Skip to main content

Example: Access Logged-In User

In this document, you’ll see an example of how you can use middlewares and endpoints to register the logged-in user in the dependency container of your commerce application. You can then access the logged-in user in other resources, such as services.

This guide showcases how to register the logged-in admin user, but you can apply the same steps if you want to register the current customer.

This documentation does not explain the basics of middlewares and endpoints. You can refer to their respective guides for more details about each.

Step 1: Create the Middleware

Create the file src/api/middlewares/logged-in-user.ts with the following content:

import { User, UserService } from "@medusajs/medusa"

export async function registerLoggedInUser(req, res, next) {
let loggedInUser: User | null = null

if (req.user && req.user.userId) {
const userService =
req.scope.resolve("userService") as UserService
loggedInUser = await userService.retrieve(req.user.userId)

loggedInUser: {
resolve: () => loggedInUser,


This retrieves the ID of the current user to retrieve an instance of it, then registers it in the scope under the name loggedInUser.

Step 2: Apply Middleware on Endpoint

If you don't have the cors package installed, make sure to install it first:

npm install cors

Then, create the file src/api/routes/create-product.ts with the following content:

import cors from "cors"
import { Router } from "express"
import {
} from "../middlewares/logged-in-user"
from "@medusajs/medusa/dist/api/middlewares/authenticate"

const router = Router()

export default function (adminCorsOptions) {
// This router will be applied before the core routes.
// Therefore, the middleware will be executed
// before the create product handler is hit
return router

In the example above, the middleware is applied on the /admin/products core endpoint. However, you can apply it on any other endpoint. You can also apply it to custom endpoints.

For endpoints that require Cross-Origin Resource Origin (CORS) options, such as core endpoints, you must pass the CORS options to the middleware as well since it will be executed before the underlying endpoint.

In the above code snippet, the authenticate middleware imported from @medusajs/medusa is used to ensure that the user is logged in first. If you're implementing this for middleware to register the logged-in customer, make sure to use the customer's authenticate middleware.

Step 3: Register Endpoint in the API

Create the file src/api/index.ts with the following content:

import configLoader from "@medusajs/medusa/dist/loaders/config"
import createProductRouter from "./routes/create-product"

export default function (rootDirectory: string) {
const config = configLoader(rootDirectory)

const adminCors = {
origin: config.projectConfig.admin_cors.split(","),
credentials: true,

const productRouters = [

return [...productRouters]

This exports an array of endpoints, one of them being the product endpoint that you applied the middleware on in the second step. You can export more endpoints as well.

Step 4: Use in a Service

You can now access the logged-in user in a service. For example, to access it in a custom service:

import { Lifetime } from "awilix"
import {
} from "@medusajs/medusa"

class HelloService extends TransactionBaseService {

protected readonly loggedInUser_: User | null

constructor(container, options) {

try {
this.loggedInUser_ = container.loggedInUser
} catch (e) {
// avoid errors when backend first runs

// ...

export default HelloService

If you're accessing it in an extended core service, it’s important to change the lifetime of the service to Lifetime.SCOPED. For example:

import { Lifetime } from "awilix"
import {
ProductService as MedusaProductService,
} from "@medusajs/medusa"

// extend core product service
class ProductService extends MedusaProductService {
// The default life time for a core service is SINGLETON
static LIFE_TIME = Lifetime.SCOPED

protected readonly loggedInUser_: User | null

constructor(container, options) {

this.loggedInUser_ = container.loggedInUser

export default ProductService

You can learn more about the importance of changing the service lifetime in the Middlewares documentation.

Step 5: Test it Out

To test out your implementation, run the following command in the root directory of the Medusa backend to transpile your changes:

npm run build

Then, run your backend with the following command:

npx medusa develop

If you try accessing the endpoints you added the middleware to, you should see your implementation working as expected.


AwilixResolutionError: Could Not Resolve X
AwilixResolutionError: Could Not Resolve X (Custom Registration)
Was this section helpful?