asyavee/medusa-store
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

feat: Apply authentication middleware globally (#7396)

Browse Source 
* feat: Apply auth middleware globally

* feat: Remove local auth middleware where it makes sense
This commit is contained in:
Stevche Radevski
2024-05-27 15:24:53 +02:00
committed by GitHub
parent 62ef82f497
commit 10ef32c5a3
52 changed files with 76 additions and 276 deletions
Download Patch File Download Diff File Expand all files Collapse all files
integration-tests/modules/__tests__/payment/payment-providers.spec.ts
+12 -1
View File
@@ -1,4 +1,8 @@
import { medusaIntegrationTestRunner } from "medusa-test-utils/dist"
import {
adminHeaders,
createAdminUser,
} from "../../../helpers/create-admin-user"
jest.setTimeout(50000)
@@ -14,8 +18,15 @@ medusaIntegrationTestRunner({
appContainer = getContainer()
})
beforeEach(async () => {
await createAdminUser(dbConnection, adminHeaders, appContainer)
})
it("should list payment providers", async () => {
let response = await api.get(`/admin/payments/payment-providers`)
let response = await api.get(
`/admin/payments/payment-providers`,
adminHeaders
)
expect(response.status).toEqual(200)
expect(response.data.payment_providers).toEqual([
packages/medusa/src/api/admin/api-keys/middlewares.ts
-5
View File
@@ -1,7 +1,6 @@
import * as QueryConfig from "./query-config"
import { MiddlewareRoute } from "../../../loaders/helpers/routing/types"
import { authenticate } from "../../../utils/middlewares/authenticate-middleware"
import { validateAndTransformQuery } from "../../utils/validate-query"
import {
AdminCreateApiKey,
@@ -14,10 +13,6 @@ import { validateAndTransformBody } from "../../utils/validate-body"
import { createLinkBody } from "../../utils/validators"
export const adminApiKeyRoutesMiddlewares: MiddlewareRoute[] = [
{
matcher: "/admin/api-keys*",
middlewares: [authenticate("user", ["bearer", "session"])],
},
{
method: ["GET"],
matcher: "/admin/api-keys",
packages/medusa/src/api/admin/campaigns/middlewares.ts
-5
View File
@@ -1,5 +1,4 @@
import { MiddlewareRoute } from "../../../loaders/helpers/routing/types"
import { authenticate } from "../../../utils/middlewares/authenticate-middleware"
import { validateAndTransformBody } from "../../utils/validate-body"
import { validateAndTransformQuery } from "../../utils/validate-query"
import { createLinkBody } from "../../utils/validators"
@@ -12,10 +11,6 @@ import {
} from "./validators"
export const adminCampaignRoutesMiddlewares: MiddlewareRoute[] = [
{
matcher: "/admin/campaigns*",
middlewares: [authenticate("user", ["bearer", "session", "api-key"])],
},
{
method: ["GET"],
matcher: "/admin/campaigns",
packages/medusa/src/api/admin/collections/middlewares.ts
-7
View File
@@ -1,6 +1,5 @@
import * as QueryConfig from "./query-config"
import { MiddlewareRoute } from "../../../loaders/helpers/routing/types"
import { authenticate } from "../../../utils/middlewares/authenticate-middleware"
import { validateAndTransformQuery } from "../../utils/validate-query"
import {
AdminCreateCollection,
@@ -12,12 +11,6 @@ import { validateAndTransformBody } from "../../utils/validate-body"
import { createLinkBody } from "../../utils/validators"
export const adminCollectionRoutesMiddlewares: MiddlewareRoute[] = [
{
method: ["ALL"],
matcher: "/admin/collections*",
middlewares: [authenticate("user", ["bearer", "session", "api-key"])],
},
{
method: ["GET"],
matcher: "/admin/collections",
packages/medusa/src/api/admin/currencies/middlewares.ts
-6
View File
@@ -1,15 +1,9 @@
import { MiddlewareRoute } from "../../../loaders/helpers/routing/types"
import { authenticate } from "../../../utils/middlewares/authenticate-middleware"
import { validateAndTransformQuery } from "../../utils/validate-query"
import * as QueryConfig from "./query-config"
import { AdminGetCurrencyParams, AdminGetCurrenciesParams } from "./validators"
export const adminCurrencyRoutesMiddlewares: MiddlewareRoute[] = [
{
method: ["ALL"],
matcher: "/admin/currencies*",
middlewares: [authenticate("user", ["bearer", "session", "api-key"])],
},
{
method: ["GET"],
matcher: "/admin/currencies",
packages/medusa/src/api/admin/customer-groups/middlewares.ts
-6
View File
@@ -1,6 +1,5 @@
import * as QueryConfig from "./query-config"
import { MiddlewareRoute } from "../../../loaders/helpers/routing/types"
import { authenticate } from "../../../utils/middlewares/authenticate-middleware"
import { validateAndTransformQuery } from "../../utils/validate-query"
import {
AdminCreateCustomerGroup,
@@ -12,11 +11,6 @@ import { validateAndTransformBody } from "../../utils/validate-body"
import { createLinkBody } from "../../utils/validators"
export const adminCustomerGroupRoutesMiddlewares: MiddlewareRoute[] = [
{
method: ["ALL"],
matcher: "/admin/customer-groups*",
middlewares: [authenticate("user", ["bearer", "session", "api-key"])],
},
{
method: ["GET"],
matcher: "/admin/customer-groups",
packages/medusa/src/api/admin/customers/middlewares.ts
-6
View File
@@ -11,16 +11,10 @@ import {
} from "./validators"
import { MiddlewareRoute } from "../../../loaders/helpers/routing/types"
import { authenticate } from "../../../utils/middlewares/authenticate-middleware"
import { validateAndTransformBody } from "../../utils/validate-body"
import { validateAndTransformQuery } from "../../utils/validate-query"
export const adminCustomerRoutesMiddlewares: MiddlewareRoute[] = [
{
method: ["ALL"],
matcher: "/admin/customers*",
middlewares: [authenticate("user", ["bearer", "session", "api-key"])],
},
{
method: ["GET"],
matcher: "/admin/customers",
packages/medusa/src/api/admin/draft-orders/middlewares.ts
-6
View File
@@ -1,5 +1,4 @@
import { MiddlewareRoute } from "../../../loaders/helpers/routing/types"
import { authenticate } from "../../../utils/middlewares/authenticate-middleware"
import { validateAndTransformBody } from "../../utils/validate-body"
import { validateAndTransformQuery } from "../../utils/validate-query"
import * as QueryConfig from "./query-config"
@@ -10,11 +9,6 @@ import {
} from "./validators"
export const adminDraftOrderRoutesMiddlewares: MiddlewareRoute[] = [
{
method: ["ALL"],
matcher: "/admin/draft-orders*",
middlewares: [authenticate("user", ["bearer", "session", "api-key"])],
},
{
method: ["GET"],
matcher: "/admin/draft-orders",
packages/medusa/src/api/admin/fulfillment-providers/middlewares.ts
-6
View File
@@ -1,15 +1,9 @@
import { MiddlewareRoute } from "../../../types/middlewares"
import { authenticate } from "../../../utils/middlewares/authenticate-middleware"
import { validateAndTransformQuery } from "../../utils/validate-query"
import * as QueryConfig from "./query-config"
import { AdminFulfillmentProvidersParams } from "./validators"
export const adminFulfillmentProvidersRoutesMiddlewares: MiddlewareRoute[] = [
{
method: "ALL",
matcher: "/admin/fulfillment-providers*",
middlewares: [authenticate("user", ["session", "bearer", "api-key"])],
},
{
method: ["GET"],
matcher: "/admin/fulfillment-providers",
packages/medusa/src/api/admin/fulfillment-sets/middlewares.ts
-6
View File
@@ -1,5 +1,4 @@
import { MiddlewareRoute } from "../../../types/middlewares"
import { authenticate } from "../../../utils/middlewares/authenticate-middleware"
import { validateAndTransformBody } from "../../utils/validate-body"
import { validateAndTransformQuery } from "../../utils/validate-query"
import * as QueryConfig from "./query-config"
@@ -11,11 +10,6 @@ import {
} from "./validators"
export const adminFulfillmentSetsRoutesMiddlewares: MiddlewareRoute[] = [
{
method: "ALL",
matcher: "/admin/fulfillment-sets*",
middlewares: [authenticate("user", ["session", "bearer", "api-key"])],
},
{
method: ["POST"],
matcher: "/admin/fulfillment-sets/:id/service-zones",
packages/medusa/src/api/admin/fulfillments/middlewares.ts
-6
View File
@@ -1,5 +1,4 @@
import { MiddlewareRoute } from "../../../types/middlewares"
import { authenticate } from "../../../utils/middlewares/authenticate-middleware"
import { validateAndTransformBody } from "../../utils/validate-body"
import { validateAndTransformQuery } from "../../utils/validate-query"
import * as QueryConfig from "./query-config"
@@ -11,11 +10,6 @@ import {
} from "./validators"
export const adminFulfillmentsRoutesMiddlewares: MiddlewareRoute[] = [
{
method: "ALL",
matcher: "/admin/fulfillments*",
middlewares: [authenticate("user", ["session", "bearer", "api-key"])],
},
{
method: ["POST"],
matcher: "/admin/fulfillments/:id/cancel",
packages/medusa/src/api/admin/inventory-items/middlewares.ts
-6
View File
@@ -1,6 +1,5 @@
import * as QueryConfig from "./query-config"
import { MiddlewareRoute } from "../../../types/middlewares"
import { authenticate } from "../../../utils/middlewares/authenticate-middleware"
import { validateAndTransformQuery } from "../../utils/validate-query"
import {
AdminCreateInventoryItem,
@@ -17,11 +16,6 @@ import { createBatchBody } from "../../utils/validators"
import { unlessPath } from "../../utils/unless-path"
export const adminInventoryRoutesMiddlewares: MiddlewareRoute[] = [
{
method: "ALL",
matcher: "/admin/inventory-items*",
middlewares: [authenticate("user", ["session", "bearer", "api-key"])],
},
{
method: ["GET"],
matcher: "/admin/inventory-items",
packages/medusa/src/api/admin/invites/[id]/resend/route.ts
+2
View File
@@ -19,3 +19,5 @@ export const POST = async (req: MedusaRequest, res: MedusaResponse) => {
res.status(200).json({ invite })
}
export const AUTHENTICATE = false
packages/medusa/src/api/admin/invites/[id]/route.ts
+2
View File
@@ -45,3 +45,5 @@ export const DELETE = async (
deleted: true,
})
}
export const AUTHENTICATE = false
packages/medusa/src/api/admin/invites/accept/route.ts
+2
View File
@@ -36,3 +36,5 @@ export const POST = async (
res.status(200).json({ user: users[0] })
}
export const AUTHENTICATE = false
packages/medusa/src/api/admin/invites/middlewares.ts
+2
View File
@@ -13,6 +13,8 @@ import { authenticate } from "../../../utils/middlewares/authenticate-middleware
import { validateAndTransformQuery } from "../../utils/validate-query"
import { validateAndTransformBody } from "../../utils/validate-body"
// TODO: Due to issues with our routing (and using router.use for applying middlewares), we have to opt-out of global auth in all routes, and then reapply it here.
// See https://medusacorp.slack.com/archives/C025KMS13SA/p1716455350491879 for details.
export const adminInviteRoutesMiddlewares: MiddlewareRoute[] = [
{
method: ["GET"],
packages/medusa/src/api/admin/invites/route.ts
+2
View File
@@ -57,3 +57,5 @@ export const POST = async (
res.status(200).json({ invite })
}
export const AUTHENTICATE = false
packages/medusa/src/api/admin/orders/middlewares.ts
-6
View File
@@ -1,5 +1,4 @@
import { MiddlewareRoute } from "../../../loaders/helpers/routing/types"
import { authenticate } from "../../../utils/middlewares/authenticate-middleware"
import { validateAndTransformBody } from "../../utils/validate-body"
import { validateAndTransformQuery } from "../../utils/validate-query"
import * as QueryConfig from "./query-config"
@@ -12,11 +11,6 @@ import {
} from "./validators"
export const adminOrderRoutesMiddlewares: MiddlewareRoute[] = [
{
method: ["ALL"],
matcher: "/admin/orders*",
middlewares: [authenticate("user", ["bearer", "session", "api-key"])],
},
{
method: ["GET"],
matcher: "/admin/orders",
packages/medusa/src/api/admin/payments/middlewares.ts
-6
View File
@@ -1,5 +1,4 @@
import { MiddlewareRoute } from "../../../types/middlewares"
import { authenticate } from "../../../utils/middlewares/authenticate-middleware"
import { unlessPath } from "../../utils/unless-path"
import { validateAndTransformBody } from "../../utils/validate-body"
import { validateAndTransformQuery } from "../../utils/validate-query"
@@ -13,11 +12,6 @@ import {
} from "./validators"
export const adminPaymentRoutesMiddlewares: MiddlewareRoute[] = [
{
method: "ALL",
matcher: "/admin/payments",
middlewares: [authenticate("user", ["session", "bearer", "api-key"])],
},
{
method: ["GET"],
matcher: "/admin/payments",
packages/medusa/src/api/admin/price-lists/middlewares.ts
-6
View File
@@ -1,5 +1,4 @@
import { MiddlewareRoute } from "../../../loaders/helpers/routing/types"
import { authenticate } from "../../../utils/middlewares/authenticate-middleware"
import { validateAndTransformBody } from "../../utils/validate-body"
import { validateAndTransformQuery } from "../../utils/validate-query"
import { createBatchBody, createLinkBody } from "../../utils/validators"
@@ -15,11 +14,6 @@ import {
} from "./validators"
export const adminPriceListsRoutesMiddlewares: MiddlewareRoute[] = [
{
method: ["ALL"],
matcher: "/admin/price-lists*",
middlewares: [authenticate("user", ["bearer", "session", "api-key"])],
},
{
method: ["GET"],
matcher: "/admin/price-lists",
packages/medusa/src/api/admin/pricing/middlewares.ts
-5
View File
@@ -1,5 +1,4 @@
import { MiddlewareRoute } from "../../../loaders/helpers/routing/types"
import { authenticate } from "../../../utils/middlewares/authenticate-middleware"
import { validateAndTransformBody } from "../../utils/validate-body"
import { validateAndTransformQuery } from "../../utils/validate-query"
import * as QueryConfig from "./query-config"
@@ -11,10 +10,6 @@ import {
} from "./validators"
export const adminPricingRoutesMiddlewares: MiddlewareRoute[] = [
{
matcher: "/admin/pricing*",
middlewares: [authenticate("user", ["bearer", "session", "api-key"])],
},
{
method: ["GET"],
matcher: "/admin/pricing/rule-types",
packages/medusa/src/api/admin/product-categories/middlewares.ts
-6
View File
@@ -1,5 +1,4 @@
import { MiddlewareRoute } from "../../../loaders/helpers/routing/types"
import { authenticate } from "../../../utils/middlewares/authenticate-middleware"
import { validateAndTransformBody } from "../../utils/validate-body"
import { validateAndTransformQuery } from "../../utils/validate-query"
import { createLinkBody } from "../../utils/validators"
@@ -12,11 +11,6 @@ import {
} from "./validators"
export const adminProductCategoryRoutesMiddlewares: MiddlewareRoute[] = [
{
method: ["ALL"],
matcher: "/admin/product-categories*",
middlewares: [authenticate("user", ["bearer", "session", "api-key"])],
},
{
method: ["GET"],
matcher: "/admin/product-categories",
packages/medusa/src/api/admin/product-types/middlewares.ts
-7
View File
@@ -1,6 +1,5 @@
import * as QueryConfig from "./query-config"
import { MiddlewareRoute } from "../../../loaders/helpers/routing/types"
import { authenticate } from "../../../utils/middlewares/authenticate-middleware"
import { validateAndTransformQuery } from "../../utils/validate-query"
import {
AdminCreateProductType,
@@ -11,12 +10,6 @@ import {
import { validateAndTransformBody } from "../../utils/validate-body"
export const adminProductTypeRoutesMiddlewares: MiddlewareRoute[] = [
{
method: ["ALL"],
matcher: "/admin/product-types/*",
middlewares: [authenticate("user", ["bearer", "session", "api-key"])],
},
{
method: ["GET"],
matcher: "/admin/product-types",
packages/medusa/src/api/admin/products/middlewares.ts
-6
View File
@@ -1,5 +1,4 @@
import { MiddlewareRoute } from "../../../loaders/helpers/routing/types"
import { authenticate } from "../../../utils/middlewares/authenticate-middleware"
import { maybeApplyLinkFilter } from "../../utils/maybe-apply-link-filter"
import { unlessPath } from "../../utils/unless-path"
import { validateAndTransformBody } from "../../utils/validate-body"
@@ -25,11 +24,6 @@ import {
} from "./validators"
export const adminProductRoutesMiddlewares: MiddlewareRoute[] = [
{
method: ["ALL"],
matcher: "/admin/products*",
middlewares: [authenticate("user", ["bearer", "session", "api-key"])],
},
{
method: ["GET"],
matcher: "/admin/products",
packages/medusa/src/api/admin/promotions/middlewares.ts
-5
View File
@@ -1,5 +1,4 @@
import { MiddlewareRoute } from "../../../loaders/helpers/routing/types"
import { authenticate } from "../../../utils/middlewares/authenticate-middleware"
import { validateAndTransformBody } from "../../utils/validate-body"
import { validateAndTransformQuery } from "../../utils/validate-query"
import { createBatchBody } from "../../utils/validators"
@@ -17,10 +16,6 @@ import {
} from "./validators"
export const adminPromotionRoutesMiddlewares: MiddlewareRoute[] = [
{
matcher: "/admin/promotions*",
middlewares: [authenticate("user", ["bearer", "session", "api-key"])],
},
{
method: ["GET"],
matcher: "/admin/promotions",
packages/medusa/src/api/admin/regions/middlewares.ts
-6
View File
@@ -1,6 +1,5 @@
import * as QueryConfig from "./query-config"
import { MiddlewareRoute } from "../../../loaders/helpers/routing/types"
import { authenticate } from "../../../utils/middlewares/authenticate-middleware"
import { validateAndTransformQuery } from "../../utils/validate-query"
import {
AdminCreateRegion,
@@ -11,11 +10,6 @@ import {
import { validateAndTransformBody } from "../../utils/validate-body"
export const adminRegionRoutesMiddlewares: MiddlewareRoute[] = [
{
method: ["ALL"],
matcher: "/admin/regions*",
middlewares: [authenticate("user", ["bearer", "session", "api-key"])],
},
{
method: ["GET"],
matcher: "/admin/regions",
packages/medusa/src/api/admin/reservations/middlewares.ts
-6
View File
@@ -1,7 +1,6 @@
import * as QueryConfig from "./query-config"
import { MiddlewareRoute } from "../../../loaders/helpers/routing/types"
import { authenticate } from "../../../utils/middlewares/authenticate-middleware"
import { validateAndTransformQuery } from "../../utils/validate-query"
import {
AdminCreateReservation,
@@ -12,11 +11,6 @@ import {
import { validateAndTransformBody } from "../../utils/validate-body"
export const adminReservationRoutesMiddlewares: MiddlewareRoute[] = [
{
method: ["ALL"],
matcher: "/admin/reservations*",
middlewares: [authenticate("user", ["bearer", "session", "api-key"])],
},
{
method: ["GET"],
matcher: "/admin/reservations",
packages/medusa/src/api/admin/return-reasons/middlewares.ts
-6
View File
@@ -1,5 +1,4 @@
import { MiddlewareRoute } from "../../../loaders/helpers/routing/types"
import { authenticate } from "../../../utils/middlewares/authenticate-middleware"
import { validateAndTransformBody } from "../../utils/validate-body"
import { validateAndTransformQuery } from "../../utils/validate-query"
import * as QueryConfig from "./query-config"
@@ -10,11 +9,6 @@ import {
} from "./validators"
export const adminReturnReasonRoutesMiddlewares: MiddlewareRoute[] = [
{
method: ["ALL"],
matcher: "/admin/return-reasons*",
middlewares: [authenticate("user", ["bearer", "session", "api-key"])],
},
{
method: ["GET"],
matcher: "/admin/return-reasons",
packages/medusa/src/api/admin/returns/middlewares.ts
-6
View File
@@ -1,5 +1,4 @@
import { MiddlewareRoute } from "../../../loaders/helpers/routing/types"
import { authenticate } from "../../../utils/middlewares/authenticate-middleware"
import { validateAndTransformBody } from "../../utils/validate-body"
import { validateAndTransformQuery } from "../../utils/validate-query"
import * as QueryConfig from "./query-config"
@@ -10,11 +9,6 @@ import {
} from "./validators"
export const adminOrderRoutesMiddlewares: MiddlewareRoute[] = [
{
method: ["ALL"],
matcher: "/admin/returns*",
middlewares: [authenticate("user", ["bearer", "session", "api-key"])],
},
{
method: ["GET"],
matcher: "/admin/returns",
packages/medusa/src/api/admin/sales-channels/middlewares.ts
-6
View File
@@ -1,5 +1,4 @@
import { MiddlewareRoute } from "../../../loaders/helpers/routing/types"
import { authenticate } from "../../../utils/middlewares/authenticate-middleware"
import { maybeApplyLinkFilter } from "../../utils/maybe-apply-link-filter"
import { validateAndTransformBody } from "../../utils/validate-body"
import { validateAndTransformQuery } from "../../utils/validate-query"
@@ -13,11 +12,6 @@ import {
} from "./validators"
export const adminSalesChannelRoutesMiddlewares: MiddlewareRoute[] = [
{
method: ["ALL"],
matcher: "/admin/sales-channels*",
middlewares: [authenticate("user", ["bearer", "session", "api-key"])],
},
{
method: ["GET"],
matcher: "/admin/sales-channels",
packages/medusa/src/api/admin/shipping-options/middlewares.ts
-5
View File
@@ -1,5 +1,4 @@
import { MiddlewareRoute } from "../../../loaders/helpers/routing/types"
import { authenticate } from "../../../utils/middlewares/authenticate-middleware"
import {
AdminCreateShippingOption,
AdminCreateShippingOptionRule,
@@ -19,10 +18,6 @@ import { validateAndTransformQuery } from "../../utils/validate-query"
import { createBatchBody } from "../../utils/validators"
export const adminShippingOptionRoutesMiddlewares: MiddlewareRoute[] = [
{
matcher: "/admin/shipping-options*",
middlewares: [authenticate("user", ["bearer", "session"])],
},
{
method: ["GET"],
matcher: "/admin/shipping-options",
packages/medusa/src/api/admin/shipping-profiles/middlewares.ts
-5
View File
@@ -1,5 +1,4 @@
import { MiddlewareRoute } from "../../../loaders/helpers/routing/types"
import { authenticate } from "../../../utils/middlewares/authenticate-middleware"
import { validateAndTransformBody } from "../../utils/validate-body"
import { validateAndTransformQuery } from "../../utils/validate-query"
import {
@@ -13,10 +12,6 @@ import {
} from "./validators"
export const adminShippingProfilesMiddlewares: MiddlewareRoute[] = [
{
matcher: "/admin/shipping-profiles*",
middlewares: [authenticate("user", ["bearer", "session", "api-key"])],
},
{
method: ["POST"],
matcher: "/admin/shipping-profiles",
packages/medusa/src/api/admin/stock-locations/middlewares.ts
-6
View File
@@ -1,5 +1,4 @@
import { MiddlewareRoute } from "../../../types/middlewares"
import { authenticate } from "../../../utils/middlewares/authenticate-middleware"
import { maybeApplyLinkFilter } from "../../utils/maybe-apply-link-filter"
import { validateAndTransformBody } from "../../utils/validate-body"
import { validateAndTransformQuery } from "../../utils/validate-query"
@@ -14,11 +13,6 @@ import {
} from "./validators"
export const adminStockLocationRoutesMiddlewares: MiddlewareRoute[] = [
{
method: "ALL",
matcher: "/admin/stock-locations*",
middlewares: [authenticate("user", ["session", "bearer", "api-key"])],
},
{
method: ["POST"],
matcher: "/admin/stock-locations",
packages/medusa/src/api/admin/stores/middlewares.ts
-6
View File
@@ -1,5 +1,4 @@
import { MiddlewareRoute } from "../../../loaders/helpers/routing/types"
import { authenticate } from "../../../utils/middlewares/authenticate-middleware"
import { validateAndTransformBody } from "../../utils/validate-body"
import { validateAndTransformQuery } from "../../utils/validate-query"
import * as QueryConfig from "./query-config"
@@ -10,11 +9,6 @@ import {
} from "./validators"
export const adminStoreRoutesMiddlewares: MiddlewareRoute[] = [
{
method: ["ALL"],
matcher: "/admin/stores*",
middlewares: [authenticate("user", ["bearer", "session", "api-key"])],
},
{
method: ["GET"],
matcher: "/admin/stores",
packages/medusa/src/api/admin/tax-rates/middlewares.ts
-6
View File
@@ -10,15 +10,9 @@ import {
} from "./validators"
import { MiddlewareRoute } from "../../../loaders/helpers/routing/types"
import { authenticate } from "../../../utils/middlewares/authenticate-middleware"
import { validateAndTransformBody } from "../../utils/validate-body"
export const adminTaxRateRoutesMiddlewares: MiddlewareRoute[] = [
{
method: "ALL",
matcher: "/admin/tax-rates*",
middlewares: [authenticate("user", ["bearer", "session", "api-key"])],
},
{
method: "POST",
matcher: "/admin/tax-rates",
packages/medusa/src/api/admin/tax-regions/middlewares.ts
-6
View File
@@ -7,16 +7,10 @@ import {
} from "./validators"
import { MiddlewareRoute } from "../../../loaders/helpers/routing/types"
import { authenticate } from "../../../utils/middlewares/authenticate-middleware"
import { validateAndTransformBody } from "../../utils/validate-body"
import { validateAndTransformQuery } from "../../utils/validate-query"
export const adminTaxRegionRoutesMiddlewares: MiddlewareRoute[] = [
{
method: ["ALL"],
matcher: "/admin/tax-regions*",
middlewares: [authenticate("user", ["bearer", "session", "api-key"])],
},
{
method: "POST",
matcher: "/admin/tax-regions",
packages/medusa/src/api/admin/uploads/middlewares.ts
-6
View File
@@ -1,6 +1,5 @@
import multer from "multer"
import { MiddlewareRoute } from "../../../loaders/helpers/routing/types"
import { authenticate } from "../../../utils/middlewares/authenticate-middleware"
import { validateAndTransformQuery } from "../../utils/validate-query"
import { retrieveUploadConfig } from "./query-config"
import { AdminGetUploadParams } from "./validators"
@@ -11,11 +10,6 @@ import { AdminGetUploadParams } from "./validators"
const upload = multer({ storage: multer.memoryStorage() })
export const adminUploadRoutesMiddlewares: MiddlewareRoute[] = [
{
method: ["ALL"],
matcher: "/admin/uploads*",
middlewares: [authenticate("user", ["bearer", "session", "api-key"])],
},
// TODO: There is a `/protected` route in v1 that might need a bit more thought when implementing
{
method: ["POST"],
packages/medusa/src/api/admin/users/[id]/route.ts
+2
View File
@@ -83,3 +83,5 @@ export const DELETE = async (
deleted: true,
})
}
export const AUTHENTICATE = false
packages/medusa/src/api/admin/users/me/route.ts
+2
View File
@@ -36,3 +36,5 @@ export const GET = async (
res.status(200).json({ user })
}
export const AUTHENTICATE = false
packages/medusa/src/api/admin/users/middlewares.ts
+2
View File
@@ -12,6 +12,8 @@ import { authenticate } from "../../../utils/middlewares/authenticate-middleware
import { validateAndTransformQuery } from "../../utils/validate-query"
import { validateAndTransformBody } from "../../utils/validate-body"
// TODO: Due to issues with our routing (and using router.use for applying middlewares), we have to opt-out of global auth in all routes, and then reapply it here.
// See https://medusacorp.slack.com/archives/C025KMS13SA/p1716455350491879 for details.
export const adminUserRoutesMiddlewares: MiddlewareRoute[] = [
{
method: ["GET"],
packages/medusa/src/api/admin/users/route.ts
+2
View File
@@ -84,3 +84,5 @@ export const POST = async (
res.status(200).json({ user, token })
}
export const AUTHENTICATE = false
packages/medusa/src/api/admin/workflows-executions/middlewares.ts
-6
View File
@@ -8,16 +8,10 @@ import {
} from "./validators"
import { MiddlewareRoute } from "../../../loaders/helpers/routing/types"
import { authenticate } from "../../../utils/middlewares/authenticate-middleware"
import { validateAndTransformQuery } from "../../utils/validate-query"
import { validateAndTransformBody } from "../../utils/validate-body"
export const adminWorkflowsExecutionsMiddlewares: MiddlewareRoute[] = [
{
method: ["ALL"],
matcher: "/admin/workflows-executions*",
middlewares: [authenticate("user", ["bearer", "session", "api-key"])],
},
{
method: ["GET"],
matcher: "/admin/workflows-executions",
packages/medusa/src/api/store/carts/middlewares.ts
-10
View File
@@ -1,5 +1,4 @@
import { MiddlewareRoute } from "../../../loaders/helpers/routing/types"
import { authenticate } from "../../../utils/middlewares/authenticate-middleware"
import { ensurePublishableKeyAndSalesChannelMatch } from "../../utils/middlewares/common/ensure-pub-key-sales-channel-match"
import { maybeAttachPublishableKeyScopes } from "../../utils/middlewares/common/maybe-attach-pub-key-scopes"
import { validateAndTransformBody } from "../../utils/validate-body"
@@ -21,15 +20,6 @@ import {
} from "./validators"
export const storeCartRoutesMiddlewares: MiddlewareRoute[] = [
{
method: "ALL",
matcher: "/store/carts*",
middlewares: [
authenticate("customer", ["session", "bearer"], {
allowUnauthenticated: true,
}),
],
},
{
method: ["GET"],
matcher: "/store/carts/:id",
packages/medusa/src/api/store/orders/middlewares.ts
-3
View File
@@ -20,9 +20,6 @@ export const storeOrderRoutesMiddlewares: MiddlewareRoute[] = [
method: ["GET"],
matcher: "/store/orders/:id",
middlewares: [
authenticate("customer", ["session", "bearer"], {
allowUnauthenticated: true,
}),
validateAndTransformQuery(
StoreGetOrderParams,
QueryConfig.retrieveTransformQueryConfig
packages/medusa/src/api/store/payment-collections/middlewares.ts
-10
View File
@@ -1,5 +1,4 @@
import { MiddlewareRoute } from "../../../types/middlewares"
import { authenticate } from "../../../utils/middlewares/authenticate-middleware"
import { validateAndTransformBody } from "../../utils/validate-body"
import { validateAndTransformQuery } from "../../utils/validate-query"
import * as queryConfig from "./query-config"
@@ -10,15 +9,6 @@ import {
} from "./validators"
export const storePaymentCollectionsMiddlewares: MiddlewareRoute[] = [
{
method: "ALL",
matcher: "/store/payment-collections*",
middlewares: [
authenticate("customer", ["session", "bearer"], {
allowUnauthenticated: true,
}),
],
},
{
method: ["POST"],
matcher: "/store/payment-collections",
packages/medusa/src/api/store/products/middlewares.ts
-10
View File
@@ -1,6 +1,5 @@
import { isPresent, ProductStatus } from "@medusajs/utils"
import { MiddlewareRoute } from "../../../loaders/helpers/routing/types"
import { authenticate } from "../../../utils/middlewares/authenticate-middleware"
import { maybeApplyLinkFilter } from "../../utils/maybe-apply-link-filter"
import {
applyDefaultFilters,
@@ -15,15 +14,6 @@ import {
} from "./validators"
export const storeProductRoutesMiddlewares: MiddlewareRoute[] = [
{
method: "ALL",
matcher: "/store/products*",
middlewares: [
authenticate("customer", ["session", "bearer"], {
allowUnauthenticated: true,
}),
],
},
{
method: ["GET"],
matcher: "/store/products",
packages/medusa/src/loaders/helpers/routing/__fixtures__/routers-middleware/store/me/protected/route.ts → packages/medusa/src/loaders/helpers/routing/__fixtures__/routers-middleware/store/customers/me/protected/route.ts
View File
packages/medusa/src/loaders/helpers/routing/__fixtures__/routers-middleware/store/me/unprotected/route.ts → packages/medusa/src/loaders/helpers/routing/__fixtures__/routers-middleware/store/customers/me/unprotected/route.ts
View File
packages/medusa/src/loaders/helpers/routing/__fixtures__/server/index.ts
+14 -4
View File
@@ -123,21 +123,31 @@ export const createServer = async (rootDir) => {
if (opts.adminSession) {
const token = jwt.sign(
{
user_id: opts.adminSession.userId || opts.adminSession.jwt?.userId,
domain: "admin",
actor_id: opts.adminSession.userId || opts.adminSession.jwt?.userId,
actor_type: "user",
app_metadata: {
user_id:
opts.adminSession.userId || opts.adminSession.jwt?.userId,
},
},
config.projectConfig.http.jwtSecret!
)
headers.Authorization = `Bearer ${token}`
}
if (opts.clientSession) {
const token = jwt.sign(
{
customer_id:
actor_id:
opts.clientSession.customer_id ||
opts.clientSession.jwt?.customer_id,
domain: "store",
actor_type: "customer",
app_metadata: {
customer_id:
opts.clientSession.customer_id ||
opts.clientSession.jwt?.customer_id,
},
},
config.projectConfig.http.jwtSecret!
)
packages/medusa/src/loaders/helpers/routing/__tests__/index.spec.ts
-28
View File
@@ -154,34 +154,6 @@ describe("RoutesLoader", function () {
expect(res.text).toBe("GET /admin/unprotected")
})
it("should return 200 when customer is authenticated", async () => {
const res = await request("GET", "/store/me/protected", {
clientSession: {
jwt: {
customer_id: "lebron",
},
},
})
expect(res.status).toBe(200)
expect(res.text).toBe("GET /store/protected")
})
// The authentication middleware has changed and is not automatically attached currently
it.skip("should return 401 when customer is not authenticated", async () => {
const res = await request("GET", "/store/me/protected")
expect(res.status).toBe(401)
expect(res.text).toBe("Unauthorized")
})
it("should return 200 when customer route is opted out of authentication", async () => {
const res = await request("GET", "/store/me/unprotected")
expect(res.status).toBe(200)
expect(res.text).toBe("GET /store/unprotected")
})
it("should return the error as JSON when an error is thrown with default error handling", async () => {
const res = await request("GET", "/customers/error")
packages/medusa/src/loaders/helpers/routing/index.ts
+30 -19
View File
@@ -5,7 +5,7 @@ import { type Express, json, Router, text, urlencoded } from "express"
import { readdir } from "fs/promises"
import { extname, join, sep } from "path"
import { MedusaRequest, MedusaResponse } from "../../../types/routing"
import { errorHandler } from "../../../utils/middlewares"
import { authenticate, errorHandler } from "../../../utils/middlewares"
import logger from "../../logger"
import {
AsyncRouteHandler,
@@ -298,10 +298,6 @@ export class RoutesLoader {
const config: RouteConfig = {
routes: [],
shouldRequireAdminAuth: false,
shouldRequireCustomerAuth: false,
shouldAppendCustomer: false,
shouldAppendAuthCors: false,
}
/**
@@ -313,6 +309,7 @@ export class RoutesLoader {
? (import_[AUTHTHENTICATE] as boolean)
: true
config.optedOutOfAuth = !shouldRequireAuth
/**
* If the developer has not exported the
* CORS flag we default to true.
@@ -321,29 +318,24 @@ export class RoutesLoader {
import_["CORS"] !== undefined ? (import_["CORS"] as boolean) : true
if (route.startsWith("/admin")) {
config.routeType = "admin"
if (shouldAddCors) {
config.shouldAppendAdminCors = true
}
if (shouldRequireAuth) {
config.shouldRequireAdminAuth = true
}
}
if (route.startsWith("/store")) {
config.shouldAppendCustomer = true
config.routeType = "store"
if (shouldAddCors) {
config.shouldAppendStoreCors = true
}
}
if (route.startsWith("/auth") && shouldAddCors) {
config.shouldAppendAuthCors = true
}
if (shouldRequireAuth && route.startsWith("/store/me")) {
config.shouldRequireCustomerAuth = shouldRequireAuth
config.routeType = "auth"
if (shouldAddCors) {
config.shouldAppendAuthCors = true
}
}
const handlers = Object.keys(import_).filter((key) => {
@@ -587,6 +579,7 @@ export class RoutesLoader {
continue
}
const config = descriptor.config
const routes = descriptor.config.routes
/**
@@ -594,7 +587,7 @@ export class RoutesLoader {
* not opted out of.
*/
if (descriptor.config.shouldAppendAdminCors) {
if (config.shouldAppendAdminCors) {
/**
* Apply the admin cors
*/
@@ -609,7 +602,7 @@ export class RoutesLoader {
)
}
if (descriptor.config.shouldAppendAuthCors) {
if (config.shouldAppendAuthCors) {
/**
* Apply the auth cors
*/
@@ -624,7 +617,7 @@ export class RoutesLoader {
)
}
if (descriptor.config.shouldAppendStoreCors) {
if (config.shouldAppendStoreCors) {
/**
* Apply the store cors
*/
@@ -639,6 +632,24 @@ export class RoutesLoader {
)
}
// We only apply the auth middleware to store routes to populate the auth context. For actual authentication, users can just reapply the middleware.
if (!config.optedOutOfAuth && config.routeType === "store") {
this.router.use(
descriptor.route,
authenticate("customer", ["bearer", "session"], {
allowUnauthenticated: true,
})
)
}
if (!config.optedOutOfAuth && config.routeType === "admin") {
// We probably don't want to allow access to all endpoints using an api key, but it will do until we revamp our routing.
this.router.use(
descriptor.route,
authenticate("user", ["bearer", "session", "api-key"])
)
}
for (const route of routes) {
/**
* Apply the body parser middleware if the route
packages/medusa/src/loaders/helpers/routing/types.ts
+2 -3
View File
@@ -36,9 +36,8 @@ export type RouteImplementation = {
}
export type RouteConfig = {
shouldRequireAdminAuth?: boolean
shouldRequireCustomerAuth?: boolean
shouldAppendCustomer?: boolean
optedOutOfAuth?: boolean
routeType?: "admin" | "store" | "auth"
shouldAppendAdminCors?: boolean
shouldAppendStoreCors?: boolean
shouldAppendAuthCors?: boolean