@wix/astro 1.0.19 → 1.0.21

package/build-runtime/middleware/auth.js

@@ -3,7 +3,7 @@ import {
 } from "../chunk-C3QOE2TZ.js";
 import {
   saveSessionTokensToCookie
-} from "../chunk-HVACFX6T.js";
+} from "../chunk-VMS3NKCF.js";
 
 // src/utils/generateVisitorTokens.ts
 import { OAuthStrategy } from "@wix/sdk";
@@ -17,8 +17,8 @@ async function generateVisitorTokens() {
 
 // src/utils/getSessionTokensFromCookie.ts
 import { TokenRole } from "@wix/sdk";
-import { WIX_CLIENT_ID as WIX_CLIENT_ID2 } from "astro:env/client";
 import { z } from "astro/zod";
+import { WIX_CLIENT_ID as WIX_CLIENT_ID2 } from "astro:env/client";
 var tokensSchema = z.object({
   clientId: z.string(),
   tokens: z.object({
@@ -35,7 +35,7 @@ var tokensSchema = z.object({
 function getSessionTokensFromCookie(context) {
   if (!context.isPrerendered) {
     const rawCookie = context.cookies.get("wixSession")?.json();
-    if (rawCookie) {
+    if (rawCookie != null) {
       const tokensParseResult = tokensSchema.safeParse(rawCookie);
       if (tokensParseResult.success && tokensParseResult.data.clientId === WIX_CLIENT_ID2) {
         return tokensParseResult.data;

package/build-runtime/routes/auth/callback.d.ts

@@ -1,5 +1,5 @@
-import { APIContext } from 'astro';
+import { APIRoute } from 'astro';
 
-declare function GET(context: APIContext): Promise<Response>;
+declare const GET: APIRoute;
 
 export { GET };

package/build-runtime/routes/auth/callback.js

@@ -1,6 +1,6 @@
 import {
   saveSessionTokensToCookie
-} from "../../chunk-HVACFX6T.js";
+} from "../../chunk-VMS3NKCF.js";
 import {
   z
 } from "../../chunk-YMZMZCBN.js";
@@ -17,14 +17,16 @@ var oauthCookieSchema = z.object({
   redirectUri: z.string(),
   state: z.string()
 });
-async function GET(context) {
+var GET = async (context) => {
   const oauthStateCookie = context.cookies.get(oAuthStateCookieName);
   if (oauthStateCookie == null) {
     throw new Error(`Missing \`${oAuthStateCookieName}\` cookie`);
   }
   const oauthData = oauthCookieSchema.parse(JSON.parse(oauthStateCookie.value));
   if (!oauthData.originalUri.startsWith("/")) {
-    throw new Error("Invalid `originalUri` cookie param");
+    throw new Error(
+      "Invalid `originalUri` cookie param, only relative URLs are allowed"
+    );
   }
   const { code, error, errorDescription, state } = auth.parseFromUrl(
     context.url.toString(),
@@ -42,7 +44,7 @@ async function GET(context) {
   });
   saveSessionTokensToCookie(context, memberTokens);
   return context.redirect(oauthData.originalUri);
-}
+};
 export {
   GET
 };

package/build-runtime/routes/auth/login.d.ts

@@ -1,5 +1,5 @@
-import { APIContext } from 'astro';
+import { APIRoute } from 'astro';
 
-declare function GET({ url }: APIContext): Promise<Response>;
+declare const GET: APIRoute;
 
 export { GET };

package/build-runtime/routes/auth/login.js

@@ -11,8 +11,8 @@ var loginSearchParams = z.object({
   prompt: z.enum(["login", "none"]).optional(),
   returnToUrl: z.string().optional()
 });
-async function GET({ url }) {
-  const { prompt, returnToUrl } = loginSearchParams.parse(
+var GET = async ({ url }) => {
+  const { prompt, returnToUrl = "/" } = loginSearchParams.parse(
     Object.fromEntries(url.searchParams.entries())
   );
   const oauthData = auth.generateOAuthData(
@@ -32,7 +32,7 @@ async function GET({ url }) {
     },
     status: 302
   });
-}
+};
 export {
   GET
 };

package/build-runtime/routes/auth/logout-callback.js

@@ -1,6 +1,6 @@
 import {
   saveSessionTokensToCookie
-} from "../../chunk-HVACFX6T.js";
+} from "../../chunk-VMS3NKCF.js";
 import {
   auth,
   returnToQueryParamName
@@ -10,7 +10,9 @@ import {
 var GET = async (context) => {
   const returnTo = context.url.searchParams.get(returnToQueryParamName) ?? "/";
   if (!returnTo.startsWith("/")) {
-    throw new Error(`Invalid \`${returnToQueryParamName}\` query param`);
+    throw new Error(
+      `Invalid \`${returnToQueryParamName}\` query param, only relative URLs are allowed`
+    );
   }
   saveSessionTokensToCookie(context, await auth.generateVisitorTokens());
   return context.redirect(returnTo);

package/build-runtime/routes/auth/logout.d.ts

@@ -1,5 +1,5 @@
-import { APIContext } from 'astro';
+import { APIRoute } from 'astro';
 
-declare function POST({ redirect, request }: APIContext): Promise<Response>;
+declare const POST: APIRoute;
 
 export { POST };

package/build-runtime/routes/auth/logout.js

@@ -1,17 +1,25 @@
+import {
+  z
+} from "../../chunk-YMZMZCBN.js";
 import {
   auth,
   returnToQueryParamName
 } from "../../chunk-UZPSWWI5.js";
 
 // src/routes/auth/logout.ts
-async function POST({ redirect, request }) {
-  const returnTo = request.headers.get("Referer") ?? "/";
+var logoutSearchParams = z.object({
+  returnToUrl: z.string().optional()
+});
+var POST = async ({ redirect, request, url }) => {
+  const { returnToUrl = "/" } = logoutSearchParams.parse(
+    Object.fromEntries(url.searchParams.entries())
+  );
   const baseUrl = `${new URL(request.url).origin}/${import.meta.env.BASE_URL}`;
   const postFlowUrl = new URL("/api/auth/logout-callback", baseUrl);
-  postFlowUrl.searchParams.set(returnToQueryParamName, returnTo);
+  postFlowUrl.searchParams.set(returnToQueryParamName, returnToUrl);
   const { logoutUrl } = await auth.logout(postFlowUrl.toString());
   return redirect(logoutUrl);
-}
+};
 export {
   POST
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wix/astro",
-  "version": "1.0.19",
+  "version": "1.0.21",
   "devDependencies": {
     "@wix/dashboard": "^1.3.35",
     "@wix/essentials": "^0.1.23",
@@ -48,5 +48,5 @@
       ]
     }
   },
-  "falconPackageHash": "8a07e41b5e45d53fdec973ec91c81fea694425019d8792af6d2c9872"
+  "falconPackageHash": "1582964b2e070bcdaacf19658e234f267a2a3080254a5cc19a91fca2"
 }

package/src/context/non-elevated.ts

@@ -27,7 +27,7 @@ const authProxy = new Proxy(
         }
 
         // eslint-disable-next-line @typescript-eslint/no-unsafe-function-type
-        return (value as Function).apply(auth, args);
+        return (value as Function).apply(auth, args) as unknown;
       };
     },
   }

package/src/context/setup.ts

@@ -1,7 +1,7 @@
 import { wixContext } from '@wix/sdk-context';
 import { getSessionClient } from './utils.js';
 
-export function setup(options: { clientId: string }) {
+export function setup(options: { clientId: string }): void {
   // check untyped global context which may be necessary if
   // both `page` and `before-hydration` hooks have been loaded together
   if (wixContext.client != null) {

package/src/context/utils.ts

@@ -1,29 +1,40 @@
-import { createClient } from '@wix/sdk';
+import type { WixClient } from '@wix/sdk';
+import { createClient, TokenRole } from '@wix/sdk';
 import { SiteSessionAuth } from '@wix/sdk/auth/site-session';
+import { z } from 'zod';
+
+export function getSessionClient(options: { clientId: string }): WixClient {
+  return createClient({
+    auth: SiteSessionAuth({
+      tokens: getCookieAsJson('wixSession')?.tokens,
+      ...options,
+    }),
+  });
+}
+
+const cookieSchema = z.object({
+  tokens: z.object({
+    accessToken: z.object({ expiresAt: z.number(), value: z.string() }),
+    refreshToken: z.object({
+      role: z.enum([TokenRole.MEMBER, TokenRole.NONE, TokenRole.VISITOR]),
+      value: z.string(),
+    }),
+  }),
+});
 
 function getCookieAsJson(name: string) {
   const cookies = document.cookie.split('; ');
   const cookie = cookies.find((row) => row.startsWith(`${name}=`));
 
-  if (!cookie) {
+  if (cookie == null) {
     return null;
   }
 
   try {
     const jsonString = decodeURIComponent(cookie.split('=')[1] ?? '');
-    return JSON.parse(jsonString);
+    return cookieSchema.parse(JSON.parse(jsonString));
   } catch (error) {
-    // eslint-disable-next-line no-console
     console.error('Error parsing cookie JSON:', error);
     return null;
   }
 }
-
-export function getSessionClient(options: { clientId: string }) {
-  return createClient({
-    auth: SiteSessionAuth({
-      tokens: getCookieAsJson('wixSession')?.tokens,
-      ...options,
-    }),
-  });
-}

package/src/index.ts

@@ -49,7 +49,7 @@ const createIntegration = (
           { spaces: 2 }
         );
       },
-      'astro:config:done': async ({ config }) => {
+      'astro:config:done': ({ config }) => {
         _config = config;
       },
       async 'astro:config:setup'({
@@ -308,7 +308,7 @@ const createIntegration = (
 
         await writeVirtualBackofficeExtensionFiles(model, backofficeCodegenDir);
       },
-      'astro:server:setup': async ({ logger, server }) => {
+      'astro:server:setup': ({ logger, server }) => {
         server.middlewares.use(async (req, res, next) => {
           if (req.url === '/_wix/app-manifest.json') {
             const model = await createProjectModel(logger);

package/src/routes/auth/callback.ts

@@ -1,4 +1,4 @@
-import type { APIContext } from 'astro';
+import type { APIRoute } from 'astro';
 import { z } from 'zod';
 import { oAuthStateCookieName } from '../../constants.js';
 import { auth } from '../../utils/contextualAuth.js';
@@ -12,7 +12,7 @@ const oauthCookieSchema = z.object({
   state: z.string(),
 });
 
-export async function GET(context: APIContext) {
+export const GET: APIRoute = async (context) => {
   const oauthStateCookie = context.cookies.get(oAuthStateCookieName);
 
   if (oauthStateCookie == null) {
@@ -22,7 +22,9 @@ export async function GET(context: APIContext) {
   const oauthData = oauthCookieSchema.parse(JSON.parse(oauthStateCookie.value));
 
   if (!oauthData.originalUri.startsWith('/')) {
-    throw new Error('Invalid `originalUri` cookie param');
+    throw new Error(
+      'Invalid `originalUri` cookie param, only relative URLs are allowed'
+    );
   }
 
   const { code, error, errorDescription, state } = auth.parseFromUrl(
@@ -46,4 +48,4 @@ export async function GET(context: APIContext) {
   saveSessionTokensToCookie(context, memberTokens);
 
   return context.redirect(oauthData.originalUri);
-}
+};

package/src/routes/auth/login.ts

@@ -1,4 +1,4 @@
-import type { APIContext } from 'astro';
+import type { APIRoute } from 'astro';
 import { z } from 'zod';
 import { oAuthStateCookieName } from '../../constants.js';
 import { auth } from '../../utils/contextualAuth.js';
@@ -8,8 +8,8 @@ const loginSearchParams = z.object({
   returnToUrl: z.string().optional(),
 });
 
-export async function GET({ url }: APIContext) {
-  const { prompt, returnToUrl } = loginSearchParams.parse(
+export const GET: APIRoute = async ({ url }) => {
+  const { prompt, returnToUrl = '/' } = loginSearchParams.parse(
     Object.fromEntries(url.searchParams.entries())
   );
 
@@ -32,4 +32,4 @@ export async function GET({ url }: APIContext) {
     },
     status: 302,
   });
-}
+};

package/src/routes/auth/logout-callback.ts

@@ -7,7 +7,9 @@ export const GET: APIRoute = async (context) => {
   const returnTo = context.url.searchParams.get(returnToQueryParamName) ?? '/';
 
   if (!returnTo.startsWith('/')) {
-    throw new Error(`Invalid \`${returnToQueryParamName}\` query param`);
+    throw new Error(
+      `Invalid \`${returnToQueryParamName}\` query param, only relative URLs are allowed`
+    );
   }
 
   saveSessionTokensToCookie(context, await auth.generateVisitorTokens());

package/src/routes/auth/logout.ts

@@ -1,14 +1,21 @@
-import type { APIContext } from 'astro';
+import type { APIRoute } from 'astro';
+import { z } from 'zod';
 import { returnToQueryParamName } from '../../constants.js';
 import { auth } from '../../utils/contextualAuth.js';
 
-export async function POST({ redirect, request }: APIContext) {
-  const returnTo = request.headers.get('Referer') ?? '/';
+const logoutSearchParams = z.object({
+  returnToUrl: z.string().optional(),
+});
+
+export const POST: APIRoute = async ({ redirect, request, url }) => {
+  const { returnToUrl = '/' } = logoutSearchParams.parse(
+    Object.fromEntries(url.searchParams.entries())
+  );
   const baseUrl = `${new URL(request.url).origin}/${import.meta.env.BASE_URL}`;
   const postFlowUrl = new URL('/api/auth/logout-callback', baseUrl);
-  postFlowUrl.searchParams.set(returnToQueryParamName, returnTo);
+  postFlowUrl.searchParams.set(returnToQueryParamName, returnToUrl);
 
   const { logoutUrl } = await auth.logout(postFlowUrl.toString());
 
   return redirect(logoutUrl);
-}
+};

package/src/routes/service-plugins.ts

@@ -1,10 +1,10 @@
 import type { APIRoute } from 'astro';
 
 export const ALL: APIRoute = async (context) => {
-  const { ALL } = await import(
+  const { ALL } = (await import(
     /* @vite-ignore */
     `/.astro/integrations/_wix_astro/extensions/service-plugins/${context.params.compId}.ts`
-  );
+  )) as { ALL: APIRoute };
 
   return ALL(context);
 };

package/src/routes/webhooks.ts

@@ -1,10 +1,10 @@
 import type { APIRoute } from 'astro';
 
 export const ALL: APIRoute = async (context) => {
-  const { ALL } = await import(
+  const { ALL } = (await import(
     /* @vite-ignore */
     `/.astro/integrations/_wix_astro/extensions/webhooks/${context.params.compId}.ts`
-  );
+  )) as { ALL: APIRoute };
 
   return ALL(context);
 };

package/src/schemas.ts

@@ -210,9 +210,9 @@ export const devCenterComponentSchema = z.discriminatedUnion('compType', [
   devCenterEcomGiftCardsProviderSchema,
 ]);
 
-export type DevCenterComponent = z.infer<typeof devCenterComponentSchema>;
-
 export interface DevCenterAppManifest {
   appId: string;
   components: BaseDevCenterComponent[];
 }
+
+export type DevCenterComponent = z.infer<typeof devCenterComponentSchema>;

package/src/utils/createProjectModel.ts

@@ -14,9 +14,11 @@ import {
 import { pathExists, readJson } from './fs-utils.js';
 import { loadEnvVars } from './loadEnvVars.js';
 
-export async function createProjectModel(logger: AstroIntegrationLogger) {
+export async function createProjectModel(
+  logger: AstroIntegrationLogger
+): Promise<Model> {
   const rootDir = cwd();
-  const { appId, env } = loadEnvVars(rootDir, logger);
+  const { appId, env } = loadEnvVars(logger);
 
   const componentsPaths = await globby(
     pathToGlobby(join(EXTENSIONS_DIR, '*')),
@@ -31,14 +33,14 @@ export async function createProjectModel(logger: AstroIntegrationLogger) {
 
   for (const componentPath of componentsPaths) {
     const extensionManifest = await readExtensionManifest(componentPath);
-    const knownManifest = await parseKnownExtensionManifest(extensionManifest);
+    const knownManifest = parseKnownExtensionManifest(extensionManifest);
 
     if (knownManifest != null) {
       components.push(createComponent(knownManifest, componentPath));
       continue;
     }
 
-    const unknownManifest = await parseBaseExtensionManifest(extensionManifest);
+    const unknownManifest = parseBaseExtensionManifest(extensionManifest);
 
     unknownComponents.push(
       UnknownComponent.Unknown({
@@ -54,15 +56,11 @@ export async function createProjectModel(logger: AstroIntegrationLogger) {
     env,
     rootDir,
     unknownComponents,
-  } satisfies Model;
+  };
 }
 
 // https://github.com/mrmlnc/fast-glob/releases/tag/3.0.0
 // globby using fast-glob under the hood accepts only forward slashes in patterns.
-function pathToGlobby(path: string) {
-  return path.replaceAll('\\', '/');
-}
-
 function createComponent(manifest: DevCenterComponent, directory: string) {
   switch (manifest.compType) {
     case 'BACK_OFFICE_EXTENSION_MENU_ITEM':
@@ -133,18 +131,7 @@ function createComponent(manifest: DevCenterComponent, directory: string) {
   }
 }
 
-async function parseKnownExtensionManifest(extensionManifest: unknown) {
-  const appManifestResult =
-    devCenterComponentSchema.safeParse(extensionManifest);
-
-  if (appManifestResult.error) {
-    return null;
-  }
-
-  return appManifestResult.data;
-}
-
-async function parseBaseExtensionManifest(extensionManifest: unknown) {
+function parseBaseExtensionManifest(extensionManifest: unknown) {
   const appManifestResult =
     baseDevCenterComponentSchema.safeParse(extensionManifest);
 
@@ -161,6 +148,21 @@ async function parseBaseExtensionManifest(extensionManifest: unknown) {
   return appManifestResult.data;
 }
 
+function parseKnownExtensionManifest(extensionManifest: unknown) {
+  const appManifestResult =
+    devCenterComponentSchema.safeParse(extensionManifest);
+
+  if (appManifestResult.error) {
+    return null;
+  }
+
+  return appManifestResult.data;
+}
+
+function pathToGlobby(path: string) {
+  return path.replaceAll('\\', '/');
+}
+
 async function readExtensionManifest(directoryPath: string) {
   const manifestFilePath = join(directoryPath, 'extension.json');
 

package/src/utils/fs-utils.ts

@@ -7,36 +7,36 @@ import {
 import { EOL } from 'node:os';
 import { dirname, relative } from 'node:path';
 
-function toJsonString(object: unknown, opts?: { spaces: number }) {
-  return JSON.stringify(object, null, opts?.spaces).concat(EOL);
+export async function outputDir(dir: string): Promise<void> {
+  await mkdir(dir, { recursive: true });
 }
 
-export async function writeJson(
-  filePath: string,
-  object: unknown,
-  opts?: { spaces: number }
-) {
-  const str = toJsonString(object, opts);
-  await outputDir(dirname(filePath));
-
-  await writeFile(filePath, str, 'utf-8');
+export function pathExists(path: string): Promise<boolean> {
+  return access(path)
+    .then(() => true)
+    .catch(() => false);
 }
 
 export async function readJson(file: string): Promise<unknown> {
   return JSON.parse(await fsReadFile(file, 'utf-8'));
 }
 
-export function pathExists(path: string) {
-  return access(path)
-    .then(() => true)
-    .catch(() => false);
+export function toRelativePath(from: string, to: string): string {
+  const rel = relative(dirname(from), to).replaceAll('\\', '/');
+  return rel.startsWith('.') ? rel : `./${rel}`;
 }
 
-export async function outputDir(dir: string) {
-  await mkdir(dir, { recursive: true });
+export async function writeJson(
+  filePath: string,
+  object: unknown,
+  opts?: { spaces: number }
+): Promise<void> {
+  const str = toJsonString(object, opts);
+  await outputDir(dirname(filePath));
+
+  await writeFile(filePath, str, 'utf-8');
 }
 
-export function toRelativePath(from: string, to: string) {
-  const rel = relative(dirname(from), to).replaceAll('\\', '/');
-  return rel.startsWith('.') ? rel : `./${rel}`;
+function toJsonString(object: unknown, opts?: { spaces: number }) {
+  return `${JSON.stringify(object, null, opts?.spaces)}${EOL}`;
 }

package/src/utils/generateAppManifest.ts

@@ -14,7 +14,7 @@ import type {
 } from '../schemas.js';
 import type { Model } from '../types.js';
 
-export function generateAppManifest(model: Model) {
+export function generateAppManifest(model: Model): DevCenterAppManifest {
   const extensions = model.components
     .map((component) => component.manifest)
     .map((manifest) => {
@@ -22,7 +22,7 @@ export function generateAppManifest(model: Model) {
         case 'BACK_OFFICE_EXTENSION_MENU_ITEM':
           return manifest satisfies DevCenterBackofficeExtensionMenuItem;
         case 'BACK_OFFICE_EXTENSION_WIDGET':
-          if (manifest.compData.backOfficeExtensionWidget.iframeUrl) {
+          if (manifest.compData.backOfficeExtensionWidget.iframeUrl != null) {
             return manifest;
           }
 
@@ -36,7 +36,7 @@ export function generateAppManifest(model: Model) {
             },
           } satisfies DevCenterBackofficeExtensionWidget;
         case 'BACK_OFFICE_MODAL':
-          if (manifest.compData.backOfficeModal.iframeUrl) {
+          if (manifest.compData.backOfficeModal.iframeUrl != null) {
             return manifest;
           }
 
@@ -50,7 +50,7 @@ export function generateAppManifest(model: Model) {
             },
           } satisfies DevCenterBackofficeModal;
         case 'BACK_OFFICE_PAGE':
-          if (manifest.compData.backOfficePage.iframeUrl) {
+          if (manifest.compData.backOfficePage.iframeUrl != null) {
             return manifest;
           }
 
@@ -64,7 +64,7 @@ export function generateAppManifest(model: Model) {
             },
           } satisfies DevCenterBackofficePage;
         case 'ECOM_ADDITIONAL_FEES':
-          if (manifest.compData.ecomAdditionalFees.deploymentUri) {
+          if (manifest.compData.ecomAdditionalFees.deploymentUri != null) {
             return manifest;
           }
 
@@ -78,7 +78,7 @@ export function generateAppManifest(model: Model) {
             },
           } satisfies DevCenterEcomAdditionalFees;
         case 'ECOM_DISCOUNTS_TRIGGER':
-          if (manifest.compData.ecomDiscountsTrigger.deploymentUri) {
+          if (manifest.compData.ecomDiscountsTrigger.deploymentUri != null) {
             return manifest;
           }
 
@@ -92,7 +92,7 @@ export function generateAppManifest(model: Model) {
             },
           } satisfies DevCenterEcomDiscountsTrigger;
         case 'ECOM_PAYMENT_SETTINGS':
-          if (manifest.compData.ecomPaymentSettings.deploymentUri) {
+          if (manifest.compData.ecomPaymentSettings.deploymentUri != null) {
             return manifest;
           }
 
@@ -106,7 +106,7 @@ export function generateAppManifest(model: Model) {
             },
           } satisfies DevCenterEcomPaymentSettings;
         case 'ECOM_SHIPPING_RATES':
-          if (manifest.compData.ecomShippingRates.deploymentUri) {
+          if (manifest.compData.ecomShippingRates.deploymentUri != null) {
             return manifest;
           }
 
@@ -120,7 +120,7 @@ export function generateAppManifest(model: Model) {
             },
           } satisfies DevCenterEcomShippingRates;
         case 'ECOM_VALIDATIONS':
-          if (manifest.compData.ecomValidations.deploymentUri) {
+          if (manifest.compData.ecomValidations.deploymentUri != null) {
             return manifest;
           }
 
@@ -134,7 +134,7 @@ export function generateAppManifest(model: Model) {
             },
           } satisfies DevCenterEcomValidations;
         case 'GIFT_CARDS_PROVIDER':
-          if (manifest.compData.giftCardsProvider.deploymentUri) {
+          if (manifest.compData.giftCardsProvider.deploymentUri != null) {
             return manifest;
           }
 
@@ -148,7 +148,7 @@ export function generateAppManifest(model: Model) {
             },
           } satisfies DevCenterEcomGiftCardsProvider;
         case 'WEBHOOK':
-          if (manifest.compData.webhook.callbackUrl) {
+          if (manifest.compData.webhook.callbackUrl != null) {
             return manifest;
           }
 
@@ -173,5 +173,5 @@ export function generateAppManifest(model: Model) {
   return {
     appId: model.appId,
     components: [...extensions, ...unknownExtensions],
-  } satisfies DevCenterAppManifest;
+  };
 }