order-management 0.0.3 → 0.0.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -14,7 +14,21 @@ const POST = async (req, res) => {
|
|
|
14
14
|
// Type-safe access to auth_context
|
|
15
15
|
const authContext = req.auth_context;
|
|
16
16
|
const customerId = authContext?.actor_id;
|
|
17
|
+
// Detailed logging: Authentication customer ID
|
|
18
|
+
console.log("[Order Management] Authentication check:", {
|
|
19
|
+
order_id,
|
|
20
|
+
auth_customer_id: customerId,
|
|
21
|
+
auth_actor_type: authContext?.actor_type,
|
|
22
|
+
has_auth_context: !!authContext,
|
|
23
|
+
timestamp: new Date().toISOString(),
|
|
24
|
+
});
|
|
17
25
|
if (!customerId || authContext?.actor_type !== "customer") {
|
|
26
|
+
console.warn("[Order Management] Authentication failed:", {
|
|
27
|
+
order_id,
|
|
28
|
+
customer_id: customerId,
|
|
29
|
+
actor_type: authContext?.actor_type,
|
|
30
|
+
reason: !customerId ? "Missing customer_id" : "Invalid actor_type",
|
|
31
|
+
});
|
|
18
32
|
res.status(401).json({
|
|
19
33
|
message: "Unauthorized: Customer authentication is required",
|
|
20
34
|
});
|
|
@@ -49,4 +63,4 @@ const POST = async (req, res) => {
|
|
|
49
63
|
}
|
|
50
64
|
};
|
|
51
65
|
exports.POST = POST;
|
|
52
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
66
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicm91dGUuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi8uLi8uLi8uLi8uLi9zcmMvYXBpL3N0b3JlL29yZGVycy9yZW9yZGVyL1tvcmRlcl9pZF0vcm91dGUudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQ0EscURBQXVEO0FBQ3ZELGdGQUEyRTtBQUVwRSxNQUFNLElBQUksR0FBRyxLQUFLLEVBQ3ZCLEdBQWtCLEVBQ2xCLEdBQW1CLEVBQ25CLEVBQUU7SUFDRixNQUFNLEVBQUUsUUFBUSxFQUFFLEdBQUcsR0FBRyxDQUFDLE1BQU0sQ0FBQTtJQUUvQixJQUFJLENBQUMsUUFBUSxFQUFFLENBQUM7UUFDZCxHQUFHLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxDQUFDLElBQUksQ0FBQztZQUNuQixPQUFPLEVBQUUsd0NBQXdDO1NBQ2xELENBQUMsQ0FBQTtRQUNGLE9BQU07SUFDUixDQUFDO0lBRUQsbUNBQW1DO0lBQ25DLE1BQU0sV0FBVyxHQUFJLEdBRW5CLENBQUMsWUFBWSxDQUFBO0lBRWYsTUFBTSxVQUFVLEdBQUcsV0FBVyxFQUFFLFFBQVEsQ0FBQTtJQUV4QywrQ0FBK0M7SUFDL0MsT0FBTyxDQUFDLEdBQUcsQ0FBQywwQ0FBMEMsRUFBRTtRQUN0RCxRQUFRO1FBQ1IsZ0JBQWdCLEVBQUUsVUFBVTtRQUM1QixlQUFlLEVBQUUsV0FBVyxFQUFFLFVBQVU7UUFDeEMsZ0JBQWdCLEVBQUUsQ0FBQyxDQUFDLFdBQVc7UUFDL0IsU0FBUyxFQUFFLElBQUksSUFBSSxFQUFFLENBQUMsV0FBVyxFQUFFO0tBQ3BDLENBQUMsQ0FBQTtJQUVGLElBQUksQ0FBQyxVQUFVLElBQUksV0FBVyxFQUFFLFVBQVUsS0FBSyxVQUFVLEVBQUUsQ0FBQztRQUMxRCxPQUFPLENBQUMsSUFBSSxDQUFDLDJDQUEyQyxFQUFFO1lBQ3hELFFBQVE7WUFDUixXQUFXLEVBQUUsVUFBVTtZQUN2QixVQUFVLEVBQUUsV0FBVyxFQUFFLFVBQVU7WUFDbkMsTUFBTSxFQUFFLENBQUMsVUFBVSxDQUFDLENBQUMsQ0FBQyxxQkFBcUIsQ0FBQyxDQUFDLENBQUMsb0JBQW9CO1NBQ25FLENBQUMsQ0FBQTtRQUNGLEdBQUcsQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLENBQUMsSUFBSSxDQUFDO1lBQ25CLE9BQU8sRUFBRSxtREFBbUQ7U0FDN0QsQ0FBQyxDQUFBO1FBQ0YsT0FBTTtJQUNSLENBQUM7SUFFRCxJQUFJLENBQUM7UUFDSCxNQUFNLEVBQUUsTUFBTSxFQUFFLEdBQUcsTUFBTSxJQUFBLGtDQUFlLEVBQUMsR0FBRyxDQUFDLEtBQUssQ0FBQyxDQUFDLEdBQUcsQ0FBQztZQUN0RCxLQUFLLEVBQUU7Z0JBQ0wsUUFBUTtnQkFDUixXQUFXLEVBQUUsVUFBVTthQUN4QjtTQUNGLENBQUMsQ0FBQTtRQUVGLEdBQUcsQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLENBQUE7SUFDbEIsQ0FBQztJQUFDLE9BQU8sS0FBSyxFQUFFLENBQUM7UUFDZiwwQkFBMEI7UUFDMUIsT0FBTyxDQUFDLEtBQUssQ0FBQyx5QkFBeUIsRUFBRSxLQUFLLENBQUMsQ0FBQTtRQUUvQyxJQUFJLEtBQUssWUFBWSxtQkFBVyxFQUFFLENBQUM7WUFDakMsR0FBRyxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUMsSUFBSSxLQUFLLG1CQUFXLENBQUMsS0FBSyxDQUFDLFNBQVMsQ0FBQyxDQUFDLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxHQUFHLENBQUMsQ0FBQyxJQUFJLENBQUM7Z0JBQ3RFLE9BQU8sRUFBRSxLQUFLLENBQUMsT0FBTztnQkFDdEIsSUFBSSxFQUFFLEtBQUssQ0FBQyxJQUFJO2FBQ2pCLENBQUMsQ0FBQTtZQUNGLE9BQU07UUFDUixDQUFDO1FBRUQsb0NBQW9DO1FBQ3BDLE1BQU0sWUFBWSxHQUFHLEtBQUssWUFBWSxLQUFLLENBQUMsQ0FBQyxDQUFDLEtBQUssQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLG1CQUFtQixDQUFBO1FBQ2pGLE1BQU0sVUFBVSxHQUFHLEtBQUssWUFBWSxLQUFLLENBQUMsQ0FBQyxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLFNBQVMsQ0FBQTtRQUVuRSxHQUFHLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxDQUFDLElBQUksQ0FBQztZQUNuQixPQUFPLEVBQUUsWUFBWTtZQUNyQixHQUFHLENBQUMsT0FBTyxDQUFDLEdBQUcsQ0FBQyxRQUFRLEtBQUssYUFBYSxJQUFJLEVBQUUsS0FBSyxFQUFFLFVBQVUsRUFBRSxDQUFDO1NBQ3JFLENBQUMsQ0FBQTtJQUNKLENBQUM7QUFDSCxDQUFDLENBQUE7QUF4RVksUUFBQSxJQUFJLFFBd0VoQiJ9
|
|
@@ -41,12 +41,39 @@ exports.retrieveOrderStep = (0, workflows_sdk_1.createStep)("retrieve-order", as
|
|
|
41
41
|
if (!order) {
|
|
42
42
|
throw new utils_1.MedusaError(utils_1.MedusaError.Types.NOT_FOUND, `Order with id ${order_id} not found`);
|
|
43
43
|
}
|
|
44
|
+
// Detailed logging: Order customer ID vs Authentication customer ID
|
|
45
|
+
const orderCustomerId = order.customer_id;
|
|
46
|
+
const authCustomerId = customer_id;
|
|
47
|
+
const customerIdsMatch = orderCustomerId === authCustomerId;
|
|
48
|
+
console.log("[Order Management] Customer ID comparison:", {
|
|
49
|
+
order_id,
|
|
50
|
+
order_customer_id: orderCustomerId,
|
|
51
|
+
authentication_customer_id: authCustomerId,
|
|
52
|
+
match: customerIdsMatch,
|
|
53
|
+
order_customer_id_type: typeof orderCustomerId,
|
|
54
|
+
auth_customer_id_type: typeof authCustomerId,
|
|
55
|
+
order_customer_id_null_or_undefined: orderCustomerId == null,
|
|
56
|
+
auth_customer_id_null_or_undefined: authCustomerId == null,
|
|
57
|
+
timestamp: new Date().toISOString(),
|
|
58
|
+
});
|
|
44
59
|
// Validate customer ownership
|
|
45
|
-
if (
|
|
60
|
+
if (!customerIdsMatch) {
|
|
61
|
+
console.warn("[Order Management] Customer ID mismatch - Access denied:", {
|
|
62
|
+
order_id,
|
|
63
|
+
order_customer_id: orderCustomerId,
|
|
64
|
+
authentication_customer_id: authCustomerId,
|
|
65
|
+
reason: "Order customer_id does not match authenticated customer_id",
|
|
66
|
+
timestamp: new Date().toISOString(),
|
|
67
|
+
});
|
|
46
68
|
throw new utils_1.MedusaError(utils_1.MedusaError.Types.NOT_ALLOWED, "You can only reorder your own orders");
|
|
47
69
|
}
|
|
70
|
+
console.log("[Order Management] Customer ID validation passed:", {
|
|
71
|
+
order_id,
|
|
72
|
+
customer_id: authCustomerId,
|
|
73
|
+
timestamp: new Date().toISOString(),
|
|
74
|
+
});
|
|
48
75
|
return new workflows_sdk_1.StepResponse({
|
|
49
76
|
order: order,
|
|
50
77
|
});
|
|
51
78
|
});
|
|
52
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
79
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicmV0cmlldmUtb3JkZXItc3RlcC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uLy4uL3NyYy93b3JrZmxvd3Mvc3RlcHMvcmV0cmlldmUtb3JkZXItc3RlcC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSxxREFBdUQ7QUFDdkQscUVBQTRFO0FBQzVFLHFEQUFrRztBQWtEckYsUUFBQSxpQkFBaUIsR0FBRyxJQUFBLDBCQUFVLEVBQ3pDLGdCQUFnQixFQUNoQixLQUFLLEVBQ0gsS0FBNkIsRUFDN0IsRUFBRSxTQUFTLEVBQUUsRUFDbUMsRUFBRTtJQUNsRCxNQUFNLEVBQUUsUUFBUSxFQUFFLFdBQVcsRUFBRSxHQUFHLEtBQUssQ0FBQTtJQUV2QyxJQUFJLENBQUMsUUFBUSxFQUFFLENBQUM7UUFDZCxNQUFNLElBQUksbUJBQVcsQ0FDbkIsbUJBQVcsQ0FBQyxLQUFLLENBQUMsWUFBWSxFQUM5QixzQkFBc0IsQ0FDdkIsQ0FBQTtJQUNILENBQUM7SUFFRCxJQUFJLENBQUMsV0FBVyxFQUFFLENBQUM7UUFDakIsTUFBTSxJQUFJLG1CQUFXLENBQ25CLG1CQUFXLENBQUMsS0FBSyxDQUFDLFlBQVksRUFDOUIscUNBQXFDLENBQ3RDLENBQUE7SUFDSCxDQUFDO0lBRUQsTUFBTSxXQUFXLEdBQUcsU0FBUyxDQUFDLE9BQU8sQ0FDbkMsaUNBQXlCLENBQUMsWUFBWSxDQUN2QyxDQUFBO0lBRUQsSUFBSSxNQUFNLENBQUE7SUFDVixJQUFJLENBQUM7UUFDSCxNQUFNLFdBQVcsR0FBRyxJQUFBLG1DQUEyQixFQUFDO1lBQzlDLFVBQVUsRUFBRSxPQUFPO1lBQ25CLE1BQU0sRUFBRTtnQkFDTixJQUFJO2dCQUNKLFNBQVM7Z0JBQ1Qsb0JBQW9CO2dCQUNwQixtQkFBbUI7Z0JBQ25CLFdBQVc7Z0JBQ1gsa0JBQWtCO2dCQUNsQixhQUFhO2dCQUNiLE9BQU87YUFDUjtZQUNELE9BQU8sRUFBRTtnQkFDUCxFQUFFLEVBQUUsUUFBUTthQUNiO1NBQ0YsQ0FBQyxDQUFBO1FBRUYsTUFBTSxHQUFHLE1BQU0sV0FBVyxDQUFDLFdBQVcsQ0FBQyxDQUFBO0lBQ3pDLENBQUM7SUFBQyxPQUFPLFVBQVUsRUFBRSxDQUFDO1FBQ3BCLE9BQU8sQ0FBQyxLQUFLLENBQUMscUJBQXFCLEVBQUUsVUFBVSxDQUFDLENBQUE7UUFDaEQsTUFBTSxJQUFJLG1CQUFXLENBQ25CLG1CQUFXLENBQUMsS0FBSyxDQUFDLGdCQUFnQixFQUNsQyw2QkFBNkIsVUFBVSxZQUFZLEtBQUssQ0FBQyxDQUFDLENBQUMsVUFBVSxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUMsZUFBZSxFQUFFLENBQ2xHLENBQUE7SUFDSCxDQUFDO0lBRUQsTUFBTSxLQUFLLEdBQUcsS0FBSyxDQUFDLE9BQU8sQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxNQUFNLENBQUE7SUFFeEQsSUFBSSxDQUFDLEtBQUssRUFBRSxDQUFDO1FBQ1gsTUFBTSxJQUFJLG1CQUFXLENBQ25CLG1CQUFXLENBQUMsS0FBSyxDQUFDLFNBQVMsRUFDM0IsaUJBQWlCLFFBQVEsWUFBWSxDQUN0QyxDQUFBO0lBQ0gsQ0FBQztJQUVELG9FQUFvRTtJQUNwRSxNQUFNLGVBQWUsR0FBRyxLQUFLLENBQUMsV0FBVyxDQUFBO0lBQ3pDLE1BQU0sY0FBYyxHQUFHLFdBQVcsQ0FBQTtJQUNsQyxNQUFNLGdCQUFnQixHQUFHLGVBQWUsS0FBSyxjQUFjLENBQUE7SUFFM0QsT0FBTyxDQUFDLEdBQUcsQ0FBQyw0Q0FBNEMsRUFBRTtRQUN4RCxRQUFRO1FBQ1IsaUJBQWlCLEVBQUUsZUFBZTtRQUNsQywwQkFBMEIsRUFBRSxjQUFjO1FBQzFDLEtBQUssRUFBRSxnQkFBZ0I7UUFDdkIsc0JBQXNCLEVBQUUsT0FBTyxlQUFlO1FBQzlDLHFCQUFxQixFQUFFLE9BQU8sY0FBYztRQUM1QyxtQ0FBbUMsRUFBRSxlQUFlLElBQUksSUFBSTtRQUM1RCxrQ0FBa0MsRUFBRSxjQUFjLElBQUksSUFBSTtRQUMxRCxTQUFTLEVBQUUsSUFBSSxJQUFJLEVBQUUsQ0FBQyxXQUFXLEVBQUU7S0FDcEMsQ0FBQyxDQUFBO0lBRUYsOEJBQThCO0lBQzlCLElBQUksQ0FBQyxnQkFBZ0IsRUFBRSxDQUFDO1FBQ3RCLE9BQU8sQ0FBQyxJQUFJLENBQUMsMERBQTBELEVBQUU7WUFDdkUsUUFBUTtZQUNSLGlCQUFpQixFQUFFLGVBQWU7WUFDbEMsMEJBQTBCLEVBQUUsY0FBYztZQUMxQyxNQUFNLEVBQUUsNERBQTREO1lBQ3BFLFNBQVMsRUFBRSxJQUFJLElBQUksRUFBRSxDQUFDLFdBQVcsRUFBRTtTQUNwQyxDQUFDLENBQUE7UUFDRixNQUFNLElBQUksbUJBQVcsQ0FDbkIsbUJBQVcsQ0FBQyxLQUFLLENBQUMsV0FBVyxFQUM3QixzQ0FBc0MsQ0FDdkMsQ0FBQTtJQUNILENBQUM7SUFFRCxPQUFPLENBQUMsR0FBRyxDQUFDLG1EQUFtRCxFQUFFO1FBQy9ELFFBQVE7UUFDUixXQUFXLEVBQUUsY0FBYztRQUMzQixTQUFTLEVBQUUsSUFBSSxJQUFJLEVBQUUsQ0FBQyxXQUFXLEVBQUU7S0FDcEMsQ0FBQyxDQUFBO0lBRUYsT0FBTyxJQUFJLDRCQUFZLENBQTBCO1FBQy9DLEtBQUssRUFBRSxLQUF5QztLQUNqRCxDQUFDLENBQUE7QUFDSixDQUFDLENBQ0YsQ0FBQSJ9
|