From 7bddb585420a0e1947585ce37d5fe174faa9a862 Mon Sep 17 00:00:00 2001 From: Philip Korsholm <88927411+pKorsholm@users.noreply.github.com> Date: Tue, 27 Feb 2024 13:50:18 +0800 Subject: [PATCH] feat: Update authentication middleware (#6447) * authentication middleware update * disable customer authentication * call correct feature flag method * fix authentication middleware for store/customers * fix integration tests and add middleware for admin customers * update seeders * customer groups fix * add authentication middleware for all admin endpoints * Feat(medusa, user): require authentication for invite accept (#6448) * initial invite token validation for authentication invocation * remove invite auth * remove unused import * cleanup tests * refactor to auth instead of auth_user * pr feedback * update authenticatedRequest type * update store authenticated endpoints * update routes with type * fix build * fix build * fix build * use auth middleware for api-keys --- .../__tests__/api-key/admin/api-key.spec.ts | 18 +-- .../admin/batch-add-customers.ts | 12 +- .../admin/batch-remove-customers.ts | 12 +- .../admin/create-customer-group.ts | 13 +- .../admin/delete-customer-group.ts | 12 +- .../admin/list-customer-group-customers.ts | 12 +- .../admin/list-customer-groups.spec.ts | 12 +- .../admin/retrieve-customer-group.ts | 12 +- .../admin/update-customer-group.ts | 12 +- .../admin/create-customer-addresses.ts | 12 +- .../customer/admin/create-customer.ts | 12 +- .../admin/delete-customer-address.spec.ts | 12 +- .../customer/admin/delete-customer.ts | 12 +- .../customer/admin/list-customer-addresses.ts | 12 +- .../customer/admin/list-customers.spec.ts | 12 +- .../admin/update-customer-address.spec.ts | 12 +- .../customer/admin/update-customer.ts | 12 +- .../customer/store/create-customer.spec.ts | 1 + .../__tests__/invites/accept-invite.spec.ts | 112 ++++++++++++++++++ .../promotion/admin/create-campaign.spec.ts | 11 +- .../promotion/admin/create-promotion.spec.ts | 11 +- .../promotion/admin/delete-campaign.spec.ts | 11 +- .../promotion/admin/delete-promotion.spec.ts | 11 +- .../promotion/admin/list-campaigns.spec.ts | 13 +- .../promotion/admin/list-promotions.spec.ts | 11 +- .../promotion/admin/retrieve-campaign.spec.ts | 13 +- .../admin/retrieve-promotion.spec.ts | 11 +- .../promotion/admin/update-campaign.spec.ts | 11 +- .../promotion/admin/update-promotion.spec.ts | 11 +- .../__tests__/regions/admin/regions.spec.ts | 11 +- .../__tests__/users/create-user.spec.ts | 9 +- .../__tests__/users/delete-user.spec.ts | 6 +- .../__tests__/users/list-users.spec.ts | 6 +- .../__tests__/users/retrieve-user.spec.ts | 6 +- .../__tests__/users/update-user.spec.ts | 6 +- .../__tests__/workflow-engine/tests.ts | 13 +- .../plugins/helpers/create-admin-user.ts | 2 +- integration-tests/plugins/medusa-config.js | 11 ++ .../admin/api-keys/[id]/revoke/route.ts | 17 ++- .../src/api-v2/admin/api-keys/[id]/route.ts | 29 +++-- .../src/api-v2/admin/api-keys/middlewares.ts | 20 ++-- .../medusa/src/api-v2/admin/api-keys/route.ts | 28 +++-- .../src/api-v2/admin/campaigns/[id]/route.ts | 32 +++-- .../src/api-v2/admin/campaigns/middlewares.ts | 19 +-- .../src/api-v2/admin/campaigns/route.ts | 23 +++- .../src/api-v2/admin/campaigns/validators.ts | 8 +- .../[id]/customers/batch/route.ts | 19 ++- .../[id]/customers/remove/route.ts | 18 ++- .../customer-groups/[id]/customers/route.ts | 15 ++- .../admin/customer-groups/[id]/route.ts | 31 +++-- .../admin/customer-groups/middlewares.ts | 26 ++-- .../src/api-v2/admin/customer-groups/route.ts | 25 ++-- .../[id]/addresses/[address_id]/route.ts | 31 +++-- .../admin/customers/[id]/addresses/route.ts | 22 +++- .../src/api-v2/admin/customers/[id]/route.ts | 31 +++-- .../src/api-v2/admin/customers/middlewares.ts | 22 ++-- .../src/api-v2/admin/customers/route.ts | 25 ++-- .../src/api-v2/admin/invites/[id]/route.ts | 18 ++- .../src/api-v2/admin/invites/accept/route.ts | 32 +++-- .../src/api-v2/admin/invites/middlewares.ts | 26 +++- .../medusa/src/api-v2/admin/invites/route.ts | 20 +++- .../src/api-v2/admin/promotions/[id]/route.ts | 32 +++-- .../api-v2/admin/promotions/middlewares.ts | 20 ++-- .../src/api-v2/admin/promotions/route.ts | 22 +++- .../src/api-v2/admin/regions/[id]/route.ts | 29 +++-- .../src/api-v2/admin/regions/middlewares.ts | 12 +- .../medusa/src/api-v2/admin/regions/route.ts | 26 ++-- .../src/api-v2/admin/users/[id]/route.ts | 29 +++-- .../src/api-v2/admin/users/middlewares.ts | 12 +- .../medusa/src/api-v2/admin/users/route.ts | 22 +++- .../admin/workflows-executions/[id]/route.ts | 15 ++- .../[step_id]/subscribe/route.ts | 12 +- .../[workflow_id]/[transaction_id]/route.ts | 15 ++- .../[workflow_id]/run/route.ts | 18 ++- .../[workflow_id]/steps/failure/route.ts | 19 ++- .../[workflow_id]/steps/success/route.ts | 19 ++- .../[workflow_id]/subscribe/route.ts | 15 ++- .../admin/workflows-executions/middlewares.ts | 12 +- .../admin/workflows-executions/route.ts | 15 ++- .../medusa/src/api-v2/auth/session/route.ts | 14 ++- .../src/api-v2/store/carts/[id]/route.ts | 13 +- .../medusa/src/api-v2/store/carts/route.ts | 27 +++-- .../me/addresses/[address_id]/route.ts | 40 +++++-- .../store/customers/me/addresses/route.ts | 27 +++-- .../src/api-v2/store/customers/me/route.ts | 12 +- .../src/api-v2/store/customers/middlewares.ts | 28 +++-- .../src/api-v2/store/customers/route.ts | 18 ++- .../api/middlewares/authenticate-customer.ts | 9 ++ .../src/api/middlewares/authenticate.ts | 15 ++- packages/medusa/src/types/routing.ts | 25 +++- .../src/utils/authenticate-middleware.ts | 47 +++++++- .../types/src/promotion/common/promotion.ts | 7 +- packages/user/src/services/invite.ts | 14 ++- packages/utils/src/common/container.ts | 1 + 94 files changed, 1177 insertions(+), 509 deletions(-) create mode 100644 integration-tests/plugins/__tests__/invites/accept-invite.spec.ts diff --git a/integration-tests/plugins/__tests__/api-key/admin/api-key.spec.ts b/integration-tests/plugins/__tests__/api-key/admin/api-key.spec.ts index 6375ee6beb..7c6c257581 100644 --- a/integration-tests/plugins/__tests__/api-key/admin/api-key.spec.ts +++ b/integration-tests/plugins/__tests__/api-key/admin/api-key.spec.ts @@ -1,12 +1,14 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { initDb, useDb } from "../../../../environment-helpers/use-db" + +import { ApiKeyType } from "@medusajs/utils" import { IApiKeyModuleService } from "@medusajs/types" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import adminSeeder from "../../../../helpers/admin-seeder" +import { createAdminUser } from "../../../helpers/create-admin-user" +import { getContainer } from "../../../../environment-helpers/use-container" import path from "path" import { startBootstrapApp } from "../../../../environment-helpers/bootstrap-app" import { useApi } from "../../../../environment-helpers/use-api" -import { getContainer } from "../../../../environment-helpers/use-container" -import { initDb, useDb } from "../../../../environment-helpers/use-db" -import adminSeeder from "../../../../helpers/admin-seeder" -import { ApiKeyType } from "@medusajs/utils" jest.setTimeout(50000) @@ -36,7 +38,7 @@ describe("API Keys - Admin", () => { }) beforeEach(async () => { - await adminSeeder(dbConnection) + await createAdminUser(dbConnection, adminHeaders) }) afterEach(async () => { @@ -60,7 +62,7 @@ describe("API Keys - Admin", () => { expect.objectContaining({ id: created.data.apiKey.id, title: "Test Secret Key", - created_by: "test", + created_by: "admin_user", }) ) // On create we get the token in raw form so we can store it. @@ -92,7 +94,7 @@ describe("API Keys - Admin", () => { expect(revoked.data.apiKey).toEqual( expect.objectContaining({ id: created.data.apiKey.id, - revoked_by: "test", + revoked_by: "admin_user", }) ) expect(revoked.data.apiKey.revoked_at).toBeTruthy() diff --git a/integration-tests/plugins/__tests__/customer-group/admin/batch-add-customers.ts b/integration-tests/plugins/__tests__/customer-group/admin/batch-add-customers.ts index d6fa38668d..917740c848 100644 --- a/integration-tests/plugins/__tests__/customer-group/admin/batch-add-customers.ts +++ b/integration-tests/plugins/__tests__/customer-group/admin/batch-add-customers.ts @@ -1,11 +1,13 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { initDb, useDb } from "../../../../environment-helpers/use-db" + import { ICustomerModuleService } from "@medusajs/types" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import adminSeeder from "../../../../helpers/admin-seeder" +import { createAdminUser } from "../../../helpers/create-admin-user" +import { getContainer } from "../../../../environment-helpers/use-container" import path from "path" import { startBootstrapApp } from "../../../../environment-helpers/bootstrap-app" import { useApi } from "../../../../environment-helpers/use-api" -import { getContainer } from "../../../../environment-helpers/use-container" -import { initDb, useDb } from "../../../../environment-helpers/use-db" -import adminSeeder from "../../../../helpers/admin-seeder" jest.setTimeout(50000) @@ -37,7 +39,7 @@ describe("POST /admin/customer-groups/:id/customers/batch", () => { }) beforeEach(async () => { - await adminSeeder(dbConnection) + await createAdminUser(dbConnection, adminHeaders) }) afterEach(async () => { diff --git a/integration-tests/plugins/__tests__/customer-group/admin/batch-remove-customers.ts b/integration-tests/plugins/__tests__/customer-group/admin/batch-remove-customers.ts index 1b31e38812..81ade3fc3f 100644 --- a/integration-tests/plugins/__tests__/customer-group/admin/batch-remove-customers.ts +++ b/integration-tests/plugins/__tests__/customer-group/admin/batch-remove-customers.ts @@ -1,11 +1,13 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { initDb, useDb } from "../../../../environment-helpers/use-db" + import { ICustomerModuleService } from "@medusajs/types" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import adminSeeder from "../../../../helpers/admin-seeder" +import { createAdminUser } from "../../../helpers/create-admin-user" +import { getContainer } from "../../../../environment-helpers/use-container" import path from "path" import { startBootstrapApp } from "../../../../environment-helpers/bootstrap-app" import { useApi } from "../../../../environment-helpers/use-api" -import { getContainer } from "../../../../environment-helpers/use-container" -import { initDb, useDb } from "../../../../environment-helpers/use-db" -import adminSeeder from "../../../../helpers/admin-seeder" jest.setTimeout(50000) @@ -37,7 +39,7 @@ describe("DELETE /admin/customer-groups/:id/customers/remove", () => { }) beforeEach(async () => { - await adminSeeder(dbConnection) + await createAdminUser(dbConnection, adminHeaders) }) afterEach(async () => { diff --git a/integration-tests/plugins/__tests__/customer-group/admin/create-customer-group.ts b/integration-tests/plugins/__tests__/customer-group/admin/create-customer-group.ts index 0c4fd5de01..7ee6b1b39b 100644 --- a/integration-tests/plugins/__tests__/customer-group/admin/create-customer-group.ts +++ b/integration-tests/plugins/__tests__/customer-group/admin/create-customer-group.ts @@ -1,11 +1,13 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { initDb, useDb } from "../../../../environment-helpers/use-db" + import { ICustomerModuleService } from "@medusajs/types" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import adminSeeder from "../../../../helpers/admin-seeder" +import { createAdminUser } from "../../../helpers/create-admin-user" +import { getContainer } from "../../../../environment-helpers/use-container" import path from "path" import { startBootstrapApp } from "../../../../environment-helpers/bootstrap-app" import { useApi } from "../../../../environment-helpers/use-api" -import { getContainer } from "../../../../environment-helpers/use-container" -import { initDb, useDb } from "../../../../environment-helpers/use-db" -import adminSeeder from "../../../../helpers/admin-seeder" jest.setTimeout(50000) @@ -37,7 +39,8 @@ describe("POST /admin/customer-groups", () => { }) beforeEach(async () => { - await adminSeeder(dbConnection) + await createAdminUser(dbConnection, adminHeaders) + // await adminSeeder(dbConnection) }) afterEach(async () => { diff --git a/integration-tests/plugins/__tests__/customer-group/admin/delete-customer-group.ts b/integration-tests/plugins/__tests__/customer-group/admin/delete-customer-group.ts index 106cf0272d..78b8c31b88 100644 --- a/integration-tests/plugins/__tests__/customer-group/admin/delete-customer-group.ts +++ b/integration-tests/plugins/__tests__/customer-group/admin/delete-customer-group.ts @@ -1,11 +1,13 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { initDb, useDb } from "../../../../environment-helpers/use-db" + import { ICustomerModuleService } from "@medusajs/types" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import adminSeeder from "../../../../helpers/admin-seeder" +import { createAdminUser } from "../../../helpers/create-admin-user" +import { getContainer } from "../../../../environment-helpers/use-container" import path from "path" import { startBootstrapApp } from "../../../../environment-helpers/bootstrap-app" import { useApi } from "../../../../environment-helpers/use-api" -import { getContainer } from "../../../../environment-helpers/use-container" -import { initDb, useDb } from "../../../../environment-helpers/use-db" -import adminSeeder from "../../../../helpers/admin-seeder" jest.setTimeout(50000) @@ -37,7 +39,7 @@ describe("DELETE /admin/customer-groups/:id", () => { }) beforeEach(async () => { - await adminSeeder(dbConnection) + await createAdminUser(dbConnection, adminHeaders) }) afterEach(async () => { diff --git a/integration-tests/plugins/__tests__/customer-group/admin/list-customer-group-customers.ts b/integration-tests/plugins/__tests__/customer-group/admin/list-customer-group-customers.ts index ac9dea9a60..e0f6d80b5e 100644 --- a/integration-tests/plugins/__tests__/customer-group/admin/list-customer-group-customers.ts +++ b/integration-tests/plugins/__tests__/customer-group/admin/list-customer-group-customers.ts @@ -1,11 +1,13 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { initDb, useDb } from "../../../../environment-helpers/use-db" + import { ICustomerModuleService } from "@medusajs/types" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import adminSeeder from "../../../../helpers/admin-seeder" +import { createAdminUser } from "../../../helpers/create-admin-user" +import { getContainer } from "../../../../environment-helpers/use-container" import path from "path" import { startBootstrapApp } from "../../../../environment-helpers/bootstrap-app" import { useApi } from "../../../../environment-helpers/use-api" -import { getContainer } from "../../../../environment-helpers/use-container" -import { initDb, useDb } from "../../../../environment-helpers/use-db" -import adminSeeder from "../../../../helpers/admin-seeder" jest.setTimeout(50000) @@ -37,7 +39,7 @@ describe("GET /admin/customer-groups/:id/customers", () => { }) beforeEach(async () => { - await adminSeeder(dbConnection) + await createAdminUser(dbConnection, adminHeaders) }) afterEach(async () => { diff --git a/integration-tests/plugins/__tests__/customer-group/admin/list-customer-groups.spec.ts b/integration-tests/plugins/__tests__/customer-group/admin/list-customer-groups.spec.ts index 2790bc17a9..ae67e163c2 100644 --- a/integration-tests/plugins/__tests__/customer-group/admin/list-customer-groups.spec.ts +++ b/integration-tests/plugins/__tests__/customer-group/admin/list-customer-groups.spec.ts @@ -1,11 +1,13 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { initDb, useDb } from "../../../../environment-helpers/use-db" + import { ICustomerModuleService } from "@medusajs/types" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import adminSeeder from "../../../../helpers/admin-seeder" +import { createAdminUser } from "../../../helpers/create-admin-user" +import { getContainer } from "../../../../environment-helpers/use-container" import path from "path" import { startBootstrapApp } from "../../../../environment-helpers/bootstrap-app" import { useApi } from "../../../../environment-helpers/use-api" -import { getContainer } from "../../../../environment-helpers/use-container" -import { initDb, useDb } from "../../../../environment-helpers/use-db" -import adminSeeder from "../../../../helpers/admin-seeder" jest.setTimeout(50000) @@ -37,7 +39,7 @@ describe("GET /admin/customer-groups", () => { }) beforeEach(async () => { - await adminSeeder(dbConnection) + await createAdminUser(dbConnection, adminHeaders) }) afterEach(async () => { diff --git a/integration-tests/plugins/__tests__/customer-group/admin/retrieve-customer-group.ts b/integration-tests/plugins/__tests__/customer-group/admin/retrieve-customer-group.ts index 17bfa8493d..4bd648fa1b 100644 --- a/integration-tests/plugins/__tests__/customer-group/admin/retrieve-customer-group.ts +++ b/integration-tests/plugins/__tests__/customer-group/admin/retrieve-customer-group.ts @@ -1,11 +1,13 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { initDb, useDb } from "../../../../environment-helpers/use-db" + import { ICustomerModuleService } from "@medusajs/types" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import adminSeeder from "../../../../helpers/admin-seeder" +import { createAdminUser } from "../../../helpers/create-admin-user" +import { getContainer } from "../../../../environment-helpers/use-container" import path from "path" import { startBootstrapApp } from "../../../../environment-helpers/bootstrap-app" import { useApi } from "../../../../environment-helpers/use-api" -import { getContainer } from "../../../../environment-helpers/use-container" -import { initDb, useDb } from "../../../../environment-helpers/use-db" -import adminSeeder from "../../../../helpers/admin-seeder" jest.setTimeout(50000) @@ -37,7 +39,7 @@ describe("GET /admin/customer-groups/:id", () => { }) beforeEach(async () => { - await adminSeeder(dbConnection) + await createAdminUser(dbConnection, adminHeaders) }) afterEach(async () => { diff --git a/integration-tests/plugins/__tests__/customer-group/admin/update-customer-group.ts b/integration-tests/plugins/__tests__/customer-group/admin/update-customer-group.ts index 64d28fccca..b9fb88e440 100644 --- a/integration-tests/plugins/__tests__/customer-group/admin/update-customer-group.ts +++ b/integration-tests/plugins/__tests__/customer-group/admin/update-customer-group.ts @@ -1,11 +1,13 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { initDb, useDb } from "../../../../environment-helpers/use-db" + import { ICustomerModuleService } from "@medusajs/types" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import adminSeeder from "../../../../helpers/admin-seeder" +import { createAdminUser } from "../../../helpers/create-admin-user" +import { getContainer } from "../../../../environment-helpers/use-container" import path from "path" import { startBootstrapApp } from "../../../../environment-helpers/bootstrap-app" import { useApi } from "../../../../environment-helpers/use-api" -import { getContainer } from "../../../../environment-helpers/use-container" -import { initDb, useDb } from "../../../../environment-helpers/use-db" -import adminSeeder from "../../../../helpers/admin-seeder" jest.setTimeout(50000) @@ -37,7 +39,7 @@ describe("POST /admin/customer-groups/:id", () => { }) beforeEach(async () => { - await adminSeeder(dbConnection) + await createAdminUser(dbConnection, adminHeaders) }) afterEach(async () => { diff --git a/integration-tests/plugins/__tests__/customer/admin/create-customer-addresses.ts b/integration-tests/plugins/__tests__/customer/admin/create-customer-addresses.ts index a4c18fe493..5deec17877 100644 --- a/integration-tests/plugins/__tests__/customer/admin/create-customer-addresses.ts +++ b/integration-tests/plugins/__tests__/customer/admin/create-customer-addresses.ts @@ -1,11 +1,13 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { initDb, useDb } from "../../../../environment-helpers/use-db" + import { ICustomerModuleService } from "@medusajs/types" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import adminSeeder from "../../../../helpers/admin-seeder" +import { createAdminUser } from "../../../helpers/create-admin-user" +import { getContainer } from "../../../../environment-helpers/use-container" import path from "path" import { startBootstrapApp } from "../../../../environment-helpers/bootstrap-app" import { useApi } from "../../../../environment-helpers/use-api" -import { getContainer } from "../../../../environment-helpers/use-container" -import { initDb, useDb } from "../../../../environment-helpers/use-db" -import adminSeeder from "../../../../helpers/admin-seeder" jest.setTimeout(50000) @@ -37,7 +39,7 @@ describe("POST /admin/customers/:id/addresses", () => { }) beforeEach(async () => { - await adminSeeder(dbConnection) + await createAdminUser(dbConnection, adminHeaders) }) afterEach(async () => { diff --git a/integration-tests/plugins/__tests__/customer/admin/create-customer.ts b/integration-tests/plugins/__tests__/customer/admin/create-customer.ts index a62b88615f..30e05dc05a 100644 --- a/integration-tests/plugins/__tests__/customer/admin/create-customer.ts +++ b/integration-tests/plugins/__tests__/customer/admin/create-customer.ts @@ -1,11 +1,13 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { initDb, useDb } from "../../../../environment-helpers/use-db" + import { ICustomerModuleService } from "@medusajs/types" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import adminSeeder from "../../../../helpers/admin-seeder" +import { createAdminUser } from "../../../helpers/create-admin-user" +import { getContainer } from "../../../../environment-helpers/use-container" import path from "path" import { startBootstrapApp } from "../../../../environment-helpers/bootstrap-app" import { useApi } from "../../../../environment-helpers/use-api" -import { getContainer } from "../../../../environment-helpers/use-container" -import { initDb, useDb } from "../../../../environment-helpers/use-db" -import adminSeeder from "../../../../helpers/admin-seeder" jest.setTimeout(50000) @@ -37,7 +39,7 @@ describe("POST /admin/customers", () => { }) beforeEach(async () => { - await adminSeeder(dbConnection) + await createAdminUser(dbConnection, adminHeaders) }) afterEach(async () => { diff --git a/integration-tests/plugins/__tests__/customer/admin/delete-customer-address.spec.ts b/integration-tests/plugins/__tests__/customer/admin/delete-customer-address.spec.ts index 946deec07b..0d500cd840 100644 --- a/integration-tests/plugins/__tests__/customer/admin/delete-customer-address.spec.ts +++ b/integration-tests/plugins/__tests__/customer/admin/delete-customer-address.spec.ts @@ -1,11 +1,13 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { initDb, useDb } from "../../../../environment-helpers/use-db" + import { ICustomerModuleService } from "@medusajs/types" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import adminSeeder from "../../../../helpers/admin-seeder" +import { createAdminUser } from "../../../helpers/create-admin-user" +import { getContainer } from "../../../../environment-helpers/use-container" import path from "path" import { startBootstrapApp } from "../../../../environment-helpers/bootstrap-app" import { useApi } from "../../../../environment-helpers/use-api" -import { getContainer } from "../../../../environment-helpers/use-container" -import { initDb, useDb } from "../../../../environment-helpers/use-db" -import adminSeeder from "../../../../helpers/admin-seeder" jest.setTimeout(50000) @@ -37,7 +39,7 @@ describe("DELETE /admin/customers/:id/addresses/:address_id", () => { }) beforeEach(async () => { - await adminSeeder(dbConnection) + await createAdminUser(dbConnection, adminHeaders) }) afterEach(async () => { diff --git a/integration-tests/plugins/__tests__/customer/admin/delete-customer.ts b/integration-tests/plugins/__tests__/customer/admin/delete-customer.ts index 77192b966e..f5ad2a8c1b 100644 --- a/integration-tests/plugins/__tests__/customer/admin/delete-customer.ts +++ b/integration-tests/plugins/__tests__/customer/admin/delete-customer.ts @@ -1,11 +1,13 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { initDb, useDb } from "../../../../environment-helpers/use-db" + import { ICustomerModuleService } from "@medusajs/types" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import adminSeeder from "../../../../helpers/admin-seeder" +import { createAdminUser } from "../../../helpers/create-admin-user" +import { getContainer } from "../../../../environment-helpers/use-container" import path from "path" import { startBootstrapApp } from "../../../../environment-helpers/bootstrap-app" import { useApi } from "../../../../environment-helpers/use-api" -import { getContainer } from "../../../../environment-helpers/use-container" -import { initDb, useDb } from "../../../../environment-helpers/use-db" -import adminSeeder from "../../../../helpers/admin-seeder" jest.setTimeout(50000) @@ -37,7 +39,7 @@ describe("DELETE /admin/customers/:id", () => { }) beforeEach(async () => { - await adminSeeder(dbConnection) + await createAdminUser(dbConnection, adminHeaders) }) afterEach(async () => { diff --git a/integration-tests/plugins/__tests__/customer/admin/list-customer-addresses.ts b/integration-tests/plugins/__tests__/customer/admin/list-customer-addresses.ts index 842e6f9fcd..c77564825b 100644 --- a/integration-tests/plugins/__tests__/customer/admin/list-customer-addresses.ts +++ b/integration-tests/plugins/__tests__/customer/admin/list-customer-addresses.ts @@ -1,11 +1,13 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { initDb, useDb } from "../../../../environment-helpers/use-db" + import { ICustomerModuleService } from "@medusajs/types" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import adminSeeder from "../../../../helpers/admin-seeder" +import { createAdminUser } from "../../../helpers/create-admin-user" +import { getContainer } from "../../../../environment-helpers/use-container" import path from "path" import { startBootstrapApp } from "../../../../environment-helpers/bootstrap-app" import { useApi } from "../../../../environment-helpers/use-api" -import { getContainer } from "../../../../environment-helpers/use-container" -import { initDb, useDb } from "../../../../environment-helpers/use-db" -import adminSeeder from "../../../../helpers/admin-seeder" jest.setTimeout(50000) @@ -37,7 +39,7 @@ describe("GET /admin/customers/:id/addresses", () => { }) beforeEach(async () => { - await adminSeeder(dbConnection) + await createAdminUser(dbConnection, adminHeaders) }) afterEach(async () => { diff --git a/integration-tests/plugins/__tests__/customer/admin/list-customers.spec.ts b/integration-tests/plugins/__tests__/customer/admin/list-customers.spec.ts index a1e9aac30f..5c91af3337 100644 --- a/integration-tests/plugins/__tests__/customer/admin/list-customers.spec.ts +++ b/integration-tests/plugins/__tests__/customer/admin/list-customers.spec.ts @@ -1,11 +1,13 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { initDb, useDb } from "../../../../environment-helpers/use-db" + import { ICustomerModuleService } from "@medusajs/types" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import adminSeeder from "../../../../helpers/admin-seeder" +import { createAdminUser } from "../../../helpers/create-admin-user" +import { getContainer } from "../../../../environment-helpers/use-container" import path from "path" import { startBootstrapApp } from "../../../../environment-helpers/bootstrap-app" import { useApi } from "../../../../environment-helpers/use-api" -import { getContainer } from "../../../../environment-helpers/use-container" -import { initDb, useDb } from "../../../../environment-helpers/use-db" -import adminSeeder from "../../../../helpers/admin-seeder" jest.setTimeout(50000) @@ -37,7 +39,7 @@ describe("GET /admin/customers", () => { }) beforeEach(async () => { - await adminSeeder(dbConnection) + await createAdminUser(dbConnection, adminHeaders) }) afterEach(async () => { diff --git a/integration-tests/plugins/__tests__/customer/admin/update-customer-address.spec.ts b/integration-tests/plugins/__tests__/customer/admin/update-customer-address.spec.ts index b78c17a002..2c42cdc33f 100644 --- a/integration-tests/plugins/__tests__/customer/admin/update-customer-address.spec.ts +++ b/integration-tests/plugins/__tests__/customer/admin/update-customer-address.spec.ts @@ -1,11 +1,13 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { initDb, useDb } from "../../../../environment-helpers/use-db" + import { ICustomerModuleService } from "@medusajs/types" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import adminSeeder from "../../../../helpers/admin-seeder" +import { createAdminUser } from "../../../helpers/create-admin-user" +import { getContainer } from "../../../../environment-helpers/use-container" import path from "path" import { startBootstrapApp } from "../../../../environment-helpers/bootstrap-app" import { useApi } from "../../../../environment-helpers/use-api" -import { getContainer } from "../../../../environment-helpers/use-container" -import { initDb, useDb } from "../../../../environment-helpers/use-db" -import adminSeeder from "../../../../helpers/admin-seeder" jest.setTimeout(50000) @@ -37,7 +39,7 @@ describe("POST /admin/customers/:id/addresses/:address_id", () => { }) beforeEach(async () => { - await adminSeeder(dbConnection) + await createAdminUser(dbConnection, adminHeaders) }) afterEach(async () => { diff --git a/integration-tests/plugins/__tests__/customer/admin/update-customer.ts b/integration-tests/plugins/__tests__/customer/admin/update-customer.ts index 4aeda967bf..0c956e9e32 100644 --- a/integration-tests/plugins/__tests__/customer/admin/update-customer.ts +++ b/integration-tests/plugins/__tests__/customer/admin/update-customer.ts @@ -1,11 +1,13 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { initDb, useDb } from "../../../../environment-helpers/use-db" + import { ICustomerModuleService } from "@medusajs/types" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import adminSeeder from "../../../../helpers/admin-seeder" +import { createAdminUser } from "../../../helpers/create-admin-user" +import { getContainer } from "../../../../environment-helpers/use-container" import path from "path" import { startBootstrapApp } from "../../../../environment-helpers/bootstrap-app" import { useApi } from "../../../../environment-helpers/use-api" -import { getContainer } from "../../../../environment-helpers/use-container" -import { initDb, useDb } from "../../../../environment-helpers/use-db" -import adminSeeder from "../../../../helpers/admin-seeder" jest.setTimeout(50000) @@ -37,7 +39,7 @@ describe("POST /admin/customers/:id", () => { }) beforeEach(async () => { - await adminSeeder(dbConnection) + await createAdminUser(dbConnection, adminHeaders) }) afterEach(async () => { diff --git a/integration-tests/plugins/__tests__/customer/store/create-customer.spec.ts b/integration-tests/plugins/__tests__/customer/store/create-customer.spec.ts index b196c6cd9d..ae1f6c0576 100644 --- a/integration-tests/plugins/__tests__/customer/store/create-customer.spec.ts +++ b/integration-tests/plugins/__tests__/customer/store/create-customer.spec.ts @@ -3,6 +3,7 @@ import { initDb, useDb } from "../../../../environment-helpers/use-db" import { ModuleRegistrationName } from "@medusajs/modules-sdk" import adminSeeder from "../../../../helpers/admin-seeder" +import { createAdminUser } from "../../../helpers/create-admin-user" import { getContainer } from "../../../../environment-helpers/use-container" import jwt from "jsonwebtoken" import path from "path" diff --git a/integration-tests/plugins/__tests__/invites/accept-invite.spec.ts b/integration-tests/plugins/__tests__/invites/accept-invite.spec.ts new file mode 100644 index 0000000000..02e56d759f --- /dev/null +++ b/integration-tests/plugins/__tests__/invites/accept-invite.spec.ts @@ -0,0 +1,112 @@ +import { IAuthModuleService, IUserModuleService } from "@medusajs/types" +import { initDb, useDb } from "../../../environment-helpers/use-db" + +import { AxiosInstance } from "axios" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { createAdminUser } from "../../helpers/create-admin-user" +import { getContainer } from "../../../environment-helpers/use-container" +import path from "path" +import { startBootstrapApp } from "../../../environment-helpers/bootstrap-app" +import { useApi } from "../../../environment-helpers/use-api" + +jest.setTimeout(50000) + +const env = { MEDUSA_FF_MEDUSA_V2: true } +const adminHeaders = { + headers: { "x-medusa-access-token": "test_token" }, +} + +describe("GET /admin/invites/:id", () => { + let dbConnection + let appContainer + let shutdownServer + let userModuleService: IUserModuleService + + beforeAll(async () => { + const cwd = path.resolve(path.join(__dirname, "..", "..")) + dbConnection = await initDb({ cwd, env } as any) + shutdownServer = await startBootstrapApp({ cwd, env }) + appContainer = getContainer() + userModuleService = appContainer.resolve(ModuleRegistrationName.USER) + }) + + beforeEach(async () => { + await createAdminUser(dbConnection, adminHeaders) + }) + + afterAll(async () => { + const db = useDb() + await db.shutdown() + await shutdownServer() + }) + + afterEach(async () => { + const db = useDb() + await db.teardown() + }) + + it("should fail to accept an invite with an invalid invite token", async () => { + const api = useApi()! as AxiosInstance + + const authResponse = await api.post(`/auth/admin/emailpass`, { + email: "potential_member@test.com", + password: "supersecret", + }) + + expect(authResponse.status).toEqual(200) + const token = authResponse.data.token + + const acceptResponse = await api + .post( + `/admin/invites/accept?token=${"non-existing-token"}`, + { + first_name: "John", + }, + { + headers: { + Authorization: `Bearer ${token}`, + }, + } + ) + .catch((e) => e) + + expect(acceptResponse.response.status).toEqual(401) + expect(acceptResponse.response.data.message).toEqual("Unauthorized") + }) + + it("should accept an invite", async () => { + const invite = await userModuleService.createInvites({ + email: "potential_member@test.com", + }) + + const api = useApi()! as AxiosInstance + + const authResponse = await api.post(`/auth/admin/emailpass`, { + email: "potential_member@test.com", + password: "supersecret", + }) + + expect(authResponse.status).toEqual(200) + const token = authResponse.data.token + + const acceptResponse = await api.post( + `/admin/invites/accept?token=${invite.token}`, + { + first_name: "John", + }, + { + headers: { + Authorization: `Bearer ${token}`, + }, + } + ) + + expect(acceptResponse.status).toEqual(200) + expect(acceptResponse.data.user).toEqual( + expect.objectContaining({ + email: "potential_member@test.com", + first_name: "John", + }) + ) + }) +}) diff --git a/integration-tests/plugins/__tests__/promotion/admin/create-campaign.spec.ts b/integration-tests/plugins/__tests__/promotion/admin/create-campaign.spec.ts index 023a6001a8..e1ce4200e0 100644 --- a/integration-tests/plugins/__tests__/promotion/admin/create-campaign.spec.ts +++ b/integration-tests/plugins/__tests__/promotion/admin/create-campaign.spec.ts @@ -1,11 +1,12 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { initDb, useDb } from "../../../../environment-helpers/use-db" + import { IPromotionModuleService } from "@medusajs/types" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { createAdminUser } from "../../../helpers/create-admin-user" +import { getContainer } from "../../../../environment-helpers/use-container" import path from "path" import { startBootstrapApp } from "../../../../environment-helpers/bootstrap-app" import { useApi } from "../../../../environment-helpers/use-api" -import { getContainer } from "../../../../environment-helpers/use-container" -import { initDb, useDb } from "../../../../environment-helpers/use-db" -import adminSeeder from "../../../../helpers/admin-seeder" jest.setTimeout(50000) @@ -37,7 +38,7 @@ describe("POST /admin/campaigns", () => { }) beforeEach(async () => { - await adminSeeder(dbConnection) + await createAdminUser(dbConnection, adminHeaders) }) afterEach(async () => { diff --git a/integration-tests/plugins/__tests__/promotion/admin/create-promotion.spec.ts b/integration-tests/plugins/__tests__/promotion/admin/create-promotion.spec.ts index 25045c206b..b105e08c9f 100644 --- a/integration-tests/plugins/__tests__/promotion/admin/create-promotion.spec.ts +++ b/integration-tests/plugins/__tests__/promotion/admin/create-promotion.spec.ts @@ -1,12 +1,13 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { initDb, useDb } from "../../../../environment-helpers/use-db" + import { IPromotionModuleService } from "@medusajs/types" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" import { PromotionType } from "@medusajs/utils" +import { createAdminUser } from "../../../helpers/create-admin-user" +import { getContainer } from "../../../../environment-helpers/use-container" import path from "path" import { startBootstrapApp } from "../../../../environment-helpers/bootstrap-app" import { useApi } from "../../../../environment-helpers/use-api" -import { getContainer } from "../../../../environment-helpers/use-container" -import { initDb, useDb } from "../../../../environment-helpers/use-db" -import adminSeeder from "../../../../helpers/admin-seeder" jest.setTimeout(50000) @@ -38,7 +39,7 @@ describe("POST /admin/promotions", () => { }) beforeEach(async () => { - await adminSeeder(dbConnection) + await createAdminUser(dbConnection, adminHeaders) }) afterEach(async () => { diff --git a/integration-tests/plugins/__tests__/promotion/admin/delete-campaign.spec.ts b/integration-tests/plugins/__tests__/promotion/admin/delete-campaign.spec.ts index 47c215129e..055b223b58 100644 --- a/integration-tests/plugins/__tests__/promotion/admin/delete-campaign.spec.ts +++ b/integration-tests/plugins/__tests__/promotion/admin/delete-campaign.spec.ts @@ -1,11 +1,12 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { initDb, useDb } from "../../../../environment-helpers/use-db" + import { IPromotionModuleService } from "@medusajs/types" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { createAdminUser } from "../../../helpers/create-admin-user" +import { getContainer } from "../../../../environment-helpers/use-container" import path from "path" import { startBootstrapApp } from "../../../../environment-helpers/bootstrap-app" import { useApi } from "../../../../environment-helpers/use-api" -import { getContainer } from "../../../../environment-helpers/use-container" -import { initDb, useDb } from "../../../../environment-helpers/use-db" -import adminSeeder from "../../../../helpers/admin-seeder" jest.setTimeout(50000) @@ -37,7 +38,7 @@ describe("DELETE /admin/campaigns/:id", () => { }) beforeEach(async () => { - await adminSeeder(dbConnection) + await createAdminUser(dbConnection, adminHeaders) }) afterEach(async () => { diff --git a/integration-tests/plugins/__tests__/promotion/admin/delete-promotion.spec.ts b/integration-tests/plugins/__tests__/promotion/admin/delete-promotion.spec.ts index 2c66f0ab0f..882ea3c3f7 100644 --- a/integration-tests/plugins/__tests__/promotion/admin/delete-promotion.spec.ts +++ b/integration-tests/plugins/__tests__/promotion/admin/delete-promotion.spec.ts @@ -1,11 +1,12 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { initDb, useDb } from "../../../../environment-helpers/use-db" + import { IPromotionModuleService } from "@medusajs/types" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { createAdminUser } from "../../../helpers/create-admin-user" +import { getContainer } from "../../../../environment-helpers/use-container" import path from "path" import { startBootstrapApp } from "../../../../environment-helpers/bootstrap-app" import { useApi } from "../../../../environment-helpers/use-api" -import { getContainer } from "../../../../environment-helpers/use-container" -import { initDb, useDb } from "../../../../environment-helpers/use-db" -import adminSeeder from "../../../../helpers/admin-seeder" jest.setTimeout(50000) @@ -37,7 +38,7 @@ describe("DELETE /admin/promotions/:id", () => { }) beforeEach(async () => { - await adminSeeder(dbConnection) + await createAdminUser(dbConnection, adminHeaders) }) afterEach(async () => { diff --git a/integration-tests/plugins/__tests__/promotion/admin/list-campaigns.spec.ts b/integration-tests/plugins/__tests__/promotion/admin/list-campaigns.spec.ts index 0d3b273433..8e3a4106bb 100644 --- a/integration-tests/plugins/__tests__/promotion/admin/list-campaigns.spec.ts +++ b/integration-tests/plugins/__tests__/promotion/admin/list-campaigns.spec.ts @@ -1,12 +1,13 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" -import { IPromotionModuleService } from "@medusajs/types" +import { initDb, useDb } from "../../../../environment-helpers/use-db" + import { CampaignBudgetType } from "@medusajs/utils" +import { IPromotionModuleService } from "@medusajs/types" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { createAdminUser } from "../../../helpers/create-admin-user" +import { getContainer } from "../../../../environment-helpers/use-container" import path from "path" import { startBootstrapApp } from "../../../../environment-helpers/bootstrap-app" import { useApi } from "../../../../environment-helpers/use-api" -import { getContainer } from "../../../../environment-helpers/use-container" -import { initDb, useDb } from "../../../../environment-helpers/use-db" -import adminSeeder from "../../../../helpers/admin-seeder" jest.setTimeout(50000) @@ -69,7 +70,7 @@ describe("GET /admin/campaigns", () => { }) beforeEach(async () => { - await adminSeeder(dbConnection) + await createAdminUser(dbConnection, adminHeaders) await promotionModuleService.createCampaigns(campaignsData) }) diff --git a/integration-tests/plugins/__tests__/promotion/admin/list-promotions.spec.ts b/integration-tests/plugins/__tests__/promotion/admin/list-promotions.spec.ts index efb7bad3e9..6c2ac133ff 100644 --- a/integration-tests/plugins/__tests__/promotion/admin/list-promotions.spec.ts +++ b/integration-tests/plugins/__tests__/promotion/admin/list-promotions.spec.ts @@ -1,12 +1,13 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { initDb, useDb } from "../../../../environment-helpers/use-db" + import { IPromotionModuleService } from "@medusajs/types" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" import { PromotionType } from "@medusajs/utils" +import { createAdminUser } from "../../../helpers/create-admin-user" +import { getContainer } from "../../../../environment-helpers/use-container" import path from "path" import { startBootstrapApp } from "../../../../environment-helpers/bootstrap-app" import { useApi } from "../../../../environment-helpers/use-api" -import { getContainer } from "../../../../environment-helpers/use-container" -import { initDb, useDb } from "../../../../environment-helpers/use-db" -import adminSeeder from "../../../../helpers/admin-seeder" jest.setTimeout(50000) @@ -38,7 +39,7 @@ describe("GET /admin/promotions", () => { }) beforeEach(async () => { - await adminSeeder(dbConnection) + await createAdminUser(dbConnection, adminHeaders) }) afterEach(async () => { diff --git a/integration-tests/plugins/__tests__/promotion/admin/retrieve-campaign.spec.ts b/integration-tests/plugins/__tests__/promotion/admin/retrieve-campaign.spec.ts index 34a9ae5335..aa96fa29cc 100644 --- a/integration-tests/plugins/__tests__/promotion/admin/retrieve-campaign.spec.ts +++ b/integration-tests/plugins/__tests__/promotion/admin/retrieve-campaign.spec.ts @@ -1,12 +1,13 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" -import { IPromotionModuleService } from "@medusajs/types" +import { initDb, useDb } from "../../../../environment-helpers/use-db" + import { CampaignBudgetType } from "@medusajs/utils" +import { IPromotionModuleService } from "@medusajs/types" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { createAdminUser } from "../../../helpers/create-admin-user" +import { getContainer } from "../../../../environment-helpers/use-container" import path from "path" import { startBootstrapApp } from "../../../../environment-helpers/bootstrap-app" import { useApi } from "../../../../environment-helpers/use-api" -import { getContainer } from "../../../../environment-helpers/use-container" -import { initDb, useDb } from "../../../../environment-helpers/use-db" -import adminSeeder from "../../../../helpers/admin-seeder" jest.setTimeout(50000) @@ -52,7 +53,7 @@ describe("GET /admin/campaigns", () => { }) beforeEach(async () => { - await adminSeeder(dbConnection) + await createAdminUser(dbConnection, adminHeaders) }) afterEach(async () => { diff --git a/integration-tests/plugins/__tests__/promotion/admin/retrieve-promotion.spec.ts b/integration-tests/plugins/__tests__/promotion/admin/retrieve-promotion.spec.ts index 5bc354a399..75590b6235 100644 --- a/integration-tests/plugins/__tests__/promotion/admin/retrieve-promotion.spec.ts +++ b/integration-tests/plugins/__tests__/promotion/admin/retrieve-promotion.spec.ts @@ -1,12 +1,13 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { initDb, useDb } from "../../../../environment-helpers/use-db" + import { IPromotionModuleService } from "@medusajs/types" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" import { PromotionType } from "@medusajs/utils" +import { createAdminUser } from "../../../helpers/create-admin-user" +import { getContainer } from "../../../../environment-helpers/use-container" import path from "path" import { startBootstrapApp } from "../../../../environment-helpers/bootstrap-app" import { useApi } from "../../../../environment-helpers/use-api" -import { getContainer } from "../../../../environment-helpers/use-container" -import { initDb, useDb } from "../../../../environment-helpers/use-db" -import adminSeeder from "../../../../helpers/admin-seeder" jest.setTimeout(50000) @@ -38,7 +39,7 @@ describe("GET /admin/promotions", () => { }) beforeEach(async () => { - await adminSeeder(dbConnection) + await createAdminUser(dbConnection, adminHeaders) }) afterEach(async () => { diff --git a/integration-tests/plugins/__tests__/promotion/admin/update-campaign.spec.ts b/integration-tests/plugins/__tests__/promotion/admin/update-campaign.spec.ts index 487f0488fa..c7e1e6f132 100644 --- a/integration-tests/plugins/__tests__/promotion/admin/update-campaign.spec.ts +++ b/integration-tests/plugins/__tests__/promotion/admin/update-campaign.spec.ts @@ -1,11 +1,12 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { initDb, useDb } from "../../../../environment-helpers/use-db" + import { IPromotionModuleService } from "@medusajs/types" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { createAdminUser } from "../../../helpers/create-admin-user" +import { getContainer } from "../../../../environment-helpers/use-container" import path from "path" import { startBootstrapApp } from "../../../../environment-helpers/bootstrap-app" import { useApi } from "../../../../environment-helpers/use-api" -import { getContainer } from "../../../../environment-helpers/use-container" -import { initDb, useDb } from "../../../../environment-helpers/use-db" -import adminSeeder from "../../../../helpers/admin-seeder" jest.setTimeout(50000) @@ -37,7 +38,7 @@ describe("POST /admin/campaigns/:id", () => { }) beforeEach(async () => { - await adminSeeder(dbConnection) + await createAdminUser(dbConnection, adminHeaders) }) afterEach(async () => { diff --git a/integration-tests/plugins/__tests__/promotion/admin/update-promotion.spec.ts b/integration-tests/plugins/__tests__/promotion/admin/update-promotion.spec.ts index 28b04e77f4..3b3241a488 100644 --- a/integration-tests/plugins/__tests__/promotion/admin/update-promotion.spec.ts +++ b/integration-tests/plugins/__tests__/promotion/admin/update-promotion.spec.ts @@ -1,12 +1,13 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { initDb, useDb } from "../../../../environment-helpers/use-db" + import { IPromotionModuleService } from "@medusajs/types" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" import { PromotionType } from "@medusajs/utils" +import { createAdminUser } from "../../../helpers/create-admin-user" +import { getContainer } from "../../../../environment-helpers/use-container" import path from "path" import { startBootstrapApp } from "../../../../environment-helpers/bootstrap-app" import { useApi } from "../../../../environment-helpers/use-api" -import { getContainer } from "../../../../environment-helpers/use-container" -import { initDb, useDb } from "../../../../environment-helpers/use-db" -import adminSeeder from "../../../../helpers/admin-seeder" jest.setTimeout(50000) @@ -38,7 +39,7 @@ describe("POST /admin/promotions/:id", () => { }) beforeEach(async () => { - await adminSeeder(dbConnection) + await createAdminUser(dbConnection, adminHeaders) }) afterEach(async () => { diff --git a/integration-tests/plugins/__tests__/regions/admin/regions.spec.ts b/integration-tests/plugins/__tests__/regions/admin/regions.spec.ts index 33862a1a22..e3f0f71ce2 100644 --- a/integration-tests/plugins/__tests__/regions/admin/regions.spec.ts +++ b/integration-tests/plugins/__tests__/regions/admin/regions.spec.ts @@ -1,11 +1,12 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { initDb, useDb } from "../../../../environment-helpers/use-db" + import { IRegionModuleService } from "@medusajs/types" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { createAdminUser } from "../../../helpers/create-admin-user" +import { getContainer } from "../../../../environment-helpers/use-container" import path from "path" import { startBootstrapApp } from "../../../../environment-helpers/bootstrap-app" import { useApi } from "../../../../environment-helpers/use-api" -import { getContainer } from "../../../../environment-helpers/use-container" -import { initDb, useDb } from "../../../../environment-helpers/use-db" -import adminSeeder from "../../../../helpers/admin-seeder" jest.setTimeout(50000) @@ -35,7 +36,7 @@ describe("Regions - Admin", () => { }) beforeEach(async () => { - await adminSeeder(dbConnection) + await createAdminUser(dbConnection, adminHeaders) await service.createDefaultCountriesAndCurrencies() }) diff --git a/integration-tests/plugins/__tests__/users/create-user.spec.ts b/integration-tests/plugins/__tests__/users/create-user.spec.ts index 9776700e5f..c80b351a71 100644 --- a/integration-tests/plugins/__tests__/users/create-user.spec.ts +++ b/integration-tests/plugins/__tests__/users/create-user.spec.ts @@ -1,13 +1,10 @@ import { initDb, useDb } from "../../../environment-helpers/use-db" -import { IUserModuleService } from "@medusajs/types" -import { ModuleRegistrationName } from "@medusajs/modules-sdk" -import { getContainer } from "../../../environment-helpers/use-container" +import { AxiosInstance } from "axios" +import { createAdminUser } from "../../helpers/create-admin-user" import path from "path" import { startBootstrapApp } from "../../../environment-helpers/bootstrap-app" import { useApi } from "../../../environment-helpers/use-api" -import adminSeeder from "../../../helpers/admin-seeder" -import { AxiosInstance } from "axios" jest.setTimeout(50000) @@ -27,7 +24,7 @@ describe("POST /admin/users", () => { }) beforeEach(async () => { - await adminSeeder(dbConnection) + await createAdminUser(dbConnection, adminHeaders) }) afterAll(async () => { diff --git a/integration-tests/plugins/__tests__/users/delete-user.spec.ts b/integration-tests/plugins/__tests__/users/delete-user.spec.ts index 30d6cb4b23..80e7300c60 100644 --- a/integration-tests/plugins/__tests__/users/delete-user.spec.ts +++ b/integration-tests/plugins/__tests__/users/delete-user.spec.ts @@ -1,13 +1,13 @@ import { initDb, useDb } from "../../../environment-helpers/use-db" +import { AxiosInstance } from "axios" import { IUserModuleService } from "@medusajs/types" import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { createAdminUser } from "../../helpers/create-admin-user" import { getContainer } from "../../../environment-helpers/use-container" import path from "path" import { startBootstrapApp } from "../../../environment-helpers/bootstrap-app" import { useApi } from "../../../environment-helpers/use-api" -import adminSeeder from "../../../helpers/admin-seeder" -import { AxiosInstance } from "axios" jest.setTimeout(50000) @@ -31,7 +31,7 @@ describe("DELETE /admin/users/:id", () => { }) beforeEach(async () => { - await adminSeeder(dbConnection) + await createAdminUser(dbConnection, adminHeaders) }) afterAll(async () => { diff --git a/integration-tests/plugins/__tests__/users/list-users.spec.ts b/integration-tests/plugins/__tests__/users/list-users.spec.ts index a4144d3756..272ce4e7ce 100644 --- a/integration-tests/plugins/__tests__/users/list-users.spec.ts +++ b/integration-tests/plugins/__tests__/users/list-users.spec.ts @@ -1,13 +1,13 @@ import { initDb, useDb } from "../../../environment-helpers/use-db" +import { AxiosInstance } from "axios" import { IUserModuleService } from "@medusajs/types" import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { createAdminUser } from "../../helpers/create-admin-user" import { getContainer } from "../../../environment-helpers/use-container" import path from "path" import { startBootstrapApp } from "../../../environment-helpers/bootstrap-app" import { useApi } from "../../../environment-helpers/use-api" -import adminSeeder from "../../../helpers/admin-seeder" -import { AxiosInstance } from "axios" jest.setTimeout(50000) @@ -31,7 +31,7 @@ describe("GET /admin/users", () => { }) beforeEach(async () => { - await adminSeeder(dbConnection) + await createAdminUser(dbConnection, adminHeaders) }) afterAll(async () => { diff --git a/integration-tests/plugins/__tests__/users/retrieve-user.spec.ts b/integration-tests/plugins/__tests__/users/retrieve-user.spec.ts index fc6b8f14ca..05c733f7bb 100644 --- a/integration-tests/plugins/__tests__/users/retrieve-user.spec.ts +++ b/integration-tests/plugins/__tests__/users/retrieve-user.spec.ts @@ -1,13 +1,13 @@ import { initDb, useDb } from "../../../environment-helpers/use-db" +import { AxiosInstance } from "axios" import { IUserModuleService } from "@medusajs/types" import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { createAdminUser } from "../../helpers/create-admin-user" import { getContainer } from "../../../environment-helpers/use-container" import path from "path" import { startBootstrapApp } from "../../../environment-helpers/bootstrap-app" import { useApi } from "../../../environment-helpers/use-api" -import adminSeeder from "../../../helpers/admin-seeder" -import { AxiosInstance } from "axios" jest.setTimeout(50000) @@ -31,7 +31,7 @@ describe("GET /admin/users/:id", () => { }) beforeEach(async () => { - await adminSeeder(dbConnection) + await createAdminUser(dbConnection, adminHeaders) }) afterAll(async () => { diff --git a/integration-tests/plugins/__tests__/users/update-user.spec.ts b/integration-tests/plugins/__tests__/users/update-user.spec.ts index 6cad952593..f70cb45915 100644 --- a/integration-tests/plugins/__tests__/users/update-user.spec.ts +++ b/integration-tests/plugins/__tests__/users/update-user.spec.ts @@ -1,13 +1,13 @@ import { initDb, useDb } from "../../../environment-helpers/use-db" +import { AxiosInstance } from "axios" import { IUserModuleService } from "@medusajs/types" import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { createAdminUser } from "../../helpers/create-admin-user" import { getContainer } from "../../../environment-helpers/use-container" import path from "path" import { startBootstrapApp } from "../../../environment-helpers/bootstrap-app" import { useApi } from "../../../environment-helpers/use-api" -import adminSeeder from "../../../helpers/admin-seeder" -import { AxiosInstance } from "axios" jest.setTimeout(50000) @@ -31,7 +31,7 @@ describe("POST /admin/users/:id", () => { }) beforeEach(async () => { - await adminSeeder(dbConnection) + await createAdminUser(dbConnection, adminHeaders) }) afterAll(async () => { diff --git a/integration-tests/plugins/__tests__/workflow-engine/tests.ts b/integration-tests/plugins/__tests__/workflow-engine/tests.ts index 78206bd883..e0c6b468a6 100644 --- a/integration-tests/plugins/__tests__/workflow-engine/tests.ts +++ b/integration-tests/plugins/__tests__/workflow-engine/tests.ts @@ -1,17 +1,18 @@ -import { useApi } from "../../../environment-helpers/use-api" -import { initDb, useDb } from "../../../environment-helpers/use-db" - import { createStep, createWorkflow, StepResponse, WorkflowData, } from "@medusajs/workflows-sdk" +import { initDb, useDb } from "../../../environment-helpers/use-db" + import { AxiosInstance } from "axios" +import adminSeeder from "../../../helpers/admin-seeder" +import { createAdminUser } from "../../helpers/create-admin-user" +import { getContainer } from "../../../environment-helpers/use-container" import path from "path" import { startBootstrapApp } from "../../../environment-helpers/bootstrap-app" -import { getContainer } from "../../../environment-helpers/use-container" -import adminSeeder from "../../../helpers/admin-seeder" +import { useApi } from "../../../environment-helpers/use-api" export const workflowEngineTestSuite = (env, extraParams = {}) => { const adminHeaders = { @@ -31,7 +32,7 @@ export const workflowEngineTestSuite = (env, extraParams = {}) => { shutdownServer = await startBootstrapApp({ cwd, env }) medusaContainer = getContainer() - await adminSeeder(dbConnection) + await createAdminUser(dbConnection, adminHeaders) }) afterAll(async () => { diff --git a/integration-tests/plugins/helpers/create-admin-user.ts b/integration-tests/plugins/helpers/create-admin-user.ts index 118439fe80..4c1b02751e 100644 --- a/integration-tests/plugins/helpers/create-admin-user.ts +++ b/integration-tests/plugins/helpers/create-admin-user.ts @@ -1,8 +1,8 @@ import { IAuthModuleService } from "@medusajs/types" import { ModuleRegistrationName } from "@medusajs/modules-sdk" import adminSeeder from "../../helpers/admin-seeder" -import jwt from "jsonwebtoken" import { getContainer } from "../../environment-helpers/use-container" +import jwt from "jsonwebtoken" export const createAdminUser = async (dbConnection, adminHeaders) => { await adminSeeder(dbConnection) diff --git a/integration-tests/plugins/medusa-config.js b/integration-tests/plugins/medusa-config.js index b770b37691..ad5f2dd3bb 100644 --- a/integration-tests/plugins/medusa-config.js +++ b/integration-tests/plugins/medusa-config.js @@ -43,6 +43,17 @@ module.exports = { scope: "internal", resources: "shared", resolve: "@medusajs/auth", + options: { + providers: [ + { + name: "emailpass", + scopes: { + admin: {}, + store: {}, + }, + }, + ], + }, }, [Modules.USER]: { scope: "internal", diff --git a/packages/medusa/src/api-v2/admin/api-keys/[id]/revoke/route.ts b/packages/medusa/src/api-v2/admin/api-keys/[id]/revoke/route.ts index 2a291cf379..2fda8cf08b 100644 --- a/packages/medusa/src/api-v2/admin/api-keys/[id]/revoke/route.ts +++ b/packages/medusa/src/api-v2/admin/api-keys/[id]/revoke/route.ts @@ -1,15 +1,22 @@ -import { revokeApiKeysWorkflow } from "@medusajs/core-flows" -import { RevokeApiKeyDTO } from "@medusajs/types" -import { MedusaRequest, MedusaResponse } from "../../../../../types/routing" +import { + AuthenticatedMedusaRequest, + MedusaResponse, +} from "../../../../../types/routing" -export const POST = async (req: MedusaRequest, res: MedusaResponse) => { +import { RevokeApiKeyDTO } from "@medusajs/types" +import { revokeApiKeysWorkflow } from "@medusajs/core-flows" + +export const POST = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const id = req.params.id const { result, errors } = await revokeApiKeysWorkflow(req.scope).run({ input: { selector: { id: req.params.id }, revoke: { - revoked_by: req.auth_user?.id, + revoked_by: req.auth.actor_id, } as RevokeApiKeyDTO, }, throwOnError: false, diff --git a/packages/medusa/src/api-v2/admin/api-keys/[id]/route.ts b/packages/medusa/src/api-v2/admin/api-keys/[id]/route.ts index 4a1b644ab9..16283aed1a 100644 --- a/packages/medusa/src/api-v2/admin/api-keys/[id]/route.ts +++ b/packages/medusa/src/api-v2/admin/api-keys/[id]/route.ts @@ -1,13 +1,20 @@ +import { + AuthenticatedMedusaRequest, + MedusaResponse, +} from "../../../../types/routing" import { deleteApiKeysWorkflow, updateApiKeysWorkflow, } from "@medusajs/core-flows" -import { UpdateApiKeyDTO } from "@medusajs/types" -import { remoteQueryObjectFromString } from "@medusajs/utils" -import { MedusaRequest, MedusaResponse } from "../../../../types/routing" -import { defaultAdminApiKeyFields } from "../query-config" -export const GET = async (req: MedusaRequest, res: MedusaResponse) => { +import { UpdateApiKeyDTO } from "@medusajs/types" +import { defaultAdminApiKeyFields } from "../query-config" +import { remoteQueryObjectFromString } from "@medusajs/utils" + +export const GET = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const remoteQuery = req.scope.resolve("remoteQuery") const variables = { id: req.params.id } @@ -23,11 +30,14 @@ export const GET = async (req: MedusaRequest, res: MedusaResponse) => { res.status(200).json({ apiKey }) } -export const POST = async (req: MedusaRequest, res: MedusaResponse) => { +export const POST = async ( + req: AuthenticatedMedusaRequest>, + res: MedusaResponse +) => { const { result, errors } = await updateApiKeysWorkflow(req.scope).run({ input: { selector: { id: req.params.id }, - update: req.validatedBody as Omit, + update: req.validatedBody, }, throwOnError: false, }) @@ -39,7 +49,10 @@ export const POST = async (req: MedusaRequest, res: MedusaResponse) => { res.status(200).json({ apiKey: result[0] }) } -export const DELETE = async (req: MedusaRequest, res: MedusaResponse) => { +export const DELETE = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const id = req.params.id const { errors } = await deleteApiKeysWorkflow(req.scope).run({ diff --git a/packages/medusa/src/api-v2/admin/api-keys/middlewares.ts b/packages/medusa/src/api-v2/admin/api-keys/middlewares.ts index e480fa1d97..819687720d 100644 --- a/packages/medusa/src/api-v2/admin/api-keys/middlewares.ts +++ b/packages/medusa/src/api-v2/admin/api-keys/middlewares.ts @@ -1,25 +1,21 @@ -import { transformBody, transformQuery } from "../../../api/middlewares" -import { MiddlewareRoute } from "../../../loaders/helpers/routing/types" import * as QueryConfig from "./query-config" + import { - AdminGetApiKeysParams, AdminGetApiKeysApiKeyParams, - AdminPostApiKeysReq, + AdminGetApiKeysParams, AdminPostApiKeysApiKeyReq, + AdminPostApiKeysReq, AdminRevokeApiKeysApiKeyReq, } from "./validators" +import { transformBody, transformQuery } from "../../../api/middlewares" + +import { MiddlewareRoute } from "../../../loaders/helpers/routing/types" +import { authenticate } from "../../../utils/authenticate-middleware" export const adminApiKeyRoutesMiddlewares: MiddlewareRoute[] = [ { matcher: "/admin/api-keys*", - // middlewares: [authenticate("admin", ["bearer", "session"])], - // TODO: Apply authentication middleware correctly once https://github.com/medusajs/medusa/pull/6447 is merged. - middlewares: [ - (req, res, next) => { - req.auth_user = { id: "test" } - next() - }, - ], + middlewares: [authenticate("admin", ["bearer", "session"])], }, { method: ["GET"], diff --git a/packages/medusa/src/api-v2/admin/api-keys/route.ts b/packages/medusa/src/api-v2/admin/api-keys/route.ts index ce9b5b324c..ed99b7349c 100644 --- a/packages/medusa/src/api-v2/admin/api-keys/route.ts +++ b/packages/medusa/src/api-v2/admin/api-keys/route.ts @@ -1,10 +1,17 @@ -import { createApiKeysWorkflow } from "@medusajs/core-flows" -import { CreateApiKeyDTO } from "@medusajs/types" -import { remoteQueryObjectFromString } from "@medusajs/utils" -import { MedusaRequest, MedusaResponse } from "../../../types/routing" -import { defaultAdminApiKeyFields } from "./query-config" +import { + AuthenticatedMedusaRequest, + MedusaResponse, +} from "../../../types/routing" -export const GET = async (req: MedusaRequest, res: MedusaResponse) => { +import { CreateApiKeyDTO } from "@medusajs/types" +import { createApiKeysWorkflow } from "@medusajs/core-flows" +import { defaultAdminApiKeyFields } from "./query-config" +import { remoteQueryObjectFromString } from "@medusajs/utils" + +export const GET = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const remoteQuery = req.scope.resolve("remoteQuery") const queryObject = remoteQueryObjectFromString({ @@ -28,11 +35,14 @@ export const GET = async (req: MedusaRequest, res: MedusaResponse) => { }) } -export const POST = async (req: MedusaRequest, res: MedusaResponse) => { +export const POST = async ( + req: AuthenticatedMedusaRequest>, + res: MedusaResponse +) => { const input = [ { - ...(req.validatedBody as Omit), - created_by: req.auth_user?.id, + ...req.validatedBody, + created_by: req.auth.actor_id, } as CreateApiKeyDTO, ] diff --git a/packages/medusa/src/api-v2/admin/campaigns/[id]/route.ts b/packages/medusa/src/api-v2/admin/campaigns/[id]/route.ts index a9d3a62434..2093bfbd52 100644 --- a/packages/medusa/src/api-v2/admin/campaigns/[id]/route.ts +++ b/packages/medusa/src/api-v2/admin/campaigns/[id]/route.ts @@ -1,12 +1,22 @@ +import { + AuthenticatedMedusaRequest, + MedusaRequest, + MedusaResponse, +} from "../../../../types/routing" import { deleteCampaignsWorkflow, updateCampaignsWorkflow, } from "@medusajs/core-flows" -import { ModuleRegistrationName } from "@medusajs/modules-sdk" -import { IPromotionModuleService } from "@medusajs/types" -import { MedusaRequest, MedusaResponse } from "../../../../types/routing" -export const GET = async (req: MedusaRequest, res: MedusaResponse) => { +import { AdminPostCampaignsReq } from "../validators" +import { IPromotionModuleService } from "@medusajs/types" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { UpdateCampaignDTO } from "@medusajs/types" + +export const GET = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const promotionModuleService: IPromotionModuleService = req.scope.resolve( ModuleRegistrationName.PROMOTION ) @@ -22,14 +32,17 @@ export const GET = async (req: MedusaRequest, res: MedusaResponse) => { res.status(200).json({ campaign }) } -export const POST = async (req: MedusaRequest, res: MedusaResponse) => { +export const POST = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const updateCampaigns = updateCampaignsWorkflow(req.scope) const campaignsData = [ { id: req.params.id, - ...(req.validatedBody || {}), + ...req.validatedBody, }, - ] + ] as UpdateCampaignDTO[] const { result, errors } = await updateCampaigns.run({ input: { campaignsData }, @@ -43,7 +56,10 @@ export const POST = async (req: MedusaRequest, res: MedusaResponse) => { res.status(200).json({ campaign: result[0] }) } -export const DELETE = async (req: MedusaRequest, res: MedusaResponse) => { +export const DELETE = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const id = req.params.id const manager = req.scope.resolve("manager") const deleteCampaigns = deleteCampaignsWorkflow(req.scope) diff --git a/packages/medusa/src/api-v2/admin/campaigns/middlewares.ts b/packages/medusa/src/api-v2/admin/campaigns/middlewares.ts index 45febafdd7..7be2be5dee 100644 --- a/packages/medusa/src/api-v2/admin/campaigns/middlewares.ts +++ b/packages/medusa/src/api-v2/admin/campaigns/middlewares.ts @@ -1,22 +1,25 @@ -import { MedusaV2Flag } from "@medusajs/utils" -import { - isFeatureFlagEnabled, - transformBody, - transformQuery, -} from "../../../api/middlewares" -import { MiddlewareRoute } from "../../../loaders/helpers/routing/types" import * as QueryConfig from "./query-config" + import { AdminGetCampaignsCampaignParams, AdminGetCampaignsParams, AdminPostCampaignsCampaignReq, AdminPostCampaignsReq, } from "./validators" +import { + isFeatureFlagEnabled, + transformBody, + transformQuery, +} from "../../../api/middlewares" + +import { MedusaV2Flag } from "@medusajs/utils" +import { MiddlewareRoute } from "../../../loaders/helpers/routing/types" +import { authenticate } from "../../../utils/authenticate-middleware" export const adminCampaignRoutesMiddlewares: MiddlewareRoute[] = [ { matcher: "/admin/campaigns*", - middlewares: [isFeatureFlagEnabled(MedusaV2Flag.key)], + middlewares: [authenticate("admin", ["bearer", "session"])], }, { method: ["GET"], diff --git a/packages/medusa/src/api-v2/admin/campaigns/route.ts b/packages/medusa/src/api-v2/admin/campaigns/route.ts index e3c4159ab0..cc0be86ea8 100644 --- a/packages/medusa/src/api-v2/admin/campaigns/route.ts +++ b/packages/medusa/src/api-v2/admin/campaigns/route.ts @@ -1,9 +1,17 @@ -import { createCampaignsWorkflow } from "@medusajs/core-flows" -import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { + AuthenticatedMedusaRequest, + MedusaRequest, + MedusaResponse, +} from "../../../types/routing" import { CreateCampaignDTO, IPromotionModuleService } from "@medusajs/types" -import { MedusaRequest, MedusaResponse } from "../../../types/routing" -export const GET = async (req: MedusaRequest, res: MedusaResponse) => { +import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { createCampaignsWorkflow } from "@medusajs/core-flows" + +export const GET = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const promotionModuleService: IPromotionModuleService = req.scope.resolve( ModuleRegistrationName.PROMOTION ) @@ -23,9 +31,12 @@ export const GET = async (req: MedusaRequest, res: MedusaResponse) => { }) } -export const POST = async (req: MedusaRequest, res: MedusaResponse) => { +export const POST = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const createCampaigns = createCampaignsWorkflow(req.scope) - const campaignsData = [req.validatedBody as CreateCampaignDTO] + const campaignsData = [req.validatedBody] const { result, errors } = await createCampaigns.run({ input: { campaignsData }, diff --git a/packages/medusa/src/api-v2/admin/campaigns/validators.ts b/packages/medusa/src/api-v2/admin/campaigns/validators.ts index d4ab0d1fef..415f41c5c3 100644 --- a/packages/medusa/src/api-v2/admin/campaigns/validators.ts +++ b/packages/medusa/src/api-v2/admin/campaigns/validators.ts @@ -1,5 +1,4 @@ -import { CampaignBudgetType } from "@medusajs/utils" -import { Type } from "class-transformer" +import { FindParams, extendedFindParamsMixin } from "../../../types/common" import { IsArray, IsDateString, @@ -10,7 +9,10 @@ import { IsString, ValidateNested, } from "class-validator" -import { FindParams, extendedFindParamsMixin } from "../../../types/common" +import { Transform, Type } from "class-transformer" + +import { CampaignBudgetType } from "@medusajs/utils" +import { transformOptionalDate } from "../../../utils/validators/date-transform" export class AdminGetCampaignsCampaignParams extends FindParams {} diff --git a/packages/medusa/src/api-v2/admin/customer-groups/[id]/customers/batch/route.ts b/packages/medusa/src/api-v2/admin/customer-groups/[id]/customers/batch/route.ts index d766dfb6e9..066fd3cabb 100644 --- a/packages/medusa/src/api-v2/admin/customer-groups/[id]/customers/batch/route.ts +++ b/packages/medusa/src/api-v2/admin/customer-groups/[id]/customers/batch/route.ts @@ -1,11 +1,18 @@ -import { createCustomerGroupCustomersWorkflow } from "@medusajs/core-flows" -import { MedusaRequest, MedusaResponse } from "../../../../../../types/routing" -import { AdminPostCustomerGroupsGroupCustomersBatchReq } from "../../../validators" +import { + AuthenticatedMedusaRequest, + MedusaResponse, +} from "../../../../../../types/routing" -export const POST = async (req: MedusaRequest, res: MedusaResponse) => { +import { AdminPostCustomerGroupsGroupCustomersBatchReq } from "../../../validators" +import { createCustomerGroupCustomersWorkflow } from "@medusajs/core-flows" + +export const POST = async ( + // eslint-disable-next-line max-len + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const { id } = req.params - const { customer_ids } = - req.validatedBody as AdminPostCustomerGroupsGroupCustomersBatchReq + const { customer_ids } = req.validatedBody const createCustomers = createCustomerGroupCustomersWorkflow(req.scope) diff --git a/packages/medusa/src/api-v2/admin/customer-groups/[id]/customers/remove/route.ts b/packages/medusa/src/api-v2/admin/customer-groups/[id]/customers/remove/route.ts index 8e8647f733..529ccfbc62 100644 --- a/packages/medusa/src/api-v2/admin/customer-groups/[id]/customers/remove/route.ts +++ b/packages/medusa/src/api-v2/admin/customer-groups/[id]/customers/remove/route.ts @@ -1,12 +1,18 @@ +import { + AuthenticatedMedusaRequest, + MedusaResponse, +} from "../../../../../../types/routing" + +import { AdminPostCustomerGroupsGroupCustomersBatchReq } from "../../../validators" import { deleteCustomerGroupCustomersWorkflow } from "@medusajs/core-flows" -import { MedusaRequest, MedusaResponse } from "../../../../../../types/routing" -import { AdminPostCustomerGroupsGroupCustomersBatchReq } from "../../../validators" - -export const POST = async (req: MedusaRequest, res: MedusaResponse) => { +export const POST = async ( + // eslint-disable-next-line max-len + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const { id } = req.params - const { customer_ids } = - req.validatedBody as AdminPostCustomerGroupsGroupCustomersBatchReq + const { customer_ids } = req.validatedBody const deleteCustomers = deleteCustomerGroupCustomersWorkflow(req.scope) diff --git a/packages/medusa/src/api-v2/admin/customer-groups/[id]/customers/route.ts b/packages/medusa/src/api-v2/admin/customer-groups/[id]/customers/route.ts index 84a7fad253..a8acc23b56 100644 --- a/packages/medusa/src/api-v2/admin/customer-groups/[id]/customers/route.ts +++ b/packages/medusa/src/api-v2/admin/customer-groups/[id]/customers/route.ts @@ -1,8 +1,15 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" -import { ICustomerModuleService } from "@medusajs/types" -import { MedusaRequest, MedusaResponse } from "../../../../../types/routing" +import { + AuthenticatedMedusaRequest, + MedusaResponse, +} from "../../../../../types/routing" -export const GET = async (req: MedusaRequest, res: MedusaResponse) => { +import { ICustomerModuleService } from "@medusajs/types" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" + +export const GET = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const { id } = req.params const service = req.scope.resolve( diff --git a/packages/medusa/src/api-v2/admin/customer-groups/[id]/route.ts b/packages/medusa/src/api-v2/admin/customer-groups/[id]/route.ts index 15fbe1cb34..8d49c21168 100644 --- a/packages/medusa/src/api-v2/admin/customer-groups/[id]/route.ts +++ b/packages/medusa/src/api-v2/admin/customer-groups/[id]/route.ts @@ -1,15 +1,22 @@ import { - updateCustomerGroupsWorkflow, - deleteCustomerGroupsWorkflow, -} from "@medusajs/core-flows" -import { ModuleRegistrationName } from "@medusajs/modules-sdk" + AuthenticatedMedusaRequest, + MedusaResponse, +} from "../../../../types/routing" import { CustomerGroupUpdatableFields, ICustomerModuleService, } from "@medusajs/types" -import { MedusaRequest, MedusaResponse } from "../../../../types/routing" +import { + deleteCustomerGroupsWorkflow, + updateCustomerGroupsWorkflow, +} from "@medusajs/core-flows" -export const GET = async (req: MedusaRequest, res: MedusaResponse) => { +import { ModuleRegistrationName } from "@medusajs/modules-sdk" + +export const GET = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const customerModuleService = req.scope.resolve( ModuleRegistrationName.CUSTOMER ) @@ -25,12 +32,15 @@ export const GET = async (req: MedusaRequest, res: MedusaResponse) => { res.status(200).json({ customer_group: group }) } -export const POST = async (req: MedusaRequest, res: MedusaResponse) => { +export const POST = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const updateGroups = updateCustomerGroupsWorkflow(req.scope) const { result, errors } = await updateGroups.run({ input: { selector: { id: req.params.id }, - update: req.validatedBody as CustomerGroupUpdatableFields, + update: req.validatedBody, }, throwOnError: false, }) @@ -42,7 +52,10 @@ export const POST = async (req: MedusaRequest, res: MedusaResponse) => { res.status(200).json({ customer_group: result[0] }) } -export const DELETE = async (req: MedusaRequest, res: MedusaResponse) => { +export const DELETE = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const id = req.params.id const deleteCustomerGroups = deleteCustomerGroupsWorkflow(req.scope) diff --git a/packages/medusa/src/api-v2/admin/customer-groups/middlewares.ts b/packages/medusa/src/api-v2/admin/customer-groups/middlewares.ts index e8faf2db43..fbb8923f42 100644 --- a/packages/medusa/src/api-v2/admin/customer-groups/middlewares.ts +++ b/packages/medusa/src/api-v2/admin/customer-groups/middlewares.ts @@ -1,16 +1,19 @@ -import { transformBody, transformQuery } from "../../../api/middlewares" -import { MiddlewareRoute } from "../../../loaders/helpers/routing/types" import * as QueryConfig from "./query-config" -import { listTransformQueryConfig as customersListTransformQueryConfig } from "../customers/query-config" + import { - AdminGetCustomerGroupsParams, - AdminGetCustomerGroupsGroupParams, - AdminPostCustomerGroupsReq, - AdminPostCustomerGroupsGroupReq, - AdminGetCustomerGroupsGroupCustomersParams, - AdminPostCustomerGroupsGroupCustomersBatchReq, AdminDeleteCustomerGroupsGroupCustomersBatchReq, + AdminGetCustomerGroupsGroupCustomersParams, + AdminGetCustomerGroupsGroupParams, + AdminGetCustomerGroupsParams, + AdminPostCustomerGroupsGroupCustomersBatchReq, + AdminPostCustomerGroupsGroupReq, + AdminPostCustomerGroupsReq, } from "./validators" +import { transformBody, transformQuery } from "../../../api/middlewares" + +import { MiddlewareRoute } from "../../../loaders/helpers/routing/types" +import { authenticate } from "../../../utils/authenticate-middleware" +import { listTransformQueryConfig as customersListTransformQueryConfig } from "../customers/query-config" export const adminCustomerGroupRoutesMiddlewares: MiddlewareRoute[] = [ { @@ -23,6 +26,11 @@ export const adminCustomerGroupRoutesMiddlewares: MiddlewareRoute[] = [ ), ], }, + { + method: ["ALL"], + matcher: "/admin/customer-groups*", + middlewares: [authenticate("admin", ["bearer", "session"])], + }, { method: ["GET"], matcher: "/admin/customer-groups/:id", diff --git a/packages/medusa/src/api-v2/admin/customer-groups/route.ts b/packages/medusa/src/api-v2/admin/customer-groups/route.ts index eea7d452f6..c290e34d60 100644 --- a/packages/medusa/src/api-v2/admin/customer-groups/route.ts +++ b/packages/medusa/src/api-v2/admin/customer-groups/route.ts @@ -1,9 +1,17 @@ -import { createCustomerGroupsWorkflow } from "@medusajs/core-flows" -import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { + AuthenticatedMedusaRequest, + MedusaRequest, + MedusaResponse, +} from "../../../types/routing" import { CreateCustomerGroupDTO, ICustomerModuleService } from "@medusajs/types" -import { MedusaRequest, MedusaResponse } from "../../../types/routing" -export const GET = async (req: MedusaRequest, res: MedusaResponse) => { +import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { createCustomerGroupsWorkflow } from "@medusajs/core-flows" + +export const GET = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const customerModuleService = req.scope.resolve( ModuleRegistrationName.CUSTOMER ) @@ -24,12 +32,15 @@ export const GET = async (req: MedusaRequest, res: MedusaResponse) => { }) } -export const POST = async (req: MedusaRequest, res: MedusaResponse) => { +export const POST = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const createGroups = createCustomerGroupsWorkflow(req.scope) const customersData = [ { - ...(req.validatedBody as CreateCustomerGroupDTO), - created_by: req.user!.id, + ...req.validatedBody, + created_by: req.auth.actor_id, }, ] diff --git a/packages/medusa/src/api-v2/admin/customers/[id]/addresses/[address_id]/route.ts b/packages/medusa/src/api-v2/admin/customers/[id]/addresses/[address_id]/route.ts index 6eecdf55c6..636b8ba09b 100644 --- a/packages/medusa/src/api-v2/admin/customers/[id]/addresses/[address_id]/route.ts +++ b/packages/medusa/src/api-v2/admin/customers/[id]/addresses/[address_id]/route.ts @@ -1,12 +1,19 @@ import { - updateCustomerAddressesWorkflow, - deleteCustomerAddressesWorkflow, -} from "@medusajs/core-flows" -import { ModuleRegistrationName } from "@medusajs/modules-sdk" + AuthenticatedMedusaRequest, + MedusaResponse, +} from "../../../../../../types/routing" import { CustomerAddressDTO, ICustomerModuleService } from "@medusajs/types" -import { MedusaRequest, MedusaResponse } from "../../../../../../types/routing" +import { + deleteCustomerAddressesWorkflow, + updateCustomerAddressesWorkflow, +} from "@medusajs/core-flows" -export const GET = async (req: MedusaRequest, res: MedusaResponse) => { +import { ModuleRegistrationName } from "@medusajs/modules-sdk" + +export const GET = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const customerModuleService = req.scope.resolve( ModuleRegistrationName.CUSTOMER ) @@ -22,12 +29,15 @@ export const GET = async (req: MedusaRequest, res: MedusaResponse) => { res.status(200).json({ address }) } -export const POST = async (req: MedusaRequest, res: MedusaResponse) => { +export const POST = async ( + req: AuthenticatedMedusaRequest>, + res: MedusaResponse +) => { const updateAddresses = updateCustomerAddressesWorkflow(req.scope) const { result, errors } = await updateAddresses.run({ input: { selector: { id: req.params.address_id, customer_id: req.params.id }, - update: req.validatedBody as Partial, + update: req.validatedBody, }, throwOnError: false, }) @@ -39,7 +49,10 @@ export const POST = async (req: MedusaRequest, res: MedusaResponse) => { res.status(200).json({ address: result[0] }) } -export const DELETE = async (req: MedusaRequest, res: MedusaResponse) => { +export const DELETE = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const id = req.params.address_id const deleteAddress = deleteCustomerAddressesWorkflow(req.scope) diff --git a/packages/medusa/src/api-v2/admin/customers/[id]/addresses/route.ts b/packages/medusa/src/api-v2/admin/customers/[id]/addresses/route.ts index 91927dee0a..43aeffb596 100644 --- a/packages/medusa/src/api-v2/admin/customers/[id]/addresses/route.ts +++ b/packages/medusa/src/api-v2/admin/customers/[id]/addresses/route.ts @@ -1,12 +1,19 @@ -import { createCustomerAddressesWorkflow } from "@medusajs/core-flows" -import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { + AuthenticatedMedusaRequest, + MedusaResponse, +} from "../../../../../types/routing" import { CreateCustomerAddressDTO, ICustomerModuleService, } from "@medusajs/types" -import { MedusaRequest, MedusaResponse } from "../../../../../types/routing" -export const GET = async (req: MedusaRequest, res: MedusaResponse) => { +import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { createCustomerAddressesWorkflow } from "@medusajs/core-flows" + +export const GET = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const customerId = req.params.id const customerModuleService = req.scope.resolve( @@ -28,12 +35,15 @@ export const GET = async (req: MedusaRequest, res: MedusaResponse) => { }) } -export const POST = async (req: MedusaRequest, res: MedusaResponse) => { +export const POST = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const customerId = req.params.id const createAddresses = createCustomerAddressesWorkflow(req.scope) const addresses = [ { - ...(req.validatedBody as CreateCustomerAddressDTO), + ...req.validatedBody, customer_id: customerId, }, ] diff --git a/packages/medusa/src/api-v2/admin/customers/[id]/route.ts b/packages/medusa/src/api-v2/admin/customers/[id]/route.ts index fbf8c8cc6e..b2255116fe 100644 --- a/packages/medusa/src/api-v2/admin/customers/[id]/route.ts +++ b/packages/medusa/src/api-v2/admin/customers/[id]/route.ts @@ -1,15 +1,22 @@ import { - updateCustomersWorkflow, - deleteCustomersWorkflow, -} from "@medusajs/core-flows" -import { ModuleRegistrationName } from "@medusajs/modules-sdk" + AuthenticatedMedusaRequest, + MedusaResponse, +} from "../../../../types/routing" import { CustomerUpdatableFields, ICustomerModuleService, } from "@medusajs/types" -import { MedusaRequest, MedusaResponse } from "../../../../types/routing" +import { + deleteCustomersWorkflow, + updateCustomersWorkflow, +} from "@medusajs/core-flows" -export const GET = async (req: MedusaRequest, res: MedusaResponse) => { +import { ModuleRegistrationName } from "@medusajs/modules-sdk" + +export const GET = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const customerModuleService = req.scope.resolve( ModuleRegistrationName.CUSTOMER ) @@ -22,12 +29,15 @@ export const GET = async (req: MedusaRequest, res: MedusaResponse) => { res.status(200).json({ customer }) } -export const POST = async (req: MedusaRequest, res: MedusaResponse) => { +export const POST = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const updateCustomers = updateCustomersWorkflow(req.scope) const { result, errors } = await updateCustomers.run({ input: { selector: { id: req.params.id }, - update: req.validatedBody as CustomerUpdatableFields, + update: req.validatedBody, }, throwOnError: false, }) @@ -39,7 +49,10 @@ export const POST = async (req: MedusaRequest, res: MedusaResponse) => { res.status(200).json({ customer: result[0] }) } -export const DELETE = async (req: MedusaRequest, res: MedusaResponse) => { +export const DELETE = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const id = req.params.id const deleteCustomers = deleteCustomersWorkflow(req.scope) diff --git a/packages/medusa/src/api-v2/admin/customers/middlewares.ts b/packages/medusa/src/api-v2/admin/customers/middlewares.ts index 3e687eec15..0c8da32caf 100644 --- a/packages/medusa/src/api-v2/admin/customers/middlewares.ts +++ b/packages/medusa/src/api-v2/admin/customers/middlewares.ts @@ -1,17 +1,25 @@ -import { transformBody, transformQuery } from "../../../api/middlewares" -import { MiddlewareRoute } from "../../../loaders/helpers/routing/types" import * as QueryConfig from "./query-config" + import { - AdminGetCustomersParams, - AdminGetCustomersCustomerParams, - AdminPostCustomersReq, - AdminPostCustomersCustomerReq, - AdminPostCustomersCustomerAddressesReq, AdminGetCustomersCustomerAddressesParams, + AdminGetCustomersCustomerParams, + AdminGetCustomersParams, AdminPostCustomersCustomerAddressesAddressReq, + AdminPostCustomersCustomerAddressesReq, + AdminPostCustomersCustomerReq, + AdminPostCustomersReq, } from "./validators" +import { transformBody, transformQuery } from "../../../api/middlewares" + +import { MiddlewareRoute } from "../../../loaders/helpers/routing/types" +import { authenticate } from "../../../utils/authenticate-middleware" export const adminCustomerRoutesMiddlewares: MiddlewareRoute[] = [ + { + method: ["ALL"], + matcher: "/admin/customers*", + middlewares: [authenticate("admin", ["bearer", "session"])], + }, { method: ["GET"], matcher: "/admin/customers", diff --git a/packages/medusa/src/api-v2/admin/customers/route.ts b/packages/medusa/src/api-v2/admin/customers/route.ts index 302d46f430..a8655b082c 100644 --- a/packages/medusa/src/api-v2/admin/customers/route.ts +++ b/packages/medusa/src/api-v2/admin/customers/route.ts @@ -1,9 +1,16 @@ -import { createCustomersWorkflow } from "@medusajs/core-flows" -import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { + AuthenticatedMedusaRequest, + MedusaResponse, +} from "../../../types/routing" import { CreateCustomerDTO, ICustomerModuleService } from "@medusajs/types" -import { MedusaRequest, MedusaResponse } from "../../../types/routing" -export const GET = async (req: MedusaRequest, res: MedusaResponse) => { +import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { createCustomersWorkflow } from "@medusajs/core-flows" + +export const GET = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const customerModuleService = req.scope.resolve( ModuleRegistrationName.CUSTOMER ) @@ -41,12 +48,16 @@ export const GET = async (req: MedusaRequest, res: MedusaResponse) => { }) } -export const POST = async (req: MedusaRequest, res: MedusaResponse) => { +export const POST = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const createCustomers = createCustomersWorkflow(req.scope) + const customersData = [ { - ...(req.validatedBody as CreateCustomerDTO), - created_by: req.user!.id, + ...req.validatedBody, + created_by: req.auth?.actor_id, }, ] diff --git a/packages/medusa/src/api-v2/admin/invites/[id]/route.ts b/packages/medusa/src/api-v2/admin/invites/[id]/route.ts index ba862c3bff..7f0ec5650e 100644 --- a/packages/medusa/src/api-v2/admin/invites/[id]/route.ts +++ b/packages/medusa/src/api-v2/admin/invites/[id]/route.ts @@ -1,15 +1,20 @@ +import { + AuthenticatedMedusaRequest, + MedusaResponse, +} from "../../../../types/routing" import { ContainerRegistrationKeys, MedusaError, remoteQueryObjectFromString, } from "@medusajs/utils" -import { MedusaRequest, MedusaResponse } from "../../../../types/routing" + import { deleteInvitesWorkflow } from "@medusajs/core-flows" -import { IUserModuleService, UpdateUserDTO } from "@medusajs/types" -import { ModuleRegistrationName } from "../../../../../../modules-sdk/dist" // Get invite -export const GET = async (req: MedusaRequest, res: MedusaResponse) => { +export const GET = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const { id } = req.params const remoteQuery = req.scope.resolve(ContainerRegistrationKeys.REMOTE_QUERY) @@ -34,7 +39,10 @@ export const GET = async (req: MedusaRequest, res: MedusaResponse) => { } // delete invite -export const DELETE = async (req: MedusaRequest, res: MedusaResponse) => { +export const DELETE = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const { id } = req.params const workflow = deleteInvitesWorkflow(req.scope) diff --git a/packages/medusa/src/api-v2/admin/invites/accept/route.ts b/packages/medusa/src/api-v2/admin/invites/accept/route.ts index c9d09bb1ec..3be66f52ae 100644 --- a/packages/medusa/src/api-v2/admin/invites/accept/route.ts +++ b/packages/medusa/src/api-v2/admin/invites/accept/route.ts @@ -1,16 +1,23 @@ -import { acceptInviteWorkflow } from "@medusajs/core-flows" -import { MedusaRequest, MedusaResponse } from "../../../../types/routing" -import { InviteWorkflow } from "@medusajs/types" +import { + AuthenticatedMedusaRequest, + MedusaResponse, +} from "../../../../types/routing" + import { AdminPostInvitesInviteAcceptReq } from "../validators" import { IUserModuleService } from "@medusajs/types" +import { InviteWorkflow } from "@medusajs/types" import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { acceptInviteWorkflow } from "@medusajs/core-flows" -export const POST = async (req: MedusaRequest, res: MedusaResponse) => { - if (req.auth_user?.app_metadata?.user_id) { +export const POST = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { + if (req.auth.actor_id) { const moduleService: IUserModuleService = req.scope.resolve( ModuleRegistrationName.USER ) - const user = moduleService.retrieve(req.auth_user.app_metadata.user_id) + const user = moduleService.retrieve(req.auth.actor_id) res.status(200).json({ user }) return } @@ -19,11 +26,18 @@ export const POST = async (req: MedusaRequest, res: MedusaResponse) => { const input = { invite_token: req.filterableFields.token as string, - auth_user_id: req.auth_user!.id, - user: req.validatedBody as AdminPostInvitesInviteAcceptReq, + auth_user_id: req.auth?.auth_user_id, + user: req.validatedBody, } as InviteWorkflow.AcceptInviteWorkflowInputDTO - const { result: users } = await workflow.run({ input }) + let users + try { + const { result } = await workflow.run({ input }) + users = result + } catch (e) { + res.status(401).json({ message: "Unauthorized" }) + return + } // Set customer_id on session user if we are in session if (req.session.auth_user) { diff --git a/packages/medusa/src/api-v2/admin/invites/middlewares.ts b/packages/medusa/src/api-v2/admin/invites/middlewares.ts index 91f3152e55..9fe69215ff 100644 --- a/packages/medusa/src/api-v2/admin/invites/middlewares.ts +++ b/packages/medusa/src/api-v2/admin/invites/middlewares.ts @@ -1,19 +1,35 @@ -import { transformBody, transformQuery } from "../../../api/middlewares" +import * as QueryConfig from "./query-config" + import { AdminCreateInviteRequest, - AdminGetInvitesParams, AdminGetInvitesInviteParams, - AdminPostInvitesInviteAcceptReq, + AdminGetInvitesParams, AdminPostInvitesInviteAcceptParams, + AdminPostInvitesInviteAcceptReq, } from "./validators" -import * as QueryConfig from "./query-config" +import { transformBody, transformQuery } from "../../../api/middlewares" + import { MiddlewareRoute } from "../../../types/middlewares" import { authenticate } from "../../../utils/authenticate-middleware" export const adminInviteRoutesMiddlewares: MiddlewareRoute[] = [ { method: "ALL", - matcher: "/admin/invites*", + matcher: "/admin/invites", + middlewares: [authenticate("admin", ["session", "bearer"])], + }, + { + method: "POST", + matcher: "/admin/invites/accept", + middlewares: [ + authenticate("admin", ["session", "bearer"], { + allowUnregistered: true, + }), + ], + }, + { + method: ["GET", "DELETE"], + matcher: "/admin/invites/:id", middlewares: [authenticate("admin", ["session", "bearer"])], }, { diff --git a/packages/medusa/src/api-v2/admin/invites/route.ts b/packages/medusa/src/api-v2/admin/invites/route.ts index e52ca97a63..e7fbbb2de7 100644 --- a/packages/medusa/src/api-v2/admin/invites/route.ts +++ b/packages/medusa/src/api-v2/admin/invites/route.ts @@ -1,13 +1,20 @@ +import { + AuthenticatedMedusaRequest, + MedusaResponse, +} from "../../../types/routing" import { ContainerRegistrationKeys, remoteQueryObjectFromString, } from "@medusajs/utils" -import { MedusaRequest, MedusaResponse } from "../../../types/routing" + +import { CreateInviteDTO } from "@medusajs/types" import { createInvitesWorkflow } from "@medusajs/core-flows" -import { CreateInviteDTO, CreateUserDTO } from "@medusajs/types" // List invites -export const GET = async (req: MedusaRequest, res: MedusaResponse) => { +export const GET = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const remoteQuery = req.scope.resolve(ContainerRegistrationKeys.REMOTE_QUERY) const query = remoteQueryObjectFromString({ @@ -34,12 +41,15 @@ export const GET = async (req: MedusaRequest, res: MedusaResponse) => { } // Create invite -export const POST = async (req: MedusaRequest, res: MedusaResponse) => { +export const POST = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const workflow = createInvitesWorkflow(req.scope) const input = { input: { - invites: [req.validatedBody as CreateInviteDTO], + invites: [req.validatedBody], }, } diff --git a/packages/medusa/src/api-v2/admin/promotions/[id]/route.ts b/packages/medusa/src/api-v2/admin/promotions/[id]/route.ts index d22211287e..3919d30424 100644 --- a/packages/medusa/src/api-v2/admin/promotions/[id]/route.ts +++ b/packages/medusa/src/api-v2/admin/promotions/[id]/route.ts @@ -1,12 +1,22 @@ +import { + AuthenticatedMedusaRequest, + MedusaResponse, +} from "../../../../types/routing" import { deletePromotionsWorkflow, updatePromotionsWorkflow, } from "@medusajs/core-flows" -import { ModuleRegistrationName } from "@medusajs/modules-sdk" -import { IPromotionModuleService } from "@medusajs/types" -import { MedusaRequest, MedusaResponse } from "../../../../types/routing" -export const GET = async (req: MedusaRequest, res: MedusaResponse) => { +import { AdminPostPromotionsPromotionReq } from "../validators" +import { IPromotionModuleService } from "@medusajs/types" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { UpdateApplicationMethodDTO } from "@medusajs/types" +import { UpdatePromotionDTO } from "@medusajs/types" + +export const GET = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const promotionModuleService: IPromotionModuleService = req.scope.resolve( ModuleRegistrationName.PROMOTION ) @@ -19,14 +29,17 @@ export const GET = async (req: MedusaRequest, res: MedusaResponse) => { res.status(200).json({ promotion }) } -export const POST = async (req: MedusaRequest, res: MedusaResponse) => { +export const POST = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const updatePromotions = updatePromotionsWorkflow(req.scope) const promotionsData = [ { id: req.params.id, - ...(req.validatedBody || {}), + ...req.validatedBody, }, - ] + ] as UpdatePromotionDTO[] const { result, errors } = await updatePromotions.run({ input: { promotionsData }, @@ -40,7 +53,10 @@ export const POST = async (req: MedusaRequest, res: MedusaResponse) => { res.status(200).json({ promotion: result[0] }) } -export const DELETE = async (req: MedusaRequest, res: MedusaResponse) => { +export const DELETE = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const id = req.params.id const manager = req.scope.resolve("manager") const deletePromotions = deletePromotionsWorkflow(req.scope) diff --git a/packages/medusa/src/api-v2/admin/promotions/middlewares.ts b/packages/medusa/src/api-v2/admin/promotions/middlewares.ts index cf27214e9d..37362a0c7e 100644 --- a/packages/medusa/src/api-v2/admin/promotions/middlewares.ts +++ b/packages/medusa/src/api-v2/admin/promotions/middlewares.ts @@ -1,23 +1,25 @@ -import { MedusaV2Flag } from "@medusajs/utils" - -import { - isFeatureFlagEnabled, - transformBody, - transformQuery, -} from "../../../api/middlewares" -import { MiddlewareRoute } from "../../../loaders/helpers/routing/types" import * as QueryConfig from "./query-config" + import { AdminGetPromotionsParams, AdminGetPromotionsPromotionParams, AdminPostPromotionsPromotionReq, AdminPostPromotionsReq, } from "./validators" +import { + isFeatureFlagEnabled, + transformBody, + transformQuery, +} from "../../../api/middlewares" + +import { MedusaV2Flag } from "@medusajs/utils" +import { MiddlewareRoute } from "../../../loaders/helpers/routing/types" +import { authenticate } from "../../../utils/authenticate-middleware" export const adminPromotionRoutesMiddlewares: MiddlewareRoute[] = [ { matcher: "/admin/promotions*", - middlewares: [isFeatureFlagEnabled(MedusaV2Flag.key)], + middlewares: [authenticate("admin", ["bearer", "session"])], }, { method: ["GET"], diff --git a/packages/medusa/src/api-v2/admin/promotions/route.ts b/packages/medusa/src/api-v2/admin/promotions/route.ts index 70477ebbe2..32334d3e17 100644 --- a/packages/medusa/src/api-v2/admin/promotions/route.ts +++ b/packages/medusa/src/api-v2/admin/promotions/route.ts @@ -1,9 +1,16 @@ -import { createPromotionsWorkflow } from "@medusajs/core-flows" -import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { + AuthenticatedMedusaRequest, + MedusaResponse, +} from "../../../types/routing" import { CreatePromotionDTO, IPromotionModuleService } from "@medusajs/types" -import { MedusaRequest, MedusaResponse } from "../../../types/routing" -export const GET = async (req: MedusaRequest, res: MedusaResponse) => { +import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { createPromotionsWorkflow } from "@medusajs/core-flows" + +export const GET = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const promotionModuleService: IPromotionModuleService = req.scope.resolve( ModuleRegistrationName.PROMOTION ) @@ -23,9 +30,12 @@ export const GET = async (req: MedusaRequest, res: MedusaResponse) => { }) } -export const POST = async (req: MedusaRequest, res: MedusaResponse) => { +export const POST = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const createPromotions = createPromotionsWorkflow(req.scope) - const promotionsData = [req.validatedBody as CreatePromotionDTO] + const promotionsData = [req.validatedBody] const { result, errors } = await createPromotions.run({ input: { promotionsData }, diff --git a/packages/medusa/src/api-v2/admin/regions/[id]/route.ts b/packages/medusa/src/api-v2/admin/regions/[id]/route.ts index c0c9d62c05..c6c3d17a9d 100644 --- a/packages/medusa/src/api-v2/admin/regions/[id]/route.ts +++ b/packages/medusa/src/api-v2/admin/regions/[id]/route.ts @@ -1,13 +1,20 @@ +import { + AuthenticatedMedusaRequest, + MedusaResponse, +} from "../../../../types/routing" import { deleteRegionsWorkflow, updateRegionsWorkflow, } from "@medusajs/core-flows" -import { UpdateRegionDTO } from "@medusajs/types" -import { remoteQueryObjectFromString } from "@medusajs/utils" -import { MedusaRequest, MedusaResponse } from "../../../../types/routing" -import { defaultAdminRegionFields } from "../query-config" -export const GET = async (req: MedusaRequest, res: MedusaResponse) => { +import { UpdateRegionDTO } from "@medusajs/types" +import { defaultAdminRegionFields } from "../query-config" +import { remoteQueryObjectFromString } from "@medusajs/utils" + +export const GET = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const remoteQuery = req.scope.resolve("remoteQuery") const variables = { id: req.params.id } @@ -23,11 +30,14 @@ export const GET = async (req: MedusaRequest, res: MedusaResponse) => { res.status(200).json({ region }) } -export const POST = async (req: MedusaRequest, res: MedusaResponse) => { +export const POST = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const { result, errors } = await updateRegionsWorkflow(req.scope).run({ input: { selector: { id: req.params.id }, - update: req.validatedBody as UpdateRegionDTO, + update: req.validatedBody, }, throwOnError: false, }) @@ -39,7 +49,10 @@ export const POST = async (req: MedusaRequest, res: MedusaResponse) => { res.status(200).json({ region: result[0] }) } -export const DELETE = async (req: MedusaRequest, res: MedusaResponse) => { +export const DELETE = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const id = req.params.id const { errors } = await deleteRegionsWorkflow(req.scope).run({ diff --git a/packages/medusa/src/api-v2/admin/regions/middlewares.ts b/packages/medusa/src/api-v2/admin/regions/middlewares.ts index 5aef768c9f..87b7578297 100644 --- a/packages/medusa/src/api-v2/admin/regions/middlewares.ts +++ b/packages/medusa/src/api-v2/admin/regions/middlewares.ts @@ -1,14 +1,22 @@ -import { transformBody, transformQuery } from "../../../api/middlewares" -import { MiddlewareRoute } from "../../../loaders/helpers/routing/types" import * as QueryConfig from "./query-config" + import { AdminGetRegionsParams, AdminGetRegionsRegionParams, AdminPostRegionsRegionReq, AdminPostRegionsReq, } from "./validators" +import { transformBody, transformQuery } from "../../../api/middlewares" + +import { MiddlewareRoute } from "../../../loaders/helpers/routing/types" +import { authenticate } from "../../../utils/authenticate-middleware" export const adminRegionRoutesMiddlewares: MiddlewareRoute[] = [ + { + method: ["ALL"], + matcher: "/admin/regions*", + middlewares: [authenticate("admin", ["bearer", "session"])], + }, { method: ["GET"], matcher: "/admin/regions", diff --git a/packages/medusa/src/api-v2/admin/regions/route.ts b/packages/medusa/src/api-v2/admin/regions/route.ts index 89cfeeaecf..0a250b0b5b 100644 --- a/packages/medusa/src/api-v2/admin/regions/route.ts +++ b/packages/medusa/src/api-v2/admin/regions/route.ts @@ -1,10 +1,17 @@ -import { createRegionsWorkflow } from "@medusajs/core-flows" -import { CreateRegionDTO } from "@medusajs/types" -import { remoteQueryObjectFromString } from "@medusajs/utils" -import { MedusaRequest, MedusaResponse } from "../../../types/routing" -import { defaultAdminRegionFields } from "./query-config" +import { + AuthenticatedMedusaRequest, + MedusaResponse, +} from "../../../types/routing" -export const GET = async (req: MedusaRequest, res: MedusaResponse) => { +import { CreateRegionDTO } from "@medusajs/types" +import { createRegionsWorkflow } from "@medusajs/core-flows" +import { defaultAdminRegionFields } from "./query-config" +import { remoteQueryObjectFromString } from "@medusajs/utils" + +export const GET = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const remoteQuery = req.scope.resolve("remoteQuery") const queryObject = remoteQueryObjectFromString({ @@ -28,10 +35,13 @@ export const GET = async (req: MedusaRequest, res: MedusaResponse) => { }) } -export const POST = async (req: MedusaRequest, res: MedusaResponse) => { +export const POST = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const input = [ { - ...(req.validatedBody as CreateRegionDTO), + ...req.validatedBody, }, ] diff --git a/packages/medusa/src/api-v2/admin/users/[id]/route.ts b/packages/medusa/src/api-v2/admin/users/[id]/route.ts index c8a81b9d02..b20b52f3a5 100644 --- a/packages/medusa/src/api-v2/admin/users/[id]/route.ts +++ b/packages/medusa/src/api-v2/admin/users/[id]/route.ts @@ -1,15 +1,18 @@ import { - ContainerRegistrationKeys, - remoteQueryObjectFromString, -} from "@medusajs/utils" -import { MedusaRequest, MedusaResponse } from "../../../../types/routing" -import { deleteUsersWorkflow, updateUsersWorkflow } from "@medusajs/core-flows" + AuthenticatedMedusaRequest, + MedusaResponse, +} from "../../../../types/routing" import { IUserModuleService, UpdateUserDTO } from "@medusajs/types" -import { ModuleRegistrationName } from "../../../../../../modules-sdk/dist" +import { deleteUsersWorkflow, updateUsersWorkflow } from "@medusajs/core-flows" + import { AdminUpdateUserRequest } from "../validators" +import { ModuleRegistrationName } from "../../../../../../modules-sdk/dist" // Get user -export const GET = async (req: MedusaRequest, res: MedusaResponse) => { +export const GET = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const { id } = req.params const moduleService: IUserModuleService = req.scope.resolve( @@ -21,14 +24,17 @@ export const GET = async (req: MedusaRequest, res: MedusaResponse) => { } // update user -export const POST = async (req: MedusaRequest, res: MedusaResponse) => { +export const POST = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const workflow = updateUsersWorkflow(req.scope) const input = { updates: [ { id: req.params.id, - ...(req.validatedBody as AdminUpdateUserRequest), + ...req.validatedBody, } as UpdateUserDTO, ], } @@ -41,7 +47,10 @@ export const POST = async (req: MedusaRequest, res: MedusaResponse) => { } // delete user -export const DELETE = async (req: MedusaRequest, res: MedusaResponse) => { +export const DELETE = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const { id } = req.params const workflow = deleteUsersWorkflow(req.scope) diff --git a/packages/medusa/src/api-v2/admin/users/middlewares.ts b/packages/medusa/src/api-v2/admin/users/middlewares.ts index 3c6e48f952..a70015471f 100644 --- a/packages/medusa/src/api-v2/admin/users/middlewares.ts +++ b/packages/medusa/src/api-v2/admin/users/middlewares.ts @@ -1,14 +1,22 @@ -import { transformBody, transformQuery } from "../../../api/middlewares" +import * as QueryConfig from "./query-config" + import { AdminCreateUserRequest, AdminGetUsersParams, AdminGetUsersUserParams, AdminUpdateUserRequest, } from "./validators" -import * as QueryConfig from "./query-config" +import { transformBody, transformQuery } from "../../../api/middlewares" + import { MiddlewareRoute } from "../../../types/middlewares" +import { authenticate } from "../../../utils/authenticate-middleware" export const adminUserRoutesMiddlewares: MiddlewareRoute[] = [ + { + method: ["ALL"], + matcher: "/admin/users*", + middlewares: [authenticate("admin", ["bearer", "session"])], + }, { method: ["GET"], matcher: "/admin/users", diff --git a/packages/medusa/src/api-v2/admin/users/route.ts b/packages/medusa/src/api-v2/admin/users/route.ts index bb2c98b044..c37bd45db6 100644 --- a/packages/medusa/src/api-v2/admin/users/route.ts +++ b/packages/medusa/src/api-v2/admin/users/route.ts @@ -1,12 +1,19 @@ +import { + AuthenticatedMedusaRequest, + MedusaResponse, +} from "../../../types/routing" import { ContainerRegistrationKeys, remoteQueryObjectFromString, } from "@medusajs/utils" -import { MedusaRequest, MedusaResponse } from "../../../types/routing" -import { createUsersWorkflow } from "@medusajs/core-flows" -import { CreateUserDTO } from "@medusajs/types" -export const GET = async (req: MedusaRequest, res: MedusaResponse) => { +import { CreateUserDTO } from "@medusajs/types" +import { createUsersWorkflow } from "@medusajs/core-flows" + +export const GET = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const remoteQuery = req.scope.resolve(ContainerRegistrationKeys.REMOTE_QUERY) const query = remoteQueryObjectFromString({ @@ -32,12 +39,15 @@ export const GET = async (req: MedusaRequest, res: MedusaResponse) => { }) } -export const POST = async (req: MedusaRequest, res: MedusaResponse) => { +export const POST = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const workflow = createUsersWorkflow(req.scope) const input = { input: { - users: [req.validatedBody as CreateUserDTO], + users: [req.validatedBody], }, } diff --git a/packages/medusa/src/api-v2/admin/workflows-executions/[id]/route.ts b/packages/medusa/src/api-v2/admin/workflows-executions/[id]/route.ts index f411fe397c..3583725e2c 100644 --- a/packages/medusa/src/api-v2/admin/workflows-executions/[id]/route.ts +++ b/packages/medusa/src/api-v2/admin/workflows-executions/[id]/route.ts @@ -1,8 +1,15 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" -import { IWorkflowEngineService } from "@medusajs/workflows-sdk" -import { MedusaRequest, MedusaResponse } from "../../../../types/routing" +import { + AuthenticatedMedusaRequest, + MedusaResponse, +} from "../../../../types/routing" -export const GET = async (req: MedusaRequest, res: MedusaResponse) => { +import { IWorkflowEngineService } from "@medusajs/workflows-sdk" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" + +export const GET = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const workflowEngineService: IWorkflowEngineService = req.scope.resolve( ModuleRegistrationName.WORKFLOW_ENGINE ) diff --git a/packages/medusa/src/api-v2/admin/workflows-executions/[workflow_id]/[transaction_id]/[step_id]/subscribe/route.ts b/packages/medusa/src/api-v2/admin/workflows-executions/[workflow_id]/[transaction_id]/[step_id]/subscribe/route.ts index 0e75c536e0..d960adfe55 100644 --- a/packages/medusa/src/api-v2/admin/workflows-executions/[workflow_id]/[transaction_id]/[step_id]/subscribe/route.ts +++ b/packages/medusa/src/api-v2/admin/workflows-executions/[workflow_id]/[transaction_id]/[step_id]/subscribe/route.ts @@ -1,11 +1,15 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" -import { IWorkflowEngineService } from "@medusajs/workflows-sdk" import { - MedusaRequest, + AuthenticatedMedusaRequest, MedusaResponse, } from "../../../../../../../types/routing" -export const GET = async (req: MedusaRequest, res: MedusaResponse) => { +import { IWorkflowEngineService } from "@medusajs/workflows-sdk" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" + +export const GET = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const workflowEngineService: IWorkflowEngineService = req.scope.resolve( ModuleRegistrationName.WORKFLOW_ENGINE ) diff --git a/packages/medusa/src/api-v2/admin/workflows-executions/[workflow_id]/[transaction_id]/route.ts b/packages/medusa/src/api-v2/admin/workflows-executions/[workflow_id]/[transaction_id]/route.ts index 177ee8a934..0301e8282a 100644 --- a/packages/medusa/src/api-v2/admin/workflows-executions/[workflow_id]/[transaction_id]/route.ts +++ b/packages/medusa/src/api-v2/admin/workflows-executions/[workflow_id]/[transaction_id]/route.ts @@ -1,8 +1,15 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" -import { IWorkflowEngineService } from "@medusajs/workflows-sdk" -import { MedusaRequest, MedusaResponse } from "../../../../../types/routing" +import { + AuthenticatedMedusaRequest, + MedusaResponse, +} from "../../../../../types/routing" -export const GET = async (req: MedusaRequest, res: MedusaResponse) => { +import { IWorkflowEngineService } from "@medusajs/workflows-sdk" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" + +export const GET = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const workflowEngineService: IWorkflowEngineService = req.scope.resolve( ModuleRegistrationName.WORKFLOW_ENGINE ) diff --git a/packages/medusa/src/api-v2/admin/workflows-executions/[workflow_id]/run/route.ts b/packages/medusa/src/api-v2/admin/workflows-executions/[workflow_id]/run/route.ts index 270313cab7..1f33140f9e 100644 --- a/packages/medusa/src/api-v2/admin/workflows-executions/[workflow_id]/run/route.ts +++ b/packages/medusa/src/api-v2/admin/workflows-executions/[workflow_id]/run/route.ts @@ -1,20 +1,26 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { + AuthenticatedMedusaRequest, + MedusaResponse, +} from "../../../../../types/routing" import { IWorkflowEngineService, WorkflowOrchestratorTypes, } from "@medusajs/workflows-sdk" -import { MedusaRequest, MedusaResponse } from "../../../../../types/routing" -import { AdminPostWorkflowsRunReq } from "../../validators" -export const POST = async (req: MedusaRequest, res: MedusaResponse) => { +import { AdminPostWorkflowsRunReq } from "../../validators" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" + +export const POST = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const workflowEngineService: IWorkflowEngineService = req.scope.resolve( ModuleRegistrationName.WORKFLOW_ENGINE ) const { workflow_id } = req.params - const { transaction_id, input } = - req.validatedBody as AdminPostWorkflowsRunReq + const { transaction_id, input } = req.validatedBody const options = { transactionId: transaction_id, diff --git a/packages/medusa/src/api-v2/admin/workflows-executions/[workflow_id]/steps/failure/route.ts b/packages/medusa/src/api-v2/admin/workflows-executions/[workflow_id]/steps/failure/route.ts index 29e3e67a65..20c4fecaee 100644 --- a/packages/medusa/src/api-v2/admin/workflows-executions/[workflow_id]/steps/failure/route.ts +++ b/packages/medusa/src/api-v2/admin/workflows-executions/[workflow_id]/steps/failure/route.ts @@ -1,17 +1,24 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" -import { TransactionHandlerType, isDefined } from "@medusajs/utils" +import { + AuthenticatedMedusaRequest, + MedusaResponse, +} from "../../../../../../types/routing" import { IWorkflowEngineService, StepResponse } from "@medusajs/workflows-sdk" -import { MedusaRequest, MedusaResponse } from "../../../../../../types/routing" -import { AdminPostWorkflowsAsyncResponseReq } from "../../../validators" +import { TransactionHandlerType, isDefined } from "@medusajs/utils" -export const POST = async (req: MedusaRequest, res: MedusaResponse) => { +import { AdminPostWorkflowsAsyncResponseReq } from "../../../validators" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" + +export const POST = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const workflowEngineService: IWorkflowEngineService = req.scope.resolve( ModuleRegistrationName.WORKFLOW_ENGINE ) const { workflow_id } = req.params - const body = req.validatedBody as AdminPostWorkflowsAsyncResponseReq + const body = req.validatedBody const { transaction_id, step_id } = body diff --git a/packages/medusa/src/api-v2/admin/workflows-executions/[workflow_id]/steps/success/route.ts b/packages/medusa/src/api-v2/admin/workflows-executions/[workflow_id]/steps/success/route.ts index ac5e5d7658..53d88f8610 100644 --- a/packages/medusa/src/api-v2/admin/workflows-executions/[workflow_id]/steps/success/route.ts +++ b/packages/medusa/src/api-v2/admin/workflows-executions/[workflow_id]/steps/success/route.ts @@ -1,17 +1,24 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" -import { TransactionHandlerType, isDefined } from "@medusajs/utils" +import { + AuthenticatedMedusaRequest, + MedusaResponse, +} from "../../../../../../types/routing" import { IWorkflowEngineService, StepResponse } from "@medusajs/workflows-sdk" -import { MedusaRequest, MedusaResponse } from "../../../../../../types/routing" -import { AdminPostWorkflowsAsyncResponseReq } from "../../../validators" +import { TransactionHandlerType, isDefined } from "@medusajs/utils" -export const POST = async (req: MedusaRequest, res: MedusaResponse) => { +import { AdminPostWorkflowsAsyncResponseReq } from "../../../validators" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" + +export const POST = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const workflowEngineService: IWorkflowEngineService = req.scope.resolve( ModuleRegistrationName.WORKFLOW_ENGINE ) const { workflow_id } = req.params - const body = req.validatedBody as AdminPostWorkflowsAsyncResponseReq + const body = req.validatedBody const { transaction_id, step_id } = body diff --git a/packages/medusa/src/api-v2/admin/workflows-executions/[workflow_id]/subscribe/route.ts b/packages/medusa/src/api-v2/admin/workflows-executions/[workflow_id]/subscribe/route.ts index 6bd3af50c4..588e5283e6 100644 --- a/packages/medusa/src/api-v2/admin/workflows-executions/[workflow_id]/subscribe/route.ts +++ b/packages/medusa/src/api-v2/admin/workflows-executions/[workflow_id]/subscribe/route.ts @@ -1,8 +1,15 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" -import { IWorkflowEngineService } from "@medusajs/workflows-sdk" -import { MedusaRequest, MedusaResponse } from "../../../../../types/routing" +import { + AuthenticatedMedusaRequest, + MedusaResponse, +} from "../../../../../types/routing" -export const GET = async (req: MedusaRequest, res: MedusaResponse) => { +import { IWorkflowEngineService } from "@medusajs/workflows-sdk" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" + +export const GET = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const workflowEngineService: IWorkflowEngineService = req.scope.resolve( ModuleRegistrationName.WORKFLOW_ENGINE ) diff --git a/packages/medusa/src/api-v2/admin/workflows-executions/middlewares.ts b/packages/medusa/src/api-v2/admin/workflows-executions/middlewares.ts index 47b0094495..40a8d8cbee 100644 --- a/packages/medusa/src/api-v2/admin/workflows-executions/middlewares.ts +++ b/packages/medusa/src/api-v2/admin/workflows-executions/middlewares.ts @@ -1,14 +1,22 @@ -import { transformBody, transformQuery } from "../../../api/middlewares" -import { MiddlewareRoute } from "../../../loaders/helpers/routing/types" import * as QueryConfig from "./query-config" + import { AdminGetWorkflowExecutionDetailsParams, AdminGetWorkflowExecutionsParams, AdminPostWorkflowsAsyncResponseReq, AdminPostWorkflowsRunReq, } from "./validators" +import { transformBody, transformQuery } from "../../../api/middlewares" + +import { MiddlewareRoute } from "../../../loaders/helpers/routing/types" +import { authenticate } from "../../../utils/authenticate-middleware" export const adminWorkflowsExecutionsMiddlewares: MiddlewareRoute[] = [ + { + method: ["ALL"], + matcher: "/admin/workflows-executions*", + middlewares: [authenticate("admin", ["bearer", "session"])], + }, { method: ["GET"], matcher: "/admin/workflows-executions", diff --git a/packages/medusa/src/api-v2/admin/workflows-executions/route.ts b/packages/medusa/src/api-v2/admin/workflows-executions/route.ts index ab8127411e..5caaeb7b3e 100644 --- a/packages/medusa/src/api-v2/admin/workflows-executions/route.ts +++ b/packages/medusa/src/api-v2/admin/workflows-executions/route.ts @@ -1,8 +1,15 @@ -import { ModuleRegistrationName } from "@medusajs/modules-sdk" -import { IWorkflowEngineService } from "@medusajs/workflows-sdk" -import { MedusaRequest, MedusaResponse } from "../../../types/routing" +import { + AuthenticatedMedusaRequest, + MedusaResponse, +} from "../../../types/routing" -export const GET = async (req: MedusaRequest, res: MedusaResponse) => { +import { IWorkflowEngineService } from "@medusajs/workflows-sdk" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" + +export const GET = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { const workflowEngineService: IWorkflowEngineService = req.scope.resolve( ModuleRegistrationName.WORKFLOW_ENGINE ) diff --git a/packages/medusa/src/api-v2/auth/session/route.ts b/packages/medusa/src/api-v2/auth/session/route.ts index 3d1f249939..bd404031ab 100644 --- a/packages/medusa/src/api-v2/auth/session/route.ts +++ b/packages/medusa/src/api-v2/auth/session/route.ts @@ -1,7 +1,13 @@ -import { MedusaRequest, MedusaResponse } from "../../../types/routing" +import { + AuthenticatedMedusaRequest, + MedusaResponse, +} from "../../../types/routing" -export const POST = async (req: MedusaRequest, res: MedusaResponse) => { - req.session.auth_user = req.auth_user +export const POST = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { + req.session.auth_user = req.auth - res.status(200).json({ user: req.auth_user }) + res.status(200).json({ user: req.auth }) } diff --git a/packages/medusa/src/api-v2/store/carts/[id]/route.ts b/packages/medusa/src/api-v2/store/carts/[id]/route.ts index 532a4e56a0..e392616790 100644 --- a/packages/medusa/src/api-v2/store/carts/[id]/route.ts +++ b/packages/medusa/src/api-v2/store/carts/[id]/route.ts @@ -1,9 +1,9 @@ -import { updateCartsWorkflow } from "@medusajs/core-flows" -import { UpdateCartDataDTO } from "@medusajs/types" import { MedusaRequest, MedusaResponse } from "../../../../types/routing" -import { remoteQueryObjectFromString } from "@medusajs/utils" +import { UpdateCartDataDTO } from "@medusajs/types" import { defaultStoreCartFields } from "../query-config" +import { remoteQueryObjectFromString } from "@medusajs/utils" +import { updateCartsWorkflow } from "@medusajs/core-flows" export const GET = async (req: MedusaRequest, res: MedusaResponse) => { const remoteQuery = req.scope.resolve("remoteQuery") @@ -20,12 +20,15 @@ export const GET = async (req: MedusaRequest, res: MedusaResponse) => { res.json({ cart }) } -export const POST = async (req: MedusaRequest, res: MedusaResponse) => { +export const POST = async ( + req: MedusaRequest, + res: MedusaResponse +) => { const updateCartWorkflow = updateCartsWorkflow(req.scope) const workflowInput = { selector: { id: req.params.id }, - update: req.validatedBody as UpdateCartDataDTO, + update: req.validatedBody, } const { result, errors } = await updateCartWorkflow.run({ diff --git a/packages/medusa/src/api-v2/store/carts/route.ts b/packages/medusa/src/api-v2/store/carts/route.ts index f7dbf2b741..16d66f1aff 100644 --- a/packages/medusa/src/api-v2/store/carts/route.ts +++ b/packages/medusa/src/api-v2/store/carts/route.ts @@ -1,15 +1,24 @@ -import { createCartWorkflow } from "@medusajs/core-flows" -import { CreateCartWorkflowInputDTO } from "@medusajs/types" -import { remoteQueryObjectFromString } from "@medusajs/utils" -import { MedusaRequest, MedusaResponse } from "../../../types/routing" -import { defaultStoreCartFields } from "../carts/query-config" +import { + AuthenticatedMedusaRequest, + MedusaRequest, + MedusaResponse, +} from "../../../types/routing" -export const POST = async (req: MedusaRequest, res: MedusaResponse) => { - const workflowInput = req.validatedBody as CreateCartWorkflowInputDTO +import { CreateCartWorkflowInputDTO } from "@medusajs/types" +import { StorePostCartReq } from "./validators" +import { createCartWorkflow } from "@medusajs/core-flows" +import { defaultStoreCartFields } from "../carts/query-config" +import { remoteQueryObjectFromString } from "@medusajs/utils" + +export const POST = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { + const workflowInput = req.validatedBody // If the customer is logged in, we auto-assign them to the cart - if (req.auth_user?.app_metadata?.customer_id) { - workflowInput.customer_id = req.auth_user!.app_metadata?.customer_id + if (req.auth?.actor_id) { + workflowInput.customer_id = req.auth.actor_id } const { result, errors } = await createCartWorkflow(req.scope).run({ diff --git a/packages/medusa/src/api-v2/store/customers/me/addresses/[address_id]/route.ts b/packages/medusa/src/api-v2/store/customers/me/addresses/[address_id]/route.ts index 8ab50d4cdf..f4fbced6d8 100644 --- a/packages/medusa/src/api-v2/store/customers/me/addresses/[address_id]/route.ts +++ b/packages/medusa/src/api-v2/store/customers/me/addresses/[address_id]/route.ts @@ -1,14 +1,22 @@ import { - updateCustomerAddressesWorkflow, - deleteCustomerAddressesWorkflow, -} from "@medusajs/core-flows" -import { ModuleRegistrationName } from "@medusajs/modules-sdk" + AuthenticatedMedusaRequest, + MedusaRequest, + MedusaResponse, +} from "../../../../../../types/routing" import { CustomerAddressDTO, ICustomerModuleService } from "@medusajs/types" -import { MedusaError } from "@medusajs/utils" -import { MedusaRequest, MedusaResponse } from "../../../../../../types/routing" +import { + deleteCustomerAddressesWorkflow, + updateCustomerAddressesWorkflow, +} from "@medusajs/core-flows" -export const GET = async (req: MedusaRequest, res: MedusaResponse) => { - const id = req.auth_user!.app_metadata.customer_id +import { MedusaError } from "@medusajs/utils" +import { ModuleRegistrationName } from "@medusajs/modules-sdk" + +export const GET = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { + const id = req.auth.actor_id const customerModuleService = req.scope.resolve( ModuleRegistrationName.CUSTOMER @@ -25,8 +33,11 @@ export const GET = async (req: MedusaRequest, res: MedusaResponse) => { res.status(200).json({ address }) } -export const POST = async (req: MedusaRequest, res: MedusaResponse) => { - const id = req.auth_user!.app_metadata.customer_id +export const POST = async ( + req: AuthenticatedMedusaRequest>, + res: MedusaResponse +) => { + const id = req.auth.actor_id! const service = req.scope.resolve( ModuleRegistrationName.CUSTOMER ) @@ -37,7 +48,7 @@ export const POST = async (req: MedusaRequest, res: MedusaResponse) => { const { result, errors } = await updateAddresses.run({ input: { selector: { id: req.params.address_id, customer_id: req.params.id }, - update: req.validatedBody as Partial, + update: req.validatedBody, }, throwOnError: false, }) @@ -49,8 +60,11 @@ export const POST = async (req: MedusaRequest, res: MedusaResponse) => { res.status(200).json({ address: result[0] }) } -export const DELETE = async (req: MedusaRequest, res: MedusaResponse) => { - const id = req.auth_user!.app_metadata.customer_id +export const DELETE = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { + const id = req.auth.actor_id const service = req.scope.resolve( ModuleRegistrationName.CUSTOMER diff --git a/packages/medusa/src/api-v2/store/customers/me/addresses/route.ts b/packages/medusa/src/api-v2/store/customers/me/addresses/route.ts index 1cb19543f4..ef1eee18d4 100644 --- a/packages/medusa/src/api-v2/store/customers/me/addresses/route.ts +++ b/packages/medusa/src/api-v2/store/customers/me/addresses/route.ts @@ -1,13 +1,21 @@ -import { createCustomerAddressesWorkflow } from "@medusajs/core-flows" -import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { + AuthenticatedMedusaRequest, + MedusaRequest, + MedusaResponse, +} from "../../../../../types/routing" import { CreateCustomerAddressDTO, ICustomerModuleService, } from "@medusajs/types" -import { MedusaRequest, MedusaResponse } from "../../../../../types/routing" -export const GET = async (req: MedusaRequest, res: MedusaResponse) => { - const customerId = req.auth_user!.app_metadata.customer_id +import { ModuleRegistrationName } from "@medusajs/modules-sdk" +import { createCustomerAddressesWorkflow } from "@medusajs/core-flows" + +export const GET = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { + const customerId = req.auth.actor_id const customerModuleService = req.scope.resolve( ModuleRegistrationName.CUSTOMER @@ -28,13 +36,16 @@ export const GET = async (req: MedusaRequest, res: MedusaResponse) => { }) } -export const POST = async (req: MedusaRequest, res: MedusaResponse) => { - const customerId = req.auth_user!.app_metadata.customer_id +export const POST = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { + const customerId = req.auth.actor_id const createAddresses = createCustomerAddressesWorkflow(req.scope) const addresses = [ { - ...(req.validatedBody as CreateCustomerAddressDTO), + ...req.validatedBody, customer_id: customerId, }, ] diff --git a/packages/medusa/src/api-v2/store/customers/me/route.ts b/packages/medusa/src/api-v2/store/customers/me/route.ts index 83b654f84c..657979f3dc 100644 --- a/packages/medusa/src/api-v2/store/customers/me/route.ts +++ b/packages/medusa/src/api-v2/store/customers/me/route.ts @@ -1,9 +1,15 @@ -import { MedusaRequest, MedusaResponse } from "../../../../types/routing" +import { + AuthenticatedMedusaRequest, + MedusaResponse, +} from "../../../../types/routing" import { ModuleRegistrationName } from "@medusajs/modules-sdk" -export const GET = async (req: MedusaRequest, res: MedusaResponse) => { - const id = req.auth_user!.app_metadata?.customer_id +export const GET = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { + const id = req.auth.actor_id const customerModule = req.scope.resolve(ModuleRegistrationName.CUSTOMER) diff --git a/packages/medusa/src/api-v2/store/customers/middlewares.ts b/packages/medusa/src/api-v2/store/customers/middlewares.ts index f0bf0e8c28..890dd43044 100644 --- a/packages/medusa/src/api-v2/store/customers/middlewares.ts +++ b/packages/medusa/src/api-v2/store/customers/middlewares.ts @@ -1,22 +1,30 @@ -import { transformBody, transformQuery } from "../../../api/middlewares" -import { MiddlewareRoute } from "../../../loaders/helpers/routing/types" -import { - StorePostCustomersReq, - StoreGetCustomersMeParams, - StorePostCustomersMeAddressesReq, - StorePostCustomersMeAddressesAddressReq, - StoreGetCustomersMeAddressesParams, -} from "./validators" import * as QueryConfig from "./query-config" +import { + StoreGetCustomersMeAddressesParams, + StoreGetCustomersMeParams, + StorePostCustomersMeAddressesAddressReq, + StorePostCustomersMeAddressesReq, + StorePostCustomersReq, +} from "./validators" +import { transformBody, transformQuery } from "../../../api/middlewares" + +import { MiddlewareRoute } from "../../../loaders/helpers/routing/types" import { authenticate } from "../../../utils/authenticate-middleware" export const storeCustomerRoutesMiddlewares: MiddlewareRoute[] = [ { method: "ALL", - matcher: "/store/customers*", + matcher: "/store/customers/me*", middlewares: [authenticate("store", ["session", "bearer"])], }, + { + method: "POST", + matcher: "/store/customers", + middlewares: [ + authenticate("store", ["session", "bearer"], { allowUnregistered: true }), + ], + }, { method: ["POST"], matcher: "/store/customers", diff --git a/packages/medusa/src/api-v2/store/customers/route.ts b/packages/medusa/src/api-v2/store/customers/route.ts index 14fb4f1653..a6250f4628 100644 --- a/packages/medusa/src/api-v2/store/customers/route.ts +++ b/packages/medusa/src/api-v2/store/customers/route.ts @@ -1,21 +1,27 @@ -import { MedusaRequest, MedusaResponse } from "../../../types/routing" - +import { + AuthenticatedMedusaRequest, + MedusaResponse, +} from "../../../types/routing" import { ContainerRegistrationKeys, remoteQueryObjectFromString, } from "@medusajs/utils" + import { CreateCustomerDTO } from "@medusajs/types" import { createCustomerAccountWorkflow } from "@medusajs/core-flows" -export const POST = async (req: MedusaRequest, res: MedusaResponse) => { - if (req.auth_user?.app_metadata?.customer_id) { +export const POST = async ( + req: AuthenticatedMedusaRequest, + res: MedusaResponse +) => { + if (req.auth.actor_id) { const remoteQuery = req.scope.resolve( ContainerRegistrationKeys.REMOTE_QUERY ) const query = remoteQueryObjectFromString({ entryPoint: "customer", - variables: { id: req.auth_user.app_metadata.customer_id }, + variables: { id: req.auth.actor_id }, fields: [], }) const [customer] = await remoteQuery(query) @@ -29,7 +35,7 @@ export const POST = async (req: MedusaRequest, res: MedusaResponse) => { const customersData = req.validatedBody as CreateCustomerDTO const { result } = await createCustomers.run({ - input: { customersData, authUserId: req.auth_user!.id }, + input: { customersData, authUserId: req.auth.auth_user_id }, }) // Set customer_id on session user if we are in session diff --git a/packages/medusa/src/api/middlewares/authenticate-customer.ts b/packages/medusa/src/api/middlewares/authenticate-customer.ts index 57e044ed9b..ca371c54ea 100644 --- a/packages/medusa/src/api/middlewares/authenticate-customer.ts +++ b/packages/medusa/src/api/middlewares/authenticate-customer.ts @@ -1,4 +1,6 @@ +import { ContainerRegistrationKeys, MedusaV2Flag } from "@medusajs/utils" import { NextFunction, Request, RequestHandler, Response } from "express" + import passport from "passport" // Optional customer authentication @@ -6,6 +8,13 @@ import passport from "passport" // If you want to require authentication, use `requireCustomerAuthentication` in `packages/medusa/src/api/middlewares/require-customer-authentication.ts` export default (): RequestHandler => { return (req: Request, res: Response, next: NextFunction): void => { + const featureFlagRouter = req.scope.resolve( + ContainerRegistrationKeys.FEATURE_FLAG_ROUTER + ) + if (featureFlagRouter.isFeatureEnabled(MedusaV2Flag.key)) { + return next() + } + passport.authenticate( ["store-session", "store-bearer"], { session: false }, diff --git a/packages/medusa/src/api/middlewares/authenticate.ts b/packages/medusa/src/api/middlewares/authenticate.ts index f279f4ea3e..caaa38fb77 100644 --- a/packages/medusa/src/api/middlewares/authenticate.ts +++ b/packages/medusa/src/api/middlewares/authenticate.ts @@ -1,12 +1,19 @@ +import { ContainerRegistrationKeys, MedusaV2Flag } from "@medusajs/utils" import { NextFunction, Request, RequestHandler, Response } from "express" + import passport from "passport" export default (): RequestHandler => { return (req: Request, res: Response, next: NextFunction): void => { - passport.authenticate(["admin-session", "admin-bearer", "admin-api-token"], { session: false })( - req, - res, - next + const featureFlagRouter = req.scope.resolve( + ContainerRegistrationKeys.FEATURE_FLAG_ROUTER ) + if (featureFlagRouter.isFeatureEnabled(MedusaV2Flag.key)) { + return next() + } + passport.authenticate( + ["admin-session", "admin-bearer", "admin-api-token"], + { session: false } + )(req, res, next) } } diff --git a/packages/medusa/src/types/routing.ts b/packages/medusa/src/types/routing.ts index 0e1550d057..c58290918f 100644 --- a/packages/medusa/src/types/routing.ts +++ b/packages/medusa/src/types/routing.ts @@ -1,15 +1,30 @@ +import type { Customer, User } from "../models" import type { NextFunction, Request, Response } from "express" -import type { Customer, User } from "../models" import { MedusaContainer } from "@medusajs/types" +import { RequestQueryFields } from "@medusajs/types" -export interface MedusaRequest extends Request { - user?: (User | Customer) & { customer_id?: string; userId?: string } +export interface MedusaRequest extends Request { + validatedBody: Body + validatedQuery: RequestQueryFields & Record + allowedProperties: string[] + includes?: Record + errors: string[] scope: MedusaContainer session?: any rawBody?: any requestId?: string - auth_user?: { id: string; app_metadata: Record; scope: string } +} + +export interface AuthenticatedMedusaRequest + extends MedusaRequest { + user: (User | Customer) & { customer_id?: string; userId?: string } // TODO: Remove this property when v2 is released + auth: { + actor_id: string + auth_user_id: string + app_metadata: Record + scope: string + } } export type MedusaResponse = Response @@ -17,7 +32,7 @@ export type MedusaResponse = Response export type MedusaNextFunction = NextFunction export type MedusaRequestHandler = ( - req: MedusaRequest, + req: MedusaRequest, res: MedusaResponse, next: MedusaNextFunction ) => Promise | void diff --git a/packages/medusa/src/utils/authenticate-middleware.ts b/packages/medusa/src/utils/authenticate-middleware.ts index 6af3f6a93a..6ac036cfdf 100644 --- a/packages/medusa/src/utils/authenticate-middleware.ts +++ b/packages/medusa/src/utils/authenticate-middleware.ts @@ -1,8 +1,13 @@ -import { MedusaRequest, MedusaResponse } from "../types/routing" +import { AuthUserDTO, IUserModuleService } from "@medusajs/types" +import { + AuthenticatedMedusaRequest, + MedusaRequest, + MedusaResponse, +} from "../types/routing" import { NextFunction, RequestHandler } from "express" import jwt, { JwtPayload } from "jsonwebtoken" -import { AuthUserDTO } from "@medusajs/types" +import { StringChain } from "lodash" import { stringEqualsOrRegexMatch } from "@medusajs/utils" const SESSION_AUTH = "session" @@ -18,7 +23,7 @@ type AuthType = "session" | "bearer" export const authenticate = ( authScope: string | RegExp, authType: AuthType | AuthType[], - options: { allowUnauthenticated?: boolean } = {} + options: { allowUnauthenticated?: boolean; allowUnregistered?: boolean } = {} ): RequestHandler => { return async ( req: MedusaRequest, @@ -67,9 +72,24 @@ export const authenticate = ( } } - if (authUser) { - req.auth_user = { - id: authUser.id, + const isMedusaScope = + stringEqualsOrRegexMatch(authScope, "admin") || + stringEqualsOrRegexMatch(authScope, "store") + + const isRegistered = + !isMedusaScope || + (authUser?.app_metadata?.user_id && + stringEqualsOrRegexMatch(authScope, "admin")) || + (authUser?.app_metadata?.customer_id && + stringEqualsOrRegexMatch(authScope, "store")) + + if ( + authUser && + (isRegistered || (!isRegistered && options.allowUnregistered)) + ) { + ;(req as AuthenticatedMedusaRequest).auth = { + actor_id: getActorId(authUser, authScope) as string, // TODO: fix types for auth_users not in the medusa system + auth_user_id: authUser.id, app_metadata: authUser.app_metadata, scope: authUser.scope, } @@ -83,3 +103,18 @@ export const authenticate = ( res.status(401).json({ message: "Unauthorized" }) } } + +const getActorId = ( + authUser: AuthUserDTO, + scope: string | RegExp +): string | undefined => { + if (stringEqualsOrRegexMatch(scope, "admin")) { + return authUser.app_metadata.user_id as string + } + + if (stringEqualsOrRegexMatch(scope, "store")) { + return authUser.app_metadata.customer_id as string + } + + return undefined +} diff --git a/packages/types/src/promotion/common/promotion.ts b/packages/types/src/promotion/common/promotion.ts index 018e97724c..739c523666 100644 --- a/packages/types/src/promotion/common/promotion.ts +++ b/packages/types/src/promotion/common/promotion.ts @@ -1,13 +1,14 @@ -import { BaseFilterable } from "../../dal" -import { CreateCampaignDTO } from "../mutations" import { ApplicationMethodDTO, CreateApplicationMethodDTO, UpdateApplicationMethodDTO, } from "./application-method" -import { CampaignDTO } from "./campaign" import { CreatePromotionRuleDTO, PromotionRuleDTO } from "./promotion-rule" +import { BaseFilterable } from "../../dal" +import { CampaignDTO } from "./campaign" +import { CreateCampaignDTO } from "../mutations" + export type PromotionTypeValues = "standard" | "buyget" export interface PromotionDTO { diff --git a/packages/user/src/services/invite.ts b/packages/user/src/services/invite.ts index ac68003c4c..f837e595f4 100644 --- a/packages/user/src/services/invite.ts +++ b/packages/user/src/services/invite.ts @@ -4,9 +4,10 @@ import { MedusaError, ModulesSdkUtils, } from "@medusajs/utils" +import jwt, { JwtPayload } from "jsonwebtoken" + import { Invite } from "@models" import { InviteServiceTypes } from "@types" -import jwt, { JwtPayload } from "jsonwebtoken" type InjectedDependencies = { inviteRepository: DAL.RepositoryService @@ -91,7 +92,16 @@ export default class InviteService< ): Promise { const decoded = this.validateToken(token) - return await super.retrieve(decoded.payload.id, {}, context) + const invite = await super.retrieve(decoded.payload.id, {}, context) + + if (invite.expires_at < new Date()) { + throw new MedusaError( + MedusaError.Types.INVALID_DATA, + "The invite has expired" + ) + } + + return invite } private generateToken(data: any): string { diff --git a/packages/utils/src/common/container.ts b/packages/utils/src/common/container.ts index 6ca0cd173c..63b32c6dc3 100644 --- a/packages/utils/src/common/container.ts +++ b/packages/utils/src/common/container.ts @@ -5,4 +5,5 @@ export const ContainerRegistrationKeys = { LOGGER: "logger", REMOTE_QUERY: "remoteQuery", REMOTE_LINK: "remoteLink", + FEATURE_FLAG_ROUTER: "featureFlagRouter", }