServer.RemoteServerFactory._setupCommonMiddleware(mockApp, mockOptions);
+    const encodeNonAsciiMiddleware = mockApp.use.mock.calls[3][0];
+    res.setHeader(nonASCIIheader, nonASCIIstr);
+    expect(res.getHeader(nonASCIIheader)).toEqual(nonASCIIstr);
+    encodeNonAsciiMiddleware({}, res, () => {});
+    res.setHeader(nonASCIIheader, nonASCIIstr);
+    expect(res.getHeader(nonASCIIheader)).toEqual(expectedEncoding);
+    expect(decodeURI(expectedEncoding)).toEqual(nonASCIIstr);
+    expect(res.getHeader(_constants.X_ENCODED_HEADERS)).toEqual(nonASCIIheader);
+    // confirm ASCII headers are not modified
+    res.setHeader(regularHeaderKey, regularHeaderValue);
+    expect(res.getHeader(regularHeaderKey)).toEqual(regularHeaderValue);
+  });
+});

package/ssr/server/constants.d.ts CHANGED Viewed

@@ -8,6 +8,7 @@ export const CONTENT_ENCODING: "content-encoding";
 export const X_ORIGINAL_CONTENT_TYPE: "x-original-content-type";
 export const X_MOBIFY_QUERYSTRING: "x-mobify-querystring";
 export const X_MOBIFY_FROM_CACHE: "x-mobify-from-cache";
+export const X_ENCODED_HEADERS: "x-encoded-headers";
 export const SET_COOKIE: "set-cookie";
 export const CACHE_CONTROL: "cache-control";
 export const NO_CACHE: "max-age=0, nocache, nostore, must-revalidate";

package/ssr/server/constants.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../../src/ssr/server/constants.js"],"names":[],"mappings":"AAMA,kEAAkE;AAClE,4BAA4B;AAC5B,4CAA4C;AAE5C,oEAAoE;AACpE,gDAAgD;AAGhD,0CAA0C;AAC1C,kDAAkD;AAClD,gEAAgE;AAChE,0DAA0D;AAC1D,wDAAwD;AACxD,sCAAsC;AACtC,4CAA4C;AAC5C,sEAAsE;AACtE,gEAAgE;AAChE,oEAAoE;AAEpE,2EAA2E;AAC3E,4DAA4D"}
1	+ {"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../../src/ssr/server/constants.js"],"names":[],"mappings":"AAMA,kEAAkE;AAClE,4BAA4B;AAC5B,4CAA4C;AAE5C,oEAAoE;AACpE,gDAAgD;AAGhD,0CAA0C;AAC1C,kDAAkD;AAClD,gEAAgE;AAChE,0DAA0D;AAC1D,wDAAwD;AACxD,oDAAoD;AACpD,sCAAsC;AACtC,4CAA4C;AAC5C,sEAAsE;AACtE,gEAAgE;AAChE,oEAAoE;AAEpE,2EAA2E;AAC3E,4DAA4D"}

package/ssr/server/constants.js CHANGED Viewed

@@ -3,7 +3,7 @@
 Object.defineProperty(exports, "__esModule", {
   value: true
 });
-exports.X_ORIGINAL_CONTENT_TYPE = exports.X_MOBIFY_QUERYSTRING = exports.X_MOBIFY_FROM_CACHE = exports.STRICT_TRANSPORT_SECURITY = exports.STATIC_ASSETS = exports.SLAS_CUSTOM_PROXY_PATH = exports.SET_COOKIE = exports.PROXY_PATH_PREFIX = exports.NO_CACHE = exports.CONTENT_TYPE = exports.CONTENT_SECURITY_POLICY = exports.CONTENT_ENCODING = exports.CACHE_CONTROL = exports.BUILD = exports.APPLICATION_OCTET_STREAM = void 0;
+exports.X_ORIGINAL_CONTENT_TYPE = exports.X_MOBIFY_QUERYSTRING = exports.X_MOBIFY_FROM_CACHE = exports.X_ENCODED_HEADERS = exports.STRICT_TRANSPORT_SECURITY = exports.STATIC_ASSETS = exports.SLAS_CUSTOM_PROXY_PATH = exports.SET_COOKIE = exports.PROXY_PATH_PREFIX = exports.NO_CACHE = exports.CONTENT_TYPE = exports.CONTENT_SECURITY_POLICY = exports.CONTENT_ENCODING = exports.CACHE_CONTROL = exports.BUILD = exports.APPLICATION_OCTET_STREAM = void 0;
 /*
  * Copyright (c) 2021, salesforce.com, inc.
  * All rights reserved.
@@ -23,6 +23,7 @@ const CONTENT_ENCODING = exports.CONTENT_ENCODING = 'content-encoding';
 const X_ORIGINAL_CONTENT_TYPE = exports.X_ORIGINAL_CONTENT_TYPE = 'x-original-content-type';
 const X_MOBIFY_QUERYSTRING = exports.X_MOBIFY_QUERYSTRING = 'x-mobify-querystring';
 const X_MOBIFY_FROM_CACHE = exports.X_MOBIFY_FROM_CACHE = 'x-mobify-from-cache';
+const X_ENCODED_HEADERS = exports.X_ENCODED_HEADERS = 'x-encoded-headers';
 const SET_COOKIE = exports.SET_COOKIE = 'set-cookie';
 const CACHE_CONTROL = exports.CACHE_CONTROL = 'cache-control';
 const NO_CACHE = exports.NO_CACHE = 'max-age=0, nocache, nostore, must-revalidate';

package/ssr/server/express.lambda.test.js CHANGED Viewed

@@ -54,6 +54,54 @@ const testFixtures = path.resolve(process.cwd(), 'src/ssr/server/test_fixtures')
 const httpsAgent = new https.Agent({
   rejectUnauthorized: false
 });
+function createServerWithGCSpy() {
+  const route = jest.fn((req, res) => {
+    res.send('<html/>');
+  });
+  const options = {
+    buildDir: testFixtures,
+    mobify: testPackageMobify,
+    sslFilePath: path.join(testFixtures, 'localhost.pem'),
+    quiet: true,
+    port: TEST_PORT,
+    fetchAgents: {
+      https: httpsAgent
+    }
+  };
+  const {
+    handler,
+    server,
+    app
+  } = RemoteServerFactory.createHandler(options, app => {
+    app.get('/*', route);
+  });
+  const collectGarbage = jest.spyOn(app, '_collectGarbage');
+  const sendMetric = jest.spyOn(app, 'sendMetric');
+  return {
+    route,
+    handler,
+    collectGarbage,
+    sendMetric,
+    server
+  };
+}
+function createApiGatewayEvent() {
+  // Set up a fake event and a fake context for the Lambda call
+  const event = createEvent('aws:apiGateway', {
+    path: '/',
+    body: undefined
+  });
+  if (event.queryStringParameters) {
+    delete event.queryStringParameters;
+  }
+  const context = AWSMockContext({
+    functionName: 'SSRTest'
+  });
+  return {
+    event,
+    context
+  };
+}
 describe('SSRServer Lambda integration', () => {
   let savedEnvironment;
   let server;
@@ -329,42 +377,50 @@ describe('SSRServer Lambda integration', () => {
       X_HEADERS_TO_REMOVE_ORIGIN.forEach(key => expect(reqHeaders[key]).toBeUndefined());
     });
   });
-  test('Lambda reuse behaviour', () => {
-    const route = jest.fn((req, res) => {
-      res.send('<html/>');
-    });
-    const options = {
-      buildDir: testFixtures,
-      mobify: testPackageMobify,
-      sslFilePath: path.join(testFixtures, 'localhost.pem'),
-      quiet: true,
-      port: TEST_PORT,
-      fetchAgents: {
-        https: httpsAgent
-      }
-    };
+  test('Lambda reuse -- Default Behavior', () => {
     const {
-      app,
+      route,
       handler,
-      server: srv
-    } = RemoteServerFactory.createHandler(options, app => {
-      app.get('/*', route);
-    });
-    const collectGarbage = jest.spyOn(app, '_collectGarbage');
-    const sendMetric = jest.spyOn(app, 'sendMetric');
-    server = srv;
-    // Set up a fake event and a fake context for the Lambda call
-    const event = createEvent('aws:apiGateway', {
-      path: '/',
-      body: undefined
-    });
-    if (event.queryStringParameters) {
-      delete event.queryStringParameters;
-    }
-    const context = AWSMockContext({
-      functionName: 'SSRTest'
+      collectGarbage,
+      sendMetric,
+      new_server
+    } = createServerWithGCSpy();
+    const {
+      event,
+      context
+    } = createApiGatewayEvent();
+    server = new_server;
+    const call = event => new Promise(resolve => handler(event, context, (err, response) => resolve(response)));
+    return Promise.resolve().then(() => call(event)).then(response => {
+      // First request - Lambda container created
+      expect(response.statusCode).toBe(200);
+      expect(collectGarbage.mock.calls).toHaveLength(0);
+      expect(route.mock.calls).toHaveLength(1);
+      expect(sendMetric).toHaveBeenCalledWith('LambdaCreated');
+      expect(sendMetric).not.toHaveBeenCalledWith('LambdaReused');
+    }).then(() => call(event)).then(response => {
+      // Second call - Lambda container reused
+      expect(response.statusCode).toBe(200);
+      expect(collectGarbage.mock.calls).toHaveLength(0);
+      expect(route.mock.calls).toHaveLength(2);
+      expect(sendMetric).toHaveBeenCalledWith('LambdaCreated');
+      expect(sendMetric).toHaveBeenCalledWith('LambdaReused');
     });
+  });
+  test('Lambda reuse -- with Forced Garbage Collection Enabled', () => {
+    process.env.FORCE_GC = 'true';
+    const {
+      event,
+      context
+    } = createApiGatewayEvent();
+    const {
+      route,
+      handler,
+      collectGarbage,
+      sendMetric,
+      new_server
+    } = createServerWithGCSpy();
+    server = new_server;
     const call = event => new Promise(resolve => handler(event, context, (err, response) => resolve(response)));
     return Promise.resolve().then(() => call(event)).then(response => {
       // First request - Lambda container created

package/ssr/server/express.test.js CHANGED Viewed

@@ -19,6 +19,8 @@ var _crypto = require("crypto");
 function _getRequireWildcardCache(e) { if ("function" != typeof WeakMap) return null; var r = new WeakMap(), t = new WeakMap(); return (_getRequireWildcardCache = function (e) { return e ? t : r; })(e); }
 function _interopRequireWildcard(e, r) { if (!r && e && e.__esModule) return e; if (null === e || "object" != typeof e && "function" != typeof e) return { default: e }; var t = _getRequireWildcardCache(r); if (t && t.has(e)) return t.get(e); var n = { __proto__: null }, a = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var u in e) if ("default" !== u && {}.hasOwnProperty.call(e, u)) { var i = a ? Object.getOwnPropertyDescriptor(e, u) : null; i && (i.get || i.set) ? Object.defineProperty(n, u, i) : n[u] = e[u]; } return n.default = e, t && t.set(e, n), n; }
 function _interopRequireDefault(e) { return e && e.__esModule ? e : { default: e }; }
+function asyncGeneratorStep(n, t, e, r, o, a, c) { try { var i = n[a](c), u = i.value; } catch (n) { return void e(n); } i.done ? t(u) : Promise.resolve(u).then(r, o); }
+function _asyncToGenerator(n) { return function () { var t = this, e = arguments; return new Promise(function (r, o) { var a = n.apply(t, e); function _next(n) { asyncGeneratorStep(a, r, o, _next, _throw, "next", n); } function _throw(n) { asyncGeneratorStep(a, r, o, _next, _throw, "throw", n); } _next(void 0); }); }; }
 function _extends() { return _extends = Object.assign ? Object.assign.bind() : function (n) { for (var e = 1; e < arguments.length; e++) { var t = arguments[e]; for (var r in t) ({}).hasOwnProperty.call(t, r) && (n[r] = t[r]); } return n; }, _extends.apply(null, arguments); }
 function ownKeys(e, r) { var t = Object.keys(e); if (Object.getOwnPropertySymbols) { var o = Object.getOwnPropertySymbols(e); r && (o = o.filter(function (r) { return Object.getOwnPropertyDescriptor(e, r).enumerable; })), t.push.apply(t, o); } return t; }
 function _objectSpread(e) { for (var r = 1; r < arguments.length; r++) { var t = null != arguments[r] ? arguments[r] : {}; r % 2 ? ownKeys(Object(t), !0).forEach(function (r) { _defineProperty(e, r, t[r]); }) : Object.getOwnPropertyDescriptors ? Object.defineProperties(e, Object.getOwnPropertyDescriptors(t)) : ownKeys(Object(t)).forEach(function (r) { Object.defineProperty(e, r, Object.getOwnPropertyDescriptor(t, r)); }); } return e; }
@@ -477,6 +479,40 @@ describe('SSRServer operation', () => {
       expect(response.headers['set-cookie']).toBeUndefined();
     });
   });
+  test('should set xForwardedOrigin based on defined x-forwarded-host and x-forwarded-proto headers', () => {
+    process.env = {
+      MRT_ALLOW_COOKIES: 'true'
+    };
+    const forwardedHost = 'www.example.com';
+    const forwardedProto = 'https';
+    const app = _buildRemoteServer.RemoteServerFactory._createApp(opts());
+    const route = (req, res) => {
+      expect(req.headers['x-forwarded-host']).toBe(forwardedHost);
+      expect(res.locals.xForwardedOrigin).toBe(`${forwardedProto}://${forwardedHost}`);
+      res.sendStatus(200);
+    };
+    app.get('/*', route);
+    return (0, _supertest.default)(app).get('/').set('x-forwarded-host', forwardedHost).set('x-forwarded-proto', 'https').then(response => {
+      expect(response.status).toBe(200);
+    });
+  });
+  test('should set xForwardedOrigin based on defined x-forwarded-host and undefined x-forwarded-proto headers', () => {
+    process.env = {
+      MRT_ALLOW_COOKIES: 'true'
+    };
+    const options = opts();
+    const forwardedHost = 'www.example.com';
+    const app = _buildRemoteServer.RemoteServerFactory._createApp(options);
+    const route = (req, res) => {
+      expect(req.headers['x-forwarded-host']).toBe(forwardedHost);
+      expect(res.locals.xForwardedOrigin).toBe(`${options.protocol}://${forwardedHost}`);
+      res.sendStatus(200);
+    };
+    app.get('/*', route);
+    return (0, _supertest.default)(app).get('/').set('x-forwarded-host', forwardedHost).then(response => {
+      expect(response.status).toBe(200);
+    });
+  });
   test(`should reject POST requests to /`, () => {
     const app = _buildRemoteServer.RemoteServerFactory._createApp(opts());
     const route = (req, res) => {
@@ -948,5 +984,50 @@ describe('SLAS private client proxy', () => {
       expect(response.body.host).toBe('shortCode.api.commercecloud.salesforce.com');
       expect(response.body['x-mobify']).toBe('true');
     });
-  });
+  }, 15000);
+  test('does not add _sfdc_client_auth header if request not for /oauth2/trusted-agent/token', /*#__PURE__*/_asyncToGenerator(function* () {
+    process.env.PWA_KIT_SLAS_CLIENT_SECRET = 'a secret';
+    const encodedCredentials = Buffer.from('clientId:a secret').toString('base64');
+    const app = _buildRemoteServer.RemoteServerFactory._createApp(opts({
+      mobify: {
+        app: {
+          commerceAPI: {
+            parameters: {
+              clientId: 'clientId',
+              shortCode: 'shortCode'
+            }
+          }
+        }
+      },
+      useSLASPrivateClient: true,
+      slasTarget: slasTarget
+    }));
+    return yield (0, _supertest.default)(app).get('/mobify/slas/oauth2/other-path').then(response => {
+      expect(response.body._sfdc_client_auth).toBeUndefined();
+    });
+  }), 15000);
+  test('adds _sfdc_client_auth header if request is for /oauth2/trusted-agent/token', /*#__PURE__*/_asyncToGenerator(function* () {
+    process.env.PWA_KIT_SLAS_CLIENT_SECRET = 'a secret';
+    const encodedCredentials = Buffer.from('clientId:a secret').toString('base64');
+    const app = _buildRemoteServer.RemoteServerFactory._createApp(opts({
+      mobify: {
+        app: {
+          commerceAPI: {
+            parameters: {
+              clientId: 'clientId',
+              shortCode: 'shortCode'
+            }
+          }
+        }
+      },
+      useSLASPrivateClient: true,
+      slasTarget: slasTarget,
+      trustedAgentAuthPathMatch: /\/oauth2\/trusted-agent\/token/
+    }));
+    return yield (0, _supertest.default)(app).get('/mobify/slas/private/oauth2/trusted-agent/token').then(response => {
+      expect(response.body['_sfdc_client_auth']).toBe(encodedCredentials);
+      expect(response.body.host).toBe('shortCode.api.commercecloud.salesforce.com');
+      expect(response.body['x-mobify']).toBe('true');
+    });
+  }), 15000);
 });

package/utils/ssr-server/metrics-sender.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"metrics-sender.d.ts","sourceRoot":"","sources":["../../../src/utils/ssr-server/metrics-sender.js"],"names":[],"mappings":"AASA;;;;;;;GAOG;AACH;IAKQ,iDAAe;IAKf,cAAgB;IAGpB;;;OAGG;IACH,0BAEC;IAED;;;;;;OAMG;IACH,~~eAaC~~;IAED;;;;;;;;OAQG;IACH,uBA0BC;IAED;;;;OAIG;IACH,+BAyBC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA6BG;IACH,aA4BC;CACJ;;;IAOD;;;;;OAKG;IACH,oCAKC"}
1	+ {"version":3,"file":"metrics-sender.d.ts","sourceRoot":"","sources":["../../../src/utils/ssr-server/metrics-sender.js"],"names":[],"mappings":"AASA;;;;;;;GAOG;AACH;IAKQ,iDAAe;IAKf,cAAgB;IAGpB;;;OAGG;IACH,0BAEC;IAED;;;;;;OAMG;IACH,eAiBC;IAED;;;;;;;;OAQG;IACH,uBA0BC;IAED;;;;OAIG;IACH,+BAyBC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA6BG;IACH,aA4BC;CACJ;;;IAOD;;;;;OAKG;IACH,oCAKC"}

package/utils/ssr-server/metrics-sender.js CHANGED Viewed

@@ -59,7 +59,11 @@ class MetricsSender {
         apiVersion: '2010-08-01',
         // The AWS_REGION variable is defined by the Lambda
         // environment.
-        region: process.env.AWS_REGION || 'us-east-1'
+        region: process.env.AWS_REGION || 'us-east-1',
+        // Setting maxRetries to 0 will prevent the SDK from retrying.
+        // This is necessary because under high load, there will be backpressure
+        // on the Lambda function, and causing severe performance issues (400-500ms latency)
+        maxRetries: 0
       });
     }
     return this._CW;