more refactoring

pool-server.go

@@ -264,30 +264,64 @@ func (s *PoolServer) HandleCheckout(w http.ResponseWriter, r *http.Request, id C
 }
 
 func NewCartId() CartId {
-	id := time.Now().UnixNano() + rand.Int63()
-
-	return ToCartId(fmt.Sprintf("%d", id))
+	// Deprecated: legacy random/time based cart id generator.
+	// Retained for compatibility; new code should prefer canonical CartID path.
+	cid, err := NewCartID()
+	if err != nil {
+		// Fallback to legacy method only if crypto/rand fails
+		id := time.Now().UnixNano() + rand.Int63()
+		return ToCartId(fmt.Sprintf("%d", id))
+	}
+	return CartIDToLegacy(cid)
 }
 
 func CookieCartIdHandler(fn func(w http.ResponseWriter, r *http.Request, cartId CartId) error) func(w http.ResponseWriter, r *http.Request) error {
 	return func(w http.ResponseWriter, r *http.Request) error {
-		var cartId CartId
-		cartIdCookie := r.CookiesNamed("cartid")
-		if cartIdCookie == nil || len(cartIdCookie) == 0 {
-			cartId = NewCartId()
-			http.SetCookie(w, &http.Cookie{
-				Name:     "cartid",
-				Value:    cartId.String(),
-				Secure:   r.TLS != nil,
-				HttpOnly: true,
-				Path:     "/",
-				Expires:  time.Now().AddDate(0, 0, 14),
-				SameSite: http.SameSiteLaxMode,
-			})
+		// Extract / normalize cookie (preserve legacy textual IDs without rewriting).
+		var legacy CartId
+		cookies := r.CookiesNamed("cartid")
+		if len(cookies) == 0 {
+			// No cookie -> generate new canonical base62 id.
+			cid, generated, _, err := CanonicalizeOrLegacy("")
+			if err != nil {
+				return fmt.Errorf("failed to generate cart id: %w", err)
+			}
+			legacy = CartIDToLegacy(cid)
+			if generated {
+				http.SetCookie(w, &http.Cookie{
+					Name:     "cartid",
+					Value:    cid.String(),
+					Secure:   r.TLS != nil,
+					HttpOnly: true,
+					Path:     "/",
+					Expires:  time.Now().AddDate(0, 0, 14),
+					SameSite: http.SameSiteLaxMode,
+				})
+				w.Header().Set("Set-Cart-Id", cid.String())
+			}
 		} else {
-			cartId = ToCartId(cartIdCookie[0].Value)
+			raw := cookies[0].Value
+			cid, generated, wasBase62, err := CanonicalizeOrLegacy(raw)
+			if err != nil {
+				return fmt.Errorf("failed to canonicalize cart id: %w", err)
+			}
+			legacy = CartIDToLegacy(cid)
+			// Only set a new cookie if we actually generated a brand-new ID (empty input).
+			// For legacy (non-base62) ids we preserve the original text and do not overwrite.
+			if generated && wasBase62 {
+				http.SetCookie(w, &http.Cookie{
+					Name:     "cartid",
+					Value:    cid.String(),
+					Secure:   r.TLS != nil,
+					HttpOnly: true,
+					Path:     "/",
+					Expires:  time.Now().AddDate(0, 0, 14),
+					SameSite: http.SameSiteLaxMode,
+				})
+				w.Header().Set("Set-Cart-Id", cid.String())
+			}
 		}
-		return fn(w, r, cartId)
+		return fn(w, r, legacy)
 	}
 }
 
@@ -308,8 +342,18 @@ func (s *PoolServer) RemoveCartCookie(w http.ResponseWriter, r *http.Request, ca
 
 func CartIdHandler(fn func(w http.ResponseWriter, r *http.Request, cartId CartId) error) func(w http.ResponseWriter, r *http.Request) error {
 	return func(w http.ResponseWriter, r *http.Request) error {
-		cartId := ToCartId(r.PathValue("id"))
-		return fn(w, r, cartId)
+		raw := r.PathValue("id")
+		cid, generated, wasBase62, err := CanonicalizeOrLegacy(raw)
+		if err != nil {
+			return fmt.Errorf("invalid cart id: %w", err)
+		}
+		legacy := CartIDToLegacy(cid)
+		// Only emit Set-Cart-Id header if we produced a brand-new canonical id
+		// AND it is base62 (avoid rewriting legacy textual identifiers).
+		if generated && wasBase62 {
+			w.Header().Set("Set-Cart-Id", cid.String())
+		}
+		return fn(w, r, legacy)
 	}
 }