feat: Update authentication middleware (#6447)
* authentication middleware update * disable customer authentication * call correct feature flag method * fix authentication middleware for store/customers * fix integration tests and add middleware for admin customers * update seeders * customer groups fix * add authentication middleware for all admin endpoints * Feat(medusa, user): require authentication for invite accept (#6448) * initial invite token validation for authentication invocation * remove invite auth * remove unused import * cleanup tests * refactor to auth instead of auth_user * pr feedback * update authenticatedRequest type * update store authenticated endpoints * update routes with type * fix build * fix build * fix build * use auth middleware for api-keys
This commit is contained in:
Philip Korsholm
GitHub
@@ -1,15 +1,22 @@
|
||||
import { revokeApiKeysWorkflow } from "@medusajs/core-flows"
|
||||
import { RevokeApiKeyDTO } from "@medusajs/types"
|
||||
import { MedusaRequest, MedusaResponse } from "../../../../../types/routing"
|
||||
import {
|
||||
AuthenticatedMedusaRequest,
|
||||
MedusaResponse,
|
||||
} from "../../../../../types/routing"
|
||||
|
||||
export const POST = async (req: MedusaRequest, res: MedusaResponse) => {
|
||||
import { RevokeApiKeyDTO } from "@medusajs/types"
|
||||
import { revokeApiKeysWorkflow } from "@medusajs/core-flows"
|
||||
|
||||
export const POST = async (
|
||||
req: AuthenticatedMedusaRequest,
|
||||
res: MedusaResponse
|
||||
) => {
|
||||
const id = req.params.id
|
||||
|
||||
const { result, errors } = await revokeApiKeysWorkflow(req.scope).run({
|
||||
input: {
|
||||
selector: { id: req.params.id },
|
||||
revoke: {
|
||||
revoked_by: req.auth_user?.id,
|
||||
revoked_by: req.auth.actor_id,
|
||||
} as RevokeApiKeyDTO,
|
||||
},
|
||||
throwOnError: false,
|
||||
|
||||
@@ -1,13 +1,20 @@
|
||||
import {
|
||||
AuthenticatedMedusaRequest,
|
||||
MedusaResponse,
|
||||
} from "../../../../types/routing"
|
||||
import {
|
||||
deleteApiKeysWorkflow,
|
||||
updateApiKeysWorkflow,
|
||||
} from "@medusajs/core-flows"
|
||||
import { UpdateApiKeyDTO } from "@medusajs/types"
|
||||
import { remoteQueryObjectFromString } from "@medusajs/utils"
|
||||
import { MedusaRequest, MedusaResponse } from "../../../../types/routing"
|
||||
import { defaultAdminApiKeyFields } from "../query-config"
|
||||
|
||||
export const GET = async (req: MedusaRequest, res: MedusaResponse) => {
|
||||
import { UpdateApiKeyDTO } from "@medusajs/types"
|
||||
import { defaultAdminApiKeyFields } from "../query-config"
|
||||
import { remoteQueryObjectFromString } from "@medusajs/utils"
|
||||
|
||||
export const GET = async (
|
||||
req: AuthenticatedMedusaRequest,
|
||||
res: MedusaResponse
|
||||
) => {
|
||||
const remoteQuery = req.scope.resolve("remoteQuery")
|
||||
|
||||
const variables = { id: req.params.id }
|
||||
@@ -23,11 +30,14 @@ export const GET = async (req: MedusaRequest, res: MedusaResponse) => {
|
||||
res.status(200).json({ apiKey })
|
||||
}
|
||||
|
||||
export const POST = async (req: MedusaRequest, res: MedusaResponse) => {
|
||||
export const POST = async (
|
||||
req: AuthenticatedMedusaRequest<Omit<UpdateApiKeyDTO, "id">>,
|
||||
res: MedusaResponse
|
||||
) => {
|
||||
const { result, errors } = await updateApiKeysWorkflow(req.scope).run({
|
||||
input: {
|
||||
selector: { id: req.params.id },
|
||||
update: req.validatedBody as Omit<UpdateApiKeyDTO, "id">,
|
||||
update: req.validatedBody,
|
||||
},
|
||||
throwOnError: false,
|
||||
})
|
||||
@@ -39,7 +49,10 @@ export const POST = async (req: MedusaRequest, res: MedusaResponse) => {
|
||||
res.status(200).json({ apiKey: result[0] })
|
||||
}
|
||||
|
||||
export const DELETE = async (req: MedusaRequest, res: MedusaResponse) => {
|
||||
export const DELETE = async (
|
||||
req: AuthenticatedMedusaRequest,
|
||||
res: MedusaResponse
|
||||
) => {
|
||||
const id = req.params.id
|
||||
|
||||
const { errors } = await deleteApiKeysWorkflow(req.scope).run({
|
||||
|
||||
@@ -1,25 +1,21 @@
|
||||
import { transformBody, transformQuery } from "../../../api/middlewares"
|
||||
import { MiddlewareRoute } from "../../../loaders/helpers/routing/types"
|
||||
import * as QueryConfig from "./query-config"
|
||||
|
||||
import {
|
||||
AdminGetApiKeysParams,
|
||||
AdminGetApiKeysApiKeyParams,
|
||||
AdminPostApiKeysReq,
|
||||
AdminGetApiKeysParams,
|
||||
AdminPostApiKeysApiKeyReq,
|
||||
AdminPostApiKeysReq,
|
||||
AdminRevokeApiKeysApiKeyReq,
|
||||
} from "./validators"
|
||||
import { transformBody, transformQuery } from "../../../api/middlewares"
|
||||
|
||||
import { MiddlewareRoute } from "../../../loaders/helpers/routing/types"
|
||||
import { authenticate } from "../../../utils/authenticate-middleware"
|
||||
|
||||
export const adminApiKeyRoutesMiddlewares: MiddlewareRoute[] = [
|
||||
{
|
||||
matcher: "/admin/api-keys*",
|
||||
// middlewares: [authenticate("admin", ["bearer", "session"])],
|
||||
// TODO: Apply authentication middleware correctly once https://github.com/medusajs/medusa/pull/6447 is merged.
|
||||
middlewares: [
|
||||
(req, res, next) => {
|
||||
req.auth_user = { id: "test" }
|
||||
next()
|
||||
},
|
||||
],
|
||||
middlewares: [authenticate("admin", ["bearer", "session"])],
|
||||
},
|
||||
{
|
||||
method: ["GET"],
|
||||
|
||||
@@ -1,10 +1,17 @@
|
||||
import { createApiKeysWorkflow } from "@medusajs/core-flows"
|
||||
import { CreateApiKeyDTO } from "@medusajs/types"
|
||||
import { remoteQueryObjectFromString } from "@medusajs/utils"
|
||||
import { MedusaRequest, MedusaResponse } from "../../../types/routing"
|
||||
import { defaultAdminApiKeyFields } from "./query-config"
|
||||
import {
|
||||
AuthenticatedMedusaRequest,
|
||||
MedusaResponse,
|
||||
} from "../../../types/routing"
|
||||
|
||||
export const GET = async (req: MedusaRequest, res: MedusaResponse) => {
|
||||
import { CreateApiKeyDTO } from "@medusajs/types"
|
||||
import { createApiKeysWorkflow } from "@medusajs/core-flows"
|
||||
import { defaultAdminApiKeyFields } from "./query-config"
|
||||
import { remoteQueryObjectFromString } from "@medusajs/utils"
|
||||
|
||||
export const GET = async (
|
||||
req: AuthenticatedMedusaRequest,
|
||||
res: MedusaResponse
|
||||
) => {
|
||||
const remoteQuery = req.scope.resolve("remoteQuery")
|
||||
|
||||
const queryObject = remoteQueryObjectFromString({
|
||||
@@ -28,11 +35,14 @@ export const GET = async (req: MedusaRequest, res: MedusaResponse) => {
|
||||
})
|
||||
}
|
||||
|
||||
export const POST = async (req: MedusaRequest, res: MedusaResponse) => {
|
||||
export const POST = async (
|
||||
req: AuthenticatedMedusaRequest<Omit<CreateApiKeyDTO, "created_by">>,
|
||||
res: MedusaResponse
|
||||
) => {
|
||||
const input = [
|
||||
{
|
||||
...(req.validatedBody as Omit<CreateApiKeyDTO, "created_by">),
|
||||
created_by: req.auth_user?.id,
|
||||
...req.validatedBody,
|
||||
created_by: req.auth.actor_id,
|
||||
} as CreateApiKeyDTO,
|
||||
]
|
||||
|
||||
|
||||
Reference in New Issue
Block a user