create-brainerce-store 1.28.13 → 1.28.17

package/templates/nextjs/base/src/components/seo/product-json-ld.tsx

@@ -1,88 +1,88 @@
-import type { Product } from 'brainerce';
-import { getProductPriceInfo } from 'brainerce';
-import { getNonce } from '@/lib/nonce';
-
-interface ProductJsonLdProps {
-  product: Product;
-  url: string;
-  currency?: string;
-}
-
-export async function ProductJsonLd({ product, url, currency = 'USD' }: ProductJsonLdProps) {
-  const nonce = await getNonce();
-  const priceInfo = getProductPriceInfo(product);
-  const imageUrl = product.images?.[0]?.url;
-  const baseUrl = process.env.NEXT_PUBLIC_SITE_URL || '';
-
-  const productJsonLd = {
-    '@context': 'https://schema.org',
-    '@type': 'Product',
-    name: product.name,
-    description: product.description || product.name,
-    image: imageUrl,
-    url,
-    sku: product.sku || product.id,
-    offers: {
-      '@type': 'Offer',
-      price: priceInfo.price,
-      priceCurrency: currency,
-      availability:
-        product.inventory?.canPurchase !== false
-          ? 'https://schema.org/InStock'
-          : 'https://schema.org/OutOfStock',
-      url,
-    },
-  };
-
-  const breadcrumbJsonLd = {
-    '@context': 'https://schema.org',
-    '@type': 'BreadcrumbList',
-    itemListElement: [
-      {
-        '@type': 'ListItem',
-        position: 1,
-        name: 'Home',
-        item: baseUrl || '/',
-      },
-      {
-        '@type': 'ListItem',
-        position: 2,
-        name: 'Products',
-        item: `${baseUrl}/products`,
-      },
-      {
-        '@type': 'ListItem',
-        position: 3,
-        name: product.name,
-        item: url,
-      },
-    ],
-  };
-
-  return (
-    <>
-      <script
-        type="application/ld+json"
-        nonce={nonce}
-        suppressHydrationWarning
-        dangerouslySetInnerHTML={{ __html: serializeJsonLd(productJsonLd) }}
-      />
-      <script
-        type="application/ld+json"
-        nonce={nonce}
-        suppressHydrationWarning
-        dangerouslySetInnerHTML={{ __html: serializeJsonLd(breadcrumbJsonLd) }}
-      />
-    </>
-  );
-}
-
-// Serialize a JSON-LD object for embedding in a <script> tag. Escapes
-// `<`, `>`, and `&` to \uXXXX so seller-controlled product fields cannot
-// break out of the script element with `</script>` or inject HTML.
-function serializeJsonLd(value: unknown): string {
-  return JSON.stringify(value)
-    .replace(/</g, '\\u003c')
-    .replace(/>/g, '\\u003e')
-    .replace(/&/g, '\\u0026');
-}
+import type { Product } from 'brainerce';
+import { getProductPriceInfo } from 'brainerce';
+import { getNonce } from '@/lib/nonce';
+
+interface ProductJsonLdProps {
+  product: Product;
+  url: string;
+  currency?: string;
+}
+
+export async function ProductJsonLd({ product, url, currency = 'USD' }: ProductJsonLdProps) {
+  const nonce = await getNonce();
+  const priceInfo = getProductPriceInfo(product);
+  const imageUrl = product.images?.[0]?.url;
+  const baseUrl = process.env.NEXT_PUBLIC_SITE_URL || '';
+
+  const productJsonLd = {
+    '@context': 'https://schema.org',
+    '@type': 'Product',
+    name: product.name,
+    description: product.description || product.name,
+    image: imageUrl,
+    url,
+    sku: product.sku || product.id,
+    offers: {
+      '@type': 'Offer',
+      price: priceInfo.price,
+      priceCurrency: currency,
+      availability:
+        product.inventory?.canPurchase !== false
+          ? 'https://schema.org/InStock'
+          : 'https://schema.org/OutOfStock',
+      url,
+    },
+  };
+
+  const breadcrumbJsonLd = {
+    '@context': 'https://schema.org',
+    '@type': 'BreadcrumbList',
+    itemListElement: [
+      {
+        '@type': 'ListItem',
+        position: 1,
+        name: 'Home',
+        item: baseUrl || '/',
+      },
+      {
+        '@type': 'ListItem',
+        position: 2,
+        name: 'Products',
+        item: `${baseUrl}/products`,
+      },
+      {
+        '@type': 'ListItem',
+        position: 3,
+        name: product.name,
+        item: url,
+      },
+    ],
+  };
+
+  return (
+    <>
+      <script
+        type="application/ld+json"
+        nonce={nonce}
+        suppressHydrationWarning
+        dangerouslySetInnerHTML={{ __html: serializeJsonLd(productJsonLd) }}
+      />
+      <script
+        type="application/ld+json"
+        nonce={nonce}
+        suppressHydrationWarning
+        dangerouslySetInnerHTML={{ __html: serializeJsonLd(breadcrumbJsonLd) }}
+      />
+    </>
+  );
+}
+
+// Serialize a JSON-LD object for embedding in a <script> tag. Escapes
+// `<`, `>`, and `&` to \uXXXX so seller-controlled product fields cannot
+// break out of the script element with `</script>` or inject HTML.
+function serializeJsonLd(value: unknown): string {
+  return JSON.stringify(value)
+    .replace(/</g, '\\u003c')
+    .replace(/>/g, '\\u003e')
+    .replace(/&/g, '\\u0026');
+}

package/templates/nextjs/base/src/lib/brainerce.ts.ejs

@@ -49,11 +49,15 @@ export function initClient(): BrainerceClient {
 
 // Server-side client — calls backend directly (no proxy needed for public data)
 // Used by Server Components for SSR data fetching (generateMetadata, page rendering)
-export function getServerClient(): BrainerceClient {
+export function getServerClient(locale?: string): BrainerceClient {
   const apiUrl = process.env.BRAINERCE_API_URL || 'https://api.brainerce.com';
-  return new BrainerceClient({
+  const client = new BrainerceClient({
     connectionId: CONNECTION_ID,
     baseUrl: apiUrl,
     origin: process.env.NEXT_PUBLIC_SITE_URL || 'http://localhost:3000',
   });
+  if (locale) {
+    client.setLocale(locale);
+  }
+  return client;
 }

package/templates/nextjs/base/src/lib/csrf.ts

@@ -1,11 +1,11 @@
-import { NextRequest, NextResponse } from 'next/server';
-
-export const CSRF_HEADER = 'x-requested-with';
-export const CSRF_VALUE = 'brainerce';
-
-export function checkCsrf(request: NextRequest): NextResponse | null {
-  if (request.headers.get(CSRF_HEADER) !== CSRF_VALUE) {
-    return NextResponse.json({ error: 'CSRF validation failed' }, { status: 403 });
-  }
-  return null;
-}
+import { NextRequest, NextResponse } from 'next/server';
+
+export const CSRF_HEADER = 'x-requested-with';
+export const CSRF_VALUE = 'brainerce';
+
+export function checkCsrf(request: NextRequest): NextResponse | null {
+  if (request.headers.get(CSRF_HEADER) !== CSRF_VALUE) {
+    return NextResponse.json({ error: 'CSRF validation failed' }, { status: 403 });
+  }
+  return null;
+}

package/templates/nextjs/base/src/lib/nonce.ts

@@ -1,10 +1,10 @@
-import { headers } from 'next/headers';
-
-/**
- * Reads the per-request CSP nonce set by middleware.
- * Use this in server components that render inline `<script>` tags so
- * they comply with the strict CSP (no `unsafe-inline`).
- */
-export async function getNonce(): Promise<string | undefined> {
-  return (await headers()).get('x-nonce') ?? undefined;
-}
+import { headers } from 'next/headers';
+
+/**
+ * Reads the per-request CSP nonce set by middleware.
+ * Use this in server components that render inline `<script>` tags so
+ * they comply with the strict CSP (no `unsafe-inline`).
+ */
+export async function getNonce(): Promise<string | undefined> {
+  return (await headers()).get('x-nonce') ?? undefined;
+}

package/templates/nextjs/base/src/lib/safe-redirect.ts

@@ -1,45 +1,45 @@
-const ALLOWED_PAYMENT_HOSTS: readonly string[] = [
-  'checkout.stripe.com',
-  'js.stripe.com',
-  'hooks.stripe.com',
-  'www.paypal.com',
-  'www.sandbox.paypal.com',
-  'secure.cardcom.solutions',
-  'meshulam.co.il',
-  'grow.link',
-  'grow.security',
-  'creditguard.co.il',
-];
-
-export function isAllowedPaymentUrl(url: string): boolean {
-  if (!url || typeof url !== 'string') return false;
-
-  let parsed: URL;
-  try {
-    parsed = new URL(url);
-  } catch {
-    return false;
-  }
-
-  if (parsed.protocol !== 'https:') return false;
-
-  const hostname = parsed.hostname.toLowerCase();
-  return ALLOWED_PAYMENT_HOSTS.some((host) => hostname === host || hostname.endsWith('.' + host));
-}
-
-export function safePaymentRedirect(url: string): void {
-  if (!isAllowedPaymentUrl(url)) {
-    throw new Error('Payment redirect URL is not in the allowlist');
-  }
-  if (typeof window !== 'undefined') {
-    window.location.href = url;
-  }
-}
-
-// CUID format used by Prisma for Checkout.id — c + 24 lowercase alphanumeric chars.
-// Allow a small range to tolerate cuid2 (slightly different length).
-const CHECKOUT_ID_RE = /^c[a-z0-9]{20,30}$/;
-
-export function isValidCheckoutId(id: unknown): id is string {
-  return typeof id === 'string' && CHECKOUT_ID_RE.test(id);
-}
+const ALLOWED_PAYMENT_HOSTS: readonly string[] = [
+  'checkout.stripe.com',
+  'js.stripe.com',
+  'hooks.stripe.com',
+  'www.paypal.com',
+  'www.sandbox.paypal.com',
+  'secure.cardcom.solutions',
+  'meshulam.co.il',
+  'grow.link',
+  'grow.security',
+  'creditguard.co.il',
+];
+
+export function isAllowedPaymentUrl(url: string): boolean {
+  if (!url || typeof url !== 'string') return false;
+
+  let parsed: URL;
+  try {
+    parsed = new URL(url);
+  } catch {
+    return false;
+  }
+
+  if (parsed.protocol !== 'https:') return false;
+
+  const hostname = parsed.hostname.toLowerCase();
+  return ALLOWED_PAYMENT_HOSTS.some((host) => hostname === host || hostname.endsWith('.' + host));
+}
+
+export function safePaymentRedirect(url: string): void {
+  if (!isAllowedPaymentUrl(url)) {
+    throw new Error('Payment redirect URL is not in the allowlist');
+  }
+  if (typeof window !== 'undefined') {
+    window.location.href = url;
+  }
+}
+
+// CUID format used by Prisma for Checkout.id — c + 24 lowercase alphanumeric chars.
+// Allow a small range to tolerate cuid2 (slightly different length).
+const CHECKOUT_ID_RE = /^c[a-z0-9]{20,30}$/;
+
+export function isValidCheckoutId(id: unknown): id is string {
+  return typeof id === 'string' && CHECKOUT_ID_RE.test(id);
+}

package/templates/nextjs/base/src/lib/sanitize-html.ts

@@ -1,93 +1,93 @@
-import DOMPurify from 'isomorphic-dompurify';
-
-const TRUSTED_IFRAME_PREFIXES = [
-  'https://www.youtube.com/embed/',
-  'https://www.youtube-nocookie.com/embed/',
-  'https://player.vimeo.com/video/',
-];
-
-let hooksRegistered = false;
-
-function registerHooksOnce() {
-  if (hooksRegistered) return;
-  hooksRegistered = true;
-
-  DOMPurify.addHook('uponSanitizeElement', (node, data) => {
-    if (data.tagName !== 'iframe') return;
-    const el = node as Element;
-    const src = el.getAttribute('src') || '';
-    const isTrusted = TRUSTED_IFRAME_PREFIXES.some((prefix) => src.startsWith(prefix));
-    if (!isTrusted) {
-      el.parentNode?.removeChild(el);
-    }
-  });
-
-  DOMPurify.addHook('afterSanitizeAttributes', (node) => {
-    if (!('tagName' in node)) return;
-    const el = node as Element;
-    if (el.tagName === 'A' && el.getAttribute('target') === '_blank') {
-      el.setAttribute('rel', 'noopener noreferrer nofollow');
-    }
-  });
-}
-
-export function sanitizeProductHtml(html: string): string {
-  if (!html) return '';
-  registerHooksOnce();
-
-  return DOMPurify.sanitize(html, {
-    ALLOWED_TAGS: [
-      'p',
-      'br',
-      'strong',
-      'b',
-      'em',
-      'i',
-      'u',
-      's',
-      'strike',
-      'h1',
-      'h2',
-      'h3',
-      'h4',
-      'h5',
-      'h6',
-      'ul',
-      'ol',
-      'li',
-      'a',
-      'blockquote',
-      'code',
-      'pre',
-      'div',
-      'span',
-      'img',
-      'table',
-      'thead',
-      'tbody',
-      'tr',
-      'th',
-      'td',
-      'colgroup',
-      'col',
-      'iframe',
-    ],
-    ALLOWED_ATTR: [
-      'href',
-      'target',
-      'rel',
-      'class',
-      'src',
-      'alt',
-      'width',
-      'height',
-      'colspan',
-      'rowspan',
-      'allow',
-      'allowfullscreen',
-      'frameborder',
-      'loading',
-    ],
-    ALLOW_DATA_ATTR: false,
-  });
-}
+import DOMPurify from 'isomorphic-dompurify';
+
+const TRUSTED_IFRAME_PREFIXES = [
+  'https://www.youtube.com/embed/',
+  'https://www.youtube-nocookie.com/embed/',
+  'https://player.vimeo.com/video/',
+];
+
+let hooksRegistered = false;
+
+function registerHooksOnce() {
+  if (hooksRegistered) return;
+  hooksRegistered = true;
+
+  DOMPurify.addHook('uponSanitizeElement', (node, data) => {
+    if (data.tagName !== 'iframe') return;
+    const el = node as Element;
+    const src = el.getAttribute('src') || '';
+    const isTrusted = TRUSTED_IFRAME_PREFIXES.some((prefix) => src.startsWith(prefix));
+    if (!isTrusted) {
+      el.parentNode?.removeChild(el);
+    }
+  });
+
+  DOMPurify.addHook('afterSanitizeAttributes', (node) => {
+    if (!('tagName' in node)) return;
+    const el = node as Element;
+    if (el.tagName === 'A' && el.getAttribute('target') === '_blank') {
+      el.setAttribute('rel', 'noopener noreferrer nofollow');
+    }
+  });
+}
+
+export function sanitizeProductHtml(html: string): string {
+  if (!html) return '';
+  registerHooksOnce();
+
+  return DOMPurify.sanitize(html, {
+    ALLOWED_TAGS: [
+      'p',
+      'br',
+      'strong',
+      'b',
+      'em',
+      'i',
+      'u',
+      's',
+      'strike',
+      'h1',
+      'h2',
+      'h3',
+      'h4',
+      'h5',
+      'h6',
+      'ul',
+      'ol',
+      'li',
+      'a',
+      'blockquote',
+      'code',
+      'pre',
+      'div',
+      'span',
+      'img',
+      'table',
+      'thead',
+      'tbody',
+      'tr',
+      'th',
+      'td',
+      'colgroup',
+      'col',
+      'iframe',
+    ],
+    ALLOWED_ATTR: [
+      'href',
+      'target',
+      'rel',
+      'class',
+      'src',
+      'alt',
+      'width',
+      'height',
+      'colspan',
+      'rowspan',
+      'allow',
+      'allowfullscreen',
+      'frameborder',
+      'loading',
+    ],
+    ALLOW_DATA_ATTR: false,
+  });
+}

package/templates/nextjs/base/src/lib/validation.ts

@@ -1,37 +1,37 @@
-const EMAIL_REGEX =
-  /^[a-zA-Z0-9.!#$%&'*+/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)+$/;
-
-export function isValidEmail(email: string): boolean {
-  if (!email || typeof email !== 'string') return false;
-  if (email.length > 254) return false;
-  return EMAIL_REGEX.test(email);
-}
-
-export type PasswordErrorCode =
-  | 'passwordRequired'
-  | 'passwordTooShort'
-  | 'passwordNoUppercase'
-  | 'passwordNoNumber'
-  | 'passwordNoSymbol';
-
-export function getPasswordError(password: string): PasswordErrorCode | null {
-  if (!password || typeof password !== 'string') return 'passwordRequired';
-  if (password.length < 8) return 'passwordTooShort';
-  if (!/[A-Z]/.test(password)) return 'passwordNoUppercase';
-  if (!/[0-9]/.test(password)) return 'passwordNoNumber';
-  if (!/[^A-Za-z0-9]/.test(password)) return 'passwordNoSymbol';
-  return null;
-}
-
-const PASSWORD_ERROR_MESSAGES: Record<PasswordErrorCode, string> = {
-  passwordRequired: 'Password is required',
-  passwordTooShort: 'Password must be at least 8 characters',
-  passwordNoUppercase: 'Password must contain at least one uppercase letter',
-  passwordNoNumber: 'Password must contain at least one number',
-  passwordNoSymbol: 'Password must contain at least one special character',
-};
-
-export function validatePassword(password: string): string | null {
-  const code = getPasswordError(password);
-  return code ? PASSWORD_ERROR_MESSAGES[code] : null;
-}
+const EMAIL_REGEX =
+  /^[a-zA-Z0-9.!#$%&'*+/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)+$/;
+
+export function isValidEmail(email: string): boolean {
+  if (!email || typeof email !== 'string') return false;
+  if (email.length > 254) return false;
+  return EMAIL_REGEX.test(email);
+}
+
+export type PasswordErrorCode =
+  | 'passwordRequired'
+  | 'passwordTooShort'
+  | 'passwordNoUppercase'
+  | 'passwordNoNumber'
+  | 'passwordNoSymbol';
+
+export function getPasswordError(password: string): PasswordErrorCode | null {
+  if (!password || typeof password !== 'string') return 'passwordRequired';
+  if (password.length < 8) return 'passwordTooShort';
+  if (!/[A-Z]/.test(password)) return 'passwordNoUppercase';
+  if (!/[0-9]/.test(password)) return 'passwordNoNumber';
+  if (!/[^A-Za-z0-9]/.test(password)) return 'passwordNoSymbol';
+  return null;
+}
+
+const PASSWORD_ERROR_MESSAGES: Record<PasswordErrorCode, string> = {
+  passwordRequired: 'Password is required',
+  passwordTooShort: 'Password must be at least 8 characters',
+  passwordNoUppercase: 'Password must contain at least one uppercase letter',
+  passwordNoNumber: 'Password must contain at least one number',
+  passwordNoSymbol: 'Password must contain at least one special character',
+};
+
+export function validatePassword(password: string): string | null {
+  const code = getPasswordError(password);
+  return code ? PASSWORD_ERROR_MESSAGES[code] : null;
+}