From 255d6965f53cc045e20a133b36edd285e0d5d9eb Mon Sep 17 00:00:00 2001 From: Philip Korsholm Date: Tue, 20 Feb 2024 15:55:36 +0800 Subject: [PATCH 01/18] authentication middleware update --- .../medusa/src/api/middlewares/authenticate.ts | 15 +++++++++++---- .../src/utils/authenticate-middleware.ts | 18 ++++++++++++++++-- packages/utils/src/common/container.ts | 1 + 3 files changed, 28 insertions(+), 6 deletions(-) diff --git a/packages/medusa/src/api/middlewares/authenticate.ts b/packages/medusa/src/api/middlewares/authenticate.ts index f279f4ea3ed3a..7aa82df1b4b28 100644 --- a/packages/medusa/src/api/middlewares/authenticate.ts +++ b/packages/medusa/src/api/middlewares/authenticate.ts @@ -1,12 +1,19 @@ +import { ContainerRegistrationKeys, MedusaV2Flag } from "@medusajs/utils" import { NextFunction, Request, RequestHandler, Response } from "express" + import passport from "passport" export default (): RequestHandler => { return (req: Request, res: Response, next: NextFunction): void => { - passport.authenticate(["admin-session", "admin-bearer", "admin-api-token"], { session: false })( - req, - res, - next + const featureFlagRouter = req.scope.resolve( + ContainerRegistrationKeys.FEATURE_FLAG_ROUTER ) + if (featureFlagRouter.isEnabled(MedusaV2Flag.key)) { + return next() + } + passport.authenticate( + ["admin-session", "admin-bearer", "admin-api-token"], + { session: false } + )(req, res, next) } } diff --git a/packages/medusa/src/utils/authenticate-middleware.ts b/packages/medusa/src/utils/authenticate-middleware.ts index 6af3f6a93aa3e..0e5a1f009374a 100644 --- a/packages/medusa/src/utils/authenticate-middleware.ts +++ b/packages/medusa/src/utils/authenticate-middleware.ts @@ -18,7 +18,7 @@ type AuthType = "session" | "bearer" export const authenticate = ( authScope: string | RegExp, authType: AuthType | AuthType[], - options: { allowUnauthenticated?: boolean } = {} + options: { allowUnauthenticated?: boolean; allowUnregistered?: boolean } = {} ): RequestHandler => { return async ( req: MedusaRequest, @@ -67,7 +67,21 @@ export const authenticate = ( } } - if (authUser) { + const isMedusaScope = + stringEqualsOrRegexMatch(authScope, "admin") || + stringEqualsOrRegexMatch(authScope, "store") + + const isRegistered = + !isMedusaScope || + (authUser?.app_metadata?.user_id && + stringEqualsOrRegexMatch(authScope, "admin")) || + (authUser?.app_metadata?.customer_id && + stringEqualsOrRegexMatch(authScope, "store")) + + if ( + authUser && + (isRegistered || (!isRegistered && options.allowUnregistered)) + ) { req.auth_user = { id: authUser.id, app_metadata: authUser.app_metadata, diff --git a/packages/utils/src/common/container.ts b/packages/utils/src/common/container.ts index 6ca0cd173c79c..63b32c6dc39f7 100644 --- a/packages/utils/src/common/container.ts +++ b/packages/utils/src/common/container.ts @@ -5,4 +5,5 @@ export const ContainerRegistrationKeys = { LOGGER: "logger", REMOTE_QUERY: "remoteQuery", REMOTE_LINK: "remoteLink", + FEATURE_FLAG_ROUTER: "featureFlagRouter", } From e17f1ed6b29ec4da78a42bbbbbfd8aa5e31b44f8 Mon Sep 17 00:00:00 2001 From: Philip Korsholm Date: Tue, 20 Feb 2024 16:09:21 +0800 Subject: [PATCH 02/18] disable customer authentication --- .../medusa/src/api/middlewares/authenticate-customer.ts | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/packages/medusa/src/api/middlewares/authenticate-customer.ts b/packages/medusa/src/api/middlewares/authenticate-customer.ts index 57e044ed9b138..cbdac9f3527d5 100644 --- a/packages/medusa/src/api/middlewares/authenticate-customer.ts +++ b/packages/medusa/src/api/middlewares/authenticate-customer.ts @@ -1,4 +1,6 @@ +import { ContainerRegistrationKeys, MedusaV2Flag } from "@medusajs/utils" import { NextFunction, Request, RequestHandler, Response } from "express" + import passport from "passport" // Optional customer authentication @@ -6,6 +8,13 @@ import passport from "passport" // If you want to require authentication, use `requireCustomerAuthentication` in `packages/medusa/src/api/middlewares/require-customer-authentication.ts` export default (): RequestHandler => { return (req: Request, res: Response, next: NextFunction): void => { + const featureFlagRouter = req.scope.resolve( + ContainerRegistrationKeys.FEATURE_FLAG_ROUTER + ) + if (featureFlagRouter.isEnabled(MedusaV2Flag.key)) { + return next() + } + passport.authenticate( ["store-session", "store-bearer"], { session: false }, From be19733ad6a4c9af24e35af9c2445d404975c0ad Mon Sep 17 00:00:00 2001 From: Philip Korsholm Date: Tue, 20 Feb 2024 16:21:39 +0800 Subject: [PATCH 03/18] call correct feature flag method --- packages/medusa/src/api/middlewares/authenticate-customer.ts | 2 +- packages/medusa/src/api/middlewares/authenticate.ts | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/medusa/src/api/middlewares/authenticate-customer.ts b/packages/medusa/src/api/middlewares/authenticate-customer.ts index cbdac9f3527d5..ca371c54ea95d 100644 --- a/packages/medusa/src/api/middlewares/authenticate-customer.ts +++ b/packages/medusa/src/api/middlewares/authenticate-customer.ts @@ -11,7 +11,7 @@ export default (): RequestHandler => { const featureFlagRouter = req.scope.resolve( ContainerRegistrationKeys.FEATURE_FLAG_ROUTER ) - if (featureFlagRouter.isEnabled(MedusaV2Flag.key)) { + if (featureFlagRouter.isFeatureEnabled(MedusaV2Flag.key)) { return next() } diff --git a/packages/medusa/src/api/middlewares/authenticate.ts b/packages/medusa/src/api/middlewares/authenticate.ts index 7aa82df1b4b28..caaa38fb779bc 100644 --- a/packages/medusa/src/api/middlewares/authenticate.ts +++ b/packages/medusa/src/api/middlewares/authenticate.ts @@ -8,7 +8,7 @@ export default (): RequestHandler => { const featureFlagRouter = req.scope.resolve( ContainerRegistrationKeys.FEATURE_FLAG_ROUTER ) - if (featureFlagRouter.isEnabled(MedusaV2Flag.key)) { + if (featureFlagRouter.isFeatureEnabled(MedusaV2Flag.key)) { return next() } passport.authenticate( From 3d5e33a0f39a31c9f7c0a1eb8b50e02ad1ed1936 Mon Sep 17 00:00:00 2001 From: Philip Korsholm Date: Wed, 21 Feb 2024 08:36:18 +0800 Subject: [PATCH 04/18] fix authentication middleware for store/customers --- .../src/api-v2/store/customers/middlewares.ts | 22 +++++++++++++------ 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/packages/medusa/src/api-v2/store/customers/middlewares.ts b/packages/medusa/src/api-v2/store/customers/middlewares.ts index f0bf0e8c2821a..890dd43044293 100644 --- a/packages/medusa/src/api-v2/store/customers/middlewares.ts +++ b/packages/medusa/src/api-v2/store/customers/middlewares.ts @@ -1,22 +1,30 @@ -import { transformBody, transformQuery } from "../../../api/middlewares" -import { MiddlewareRoute } from "../../../loaders/helpers/routing/types" +import * as QueryConfig from "./query-config" + import { - StorePostCustomersReq, + StoreGetCustomersMeAddressesParams, StoreGetCustomersMeParams, - StorePostCustomersMeAddressesReq, StorePostCustomersMeAddressesAddressReq, - StoreGetCustomersMeAddressesParams, + StorePostCustomersMeAddressesReq, + StorePostCustomersReq, } from "./validators" -import * as QueryConfig from "./query-config" +import { transformBody, transformQuery } from "../../../api/middlewares" +import { MiddlewareRoute } from "../../../loaders/helpers/routing/types" import { authenticate } from "../../../utils/authenticate-middleware" export const storeCustomerRoutesMiddlewares: MiddlewareRoute[] = [ { method: "ALL", - matcher: "/store/customers*", + matcher: "/store/customers/me*", middlewares: [authenticate("store", ["session", "bearer"])], }, + { + method: "POST", + matcher: "/store/customers", + middlewares: [ + authenticate("store", ["session", "bearer"], { allowUnregistered: true }), + ], + }, { method: ["POST"], matcher: "/store/customers", From b43a408a89f56142feafe0c4ccd0745d37fa9b87 Mon Sep 17 00:00:00 2001 From: Philip Korsholm Date: Thu, 22 Feb 2024 11:01:45 +0800 Subject: [PATCH 05/18] fix integration tests and add middleware for admin customers --- .../customer/admin/create-customer.ts | 12 +++++----- .../customer/store/create-customer.spec.ts | 1 + .../src/api-v2/admin/customers/middlewares.ts | 22 +++++++++++++------ .../src/api-v2/admin/customers/route.ts | 8 ++++--- 4 files changed, 28 insertions(+), 15 deletions(-) diff --git a/integration-tests/plugins/__tests__/customer/admin/create-customer.ts b/integration-tests/plugins/__tests__/customer/admin/create-customer.ts index a62b88615f6d8..30e05dc05abb9 100644 --- a/integration-tests/plugins/__tests__/customer/admin/create-customer.ts +++ b/integration-tests/plugins/__tests__/customer/admin/create-customer.ts @@ -1,11 +1,13 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { initDb, useDb } from "../../../../environment-helpers/use-db" + import { ICustomerModuleService } from "@medusajs/types" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import adminSeeder from "../../../../helpers/admin-seeder" +import { createAdminUser } from "../../../helpers/create-admin-user" +import { getContainer } from "../../../../environment-helpers/use-container" import path from "path" import { startBootstrapApp } from "../../../../environment-helpers/bootstrap-app" import { useApi } from "../../../../environment-helpers/use-api" -import { getContainer } from "../../../../environment-helpers/use-container" -import { initDb, useDb } from "../../../../environment-helpers/use-db" -import adminSeeder from "../../../../helpers/admin-seeder" jest.setTimeout(50000) @@ -37,7 +39,7 @@ describe("POST /admin/customers", () => { }) beforeEach(async () => { - await adminSeeder(dbConnection) + await createAdminUser(dbConnection, adminHeaders) }) afterEach(async () => { diff --git a/integration-tests/plugins/__tests__/customer/store/create-customer.spec.ts b/integration-tests/plugins/__tests__/customer/store/create-customer.spec.ts index b196c6cd9d31d..ae1f6c0576bf9 100644 --- a/integration-tests/plugins/__tests__/customer/store/create-customer.spec.ts +++ b/integration-tests/plugins/__tests__/customer/store/create-customer.spec.ts @@ -3,6 +3,7 @@ import { initDb, useDb } from "../../../../environment-helpers/use-db" import { ModuleRegistrationName } from "@medusajs/modules-sdk" import adminSeeder from "../../../../helpers/admin-seeder" +import { createAdminUser } from "../../../helpers/create-admin-user" import { getContainer } from "../../../../environment-helpers/use-container" import jwt from "jsonwebtoken" import path from "path" diff --git a/packages/medusa/src/api-v2/admin/customers/middlewares.ts b/packages/medusa/src/api-v2/admin/customers/middlewares.ts index 3e687eec159d5..0c8da32caf4e5 100644 --- a/packages/medusa/src/api-v2/admin/customers/middlewares.ts +++ b/packages/medusa/src/api-v2/admin/customers/middlewares.ts @@ -1,17 +1,25 @@ -import { transformBody, transformQuery } from "../../../api/middlewares" -import { MiddlewareRoute } from "../../../loaders/helpers/routing/types" import * as QueryConfig from "./query-config" + import { - AdminGetCustomersParams, - AdminGetCustomersCustomerParams, - AdminPostCustomersReq, - AdminPostCustomersCustomerReq, - AdminPostCustomersCustomerAddressesReq, AdminGetCustomersCustomerAddressesParams, + AdminGetCustomersCustomerParams, + AdminGetCustomersParams, AdminPostCustomersCustomerAddressesAddressReq, + AdminPostCustomersCustomerAddressesReq, + AdminPostCustomersCustomerReq, + AdminPostCustomersReq, } from "./validators" +import { transformBody, transformQuery } from "../../../api/middlewares" + +import { MiddlewareRoute } from "../../../loaders/helpers/routing/types" +import { authenticate } from "../../../utils/authenticate-middleware" export const adminCustomerRoutesMiddlewares: MiddlewareRoute[] = [ + { + method: ["ALL"], + matcher: "/admin/customers*", + middlewares: [authenticate("admin", ["bearer", "session"])], + }, { method: ["GET"], matcher: "/admin/customers", diff --git a/packages/medusa/src/api-v2/admin/customers/route.ts b/packages/medusa/src/api-v2/admin/customers/route.ts index 302d46f430e82..3a8c3e8a58c05 100644 --- a/packages/medusa/src/api-v2/admin/customers/route.ts +++ b/packages/medusa/src/api-v2/admin/customers/route.ts @@ -1,8 +1,9 @@ -import { createCustomersWorkflow } from "@medusajs/core-flows" -import { ModuleRegistrationName } from "@medusajs/modules-sdk" import { CreateCustomerDTO, ICustomerModuleService } from "@medusajs/types" import { MedusaRequest, MedusaResponse } from "../../../types/routing" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { createCustomersWorkflow } from "@medusajs/core-flows" + export const GET = async (req: MedusaRequest, res: MedusaResponse) => { const customerModuleService = req.scope.resolve( ModuleRegistrationName.CUSTOMER @@ -43,10 +44,11 @@ export const GET = async (req: MedusaRequest, res: MedusaResponse) => { export const POST = async (req: MedusaRequest, res: MedusaResponse) => { const createCustomers = createCustomersWorkflow(req.scope) + const customersData = [ { ...(req.validatedBody as CreateCustomerDTO), - created_by: req.user!.id, + created_by: req.auth_user?.app_metadata?.user_id, }, ] From 4d68eaefc7da0fc34512af70778c8e6dddb26073 Mon Sep 17 00:00:00 2001 From: Philip Korsholm Date: Thu, 22 Feb 2024 11:24:29 +0800 Subject: [PATCH 06/18] update seeders --- .../customer/admin/create-customer-addresses.ts | 12 +++++++----- .../customer/admin/delete-customer-address.spec.ts | 12 +++++++----- .../__tests__/customer/admin/delete-customer.ts | 12 +++++++----- .../customer/admin/list-customer-addresses.ts | 12 +++++++----- .../__tests__/customer/admin/list-customers.spec.ts | 12 +++++++----- .../customer/admin/update-customer-address.spec.ts | 12 +++++++----- .../__tests__/customer/admin/update-customer.ts | 12 +++++++----- 7 files changed, 49 insertions(+), 35 deletions(-) diff --git a/integration-tests/plugins/__tests__/customer/admin/create-customer-addresses.ts b/integration-tests/plugins/__tests__/customer/admin/create-customer-addresses.ts index a4c18fe493081..5deec1787794f 100644 --- a/integration-tests/plugins/__tests__/customer/admin/create-customer-addresses.ts +++ b/integration-tests/plugins/__tests__/customer/admin/create-customer-addresses.ts @@ -1,11 +1,13 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { initDb, useDb } from "../../../../environment-helpers/use-db" + import { ICustomerModuleService } from "@medusajs/types" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import adminSeeder from "../../../../helpers/admin-seeder" +import { createAdminUser } from "../../../helpers/create-admin-user" +import { getContainer } from "../../../../environment-helpers/use-container" import path from "path" import { startBootstrapApp } from "../../../../environment-helpers/bootstrap-app" import { useApi } from "../../../../environment-helpers/use-api" -import { getContainer } from "../../../../environment-helpers/use-container" -import { initDb, useDb } from "../../../../environment-helpers/use-db" -import adminSeeder from "../../../../helpers/admin-seeder" jest.setTimeout(50000) @@ -37,7 +39,7 @@ describe("POST /admin/customers/:id/addresses", () => { }) beforeEach(async () => { - await adminSeeder(dbConnection) + await createAdminUser(dbConnection, adminHeaders) }) afterEach(async () => { diff --git a/integration-tests/plugins/__tests__/customer/admin/delete-customer-address.spec.ts b/integration-tests/plugins/__tests__/customer/admin/delete-customer-address.spec.ts index 946deec07b171..0d500cd840abe 100644 --- a/integration-tests/plugins/__tests__/customer/admin/delete-customer-address.spec.ts +++ b/integration-tests/plugins/__tests__/customer/admin/delete-customer-address.spec.ts @@ -1,11 +1,13 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { initDb, useDb } from "../../../../environment-helpers/use-db" + import { ICustomerModuleService } from "@medusajs/types" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import adminSeeder from "../../../../helpers/admin-seeder" +import { createAdminUser } from "../../../helpers/create-admin-user" +import { getContainer } from "../../../../environment-helpers/use-container" import path from "path" import { startBootstrapApp } from "../../../../environment-helpers/bootstrap-app" import { useApi } from "../../../../environment-helpers/use-api" -import { getContainer } from "../../../../environment-helpers/use-container" -import { initDb, useDb } from "../../../../environment-helpers/use-db" -import adminSeeder from "../../../../helpers/admin-seeder" jest.setTimeout(50000) @@ -37,7 +39,7 @@ describe("DELETE /admin/customers/:id/addresses/:address_id", () => { }) beforeEach(async () => { - await adminSeeder(dbConnection) + await createAdminUser(dbConnection, adminHeaders) }) afterEach(async () => { diff --git a/integration-tests/plugins/__tests__/customer/admin/delete-customer.ts b/integration-tests/plugins/__tests__/customer/admin/delete-customer.ts index 77192b966ea49..f5ad2a8c1bff2 100644 --- a/integration-tests/plugins/__tests__/customer/admin/delete-customer.ts +++ b/integration-tests/plugins/__tests__/customer/admin/delete-customer.ts @@ -1,11 +1,13 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { initDb, useDb } from "../../../../environment-helpers/use-db" + import { ICustomerModuleService } from "@medusajs/types" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import adminSeeder from "../../../../helpers/admin-seeder" +import { createAdminUser } from "../../../helpers/create-admin-user" +import { getContainer } from "../../../../environment-helpers/use-container" import path from "path" import { startBootstrapApp } from "../../../../environment-helpers/bootstrap-app" import { useApi } from "../../../../environment-helpers/use-api" -import { getContainer } from "../../../../environment-helpers/use-container" -import { initDb, useDb } from "../../../../environment-helpers/use-db" -import adminSeeder from "../../../../helpers/admin-seeder" jest.setTimeout(50000) @@ -37,7 +39,7 @@ describe("DELETE /admin/customers/:id", () => { }) beforeEach(async () => { - await adminSeeder(dbConnection) + await createAdminUser(dbConnection, adminHeaders) }) afterEach(async () => { diff --git a/integration-tests/plugins/__tests__/customer/admin/list-customer-addresses.ts b/integration-tests/plugins/__tests__/customer/admin/list-customer-addresses.ts index 842e6f9fcda63..c77564825b337 100644 --- a/integration-tests/plugins/__tests__/customer/admin/list-customer-addresses.ts +++ b/integration-tests/plugins/__tests__/customer/admin/list-customer-addresses.ts @@ -1,11 +1,13 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { initDb, useDb } from "../../../../environment-helpers/use-db" + import { ICustomerModuleService } from "@medusajs/types" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import adminSeeder from "../../../../helpers/admin-seeder" +import { createAdminUser } from "../../../helpers/create-admin-user" +import { getContainer } from "../../../../environment-helpers/use-container" import path from "path" import { startBootstrapApp } from "../../../../environment-helpers/bootstrap-app" import { useApi } from "../../../../environment-helpers/use-api" -import { getContainer } from "../../../../environment-helpers/use-container" -import { initDb, useDb } from "../../../../environment-helpers/use-db" -import adminSeeder from "../../../../helpers/admin-seeder" jest.setTimeout(50000) @@ -37,7 +39,7 @@ describe("GET /admin/customers/:id/addresses", () => { }) beforeEach(async () => { - await adminSeeder(dbConnection) + await createAdminUser(dbConnection, adminHeaders) }) afterEach(async () => { diff --git a/integration-tests/plugins/__tests__/customer/admin/list-customers.spec.ts b/integration-tests/plugins/__tests__/customer/admin/list-customers.spec.ts index a1e9aac30f119..5c91af33379d3 100644 --- a/integration-tests/plugins/__tests__/customer/admin/list-customers.spec.ts +++ b/integration-tests/plugins/__tests__/customer/admin/list-customers.spec.ts @@ -1,11 +1,13 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { initDb, useDb } from "../../../../environment-helpers/use-db" + import { ICustomerModuleService } from "@medusajs/types" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import adminSeeder from "../../../../helpers/admin-seeder" +import { createAdminUser } from "../../../helpers/create-admin-user" +import { getContainer } from "../../../../environment-helpers/use-container" import path from "path" import { startBootstrapApp } from "../../../../environment-helpers/bootstrap-app" import { useApi } from "../../../../environment-helpers/use-api" -import { getContainer } from "../../../../environment-helpers/use-container" -import { initDb, useDb } from "../../../../environment-helpers/use-db" -import adminSeeder from "../../../../helpers/admin-seeder" jest.setTimeout(50000) @@ -37,7 +39,7 @@ describe("GET /admin/customers", () => { }) beforeEach(async () => { - await adminSeeder(dbConnection) + await createAdminUser(dbConnection, adminHeaders) }) afterEach(async () => { diff --git a/integration-tests/plugins/__tests__/customer/admin/update-customer-address.spec.ts b/integration-tests/plugins/__tests__/customer/admin/update-customer-address.spec.ts index b78c17a00226d..2c42cdc33f828 100644 --- a/integration-tests/plugins/__tests__/customer/admin/update-customer-address.spec.ts +++ b/integration-tests/plugins/__tests__/customer/admin/update-customer-address.spec.ts @@ -1,11 +1,13 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { initDb, useDb } from "../../../../environment-helpers/use-db" + import { ICustomerModuleService } from "@medusajs/types" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import adminSeeder from "../../../../helpers/admin-seeder" +import { createAdminUser } from "../../../helpers/create-admin-user" +import { getContainer } from "../../../../environment-helpers/use-container" import path from "path" import { startBootstrapApp } from "../../../../environment-helpers/bootstrap-app" import { useApi } from "../../../../environment-helpers/use-api" -import { getContainer } from "../../../../environment-helpers/use-container" -import { initDb, useDb } from "../../../../environment-helpers/use-db" -import adminSeeder from "../../../../helpers/admin-seeder" jest.setTimeout(50000) @@ -37,7 +39,7 @@ describe("POST /admin/customers/:id/addresses/:address_id", () => { }) beforeEach(async () => { - await adminSeeder(dbConnection) + await createAdminUser(dbConnection, adminHeaders) }) afterEach(async () => { diff --git a/integration-tests/plugins/__tests__/customer/admin/update-customer.ts b/integration-tests/plugins/__tests__/customer/admin/update-customer.ts index 4aeda967bf429..0c956e9e32760 100644 --- a/integration-tests/plugins/__tests__/customer/admin/update-customer.ts +++ b/integration-tests/plugins/__tests__/customer/admin/update-customer.ts @@ -1,11 +1,13 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { initDb, useDb } from "../../../../environment-helpers/use-db" + import { ICustomerModuleService } from "@medusajs/types" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import adminSeeder from "../../../../helpers/admin-seeder" +import { createAdminUser } from "../../../helpers/create-admin-user" +import { getContainer } from "../../../../environment-helpers/use-container" import path from "path" import { startBootstrapApp } from "../../../../environment-helpers/bootstrap-app" import { useApi } from "../../../../environment-helpers/use-api" -import { getContainer } from "../../../../environment-helpers/use-container" -import { initDb, useDb } from "../../../../environment-helpers/use-db" -import adminSeeder from "../../../../helpers/admin-seeder" jest.setTimeout(50000) @@ -37,7 +39,7 @@ describe("POST /admin/customers/:id", () => { }) beforeEach(async () => { - await adminSeeder(dbConnection) + await createAdminUser(dbConnection, adminHeaders) }) afterEach(async () => { From 60aedea895a46fa2a634a92a683bf3755d1fb5c0 Mon Sep 17 00:00:00 2001 From: Philip Korsholm Date: Thu, 22 Feb 2024 13:28:00 +0800 Subject: [PATCH 07/18] customer groups fix --- .../admin/batch-add-customers.ts | 12 ++++++---- .../admin/batch-remove-customers.ts | 12 ++++++---- .../admin/create-customer-group.ts | 13 ++++++---- .../admin/delete-customer-group.ts | 12 ++++++---- .../admin/list-customer-group-customers.ts | 12 ++++++---- .../admin/list-customer-groups.spec.ts | 12 ++++++---- .../admin/retrieve-customer-group.ts | 12 ++++++---- .../admin/update-customer-group.ts | 12 ++++++---- .../admin/customer-groups/middlewares.ts | 24 ++++++++++++------- .../src/api-v2/admin/customer-groups/route.ts | 7 +++--- 10 files changed, 77 insertions(+), 51 deletions(-) diff --git a/integration-tests/plugins/__tests__/customer-group/admin/batch-add-customers.ts b/integration-tests/plugins/__tests__/customer-group/admin/batch-add-customers.ts index d6fa38668d065..917740c848fa5 100644 --- a/integration-tests/plugins/__tests__/customer-group/admin/batch-add-customers.ts +++ b/integration-tests/plugins/__tests__/customer-group/admin/batch-add-customers.ts @@ -1,11 +1,13 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { initDb, useDb } from "../../../../environment-helpers/use-db" + import { ICustomerModuleService } from "@medusajs/types" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import adminSeeder from "../../../../helpers/admin-seeder" +import { createAdminUser } from "../../../helpers/create-admin-user" +import { getContainer } from "../../../../environment-helpers/use-container" import path from "path" import { startBootstrapApp } from "../../../../environment-helpers/bootstrap-app" import { useApi } from "../../../../environment-helpers/use-api" -import { getContainer } from "../../../../environment-helpers/use-container" -import { initDb, useDb } from "../../../../environment-helpers/use-db" -import adminSeeder from "../../../../helpers/admin-seeder" jest.setTimeout(50000) @@ -37,7 +39,7 @@ describe("POST /admin/customer-groups/:id/customers/batch", () => { }) beforeEach(async () => { - await adminSeeder(dbConnection) + await createAdminUser(dbConnection, adminHeaders) }) afterEach(async () => { diff --git a/integration-tests/plugins/__tests__/customer-group/admin/batch-remove-customers.ts b/integration-tests/plugins/__tests__/customer-group/admin/batch-remove-customers.ts index 1b31e38812e0c..81ade3fc3fce5 100644 --- a/integration-tests/plugins/__tests__/customer-group/admin/batch-remove-customers.ts +++ b/integration-tests/plugins/__tests__/customer-group/admin/batch-remove-customers.ts @@ -1,11 +1,13 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { initDb, useDb } from "../../../../environment-helpers/use-db" + import { ICustomerModuleService } from "@medusajs/types" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import adminSeeder from "../../../../helpers/admin-seeder" +import { createAdminUser } from "../../../helpers/create-admin-user" +import { getContainer } from "../../../../environment-helpers/use-container" import path from "path" import { startBootstrapApp } from "../../../../environment-helpers/bootstrap-app" import { useApi } from "../../../../environment-helpers/use-api" -import { getContainer } from "../../../../environment-helpers/use-container" -import { initDb, useDb } from "../../../../environment-helpers/use-db" -import adminSeeder from "../../../../helpers/admin-seeder" jest.setTimeout(50000) @@ -37,7 +39,7 @@ describe("DELETE /admin/customer-groups/:id/customers/remove", () => { }) beforeEach(async () => { - await adminSeeder(dbConnection) + await createAdminUser(dbConnection, adminHeaders) }) afterEach(async () => { diff --git a/integration-tests/plugins/__tests__/customer-group/admin/create-customer-group.ts b/integration-tests/plugins/__tests__/customer-group/admin/create-customer-group.ts index 0c4fd5de014b3..7ee6b1b39bbef 100644 --- a/integration-tests/plugins/__tests__/customer-group/admin/create-customer-group.ts +++ b/integration-tests/plugins/__tests__/customer-group/admin/create-customer-group.ts @@ -1,11 +1,13 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { initDb, useDb } from "../../../../environment-helpers/use-db" + import { ICustomerModuleService } from "@medusajs/types" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import adminSeeder from "../../../../helpers/admin-seeder" +import { createAdminUser } from "../../../helpers/create-admin-user" +import { getContainer } from "../../../../environment-helpers/use-container" import path from "path" import { startBootstrapApp } from "../../../../environment-helpers/bootstrap-app" import { useApi } from "../../../../environment-helpers/use-api" -import { getContainer } from "../../../../environment-helpers/use-container" -import { initDb, useDb } from "../../../../environment-helpers/use-db" -import adminSeeder from "../../../../helpers/admin-seeder" jest.setTimeout(50000) @@ -37,7 +39,8 @@ describe("POST /admin/customer-groups", () => { }) beforeEach(async () => { - await adminSeeder(dbConnection) + await createAdminUser(dbConnection, adminHeaders) + // await adminSeeder(dbConnection) }) afterEach(async () => { diff --git a/integration-tests/plugins/__tests__/customer-group/admin/delete-customer-group.ts b/integration-tests/plugins/__tests__/customer-group/admin/delete-customer-group.ts index 106cf0272dba4..78b8c31b88426 100644 --- a/integration-tests/plugins/__tests__/customer-group/admin/delete-customer-group.ts +++ b/integration-tests/plugins/__tests__/customer-group/admin/delete-customer-group.ts @@ -1,11 +1,13 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { initDb, useDb } from "../../../../environment-helpers/use-db" + import { ICustomerModuleService } from "@medusajs/types" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import adminSeeder from "../../../../helpers/admin-seeder" +import { createAdminUser } from "../../../helpers/create-admin-user" +import { getContainer } from "../../../../environment-helpers/use-container" import path from "path" import { startBootstrapApp } from "../../../../environment-helpers/bootstrap-app" import { useApi } from "../../../../environment-helpers/use-api" -import { getContainer } from "../../../../environment-helpers/use-container" -import { initDb, useDb } from "../../../../environment-helpers/use-db" -import adminSeeder from "../../../../helpers/admin-seeder" jest.setTimeout(50000) @@ -37,7 +39,7 @@ describe("DELETE /admin/customer-groups/:id", () => { }) beforeEach(async () => { - await adminSeeder(dbConnection) + await createAdminUser(dbConnection, adminHeaders) }) afterEach(async () => { diff --git a/integration-tests/plugins/__tests__/customer-group/admin/list-customer-group-customers.ts b/integration-tests/plugins/__tests__/customer-group/admin/list-customer-group-customers.ts index ac9dea9a60660..e0f6d80b5e8c8 100644 --- a/integration-tests/plugins/__tests__/customer-group/admin/list-customer-group-customers.ts +++ b/integration-tests/plugins/__tests__/customer-group/admin/list-customer-group-customers.ts @@ -1,11 +1,13 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { initDb, useDb } from "../../../../environment-helpers/use-db" + import { ICustomerModuleService } from "@medusajs/types" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import adminSeeder from "../../../../helpers/admin-seeder" +import { createAdminUser } from "../../../helpers/create-admin-user" +import { getContainer } from "../../../../environment-helpers/use-container" import path from "path" import { startBootstrapApp } from "../../../../environment-helpers/bootstrap-app" import { useApi } from "../../../../environment-helpers/use-api" -import { getContainer } from "../../../../environment-helpers/use-container" -import { initDb, useDb } from "../../../../environment-helpers/use-db" -import adminSeeder from "../../../../helpers/admin-seeder" jest.setTimeout(50000) @@ -37,7 +39,7 @@ describe("GET /admin/customer-groups/:id/customers", () => { }) beforeEach(async () => { - await adminSeeder(dbConnection) + await createAdminUser(dbConnection, adminHeaders) }) afterEach(async () => { diff --git a/integration-tests/plugins/__tests__/customer-group/admin/list-customer-groups.spec.ts b/integration-tests/plugins/__tests__/customer-group/admin/list-customer-groups.spec.ts index 2790bc17a9124..ae67e163c25ca 100644 --- a/integration-tests/plugins/__tests__/customer-group/admin/list-customer-groups.spec.ts +++ b/integration-tests/plugins/__tests__/customer-group/admin/list-customer-groups.spec.ts @@ -1,11 +1,13 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { initDb, useDb } from "../../../../environment-helpers/use-db" + import { ICustomerModuleService } from "@medusajs/types" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import adminSeeder from "../../../../helpers/admin-seeder" +import { createAdminUser } from "../../../helpers/create-admin-user" +import { getContainer } from "../../../../environment-helpers/use-container" import path from "path" import { startBootstrapApp } from "../../../../environment-helpers/bootstrap-app" import { useApi } from "../../../../environment-helpers/use-api" -import { getContainer } from "../../../../environment-helpers/use-container" -import { initDb, useDb } from "../../../../environment-helpers/use-db" -import adminSeeder from "../../../../helpers/admin-seeder" jest.setTimeout(50000) @@ -37,7 +39,7 @@ describe("GET /admin/customer-groups", () => { }) beforeEach(async () => { - await adminSeeder(dbConnection) + await createAdminUser(dbConnection, adminHeaders) }) afterEach(async () => { diff --git a/integration-tests/plugins/__tests__/customer-group/admin/retrieve-customer-group.ts b/integration-tests/plugins/__tests__/customer-group/admin/retrieve-customer-group.ts index 17bfa8493d0e7..4bd648fa1b42c 100644 --- a/integration-tests/plugins/__tests__/customer-group/admin/retrieve-customer-group.ts +++ b/integration-tests/plugins/__tests__/customer-group/admin/retrieve-customer-group.ts @@ -1,11 +1,13 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { initDb, useDb } from "../../../../environment-helpers/use-db" + import { ICustomerModuleService } from "@medusajs/types" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import adminSeeder from "../../../../helpers/admin-seeder" +import { createAdminUser } from "../../../helpers/create-admin-user" +import { getContainer } from "../../../../environment-helpers/use-container" import path from "path" import { startBootstrapApp } from "../../../../environment-helpers/bootstrap-app" import { useApi } from "../../../../environment-helpers/use-api" -import { getContainer } from "../../../../environment-helpers/use-container" -import { initDb, useDb } from "../../../../environment-helpers/use-db" -import adminSeeder from "../../../../helpers/admin-seeder" jest.setTimeout(50000) @@ -37,7 +39,7 @@ describe("GET /admin/customer-groups/:id", () => { }) beforeEach(async () => { - await adminSeeder(dbConnection) + await createAdminUser(dbConnection, adminHeaders) }) afterEach(async () => { diff --git a/integration-tests/plugins/__tests__/customer-group/admin/update-customer-group.ts b/integration-tests/plugins/__tests__/customer-group/admin/update-customer-group.ts index 64d28fcccabc3..b9fb88e440542 100644 --- a/integration-tests/plugins/__tests__/customer-group/admin/update-customer-group.ts +++ b/integration-tests/plugins/__tests__/customer-group/admin/update-customer-group.ts @@ -1,11 +1,13 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { initDb, useDb } from "../../../../environment-helpers/use-db" + import { ICustomerModuleService } from "@medusajs/types" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import adminSeeder from "../../../../helpers/admin-seeder" +import { createAdminUser } from "../../../helpers/create-admin-user" +import { getContainer } from "../../../../environment-helpers/use-container" import path from "path" import { startBootstrapApp } from "../../../../environment-helpers/bootstrap-app" import { useApi } from "../../../../environment-helpers/use-api" -import { getContainer } from "../../../../environment-helpers/use-container" -import { initDb, useDb } from "../../../../environment-helpers/use-db" -import adminSeeder from "../../../../helpers/admin-seeder" jest.setTimeout(50000) @@ -37,7 +39,7 @@ describe("POST /admin/customer-groups/:id", () => { }) beforeEach(async () => { - await adminSeeder(dbConnection) + await createAdminUser(dbConnection, adminHeaders) }) afterEach(async () => { diff --git a/packages/medusa/src/api-v2/admin/customer-groups/middlewares.ts b/packages/medusa/src/api-v2/admin/customer-groups/middlewares.ts index e8faf2db43f45..fbb8923f42e65 100644 --- a/packages/medusa/src/api-v2/admin/customer-groups/middlewares.ts +++ b/packages/medusa/src/api-v2/admin/customer-groups/middlewares.ts @@ -1,16 +1,19 @@ -import { transformBody, transformQuery } from "../../../api/middlewares" -import { MiddlewareRoute } from "../../../loaders/helpers/routing/types" import * as QueryConfig from "./query-config" -import { listTransformQueryConfig as customersListTransformQueryConfig } from "../customers/query-config" + import { - AdminGetCustomerGroupsParams, - AdminGetCustomerGroupsGroupParams, - AdminPostCustomerGroupsReq, - AdminPostCustomerGroupsGroupReq, + AdminDeleteCustomerGroupsGroupCustomersBatchReq, AdminGetCustomerGroupsGroupCustomersParams, + AdminGetCustomerGroupsGroupParams, + AdminGetCustomerGroupsParams, AdminPostCustomerGroupsGroupCustomersBatchReq, - AdminDeleteCustomerGroupsGroupCustomersBatchReq, + AdminPostCustomerGroupsGroupReq, + AdminPostCustomerGroupsReq, } from "./validators" +import { transformBody, transformQuery } from "../../../api/middlewares" + +import { MiddlewareRoute } from "../../../loaders/helpers/routing/types" +import { authenticate } from "../../../utils/authenticate-middleware" +import { listTransformQueryConfig as customersListTransformQueryConfig } from "../customers/query-config" export const adminCustomerGroupRoutesMiddlewares: MiddlewareRoute[] = [ { @@ -23,6 +26,11 @@ export const adminCustomerGroupRoutesMiddlewares: MiddlewareRoute[] = [ ), ], }, + { + method: ["ALL"], + matcher: "/admin/customer-groups*", + middlewares: [authenticate("admin", ["bearer", "session"])], + }, { method: ["GET"], matcher: "/admin/customer-groups/:id", diff --git a/packages/medusa/src/api-v2/admin/customer-groups/route.ts b/packages/medusa/src/api-v2/admin/customer-groups/route.ts index eea7d452f6d18..739ab48b9d7eb 100644 --- a/packages/medusa/src/api-v2/admin/customer-groups/route.ts +++ b/packages/medusa/src/api-v2/admin/customer-groups/route.ts @@ -1,8 +1,9 @@ -import { createCustomerGroupsWorkflow } from "@medusajs/core-flows" -import { ModuleRegistrationName } from "@medusajs/modules-sdk" import { CreateCustomerGroupDTO, ICustomerModuleService } from "@medusajs/types" import { MedusaRequest, MedusaResponse } from "../../../types/routing" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { createCustomerGroupsWorkflow } from "@medusajs/core-flows" + export const GET = async (req: MedusaRequest, res: MedusaResponse) => { const customerModuleService = req.scope.resolve( ModuleRegistrationName.CUSTOMER @@ -29,7 +30,7 @@ export const POST = async (req: MedusaRequest, res: MedusaResponse) => { const customersData = [ { ...(req.validatedBody as CreateCustomerGroupDTO), - created_by: req.user!.id, + created_by: req.auth_user?.app_metadata?.user_id, }, ] From 76589f8830853ae61394b212dcea6e2dcb152ef6 Mon Sep 17 00:00:00 2001 From: Philip Korsholm Date: Thu, 22 Feb 2024 14:29:00 +0800 Subject: [PATCH 08/18] add authentication middleware for all admin endpoints --- .../promotion/admin/create-campaign.spec.ts | 11 +++++---- .../promotion/admin/create-promotion.spec.ts | 11 +++++---- .../promotion/admin/delete-campaign.spec.ts | 11 +++++---- .../promotion/admin/delete-promotion.spec.ts | 11 +++++---- .../promotion/admin/list-campaigns.spec.ts | 13 ++++++----- .../promotion/admin/list-promotions.spec.ts | 11 +++++---- .../promotion/admin/retrieve-campaign.spec.ts | 13 ++++++----- .../admin/retrieve-promotion.spec.ts | 11 +++++---- .../promotion/admin/update-campaign.spec.ts | 11 +++++---- .../promotion/admin/update-promotion.spec.ts | 11 +++++---- .../__tests__/regions/admin/regions.spec.ts | 11 +++++---- .../__tests__/users/create-user.spec.ts | 9 +++----- .../__tests__/users/delete-user.spec.ts | 6 ++--- .../__tests__/users/list-users.spec.ts | 6 ++--- .../__tests__/users/retrieve-user.spec.ts | 6 ++--- .../__tests__/users/update-user.spec.ts | 6 ++--- .../__tests__/workflow-engine/tests.ts | 13 ++++++----- .../src/api-v2/admin/campaigns/middlewares.ts | 22 +++++++++++------- .../api-v2/admin/promotions/middlewares.ts | 23 +++++++++++-------- .../src/api-v2/admin/regions/middlewares.ts | 12 ++++++++-- .../src/api-v2/admin/users/middlewares.ts | 12 ++++++++-- .../admin/workflows-executions/middlewares.ts | 12 ++++++++-- 22 files changed, 148 insertions(+), 104 deletions(-) diff --git a/integration-tests/plugins/__tests__/promotion/admin/create-campaign.spec.ts b/integration-tests/plugins/__tests__/promotion/admin/create-campaign.spec.ts index 023a6001a8d83..e1ce4200e0fea 100644 --- a/integration-tests/plugins/__tests__/promotion/admin/create-campaign.spec.ts +++ b/integration-tests/plugins/__tests__/promotion/admin/create-campaign.spec.ts @@ -1,11 +1,12 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { initDb, useDb } from "../../../../environment-helpers/use-db" + import { IPromotionModuleService } from "@medusajs/types" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { createAdminUser } from "../../../helpers/create-admin-user" +import { getContainer } from "../../../../environment-helpers/use-container" import path from "path" import { startBootstrapApp } from "../../../../environment-helpers/bootstrap-app" import { useApi } from "../../../../environment-helpers/use-api" -import { getContainer } from "../../../../environment-helpers/use-container" -import { initDb, useDb } from "../../../../environment-helpers/use-db" -import adminSeeder from "../../../../helpers/admin-seeder" jest.setTimeout(50000) @@ -37,7 +38,7 @@ describe("POST /admin/campaigns", () => { }) beforeEach(async () => { - await adminSeeder(dbConnection) + await createAdminUser(dbConnection, adminHeaders) }) afterEach(async () => { diff --git a/integration-tests/plugins/__tests__/promotion/admin/create-promotion.spec.ts b/integration-tests/plugins/__tests__/promotion/admin/create-promotion.spec.ts index 25045c206b39b..b105e08c9f9ad 100644 --- a/integration-tests/plugins/__tests__/promotion/admin/create-promotion.spec.ts +++ b/integration-tests/plugins/__tests__/promotion/admin/create-promotion.spec.ts @@ -1,12 +1,13 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { initDb, useDb } from "../../../../environment-helpers/use-db" + import { IPromotionModuleService } from "@medusajs/types" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" import { PromotionType } from "@medusajs/utils" +import { createAdminUser } from "../../../helpers/create-admin-user" +import { getContainer } from "../../../../environment-helpers/use-container" import path from "path" import { startBootstrapApp } from "../../../../environment-helpers/bootstrap-app" import { useApi } from "../../../../environment-helpers/use-api" -import { getContainer } from "../../../../environment-helpers/use-container" -import { initDb, useDb } from "../../../../environment-helpers/use-db" -import adminSeeder from "../../../../helpers/admin-seeder" jest.setTimeout(50000) @@ -38,7 +39,7 @@ describe("POST /admin/promotions", () => { }) beforeEach(async () => { - await adminSeeder(dbConnection) + await createAdminUser(dbConnection, adminHeaders) }) afterEach(async () => { diff --git a/integration-tests/plugins/__tests__/promotion/admin/delete-campaign.spec.ts b/integration-tests/plugins/__tests__/promotion/admin/delete-campaign.spec.ts index 47c215129e8e9..055b223b58bc0 100644 --- a/integration-tests/plugins/__tests__/promotion/admin/delete-campaign.spec.ts +++ b/integration-tests/plugins/__tests__/promotion/admin/delete-campaign.spec.ts @@ -1,11 +1,12 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { initDb, useDb } from "../../../../environment-helpers/use-db" + import { IPromotionModuleService } from "@medusajs/types" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { createAdminUser } from "../../../helpers/create-admin-user" +import { getContainer } from "../../../../environment-helpers/use-container" import path from "path" import { startBootstrapApp } from "../../../../environment-helpers/bootstrap-app" import { useApi } from "../../../../environment-helpers/use-api" -import { getContainer } from "../../../../environment-helpers/use-container" -import { initDb, useDb } from "../../../../environment-helpers/use-db" -import adminSeeder from "../../../../helpers/admin-seeder" jest.setTimeout(50000) @@ -37,7 +38,7 @@ describe("DELETE /admin/campaigns/:id", () => { }) beforeEach(async () => { - await adminSeeder(dbConnection) + await createAdminUser(dbConnection, adminHeaders) }) afterEach(async () => { diff --git a/integration-tests/plugins/__tests__/promotion/admin/delete-promotion.spec.ts b/integration-tests/plugins/__tests__/promotion/admin/delete-promotion.spec.ts index 2c66f0ab0f97c..882ea3c3f7326 100644 --- a/integration-tests/plugins/__tests__/promotion/admin/delete-promotion.spec.ts +++ b/integration-tests/plugins/__tests__/promotion/admin/delete-promotion.spec.ts @@ -1,11 +1,12 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { initDb, useDb } from "../../../../environment-helpers/use-db" + import { IPromotionModuleService } from "@medusajs/types" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { createAdminUser } from "../../../helpers/create-admin-user" +import { getContainer } from "../../../../environment-helpers/use-container" import path from "path" import { startBootstrapApp } from "../../../../environment-helpers/bootstrap-app" import { useApi } from "../../../../environment-helpers/use-api" -import { getContainer } from "../../../../environment-helpers/use-container" -import { initDb, useDb } from "../../../../environment-helpers/use-db" -import adminSeeder from "../../../../helpers/admin-seeder" jest.setTimeout(50000) @@ -37,7 +38,7 @@ describe("DELETE /admin/promotions/:id", () => { }) beforeEach(async () => { - await adminSeeder(dbConnection) + await createAdminUser(dbConnection, adminHeaders) }) afterEach(async () => { diff --git a/integration-tests/plugins/__tests__/promotion/admin/list-campaigns.spec.ts b/integration-tests/plugins/__tests__/promotion/admin/list-campaigns.spec.ts index 0d3b2734338fe..8e3a4106bbb84 100644 --- a/integration-tests/plugins/__tests__/promotion/admin/list-campaigns.spec.ts +++ b/integration-tests/plugins/__tests__/promotion/admin/list-campaigns.spec.ts @@ -1,12 +1,13 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" -import { IPromotionModuleService } from "@medusajs/types" +import { initDb, useDb } from "../../../../environment-helpers/use-db" + import { CampaignBudgetType } from "@medusajs/utils" +import { IPromotionModuleService } from "@medusajs/types" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { createAdminUser } from "../../../helpers/create-admin-user" +import { getContainer } from "../../../../environment-helpers/use-container" import path from "path" import { startBootstrapApp } from "../../../../environment-helpers/bootstrap-app" import { useApi } from "../../../../environment-helpers/use-api" -import { getContainer } from "../../../../environment-helpers/use-container" -import { initDb, useDb } from "../../../../environment-helpers/use-db" -import adminSeeder from "../../../../helpers/admin-seeder" jest.setTimeout(50000) @@ -69,7 +70,7 @@ describe("GET /admin/campaigns", () => { }) beforeEach(async () => { - await adminSeeder(dbConnection) + await createAdminUser(dbConnection, adminHeaders) await promotionModuleService.createCampaigns(campaignsData) }) diff --git a/integration-tests/plugins/__tests__/promotion/admin/list-promotions.spec.ts b/integration-tests/plugins/__tests__/promotion/admin/list-promotions.spec.ts index efb7bad3e9640..6c2ac133ff7ce 100644 --- a/integration-tests/plugins/__tests__/promotion/admin/list-promotions.spec.ts +++ b/integration-tests/plugins/__tests__/promotion/admin/list-promotions.spec.ts @@ -1,12 +1,13 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { initDb, useDb } from "../../../../environment-helpers/use-db" + import { IPromotionModuleService } from "@medusajs/types" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" import { PromotionType } from "@medusajs/utils" +import { createAdminUser } from "../../../helpers/create-admin-user" +import { getContainer } from "../../../../environment-helpers/use-container" import path from "path" import { startBootstrapApp } from "../../../../environment-helpers/bootstrap-app" import { useApi } from "../../../../environment-helpers/use-api" -import { getContainer } from "../../../../environment-helpers/use-container" -import { initDb, useDb } from "../../../../environment-helpers/use-db" -import adminSeeder from "../../../../helpers/admin-seeder" jest.setTimeout(50000) @@ -38,7 +39,7 @@ describe("GET /admin/promotions", () => { }) beforeEach(async () => { - await adminSeeder(dbConnection) + await createAdminUser(dbConnection, adminHeaders) }) afterEach(async () => { diff --git a/integration-tests/plugins/__tests__/promotion/admin/retrieve-campaign.spec.ts b/integration-tests/plugins/__tests__/promotion/admin/retrieve-campaign.spec.ts index 34a9ae533551c..aa96fa29cc418 100644 --- a/integration-tests/plugins/__tests__/promotion/admin/retrieve-campaign.spec.ts +++ b/integration-tests/plugins/__tests__/promotion/admin/retrieve-campaign.spec.ts @@ -1,12 +1,13 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" -import { IPromotionModuleService } from "@medusajs/types" +import { initDb, useDb } from "../../../../environment-helpers/use-db" + import { CampaignBudgetType } from "@medusajs/utils" +import { IPromotionModuleService } from "@medusajs/types" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { createAdminUser } from "../../../helpers/create-admin-user" +import { getContainer } from "../../../../environment-helpers/use-container" import path from "path" import { startBootstrapApp } from "../../../../environment-helpers/bootstrap-app" import { useApi } from "../../../../environment-helpers/use-api" -import { getContainer } from "../../../../environment-helpers/use-container" -import { initDb, useDb } from "../../../../environment-helpers/use-db" -import adminSeeder from "../../../../helpers/admin-seeder" jest.setTimeout(50000) @@ -52,7 +53,7 @@ describe("GET /admin/campaigns", () => { }) beforeEach(async () => { - await adminSeeder(dbConnection) + await createAdminUser(dbConnection, adminHeaders) }) afterEach(async () => { diff --git a/integration-tests/plugins/__tests__/promotion/admin/retrieve-promotion.spec.ts b/integration-tests/plugins/__tests__/promotion/admin/retrieve-promotion.spec.ts index 5bc354a39918a..75590b6235234 100644 --- a/integration-tests/plugins/__tests__/promotion/admin/retrieve-promotion.spec.ts +++ b/integration-tests/plugins/__tests__/promotion/admin/retrieve-promotion.spec.ts @@ -1,12 +1,13 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { initDb, useDb } from "../../../../environment-helpers/use-db" + import { IPromotionModuleService } from "@medusajs/types" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" import { PromotionType } from "@medusajs/utils" +import { createAdminUser } from "../../../helpers/create-admin-user" +import { getContainer } from "../../../../environment-helpers/use-container" import path from "path" import { startBootstrapApp } from "../../../../environment-helpers/bootstrap-app" import { useApi } from "../../../../environment-helpers/use-api" -import { getContainer } from "../../../../environment-helpers/use-container" -import { initDb, useDb } from "../../../../environment-helpers/use-db" -import adminSeeder from "../../../../helpers/admin-seeder" jest.setTimeout(50000) @@ -38,7 +39,7 @@ describe("GET /admin/promotions", () => { }) beforeEach(async () => { - await adminSeeder(dbConnection) + await createAdminUser(dbConnection, adminHeaders) }) afterEach(async () => { diff --git a/integration-tests/plugins/__tests__/promotion/admin/update-campaign.spec.ts b/integration-tests/plugins/__tests__/promotion/admin/update-campaign.spec.ts index 487f0488fa994..c7e1e6f13292c 100644 --- a/integration-tests/plugins/__tests__/promotion/admin/update-campaign.spec.ts +++ b/integration-tests/plugins/__tests__/promotion/admin/update-campaign.spec.ts @@ -1,11 +1,12 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { initDb, useDb } from "../../../../environment-helpers/use-db" + import { IPromotionModuleService } from "@medusajs/types" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { createAdminUser } from "../../../helpers/create-admin-user" +import { getContainer } from "../../../../environment-helpers/use-container" import path from "path" import { startBootstrapApp } from "../../../../environment-helpers/bootstrap-app" import { useApi } from "../../../../environment-helpers/use-api" -import { getContainer } from "../../../../environment-helpers/use-container" -import { initDb, useDb } from "../../../../environment-helpers/use-db" -import adminSeeder from "../../../../helpers/admin-seeder" jest.setTimeout(50000) @@ -37,7 +38,7 @@ describe("POST /admin/campaigns/:id", () => { }) beforeEach(async () => { - await adminSeeder(dbConnection) + await createAdminUser(dbConnection, adminHeaders) }) afterEach(async () => { diff --git a/integration-tests/plugins/__tests__/promotion/admin/update-promotion.spec.ts b/integration-tests/plugins/__tests__/promotion/admin/update-promotion.spec.ts index 28b04e77f4765..3b3241a4883be 100644 --- a/integration-tests/plugins/__tests__/promotion/admin/update-promotion.spec.ts +++ b/integration-tests/plugins/__tests__/promotion/admin/update-promotion.spec.ts @@ -1,12 +1,13 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { initDb, useDb } from "../../../../environment-helpers/use-db" + import { IPromotionModuleService } from "@medusajs/types" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" import { PromotionType } from "@medusajs/utils" +import { createAdminUser } from "../../../helpers/create-admin-user" +import { getContainer } from "../../../../environment-helpers/use-container" import path from "path" import { startBootstrapApp } from "../../../../environment-helpers/bootstrap-app" import { useApi } from "../../../../environment-helpers/use-api" -import { getContainer } from "../../../../environment-helpers/use-container" -import { initDb, useDb } from "../../../../environment-helpers/use-db" -import adminSeeder from "../../../../helpers/admin-seeder" jest.setTimeout(50000) @@ -38,7 +39,7 @@ describe("POST /admin/promotions/:id", () => { }) beforeEach(async () => { - await adminSeeder(dbConnection) + await createAdminUser(dbConnection, adminHeaders) }) afterEach(async () => { diff --git a/integration-tests/plugins/__tests__/regions/admin/regions.spec.ts b/integration-tests/plugins/__tests__/regions/admin/regions.spec.ts index 33862a1a228da..e3f0f71ce29bb 100644 --- a/integration-tests/plugins/__tests__/regions/admin/regions.spec.ts +++ b/integration-tests/plugins/__tests__/regions/admin/regions.spec.ts @@ -1,11 +1,12 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { initDb, useDb } from "../../../../environment-helpers/use-db" + import { IRegionModuleService } from "@medusajs/types" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { createAdminUser } from "../../../helpers/create-admin-user" +import { getContainer } from "../../../../environment-helpers/use-container" import path from "path" import { startBootstrapApp } from "../../../../environment-helpers/bootstrap-app" import { useApi } from "../../../../environment-helpers/use-api" -import { getContainer } from "../../../../environment-helpers/use-container" -import { initDb, useDb } from "../../../../environment-helpers/use-db" -import adminSeeder from "../../../../helpers/admin-seeder" jest.setTimeout(50000) @@ -35,7 +36,7 @@ describe("Regions - Admin", () => { }) beforeEach(async () => { - await adminSeeder(dbConnection) + await createAdminUser(dbConnection, adminHeaders) await service.createDefaultCountriesAndCurrencies() }) diff --git a/integration-tests/plugins/__tests__/users/create-user.spec.ts b/integration-tests/plugins/__tests__/users/create-user.spec.ts index 9776700e5f2f1..c80b351a71e68 100644 --- a/integration-tests/plugins/__tests__/users/create-user.spec.ts +++ b/integration-tests/plugins/__tests__/users/create-user.spec.ts @@ -1,13 +1,10 @@ import { initDb, useDb } from "../../../environment-helpers/use-db" -import { IUserModuleService } from "@medusajs/types" -import { ModuleRegistrationName } from "@medusajs/modules-sdk" -import { getContainer } from "../../../environment-helpers/use-container" +import { AxiosInstance } from "axios" +import { createAdminUser } from "../../helpers/create-admin-user" import path from "path" import { startBootstrapApp } from "../../../environment-helpers/bootstrap-app" import { useApi } from "../../../environment-helpers/use-api" -import adminSeeder from "../../../helpers/admin-seeder" -import { AxiosInstance } from "axios" jest.setTimeout(50000) @@ -27,7 +24,7 @@ describe("POST /admin/users", () => { }) beforeEach(async () => { - await adminSeeder(dbConnection) + await createAdminUser(dbConnection, adminHeaders) }) afterAll(async () => { diff --git a/integration-tests/plugins/__tests__/users/delete-user.spec.ts b/integration-tests/plugins/__tests__/users/delete-user.spec.ts index 30d6cb4b2387b..80e7300c60f27 100644 --- a/integration-tests/plugins/__tests__/users/delete-user.spec.ts +++ b/integration-tests/plugins/__tests__/users/delete-user.spec.ts @@ -1,13 +1,13 @@ import { initDb, useDb } from "../../../environment-helpers/use-db" +import { AxiosInstance } from "axios" import { IUserModuleService } from "@medusajs/types" import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { createAdminUser } from "../../helpers/create-admin-user" import { getContainer } from "../../../environment-helpers/use-container" import path from "path" import { startBootstrapApp } from "../../../environment-helpers/bootstrap-app" import { useApi } from "../../../environment-helpers/use-api" -import adminSeeder from "../../../helpers/admin-seeder" -import { AxiosInstance } from "axios" jest.setTimeout(50000) @@ -31,7 +31,7 @@ describe("DELETE /admin/users/:id", () => { }) beforeEach(async () => { - await adminSeeder(dbConnection) + await createAdminUser(dbConnection, adminHeaders) }) afterAll(async () => { diff --git a/integration-tests/plugins/__tests__/users/list-users.spec.ts b/integration-tests/plugins/__tests__/users/list-users.spec.ts index a4144d3756aea..272ce4e7cef3e 100644 --- a/integration-tests/plugins/__tests__/users/list-users.spec.ts +++ b/integration-tests/plugins/__tests__/users/list-users.spec.ts @@ -1,13 +1,13 @@ import { initDb, useDb } from "../../../environment-helpers/use-db" +import { AxiosInstance } from "axios" import { IUserModuleService } from "@medusajs/types" import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { createAdminUser } from "../../helpers/create-admin-user" import { getContainer } from "../../../environment-helpers/use-container" import path from "path" import { startBootstrapApp } from "../../../environment-helpers/bootstrap-app" import { useApi } from "../../../environment-helpers/use-api" -import adminSeeder from "../../../helpers/admin-seeder" -import { AxiosInstance } from "axios" jest.setTimeout(50000) @@ -31,7 +31,7 @@ describe("GET /admin/users", () => { }) beforeEach(async () => { - await adminSeeder(dbConnection) + await createAdminUser(dbConnection, adminHeaders) }) afterAll(async () => { diff --git a/integration-tests/plugins/__tests__/users/retrieve-user.spec.ts b/integration-tests/plugins/__tests__/users/retrieve-user.spec.ts index fc6b8f14ca011..05c733f7bba4a 100644 --- a/integration-tests/plugins/__tests__/users/retrieve-user.spec.ts +++ b/integration-tests/plugins/__tests__/users/retrieve-user.spec.ts @@ -1,13 +1,13 @@ import { initDb, useDb } from "../../../environment-helpers/use-db" +import { AxiosInstance } from "axios" import { IUserModuleService } from "@medusajs/types" import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { createAdminUser } from "../../helpers/create-admin-user" import { getContainer } from "../../../environment-helpers/use-container" import path from "path" import { startBootstrapApp } from "../../../environment-helpers/bootstrap-app" import { useApi } from "../../../environment-helpers/use-api" -import adminSeeder from "../../../helpers/admin-seeder" -import { AxiosInstance } from "axios" jest.setTimeout(50000) @@ -31,7 +31,7 @@ describe("GET /admin/users/:id", () => { }) beforeEach(async () => { - await adminSeeder(dbConnection) + await createAdminUser(dbConnection, adminHeaders) }) afterAll(async () => { diff --git a/integration-tests/plugins/__tests__/users/update-user.spec.ts b/integration-tests/plugins/__tests__/users/update-user.spec.ts index 6cad952593b0d..f70cb45915778 100644 --- a/integration-tests/plugins/__tests__/users/update-user.spec.ts +++ b/integration-tests/plugins/__tests__/users/update-user.spec.ts @@ -1,13 +1,13 @@ import { initDb, useDb } from "../../../environment-helpers/use-db" +import { AxiosInstance } from "axios" import { IUserModuleService } from "@medusajs/types" import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { createAdminUser } from "../../helpers/create-admin-user" import { getContainer } from "../../../environment-helpers/use-container" import path from "path" import { startBootstrapApp } from "../../../environment-helpers/bootstrap-app" import { useApi } from "../../../environment-helpers/use-api" -import adminSeeder from "../../../helpers/admin-seeder" -import { AxiosInstance } from "axios" jest.setTimeout(50000) @@ -31,7 +31,7 @@ describe("POST /admin/users/:id", () => { }) beforeEach(async () => { - await adminSeeder(dbConnection) + await createAdminUser(dbConnection, adminHeaders) }) afterAll(async () => { diff --git a/integration-tests/plugins/__tests__/workflow-engine/tests.ts b/integration-tests/plugins/__tests__/workflow-engine/tests.ts index 01a9dbbd8015f..e1d41a10985dc 100644 --- a/integration-tests/plugins/__tests__/workflow-engine/tests.ts +++ b/integration-tests/plugins/__tests__/workflow-engine/tests.ts @@ -1,17 +1,18 @@ -import { useApi } from "../../../environment-helpers/use-api" -import { initDb, useDb } from "../../../environment-helpers/use-db" - import { StepResponse, WorkflowData, createStep, createWorkflow, } from "@medusajs/workflows-sdk" +import { initDb, useDb } from "../../../environment-helpers/use-db" + import { AxiosInstance } from "axios" +import adminSeeder from "../../../helpers/admin-seeder" +import { createAdminUser } from "../../helpers/create-admin-user" +import { getContainer } from "../../../environment-helpers/use-container" import path from "path" import { startBootstrapApp } from "../../../environment-helpers/bootstrap-app" -import { getContainer } from "../../../environment-helpers/use-container" -import adminSeeder from "../../../helpers/admin-seeder" +import { useApi } from "../../../environment-helpers/use-api" export const workflowEngineTestSuite = (env, extraParams = {}) => { const adminHeaders = { @@ -31,7 +32,7 @@ export const workflowEngineTestSuite = (env, extraParams = {}) => { shutdownServer = await startBootstrapApp({ cwd, env }) medusaContainer = getContainer() - await adminSeeder(dbConnection) + await createAdminUser(dbConnection, adminHeaders) }) afterAll(async () => { diff --git a/packages/medusa/src/api-v2/admin/campaigns/middlewares.ts b/packages/medusa/src/api-v2/admin/campaigns/middlewares.ts index 45febafdd77e0..b71c993c5eb32 100644 --- a/packages/medusa/src/api-v2/admin/campaigns/middlewares.ts +++ b/packages/medusa/src/api-v2/admin/campaigns/middlewares.ts @@ -1,22 +1,28 @@ -import { MedusaV2Flag } from "@medusajs/utils" -import { - isFeatureFlagEnabled, - transformBody, - transformQuery, -} from "../../../api/middlewares" -import { MiddlewareRoute } from "../../../loaders/helpers/routing/types" import * as QueryConfig from "./query-config" + import { AdminGetCampaignsCampaignParams, AdminGetCampaignsParams, AdminPostCampaignsCampaignReq, AdminPostCampaignsReq, } from "./validators" +import { + isFeatureFlagEnabled, + transformBody, + transformQuery, +} from "../../../api/middlewares" + +import { MedusaV2Flag } from "@medusajs/utils" +import { MiddlewareRoute } from "../../../loaders/helpers/routing/types" +import { authenticate } from "../../../utils/authenticate-middleware" export const adminCampaignRoutesMiddlewares: MiddlewareRoute[] = [ { matcher: "/admin/campaigns*", - middlewares: [isFeatureFlagEnabled(MedusaV2Flag.key)], + middlewares: [ + isFeatureFlagEnabled(MedusaV2Flag.key), + authenticate("admin", ["bearer", "session"]), + ], }, { method: ["GET"], diff --git a/packages/medusa/src/api-v2/admin/promotions/middlewares.ts b/packages/medusa/src/api-v2/admin/promotions/middlewares.ts index cf27214e9d906..afed009d3d71f 100644 --- a/packages/medusa/src/api-v2/admin/promotions/middlewares.ts +++ b/packages/medusa/src/api-v2/admin/promotions/middlewares.ts @@ -1,23 +1,28 @@ -import { MedusaV2Flag } from "@medusajs/utils" - -import { - isFeatureFlagEnabled, - transformBody, - transformQuery, -} from "../../../api/middlewares" -import { MiddlewareRoute } from "../../../loaders/helpers/routing/types" import * as QueryConfig from "./query-config" + import { AdminGetPromotionsParams, AdminGetPromotionsPromotionParams, AdminPostPromotionsPromotionReq, AdminPostPromotionsReq, } from "./validators" +import { + isFeatureFlagEnabled, + transformBody, + transformQuery, +} from "../../../api/middlewares" + +import { MedusaV2Flag } from "@medusajs/utils" +import { MiddlewareRoute } from "../../../loaders/helpers/routing/types" +import { authenticate } from "../../../utils/authenticate-middleware" export const adminPromotionRoutesMiddlewares: MiddlewareRoute[] = [ { matcher: "/admin/promotions*", - middlewares: [isFeatureFlagEnabled(MedusaV2Flag.key)], + middlewares: [ + isFeatureFlagEnabled(MedusaV2Flag.key), + authenticate("admin", ["bearer", "session"]), + ], }, { method: ["GET"], diff --git a/packages/medusa/src/api-v2/admin/regions/middlewares.ts b/packages/medusa/src/api-v2/admin/regions/middlewares.ts index 5aef768c9f8e7..87b7578297b77 100644 --- a/packages/medusa/src/api-v2/admin/regions/middlewares.ts +++ b/packages/medusa/src/api-v2/admin/regions/middlewares.ts @@ -1,14 +1,22 @@ -import { transformBody, transformQuery } from "../../../api/middlewares" -import { MiddlewareRoute } from "../../../loaders/helpers/routing/types" import * as QueryConfig from "./query-config" + import { AdminGetRegionsParams, AdminGetRegionsRegionParams, AdminPostRegionsRegionReq, AdminPostRegionsReq, } from "./validators" +import { transformBody, transformQuery } from "../../../api/middlewares" + +import { MiddlewareRoute } from "../../../loaders/helpers/routing/types" +import { authenticate } from "../../../utils/authenticate-middleware" export const adminRegionRoutesMiddlewares: MiddlewareRoute[] = [ + { + method: ["ALL"], + matcher: "/admin/regions*", + middlewares: [authenticate("admin", ["bearer", "session"])], + }, { method: ["GET"], matcher: "/admin/regions", diff --git a/packages/medusa/src/api-v2/admin/users/middlewares.ts b/packages/medusa/src/api-v2/admin/users/middlewares.ts index 3c6e48f952559..a70015471f5eb 100644 --- a/packages/medusa/src/api-v2/admin/users/middlewares.ts +++ b/packages/medusa/src/api-v2/admin/users/middlewares.ts @@ -1,14 +1,22 @@ -import { transformBody, transformQuery } from "../../../api/middlewares" +import * as QueryConfig from "./query-config" + import { AdminCreateUserRequest, AdminGetUsersParams, AdminGetUsersUserParams, AdminUpdateUserRequest, } from "./validators" -import * as QueryConfig from "./query-config" +import { transformBody, transformQuery } from "../../../api/middlewares" + import { MiddlewareRoute } from "../../../types/middlewares" +import { authenticate } from "../../../utils/authenticate-middleware" export const adminUserRoutesMiddlewares: MiddlewareRoute[] = [ + { + method: ["ALL"], + matcher: "/admin/users*", + middlewares: [authenticate("admin", ["bearer", "session"])], + }, { method: ["GET"], matcher: "/admin/users", diff --git a/packages/medusa/src/api-v2/admin/workflows-executions/middlewares.ts b/packages/medusa/src/api-v2/admin/workflows-executions/middlewares.ts index 47b00944951bd..40a8d8cbee547 100644 --- a/packages/medusa/src/api-v2/admin/workflows-executions/middlewares.ts +++ b/packages/medusa/src/api-v2/admin/workflows-executions/middlewares.ts @@ -1,14 +1,22 @@ -import { transformBody, transformQuery } from "../../../api/middlewares" -import { MiddlewareRoute } from "../../../loaders/helpers/routing/types" import * as QueryConfig from "./query-config" + import { AdminGetWorkflowExecutionDetailsParams, AdminGetWorkflowExecutionsParams, AdminPostWorkflowsAsyncResponseReq, AdminPostWorkflowsRunReq, } from "./validators" +import { transformBody, transformQuery } from "../../../api/middlewares" + +import { MiddlewareRoute } from "../../../loaders/helpers/routing/types" +import { authenticate } from "../../../utils/authenticate-middleware" export const adminWorkflowsExecutionsMiddlewares: MiddlewareRoute[] = [ + { + method: ["ALL"], + matcher: "/admin/workflows-executions*", + middlewares: [authenticate("admin", ["bearer", "session"])], + }, { method: ["GET"], matcher: "/admin/workflows-executions", From ed3378a6a4c8a95097b5e17f22ab48c3cabe9238 Mon Sep 17 00:00:00 2001 From: Philip Korsholm <88927411+pKorsholm@users.noreply.github.com> Date: Thu, 22 Feb 2024 16:29:15 +0800 Subject: [PATCH 09/18] Feat(medusa, user): require authentication for invite accept (#6448) * initial invite token validation for authentication invocation * remove invite auth * remove unused import * cleanup tests --- .../__tests__/invites/accept-invite.spec.ts | 112 ++++++++++++++++++ .../plugins/helpers/create-admin-user.ts | 2 +- integration-tests/plugins/medusa-config.js | 11 ++ .../src/api-v2/admin/invites/accept/route.ts | 17 ++- .../src/api-v2/admin/invites/middlewares.ts | 26 +++- .../src/utils/authenticate-middleware.ts | 2 +- packages/user/src/services/invite.ts | 14 ++- 7 files changed, 172 insertions(+), 12 deletions(-) create mode 100644 integration-tests/plugins/__tests__/invites/accept-invite.spec.ts diff --git a/integration-tests/plugins/__tests__/invites/accept-invite.spec.ts b/integration-tests/plugins/__tests__/invites/accept-invite.spec.ts new file mode 100644 index 0000000000000..02e56d759f742 --- /dev/null +++ b/integration-tests/plugins/__tests__/invites/accept-invite.spec.ts @@ -0,0 +1,112 @@ +import { IAuthModuleService, IUserModuleService } from "@medusajs/types" +import { initDb, useDb } from "../../../environment-helpers/use-db" + +import { AxiosInstance } from "axios" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { createAdminUser } from "../../helpers/create-admin-user" +import { getContainer } from "../../../environment-helpers/use-container" +import path from "path" +import { startBootstrapApp } from "../../../environment-helpers/bootstrap-app" +import { useApi } from "../../../environment-helpers/use-api" + +jest.setTimeout(50000) + +const env = { MEDUSA_FF_MEDUSA_V2: true } +const adminHeaders = { + headers: { "x-medusa-access-token": "test_token" }, +} + +describe("GET /admin/invites/:id", () => { + let dbConnection + let appContainer + let shutdownServer + let userModuleService: IUserModuleService + + beforeAll(async () => { + const cwd = path.resolve(path.join(__dirname, "..", "..")) + dbConnection = await initDb({ cwd, env } as any) + shutdownServer = await startBootstrapApp({ cwd, env }) + appContainer = getContainer() + userModuleService = appContainer.resolve(ModuleRegistrationName.USER) + }) + + beforeEach(async () => { + await createAdminUser(dbConnection, adminHeaders) + }) + + afterAll(async () => { + const db = useDb() + await db.shutdown() + await shutdownServer() + }) + + afterEach(async () => { + const db = useDb() + await db.teardown() + }) + + it("should fail to accept an invite with an invalid invite token", async () => { + const api = useApi()! as AxiosInstance + + const authResponse = await api.post(`/auth/admin/emailpass`, { + email: "potential_member@test.com", + password: "supersecret", + }) + + expect(authResponse.status).toEqual(200) + const token = authResponse.data.token + + const acceptResponse = await api + .post( + `/admin/invites/accept?token=${"non-existing-token"}`, + { + first_name: "John", + }, + { + headers: { + Authorization: `Bearer ${token}`, + }, + } + ) + .catch((e) => e) + + expect(acceptResponse.response.status).toEqual(401) + expect(acceptResponse.response.data.message).toEqual("Unauthorized") + }) + + it("should accept an invite", async () => { + const invite = await userModuleService.createInvites({ + email: "potential_member@test.com", + }) + + const api = useApi()! as AxiosInstance + + const authResponse = await api.post(`/auth/admin/emailpass`, { + email: "potential_member@test.com", + password: "supersecret", + }) + + expect(authResponse.status).toEqual(200) + const token = authResponse.data.token + + const acceptResponse = await api.post( + `/admin/invites/accept?token=${invite.token}`, + { + first_name: "John", + }, + { + headers: { + Authorization: `Bearer ${token}`, + }, + } + ) + + expect(acceptResponse.status).toEqual(200) + expect(acceptResponse.data.user).toEqual( + expect.objectContaining({ + email: "potential_member@test.com", + first_name: "John", + }) + ) + }) +}) diff --git a/integration-tests/plugins/helpers/create-admin-user.ts b/integration-tests/plugins/helpers/create-admin-user.ts index 118439fe805f4..4c1b02751e214 100644 --- a/integration-tests/plugins/helpers/create-admin-user.ts +++ b/integration-tests/plugins/helpers/create-admin-user.ts @@ -1,8 +1,8 @@ import { IAuthModuleService } from "@medusajs/types" import { ModuleRegistrationName } from "@medusajs/modules-sdk" import adminSeeder from "../../helpers/admin-seeder" -import jwt from "jsonwebtoken" import { getContainer } from "../../environment-helpers/use-container" +import jwt from "jsonwebtoken" export const createAdminUser = async (dbConnection, adminHeaders) => { await adminSeeder(dbConnection) diff --git a/integration-tests/plugins/medusa-config.js b/integration-tests/plugins/medusa-config.js index b81d6e9d1c548..12e887228a330 100644 --- a/integration-tests/plugins/medusa-config.js +++ b/integration-tests/plugins/medusa-config.js @@ -43,6 +43,17 @@ module.exports = { scope: "internal", resources: "shared", resolve: "@medusajs/auth", + options: { + providers: [ + { + name: "emailpass", + scopes: { + admin: {}, + store: {}, + }, + }, + ], + }, }, [Modules.USER]: { scope: "internal", diff --git a/packages/medusa/src/api-v2/admin/invites/accept/route.ts b/packages/medusa/src/api-v2/admin/invites/accept/route.ts index c9d09bb1ece11..c119c5d66c78f 100644 --- a/packages/medusa/src/api-v2/admin/invites/accept/route.ts +++ b/packages/medusa/src/api-v2/admin/invites/accept/route.ts @@ -1,9 +1,10 @@ -import { acceptInviteWorkflow } from "@medusajs/core-flows" import { MedusaRequest, MedusaResponse } from "../../../../types/routing" -import { InviteWorkflow } from "@medusajs/types" + import { AdminPostInvitesInviteAcceptReq } from "../validators" import { IUserModuleService } from "@medusajs/types" +import { InviteWorkflow } from "@medusajs/types" import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { acceptInviteWorkflow } from "@medusajs/core-flows" export const POST = async (req: MedusaRequest, res: MedusaResponse) => { if (req.auth_user?.app_metadata?.user_id) { @@ -23,7 +24,17 @@ export const POST = async (req: MedusaRequest, res: MedusaResponse) => { user: req.validatedBody as AdminPostInvitesInviteAcceptReq, } as InviteWorkflow.AcceptInviteWorkflowInputDTO - const { result: users } = await workflow.run({ input }) + let users + try { + const { result: userss } = await workflow.run({ input }) + users = userss + } catch (e) { + if (e.message.startsWith("jwt malformed")) { + res.status(401).json({ message: "Unauthorized" }) + return + } + throw e + } // Set customer_id on session user if we are in session if (req.session.auth_user) { diff --git a/packages/medusa/src/api-v2/admin/invites/middlewares.ts b/packages/medusa/src/api-v2/admin/invites/middlewares.ts index 91f3152e55bfe..9fe69215ff9db 100644 --- a/packages/medusa/src/api-v2/admin/invites/middlewares.ts +++ b/packages/medusa/src/api-v2/admin/invites/middlewares.ts @@ -1,19 +1,35 @@ -import { transformBody, transformQuery } from "../../../api/middlewares" +import * as QueryConfig from "./query-config" + import { AdminCreateInviteRequest, - AdminGetInvitesParams, AdminGetInvitesInviteParams, - AdminPostInvitesInviteAcceptReq, + AdminGetInvitesParams, AdminPostInvitesInviteAcceptParams, + AdminPostInvitesInviteAcceptReq, } from "./validators" -import * as QueryConfig from "./query-config" +import { transformBody, transformQuery } from "../../../api/middlewares" + import { MiddlewareRoute } from "../../../types/middlewares" import { authenticate } from "../../../utils/authenticate-middleware" export const adminInviteRoutesMiddlewares: MiddlewareRoute[] = [ { method: "ALL", - matcher: "/admin/invites*", + matcher: "/admin/invites", + middlewares: [authenticate("admin", ["session", "bearer"])], + }, + { + method: "POST", + matcher: "/admin/invites/accept", + middlewares: [ + authenticate("admin", ["session", "bearer"], { + allowUnregistered: true, + }), + ], + }, + { + method: ["GET", "DELETE"], + matcher: "/admin/invites/:id", middlewares: [authenticate("admin", ["session", "bearer"])], }, { diff --git a/packages/medusa/src/utils/authenticate-middleware.ts b/packages/medusa/src/utils/authenticate-middleware.ts index 0e5a1f009374a..f4a53ff4055d9 100644 --- a/packages/medusa/src/utils/authenticate-middleware.ts +++ b/packages/medusa/src/utils/authenticate-middleware.ts @@ -1,8 +1,8 @@ +import { AuthUserDTO, IUserModuleService } from "@medusajs/types" import { MedusaRequest, MedusaResponse } from "../types/routing" import { NextFunction, RequestHandler } from "express" import jwt, { JwtPayload } from "jsonwebtoken" -import { AuthUserDTO } from "@medusajs/types" import { stringEqualsOrRegexMatch } from "@medusajs/utils" const SESSION_AUTH = "session" diff --git a/packages/user/src/services/invite.ts b/packages/user/src/services/invite.ts index ac68003c4c1ac..f837e595f4f21 100644 --- a/packages/user/src/services/invite.ts +++ b/packages/user/src/services/invite.ts @@ -4,9 +4,10 @@ import { MedusaError, ModulesSdkUtils, } from "@medusajs/utils" +import jwt, { JwtPayload } from "jsonwebtoken" + import { Invite } from "@models" import { InviteServiceTypes } from "@types" -import jwt, { JwtPayload } from "jsonwebtoken" type InjectedDependencies = { inviteRepository: DAL.RepositoryService @@ -91,7 +92,16 @@ export default class InviteService< ): Promise { const decoded = this.validateToken(token) - return await super.retrieve(decoded.payload.id, {}, context) + const invite = await super.retrieve(decoded.payload.id, {}, context) + + if (invite.expires_at < new Date()) { + throw new MedusaError( + MedusaError.Types.INVALID_DATA, + "The invite has expired" + ) + } + + return invite } private generateToken(data: any): string { From 4202a399df60aca3643cf481e688fc0c115dd632 Mon Sep 17 00:00:00 2001 From: Philip Korsholm Date: Fri, 23 Feb 2024 07:58:20 +0800 Subject: [PATCH 10/18] refactor to auth instead of auth_user --- .../src/api-v2/admin/customer-groups/route.ts | 2 +- .../medusa/src/api-v2/admin/customers/route.ts | 2 +- .../src/api-v2/admin/invites/accept/route.ts | 6 +++--- packages/medusa/src/api-v2/auth/session/route.ts | 4 ++-- packages/medusa/src/api-v2/store/carts/route.ts | 13 +++++++------ .../customers/me/addresses/[address_id]/route.ts | 15 ++++++++------- .../api-v2/store/customers/me/addresses/route.ts | 9 +++++---- .../medusa/src/api-v2/store/customers/me/route.ts | 2 +- .../medusa/src/api-v2/store/customers/route.ts | 10 +++++----- packages/medusa/src/types/routing.ts | 9 +++++++-- .../medusa/src/utils/authenticate-middleware.ts | 14 ++++++++++++-- 11 files changed, 52 insertions(+), 34 deletions(-) diff --git a/packages/medusa/src/api-v2/admin/customer-groups/route.ts b/packages/medusa/src/api-v2/admin/customer-groups/route.ts index 739ab48b9d7eb..7629aba7777d9 100644 --- a/packages/medusa/src/api-v2/admin/customer-groups/route.ts +++ b/packages/medusa/src/api-v2/admin/customer-groups/route.ts @@ -30,7 +30,7 @@ export const POST = async (req: MedusaRequest, res: MedusaResponse) => { const customersData = [ { ...(req.validatedBody as CreateCustomerGroupDTO), - created_by: req.auth_user?.app_metadata?.user_id, + created_by: req.auth?.actor_id, }, ] diff --git a/packages/medusa/src/api-v2/admin/customers/route.ts b/packages/medusa/src/api-v2/admin/customers/route.ts index 3a8c3e8a58c05..6a7284e3cc7b7 100644 --- a/packages/medusa/src/api-v2/admin/customers/route.ts +++ b/packages/medusa/src/api-v2/admin/customers/route.ts @@ -48,7 +48,7 @@ export const POST = async (req: MedusaRequest, res: MedusaResponse) => { const customersData = [ { ...(req.validatedBody as CreateCustomerDTO), - created_by: req.auth_user?.app_metadata?.user_id, + created_by: req.auth?.actor_id, }, ] diff --git a/packages/medusa/src/api-v2/admin/invites/accept/route.ts b/packages/medusa/src/api-v2/admin/invites/accept/route.ts index c119c5d66c78f..fb50da886e911 100644 --- a/packages/medusa/src/api-v2/admin/invites/accept/route.ts +++ b/packages/medusa/src/api-v2/admin/invites/accept/route.ts @@ -7,11 +7,11 @@ import { ModuleRegistrationName } from "@medusajs/modules-sdk" import { acceptInviteWorkflow } from "@medusajs/core-flows" export const POST = async (req: MedusaRequest, res: MedusaResponse) => { - if (req.auth_user?.app_metadata?.user_id) { + if (req.auth?.actor_id) { const moduleService: IUserModuleService = req.scope.resolve( ModuleRegistrationName.USER ) - const user = moduleService.retrieve(req.auth_user.app_metadata.user_id) + const user = moduleService.retrieve(req.auth?.actor_id) res.status(200).json({ user }) return } @@ -20,7 +20,7 @@ export const POST = async (req: MedusaRequest, res: MedusaResponse) => { const input = { invite_token: req.filterableFields.token as string, - auth_user_id: req.auth_user!.id, + auth_user_id: req.auth?.auth_user_id, user: req.validatedBody as AdminPostInvitesInviteAcceptReq, } as InviteWorkflow.AcceptInviteWorkflowInputDTO diff --git a/packages/medusa/src/api-v2/auth/session/route.ts b/packages/medusa/src/api-v2/auth/session/route.ts index 3d1f249939660..1f3ac003bdf4f 100644 --- a/packages/medusa/src/api-v2/auth/session/route.ts +++ b/packages/medusa/src/api-v2/auth/session/route.ts @@ -1,7 +1,7 @@ import { MedusaRequest, MedusaResponse } from "../../../types/routing" export const POST = async (req: MedusaRequest, res: MedusaResponse) => { - req.session.auth_user = req.auth_user + req.session.auth_user = req.auth - res.status(200).json({ user: req.auth_user }) + res.status(200).json({ user: req.auth }) } diff --git a/packages/medusa/src/api-v2/store/carts/route.ts b/packages/medusa/src/api-v2/store/carts/route.ts index 971e559e7eae6..ab5143d9e444a 100644 --- a/packages/medusa/src/api-v2/store/carts/route.ts +++ b/packages/medusa/src/api-v2/store/carts/route.ts @@ -1,9 +1,10 @@ -import { createCartWorkflow } from "@medusajs/core-flows" -import { CreateCartWorkflowInputDTO } from "@medusajs/types" -import { remoteQueryObjectFromString } from "@medusajs/utils" import { MedusaRequest, MedusaResponse } from "../../../types/routing" -import { defaultStoreCartFields } from "../carts/query-config" + +import { CreateCartWorkflowInputDTO } from "@medusajs/types" import { StorePostCartReq } from "./validators" +import { createCartWorkflow } from "@medusajs/core-flows" +import { defaultStoreCartFields } from "../carts/query-config" +import { remoteQueryObjectFromString } from "@medusajs/utils" export const POST = async (req: MedusaRequest, res: MedusaResponse) => { const input = req.validatedBody as StorePostCartReq @@ -12,8 +13,8 @@ export const POST = async (req: MedusaRequest, res: MedusaResponse) => { } // If the customer is logged in, we auto-assign them to the cart - if (req.auth_user?.app_metadata?.customer_id) { - workflowInput.customer_id = req.auth_user!.app_metadata?.customer_id + if (req.auth?.actor_id) { + workflowInput.customer_id = req.auth!.actor_id } const { result, errors } = await createCartWorkflow(req.scope).run({ diff --git a/packages/medusa/src/api-v2/store/customers/me/addresses/[address_id]/route.ts b/packages/medusa/src/api-v2/store/customers/me/addresses/[address_id]/route.ts index 8ab50d4cdffd2..7b48f5317979f 100644 --- a/packages/medusa/src/api-v2/store/customers/me/addresses/[address_id]/route.ts +++ b/packages/medusa/src/api-v2/store/customers/me/addresses/[address_id]/route.ts @@ -1,14 +1,15 @@ +import { CustomerAddressDTO, ICustomerModuleService } from "@medusajs/types" +import { MedusaRequest, MedusaResponse } from "../../../../../../types/routing" import { - updateCustomerAddressesWorkflow, deleteCustomerAddressesWorkflow, + updateCustomerAddressesWorkflow, } from "@medusajs/core-flows" -import { ModuleRegistrationName } from "@medusajs/modules-sdk" -import { CustomerAddressDTO, ICustomerModuleService } from "@medusajs/types" + import { MedusaError } from "@medusajs/utils" -import { MedusaRequest, MedusaResponse } from "../../../../../../types/routing" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" export const GET = async (req: MedusaRequest, res: MedusaResponse) => { - const id = req.auth_user!.app_metadata.customer_id + const id = req.auth?.actor_id const customerModuleService = req.scope.resolve( ModuleRegistrationName.CUSTOMER @@ -26,7 +27,7 @@ export const GET = async (req: MedusaRequest, res: MedusaResponse) => { } export const POST = async (req: MedusaRequest, res: MedusaResponse) => { - const id = req.auth_user!.app_metadata.customer_id + const id = req.auth!.actor_id! const service = req.scope.resolve( ModuleRegistrationName.CUSTOMER ) @@ -50,7 +51,7 @@ export const POST = async (req: MedusaRequest, res: MedusaResponse) => { } export const DELETE = async (req: MedusaRequest, res: MedusaResponse) => { - const id = req.auth_user!.app_metadata.customer_id + const id = req.auth!.actor_id const service = req.scope.resolve( ModuleRegistrationName.CUSTOMER diff --git a/packages/medusa/src/api-v2/store/customers/me/addresses/route.ts b/packages/medusa/src/api-v2/store/customers/me/addresses/route.ts index 1cb19543f465d..ad33712eebdf1 100644 --- a/packages/medusa/src/api-v2/store/customers/me/addresses/route.ts +++ b/packages/medusa/src/api-v2/store/customers/me/addresses/route.ts @@ -1,13 +1,14 @@ -import { createCustomerAddressesWorkflow } from "@medusajs/core-flows" -import { ModuleRegistrationName } from "@medusajs/modules-sdk" import { CreateCustomerAddressDTO, ICustomerModuleService, } from "@medusajs/types" import { MedusaRequest, MedusaResponse } from "../../../../../types/routing" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { createCustomerAddressesWorkflow } from "@medusajs/core-flows" + export const GET = async (req: MedusaRequest, res: MedusaResponse) => { - const customerId = req.auth_user!.app_metadata.customer_id + const customerId = req.auth!.actor_id const customerModuleService = req.scope.resolve( ModuleRegistrationName.CUSTOMER @@ -29,7 +30,7 @@ export const GET = async (req: MedusaRequest, res: MedusaResponse) => { } export const POST = async (req: MedusaRequest, res: MedusaResponse) => { - const customerId = req.auth_user!.app_metadata.customer_id + const customerId = req.auth!.actor_id! const createAddresses = createCustomerAddressesWorkflow(req.scope) const addresses = [ diff --git a/packages/medusa/src/api-v2/store/customers/me/route.ts b/packages/medusa/src/api-v2/store/customers/me/route.ts index 83b654f84cbb5..bfb97e19929af 100644 --- a/packages/medusa/src/api-v2/store/customers/me/route.ts +++ b/packages/medusa/src/api-v2/store/customers/me/route.ts @@ -3,7 +3,7 @@ import { MedusaRequest, MedusaResponse } from "../../../../types/routing" import { ModuleRegistrationName } from "@medusajs/modules-sdk" export const GET = async (req: MedusaRequest, res: MedusaResponse) => { - const id = req.auth_user!.app_metadata?.customer_id + const id = req.auth?.actor_id const customerModule = req.scope.resolve(ModuleRegistrationName.CUSTOMER) diff --git a/packages/medusa/src/api-v2/store/customers/route.ts b/packages/medusa/src/api-v2/store/customers/route.ts index 14fb4f1653e91..cb69756ee2933 100644 --- a/packages/medusa/src/api-v2/store/customers/route.ts +++ b/packages/medusa/src/api-v2/store/customers/route.ts @@ -1,21 +1,21 @@ -import { MedusaRequest, MedusaResponse } from "../../../types/routing" - import { ContainerRegistrationKeys, remoteQueryObjectFromString, } from "@medusajs/utils" +import { MedusaRequest, MedusaResponse } from "../../../types/routing" + import { CreateCustomerDTO } from "@medusajs/types" import { createCustomerAccountWorkflow } from "@medusajs/core-flows" export const POST = async (req: MedusaRequest, res: MedusaResponse) => { - if (req.auth_user?.app_metadata?.customer_id) { + if (req.auth!.actor_id) { const remoteQuery = req.scope.resolve( ContainerRegistrationKeys.REMOTE_QUERY ) const query = remoteQueryObjectFromString({ entryPoint: "customer", - variables: { id: req.auth_user.app_metadata.customer_id }, + variables: { id: req.auth?.actor_id }, fields: [], }) const [customer] = await remoteQuery(query) @@ -29,7 +29,7 @@ export const POST = async (req: MedusaRequest, res: MedusaResponse) => { const customersData = req.validatedBody as CreateCustomerDTO const { result } = await createCustomers.run({ - input: { customersData, authUserId: req.auth_user!.id }, + input: { customersData, authUserId: req.auth!.auth_user_id }, }) // Set customer_id on session user if we are in session diff --git a/packages/medusa/src/types/routing.ts b/packages/medusa/src/types/routing.ts index 47f1dcfb719c7..e70d54809428d 100644 --- a/packages/medusa/src/types/routing.ts +++ b/packages/medusa/src/types/routing.ts @@ -1,6 +1,6 @@ +import type { Customer, User } from "../models" import type { NextFunction, Request, Response } from "express" -import type { Customer, User } from "../models" import type { MedusaContainer } from "./global" export interface MedusaRequest extends Request { @@ -8,7 +8,12 @@ export interface MedusaRequest extends Request { scope: MedusaContainer session?: any requestId?: string - auth_user?: { id: string; app_metadata: Record; scope: string } + auth?: { + actor_id: string + auth_user_id: string + app_metadata: Record + scope: string + } } export type MedusaResponse = Response diff --git a/packages/medusa/src/utils/authenticate-middleware.ts b/packages/medusa/src/utils/authenticate-middleware.ts index f4a53ff4055d9..c325fcc7b2317 100644 --- a/packages/medusa/src/utils/authenticate-middleware.ts +++ b/packages/medusa/src/utils/authenticate-middleware.ts @@ -82,8 +82,9 @@ export const authenticate = ( authUser && (isRegistered || (!isRegistered && options.allowUnregistered)) ) { - req.auth_user = { - id: authUser.id, + req.auth = { + actor_id: getActorId(authUser, authScope) as string, + auth_user_id: authUser.id, app_metadata: authUser.app_metadata, scope: authUser.scope, } @@ -97,3 +98,12 @@ export const authenticate = ( res.status(401).json({ message: "Unauthorized" }) } } + +const getActorId = (authUser: AuthUserDTO, scope: string | RegExp) => { + if (stringEqualsOrRegexMatch(scope, "admin")) { + return authUser.app_metadata.user_id + } else if (stringEqualsOrRegexMatch(scope, "store")) { + return authUser.app_metadata.customer_id + } + return authUser.app_metadata.medusa_id +} From 515441b839dcc6bf1228270128b6fca139d4d280 Mon Sep 17 00:00:00 2001 From: Philip Korsholm Date: Fri, 23 Feb 2024 08:00:18 +0800 Subject: [PATCH 11/18] pr feedback --- .../medusa/src/api-v2/admin/campaigns/middlewares.ts | 5 +---- .../medusa/src/api-v2/admin/invites/accept/route.ts | 11 ++++------- .../medusa/src/api-v2/admin/promotions/middlewares.ts | 5 +---- 3 files changed, 6 insertions(+), 15 deletions(-) diff --git a/packages/medusa/src/api-v2/admin/campaigns/middlewares.ts b/packages/medusa/src/api-v2/admin/campaigns/middlewares.ts index b71c993c5eb32..7be2be5dee748 100644 --- a/packages/medusa/src/api-v2/admin/campaigns/middlewares.ts +++ b/packages/medusa/src/api-v2/admin/campaigns/middlewares.ts @@ -19,10 +19,7 @@ import { authenticate } from "../../../utils/authenticate-middleware" export const adminCampaignRoutesMiddlewares: MiddlewareRoute[] = [ { matcher: "/admin/campaigns*", - middlewares: [ - isFeatureFlagEnabled(MedusaV2Flag.key), - authenticate("admin", ["bearer", "session"]), - ], + middlewares: [authenticate("admin", ["bearer", "session"])], }, { method: ["GET"], diff --git a/packages/medusa/src/api-v2/admin/invites/accept/route.ts b/packages/medusa/src/api-v2/admin/invites/accept/route.ts index fb50da886e911..8182ebcfbca1e 100644 --- a/packages/medusa/src/api-v2/admin/invites/accept/route.ts +++ b/packages/medusa/src/api-v2/admin/invites/accept/route.ts @@ -26,14 +26,11 @@ export const POST = async (req: MedusaRequest, res: MedusaResponse) => { let users try { - const { result: userss } = await workflow.run({ input }) - users = userss + const { result } = await workflow.run({ input }) + users = result } catch (e) { - if (e.message.startsWith("jwt malformed")) { - res.status(401).json({ message: "Unauthorized" }) - return - } - throw e + res.status(401).json({ message: "Unauthorized" }) + return } // Set customer_id on session user if we are in session diff --git a/packages/medusa/src/api-v2/admin/promotions/middlewares.ts b/packages/medusa/src/api-v2/admin/promotions/middlewares.ts index afed009d3d71f..37362a0c7e972 100644 --- a/packages/medusa/src/api-v2/admin/promotions/middlewares.ts +++ b/packages/medusa/src/api-v2/admin/promotions/middlewares.ts @@ -19,10 +19,7 @@ import { authenticate } from "../../../utils/authenticate-middleware" export const adminPromotionRoutesMiddlewares: MiddlewareRoute[] = [ { matcher: "/admin/promotions*", - middlewares: [ - isFeatureFlagEnabled(MedusaV2Flag.key), - authenticate("admin", ["bearer", "session"]), - ], + middlewares: [authenticate("admin", ["bearer", "session"])], }, { method: ["GET"], From cda61368a8d84ef5506f833c8d2f6c7f82829ca5 Mon Sep 17 00:00:00 2001 From: Philip Korsholm Date: Mon, 26 Feb 2024 11:08:51 +0800 Subject: [PATCH 12/18] update authenticatedRequest type --- packages/medusa/src/types/routing.ts | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/packages/medusa/src/types/routing.ts b/packages/medusa/src/types/routing.ts index e70d54809428d..15c8f0f55c0e0 100644 --- a/packages/medusa/src/types/routing.ts +++ b/packages/medusa/src/types/routing.ts @@ -2,13 +2,23 @@ import type { Customer, User } from "../models" import type { NextFunction, Request, Response } from "express" import type { MedusaContainer } from "./global" +import { RequestQueryFields } from "@medusajs/types" -export interface MedusaRequest extends Request { - user?: (User | Customer) & { customer_id?: string; userId?: string } +export interface MedusaRequest extends Request { + validatedBody: Body + validatedQuery: RequestQueryFields & Record + allowedProperties: string[] + includes?: Record + errors: string[] scope: MedusaContainer session?: any requestId?: string - auth?: { +} + +export interface AuthenticatedMedusaRequest + extends MedusaRequest { + user: (User | Customer) & { customer_id?: string; userId?: string } // TODO: Remove this property when v2 is released + auth: { actor_id: string auth_user_id: string app_metadata: Record @@ -21,7 +31,7 @@ export type MedusaResponse = Response export type MedusaNextFunction = NextFunction export type MedusaRequestHandler = ( - req: MedusaRequest, + req: MedusaRequest, res: MedusaResponse, next: MedusaNextFunction ) => Promise | void From 24a5bddec52d62fcaf677c348ec39f4cb27b8afb Mon Sep 17 00:00:00 2001 From: Philip Korsholm Date: Mon, 26 Feb 2024 11:09:04 +0800 Subject: [PATCH 13/18] update store authenticated endpoints --- .../admin/workflows-executions/[id]/route.ts | 5 ++-- .../me/addresses/[address_id]/route.ts | 29 ++++++++++++++----- .../store/customers/me/addresses/route.ts | 22 ++++++++++---- .../src/api-v2/store/customers/me/route.ts | 12 ++++++-- 4 files changed, 49 insertions(+), 19 deletions(-) diff --git a/packages/medusa/src/api-v2/admin/workflows-executions/[id]/route.ts b/packages/medusa/src/api-v2/admin/workflows-executions/[id]/route.ts index f411fe397c8cb..a1b96d29998aa 100644 --- a/packages/medusa/src/api-v2/admin/workflows-executions/[id]/route.ts +++ b/packages/medusa/src/api-v2/admin/workflows-executions/[id]/route.ts @@ -1,7 +1,8 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" -import { IWorkflowEngineService } from "@medusajs/workflows-sdk" import { MedusaRequest, MedusaResponse } from "../../../../types/routing" +import { IWorkflowEngineService } from "@medusajs/workflows-sdk" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" + export const GET = async (req: MedusaRequest, res: MedusaResponse) => { const workflowEngineService: IWorkflowEngineService = req.scope.resolve( ModuleRegistrationName.WORKFLOW_ENGINE diff --git a/packages/medusa/src/api-v2/store/customers/me/addresses/[address_id]/route.ts b/packages/medusa/src/api-v2/store/customers/me/addresses/[address_id]/route.ts index 7b48f5317979f..f4fbced6d8a66 100644 --- a/packages/medusa/src/api-v2/store/customers/me/addresses/[address_id]/route.ts +++ b/packages/medusa/src/api-v2/store/customers/me/addresses/[address_id]/route.ts @@ -1,5 +1,9 @@ +import { + AuthenticatedMedusaRequest, + MedusaRequest, + MedusaResponse, +} from "../../../../../../types/routing" import { CustomerAddressDTO, ICustomerModuleService } from "@medusajs/types" -import { MedusaRequest, MedusaResponse } from "../../../../../../types/routing" import { deleteCustomerAddressesWorkflow, updateCustomerAddressesWorkflow, @@ -8,8 +12,11 @@ import { import { MedusaError } from "@medusajs/utils" import { ModuleRegistrationName } from "@medusajs/modules-sdk" -export const GET = async (req: MedusaRequest, res: MedusaResponse) => { - const id = req.auth?.actor_id +export const GET = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { + const id = req.auth.actor_id const customerModuleService = req.scope.resolve( ModuleRegistrationName.CUSTOMER @@ -26,8 +33,11 @@ export const GET = async (req: MedusaRequest, res: MedusaResponse) => { res.status(200).json({ address }) } -export const POST = async (req: MedusaRequest, res: MedusaResponse) => { - const id = req.auth!.actor_id! +export const POST = async ( + req: AuthenticatedMedusaRequest>, + res: MedusaResponse +) => { + const id = req.auth.actor_id! const service = req.scope.resolve( ModuleRegistrationName.CUSTOMER ) @@ -38,7 +48,7 @@ export const POST = async (req: MedusaRequest, res: MedusaResponse) => { const { result, errors } = await updateAddresses.run({ input: { selector: { id: req.params.address_id, customer_id: req.params.id }, - update: req.validatedBody as Partial, + update: req.validatedBody, }, throwOnError: false, }) @@ -50,8 +60,11 @@ export const POST = async (req: MedusaRequest, res: MedusaResponse) => { res.status(200).json({ address: result[0] }) } -export const DELETE = async (req: MedusaRequest, res: MedusaResponse) => { - const id = req.auth!.actor_id +export const DELETE = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { + const id = req.auth.actor_id const service = req.scope.resolve( ModuleRegistrationName.CUSTOMER diff --git a/packages/medusa/src/api-v2/store/customers/me/addresses/route.ts b/packages/medusa/src/api-v2/store/customers/me/addresses/route.ts index ad33712eebdf1..ef1eee18d4752 100644 --- a/packages/medusa/src/api-v2/store/customers/me/addresses/route.ts +++ b/packages/medusa/src/api-v2/store/customers/me/addresses/route.ts @@ -1,14 +1,21 @@ +import { + AuthenticatedMedusaRequest, + MedusaRequest, + MedusaResponse, +} from "../../../../../types/routing" import { CreateCustomerAddressDTO, ICustomerModuleService, } from "@medusajs/types" -import { MedusaRequest, MedusaResponse } from "../../../../../types/routing" import { ModuleRegistrationName } from "@medusajs/modules-sdk" import { createCustomerAddressesWorkflow } from "@medusajs/core-flows" -export const GET = async (req: MedusaRequest, res: MedusaResponse) => { - const customerId = req.auth!.actor_id +export const GET = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { + const customerId = req.auth.actor_id const customerModuleService = req.scope.resolve( ModuleRegistrationName.CUSTOMER @@ -29,13 +36,16 @@ export const GET = async (req: MedusaRequest, res: MedusaResponse) => { }) } -export const POST = async (req: MedusaRequest, res: MedusaResponse) => { - const customerId = req.auth!.actor_id! +export const POST = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { + const customerId = req.auth.actor_id const createAddresses = createCustomerAddressesWorkflow(req.scope) const addresses = [ { - ...(req.validatedBody as CreateCustomerAddressDTO), + ...req.validatedBody, customer_id: customerId, }, ] diff --git a/packages/medusa/src/api-v2/store/customers/me/route.ts b/packages/medusa/src/api-v2/store/customers/me/route.ts index bfb97e19929af..657979f3dc0e5 100644 --- a/packages/medusa/src/api-v2/store/customers/me/route.ts +++ b/packages/medusa/src/api-v2/store/customers/me/route.ts @@ -1,9 +1,15 @@ -import { MedusaRequest, MedusaResponse } from "../../../../types/routing" +import { + AuthenticatedMedusaRequest, + MedusaResponse, +} from "../../../../types/routing" import { ModuleRegistrationName } from "@medusajs/modules-sdk" -export const GET = async (req: MedusaRequest, res: MedusaResponse) => { - const id = req.auth?.actor_id +export const GET = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { + const id = req.auth.actor_id const customerModule = req.scope.resolve(ModuleRegistrationName.CUSTOMER) From ef5dd9a9bc40ac5cf4a6a3d958d3b93525e15e1b Mon Sep 17 00:00:00 2001 From: Philip Korsholm Date: Mon, 26 Feb 2024 11:39:11 +0800 Subject: [PATCH 14/18] update routes with type --- .../src/api-v2/admin/campaigns/[id]/route.ts | 27 ++++++++++++---- .../src/api-v2/admin/campaigns/route.ts | 23 ++++++++++---- .../[id]/customers/batch/route.ts | 17 +++++++--- .../[id]/customers/remove/route.ts | 16 +++++++--- .../customer-groups/[id]/customers/route.ts | 13 ++++++-- .../admin/customer-groups/[id]/route.ts | 31 +++++++++++++------ .../src/api-v2/admin/customer-groups/route.ts | 20 +++++++++--- .../[id]/addresses/[address_id]/route.ts | 27 +++++++++++----- .../admin/customers/[id]/addresses/route.ts | 22 +++++++++---- .../src/api-v2/admin/customers/[id]/route.ts | 31 +++++++++++++------ .../src/api-v2/admin/customers/route.ts | 17 +++++++--- .../src/api-v2/admin/invites/[id]/route.ts | 18 ++++++++--- .../src/api-v2/admin/invites/accept/route.ts | 16 +++++++--- .../medusa/src/api-v2/admin/invites/route.ts | 20 +++++++++--- .../src/api-v2/admin/promotions/[id]/route.ts | 26 ++++++++++++---- .../src/api-v2/admin/promotions/route.ts | 22 +++++++++---- .../src/api-v2/admin/regions/[id]/route.ts | 25 +++++++++++---- .../medusa/src/api-v2/admin/regions/route.ts | 22 +++++++++---- .../src/api-v2/admin/users/[id]/route.ts | 29 +++++++++++------ .../medusa/src/api-v2/admin/users/route.ts | 20 +++++++++--- .../admin/workflows-executions/[id]/route.ts | 10 ++++-- .../[step_id]/subscribe/route.ts | 12 ++++--- .../[workflow_id]/[transaction_id]/route.ts | 13 ++++++-- .../[workflow_id]/run/route.ts | 16 +++++++--- .../[workflow_id]/steps/failure/route.ts | 17 +++++++--- .../[workflow_id]/steps/success/route.ts | 17 +++++++--- .../[workflow_id]/subscribe/route.ts | 13 ++++++-- .../admin/workflows-executions/route.ts | 13 ++++++-- .../medusa/src/api-v2/auth/session/route.ts | 10 ++++-- .../src/api-v2/store/carts/[id]/route.ts | 13 +++++--- .../medusa/src/api-v2/store/carts/route.ts | 15 ++++++--- 31 files changed, 431 insertions(+), 160 deletions(-) diff --git a/packages/medusa/src/api-v2/admin/campaigns/[id]/route.ts b/packages/medusa/src/api-v2/admin/campaigns/[id]/route.ts index a9d3a62434172..96af4a256210d 100644 --- a/packages/medusa/src/api-v2/admin/campaigns/[id]/route.ts +++ b/packages/medusa/src/api-v2/admin/campaigns/[id]/route.ts @@ -1,12 +1,21 @@ +import { + AuthenticatedMedusaRequest, + MedusaRequest, + MedusaResponse, +} from "../../../../types/routing" import { deleteCampaignsWorkflow, updateCampaignsWorkflow, } from "@medusajs/core-flows" -import { ModuleRegistrationName } from "@medusajs/modules-sdk" + +import { AdminPostCampaignsReq } from "../validators" import { IPromotionModuleService } from "@medusajs/types" -import { MedusaRequest, MedusaResponse } from "../../../../types/routing" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" -export const GET = async (req: MedusaRequest, res: MedusaResponse) => { +export const GET = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const promotionModuleService: IPromotionModuleService = req.scope.resolve( ModuleRegistrationName.PROMOTION ) @@ -22,12 +31,15 @@ export const GET = async (req: MedusaRequest, res: MedusaResponse) => { res.status(200).json({ campaign }) } -export const POST = async (req: MedusaRequest, res: MedusaResponse) => { +export const POST = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const updateCampaigns = updateCampaignsWorkflow(req.scope) const campaignsData = [ { id: req.params.id, - ...(req.validatedBody || {}), + ...req.validatedBody, }, ] @@ -43,7 +55,10 @@ export const POST = async (req: MedusaRequest, res: MedusaResponse) => { res.status(200).json({ campaign: result[0] }) } -export const DELETE = async (req: MedusaRequest, res: MedusaResponse) => { +export const DELETE = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const id = req.params.id const manager = req.scope.resolve("manager") const deleteCampaigns = deleteCampaignsWorkflow(req.scope) diff --git a/packages/medusa/src/api-v2/admin/campaigns/route.ts b/packages/medusa/src/api-v2/admin/campaigns/route.ts index e3c4159ab0ce9..cc0be86ea869e 100644 --- a/packages/medusa/src/api-v2/admin/campaigns/route.ts +++ b/packages/medusa/src/api-v2/admin/campaigns/route.ts @@ -1,9 +1,17 @@ -import { createCampaignsWorkflow } from "@medusajs/core-flows" -import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { + AuthenticatedMedusaRequest, + MedusaRequest, + MedusaResponse, +} from "../../../types/routing" import { CreateCampaignDTO, IPromotionModuleService } from "@medusajs/types" -import { MedusaRequest, MedusaResponse } from "../../../types/routing" -export const GET = async (req: MedusaRequest, res: MedusaResponse) => { +import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { createCampaignsWorkflow } from "@medusajs/core-flows" + +export const GET = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const promotionModuleService: IPromotionModuleService = req.scope.resolve( ModuleRegistrationName.PROMOTION ) @@ -23,9 +31,12 @@ export const GET = async (req: MedusaRequest, res: MedusaResponse) => { }) } -export const POST = async (req: MedusaRequest, res: MedusaResponse) => { +export const POST = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const createCampaigns = createCampaignsWorkflow(req.scope) - const campaignsData = [req.validatedBody as CreateCampaignDTO] + const campaignsData = [req.validatedBody] const { result, errors } = await createCampaigns.run({ input: { campaignsData }, diff --git a/packages/medusa/src/api-v2/admin/customer-groups/[id]/customers/batch/route.ts b/packages/medusa/src/api-v2/admin/customer-groups/[id]/customers/batch/route.ts index d766dfb6e90aa..066fd3cabb40e 100644 --- a/packages/medusa/src/api-v2/admin/customer-groups/[id]/customers/batch/route.ts +++ b/packages/medusa/src/api-v2/admin/customer-groups/[id]/customers/batch/route.ts @@ -1,11 +1,18 @@ -import { createCustomerGroupCustomersWorkflow } from "@medusajs/core-flows" -import { MedusaRequest, MedusaResponse } from "../../../../../../types/routing" +import { + AuthenticatedMedusaRequest, + MedusaResponse, +} from "../../../../../../types/routing" + import { AdminPostCustomerGroupsGroupCustomersBatchReq } from "../../../validators" +import { createCustomerGroupCustomersWorkflow } from "@medusajs/core-flows" -export const POST = async (req: MedusaRequest, res: MedusaResponse) => { +export const POST = async ( + // eslint-disable-next-line max-len + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const { id } = req.params - const { customer_ids } = - req.validatedBody as AdminPostCustomerGroupsGroupCustomersBatchReq + const { customer_ids } = req.validatedBody const createCustomers = createCustomerGroupCustomersWorkflow(req.scope) diff --git a/packages/medusa/src/api-v2/admin/customer-groups/[id]/customers/remove/route.ts b/packages/medusa/src/api-v2/admin/customer-groups/[id]/customers/remove/route.ts index 8e8647f733f67..529ccfbc621c4 100644 --- a/packages/medusa/src/api-v2/admin/customer-groups/[id]/customers/remove/route.ts +++ b/packages/medusa/src/api-v2/admin/customer-groups/[id]/customers/remove/route.ts @@ -1,12 +1,18 @@ -import { deleteCustomerGroupCustomersWorkflow } from "@medusajs/core-flows" +import { + AuthenticatedMedusaRequest, + MedusaResponse, +} from "../../../../../../types/routing" -import { MedusaRequest, MedusaResponse } from "../../../../../../types/routing" import { AdminPostCustomerGroupsGroupCustomersBatchReq } from "../../../validators" +import { deleteCustomerGroupCustomersWorkflow } from "@medusajs/core-flows" -export const POST = async (req: MedusaRequest, res: MedusaResponse) => { +export const POST = async ( + // eslint-disable-next-line max-len + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const { id } = req.params - const { customer_ids } = - req.validatedBody as AdminPostCustomerGroupsGroupCustomersBatchReq + const { customer_ids } = req.validatedBody const deleteCustomers = deleteCustomerGroupCustomersWorkflow(req.scope) diff --git a/packages/medusa/src/api-v2/admin/customer-groups/[id]/customers/route.ts b/packages/medusa/src/api-v2/admin/customer-groups/[id]/customers/route.ts index 84a7fad2537c8..a8acc23b56fdb 100644 --- a/packages/medusa/src/api-v2/admin/customer-groups/[id]/customers/route.ts +++ b/packages/medusa/src/api-v2/admin/customer-groups/[id]/customers/route.ts @@ -1,8 +1,15 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { + AuthenticatedMedusaRequest, + MedusaResponse, +} from "../../../../../types/routing" + import { ICustomerModuleService } from "@medusajs/types" -import { MedusaRequest, MedusaResponse } from "../../../../../types/routing" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" -export const GET = async (req: MedusaRequest, res: MedusaResponse) => { +export const GET = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const { id } = req.params const service = req.scope.resolve( diff --git a/packages/medusa/src/api-v2/admin/customer-groups/[id]/route.ts b/packages/medusa/src/api-v2/admin/customer-groups/[id]/route.ts index 15fbe1cb341a7..8d49c211684f2 100644 --- a/packages/medusa/src/api-v2/admin/customer-groups/[id]/route.ts +++ b/packages/medusa/src/api-v2/admin/customer-groups/[id]/route.ts @@ -1,15 +1,22 @@ import { - updateCustomerGroupsWorkflow, - deleteCustomerGroupsWorkflow, -} from "@medusajs/core-flows" -import { ModuleRegistrationName } from "@medusajs/modules-sdk" + AuthenticatedMedusaRequest, + MedusaResponse, +} from "../../../../types/routing" import { CustomerGroupUpdatableFields, ICustomerModuleService, } from "@medusajs/types" -import { MedusaRequest, MedusaResponse } from "../../../../types/routing" +import { + deleteCustomerGroupsWorkflow, + updateCustomerGroupsWorkflow, +} from "@medusajs/core-flows" + +import { ModuleRegistrationName } from "@medusajs/modules-sdk" -export const GET = async (req: MedusaRequest, res: MedusaResponse) => { +export const GET = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const customerModuleService = req.scope.resolve( ModuleRegistrationName.CUSTOMER ) @@ -25,12 +32,15 @@ export const GET = async (req: MedusaRequest, res: MedusaResponse) => { res.status(200).json({ customer_group: group }) } -export const POST = async (req: MedusaRequest, res: MedusaResponse) => { +export const POST = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const updateGroups = updateCustomerGroupsWorkflow(req.scope) const { result, errors } = await updateGroups.run({ input: { selector: { id: req.params.id }, - update: req.validatedBody as CustomerGroupUpdatableFields, + update: req.validatedBody, }, throwOnError: false, }) @@ -42,7 +52,10 @@ export const POST = async (req: MedusaRequest, res: MedusaResponse) => { res.status(200).json({ customer_group: result[0] }) } -export const DELETE = async (req: MedusaRequest, res: MedusaResponse) => { +export const DELETE = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const id = req.params.id const deleteCustomerGroups = deleteCustomerGroupsWorkflow(req.scope) diff --git a/packages/medusa/src/api-v2/admin/customer-groups/route.ts b/packages/medusa/src/api-v2/admin/customer-groups/route.ts index 7629aba7777d9..c290e34d60453 100644 --- a/packages/medusa/src/api-v2/admin/customer-groups/route.ts +++ b/packages/medusa/src/api-v2/admin/customer-groups/route.ts @@ -1,10 +1,17 @@ +import { + AuthenticatedMedusaRequest, + MedusaRequest, + MedusaResponse, +} from "../../../types/routing" import { CreateCustomerGroupDTO, ICustomerModuleService } from "@medusajs/types" -import { MedusaRequest, MedusaResponse } from "../../../types/routing" import { ModuleRegistrationName } from "@medusajs/modules-sdk" import { createCustomerGroupsWorkflow } from "@medusajs/core-flows" -export const GET = async (req: MedusaRequest, res: MedusaResponse) => { +export const GET = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const customerModuleService = req.scope.resolve( ModuleRegistrationName.CUSTOMER ) @@ -25,12 +32,15 @@ export const GET = async (req: MedusaRequest, res: MedusaResponse) => { }) } -export const POST = async (req: MedusaRequest, res: MedusaResponse) => { +export const POST = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const createGroups = createCustomerGroupsWorkflow(req.scope) const customersData = [ { - ...(req.validatedBody as CreateCustomerGroupDTO), - created_by: req.auth?.actor_id, + ...req.validatedBody, + created_by: req.auth.actor_id, }, ] diff --git a/packages/medusa/src/api-v2/admin/customers/[id]/addresses/[address_id]/route.ts b/packages/medusa/src/api-v2/admin/customers/[id]/addresses/[address_id]/route.ts index 6eecdf55c65e1..636b8ba09b30a 100644 --- a/packages/medusa/src/api-v2/admin/customers/[id]/addresses/[address_id]/route.ts +++ b/packages/medusa/src/api-v2/admin/customers/[id]/addresses/[address_id]/route.ts @@ -1,12 +1,19 @@ import { - updateCustomerAddressesWorkflow, + AuthenticatedMedusaRequest, + MedusaResponse, +} from "../../../../../../types/routing" +import { CustomerAddressDTO, ICustomerModuleService } from "@medusajs/types" +import { deleteCustomerAddressesWorkflow, + updateCustomerAddressesWorkflow, } from "@medusajs/core-flows" + import { ModuleRegistrationName } from "@medusajs/modules-sdk" -import { CustomerAddressDTO, ICustomerModuleService } from "@medusajs/types" -import { MedusaRequest, MedusaResponse } from "../../../../../../types/routing" -export const GET = async (req: MedusaRequest, res: MedusaResponse) => { +export const GET = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const customerModuleService = req.scope.resolve( ModuleRegistrationName.CUSTOMER ) @@ -22,12 +29,15 @@ export const GET = async (req: MedusaRequest, res: MedusaResponse) => { res.status(200).json({ address }) } -export const POST = async (req: MedusaRequest, res: MedusaResponse) => { +export const POST = async ( + req: AuthenticatedMedusaRequest>, + res: MedusaResponse +) => { const updateAddresses = updateCustomerAddressesWorkflow(req.scope) const { result, errors } = await updateAddresses.run({ input: { selector: { id: req.params.address_id, customer_id: req.params.id }, - update: req.validatedBody as Partial, + update: req.validatedBody, }, throwOnError: false, }) @@ -39,7 +49,10 @@ export const POST = async (req: MedusaRequest, res: MedusaResponse) => { res.status(200).json({ address: result[0] }) } -export const DELETE = async (req: MedusaRequest, res: MedusaResponse) => { +export const DELETE = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const id = req.params.address_id const deleteAddress = deleteCustomerAddressesWorkflow(req.scope) diff --git a/packages/medusa/src/api-v2/admin/customers/[id]/addresses/route.ts b/packages/medusa/src/api-v2/admin/customers/[id]/addresses/route.ts index 91927dee0aedc..43aeffb596227 100644 --- a/packages/medusa/src/api-v2/admin/customers/[id]/addresses/route.ts +++ b/packages/medusa/src/api-v2/admin/customers/[id]/addresses/route.ts @@ -1,12 +1,19 @@ -import { createCustomerAddressesWorkflow } from "@medusajs/core-flows" -import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { + AuthenticatedMedusaRequest, + MedusaResponse, +} from "../../../../../types/routing" import { CreateCustomerAddressDTO, ICustomerModuleService, } from "@medusajs/types" -import { MedusaRequest, MedusaResponse } from "../../../../../types/routing" -export const GET = async (req: MedusaRequest, res: MedusaResponse) => { +import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { createCustomerAddressesWorkflow } from "@medusajs/core-flows" + +export const GET = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const customerId = req.params.id const customerModuleService = req.scope.resolve( @@ -28,12 +35,15 @@ export const GET = async (req: MedusaRequest, res: MedusaResponse) => { }) } -export const POST = async (req: MedusaRequest, res: MedusaResponse) => { +export const POST = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const customerId = req.params.id const createAddresses = createCustomerAddressesWorkflow(req.scope) const addresses = [ { - ...(req.validatedBody as CreateCustomerAddressDTO), + ...req.validatedBody, customer_id: customerId, }, ] diff --git a/packages/medusa/src/api-v2/admin/customers/[id]/route.ts b/packages/medusa/src/api-v2/admin/customers/[id]/route.ts index fbf8c8cc6e8a5..b2255116fef1d 100644 --- a/packages/medusa/src/api-v2/admin/customers/[id]/route.ts +++ b/packages/medusa/src/api-v2/admin/customers/[id]/route.ts @@ -1,15 +1,22 @@ import { - updateCustomersWorkflow, - deleteCustomersWorkflow, -} from "@medusajs/core-flows" -import { ModuleRegistrationName } from "@medusajs/modules-sdk" + AuthenticatedMedusaRequest, + MedusaResponse, +} from "../../../../types/routing" import { CustomerUpdatableFields, ICustomerModuleService, } from "@medusajs/types" -import { MedusaRequest, MedusaResponse } from "../../../../types/routing" +import { + deleteCustomersWorkflow, + updateCustomersWorkflow, +} from "@medusajs/core-flows" + +import { ModuleRegistrationName } from "@medusajs/modules-sdk" -export const GET = async (req: MedusaRequest, res: MedusaResponse) => { +export const GET = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const customerModuleService = req.scope.resolve( ModuleRegistrationName.CUSTOMER ) @@ -22,12 +29,15 @@ export const GET = async (req: MedusaRequest, res: MedusaResponse) => { res.status(200).json({ customer }) } -export const POST = async (req: MedusaRequest, res: MedusaResponse) => { +export const POST = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const updateCustomers = updateCustomersWorkflow(req.scope) const { result, errors } = await updateCustomers.run({ input: { selector: { id: req.params.id }, - update: req.validatedBody as CustomerUpdatableFields, + update: req.validatedBody, }, throwOnError: false, }) @@ -39,7 +49,10 @@ export const POST = async (req: MedusaRequest, res: MedusaResponse) => { res.status(200).json({ customer: result[0] }) } -export const DELETE = async (req: MedusaRequest, res: MedusaResponse) => { +export const DELETE = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const id = req.params.id const deleteCustomers = deleteCustomersWorkflow(req.scope) diff --git a/packages/medusa/src/api-v2/admin/customers/route.ts b/packages/medusa/src/api-v2/admin/customers/route.ts index 6a7284e3cc7b7..a8655b082ce69 100644 --- a/packages/medusa/src/api-v2/admin/customers/route.ts +++ b/packages/medusa/src/api-v2/admin/customers/route.ts @@ -1,10 +1,16 @@ +import { + AuthenticatedMedusaRequest, + MedusaResponse, +} from "../../../types/routing" import { CreateCustomerDTO, ICustomerModuleService } from "@medusajs/types" -import { MedusaRequest, MedusaResponse } from "../../../types/routing" import { ModuleRegistrationName } from "@medusajs/modules-sdk" import { createCustomersWorkflow } from "@medusajs/core-flows" -export const GET = async (req: MedusaRequest, res: MedusaResponse) => { +export const GET = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const customerModuleService = req.scope.resolve( ModuleRegistrationName.CUSTOMER ) @@ -42,12 +48,15 @@ export const GET = async (req: MedusaRequest, res: MedusaResponse) => { }) } -export const POST = async (req: MedusaRequest, res: MedusaResponse) => { +export const POST = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const createCustomers = createCustomersWorkflow(req.scope) const customersData = [ { - ...(req.validatedBody as CreateCustomerDTO), + ...req.validatedBody, created_by: req.auth?.actor_id, }, ] diff --git a/packages/medusa/src/api-v2/admin/invites/[id]/route.ts b/packages/medusa/src/api-v2/admin/invites/[id]/route.ts index ba862c3bff93a..7f0ec5650ee6e 100644 --- a/packages/medusa/src/api-v2/admin/invites/[id]/route.ts +++ b/packages/medusa/src/api-v2/admin/invites/[id]/route.ts @@ -1,15 +1,20 @@ +import { + AuthenticatedMedusaRequest, + MedusaResponse, +} from "../../../../types/routing" import { ContainerRegistrationKeys, MedusaError, remoteQueryObjectFromString, } from "@medusajs/utils" -import { MedusaRequest, MedusaResponse } from "../../../../types/routing" + import { deleteInvitesWorkflow } from "@medusajs/core-flows" -import { IUserModuleService, UpdateUserDTO } from "@medusajs/types" -import { ModuleRegistrationName } from "../../../../../../modules-sdk/dist" // Get invite -export const GET = async (req: MedusaRequest, res: MedusaResponse) => { +export const GET = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const { id } = req.params const remoteQuery = req.scope.resolve(ContainerRegistrationKeys.REMOTE_QUERY) @@ -34,7 +39,10 @@ export const GET = async (req: MedusaRequest, res: MedusaResponse) => { } // delete invite -export const DELETE = async (req: MedusaRequest, res: MedusaResponse) => { +export const DELETE = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const { id } = req.params const workflow = deleteInvitesWorkflow(req.scope) diff --git a/packages/medusa/src/api-v2/admin/invites/accept/route.ts b/packages/medusa/src/api-v2/admin/invites/accept/route.ts index 8182ebcfbca1e..3be66f52ae8d2 100644 --- a/packages/medusa/src/api-v2/admin/invites/accept/route.ts +++ b/packages/medusa/src/api-v2/admin/invites/accept/route.ts @@ -1,4 +1,7 @@ -import { MedusaRequest, MedusaResponse } from "../../../../types/routing" +import { + AuthenticatedMedusaRequest, + MedusaResponse, +} from "../../../../types/routing" import { AdminPostInvitesInviteAcceptReq } from "../validators" import { IUserModuleService } from "@medusajs/types" @@ -6,12 +9,15 @@ import { InviteWorkflow } from "@medusajs/types" import { ModuleRegistrationName } from "@medusajs/modules-sdk" import { acceptInviteWorkflow } from "@medusajs/core-flows" -export const POST = async (req: MedusaRequest, res: MedusaResponse) => { - if (req.auth?.actor_id) { +export const POST = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { + if (req.auth.actor_id) { const moduleService: IUserModuleService = req.scope.resolve( ModuleRegistrationName.USER ) - const user = moduleService.retrieve(req.auth?.actor_id) + const user = moduleService.retrieve(req.auth.actor_id) res.status(200).json({ user }) return } @@ -21,7 +27,7 @@ export const POST = async (req: MedusaRequest, res: MedusaResponse) => { const input = { invite_token: req.filterableFields.token as string, auth_user_id: req.auth?.auth_user_id, - user: req.validatedBody as AdminPostInvitesInviteAcceptReq, + user: req.validatedBody, } as InviteWorkflow.AcceptInviteWorkflowInputDTO let users diff --git a/packages/medusa/src/api-v2/admin/invites/route.ts b/packages/medusa/src/api-v2/admin/invites/route.ts index e52ca97a63d47..e7fbbb2de7c5f 100644 --- a/packages/medusa/src/api-v2/admin/invites/route.ts +++ b/packages/medusa/src/api-v2/admin/invites/route.ts @@ -1,13 +1,20 @@ +import { + AuthenticatedMedusaRequest, + MedusaResponse, +} from "../../../types/routing" import { ContainerRegistrationKeys, remoteQueryObjectFromString, } from "@medusajs/utils" -import { MedusaRequest, MedusaResponse } from "../../../types/routing" + +import { CreateInviteDTO } from "@medusajs/types" import { createInvitesWorkflow } from "@medusajs/core-flows" -import { CreateInviteDTO, CreateUserDTO } from "@medusajs/types" // List invites -export const GET = async (req: MedusaRequest, res: MedusaResponse) => { +export const GET = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const remoteQuery = req.scope.resolve(ContainerRegistrationKeys.REMOTE_QUERY) const query = remoteQueryObjectFromString({ @@ -34,12 +41,15 @@ export const GET = async (req: MedusaRequest, res: MedusaResponse) => { } // Create invite -export const POST = async (req: MedusaRequest, res: MedusaResponse) => { +export const POST = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const workflow = createInvitesWorkflow(req.scope) const input = { input: { - invites: [req.validatedBody as CreateInviteDTO], + invites: [req.validatedBody], }, } diff --git a/packages/medusa/src/api-v2/admin/promotions/[id]/route.ts b/packages/medusa/src/api-v2/admin/promotions/[id]/route.ts index d22211287efbf..15ee5fe44c040 100644 --- a/packages/medusa/src/api-v2/admin/promotions/[id]/route.ts +++ b/packages/medusa/src/api-v2/admin/promotions/[id]/route.ts @@ -1,12 +1,20 @@ +import { + AuthenticatedMedusaRequest, + MedusaResponse, +} from "../../../../types/routing" import { deletePromotionsWorkflow, updatePromotionsWorkflow, } from "@medusajs/core-flows" -import { ModuleRegistrationName } from "@medusajs/modules-sdk" + +import { AdminPostPromotionsPromotionReq } from "../validators" import { IPromotionModuleService } from "@medusajs/types" -import { MedusaRequest, MedusaResponse } from "../../../../types/routing" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" -export const GET = async (req: MedusaRequest, res: MedusaResponse) => { +export const GET = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const promotionModuleService: IPromotionModuleService = req.scope.resolve( ModuleRegistrationName.PROMOTION ) @@ -19,12 +27,15 @@ export const GET = async (req: MedusaRequest, res: MedusaResponse) => { res.status(200).json({ promotion }) } -export const POST = async (req: MedusaRequest, res: MedusaResponse) => { +export const POST = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const updatePromotions = updatePromotionsWorkflow(req.scope) const promotionsData = [ { id: req.params.id, - ...(req.validatedBody || {}), + ...req.validatedBody, }, ] @@ -40,7 +51,10 @@ export const POST = async (req: MedusaRequest, res: MedusaResponse) => { res.status(200).json({ promotion: result[0] }) } -export const DELETE = async (req: MedusaRequest, res: MedusaResponse) => { +export const DELETE = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const id = req.params.id const manager = req.scope.resolve("manager") const deletePromotions = deletePromotionsWorkflow(req.scope) diff --git a/packages/medusa/src/api-v2/admin/promotions/route.ts b/packages/medusa/src/api-v2/admin/promotions/route.ts index 70477ebbe22a2..32334d3e177e4 100644 --- a/packages/medusa/src/api-v2/admin/promotions/route.ts +++ b/packages/medusa/src/api-v2/admin/promotions/route.ts @@ -1,9 +1,16 @@ -import { createPromotionsWorkflow } from "@medusajs/core-flows" -import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { + AuthenticatedMedusaRequest, + MedusaResponse, +} from "../../../types/routing" import { CreatePromotionDTO, IPromotionModuleService } from "@medusajs/types" -import { MedusaRequest, MedusaResponse } from "../../../types/routing" -export const GET = async (req: MedusaRequest, res: MedusaResponse) => { +import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { createPromotionsWorkflow } from "@medusajs/core-flows" + +export const GET = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const promotionModuleService: IPromotionModuleService = req.scope.resolve( ModuleRegistrationName.PROMOTION ) @@ -23,9 +30,12 @@ export const GET = async (req: MedusaRequest, res: MedusaResponse) => { }) } -export const POST = async (req: MedusaRequest, res: MedusaResponse) => { +export const POST = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const createPromotions = createPromotionsWorkflow(req.scope) - const promotionsData = [req.validatedBody as CreatePromotionDTO] + const promotionsData = [req.validatedBody] const { result, errors } = await createPromotions.run({ input: { promotionsData }, diff --git a/packages/medusa/src/api-v2/admin/regions/[id]/route.ts b/packages/medusa/src/api-v2/admin/regions/[id]/route.ts index 3167c36430336..bb3aa6a58257c 100644 --- a/packages/medusa/src/api-v2/admin/regions/[id]/route.ts +++ b/packages/medusa/src/api-v2/admin/regions/[id]/route.ts @@ -1,13 +1,20 @@ +import { + AuthenticatedMedusaRequest, + MedusaResponse, +} from "../../../../types/routing" import { deleteRegionsWorkflow, updateRegionsWorkflow, } from "@medusajs/core-flows" + import { UpdatableRegionFields } from "@medusajs/types" -import { remoteQueryObjectFromString } from "@medusajs/utils" -import { MedusaRequest, MedusaResponse } from "../../../../types/routing" import { defaultAdminRegionFields } from "../query-config" +import { remoteQueryObjectFromString } from "@medusajs/utils" -export const GET = async (req: MedusaRequest, res: MedusaResponse) => { +export const GET = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const remoteQuery = req.scope.resolve("remoteQuery") const variables = { id: req.params.id } @@ -23,11 +30,14 @@ export const GET = async (req: MedusaRequest, res: MedusaResponse) => { res.status(200).json({ region }) } -export const POST = async (req: MedusaRequest, res: MedusaResponse) => { +export const POST = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const { result, errors } = await updateRegionsWorkflow(req.scope).run({ input: { selector: { id: req.params.id }, - update: req.validatedBody as UpdatableRegionFields, + update: req.validatedBody, }, throwOnError: false, }) @@ -39,7 +49,10 @@ export const POST = async (req: MedusaRequest, res: MedusaResponse) => { res.status(200).json({ region: result[0] }) } -export const DELETE = async (req: MedusaRequest, res: MedusaResponse) => { +export const DELETE = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const id = req.params.id const { errors } = await deleteRegionsWorkflow(req.scope).run({ diff --git a/packages/medusa/src/api-v2/admin/regions/route.ts b/packages/medusa/src/api-v2/admin/regions/route.ts index 89cfeeaecf945..0a250b0b5b4f9 100644 --- a/packages/medusa/src/api-v2/admin/regions/route.ts +++ b/packages/medusa/src/api-v2/admin/regions/route.ts @@ -1,10 +1,17 @@ -import { createRegionsWorkflow } from "@medusajs/core-flows" +import { + AuthenticatedMedusaRequest, + MedusaResponse, +} from "../../../types/routing" + import { CreateRegionDTO } from "@medusajs/types" -import { remoteQueryObjectFromString } from "@medusajs/utils" -import { MedusaRequest, MedusaResponse } from "../../../types/routing" +import { createRegionsWorkflow } from "@medusajs/core-flows" import { defaultAdminRegionFields } from "./query-config" +import { remoteQueryObjectFromString } from "@medusajs/utils" -export const GET = async (req: MedusaRequest, res: MedusaResponse) => { +export const GET = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const remoteQuery = req.scope.resolve("remoteQuery") const queryObject = remoteQueryObjectFromString({ @@ -28,10 +35,13 @@ export const GET = async (req: MedusaRequest, res: MedusaResponse) => { }) } -export const POST = async (req: MedusaRequest, res: MedusaResponse) => { +export const POST = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const input = [ { - ...(req.validatedBody as CreateRegionDTO), + ...req.validatedBody, }, ] diff --git a/packages/medusa/src/api-v2/admin/users/[id]/route.ts b/packages/medusa/src/api-v2/admin/users/[id]/route.ts index c8a81b9d02fc2..b20b52f3a584e 100644 --- a/packages/medusa/src/api-v2/admin/users/[id]/route.ts +++ b/packages/medusa/src/api-v2/admin/users/[id]/route.ts @@ -1,15 +1,18 @@ import { - ContainerRegistrationKeys, - remoteQueryObjectFromString, -} from "@medusajs/utils" -import { MedusaRequest, MedusaResponse } from "../../../../types/routing" -import { deleteUsersWorkflow, updateUsersWorkflow } from "@medusajs/core-flows" + AuthenticatedMedusaRequest, + MedusaResponse, +} from "../../../../types/routing" import { IUserModuleService, UpdateUserDTO } from "@medusajs/types" -import { ModuleRegistrationName } from "../../../../../../modules-sdk/dist" +import { deleteUsersWorkflow, updateUsersWorkflow } from "@medusajs/core-flows" + import { AdminUpdateUserRequest } from "../validators" +import { ModuleRegistrationName } from "../../../../../../modules-sdk/dist" // Get user -export const GET = async (req: MedusaRequest, res: MedusaResponse) => { +export const GET = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const { id } = req.params const moduleService: IUserModuleService = req.scope.resolve( @@ -21,14 +24,17 @@ export const GET = async (req: MedusaRequest, res: MedusaResponse) => { } // update user -export const POST = async (req: MedusaRequest, res: MedusaResponse) => { +export const POST = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const workflow = updateUsersWorkflow(req.scope) const input = { updates: [ { id: req.params.id, - ...(req.validatedBody as AdminUpdateUserRequest), + ...req.validatedBody, } as UpdateUserDTO, ], } @@ -41,7 +47,10 @@ export const POST = async (req: MedusaRequest, res: MedusaResponse) => { } // delete user -export const DELETE = async (req: MedusaRequest, res: MedusaResponse) => { +export const DELETE = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const { id } = req.params const workflow = deleteUsersWorkflow(req.scope) diff --git a/packages/medusa/src/api-v2/admin/users/route.ts b/packages/medusa/src/api-v2/admin/users/route.ts index bb2c98b044c54..c37bd45db61ee 100644 --- a/packages/medusa/src/api-v2/admin/users/route.ts +++ b/packages/medusa/src/api-v2/admin/users/route.ts @@ -1,12 +1,19 @@ +import { + AuthenticatedMedusaRequest, + MedusaResponse, +} from "../../../types/routing" import { ContainerRegistrationKeys, remoteQueryObjectFromString, } from "@medusajs/utils" -import { MedusaRequest, MedusaResponse } from "../../../types/routing" -import { createUsersWorkflow } from "@medusajs/core-flows" + import { CreateUserDTO } from "@medusajs/types" +import { createUsersWorkflow } from "@medusajs/core-flows" -export const GET = async (req: MedusaRequest, res: MedusaResponse) => { +export const GET = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const remoteQuery = req.scope.resolve(ContainerRegistrationKeys.REMOTE_QUERY) const query = remoteQueryObjectFromString({ @@ -32,12 +39,15 @@ export const GET = async (req: MedusaRequest, res: MedusaResponse) => { }) } -export const POST = async (req: MedusaRequest, res: MedusaResponse) => { +export const POST = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const workflow = createUsersWorkflow(req.scope) const input = { input: { - users: [req.validatedBody as CreateUserDTO], + users: [req.validatedBody], }, } diff --git a/packages/medusa/src/api-v2/admin/workflows-executions/[id]/route.ts b/packages/medusa/src/api-v2/admin/workflows-executions/[id]/route.ts index a1b96d29998aa..3583725e2c2c9 100644 --- a/packages/medusa/src/api-v2/admin/workflows-executions/[id]/route.ts +++ b/packages/medusa/src/api-v2/admin/workflows-executions/[id]/route.ts @@ -1,9 +1,15 @@ -import { MedusaRequest, MedusaResponse } from "../../../../types/routing" +import { + AuthenticatedMedusaRequest, + MedusaResponse, +} from "../../../../types/routing" import { IWorkflowEngineService } from "@medusajs/workflows-sdk" import { ModuleRegistrationName } from "@medusajs/modules-sdk" -export const GET = async (req: MedusaRequest, res: MedusaResponse) => { +export const GET = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const workflowEngineService: IWorkflowEngineService = req.scope.resolve( ModuleRegistrationName.WORKFLOW_ENGINE ) diff --git a/packages/medusa/src/api-v2/admin/workflows-executions/[workflow_id]/[transaction_id]/[step_id]/subscribe/route.ts b/packages/medusa/src/api-v2/admin/workflows-executions/[workflow_id]/[transaction_id]/[step_id]/subscribe/route.ts index 0e75c536e07f0..d960adfe5512b 100644 --- a/packages/medusa/src/api-v2/admin/workflows-executions/[workflow_id]/[transaction_id]/[step_id]/subscribe/route.ts +++ b/packages/medusa/src/api-v2/admin/workflows-executions/[workflow_id]/[transaction_id]/[step_id]/subscribe/route.ts @@ -1,11 +1,15 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" -import { IWorkflowEngineService } from "@medusajs/workflows-sdk" import { - MedusaRequest, + AuthenticatedMedusaRequest, MedusaResponse, } from "../../../../../../../types/routing" -export const GET = async (req: MedusaRequest, res: MedusaResponse) => { +import { IWorkflowEngineService } from "@medusajs/workflows-sdk" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" + +export const GET = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const workflowEngineService: IWorkflowEngineService = req.scope.resolve( ModuleRegistrationName.WORKFLOW_ENGINE ) diff --git a/packages/medusa/src/api-v2/admin/workflows-executions/[workflow_id]/[transaction_id]/route.ts b/packages/medusa/src/api-v2/admin/workflows-executions/[workflow_id]/[transaction_id]/route.ts index 177ee8a93456b..0301e8282a3e2 100644 --- a/packages/medusa/src/api-v2/admin/workflows-executions/[workflow_id]/[transaction_id]/route.ts +++ b/packages/medusa/src/api-v2/admin/workflows-executions/[workflow_id]/[transaction_id]/route.ts @@ -1,8 +1,15 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { + AuthenticatedMedusaRequest, + MedusaResponse, +} from "../../../../../types/routing" + import { IWorkflowEngineService } from "@medusajs/workflows-sdk" -import { MedusaRequest, MedusaResponse } from "../../../../../types/routing" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" -export const GET = async (req: MedusaRequest, res: MedusaResponse) => { +export const GET = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const workflowEngineService: IWorkflowEngineService = req.scope.resolve( ModuleRegistrationName.WORKFLOW_ENGINE ) diff --git a/packages/medusa/src/api-v2/admin/workflows-executions/[workflow_id]/run/route.ts b/packages/medusa/src/api-v2/admin/workflows-executions/[workflow_id]/run/route.ts index 270313cab717e..1f33140f9e36f 100644 --- a/packages/medusa/src/api-v2/admin/workflows-executions/[workflow_id]/run/route.ts +++ b/packages/medusa/src/api-v2/admin/workflows-executions/[workflow_id]/run/route.ts @@ -1,20 +1,26 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { + AuthenticatedMedusaRequest, + MedusaResponse, +} from "../../../../../types/routing" import { IWorkflowEngineService, WorkflowOrchestratorTypes, } from "@medusajs/workflows-sdk" -import { MedusaRequest, MedusaResponse } from "../../../../../types/routing" + import { AdminPostWorkflowsRunReq } from "../../validators" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" -export const POST = async (req: MedusaRequest, res: MedusaResponse) => { +export const POST = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const workflowEngineService: IWorkflowEngineService = req.scope.resolve( ModuleRegistrationName.WORKFLOW_ENGINE ) const { workflow_id } = req.params - const { transaction_id, input } = - req.validatedBody as AdminPostWorkflowsRunReq + const { transaction_id, input } = req.validatedBody const options = { transactionId: transaction_id, diff --git a/packages/medusa/src/api-v2/admin/workflows-executions/[workflow_id]/steps/failure/route.ts b/packages/medusa/src/api-v2/admin/workflows-executions/[workflow_id]/steps/failure/route.ts index 29e3e67a650d1..20c4fecaee75f 100644 --- a/packages/medusa/src/api-v2/admin/workflows-executions/[workflow_id]/steps/failure/route.ts +++ b/packages/medusa/src/api-v2/admin/workflows-executions/[workflow_id]/steps/failure/route.ts @@ -1,17 +1,24 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" -import { TransactionHandlerType, isDefined } from "@medusajs/utils" +import { + AuthenticatedMedusaRequest, + MedusaResponse, +} from "../../../../../../types/routing" import { IWorkflowEngineService, StepResponse } from "@medusajs/workflows-sdk" -import { MedusaRequest, MedusaResponse } from "../../../../../../types/routing" +import { TransactionHandlerType, isDefined } from "@medusajs/utils" + import { AdminPostWorkflowsAsyncResponseReq } from "../../../validators" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" -export const POST = async (req: MedusaRequest, res: MedusaResponse) => { +export const POST = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const workflowEngineService: IWorkflowEngineService = req.scope.resolve( ModuleRegistrationName.WORKFLOW_ENGINE ) const { workflow_id } = req.params - const body = req.validatedBody as AdminPostWorkflowsAsyncResponseReq + const body = req.validatedBody const { transaction_id, step_id } = body diff --git a/packages/medusa/src/api-v2/admin/workflows-executions/[workflow_id]/steps/success/route.ts b/packages/medusa/src/api-v2/admin/workflows-executions/[workflow_id]/steps/success/route.ts index ac5e5d7658746..53d88f86105c9 100644 --- a/packages/medusa/src/api-v2/admin/workflows-executions/[workflow_id]/steps/success/route.ts +++ b/packages/medusa/src/api-v2/admin/workflows-executions/[workflow_id]/steps/success/route.ts @@ -1,17 +1,24 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" -import { TransactionHandlerType, isDefined } from "@medusajs/utils" +import { + AuthenticatedMedusaRequest, + MedusaResponse, +} from "../../../../../../types/routing" import { IWorkflowEngineService, StepResponse } from "@medusajs/workflows-sdk" -import { MedusaRequest, MedusaResponse } from "../../../../../../types/routing" +import { TransactionHandlerType, isDefined } from "@medusajs/utils" + import { AdminPostWorkflowsAsyncResponseReq } from "../../../validators" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" -export const POST = async (req: MedusaRequest, res: MedusaResponse) => { +export const POST = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const workflowEngineService: IWorkflowEngineService = req.scope.resolve( ModuleRegistrationName.WORKFLOW_ENGINE ) const { workflow_id } = req.params - const body = req.validatedBody as AdminPostWorkflowsAsyncResponseReq + const body = req.validatedBody const { transaction_id, step_id } = body diff --git a/packages/medusa/src/api-v2/admin/workflows-executions/[workflow_id]/subscribe/route.ts b/packages/medusa/src/api-v2/admin/workflows-executions/[workflow_id]/subscribe/route.ts index 6bd3af50c4e0d..588e5283e67e8 100644 --- a/packages/medusa/src/api-v2/admin/workflows-executions/[workflow_id]/subscribe/route.ts +++ b/packages/medusa/src/api-v2/admin/workflows-executions/[workflow_id]/subscribe/route.ts @@ -1,8 +1,15 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { + AuthenticatedMedusaRequest, + MedusaResponse, +} from "../../../../../types/routing" + import { IWorkflowEngineService } from "@medusajs/workflows-sdk" -import { MedusaRequest, MedusaResponse } from "../../../../../types/routing" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" -export const GET = async (req: MedusaRequest, res: MedusaResponse) => { +export const GET = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const workflowEngineService: IWorkflowEngineService = req.scope.resolve( ModuleRegistrationName.WORKFLOW_ENGINE ) diff --git a/packages/medusa/src/api-v2/admin/workflows-executions/route.ts b/packages/medusa/src/api-v2/admin/workflows-executions/route.ts index ab8127411e148..5caaeb7b3ee9c 100644 --- a/packages/medusa/src/api-v2/admin/workflows-executions/route.ts +++ b/packages/medusa/src/api-v2/admin/workflows-executions/route.ts @@ -1,8 +1,15 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { + AuthenticatedMedusaRequest, + MedusaResponse, +} from "../../../types/routing" + import { IWorkflowEngineService } from "@medusajs/workflows-sdk" -import { MedusaRequest, MedusaResponse } from "../../../types/routing" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" -export const GET = async (req: MedusaRequest, res: MedusaResponse) => { +export const GET = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const workflowEngineService: IWorkflowEngineService = req.scope.resolve( ModuleRegistrationName.WORKFLOW_ENGINE ) diff --git a/packages/medusa/src/api-v2/auth/session/route.ts b/packages/medusa/src/api-v2/auth/session/route.ts index 1f3ac003bdf4f..bd404031abe6b 100644 --- a/packages/medusa/src/api-v2/auth/session/route.ts +++ b/packages/medusa/src/api-v2/auth/session/route.ts @@ -1,6 +1,12 @@ -import { MedusaRequest, MedusaResponse } from "../../../types/routing" +import { + AuthenticatedMedusaRequest, + MedusaResponse, +} from "../../../types/routing" -export const POST = async (req: MedusaRequest, res: MedusaResponse) => { +export const POST = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { req.session.auth_user = req.auth res.status(200).json({ user: req.auth }) diff --git a/packages/medusa/src/api-v2/store/carts/[id]/route.ts b/packages/medusa/src/api-v2/store/carts/[id]/route.ts index 532a4e56a047f..e392616790571 100644 --- a/packages/medusa/src/api-v2/store/carts/[id]/route.ts +++ b/packages/medusa/src/api-v2/store/carts/[id]/route.ts @@ -1,9 +1,9 @@ -import { updateCartsWorkflow } from "@medusajs/core-flows" -import { UpdateCartDataDTO } from "@medusajs/types" import { MedusaRequest, MedusaResponse } from "../../../../types/routing" -import { remoteQueryObjectFromString } from "@medusajs/utils" +import { UpdateCartDataDTO } from "@medusajs/types" import { defaultStoreCartFields } from "../query-config" +import { remoteQueryObjectFromString } from "@medusajs/utils" +import { updateCartsWorkflow } from "@medusajs/core-flows" export const GET = async (req: MedusaRequest, res: MedusaResponse) => { const remoteQuery = req.scope.resolve("remoteQuery") @@ -20,12 +20,15 @@ export const GET = async (req: MedusaRequest, res: MedusaResponse) => { res.json({ cart }) } -export const POST = async (req: MedusaRequest, res: MedusaResponse) => { +export const POST = async ( + req: MedusaRequest, + res: MedusaResponse +) => { const updateCartWorkflow = updateCartsWorkflow(req.scope) const workflowInput = { selector: { id: req.params.id }, - update: req.validatedBody as UpdateCartDataDTO, + update: req.validatedBody, } const { result, errors } = await updateCartWorkflow.run({ diff --git a/packages/medusa/src/api-v2/store/carts/route.ts b/packages/medusa/src/api-v2/store/carts/route.ts index ab5143d9e444a..373b52cad52fd 100644 --- a/packages/medusa/src/api-v2/store/carts/route.ts +++ b/packages/medusa/src/api-v2/store/carts/route.ts @@ -1,4 +1,8 @@ -import { MedusaRequest, MedusaResponse } from "../../../types/routing" +import { + AuthenticatedMedusaRequest, + MedusaRequest, + MedusaResponse, +} from "../../../types/routing" import { CreateCartWorkflowInputDTO } from "@medusajs/types" import { StorePostCartReq } from "./validators" @@ -6,15 +10,18 @@ import { createCartWorkflow } from "@medusajs/core-flows" import { defaultStoreCartFields } from "../carts/query-config" import { remoteQueryObjectFromString } from "@medusajs/utils" -export const POST = async (req: MedusaRequest, res: MedusaResponse) => { +export const POST = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const input = req.validatedBody as StorePostCartReq const workflowInput: CreateCartWorkflowInputDTO = { ...input, } // If the customer is logged in, we auto-assign them to the cart - if (req.auth?.actor_id) { - workflowInput.customer_id = req.auth!.actor_id + if (req.auth.actor_id) { + workflowInput.customer_id = req.auth.actor_id } const { result, errors } = await createCartWorkflow(req.scope).run({ From 61be5eebd0bdaeae216ab1c5a32362d0f9f3afca Mon Sep 17 00:00:00 2001 From: Philip Korsholm Date: Mon, 26 Feb 2024 15:15:34 +0800 Subject: [PATCH 15/18] fix build --- .../src/api-v2/admin/campaigns/[id]/route.ts | 3 ++- .../src/api-v2/admin/campaigns/validators.ts | 8 +++--- .../src/api-v2/admin/promotions/[id]/route.ts | 4 ++- .../src/api-v2/store/customers/route.ts | 16 +++++++---- .../src/utils/authenticate-middleware.ts | 27 +++++++++++++------ .../types/src/promotion/common/promotion.ts | 7 ++--- 6 files changed, 44 insertions(+), 21 deletions(-) diff --git a/packages/medusa/src/api-v2/admin/campaigns/[id]/route.ts b/packages/medusa/src/api-v2/admin/campaigns/[id]/route.ts index 96af4a256210d..2093bfbd52c12 100644 --- a/packages/medusa/src/api-v2/admin/campaigns/[id]/route.ts +++ b/packages/medusa/src/api-v2/admin/campaigns/[id]/route.ts @@ -11,6 +11,7 @@ import { import { AdminPostCampaignsReq } from "../validators" import { IPromotionModuleService } from "@medusajs/types" import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { UpdateCampaignDTO } from "@medusajs/types" export const GET = async ( req: AuthenticatedMedusaRequest, @@ -41,7 +42,7 @@ export const POST = async ( id: req.params.id, ...req.validatedBody, }, - ] + ] as UpdateCampaignDTO[] const { result, errors } = await updateCampaigns.run({ input: { campaignsData }, diff --git a/packages/medusa/src/api-v2/admin/campaigns/validators.ts b/packages/medusa/src/api-v2/admin/campaigns/validators.ts index d4ab0d1fef5fd..415f41c5c3b42 100644 --- a/packages/medusa/src/api-v2/admin/campaigns/validators.ts +++ b/packages/medusa/src/api-v2/admin/campaigns/validators.ts @@ -1,5 +1,4 @@ -import { CampaignBudgetType } from "@medusajs/utils" -import { Type } from "class-transformer" +import { FindParams, extendedFindParamsMixin } from "../../../types/common" import { IsArray, IsDateString, @@ -10,7 +9,10 @@ import { IsString, ValidateNested, } from "class-validator" -import { FindParams, extendedFindParamsMixin } from "../../../types/common" +import { Transform, Type } from "class-transformer" + +import { CampaignBudgetType } from "@medusajs/utils" +import { transformOptionalDate } from "../../../utils/validators/date-transform" export class AdminGetCampaignsCampaignParams extends FindParams {} diff --git a/packages/medusa/src/api-v2/admin/promotions/[id]/route.ts b/packages/medusa/src/api-v2/admin/promotions/[id]/route.ts index 15ee5fe44c040..3919d30424813 100644 --- a/packages/medusa/src/api-v2/admin/promotions/[id]/route.ts +++ b/packages/medusa/src/api-v2/admin/promotions/[id]/route.ts @@ -10,6 +10,8 @@ import { import { AdminPostPromotionsPromotionReq } from "../validators" import { IPromotionModuleService } from "@medusajs/types" import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { UpdateApplicationMethodDTO } from "@medusajs/types" +import { UpdatePromotionDTO } from "@medusajs/types" export const GET = async ( req: AuthenticatedMedusaRequest, @@ -37,7 +39,7 @@ export const POST = async ( id: req.params.id, ...req.validatedBody, }, - ] + ] as UpdatePromotionDTO[] const { result, errors } = await updatePromotions.run({ input: { promotionsData }, diff --git a/packages/medusa/src/api-v2/store/customers/route.ts b/packages/medusa/src/api-v2/store/customers/route.ts index cb69756ee2933..a6250f4628d65 100644 --- a/packages/medusa/src/api-v2/store/customers/route.ts +++ b/packages/medusa/src/api-v2/store/customers/route.ts @@ -1,21 +1,27 @@ +import { + AuthenticatedMedusaRequest, + MedusaResponse, +} from "../../../types/routing" import { ContainerRegistrationKeys, remoteQueryObjectFromString, } from "@medusajs/utils" -import { MedusaRequest, MedusaResponse } from "../../../types/routing" import { CreateCustomerDTO } from "@medusajs/types" import { createCustomerAccountWorkflow } from "@medusajs/core-flows" -export const POST = async (req: MedusaRequest, res: MedusaResponse) => { - if (req.auth!.actor_id) { +export const POST = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { + if (req.auth.actor_id) { const remoteQuery = req.scope.resolve( ContainerRegistrationKeys.REMOTE_QUERY ) const query = remoteQueryObjectFromString({ entryPoint: "customer", - variables: { id: req.auth?.actor_id }, + variables: { id: req.auth.actor_id }, fields: [], }) const [customer] = await remoteQuery(query) @@ -29,7 +35,7 @@ export const POST = async (req: MedusaRequest, res: MedusaResponse) => { const customersData = req.validatedBody as CreateCustomerDTO const { result } = await createCustomers.run({ - input: { customersData, authUserId: req.auth!.auth_user_id }, + input: { customersData, authUserId: req.auth.auth_user_id }, }) // Set customer_id on session user if we are in session diff --git a/packages/medusa/src/utils/authenticate-middleware.ts b/packages/medusa/src/utils/authenticate-middleware.ts index c325fcc7b2317..6ac036cfdf386 100644 --- a/packages/medusa/src/utils/authenticate-middleware.ts +++ b/packages/medusa/src/utils/authenticate-middleware.ts @@ -1,8 +1,13 @@ import { AuthUserDTO, IUserModuleService } from "@medusajs/types" -import { MedusaRequest, MedusaResponse } from "../types/routing" +import { + AuthenticatedMedusaRequest, + MedusaRequest, + MedusaResponse, +} from "../types/routing" import { NextFunction, RequestHandler } from "express" import jwt, { JwtPayload } from "jsonwebtoken" +import { StringChain } from "lodash" import { stringEqualsOrRegexMatch } from "@medusajs/utils" const SESSION_AUTH = "session" @@ -82,8 +87,8 @@ export const authenticate = ( authUser && (isRegistered || (!isRegistered && options.allowUnregistered)) ) { - req.auth = { - actor_id: getActorId(authUser, authScope) as string, + ;(req as AuthenticatedMedusaRequest).auth = { + actor_id: getActorId(authUser, authScope) as string, // TODO: fix types for auth_users not in the medusa system auth_user_id: authUser.id, app_metadata: authUser.app_metadata, scope: authUser.scope, @@ -99,11 +104,17 @@ export const authenticate = ( } } -const getActorId = (authUser: AuthUserDTO, scope: string | RegExp) => { +const getActorId = ( + authUser: AuthUserDTO, + scope: string | RegExp +): string | undefined => { if (stringEqualsOrRegexMatch(scope, "admin")) { - return authUser.app_metadata.user_id - } else if (stringEqualsOrRegexMatch(scope, "store")) { - return authUser.app_metadata.customer_id + return authUser.app_metadata.user_id as string } - return authUser.app_metadata.medusa_id + + if (stringEqualsOrRegexMatch(scope, "store")) { + return authUser.app_metadata.customer_id as string + } + + return undefined } diff --git a/packages/types/src/promotion/common/promotion.ts b/packages/types/src/promotion/common/promotion.ts index 018e97724c197..739c5236669c6 100644 --- a/packages/types/src/promotion/common/promotion.ts +++ b/packages/types/src/promotion/common/promotion.ts @@ -1,13 +1,14 @@ -import { BaseFilterable } from "../../dal" -import { CreateCampaignDTO } from "../mutations" import { ApplicationMethodDTO, CreateApplicationMethodDTO, UpdateApplicationMethodDTO, } from "./application-method" -import { CampaignDTO } from "./campaign" import { CreatePromotionRuleDTO, PromotionRuleDTO } from "./promotion-rule" +import { BaseFilterable } from "../../dal" +import { CampaignDTO } from "./campaign" +import { CreateCampaignDTO } from "../mutations" + export type PromotionTypeValues = "standard" | "buyget" export interface PromotionDTO { From 53e4007b047be159be2fae4c1ca920934d569c78 Mon Sep 17 00:00:00 2001 From: Philip Korsholm Date: Mon, 26 Feb 2024 15:35:59 +0800 Subject: [PATCH 16/18] fix build --- .../admin/api-keys/[id]/revoke/route.ts | 15 ++++++++--- .../src/api-v2/admin/api-keys/[id]/route.ts | 25 ++++++++++++++----- .../medusa/src/api-v2/admin/api-keys/route.ts | 24 ++++++++++++------ .../src/api-v2/admin/regions/[id]/route.ts | 4 +-- 4 files changed, 49 insertions(+), 19 deletions(-) diff --git a/packages/medusa/src/api-v2/admin/api-keys/[id]/revoke/route.ts b/packages/medusa/src/api-v2/admin/api-keys/[id]/revoke/route.ts index 2a291cf379e99..2fda8cf08b7a3 100644 --- a/packages/medusa/src/api-v2/admin/api-keys/[id]/revoke/route.ts +++ b/packages/medusa/src/api-v2/admin/api-keys/[id]/revoke/route.ts @@ -1,15 +1,22 @@ -import { revokeApiKeysWorkflow } from "@medusajs/core-flows" +import { + AuthenticatedMedusaRequest, + MedusaResponse, +} from "../../../../../types/routing" + import { RevokeApiKeyDTO } from "@medusajs/types" -import { MedusaRequest, MedusaResponse } from "../../../../../types/routing" +import { revokeApiKeysWorkflow } from "@medusajs/core-flows" -export const POST = async (req: MedusaRequest, res: MedusaResponse) => { +export const POST = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const id = req.params.id const { result, errors } = await revokeApiKeysWorkflow(req.scope).run({ input: { selector: { id: req.params.id }, revoke: { - revoked_by: req.auth_user?.id, + revoked_by: req.auth.actor_id, } as RevokeApiKeyDTO, }, throwOnError: false, diff --git a/packages/medusa/src/api-v2/admin/api-keys/[id]/route.ts b/packages/medusa/src/api-v2/admin/api-keys/[id]/route.ts index 4a1b644ab9147..16283aed1aefc 100644 --- a/packages/medusa/src/api-v2/admin/api-keys/[id]/route.ts +++ b/packages/medusa/src/api-v2/admin/api-keys/[id]/route.ts @@ -1,13 +1,20 @@ +import { + AuthenticatedMedusaRequest, + MedusaResponse, +} from "../../../../types/routing" import { deleteApiKeysWorkflow, updateApiKeysWorkflow, } from "@medusajs/core-flows" + import { UpdateApiKeyDTO } from "@medusajs/types" -import { remoteQueryObjectFromString } from "@medusajs/utils" -import { MedusaRequest, MedusaResponse } from "../../../../types/routing" import { defaultAdminApiKeyFields } from "../query-config" +import { remoteQueryObjectFromString } from "@medusajs/utils" -export const GET = async (req: MedusaRequest, res: MedusaResponse) => { +export const GET = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const remoteQuery = req.scope.resolve("remoteQuery") const variables = { id: req.params.id } @@ -23,11 +30,14 @@ export const GET = async (req: MedusaRequest, res: MedusaResponse) => { res.status(200).json({ apiKey }) } -export const POST = async (req: MedusaRequest, res: MedusaResponse) => { +export const POST = async ( + req: AuthenticatedMedusaRequest>, + res: MedusaResponse +) => { const { result, errors } = await updateApiKeysWorkflow(req.scope).run({ input: { selector: { id: req.params.id }, - update: req.validatedBody as Omit, + update: req.validatedBody, }, throwOnError: false, }) @@ -39,7 +49,10 @@ export const POST = async (req: MedusaRequest, res: MedusaResponse) => { res.status(200).json({ apiKey: result[0] }) } -export const DELETE = async (req: MedusaRequest, res: MedusaResponse) => { +export const DELETE = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const id = req.params.id const { errors } = await deleteApiKeysWorkflow(req.scope).run({ diff --git a/packages/medusa/src/api-v2/admin/api-keys/route.ts b/packages/medusa/src/api-v2/admin/api-keys/route.ts index ce9b5b324cbce..ed99b7349cd25 100644 --- a/packages/medusa/src/api-v2/admin/api-keys/route.ts +++ b/packages/medusa/src/api-v2/admin/api-keys/route.ts @@ -1,10 +1,17 @@ -import { createApiKeysWorkflow } from "@medusajs/core-flows" +import { + AuthenticatedMedusaRequest, + MedusaResponse, +} from "../../../types/routing" + import { CreateApiKeyDTO } from "@medusajs/types" -import { remoteQueryObjectFromString } from "@medusajs/utils" -import { MedusaRequest, MedusaResponse } from "../../../types/routing" +import { createApiKeysWorkflow } from "@medusajs/core-flows" import { defaultAdminApiKeyFields } from "./query-config" +import { remoteQueryObjectFromString } from "@medusajs/utils" -export const GET = async (req: MedusaRequest, res: MedusaResponse) => { +export const GET = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const remoteQuery = req.scope.resolve("remoteQuery") const queryObject = remoteQueryObjectFromString({ @@ -28,11 +35,14 @@ export const GET = async (req: MedusaRequest, res: MedusaResponse) => { }) } -export const POST = async (req: MedusaRequest, res: MedusaResponse) => { +export const POST = async ( + req: AuthenticatedMedusaRequest>, + res: MedusaResponse +) => { const input = [ { - ...(req.validatedBody as Omit), - created_by: req.auth_user?.id, + ...req.validatedBody, + created_by: req.auth.actor_id, } as CreateApiKeyDTO, ] diff --git a/packages/medusa/src/api-v2/admin/regions/[id]/route.ts b/packages/medusa/src/api-v2/admin/regions/[id]/route.ts index bb3aa6a58257c..c6c3d17a9dedf 100644 --- a/packages/medusa/src/api-v2/admin/regions/[id]/route.ts +++ b/packages/medusa/src/api-v2/admin/regions/[id]/route.ts @@ -7,7 +7,7 @@ import { updateRegionsWorkflow, } from "@medusajs/core-flows" -import { UpdatableRegionFields } from "@medusajs/types" +import { UpdateRegionDTO } from "@medusajs/types" import { defaultAdminRegionFields } from "../query-config" import { remoteQueryObjectFromString } from "@medusajs/utils" @@ -31,7 +31,7 @@ export const GET = async ( } export const POST = async ( - req: AuthenticatedMedusaRequest, + req: AuthenticatedMedusaRequest, res: MedusaResponse ) => { const { result, errors } = await updateRegionsWorkflow(req.scope).run({ From 6ab107346eb18fa3e578526d6426b8b5f480eb26 Mon Sep 17 00:00:00 2001 From: Philip Korsholm Date: Tue, 27 Feb 2024 07:35:01 +0800 Subject: [PATCH 17/18] fix build --- packages/medusa/src/api-v2/store/carts/route.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/medusa/src/api-v2/store/carts/route.ts b/packages/medusa/src/api-v2/store/carts/route.ts index 373b52cad52fd..f9bccf62f8162 100644 --- a/packages/medusa/src/api-v2/store/carts/route.ts +++ b/packages/medusa/src/api-v2/store/carts/route.ts @@ -20,7 +20,7 @@ export const POST = async ( } // If the customer is logged in, we auto-assign them to the cart - if (req.auth.actor_id) { + if (req.auth?.actor_id) { workflowInput.customer_id = req.auth.actor_id } From 4c8afe4a57040f54f4f9c435a03dc782c87881f9 Mon Sep 17 00:00:00 2001 From: Philip Korsholm Date: Tue, 27 Feb 2024 13:11:59 +0800 Subject: [PATCH 18/18] use auth middleware for api-keys --- .../__tests__/api-key/admin/api-key.spec.ts | 18 +++++++++-------- .../src/api-v2/admin/api-keys/middlewares.ts | 20 ++++++++----------- 2 files changed, 18 insertions(+), 20 deletions(-) diff --git a/integration-tests/plugins/__tests__/api-key/admin/api-key.spec.ts b/integration-tests/plugins/__tests__/api-key/admin/api-key.spec.ts index 6375ee6beb1de..7c6c2575810da 100644 --- a/integration-tests/plugins/__tests__/api-key/admin/api-key.spec.ts +++ b/integration-tests/plugins/__tests__/api-key/admin/api-key.spec.ts @@ -1,12 +1,14 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { initDb, useDb } from "../../../../environment-helpers/use-db" + +import { ApiKeyType } from "@medusajs/utils" import { IApiKeyModuleService } from "@medusajs/types" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import adminSeeder from "../../../../helpers/admin-seeder" +import { createAdminUser } from "../../../helpers/create-admin-user" +import { getContainer } from "../../../../environment-helpers/use-container" import path from "path" import { startBootstrapApp } from "../../../../environment-helpers/bootstrap-app" import { useApi } from "../../../../environment-helpers/use-api" -import { getContainer } from "../../../../environment-helpers/use-container" -import { initDb, useDb } from "../../../../environment-helpers/use-db" -import adminSeeder from "../../../../helpers/admin-seeder" -import { ApiKeyType } from "@medusajs/utils" jest.setTimeout(50000) @@ -36,7 +38,7 @@ describe("API Keys - Admin", () => { }) beforeEach(async () => { - await adminSeeder(dbConnection) + await createAdminUser(dbConnection, adminHeaders) }) afterEach(async () => { @@ -60,7 +62,7 @@ describe("API Keys - Admin", () => { expect.objectContaining({ id: created.data.apiKey.id, title: "Test Secret Key", - created_by: "test", + created_by: "admin_user", }) ) // On create we get the token in raw form so we can store it. @@ -92,7 +94,7 @@ describe("API Keys - Admin", () => { expect(revoked.data.apiKey).toEqual( expect.objectContaining({ id: created.data.apiKey.id, - revoked_by: "test", + revoked_by: "admin_user", }) ) expect(revoked.data.apiKey.revoked_at).toBeTruthy() diff --git a/packages/medusa/src/api-v2/admin/api-keys/middlewares.ts b/packages/medusa/src/api-v2/admin/api-keys/middlewares.ts index e480fa1d97120..819687720d1be 100644 --- a/packages/medusa/src/api-v2/admin/api-keys/middlewares.ts +++ b/packages/medusa/src/api-v2/admin/api-keys/middlewares.ts @@ -1,25 +1,21 @@ -import { transformBody, transformQuery } from "../../../api/middlewares" -import { MiddlewareRoute } from "../../../loaders/helpers/routing/types" import * as QueryConfig from "./query-config" + import { - AdminGetApiKeysParams, AdminGetApiKeysApiKeyParams, - AdminPostApiKeysReq, + AdminGetApiKeysParams, AdminPostApiKeysApiKeyReq, + AdminPostApiKeysReq, AdminRevokeApiKeysApiKeyReq, } from "./validators" +import { transformBody, transformQuery } from "../../../api/middlewares" + +import { MiddlewareRoute } from "../../../loaders/helpers/routing/types" +import { authenticate } from "../../../utils/authenticate-middleware" export const adminApiKeyRoutesMiddlewares: MiddlewareRoute[] = [ { matcher: "/admin/api-keys*", - // middlewares: [authenticate("admin", ["bearer", "session"])], - // TODO: Apply authentication middleware correctly once https://github.com/medusajs/medusa/pull/6447 is merged. - middlewares: [ - (req, res, next) => { - req.auth_user = { id: "test" } - next() - }, - ], + middlewares: [authenticate("admin", ["bearer", "session"])], }, { method: ["GET"],