diff --git a/.changeset/tough-wombats-tan.md b/.changeset/tough-wombats-tan.md new file mode 100644 index 0000000000..d441475f61 --- /dev/null +++ b/.changeset/tough-wombats-tan.md @@ -0,0 +1,5 @@ +--- +"@medusajs/medusa": patch +--- + +fix(medusa): raise error properly in api-key middleware if product is not found diff --git a/integration-tests/api/__tests__/admin/publishable-api-key.js b/integration-tests/api/__tests__/admin/publishable-api-key.js index 513e553f2f..4f4765adc6 100644 --- a/integration-tests/api/__tests__/admin/publishable-api-key.js +++ b/integration-tests/api/__tests__/admin/publishable-api-key.js @@ -385,13 +385,11 @@ describe("Publishable API keys", () => { }) await dbConnection.manager.query( - `INSERT INTO - publishable_api_key_sales_channel - (publishable_key_id, sales_channel_id) - VALUES - ('${pubKeyId}', '${salesChannel1.id}'), - ('${pubKeyId}', '${salesChannel2.id}'), - ('${pubKeyId}', '${salesChannel3.id}');` + `INSERT INTO publishable_api_key_sales_channel + (publishable_key_id, sales_channel_id) + VALUES ('${pubKeyId}', '${salesChannel1.id}'), + ('${pubKeyId}', '${salesChannel2.id}'), + ('${pubKeyId}', '${salesChannel3.id}');` ) }) @@ -468,12 +466,10 @@ describe("Publishable API keys", () => { }) await dbConnection.manager.query( - `INSERT INTO - publishable_api_key_sales_channel + `INSERT INTO publishable_api_key_sales_channel (publishable_key_id, sales_channel_id) - VALUES - ('${pubKeyId}', '${salesChannel1.id}'), - ('${pubKeyId}', '${salesChannel2.id}');` + VALUES ('${pubKeyId}', '${salesChannel1.id}'), + ('${pubKeyId}', '${salesChannel2.id}');` ) }) @@ -856,6 +852,62 @@ describe("Publishable API keys", () => { expect(response.status).toEqual(400) }) + it("should return 404 when the requested variant doesn't exist", async () => { + const api = useApi() + + await api.post( + `/admin/publishable-api-keys/${pubKeyId}/sales-channels/batch`, + { + sales_channel_ids: [{ id: salesChannel1.id }], + }, + adminHeaders + ) + + const response = await api + .get(`/store/variants/does-not-exist`, { + headers: { + "x-medusa-access-token": "test_token", + "x-publishable-api-key": pubKeyId, + }, + }) + .catch((err) => { + return err.response + }) + + expect(response.status).toEqual(404) + expect(response.data.message).toEqual( + "Variant with id: does-not-exist was not found" + ) + }) + + it("should return 404 when the requested product doesn't exist", async () => { + const api = useApi() + + await api.post( + `/admin/publishable-api-keys/${pubKeyId}/sales-channels/batch`, + { + sales_channel_ids: [{ id: salesChannel1.id }], + }, + adminHeaders + ) + + const response = await api + .get(`/store/products/does-not-exist`, { + headers: { + "x-medusa-access-token": "test_token", + "x-publishable-api-key": pubKeyId, + }, + }) + .catch((err) => { + return err.response + }) + + expect(response.status).toEqual(404) + expect(response.data.message).toEqual( + "Product with id: does-not-exist was not found" + ) + }) + it("correctly returns a product if passed PK has no associated SCs", async () => { const api = useApi() diff --git a/packages/medusa/src/api/middlewares/publishable-api-key/validate-product-sales-channel-association.ts b/packages/medusa/src/api/middlewares/publishable-api-key/validate-product-sales-channel-association.ts index f05bb09944..6ee0c8daac 100644 --- a/packages/medusa/src/api/middlewares/publishable-api-key/validate-product-sales-channel-association.ts +++ b/packages/medusa/src/api/middlewares/publishable-api-key/validate-product-sales-channel-association.ts @@ -26,13 +26,18 @@ async function validateProductSalesChannelAssociation( const { sales_channel_ids: salesChannelIds } = await publishableKeyService.getResourceScopes(pubKey) - if ( - salesChannelIds.length && - !(await productService.isProductInSalesChannels( + let isProductInSalesChannel = false + + try { + isProductInSalesChannel = await productService.isProductInSalesChannels( req.params.id, salesChannelIds - )) - ) { + ) + } catch (error) { + next(error) + } + + if (salesChannelIds.length && !isProductInSalesChannel) { req.errors = req.errors ?? [] req.errors.push( `Product with id: ${req.params.id} is not associated with sales channels defined by the Publishable API Key passed in the header of the request.` diff --git a/packages/medusa/src/api/middlewares/publishable-api-key/validate-variant-sales-channel-association.ts b/packages/medusa/src/api/middlewares/publishable-api-key/validate-variant-sales-channel-association.ts index ce7e4cfc07..fe0785ec71 100644 --- a/packages/medusa/src/api/middlewares/publishable-api-key/validate-variant-sales-channel-association.ts +++ b/packages/medusa/src/api/middlewares/publishable-api-key/validate-variant-sales-channel-association.ts @@ -28,13 +28,19 @@ async function validateProductVariantSalesChannelAssociation( const { sales_channel_ids: salesChannelIds } = await publishableKeyService.getResourceScopes(pubKey) - if ( - salesChannelIds.length && - !(await productVariantService.isVariantInSalesChannels( - req.params.id, - salesChannelIds - )) - ) { + let isVariantInSalesChannel = false + + try { + isVariantInSalesChannel = + await productVariantService.isVariantInSalesChannels( + req.params.id, + salesChannelIds + ) + } catch (error) { + next(error) + } + + if (salesChannelIds.length && !isVariantInSalesChannel) { req.errors = req.errors ?? [] req.errors.push( `Variant with id: ${req.params.id} is not associated with sales channels defined by the Publishable API Key passed in the header of the request.`