From 10ef32c5a3ce3afbc676b552980537ffe06813fa Mon Sep 17 00:00:00 2001 From: Stevche Radevski Date: Mon, 27 May 2024 15:24:53 +0200 Subject: [PATCH] feat: Apply authentication middleware globally (#7396) * feat: Apply auth middleware globally * feat: Remove local auth middleware where it makes sense --- .../payment/payment-providers.spec.ts | 13 ++++- .../src/api/admin/api-keys/middlewares.ts | 5 -- .../src/api/admin/campaigns/middlewares.ts | 5 -- .../src/api/admin/collections/middlewares.ts | 7 --- .../src/api/admin/currencies/middlewares.ts | 6 --- .../api/admin/customer-groups/middlewares.ts | 6 --- .../src/api/admin/customers/middlewares.ts | 6 --- .../src/api/admin/draft-orders/middlewares.ts | 6 --- .../fulfillment-providers/middlewares.ts | 6 --- .../api/admin/fulfillment-sets/middlewares.ts | 6 --- .../src/api/admin/fulfillments/middlewares.ts | 6 --- .../api/admin/inventory-items/middlewares.ts | 6 --- .../api/admin/invites/[id]/resend/route.ts | 2 + .../src/api/admin/invites/[id]/route.ts | 2 + .../src/api/admin/invites/accept/route.ts | 2 + .../src/api/admin/invites/middlewares.ts | 2 + .../medusa/src/api/admin/invites/route.ts | 2 + .../src/api/admin/orders/middlewares.ts | 6 --- .../src/api/admin/payments/middlewares.ts | 6 --- .../src/api/admin/price-lists/middlewares.ts | 6 --- .../src/api/admin/pricing/middlewares.ts | 5 -- .../admin/product-categories/middlewares.ts | 6 --- .../api/admin/product-types/middlewares.ts | 7 --- .../src/api/admin/products/middlewares.ts | 6 --- .../src/api/admin/promotions/middlewares.ts | 5 -- .../src/api/admin/regions/middlewares.ts | 6 --- .../src/api/admin/reservations/middlewares.ts | 6 --- .../api/admin/return-reasons/middlewares.ts | 6 --- .../src/api/admin/returns/middlewares.ts | 6 --- .../api/admin/sales-channels/middlewares.ts | 6 --- .../api/admin/shipping-options/middlewares.ts | 5 -- .../admin/shipping-profiles/middlewares.ts | 5 -- .../api/admin/stock-locations/middlewares.ts | 6 --- .../src/api/admin/stores/middlewares.ts | 6 --- .../src/api/admin/tax-rates/middlewares.ts | 6 --- .../src/api/admin/tax-regions/middlewares.ts | 6 --- .../src/api/admin/uploads/middlewares.ts | 6 --- .../medusa/src/api/admin/users/[id]/route.ts | 2 + .../medusa/src/api/admin/users/me/route.ts | 2 + .../medusa/src/api/admin/users/middlewares.ts | 2 + packages/medusa/src/api/admin/users/route.ts | 2 + .../admin/workflows-executions/middlewares.ts | 6 --- .../medusa/src/api/store/carts/middlewares.ts | 10 ---- .../src/api/store/orders/middlewares.ts | 3 -- .../store/payment-collections/middlewares.ts | 10 ---- .../src/api/store/products/middlewares.ts | 10 ---- .../{ => customers}/me/protected/route.ts | 0 .../{ => customers}/me/unprotected/route.ts | 0 .../routing/__fixtures__/server/index.ts | 18 +++++-- .../helpers/routing/__tests__/index.spec.ts | 28 ----------- .../src/loaders/helpers/routing/index.ts | 49 ++++++++++++------- .../src/loaders/helpers/routing/types.ts | 5 +- 52 files changed, 76 insertions(+), 276 deletions(-) rename packages/medusa/src/loaders/helpers/routing/__fixtures__/routers-middleware/store/{ => customers}/me/protected/route.ts (100%) rename packages/medusa/src/loaders/helpers/routing/__fixtures__/routers-middleware/store/{ => customers}/me/unprotected/route.ts (100%) diff --git a/integration-tests/modules/__tests__/payment/payment-providers.spec.ts b/integration-tests/modules/__tests__/payment/payment-providers.spec.ts index bb9466056c..22ed7b40bf 100644 --- a/integration-tests/modules/__tests__/payment/payment-providers.spec.ts +++ b/integration-tests/modules/__tests__/payment/payment-providers.spec.ts @@ -1,4 +1,8 @@ import { medusaIntegrationTestRunner } from "medusa-test-utils/dist" +import { + adminHeaders, + createAdminUser, +} from "../../../helpers/create-admin-user" jest.setTimeout(50000) @@ -14,8 +18,15 @@ medusaIntegrationTestRunner({ appContainer = getContainer() }) + beforeEach(async () => { + await createAdminUser(dbConnection, adminHeaders, appContainer) + }) + it("should list payment providers", async () => { - let response = await api.get(`/admin/payments/payment-providers`) + let response = await api.get( + `/admin/payments/payment-providers`, + adminHeaders + ) expect(response.status).toEqual(200) expect(response.data.payment_providers).toEqual([ diff --git a/packages/medusa/src/api/admin/api-keys/middlewares.ts b/packages/medusa/src/api/admin/api-keys/middlewares.ts index 352a4580e8..c8f4857ec5 100644 --- a/packages/medusa/src/api/admin/api-keys/middlewares.ts +++ b/packages/medusa/src/api/admin/api-keys/middlewares.ts @@ -1,7 +1,6 @@ import * as QueryConfig from "./query-config" import { MiddlewareRoute } from "../../../loaders/helpers/routing/types" -import { authenticate } from "../../../utils/middlewares/authenticate-middleware" import { validateAndTransformQuery } from "../../utils/validate-query" import { AdminCreateApiKey, @@ -14,10 +13,6 @@ import { validateAndTransformBody } from "../../utils/validate-body" import { createLinkBody } from "../../utils/validators" export const adminApiKeyRoutesMiddlewares: MiddlewareRoute[] = [ - { - matcher: "/admin/api-keys*", - middlewares: [authenticate("user", ["bearer", "session"])], - }, { method: ["GET"], matcher: "/admin/api-keys", diff --git a/packages/medusa/src/api/admin/campaigns/middlewares.ts b/packages/medusa/src/api/admin/campaigns/middlewares.ts index 6f0e317ff2..ccef152448 100644 --- a/packages/medusa/src/api/admin/campaigns/middlewares.ts +++ b/packages/medusa/src/api/admin/campaigns/middlewares.ts @@ -1,5 +1,4 @@ import { MiddlewareRoute } from "../../../loaders/helpers/routing/types" -import { authenticate } from "../../../utils/middlewares/authenticate-middleware" import { validateAndTransformBody } from "../../utils/validate-body" import { validateAndTransformQuery } from "../../utils/validate-query" import { createLinkBody } from "../../utils/validators" @@ -12,10 +11,6 @@ import { } from "./validators" export const adminCampaignRoutesMiddlewares: MiddlewareRoute[] = [ - { - matcher: "/admin/campaigns*", - middlewares: [authenticate("user", ["bearer", "session", "api-key"])], - }, { method: ["GET"], matcher: "/admin/campaigns", diff --git a/packages/medusa/src/api/admin/collections/middlewares.ts b/packages/medusa/src/api/admin/collections/middlewares.ts index f8ca442aa4..f2ce2c7318 100644 --- a/packages/medusa/src/api/admin/collections/middlewares.ts +++ b/packages/medusa/src/api/admin/collections/middlewares.ts @@ -1,6 +1,5 @@ import * as QueryConfig from "./query-config" import { MiddlewareRoute } from "../../../loaders/helpers/routing/types" -import { authenticate } from "../../../utils/middlewares/authenticate-middleware" import { validateAndTransformQuery } from "../../utils/validate-query" import { AdminCreateCollection, @@ -12,12 +11,6 @@ import { validateAndTransformBody } from "../../utils/validate-body" import { createLinkBody } from "../../utils/validators" export const adminCollectionRoutesMiddlewares: MiddlewareRoute[] = [ - { - method: ["ALL"], - matcher: "/admin/collections*", - middlewares: [authenticate("user", ["bearer", "session", "api-key"])], - }, - { method: ["GET"], matcher: "/admin/collections", diff --git a/packages/medusa/src/api/admin/currencies/middlewares.ts b/packages/medusa/src/api/admin/currencies/middlewares.ts index d29d6fff76..613237b379 100644 --- a/packages/medusa/src/api/admin/currencies/middlewares.ts +++ b/packages/medusa/src/api/admin/currencies/middlewares.ts @@ -1,15 +1,9 @@ import { MiddlewareRoute } from "../../../loaders/helpers/routing/types" -import { authenticate } from "../../../utils/middlewares/authenticate-middleware" import { validateAndTransformQuery } from "../../utils/validate-query" import * as QueryConfig from "./query-config" import { AdminGetCurrencyParams, AdminGetCurrenciesParams } from "./validators" export const adminCurrencyRoutesMiddlewares: MiddlewareRoute[] = [ - { - method: ["ALL"], - matcher: "/admin/currencies*", - middlewares: [authenticate("user", ["bearer", "session", "api-key"])], - }, { method: ["GET"], matcher: "/admin/currencies", diff --git a/packages/medusa/src/api/admin/customer-groups/middlewares.ts b/packages/medusa/src/api/admin/customer-groups/middlewares.ts index 6b47141b23..7d03715798 100644 --- a/packages/medusa/src/api/admin/customer-groups/middlewares.ts +++ b/packages/medusa/src/api/admin/customer-groups/middlewares.ts @@ -1,6 +1,5 @@ import * as QueryConfig from "./query-config" import { MiddlewareRoute } from "../../../loaders/helpers/routing/types" -import { authenticate } from "../../../utils/middlewares/authenticate-middleware" import { validateAndTransformQuery } from "../../utils/validate-query" import { AdminCreateCustomerGroup, @@ -12,11 +11,6 @@ import { validateAndTransformBody } from "../../utils/validate-body" import { createLinkBody } from "../../utils/validators" export const adminCustomerGroupRoutesMiddlewares: MiddlewareRoute[] = [ - { - method: ["ALL"], - matcher: "/admin/customer-groups*", - middlewares: [authenticate("user", ["bearer", "session", "api-key"])], - }, { method: ["GET"], matcher: "/admin/customer-groups", diff --git a/packages/medusa/src/api/admin/customers/middlewares.ts b/packages/medusa/src/api/admin/customers/middlewares.ts index c8a5a7586a..8f298ce59a 100644 --- a/packages/medusa/src/api/admin/customers/middlewares.ts +++ b/packages/medusa/src/api/admin/customers/middlewares.ts @@ -11,16 +11,10 @@ import { } from "./validators" import { MiddlewareRoute } from "../../../loaders/helpers/routing/types" -import { authenticate } from "../../../utils/middlewares/authenticate-middleware" import { validateAndTransformBody } from "../../utils/validate-body" import { validateAndTransformQuery } from "../../utils/validate-query" export const adminCustomerRoutesMiddlewares: MiddlewareRoute[] = [ - { - method: ["ALL"], - matcher: "/admin/customers*", - middlewares: [authenticate("user", ["bearer", "session", "api-key"])], - }, { method: ["GET"], matcher: "/admin/customers", diff --git a/packages/medusa/src/api/admin/draft-orders/middlewares.ts b/packages/medusa/src/api/admin/draft-orders/middlewares.ts index 421203f423..baedf9cab0 100644 --- a/packages/medusa/src/api/admin/draft-orders/middlewares.ts +++ b/packages/medusa/src/api/admin/draft-orders/middlewares.ts @@ -1,5 +1,4 @@ import { MiddlewareRoute } from "../../../loaders/helpers/routing/types" -import { authenticate } from "../../../utils/middlewares/authenticate-middleware" import { validateAndTransformBody } from "../../utils/validate-body" import { validateAndTransformQuery } from "../../utils/validate-query" import * as QueryConfig from "./query-config" @@ -10,11 +9,6 @@ import { } from "./validators" export const adminDraftOrderRoutesMiddlewares: MiddlewareRoute[] = [ - { - method: ["ALL"], - matcher: "/admin/draft-orders*", - middlewares: [authenticate("user", ["bearer", "session", "api-key"])], - }, { method: ["GET"], matcher: "/admin/draft-orders", diff --git a/packages/medusa/src/api/admin/fulfillment-providers/middlewares.ts b/packages/medusa/src/api/admin/fulfillment-providers/middlewares.ts index 079b7361af..9cbbaf78ff 100644 --- a/packages/medusa/src/api/admin/fulfillment-providers/middlewares.ts +++ b/packages/medusa/src/api/admin/fulfillment-providers/middlewares.ts @@ -1,15 +1,9 @@ import { MiddlewareRoute } from "../../../types/middlewares" -import { authenticate } from "../../../utils/middlewares/authenticate-middleware" import { validateAndTransformQuery } from "../../utils/validate-query" import * as QueryConfig from "./query-config" import { AdminFulfillmentProvidersParams } from "./validators" export const adminFulfillmentProvidersRoutesMiddlewares: MiddlewareRoute[] = [ - { - method: "ALL", - matcher: "/admin/fulfillment-providers*", - middlewares: [authenticate("user", ["session", "bearer", "api-key"])], - }, { method: ["GET"], matcher: "/admin/fulfillment-providers", diff --git a/packages/medusa/src/api/admin/fulfillment-sets/middlewares.ts b/packages/medusa/src/api/admin/fulfillment-sets/middlewares.ts index 1803840ada..aaa273213c 100644 --- a/packages/medusa/src/api/admin/fulfillment-sets/middlewares.ts +++ b/packages/medusa/src/api/admin/fulfillment-sets/middlewares.ts @@ -1,5 +1,4 @@ import { MiddlewareRoute } from "../../../types/middlewares" -import { authenticate } from "../../../utils/middlewares/authenticate-middleware" import { validateAndTransformBody } from "../../utils/validate-body" import { validateAndTransformQuery } from "../../utils/validate-query" import * as QueryConfig from "./query-config" @@ -11,11 +10,6 @@ import { } from "./validators" export const adminFulfillmentSetsRoutesMiddlewares: MiddlewareRoute[] = [ - { - method: "ALL", - matcher: "/admin/fulfillment-sets*", - middlewares: [authenticate("user", ["session", "bearer", "api-key"])], - }, { method: ["POST"], matcher: "/admin/fulfillment-sets/:id/service-zones", diff --git a/packages/medusa/src/api/admin/fulfillments/middlewares.ts b/packages/medusa/src/api/admin/fulfillments/middlewares.ts index a2e6f06e7a..63813659ba 100644 --- a/packages/medusa/src/api/admin/fulfillments/middlewares.ts +++ b/packages/medusa/src/api/admin/fulfillments/middlewares.ts @@ -1,5 +1,4 @@ import { MiddlewareRoute } from "../../../types/middlewares" -import { authenticate } from "../../../utils/middlewares/authenticate-middleware" import { validateAndTransformBody } from "../../utils/validate-body" import { validateAndTransformQuery } from "../../utils/validate-query" import * as QueryConfig from "./query-config" @@ -11,11 +10,6 @@ import { } from "./validators" export const adminFulfillmentsRoutesMiddlewares: MiddlewareRoute[] = [ - { - method: "ALL", - matcher: "/admin/fulfillments*", - middlewares: [authenticate("user", ["session", "bearer", "api-key"])], - }, { method: ["POST"], matcher: "/admin/fulfillments/:id/cancel", diff --git a/packages/medusa/src/api/admin/inventory-items/middlewares.ts b/packages/medusa/src/api/admin/inventory-items/middlewares.ts index aedfe50da8..34106ee488 100644 --- a/packages/medusa/src/api/admin/inventory-items/middlewares.ts +++ b/packages/medusa/src/api/admin/inventory-items/middlewares.ts @@ -1,6 +1,5 @@ import * as QueryConfig from "./query-config" import { MiddlewareRoute } from "../../../types/middlewares" -import { authenticate } from "../../../utils/middlewares/authenticate-middleware" import { validateAndTransformQuery } from "../../utils/validate-query" import { AdminCreateInventoryItem, @@ -17,11 +16,6 @@ import { createBatchBody } from "../../utils/validators" import { unlessPath } from "../../utils/unless-path" export const adminInventoryRoutesMiddlewares: MiddlewareRoute[] = [ - { - method: "ALL", - matcher: "/admin/inventory-items*", - middlewares: [authenticate("user", ["session", "bearer", "api-key"])], - }, { method: ["GET"], matcher: "/admin/inventory-items", diff --git a/packages/medusa/src/api/admin/invites/[id]/resend/route.ts b/packages/medusa/src/api/admin/invites/[id]/resend/route.ts index c8af510be6..0854447c3f 100644 --- a/packages/medusa/src/api/admin/invites/[id]/resend/route.ts +++ b/packages/medusa/src/api/admin/invites/[id]/resend/route.ts @@ -19,3 +19,5 @@ export const POST = async (req: MedusaRequest, res: MedusaResponse) => { res.status(200).json({ invite }) } + +export const AUTHENTICATE = false diff --git a/packages/medusa/src/api/admin/invites/[id]/route.ts b/packages/medusa/src/api/admin/invites/[id]/route.ts index 66846b6836..89b16533a8 100644 --- a/packages/medusa/src/api/admin/invites/[id]/route.ts +++ b/packages/medusa/src/api/admin/invites/[id]/route.ts @@ -45,3 +45,5 @@ export const DELETE = async ( deleted: true, }) } + +export const AUTHENTICATE = false diff --git a/packages/medusa/src/api/admin/invites/accept/route.ts b/packages/medusa/src/api/admin/invites/accept/route.ts index db3594c9f6..30ef6bb21b 100644 --- a/packages/medusa/src/api/admin/invites/accept/route.ts +++ b/packages/medusa/src/api/admin/invites/accept/route.ts @@ -36,3 +36,5 @@ export const POST = async ( res.status(200).json({ user: users[0] }) } + +export const AUTHENTICATE = false diff --git a/packages/medusa/src/api/admin/invites/middlewares.ts b/packages/medusa/src/api/admin/invites/middlewares.ts index 729abc2ea6..9d37c1d0ef 100644 --- a/packages/medusa/src/api/admin/invites/middlewares.ts +++ b/packages/medusa/src/api/admin/invites/middlewares.ts @@ -13,6 +13,8 @@ import { authenticate } from "../../../utils/middlewares/authenticate-middleware import { validateAndTransformQuery } from "../../utils/validate-query" import { validateAndTransformBody } from "../../utils/validate-body" +// TODO: Due to issues with our routing (and using router.use for applying middlewares), we have to opt-out of global auth in all routes, and then reapply it here. +// See https://medusacorp.slack.com/archives/C025KMS13SA/p1716455350491879 for details. export const adminInviteRoutesMiddlewares: MiddlewareRoute[] = [ { method: ["GET"], diff --git a/packages/medusa/src/api/admin/invites/route.ts b/packages/medusa/src/api/admin/invites/route.ts index e6c70bba02..1833ca07f0 100644 --- a/packages/medusa/src/api/admin/invites/route.ts +++ b/packages/medusa/src/api/admin/invites/route.ts @@ -57,3 +57,5 @@ export const POST = async ( res.status(200).json({ invite }) } + +export const AUTHENTICATE = false diff --git a/packages/medusa/src/api/admin/orders/middlewares.ts b/packages/medusa/src/api/admin/orders/middlewares.ts index 00703ee1ee..3ed2814784 100644 --- a/packages/medusa/src/api/admin/orders/middlewares.ts +++ b/packages/medusa/src/api/admin/orders/middlewares.ts @@ -1,5 +1,4 @@ import { MiddlewareRoute } from "../../../loaders/helpers/routing/types" -import { authenticate } from "../../../utils/middlewares/authenticate-middleware" import { validateAndTransformBody } from "../../utils/validate-body" import { validateAndTransformQuery } from "../../utils/validate-query" import * as QueryConfig from "./query-config" @@ -12,11 +11,6 @@ import { } from "./validators" export const adminOrderRoutesMiddlewares: MiddlewareRoute[] = [ - { - method: ["ALL"], - matcher: "/admin/orders*", - middlewares: [authenticate("user", ["bearer", "session", "api-key"])], - }, { method: ["GET"], matcher: "/admin/orders", diff --git a/packages/medusa/src/api/admin/payments/middlewares.ts b/packages/medusa/src/api/admin/payments/middlewares.ts index 1d07e6fc6e..d5119cfad4 100644 --- a/packages/medusa/src/api/admin/payments/middlewares.ts +++ b/packages/medusa/src/api/admin/payments/middlewares.ts @@ -1,5 +1,4 @@ import { MiddlewareRoute } from "../../../types/middlewares" -import { authenticate } from "../../../utils/middlewares/authenticate-middleware" import { unlessPath } from "../../utils/unless-path" import { validateAndTransformBody } from "../../utils/validate-body" import { validateAndTransformQuery } from "../../utils/validate-query" @@ -13,11 +12,6 @@ import { } from "./validators" export const adminPaymentRoutesMiddlewares: MiddlewareRoute[] = [ - { - method: "ALL", - matcher: "/admin/payments", - middlewares: [authenticate("user", ["session", "bearer", "api-key"])], - }, { method: ["GET"], matcher: "/admin/payments", diff --git a/packages/medusa/src/api/admin/price-lists/middlewares.ts b/packages/medusa/src/api/admin/price-lists/middlewares.ts index e9dd188b15..e35531dda7 100644 --- a/packages/medusa/src/api/admin/price-lists/middlewares.ts +++ b/packages/medusa/src/api/admin/price-lists/middlewares.ts @@ -1,5 +1,4 @@ import { MiddlewareRoute } from "../../../loaders/helpers/routing/types" -import { authenticate } from "../../../utils/middlewares/authenticate-middleware" import { validateAndTransformBody } from "../../utils/validate-body" import { validateAndTransformQuery } from "../../utils/validate-query" import { createBatchBody, createLinkBody } from "../../utils/validators" @@ -15,11 +14,6 @@ import { } from "./validators" export const adminPriceListsRoutesMiddlewares: MiddlewareRoute[] = [ - { - method: ["ALL"], - matcher: "/admin/price-lists*", - middlewares: [authenticate("user", ["bearer", "session", "api-key"])], - }, { method: ["GET"], matcher: "/admin/price-lists", diff --git a/packages/medusa/src/api/admin/pricing/middlewares.ts b/packages/medusa/src/api/admin/pricing/middlewares.ts index 0ef8189727..1315190c35 100644 --- a/packages/medusa/src/api/admin/pricing/middlewares.ts +++ b/packages/medusa/src/api/admin/pricing/middlewares.ts @@ -1,5 +1,4 @@ import { MiddlewareRoute } from "../../../loaders/helpers/routing/types" -import { authenticate } from "../../../utils/middlewares/authenticate-middleware" import { validateAndTransformBody } from "../../utils/validate-body" import { validateAndTransformQuery } from "../../utils/validate-query" import * as QueryConfig from "./query-config" @@ -11,10 +10,6 @@ import { } from "./validators" export const adminPricingRoutesMiddlewares: MiddlewareRoute[] = [ - { - matcher: "/admin/pricing*", - middlewares: [authenticate("user", ["bearer", "session", "api-key"])], - }, { method: ["GET"], matcher: "/admin/pricing/rule-types", diff --git a/packages/medusa/src/api/admin/product-categories/middlewares.ts b/packages/medusa/src/api/admin/product-categories/middlewares.ts index 13987ed383..3376dc4670 100644 --- a/packages/medusa/src/api/admin/product-categories/middlewares.ts +++ b/packages/medusa/src/api/admin/product-categories/middlewares.ts @@ -1,5 +1,4 @@ import { MiddlewareRoute } from "../../../loaders/helpers/routing/types" -import { authenticate } from "../../../utils/middlewares/authenticate-middleware" import { validateAndTransformBody } from "../../utils/validate-body" import { validateAndTransformQuery } from "../../utils/validate-query" import { createLinkBody } from "../../utils/validators" @@ -12,11 +11,6 @@ import { } from "./validators" export const adminProductCategoryRoutesMiddlewares: MiddlewareRoute[] = [ - { - method: ["ALL"], - matcher: "/admin/product-categories*", - middlewares: [authenticate("user", ["bearer", "session", "api-key"])], - }, { method: ["GET"], matcher: "/admin/product-categories", diff --git a/packages/medusa/src/api/admin/product-types/middlewares.ts b/packages/medusa/src/api/admin/product-types/middlewares.ts index 01d052a9f6..f6316b0f79 100644 --- a/packages/medusa/src/api/admin/product-types/middlewares.ts +++ b/packages/medusa/src/api/admin/product-types/middlewares.ts @@ -1,6 +1,5 @@ import * as QueryConfig from "./query-config" import { MiddlewareRoute } from "../../../loaders/helpers/routing/types" -import { authenticate } from "../../../utils/middlewares/authenticate-middleware" import { validateAndTransformQuery } from "../../utils/validate-query" import { AdminCreateProductType, @@ -11,12 +10,6 @@ import { import { validateAndTransformBody } from "../../utils/validate-body" export const adminProductTypeRoutesMiddlewares: MiddlewareRoute[] = [ - { - method: ["ALL"], - matcher: "/admin/product-types/*", - middlewares: [authenticate("user", ["bearer", "session", "api-key"])], - }, - { method: ["GET"], matcher: "/admin/product-types", diff --git a/packages/medusa/src/api/admin/products/middlewares.ts b/packages/medusa/src/api/admin/products/middlewares.ts index 3108638528..2f34cd941d 100644 --- a/packages/medusa/src/api/admin/products/middlewares.ts +++ b/packages/medusa/src/api/admin/products/middlewares.ts @@ -1,5 +1,4 @@ import { MiddlewareRoute } from "../../../loaders/helpers/routing/types" -import { authenticate } from "../../../utils/middlewares/authenticate-middleware" import { maybeApplyLinkFilter } from "../../utils/maybe-apply-link-filter" import { unlessPath } from "../../utils/unless-path" import { validateAndTransformBody } from "../../utils/validate-body" @@ -25,11 +24,6 @@ import { } from "./validators" export const adminProductRoutesMiddlewares: MiddlewareRoute[] = [ - { - method: ["ALL"], - matcher: "/admin/products*", - middlewares: [authenticate("user", ["bearer", "session", "api-key"])], - }, { method: ["GET"], matcher: "/admin/products", diff --git a/packages/medusa/src/api/admin/promotions/middlewares.ts b/packages/medusa/src/api/admin/promotions/middlewares.ts index 828915f883..312a8d1baf 100644 --- a/packages/medusa/src/api/admin/promotions/middlewares.ts +++ b/packages/medusa/src/api/admin/promotions/middlewares.ts @@ -1,5 +1,4 @@ import { MiddlewareRoute } from "../../../loaders/helpers/routing/types" -import { authenticate } from "../../../utils/middlewares/authenticate-middleware" import { validateAndTransformBody } from "../../utils/validate-body" import { validateAndTransformQuery } from "../../utils/validate-query" import { createBatchBody } from "../../utils/validators" @@ -17,10 +16,6 @@ import { } from "./validators" export const adminPromotionRoutesMiddlewares: MiddlewareRoute[] = [ - { - matcher: "/admin/promotions*", - middlewares: [authenticate("user", ["bearer", "session", "api-key"])], - }, { method: ["GET"], matcher: "/admin/promotions", diff --git a/packages/medusa/src/api/admin/regions/middlewares.ts b/packages/medusa/src/api/admin/regions/middlewares.ts index 8fa76eee97..0edd2dfc69 100644 --- a/packages/medusa/src/api/admin/regions/middlewares.ts +++ b/packages/medusa/src/api/admin/regions/middlewares.ts @@ -1,6 +1,5 @@ import * as QueryConfig from "./query-config" import { MiddlewareRoute } from "../../../loaders/helpers/routing/types" -import { authenticate } from "../../../utils/middlewares/authenticate-middleware" import { validateAndTransformQuery } from "../../utils/validate-query" import { AdminCreateRegion, @@ -11,11 +10,6 @@ import { import { validateAndTransformBody } from "../../utils/validate-body" export const adminRegionRoutesMiddlewares: MiddlewareRoute[] = [ - { - method: ["ALL"], - matcher: "/admin/regions*", - middlewares: [authenticate("user", ["bearer", "session", "api-key"])], - }, { method: ["GET"], matcher: "/admin/regions", diff --git a/packages/medusa/src/api/admin/reservations/middlewares.ts b/packages/medusa/src/api/admin/reservations/middlewares.ts index 4b7be77c1f..3e98524109 100644 --- a/packages/medusa/src/api/admin/reservations/middlewares.ts +++ b/packages/medusa/src/api/admin/reservations/middlewares.ts @@ -1,7 +1,6 @@ import * as QueryConfig from "./query-config" import { MiddlewareRoute } from "../../../loaders/helpers/routing/types" -import { authenticate } from "../../../utils/middlewares/authenticate-middleware" import { validateAndTransformQuery } from "../../utils/validate-query" import { AdminCreateReservation, @@ -12,11 +11,6 @@ import { import { validateAndTransformBody } from "../../utils/validate-body" export const adminReservationRoutesMiddlewares: MiddlewareRoute[] = [ - { - method: ["ALL"], - matcher: "/admin/reservations*", - middlewares: [authenticate("user", ["bearer", "session", "api-key"])], - }, { method: ["GET"], matcher: "/admin/reservations", diff --git a/packages/medusa/src/api/admin/return-reasons/middlewares.ts b/packages/medusa/src/api/admin/return-reasons/middlewares.ts index fb58cf01ef..583f7dd8b4 100644 --- a/packages/medusa/src/api/admin/return-reasons/middlewares.ts +++ b/packages/medusa/src/api/admin/return-reasons/middlewares.ts @@ -1,5 +1,4 @@ import { MiddlewareRoute } from "../../../loaders/helpers/routing/types" -import { authenticate } from "../../../utils/middlewares/authenticate-middleware" import { validateAndTransformBody } from "../../utils/validate-body" import { validateAndTransformQuery } from "../../utils/validate-query" import * as QueryConfig from "./query-config" @@ -10,11 +9,6 @@ import { } from "./validators" export const adminReturnReasonRoutesMiddlewares: MiddlewareRoute[] = [ - { - method: ["ALL"], - matcher: "/admin/return-reasons*", - middlewares: [authenticate("user", ["bearer", "session", "api-key"])], - }, { method: ["GET"], matcher: "/admin/return-reasons", diff --git a/packages/medusa/src/api/admin/returns/middlewares.ts b/packages/medusa/src/api/admin/returns/middlewares.ts index 7003dd771f..10ae43a4ee 100644 --- a/packages/medusa/src/api/admin/returns/middlewares.ts +++ b/packages/medusa/src/api/admin/returns/middlewares.ts @@ -1,5 +1,4 @@ import { MiddlewareRoute } from "../../../loaders/helpers/routing/types" -import { authenticate } from "../../../utils/middlewares/authenticate-middleware" import { validateAndTransformBody } from "../../utils/validate-body" import { validateAndTransformQuery } from "../../utils/validate-query" import * as QueryConfig from "./query-config" @@ -10,11 +9,6 @@ import { } from "./validators" export const adminOrderRoutesMiddlewares: MiddlewareRoute[] = [ - { - method: ["ALL"], - matcher: "/admin/returns*", - middlewares: [authenticate("user", ["bearer", "session", "api-key"])], - }, { method: ["GET"], matcher: "/admin/returns", diff --git a/packages/medusa/src/api/admin/sales-channels/middlewares.ts b/packages/medusa/src/api/admin/sales-channels/middlewares.ts index 6c3c856965..dc47f29391 100644 --- a/packages/medusa/src/api/admin/sales-channels/middlewares.ts +++ b/packages/medusa/src/api/admin/sales-channels/middlewares.ts @@ -1,5 +1,4 @@ import { MiddlewareRoute } from "../../../loaders/helpers/routing/types" -import { authenticate } from "../../../utils/middlewares/authenticate-middleware" import { maybeApplyLinkFilter } from "../../utils/maybe-apply-link-filter" import { validateAndTransformBody } from "../../utils/validate-body" import { validateAndTransformQuery } from "../../utils/validate-query" @@ -13,11 +12,6 @@ import { } from "./validators" export const adminSalesChannelRoutesMiddlewares: MiddlewareRoute[] = [ - { - method: ["ALL"], - matcher: "/admin/sales-channels*", - middlewares: [authenticate("user", ["bearer", "session", "api-key"])], - }, { method: ["GET"], matcher: "/admin/sales-channels", diff --git a/packages/medusa/src/api/admin/shipping-options/middlewares.ts b/packages/medusa/src/api/admin/shipping-options/middlewares.ts index ff6714a6f5..b8b3f62270 100644 --- a/packages/medusa/src/api/admin/shipping-options/middlewares.ts +++ b/packages/medusa/src/api/admin/shipping-options/middlewares.ts @@ -1,5 +1,4 @@ import { MiddlewareRoute } from "../../../loaders/helpers/routing/types" -import { authenticate } from "../../../utils/middlewares/authenticate-middleware" import { AdminCreateShippingOption, AdminCreateShippingOptionRule, @@ -19,10 +18,6 @@ import { validateAndTransformQuery } from "../../utils/validate-query" import { createBatchBody } from "../../utils/validators" export const adminShippingOptionRoutesMiddlewares: MiddlewareRoute[] = [ - { - matcher: "/admin/shipping-options*", - middlewares: [authenticate("user", ["bearer", "session"])], - }, { method: ["GET"], matcher: "/admin/shipping-options", diff --git a/packages/medusa/src/api/admin/shipping-profiles/middlewares.ts b/packages/medusa/src/api/admin/shipping-profiles/middlewares.ts index d5337bdb3f..1707527e3b 100644 --- a/packages/medusa/src/api/admin/shipping-profiles/middlewares.ts +++ b/packages/medusa/src/api/admin/shipping-profiles/middlewares.ts @@ -1,5 +1,4 @@ import { MiddlewareRoute } from "../../../loaders/helpers/routing/types" -import { authenticate } from "../../../utils/middlewares/authenticate-middleware" import { validateAndTransformBody } from "../../utils/validate-body" import { validateAndTransformQuery } from "../../utils/validate-query" import { @@ -13,10 +12,6 @@ import { } from "./validators" export const adminShippingProfilesMiddlewares: MiddlewareRoute[] = [ - { - matcher: "/admin/shipping-profiles*", - middlewares: [authenticate("user", ["bearer", "session", "api-key"])], - }, { method: ["POST"], matcher: "/admin/shipping-profiles", diff --git a/packages/medusa/src/api/admin/stock-locations/middlewares.ts b/packages/medusa/src/api/admin/stock-locations/middlewares.ts index 47be848d4b..e988594ccb 100644 --- a/packages/medusa/src/api/admin/stock-locations/middlewares.ts +++ b/packages/medusa/src/api/admin/stock-locations/middlewares.ts @@ -1,5 +1,4 @@ import { MiddlewareRoute } from "../../../types/middlewares" -import { authenticate } from "../../../utils/middlewares/authenticate-middleware" import { maybeApplyLinkFilter } from "../../utils/maybe-apply-link-filter" import { validateAndTransformBody } from "../../utils/validate-body" import { validateAndTransformQuery } from "../../utils/validate-query" @@ -14,11 +13,6 @@ import { } from "./validators" export const adminStockLocationRoutesMiddlewares: MiddlewareRoute[] = [ - { - method: "ALL", - matcher: "/admin/stock-locations*", - middlewares: [authenticate("user", ["session", "bearer", "api-key"])], - }, { method: ["POST"], matcher: "/admin/stock-locations", diff --git a/packages/medusa/src/api/admin/stores/middlewares.ts b/packages/medusa/src/api/admin/stores/middlewares.ts index 2cbe8ba001..6403733079 100644 --- a/packages/medusa/src/api/admin/stores/middlewares.ts +++ b/packages/medusa/src/api/admin/stores/middlewares.ts @@ -1,5 +1,4 @@ import { MiddlewareRoute } from "../../../loaders/helpers/routing/types" -import { authenticate } from "../../../utils/middlewares/authenticate-middleware" import { validateAndTransformBody } from "../../utils/validate-body" import { validateAndTransformQuery } from "../../utils/validate-query" import * as QueryConfig from "./query-config" @@ -10,11 +9,6 @@ import { } from "./validators" export const adminStoreRoutesMiddlewares: MiddlewareRoute[] = [ - { - method: ["ALL"], - matcher: "/admin/stores*", - middlewares: [authenticate("user", ["bearer", "session", "api-key"])], - }, { method: ["GET"], matcher: "/admin/stores", diff --git a/packages/medusa/src/api/admin/tax-rates/middlewares.ts b/packages/medusa/src/api/admin/tax-rates/middlewares.ts index d637b72295..23ecfcfc1d 100644 --- a/packages/medusa/src/api/admin/tax-rates/middlewares.ts +++ b/packages/medusa/src/api/admin/tax-rates/middlewares.ts @@ -10,15 +10,9 @@ import { } from "./validators" import { MiddlewareRoute } from "../../../loaders/helpers/routing/types" -import { authenticate } from "../../../utils/middlewares/authenticate-middleware" import { validateAndTransformBody } from "../../utils/validate-body" export const adminTaxRateRoutesMiddlewares: MiddlewareRoute[] = [ - { - method: "ALL", - matcher: "/admin/tax-rates*", - middlewares: [authenticate("user", ["bearer", "session", "api-key"])], - }, { method: "POST", matcher: "/admin/tax-rates", diff --git a/packages/medusa/src/api/admin/tax-regions/middlewares.ts b/packages/medusa/src/api/admin/tax-regions/middlewares.ts index ba800c7274..2fe5951bb1 100644 --- a/packages/medusa/src/api/admin/tax-regions/middlewares.ts +++ b/packages/medusa/src/api/admin/tax-regions/middlewares.ts @@ -7,16 +7,10 @@ import { } from "./validators" import { MiddlewareRoute } from "../../../loaders/helpers/routing/types" -import { authenticate } from "../../../utils/middlewares/authenticate-middleware" import { validateAndTransformBody } from "../../utils/validate-body" import { validateAndTransformQuery } from "../../utils/validate-query" export const adminTaxRegionRoutesMiddlewares: MiddlewareRoute[] = [ - { - method: ["ALL"], - matcher: "/admin/tax-regions*", - middlewares: [authenticate("user", ["bearer", "session", "api-key"])], - }, { method: "POST", matcher: "/admin/tax-regions", diff --git a/packages/medusa/src/api/admin/uploads/middlewares.ts b/packages/medusa/src/api/admin/uploads/middlewares.ts index 973c3faf1c..4d393e90f8 100644 --- a/packages/medusa/src/api/admin/uploads/middlewares.ts +++ b/packages/medusa/src/api/admin/uploads/middlewares.ts @@ -1,6 +1,5 @@ import multer from "multer" import { MiddlewareRoute } from "../../../loaders/helpers/routing/types" -import { authenticate } from "../../../utils/middlewares/authenticate-middleware" import { validateAndTransformQuery } from "../../utils/validate-query" import { retrieveUploadConfig } from "./query-config" import { AdminGetUploadParams } from "./validators" @@ -11,11 +10,6 @@ import { AdminGetUploadParams } from "./validators" const upload = multer({ storage: multer.memoryStorage() }) export const adminUploadRoutesMiddlewares: MiddlewareRoute[] = [ - { - method: ["ALL"], - matcher: "/admin/uploads*", - middlewares: [authenticate("user", ["bearer", "session", "api-key"])], - }, // TODO: There is a `/protected` route in v1 that might need a bit more thought when implementing { method: ["POST"], diff --git a/packages/medusa/src/api/admin/users/[id]/route.ts b/packages/medusa/src/api/admin/users/[id]/route.ts index 40433c212a..7c29e98f31 100644 --- a/packages/medusa/src/api/admin/users/[id]/route.ts +++ b/packages/medusa/src/api/admin/users/[id]/route.ts @@ -83,3 +83,5 @@ export const DELETE = async ( deleted: true, }) } + +export const AUTHENTICATE = false diff --git a/packages/medusa/src/api/admin/users/me/route.ts b/packages/medusa/src/api/admin/users/me/route.ts index 8ec4599bae..04288c4210 100644 --- a/packages/medusa/src/api/admin/users/me/route.ts +++ b/packages/medusa/src/api/admin/users/me/route.ts @@ -36,3 +36,5 @@ export const GET = async ( res.status(200).json({ user }) } + +export const AUTHENTICATE = false diff --git a/packages/medusa/src/api/admin/users/middlewares.ts b/packages/medusa/src/api/admin/users/middlewares.ts index 175fc4be09..6c3857219e 100644 --- a/packages/medusa/src/api/admin/users/middlewares.ts +++ b/packages/medusa/src/api/admin/users/middlewares.ts @@ -12,6 +12,8 @@ import { authenticate } from "../../../utils/middlewares/authenticate-middleware import { validateAndTransformQuery } from "../../utils/validate-query" import { validateAndTransformBody } from "../../utils/validate-body" +// TODO: Due to issues with our routing (and using router.use for applying middlewares), we have to opt-out of global auth in all routes, and then reapply it here. +// See https://medusacorp.slack.com/archives/C025KMS13SA/p1716455350491879 for details. export const adminUserRoutesMiddlewares: MiddlewareRoute[] = [ { method: ["GET"], diff --git a/packages/medusa/src/api/admin/users/route.ts b/packages/medusa/src/api/admin/users/route.ts index 60078c000c..28c7b562ed 100644 --- a/packages/medusa/src/api/admin/users/route.ts +++ b/packages/medusa/src/api/admin/users/route.ts @@ -84,3 +84,5 @@ export const POST = async ( res.status(200).json({ user, token }) } + +export const AUTHENTICATE = false diff --git a/packages/medusa/src/api/admin/workflows-executions/middlewares.ts b/packages/medusa/src/api/admin/workflows-executions/middlewares.ts index 4a00fd8dc5..3b393d41e2 100644 --- a/packages/medusa/src/api/admin/workflows-executions/middlewares.ts +++ b/packages/medusa/src/api/admin/workflows-executions/middlewares.ts @@ -8,16 +8,10 @@ import { } from "./validators" import { MiddlewareRoute } from "../../../loaders/helpers/routing/types" -import { authenticate } from "../../../utils/middlewares/authenticate-middleware" import { validateAndTransformQuery } from "../../utils/validate-query" import { validateAndTransformBody } from "../../utils/validate-body" export const adminWorkflowsExecutionsMiddlewares: MiddlewareRoute[] = [ - { - method: ["ALL"], - matcher: "/admin/workflows-executions*", - middlewares: [authenticate("user", ["bearer", "session", "api-key"])], - }, { method: ["GET"], matcher: "/admin/workflows-executions", diff --git a/packages/medusa/src/api/store/carts/middlewares.ts b/packages/medusa/src/api/store/carts/middlewares.ts index f4fe64b5bc..da5fcdc7b4 100644 --- a/packages/medusa/src/api/store/carts/middlewares.ts +++ b/packages/medusa/src/api/store/carts/middlewares.ts @@ -1,5 +1,4 @@ import { MiddlewareRoute } from "../../../loaders/helpers/routing/types" -import { authenticate } from "../../../utils/middlewares/authenticate-middleware" import { ensurePublishableKeyAndSalesChannelMatch } from "../../utils/middlewares/common/ensure-pub-key-sales-channel-match" import { maybeAttachPublishableKeyScopes } from "../../utils/middlewares/common/maybe-attach-pub-key-scopes" import { validateAndTransformBody } from "../../utils/validate-body" @@ -21,15 +20,6 @@ import { } from "./validators" export const storeCartRoutesMiddlewares: MiddlewareRoute[] = [ - { - method: "ALL", - matcher: "/store/carts*", - middlewares: [ - authenticate("customer", ["session", "bearer"], { - allowUnauthenticated: true, - }), - ], - }, { method: ["GET"], matcher: "/store/carts/:id", diff --git a/packages/medusa/src/api/store/orders/middlewares.ts b/packages/medusa/src/api/store/orders/middlewares.ts index 0504fce9bf..55f8413a44 100644 --- a/packages/medusa/src/api/store/orders/middlewares.ts +++ b/packages/medusa/src/api/store/orders/middlewares.ts @@ -20,9 +20,6 @@ export const storeOrderRoutesMiddlewares: MiddlewareRoute[] = [ method: ["GET"], matcher: "/store/orders/:id", middlewares: [ - authenticate("customer", ["session", "bearer"], { - allowUnauthenticated: true, - }), validateAndTransformQuery( StoreGetOrderParams, QueryConfig.retrieveTransformQueryConfig diff --git a/packages/medusa/src/api/store/payment-collections/middlewares.ts b/packages/medusa/src/api/store/payment-collections/middlewares.ts index 3f0b15ce73..6d01835d22 100644 --- a/packages/medusa/src/api/store/payment-collections/middlewares.ts +++ b/packages/medusa/src/api/store/payment-collections/middlewares.ts @@ -1,5 +1,4 @@ import { MiddlewareRoute } from "../../../types/middlewares" -import { authenticate } from "../../../utils/middlewares/authenticate-middleware" import { validateAndTransformBody } from "../../utils/validate-body" import { validateAndTransformQuery } from "../../utils/validate-query" import * as queryConfig from "./query-config" @@ -10,15 +9,6 @@ import { } from "./validators" export const storePaymentCollectionsMiddlewares: MiddlewareRoute[] = [ - { - method: "ALL", - matcher: "/store/payment-collections*", - middlewares: [ - authenticate("customer", ["session", "bearer"], { - allowUnauthenticated: true, - }), - ], - }, { method: ["POST"], matcher: "/store/payment-collections", diff --git a/packages/medusa/src/api/store/products/middlewares.ts b/packages/medusa/src/api/store/products/middlewares.ts index a1aab5747f..62dff73a9d 100644 --- a/packages/medusa/src/api/store/products/middlewares.ts +++ b/packages/medusa/src/api/store/products/middlewares.ts @@ -1,6 +1,5 @@ import { isPresent, ProductStatus } from "@medusajs/utils" import { MiddlewareRoute } from "../../../loaders/helpers/routing/types" -import { authenticate } from "../../../utils/middlewares/authenticate-middleware" import { maybeApplyLinkFilter } from "../../utils/maybe-apply-link-filter" import { applyDefaultFilters, @@ -15,15 +14,6 @@ import { } from "./validators" export const storeProductRoutesMiddlewares: MiddlewareRoute[] = [ - { - method: "ALL", - matcher: "/store/products*", - middlewares: [ - authenticate("customer", ["session", "bearer"], { - allowUnauthenticated: true, - }), - ], - }, { method: ["GET"], matcher: "/store/products", diff --git a/packages/medusa/src/loaders/helpers/routing/__fixtures__/routers-middleware/store/me/protected/route.ts b/packages/medusa/src/loaders/helpers/routing/__fixtures__/routers-middleware/store/customers/me/protected/route.ts similarity index 100% rename from packages/medusa/src/loaders/helpers/routing/__fixtures__/routers-middleware/store/me/protected/route.ts rename to packages/medusa/src/loaders/helpers/routing/__fixtures__/routers-middleware/store/customers/me/protected/route.ts diff --git a/packages/medusa/src/loaders/helpers/routing/__fixtures__/routers-middleware/store/me/unprotected/route.ts b/packages/medusa/src/loaders/helpers/routing/__fixtures__/routers-middleware/store/customers/me/unprotected/route.ts similarity index 100% rename from packages/medusa/src/loaders/helpers/routing/__fixtures__/routers-middleware/store/me/unprotected/route.ts rename to packages/medusa/src/loaders/helpers/routing/__fixtures__/routers-middleware/store/customers/me/unprotected/route.ts diff --git a/packages/medusa/src/loaders/helpers/routing/__fixtures__/server/index.ts b/packages/medusa/src/loaders/helpers/routing/__fixtures__/server/index.ts index 5072ccd22a..eeadd7aee2 100644 --- a/packages/medusa/src/loaders/helpers/routing/__fixtures__/server/index.ts +++ b/packages/medusa/src/loaders/helpers/routing/__fixtures__/server/index.ts @@ -123,21 +123,31 @@ export const createServer = async (rootDir) => { if (opts.adminSession) { const token = jwt.sign( { - user_id: opts.adminSession.userId || opts.adminSession.jwt?.userId, - domain: "admin", + actor_id: opts.adminSession.userId || opts.adminSession.jwt?.userId, + actor_type: "user", + app_metadata: { + user_id: + opts.adminSession.userId || opts.adminSession.jwt?.userId, + }, }, config.projectConfig.http.jwtSecret! ) headers.Authorization = `Bearer ${token}` } + if (opts.clientSession) { const token = jwt.sign( { - customer_id: + actor_id: opts.clientSession.customer_id || opts.clientSession.jwt?.customer_id, - domain: "store", + actor_type: "customer", + app_metadata: { + customer_id: + opts.clientSession.customer_id || + opts.clientSession.jwt?.customer_id, + }, }, config.projectConfig.http.jwtSecret! ) diff --git a/packages/medusa/src/loaders/helpers/routing/__tests__/index.spec.ts b/packages/medusa/src/loaders/helpers/routing/__tests__/index.spec.ts index 08a25f245f..98469ae7fb 100644 --- a/packages/medusa/src/loaders/helpers/routing/__tests__/index.spec.ts +++ b/packages/medusa/src/loaders/helpers/routing/__tests__/index.spec.ts @@ -154,34 +154,6 @@ describe("RoutesLoader", function () { expect(res.text).toBe("GET /admin/unprotected") }) - it("should return 200 when customer is authenticated", async () => { - const res = await request("GET", "/store/me/protected", { - clientSession: { - jwt: { - customer_id: "lebron", - }, - }, - }) - - expect(res.status).toBe(200) - expect(res.text).toBe("GET /store/protected") - }) - - // The authentication middleware has changed and is not automatically attached currently - it.skip("should return 401 when customer is not authenticated", async () => { - const res = await request("GET", "/store/me/protected") - - expect(res.status).toBe(401) - expect(res.text).toBe("Unauthorized") - }) - - it("should return 200 when customer route is opted out of authentication", async () => { - const res = await request("GET", "/store/me/unprotected") - - expect(res.status).toBe(200) - expect(res.text).toBe("GET /store/unprotected") - }) - it("should return the error as JSON when an error is thrown with default error handling", async () => { const res = await request("GET", "/customers/error") diff --git a/packages/medusa/src/loaders/helpers/routing/index.ts b/packages/medusa/src/loaders/helpers/routing/index.ts index 7e9b1a03f1..3f1489545c 100644 --- a/packages/medusa/src/loaders/helpers/routing/index.ts +++ b/packages/medusa/src/loaders/helpers/routing/index.ts @@ -5,7 +5,7 @@ import { type Express, json, Router, text, urlencoded } from "express" import { readdir } from "fs/promises" import { extname, join, sep } from "path" import { MedusaRequest, MedusaResponse } from "../../../types/routing" -import { errorHandler } from "../../../utils/middlewares" +import { authenticate, errorHandler } from "../../../utils/middlewares" import logger from "../../logger" import { AsyncRouteHandler, @@ -298,10 +298,6 @@ export class RoutesLoader { const config: RouteConfig = { routes: [], - shouldRequireAdminAuth: false, - shouldRequireCustomerAuth: false, - shouldAppendCustomer: false, - shouldAppendAuthCors: false, } /** @@ -313,6 +309,7 @@ export class RoutesLoader { ? (import_[AUTHTHENTICATE] as boolean) : true + config.optedOutOfAuth = !shouldRequireAuth /** * If the developer has not exported the * CORS flag we default to true. @@ -321,29 +318,24 @@ export class RoutesLoader { import_["CORS"] !== undefined ? (import_["CORS"] as boolean) : true if (route.startsWith("/admin")) { + config.routeType = "admin" if (shouldAddCors) { config.shouldAppendAdminCors = true } - - if (shouldRequireAuth) { - config.shouldRequireAdminAuth = true - } } if (route.startsWith("/store")) { - config.shouldAppendCustomer = true - + config.routeType = "store" if (shouldAddCors) { config.shouldAppendStoreCors = true } } if (route.startsWith("/auth") && shouldAddCors) { - config.shouldAppendAuthCors = true - } - - if (shouldRequireAuth && route.startsWith("/store/me")) { - config.shouldRequireCustomerAuth = shouldRequireAuth + config.routeType = "auth" + if (shouldAddCors) { + config.shouldAppendAuthCors = true + } } const handlers = Object.keys(import_).filter((key) => { @@ -587,6 +579,7 @@ export class RoutesLoader { continue } + const config = descriptor.config const routes = descriptor.config.routes /** @@ -594,7 +587,7 @@ export class RoutesLoader { * not opted out of. */ - if (descriptor.config.shouldAppendAdminCors) { + if (config.shouldAppendAdminCors) { /** * Apply the admin cors */ @@ -609,7 +602,7 @@ export class RoutesLoader { ) } - if (descriptor.config.shouldAppendAuthCors) { + if (config.shouldAppendAuthCors) { /** * Apply the auth cors */ @@ -624,7 +617,7 @@ export class RoutesLoader { ) } - if (descriptor.config.shouldAppendStoreCors) { + if (config.shouldAppendStoreCors) { /** * Apply the store cors */ @@ -639,6 +632,24 @@ export class RoutesLoader { ) } + // We only apply the auth middleware to store routes to populate the auth context. For actual authentication, users can just reapply the middleware. + if (!config.optedOutOfAuth && config.routeType === "store") { + this.router.use( + descriptor.route, + authenticate("customer", ["bearer", "session"], { + allowUnauthenticated: true, + }) + ) + } + + if (!config.optedOutOfAuth && config.routeType === "admin") { + // We probably don't want to allow access to all endpoints using an api key, but it will do until we revamp our routing. + this.router.use( + descriptor.route, + authenticate("user", ["bearer", "session", "api-key"]) + ) + } + for (const route of routes) { /** * Apply the body parser middleware if the route diff --git a/packages/medusa/src/loaders/helpers/routing/types.ts b/packages/medusa/src/loaders/helpers/routing/types.ts index 5871e386f6..09871b788f 100644 --- a/packages/medusa/src/loaders/helpers/routing/types.ts +++ b/packages/medusa/src/loaders/helpers/routing/types.ts @@ -36,9 +36,8 @@ export type RouteImplementation = { } export type RouteConfig = { - shouldRequireAdminAuth?: boolean - shouldRequireCustomerAuth?: boolean - shouldAppendCustomer?: boolean + optedOutOfAuth?: boolean + routeType?: "admin" | "store" | "auth" shouldAppendAdminCors?: boolean shouldAppendStoreCors?: boolean shouldAppendAuthCors?: boolean