From bed00e154d35131305aa30a2e0f2aa006362ab81 Mon Sep 17 00:00:00 2001 From: Stevche Radevski Date: Fri, 6 Dec 2024 08:39:35 +0100 Subject: [PATCH 1/3] feat(js-sdk): Make credentials configurable in SDK (#10464) --- packages/core/js-sdk/src/client.ts | 19 ++++++++++++------- packages/core/js-sdk/src/types.ts | 1 + 2 files changed, 13 insertions(+), 7 deletions(-) diff --git a/packages/core/js-sdk/src/client.ts b/packages/core/js-sdk/src/client.ts index 025e0b7b0a6e0..14994129a463b 100644 --- a/packages/core/js-sdk/src/client.ts +++ b/packages/core/js-sdk/src/client.ts @@ -58,17 +58,20 @@ const normalizeRequest = ( body = JSON.stringify(body) } + // "credentials" is not supported in some environments (eg. on the backend), and it might throw an exception if the field is set. const isFetchCredentialsSupported = "credentials" in Request.prototype + // Oftentimes the server will be on a different origin, so we want to default to include + // Note that the cookie's SameSite attribute takes precedence over this setting. + const credentials = + config.auth?.type === "session" + ? config.auth?.fetchCredentials || "include" + : "omit" + return { ...init, headers, - // TODO: Setting this to "include" poses some security risks, as it will send cookies to any domain. We should consider making this configurable. - credentials: isFetchCredentialsSupported - ? config.auth?.type === "session" - ? "include" - : "omit" - : undefined, + credentials: isFetchCredentialsSupported ? credentials : undefined, ...(body ? { body: body as RequestInit["body"] } : {}), } as RequestInit } @@ -231,7 +234,9 @@ export class Client { let normalizedInput: RequestInfo | URL = input if (input instanceof URL || typeof input === "string") { const baseUrl = new URL(this.config.baseUrl) - const fullPath = `${baseUrl.pathname.replace(/\/$/, '')}/${input.toString().replace(/^\//, '')}` + const fullPath = `${baseUrl.pathname.replace(/\/$/, "")}/${input + .toString() + .replace(/^\//, "")}` normalizedInput = new URL(fullPath, baseUrl.origin) if (init?.query) { const params = Object.fromEntries( diff --git a/packages/core/js-sdk/src/types.ts b/packages/core/js-sdk/src/types.ts index af935549eab00..c4b08291f5f4f 100644 --- a/packages/core/js-sdk/src/types.ts +++ b/packages/core/js-sdk/src/types.ts @@ -14,6 +14,7 @@ export type Config = { type?: "jwt" | "session" jwtTokenStorageKey?: string jwtTokenStorageMethod?: "local" | "session" | "memory" | "nostore" + fetchCredentials?: "include" | "omit" | "same-origin" } logger?: Logger debug?: boolean From 597bffaab396931880c6986a889cbe9816a266e2 Mon Sep 17 00:00:00 2001 From: Shahed Nasser Date: Fri, 6 Dec 2024 09:53:34 +0200 Subject: [PATCH 2/3] fix(framework): add missing query type argument in request types (#10456) * fix(framework): add missing query type argument in request types * fix types --- .changeset/thick-cars-smash.md | 5 +++++ packages/core/framework/src/http/types.ts | 7 ++++--- 2 files changed, 9 insertions(+), 3 deletions(-) create mode 100644 .changeset/thick-cars-smash.md diff --git a/.changeset/thick-cars-smash.md b/.changeset/thick-cars-smash.md new file mode 100644 index 0000000000000..f28372c575cc3 --- /dev/null +++ b/.changeset/thick-cars-smash.md @@ -0,0 +1,5 @@ +--- +"@medusajs/framework": patch +--- + +fix(framework): add missing query type argument in request types diff --git a/packages/core/framework/src/http/types.ts b/packages/core/framework/src/http/types.ts index 1adff9d130563..9596b7e1b4a17 100644 --- a/packages/core/framework/src/http/types.ts +++ b/packages/core/framework/src/http/types.ts @@ -163,13 +163,14 @@ export interface PublishableKeyContext { sales_channel_ids: string[] } -export interface AuthenticatedMedusaRequest - extends MedusaRequest { +export interface AuthenticatedMedusaRequest> + extends MedusaRequest { auth_context: AuthContext publishable_key_context?: PublishableKeyContext } -export interface MedusaStoreRequest extends MedusaRequest { +export interface MedusaStoreRequest> + extends MedusaRequest { auth_context?: AuthContext publishable_key_context: PublishableKeyContext } From e3459b1f2fafba8417c84373bf4469a443d17542 Mon Sep 17 00:00:00 2001 From: Shahed Nasser Date: Fri, 6 Dec 2024 11:32:57 +0200 Subject: [PATCH 3/3] docs: fix links in extend product guide (#10472) * docs: fix links in extend product guide * fix links --- .../app/commerce-modules/cart/extend/page.mdx | 4 ++-- .../commerce-modules/customer/extend/page.mdx | 4 ++-- .../commerce-modules/product/extend/page.mdx | 22 +++++++++---------- .../promotion/extend/page.mdx | 8 +++---- 4 files changed, 19 insertions(+), 19 deletions(-) diff --git a/www/apps/resources/app/commerce-modules/cart/extend/page.mdx b/www/apps/resources/app/commerce-modules/cart/extend/page.mdx index 4480c7c545ad2..d9ccafc782795 100644 --- a/www/apps/resources/app/commerce-modules/cart/extend/page.mdx +++ b/www/apps/resources/app/commerce-modules/cart/extend/page.mdx @@ -43,7 +43,7 @@ This creates a `Custom` data model that has the `id` and `custom_name` propertie -Learn more about data models in [this guide](!docs!/learn/data-models). +Learn more about data models in [this guide](!docs!/learn/basics/modules#1-create-data-model). @@ -55,7 +55,7 @@ Next, you'll define a module link between the `Custom` and `Cart` data model. A -Learn more about module links in [this guide](!docs!/learn/module-links). +Learn more about module links in [this guide](!docs!/learn/advanced-development/module-links). diff --git a/www/apps/resources/app/commerce-modules/customer/extend/page.mdx b/www/apps/resources/app/commerce-modules/customer/extend/page.mdx index 002ef8106b372..352c3882100b9 100644 --- a/www/apps/resources/app/commerce-modules/customer/extend/page.mdx +++ b/www/apps/resources/app/commerce-modules/customer/extend/page.mdx @@ -49,7 +49,7 @@ This creates a `Custom` data model that has the `id` and `custom_name` propertie -Learn more about data models in [this guide](!docs!/learn/data-models). +Learn more about data models in [this guide](!docs!/learn/basics/modules#1-create-data-model). @@ -61,7 +61,7 @@ Next, you'll define a module link between the `Custom` and `Customer` data model -Learn more about module links in [this guide](!docs!/learn/module-links). +Learn more about module links in [this guide](!docs!/learn/advanced-development/module-links). diff --git a/www/apps/resources/app/commerce-modules/product/extend/page.mdx b/www/apps/resources/app/commerce-modules/product/extend/page.mdx index 8fa711147b796..decd74503559e 100644 --- a/www/apps/resources/app/commerce-modules/product/extend/page.mdx +++ b/www/apps/resources/app/commerce-modules/product/extend/page.mdx @@ -28,7 +28,7 @@ Consider you have a Hello Module defined in the `/src/modules/hello` directory. -If you don't have a module, follow [this guide](!docs!/basics/modules) to create one. +If you don't have a module, follow [this guide](!docs!/learn/basics/modules) to create one. @@ -49,7 +49,7 @@ This creates a `Custom` data model that has the `id` and `custom_name` propertie -Learn more about data models in [this guide](!docs!/data-models). +Learn more about data models in [this guide](!docs!/learn/basics/modules#1-create-data-model). @@ -61,7 +61,7 @@ Next, you'll define a module link between the `Custom` and `Product` data model. -Learn more about module links in [this guide](!docs!/module-links). +Learn more about module links in [this guide](!docs!/learn/advanced-development/module-links). @@ -88,7 +88,7 @@ This defines a link between the `Product` and `Custom` data models. Using this l items={[ { text: "Module must be registered in medusa-config.js", - link: "!docs!/basics/modules#4-add-module-to-configurations" + link: "!docs!/learn/basics/modules#4-add-module-to-configurations" } ]} /> @@ -121,7 +121,7 @@ To do that, you'll consume the [productsCreated](/references/medusa-workflows/cr -Learn more about workflow hooks in [this guide](!docs!/advanced-development/workflows/workflow-hooks). +Learn more about workflow hooks in [this guide](!docs!/learn/advanced-development/workflows/workflow-hooks). @@ -156,7 +156,7 @@ In the snippet above, you add a validation rule indicating that `custom_name` is -Learn more about additional data validation in [this guide](!docs!/advanced-development/api-routes/additional-data). +Learn more about additional data validation in [this guide](!docs!/learn/advanced-development/api-routes/additional-data). @@ -208,7 +208,7 @@ In the compensation function that undoes the step's actions in case of an error, -Learn more about compensation functions in [this guide](!docs!/advanced-development/workflows/compensation-function). +Learn more about compensation functions in [this guide](!docs!/learn/advanced-development/workflows/compensation-function). @@ -266,9 +266,9 @@ The workflow accepts as an input the created product and the `additional_data` p In the workflow, you: -1. Use the `transform` utility to get the value of `custom_name` based on whether it's set in `additional_data`. Learn more about why you can't use conditional operators in a workflow without using `transform` in [this guide](!docs!/advanced-development/workflows/conditions#why-if-conditions-arent-allowed-in-workflows). +1. Use the `transform` utility to get the value of `custom_name` based on whether it's set in `additional_data`. Learn more about why you can't use conditional operators in a workflow without using `transform` in [this guide](!docs!/learn/advanced-development/workflows/conditions#why-if-conditions-arent-allowed-in-workflows). 2. Create the `Custom` record using the `createCustomStep`. -3. Use the `when-then` utility to link the product to the `Custom` record if it was created. Learn more about why you can't use if-then conditions in a workflow without using `when-then` in [this guide](!docs!/advanced-development/workflows/conditions#why-if-conditions-arent-allowed-in-workflows). +3. Use the `when-then` utility to link the product to the `Custom` record if it was created. Learn more about why you can't use if-then conditions in a workflow without using `when-then` in [this guide](!docs!/learn/advanced-development/workflows/conditions#why-if-conditions-arent-allowed-in-workflows). You'll next execute the workflow in the hook handler. @@ -373,7 +373,7 @@ Among the returned `product` object, you'll find a `custom` property which holds ### Retrieve using Query -You can also retrieve the `Custom` record linked to a product in your code using [Query](!docs!/advanced-development/module-links/query). +You can also retrieve the `Custom` record linked to a product in your code using [Query](!docs!/learn/advanced-development/module-links/query). For example: @@ -387,7 +387,7 @@ const { data: [product] } = await query.graph({ }) ``` -Learn more about how to use Query in [this guide](!docs!/advanced-development/module-links/query). +Learn more about how to use Query in [this guide](!docs!/learn/advanced-development/module-links/query). --- diff --git a/www/apps/resources/app/commerce-modules/promotion/extend/page.mdx b/www/apps/resources/app/commerce-modules/promotion/extend/page.mdx index fc54f108b4844..56b7489e75c25 100644 --- a/www/apps/resources/app/commerce-modules/promotion/extend/page.mdx +++ b/www/apps/resources/app/commerce-modules/promotion/extend/page.mdx @@ -28,7 +28,7 @@ Consider you have a Hello Module defined in the `/src/modules/hello` directory. -If you don't have a module, follow [this guide](!docs!/basics/modules) to create one. +If you don't have a module, follow [this guide](!docs!/learn/basics/modules) to create one. @@ -49,7 +49,7 @@ This creates a `Custom` data model that has the `id` and `custom_name` propertie -Learn more about data models in [this guide](!docs!/data-models). +Learn more about data models in [this guide](!docs!/learn/basics/modules#1-create-data-model). @@ -61,7 +61,7 @@ Next, you'll define a module link between the `Custom` and `Promotion` data mode -Learn more about module links in [this guide](!docs!/module-links). +Learn more about module links in [this guide](!docs!/learn/advanced-development/module-links). @@ -88,7 +88,7 @@ This defines a link between the `Promotion` and `Custom` data models. Using this items={[ { text: "Module must be registered in medusa-config.js", - link: "!docs!/basics/modules#4-add-module-to-configurations" + link: "!docs!/learn/basics/modules#4-add-module-to-configurations" } ]} />