From 4f2d2d8b5e7d423e242a2d7d9889f8fe75c473fe Mon Sep 17 00:00:00 2001 From: Adrien de Peretti Date: Wed, 29 Dec 2021 12:56:40 +0100 Subject: [PATCH] fix(medusa) Enforce authentication on users and invites (#953) --- packages/medusa/src/api/routes/admin/invites/index.ts | 4 ++-- packages/medusa/src/api/routes/admin/users/index.ts | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/packages/medusa/src/api/routes/admin/invites/index.ts b/packages/medusa/src/api/routes/admin/invites/index.ts index 5a1e1d301c..b72bbc1ab9 100644 --- a/packages/medusa/src/api/routes/admin/invites/index.ts +++ b/packages/medusa/src/api/routes/admin/invites/index.ts @@ -4,15 +4,15 @@ import { DeleteResponse } from "../../../../types/common" import middlewares from "../../../middlewares" import "reflect-metadata" -const route = Router() - export const unauthenticatedInviteRoutes = (app) => { + const route = Router() app.use("/invites", route) route.post("/accept", middlewares.wrap(require("./accept-invite").default)) } export default (app) => { + const route = Router() app.use("/invites", route) route.get("/", middlewares.wrap(require("./list-invites").default)) diff --git a/packages/medusa/src/api/routes/admin/users/index.ts b/packages/medusa/src/api/routes/admin/users/index.ts index 45460608f9..e45d3b74aa 100644 --- a/packages/medusa/src/api/routes/admin/users/index.ts +++ b/packages/medusa/src/api/routes/admin/users/index.ts @@ -1,11 +1,10 @@ import { Router } from "express" -import _ from "lodash" import { User } from "../../../.." import { DeleteResponse } from "../../../../types/common" import middlewares from "../../../middlewares" -const route = Router() export const unauthenticatedUserRoutes = (app) => { + const route = Router() app.use("/users", route) route.post( @@ -20,6 +19,7 @@ export const unauthenticatedUserRoutes = (app) => { } export default (app) => { + const route = Router() app.use("/users", route) route.get("/:user_id", middlewares.wrap(require("./get-user").default))