@akemona-org/strapi-admin 3.15.0 → 3.15.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/controllers/authentication.js +5 -0
  2. package/middlewares/auth/index.js +5 -12
  3. package/package.json +4 -4
  4. package/services/auth.js +17 -0
package/controllers/authentication.js CHANGED
@@ -20,6 +20,11 @@ module.exports = {
20
20
  return ctx.badImplementation();
21
21
  }
22
22
 
23
+ const accessAllowed = strapi.admin.services.auth.checkNetworkAccess(ctx.request.ip);
24
+ if (!accessAllowed) {
25
+ return ctx.badRequest('Access is not allowed from this network.');
26
+ }
27
+
23
28
  if (!user) {
24
29
  strapi.eventHub.emit('admin.auth.error', {
25
30
  error: new Error(info.message),
package/middlewares/auth/index.js CHANGED
@@ -7,18 +7,6 @@ module.exports = (strapi) => ({
7
7
  strapi.app.use(passportMiddleware);
8
8
 
9
9
  strapi.app.use(async (ctx, next) => {
10
- if (
11
- process.env.STRAPI_ADMIN_ENABLE_NETWORK_CHECK === 'true' &&
12
- process.env.STRAPI_ADMIN_ALLOWED_IP_LIST
13
- ) {
14
- const allowedList = process.env.STRAPI_ADMIN_ALLOWED_IP_LIST.split(',').map((item) =>
15
- item.trim()
16
- );
17
- if (!allowedList.includes(ctx.request.ip)) {
18
- return ctx.forbidden('Invalid network');
19
- }
20
- }
21
-
22
10
  if (
23
11
  ctx.request.header.authorization &&
24
12
  ctx.request.header.authorization.split(' ')[0] === 'Bearer'
@@ -35,6 +23,11 @@ module.exports = (strapi) => ({
35
23
  return ctx.forbidden('Invalid credentials');
36
24
  }
37
25
 
26
+ const accessAllowed = strapi.admin.services.auth.checkNetworkAccess(ctx.request.ip);
27
+ if (!accessAllowed) {
28
+ return ctx.forbidden('Invalid network');
29
+ }
30
+
38
31
  ctx.state.admin = admin;
39
32
  ctx.state.user = admin;
40
33
  ctx.state.userAbility =
package/package.json CHANGED
@@ -3,7 +3,7 @@
3
3
  "publishConfig": {
4
4
  "access": "public"
5
5
  },
6
- "version": "3.15.0",
6
+ "version": "3.15.2",
7
7
  "description": "Strapi Admin",
8
8
  "repository": {
9
9
  "type": "git",
@@ -17,8 +17,8 @@
17
17
  },
18
18
  "main": "index.js",
19
19
  "dependencies": {
20
- "@akemona-org/strapi-helper-plugin": "3.15.0",
21
- "@akemona-org/strapi-utils": "3.15.0",
20
+ "@akemona-org/strapi-helper-plugin": "3.15.2",
21
+ "@akemona-org/strapi-utils": "3.15.2",
22
22
  "@babel/core": "^7.14.0",
23
23
  "@babel/plugin-proposal-async-generator-functions": "^7.13.15",
24
24
  "@babel/plugin-proposal-class-properties": "^7.12.1",
@@ -125,5 +125,5 @@
125
125
  "devDependencies": {
126
126
  "webpack-bundle-analyzer": "4.4.0"
127
127
  },
128
- "gitHead": "885f45a8bf903e9a82babad9343befe5dff54796"
128
+ "gitHead": "0c7c8e5f9e88e61ddc086537cb425a7014b83539"
129
129
  }
package/services/auth.js CHANGED
@@ -19,6 +19,22 @@ const hashPassword = (password) => bcrypt.hash(password, 10);
19
19
  */
20
20
  const validatePassword = (password, hash) => bcrypt.compare(password, hash);
21
21
 
22
+ /**
23
+ *
24
+ * @param {string} ip
25
+ * @returns {boolean} is allowed
26
+ */
27
+ const checkNetworkAccess = (ip) => {
28
+ if (process.env.STRAPI_ADMIN_ENABLE_NETWORK_CHECK === 'true') {
29
+ const ipListStr = process.env.STRAPI_ADMIN_ALLOWED_IP_LIST ?? '';
30
+ const allowedList = ipListStr.split(',').map((item) => item.trim());
31
+ if (!allowedList.includes(ip)) {
32
+ return false;
33
+ }
34
+ }
35
+ return true;
36
+ };
37
+
22
38
  /**
23
39
  * Check login credentials
24
40
  * @param {Object} options
@@ -105,6 +121,7 @@ const resetPassword = async ({ resetPasswordToken, password } = {}) => {
105
121
  };
106
122
 
107
123
  module.exports = {
124
+ checkNetworkAccess,
108
125
  checkCredentials,
109
126
  validatePassword,
110
127
  hashPassword,