W-21432256: address code review comments on ssr.js

Author: amittapalli

packages/pwa-kit-create-app/assets/bootstrap/js/overrides/app/ssr.js.hbs

@@ -10,7 +10,6 @@
 import crypto from 'crypto'
 import express from 'express'
 import helmet from 'helmet'
-import https from 'https'
 import {createRemoteJWKSet as joseCreateRemoteJWKSet, jwtVerify, decodeJwt} from 'jose'
 import path from 'path'
 import {getRuntime} from '@salesforce/pwa-kit-runtime/ssr/server/express'
@@ -359,7 +358,8 @@ const {handler} = runtime.createHandler(options, (app) => {
                 '*.stripe.com',
                 '*.paypal.com',
                 '*.adyen.com',
-                '*.google.com',
+                'pay.google.com',
+                'www.gstatic.com',
                 '*.demandware.net' // Used to load a valid payment scripts in test environment
             ],
             'connect-src': [
@@ -375,16 +375,21 @@ const {handler} = runtime.createHandler(options, (app) => {
                 // Payment gateways
                 '*.demandware.net', // Used to load a valid payment scripts in test environment
                 '*.adyen.com',
-                '*.google.com'
+                '*.paypal.com',
+                'pay.google.com',
+                'payments.google.com',
+                'google.com',
+                'www.google.com'
             ],
             'frame-src': [
                 // Allow frames from Salesforce site.com (Needed for MIAW)
                 '*.site.com',
                 // Payment gateways
                 '*.stripe.com',
                 '*.paypal.com',
-                '*.google.com',
-                '*.adyen.com'
+                '*.adyen.com',
+                'payments.google.com',
+                'pay.google.com'
             ]
         }
     }
@@ -450,49 +455,30 @@ const {handler} = runtime.createHandler(options, (app) => {
     // Helper function to transform relative icon paths to absolute URLs
     function transformIconPaths(data, ecomServerHost) {
         const baseUrl = `https://${ecomServerHost}/on/demandware.static/Sites-Site/-/-/internal`
-        const dataStr = JSON.stringify(data)
-        // Replace all relative icon paths with absolute URLs
-        const transformedStr = dataStr.replace(/"src":\s*"\/icons\//g, `"src":"${baseUrl}/icons/`)
-        return JSON.parse(transformedStr)
+        const methodTypes = data?.paymentMethodTypes
+        if (methodTypes) {
+            for (const method of Object.values(methodTypes)) {
+                for (const image of method.images ?? []) {
+                    if (image.src?.startsWith('/icons/')) {
+                        image.src = `${baseUrl}${image.src}`
+                    }
+                }
+            }
+        }
+        return data
     }
-
+    
+    // Helper function to fetch payment metadata from the Commerce Cloud instance
     app.get('/api/payment-metadata', async (req, res) => {
         try {
-            // Parse the URL to extract hostname and path
-            const url = new URL(config.app.sfPayments.metadataUrl)
-            // Use Node's https module instead of fetch
-            const data = await new Promise((resolve, reject) => {
-                const options = {
-                    hostname: url.hostname,
-                    path: url.pathname,
-                    method: 'GET',
-                    rejectUnauthorized: false, // This bypasses SSL verification
-                    headers: {
-                        Accept: 'application/json'
-                    }
-                }
-
-                const req = https.request(options, (response) => {
-                    let data = ''
-                    response.on('data', (chunk) => {
-                        data += chunk
-                    })
-                    response.on('end', () => {
-                        try {
-                            resolve(JSON.parse(data))
-                        } catch (e) {
-                            reject(e)
-                        }
-                    })
-                })
-
-                req.on('error', reject)
-                req.end()
+            const response = await fetch(config.app.sfPayments.metadataUrl, {
+                headers: { Accept: 'application/json' }
             })
-
-            // Transform relative icon paths to absolute URLs
-            const transformedData = transformIconPaths(data, url.hostname)
-
+            if (!response.ok) {
+                throw new Error(`Metadata request failed with status: ${response.status}`)
+            }
+            const data = await response.json()
+            const transformedData = transformIconPaths(data, new URL(config.app.sfPayments.metadataUrl).hostname)
             res.setHeader('Access-Control-Allow-Origin', '*')
             res.setHeader('Content-Type', 'application/json')
             res.json(transformedData)
@@ -503,6 +489,7 @@ const {handler} = runtime.createHandler(options, (app) => {
             })
         }
     })
+
     app.get('*', runtime.render)
 })
 // SSR requires that we export a single handler function called 'get', that

packages/pwa-kit-create-app/assets/templates/@salesforce/retail-react-app/app/ssr.js.hbs

@@ -10,7 +10,6 @@
 import crypto from 'crypto'
 import express from 'express'
 import helmet from 'helmet'
-import https from 'https'
 import {createRemoteJWKSet as joseCreateRemoteJWKSet, jwtVerify, decodeJwt} from 'jose'
 import path from 'path'
 import {getRuntime} from '@salesforce/pwa-kit-runtime/ssr/server/express'
@@ -359,7 +358,8 @@ const {handler} = runtime.createHandler(options, (app) => {
                 '*.stripe.com',
                 '*.paypal.com',
                 '*.adyen.com',
-                '*.google.com',
+                'pay.google.com',
+                'www.gstatic.com',
                 '*.demandware.net' // Used to load a valid payment scripts in test environment
             ],
             'connect-src': [
@@ -375,16 +375,21 @@ const {handler} = runtime.createHandler(options, (app) => {
                 // Payment gateways
                 '*.demandware.net', // Used to load a valid payment scripts in test environment
                 '*.adyen.com',
-                '*.google.com'
+                '*.paypal.com',
+                'pay.google.com',
+                'payments.google.com',
+                'google.com',
+                'www.google.com'
             ],
             'frame-src': [
                 // Allow frames from Salesforce site.com (Needed for MIAW)
                 '*.site.com',
                 // Payment gateways
                 '*.stripe.com',
                 '*.paypal.com',
-                '*.google.com',
-                '*.adyen.com'
+                '*.adyen.com',
+                'payments.google.com',
+                'pay.google.com'
             ]
         }
     }
@@ -450,49 +455,30 @@ const {handler} = runtime.createHandler(options, (app) => {
     // Helper function to transform relative icon paths to absolute URLs
     function transformIconPaths(data, ecomServerHost) {
         const baseUrl = `https://${ecomServerHost}/on/demandware.static/Sites-Site/-/-/internal`
-        const dataStr = JSON.stringify(data)
-        // Replace all relative icon paths with absolute URLs
-        const transformedStr = dataStr.replace(/"src":\s*"\/icons\//g, `"src":"${baseUrl}/icons/`)
-        return JSON.parse(transformedStr)
+        const methodTypes = data?.paymentMethodTypes
+        if (methodTypes) {
+            for (const method of Object.values(methodTypes)) {
+                for (const image of method.images ?? []) {
+                    if (image.src?.startsWith('/icons/')) {
+                        image.src = `${baseUrl}${image.src}`
+                    }
+                }
+            }
+        }
+        return data
     }
-
+    
+    // Helper function to fetch payment metadata from the Commerce Cloud instance
     app.get('/api/payment-metadata', async (req, res) => {
         try {
-            // Parse the URL to extract hostname and path
-            const url = new URL(config.app.sfPayments.metadataUrl)
-            // Use Node's https module instead of fetch
-            const data = await new Promise((resolve, reject) => {
-                const options = {
-                    hostname: url.hostname,
-                    path: url.pathname,
-                    method: 'GET',
-                    rejectUnauthorized: false, // This bypasses SSL verification
-                    headers: {
-                        Accept: 'application/json'
-                    }
-                }
-
-                const req = https.request(options, (response) => {
-                    let data = ''
-                    response.on('data', (chunk) => {
-                        data += chunk
-                    })
-                    response.on('end', () => {
-                        try {
-                            resolve(JSON.parse(data))
-                        } catch (e) {
-                            reject(e)
-                        }
-                    })
-                })
-
-                req.on('error', reject)
-                req.end()
+            const response = await fetch(config.app.sfPayments.metadataUrl, {
+                headers: { Accept: 'application/json' }
             })
-
-            // Transform relative icon paths to absolute URLs
-            const transformedData = transformIconPaths(data, url.hostname)
-
+            if (!response.ok) {
+                throw new Error(`Metadata request failed with status: ${response.status}`)
+            }
+            const data = await response.json()
+            const transformedData = transformIconPaths(data, new URL(config.app.sfPayments.metadataUrl).hostname)
             res.setHeader('Access-Control-Allow-Origin', '*')
             res.setHeader('Content-Type', 'application/json')
             res.json(transformedData)

packages/template-retail-react-app/app/hooks/use-shopper-configuration.js

@@ -13,7 +13,13 @@ import {useConfigurations} from '@salesforce/commerce-sdk-react'
  * @returns {*} The configuration value, or undefined if not found
  */
 export const useShopperConfiguration = (configurationId) => {
-    const {data: configurations} = useConfigurations()
+    // Stale time is set to 10 minutes to avoid unnecessary API calls
+    const {data: configurations} = useConfigurations(
+        {},
+        {
+            staleTime: 10 * 60 * 1000 // 10 minutes
+        }
+    )
     const config = configurations?.configurations?.find(
         (configuration) => configuration.id === configurationId
     )

packages/template-retail-react-app/app/ssr.js

@@ -19,7 +19,6 @@
 import crypto from 'crypto'
 import express from 'express'
 import helmet from 'helmet'
-import https from 'https'
 import {createRemoteJWKSet as joseCreateRemoteJWKSet, jwtVerify, decodeJwt} from 'jose'
 import path from 'path'
 import {getRuntime} from '@salesforce/pwa-kit-runtime/ssr/server/express'
@@ -370,7 +369,8 @@ const {handler} = runtime.createHandler(options, (app) => {
                         '*.stripe.com',
                         '*.paypal.com',
                         '*.adyen.com',
-                        '*.google.com',
+                        'pay.google.com',
+                        'www.gstatic.com',
                         '*.demandware.net', // Used to load a valid payment scripts in test environment
                         'maps.googleapis.com',
                         'places.googleapis.com'
@@ -387,7 +387,11 @@ const {handler} = runtime.createHandler(options, (app) => {
                         // Payment gateways
                         '*.demandware.net', // Used to load a valid payment scripts in test environment
                         '*.adyen.com',
-                        '*.google.com'
+                        '*.paypal.com',
+                        'pay.google.com',
+                        'payments.google.com',
+                        'google.com',
+                        'www.google.com'
                     ],
                     'frame-src': [
                         // Allow frames from Salesforce site.com (Needed for MIAW)
@@ -396,7 +400,8 @@ const {handler} = runtime.createHandler(options, (app) => {
                         '*.stripe.com',
                         '*.paypal.com',
                         '*.adyen.com',
-                        '*.google.com'
+                        'payments.google.com',
+                        'pay.google.com'
                     ]
                 }
             }
@@ -457,50 +462,33 @@ const {handler} = runtime.createHandler(options, (app) => {
     // Helper function to transform relative icon paths to absolute URLs
     function transformIconPaths(data, ecomServerHost) {
         const baseUrl = `https://${ecomServerHost}/on/demandware.static/Sites-Site/-/-/internal`
-        const dataStr = JSON.stringify(data)
-        // Replace all relative icon paths with absolute URLs
-        const transformedStr = dataStr.replace(/"src":\s*"\/icons\//g, `"src":"${baseUrl}/icons/`)
-        return JSON.parse(transformedStr)
+        const methodTypes = data?.paymentMethodTypes
+        if (methodTypes) {
+            for (const method of Object.values(methodTypes)) {
+                for (const image of method.images ?? []) {
+                    if (image.src?.startsWith('/icons/')) {
+                        image.src = `${baseUrl}${image.src}`
+                    }
+                }
+            }
+        }
+        return data
     }
 
+    // Helper function to fetch payment metadata from the Commerce Cloud instance
     app.get('/api/payment-metadata', async (req, res) => {
         try {
-            // Parse the URL to extract hostname and path
-            const url = new URL(config.app.sfPayments.metadataUrl)
-            // Use Node's https module instead of fetch
-            const data = await new Promise((resolve, reject) => {
-                const options = {
-                    hostname: url.hostname,
-                    path: url.pathname,
-                    method: 'GET',
-                    rejectUnauthorized: false, // This bypasses SSL verification
-                    headers: {
-                        Accept: 'application/json'
-                    }
-                }
-
-                const req = https.request(options, (response) => {
-                    let data = ''
-                    response.on('data', (chunk) => {
-                        data += chunk
-                    })
-                    response.on('end', () => {
-                        try {
-                            resolve(JSON.parse(data))
-                        } catch (e) {
-                            reject(e)
-                        }
-                    })
-                })
-
-                req.on('error', reject)
-                req.end()
+            const response = await fetch(config.app.sfPayments.metadataUrl, {
+                headers: {Accept: 'application/json'}
             })
-
-            // Transform relative icon paths to absolute URLs
-            const transformedData = transformIconPaths(data, url.hostname)
-
-            res.setHeader('Access-Control-Allow-Origin', '*')
+            if (!response.ok) {
+                throw new Error(`Metadata request failed with status: ${response.status}`)
+            }
+            const data = await response.json()
+            const transformedData = transformIconPaths(
+                data,
+                new URL(config.app.sfPayments.metadataUrl).hostname
+            )
             res.setHeader('Content-Type', 'application/json')
             res.json(transformedData)
         } catch (error) {