-
Notifications
You must be signed in to change notification settings - Fork 214
Expand file tree
/
Copy pathssr.js
More file actions
184 lines (158 loc) · 7.3 KB
/
ssr.js
File metadata and controls
184 lines (158 loc) · 7.3 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
/*
* Copyright (c) 2023, Salesforce, Inc.
* All rights reserved.
* SPDX-License-Identifier: BSD-3-Clause
* For full license text, see the LICENSE file in the repo root or https://opensource.org/licenses/BSD-3-Clause
*/
/*
* Developer note! When updating this file, make sure to also update the
* ssr.js template files in pwa-kit-create-app.
*
* In the pwa-kit-create-app, the templates are found under:
* - assets/bootstrap/js/overrides/app/ssr.js.hbs
* - assets/templates/@salesforce/retail-react-app/app/ssr.js.hbs
*/
'use strict'
import path from 'path'
import {getRuntime} from '@salesforce/pwa-kit-runtime/ssr/server/express'
import {defaultPwaKitSecurityHeaders} from '@salesforce/pwa-kit-runtime/utils/middleware'
import {getConfig} from '@salesforce/pwa-kit-runtime/utils/ssr-config'
import helmet from 'helmet'
import express from 'express'
import {emailLink} from '@salesforce/retail-react-app/app/utils/marketing-cloud/marketing-cloud-email-link'
import {
PASSWORDLESS_LOGIN_LANDING_PATH,
RESET_PASSWORD_LANDING_PATH
} from '@salesforce/retail-react-app/app/constants'
import {
validateSlasCallbackToken,
jwksCaching
} from '@salesforce/retail-react-app/app/utils/jwt-utils'
const config = getConfig()
const options = {
// The build directory (an absolute path)
buildDir: path.resolve(process.cwd(), 'build'),
// The cache time for SSR'd pages (defaults to 600 seconds)
defaultCacheTimeSeconds: 600,
// The contents of the config file for the current environment
mobify: config,
// The port that the local dev server listens on
port: 3000,
// The protocol on which the development Express app listens.
// Note that http://localhost is treated as a secure context for development,
// except by Safari.
protocol: 'http',
// Option for whether to set up a special endpoint for handling
// private SLAS clients
// Set this to false if using a SLAS public client
// When setting this to true, make sure to also set the PWA_KIT_SLAS_CLIENT_SECRET
// environment variable as this endpoint will return HTTP 501 if it is not set
useSLASPrivateClient: false,
applySLASPrivateClientToEndpoints:
/oauth2\/(token|passwordless|password\/(login|token|reset|action))/,
// If this is enabled, any HTTP header that has a non ASCII value will be URI encoded
// If there any HTTP headers that have been encoded, an additional header will be
// passed, `x-encoded-headers`, containing a comma separated list
// of the keys of headers that have been encoded
// There may be a slight performance loss with requests/responses with large number
// of headers as we loop through all the headers to verify ASCII vs non ASCII
encodeNonAsciiHttpHeaders: true
}
const runtime = getRuntime()
const resetPasswordCallback =
config.app.login?.resetPassword?.callbackURI || '/reset-password-callback'
const passwordlessLoginCallback =
config.app.login?.passwordless?.callbackURI || '/passwordless-login-callback'
// Reusable function to handle sending a magic link email.
// By default, this implementation uses Marketing Cloud.
async function sendMagicLinkEmail(req, res, landingPath, emailTemplate) {
// Extract the base URL from the request
const base = req.protocol + '://' + req.get('host')
// Extract the email_id and token from the request body
const {email_id, token} = req.body
// Construct the magic link URL
let magicLink = `${base}${landingPath}?token=${token}`
if (landingPath === RESET_PASSWORD_LANDING_PATH) {
// Add email query parameter for reset password flow
magicLink += `&email=${email_id}`
}
// Call the emailLink function to send an email with the magic link using Marketing Cloud
const emailLinkResponse = await emailLink(email_id, emailTemplate, magicLink)
// Send the response
res.send(emailLinkResponse)
}
const {handler} = runtime.createHandler(options, (app) => {
app.use(express.json()) // To parse JSON payloads
app.use(express.urlencoded({extended: true}))
// Set default HTTP security headers required by PWA Kit
app.use(defaultPwaKitSecurityHeaders)
// Set custom HTTP security headers
app.use(
helmet({
contentSecurityPolicy: {
useDefaults: true,
directives: {
'img-src': [
// Default source for product images - replace with your CDN
'*.commercecloud.salesforce.com'
],
'script-src': [
// Used by the service worker in /worker/main.js
'storage.googleapis.com'
],
'connect-src': [
// Connect to Einstein APIs
'api.cquotient.com'
]
}
}
})
)
// Handle the redirect from SLAS as to avoid error
app.get('/callback?*', (req, res) => {
// This endpoint does nothing and is not expected to change
// Thus we cache it for a year to maximize performance
res.set('Cache-Control', `max-age=31536000`)
res.send()
})
app.get('/:shortCode/:tenantId/oauth2/jwks', (req, res) => {
jwksCaching(req, res, {shortCode: req.params.shortCode, tenantId: req.params.tenantId})
})
// Handles the passwordless login callback route. SLAS makes a POST request to this
// endpoint sending the email address and passwordless token. Then this endpoint calls
// the sendMagicLinkEmail function to send an email with the passwordless login magic link.
// https://developer.salesforce.com/docs/commerce/commerce-api/guide/slas-passwordless-login.html#receive-the-callback
app.post(passwordlessLoginCallback, (req, res) => {
const slasCallbackToken = req.headers['x-slas-callback-token']
validateSlasCallbackToken(slasCallbackToken).then(() => {
sendMagicLinkEmail(
req,
res,
PASSWORDLESS_LOGIN_LANDING_PATH,
process.env.MARKETING_CLOUD_PASSWORDLESS_LOGIN_TEMPLATE
)
})
})
// Handles the reset password callback route. SLAS makes a POST request to this
// endpoint sending the email address and reset password token. Then this endpoint calls
// the sendMagicLinkEmail function to send an email with the reset password magic link.
// https://developer.salesforce.com/docs/commerce/commerce-api/guide/slas-password-reset.html#slas-password-reset-flow
app.post(resetPasswordCallback, (req, res) => {
const slasCallbackToken = req.headers['x-slas-callback-token']
validateSlasCallbackToken(slasCallbackToken).then(() => {
sendMagicLinkEmail(
req,
res,
RESET_PASSWORD_LANDING_PATH,
process.env.MARKETING_CLOUD_RESET_PASSWORD_TEMPLATE
)
})
})
app.get('/robots.txt', runtime.serveStaticFile('static/robots.txt'))
app.get('/favicon.ico', runtime.serveStaticFile('static/ico/favicon.ico'))
app.get('/worker.js(.map)?', runtime.serveServiceWorker)
app.get('*', runtime.render)
})
// SSR requires that we export a single handler function called 'get', that
// supports AWS use of the server that we created above.
export const get = handler