Skip to content
This repository was archived by the owner on May 28, 2023. It is now read-only.

Commit 2b0a1ca

Browse files
author
Tomasz Kostuch
authored
Merge pull request #492 from DivanteLtd/release/v1.12.2
Release/v1.12.2
2 parents 7c2cf9b + bbbd3f2 commit 2b0a1ca

File tree

17 files changed

+308
-302
lines changed

17 files changed

+308
-302
lines changed

CHANGELOG.md

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,19 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
55
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
66

77

8+
## [1.12.2] - 2020.07.20
9+
10+
### Added
11+
12+
- Added validation for user profile update. - @gibkigonzo (#488)
13+
- add `getToken` to handle getting token from header - @gibkigonzo (#488)
14+
- Allow filter elasticsearch request for security reasons - @seSze (#476)
15+
16+
### Fixed
17+
18+
- Fix default value for `maxAgeForResponse` - @lauraseidler (#485)
19+
- Adds `vsf-utlilities`. Use productEquals to compare products in o2m - @gibkigonzo (#477)
20+
821
## [1.12.1] - 2020.06.22
922

1023
### Added

config/default.json

Lines changed: 14 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,9 @@
1212
"invalidateCacheForwardUrl": "http://localhost:3000/invalidate?key=aeSu7aip&tag=",
1313
"showErrorStack": false
1414
},
15+
"users": {
16+
"tokenInHeader": false
17+
},
1518
"orders": {
1619
"useServerQueue": false
1720
},
@@ -40,6 +43,9 @@
4043
"review"
4144
],
4245
"apiVersion": "5.6",
46+
"useRequestFilter": false,
47+
"overwriteRequestSourceParams": false,
48+
"requestParamsBlacklist": [],
4349
"cacheRequest": false,
4450
"searchScoring": {
4551
"attributes": {
@@ -81,21 +87,21 @@
8187
"tax_class_id": "tci",
8288
"description": "desc",
8389
"minimal_regular_price": "mrp",
84-
"final_price": "fp",
85-
"price": "p",
90+
"final_price": "fp",
91+
"price": "p",
8692
"special_price": "sp",
8793
"original_final_price": "ofp",
8894
"original_price": "op",
8995
"original_special_price": "osp",
90-
"final_price_incl_tax": "fpit",
96+
"final_price_incl_tax": "fpit",
9197
"original_price_incl_tax": "opit",
9298
"price_incl_tax": "pit",
93-
"special_price_incl_tax": "spit",
99+
"special_price_incl_tax": "spit",
94100
"final_price_tax": "fpt",
95101
"price_tax": "pt",
96102
"special_price_tax": "spt",
97103
"original_price_tax": "opt",
98-
"image": "i",
104+
"image": "i",
99105
"small_image": "si",
100106
"thumbnail": "t"
101107
},
@@ -106,7 +112,7 @@
106112
"default": 10,
107113
"size": 10,
108114
"color": 10
109-
},
115+
},
110116
"priceFilterKey": "final_price",
111117
"priceFilters": {
112118
"ranges": [
@@ -115,7 +121,7 @@
115121
{ "from": 100, "to": 150 },
116122
{ "from": 150 }
117123
]
118-
}
124+
}
119125
},
120126
"varnish": {
121127
"host": "185.246.52.88",
@@ -234,7 +240,7 @@
234240
"useOnlyDefaultUserGroupId": false
235241
},
236242
"review": {
237-
"defaultReviewStatus": 2
243+
"defaultReviewStatus": 2
238244
},
239245
"bodyLimit": "100kb",
240246
"corsHeaders": [
@@ -347,15 +353,6 @@
347353
"includeFields": [ "attribute_code", "id", "entity_type_id", "options", "default_value", "is_user_defined", "frontend_label", "attribute_id", "default_frontend_label", "is_visible_on_front", "is_visible", "is_comparable" ],
348354
"loadByAttributeMetadata": false
349355
},
350-
"productList": {
351-
"sort": "",
352-
"includeFields": [ "type_id", "sku", "product_links", "tax_class_id", "special_price", "special_to_date", "special_from_date", "name", "price", "priceInclTax", "originalPriceInclTax", "originalPrice", "specialPriceInclTax", "id", "image", "sale", "new", "url_key" ],
353-
"excludeFields": [ "configurable_children", "description", "configurable_options", "sgn" ]
354-
},
355-
"productListWithChildren": {
356-
"includeFields": [ "type_id", "sku", "name", "tax_class_id", "special_price", "special_to_date", "special_from_date", "price", "priceInclTax", "originalPriceInclTax", "originalPrice", "specialPriceInclTax", "id", "image", "sale", "new", "configurable_children.image", "configurable_children.sku", "configurable_children.price", "configurable_children.special_price", "configurable_children.priceInclTax", "configurable_children.specialPriceInclTax", "configurable_children.originalPrice", "configurable_children.originalPriceInclTax", "configurable_children.color", "configurable_children.size", "product_links", "url_key"],
357-
"excludeFields": [ "description", "sgn"]
358-
},
359356
"product": {
360357
"excludeFields": [ "updated_at", "created_at", "attribute_set_id", "status", "visibility", "tier_prices", "options_container", "msrp_display_actual_price_type", "has_options", "stock.manage_stock", "stock.use_config_min_qty", "stock.use_config_notify_stock_qty", "stock.stock_id", "stock.use_config_backorders", "stock.use_config_enable_qty_inc", "stock.enable_qty_increments", "stock.use_config_manage_stock", "stock.use_config_min_sale_qty", "stock.notify_stock_qty", "stock.use_config_max_sale_qty", "stock.use_config_max_sale_qty", "stock.qty_increments", "small_image"],
361358
"includeFields": null,

package.json

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
{
22
"name": "vue-storefront-api",
3-
"version": "1.12.1",
3+
"version": "1.12.2",
44
"private": true,
55
"description": "vue-storefront API and data services",
66
"main": "dist",
@@ -93,6 +93,7 @@
9393
"storefront-query-builder": "https://github.com/DivanteLtd/storefront-query-builder.git",
9494
"syswide-cas": "latest",
9595
"tsconfig-paths": "^3.9.0",
96+
"vsf-utilities": "^1.0.1",
9697
"winston": "^2.4.2"
9798
},
9899
"devDependencies": {

src/api/attribute/service.ts

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -76,7 +76,7 @@ async function setAttributeInCache (attributeList, config) {
7676
* @param attribute - attribute object
7777
* @param optionsIds - list of only needed options ids
7878
*/
79-
function clearAttributeOpitons (attribute, optionsIds: number[]) {
79+
function clearAttributeOptions (attribute, optionsIds: number[]) {
8080
const stringOptionsIds = optionsIds.map(String)
8181
return {
8282
...attribute,
@@ -102,7 +102,7 @@ async function list (attributesParam: AttributeListParam, config, indexName: str
102102
attributeCodes.splice(index, 1)
103103

104104
// clear unused options
105-
return clearAttributeOpitons(cachedAttribute, attributeOptionsIds)
105+
return clearAttributeOptions(cachedAttribute, attributeOptionsIds)
106106
}
107107
})
108108
// remove empty results from cache.get
@@ -134,7 +134,7 @@ async function list (attributesParam: AttributeListParam, config, indexName: str
134134
const attributeOptionsIds = attributesParam[fetchedAttribute.attribute_code]
135135

136136
// clear unused options
137-
return clearAttributeOpitons(fetchedAttribute, attributeOptionsIds)
137+
return clearAttributeOptions(fetchedAttribute, attributeOptionsIds)
138138
})
139139
]
140140

src/api/cart.ts

Lines changed: 37 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
import { apiStatus, apiError } from '../lib/util';
1+
import { apiStatus, apiError, getToken } from '../lib/util';
22
import { Router } from 'express';
33
import PlatformFactory from '../platform/factory';
44

@@ -13,11 +13,12 @@ export default ({ config, db }) => {
1313

1414
/**
1515
* POST create a cart
16-
* req.query.token - user token
16+
* req.query.token | req.headers.authorization - user token
1717
*/
1818
cartApi.post('/create', (req, res) => {
1919
const cartProxy = _getProxy(req)
20-
cartProxy.create(req.query.token).then((result) => {
20+
const token = getToken(req)
21+
cartProxy.create(token).then((result) => {
2122
apiStatus(res, result, 200);
2223
}).catch(err => {
2324
apiError(res, err);
@@ -26,18 +27,19 @@ export default ({ config, db }) => {
2627

2728
/**
2829
* POST update or add the cart item
29-
* req.query.token - user token
30+
* req.query.token | req.headers.authorization - user token
3031
* body.cartItem: {
3132
* sku: orderItem.sku,
3233
* qty: orderItem.qty,
3334
* quoteId: cartKey}
3435
*/
3536
cartApi.post('/update', (req, res) => {
3637
const cartProxy = _getProxy(req)
38+
const token = getToken(req)
3739
if (!req.body.cartItem) {
3840
return apiStatus(res, 'No cartItem element provided within the request body', 500)
3941
}
40-
cartProxy.update(req.query.token, req.query.cartId ? req.query.cartId : null, req.body.cartItem).then((result) => {
42+
cartProxy.update(token, req.query.cartId ? req.query.cartId : null, req.body.cartItem).then((result) => {
4143
apiStatus(res, result, 200);
4244
}).catch(err => {
4345
apiError(res, err);
@@ -46,16 +48,17 @@ export default ({ config, db }) => {
4648

4749
/**
4850
* POST apply the coupon code
49-
* req.query.token - user token
51+
* req.query.token | req.headers.authorization - user token
5052
* req.query.cartId - cart Ids
5153
* req.query.coupon - coupon
5254
*/
5355
cartApi.post('/apply-coupon', (req, res) => {
5456
const cartProxy = _getProxy(req)
57+
const token = getToken(req)
5558
if (!req.query.coupon) {
5659
return apiStatus(res, 'No coupon code provided', 500)
5760
}
58-
cartProxy.applyCoupon(req.query.token, req.query.cartId ? req.query.cartId : null, req.query.coupon).then((result) => {
61+
cartProxy.applyCoupon(token, req.query.cartId ? req.query.cartId : null, req.query.coupon).then((result) => {
5962
apiStatus(res, result, 200);
6063
}).catch(err => {
6164
apiError(res, err);
@@ -64,12 +67,13 @@ export default ({ config, db }) => {
6467

6568
/**
6669
* POST remove the coupon code
67-
* req.query.token - user token
70+
* req.query.token | req.headers.authorization - user token
6871
* req.query.cartId - cart Ids
6972
*/
7073
cartApi.post('/delete-coupon', (req, res) => {
7174
const cartProxy = _getProxy(req)
72-
cartProxy.deleteCoupon(req.query.token, req.query.cartId ? req.query.cartId : null).then((result) => {
75+
const token = getToken(req)
76+
cartProxy.deleteCoupon(token, req.query.cartId ? req.query.cartId : null).then((result) => {
7377
apiStatus(res, result, 200);
7478
}).catch(err => {
7579
apiError(res, err);
@@ -78,12 +82,13 @@ export default ({ config, db }) => {
7882

7983
/**
8084
* GET get the applied coupon code
81-
* req.query.token - user token
85+
* req.query.token | req.headers.authorization - user token
8286
* req.query.cartId - cart Ids
8387
*/
8488
cartApi.get('/coupon', (req, res) => {
8589
const cartProxy = _getProxy(req)
86-
cartProxy.getCoupon(req.query.token, req.query.cartId ? req.query.cartId : null).then((result) => {
90+
const token = getToken(req)
91+
cartProxy.getCoupon(token, req.query.cartId ? req.query.cartId : null).then((result) => {
8792
apiStatus(res, result, 200);
8893
}).catch(err => {
8994
apiError(res, err);
@@ -92,18 +97,19 @@ export default ({ config, db }) => {
9297

9398
/**
9499
* POST delete the cart item
95-
* req.query.token - user token
100+
* req.query.token | req.headers.authorization - user token
96101
* body.cartItem: {
97102
* sku: orderItem.sku,
98103
* qty: orderItem.qty,
99104
* quoteId: cartKey}
100105
*/
101106
cartApi.post('/delete', (req, res) => {
102107
const cartProxy = _getProxy(req)
108+
const token = getToken(req)
103109
if (!req.body.cartItem) {
104110
return apiStatus(res, 'No cartItem element provided within the request body', 500)
105111
}
106-
cartProxy.delete(req.query.token, req.query.cartId ? req.query.cartId : null, req.body.cartItem).then((result) => {
112+
cartProxy.delete(token, req.query.cartId ? req.query.cartId : null, req.body.cartItem).then((result) => {
107113
apiStatus(res, result, 200);
108114
}).catch(err => {
109115
apiError(res, err);
@@ -112,13 +118,14 @@ export default ({ config, db }) => {
112118

113119
/**
114120
* GET pull the whole cart as it's currently se server side
115-
* req.query.token - user token
121+
* req.query.token | req.headers.authorization - user token
116122
* req.query.cartId - cartId
117123
*/
118124
cartApi.get('/pull', (req, res) => {
119125
const cartProxy = _getProxy(req)
126+
const token = getToken(req)
120127
res.setHeader('Cache-Control', 'no-cache, no-store');
121-
cartProxy.pull(req.query.token, req.query.cartId ? req.query.cartId : null, req.body).then((result) => {
128+
cartProxy.pull(token, req.query.cartId ? req.query.cartId : null, req.body).then((result) => {
122129
apiStatus(res, result, 200);
123130
}).catch(err => {
124131
apiError(res, err);
@@ -127,13 +134,14 @@ export default ({ config, db }) => {
127134

128135
/**
129136
* GET totals the cart totals
130-
* req.query.token - user token
137+
* req.query.token | req.headers.authorization - user token
131138
* req.query.cartId - cartId
132139
*/
133140
cartApi.get('/totals', (req, res) => {
134141
const cartProxy = _getProxy(req)
142+
const token = getToken(req)
135143
res.setHeader('Cache-Control', 'no-cache, no-store');
136-
cartProxy.totals(req.query.token, req.query.cartId ? req.query.cartId : null, req.body).then((result) => {
144+
cartProxy.totals(token, req.query.cartId ? req.query.cartId : null, req.body).then((result) => {
137145
apiStatus(res, result, 200);
138146
}).catch(err => {
139147
apiError(res, err);
@@ -142,17 +150,18 @@ export default ({ config, db }) => {
142150

143151
/**
144152
* POST /shipping-methods - available shipping methods for a given address
145-
* req.query.token - user token
153+
* req.query.token | req.headers.authorization - user token
146154
* req.query.cartId - cart ID if user is logged in, cart token if not
147155
* req.body.address - shipping address object
148156
*/
149157
cartApi.post('/shipping-methods', (req, res) => {
150158
const cartProxy = _getProxy(req)
159+
const token = getToken(req)
151160
res.setHeader('Cache-Control', 'no-cache, no-store');
152161
if (!req.body.address) {
153162
return apiStatus(res, 'No address element provided within the request body', 500)
154163
}
155-
cartProxy.getShippingMethods(req.query.token, req.query.cartId ? req.query.cartId : null, req.body.address).then((result) => {
164+
cartProxy.getShippingMethods(token, req.query.cartId ? req.query.cartId : null, req.body.address).then((result) => {
156165
apiStatus(res, result, 200);
157166
}).catch(err => {
158167
apiError(res, err);
@@ -161,13 +170,14 @@ export default ({ config, db }) => {
161170

162171
/**
163172
* GET /payment-methods - available payment methods
164-
* req.query.token - user token
173+
* req.query.token | req.headers.authorization - user token
165174
* req.query.cartId - cart ID if user is logged in, cart token if not
166175
*/
167176
cartApi.get('/payment-methods', (req, res) => {
168177
const cartProxy = _getProxy(req)
178+
const token = getToken(req)
169179
res.setHeader('Cache-Control', 'no-cache, no-store');
170-
cartProxy.getPaymentMethods(req.query.token, req.query.cartId ? req.query.cartId : null).then((result) => {
180+
cartProxy.getPaymentMethods(token, req.query.cartId ? req.query.cartId : null).then((result) => {
171181
apiStatus(res, result, 200);
172182
}).catch(err => {
173183
apiError(res, err);
@@ -176,17 +186,18 @@ export default ({ config, db }) => {
176186

177187
/**
178188
* POST /shipping-information - set shipping information for collecting cart totals after address changed
179-
* req.query.token - user token
189+
* req.query.token | req.headers.authorization - user token
180190
* req.query.cartId - cart ID if user is logged in, cart token if not
181191
* req.body.addressInformation - shipping address object
182192
*/
183193
cartApi.post('/shipping-information', (req, res) => {
184194
const cartProxy = _getProxy(req)
195+
const token = getToken(req)
185196
res.setHeader('Cache-Control', 'no-cache, no-store');
186197
if (!req.body.addressInformation) {
187198
return apiStatus(res, 'No address element provided within the request body', 500)
188199
}
189-
cartProxy.setShippingInformation(req.query.token, req.query.cartId ? req.query.cartId : null, req.body).then((result) => {
200+
cartProxy.setShippingInformation(token, req.query.cartId ? req.query.cartId : null, req.body).then((result) => {
190201
apiStatus(res, result, 200);
191202
}).catch(err => {
192203
apiError(res, err);
@@ -195,17 +206,18 @@ export default ({ config, db }) => {
195206

196207
/**
197208
* POST /collect-totals - collect cart totals after shipping address changed
198-
* req.query.token - user token
209+
* req.query.token | req.headers.authorization - user token
199210
* req.query.cartId - cart ID if user is logged in, cart token if not
200211
* req.body.shippingMethod - shipping and payment methods object
201212
*/
202213
cartApi.post('/collect-totals', (req, res) => {
203214
const cartProxy = _getProxy(req)
215+
const token = getToken(req)
204216
res.setHeader('Cache-Control', 'no-cache, no-store');
205217
if (!req.body.methods) {
206218
return apiStatus(res, 'No shipping and payment methods element provided within the request body', 500)
207219
}
208-
cartProxy.collectTotals(req.query.token, req.query.cartId ? req.query.cartId : null, req.body.methods).then((result) => {
220+
cartProxy.collectTotals(token, req.query.cartId ? req.query.cartId : null, req.body.methods).then((result) => {
209221
apiStatus(res, result, 200);
210222
}).catch(err => {
211223
apiError(res, err);

0 commit comments

Comments
 (0)