Highlights
Eliminate race condition in cart-completion flow
This release strengthens the cart-completion flow by eliminating a potential race condition that, in rare cases, could result in an incorrectly refunded payment.
The race condition occurs when cart completion is triggered from two sources: 1) the regular HTTP request to POST /store/carts/:id/complete, and 2) a webhook event from the payment provider signaling successful payment authorization.
To reduce the risk of a conflict, we have, up until now, delayed webhook processing by 5 seconds. However, this mitigation proved insufficient in some cases.
Now, whenever the completeCartWorkflow is executed whether via the API route or the webhook handler, we now hold a lock on the cart ID for the duration of the workflow. This lock ensures that multiple completion attempts for the same cart are processed sequentially. Once a cart is successfully completed (typically on the first attempt), subsequent attempts will detect the completed cart and exit early, returning the associated order.
Features
- feat: run workflow hooks inside a when/then block by @thetutlage in #11963
- feat: introduce bulkDelete method for IFileProvider by @thetutlage in #12614
- feat(core-flows,js-sdk,medusa,types): draft order delete by @fPolic in #12172
- feat: implement stream based processing of the files by @thetutlage in #12574
Bugs
- fix: Correctly list files for all ids that are passed by @sradevski in #12575
- fix(framework): Fix compiler to create the dist after clean-up by @adrien2p in #12582
- fix: module import paths to contain unix slash by @thetutlage in #12592
- fix: expand method ALL for bodyparser config and additional validator by @thetutlage in #12612
- fix(dashboard): combobox initial item cache by @fPolic in #12522
- fix(core-flows): reservation management on order edit and draft order confirm by @fPolic in #12546
- fix(utils): move payment events to core flows events by @shahednasser in #12636
- fix(analytics): fix type of provider option by @shahednasser in #12642
- fix(core-flows): complete cart improvements by @carlos-r-l-rodrigues in #12646
Documentation
- docs: fix example in marketplace recipe by @shahednasser in #12595
- docs: add support for ignoring hooks by @shahednasser in #12599
- docs: document using env vars in plugins by @shahednasser in #12618
- docs: add setup details to contribution guidelines by @shahednasser in #12619
- docs: add missing equal sign for DATABASE_URL in env example by @Amar2Kk in #12620
- docs: phone authentication + otp guide by @shahednasser in #12544
- chore(types): fix example for createProductOptionValues in TSDocs and docs by @shahednasser in #12623
- chore(core-flows, types): change base64 comment fo files in TSDocs to binary by @shahednasser in #12627
- docs: redesign search by @shahednasser in #12628
- docs: fix loading in order reference pages by @shahednasser in #12629
- docs: added segment guide by @shahednasser in #12616
- docs: fix broken links utility + uncaught broken links by @shahednasser in #12637
- docs: redesign table of content by @shahednasser in #12647
- docs: fix log levels list by @shahednasser in #12648
- fix(docs): correct module reference in useQueryGraphStep tip by @Amar2Kk in #12654
- docs: add an example of injecting dependencies in module providers by @shahednasser in #12663
Chores
- chore(modules-sdk): Log full error when a loader fail to run by @adrien2p in #12584
- chore(core-flows): ignore hooks in complete cart workflow by @shahednasser in #12600
Other Changes
- update Chinese translation files by @leosin in #12611
- feat: add hebrew admin translation by @GuyPaikowsky in #12603
- feat(admin): Add Bahasa Indonesia language support by @Slackluky in #12657
New Contributors
- @Amar2Kk made their first contribution in #12620
- @GuyPaikowsky made their first contribution in #12603
- @Slackluky made their first contribution in #12657
Full Changelog: v2.8.3...v2.8.4