Merge branch 'main' into bump-app-sdk

.github/workflows/check-licenses.yaml

@@ -0,0 +1,45 @@
+name: Check Licenses
+on:
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      # Labels are needed to handle external contributors
+      - labeled
+      - unlabeled
+    paths:
+      # Self
+      - ".github/workflows/check-licenses.yaml"
+      # JS/TS Ecosystem
+      - "**/package.json"
+      - "**/pnpm-lock.yaml"
+      - "**/package-lock.json"
+
+jobs:
+  default:
+    permissions:
+      contents: read
+      pull-requests: write
+    uses: saleor/saleor-internal-actions/.github/workflows/run-license-check.yaml@v1
+    with:
+      # List of ecosystems to scan.
+      ecosystems: >-
+        javascript
+      # Grant rules (https://github.com/anchore/grant/blob/4362dc22cf5ea9baeccfa59b2863879afe0c30d7/README.md#usage)
+      rules: |
+        # Explicitly allow LGPL as "*GPL*" rule will cause to reject them otherwise.
+        - pattern: "*lgpl*"
+          name: "allow-lgpl"
+          mode: "allow"
+          reason: "LGPL is allowed."
+        - pattern: "*gpl*"
+          name: "deny-gpl"
+          mode: "deny"
+          reason: "GPL licenses are not compatible with BSD-3-Clause"
+          exceptions:
+            # store2 is under a dual license (MIT OR GPL-3.0), thus is compatible with our project.
+            # License metadata (for v2.14.2): https://github.com/nbubna/store/blob/20cce53b83b5870b6715fa929e4aa773cfa5e179/package.json#L32
+            - store2
+        - pattern: "*proprietary*"
+          name: "deny-proprietary"
+          mode: "deny"

.github/workflows/e2e.yml

@@ -55,6 +55,10 @@ jobs:
           E2E_USER_NAME: "op://Shop-ex/saleor-app-avatax-e2e-${{ env.SALEOR_VERSION }}/E2E_USER_NAME"
           E2E_USER_PASSWORD: "op://Shop-ex/saleor-app-avatax-e2e-${{ env.SALEOR_VERSION }}/E2E_USER_PASSWORD"
           SECRET_KEY: "op://Shop-ex/saleor-app-avatax-e2e-${{ env.SALEOR_VERSION }}/SECRET_KEY"
+          DYNAMODB_LOGS_TABLE_NAME: "op://Shop-ex/saleor-app-avatax-e2e-${{ env.SALEOR_VERSION }}/DYNAMODB_LOGS_TABLE_NAME"
+          AWS_REGION: "op://Shop-ex/saleor-app-avatax-e2e-${{ env.SALEOR_VERSION }}/AWS_REGION"
+          AWS_ACCESS_KEY_ID: "op://Shop-ex/saleor-app-avatax-e2e-${{ env.SALEOR_VERSION }}/AWS_ACCESS_KEY_ID"
+          AWS_SECRET_ACCESS_KEY: "op://Shop-ex/saleor-app-avatax-e2e-${{ env.SALEOR_VERSION }}/AWS_SECRET_ACCESS_KEY"
       - name: Run e2e tests
         run: pnpm --filter=app-avatax e2e
       # TODO: Add HTML report: https://linear.app/saleor/issue/SHOPX-304

CODEOWNERS

@@ -1,10 +1 @@
-* @saleor/apps-guild
-
-/apps/avatax  @saleor/shopex-js
-/apps/segment @saleor/shopex-js
-
-/apps/cms-v2 @saleor/merchant-js
-/apps/klaviyo @saleor/merchant-js
-/apps/products-feed @saleor/merchant-js
-/apps/search @saleor/merchant-js
-/apps/smtp @saleor/merchant-js
+* @saleor/extensibility-team-js

apps/avatax/.env.example

@@ -34,11 +34,12 @@ SECRET_KEY=
 # E2E_USER_PASSWORD=
 
 
-FF_ENABLE_EXPERIMENTAL_LOGS=true
-DYNAMODB_LOGS_ITEM_TTL_IN_DAYS=30
+# DYNAMODB_LOGS_ITEM_TTL_IN_DAYS=14 - time to live for logs in DynamoDB
 DYNAMODB_LOGS_TABLE_NAME=avatax-client-logs
 
 AWS_REGION=localhost
 AWS_ENDPOINT_URL=http://localhost:8000
+AWS_ACCESS_KEY_ID=...
+AWS_SECRET_ACCESS_KEY=...
 
-MANIFEST_APP_ID=saleor.app.avatax
+MANIFEST_APP_ID=saleor.app.avatax

apps/avatax/CHANGELOG.md

@@ -1,5 +1,38 @@
 # app-avatax
 
+## 1.12.6
+
+### Patch Changes
+
+- 0f0bff21: Move `ThemeSynchronizer` utility to shared packages.
+- 18a9c3d9: Implement client logs cache. Right now app will cache request for 1 day and revalidate the cache every 60 seconds.
+  Added forward / backward pagination to client logs. After this change end user can browse logs that exceeds current pagination limit (first 100).
+- e195c8d7: Remove feature flag for client logs. After this change logs are enabled by default.
+- e3e0d6d2: Added test for suspicious line+tax calculation checker and additional debugging logs
+
+## 1.12.5
+
+### Patch Changes
+
+- 0db174a8: Removed regex escape for `ALLOWED_DOMAINS_URL` env variable from register handler. It isn't user input and escaping regex was causing problem with apps installation.
+
+## 1.12.4
+
+### Patch Changes
+
+- 9bbf9ee5: Increased Vercel log limit to new value - 256KB. See [announcement](https://vercel.com/changelog/updated-logging-limits-for-vercel-functions) blog post from Vercel for more details.
+- 9bbf9ee5: Escape ALLOWED_DOMAIN_PATTERN regex. It ensures that regex constructed from env variable is sanitized and can't be used to Denial of Service attack.
+- 9bbf9ee5: Fixed autofixable linting issues. No functional changes.
+- 9bbf9ee5: Add log when suspicious calculation happen - when line tax rate is non-zero but amount of taxes is zero
+- Updated dependencies [9bbf9ee5]
+- Updated dependencies [9bbf9ee5]
+  - @saleor/apps-logger@1.4.3
+  - @saleor/react-hook-form-macaw@0.2.12
+  - @saleor/webhook-utils@0.2.3
+  - @saleor/apps-shared@1.11.4
+  - @saleor/apps-otel@1.3.5
+  - @saleor/apps-ui@1.2.10
+
 ## 1.12.3
 
 ### Patch Changes

apps/avatax/next.config.js

@@ -4,8 +4,42 @@
 import withBundleAnalyzerConfig from "@next/bundle-analyzer";
 import { withSentryConfig } from "@sentry/nextjs";
 
+// cache request for 1 day (in seconds) + revalidate once 60 seconds
+const cacheValue = "private,s-maxage=60,stale-while-revalidate=86400";
+
 /** @type {import('next').NextConfig} */
 const nextConfig = {
+  async headers() {
+    return [
+      {
+        source: "/api/trpc/clientLogs.getByCheckoutOrOrderId",
+        // Keys based on https://vercel.com/docs/edge-network/headers/cache-control-headers
+        headers: [
+          {
+            key: "CDN-Cache-Control",
+            value: cacheValue,
+          },
+          {
+            key: "Cache-Control",
+            value: cacheValue,
+          },
+        ],
+      },
+      {
+        source: "/api/trpc/clientLogs.getByDate",
+        headers: [
+          {
+            key: "CDN-Cache-Control",
+            value: cacheValue,
+          },
+          {
+            key: "Cache-Control",
+            value: cacheValue,
+          },
+        ],
+      },
+    ];
+  },
   reactStrictMode: true,
   transpilePackages: [
     "@saleor/apps-otel",

apps/avatax/package.json

@@ -1,6 +1,6 @@
 {
   "name": "app-avatax",
-  "version": "1.12.3",
+  "version": "1.12.6",
   "scripts": {
     "build": " next build",
     "check-types": "tsc --noEmit",
@@ -60,7 +60,6 @@
     "decimal.js-light": "2.5.1",
     "dotenv": "16.3.1",
     "dynamodb-toolbox": "1.8.2",
-    "escape-string-regexp": "5.0.0",
     "graphql": "16.7.1",
     "graphql-tag": "2.12.6",
     "jotai": "^2.4.2",
@@ -90,6 +89,7 @@
     "@graphql-codegen/typescript-urql": "4.0.0",
     "@graphql-typed-document-node/core": "3.2.0",
     "@next/bundle-analyzer": "14.1.4",
+    "@testing-library/react": "^14.0.0",
     "@total-typescript/ts-reset": "0.6.1",
     "@types/react": "18.2.5",
     "@types/react-dom": "18.2.5",

apps/avatax/src/env.ts

@@ -19,15 +19,13 @@ export const env = createEnv({
     APP_IFRAME_BASE_URL: z.string().optional(),
     APP_LOG_LEVEL: z.enum(["fatal", "error", "warn", "info", "debug", "trace"]).default("info"),
     AVATAX_CLIENT_TIMEOUT: z.coerce.number().optional().default(15000),
-    // TODO: make them required once we remove `FF_ENABLE_EXPERIMENTAL_LOGS`
-    AWS_ACCESS_KEY_ID: z.string().optional(),
-    AWS_REGION: z.string().optional(),
-    AWS_SECRET_ACCESS_KEY: z.string().optional(),
-    DYNAMODB_LOGS_ITEM_TTL_IN_DAYS: z.coerce.number().optional(),
-    DYNAMODB_LOGS_TABLE_NAME: z.string().optional(),
+    AWS_ACCESS_KEY_ID: z.string(),
+    AWS_REGION: z.string(),
+    AWS_SECRET_ACCESS_KEY: z.string(),
+    DYNAMODB_LOGS_ITEM_TTL_IN_DAYS: z.coerce.number().positive().optional().default(14),
+    DYNAMODB_LOGS_TABLE_NAME: z.string(),
     E2E_USER_NAME: z.string().optional(),
     E2E_USER_PASSWORD: z.string().optional(),
-    FF_ENABLE_EXPERIMENTAL_LOGS: booleanSchema.optional().default("false"),
     FILE_APL_PATH: z.string().optional(),
     MANIFEST_APP_ID: z.string().optional().default("saleor.app.avatax"),
     OTEL_ENABLED: booleanSchema.optional().default("false"),
@@ -59,7 +57,6 @@ export const env = createEnv({
     E2E_USER_NAME: process.env.E2E_USER_NAME,
     E2E_USER_PASSWORD: process.env.E2E_USER_PASSWORD,
     ENV: process.env.ENV,
-    FF_ENABLE_EXPERIMENTAL_LOGS: process.env.FF_ENABLE_EXPERIMENTAL_LOGS,
     FILE_APL_PATH: process.env.FILE_APL_PATH,
     MANIFEST_APP_ID: process.env.MANIFEST_APP_ID,
     NEXT_PUBLIC_SENTRY_DSN: process.env.NEXT_PUBLIC_SENTRY_DSN,

apps/avatax/src/modules/avatax/calculate-taxes/avatax-calculate-taxes-adapter.test.ts

@@ -0,0 +1,35 @@
+import { describe, expect, it } from "vitest";
+
+import { suspiciousLineCalculationCheck } from "@/modules/avatax/calculate-taxes/avatax-calculate-taxes-adapter";
+
+describe("suspiciousLineCalculationCheck", () => {
+  it("Returns false if line is zero", () => {
+    expect(
+      suspiciousLineCalculationCheck({
+        total_gross_amount: 0,
+        total_net_amount: 0,
+        tax_rate: 0.2, // If its zero-line, it doesn matter
+      }),
+    ).toBe(false);
+  });
+
+  it("Returns true if net & gross is the same, but rate is not: 1.00 + 1.00 + rate 0.08", () => {
+    expect(
+      suspiciousLineCalculationCheck({
+        total_gross_amount: 1,
+        total_net_amount: 1,
+        tax_rate: 0.08, // If its zero-line, it doesn matter
+      }),
+    ).toBe(true);
+  });
+
+  it("Returns true for small numbers: 0.06 + 0.06 + rate 0.07", () => {
+    expect(
+      suspiciousLineCalculationCheck({
+        total_gross_amount: 0.06,
+        total_net_amount: 0.06,
+        tax_rate: 0.07, // If its zero-line, it doesn matter
+      }),
+    ).toBe(true);
+  });
+});

apps/avatax/src/modules/avatax/calculate-taxes/avatax-calculate-taxes-adapter.ts

@@ -10,6 +10,22 @@ export type AvataxCalculateTaxesResponse = CalculateTaxesResponse;
 
 const errorParser = new AvataxErrorsParser();
 
+export function suspiciousLineCalculationCheck(line: {
+  total_gross_amount: number;
+  total_net_amount: number;
+  tax_rate: number;
+}) {
+  const tax = line.total_gross_amount - line.total_net_amount;
+  const rate = line.tax_rate;
+  const lineIsZero = line.total_net_amount === 0 ?? line.total_gross_amount === 0;
+
+  if (tax === 0 && rate !== 0 && !lineIsZero) {
+    return true;
+  }
+
+  return false;
+}
+
 export class AvataxCalculateTaxesAdapter {
   private logger = createLogger("AvataxCalculateTaxesAdapter");
 
@@ -38,11 +54,9 @@ export class AvataxCalculateTaxesAdapter {
       const transformedResponse = this.avataxCalculateTaxesResponseTransformer.transform(response);
 
       transformedResponse.lines.forEach((l) => {
-        const tax = l.total_gross_amount - l.total_net_amount;
-        const rate = l.tax_rate;
-        const lineIsZero = l.total_net_amount === 0 ?? l.total_gross_amount === 0;
+        const isSuspiciousLine = suspiciousLineCalculationCheck(l);
 
-        if (tax === 0 && rate !== 0 && !lineIsZero) {
+        if (isSuspiciousLine) {
           this.logger.warn("Non-zero line has zero tax, but rate is not zero", {
             taxCalculationSummary: response.summary,
           });

apps/avatax/src/modules/avatax/calculate-taxes/avatax-calculate-taxes-response-lines-transformer.ts

@@ -76,6 +76,8 @@ export class AvataxCalculateTaxesResponseLinesTransformer {
             total_net_amount: lineTotalNetAmount,
             tax_code: line.taxCode,
             tax_rate: rate,
+            line_taxable_amount: line.taxableAmount,
+            line_tax_calculated: line.taxCalculated,
           },
         );