create-brainerce-store 1.11.2 → 1.12.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +1 -1
- package/package.json +1 -1
- package/templates/nextjs/base/next.config.ts +31 -31
- package/templates/nextjs/base/src/app/api/auth/me/route.ts +8 -1
- package/templates/nextjs/base/src/app/api/auth/reset-password/route.ts +12 -3
- package/templates/nextjs/base/src/app/globals.css +0 -1
- package/templates/nextjs/base/src/components/checkout/payment-step.tsx +444 -534
- package/templates/nextjs/base/src/components/layout/footer.tsx +41 -38
- package/templates/nextjs/base/src/components/layout/header.tsx +336 -332
package/dist/index.js
CHANGED
|
@@ -31,7 +31,7 @@ var require_package = __commonJS({
|
|
|
31
31
|
"package.json"(exports2, module2) {
|
|
32
32
|
module2.exports = {
|
|
33
33
|
name: "create-brainerce-store",
|
|
34
|
-
version: "1.
|
|
34
|
+
version: "1.12.1",
|
|
35
35
|
description: "Scaffold a production-ready e-commerce storefront connected to Brainerce",
|
|
36
36
|
bin: {
|
|
37
37
|
"create-brainerce-store": "dist/index.js"
|
package/package.json
CHANGED
|
@@ -1,31 +1,31 @@
|
|
|
1
|
-
import type { NextConfig } from 'next';
|
|
2
|
-
|
|
3
|
-
const nextConfig: NextConfig = {
|
|
4
|
-
images: {
|
|
5
|
-
remotePatterns: [{ protocol: 'https', hostname: '**' }],
|
|
6
|
-
},
|
|
7
|
-
async headers() {
|
|
8
|
-
return [
|
|
9
|
-
{
|
|
10
|
-
source: '/(.*)',
|
|
11
|
-
headers: [
|
|
12
|
-
{
|
|
13
|
-
key: 'Content-Security-Policy',
|
|
14
|
-
value: [
|
|
15
|
-
"default-src 'self'",
|
|
16
|
-
"script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.meshulam.co.il https://meshulam.co.il https://*.meshulam.co.il https://grow.link https://*.grow.link https://*.grow.security https://js.stripe.com https://pay.google.com",
|
|
17
|
-
"style-src 'self' 'unsafe-inline'",
|
|
18
|
-
"img-src 'self' data: blob: https:",
|
|
19
|
-
"font-src 'self' data:",
|
|
20
|
-
"frame-src 'self' https://*.meshulam.co.il https://grow.link https://*.grow.link https://*.grow.security https://*.creditguard.co.il https://js.stripe.com https://hooks.stripe.com https://pay.google.com",
|
|
21
|
-
"connect-src 'self' https://*.meshulam.co.il https://grow.link https://*.grow.link https://*.grow.security https://google.com https://pay.google.com https://*.stripe.com https://*.creditguard.co.il",
|
|
22
|
-
"worker-src 'self' blob:",
|
|
23
|
-
].join('; '),
|
|
24
|
-
},
|
|
25
|
-
],
|
|
26
|
-
},
|
|
27
|
-
];
|
|
28
|
-
},
|
|
29
|
-
};
|
|
30
|
-
|
|
31
|
-
export default nextConfig;
|
|
1
|
+
import type { NextConfig } from 'next';
|
|
2
|
+
|
|
3
|
+
const nextConfig: NextConfig = {
|
|
4
|
+
images: {
|
|
5
|
+
remotePatterns: [{ protocol: 'https', hostname: '**' }],
|
|
6
|
+
},
|
|
7
|
+
async headers() {
|
|
8
|
+
return [
|
|
9
|
+
{
|
|
10
|
+
source: '/(.*)',
|
|
11
|
+
headers: [
|
|
12
|
+
{
|
|
13
|
+
key: 'Content-Security-Policy',
|
|
14
|
+
value: [
|
|
15
|
+
"default-src 'self'",
|
|
16
|
+
"script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.meshulam.co.il https://meshulam.co.il https://*.meshulam.co.il https://grow.link https://*.grow.link https://*.grow.security https://js.stripe.com https://pay.google.com",
|
|
17
|
+
"style-src 'self' 'unsafe-inline' https://cdn.meshulam.co.il",
|
|
18
|
+
"img-src 'self' data: blob: https:",
|
|
19
|
+
"font-src 'self' data:",
|
|
20
|
+
"frame-src 'self' https://*.meshulam.co.il https://grow.link https://*.grow.link https://*.grow.security https://*.creditguard.co.il https://js.stripe.com https://hooks.stripe.com https://pay.google.com",
|
|
21
|
+
"connect-src 'self' https://*.meshulam.co.il https://grow.link https://*.grow.link https://*.grow.security https://google.com https://pay.google.com https://*.stripe.com https://*.creditguard.co.il",
|
|
22
|
+
"worker-src 'self' blob:",
|
|
23
|
+
].join('; '),
|
|
24
|
+
},
|
|
25
|
+
],
|
|
26
|
+
},
|
|
27
|
+
];
|
|
28
|
+
},
|
|
29
|
+
};
|
|
30
|
+
|
|
31
|
+
export default nextConfig;
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { NextResponse } from 'next/server';
|
|
2
|
-
import { cookies } from 'next/headers';
|
|
2
|
+
import { cookies, headers } from 'next/headers';
|
|
3
3
|
|
|
4
4
|
const BACKEND_URL = (process.env.BRAINERCE_API_URL || 'https://api.brainerce.com').replace(
|
|
5
5
|
/\/$/,
|
|
@@ -23,12 +23,19 @@ export async function GET() {
|
|
|
23
23
|
return NextResponse.json({ isLoggedIn: false });
|
|
24
24
|
}
|
|
25
25
|
|
|
26
|
+
// Derive Origin from the incoming request so the backend's BrowserOriginGuard accepts it
|
|
27
|
+
const requestHeaders = await headers();
|
|
28
|
+
const host = requestHeaders.get('host') || 'localhost:3000';
|
|
29
|
+
const proto = requestHeaders.get('x-forwarded-proto') || 'http';
|
|
30
|
+
const origin = requestHeaders.get('origin') || `${proto}://${host}`;
|
|
31
|
+
|
|
26
32
|
try {
|
|
27
33
|
// Validate token by calling backend profile endpoint
|
|
28
34
|
const response = await fetch(`${BACKEND_URL}/api/vc/${CONNECTION_ID}/customers/me`, {
|
|
29
35
|
headers: {
|
|
30
36
|
Authorization: `Bearer ${tokenCookie.value}`,
|
|
31
37
|
'Content-Type': 'application/json',
|
|
38
|
+
Origin: origin,
|
|
32
39
|
},
|
|
33
40
|
});
|
|
34
41
|
|
|
@@ -1,12 +1,12 @@
|
|
|
1
1
|
import { NextRequest, NextResponse } from 'next/server';
|
|
2
|
-
import { cookies } from 'next/headers';
|
|
2
|
+
import { cookies, headers } from 'next/headers';
|
|
3
3
|
|
|
4
4
|
const BACKEND_URL = (process.env.BRAINERCE_API_URL || 'https://api.brainerce.com').replace(
|
|
5
5
|
/\/$/,
|
|
6
6
|
''
|
|
7
7
|
);
|
|
8
8
|
|
|
9
|
-
const CONNECTION_ID = process.env.
|
|
9
|
+
const CONNECTION_ID = process.env.NEXT_PUBLIC_BRAINERCE_CONNECTION_ID || '';
|
|
10
10
|
|
|
11
11
|
const RESET_TOKEN_COOKIE = 'brainerce_reset_token';
|
|
12
12
|
const CSRF_HEADER = 'x-requested-with';
|
|
@@ -43,12 +43,21 @@ export async function POST(request: NextRequest) {
|
|
|
43
43
|
return NextResponse.json({ error: 'New password is required' }, { status: 400 });
|
|
44
44
|
}
|
|
45
45
|
|
|
46
|
+
// Derive Origin from the incoming request so the backend's BrowserOriginGuard accepts it
|
|
47
|
+
const requestHeaders = await headers();
|
|
48
|
+
const host = requestHeaders.get('host') || 'localhost:3000';
|
|
49
|
+
const proto = requestHeaders.get('x-forwarded-proto') || 'http';
|
|
50
|
+
const origin = requestHeaders.get('origin') || `${proto}://${host}`;
|
|
51
|
+
|
|
46
52
|
// Proxy to backend
|
|
47
53
|
const backendUrl = `${BACKEND_URL}/api/vc/${CONNECTION_ID}/customers/reset-password`;
|
|
48
54
|
|
|
49
55
|
const backendResponse = await fetch(backendUrl, {
|
|
50
56
|
method: 'POST',
|
|
51
|
-
headers: {
|
|
57
|
+
headers: {
|
|
58
|
+
'Content-Type': 'application/json',
|
|
59
|
+
Origin: origin,
|
|
60
|
+
},
|
|
52
61
|
body: JSON.stringify({
|
|
53
62
|
token: resetTokenCookie.value,
|
|
54
63
|
newPassword,
|