Public OSS Demo

Welcome!

​

​

​

​

​

September - Session 6 of 2022

07/09/2022

Hello!

​

Krystian Podemski

PrestaShop Tech Evangelist & Core Maintainer

Valentin Szczupak

Front-end developer�& Core Maintainer

Today’s agenda

​

Introduction

• Event rules

​

Project news

• PrestaShop 1.7.8.7 release - security patch
• Product Comments module - security patch
• PrestaShop Backward compatibility promise
• PrestaShop 8 Beta

​

Demos

• How could we implement the PrestaShop hooks system in Vue components? @NeOMakinG
• What’s new for developers in PrestaShop 8? @kpodemski�

Q&A

​

Event rules

​

1. Please use the chat to ask questions.�The video stream is ~1 min delayed – don’t wait until the end of the stream to post your questions!�
2. This event is about the PrestaShop open source project.�PrestaShop company is off topic.�

​

• This event is public and recorded.�Record will be shared publicly.��
• Participants must abide by the Code of Conduct of PrestaShop project.��

Code of Conduct can be read at https://www.prestashop-project.org/code-of-conduct/

Project news

PrestaShop 1.7.8.7 - security patch

• Released on July 25th, fixes a security vulnerability that allowed to inject malicious code in PrestaShop websites.�
• Attacks in the last few months are automated and use vulnerabilities from third-party modules (SQL Injection)
• ​
• More information in the article on build.prestashop.com.

Product Comments - security patch

• Version 5.0.2, released on August 31st
• Fixes Cross-site scripting (XSS) vulnerability

PrestaShop - Backward compatibility promise

“PrestaShop is committed to follow the SemVer convention, which states that backward incompatible changes are only allowed in major versions.”

Why is it important?

​

• clear strategy regarding backward incompatible changes
• you know what to expect from version to version.

​

Where can I read the details?

​

• Available publicly on GitHub. You can read ADR17 about the Backward compatibility promise.

​

Can Maintainers’ team break the promise?

​

• Yes, only in certain situations. Security patches, major issues.

Approved

PrestaShop 8 Beta 🎉

PrestaShop 8.0 Beta has been delivered on the 8th of August.

PrestaShop 8 Beta 🎉

Since the release:

• Over 1000 downloads from GitHub
• 39 bugs reported by the community, maintainers, and Quality Assurance team

Next steps:

• Fixing all bugs that block the release (you can follow the progress on the project kanban board)
• Improved version of the autoupgrade module to have a stable upgrade path from 1.7 to 8.0
• Release Candidate version expected at the end of September/early-October

​

Demos

​

Demo #1

How could we implement the PrestaShop hooks system in Vue components?�by @NeOMakinG�

Why can’t we use Vue everywhere?

PrestaShop contains some extensibility features such as Action hooks and Display hooks.��Using Vue to manage a whole page is currently blocking the extensibility of modules and users. As an example, we notice that some pages using Vue doesn’t contain any display hooks: Stock, Translations…

​

We still use it to manage some little parts of the project to keep it as much extensible as possible: As an example, on the new product page, some components are still using Vue (Dropzone component, combinations generator, modification history…)

Front-office API

As a front-office API work will begin in the future, our users will probably use the project as a headless CMS and develop their own SPA consuming it.

​

• Some modules will probably want to add some logics to the SPA
• Or they will expose some endpoints that the SPA will be able to consume

​

We will probably need to find a solution to make it both possible.

Bundling

Our backoffice assets and any SPA assets are still generated by some bundlers: Webpack, Rollup, Vite…��This is something executed on development time, these assets are delivered into production and then read and interpreted by the browser. They are not editable on runtime.

​

We need to solve the fact that some modules wants to be injected somewhere into the logic.

Solutions: Inject new code at build time

We need to imagine the fact that we have a system detecting that some modules wants to be injected somewhere in the logic:��Everytime someone install the module, every assets would be built again adding some constraints:��- The right nodejs and npm version should be installed on the server.�- We have to deal with build errors because the module could break the build�- The release content would be different from the production build at some point

Solutions: Inject some logic at runtime

Everytime someone install the module, every assets would be already built by the developer and delivered:��- NodeJS and npm are not required�- We have to deal with runtime errors�- PrestaShop assets aren’t edited

Proof of concept

Proof of concept

Architecture

• The module needs to expose some UMD modules, not including Vue (to avoid library duplication)
• The hooks.json have to contain the hooks informations and UMD modules linked to each hooks, it could also come from the database
• If the hook exist, it will be injected as expected

What is the module able to consume?

• PrestaShop or the SPA is able to pass any props to the hook�
• It can also consume some provide/inject datas if it’s a Vue app�
• Any store can be also used if we expose them (tested with Pinia for example)�
• As any props/states can be shared, it means that the module could be able to manipulate states, if components adapts their own display based on some state, any modules can modify something on the page…

What’s next?

• Test the POC with a real use case, including multiple dependencies in a real context, to list every consequences of such a pattern�
• Find a solution for the Action hook, there are many things possible but most require a solid architecture including a lot of constraints.

Thanks!

​

Demo #2

What’s new for developers in PrestaShop 8?�by @kpodemski�

Questions & Answers

​

Thank you!

​