fix(ep-commerce): remove browser-readable EP token leak (#282)#306
Open
field123 wants to merge 4 commits into
Open
fix(ep-commerce): remove browser-readable EP token leak (#282)#306field123 wants to merge 4 commits into
field123 wants to merge 4 commits into
Conversation
- providerProps() returns {} regardless of session (slice 1)
- delete ep-provider-server-info.ts bridge + getServerInfo meta key (slice 2)
- drop serverToken parameter from provider chain (slice 3)
Slices 4-8 pending. Saving WIP so we can switch to PR #300 rebase.
…les + example-app leak Slice 5: git rm three dead auth/ep-*-server-info.ts files (written for the upstream CodeComponentMeta.getServerInfo path that was reverted in #246; never imported by any production code) and their tests. Slice 6: drop globalContextsProps["plasmic-commerce-elastic-path-provider$dev"] = session.providerProps() from the example app's catchall page. providerProps() returns {} after slice 1 anyway, so this was a no-op — explicit deletion documents intent. Update middleware.ts comment that referenced the removed serverToken flow.
…ers to proxy Cart-drawer, checkout-summary, and the global cart actions (Studio "Add/Update/Remove item" actions) all moved off the legacy useCart/useAddItem/useRemoveItem/useUpdateItem hooks onto the proxy + useEpCart path landed in #300: - EPCartDrawer / EPCartDrawerTrigger / EPCheckoutCartSummary now consume useEpCart() (SWR over /api/ep/proxy/[fn] getCart) instead of @plasmicpkgs/commerce's useCart wrapper. - EPCartItemRemoveButton inlines callEpProxy("removeCartItem", ...) + swrMutate(epCartCacheKey()). - EPCartItemQuantityControl inlines callEpProxy("updateCartItem"|"removeCartItem", ...). - registerCommerceProvider replaces upstream CartActionsProvider with a proxy-backed EpCartActionsProvider that wires the same Studio global actions (addItem/updateItem/removeItem) through callEpProxy. Studio designers' existing action bindings keep working. Then deletes the legacy hooks and their tests: - cart/use-add-item.tsx, use-cart.tsx, use-update-item.tsx, use-remove-item.tsx - cart/__tests__/ for each of the above - cart/index.ts (only re-exported the deleted hooks) provider.ts no longer imports them, no longer surfaces a `cart: {...}` field on the ElasticPathProvider shape. cart-drawer-components.test.tsx mock layer rewritten to mock useEpCart + callEpProxy instead of the deleted hook surface; assertions updated to verify the proxy fn name + payload (no more location field on update — the proxy doesn't accept it).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Closes #282 (parent: #279 HIGH-3). The shopper's per-session EP access
token is no longer serialized into page HTML or any browser-reachable
surface. Catalog reads now use the SDK's anonymous-mint flow client-side;
shopper-bound reads/writes route through the proxy.
This is a breaking change for any consumer using the legacy
browser-direct EP SDK hooks. See "Migration" below.
What changed
Token surface removed
providerProps()returns{}regardless of session state — theprimary regression gate, asserted by a new test.
auth/ep-provider-server-info.ts(the bridge that pipedserverTokeninto Plasmic's contexts) deleted, along with the
getServerInfo:keyon the EP commerce provider meta.
serverTokenparameter dropped from the entire provider chain:registerCommerceProvider,getCommerceProvider,getElasticPathProvider,initElasticPathClient, plus theEPCommerceProviderStudio prop.globalContextsProps["plasmic-commerce-elastic-path-provider$dev"] = session.providerProps().Legacy cart hooks deleted
The pre-#273 hooks built around
getEPClient(provider)are removed infavor of the proxy-backed replacements that landed in #299/#300:
cart/use-cart.tsx→ consumers useuseEpCart(SWR overgetCartproxy).cart/use-add-item.tsx→EPAddToCartButtonalready usescallEpProxy("addCartItem", …).cart/use-update-item.tsx,cart/use-remove-item.tsx→ callcallEpProxy("updateCartItem"|"removeCartItem", …)directly + invalidatewith
swrMutate(epCartCacheKey()).cart/__tests__/use-*.test.tsxfiles removed.Cart-drawer / checkout consumers migrated
cart-drawer/EPCartDrawer.tsx,EPCartDrawerTrigger.tsx,checkout/composable/EPCheckoutCartSummary.tsx: switched touseEpCart().cart-drawer/EPCartItemRemoveButton.tsx,cart-drawer/EPCartItemQuantityControl.tsx: switched to inlinecallEpProxy(...)+swrMutate(epCartCacheKey()).cart-drawer-components.test.tsxmock layer rewritten to mockuseEpCart+callEpProxydirectly.Studio global cart actions preserved
registerCommerceProvider.tsxreplaces upstreamCartActionsProvider(which depended onprovider.cart.useAddItemetc.)with a new in-package
EpCartActionsProviderthat wires the sameStudio-facing
addItem/updateItem/removeItemactions throughcallEpProxy. Existing Studio bindings against those global actionscontinue to work without designer-side changes.
Dead
auth/ep-*-server-info.tsfiles deletedThree orphan files written for upstream's reverted
CodeComponentMeta.getServerInfo(PR #246, never landed) — neverimported by any production code:
auth/ep-product-server-info.tsauth/ep-product-list-server-info.tsauth/ep-related-products-server-info.ts…and their tests.
Migration
Replace any direct imports from
@elasticpath/plasmic-ep-commerce-elastic-path/cart/use-*:useCart()→useEpCart()from@elasticpath/plasmic-ep-commerce-elastic-path(returns{ cart, isLoading, error, refresh }instead of SWR's{ data, error }).useAddItem()→EPAddToCartButton(which uses the proxy internally),or
callEpProxy("addCartItem", { productId, quantity, ... }, null)directly.
useUpdateItem()→callEpProxy("updateCartItem", { itemId, quantity }, null)swrMutate(epCartCacheKey()).useRemoveItem()→callEpProxy("removeCartItem", { itemId }, null)swrMutate(epCartCacheKey()).The Studio "Add item to cart / Update item / Remove item" global actions
on the Elastic Path Provider are unchanged — they now just route through
the proxy under the hood.
Test plan
providerProps() never serializes the EP access token (#282)asserts
providerProps()is{}and the JSON form does not containthe token.
cart-drawer-components.test.tsx(110 tests) verifies the migratedproxy + SWR call shapes.
git grepconfirms no production code callsproviderProps(), no browser-reachable surface containsaccessToken/serverToken/epAccessTokenoutside of explicitserver-side bearer flows (proxy routes, ALS context, cart server
routes).
the example app, open DevTools → Network on
/,/products,/product/[id],/cart, and confirm noserverToken,accessToken,epAccessToken, or bearer-shaped string appears inany response body or document HTML.
Out of scope
useEpUpdateItem,useEpRemoveItem) — the issuedefers these; consumers call
callEpProxydirectly until those land.