69 lines
1.6 KiB
TypeScript
69 lines
1.6 KiB
TypeScript
import {
|
|
MedusaNextFunction,
|
|
MedusaResponse,
|
|
MedusaStoreRequest,
|
|
} from "@medusajs/framework/http"
|
|
import {
|
|
ApiKeyType,
|
|
isPresent,
|
|
MedusaError,
|
|
PUBLISHABLE_KEY_HEADER,
|
|
} from "@medusajs/framework/utils"
|
|
import { refetchEntity } from "../../api/utils/refetch-entity"
|
|
|
|
export function ensurePublishableApiKey() {
|
|
return async (
|
|
req: MedusaStoreRequest,
|
|
_res: MedusaResponse,
|
|
next: MedusaNextFunction
|
|
) => {
|
|
const publishableApiKey = req.get("x-publishable-api-key")
|
|
|
|
if (!isPresent(publishableApiKey)) {
|
|
try {
|
|
throw new MedusaError(
|
|
MedusaError.Types.NOT_ALLOWED,
|
|
`Publishable API key required in the request header: ${PUBLISHABLE_KEY_HEADER}. You can manage your keys in settings in the dashboard.`
|
|
)
|
|
} catch (e) {
|
|
return next(e)
|
|
}
|
|
}
|
|
|
|
// TODO: Replace this with the fancy new gql fetch
|
|
const apiKey = await refetchEntity(
|
|
"api_key",
|
|
{
|
|
token: publishableApiKey,
|
|
type: ApiKeyType.PUBLISHABLE,
|
|
$or: [
|
|
{ revoked_at: { $eq: null } },
|
|
{ revoked_at: { $gt: new Date() } },
|
|
],
|
|
},
|
|
req.scope,
|
|
["id", "token", "sales_channels_link.sales_channel_id"]
|
|
)
|
|
|
|
if (!apiKey) {
|
|
try {
|
|
throw new MedusaError(
|
|
MedusaError.Types.NOT_ALLOWED,
|
|
`A valid publishable key is required to proceed with the request`
|
|
)
|
|
} catch (e) {
|
|
return next(e)
|
|
}
|
|
}
|
|
|
|
req.publishable_key_context = {
|
|
key: apiKey.token,
|
|
sales_channel_ids: apiKey.sales_channels_link.map(
|
|
(link) => link.sales_channel_id
|
|
),
|
|
}
|
|
|
|
return next()
|
|
}
|
|
}
|