Restricting Default Channel

[porl]

Hi all

I am in the process of evaluating Vendure for a "multi store" setup.

We have a basic shop-front with a few simple products, but also "VIP customers" that essentially need their own stores (think a sports club with their own team designs).

I did not realise that the default channel is required to have every product listed on it. I imagined a default channel of a few items, and then items assigned other channels only would not appear there. Obviously that is not how Vendure is designed.

My first thought for a solution where a "casual" customer would only see a few things was to override the requests with a general channel set (the 'vendure-token' http header). Then all the other customers would have their 'vendure-token' set differently.

But then if someone modifies their http headers somehow (maliciously or accidentally or bug-related or what have you) and removes that header variable then they will see every product by every club.

How can I force a cut-down "default" channel that is not the inbuilt default-channel (and cannot be accidentally bypassed)? I've been happy with what I've seen in Vendure so far but this is a major make-or-break feature we will need to work around.

Thanks

[michaelbromley]

Hi,

A solution for this could be to create a custom middleware which enforces that each incoming request to the Shop API includes one of the valid channel tokens for a non-default channel.