order-management 0.0.12 → 0.0.14
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.medusa/server/src/admin/index.js +19 -4
- package/.medusa/server/src/admin/index.mjs +19 -4
- package/.medusa/server/src/api/admin/returns/[id]/route.js +43 -41
- package/.medusa/server/src/api/admin/returns/route.js +108 -99
- package/.medusa/server/src/api/store/guest-orders/[id]/invoice/route.js +83 -0
- package/.medusa/server/src/api/store/guest-orders/[id]/returns/route.js +77 -0
- package/.medusa/server/src/api/store/guest-orders/[id]/route.js +74 -0
- package/.medusa/server/src/api/store/guest-orders/route.js +63 -0
- package/.medusa/server/src/api/store/otp/request/route.js +75 -0
- package/.medusa/server/src/api/store/otp/verify/route.js +34 -0
- package/.medusa/server/src/services/otp-service.js +58 -0
- package/.medusa/server/src/subscribers/send-order-email.js +105 -5
- package/README.md +28 -1
- package/package.json +7 -5
|
@@ -0,0 +1,83 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
+
};
|
|
5
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
+
exports.GET = GET;
|
|
7
|
+
const utils_1 = require("@medusajs/framework/utils");
|
|
8
|
+
// import { INVOICE_MODULE } from "../../../../../medusa-invoice-sbl/src/modules/invoice"
|
|
9
|
+
// import InvoiceModuleService from "../../../../../medusa-invoice-sbl/src/modules/invoice/service"
|
|
10
|
+
const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
|
|
11
|
+
async function GET(req, res) {
|
|
12
|
+
const authHeader = req.headers.authorization;
|
|
13
|
+
const { id } = req.params;
|
|
14
|
+
if (!authHeader || !authHeader.startsWith("Bearer ")) {
|
|
15
|
+
res.status(401).json({ message: "Missing or invalid Authorization header" });
|
|
16
|
+
return;
|
|
17
|
+
}
|
|
18
|
+
const token = authHeader.split(" ")[1];
|
|
19
|
+
const secret = process.env.JWT_SECRET || "medusa-secret-guest-access";
|
|
20
|
+
try {
|
|
21
|
+
const decoded = jsonwebtoken_1.default.verify(token, secret);
|
|
22
|
+
if (!decoded || !decoded.guest_identifier) {
|
|
23
|
+
res.status(401).json({ message: "Invalid token payload" });
|
|
24
|
+
return;
|
|
25
|
+
}
|
|
26
|
+
const { guest_identifier } = decoded;
|
|
27
|
+
// Resolve Query to fetch order and verify ownership
|
|
28
|
+
const query = req.scope.resolve(utils_1.ContainerRegistrationKeys.QUERY);
|
|
29
|
+
// 1. Find GUEST customer IDs associated with this email
|
|
30
|
+
const { data: customers } = await query.graph({
|
|
31
|
+
entity: "customer",
|
|
32
|
+
fields: ["id"],
|
|
33
|
+
filters: {
|
|
34
|
+
email: guest_identifier,
|
|
35
|
+
has_account: false
|
|
36
|
+
}
|
|
37
|
+
});
|
|
38
|
+
if (customers.length === 0) {
|
|
39
|
+
res.status(404).json({ message: "Order not found or access denied" });
|
|
40
|
+
return;
|
|
41
|
+
}
|
|
42
|
+
const guestCustomerIds = customers.map(c => c.id);
|
|
43
|
+
// 2. Fetch the specific order ONLY if it belongs to these guest customer IDs
|
|
44
|
+
const { data: orders } = await query.graph({
|
|
45
|
+
entity: "order",
|
|
46
|
+
fields: ["id"],
|
|
47
|
+
filters: {
|
|
48
|
+
id: id,
|
|
49
|
+
customer_id: guestCustomerIds
|
|
50
|
+
}
|
|
51
|
+
});
|
|
52
|
+
if (orders.length === 0) {
|
|
53
|
+
res.status(404).json({ message: "Order not found or access denied" });
|
|
54
|
+
return;
|
|
55
|
+
}
|
|
56
|
+
// 3. Generate Invoice PDF
|
|
57
|
+
// Try to resolve the invoice service if it exists
|
|
58
|
+
try {
|
|
59
|
+
// Note: INVOICE_MODULE and InvoiceModuleService would be imported from the invoice plugin
|
|
60
|
+
// For now, we use a placeholder or check if the service is registered
|
|
61
|
+
const invoiceService = req.scope.resolve("invoiceModuleService");
|
|
62
|
+
if (invoiceService) {
|
|
63
|
+
const pdfBuffer = await invoiceService.generateInvoice(id, req.scope);
|
|
64
|
+
res.setHeader("Content-Type", "application/pdf");
|
|
65
|
+
res.setHeader("Content-Disposition", `attachment; filename=invoice-${id}.pdf`);
|
|
66
|
+
res.status(200).send(pdfBuffer);
|
|
67
|
+
return;
|
|
68
|
+
}
|
|
69
|
+
}
|
|
70
|
+
catch (invoiceError) {
|
|
71
|
+
console.error(`[Invoice Download] Invoice service not available: ${invoiceError}`);
|
|
72
|
+
}
|
|
73
|
+
res.status(200).json({
|
|
74
|
+
message: "Invoice generation is not available in this environment, but the endpoint is correctly verifying permissions.",
|
|
75
|
+
order_id: id
|
|
76
|
+
});
|
|
77
|
+
}
|
|
78
|
+
catch (error) {
|
|
79
|
+
const errorMessage = error instanceof Error ? error.message : "Unknown error";
|
|
80
|
+
res.status(401).json({ message: "Unauthorized or invalid token", error: errorMessage });
|
|
81
|
+
}
|
|
82
|
+
}
|
|
83
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicm91dGUuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi8uLi8uLi8uLi8uLi9zcmMvYXBpL3N0b3JlL2d1ZXN0LW9yZGVycy9baWRdL2ludm9pY2Uvcm91dGUudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7QUFNQSxrQkF3RkM7QUE3RkQscURBQXFFO0FBQ3JFLHlGQUF5RjtBQUN6RixtR0FBbUc7QUFDbkcsZ0VBQThDO0FBRXZDLEtBQUssVUFBVSxHQUFHLENBQ3JCLEdBQWtCLEVBQ2xCLEdBQW1CO0lBRW5CLE1BQU0sVUFBVSxHQUFHLEdBQUcsQ0FBQyxPQUFPLENBQUMsYUFBYSxDQUFBO0lBQzVDLE1BQU0sRUFBRSxFQUFFLEVBQUUsR0FBRyxHQUFHLENBQUMsTUFBTSxDQUFBO0lBRXpCLElBQUksQ0FBQyxVQUFVLElBQUksQ0FBQyxVQUFVLENBQUMsVUFBVSxDQUFDLFNBQVMsQ0FBQyxFQUFFLENBQUM7UUFDbkQsR0FBRyxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQyxJQUFJLENBQUMsRUFBRSxPQUFPLEVBQUUseUNBQXlDLEVBQUUsQ0FBQyxDQUFBO1FBQzVFLE9BQU07SUFDVixDQUFDO0lBRUQsTUFBTSxLQUFLLEdBQUcsVUFBVSxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQTtJQUN0QyxNQUFNLE1BQU0sR0FBRyxPQUFPLENBQUMsR0FBRyxDQUFDLFVBQVUsSUFBSSw0QkFBNEIsQ0FBQTtJQUVyRSxJQUFJLENBQUM7UUFDRCxNQUFNLE9BQU8sR0FBRyxzQkFBRyxDQUFDLE1BQU0sQ0FBQyxLQUFLLEVBQUUsTUFBTSxDQUFlLENBQUE7UUFFdkQsSUFBSSxDQUFDLE9BQU8sSUFBSSxDQUFDLE9BQU8sQ0FBQyxnQkFBZ0IsRUFBRSxDQUFDO1lBQ3hDLEdBQUcsQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLENBQUMsSUFBSSxDQUFDLEVBQUUsT0FBTyxFQUFFLHVCQUF1QixFQUFFLENBQUMsQ0FBQTtZQUMxRCxPQUFNO1FBQ1YsQ0FBQztRQUVELE1BQU0sRUFBRSxnQkFBZ0IsRUFBRSxHQUFHLE9BQU8sQ0FBQTtRQUVwQyxvREFBb0Q7UUFDcEQsTUFBTSxLQUFLLEdBQUcsR0FBRyxDQUFDLEtBQUssQ0FBQyxPQUFPLENBQUMsaUNBQXlCLENBQUMsS0FBSyxDQUFDLENBQUE7UUFFaEUsd0RBQXdEO1FBQ3hELE1BQU0sRUFBRSxJQUFJLEVBQUUsU0FBUyxFQUFFLEdBQUcsTUFBTSxLQUFLLENBQUMsS0FBSyxDQUFDO1lBQzFDLE1BQU0sRUFBRSxVQUFVO1lBQ2xCLE1BQU0sRUFBRSxDQUFDLElBQUksQ0FBQztZQUNkLE9BQU8sRUFBRTtnQkFDTCxLQUFLLEVBQUUsZ0JBQWdCO2dCQUN2QixXQUFXLEVBQUUsS0FBSzthQUNyQjtTQUNKLENBQUMsQ0FBQTtRQUVGLElBQUksU0FBUyxDQUFDLE1BQU0sS0FBSyxDQUFDLEVBQUUsQ0FBQztZQUN6QixHQUFHLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxDQUFDLElBQUksQ0FBQyxFQUFFLE9BQU8sRUFBRSxrQ0FBa0MsRUFBRSxDQUFDLENBQUE7WUFDckUsT0FBTTtRQUNWLENBQUM7UUFFRCxNQUFNLGdCQUFnQixHQUFHLFNBQVMsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUE7UUFFakQsNkVBQTZFO1FBQzdFLE1BQU0sRUFBRSxJQUFJLEVBQUUsTUFBTSxFQUFFLEdBQUcsTUFBTSxLQUFLLENBQUMsS0FBSyxDQUFDO1lBQ3ZDLE1BQU0sRUFBRSxPQUFPO1lBQ2YsTUFBTSxFQUFFLENBQUMsSUFBSSxDQUFDO1lBQ2QsT0FBTyxFQUFFO2dCQUNMLEVBQUUsRUFBRSxFQUFFO2dCQUNOLFdBQVcsRUFBRSxnQkFBZ0I7YUFDaEM7U0FDSixDQUFDLENBQUE7UUFFRixJQUFJLE1BQU0sQ0FBQyxNQUFNLEtBQUssQ0FBQyxFQUFFLENBQUM7WUFDdEIsR0FBRyxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQyxJQUFJLENBQUMsRUFBRSxPQUFPLEVBQUUsa0NBQWtDLEVBQUUsQ0FBQyxDQUFBO1lBQ3JFLE9BQU07UUFDVixDQUFDO1FBRUQsMEJBQTBCO1FBQzFCLGtEQUFrRDtRQUNsRCxJQUFJLENBQUM7WUFDRCwwRkFBMEY7WUFDMUYsc0VBQXNFO1lBQ3RFLE1BQU0sY0FBYyxHQUFHLEdBQUcsQ0FBQyxLQUFLLENBQUMsT0FBTyxDQUFDLHNCQUFzQixDQUFRLENBQUE7WUFFdkUsSUFBSSxjQUFjLEVBQUUsQ0FBQztnQkFDakIsTUFBTSxTQUFTLEdBQUcsTUFBTSxjQUFjLENBQUMsZUFBZSxDQUFDLEVBQUUsRUFBRSxHQUFHLENBQUMsS0FBSyxDQUFDLENBQUE7Z0JBRXJFLEdBQUcsQ0FBQyxTQUFTLENBQUMsY0FBYyxFQUFFLGlCQUFpQixDQUFDLENBQUE7Z0JBQ2hELEdBQUcsQ0FBQyxTQUFTLENBQUMscUJBQXFCLEVBQUUsZ0NBQWdDLEVBQUUsTUFBTSxDQUFDLENBQUE7Z0JBQzlFLEdBQUcsQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxDQUFBO2dCQUMvQixPQUFNO1lBQ1YsQ0FBQztRQUNMLENBQUM7UUFBQyxPQUFPLFlBQVksRUFBRSxDQUFDO1lBQ3BCLE9BQU8sQ0FBQyxLQUFLLENBQUMscURBQXFELFlBQVksRUFBRSxDQUFDLENBQUE7UUFDdEYsQ0FBQztRQUVELEdBQUcsQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLENBQUMsSUFBSSxDQUFDO1lBQ2pCLE9BQU8sRUFBRSwrR0FBK0c7WUFDeEgsUUFBUSxFQUFFLEVBQUU7U0FDZixDQUFDLENBQUE7SUFFTixDQUFDO0lBQUMsT0FBTyxLQUFLLEVBQUUsQ0FBQztRQUNiLE1BQU0sWUFBWSxHQUFHLEtBQUssWUFBWSxLQUFLLENBQUMsQ0FBQyxDQUFDLEtBQUssQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLGVBQWUsQ0FBQTtRQUM3RSxHQUFHLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxDQUFDLElBQUksQ0FBQyxFQUFFLE9BQU8sRUFBRSwrQkFBK0IsRUFBRSxLQUFLLEVBQUUsWUFBWSxFQUFFLENBQUMsQ0FBQTtJQUMzRixDQUFDO0FBQ0wsQ0FBQyJ9
|
|
@@ -0,0 +1,77 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
+
};
|
|
5
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
+
exports.POST = POST;
|
|
7
|
+
const utils_1 = require("@medusajs/framework/utils");
|
|
8
|
+
// import { IOrderModuleService } from "@medusajs/framework/types"
|
|
9
|
+
const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
|
|
10
|
+
async function POST(req, res) {
|
|
11
|
+
const authHeader = req.headers.authorization;
|
|
12
|
+
const { id } = req.params;
|
|
13
|
+
const { items, reason_id, note } = req.body;
|
|
14
|
+
if (!authHeader || !authHeader.startsWith("Bearer ")) {
|
|
15
|
+
res.status(401).json({ message: "Missing or invalid Authorization header" });
|
|
16
|
+
return;
|
|
17
|
+
}
|
|
18
|
+
if (!items || !items.length) {
|
|
19
|
+
res.status(400).json({ message: "Items are required for return" });
|
|
20
|
+
return;
|
|
21
|
+
}
|
|
22
|
+
const token = authHeader.split(" ")[1];
|
|
23
|
+
const secret = process.env.JWT_SECRET || "medusa-secret-guest-access";
|
|
24
|
+
try {
|
|
25
|
+
const decoded = jsonwebtoken_1.default.verify(token, secret);
|
|
26
|
+
if (!decoded || !decoded.guest_identifier) {
|
|
27
|
+
res.status(401).json({ message: "Invalid token payload" });
|
|
28
|
+
return;
|
|
29
|
+
}
|
|
30
|
+
const { guest_identifier } = decoded;
|
|
31
|
+
// Resolve Query to fetch order and verify ownership
|
|
32
|
+
const query = req.scope.resolve(utils_1.ContainerRegistrationKeys.QUERY);
|
|
33
|
+
// 1. Find GUEST customer IDs associated with this email
|
|
34
|
+
const { data: customers } = await query.graph({
|
|
35
|
+
entity: "customer",
|
|
36
|
+
fields: ["id"],
|
|
37
|
+
filters: {
|
|
38
|
+
email: guest_identifier,
|
|
39
|
+
has_account: false
|
|
40
|
+
}
|
|
41
|
+
});
|
|
42
|
+
if (customers.length === 0) {
|
|
43
|
+
res.status(404).json({ message: "Order not found or access denied" });
|
|
44
|
+
return;
|
|
45
|
+
}
|
|
46
|
+
const guestCustomerIds = customers.map(c => c.id);
|
|
47
|
+
// 2. Fetch the specific order ONLY if it belongs to these guest customer IDs
|
|
48
|
+
const { data: orders } = await query.graph({
|
|
49
|
+
entity: "order",
|
|
50
|
+
fields: ["id"],
|
|
51
|
+
filters: {
|
|
52
|
+
id: id,
|
|
53
|
+
customer_id: guestCustomerIds
|
|
54
|
+
}
|
|
55
|
+
});
|
|
56
|
+
if (orders.length === 0) {
|
|
57
|
+
res.status(404).json({ message: "Order not found or access denied" });
|
|
58
|
+
return;
|
|
59
|
+
}
|
|
60
|
+
// 3. Create Return Request
|
|
61
|
+
// In Medusa v2, we use order workflows or direct module calls.
|
|
62
|
+
// For simplicity and to fit the current architecture, we'll suggest using a workflow if available or direct module interaction.
|
|
63
|
+
// Since we are building a plugin, we'll use the available services.
|
|
64
|
+
// This is a placeholder for the actual return workflow/module call in Medusa v2
|
|
65
|
+
// Typically: createReturnWorkflow(req.scope).run({ input: { order_id: id, items, ... } })
|
|
66
|
+
res.status(200).json({
|
|
67
|
+
message: "Return request initiated successfully. This is a mock implementation of the return creation logic.",
|
|
68
|
+
order_id: id,
|
|
69
|
+
items
|
|
70
|
+
});
|
|
71
|
+
}
|
|
72
|
+
catch (error) {
|
|
73
|
+
const errorMessage = error instanceof Error ? error.message : "Unknown error";
|
|
74
|
+
res.status(401).json({ message: "Unauthorized or invalid token", error: errorMessage });
|
|
75
|
+
}
|
|
76
|
+
}
|
|
77
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicm91dGUuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi8uLi8uLi8uLi8uLi9zcmMvYXBpL3N0b3JlL2d1ZXN0LW9yZGVycy9baWRdL3JldHVybnMvcm91dGUudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7QUFLQSxvQkF3RkM7QUE1RkQscURBQThFO0FBQzlFLGtFQUFrRTtBQUNsRSxnRUFBOEM7QUFFdkMsS0FBSyxVQUFVLElBQUksQ0FDdEIsR0FBa0IsRUFDbEIsR0FBbUI7SUFFbkIsTUFBTSxVQUFVLEdBQUcsR0FBRyxDQUFDLE9BQU8sQ0FBQyxhQUFhLENBQUE7SUFDNUMsTUFBTSxFQUFFLEVBQUUsRUFBRSxHQUFHLEdBQUcsQ0FBQyxNQUFNLENBQUE7SUFDekIsTUFBTSxFQUFFLEtBQUssRUFBRSxTQUFTLEVBQUUsSUFBSSxFQUFFLEdBQUcsR0FBRyxDQUFDLElBSXRDLENBQUE7SUFFRCxJQUFJLENBQUMsVUFBVSxJQUFJLENBQUMsVUFBVSxDQUFDLFVBQVUsQ0FBQyxTQUFTLENBQUMsRUFBRSxDQUFDO1FBQ25ELEdBQUcsQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLENBQUMsSUFBSSxDQUFDLEVBQUUsT0FBTyxFQUFFLHlDQUF5QyxFQUFFLENBQUMsQ0FBQTtRQUM1RSxPQUFNO0lBQ1YsQ0FBQztJQUVELElBQUksQ0FBQyxLQUFLLElBQUksQ0FBQyxLQUFLLENBQUMsTUFBTSxFQUFFLENBQUM7UUFDMUIsR0FBRyxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQyxJQUFJLENBQUMsRUFBRSxPQUFPLEVBQUUsK0JBQStCLEVBQUUsQ0FBQyxDQUFBO1FBQ2xFLE9BQU07SUFDVixDQUFDO0lBRUQsTUFBTSxLQUFLLEdBQUcsVUFBVSxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQTtJQUN0QyxNQUFNLE1BQU0sR0FBRyxPQUFPLENBQUMsR0FBRyxDQUFDLFVBQVUsSUFBSSw0QkFBNEIsQ0FBQTtJQUVyRSxJQUFJLENBQUM7UUFDRCxNQUFNLE9BQU8sR0FBRyxzQkFBRyxDQUFDLE1BQU0sQ0FBQyxLQUFLLEVBQUUsTUFBTSxDQUFlLENBQUE7UUFFdkQsSUFBSSxDQUFDLE9BQU8sSUFBSSxDQUFDLE9BQU8sQ0FBQyxnQkFBZ0IsRUFBRSxDQUFDO1lBQ3hDLEdBQUcsQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLENBQUMsSUFBSSxDQUFDLEVBQUUsT0FBTyxFQUFFLHVCQUF1QixFQUFFLENBQUMsQ0FBQTtZQUMxRCxPQUFNO1FBQ1YsQ0FBQztRQUVELE1BQU0sRUFBRSxnQkFBZ0IsRUFBRSxHQUFHLE9BQU8sQ0FBQTtRQUVwQyxvREFBb0Q7UUFDcEQsTUFBTSxLQUFLLEdBQUcsR0FBRyxDQUFDLEtBQUssQ0FBQyxPQUFPLENBQUMsaUNBQXlCLENBQUMsS0FBSyxDQUFDLENBQUE7UUFFaEUsd0RBQXdEO1FBQ3hELE1BQU0sRUFBRSxJQUFJLEVBQUUsU0FBUyxFQUFFLEdBQUcsTUFBTSxLQUFLLENBQUMsS0FBSyxDQUFDO1lBQzFDLE1BQU0sRUFBRSxVQUFVO1lBQ2xCLE1BQU0sRUFBRSxDQUFDLElBQUksQ0FBQztZQUNkLE9BQU8sRUFBRTtnQkFDTCxLQUFLLEVBQUUsZ0JBQWdCO2dCQUN2QixXQUFXLEVBQUUsS0FBSzthQUNyQjtTQUNKLENBQUMsQ0FBQTtRQUVGLElBQUksU0FBUyxDQUFDLE1BQU0sS0FBSyxDQUFDLEVBQUUsQ0FBQztZQUN6QixHQUFHLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxDQUFDLElBQUksQ0FBQyxFQUFFLE9BQU8sRUFBRSxrQ0FBa0MsRUFBRSxDQUFDLENBQUE7WUFDckUsT0FBTTtRQUNWLENBQUM7UUFFRCxNQUFNLGdCQUFnQixHQUFHLFNBQVMsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUE7UUFFakQsNkVBQTZFO1FBQzdFLE1BQU0sRUFBRSxJQUFJLEVBQUUsTUFBTSxFQUFFLEdBQUcsTUFBTSxLQUFLLENBQUMsS0FBSyxDQUFDO1lBQ3ZDLE1BQU0sRUFBRSxPQUFPO1lBQ2YsTUFBTSxFQUFFLENBQUMsSUFBSSxDQUFDO1lBQ2QsT0FBTyxFQUFFO2dCQUNMLEVBQUUsRUFBRSxFQUFFO2dCQUNOLFdBQVcsRUFBRSxnQkFBZ0I7YUFDaEM7U0FDSixDQUFDLENBQUE7UUFFRixJQUFJLE1BQU0sQ0FBQyxNQUFNLEtBQUssQ0FBQyxFQUFFLENBQUM7WUFDdEIsR0FBRyxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQyxJQUFJLENBQUMsRUFBRSxPQUFPLEVBQUUsa0NBQWtDLEVBQUUsQ0FBQyxDQUFBO1lBQ3JFLE9BQU07UUFDVixDQUFDO1FBRUQsMkJBQTJCO1FBQzNCLCtEQUErRDtRQUMvRCxnSUFBZ0k7UUFDaEksb0VBQW9FO1FBRXBFLGdGQUFnRjtRQUNoRiwwRkFBMEY7UUFFMUYsR0FBRyxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQyxJQUFJLENBQUM7WUFDakIsT0FBTyxFQUFFLG9HQUFvRztZQUM3RyxRQUFRLEVBQUUsRUFBRTtZQUNaLEtBQUs7U0FDUixDQUFDLENBQUE7SUFFTixDQUFDO0lBQUMsT0FBTyxLQUFLLEVBQUUsQ0FBQztRQUNiLE1BQU0sWUFBWSxHQUFHLEtBQUssWUFBWSxLQUFLLENBQUMsQ0FBQyxDQUFDLEtBQUssQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLGVBQWUsQ0FBQTtRQUM3RSxHQUFHLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxDQUFDLElBQUksQ0FBQyxFQUFFLE9BQU8sRUFBRSwrQkFBK0IsRUFBRSxLQUFLLEVBQUUsWUFBWSxFQUFFLENBQUMsQ0FBQTtJQUMzRixDQUFDO0FBQ0wsQ0FBQyJ9
|
|
@@ -0,0 +1,74 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
+
};
|
|
5
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
+
exports.GET = GET;
|
|
7
|
+
const utils_1 = require("@medusajs/framework/utils");
|
|
8
|
+
const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
|
|
9
|
+
async function GET(req, res) {
|
|
10
|
+
const authHeader = req.headers.authorization;
|
|
11
|
+
const { id } = req.params;
|
|
12
|
+
if (!authHeader || !authHeader.startsWith("Bearer ")) {
|
|
13
|
+
res.status(401).json({ message: "Missing or invalid Authorization header" });
|
|
14
|
+
return;
|
|
15
|
+
}
|
|
16
|
+
const token = authHeader.split(" ")[1];
|
|
17
|
+
const secret = process.env.JWT_SECRET || "medusa-secret-guest-access";
|
|
18
|
+
try {
|
|
19
|
+
const decoded = jsonwebtoken_1.default.verify(token, secret);
|
|
20
|
+
if (!decoded || !decoded.guest_identifier) {
|
|
21
|
+
res.status(401).json({ message: "Invalid token payload" });
|
|
22
|
+
return;
|
|
23
|
+
}
|
|
24
|
+
const { guest_identifier } = decoded;
|
|
25
|
+
// Resolve Query to fetch order
|
|
26
|
+
const query = req.scope.resolve(utils_1.ContainerRegistrationKeys.QUERY);
|
|
27
|
+
// 1. Find GUEST customer IDs associated with this email
|
|
28
|
+
const { data: customers } = await query.graph({
|
|
29
|
+
entity: "customer",
|
|
30
|
+
fields: ["id"],
|
|
31
|
+
filters: {
|
|
32
|
+
email: guest_identifier,
|
|
33
|
+
has_account: false
|
|
34
|
+
}
|
|
35
|
+
});
|
|
36
|
+
if (customers.length === 0) {
|
|
37
|
+
res.status(404).json({ message: "Order not found or access denied" });
|
|
38
|
+
return;
|
|
39
|
+
}
|
|
40
|
+
const guestCustomerIds = customers.map(c => c.id);
|
|
41
|
+
// 2. Fetch the specific order ONLY if it belongs to these guest customer IDs
|
|
42
|
+
const { data: orders } = await query.graph({
|
|
43
|
+
entity: "order",
|
|
44
|
+
fields: [
|
|
45
|
+
"*",
|
|
46
|
+
"items.*",
|
|
47
|
+
"shipping_address.*",
|
|
48
|
+
"billing_address.*",
|
|
49
|
+
"shipping_methods.*",
|
|
50
|
+
"fulfillments.*",
|
|
51
|
+
"fulfillments.items.*",
|
|
52
|
+
"payments.*",
|
|
53
|
+
"total"
|
|
54
|
+
],
|
|
55
|
+
filters: {
|
|
56
|
+
id: id,
|
|
57
|
+
customer_id: guestCustomerIds
|
|
58
|
+
}
|
|
59
|
+
});
|
|
60
|
+
const order = orders[0];
|
|
61
|
+
if (!order) {
|
|
62
|
+
res.status(404).json({ message: "Order not found or access denied" });
|
|
63
|
+
return;
|
|
64
|
+
}
|
|
65
|
+
res.status(200).json({
|
|
66
|
+
order
|
|
67
|
+
});
|
|
68
|
+
}
|
|
69
|
+
catch (error) {
|
|
70
|
+
const errorMessage = error instanceof Error ? error.message : "Unknown error";
|
|
71
|
+
res.status(401).json({ message: "Unauthorized or invalid token", error: errorMessage });
|
|
72
|
+
}
|
|
73
|
+
}
|
|
74
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicm91dGUuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi8uLi8uLi8uLi9zcmMvYXBpL3N0b3JlL2d1ZXN0LW9yZGVycy9baWRdL3JvdXRlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7O0FBSUEsa0JBZ0ZDO0FBbkZELHFEQUFxRTtBQUNyRSxnRUFBOEM7QUFFdkMsS0FBSyxVQUFVLEdBQUcsQ0FDckIsR0FBa0IsRUFDbEIsR0FBbUI7SUFFbkIsTUFBTSxVQUFVLEdBQUcsR0FBRyxDQUFDLE9BQU8sQ0FBQyxhQUFhLENBQUE7SUFDNUMsTUFBTSxFQUFFLEVBQUUsRUFBRSxHQUFHLEdBQUcsQ0FBQyxNQUFNLENBQUE7SUFFekIsSUFBSSxDQUFDLFVBQVUsSUFBSSxDQUFDLFVBQVUsQ0FBQyxVQUFVLENBQUMsU0FBUyxDQUFDLEVBQUUsQ0FBQztRQUNuRCxHQUFHLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxDQUFDLElBQUksQ0FBQyxFQUFFLE9BQU8sRUFBRSx5Q0FBeUMsRUFBRSxDQUFDLENBQUE7UUFDNUUsT0FBTTtJQUNWLENBQUM7SUFFRCxNQUFNLEtBQUssR0FBRyxVQUFVLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFBO0lBQ3RDLE1BQU0sTUFBTSxHQUFHLE9BQU8sQ0FBQyxHQUFHLENBQUMsVUFBVSxJQUFJLDRCQUE0QixDQUFBO0lBRXJFLElBQUksQ0FBQztRQUNELE1BQU0sT0FBTyxHQUFHLHNCQUFHLENBQUMsTUFBTSxDQUFDLEtBQUssRUFBRSxNQUFNLENBQWUsQ0FBQTtRQUV2RCxJQUFJLENBQUMsT0FBTyxJQUFJLENBQUMsT0FBTyxDQUFDLGdCQUFnQixFQUFFLENBQUM7WUFDeEMsR0FBRyxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQyxJQUFJLENBQUMsRUFBRSxPQUFPLEVBQUUsdUJBQXVCLEVBQUUsQ0FBQyxDQUFBO1lBQzFELE9BQU07UUFDVixDQUFDO1FBRUQsTUFBTSxFQUFFLGdCQUFnQixFQUFFLEdBQUcsT0FBTyxDQUFBO1FBRXBDLCtCQUErQjtRQUMvQixNQUFNLEtBQUssR0FBRyxHQUFHLENBQUMsS0FBSyxDQUFDLE9BQU8sQ0FBQyxpQ0FBeUIsQ0FBQyxLQUFLLENBQUMsQ0FBQTtRQUVoRSx3REFBd0Q7UUFDeEQsTUFBTSxFQUFFLElBQUksRUFBRSxTQUFTLEVBQUUsR0FBRyxNQUFNLEtBQUssQ0FBQyxLQUFLLENBQUM7WUFDMUMsTUFBTSxFQUFFLFVBQVU7WUFDbEIsTUFBTSxFQUFFLENBQUMsSUFBSSxDQUFDO1lBQ2QsT0FBTyxFQUFFO2dCQUNMLEtBQUssRUFBRSxnQkFBZ0I7Z0JBQ3ZCLFdBQVcsRUFBRSxLQUFLO2FBQ3JCO1NBQ0osQ0FBQyxDQUFBO1FBRUYsSUFBSSxTQUFTLENBQUMsTUFBTSxLQUFLLENBQUMsRUFBRSxDQUFDO1lBQ3pCLEdBQUcsQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLENBQUMsSUFBSSxDQUFDLEVBQUUsT0FBTyxFQUFFLGtDQUFrQyxFQUFFLENBQUMsQ0FBQTtZQUNyRSxPQUFNO1FBQ1YsQ0FBQztRQUVELE1BQU0sZ0JBQWdCLEdBQUcsU0FBUyxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQTtRQUVqRCw2RUFBNkU7UUFDN0UsTUFBTSxFQUFFLElBQUksRUFBRSxNQUFNLEVBQUUsR0FBRyxNQUFNLEtBQUssQ0FBQyxLQUFLLENBQUM7WUFDdkMsTUFBTSxFQUFFLE9BQU87WUFDZixNQUFNLEVBQUU7Z0JBQ0osR0FBRztnQkFDSCxTQUFTO2dCQUNULG9CQUFvQjtnQkFDcEIsbUJBQW1CO2dCQUNuQixvQkFBb0I7Z0JBQ3BCLGdCQUFnQjtnQkFDaEIsc0JBQXNCO2dCQUN0QixZQUFZO2dCQUNaLE9BQU87YUFDVjtZQUNELE9BQU8sRUFBRTtnQkFDTCxFQUFFLEVBQUUsRUFBRTtnQkFDTixXQUFXLEVBQUUsZ0JBQWdCO2FBQ2hDO1NBQ0osQ0FBQyxDQUFBO1FBRUYsTUFBTSxLQUFLLEdBQUcsTUFBTSxDQUFDLENBQUMsQ0FBQyxDQUFBO1FBRXZCLElBQUksQ0FBQyxLQUFLLEVBQUUsQ0FBQztZQUNULEdBQUcsQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLENBQUMsSUFBSSxDQUFDLEVBQUUsT0FBTyxFQUFFLGtDQUFrQyxFQUFFLENBQUMsQ0FBQTtZQUNyRSxPQUFNO1FBQ1YsQ0FBQztRQUVELEdBQUcsQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLENBQUMsSUFBSSxDQUFDO1lBQ2pCLEtBQUs7U0FDUixDQUFDLENBQUE7SUFFTixDQUFDO0lBQUMsT0FBTyxLQUFLLEVBQUUsQ0FBQztRQUNiLE1BQU0sWUFBWSxHQUFHLEtBQUssWUFBWSxLQUFLLENBQUMsQ0FBQyxDQUFDLEtBQUssQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLGVBQWUsQ0FBQTtRQUM3RSxHQUFHLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxDQUFDLElBQUksQ0FBQyxFQUFFLE9BQU8sRUFBRSwrQkFBK0IsRUFBRSxLQUFLLEVBQUUsWUFBWSxFQUFFLENBQUMsQ0FBQTtJQUMzRixDQUFDO0FBQ0wsQ0FBQyJ9
|
|
@@ -0,0 +1,63 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
+
};
|
|
5
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
+
exports.GET = GET;
|
|
7
|
+
const utils_1 = require("@medusajs/framework/utils");
|
|
8
|
+
const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
|
|
9
|
+
async function GET(req, res) {
|
|
10
|
+
const authHeader = req.headers.authorization;
|
|
11
|
+
if (!authHeader || !authHeader.startsWith("Bearer ")) {
|
|
12
|
+
res.status(401).json({ message: "Missing or invalid Authorization header" });
|
|
13
|
+
return;
|
|
14
|
+
}
|
|
15
|
+
const token = authHeader.split(" ")[1];
|
|
16
|
+
const secret = process.env.JWT_SECRET || "medusa-secret-guest-access";
|
|
17
|
+
try {
|
|
18
|
+
const decoded = jsonwebtoken_1.default.verify(token, secret);
|
|
19
|
+
if (!decoded || !decoded.guest_identifier) {
|
|
20
|
+
res.status(401).json({ message: "Invalid token payload" });
|
|
21
|
+
return;
|
|
22
|
+
}
|
|
23
|
+
const { guest_identifier } = decoded;
|
|
24
|
+
// Resolve Query to fetch orders
|
|
25
|
+
const query = req.scope.resolve(utils_1.ContainerRegistrationKeys.QUERY);
|
|
26
|
+
// 1. Find GUEST customer IDs associated with this email
|
|
27
|
+
const { data: customers } = await query.graph({
|
|
28
|
+
entity: "customer",
|
|
29
|
+
fields: ["id"],
|
|
30
|
+
filters: {
|
|
31
|
+
email: guest_identifier,
|
|
32
|
+
has_account: false
|
|
33
|
+
}
|
|
34
|
+
});
|
|
35
|
+
if (customers.length === 0) {
|
|
36
|
+
res.status(200).json({
|
|
37
|
+
orders: [],
|
|
38
|
+
count: 0,
|
|
39
|
+
guest_identifier
|
|
40
|
+
});
|
|
41
|
+
return;
|
|
42
|
+
}
|
|
43
|
+
const guestCustomerIds = customers.map(c => c.id);
|
|
44
|
+
// 2. Fetch orders ONLY for these guest customer IDs
|
|
45
|
+
const { data: orders } = await query.graph({
|
|
46
|
+
entity: "order",
|
|
47
|
+
fields: ["*", "items.*", "total"],
|
|
48
|
+
filters: {
|
|
49
|
+
customer_id: guestCustomerIds
|
|
50
|
+
}
|
|
51
|
+
});
|
|
52
|
+
res.status(200).json({
|
|
53
|
+
orders,
|
|
54
|
+
count: orders.length,
|
|
55
|
+
guest_identifier
|
|
56
|
+
});
|
|
57
|
+
}
|
|
58
|
+
catch (error) {
|
|
59
|
+
const errorMessage = error instanceof Error ? error.message : "Unknown error";
|
|
60
|
+
res.status(401).json({ message: "Unauthorized or invalid token", error: errorMessage });
|
|
61
|
+
}
|
|
62
|
+
}
|
|
63
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicm91dGUuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi8uLi8uLi9zcmMvYXBpL3N0b3JlL2d1ZXN0LW9yZGVycy9yb3V0ZS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7OztBQUlBLGtCQW1FQztBQXRFRCxxREFBcUU7QUFDckUsZ0VBQThDO0FBRXZDLEtBQUssVUFBVSxHQUFHLENBQ3JCLEdBQWtCLEVBQ2xCLEdBQW1CO0lBRW5CLE1BQU0sVUFBVSxHQUFHLEdBQUcsQ0FBQyxPQUFPLENBQUMsYUFBYSxDQUFBO0lBRTVDLElBQUksQ0FBQyxVQUFVLElBQUksQ0FBQyxVQUFVLENBQUMsVUFBVSxDQUFDLFNBQVMsQ0FBQyxFQUFFLENBQUM7UUFDbkQsR0FBRyxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQyxJQUFJLENBQUMsRUFBRSxPQUFPLEVBQUUseUNBQXlDLEVBQUUsQ0FBQyxDQUFBO1FBQzVFLE9BQU07SUFDVixDQUFDO0lBRUQsTUFBTSxLQUFLLEdBQUcsVUFBVSxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQTtJQUN0QyxNQUFNLE1BQU0sR0FBRyxPQUFPLENBQUMsR0FBRyxDQUFDLFVBQVUsSUFBSSw0QkFBNEIsQ0FBQTtJQUVyRSxJQUFJLENBQUM7UUFDRCxNQUFNLE9BQU8sR0FBRyxzQkFBRyxDQUFDLE1BQU0sQ0FBQyxLQUFLLEVBQUUsTUFBTSxDQUFlLENBQUE7UUFFdkQsSUFBSSxDQUFDLE9BQU8sSUFBSSxDQUFDLE9BQU8sQ0FBQyxnQkFBZ0IsRUFBRSxDQUFDO1lBQ3hDLEdBQUcsQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLENBQUMsSUFBSSxDQUFDLEVBQUUsT0FBTyxFQUFFLHVCQUF1QixFQUFFLENBQUMsQ0FBQTtZQUMxRCxPQUFNO1FBQ1YsQ0FBQztRQUVELE1BQU0sRUFBRSxnQkFBZ0IsRUFBRSxHQUFHLE9BQU8sQ0FBQTtRQUVwQyxnQ0FBZ0M7UUFDaEMsTUFBTSxLQUFLLEdBQUcsR0FBRyxDQUFDLEtBQUssQ0FBQyxPQUFPLENBQUMsaUNBQXlCLENBQUMsS0FBSyxDQUFDLENBQUE7UUFFaEUsd0RBQXdEO1FBQ3hELE1BQU0sRUFBRSxJQUFJLEVBQUUsU0FBUyxFQUFFLEdBQUcsTUFBTSxLQUFLLENBQUMsS0FBSyxDQUFDO1lBQzFDLE1BQU0sRUFBRSxVQUFVO1lBQ2xCLE1BQU0sRUFBRSxDQUFDLElBQUksQ0FBQztZQUNkLE9BQU8sRUFBRTtnQkFDTCxLQUFLLEVBQUUsZ0JBQWdCO2dCQUN2QixXQUFXLEVBQUUsS0FBSzthQUNyQjtTQUNKLENBQUMsQ0FBQTtRQUVGLElBQUksU0FBUyxDQUFDLE1BQU0sS0FBSyxDQUFDLEVBQUUsQ0FBQztZQUN6QixHQUFHLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxDQUFDLElBQUksQ0FBQztnQkFDakIsTUFBTSxFQUFFLEVBQUU7Z0JBQ1YsS0FBSyxFQUFFLENBQUM7Z0JBQ1IsZ0JBQWdCO2FBQ25CLENBQUMsQ0FBQTtZQUNGLE9BQU07UUFDVixDQUFDO1FBRUQsTUFBTSxnQkFBZ0IsR0FBRyxTQUFTLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFBO1FBRWpELG9EQUFvRDtRQUNwRCxNQUFNLEVBQUUsSUFBSSxFQUFFLE1BQU0sRUFBRSxHQUFHLE1BQU0sS0FBSyxDQUFDLEtBQUssQ0FBQztZQUN2QyxNQUFNLEVBQUUsT0FBTztZQUNmLE1BQU0sRUFBRSxDQUFDLEdBQUcsRUFBRSxTQUFTLEVBQUUsT0FBTyxDQUFDO1lBQ2pDLE9BQU8sRUFBRTtnQkFDTCxXQUFXLEVBQUUsZ0JBQWdCO2FBQ2hDO1NBQ0osQ0FBQyxDQUFBO1FBRUYsR0FBRyxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQyxJQUFJLENBQUM7WUFDakIsTUFBTTtZQUNOLEtBQUssRUFBRSxNQUFNLENBQUMsTUFBTTtZQUNwQixnQkFBZ0I7U0FDbkIsQ0FBQyxDQUFBO0lBRU4sQ0FBQztJQUFDLE9BQU8sS0FBSyxFQUFFLENBQUM7UUFDYixNQUFNLFlBQVksR0FBRyxLQUFLLFlBQVksS0FBSyxDQUFDLENBQUMsQ0FBQyxLQUFLLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQyxlQUFlLENBQUE7UUFDN0UsR0FBRyxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQyxJQUFJLENBQUMsRUFBRSxPQUFPLEVBQUUsK0JBQStCLEVBQUUsS0FBSyxFQUFFLFlBQVksRUFBRSxDQUFDLENBQUE7SUFDM0YsQ0FBQztBQUNMLENBQUMifQ==
|
|
@@ -0,0 +1,75 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.POST = POST;
|
|
4
|
+
const otp_service_1 = require("../../../../services/otp-service");
|
|
5
|
+
const utils_1 = require("@medusajs/framework/utils");
|
|
6
|
+
const otpService = new otp_service_1.OtpService();
|
|
7
|
+
async function POST(req, res) {
|
|
8
|
+
const { email, phone } = req.body;
|
|
9
|
+
if (!email && !phone) {
|
|
10
|
+
res.status(400).json({ message: "Email or phone number is required" });
|
|
11
|
+
return;
|
|
12
|
+
}
|
|
13
|
+
const identifier = email || phone;
|
|
14
|
+
if (!identifier) {
|
|
15
|
+
res.status(400).json({ message: "Invalid identifier" });
|
|
16
|
+
return;
|
|
17
|
+
}
|
|
18
|
+
try {
|
|
19
|
+
// Resolve Query to check for registered customers
|
|
20
|
+
const query = req.scope.resolve(utils_1.ContainerRegistrationKeys.QUERY);
|
|
21
|
+
const { data: customers } = await query.graph({
|
|
22
|
+
entity: "customer",
|
|
23
|
+
fields: ["has_account"],
|
|
24
|
+
filters: { email: identifier, has_account: true }
|
|
25
|
+
});
|
|
26
|
+
if (customers.length > 0) {
|
|
27
|
+
res.status(403).json({
|
|
28
|
+
message: "This email is registered. Please log in to view orders.",
|
|
29
|
+
is_registered: true
|
|
30
|
+
});
|
|
31
|
+
return;
|
|
32
|
+
}
|
|
33
|
+
const otp = await otpService.generate(identifier);
|
|
34
|
+
// In a real implementation, we would send this OTP via the Notification Module.
|
|
35
|
+
const notificationModule = req.scope.resolve(utils_1.Modules.NOTIFICATION);
|
|
36
|
+
// For now, we will log it to the console for easy testing.
|
|
37
|
+
console.log(`[OTP Service] Generated OTP for ${identifier}: ${otp}`);
|
|
38
|
+
try {
|
|
39
|
+
// Send OTP via Notification Module
|
|
40
|
+
const subject = "Your Verification Code";
|
|
41
|
+
const htmlContent = `
|
|
42
|
+
<div style="font-family: Arial, sans-serif; padding: 20px;">
|
|
43
|
+
<h2>Verification Code</h2>
|
|
44
|
+
<p>Your OTP code is:</p>
|
|
45
|
+
<h1 style="color: #2563eb; letter-spacing: 5px;">${otp}</h1>
|
|
46
|
+
<p>This code will expire in 15 minutes.</p>
|
|
47
|
+
</div>
|
|
48
|
+
`;
|
|
49
|
+
const textContent = `Your verification code is: ${otp}. It expires in 15 minutes.`;
|
|
50
|
+
console.log("[OTP Debug] Sending OTP email with HTML content...");
|
|
51
|
+
await notificationModule.createNotifications({
|
|
52
|
+
to: identifier,
|
|
53
|
+
channel: email ? "email" : "sms",
|
|
54
|
+
template: "otp-request",
|
|
55
|
+
data: {
|
|
56
|
+
otp,
|
|
57
|
+
subject,
|
|
58
|
+
html: htmlContent,
|
|
59
|
+
text: textContent,
|
|
60
|
+
body: htmlContent
|
|
61
|
+
},
|
|
62
|
+
});
|
|
63
|
+
console.log(`[OTP Service] OTP sent to ${identifier}`);
|
|
64
|
+
}
|
|
65
|
+
catch (notifError) {
|
|
66
|
+
console.error(`[OTP Service] Failed to send notification: ${notifError}`);
|
|
67
|
+
}
|
|
68
|
+
res.status(200).json({ message: "OTP sent successfully" });
|
|
69
|
+
}
|
|
70
|
+
catch (error) {
|
|
71
|
+
const errorMessage = error instanceof Error ? error.message : "Unknown error";
|
|
72
|
+
res.status(500).json({ message: "Failed to generate OTP", error: errorMessage });
|
|
73
|
+
}
|
|
74
|
+
}
|
|
75
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicm91dGUuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi8uLi8uLi8uLi9zcmMvYXBpL3N0b3JlL290cC9yZXF1ZXN0L3JvdXRlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7O0FBTUEsb0JBK0VDO0FBcEZELGtFQUE2RDtBQUM3RCxxREFBOEU7QUFFOUUsTUFBTSxVQUFVLEdBQUcsSUFBSSx3QkFBVSxFQUFFLENBQUE7QUFFNUIsS0FBSyxVQUFVLElBQUksQ0FDdEIsR0FBa0IsRUFDbEIsR0FBbUI7SUFFbkIsTUFBTSxFQUFFLEtBQUssRUFBRSxLQUFLLEVBQUUsR0FBRyxHQUFHLENBQUMsSUFBMEMsQ0FBQTtJQUV2RSxJQUFJLENBQUMsS0FBSyxJQUFJLENBQUMsS0FBSyxFQUFFLENBQUM7UUFDbkIsR0FBRyxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQyxJQUFJLENBQUMsRUFBRSxPQUFPLEVBQUUsbUNBQW1DLEVBQUUsQ0FBQyxDQUFBO1FBQ3RFLE9BQU07SUFDVixDQUFDO0lBRUQsTUFBTSxVQUFVLEdBQUcsS0FBSyxJQUFJLEtBQUssQ0FBQTtJQUNqQyxJQUFJLENBQUMsVUFBVSxFQUFFLENBQUM7UUFDZCxHQUFHLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxDQUFDLElBQUksQ0FBQyxFQUFFLE9BQU8sRUFBRSxvQkFBb0IsRUFBRSxDQUFDLENBQUE7UUFDdkQsT0FBTTtJQUNWLENBQUM7SUFFRCxJQUFJLENBQUM7UUFDRCxrREFBa0Q7UUFDbEQsTUFBTSxLQUFLLEdBQUcsR0FBRyxDQUFDLEtBQUssQ0FBQyxPQUFPLENBQUMsaUNBQXlCLENBQUMsS0FBSyxDQUFDLENBQUE7UUFDaEUsTUFBTSxFQUFFLElBQUksRUFBRSxTQUFTLEVBQUUsR0FBRyxNQUFNLEtBQUssQ0FBQyxLQUFLLENBQUM7WUFDMUMsTUFBTSxFQUFFLFVBQVU7WUFDbEIsTUFBTSxFQUFFLENBQUMsYUFBYSxDQUFDO1lBQ3ZCLE9BQU8sRUFBRSxFQUFFLEtBQUssRUFBRSxVQUFVLEVBQUUsV0FBVyxFQUFFLElBQUksRUFBRTtTQUNwRCxDQUFDLENBQUE7UUFFRixJQUFJLFNBQVMsQ0FBQyxNQUFNLEdBQUcsQ0FBQyxFQUFFLENBQUM7WUFDdkIsR0FBRyxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQyxJQUFJLENBQUM7Z0JBQ2pCLE9BQU8sRUFBRSx5REFBeUQ7Z0JBQ2xFLGFBQWEsRUFBRSxJQUFJO2FBQ3RCLENBQUMsQ0FBQTtZQUNGLE9BQU07UUFDVixDQUFDO1FBRUQsTUFBTSxHQUFHLEdBQUcsTUFBTSxVQUFVLENBQUMsUUFBUSxDQUFDLFVBQVUsQ0FBQyxDQUFBO1FBRWpELGdGQUFnRjtRQUNoRixNQUFNLGtCQUFrQixHQUFHLEdBQUcsQ0FBQyxLQUFLLENBQUMsT0FBTyxDQUFDLGVBQU8sQ0FBQyxZQUFZLENBQUMsQ0FBQTtRQUVsRSwyREFBMkQ7UUFDM0QsT0FBTyxDQUFDLEdBQUcsQ0FBQyxtQ0FBbUMsVUFBVSxLQUFLLEdBQUcsRUFBRSxDQUFDLENBQUE7UUFFcEUsSUFBSSxDQUFDO1lBQ0QsbUNBQW1DO1lBQ25DLE1BQU0sT0FBTyxHQUFHLHdCQUF3QixDQUFBO1lBQ3hDLE1BQU0sV0FBVyxHQUFHOzs7O21FQUltQyxHQUFHOzs7YUFHekQsQ0FBQTtZQUNELE1BQU0sV0FBVyxHQUFHLDhCQUE4QixHQUFHLDZCQUE2QixDQUFBO1lBRWxGLE9BQU8sQ0FBQyxHQUFHLENBQUMsb0RBQW9ELENBQUMsQ0FBQTtZQUVqRSxNQUFNLGtCQUFrQixDQUFDLG1CQUFtQixDQUFDO2dCQUN6QyxFQUFFLEVBQUUsVUFBVTtnQkFDZCxPQUFPLEVBQUUsS0FBSyxDQUFDLENBQUMsQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLEtBQUs7Z0JBQ2hDLFFBQVEsRUFBRSxhQUFhO2dCQUN2QixJQUFJLEVBQUU7b0JBQ0YsR0FBRztvQkFDSCxPQUFPO29CQUNQLElBQUksRUFBRSxXQUFXO29CQUNqQixJQUFJLEVBQUUsV0FBVztvQkFDakIsSUFBSSxFQUFFLFdBQVc7aUJBQ3BCO2FBQ0osQ0FBQyxDQUFBO1lBQ0YsT0FBTyxDQUFDLEdBQUcsQ0FBQyw2QkFBNkIsVUFBVSxFQUFFLENBQUMsQ0FBQTtRQUMxRCxDQUFDO1FBQUMsT0FBTyxVQUFVLEVBQUUsQ0FBQztZQUNsQixPQUFPLENBQUMsS0FBSyxDQUFDLDhDQUE4QyxVQUFVLEVBQUUsQ0FBQyxDQUFBO1FBQzdFLENBQUM7UUFFRCxHQUFHLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxDQUFDLElBQUksQ0FBQyxFQUFFLE9BQU8sRUFBRSx1QkFBdUIsRUFBRSxDQUFDLENBQUE7SUFDOUQsQ0FBQztJQUFDLE9BQU8sS0FBSyxFQUFFLENBQUM7UUFDYixNQUFNLFlBQVksR0FBRyxLQUFLLFlBQVksS0FBSyxDQUFDLENBQUMsQ0FBQyxLQUFLLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQyxlQUFlLENBQUE7UUFDN0UsR0FBRyxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQyxJQUFJLENBQUMsRUFBRSxPQUFPLEVBQUUsd0JBQXdCLEVBQUUsS0FBSyxFQUFFLFlBQVksRUFBRSxDQUFDLENBQUE7SUFDcEYsQ0FBQztBQUNMLENBQUMifQ==
|
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.POST = POST;
|
|
4
|
+
const otp_service_1 = require("../../../../services/otp-service");
|
|
5
|
+
const otpService = new otp_service_1.OtpService();
|
|
6
|
+
async function POST(req, res) {
|
|
7
|
+
const { email, phone, otp } = req.body;
|
|
8
|
+
if ((!email && !phone) || !otp) {
|
|
9
|
+
res.status(400).json({ message: "Email/Phone and OTP are required" });
|
|
10
|
+
return;
|
|
11
|
+
}
|
|
12
|
+
const identifier = email || phone;
|
|
13
|
+
if (!identifier) {
|
|
14
|
+
res.status(400).json({ message: "Invalid identifier" });
|
|
15
|
+
return;
|
|
16
|
+
}
|
|
17
|
+
try {
|
|
18
|
+
const isValid = await otpService.verify(identifier, otp);
|
|
19
|
+
if (!isValid) {
|
|
20
|
+
res.status(401).json({ message: "Invalid or expired OTP" });
|
|
21
|
+
return;
|
|
22
|
+
}
|
|
23
|
+
const token = otpService.generateToken(identifier);
|
|
24
|
+
res.status(200).json({
|
|
25
|
+
message: "OTP verified successfully",
|
|
26
|
+
token
|
|
27
|
+
});
|
|
28
|
+
}
|
|
29
|
+
catch (error) {
|
|
30
|
+
const errorMessage = error instanceof Error ? error.message : "Unknown error";
|
|
31
|
+
res.status(500).json({ message: "Failed to verify OTP", error: errorMessage });
|
|
32
|
+
}
|
|
33
|
+
}
|
|
34
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicm91dGUuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi8uLi8uLi8uLi9zcmMvYXBpL3N0b3JlL290cC92ZXJpZnkvcm91dGUudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7QUFLQSxvQkFvQ0M7QUF4Q0Qsa0VBQTZEO0FBRTdELE1BQU0sVUFBVSxHQUFHLElBQUksd0JBQVUsRUFBRSxDQUFBO0FBRTVCLEtBQUssVUFBVSxJQUFJLENBQ3RCLEdBQWtCLEVBQ2xCLEdBQW1CO0lBRW5CLE1BQU0sRUFBRSxLQUFLLEVBQUUsS0FBSyxFQUFFLEdBQUcsRUFBRSxHQUFHLEdBQUcsQ0FBQyxJQUF1RCxDQUFBO0lBRXpGLElBQUksQ0FBQyxDQUFDLEtBQUssSUFBSSxDQUFDLEtBQUssQ0FBQyxJQUFJLENBQUMsR0FBRyxFQUFFLENBQUM7UUFDN0IsR0FBRyxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQyxJQUFJLENBQUMsRUFBRSxPQUFPLEVBQUUsa0NBQWtDLEVBQUUsQ0FBQyxDQUFBO1FBQ3JFLE9BQU07SUFDVixDQUFDO0lBRUQsTUFBTSxVQUFVLEdBQUcsS0FBSyxJQUFJLEtBQUssQ0FBQTtJQUVqQyxJQUFJLENBQUMsVUFBVSxFQUFFLENBQUM7UUFDZCxHQUFHLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxDQUFDLElBQUksQ0FBQyxFQUFFLE9BQU8sRUFBRSxvQkFBb0IsRUFBRSxDQUFDLENBQUE7UUFDdkQsT0FBTTtJQUNWLENBQUM7SUFFRCxJQUFJLENBQUM7UUFDRCxNQUFNLE9BQU8sR0FBRyxNQUFNLFVBQVUsQ0FBQyxNQUFNLENBQUMsVUFBVSxFQUFFLEdBQUcsQ0FBQyxDQUFBO1FBRXhELElBQUksQ0FBQyxPQUFPLEVBQUUsQ0FBQztZQUNYLEdBQUcsQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLENBQUMsSUFBSSxDQUFDLEVBQUUsT0FBTyxFQUFFLHdCQUF3QixFQUFFLENBQUMsQ0FBQTtZQUMzRCxPQUFNO1FBQ1YsQ0FBQztRQUVELE1BQU0sS0FBSyxHQUFHLFVBQVUsQ0FBQyxhQUFhLENBQUMsVUFBVSxDQUFDLENBQUE7UUFFbEQsR0FBRyxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQyxJQUFJLENBQUM7WUFDakIsT0FBTyxFQUFFLDJCQUEyQjtZQUNwQyxLQUFLO1NBQ1IsQ0FBQyxDQUFBO0lBQ04sQ0FBQztJQUFDLE9BQU8sS0FBSyxFQUFFLENBQUM7UUFDYixNQUFNLFlBQVksR0FBRyxLQUFLLFlBQVksS0FBSyxDQUFDLENBQUMsQ0FBQyxLQUFLLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQyxlQUFlLENBQUE7UUFDN0UsR0FBRyxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQyxJQUFJLENBQUMsRUFBRSxPQUFPLEVBQUUsc0JBQXNCLEVBQUUsS0FBSyxFQUFFLFlBQVksRUFBRSxDQUFDLENBQUE7SUFDbEYsQ0FBQztBQUNMLENBQUMifQ==
|
|
@@ -0,0 +1,58 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
+
};
|
|
5
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
+
exports.OtpService = void 0;
|
|
7
|
+
const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
|
|
8
|
+
// In-memory store for OTPs.
|
|
9
|
+
// NOTE: In a real production environment with multiple server instances,
|
|
10
|
+
// this should be replaced with Redis or a database table.
|
|
11
|
+
const otpStore = new Map();
|
|
12
|
+
class OtpService {
|
|
13
|
+
/**
|
|
14
|
+
* Generates a 6-digit OTP for the given identifier (email/phone).
|
|
15
|
+
* Stores it with a 15-minute expiration.
|
|
16
|
+
*/
|
|
17
|
+
async generate(identifier) {
|
|
18
|
+
const otp = Math.floor(100000 + Math.random() * 900000).toString();
|
|
19
|
+
otpStore.set(identifier, {
|
|
20
|
+
otp,
|
|
21
|
+
expiresAt: Date.now() + 15 * 60 * 1000, // 15 minutes
|
|
22
|
+
});
|
|
23
|
+
return otp;
|
|
24
|
+
}
|
|
25
|
+
/**
|
|
26
|
+
* Verifies the OTP for the given identifier.
|
|
27
|
+
* key feature: Deletes the OTP upon successful verification to prevent replay.
|
|
28
|
+
*/
|
|
29
|
+
async verify(identifier, code) {
|
|
30
|
+
const data = otpStore.get(identifier);
|
|
31
|
+
if (!data) {
|
|
32
|
+
return false;
|
|
33
|
+
}
|
|
34
|
+
if (Date.now() > data.expiresAt) {
|
|
35
|
+
otpStore.delete(identifier);
|
|
36
|
+
return false;
|
|
37
|
+
}
|
|
38
|
+
if (data.otp !== code) {
|
|
39
|
+
return false;
|
|
40
|
+
}
|
|
41
|
+
// OTP is valid, consume it
|
|
42
|
+
otpStore.delete(identifier);
|
|
43
|
+
return true;
|
|
44
|
+
}
|
|
45
|
+
/**
|
|
46
|
+
* Generates a JWT token scoped for guest access.
|
|
47
|
+
*/
|
|
48
|
+
generateToken(identifier) {
|
|
49
|
+
// In production, use a secure secret from environment variables
|
|
50
|
+
const secret = process.env.JWT_SECRET || "medusa-secret-guest-access";
|
|
51
|
+
return jsonwebtoken_1.default.sign({
|
|
52
|
+
guest_identifier: identifier,
|
|
53
|
+
scope: "guest_orders"
|
|
54
|
+
}, secret, { expiresIn: "1h" });
|
|
55
|
+
}
|
|
56
|
+
}
|
|
57
|
+
exports.OtpService = OtpService;
|
|
58
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoib3RwLXNlcnZpY2UuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi9zcmMvc2VydmljZXMvb3RwLXNlcnZpY2UudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7O0FBQUEsZ0VBQThCO0FBRTlCLDZCQUE2QjtBQUM3QiwwRUFBMEU7QUFDMUUsMERBQTBEO0FBQzFELE1BQU0sUUFBUSxHQUFHLElBQUksR0FBRyxFQUE4QyxDQUFBO0FBRXRFLE1BQWEsVUFBVTtJQUNuQjs7O09BR0c7SUFDSCxLQUFLLENBQUMsUUFBUSxDQUFDLFVBQWtCO1FBQzdCLE1BQU0sR0FBRyxHQUFHLElBQUksQ0FBQyxLQUFLLENBQUMsTUFBTSxHQUFHLElBQUksQ0FBQyxNQUFNLEVBQUUsR0FBRyxNQUFNLENBQUMsQ0FBQyxRQUFRLEVBQUUsQ0FBQTtRQUVsRSxRQUFRLENBQUMsR0FBRyxDQUFDLFVBQVUsRUFBRTtZQUNyQixHQUFHO1lBQ0gsU0FBUyxFQUFFLElBQUksQ0FBQyxHQUFHLEVBQUUsR0FBRyxFQUFFLEdBQUcsRUFBRSxHQUFHLElBQUksRUFBRSxhQUFhO1NBQ3hELENBQUMsQ0FBQTtRQUVGLE9BQU8sR0FBRyxDQUFBO0lBQ2QsQ0FBQztJQUVEOzs7T0FHRztJQUNILEtBQUssQ0FBQyxNQUFNLENBQUMsVUFBa0IsRUFBRSxJQUFZO1FBQ3pDLE1BQU0sSUFBSSxHQUFHLFFBQVEsQ0FBQyxHQUFHLENBQUMsVUFBVSxDQUFDLENBQUE7UUFFckMsSUFBSSxDQUFDLElBQUksRUFBRSxDQUFDO1lBQ1IsT0FBTyxLQUFLLENBQUE7UUFDaEIsQ0FBQztRQUVELElBQUksSUFBSSxDQUFDLEdBQUcsRUFBRSxHQUFHLElBQUksQ0FBQyxTQUFTLEVBQUUsQ0FBQztZQUM5QixRQUFRLENBQUMsTUFBTSxDQUFDLFVBQVUsQ0FBQyxDQUFBO1lBQzNCLE9BQU8sS0FBSyxDQUFBO1FBQ2hCLENBQUM7UUFFRCxJQUFJLElBQUksQ0FBQyxHQUFHLEtBQUssSUFBSSxFQUFFLENBQUM7WUFDcEIsT0FBTyxLQUFLLENBQUE7UUFDaEIsQ0FBQztRQUVELDJCQUEyQjtRQUMzQixRQUFRLENBQUMsTUFBTSxDQUFDLFVBQVUsQ0FBQyxDQUFBO1FBQzNCLE9BQU8sSUFBSSxDQUFBO0lBQ2YsQ0FBQztJQUVEOztPQUVHO0lBQ0gsYUFBYSxDQUFDLFVBQWtCO1FBQzVCLGdFQUFnRTtRQUNoRSxNQUFNLE1BQU0sR0FBRyxPQUFPLENBQUMsR0FBRyxDQUFDLFVBQVUsSUFBSSw0QkFBNEIsQ0FBQTtRQUVyRSxPQUFPLHNCQUFHLENBQUMsSUFBSSxDQUNYO1lBQ0ksZ0JBQWdCLEVBQUUsVUFBVTtZQUM1QixLQUFLLEVBQUUsY0FBYztTQUN4QixFQUNELE1BQU0sRUFDTixFQUFFLFNBQVMsRUFBRSxJQUFJLEVBQUUsQ0FDdEIsQ0FBQTtJQUNMLENBQUM7Q0FDSjtBQXpERCxnQ0F5REMifQ==
|