@scayle/storefront-core
Version:
Collection of essential utilities to work with the Storefront API
52 lines (51 loc) • 2.06 kB
JavaScript
import { SignJWT, decodeJwt } from "jose";
import { hasSession } from "../../../types/index.mjs";
import { ErrorResponse } from "../../../errors/index.mjs";
import { HttpStatusCode, HttpStatusMessage } from "../../../constants/index.mjs";
import { getAccessToken } from "../user.mjs";
import { defineRpcHandler } from "../../../utils/rpc.mjs";
const ACCESS_TOKEN_REFRESH_THRESHOLD_IN_MILLISECONDS = 30 * 60 * 1e3;
export const getCheckoutToken = defineRpcHandler(
async (jwtPayload = {}, context) => {
if (!hasSession(context)) {
return new ErrorResponse(
HttpStatusCode.BAD_REQUEST,
HttpStatusMessage.BAD_REQUEST,
"No Session found"
);
}
let refreshedAccessToken;
if (context.accessToken) {
const accessTokenPayload = decodeJwt(context.accessToken);
const shouldRefresh = !!accessTokenPayload.exp && accessTokenPayload.exp * 1e3 - Date.now() <= ACCESS_TOKEN_REFRESH_THRESHOLD_IN_MILLISECONDS;
refreshedAccessToken = await getAccessToken(
{ forceTokenRefresh: shouldRefresh },
context
);
if (refreshedAccessToken instanceof Response) {
return refreshedAccessToken;
}
}
const secret = new TextEncoder().encode(context.checkout.secret);
const now = /* @__PURE__ */ new Date();
const { voucher, customData, preferredCollectionPoint, carrier } = jwtPayload;
const campaignKey = await context.callRpc?.("getCampaignKey");
const orderCustomData = await context.callRpc?.("getOrderCustomData");
const checkoutJwt = await new SignJWT({
voucher,
preferredCollectionPoint,
carrier,
basketId: context.basketKey,
campaignKey,
customData: {
...customData,
...orderCustomData
}
}).setIssuedAt(now).setNotBefore(now).setExpirationTime("1h").setIssuer(`${"@scayle/storefront-core"}@${"8.61.3"}`).setProtectedHeader({ alg: "HS256", typ: "JWT" }).sign(secret);
return {
accessToken: refreshedAccessToken,
checkoutJwt
};
},
{ method: "POST" }
);