Routes starting with /store/customers/me are not protected by default

[matteoxplo]

Bug report

Describe the bug

I'm following the guide about protected route where is written that "Routes starting with /admin require an authenticated admin user." and "Routes starting with /store/customers/me require an authenticated customer.". This is correctly working for routes that starts with "/admin", but if i create a route under "/store/customers/me" it's not protected by default.

System information

Medusa version (including plugins): preview (v2.0.7) Node.js version: 20.17.0 Database: PostgreSQL 16 Operating system: MacOS Sonoma Browser (if relevant):

Steps to reproduce the behavior

1. Create a file like src/api/store/customers/me/custom/route.ts
2. Add a standard endpoint function (i've tried both GET or POST) like:

   
   import { MedusaRequest, MedusaResponse } from "@medusajs/medusa";

export async function GET( req: MedusaRequest, res: MedusaResponse ): Promise { res.sendStatus(200); }

3. Do a simple request to this endpoint and it will return the 200 response, not the "401 Unauthorized"

### Expected behavior

It should return unauthorized unless `export const AUTHENTICATE = false` is setted.

### Screenshots

![Screenshot 2024-09-03 at 22 52 40](https://github.com/user-attachments/assets/b75edcd0-8242-424a-8c1a-ce03400057bb)

[olivermrbl]

Nice catch. In Medusa 2.0, custom store routes won't be authenticated by default. You will need to manually add the authentication middleware.

We'll get the docs updated.