astro-tractstack 2.3.2 → 2.3.3

package/templates/src/pages/api/google/oauth/callback.ts

@@ -0,0 +1,50 @@
+import type { APIRoute } from '@/types/astro';
+
+export const GET: APIRoute = async ({ request, locals, url }) => {
+  const GO_BACKEND =
+    import.meta.env.PUBLIC_GO_BACKEND || 'http://localhost:8080';
+  const tenantId =
+    locals.tenant?.id || import.meta.env.PUBLIC_TENANTID || 'default';
+
+  const forwardedProto =
+    request.headers.get('x-forwarded-proto') || url.protocol.replace(':', '');
+  const forwardedHost = request.headers.get('x-forwarded-host') || url.host;
+
+  const response = await fetch(
+    `${GO_BACKEND}/api/v1/google/oauth/callback${url.search}`,
+    {
+      method: 'GET',
+      redirect: 'manual',
+      headers: {
+        'X-Tenant-ID': tenantId,
+        'X-Forwarded-Proto': forwardedProto,
+        'X-Forwarded-Host': forwardedHost,
+        ...(request.headers.get('Authorization') && {
+          Authorization: request.headers.get('Authorization')!,
+        }),
+        ...(request.headers.get('Cookie') && {
+          Cookie: request.headers.get('Cookie')!,
+        }),
+      },
+    }
+  );
+
+  const location = response.headers.get('location');
+  if (location) {
+    const frontendOrigin = `${forwardedProto}://${forwardedHost}`;
+    const redirectUrl = new URL(location, frontendOrigin).toString();
+    return Response.redirect(
+      redirectUrl,
+      response.status >= 300 && response.status < 400 ? response.status : 302
+    );
+  }
+
+  const body = await response.text();
+  return new Response(body, {
+    status: response.status,
+    headers: {
+      'Content-Type':
+        response.headers.get('Content-Type') || 'application/json',
+    },
+  });
+};

package/templates/src/pages/api/google/oauth/disconnect.ts

@@ -0,0 +1,32 @@
+import type { APIRoute } from '@/types/astro';
+
+export const POST: APIRoute = async ({ request, locals, url }) => {
+  const GO_BACKEND =
+    import.meta.env.PUBLIC_GO_BACKEND || 'http://localhost:8080';
+  const tenantId =
+    locals.tenant?.id || import.meta.env.PUBLIC_TENANTID || 'default';
+  const forwardedProto =
+    request.headers.get('x-forwarded-proto') || url.protocol.replace(':', '');
+  const forwardedHost = request.headers.get('x-forwarded-host') || url.host;
+
+  const response = await fetch(`${GO_BACKEND}/api/v1/google/oauth/disconnect`, {
+    method: 'POST',
+    headers: {
+      'X-Tenant-ID': tenantId,
+      'X-Forwarded-Proto': forwardedProto,
+      'X-Forwarded-Host': forwardedHost,
+      ...(request.headers.get('Authorization') && {
+        Authorization: request.headers.get('Authorization')!,
+      }),
+      ...(request.headers.get('Cookie') && {
+        Cookie: request.headers.get('Cookie')!,
+      }),
+    },
+  });
+
+  const data = await response.text();
+  return new Response(data, {
+    status: response.status,
+    headers: { 'Content-Type': 'application/json' },
+  });
+};

package/templates/src/pages/api/google/oauth/start.ts

@@ -0,0 +1,32 @@
+import type { APIRoute } from '@/types/astro';
+
+export const GET: APIRoute = async ({ request, locals, url }) => {
+  const GO_BACKEND =
+    import.meta.env.PUBLIC_GO_BACKEND || 'http://localhost:8080';
+  const tenantId =
+    locals.tenant?.id || import.meta.env.PUBLIC_TENANTID || 'default';
+  const forwardedProto =
+    request.headers.get('x-forwarded-proto') || url.protocol.replace(':', '');
+  const forwardedHost = request.headers.get('x-forwarded-host') || url.host;
+
+  const response = await fetch(`${GO_BACKEND}/api/v1/google/oauth/start`, {
+    method: 'GET',
+    headers: {
+      'X-Tenant-ID': tenantId,
+      'X-Forwarded-Proto': forwardedProto,
+      'X-Forwarded-Host': forwardedHost,
+      ...(request.headers.get('Authorization') && {
+        Authorization: request.headers.get('Authorization')!,
+      }),
+      ...(request.headers.get('Cookie') && {
+        Cookie: request.headers.get('Cookie')!,
+      }),
+    },
+  });
+
+  const data = await response.text();
+  return new Response(data, {
+    status: response.status,
+    headers: { 'Content-Type': 'application/json' },
+  });
+};

package/templates/src/pages/api/google/oauth/status.ts

@@ -0,0 +1,32 @@
+import type { APIRoute } from '@/types/astro';
+
+export const GET: APIRoute = async ({ request, locals, url }) => {
+  const GO_BACKEND =
+    import.meta.env.PUBLIC_GO_BACKEND || 'http://localhost:8080';
+  const tenantId =
+    locals.tenant?.id || import.meta.env.PUBLIC_TENANTID || 'default';
+  const forwardedProto =
+    request.headers.get('x-forwarded-proto') || url.protocol.replace(':', '');
+  const forwardedHost = request.headers.get('x-forwarded-host') || url.host;
+
+  const response = await fetch(`${GO_BACKEND}/api/v1/google/oauth/status`, {
+    method: 'GET',
+    headers: {
+      'X-Tenant-ID': tenantId,
+      'X-Forwarded-Proto': forwardedProto,
+      'X-Forwarded-Host': forwardedHost,
+      ...(request.headers.get('Authorization') && {
+        Authorization: request.headers.get('Authorization')!,
+      }),
+      ...(request.headers.get('Cookie') && {
+        Cookie: request.headers.get('Cookie')!,
+      }),
+    },
+  });
+
+  const data = await response.text();
+  return new Response(data, {
+    status: response.status,
+    headers: { 'Content-Type': 'application/json' },
+  });
+};

package/templates/src/pages/privacy.astro

@@ -0,0 +1,84 @@
+---
+const effectiveDate = '2026-05-03';
+---
+
+<!doctype html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <title>Privacy Policy</title>
+  </head>
+  <body>
+    <main
+      style="margin: 0 auto; max-width: 48rem; padding: 2rem 1rem; font-family: Inter, Arial, sans-serif; line-height: 1.6;"
+    >
+      <h1>Privacy Policy</h1>
+      <p><strong>Effective date:</strong> {effectiveDate}</p>
+      <p>
+        This site is built with TractStack and is designed to minimize personal
+        data collection while supporting operational analytics.
+      </p>
+
+      <h2>What We Collect</h2>
+      <ul>
+        <li>
+          Pseudonymous usage and activity events for site operation and content
+          performance.
+        </li>
+        <li>
+          Session identifiers used for continuity, including session, visit, and
+          fingerprint IDs.
+        </li>
+        <li>
+          Optional profile/contact details only when you explicitly provide
+          them.
+        </li>
+      </ul>
+
+      <h2>How We Use Data</h2>
+      <ul>
+        <li>To operate site behavior, booking flows, and communications.</li>
+        <li>To measure page and interaction performance.</li>
+        <li>
+          To provide profile-based personalization when a profile is created.
+        </li>
+      </ul>
+
+      <h2>Consent and Controls</h2>
+      <ul>
+        <li>
+          Consent controls profile memory and preference retention in your
+          browser.
+        </li>
+        <li>
+          Operational session and interaction tracking may occur even when full
+          profile consent is not enabled.
+        </li>
+        <li>
+          You can revoke consent from the profile/session controls on this site;
+          this clears browser-stored session/profile data for this browser.
+        </li>
+      </ul>
+
+      <h2>Retention</h2>
+      <p>
+        Revoking consent clears local browser storage for session/profile data,
+        but previously recorded server-side operational logs and analytics
+        events may still exist according to site retention policy.
+      </p>
+
+      <h2>Consent Signal</h2>
+      <p>
+        The consent signal sent during session handshake can be present, denied,
+        or unknown depending on client state.
+      </p>
+
+      <h2>Contact</h2>
+      <p>
+        For privacy questions, contact the site owner using the contact details
+        provided on this website.
+      </p>
+    </main>
+  </body>
+</html>

package/templates/src/pages/terms.astro

@@ -0,0 +1,47 @@
+---
+const effectiveDate = '2026-05-03';
+---
+
+<!doctype html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <title>Terms of Service</title>
+  </head>
+  <body>
+    <main
+      style="margin: 0 auto; max-width: 48rem; padding: 2rem 1rem; font-family: Inter, Arial, sans-serif; line-height: 1.6;"
+    >
+      <h1>Terms of Service</h1>
+      <p><strong>Effective date:</strong> {effectiveDate}</p>
+
+      <h2>Acceptance of Terms</h2>
+      <p>By using this website and its services, you agree to these terms.</p>
+
+      <h2>Use of Service</h2>
+      <p>
+        You agree not to misuse the website, attempt unauthorized access, or
+        interfere with normal operation.
+      </p>
+
+      <h2>Bookings and Communications</h2>
+      <p>
+        If this site offers booking services, confirmations and related
+        communications are provided as operational notifications.
+      </p>
+
+      <h2>Disclaimer</h2>
+      <p>
+        Services are provided on an “as is” basis, without warranties except as
+        required by law.
+      </p>
+
+      <h2>Contact</h2>
+      <p>
+        For terms questions, contact the site owner using details provided on
+        this website.
+      </p>
+    </main>
+  </body>
+</html>

package/templates/src/stores/shopify.ts

@@ -227,6 +227,10 @@ export const transactionTraceId = persistentAtom<string>(
   'tractstack_shopify_trace_id',
   ''
 );
+export const preferredAppointmentMode = persistentAtom<'IN_PERSON' | 'REMOTE'>(
+  'tractstack_shopify_appointment_mode',
+  'IN_PERSON'
+);
 
 export interface CustomerDetails {
   name: string;
@@ -262,6 +266,7 @@ export function clearCommerceState() {
     leadId: '',
   });
   transactionTraceId.set('');
+  preferredAppointmentMode.set('IN_PERSON');
   cartState.set(CART_STATES.READY);
 }
 

package/templates/src/types/tractstack.ts

@@ -162,6 +162,8 @@ export interface SchedulingConfig {
   timezone: string;
   bufferGapsMinutes: number;
   maxLengthMinutes: number;
+  allowRemote: boolean;
+  remoteOnly: boolean;
   businessHours: Record<string, TimeBlock>;
   unavailableHours: TimeBlock[];
 }
@@ -285,6 +287,13 @@ export interface AdvancedConfigStatus {
   resendApiKeySet: boolean;
   shopifyAdminSlugSet: boolean;
   userSetupWebhooks: boolean;
+  googleOauthClientIdSet: boolean;
+  googleOauthClientSecretSet: boolean;
+  googleCalendarIdSet: boolean;
+  googleAccessTokenSet: boolean;
+  googleRefreshTokenSet: boolean;
+  googleTokenExpirySet: boolean;
+  hasGoogleSync: boolean;
 }
 
 export interface AdvancedConfigState {
@@ -301,6 +310,9 @@ export interface AdvancedConfigState {
   shopifyAdminSlug: string;
   userSetupWebhooks: boolean;
   resendApiKey: string;
+  googleOauthClientId: string;
+  googleOauthClientSecret: string;
+  googleCalendarId: string;
 }
 
 export interface AdvancedConfigUpdateRequest {
@@ -318,6 +330,9 @@ export interface AdvancedConfigUpdateRequest {
   SHOPIFY_ADMIN_SLUG?: string;
   USER_SETUP_WEBHOOKS?: boolean;
   RESEND_API_KEY?: string;
+  GOOGLE_OAUTH_CLIENT_ID?: string;
+  GOOGLE_OAUTH_CLIENT_SECRET?: string;
+  GOOGLE_CALENDAR_ID?: string;
 }
 
 export interface MenuNodeState {
@@ -520,6 +535,14 @@ export interface CategorizedResults {
 }
 
 export type BookingStatus = 'PENDING' | 'CONFIRMED' | 'CANCELLED';
+export type AppointmentMode = 'IN_PERSON' | 'REMOTE';
+export type GoogleSyncStatus =
+  | 'NOT_SYNCED'
+  | 'PENDING'
+  | 'SYNCED'
+  | 'DELETE_PENDING'
+  | 'DELETE_SYNCED'
+  | 'FAILED';
 
 export interface BookingEntity {
   id: string; // traceId
@@ -528,7 +551,14 @@ export interface BookingEntity {
   startTime: string; // ISO-8601 UTC string
   endTime: string; // ISO-8601 UTC string
   status: BookingStatus;
+  appointmentMode: AppointmentMode;
   shopifyOrderId?: string;
+  googleEventId?: string;
+  googleMeetURL?: string;
+  googleSyncStatus: GoogleSyncStatus;
+  googleLastError?: string;
+  confirmationEmailSent: boolean;
+  linkAddedEmailSent: boolean;
   createdAt: string; // ISO-8601 UTC string
   leadEmail?: string;
   leadName?: string;

package/templates/src/utils/api/advancedHelpers.ts

@@ -27,6 +27,9 @@ export function convertToLocalState(
       resendApiKey: '',
       shopifyAdminSlug: '',
       userSetupWebhooks: false,
+      googleOauthClientId: '',
+      googleOauthClientSecret: '',
+      googleCalendarId: '',
     };
   }
 
@@ -47,6 +50,9 @@ export function convertToLocalState(
     resendApiKey: '',
     shopifyAdminSlug: '',
     userSetupWebhooks: status.userSetupWebhooks,
+    googleOauthClientId: '',
+    googleOauthClientSecret: '',
+    googleCalendarId: '',
   };
 }
 
@@ -108,6 +114,16 @@ export function convertToBackendFormat(
     request.RESEND_API_KEY = state.resendApiKey.trim();
   }
 
+  if (state.googleOauthClientId?.trim()) {
+    request.GOOGLE_OAUTH_CLIENT_ID = state.googleOauthClientId.trim();
+  }
+  if (state.googleOauthClientSecret?.trim()) {
+    request.GOOGLE_OAUTH_CLIENT_SECRET = state.googleOauthClientSecret.trim();
+  }
+  if (state.googleCalendarId?.trim()) {
+    request.GOOGLE_CALENDAR_ID = state.googleCalendarId.trim();
+  }
+
   return request;
 }
 

package/templates/src/utils/api/bookingHelpers.ts

@@ -36,7 +36,8 @@ export const bookingHelpers = {
     traceId: string,
     startTime: string,
     endTime: string,
-    resourceIds: string[]
+    resourceIds: string[],
+    appointmentMode: 'IN_PERSON' | 'REMOTE'
   ) => {
     const details = customerDetails.get();
 
@@ -51,6 +52,7 @@ export const bookingHelpers = {
         resourceIds,
         startTime,
         endTime,
+        appointmentMode,
       }),
     });
     return await response.json();

package/templates/src/utils/api/brandHelpers.ts

@@ -49,6 +49,8 @@ export function convertToLocalState(
       timezone: 'UTC',
       bufferGapsMinutes: 15,
       maxLengthMinutes: 0,
+      allowRemote: false,
+      remoteOnly: false,
       businessHours: {},
       unavailableHours: [],
     },
@@ -62,6 +64,11 @@ export function convertToLocalState(
 export function convertToBackendFormat(
   localState: BrandConfigState
 ): BrandConfig {
+  const scheduling = { ...localState.scheduling };
+  if (scheduling.remoteOnly) {
+    scheduling.allowRemote = true;
+  }
+
   return {
     TENANT_ID: localState.tenantId,
     SITE_INIT: localState.siteInit,
@@ -86,7 +93,7 @@ export function convertToBackendFormat(
     HAS_SHOPIFY: localState.hasShopify,
     SHOW_SHOPIFY_HELPER: localState.showShopifyHelper,
     HAS_RESEND: localState.hasResend,
-    SCHEDULING: localState.scheduling,
+    SCHEDULING: scheduling,
     ADMIN_EMAIL: localState.adminEmail,
 
     // ALWAYS send asset paths (current state)

package/templates/src/utils/booking/appointmentMode.ts

@@ -0,0 +1,135 @@
+import type { ResourceNode } from '@/types/compositorTypes';
+import type { CartItemState } from '@/stores/shopify';
+
+export type AppointmentMode = 'IN_PERSON' | 'REMOTE';
+
+export type AppointmentSchedulingInput = {
+  allowRemote?: boolean;
+  remoteOnly?: boolean;
+};
+
+export type AppointmentModeConstraints = {
+  serviceResources: ResourceNode[];
+  anyServiceRemoteOnly: boolean;
+  someServiceForcesInPerson: boolean;
+  allServicesAllowRemote: boolean;
+  effectiveRemoteOnly: boolean;
+  effectiveAllowRemote: boolean;
+  remoteAvailable: boolean;
+  inPersonAvailable: boolean;
+  hasImpossibleRemoteMix: boolean;
+  /** Same as `remoteAvailable`; kept for cart naming parity */
+  canRemote: boolean;
+};
+
+/**
+ * Collects service resources involved in booking (same rules as Cart / CheckoutModal).
+ */
+export function collectBookingServiceResources(
+  cart: Record<string, CartItemState>,
+  resources: ResourceNode[]
+): ResourceNode[] {
+  const dedupe = new Map<string, ResourceNode>();
+  for (const item of Object.values(cart)) {
+    const resource = resources.find((r) => r.id === item.resourceId);
+    if (
+      resource &&
+      (resource.categorySlug === 'service' ||
+        resource.optionsPayload?.bookingLengthMinutes)
+    ) {
+      dedupe.set(resource.id, resource);
+    }
+    if (item.boundResourceId) {
+      const bound = resources.find((r) => r.id === item.boundResourceId);
+      if (bound) {
+        dedupe.set(bound.id, bound);
+      }
+    }
+  }
+  return Array.from(dedupe.values());
+}
+
+/**
+ * Returns true if the cart would mix remote-only services with in-person-only services.
+ */
+export function wouldCartHaveImpossibleRemoteMix(
+  nextCart: Record<string, CartItemState>,
+  resources: ResourceNode[]
+): boolean {
+  const svc = collectBookingServiceResources(nextCart, resources);
+  const anyRemoteOnly = svc.some((r) => Boolean(r.optionsPayload?.remoteOnly));
+  const someInPersonOnly = svc.some(
+    (r) =>
+      !Boolean(r.optionsPayload?.remoteOnly) &&
+      !Boolean(r.optionsPayload?.allowRemote)
+  );
+  return anyRemoteOnly && someInPersonOnly;
+}
+
+/**
+ * Single source of truth for tenant + per-service remote eligibility.
+ */
+export function deriveAppointmentConstraints(
+  cart: Record<string, CartItemState>,
+  resources: ResourceNode[],
+  tenantScheduling: AppointmentSchedulingInput
+): AppointmentModeConstraints {
+  const serviceResources = collectBookingServiceResources(cart, resources);
+  const allowRemote = Boolean(tenantScheduling.allowRemote);
+  const tenantRemoteOnly = Boolean(tenantScheduling.remoteOnly);
+
+  const anyServiceRemoteOnly = serviceResources.some((r) =>
+    Boolean(r.optionsPayload?.remoteOnly)
+  );
+  const someServiceForcesInPerson = serviceResources.some(
+    (r) =>
+      !Boolean(r.optionsPayload?.remoteOnly) &&
+      !Boolean(r.optionsPayload?.allowRemote)
+  );
+  const allServicesAllowRemote =
+    serviceResources.length === 0 ||
+    serviceResources.every(
+      (r) =>
+        Boolean(r.optionsPayload?.remoteOnly) ||
+        Boolean(r.optionsPayload?.allowRemote)
+    );
+
+  const effectiveRemoteOnly = tenantRemoteOnly || anyServiceRemoteOnly;
+  const effectiveAllowRemote = allowRemote || tenantRemoteOnly;
+
+  const remoteAvailable =
+    effectiveRemoteOnly ||
+    (effectiveAllowRemote &&
+      serviceResources.length > 0 &&
+      allServicesAllowRemote);
+
+  const inPersonAvailable = !effectiveRemoteOnly;
+  const hasImpossibleRemoteMix =
+    anyServiceRemoteOnly && someServiceForcesInPerson;
+
+  return {
+    serviceResources,
+    anyServiceRemoteOnly,
+    someServiceForcesInPerson,
+    allServicesAllowRemote,
+    effectiveRemoteOnly,
+    effectiveAllowRemote,
+    remoteAvailable,
+    inPersonAvailable,
+    hasImpossibleRemoteMix,
+    canRemote: remoteAvailable,
+  };
+}
+
+export function pickInitialAppointmentMode(
+  c: AppointmentModeConstraints,
+  currentPreferred: AppointmentMode
+): AppointmentMode {
+  if (c.effectiveRemoteOnly) {
+    return 'REMOTE';
+  }
+  if (currentPreferred === 'REMOTE' && c.remoteAvailable) {
+    return 'REMOTE';
+  }
+  return 'IN_PERSON';
+}

package/templates/src/utils/customHelpers.ts

@@ -53,6 +53,8 @@ export const RESTRICTION_MESSAGES = {
   TERMS: 'Please review the terms for this item before adding it to your cart.',
   MAX_DURATION: (max: number) =>
     `You cannot book more than ${max} minutes of services in one session.`,
+  INCOMPATIBLE_REMOTE:
+    'This service cannot be combined with the services already in your cart. Some require remote-only delivery while others can only be delivered in person.',
   DEFAULT_ADD: (title: string) => `${title} has been added to your cart.`,
 };
 

package/utils/inject-files.ts

@@ -753,10 +753,6 @@ export async function injectTemplateFiles(
       src: resolve('../templates/src/utils/actions/preParse_Action.ts'),
       dest: 'src/utils/actions/preParse_Action.ts',
     },
-    {
-      src: resolve('../templates/src/utils/actions/preParse_Clicked.ts'),
-      dest: 'src/utils/actions/preParse_Clicked.ts',
-    },
     {
       src: resolve('../templates/src/utils/actions/preParse_Impression.ts'),
       dest: 'src/utils/actions/preParse_Impression.ts',
@@ -900,6 +896,14 @@ export async function injectTemplateFiles(
       src: resolve('../templates/custom/shopify/cart.astro'),
       dest: 'src/pages/cart.astro',
     },
+    {
+      src: resolve('../templates/src/pages/privacy.astro'),
+      dest: 'src/pages/privacy.astro',
+    },
+    {
+      src: resolve('../templates/src/pages/terms.astro'),
+      dest: 'src/pages/terms.astro',
+    },
     {
       src: resolve('../templates/src/pages/404.astro'),
       dest: 'src/pages/404.astro',
@@ -1000,6 +1004,22 @@ export async function injectTemplateFiles(
       src: resolve('../templates/src/pages/api/auth/logout.ts'),
       dest: 'src/pages/api/auth/logout.ts',
     },
+    {
+      src: resolve('../templates/src/pages/api/google/oauth/start.ts'),
+      dest: 'src/pages/api/google/oauth/start.ts',
+    },
+    {
+      src: resolve('../templates/src/pages/api/google/oauth/status.ts'),
+      dest: 'src/pages/api/google/oauth/status.ts',
+    },
+    {
+      src: resolve('../templates/src/pages/api/google/oauth/disconnect.ts'),
+      dest: 'src/pages/api/google/oauth/disconnect.ts',
+    },
+    {
+      src: resolve('../templates/src/pages/api/google/oauth/callback.ts'),
+      dest: 'src/pages/api/google/oauth/callback.ts',
+    },
     {
       src: resolve('../templates/src/pages/api/orphan-analysis.ts'),
       dest: 'src/pages/api/orphan-analysis.ts',
@@ -2351,6 +2371,11 @@ export async function injectTemplateFiles(
       dest: 'src/utils/customHelpers.ts',
       protected: true,
     },
+    {
+      src: resolve('../templates/src/utils/booking/appointmentMode.ts'),
+      dest: 'src/utils/booking/appointmentMode.ts',
+      protected: true,
+    },
     {
       src: resolve('../templates/custom/shopify/ShopifyProductGrid.tsx'),
       dest: 'src/custom/shopify/ShopifyProductGrid.tsx',