npm - create-brainerce-store - Versions diffs - 1.18.0 → 1.20.0 - Mend

create-brainerce-store 1.18.0 → 1.20.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (67) hide show

package/templates/nextjs/base/src/app/api/auth/reset-password/route.ts CHANGED Viewed

@@ -1,77 +1,77 @@
-import { NextRequest, NextResponse } from 'next/server';
-import { cookies, headers } from 'next/headers';
-const BACKEND_URL = (process.env.BRAINERCE_API_URL || 'https://api.brainerce.com').replace(
-  /\/$/,
-  ''
-);
-const CONNECTION_ID = process.env.NEXT_PUBLIC_BRAINERCE_CONNECTION_ID || '';
-const RESET_TOKEN_COOKIE = 'brainerce_reset_token';
-const CSRF_HEADER = 'x-requested-with';
-const CSRF_VALUE = 'brainerce';
-/**
- * BFF endpoint for password reset.
- * Reads the reset token from the httpOnly cookie (set by /api/auth/reset-callback)
- * and proxies the request to the backend. The token never touches client JS.
- */
-export async function POST(request: NextRequest) {
-  // CSRF check
-  const csrfHeader = request.headers.get(CSRF_HEADER);
-  if (csrfHeader !== CSRF_VALUE) {
-    return NextResponse.json({ error: 'CSRF validation failed' }, { status: 403 });
-  }
-  // Read reset token from httpOnly cookie
-  const cookieStore = await cookies();
-  const resetTokenCookie = cookieStore.get(RESET_TOKEN_COOKIE);
-  if (!resetTokenCookie?.value) {
-    return NextResponse.json(
-      { error: 'No reset token found. Please request a new password reset link.' },
-      { status: 400 }
-    );
-  }
-  // Parse request body
-  const body = await request.json();
-  const { newPassword } = body;
-  if (!newPassword) {
-    return NextResponse.json({ error: 'New password is required' }, { status: 400 });
-  }
-  // Derive Origin from the incoming request so the backend's BrowserOriginGuard accepts it
-  const requestHeaders = await headers();
-  const host = requestHeaders.get('host') || 'localhost:3000';
-  const proto = requestHeaders.get('x-forwarded-proto') || 'http';
-  const origin = requestHeaders.get('origin') || `${proto}://${host}`;
-  // Proxy to backend
-  const backendUrl = `${BACKEND_URL}/api/vc/${CONNECTION_ID}/customers/reset-password`;
-  const backendResponse = await fetch(backendUrl, {
-    method: 'POST',
-    headers: {
-      'Content-Type': 'application/json',
-      Origin: origin,
-    },
-    body: JSON.stringify({
-      token: resetTokenCookie.value,
-      newPassword,
-    }),
-  });
-  const data = await backendResponse.json();
-  const response = NextResponse.json(data, {
-    status: backendResponse.status,
-  });
-  // Always clear the reset token cookie after use (success or failure)
-  response.cookies.delete(RESET_TOKEN_COOKIE);
-  return response;
-}
+import { NextRequest, NextResponse } from 'next/server';
+import { cookies, headers } from 'next/headers';
+const BACKEND_URL = (process.env.BRAINERCE_API_URL || 'https://api.brainerce.com').replace(
+  /\/$/,
+  ''
+);
+const CONNECTION_ID = process.env.NEXT_PUBLIC_BRAINERCE_CONNECTION_ID || '';
+const RESET_TOKEN_COOKIE = 'brainerce_reset_token';
+const CSRF_HEADER = 'x-requested-with';
+const CSRF_VALUE = 'brainerce';
+/**
+ * BFF endpoint for password reset.
+ * Reads the reset token from the httpOnly cookie (set by /api/auth/reset-callback)
+ * and proxies the request to the backend. The token never touches client JS.
+ */
+export async function POST(request: NextRequest) {
+  // CSRF check
+  const csrfHeader = request.headers.get(CSRF_HEADER);
+  if (csrfHeader !== CSRF_VALUE) {
+    return NextResponse.json({ error: 'CSRF validation failed' }, { status: 403 });
+  }
+  // Read reset token from httpOnly cookie
+  const cookieStore = await cookies();
+  const resetTokenCookie = cookieStore.get(RESET_TOKEN_COOKIE);
+  if (!resetTokenCookie?.value) {
+    return NextResponse.json(
+      { error: 'No reset token found. Please request a new password reset link.' },
+      { status: 400 }
+    );
+  }
+  // Parse request body
+  const body = await request.json();
+  const { newPassword } = body;
+  if (!newPassword) {
+    return NextResponse.json({ error: 'New password is required' }, { status: 400 });
+  }
+  // Derive Origin from the incoming request so the backend's BrowserOriginGuard accepts it
+  const requestHeaders = await headers();
+  const host = requestHeaders.get('host') || 'localhost:3000';
+  const proto = requestHeaders.get('x-forwarded-proto') || 'http';
+  const origin = requestHeaders.get('origin') || `${proto}://${host}`;
+  // Proxy to backend
+  const backendUrl = `${BACKEND_URL}/api/vc/${CONNECTION_ID}/customers/reset-password`;
+  const backendResponse = await fetch(backendUrl, {
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/json',
+      Origin: origin,
+    },
+    body: JSON.stringify({
+      token: resetTokenCookie.value,
+      newPassword,
+    }),
+  });
+  const data = await backendResponse.json();
+  const response = NextResponse.json(data, {
+    status: backendResponse.status,
+  });
+  // Always clear the reset token cookie after use (success or failure)
+  response.cookies.delete(RESET_TOKEN_COOKIE);
+  return response;
+}

package/templates/nextjs/base/src/app/api/store/[...path]/route.ts CHANGED Viewed

@@ -1,198 +1,198 @@
-import { NextRequest, NextResponse } from 'next/server';
-import { cookies } from 'next/headers';
-const BACKEND_URL = (process.env.BRAINERCE_API_URL || 'https://api.brainerce.com').replace(
-  /\/$/,
-  ''
-);
-const TOKEN_COOKIE = 'brainerce_customer_token';
-const LOGGED_IN_COOKIE = 'brainerce_logged_in';
-const CSRF_HEADER = 'x-requested-with';
-const CSRF_VALUE = 'brainerce';
-const COOKIE_MAX_AGE = 7 * 24 * 60 * 60; // 7 days
-/** Auth endpoints whose responses contain tokens to intercept */
-const AUTH_ENDPOINTS = ['customers/login', 'customers/register', 'customers/verify-email'];
-function isAuthEndpoint(path: string): boolean {
-  return AUTH_ENDPOINTS.some((ep) => path.endsWith(ep));
-}
-function isSecure(): boolean {
-  return process.env.NODE_ENV === 'production';
-}
-function setAuthCookies(response: NextResponse, token: string): void {
-  response.cookies.set(TOKEN_COOKIE, token, {
-    httpOnly: true,
-    secure: isSecure(),
-    sameSite: 'lax',
-    path: '/',
-    maxAge: COOKIE_MAX_AGE,
-  });
-  response.cookies.set(LOGGED_IN_COOKIE, '1', {
-    httpOnly: false,
-    secure: isSecure(),
-    sameSite: 'lax',
-    path: '/',
-    maxAge: COOKIE_MAX_AGE,
-  });
-}
-function clearAuthCookies(response: NextResponse): void {
-  response.cookies.delete(TOKEN_COOKIE);
-  response.cookies.delete(LOGGED_IN_COOKIE);
-}
-async function proxyRequest(
-  request: NextRequest,
-  params: { path: string[] }
-): Promise<NextResponse> {
-  const method = request.method;
-  // CSRF protection for mutating requests
-  if (['POST', 'PUT', 'PATCH', 'DELETE'].includes(method)) {
-    const csrfHeader = request.headers.get(CSRF_HEADER);
-    if (csrfHeader !== CSRF_VALUE) {
-      return NextResponse.json({ error: 'CSRF validation failed' }, { status: 403 });
-    }
-  }
-  // Build backend URL from path segments
-  const pathSegments = params.path.join('/');
-  const backendUrl = new URL(`${BACKEND_URL}/${pathSegments}`);
-  // Forward query parameters
-  request.nextUrl.searchParams.forEach((value, key) => {
-    backendUrl.searchParams.set(key, value);
-  });
-  // Build headers for backend request
-  const headers: Record<string, string> = {
-    'Content-Type': 'application/json',
-  };
-  // Forward Origin/Referer so backend BrowserOriginGuard accepts proxied requests
-  // Always send Origin — same-origin GET requests may not include it, but the backend
-  // uses its presence to distinguish fetch() calls from direct browser navigation
-  const origin = request.headers.get('origin') || request.nextUrl.origin;
-  const referer = request.headers.get('referer');
-  headers['Origin'] = origin;
-  if (referer) headers['Referer'] = referer;
-  // Forward SDK version header if present
-  const sdkVersion = request.headers.get('x-sdk-version');
-  if (sdkVersion) {
-    headers['X-SDK-Version'] = sdkVersion;
-  }
-  // Add auth token from httpOnly cookie
-  const cookieStore = await cookies();
-  const tokenCookie = cookieStore.get(TOKEN_COOKIE);
-  if (tokenCookie?.value) {
-    headers['Authorization'] = `Bearer ${tokenCookie.value}`;
-  }
-  // Forward request body for non-GET requests
-  let body: string | undefined;
-  if (method !== 'GET' && method !== 'HEAD') {
-    try {
-      body = await request.text();
-    } catch {
-      // No body
-    }
-  }
-  // Proxy the request to backend
-  let backendResponse: Response;
-  try {
-    backendResponse = await fetch(backendUrl.toString(), {
-      method,
-      headers,
-      body,
-    });
-  } catch (error) {
-    return NextResponse.json({ error: 'Backend service unavailable' }, { status: 502 });
-  }
-  // Read response body
-  const responseText = await backendResponse.text();
-  // For auth endpoints: intercept token, set cookie, strip token from response
-  if (backendResponse.ok && method === 'POST' && isAuthEndpoint(pathSegments)) {
-    try {
-      const data = JSON.parse(responseText);
-      if (data.token) {
-        const token = data.token;
-        // Strip token from client response
-        const { token: _stripped, ...safeData } = data;
-        const response = NextResponse.json(safeData, {
-          status: backendResponse.status,
-        });
-        setAuthCookies(response, token);
-        return response;
-      }
-    } catch {
-      // Not JSON or no token field — pass through
-    }
-  }
-  // Handle 401 responses: clear auth cookies
-  if (backendResponse.status === 401 && tokenCookie?.value) {
-    const response = new NextResponse(responseText, {
-      status: backendResponse.status,
-      headers: {
-        'Content-Type': backendResponse.headers.get('Content-Type') || 'application/json',
-      },
-    });
-    clearAuthCookies(response);
-    return response;
-  }
-  // Pass through response as-is
-  return new NextResponse(responseText, {
-    status: backendResponse.status,
-    headers: {
-      'Content-Type': backendResponse.headers.get('Content-Type') || 'application/json',
-    },
-  });
-}
-export async function GET(
-  request: NextRequest,
-  { params }: { params: Promise<{ path: string[] }> }
-) {
-  return proxyRequest(request, await params);
-}
-export async function POST(
-  request: NextRequest,
-  { params }: { params: Promise<{ path: string[] }> }
-) {
-  return proxyRequest(request, await params);
-}
-export async function PUT(
-  request: NextRequest,
-  { params }: { params: Promise<{ path: string[] }> }
-) {
-  return proxyRequest(request, await params);
-}
-export async function PATCH(
-  request: NextRequest,
-  { params }: { params: Promise<{ path: string[] }> }
-) {
-  return proxyRequest(request, await params);
-}
-export async function DELETE(
-  request: NextRequest,
-  { params }: { params: Promise<{ path: string[] }> }
-) {
-  return proxyRequest(request, await params);
-}
+import { NextRequest, NextResponse } from 'next/server';
+import { cookies } from 'next/headers';
+const BACKEND_URL = (process.env.BRAINERCE_API_URL || 'https://api.brainerce.com').replace(
+  /\/$/,
+  ''
+);
+const TOKEN_COOKIE = 'brainerce_customer_token';
+const LOGGED_IN_COOKIE = 'brainerce_logged_in';
+const CSRF_HEADER = 'x-requested-with';
+const CSRF_VALUE = 'brainerce';
+const COOKIE_MAX_AGE = 7 * 24 * 60 * 60; // 7 days
+/** Auth endpoints whose responses contain tokens to intercept */
+const AUTH_ENDPOINTS = ['customers/login', 'customers/register', 'customers/verify-email'];
+function isAuthEndpoint(path: string): boolean {
+  return AUTH_ENDPOINTS.some((ep) => path.endsWith(ep));
+}
+function isSecure(): boolean {
+  return process.env.NODE_ENV === 'production';
+}
+function setAuthCookies(response: NextResponse, token: string): void {
+  response.cookies.set(TOKEN_COOKIE, token, {
+    httpOnly: true,
+    secure: isSecure(),
+    sameSite: 'lax',
+    path: '/',
+    maxAge: COOKIE_MAX_AGE,
+  });
+  response.cookies.set(LOGGED_IN_COOKIE, '1', {
+    httpOnly: false,
+    secure: isSecure(),
+    sameSite: 'lax',
+    path: '/',
+    maxAge: COOKIE_MAX_AGE,
+  });
+}
+function clearAuthCookies(response: NextResponse): void {
+  response.cookies.delete(TOKEN_COOKIE);
+  response.cookies.delete(LOGGED_IN_COOKIE);
+}
+async function proxyRequest(
+  request: NextRequest,
+  params: { path: string[] }
+): Promise<NextResponse> {
+  const method = request.method;
+  // CSRF protection for mutating requests
+  if (['POST', 'PUT', 'PATCH', 'DELETE'].includes(method)) {
+    const csrfHeader = request.headers.get(CSRF_HEADER);
+    if (csrfHeader !== CSRF_VALUE) {
+      return NextResponse.json({ error: 'CSRF validation failed' }, { status: 403 });
+    }
+  }
+  // Build backend URL from path segments
+  const pathSegments = params.path.join('/');
+  const backendUrl = new URL(`${BACKEND_URL}/${pathSegments}`);
+  // Forward query parameters
+  request.nextUrl.searchParams.forEach((value, key) => {
+    backendUrl.searchParams.set(key, value);
+  });
+  // Build headers for backend request
+  const headers: Record<string, string> = {
+    'Content-Type': 'application/json',
+  };
+  // Forward Origin/Referer so backend BrowserOriginGuard accepts proxied requests
+  // Always send Origin — same-origin GET requests may not include it, but the backend
+  // uses its presence to distinguish fetch() calls from direct browser navigation
+  const origin = request.headers.get('origin') || request.nextUrl.origin;
+  const referer = request.headers.get('referer');
+  headers['Origin'] = origin;
+  if (referer) headers['Referer'] = referer;
+  // Forward SDK version header if present
+  const sdkVersion = request.headers.get('x-sdk-version');
+  if (sdkVersion) {
+    headers['X-SDK-Version'] = sdkVersion;
+  }
+  // Add auth token from httpOnly cookie
+  const cookieStore = await cookies();
+  const tokenCookie = cookieStore.get(TOKEN_COOKIE);
+  if (tokenCookie?.value) {
+    headers['Authorization'] = `Bearer ${tokenCookie.value}`;
+  }
+  // Forward request body for non-GET requests
+  let body: string | undefined;
+  if (method !== 'GET' && method !== 'HEAD') {
+    try {
+      body = await request.text();
+    } catch {
+      // No body
+    }
+  }
+  // Proxy the request to backend
+  let backendResponse: Response;
+  try {
+    backendResponse = await fetch(backendUrl.toString(), {
+      method,
+      headers,
+      body,
+    });
+  } catch (error) {
+    return NextResponse.json({ error: 'Backend service unavailable' }, { status: 502 });
+  }
+  // Read response body
+  const responseText = await backendResponse.text();
+  // For auth endpoints: intercept token, set cookie, strip token from response
+  if (backendResponse.ok && method === 'POST' && isAuthEndpoint(pathSegments)) {
+    try {
+      const data = JSON.parse(responseText);
+      if (data.token) {
+        const token = data.token;
+        // Strip token from client response
+        const { token: _stripped, ...safeData } = data;
+        const response = NextResponse.json(safeData, {
+          status: backendResponse.status,
+        });
+        setAuthCookies(response, token);
+        return response;
+      }
+    } catch {
+      // Not JSON or no token field — pass through
+    }
+  }
+  // Handle 401 responses: clear auth cookies
+  if (backendResponse.status === 401 && tokenCookie?.value) {
+    const response = new NextResponse(responseText, {
+      status: backendResponse.status,
+      headers: {
+        'Content-Type': backendResponse.headers.get('Content-Type') || 'application/json',
+      },
+    });
+    clearAuthCookies(response);
+    return response;
+  }
+  // Pass through response as-is
+  return new NextResponse(responseText, {
+    status: backendResponse.status,
+    headers: {
+      'Content-Type': backendResponse.headers.get('Content-Type') || 'application/json',
+    },
+  });
+}
+export async function GET(
+  request: NextRequest,
+  { params }: { params: Promise<{ path: string[] }> }
+) {
+  return proxyRequest(request, await params);
+}
+export async function POST(
+  request: NextRequest,
+  { params }: { params: Promise<{ path: string[] }> }
+) {
+  return proxyRequest(request, await params);
+}
+export async function PUT(
+  request: NextRequest,
+  { params }: { params: Promise<{ path: string[] }> }
+) {
+  return proxyRequest(request, await params);
+}
+export async function PATCH(
+  request: NextRequest,
+  { params }: { params: Promise<{ path: string[] }> }
+) {
+  return proxyRequest(request, await params);
+}
+export async function DELETE(
+  request: NextRequest,
+  { params }: { params: Promise<{ path: string[] }> }
+) {
+  return proxyRequest(request, await params);
+}