I have a middleware function isValidStore that checks for the presence of a store_id header in incoming requests. However, req.headers does not include store_id and always returns undefined.
Middleware Code:
import Store from "../../database/models/stores/Store.model.js";
export const isValidStore = async (req, res, next) => {
const storeId = req.headers.store_id;
console.log(req.headers)
console.log("storeId", storeId);
if (!storeId) {
return res.status(401).json({ error: "Store ID not provided" });
}
try {
const store = await Store.findById(storeId).exec();
if (!store) {
return res.status(404).json({ error: "Store not found" });
}
if (store.isDisabled) {
return res.status(403).json({ error: "Store is disabled" });
}
req.store = store;
next();
} catch (error) {
console.error("Error validating store:", error);
return res.status(500).json({ error: "Internal Server Error" });
}
};
export const checkFeatureAccess = (packageTypes) => async (req, res, next) => {
const store = req.store;
if (!store) {
return res.status(401).json({ error: "Store not valid" });
}
try {
if (packageTypes.includes(store?.package)) {
next();
} else {
return res.status(403).json({ error: "Store does not have access to this feature" });
}
} catch (error) {
console.error("Error checking feature access:", error);
return res.status(500).json({ error: "Internal Server Error" });
}
};
Request Code:
const headers = {
"Content-Type": "application/json",
store_id: Constants.store_id,
};
export const registerWithEmailAndPassword = async ({
first_name,
last_name,
email,
password,
confirm_password,
}) => {
try {
const { data } = await axios.post(
`${Constants.api}/${Api_Routes.Register}`,
{ first_name, last_name, email, password, confirm_password },
{
headers,
}
);
} catch (error) {
console.log(error);
toast.error(error.response?.data?.error || "An Error Occured");
}
};
CORS Configuration:
const corsOptions = {
origin: "*",
allowedHeaders: ["Content-Type", "Authorization", "Store_id"],
exposedHeaders: ["Store_id"],
methods: ["GET", "POST", "PUT", "DELETE", "OPTIONS"],
};
import api_routes from "./routes/index.js";
const app = express();
app.use(bodyParser.json());
app.use(cors(corsOptions));
app.options("*", cors(corsOptions));
Observed req.headers Output:
{
accept: 'application/json, text/plain, */*',
host: 'localhost:8081',
'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36',
'accept-encoding': 'gzip, deflate, br, zstd',
'accept-language': 'en-US,en;q=0.9',
origin: 'http://localhost:3000',
referer: 'http://localhost:3000/',
'x-request-id': 'e4f53805bf9fb188ea4ba074d00b5fbc',
'x-real-ip': '',
'x-forwarded-port': '443',
'x-forwarded-scheme': 'https',
'x-original-uri': '/api/auth/register',
'x-scheme': 'https',
'sec-ch-ua': '"Not/A)Brand";v="8", "Chromium";v="126", "Google Chrome";v="126"',
'sec-ch-ua-mobile': '?0',
'sec-ch-ua-platform': '"Windows"',
'sec-fetch-site': 'cross-site',
'sec-fetch-mode': 'cors',
'sec-fetch-dest': 'empty',
priority: 'u=1, i',
'x-original-proto': 'https',
'x-forwarded-proto': 'https',
'x-forwarded-host': '',
'x-forwarded-for': '',
'proxy-connection': 'Keep-Alive',
'content-type': 'application/json',
'content-length': '133'
}
Questions:
- Why is the
store_idheader not appearing inreq.headers? - Is there any additional configuration needed to ensure the
store_idheader is included in the request?
Any help or insights would be greatly appreciated!
Steps Taken:
- Verified that
store_idis included in the headers object in the request code. - Checked CORS configuration to ensure
Store_idis listed inallowedHeaders.