Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unauthorized Accession to Product Route #45

Closed
Sr52-tech opened this issue Mar 26, 2025 · 4 comments
Closed

Unauthorized Accession to Product Route #45

Sr52-tech opened this issue Mar 26, 2025 · 4 comments

Comments

@Sr52-tech
Copy link

Sr52-tech commented Mar 26, 2025
edited
Loading

Hello there, I'm following the marketplace recipe and made it until step 6 -> creating product route, have followed the exact steps yet, when I test it I get {"message":"Unauthorized"}

I started with the authentication first I registered a vendor:

curl -X POST 'http://localhost:9000/auth/vendor/emailpass/register' \
-H 'Content-Type: application/json' \
--data-raw '{
    "email": "[email protected]",
    "password": "supersecret"
}'

received a token and I have put it here:

curl -X POST 'http://localhost:9000/vendors' \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer {token}' \
--data-raw '{
    "name": "Acme",
    "handle": "acme",
    "admin": {
        "email": "[email protected],
        "first_name": "Admin",
        "last_name": "Acme"
    }
}'

then I loged in:

curl -X POST 'http://localhost:9000/auth/vendor/emailpass' \
-H 'Content-Type: application/json' \
--data-raw '{
    "email": "[email protected],
    "password": "supersecret"
}'

after logging in I recived a token I took it and putted it here:

curl -X POST 'http://localhost:9000/vendors/products' \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer {token}' \
--data '{
    "title": "T-Shirt",
    "status": "published",
    "options": [
        {
            "title": "Color",
            "values": ["Blue"]
        }
    ],
    "variants": [
        {
            "title": "T-Shirt",
            "prices": [
                {
                    "currency_code": "eur",
                    "amount": 10
                }
            ],
            "manage_inventory": false,
            "options": {
                "Color": "Blue"
            }
        }
    ]
}'

and finally, got this message {"message":"Unauthorized"}

according to chatGPT the problem is in product route

import { 
  AuthenticatedMedusaRequest, 
  MedusaResponse,
} from "@medusajs/framework/http"
import { 
  HttpTypes,
} from "@medusajs/framework/types"
import createVendorProductWorkflow from "../../../workflows/marketplace/create-vendor-product"

export const POST = async (
  req: AuthenticatedMedusaRequest<HttpTypes.AdminCreateProduct>,
  res: MedusaResponse
) => {
  const { result } = await createVendorProductWorkflow(req.scope)
    .run({
      input: {
        vendor_admin_id: req.auth_context.actor_id,
        product: req.validatedBody,
      },
    })

  res.json({
    product: result.product,
  })
}

node: v22.14.0
docs: https://docs.medusajs.com/resources/recipes/marketplace/examples/vendors#test-it-out-1
OS: MacOS
Medusa: 2.6.1
@shahednasser
Copy link
Member

Hi @Sr52-tech , if you're getting Unauthorized it's not a problem in the route, because it means the authentication middleware blocked you before reaching the route.

Can you double check and make sure that you're passing the correct token in the header? And if that doesn't work, please share the content of src/api/middlewares.ts

@Sr52-tech
Copy link
Author

Hi @Sr52-tech , if you're getting Unauthorized it's not a problem in the route, because it means the authentication middleware blocked you before reaching the route.

Can you double check and make sure that you're passing the correct token in the header? And if that doesn't work, please share the content of src/api/middlewares.ts

yes did not work here is the src/api/middlewares.ts

import { 
  defineMiddlewares, 
  authenticate, 
  validateAndTransformBody,
} from "@medusajs/framework/http"
import { PostVendorCreateSchema } from "./vendors/route"

export default defineMiddlewares({
  routes: [
    {
      matcher: "/vendors",
      method: ["POST"],
      middlewares: [
        authenticate("vendor", ["session", "bearer"], {
          allowUnregistered: true,
        }),
        validateAndTransformBody(PostVendorCreateSchema),
      ],
    },
    {
      matcher: "/vendors/*",
      middlewares: [
        authenticate("vendor", ["session", "bearer"]),
      ],
    },
  ],
})

@shahednasser
Copy link
Member

You didn't add the middleware mentioned here. Adding it will fix your issue.

@Sr52-tech
Copy link
Author

You didn't add the middleware mentioned here. Adding it will fix your issue.

worked! thank you so much

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@shahednasser @Sr52-tech