fix: merge conflicts with develop

2022-11-22 13:39:27 +01:00
parent a767624188 ade898d434
commit a4d75f4a40
26 changed files with 105 additions and 58 deletions
--- a/packages/medusa-core-utils/CHANGELOG.md
+++ b/packages/medusa-core-utils/CHANGELOG.md
@@ -1,5 +1,11 @@
 # Change Log

+## 1.1.35
+
+### Patch Changes
+
+- [#2646](https://github.com/medusajs/medusa/pull/2646) [`e7c4cc375`](https://github.com/medusajs/medusa/commit/e7c4cc375174775bb0cfe52e5dc0270237150b3c) Thanks [@pKorsholm](https://github.com/pKorsholm)! - jwt fix
+
 ## 1.1.34

 ### Patch Changes
--- a/packages/medusa-core-utils/package.json
+++ b/packages/medusa-core-utils/package.json
@@ -1,6 +1,6 @@
 {
  "name": "medusa-core-utils",
-  "version": "1.1.34",
+  "version": "1.1.35",
  "description": "Core utils for Medusa",
  "main": "dist/index.js",
  "repository": {
--- a/packages/medusa-core-utils/src/errors.ts
+++ b/packages/medusa-core-utils/src/errors.ts
@@ -8,6 +8,7 @@ export const MedusaErrorTypes = {
  DUPLICATE_ERROR: "duplicate_error",
  INVALID_ARGUMENT: "invalid_argument",
  INVALID_DATA: "invalid_data",
+  UNAUTHORIZED: "unauthorized",
  NOT_FOUND: "not_found",
  NOT_ALLOWED: "not_allowed",
  UNEXPECTED_STATE: "unexpected_state",
--- a/packages/medusa/CHANGELOG.md
+++ b/packages/medusa/CHANGELOG.md
@@ -1,5 +1,14 @@
 # Change Log

+## 1.6.4
+
+### Patch Changes
+
+- [#2646](https://github.com/medusajs/medusa/pull/2646) [`e7c4cc375`](https://github.com/medusajs/medusa/commit/e7c4cc375174775bb0cfe52e5dc0270237150b3c) Thanks [@pKorsholm](https://github.com/pKorsholm)! - jwt fix
+
+- Updated dependencies [[`e7c4cc375`](https://github.com/medusajs/medusa/commit/e7c4cc375174775bb0cfe52e5dc0270237150b3c)]:
+  - medusa-core-utils@1.1.35
+
 ## 1.6.3

 ### Patch Changes
--- a/packages/medusa/package.json
+++ b/packages/medusa/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@medusajs/medusa",
-  "version": "1.6.3",
+  "version": "1.6.4",
  "description": "E-commerce for JAMstack",
  "main": "dist/index.js",
  "bin": "./cli.js",
@@ -67,7 +67,7 @@
    "ioredis-mock": "^5.6.0",
    "iso8601-duration": "^1.3.0",
    "jsonwebtoken": "^8.5.1",
-    "medusa-core-utils": "^1.1.34",
+    "medusa-core-utils": "^1.1.35",
    "medusa-test-utils": "^1.1.37",
    "morgan": "^1.9.1",
    "multer": "^1.4.2",
--- a/packages/medusa/src/api/middlewares/authenticate-customer.ts
+++ b/packages/medusa/src/api/middlewares/authenticate-customer.ts
@@ -1,10 +1,13 @@
+import { NextFunction, Request, RequestHandler, Response } from "express"
 import passport from "passport"
-import { Request, Response, NextFunction, RequestHandler } from "express"

+// Optional customer authentication
+// If authenticated, middleware attaches customer to request (as user) otherwise we pass through
+// If you want to require authentication, use `requireCustomerAuthentication` in `packages/medusa/src/api/middlewares/require-customer-authentication.ts`
 export default (): RequestHandler => {
  return (req: Request, res: Response, next: NextFunction): void => {
    passport.authenticate(
-      ["jwt", "bearer"],
+      ["store-jwt", "bearer"],
      { session: false },
      (err, user) => {
        if (err) {
--- a/packages/medusa/src/api/middlewares/authenticate.ts
+++ b/packages/medusa/src/api/middlewares/authenticate.ts
@@ -1,8 +1,12 @@
+import { NextFunction, Request, RequestHandler, Response } from "express"
 import passport from "passport"
-import { Request, Response, NextFunction, RequestHandler } from "express"

 export default (): RequestHandler => {
  return (req: Request, res: Response, next: NextFunction): void => {
-    passport.authenticate(["jwt", "bearer"], { session: false })(req, res, next)
+    passport.authenticate(["admin-jwt", "bearer"], { session: false })(
+      req,
+      res,
+      next
+    )
  }
 }
--- a/packages/medusa/src/api/middlewares/error-handler.ts
+++ b/packages/medusa/src/api/middlewares/error-handler.ts
@@ -43,6 +43,9 @@ export default () => {
        errObj.message =
          "The request conflicted with another request. You may retry the request with the provided Idempotency-Key."
        break
+      case MedusaError.Types.UNAUTHORIZED:
+        statusCode = 401
+        break
      case MedusaError.Types.DUPLICATE_ERROR:
        statusCode = 422
        errObj.code = INVALID_REQUEST_ERROR
--- a/packages/medusa/src/api/middlewares/index.ts
+++ b/packages/medusa/src/api/middlewares/index.ts
@@ -1,17 +1,19 @@
-import { default as authenticateCustomer } from "./authenticate-customer"
 import { default as authenticate } from "./authenticate"
-import { default as normalizeQuery } from "./normalized-query"
+import { default as authenticateCustomer } from "./authenticate-customer"
 import { default as wrap } from "./await-middleware"
+import { default as normalizeQuery } from "./normalized-query"
+import { default as requireCustomerAuthentication } from "./require-customer-authentication"

-export { getRequestedBatchJob } from "./batch-job/get-requested-batch-job"
 export { canAccessBatchJob } from "./batch-job/can-access-batch-job"
+export { getRequestedBatchJob } from "./batch-job/get-requested-batch-job"
 export { doesConditionBelongToDiscount } from "./discount/does-condition-belong-to-discount"
-export { transformQuery } from "./transform-query"
 export { transformBody } from "./transform-body"
+export { transformQuery } from "./transform-query"

 export default {
  authenticate,
  authenticateCustomer,
+  requireCustomerAuthentication,
  normalizeQuery,
  wrap,
 }
--- a/packages/medusa/src/api/middlewares/require-customer-authentication.ts
+++ b/packages/medusa/src/api/middlewares/require-customer-authentication.ts
@@ -0,0 +1,12 @@
+import { NextFunction, Request, RequestHandler, Response } from "express"
+import passport from "passport"
+
+export default (): RequestHandler => {
+  return (req: Request, res: Response, next: NextFunction): void => {
+    passport.authenticate(["store-jwt", "bearer"], { session: false })(
+      req,
+      res,
+      next
+    )
+  }
+}
--- a/packages/medusa/src/api/routes/admin/auth/create-session.ts
+++ b/packages/medusa/src/api/routes/admin/auth/create-session.ts
@@ -1,10 +1,10 @@
 import { IsEmail, IsNotEmpty, IsString } from "class-validator"

-import AuthService from "../../../../services/auth"
-import { EntityManager } from "typeorm"
-import { MedusaError } from "medusa-core-utils"
-import _ from "lodash"
 import jwt from "jsonwebtoken"
+import _ from "lodash"
+import { MedusaError } from "medusa-core-utils"
+import { EntityManager } from "typeorm"
+import AuthService from "../../../../services/auth"
 import { validator } from "../../../../utils/validator"

 /**
--- a/packages/medusa/src/api/routes/store/auth/create-session.ts
+++ b/packages/medusa/src/api/routes/store/auth/create-session.ts
@@ -1,9 +1,9 @@
 import { IsEmail, IsNotEmpty } from "class-validator"
 import jwt from "jsonwebtoken"
+import { EntityManager } from "typeorm"
 import AuthService from "../../../../services/auth"
 import CustomerService from "../../../../services/customer"
 import { validator } from "../../../../utils/validator"
-import { EntityManager } from "typeorm"

 /**
 * @oas [post] /auth
@@ -79,7 +79,7 @@ export default async (req, res) => {
  const {
    projectConfig: { jwt_secret },
  } = req.scope.resolve("configModule")
-  req.session.jwt = jwt.sign(
+  req.session.jwt_store = jwt.sign(
    { customer_id: result.customer?.id },
    jwt_secret!,
    {
--- a/packages/medusa/src/api/routes/store/auth/delete-session.ts
+++ b/packages/medusa/src/api/routes/store/auth/delete-session.ts
@@ -31,6 +31,6 @@
 *    $ref: "#/components/responses/500_error"
 */
 export default async (req, res) => {
-  req.session.jwt = {}
+  req.session.jwt_store = {}
  res.json({})
 }
--- a/packages/medusa/src/api/routes/store/auth/index.ts
+++ b/packages/medusa/src/api/routes/store/auth/index.ts
@@ -1,6 +1,6 @@
 import { Router } from "express"
-import { Customer } from "./../../../.."
 import middlewares from "../../../middlewares"
+import { Customer } from "./../../../.."

 const route = Router()

--- a/packages/medusa/src/api/routes/store/customers/create-address.ts
+++ b/packages/medusa/src/api/routes/store/customers/create-address.ts
@@ -1,10 +1,10 @@
 import { Type } from "class-transformer"
 import { ValidateNested } from "class-validator"
+import { EntityManager } from "typeorm"
 import { defaultStoreCustomersFields, defaultStoreCustomersRelations } from "."
 import CustomerService from "../../../../services/customer"
 import { AddressCreatePayload } from "../../../../types/common"
 import { validator } from "../../../../utils/validator"
-import { EntityManager } from "typeorm"

 /**
 * @oas [post] /customers/me/addresses
--- a/packages/medusa/src/api/routes/store/customers/create-customer.ts
+++ b/packages/medusa/src/api/routes/store/customers/create-customer.ts
@@ -1,11 +1,11 @@
 import { IsEmail, IsOptional, IsString } from "class-validator"
 import { defaultStoreCustomersFields, defaultStoreCustomersRelations } from "."

+import jwt from "jsonwebtoken"
+import { EntityManager } from "typeorm"
 import { Customer } from "../../../.."
 import CustomerService from "../../../../services/customer"
-import jwt from "jsonwebtoken"
 import { validator } from "../../../../utils/validator"
-import { EntityManager } from "typeorm"

 /**
 * @oas [post] /customers
@@ -121,7 +121,7 @@ export default async (req, res) => {
  const {
    projectConfig: { jwt_secret },
  } = req.scope.resolve("configModule")
-  req.session.jwt = jwt.sign({ customer_id: customer.id }, jwt_secret!, {
+  req.session.jwt_store = jwt.sign({ customer_id: customer.id }, jwt_secret!, {
    expiresIn: "30d",
  })

--- a/packages/medusa/src/api/routes/store/customers/delete-address.ts
+++ b/packages/medusa/src/api/routes/store/customers/delete-address.ts
@@ -1,7 +1,7 @@
 import { defaultStoreCustomersFields, defaultStoreCustomersRelations } from "."

-import CustomerService from "../../../../services/customer"
 import { EntityManager } from "typeorm"
+import CustomerService from "../../../../services/customer"

 /**
 * @oas [delete] /customers/me/addresses/{address_id}
--- a/packages/medusa/src/api/routes/store/customers/index.ts
+++ b/packages/medusa/src/api/routes/store/customers/index.ts
@@ -2,11 +2,11 @@ import { Router } from "express"
 import { Customer, Order } from "../../../.."
 import { PaginatedResponse } from "../../../../types/common"
 import middlewares, { transformQuery } from "../../../middlewares"
-import { StoreGetCustomersCustomerOrdersParams } from "./list-orders"
 import {
-  defaultStoreOrdersRelations,
  defaultStoreOrdersFields,
+  defaultStoreOrdersRelations,
 } from "../orders"
+import { StoreGetCustomersCustomerOrdersParams } from "./list-orders"

 const route = Router()

@@ -34,7 +34,7 @@ export default (app, container) => {
  )

  // Authenticated endpoints
-  route.use(middlewares.authenticate())
+  route.use(middlewares.requireCustomerAuthentication())

  route.get("/me", middlewares.wrap(require("./get-customer").default))
  route.post("/me", middlewares.wrap(require("./update-customer").default))
--- a/packages/medusa/src/api/routes/store/customers/list-orders.ts
+++ b/packages/medusa/src/api/routes/store/customers/list-orders.ts
@@ -1,8 +1,3 @@
-import {
-  FulfillmentStatus,
-  OrderStatus,
-  PaymentStatus,
-} from "../../../../models/order"
 import {
  IsEnum,
  IsNumber,
@@ -11,11 +6,15 @@ import {
  ValidateNested,
 } from "class-validator"
 import { Request, Response } from "express"
+import {
+  FulfillmentStatus,
+  OrderStatus,
+  PaymentStatus,
+} from "../../../../models/order"

-import { DateComparisonOperator } from "../../../../types/common"
-import { MedusaError } from "medusa-core-utils"
-import OrderService from "../../../../services/order"
 import { Type } from "class-transformer"
+import OrderService from "../../../../services/order"
+import { DateComparisonOperator } from "../../../../types/common"

 /**
 * @oas [get] /customers/me/orders
@@ -194,13 +193,6 @@ import { Type } from "class-transformer"
 export default async (req: Request, res: Response) => {
  const id: string | undefined = req.user?.customer_id

-  if (!id) {
-    throw new MedusaError(
-      MedusaError.Types.UNEXPECTED_STATE,
-      "Not authorized to list orders"
-    )
-  }
-
  const orderService: OrderService = req.scope.resolve("orderService")

  req.filterableFields = {
--- a/packages/medusa/src/api/routes/store/customers/update-address.ts
+++ b/packages/medusa/src/api/routes/store/customers/update-address.ts
@@ -1,9 +1,9 @@
 import { defaultStoreCustomersFields, defaultStoreCustomersRelations } from "."

-import { AddressPayload } from "../../../../types/common"
-import CustomerService from "../../../../services/customer"
-import { validator } from "../../../../utils/validator"
 import { EntityManager } from "typeorm"
+import CustomerService from "../../../../services/customer"
+import { AddressPayload } from "../../../../types/common"
+import { validator } from "../../../../utils/validator"

 /**
 * @oas [post] /customers/me/addresses/{address_id}
@@ -69,6 +69,7 @@ import { EntityManager } from "typeorm"
 */
 export default async (req, res) => {
  const id = req.user.customer_id
+
  const { address_id } = req.params

  const validated = await validator(
--- a/packages/medusa/src/api/routes/store/customers/update-customer.ts
+++ b/packages/medusa/src/api/routes/store/customers/update-customer.ts
@@ -1,11 +1,11 @@
 import { IsEmail, IsObject, IsOptional, IsString } from "class-validator"
 import { defaultStoreCustomersFields, defaultStoreCustomersRelations } from "."

-import { AddressPayload } from "../../../../types/common"
-import CustomerService from "../../../../services/customer"
-import { IsType } from "../../../../utils/validators/is-type"
-import { validator } from "../../../../utils/validator"
 import { EntityManager } from "typeorm"
+import CustomerService from "../../../../services/customer"
+import { AddressPayload } from "../../../../types/common"
+import { validator } from "../../../../utils/validator"
+import { IsType } from "../../../../utils/validators/is-type"

 /**
 * @oas [post] /customers/me
--- a/packages/medusa/src/api/routes/store/index.js
+++ b/packages/medusa/src/api/routes/store/index.js
@@ -1,15 +1,15 @@
 import cors from "cors"
 import { Router } from "express"
 import middlewares from "../../middlewares"
+import productTypesRoutes from "../admin/product-types"
 import authRoutes from "./auth"
 import cartRoutes from "./carts"
 import collectionRoutes from "./collections"
 import customerRoutes from "./customers"
 import giftCardRoutes from "./gift-cards"
-import orderRoutes from "./orders"
 import orderEditRoutes from "./order-edits"
+import orderRoutes from "./orders"
 import productRoutes from "./products"
-import productTypesRoutes from "../admin/product-types"
 import regionRoutes from "./regions"
 import returnReasonRoutes from "./return-reasons"
 import returnRoutes from "./returns"
--- a/packages/medusa/src/helpers/test-request.js
+++ b/packages/medusa/src/helpers/test-request.js
@@ -100,7 +100,7 @@ export async function request(method, url, opts = {}) {
  }
  if (opts.clientSession) {
    if (opts.clientSession.jwt) {
-      opts.clientSession.jwt = jwt.sign(
+      opts.clientSession.jwt_store = jwt.sign(
        opts.clientSession.jwt,
        config.projectConfig.jwt_secret,
        {
--- a/packages/medusa/src/loaders/passport.ts
+++ b/packages/medusa/src/loaders/passport.ts
@@ -1,10 +1,10 @@
-import passport from "passport"
-import { AuthService } from "../services"
 import { Express } from "express"
-import { ConfigModule, MedusaContainer } from "../types/global"
+import passport from "passport"
 import { Strategy as BearerStrategy } from "passport-http-bearer"
 import { Strategy as JWTStrategy } from "passport-jwt"
 import { Strategy as LocalStrategy } from "passport-local"
+import { AuthService } from "../services"
+import { ConfigModule, MedusaContainer } from "../types/global"

 export default async ({
  app,
@@ -46,6 +46,7 @@ export default async ({
  // calls will be authenticated based on the JWT
  const { jwt_secret } = configModule.projectConfig
  passport.use(
+    "admin-jwt",
    new JWTStrategy(
      {
        jwtFromRequest: (req) => req.session.jwt,
@@ -57,6 +58,19 @@ export default async ({
    )
  )

+  passport.use(
+    "store-jwt",
+    new JWTStrategy(
+      {
+        jwtFromRequest: (req) => req.session.jwt_store,
+        secretOrKey: jwt_secret,
+      },
+      async (jwtPayload, done) => {
+        return done(null, jwtPayload)
+      }
+    )
+  )
+
  // Alternatively use bearer token to authenticate to the admin api
  passport.use(
    new BearerStrategy(async (token, done) => {
--- a/www/docs/announcement.json
+++ b/www/docs/announcement.json
@@ -1 +1 @@
-{"id":"https://github.com/medusajs/medusa/releases/tag/v1.6.3","content":"v1.6.3 is out","isCloseable":true}
+{}
--- a/yarn.lock
+++ b/yarn.lock
@@ -4369,7 +4369,7 @@ __metadata:
    iso8601-duration: ^1.3.0
    jest: ^25.5.2
    jsonwebtoken: ^8.5.1
-    medusa-core-utils: ^1.1.34
+    medusa-core-utils: ^1.1.35
    medusa-interfaces: ^1.3.3
    medusa-test-utils: ^1.1.37
    morgan: ^1.9.1
@@ -23551,7 +23551,7 @@ __metadata:
  languageName: node
  linkType: hard

-"medusa-core-utils@^1.1.31, medusa-core-utils@^1.1.32, medusa-core-utils@^1.1.34, medusa-core-utils@workspace:packages/medusa-core-utils":
+"medusa-core-utils@^1.1.31, medusa-core-utils@^1.1.32, medusa-core-utils@^1.1.34, medusa-core-utils@^1.1.35, medusa-core-utils@workspace:packages/medusa-core-utils":
  version: 0.0.0-use.local
  resolution: "medusa-core-utils@workspace:packages/medusa-core-utils"
  dependencies: