create-brainerce-store 1.28.20 → 1.29.0

package/templates/nextjs/base/src/components/products/customization-fields.tsx

@@ -0,0 +1,478 @@
+'use client';
+
+import { useState } from 'react';
+import type { ProductCustomizationField } from 'brainerce';
+import { useTranslations } from '@/lib/translations';
+import { cn } from '@/lib/utils';
+import { LoadingSpinner } from '@/components/shared/loading-spinner';
+
+export type CustomizationValues = Record<string, unknown>;
+
+interface CustomizationFieldsProps {
+  fields: ProductCustomizationField[];
+  values: CustomizationValues;
+  onChange: (values: CustomizationValues) => void;
+  errors?: Record<string, string>;
+}
+
+export function CustomizationFields({
+  fields,
+  values,
+  onChange,
+  errors = {},
+}: CustomizationFieldsProps) {
+  const t = useTranslations('customization');
+
+  if (fields.length === 0) return null;
+
+  const sorted = [...fields].sort((a, b) => a.position - b.position);
+
+  const setValue = (key: string, value: unknown) => {
+    onChange({ ...values, [key]: value });
+  };
+
+  return (
+    <div className="border-border space-y-4 border-t pt-4">
+      <h2 className="text-foreground text-lg font-semibold">{t('title')}</h2>
+      <div className="space-y-4">
+        {sorted.map((field) => (
+          <CustomizationFieldRow
+            key={field.definitionId}
+            field={field}
+            value={values[field.key]}
+            error={errors[field.key]}
+            onChange={(v) => setValue(field.key, v)}
+          />
+        ))}
+      </div>
+    </div>
+  );
+}
+
+interface RowProps {
+  field: ProductCustomizationField;
+  value: unknown;
+  error?: string;
+  onChange: (value: unknown) => void;
+}
+
+function CustomizationFieldRow({ field, value, error, onChange }: RowProps) {
+  const t = useTranslations('customization');
+  const labelText = (
+    <span className="text-foreground mb-1.5 block text-sm font-medium">
+      {field.name}
+      {field.required && <span className="text-destructive ms-1">*</span>}
+    </span>
+  );
+
+  const help = field.description ? (
+    <p className="text-muted-foreground mt-1 text-xs">{field.description}</p>
+  ) : null;
+
+  const errorHint = error ? <p className="text-destructive mt-1 text-xs">{error}</p> : null;
+
+  const inputBase =
+    'border-border bg-background focus:border-primary w-full rounded border px-3 py-2 text-sm outline-none focus:ring-1';
+
+  switch (field.type) {
+    case 'TEXTAREA':
+      return (
+        <div>
+          {labelText}
+          <textarea
+            value={typeof value === 'string' ? value : ''}
+            onChange={(e) => onChange(e.target.value)}
+            minLength={field.minLength ?? undefined}
+            maxLength={field.maxLength ?? undefined}
+            required={field.required}
+            rows={3}
+            className={cn(inputBase, 'resize-y')}
+          />
+          {help}
+          {errorHint}
+        </div>
+      );
+
+    case 'NUMBER':
+      return (
+        <div>
+          {labelText}
+          <input
+            type="number"
+            value={typeof value === 'number' ? value : ''}
+            onChange={(e) => onChange(e.target.value === '' ? undefined : Number(e.target.value))}
+            min={field.minValue ?? undefined}
+            max={field.maxValue ?? undefined}
+            required={field.required}
+            className={inputBase}
+          />
+          {help}
+          {errorHint}
+        </div>
+      );
+
+    case 'BOOLEAN':
+      return (
+        <div>
+          <label className="inline-flex items-center gap-2">
+            <input
+              type="checkbox"
+              checked={value === true}
+              onChange={(e) => onChange(e.target.checked)}
+              className="h-4 w-4"
+            />
+            <span className="text-foreground text-sm font-medium">
+              {field.name}
+              {field.required && <span className="text-destructive ms-1">*</span>}
+            </span>
+          </label>
+          {help}
+          {errorHint}
+        </div>
+      );
+
+    case 'DATE':
+      return (
+        <div>
+          {labelText}
+          <input
+            type="date"
+            value={typeof value === 'string' ? value : ''}
+            onChange={(e) => onChange(e.target.value)}
+            required={field.required}
+            className={inputBase}
+          />
+          {help}
+          {errorHint}
+        </div>
+      );
+
+    case 'DATETIME':
+      return (
+        <div>
+          {labelText}
+          <input
+            type="datetime-local"
+            value={typeof value === 'string' ? value : ''}
+            onChange={(e) => onChange(e.target.value)}
+            required={field.required}
+            className={inputBase}
+          />
+          {help}
+          {errorHint}
+        </div>
+      );
+
+    case 'COLOR':
+      return (
+        <div>
+          {labelText}
+          <input
+            type="color"
+            value={typeof value === 'string' && value ? value : '#000000'}
+            onChange={(e) => onChange(e.target.value)}
+            required={field.required}
+            className="border-border h-10 w-20 rounded border p-1"
+          />
+          {help}
+          {errorHint}
+        </div>
+      );
+
+    case 'SELECT': {
+      const options = field.enumValues ?? [];
+      return (
+        <div>
+          {labelText}
+          <select
+            value={typeof value === 'string' ? value : ''}
+            onChange={(e) => onChange(e.target.value || undefined)}
+            required={field.required}
+            className={inputBase}
+          >
+            <option value="">{t('selectPlaceholder')}</option>
+            {options.map((opt) => (
+              <option key={opt} value={opt}>
+                {opt}
+              </option>
+            ))}
+          </select>
+          {help}
+          {errorHint}
+        </div>
+      );
+    }
+
+    case 'MULTI_SELECT': {
+      const options = field.enumValues ?? [];
+      const current = Array.isArray(value) ? (value as string[]) : [];
+      const toggle = (opt: string) => {
+        onChange(current.includes(opt) ? current.filter((v) => v !== opt) : [...current, opt]);
+      };
+      return (
+        <div>
+          {labelText}
+          <div className="space-y-1.5">
+            {options.map((opt) => (
+              <label key={opt} className="me-4 inline-flex items-center gap-2">
+                <input
+                  type="checkbox"
+                  checked={current.includes(opt)}
+                  onChange={() => toggle(opt)}
+                  className="h-4 w-4"
+                />
+                <span className="text-foreground text-sm">{opt}</span>
+              </label>
+            ))}
+          </div>
+          {help}
+          {errorHint}
+        </div>
+      );
+    }
+
+    case 'IMAGE':
+      return (
+        <SingleImageField
+          field={field}
+          value={typeof value === 'string' ? value : undefined}
+          onChange={onChange}
+          labelText={labelText}
+          help={help}
+          errorHint={errorHint}
+        />
+      );
+
+    case 'GALLERY':
+      return (
+        <GalleryField
+          field={field}
+          value={Array.isArray(value) ? (value as string[]) : []}
+          onChange={onChange}
+          labelText={labelText}
+          help={help}
+          errorHint={errorHint}
+        />
+      );
+
+    case 'URL':
+      return (
+        <div>
+          {labelText}
+          <input
+            type="url"
+            value={typeof value === 'string' ? value : ''}
+            onChange={(e) => onChange(e.target.value)}
+            required={field.required}
+            className={inputBase}
+          />
+          {help}
+          {errorHint}
+        </div>
+      );
+
+    default:
+      return (
+        <div>
+          {labelText}
+          <input
+            type="text"
+            value={typeof value === 'string' ? value : ''}
+            onChange={(e) => onChange(e.target.value)}
+            minLength={field.minLength ?? undefined}
+            maxLength={field.maxLength ?? undefined}
+            required={field.required}
+            className={inputBase}
+          />
+          {help}
+          {errorHint}
+        </div>
+      );
+  }
+}
+
+interface FileFieldProps {
+  field: ProductCustomizationField;
+  labelText: React.ReactNode;
+  help: React.ReactNode;
+  errorHint: React.ReactNode;
+  onChange: (value: unknown) => void;
+}
+
+function SingleImageField({
+  field,
+  value,
+  onChange,
+  labelText,
+  help,
+  errorHint,
+}: FileFieldProps & { value?: string }) {
+  const t = useTranslations('customization');
+  const [uploading, setUploading] = useState(false);
+  const [uploadError, setUploadError] = useState<string | null>(null);
+
+  async function handleFile(file: File | null) {
+    if (!file) return;
+    setUploading(true);
+    setUploadError(null);
+    try {
+      const { getClient } = await import('@/lib/brainerce');
+      const client = getClient();
+      const result = await client.uploadCustomizationFile(file);
+      onChange(result.url);
+    } catch (err) {
+      console.error('Upload failed', err);
+      setUploadError(t('uploadFailed'));
+    } finally {
+      setUploading(false);
+    }
+  }
+
+  return (
+    <div>
+      {labelText}
+      <input
+        type="file"
+        accept="image/*"
+        onChange={(e) => handleFile(e.target.files?.[0] ?? null)}
+        disabled={uploading}
+        required={field.required && !value}
+        className="text-foreground text-sm"
+      />
+      {uploading && (
+        <p className="text-muted-foreground mt-2 inline-flex items-center gap-2 text-xs">
+          <LoadingSpinner size="sm" />
+          {t('uploading')}
+        </p>
+      )}
+      {value && !uploading && (
+        <div className="mt-2">
+          <img src={value} alt="" className="border-border h-20 w-20 rounded border object-cover" />
+        </div>
+      )}
+      {uploadError && <p className="text-destructive mt-1 text-xs">{uploadError}</p>}
+      {help}
+      {errorHint}
+    </div>
+  );
+}
+
+function GalleryField({
+  field,
+  value,
+  onChange,
+  labelText,
+  help,
+  errorHint,
+}: FileFieldProps & { value: string[] }) {
+  const t = useTranslations('customization');
+  const [uploading, setUploading] = useState(false);
+  const [uploadError, setUploadError] = useState<string | null>(null);
+
+  async function handleFiles(fileList: FileList | null) {
+    if (!fileList || fileList.length === 0) return;
+    setUploading(true);
+    setUploadError(null);
+    try {
+      const { getClient } = await import('@/lib/brainerce');
+      const client = getClient();
+      const newUrls: string[] = [];
+      for (const file of Array.from(fileList)) {
+        const result = await client.uploadCustomizationFile(file);
+        newUrls.push(result.url);
+      }
+      onChange([...value, ...newUrls]);
+    } catch (err) {
+      console.error('Upload failed', err);
+      setUploadError(t('uploadFailed'));
+    } finally {
+      setUploading(false);
+    }
+  }
+
+  function removeAt(idx: number) {
+    onChange(value.filter((_, i) => i !== idx));
+  }
+
+  return (
+    <div>
+      {labelText}
+      <input
+        type="file"
+        accept="image/*"
+        multiple
+        onChange={(e) => handleFiles(e.target.files)}
+        disabled={uploading}
+        className="text-foreground text-sm"
+      />
+      {uploading && (
+        <p className="text-muted-foreground mt-2 inline-flex items-center gap-2 text-xs">
+          <LoadingSpinner size="sm" />
+          {t('uploading')}
+        </p>
+      )}
+      {value.length > 0 && (
+        <div className="mt-2 flex flex-wrap gap-2">
+          {value.map((url, idx) => (
+            <div key={`${url}-${idx}`} className="relative">
+              <img
+                src={url}
+                alt=""
+                className="border-border h-16 w-16 rounded border object-cover"
+              />
+              <button
+                type="button"
+                onClick={() => removeAt(idx)}
+                aria-label={t('removeImage')}
+                className="bg-destructive text-destructive-foreground absolute -end-1.5 -top-1.5 flex h-5 w-5 items-center justify-center rounded-full text-xs"
+              >
+                ×
+              </button>
+            </div>
+          ))}
+        </div>
+      )}
+      {uploadError && <p className="text-destructive mt-1 text-xs">{uploadError}</p>}
+      {help}
+      {errorHint}
+    </div>
+  );
+}
+
+export function validateCustomization(
+  fields: ProductCustomizationField[],
+  values: CustomizationValues
+): Record<string, string> {
+  const errors: Record<string, string> = {};
+  for (const field of fields) {
+    const value = values[field.key];
+    const empty =
+      value === undefined ||
+      value === null ||
+      value === '' ||
+      (Array.isArray(value) && value.length === 0);
+
+    if (field.required && empty) {
+      errors[field.key] = 'required';
+      continue;
+    }
+    if (empty) continue;
+
+    if (field.type === 'SELECT') {
+      const allowed = field.enumValues ?? [];
+      if (typeof value !== 'string' || !allowed.includes(value)) {
+        errors[field.key] = 'invalidOption';
+      }
+    }
+    if (field.type === 'MULTI_SELECT') {
+      const allowed = field.enumValues ?? [];
+      if (
+        !Array.isArray(value) ||
+        !(value as unknown[]).every((v) => typeof v === 'string' && allowed.includes(v as string))
+      ) {
+        errors[field.key] = 'invalidOption';
+      }
+    }
+  }
+  return errors;
+}

package/templates/nextjs/base/src/lib/safe-redirect.ts

@@ -1,45 +1,60 @@
-const ALLOWED_PAYMENT_HOSTS: readonly string[] = [
-  'checkout.stripe.com',
-  'js.stripe.com',
-  'hooks.stripe.com',
-  'www.paypal.com',
-  'www.sandbox.paypal.com',
-  'secure.cardcom.solutions',
-  'meshulam.co.il',
-  'grow.link',
-  'grow.security',
-  'creditguard.co.il',
-];
-
-export function isAllowedPaymentUrl(url: string): boolean {
-  if (!url || typeof url !== 'string') return false;
-
-  let parsed: URL;
-  try {
-    parsed = new URL(url);
-  } catch {
-    return false;
-  }
-
-  if (parsed.protocol !== 'https:') return false;
-
-  const hostname = parsed.hostname.toLowerCase();
-  return ALLOWED_PAYMENT_HOSTS.some((host) => hostname === host || hostname.endsWith('.' + host));
-}
-
-export function safePaymentRedirect(url: string): void {
-  if (!isAllowedPaymentUrl(url)) {
-    throw new Error('Payment redirect URL is not in the allowlist');
-  }
-  if (typeof window !== 'undefined') {
-    window.location.href = url;
-  }
-}
-
-// CUID format used by Prisma for Checkout.id — c + 24 lowercase alphanumeric chars.
-// Allow a small range to tolerate cuid2 (slightly different length).
-const CHECKOUT_ID_RE = /^c[a-z0-9]{20,30}$/;
-
-export function isValidCheckoutId(id: unknown): id is string {
-  return typeof id === 'string' && CHECKOUT_ID_RE.test(id);
-}
+const ALLOWED_PAYMENT_HOSTS: readonly string[] = [
+  'checkout.stripe.com',
+  'js.stripe.com',
+  'hooks.stripe.com',
+  'www.paypal.com',
+  'www.sandbox.paypal.com',
+  'secure.cardcom.solutions',
+  'meshulam.co.il',
+  'grow.link',
+  'grow.security',
+  'creditguard.co.il',
+  // Brainerce-hosted payment embeds (cardcom-payments /embed/:lpCode etc.).
+  // These are platform-owned iframe shells that wrap provider-specific flows
+  // and relay postMessage events back to the storefront.
+  'brainerce.com',
+];
+
+export function isAllowedPaymentUrl(url: string): boolean {
+  if (!url || typeof url !== 'string') return false;
+
+  let parsed: URL;
+  try {
+    parsed = new URL(url);
+  } catch {
+    return false;
+  }
+
+  const hostname = parsed.hostname.toLowerCase();
+
+  // Dev-only: allow http://localhost|127.0.0.1 so the local storefront can
+  // iframe the local backend's embed proxy. Stripped in production builds.
+  if (
+    process.env.NODE_ENV !== 'production' &&
+    parsed.protocol === 'http:' &&
+    (hostname === 'localhost' || hostname === '127.0.0.1')
+  ) {
+    return true;
+  }
+
+  if (parsed.protocol !== 'https:') return false;
+
+  return ALLOWED_PAYMENT_HOSTS.some((host) => hostname === host || hostname.endsWith('.' + host));
+}
+
+export function safePaymentRedirect(url: string): void {
+  if (!isAllowedPaymentUrl(url)) {
+    throw new Error('Payment redirect URL is not in the allowlist');
+  }
+  if (typeof window !== 'undefined') {
+    window.location.href = url;
+  }
+}
+
+// CUID format used by Prisma for Checkout.id — c + 24 lowercase alphanumeric chars.
+// Allow a small range to tolerate cuid2 (slightly different length).
+const CHECKOUT_ID_RE = /^c[a-z0-9]{20,30}$/;
+
+export function isValidCheckoutId(id: unknown): id is string {
+  return typeof id === 'string' && CHECKOUT_ID_RE.test(id);
+}

package/templates/nextjs/base/src/middleware.ts.ejs

@@ -32,7 +32,7 @@ function buildCsp(nonce: string): string {
     "style-src 'self' 'unsafe-inline' https://cdn.meshulam.co.il",
     "img-src 'self' data: blob: https:",
     "font-src 'self' data:",
-    "frame-src 'self' https://meshulam.co.il https://*.meshulam.co.il https://grow.link https://*.grow.link https://grow.security https://*.grow.security https://creditguard.co.il https://*.creditguard.co.il https://js.stripe.com https://hooks.stripe.com https://pay.google.com https://secure.cardcom.solutions https://checkout.stripe.com https://www.paypal.com https://www.sandbox.paypal.com",
+    "frame-src 'self' https://meshulam.co.il https://*.meshulam.co.il https://grow.link https://*.grow.link https://grow.security https://*.grow.security https://creditguard.co.il https://*.creditguard.co.il https://js.stripe.com https://hooks.stripe.com https://pay.google.com https://secure.cardcom.solutions https://checkout.stripe.com https://www.paypal.com https://www.sandbox.paypal.com https://*.brainerce.com",
     "connect-src 'self' https://*.meshulam.co.il https://grow.link https://*.grow.link https://*.grow.security https://pay.google.com https://*.stripe.com https://*.creditguard.co.il",
     "worker-src 'self' blob:",
     // 'self' (not 'none') so iframe-based payment providers (e.g. Cardcom)
@@ -149,7 +149,7 @@ function buildCsp(nonce: string): string {
     "style-src 'self' 'unsafe-inline' https://cdn.meshulam.co.il",
     "img-src 'self' data: blob: https:",
     "font-src 'self' data:",
-    "frame-src 'self' https://meshulam.co.il https://*.meshulam.co.il https://grow.link https://*.grow.link https://grow.security https://*.grow.security https://creditguard.co.il https://*.creditguard.co.il https://js.stripe.com https://hooks.stripe.com https://pay.google.com https://secure.cardcom.solutions https://checkout.stripe.com https://www.paypal.com https://www.sandbox.paypal.com",
+    "frame-src 'self' https://meshulam.co.il https://*.meshulam.co.il https://grow.link https://*.grow.link https://grow.security https://*.grow.security https://creditguard.co.il https://*.creditguard.co.il https://js.stripe.com https://hooks.stripe.com https://pay.google.com https://secure.cardcom.solutions https://checkout.stripe.com https://www.paypal.com https://www.sandbox.paypal.com https://*.brainerce.com",
     "connect-src 'self' https://*.meshulam.co.il https://grow.link https://*.grow.link https://*.grow.security https://pay.google.com https://*.stripe.com https://*.creditguard.co.il",
     "worker-src 'self' blob:",
     // 'self' (not 'none') so iframe-based payment providers (e.g. Cardcom)

package/dist/index.d.ts

@@ -1 +0,0 @@
-#!/usr/bin/env node