storenest-commerce
Version:
Complete e-commerce SDK for Storenest platform with React components, multi-language support, secure checkout, and enterprise-grade security
147 lines (146 loc) • 5.5 kB
JavaScript
;
Object.defineProperty(exports, "__esModule", { value: true });
exports.StorenestServerCheckout = void 0;
const config_1 = require("./config");
// Server-side checkout class (for backend use only)
class StorenestServerCheckout {
constructor() {
this.apiBaseUrl = (0, config_1.getApiBaseUrl)();
this.secretKey = (0, config_1.getSecretKey)() || '';
if (!this.secretKey) {
throw new Error('Secret key required for server-side checkout operations');
}
}
// SECURITY: Calculate order total server-side (prevents client manipulation)
async calculateOrderTotal(cartId, shippingMethodId) {
const response = await fetch(`${this.apiBaseUrl}/checkout/calculate`, {
method: 'POST',
headers: {
'x-secret-key': this.secretKey,
'Content-Type': 'application/json',
},
body: JSON.stringify({ cartId, shippingMethodId })
});
if (!response.ok) {
throw new Error('Failed to calculate order total');
}
return await response.json();
}
// SECURITY: Validate order server-side (prevents invalid orders)
async validateOrder(orderData) {
const response = await fetch(`${this.apiBaseUrl}/checkout/validate`, {
method: 'POST',
headers: {
'x-secret-key': this.secretKey,
'Content-Type': 'application/json',
},
body: JSON.stringify(orderData)
});
if (!response.ok) {
throw new Error('Failed to validate order');
}
return await response.json();
}
// SECURITY: Process payment server-side (keeps payment data secure)
async processPayment(paymentData, orderId) {
const response = await fetch(`${this.apiBaseUrl}/checkout/process-payment`, {
method: 'POST',
headers: {
'x-secret-key': this.secretKey,
'Content-Type': 'application/json',
},
body: JSON.stringify({ paymentData, orderId })
});
if (!response.ok) {
throw new Error('Failed to process payment');
}
return await response.json();
}
// SECURITY: Detect fraud server-side
async detectFraud(orderData, clientIP) {
const response = await fetch(`${this.apiBaseUrl}/checkout/fraud-detection`, {
method: 'POST',
headers: {
'x-secret-key': this.secretKey,
'Content-Type': 'application/json',
},
body: JSON.stringify({ orderData, clientIP })
});
if (!response.ok) {
throw new Error('Failed to detect fraud');
}
return await response.json();
}
// SECURITY: Apply discounts server-side (prevents discount abuse)
async applyDiscounts(cartId, discountCode) {
const response = await fetch(`${this.apiBaseUrl}/checkout/apply-discount`, {
method: 'POST',
headers: {
'x-secret-key': this.secretKey,
'Content-Type': 'application/json',
},
body: JSON.stringify({ cartId, discountCode })
});
if (!response.ok) {
throw new Error('Failed to apply discount');
}
return await response.json();
}
// SECURITY: Create order server-side (ensures data integrity)
async createOrder(orderData) {
const response = await fetch(`${this.apiBaseUrl}/checkout/create-order`, {
method: 'POST',
headers: {
'x-secret-key': this.secretKey,
'Content-Type': 'application/json',
},
body: JSON.stringify(orderData)
});
if (!response.ok) {
throw new Error('Failed to create order');
}
return await response.json();
}
// SECURITY: Validate checkout session server-side
async validateCheckoutSession(sessionId) {
const response = await fetch(`${this.apiBaseUrl}/checkout/validate-session/${sessionId}`, {
method: 'GET',
headers: {
'x-secret-key': this.secretKey,
}
});
if (!response.ok) {
throw new Error('Failed to validate checkout session');
}
return await response.json();
}
// SECURITY: Rate limiting and abuse prevention
async checkRateLimit(clientIP, action) {
const response = await fetch(`${this.apiBaseUrl}/checkout/rate-limit`, {
method: 'POST',
headers: {
'x-secret-key': this.secretKey,
'Content-Type': 'application/json',
},
body: JSON.stringify({ clientIP, action })
});
if (!response.ok) {
throw new Error('Failed to check rate limit');
}
return await response.json();
}
// SECURITY: Log security events
async logSecurityEvent(event, data) {
await fetch(`${this.apiBaseUrl}/checkout/security-log`, {
method: 'POST',
headers: {
'x-secret-key': this.secretKey,
'Content-Type': 'application/json',
},
body: JSON.stringify({ event, data, timestamp: Date.now() })
});
}
}
exports.StorenestServerCheckout = StorenestServerCheckout;
// Export the server-side checkout class
exports.default = StorenestServerCheckout;