asyavee/medusa-store
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Feat/client authentication api key (#915)

Browse Source 
* feat: Add Auth Admin routes to JS client

* include api key verification for admin

* undo changes

* undo file changes

* improve api key auth

* auth documentation in readme

* pr feedback

* typo

Co-authored-by: olivermrbl <oliver@mrbltech.com>
This commit is contained in:
Philip Korsholm
2021-12-14 16:55:20 +01:00
committed by GitHub
parent 85ef51ad34
commit fee4e46ea7
2 changed files with 40 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
packages/medusa-js/README.md
View File

@@ -23,13 +23,27 @@ yarn add @medusajs/medusa-js
Import Medusa as a default import and initiate it:
```js
import Medusa from '@medusajs/medusa-js';
import Medusa from "@medusajs/medusa-js"
const medusa = new Medusa();
const medusa = new Medusa()
const { cart } = await medusa.carts.create({});
const { cart } = await medusa.carts.create({})
```
### Authentication
Authentication can be achieved in two ways using the `medusa-js` client, either by utilizing API keys or by using cookie based authentication, each with their own unique use case.
#### **Using API keys**
API keys can only be used for admin functionality in Medusa because only users of the admin system have api keys. To use API keys for authentication the key should be used when `medusa-js` is initialized with a config object as described below.
#### **Using cookies**
Authentication using cookies is done automatically by Axios when authenticating using the `auth` endpoints. After authentication all subsequent calls will be authenticated.
_note: Cookie based authentication cannot be used in plain `node.js` applications due to the limitations of axios and `useCredentials` not setting the `Cookie` request header when `set-cookie` is present in the response headers. For pure `node.js` applications use authentication with api keys(see above)_
## Configuration
### Initialize with config object
@@ -39,11 +53,12 @@ The package can be initialized with several options:
```js
const medusa = new Medusa({
maxRetries: 3,
baseUrl: 'https://api.example.com',
});
baseUrl: "https://api.example.com",
})
```
| Option | Default | Description |
| ------------ | ----------------------------------- | ----------------------------------------- |
| `maxRetries` | `0` | The amount of times a request is retried. |
| `baseUrl` | `'http://localhost:9000'` | The url to which requests are made to |
| Option | Default | Description |
| ------------ | ------------------------- | --------------------------------------------------------- |
| `maxRetries` | `0` | The amount of times a request is retried. |
| `baseUrl` | `'http://localhost:9000'` | The url to which requests are made to. |
| `apiKey` | `''` | Optional api key used for authenticating admin requests . |

19
packages/medusa-js/src/request.ts
View File

@@ -2,12 +2,18 @@ import axios, { AxiosError, AxiosInstance } from "axios"
import * as rax from "retry-axios"
import { v4 as uuidv4 } from "uuid"
const unAuthenticatedAdminEndpoints = {
"/admin/auth": "POST",
"/admin/users/password-token": "POST",
"/admin/users/reset-password": "POST",
"/admin/invites/accept": "POST",
}
export interface Config {
baseUrl: string
maxRetries: number
apiKey?: string
}
export interface RequestOptions {
apiKey?: string
timeout?: number
numberOfRetries?: number
}
@@ -83,6 +89,13 @@ class Client {
.join("-")
}
requiresAuthentication(path, method): boolean {
return (
path.startsWith("/admin") &&
unAuthenticatedAdminEndpoints[path] !== method
)
}
/**
* Creates all the initial headers.
* We add the idempotency key, if the request is configured to retry.
@@ -101,10 +114,10 @@ class Client {
"Content-Type": "application/json",
}
// TODO: if route is an authenticated route, add api key
if (path.startsWith("/admin")) {
if (this.config.apiKey && this.requiresAuthentication(path, method)) {
defaultHeaders = {
...defaultHeaders,
Authorization: `Bearer ${this.config.apiKey}`,
}
}