@vtex/faststore-plugin-buyer-portal 1.3.67 → 1.3.69

package/.github/workflows/release.yaml

@@ -1,18 +1,19 @@
-# This Action should run on main branch and verify lint, test, and then publish the version on npm
 name: CD
 
 on:
   push:
     branches:
       - main
+      - beta
 
 permissions:
-  id-token: write  # Required for OIDC trusted publishing
+  id-token: write
   contents: write
 
 jobs:
-  build:
-    name: BuyerPortal
+  release:
+    name: Release (stable)
+    if: github.ref == 'refs/heads/main'
     timeout-minutes: 15
     runs-on: ubuntu-latest
 
@@ -48,10 +49,63 @@ jobs:
 
       - name: Publish
         run: npm publish
-        # OIDC authentication is used automatically when trusted publishing is configured
 
       - name: Push changes and tags
+        run: git push --follow-tags
+
+  beta:
+    name: Release (beta)
+    if: github.ref == 'refs/heads/beta'
+    timeout-minutes: 15
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 2
+
+      - name: Setup Node.js environment
+        uses: actions/setup-node@v4
+        with:
+          node-version: '24'
+          cache: "yarn"
+          registry-url: "https://registry.npmjs.org"
+
+      - name: Configure CI Git User
+        run: |
+          git config user.name vtexgithubbot
+          git config user.email vtexgithubbot@github.com
+
+      - name: Install dependencies
+        run: yarn install --ignore-engines
+
+      - name: Update npm to latest
+        run: npm install -g npm@latest
+
+      - name: Get current version
+        id: get_version
+        run: |
+          CURRENT_VERSION=$(node -p "require('./package.json').version")
+          echo "current_version=$CURRENT_VERSION" >> $GITHUB_OUTPUT
+
+      - name: Generate experimental version
+        id: generate_version
+        run: |
+          BASE_VERSION=$(echo "${{ steps.get_version.outputs.current_version }}" | sed -E 's/(-.*)?$//')
+          TIMESTAMP=$(date +%Y%m%d%H%M%S)
+          EXPERIMENTAL_VERSION="${BASE_VERSION}-experimental.${TIMESTAMP}"
+          echo "experimental_version=$EXPERIMENTAL_VERSION" >> $GITHUB_OUTPUT
+          echo "Publishing experimental version: $EXPERIMENTAL_VERSION"
+
+      - name: Update package.json version
+        run: npm version ${{ steps.generate_version.outputs.experimental_version }} --no-git-tag-version
+
+      - name: Publish experimental version
+        run: npm publish --tag experimental
+
+      - name: Push changes
         run: |
-          git config user.email "vtexgithubbot@github.com"
-          git config user.name "vtexgithubbot"
-          git push --follow-tags
+          git add package.json
+          git commit -m "chore: publish experimental version ${{ steps.generate_version.outputs.experimental_version }}" || echo "No changes to commit"
+          git push origin beta || echo "No changes to push"

package/CHANGELOG.md

@@ -7,6 +7,19 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [1.3.69] - 2026-03-09
+
+### Fixed
+
+- Unify release workflow for NPM Trusted Publishers
+- Clear cookies on logout
+
+## [1.3.68] - 2026-03-05
+
+### Changed
+
+- Skipped version
+
 ## [1.3.67] - 2026-03-05
 
 ### Changed
@@ -495,7 +508,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Add CHANGELOG file
 - Add README file
 
-[unreleased]: https://github.com/vtex/faststore-plugin-buyer-portal/compare/v1.3.67...HEAD
+[unreleased]: https://github.com/vtex/faststore-plugin-buyer-portal/compare/1.3.69...HEAD
 [1.3.55]: https://github.com/vtex/faststore-plugin-buyer-portal/compare/v1.3.54...v1.3.55
 [1.3.54]: https://github.com/vtex/faststore-plugin-buyer-portal/compare/v1.3.53...v1.3.54
 [1.3.53]: https://github.com/vtex/faststore-plugin-buyer-portal/compare/v1.3.52...v1.3.53
@@ -562,3 +575,5 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 [1.3.66]: https://github.com/vtex/faststore-plugin-buyer-portal/compare/v1.3.65...v1.3.66
 [1.3.65]: https://github.com/vtex/faststore-plugin-buyer-portal/compare/v1.3.64...v1.3.65
 [1.3.64]: https://github.com/vtex/faststore-plugin-buyer-portal/releases/tag/1.3.64
+
+[1.3.69]: https://github.com/vtex/faststore-plugin-buyer-portal/releases/tag/1.3.69

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@vtex/faststore-plugin-buyer-portal",
-  "version": "1.3.67",
+  "version": "1.3.69",
   "description": "A plugin for faststore with buyer portal",
   "main": "index.js",
   "scripts": {

package/src/features/shared/utils/constants.ts

@@ -22,4 +22,4 @@ export const SCOPE_KEYS = {
   CREDIT_CARDS: "creditCards",
 } as const;
 
-export const CURRENT_VERSION = "1.3.67";
+export const CURRENT_VERSION = "1.3.69";

package/src/features/shared/utils/cookie.ts

@@ -19,6 +19,13 @@ export interface ParsedCookie {
   jti: string;
 }
 
+type ExpireCookieClientParams = {
+  name: string;
+  path: string;
+  domain?: string;
+  secure?: boolean;
+};
+
 export function getAuthCookie(data: LoaderData) {
   const authCookie =
     data?.req?.cookies[`${AUT_COOKIE_KEY}_${storeConfig?.api.storeId}`] ?? "";
@@ -91,3 +98,39 @@ export function getCookieAsString(cookie: Record<string, string>): string {
 function parseJwt(token: string): ParsedCookie {
   return JSON.parse(Buffer.from(token.split(".")[1], "base64").toString());
 }
+
+export const getVtexCookieNames = (cookieNames: string[]): string[] => {
+  return cookieNames.filter((name) => name.toLowerCase().includes("vtex"));
+};
+
+export const getCookiePaths = (pathname: string): string[] => {
+  const paths: string[] = ["/"];
+  const pathParts = pathname.split("/").filter(Boolean);
+
+  let current = "";
+  for (const part of pathParts) {
+    current += `/${part}`;
+    if (!paths.includes(current)) paths.push(current);
+  }
+
+  return paths;
+};
+
+export const getCookieDomains = (
+  hostname: string
+): Array<string | undefined> => [
+  undefined, // host-only cookie
+  hostname,
+  hostname.startsWith(".") ? hostname : `.${hostname}`,
+];
+
+export const expireCookieClient = ({
+  name,
+  path,
+  domain,
+  secure = false,
+}: ExpireCookieClientParams): void => {
+  const domainAttr = domain ? `; domain=${domain}` : "";
+  const secureAttr = secure ? "; secure" : "";
+  document.cookie = `${name}=; expires=Thu, 01 Jan 1970 00:00:00 GMT; max-age=0; path=${path}${domainAttr}; samesite=lax${secureAttr}`;
+};

package/src/features/shared/utils/logout.tsx

@@ -1,7 +1,123 @@
 import storeConfig from "discovery.config";
 
-export const doLogout = () => {
-  window.location.assign(
-    `${storeConfig.secureSubdomain}/api/vtexid/pub/logout?scope=${storeConfig.api.storeId}&returnUrl=${storeConfig.storeUrl}`
-  );
+import {
+  getCookiePaths,
+  getCookieDomains,
+  getVtexCookieNames,
+  expireCookieClient,
+} from "./cookie";
+
+const clearBrowserStorageForCurrentDomain = async () => {
+  if (typeof window === "undefined" || !storeConfig) return;
+
+  // Clear Faststore-specific sessionStorage keys
+  try {
+    const sessionStorageKeys = [
+      "faststore_session_ready",
+      "faststore_auth_cookie_value",
+      "faststore_cache_bust_last_value",
+    ];
+
+    for (const key of sessionStorageKeys) {
+      try {
+        window.sessionStorage?.removeItem(key);
+      } catch {
+        continue;
+      }
+    }
+
+    // Remove all keys starting with __fs_gallery_page_ (used for PLP pagination)
+    try {
+      const keysToRemove: string[] = [];
+      for (let i = 0; i < window.sessionStorage.length; i++) {
+        const key = window.sessionStorage.key(i);
+        if (key && key.startsWith("__fs_gallery_page_")) {
+          keysToRemove.push(key);
+        }
+      }
+      for (const key of keysToRemove) {
+        try {
+          window.sessionStorage.removeItem(key);
+        } catch {
+          continue;
+        }
+      }
+    } catch {
+      return;
+    }
+  } catch {
+    return;
+  }
+
+  // Clear all cookies containing 'vtex' in the name (case-insensitive)
+  try {
+    const hostname = window.location.hostname;
+    const secure = window.location.protocol === "https:";
+
+    // Extract all cookie names from document.cookie
+    const allCookieNames = document.cookie
+      .split(";")
+      .map((c) => c.trim())
+      .filter(Boolean)
+      .map((c) => c.split("=")[0])
+      .filter(Boolean);
+
+    const vtexCookieNames = getVtexCookieNames(allCookieNames);
+    const paths = getCookiePaths(window.location.pathname || "/");
+    const domains = getCookieDomains(hostname);
+
+    for (const name of vtexCookieNames) {
+      for (const path of paths) {
+        for (const domain of domains) {
+          try {
+            expireCookieClient({ name, path, domain, secure });
+          } catch {
+            continue;
+          }
+        }
+      }
+    }
+  } catch {
+    return;
+  }
+
+  // Clear IndexedDB (keyval-store)
+  try {
+    if (!("indexedDB" in window)) return;
+
+    const idb = window.indexedDB;
+    if (!idb) return;
+
+    await new Promise<void>((resolve) => {
+      const req = idb.deleteDatabase("keyval-store");
+      req.onsuccess = () => resolve();
+      req.onerror = () => resolve();
+      req.onblocked = () => resolve();
+    });
+  } catch {
+    return;
+  }
+};
+
+export const doLogout = async () => {
+  if (!storeConfig) return;
+
+  try {
+    // Clear client-side storage (sessionStorage, localStorage, IndexedDB, non-HttpOnly cookies)
+    await clearBrowserStorageForCurrentDomain();
+
+    // Clear HttpOnly cookies via API endpoint (server-side)
+    try {
+      await fetch("/api/fs/logout", {
+        method: "POST",
+        credentials: "include",
+      });
+    } catch {
+      return;
+    }
+  } finally {
+    window.location.assign(
+      `${storeConfig.secureSubdomain}/api/vtexid/pub/logout?scope=${storeConfig.api.storeId}&returnUrl=${storeConfig.storeUrl}`
+    );
+  }
 };

package/.github/workflows/betarelease.yaml

@@ -1,69 +0,0 @@
-# This Action runs on experimental branch and publishes an experimental version to npm
-name: CD Beta
-
-on:
-  push:
-    branches:
-      - beta
-
-jobs:
-  build:
-    name: BuyerPortal Beta
-    timeout-minutes: 15
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Check out code
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 2
-
-      - name: Setup Node.js environment
-        uses: actions/setup-node@v4
-        with:
-          node-version: 20
-          cache: "yarn"
-          registry-url: "https://registry.npmjs.org"
-
-      - name: Configure CI Git User
-        run: |
-          git config user.name vtexgithubbot
-          git config user.email vtexgithubbot@github.com
-
-      - name: Install dependencies
-        run: yarn
-
-      - name: Get current version
-        id: get_version
-        run: |
-          CURRENT_VERSION=$(node -p "require('./package.json').version")
-          echo "current_version=$CURRENT_VERSION" >> $GITHUB_OUTPUT
-
-      - name: Generate experimental version
-        id: generate_version
-        run: |
-          # Extract base version (remove any existing prerelease suffix)
-          BASE_VERSION=$(echo "${{ steps.get_version.outputs.current_version }}" | sed -E 's/(-.*)?$//')
-          # Generate timestamp-based identifier
-          TIMESTAMP=$(date +%Y%m%d%H%M%S)
-          # Create experimental version
-          EXPERIMENTAL_VERSION="${BASE_VERSION}-experimental.${TIMESTAMP}"
-          echo "experimental_version=$EXPERIMENTAL_VERSION" >> $GITHUB_OUTPUT
-          echo "Publishing experimental version: $EXPERIMENTAL_VERSION"
-
-      - name: Update package.json version
-        run: |
-          npm version ${{ steps.generate_version.outputs.experimental_version }} --no-git-tag-version
-
-      - name: Publish experimental version
-        run: yarn publish --non-interactive --tag experimental
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
-
-      - name: Push changes and tags
-        run: |
-          git config user.email "vtexgithubbot@github.com"
-          git config user.name "vtexgithubbot"
-          git add package.json
-          git commit -m "chore: publish experimental version ${{ steps.generate_version.outputs.experimental_version }}" || echo "No changes to commit"
-          git push origin experimental || echo "No changes to push"