fix(medusa): throw proper error when product doesn't exist w/ key header (medusajs#5745)

**What**
- ensure that an error is raised properly if the requested product doesn't exist and a publishable-key header is set

**Why**
- previously endpoints would hang if the product didn't exist and requests would time out


closes medusajs#5724

Author: pKorsholm

.changeset/tough-wombats-tan.md

@@ -0,0 +1,5 @@
+---
+"@medusajs/medusa": patch
+---
+
+fix(medusa): raise error properly in api-key middleware if product is not found

integration-tests/api/__tests__/admin/publishable-api-key.js

@@ -385,13 +385,11 @@ describe("Publishable API keys", () => {
       })
 
       await dbConnection.manager.query(
-        `INSERT INTO 
-            publishable_api_key_sales_channel 
-            (publishable_key_id, sales_channel_id)
-         VALUES
-             ('${pubKeyId}', '${salesChannel1.id}'),
-             ('${pubKeyId}', '${salesChannel2.id}'),
-             ('${pubKeyId}', '${salesChannel3.id}');`
+        `INSERT INTO publishable_api_key_sales_channel
+             (publishable_key_id, sales_channel_id)
+         VALUES ('${pubKeyId}', '${salesChannel1.id}'),
+                ('${pubKeyId}', '${salesChannel2.id}'),
+                ('${pubKeyId}', '${salesChannel3.id}');`
       )
     })
 
@@ -468,12 +466,10 @@ describe("Publishable API keys", () => {
       })
 
       await dbConnection.manager.query(
-        `INSERT INTO
-             publishable_api_key_sales_channel
+        `INSERT INTO publishable_api_key_sales_channel
              (publishable_key_id, sales_channel_id)
-         VALUES
-             ('${pubKeyId}', '${salesChannel1.id}'),
-             ('${pubKeyId}', '${salesChannel2.id}');`
+         VALUES ('${pubKeyId}', '${salesChannel1.id}'),
+                ('${pubKeyId}', '${salesChannel2.id}');`
       )
     })
 
@@ -856,6 +852,62 @@ describe("Publishable API keys", () => {
       expect(response.status).toEqual(400)
     })
 
+    it("should return 404 when the requested variant doesn't exist", async () => {
+      const api = useApi()
+
+      await api.post(
+        `/admin/publishable-api-keys/${pubKeyId}/sales-channels/batch`,
+        {
+          sales_channel_ids: [{ id: salesChannel1.id }],
+        },
+        adminHeaders
+      )
+
+      const response = await api
+        .get(`/store/variants/does-not-exist`, {
+          headers: {
+            "x-medusa-access-token": "test_token",
+            "x-publishable-api-key": pubKeyId,
+          },
+        })
+        .catch((err) => {
+          return err.response
+        })
+
+      expect(response.status).toEqual(404)
+      expect(response.data.message).toEqual(
+        "Variant with id: does-not-exist was not found"
+      )
+    })
+
+    it("should return 404 when the requested product doesn't exist", async () => {
+      const api = useApi()
+
+      await api.post(
+        `/admin/publishable-api-keys/${pubKeyId}/sales-channels/batch`,
+        {
+          sales_channel_ids: [{ id: salesChannel1.id }],
+        },
+        adminHeaders
+      )
+
+      const response = await api
+        .get(`/store/products/does-not-exist`, {
+          headers: {
+            "x-medusa-access-token": "test_token",
+            "x-publishable-api-key": pubKeyId,
+          },
+        })
+        .catch((err) => {
+          return err.response
+        })
+
+      expect(response.status).toEqual(404)
+      expect(response.data.message).toEqual(
+        "Product with id: does-not-exist was not found"
+      )
+    })
+
     it("correctly returns a product if passed PK has no associated SCs", async () => {
       const api = useApi()
 

packages/medusa/src/api/middlewares/publishable-api-key/validate-product-sales-channel-association.ts

@@ -26,13 +26,18 @@ async function validateProductSalesChannelAssociation(
     const { sales_channel_ids: salesChannelIds } =
       await publishableKeyService.getResourceScopes(pubKey)
 
-    if (
-      salesChannelIds.length &&
-      !(await productService.isProductInSalesChannels(
+    let isProductInSalesChannel = false
+
+    try {
+      isProductInSalesChannel = await productService.isProductInSalesChannels(
         req.params.id,
         salesChannelIds
-      ))
-    ) {
+      )
+    } catch (error) {
+      next(error)
+    }
+
+    if (salesChannelIds.length && !isProductInSalesChannel) {
       req.errors = req.errors ?? []
       req.errors.push(
         `Product with id: ${req.params.id} is not associated with sales channels defined by the Publishable API Key passed in the header of the request.`

packages/medusa/src/api/middlewares/publishable-api-key/validate-variant-sales-channel-association.ts

@@ -28,13 +28,19 @@ async function validateProductVariantSalesChannelAssociation(
     const { sales_channel_ids: salesChannelIds } =
       await publishableKeyService.getResourceScopes(pubKey)
 
-    if (
-      salesChannelIds.length &&
-      !(await productVariantService.isVariantInSalesChannels(
-        req.params.id,
-        salesChannelIds
-      ))
-    ) {
+    let isVariantInSalesChannel = false
+
+    try {
+      isVariantInSalesChannel =
+        await productVariantService.isVariantInSalesChannels(
+          req.params.id,
+          salesChannelIds
+        )
+    } catch (error) {
+      next(error)
+    }
+
+    if (salesChannelIds.length && !isVariantInSalesChannel) {
       req.errors = req.errors ?? []
       req.errors.push(
         `Variant with id: ${req.params.id} is not associated with sales channels defined by the Publishable API Key passed in the header of the request.`