fix(medusa): throw proper error when product doesn't exist w/ key header (#5745)

**What** - ensure that an error is raised properly if the requested product doesn't exist and a publishable-key header is set **Why** - previously endpoints would hang if the product didn't exist and requests would time out closes #5724
2023-11-28 10:24:50 +00:00
parent 870d686136
commit e4bfa6c88a
4 changed files with 92 additions and 24 deletions
--- a/.changeset/tough-wombats-tan.md
+++ b/.changeset/tough-wombats-tan.md
@@ -0,0 +1,5 @@
+---
+"@medusajs/medusa": patch
+---
+
+fix(medusa): raise error properly in api-key middleware if product is not found
--- a/integration-tests/api/tests/admin/publishable-api-key.js
+++ b/integration-tests/api/tests/admin/publishable-api-key.js
@@ -385,13 +385,11 @@ describe("Publishable API keys", () => {
      })

      await dbConnection.manager.query(
-        `INSERT INTO 
-            publishable_api_key_sales_channel 
-            (publishable_key_id, sales_channel_id)
-         VALUES
-             ('${pubKeyId}', '${salesChannel1.id}'),
-             ('${pubKeyId}', '${salesChannel2.id}'),
-             ('${pubKeyId}', '${salesChannel3.id}');`
+        `INSERT INTO publishable_api_key_sales_channel
+             (publishable_key_id, sales_channel_id)
+         VALUES ('${pubKeyId}', '${salesChannel1.id}'),
+                ('${pubKeyId}', '${salesChannel2.id}'),
+                ('${pubKeyId}', '${salesChannel3.id}');`
      )
    })

@@ -468,12 +466,10 @@ describe("Publishable API keys", () => {
      })

      await dbConnection.manager.query(
-        `INSERT INTO
-             publishable_api_key_sales_channel
+        `INSERT INTO publishable_api_key_sales_channel
             (publishable_key_id, sales_channel_id)
-         VALUES
-             ('${pubKeyId}', '${salesChannel1.id}'),
-             ('${pubKeyId}', '${salesChannel2.id}');`
+         VALUES ('${pubKeyId}', '${salesChannel1.id}'),
+                ('${pubKeyId}', '${salesChannel2.id}');`
      )
    })

@@ -856,6 +852,62 @@ describe("Publishable API keys", () => {
      expect(response.status).toEqual(400)
    })

+    it("should return 404 when the requested variant doesn't exist", async () => {
+      const api = useApi()
+
+      await api.post(
+        `/admin/publishable-api-keys/${pubKeyId}/sales-channels/batch`,
+        {
+          sales_channel_ids: [{ id: salesChannel1.id }],
+        },
+        adminHeaders
+      )
+
+      const response = await api
+        .get(`/store/variants/does-not-exist`, {
+          headers: {
+            "x-medusa-access-token": "test_token",
+            "x-publishable-api-key": pubKeyId,
+          },
+        })
+        .catch((err) => {
+          return err.response
+        })
+
+      expect(response.status).toEqual(404)
+      expect(response.data.message).toEqual(
+        "Variant with id: does-not-exist was not found"
+      )
+    })
+
+    it("should return 404 when the requested product doesn't exist", async () => {
+      const api = useApi()
+
+      await api.post(
+        `/admin/publishable-api-keys/${pubKeyId}/sales-channels/batch`,
+        {
+          sales_channel_ids: [{ id: salesChannel1.id }],
+        },
+        adminHeaders
+      )
+
+      const response = await api
+        .get(`/store/products/does-not-exist`, {
+          headers: {
+            "x-medusa-access-token": "test_token",
+            "x-publishable-api-key": pubKeyId,
+          },
+        })
+        .catch((err) => {
+          return err.response
+        })
+
+      expect(response.status).toEqual(404)
+      expect(response.data.message).toEqual(
+        "Product with id: does-not-exist was not found"
+      )
+    })
+
    it("correctly returns a product if passed PK has no associated SCs", async () => {
      const api = useApi()

--- a/packages/medusa/src/api/middlewares/publishable-api-key/validate-product-sales-channel-association.ts
+++ b/packages/medusa/src/api/middlewares/publishable-api-key/validate-product-sales-channel-association.ts
@@ -26,13 +26,18 @@ async function validateProductSalesChannelAssociation(
    const { sales_channel_ids: salesChannelIds } =
      await publishableKeyService.getResourceScopes(pubKey)

-    if (
-      salesChannelIds.length &&
-      !(await productService.isProductInSalesChannels(
+    let isProductInSalesChannel = false
+
+    try {
+      isProductInSalesChannel = await productService.isProductInSalesChannels(
        req.params.id,
        salesChannelIds
-      ))
-    ) {
+      )
+    } catch (error) {
+      next(error)
+    }
+
+    if (salesChannelIds.length && !isProductInSalesChannel) {
      req.errors = req.errors ?? []
      req.errors.push(
        `Product with id: ${req.params.id} is not associated with sales channels defined by the Publishable API Key passed in the header of the request.`
--- a/packages/medusa/src/api/middlewares/publishable-api-key/validate-variant-sales-channel-association.ts
+++ b/packages/medusa/src/api/middlewares/publishable-api-key/validate-variant-sales-channel-association.ts
@@ -28,13 +28,19 @@ async function validateProductVariantSalesChannelAssociation(
    const { sales_channel_ids: salesChannelIds } =
      await publishableKeyService.getResourceScopes(pubKey)

-    if (
-      salesChannelIds.length &&
-      !(await productVariantService.isVariantInSalesChannels(
-        req.params.id,
-        salesChannelIds
-      ))
-    ) {
+    let isVariantInSalesChannel = false
+
+    try {
+      isVariantInSalesChannel =
+        await productVariantService.isVariantInSalesChannels(
+          req.params.id,
+          salesChannelIds
+        )
+    } catch (error) {
+      next(error)
+    }
+
+    if (salesChannelIds.length && !isVariantInSalesChannel) {
      req.errors = req.errors ?? []
      req.errors.push(
        `Variant with id: ${req.params.id} is not associated with sales channels defined by the Publishable API Key passed in the header of the request.`