diff --git a/package-lock.json b/package-lock.json index 82f2fad7fc..b5cb1cb61f 100644 --- a/package-lock.json +++ b/package-lock.json @@ -16186,7 +16186,8 @@ "@unchainedshop/core-users": "^3.0.0-alpha4", "@unchainedshop/core-warehousing": "^3.0.0-alpha4", "@unchainedshop/core-worker": "^3.0.0-alpha4", - "@unchainedshop/logger": "^3.0.0-alpha4" + "@unchainedshop/logger": "^3.0.0-alpha4", + "@unchainedshop/utils": "^3.0.0-alpha4" }, "devDependencies": { "@types/node": "^22.9.1", @@ -16220,7 +16221,7 @@ "license": "EUPL-1.2", "dependencies": { "@unchainedshop/events": "^3.0.0-alpha4", - "@unchainedshop/utils": "^3.0.0-alpha4" + "@unchainedshop/mongodb": "^3.0.0-alpha4" }, "devDependencies": { "@types/node": "^22.9.1", @@ -16267,6 +16268,7 @@ "dependencies": { "@unchainedshop/events": "^3.0.0-alpha4", "@unchainedshop/logger": "^3.0.0-alpha4", + "@unchainedshop/mongodb": "^3.0.0-alpha4", "@unchainedshop/utils": "^3.0.0-alpha4" }, "devDependencies": { @@ -16448,6 +16450,7 @@ "@unchainedshop/events": "^3.0.0-alpha4", "@unchainedshop/file-upload": "^3.0.0-alpha4", "@unchainedshop/logger": "^3.0.0-alpha4", + "@unchainedshop/mongodb": "^3.0.0-alpha4", "@unchainedshop/roles": "^3.0.0-alpha4", "@unchainedshop/utils": "^3.0.0-alpha4", "bcryptjs": "^2.4.3", diff --git a/packages/api/src/express/index.ts b/packages/api/src/express/index.ts index 2cd2aab39c..fadbf5f588 100644 --- a/packages/api/src/express/index.ts +++ b/packages/api/src/express/index.ts @@ -31,6 +31,8 @@ const { UNCHAINED_COOKIE_NAME = 'unchained_token', UNCHAINED_COOKIE_PATH = '/', UNCHAINED_COOKIE_DOMAIN, + UNCHAINED_COOKIE_SAMESITE, + UNCHAINED_COOKIE_INSECURE, } = process.env; const addContext = async function middlewareWithContext( @@ -119,6 +121,18 @@ export const connect = ( ) => { const passport = setupPassport(unchainedAPI); + const name = UNCHAINED_COOKIE_NAME; + const domain = UNCHAINED_COOKIE_DOMAIN; + const path = UNCHAINED_COOKIE_PATH; + const secure = UNCHAINED_COOKIE_INSECURE ? false : true; + const sameSite = ({ + none: 'none', + lax: 'lax', + strict: 'strict', + '1': true, + '0': false, + }[UNCHAINED_COOKIE_SAMESITE?.trim()?.toLowerCase()] || false) as boolean | 'none' | 'lax' | 'strict'; + expressApp.use( session({ secret: process.env.UNCHAINED_TOKEN_SECRET, @@ -127,14 +141,14 @@ export const connect = ( dbName: db.databaseName, collectionName: 'sessions', }), - name: UNCHAINED_COOKIE_NAME, + name, saveUninitialized: false, resave: false, cookie: { - domain: UNCHAINED_COOKIE_DOMAIN, - path: UNCHAINED_COOKIE_PATH, - sameSite: 'none', - secure: true, + domain, + path, + sameSite, + secure, httpOnly: true, maxAge: 1000 * 60 * 60 * 24 * 7, }, diff --git a/packages/api/src/fastify/index.ts b/packages/api/src/fastify/index.ts index f2ffefc17f..f604e3305a 100644 --- a/packages/api/src/fastify/index.ts +++ b/packages/api/src/fastify/index.ts @@ -28,7 +28,8 @@ const { UNCHAINED_COOKIE_NAME = 'unchained_token', UNCHAINED_COOKIE_PATH = '/', UNCHAINED_COOKIE_DOMAIN, - NODE_ENV, + UNCHAINED_COOKIE_SAMESITE, + UNCHAINED_COOKIE_INSECURE, } = process.env; const middlewareHook = async function middlewareHook(req: any, reply: any) { @@ -84,20 +85,33 @@ export const connect = ( db, }: { graphqlHandler: YogaServerInstance; db: mongodb.Db; unchainedAPI: UnchainedCore }, ) => { + const cookieName = UNCHAINED_COOKIE_NAME; + const domain = UNCHAINED_COOKIE_DOMAIN; + const path = UNCHAINED_COOKIE_PATH; + const secure = UNCHAINED_COOKIE_INSECURE ? false : true; + const sameSite = ({ + none: 'none', + lax: 'lax', + strict: 'strict', + '1': true, + '0': false, + }[UNCHAINED_COOKIE_SAMESITE?.trim()?.toLowerCase()] || false) as boolean | 'none' | 'lax' | 'strict'; + fastify.register(fastifyCookie); fastify.register(fastifySession, { secret: process.env.UNCHAINED_TOKEN_SECRET, - cookieName: UNCHAINED_COOKIE_NAME, + cookieName, store: MongoStore.create({ client: (db as any).client, dbName: db.databaseName, collectionName: 'sessions', }), cookie: { - domain: UNCHAINED_COOKIE_DOMAIN, - httpOnly: Boolean(NODE_ENV === 'production'), - path: UNCHAINED_COOKIE_PATH, - secure: NODE_ENV === 'production', + domain, + httpOnly: true, + path, + secure, + sameSite, maxAge: 1000 * 60 * 60 * 24 * 7, }, }); diff --git a/packages/core-assortments/src/module/configureAssortmentProductsModule.ts b/packages/core-assortments/src/module/configureAssortmentProductsModule.ts index 71bd4f777f..ca5889ae30 100644 --- a/packages/core-assortments/src/module/configureAssortmentProductsModule.ts +++ b/packages/core-assortments/src/module/configureAssortmentProductsModule.ts @@ -158,13 +158,13 @@ export const configureAssortmentProductsModule = ({ { upsert: true, returnDocument: 'after' }, ); + if (!assortmentProduct) return null; + await emit('ASSORTMENT_ADD_PRODUCT', { assortmentProduct }); if (!options?.skipInvalidation) { await invalidateCache({ assortmentIds: [assortmentProduct.assortmentId] }); } - - return assortmentProduct; }, delete: async (assortmentProductId, options) => { diff --git a/packages/core-users/src/module/configureUsersModule.ts b/packages/core-users/src/module/configureUsersModule.ts index 9e07090a36..346ae432cd 100644 --- a/packages/core-users/src/module/configureUsersModule.ts +++ b/packages/core-users/src/module/configureUsersModule.ts @@ -683,9 +683,12 @@ export const configureUsersModule = async ({ returnDocument: 'after', }); - await emit('USER_UPDATE_BILLING_ADDRESS', { - user: removeConfidentialServiceHashes(user), - }); + if (updatedUser) { + await emit('USER_UPDATE_BILLING_ADDRESS', { + user: removeConfidentialServiceHashes(updatedUser), + }); + } + return updatedUser; },