**What**
To maintain the backward compatibility, we use to populate `created_at` no matter what. But since we can break things from v1, I ll remove it as we moved the default ordering to the repository layer
**What**
- remove medusa-core-utils
- dispatch the utils where they belongs
- update usage
**NOTE**
I have been wondering if the graceful class should go into the utils package or medusa package, I ve put it in the medusa package as it seems to be the best place I can see for now and is tight to the server as well. Also, I wanted to avoid the utils package to depends on http and net dependencies, happy to change that if you feel like it
* feat: Add email pass authentication provider package
* feat: Revamp auth module and remove concept of scope
* feat: Revamp the auth module to be more standardized in how providers are loaded
* feat: Switch from scope to actor type for authentication
* feat: Add support for per-actor auth methods
* feat: Add emailpass auth provider by default
* fix: Add back app_metadata in auth module
* chore: Clean up authentication middlewares
* chore: Rename AuthUser to AuthIdentity
* feat: Define link between user, customer, and auth identity
* feat: Use links for auth, update auth context content
* fix: Adjust user create command with new auth setup
* fix: Make auth login more dynamic, review fixes
* fix: Change test assertions for created by
* chore: Remove unused validations and utilities
* chore: Remove all resources that are not being loaded
* chore: Remove unused dependencies, typeorm related code and fix tests
* chore: Use createAdminUser in all module tests
Noticed that `RequestQueryFields` is defined in both the `medusa` and `types` package. Within the `medusa` package sometimes it uses the local type definition or the definition in `types`.
This PR removes the type definition of `RequestQueryFields` in `medusa` and uses that in `types` instead.
**What**
Update all transform middleware to support the new API
- deprecate `defaultRelations`
- deprecate `allowedRelations`
- Add `defaults` and `allowed` in replacement for `defaultFields` and `allowedFields` respectively
- in the `defaults` it is possible to specify a field such as `*variants` in order to be recognized as a relation only without specifying any property
- add support for `remoteQueryConfig` assigned to req like we have for `listConfig` and `retrieveConfig`
- add support to override `allowed|allowedFields` if a previous middleware have set it up on the req.allowed
- The api now accepts `fields` as the only accepted fields to manage the requested props and relations, the `expand` property have been deprecated. New supported symbols have been added in complement of the fields
- `+` (e.g `/store/products?fields=+description`) to specify that description should be added as part of the returned data among the other defined fields
- `-` (e.g `/store/products?fields=-description`) to specify that description should be removed as part of the returned data
- `*` (e.g `/store/products?fields=*variants`) to specify that the variants relations should be added as part of the returned data among the other defined fields without having to specify which property of the variants should be returned. In the `defaults` config of the transform middleware it is also possible to use this symbol
- In the case no symbol is provided, it will replace the default fields and mean that only the specified fields must be returned
About the allowed validation, all fields in the `defaults` configuration must be present in the `allowed` configuration.
In case the `defaults` contains full relation selection (e.g `*product.variants`) it should be present in the `allowed` as `product.variants`. In case in the `defaults` you add `product.variants.id`, it will be allowed if the `allowed` configuration includes either `product.variants.id` as full match or `product.variants` as it means that we allow all properties from `product.variants`
Also, support for `*` selection on the remote query/joiner have been added
**Note**
All v2 end points refactoring can be done separately
**What**
- make token auth the default being returned from authentication endpoints in api-v2
- Add `auth/session` to convert token to session based auth
- add regex-scopes to authenticate middleware
Co-authored-by: Sebastian Rindom <7554214+srindom@users.noreply.github.com>
**What**
- Add authentication endpoints:
- `/auth/[scope]/[provider]`
- `/auth/[scope]/[provider]/callback`
- update authenticate-middleware handler
- Add scope field to user
- Add unique constraint on scope and entity_id
note: there's still some remaining work related to jwt auth to be handled, this is mainly focussed on session auth with endpoints
Co-authored-by: Sebastian Rindom <7554214+srindom@users.noreply.github.com>
What:
- When calling a module's method inside a Local Workflow the MedusaContext is passed as the last argument to the method if not provided
- Add `requestId` to req
- A couple of fixes on Remote Joiner and the data fetcher for internal services
Why:
- The context used to initialize the workflow has to be shared with all modules. properties like transactionId will be used to emit events and requestId to trace logs for example.
