@webbycrown/webbycommerce 1.2.0 → 2.0.0

package/server/src/services/wishlist.js

@@ -0,0 +1,238 @@
+'use strict';
+
+/**
+ * wishlist service
+ */
+
+const { createCoreService } = require('@strapi/strapi').factories;
+
+module.exports = createCoreService('plugin::webbycommerce.wishlist', ({ strapi }) => ({
+  async findUserWishlist(userId) {
+    try {
+      const wishlists = await strapi.db.query('plugin::webbycommerce.wishlist').findMany({
+        where: {
+          userId: String(userId),
+        },
+        orderBy: { createdAt: 'desc' },
+        populate: {
+          products: {
+            populate: {
+              images: true,
+              product_categories: true,
+              tags: true,
+              variations: {
+                populate: {
+                  attributes: true,
+                  attributeValues: true,
+                },
+              },
+            },
+          },
+        },
+      });
+
+      return wishlists.length > 0 ? wishlists[0] : null;
+    } catch (error) {
+      throw new Error(`Failed to find user wishlist: ${error.message}`);
+    }
+  },
+
+  async createUserWishlist(userId, userEmail, data = {}) {
+    try {
+      const wishlistData = {
+        userId: String(userId),
+        userEmail,
+        products: [],
+        isPublic: data.isPublic || false,
+        name: data.name || null,
+        description: data.description || null,
+      };
+
+      await strapi.entityService.create('plugin::webbycommerce.wishlist', {
+        data: wishlistData,
+      });
+
+      // Refetch wishlist with populated products
+      return await this.findUserWishlist(userId);
+    } catch (error) {
+      throw new Error(`Failed to create user wishlist: ${error.message}`);
+    }
+  },
+
+  async addProductToWishlist(userId, userEmail, productId) {
+    try {
+      // Find existing wishlist or create new one
+      let wishlist = await this.findUserWishlist(userId);
+
+      if (!wishlist) {
+        wishlist = await this.createUserWishlist(userId, userEmail);
+      }
+
+      // Ensure products array exists (for newly created wishlists)
+      if (!wishlist.products) {
+        wishlist.products = [];
+      }
+
+      // Check if product already exists in wishlist
+      // Handle both populated (object with id) and unpopulated (just id) cases
+      const productExists = wishlist.products.some(product => {
+        const productIdValue = typeof product === 'object' && product !== null ? product.id : product;
+        return productIdValue === parseInt(productId);
+      });
+
+      if (productExists) {
+        throw new Error('Product already exists in wishlist');
+      }
+
+      // Verify product exists (check both published and draft products)
+      const product = await strapi.db.query('plugin::webbycommerce.product').findOne({
+        where: { id: productId },
+        populate: ['product_categories', 'tags', 'images', 'variations'],
+      });
+      if (!product) {
+        throw new Error('Product not found');
+      }
+
+      // Get existing product IDs (handle both populated and unpopulated cases)
+      const existingProductIds = wishlist.products.map(p => {
+        return typeof p === 'object' && p !== null ? p.id : p;
+      }).filter(id => id != null);
+
+      // Add product to wishlist
+      await strapi.entityService.update('plugin::webbycommerce.wishlist', wishlist.id, {
+        data: {
+          products: { set: [...existingProductIds, parseInt(productId, 10)].map((id) => ({ id })) },
+        },
+      });
+
+      // Refetch wishlist with populated products
+      return await this.findUserWishlist(userId);
+    } catch (error) {
+      throw new Error(`Failed to add product to wishlist: ${error.message}`);
+    }
+  },
+
+  async removeProductFromWishlist(userId, productId) {
+    try {
+      const wishlist = await this.findUserWishlist(userId);
+
+      if (!wishlist) {
+        throw new Error('Wishlist not found');
+      }
+
+      // Ensure products array exists
+      if (!wishlist.products) {
+        wishlist.products = [];
+      }
+
+      // Remove product from wishlist
+      // Handle both populated (object with id) and unpopulated (just id) cases
+      const updatedProducts = wishlist.products
+        .filter(product => {
+          const productIdValue = typeof product === 'object' && product !== null ? product.id : product;
+          return productIdValue !== parseInt(productId);
+        })
+        .map(product => {
+          return typeof product === 'object' && product !== null ? product.id : product;
+        });
+
+      await strapi.entityService.update('plugin::webbycommerce.wishlist', wishlist.id, {
+        data: {
+          products: { set: updatedProducts.map((id) => ({ id })) },
+        },
+      });
+
+      // Refetch wishlist with populated products
+      return await this.findUserWishlist(userId);
+    } catch (error) {
+      throw new Error(`Failed to remove product from wishlist: ${error.message}`);
+    }
+  },
+
+  async clearWishlist(userId) {
+    try {
+      const wishlist = await this.findUserWishlist(userId);
+
+      if (!wishlist) {
+        throw new Error('Wishlist not found');
+      }
+
+      await strapi.entityService.update('plugin::webbycommerce.wishlist', wishlist.id, {
+        data: {
+          products: { set: [] },
+        },
+      });
+
+      // Refetch wishlist with populated products
+      return await this.findUserWishlist(userId);
+    } catch (error) {
+      throw new Error(`Failed to clear wishlist: ${error.message}`);
+    }
+  },
+
+  async updateWishlist(userId, data) {
+    try {
+      const wishlist = await this.findUserWishlist(userId);
+
+      if (!wishlist) {
+        throw new Error('Wishlist not found');
+      }
+
+      await strapi.entityService.update('plugin::webbycommerce.wishlist', wishlist.id, {
+        data: {
+          name: data.name !== undefined ? data.name : wishlist.name,
+          description: data.description !== undefined ? data.description : wishlist.description,
+          isPublic: data.isPublic !== undefined ? data.isPublic : wishlist.isPublic,
+        },
+      });
+
+      // Refetch wishlist with populated products
+      return await this.findUserWishlist(userId);
+    } catch (error) {
+      throw new Error(`Failed to update wishlist: ${error.message}`);
+    }
+  },
+
+  async getWishlistStats(userId) {
+    try {
+      const wishlist = await this.findUserWishlist(userId);
+
+      if (!wishlist) {
+        return {
+          totalProducts: 0,
+          totalValue: 0,
+          categories: [],
+        };
+      }
+
+      // Ensure products array exists
+      if (!wishlist.products) {
+        wishlist.products = [];
+      }
+
+      const totalProducts = wishlist.products.length;
+      const totalValue = wishlist.products.reduce((sum, product) => {
+        return sum + (product.price || 0);
+      }, 0);
+
+      const categoryCounts = {};
+      wishlist.products.forEach(product => {
+        const categoryName = product.product_categories?.[0]?.name || 'Uncategorized';
+        categoryCounts[categoryName] = (categoryCounts[categoryName] || 0) + 1;
+      });
+
+      const categories = Object.entries(categoryCounts).map(([name, count]) => ({
+        name,
+        count,
+      }));
+
+      return {
+        totalProducts,
+        totalValue,
+        categories,
+      };
+    } catch (error) {
+      throw new Error(`Failed to get wishlist stats: ${error.message}`);
+    }
+  },
+}));

package/server/src/utils/check-ecommerce-permission.js

@@ -0,0 +1,204 @@
+'use strict';
+
+const PLUGIN_ID = 'webbycommerce';
+const ECOMMERCE_ACTION = 'plugin::webbycommerce.ecommerce.enable';
+const PATCHED_FLAG = Symbol('webbycommerce-permissions-patched');
+const SETTINGS_KEY = 'settings';
+
+const getStore = () => {
+  return strapi.store({ type: 'plugin', name: PLUGIN_ID });
+};
+
+const loadAllowedOrigins = async () => {
+  const store = getStore();
+  const value = (await store.get({ key: SETTINGS_KEY })) || {};
+  const input = Array.isArray(value.allowedOrigins) ? value.allowedOrigins : [];
+
+  return input
+    .map((value) => (typeof value === 'string' ? value.trim() : ''))
+    .filter((value) => value.length > 0)
+    .map((value) => value.toLowerCase().replace(/\/+$/, ''));
+};
+
+const isOriginAllowed = async (ctx) => {
+  const allowedOrigins = await loadAllowedOrigins();
+
+  // If no origins are configured, allow all
+  if (!allowedOrigins.length) {
+    return true;
+  }
+
+  const originHeader = ctx.request.header?.origin || '';
+  const hostHeader = ctx.request.header?.host || '';
+  let hostname = '';
+
+  if (originHeader) {
+    try {
+      const parsed = new URL(originHeader);
+      hostname = parsed.hostname.toLowerCase();
+    } catch {
+      // ignore invalid origin header
+    }
+  }
+
+  if (!hostname && hostHeader) {
+    hostname = hostHeader.split(':')[0].toLowerCase();
+  }
+
+  if (!hostname) {
+    return false;
+  }
+
+  const normalized = (value) =>
+    value
+      .toLowerCase()
+      .replace(/^https?:\/\//, '')
+      .split('/')[0]
+      .split(':')[0];
+
+  const requestHost = hostname.split(':')[0];
+
+  return allowedOrigins.some((origin) => normalized(origin) === requestHost);
+};
+
+const patchUsersPermissionsGetActions = (usersPermissionsService) => {
+  if (!usersPermissionsService || usersPermissionsService[PATCHED_FLAG]) {
+    return;
+  }
+
+  const originalGetActions = usersPermissionsService.getActions.bind(usersPermissionsService);
+
+  usersPermissionsService.getActions = (options = {}) => {
+    const result = originalGetActions(options) || {};
+    const defaultEnable = options?.defaultEnable ?? false;
+    const namespace = `plugin::${PLUGIN_ID}`;
+
+    const currentControllers = result[namespace]?.controllers || {};
+    const patchedControllers = { ...currentControllers };
+
+    // Register ecommerce enable action
+    const controllerActions = patchedControllers.ecommerce ? { ...patchedControllers.ecommerce } : {};
+    if (!controllerActions.enable) {
+      controllerActions.enable = { enabled: defaultEnable, policy: '' };
+    }
+    patchedControllers.ecommerce = controllerActions;
+
+    result[namespace] = {
+      controllers: patchedControllers,
+    };
+
+    return result;
+  };
+
+  usersPermissionsService[PATCHED_FLAG] = true;
+};
+
+const registerEcommerceActions = async () => {
+  const permissionsService = strapi.plugin('users-permissions')?.service('users-permissions');
+
+  if (!permissionsService || typeof permissionsService.syncPermissions !== 'function') {
+    return;
+  }
+
+  patchUsersPermissionsGetActions(permissionsService);
+
+  // Sync ensures the action exists in the Users & Permissions schema
+  await permissionsService.syncPermissions();
+};
+
+const getRoleIdFromCtx = async (ctx) => {
+  if (ctx.state?.user?.role?.id) {
+    return ctx.state.user.role.id;
+  }
+
+  if (ctx.state?.auth?.credentials?.role?.id) {
+    return ctx.state.auth.credentials.role.id;
+  }
+
+  if (ctx.state?.auth?.strategy?.name === 'api-token') {
+    // API tokens are handled separately via the permissions array on the token
+    return null;
+  }
+
+  const publicRole = await strapi.db.query('plugin::users-permissions.role').findOne({
+    where: { type: 'public' },
+    select: ['id'],
+  });
+
+  return publicRole?.id || null;
+};
+
+const hasApiTokenPermission = (ctx, action) => {
+  if (ctx.state?.auth?.strategy?.name !== 'api-token') {
+    return false;
+  }
+
+  const permissions = ctx.state?.auth?.credentials?.permissions;
+  if (!Array.isArray(permissions)) {
+    return false;
+  }
+
+  return permissions.includes(action);
+};
+
+const isActionEnabledForRole = (rolePermissions, action) => {
+  if (!rolePermissions) {
+    return false;
+  }
+
+  // Action format for plugins:
+  //   plugin::webbycommerce.ecommerce.enable
+  // namespace: plugin::webbycommerce
+  // controller: ecommerce
+  // actionName: enable
+  const [namespace, controller, actionName] = action.split('.');
+
+  const controllerSet = rolePermissions?.[namespace]?.controllers?.[controller];
+  return controllerSet?.[actionName]?.enabled === true;
+};
+
+const ensureEcommercePermission = async (ctx) => {
+  const action = ECOMMERCE_ACTION;
+
+  // First, enforce allowed origin settings (if any are configured)
+  const originOk = await isOriginAllowed(ctx);
+  if (!originOk) {
+    ctx.unauthorized('Ecommerce facility is not enabled for this origin');
+    return false;
+  }
+
+  if (hasApiTokenPermission(ctx, action)) {
+    return true;
+  }
+
+  const roleId = await getRoleIdFromCtx(ctx);
+
+  if (!roleId) {
+    ctx.unauthorized('Ecommerce facility is not enabled for this role');
+    return false;
+  }
+
+  // Check plugin permission via Users & Permissions permissions table
+  const permissions = await strapi.db
+    .query('plugin::users-permissions.permission')
+    .findMany({
+      where: {
+        action,
+        role: roleId,
+      },
+    });
+
+  if (Array.isArray(permissions) && permissions.length > 0) {
+    return true;
+  }
+
+  ctx.unauthorized('Ecommerce facility is not enabled for this role');
+  return false;
+};
+
+module.exports = {
+  ECOMMERCE_ACTION,
+  registerEcommerceActions,
+  ensureEcommercePermission,
+};
+

package/server/src/utils/extend-user-schema.js

@@ -0,0 +1,161 @@
+'use strict';
+
+/**
+ * Extend the users-permissions user schema with OTP fields
+ * This function adds 'otp' and 'isOtpVerified' fields to the user table
+ */
+async function extendUserSchemaWithOtpFields(strapi) {
+  try {
+    const db = strapi.db;
+    const client = db.config.connection.client;
+    const tableName = 'up_users'; // Strapi's default users table name
+
+    // Check if database columns already exist by querying the database directly
+    let fieldsExist = false;
+    try {
+      const connection = db.connection;
+      const knex = connection;
+      
+      // Check if columns exist in the database
+      if (client === 'postgres') {
+        const result = await knex.raw(`
+          SELECT column_name 
+          FROM information_schema.columns 
+          WHERE table_name='${tableName}' 
+          AND (column_name='otp' OR column_name='is_otp_verified')
+        `);
+        fieldsExist = result.rows.length >= 2;
+      } else if (client === 'mysql' || client === 'mysql2') {
+        const result = await knex.raw(`
+          SELECT COLUMN_NAME 
+          FROM INFORMATION_SCHEMA.COLUMNS 
+          WHERE TABLE_SCHEMA = DATABASE() 
+          AND TABLE_NAME = '${tableName}' 
+          AND (COLUMN_NAME = 'otp' OR COLUMN_NAME = 'is_otp_verified')
+        `);
+        fieldsExist = result[0].length >= 2;
+      } else {
+        // SQLite
+        const tableInfo = await knex.raw(`PRAGMA table_info(${tableName})`);
+        const columns = tableInfo.map((col) => col.name);
+        fieldsExist = columns.includes('otp') && columns.includes('is_otp_verified');
+      }
+    } catch (err) {
+      fieldsExist = false;
+    }
+
+    if (fieldsExist) {
+      strapi.log.info('[webbycommerce] OTP fields already exist in database');
+      return true;
+    }
+
+    strapi.log.info('[webbycommerce] OTP fields not found, adding them to user schema...');
+
+    // Get the database connection
+    const connection = db.connection;
+    const knex = connection;
+
+    // Add columns based on database type
+    let otpAdded = false;
+    let isOtpVerifiedAdded = false;
+
+    if (client === 'sqlite' || client === 'sqlite3') {
+      // SQLite doesn't support ALTER TABLE ADD COLUMN IF NOT EXISTS directly
+      // We need to check if column exists first
+      const tableInfo = await knex.raw(`PRAGMA table_info(${tableName})`);
+      const columns = tableInfo.map((col) => col.name);
+
+      if (!columns.includes('otp')) {
+        await knex.schema.alterTable(tableName, (table) => {
+          table.integer('otp').nullable();
+        });
+        otpAdded = true;
+        strapi.log.info('[webbycommerce] Added "otp" column to user table');
+      }
+
+      if (!columns.includes('is_otp_verified')) {
+        await knex.schema.alterTable(tableName, (table) => {
+          table.boolean('is_otp_verified').defaultTo(false);
+        });
+        isOtpVerifiedAdded = true;
+        strapi.log.info('[webbycommerce] Added "is_otp_verified" column to user table');
+      }
+    } else if (client === 'postgres') {
+      // PostgreSQL
+      const otpExists = await knex.raw(`
+        SELECT column_name 
+        FROM information_schema.columns 
+        WHERE table_name='${tableName}' AND column_name='otp'
+      `);
+
+      if (otpExists.rows.length === 0) {
+        await knex.raw(`ALTER TABLE ${tableName} ADD COLUMN otp INTEGER`);
+        otpAdded = true;
+        strapi.log.info('[webbycommerce] Added "otp" column to user table');
+      }
+
+      const isOtpVerifiedExists = await knex.raw(`
+        SELECT column_name 
+        FROM information_schema.columns 
+        WHERE table_name='${tableName}' AND column_name='is_otp_verified'
+      `);
+
+      if (isOtpVerifiedExists.rows.length === 0) {
+        await knex.raw(`ALTER TABLE ${tableName} ADD COLUMN is_otp_verified BOOLEAN DEFAULT false`);
+        isOtpVerifiedAdded = true;
+        strapi.log.info('[webbycommerce] Added "is_otp_verified" column to user table');
+      }
+    } else if (client === 'mysql' || client === 'mysql2') {
+      // MySQL
+      const otpExists = await knex.raw(`
+        SELECT COLUMN_NAME 
+        FROM INFORMATION_SCHEMA.COLUMNS 
+        WHERE TABLE_SCHEMA = DATABASE() 
+        AND TABLE_NAME = '${tableName}' 
+        AND COLUMN_NAME = 'otp'
+      `);
+
+      if (otpExists[0].length === 0) {
+        await knex.raw(`ALTER TABLE \`${tableName}\` ADD COLUMN \`otp\` INT NULL`);
+        otpAdded = true;
+        strapi.log.info('[webbycommerce] Added "otp" column to user table');
+      }
+
+      const isOtpVerifiedExists = await knex.raw(`
+        SELECT COLUMN_NAME 
+        FROM INFORMATION_SCHEMA.COLUMNS 
+        WHERE TABLE_SCHEMA = DATABASE() 
+        AND TABLE_NAME = '${tableName}' 
+        AND COLUMN_NAME = 'is_otp_verified'
+      `);
+
+      if (isOtpVerifiedExists[0].length === 0) {
+        await knex.raw(`ALTER TABLE \`${tableName}\` ADD COLUMN \`is_otp_verified\` BOOLEAN DEFAULT false`);
+        isOtpVerifiedAdded = true;
+        strapi.log.info('[webbycommerce] Added "is_otp_verified" column to user table');
+      }
+    } else {
+      strapi.log.warn(
+        `[webbycommerce] Database client "${client}" not supported for automatic schema extension. Please manually add OTP fields to user schema.`
+      );
+      return false;
+    }
+
+    // Note: We don't modify the content-type schema at runtime as it breaks the admin panel
+    // The raw SQL queries in the controller will work with the database columns directly
+    // If you need the fields to appear in the admin panel, create a schema extension file
+    // in your main Strapi project: src/extensions/users-permissions/content-types/user/schema.json
+
+    strapi.log.info('[webbycommerce] User schema extension completed successfully');
+    return true;
+  } catch (error) {
+    strapi.log.error('[webbycommerce] Failed to extend user schema with OTP fields:', error);
+    strapi.log.error('[webbycommerce] Error details:', error.message);
+    strapi.log.error(
+      '[webbycommerce] Please manually extend the user schema by creating a schema extension file in your Strapi project.'
+    );
+    return false;
+  }
+}
+
+module.exports = { extendUserSchemaWithOtpFields };