order-management 0.0.47 → 0.0.48
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -514,6 +514,11 @@ const ReturnDetailPage = () => {
|
|
|
514
514
|
const payload = await response.json();
|
|
515
515
|
setReturnOrder(payload.return);
|
|
516
516
|
setUpdateSuccess(true);
|
|
517
|
+
const orderId = payload.return.order_id;
|
|
518
|
+
if (orderId) {
|
|
519
|
+
window.location.href = `/app/orders/${orderId}`;
|
|
520
|
+
return;
|
|
521
|
+
}
|
|
517
522
|
setTimeout(() => setUpdateSuccess(false), 3e3);
|
|
518
523
|
const detailResponse = await fetch(`/admin/returns/${id}`, {
|
|
519
524
|
credentials: "include"
|
|
@@ -883,6 +888,11 @@ const SwapDetailPage = () => {
|
|
|
883
888
|
const payload = await response.json();
|
|
884
889
|
setSwap(payload.swap);
|
|
885
890
|
setUpdateSuccess(true);
|
|
891
|
+
const orderId = payload.swap.order_id;
|
|
892
|
+
if (orderId) {
|
|
893
|
+
window.location.href = `/app/orders/${orderId}`;
|
|
894
|
+
return;
|
|
895
|
+
}
|
|
886
896
|
setTimeout(() => setUpdateSuccess(false), 3e3);
|
|
887
897
|
const detailResponse = await fetch(`/admin/swaps/${id}`, {
|
|
888
898
|
credentials: "include"
|
|
@@ -927,7 +937,7 @@ const SwapDetailPage = () => {
|
|
|
927
937
|
credentials: "include"
|
|
928
938
|
});
|
|
929
939
|
if (detailResponse.ok) {
|
|
930
|
-
const detailPayload = await
|
|
940
|
+
const detailPayload = await detailResponse.json();
|
|
931
941
|
setSwap(detailPayload.swap);
|
|
932
942
|
setOrder(detailPayload.order || null);
|
|
933
943
|
}
|
|
@@ -513,6 +513,11 @@ const ReturnDetailPage = () => {
|
|
|
513
513
|
const payload = await response.json();
|
|
514
514
|
setReturnOrder(payload.return);
|
|
515
515
|
setUpdateSuccess(true);
|
|
516
|
+
const orderId = payload.return.order_id;
|
|
517
|
+
if (orderId) {
|
|
518
|
+
window.location.href = `/app/orders/${orderId}`;
|
|
519
|
+
return;
|
|
520
|
+
}
|
|
516
521
|
setTimeout(() => setUpdateSuccess(false), 3e3);
|
|
517
522
|
const detailResponse = await fetch(`/admin/returns/${id}`, {
|
|
518
523
|
credentials: "include"
|
|
@@ -882,6 +887,11 @@ const SwapDetailPage = () => {
|
|
|
882
887
|
const payload = await response.json();
|
|
883
888
|
setSwap(payload.swap);
|
|
884
889
|
setUpdateSuccess(true);
|
|
890
|
+
const orderId = payload.swap.order_id;
|
|
891
|
+
if (orderId) {
|
|
892
|
+
window.location.href = `/app/orders/${orderId}`;
|
|
893
|
+
return;
|
|
894
|
+
}
|
|
885
895
|
setTimeout(() => setUpdateSuccess(false), 3e3);
|
|
886
896
|
const detailResponse = await fetch(`/admin/swaps/${id}`, {
|
|
887
897
|
credentials: "include"
|
|
@@ -926,7 +936,7 @@ const SwapDetailPage = () => {
|
|
|
926
936
|
credentials: "include"
|
|
927
937
|
});
|
|
928
938
|
if (detailResponse.ok) {
|
|
929
|
-
const detailPayload = await
|
|
939
|
+
const detailPayload = await detailResponse.json();
|
|
930
940
|
setSwap(detailPayload.swap);
|
|
931
941
|
setOrder(detailPayload.order || null);
|
|
932
942
|
}
|
|
@@ -5,26 +5,26 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
5
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
6
|
exports.POST = POST;
|
|
7
7
|
const utils_1 = require("@medusajs/framework/utils");
|
|
8
|
-
|
|
8
|
+
const utils_2 = require("@medusajs/framework/utils");
|
|
9
9
|
const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
|
|
10
|
+
const zod_1 = require("zod");
|
|
10
11
|
const config_1 = require("../../../../../config");
|
|
11
12
|
const get_guest_token_1 = require("../../get-guest-token");
|
|
13
|
+
const create_return_workflow_1 = require("../../../../../workflows/returns/create-return-workflow");
|
|
14
|
+
const validators_1 = require("../../../returns/validators");
|
|
12
15
|
async function POST(req, res) {
|
|
13
16
|
const token = (0, get_guest_token_1.getGuestToken)(req);
|
|
14
|
-
const { id } = req.params;
|
|
15
|
-
const { items, reason_id, note } = req.body;
|
|
17
|
+
const { id: order_id } = req.params;
|
|
16
18
|
if (!token) {
|
|
17
|
-
res.status(401).json({
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
if (!items || !items.length) {
|
|
21
|
-
res.status(400).json({ message: "Items are required for return" });
|
|
19
|
+
res.status(401).json({
|
|
20
|
+
message: "Missing or invalid token (cookie or Authorization header)",
|
|
21
|
+
});
|
|
22
22
|
return;
|
|
23
23
|
}
|
|
24
24
|
// Resolve plugin configuration
|
|
25
25
|
let config;
|
|
26
26
|
try {
|
|
27
|
-
const configModule = req.scope.resolve(
|
|
27
|
+
const configModule = req.scope.resolve(utils_2.ContainerRegistrationKeys.CONFIG_MODULE);
|
|
28
28
|
config = (0, config_1.resolveOrderManagementOptions)(configModule);
|
|
29
29
|
}
|
|
30
30
|
catch (error) {
|
|
@@ -32,48 +32,102 @@ async function POST(req, res) {
|
|
|
32
32
|
console.error("[Guest Order Returns] Could not resolve config:", errorMessage);
|
|
33
33
|
res.status(500).json({
|
|
34
34
|
message: "Failed to resolve plugin configuration",
|
|
35
|
-
error: errorMessage
|
|
35
|
+
error: errorMessage,
|
|
36
36
|
});
|
|
37
37
|
return;
|
|
38
38
|
}
|
|
39
39
|
try {
|
|
40
40
|
const decoded = jsonwebtoken_1.default.verify(token, config.jwtSecret);
|
|
41
|
-
if (!decoded
|
|
41
|
+
if (!decoded?.guest_identifier) {
|
|
42
42
|
res.status(401).json({ message: "Invalid token payload" });
|
|
43
43
|
return;
|
|
44
44
|
}
|
|
45
|
-
const
|
|
45
|
+
const guest_identifier = decoded.guest_identifier;
|
|
46
|
+
// Validate body: same shape as logged-in store create return (order_id from params)
|
|
47
|
+
const rawBody = Array.isArray(req.body) && req.body.length > 0 ? req.body[0] : req.body;
|
|
48
|
+
const body = validators_1.StoreCreateReturnSchema.parse({
|
|
49
|
+
...rawBody,
|
|
50
|
+
order_id,
|
|
51
|
+
});
|
|
46
52
|
// Resolve Query to fetch order and verify ownership
|
|
47
|
-
const query = req.scope.resolve(
|
|
48
|
-
// Fetch the specific order and include customer info
|
|
53
|
+
const query = req.scope.resolve(utils_2.ContainerRegistrationKeys.QUERY);
|
|
49
54
|
const { data: orders } = await query.graph({
|
|
50
55
|
entity: "order",
|
|
51
56
|
fields: ["id"],
|
|
52
57
|
filters: {
|
|
53
|
-
id:
|
|
54
|
-
email: guest_identifier
|
|
55
|
-
}
|
|
58
|
+
id: order_id,
|
|
59
|
+
email: guest_identifier,
|
|
60
|
+
},
|
|
56
61
|
});
|
|
57
|
-
const order = orders[0];
|
|
62
|
+
const order = orders?.[0];
|
|
58
63
|
if (!order) {
|
|
59
64
|
res.status(404).json({ message: "Order not found or access denied" });
|
|
60
65
|
return;
|
|
61
66
|
}
|
|
62
|
-
//
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
}
|
|
67
|
+
// Map items to return_items format (same as store returns route)
|
|
68
|
+
const returnItems = body.items.map((item) => ({
|
|
69
|
+
id: (item.item_id ?? item.id ?? "").trim(),
|
|
70
|
+
quantity: item.quantity,
|
|
71
|
+
reason: item.reason_id ?? item.reason,
|
|
72
|
+
}));
|
|
73
|
+
const firstWithReason = body.items.find((i) => (i.reason ?? i.reason_id ?? "").trim().length > 0);
|
|
74
|
+
const reason = (firstWithReason?.reason ?? firstWithReason?.reason_id ?? "").trim();
|
|
75
|
+
if (!create_return_workflow_1.createReturnWorkflow) {
|
|
76
|
+
throw new utils_1.MedusaError("unexpected_state", "Return workflow is not available. Please ensure the plugin is properly installed.");
|
|
77
|
+
}
|
|
78
|
+
let workflowResult;
|
|
79
|
+
try {
|
|
80
|
+
workflowResult = await (0, create_return_workflow_1.createReturnWorkflow)(req.scope).run({
|
|
81
|
+
input: {
|
|
82
|
+
order_id: body.order_id,
|
|
83
|
+
return_items: returnItems,
|
|
84
|
+
reason,
|
|
85
|
+
note: body.note,
|
|
86
|
+
return_location_id: body.return_shipping.location_id,
|
|
87
|
+
return_shipping_method_id: body.return_shipping.option_id,
|
|
88
|
+
customer_id: guest_identifier,
|
|
89
|
+
},
|
|
90
|
+
});
|
|
91
|
+
}
|
|
92
|
+
catch (workflowError) {
|
|
93
|
+
const errorObj = workflowError;
|
|
94
|
+
if (errorObj.__isMedusaError &&
|
|
95
|
+
errorObj.type &&
|
|
96
|
+
errorObj.message) {
|
|
97
|
+
throw new utils_1.MedusaError(errorObj.type, errorObj.message);
|
|
98
|
+
}
|
|
99
|
+
throw workflowError;
|
|
100
|
+
}
|
|
101
|
+
const { result } = workflowResult;
|
|
102
|
+
res.status(201).json(result);
|
|
73
103
|
}
|
|
74
104
|
catch (error) {
|
|
105
|
+
if (error instanceof zod_1.z.ZodError) {
|
|
106
|
+
res.status(400).json({
|
|
107
|
+
message: "Invalid request data",
|
|
108
|
+
errors: error.errors,
|
|
109
|
+
});
|
|
110
|
+
return;
|
|
111
|
+
}
|
|
112
|
+
if (error instanceof utils_1.MedusaError) {
|
|
113
|
+
const statusCode = error.type === "not_found"
|
|
114
|
+
? 404
|
|
115
|
+
: error.type === "not_allowed"
|
|
116
|
+
? 403
|
|
117
|
+
: error.type === "unauthorized"
|
|
118
|
+
? 401
|
|
119
|
+
: 400;
|
|
120
|
+
res.status(statusCode).json({
|
|
121
|
+
message: error.message,
|
|
122
|
+
type: error.type,
|
|
123
|
+
});
|
|
124
|
+
return;
|
|
125
|
+
}
|
|
75
126
|
const errorMessage = error instanceof Error ? error.message : "Unknown error";
|
|
76
|
-
res.status(401).json({
|
|
127
|
+
res.status(401).json({
|
|
128
|
+
message: "Unauthorized or invalid token",
|
|
129
|
+
error: errorMessage,
|
|
130
|
+
});
|
|
77
131
|
}
|
|
78
132
|
}
|
|
79
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
133
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicm91dGUuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi8uLi8uLi8uLi8uLi9zcmMvYXBpL3N0b3JlL2d1ZXN0LW9yZGVycy9baWRdL3JldHVybnMvcm91dGUudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7QUFjQSxvQkFvSkM7QUFqS0QscURBQXVEO0FBQ3ZELHFEQUFxRTtBQUNyRSxnRUFBOEM7QUFDOUMsNkJBQXVCO0FBQ3ZCLGtEQUFxRTtBQUVyRSwyREFBcUQ7QUFDckQsb0dBQThGO0FBQzlGLDREQUdvQztBQUU3QixLQUFLLFVBQVUsSUFBSSxDQUN4QixHQUFrQixFQUNsQixHQUFtQjtJQUVuQixNQUFNLEtBQUssR0FBRyxJQUFBLCtCQUFhLEVBQUMsR0FBRyxDQUFDLENBQUE7SUFDaEMsTUFBTSxFQUFFLEVBQUUsRUFBRSxRQUFRLEVBQUUsR0FBRyxHQUFHLENBQUMsTUFBTSxDQUFBO0lBRW5DLElBQUksQ0FBQyxLQUFLLEVBQUUsQ0FBQztRQUNYLEdBQUcsQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLENBQUMsSUFBSSxDQUFDO1lBQ25CLE9BQU8sRUFBRSwyREFBMkQ7U0FDckUsQ0FBQyxDQUFBO1FBQ0YsT0FBTTtJQUNSLENBQUM7SUFFRCwrQkFBK0I7SUFDL0IsSUFBSSxNQUE2QixDQUFBO0lBQ2pDLElBQUksQ0FBQztRQUNILE1BQU0sWUFBWSxHQUFHLEdBQUcsQ0FBQyxLQUFLLENBQUMsT0FBTyxDQUNwQyxpQ0FBeUIsQ0FBQyxhQUFhLENBQ3hDLENBQUE7UUFDRCxNQUFNLEdBQUcsSUFBQSxzQ0FBNkIsRUFBQyxZQUFZLENBQUMsQ0FBQTtJQUN0RCxDQUFDO0lBQUMsT0FBTyxLQUFLLEVBQUUsQ0FBQztRQUNmLE1BQU0sWUFBWSxHQUFHLEtBQUssWUFBWSxLQUFLLENBQUMsQ0FBQyxDQUFDLEtBQUssQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLGVBQWUsQ0FBQTtRQUM3RSxPQUFPLENBQUMsS0FBSyxDQUFDLGlEQUFpRCxFQUFFLFlBQVksQ0FBQyxDQUFBO1FBQzlFLEdBQUcsQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLENBQUMsSUFBSSxDQUFDO1lBQ25CLE9BQU8sRUFBRSx3Q0FBd0M7WUFDakQsS0FBSyxFQUFFLFlBQVk7U0FDcEIsQ0FBQyxDQUFBO1FBQ0YsT0FBTTtJQUNSLENBQUM7SUFFRCxJQUFJLENBQUM7UUFDSCxNQUFNLE9BQU8sR0FBRyxzQkFBRyxDQUFDLE1BQU0sQ0FBQyxLQUFLLEVBQUUsTUFBTSxDQUFDLFNBQVMsQ0FBZSxDQUFBO1FBRWpFLElBQUksQ0FBQyxPQUFPLEVBQUUsZ0JBQWdCLEVBQUUsQ0FBQztZQUMvQixHQUFHLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxDQUFDLElBQUksQ0FBQyxFQUFFLE9BQU8sRUFBRSx1QkFBdUIsRUFBRSxDQUFDLENBQUE7WUFDMUQsT0FBTTtRQUNSLENBQUM7UUFFRCxNQUFNLGdCQUFnQixHQUFHLE9BQU8sQ0FBQyxnQkFBMEIsQ0FBQTtRQUUzRCxvRkFBb0Y7UUFDcEYsTUFBTSxPQUFPLEdBQ1gsS0FBSyxDQUFDLE9BQU8sQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLElBQUksR0FBRyxDQUFDLElBQUksQ0FBQyxNQUFNLEdBQUcsQ0FBQyxDQUFDLENBQUMsQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFBO1FBQ3pFLE1BQU0sSUFBSSxHQUFHLG9DQUF1QixDQUFDLEtBQUssQ0FBQztZQUN6QyxHQUFHLE9BQU87WUFDVixRQUFRO1NBQ1QsQ0FBMEIsQ0FBQTtRQUUzQixvREFBb0Q7UUFDcEQsTUFBTSxLQUFLLEdBQUcsR0FBRyxDQUFDLEtBQUssQ0FBQyxPQUFPLENBQUMsaUNBQXlCLENBQUMsS0FBSyxDQUFDLENBQUE7UUFDaEUsTUFBTSxFQUFFLElBQUksRUFBRSxNQUFNLEVBQUUsR0FBRyxNQUFNLEtBQUssQ0FBQyxLQUFLLENBQUM7WUFDekMsTUFBTSxFQUFFLE9BQU87WUFDZixNQUFNLEVBQUUsQ0FBQyxJQUFJLENBQUM7WUFDZCxPQUFPLEVBQUU7Z0JBQ1AsRUFBRSxFQUFFLFFBQVE7Z0JBQ1osS0FBSyxFQUFFLGdCQUFnQjthQUN4QjtTQUNGLENBQUMsQ0FBQTtRQUVGLE1BQU0sS0FBSyxHQUFHLE1BQU0sRUFBRSxDQUFDLENBQUMsQ0FBQyxDQUFBO1FBQ3pCLElBQUksQ0FBQyxLQUFLLEVBQUUsQ0FBQztZQUNYLEdBQUcsQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLENBQUMsSUFBSSxDQUFDLEVBQUUsT0FBTyxFQUFFLGtDQUFrQyxFQUFFLENBQUMsQ0FBQTtZQUNyRSxPQUFNO1FBQ1IsQ0FBQztRQUVELGlFQUFpRTtRQUNqRSxNQUFNLFdBQVcsR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDLElBQUksRUFBRSxFQUFFLENBQUMsQ0FBQztZQUM1QyxFQUFFLEVBQUUsQ0FBQyxJQUFJLENBQUMsT0FBTyxJQUFJLElBQUksQ0FBQyxFQUFFLElBQUksRUFBRSxDQUFDLENBQUMsSUFBSSxFQUFFO1lBQzFDLFFBQVEsRUFBRSxJQUFJLENBQUMsUUFBUTtZQUN2QixNQUFNLEVBQUUsSUFBSSxDQUFDLFNBQVMsSUFBSSxJQUFJLENBQUMsTUFBTTtTQUN0QyxDQUFDLENBQUMsQ0FBQTtRQUNILE1BQU0sZUFBZSxHQUFHLElBQUksQ0FBQyxLQUFLLENBQUMsSUFBSSxDQUNyQyxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUMsQ0FBQyxDQUFDLENBQUMsTUFBTSxJQUFJLENBQUMsQ0FBQyxTQUFTLElBQUksRUFBRSxDQUFDLENBQUMsSUFBSSxFQUFFLENBQUMsTUFBTSxHQUFHLENBQUMsQ0FDekQsQ0FBQTtRQUNELE1BQU0sTUFBTSxHQUFHLENBQ2IsZUFBZSxFQUFFLE1BQU0sSUFBSSxlQUFlLEVBQUUsU0FBUyxJQUFJLEVBQUUsQ0FDNUQsQ0FBQyxJQUFJLEVBQUUsQ0FBQTtRQUVSLElBQUksQ0FBQyw2Q0FBb0IsRUFBRSxDQUFDO1lBQzFCLE1BQU0sSUFBSSxtQkFBVyxDQUNuQixrQkFBa0IsRUFDbEIsbUZBQW1GLENBQ3BGLENBQUE7UUFDSCxDQUFDO1FBRUQsSUFBSSxjQUFjLENBQUE7UUFDbEIsSUFBSSxDQUFDO1lBQ0gsY0FBYyxHQUFHLE1BQU0sSUFBQSw2Q0FBb0IsRUFBQyxHQUFHLENBQUMsS0FBSyxDQUFDLENBQUMsR0FBRyxDQUFDO2dCQUN6RCxLQUFLLEVBQUU7b0JBQ0wsUUFBUSxFQUFFLElBQUksQ0FBQyxRQUFRO29CQUN2QixZQUFZLEVBQUUsV0FBVztvQkFDekIsTUFBTTtvQkFDTixJQUFJLEVBQUUsSUFBSSxDQUFDLElBQUk7b0JBQ2Ysa0JBQWtCLEVBQUUsSUFBSSxDQUFDLGVBQWUsQ0FBQyxXQUFXO29CQUNwRCx5QkFBeUIsRUFBRSxJQUFJLENBQUMsZUFBZSxDQUFDLFNBQVM7b0JBQ3pELFdBQVcsRUFBRSxnQkFBZ0I7aUJBQzlCO2FBQ0YsQ0FBQyxDQUFBO1FBQ0osQ0FBQztRQUFDLE9BQU8sYUFBYSxFQUFFLENBQUM7WUFDdkIsTUFBTSxRQUFRLEdBQUcsYUFJaEIsQ0FBQTtZQUNELElBQ0UsUUFBUSxDQUFDLGVBQWU7Z0JBQ3hCLFFBQVEsQ0FBQyxJQUFJO2dCQUNiLFFBQVEsQ0FBQyxPQUFPLEVBQ2hCLENBQUM7Z0JBQ0QsTUFBTSxJQUFJLG1CQUFXLENBQUMsUUFBUSxDQUFDLElBQWEsRUFBRSxRQUFRLENBQUMsT0FBTyxDQUFDLENBQUE7WUFDakUsQ0FBQztZQUNELE1BQU0sYUFBYSxDQUFBO1FBQ3JCLENBQUM7UUFFRCxNQUFNLEVBQUUsTUFBTSxFQUFFLEdBQUcsY0FBYyxDQUFBO1FBQ2pDLEdBQUcsQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLENBQUMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxDQUFBO0lBQzlCLENBQUM7SUFBQyxPQUFPLEtBQUssRUFBRSxDQUFDO1FBQ2YsSUFBSSxLQUFLLFlBQVksT0FBQyxDQUFDLFFBQVEsRUFBRSxDQUFDO1lBQ2hDLEdBQUcsQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLENBQUMsSUFBSSxDQUFDO2dCQUNuQixPQUFPLEVBQUUsc0JBQXNCO2dCQUMvQixNQUFNLEVBQUUsS0FBSyxDQUFDLE1BQU07YUFDckIsQ0FBQyxDQUFBO1lBQ0YsT0FBTTtRQUNSLENBQUM7UUFFRCxJQUFJLEtBQUssWUFBWSxtQkFBVyxFQUFFLENBQUM7WUFDakMsTUFBTSxVQUFVLEdBQ2QsS0FBSyxDQUFDLElBQUksS0FBSyxXQUFXO2dCQUN4QixDQUFDLENBQUMsR0FBRztnQkFDTCxDQUFDLENBQUMsS0FBSyxDQUFDLElBQUksS0FBSyxhQUFhO29CQUM1QixDQUFDLENBQUMsR0FBRztvQkFDTCxDQUFDLENBQUMsS0FBSyxDQUFDLElBQUksS0FBSyxjQUFjO3dCQUM3QixDQUFDLENBQUMsR0FBRzt3QkFDTCxDQUFDLENBQUMsR0FBRyxDQUFBO1lBQ2IsR0FBRyxDQUFDLE1BQU0sQ0FBQyxVQUFVLENBQUMsQ0FBQyxJQUFJLENBQUM7Z0JBQzFCLE9BQU8sRUFBRSxLQUFLLENBQUMsT0FBTztnQkFDdEIsSUFBSSxFQUFFLEtBQUssQ0FBQyxJQUFJO2FBQ2pCLENBQUMsQ0FBQTtZQUNGLE9BQU07UUFDUixDQUFDO1FBRUQsTUFBTSxZQUFZLEdBQUcsS0FBSyxZQUFZLEtBQUssQ0FBQyxDQUFDLENBQUMsS0FBSyxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUMsZUFBZSxDQUFBO1FBQzdFLEdBQUcsQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLENBQUMsSUFBSSxDQUFDO1lBQ25CLE9BQU8sRUFBRSwrQkFBK0I7WUFDeEMsS0FBSyxFQUFFLFlBQVk7U0FDcEIsQ0FBQyxDQUFBO0lBQ0osQ0FBQztBQUNILENBQUMifQ==
|
|
@@ -9,8 +9,9 @@ exports.validateOrderStep = (0, workflows_sdk_1.createStep)("validate-return-ord
|
|
|
9
9
|
if (!order_id) {
|
|
10
10
|
throw new utils_1.MedusaError(utils_1.MedusaError.Types.INVALID_DATA, "order_id is required");
|
|
11
11
|
}
|
|
12
|
-
|
|
13
|
-
|
|
12
|
+
// customer_id is required: for logged-in users it's the customer id; for guests it's the guest_identifier (email)
|
|
13
|
+
if (!customer_id || typeof customer_id !== "string" || !customer_id.trim()) {
|
|
14
|
+
throw new utils_1.MedusaError(utils_1.MedusaError.Types.UNAUTHORIZED, "Customer authentication or guest identifier is required");
|
|
14
15
|
}
|
|
15
16
|
const remoteQuery = container.resolve(utils_2.ContainerRegistrationKeys.REMOTE_QUERY);
|
|
16
17
|
const queryObject = (0, utils_2.remoteQueryObjectFromString)({
|
|
@@ -52,8 +53,13 @@ exports.validateOrderStep = (0, workflows_sdk_1.createStep)("validate-return-ord
|
|
|
52
53
|
delivered_at: f.delivered_at,
|
|
53
54
|
})),
|
|
54
55
|
});
|
|
55
|
-
// Validate
|
|
56
|
-
|
|
56
|
+
// Validate ownership: logged-in (order.customer_id) or guest (order.email === guest_identifier)
|
|
57
|
+
const orderEmail = (orderData.email ?? "").toString().trim().toLowerCase();
|
|
58
|
+
const customerIdTrimmed = customer_id.trim();
|
|
59
|
+
const isGuestOrder = !orderCustomerId || orderCustomerId === "";
|
|
60
|
+
const isGuestAccess = isGuestOrder && orderEmail && customerIdTrimmed === orderEmail;
|
|
61
|
+
const isCustomerAccess = orderCustomerId && orderCustomerId === customerIdTrimmed;
|
|
62
|
+
if (!isCustomerAccess && !isGuestAccess) {
|
|
57
63
|
throw new utils_1.MedusaError(utils_1.MedusaError.Types.NOT_ALLOWED, "You can only create returns for your own orders");
|
|
58
64
|
}
|
|
59
65
|
// Eligibility validation: Check if order has fulfillments OR is marked as fulfilled
|
|
@@ -105,4 +111,4 @@ exports.validateOrderStep = (0, workflows_sdk_1.createStep)("validate-return-ord
|
|
|
105
111
|
order: order,
|
|
106
112
|
});
|
|
107
113
|
});
|
|
108
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
114
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidmFsaWRhdGUtb3JkZXItc3RlcC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uLy4uLy4uL3NyYy93b3JrZmxvd3Mvc3RlcHMvcmV0dXJuL3ZhbGlkYXRlLW9yZGVyLXN0ZXAudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQUEscURBQXVEO0FBQ3ZELHFFQUE0RTtBQUM1RSxxREFHa0M7QUF3QnJCLFFBQUEsaUJBQWlCLEdBQUcsSUFBQSwwQkFBVSxFQUN6Qyx1QkFBdUIsRUFDdkIsS0FBSyxFQUNILEtBQTZCLEVBQzdCLEVBQUUsU0FBUyxFQUFFLEVBQ21DLEVBQUU7SUFDbEQsTUFBTSxFQUFFLFFBQVEsRUFBRSxXQUFXLEVBQUUsR0FBRyxLQUFLLENBQUE7SUFFdkMsSUFBSSxDQUFDLFFBQVEsRUFBRSxDQUFDO1FBQ2QsTUFBTSxJQUFJLG1CQUFXLENBQ25CLG1CQUFXLENBQUMsS0FBSyxDQUFDLFlBQVksRUFDOUIsc0JBQXNCLENBQ3ZCLENBQUE7SUFDSCxDQUFDO0lBRUQsa0hBQWtIO0lBQ2xILElBQUksQ0FBQyxXQUFXLElBQUksT0FBTyxXQUFXLEtBQUssUUFBUSxJQUFJLENBQUMsV0FBVyxDQUFDLElBQUksRUFBRSxFQUFFLENBQUM7UUFDM0UsTUFBTSxJQUFJLG1CQUFXLENBQ25CLG1CQUFXLENBQUMsS0FBSyxDQUFDLFlBQVksRUFDOUIseURBQXlELENBQzFELENBQUE7SUFDSCxDQUFDO0lBRUQsTUFBTSxXQUFXLEdBQUcsU0FBUyxDQUFDLE9BQU8sQ0FDbkMsaUNBQXlCLENBQUMsWUFBWSxDQUN2QyxDQUFBO0lBRUQsTUFBTSxXQUFXLEdBQUcsSUFBQSxtQ0FBMkIsRUFBQztRQUM5QyxVQUFVLEVBQUUsT0FBTztRQUNuQixNQUFNLEVBQUU7WUFDTixJQUFJO1lBQ0osYUFBYTtZQUNiLE9BQU87WUFDUCxRQUFRO1lBQ1IsY0FBYztZQUNkLFlBQVk7WUFDWixTQUFTO1lBQ1QsZ0JBQWdCO1NBQ2pCO1FBQ0QsT0FBTyxFQUFFO1lBQ1AsRUFBRSxFQUFFLENBQUMsUUFBUSxDQUFDO1NBQ2Y7S0FDRixDQUFDLENBQUE7SUFFRixNQUFNLE1BQU0sR0FBRyxNQUFNLFdBQVcsQ0FBQyxXQUFXLENBQUMsQ0FBQTtJQUM3QyxNQUFNLFVBQVUsR0FBRyxLQUFLLENBQUMsT0FBTyxDQUFDLE1BQU0sQ0FBQyxDQUFDLENBQUMsQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDLE1BQU0sQ0FBQyxDQUFDLENBQUMsQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFBO0lBQzFFLE1BQU0sS0FBSyxHQUFHLFVBQVUsQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFVLEVBQUUsRUFBRTtRQUMzQyxNQUFNLEtBQUssR0FBRyxDQUFvQixDQUFBO1FBQ2xDLE9BQU8sS0FBSyxFQUFFLEVBQUUsS0FBSyxRQUFRLENBQUE7SUFDL0IsQ0FBQyxDQUFDLENBQUE7SUFFRixJQUFJLENBQUMsS0FBSyxFQUFFLENBQUM7UUFDWCxNQUFNLElBQUksbUJBQVcsQ0FDbkIsbUJBQVcsQ0FBQyxLQUFLLENBQUMsU0FBUyxFQUMzQixpQkFBaUIsUUFBUSxZQUFZLENBQ3RDLENBQUE7SUFDSCxDQUFDO0lBRUQsTUFBTSxTQUFTLEdBQUcsS0FhakIsQ0FBQTtJQUNELE1BQU0sZUFBZSxHQUFHLFNBQVMsQ0FBQyxXQUFXLENBQUE7SUFFN0MsT0FBTyxDQUFDLEdBQUcsQ0FBQyxtQ0FBbUMsRUFBRTtRQUMvQyxRQUFRO1FBQ1IsTUFBTSxFQUFFLFNBQVMsQ0FBQyxNQUFNO1FBQ3hCLFlBQVksRUFBRSxTQUFTLENBQUMsWUFBWTtRQUNwQyxrQkFBa0IsRUFBRSxTQUFTLENBQUMsWUFBWSxFQUFFLE1BQU0sSUFBSSxDQUFDO1FBQ3ZELFlBQVksRUFBRSxTQUFTLENBQUMsWUFBWSxFQUFFLEdBQUcsQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUM7WUFDOUMsRUFBRSxFQUFFLENBQUMsQ0FBQyxFQUFFO1lBQ1IsTUFBTSxFQUFFLENBQUMsQ0FBQyxNQUFNO1lBQ2hCLFVBQVUsRUFBRSxDQUFDLENBQUMsVUFBVTtZQUN4QixZQUFZLEVBQUUsQ0FBQyxDQUFDLFlBQVk7U0FDN0IsQ0FBQyxDQUFDO0tBQ0osQ0FBQyxDQUFBO0lBRUYsZ0dBQWdHO0lBQ2hHLE1BQU0sVUFBVSxHQUFHLENBQUMsU0FBUyxDQUFDLEtBQUssSUFBSSxFQUFFLENBQUMsQ0FBQyxRQUFRLEVBQUUsQ0FBQyxJQUFJLEVBQUUsQ0FBQyxXQUFXLEVBQUUsQ0FBQTtJQUMxRSxNQUFNLGlCQUFpQixHQUFHLFdBQVcsQ0FBQyxJQUFJLEVBQUUsQ0FBQTtJQUM1QyxNQUFNLFlBQVksR0FBRyxDQUFDLGVBQWUsSUFBSSxlQUFlLEtBQUssRUFBRSxDQUFBO0lBQy9ELE1BQU0sYUFBYSxHQUFHLFlBQVksSUFBSSxVQUFVLElBQUksaUJBQWlCLEtBQUssVUFBVSxDQUFBO0lBQ3BGLE1BQU0sZ0JBQWdCLEdBQUcsZUFBZSxJQUFJLGVBQWUsS0FBSyxpQkFBaUIsQ0FBQTtJQUVqRixJQUFJLENBQUMsZ0JBQWdCLElBQUksQ0FBQyxhQUFhLEVBQUUsQ0FBQztRQUN4QyxNQUFNLElBQUksbUJBQVcsQ0FDbkIsbUJBQVcsQ0FBQyxLQUFLLENBQUMsV0FBVyxFQUM3QixpREFBaUQsQ0FDbEQsQ0FBQTtJQUNILENBQUM7SUFFRCxvRkFBb0Y7SUFDcEYsTUFBTSxXQUFXLEdBQUcsU0FBUyxDQUFDLE1BQU0sQ0FBQTtJQUNwQyxNQUFNLGVBQWUsR0FBRyxTQUFTLENBQUMsWUFBWSxJQUFJLFNBQVMsQ0FBQyxZQUFZLENBQUMsTUFBTSxHQUFHLENBQUMsQ0FBQTtJQUNuRixNQUFNLGlCQUFpQixHQUFHLFdBQVcsS0FBSyxXQUFXLElBQUksV0FBVyxLQUFLLHFCQUFxQixDQUFBO0lBRTlGLGdFQUFnRTtJQUNoRSxJQUFJLENBQUMsZUFBZSxJQUFJLENBQUMsaUJBQWlCLEVBQUUsQ0FBQztRQUMzQyxNQUFNLElBQUksbUJBQVcsQ0FDbkIsbUJBQVcsQ0FBQyxLQUFLLENBQUMsWUFBWSxFQUM5QixvRkFBb0YsV0FBVyxJQUFJLFNBQVMsbUJBQW1CLGVBQWUsQ0FBQyxDQUFDLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxJQUFJLEVBQUUsQ0FDaEssQ0FBQTtJQUNILENBQUM7SUFFRCx1RkFBdUY7SUFDdkYsTUFBTSxZQUFZLEdBQUcsU0FBUyxDQUFDLFlBQVksSUFBSSxFQUFFLENBQUE7SUFDakQsSUFBSSxZQUFZLENBQUMsTUFBTSxHQUFHLENBQUMsRUFBRSxDQUFDO1FBQzVCLE1BQU0sdUJBQXVCLEdBQUcsWUFBWSxDQUFDLElBQUksQ0FBQyxDQUFDLFdBQVcsRUFBRSxFQUFFO1lBQ2hFLE1BQU0saUJBQWlCLEdBQUcsV0FBVyxDQUFDLE1BQU0sQ0FBQTtZQUM1QyxNQUFNLFdBQVcsR0FDZixXQUFXLENBQUMsWUFBWSxLQUFLLElBQUk7Z0JBQ2pDLFdBQVcsQ0FBQyxZQUFZLEtBQUssU0FBUyxDQUFBO1lBQ3hDLE1BQU0sU0FBUyxHQUNiLFdBQVcsQ0FBQyxVQUFVLEtBQUssSUFBSTtnQkFDL0IsV0FBVyxDQUFDLFVBQVUsS0FBSyxTQUFTLENBQUE7WUFDdEMsTUFBTSxXQUFXLEdBQ2YsaUJBQWlCLEtBQUssV0FBVztnQkFDakMsaUJBQWlCLEtBQUssU0FBUztnQkFDL0IsaUJBQWlCLEtBQUssV0FBVyxDQUFBO1lBQ25DLE1BQU0sVUFBVSxHQUNkLFdBQVcsQ0FBQyxXQUFXLEtBQUssSUFBSTtnQkFDaEMsV0FBVyxDQUFDLFdBQVcsS0FBSyxTQUFTLENBQUE7WUFFdkMsT0FBTyxDQUFDLFVBQVUsSUFBSSxDQUFDLFdBQVcsSUFBSSxTQUFTLElBQUksV0FBVyxDQUFDLENBQUE7UUFDakUsQ0FBQyxDQUFDLENBQUE7UUFFRixJQUFJLENBQUMsdUJBQXVCLElBQUksWUFBWSxDQUFDLE1BQU0sR0FBRyxDQUFDLEVBQUUsQ0FBQztZQUN4RCxNQUFNLElBQUksbUJBQVcsQ0FDbkIsbUJBQVcsQ0FBQyxLQUFLLENBQUMsWUFBWSxFQUM5Qiw0SEFBNEgsQ0FDN0gsQ0FBQTtRQUNILENBQUM7SUFDSCxDQUFDO1NBQU0sSUFBSSxDQUFDLFNBQVMsQ0FBQyxZQUFZLEVBQUUsQ0FBQztRQUNuQyxtRUFBbUU7UUFDbkUsTUFBTSxJQUFJLG1CQUFXLENBQ25CLG1CQUFXLENBQUMsS0FBSyxDQUFDLFlBQVksRUFDOUIsMERBQTBELENBQzNELENBQUE7SUFDSCxDQUFDO0lBRUQsaUZBQWlGO0lBQ2pGLE1BQU0sZUFBZSxHQUFHLFNBQVMsQ0FBQyxZQUFZO1FBQzVDLENBQUMsQ0FBQyxJQUFJLElBQUksQ0FBQyxTQUFTLENBQUMsWUFBWSxDQUFDO1FBQ2xDLENBQUMsQ0FBQyxTQUFTLENBQUMsVUFBVTtZQUN0QixDQUFDLENBQUMsSUFBSSxJQUFJLENBQUMsU0FBUyxDQUFDLFVBQVUsQ0FBQztZQUNoQyxDQUFDLENBQUMsSUFBSSxDQUFBO0lBRVIsSUFBSSxlQUFlLEVBQUUsQ0FBQztRQUNwQixNQUFNLG9CQUFvQixHQUFHLElBQUksQ0FBQyxLQUFLLENBQ3JDLENBQUMsSUFBSSxDQUFDLEdBQUcsRUFBRSxHQUFHLGVBQWUsQ0FBQyxPQUFPLEVBQUUsQ0FBQyxHQUFHLENBQUMsSUFBSSxHQUFHLEVBQUUsR0FBRyxFQUFFLEdBQUcsRUFBRSxDQUFDLENBQ2pFLENBQUE7UUFDRCxNQUFNLE9BQU8sR0FBRyxFQUFFLENBQUEsQ0FBQyxrQ0FBa0M7UUFFckQsSUFBSSxvQkFBb0IsR0FBRyxPQUFPLEVBQUUsQ0FBQztZQUNuQyxNQUFNLElBQUksbUJBQVcsQ0FDbkIsbUJBQVcsQ0FBQyxLQUFLLENBQUMsWUFBWSxFQUM5QixnREFBZ0QsT0FBTyxrQ0FBa0MsQ0FDMUYsQ0FBQTtRQUNILENBQUM7SUFDSCxDQUFDO0lBRUQsT0FBTyxJQUFJLDRCQUFZLENBQTBCO1FBQy9DLEtBQUssRUFBRSxLQUF5QztLQUNqRCxDQUFDLENBQUE7QUFDSixDQUFDLENBQ0YsQ0FBQSJ9
|