@akemona-org/strapi 3.7.0

package/lib/middlewares/cors/index.js

@@ -0,0 +1,66 @@
+'use strict';
+
+/**
+ * Module dependencies
+ */
+const cors = require('@koa/cors');
+
+const defaults = {
+  origin: '*',
+  maxAge: 31536000,
+  credentials: true,
+  methods: ['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'HEAD', 'OPTIONS'],
+  headers: ['Content-Type', 'Authorization', 'Origin', 'Accept'],
+  keepHeadersOnError: false,
+};
+
+module.exports = strapi => {
+  return {
+    /**
+     * Initialize the hook
+     */
+    initialize() {
+      const {
+        origin,
+        expose,
+        maxAge,
+        credentials,
+        methods,
+        headers,
+        keepHeadersOnError,
+      } = Object.assign({}, defaults, strapi.config.get('middleware.settings.cors'));
+
+      strapi.app.use(
+        cors({
+          origin: async function(ctx) {
+            let originList;
+
+            if (typeof origin === 'function') {
+              originList = await origin(ctx);
+            } else {
+              originList = origin;
+            }
+
+            const whitelist = Array.isArray(originList) ? originList : originList.split(/\s*,\s*/);
+
+            const requestOrigin = ctx.accept.headers.origin;
+            if (whitelist.includes('*')) {
+              return '*';
+            }
+
+            if (!whitelist.includes(requestOrigin)) {
+              return ctx.throw(`${requestOrigin} is not a valid origin`);
+            }
+            return requestOrigin;
+          },
+          exposeHeaders: expose,
+          maxAge,
+          credentials,
+          allowMethods: methods,
+          allowHeaders: headers,
+          keepHeadersOnError,
+        })
+      );
+    },
+  };
+};

package/lib/middlewares/cron/defaults.json

@@ -0,0 +1,5 @@
+{
+  "cron": {
+    "enabled": true
+  }
+}

package/lib/middlewares/cron/index.js

@@ -0,0 +1,43 @@
+'use strict';
+
+/**
+ * Module dependencies
+ */
+
+// Public node modules.
+const _ = require('lodash');
+const cron = require('node-schedule');
+
+/**
+ * CRON hook
+ */
+
+module.exports = strapi => {
+  return {
+    /**
+     * Initialize the hook
+     */
+
+    initialize() {
+      if (strapi.config.get('server.cron.enabled', false) === true) {
+        _.forEach(_.keys(strapi.config.get('functions.cron', {})), taskExpression => {
+          const taskValue = strapi.config.functions.cron[taskExpression];
+
+          if (_.isFunction(taskValue)) {
+            return cron.scheduleJob(taskExpression, taskValue);
+          }
+
+          const options = _.get(taskValue, 'options', {});
+
+          cron.scheduleJob(
+            {
+              rule: taskExpression,
+              ...options,
+            },
+            taskValue.task
+          );
+        });
+      }
+    },
+  };
+};

package/lib/middlewares/csp/defaults.json

@@ -0,0 +1,5 @@
+{
+  "csp": {
+    "enabled": false
+  }
+}

package/lib/middlewares/csp/index.js

@@ -0,0 +1,26 @@
+'use strict';
+
+const convert = require('koa-convert');
+const { csp } = require('koa-lusca');
+/**
+ * CSP hook
+ */
+
+module.exports = strapi => {
+  return {
+    /**
+     * Initialize the hook
+     */
+
+    initialize() {
+      strapi.app.use(async (ctx, next) => {
+        if (ctx.request.admin) return await next();
+
+        return await convert(csp(strapi.config.middleware.settings.csp))(
+          ctx,
+          next
+        );
+      });
+    },
+  };
+};

package/lib/middlewares/favicon/defaults.json

@@ -0,0 +1,7 @@
+{
+  "favicon": {
+    "enabled": true,
+    "path": "favicon.ico",
+    "maxAge": 86400000
+  }
+}

package/lib/middlewares/favicon/index.js

@@ -0,0 +1,35 @@
+'use strict';
+
+/**
+ * Module dependencies
+ */
+
+// Node.js core.
+const { resolve } = require('path');
+const favicon = require('koa-favicon');
+
+/**
+ * Favicon hook
+ */
+
+module.exports = strapi => {
+  return {
+    /**
+     * Initialize the hook
+     */
+
+    initialize() {
+      const { dir } = strapi;
+      const {
+        maxAge,
+        path: faviconPath,
+      } = strapi.config.middleware.settings.favicon;
+
+      strapi.app.use(
+        favicon(resolve(dir, faviconPath), {
+          maxAge,
+        })
+      );
+    },
+  };
+};

package/lib/middlewares/gzip/defaults.json

@@ -0,0 +1,6 @@
+{
+  "gzip": {
+    "enabled": false,
+    "options": {}
+  }
+}

package/lib/middlewares/gzip/index.js

@@ -0,0 +1,19 @@
+'use strict';
+
+/**
+ * Gzip hook
+ */
+const compress = require('koa-compress');
+
+module.exports = strapi => {
+  return {
+    /**
+     * Initialize the hook
+     */
+
+    initialize() {
+      const { options = {} } = strapi.config.middleware.settings.gzip;
+      strapi.app.use(compress(options));
+    },
+  };
+};

package/lib/middlewares/hsts/defaults.json

@@ -0,0 +1,7 @@
+{
+  "hsts": {
+    "enabled": true,
+    "maxAge": 31536000,
+    "includeSubDomains": true
+  }
+}

package/lib/middlewares/hsts/index.js

@@ -0,0 +1,30 @@
+'use strict';
+
+/**
+ * Module dependencies
+ */
+const convert = require('koa-convert');
+const { hsts } = require('koa-lusca');
+
+/**
+ * HSTS hook
+ */
+
+module.exports = strapi => {
+  return {
+    /**
+     * Initialize the hook
+     */
+
+    initialize() {
+      strapi.app.use(async (ctx, next) => {
+        if (ctx.request.admin) return next();
+
+        return await convert(hsts(strapi.config.middleware.settings.hsts))(
+          ctx,
+          next
+        );
+      });
+    },
+  };
+};

package/lib/middlewares/index.js

@@ -0,0 +1,120 @@
+'use strict';
+
+const { uniq, difference, get, isUndefined, merge } = require('lodash');
+
+const requiredMiddlewares = [
+  'responses',
+  'router',
+  'logger',
+  'boom',
+  'cors',
+  'cron',
+  'xframe',
+  'xss',
+  'public',
+  'favicon',
+];
+
+module.exports = async function() {
+  /** Utils */
+  const middlewareConfig = this.config.middleware;
+
+  // check if a middleware exists
+  const middlewareExists = key => {
+    return !isUndefined(this.middleware[key]);
+  };
+
+  // check if a middleware is enabled
+  const middlewareEnabled = key => {
+    return (
+      requiredMiddlewares.includes(key) ||
+      get(middlewareConfig, ['settings', key, 'enabled'], false) === true
+    );
+  };
+
+  // list of enabled middlewares
+  const enabledMiddlewares = Object.keys(this.middleware).filter(middlewareEnabled);
+
+  // Method to initialize middlewares and emit an event.
+  const initialize = middlewareKey => {
+    if (this.middleware[middlewareKey].loaded === true) return;
+
+    const module = this.middleware[middlewareKey].load;
+
+    return new Promise((resolve, reject) => {
+      const timeout = setTimeout(
+        () => reject(`(middleware: ${middlewareKey}) is taking too long to load.`),
+        middlewareConfig.timeout || 1000
+      );
+
+      this.middleware[middlewareKey] = merge(this.middleware[middlewareKey], module);
+
+      Promise.resolve()
+        .then(() => module.initialize())
+        .then(() => {
+          clearTimeout(timeout);
+          this.middleware[middlewareKey].loaded = true;
+          resolve();
+        })
+        .catch(err => {
+          clearTimeout(timeout);
+
+          if (err) {
+            return reject(err);
+          }
+        });
+    });
+  };
+
+  /**
+   * Run init functions
+   */
+
+  // Run beforeInitialize of every middleware
+  await Promise.all(
+    enabledMiddlewares.map(key => {
+      const { beforeInitialize } = this.middleware[key].load;
+      if (typeof beforeInitialize === 'function') {
+        return beforeInitialize();
+      }
+    })
+  );
+
+  // run the initialization of an array of middlewares sequentially
+  const initMiddlewaresSeq = async middlewareArr => {
+    for (let key of uniq(middlewareArr)) {
+      await initialize(key);
+    }
+  };
+
+  const middlewaresBefore = get(middlewareConfig, 'load.before', [])
+    .filter(middlewareExists)
+    .filter(middlewareEnabled);
+
+  const middlewaresAfter = get(middlewareConfig, 'load.after', [])
+    .filter(middlewareExists)
+    .filter(middlewareEnabled);
+
+  const middlewaresOrder = get(middlewareConfig, 'load.order', [])
+    .filter(middlewareExists)
+    .filter(middlewareEnabled);
+
+  const unspecifiedMiddlewares = difference(
+    enabledMiddlewares,
+    middlewaresBefore,
+    middlewaresOrder,
+    middlewaresAfter
+  );
+
+  // before
+  await initMiddlewaresSeq(middlewaresBefore);
+
+  // ordered // rest of middlewares
+  await Promise.all([
+    initMiddlewaresSeq(middlewaresOrder),
+    Promise.all(unspecifiedMiddlewares.map(initialize)),
+  ]);
+
+  // after
+  await initMiddlewaresSeq(middlewaresAfter);
+};

package/lib/middlewares/ip/defaults.json

@@ -0,0 +1,7 @@
+{
+  "ip": {
+    "enabled": false,
+    "whiteList": [],
+    "blackList": []
+  }
+}

package/lib/middlewares/ip/index.js

@@ -0,0 +1,25 @@
+'use strict';
+
+const ip = require('koa-ip');
+/**
+ * IP filter hook
+ */
+
+module.exports = strapi => {
+  return {
+    /**
+     * Initialize the hook
+     */
+
+    initialize() {
+      const { whiteList, blackList } = strapi.config.middleware.settings.ip;
+
+      strapi.app.use(
+        ip({
+          whitelist: whiteList,
+          blacklist: blackList,
+        })
+      );
+    },
+  };
+};

package/lib/middlewares/language/defaults.json

@@ -0,0 +1,9 @@
+{
+  "language": {
+    "enabled": false,
+    "defaultLocale": "en_us",
+    "locales": ["en_us"],
+    "modes": ["query", "subdomain", "cookie", "header", "url", "tld"],
+    "cookieName": "locale"
+  }
+}

package/lib/middlewares/language/index.js

@@ -0,0 +1,40 @@
+'use strict';
+
+/**
+ * Module dependencies
+ */
+
+// Node.js core.
+const { resolve } = require('path');
+const locale = require('koa-locale');
+const i18n = require('koa-i18n');
+/**
+ * Language hook
+ */
+
+module.exports = strapi => {
+  return {
+    /**
+     * Initialize the hook
+     */
+
+    initialize() {
+      locale(strapi.app);
+
+      const { defaultLocale, modes, cookieName } = strapi.config.middleware.settings.language;
+
+      const directory = resolve(strapi.config.appPath, strapi.config.paths.config, 'locales');
+
+      strapi.app.use(
+        i18n(strapi.app, {
+          directory,
+          locales: strapi.config.get('middleware.settings.language.locales', []),
+          defaultLocale,
+          modes,
+          cookieName,
+          extension: '.json',
+        })
+      );
+    },
+  };
+};

package/lib/middlewares/logger/defaults.json

@@ -0,0 +1,8 @@
+{
+  "logger": {
+    "enabled": true,
+    "level": "debug",
+    "exposeInContext": true,
+    "requests": true
+  }
+}

package/lib/middlewares/logger/index.js

@@ -0,0 +1,63 @@
+'use strict';
+const chalk = require('chalk');
+const _ = require('lodash');
+
+const codeToColor = code => {
+  return code >= 500
+    ? chalk.red(code)
+    : code >= 400
+    ? chalk.yellow(code)
+    : code >= 300
+    ? chalk.cyan(code)
+    : code >= 200
+    ? chalk.green(code)
+    : code;
+};
+
+/**
+ * Logger hook
+ */
+
+module.exports = strapi => {
+  return {
+    /**
+     * Initialize the hook
+     */
+    initialize() {
+      const { level, exposeInContext, requests } = strapi.config.middleware.settings.logger;
+
+      const logLevels = Object.keys(strapi.log.levels.values);
+
+      if (!_.includes(logLevels, level)) {
+        throw new Error(
+          "Invalid log level set in middleware configuration. Accepted values are: '" +
+            logLevels.join("', '") +
+            "'."
+        );
+      }
+
+      strapi.log.level = level;
+
+      if (exposeInContext) {
+        strapi.app.context.log = strapi.log;
+      }
+
+      const isLogLevelEnvVariableSet = _.isString(process.env.STRAPI_LOG_LEVEL);
+
+      if (isLogLevelEnvVariableSet && strapi.log.levelVal <= 20) {
+        strapi.log.debug(
+          `STRAPI_LOG_LEVEL environment variable is overridden by logger middleware. It only applies outside Strapi's middleware context.`
+        );
+      }
+
+      if (requests && strapi.log.levelVal <= 20) {
+        strapi.app.use(async (ctx, next) => {
+          const start = Date.now();
+          await next();
+          const delta = Math.ceil(Date.now() - start);
+          strapi.log.debug(`${ctx.method} ${ctx.url} (${delta} ms) ${codeToColor(ctx.status)}`);
+        });
+      }
+    },
+  };
+};

package/lib/middlewares/p3p/defaults.json

@@ -0,0 +1,6 @@
+{
+  "p3p": {
+    "enabled": false,
+    "value": ""
+  }
+}

package/lib/middlewares/p3p/index.js

@@ -0,0 +1,29 @@
+'use strict';
+
+/**
+ * Module dependencies
+ */
+const convert = require('koa-convert');
+const { p3p } = require('koa-lusca');
+/**
+ * P3P hook
+ */
+
+module.exports = strapi => {
+  return {
+    /**
+     * Initialize the hook
+     */
+
+    initialize() {
+      strapi.app.use(async (ctx, next) => {
+        if (ctx.request.admin) return next();
+
+        return await convert(p3p(strapi.config.middleware.settings.p3p))(
+          ctx,
+          next
+        );
+      });
+    },
+  };
+};

package/lib/middlewares/parser/defaults.json

@@ -0,0 +1,10 @@
+{
+  "parser": {
+    "enabled": true,
+    "multipart": true,
+    "queryStringParser": {
+      "arrayLimit": 100,
+      "depth": 20
+    }
+  }
+}

package/lib/middlewares/parser/index.js

@@ -0,0 +1,71 @@
+'use strict';
+
+const body = require('koa-body');
+const qs = require('qs');
+const { omit } = require('lodash');
+
+/**
+ * Body parser hook
+ */
+const addQsParser = (app, settings) => {
+  Object.defineProperty(app.request, 'query', {
+    configurable: false,
+    enumerable: true,
+    /*
+     * Get parsed query-string.
+     */
+    get() {
+      const qstr = this.querystring;
+      const cache = (this._querycache = this._querycache || {});
+      return cache[qstr] || (cache[qstr] = qs.parse(qstr, settings));
+    },
+
+    /*
+     * Set query-string as an object.
+     */
+    set(obj) {
+      this.querystring = qs.stringify(obj);
+    },
+  });
+
+  return app;
+};
+
+module.exports = strapi => {
+  return {
+    /**
+     * Initialize the hook
+     */
+    initialize() {
+      strapi.app.use(async (ctx, next) => {
+        // disable for graphql
+        // TODO: find a better way later
+        if (ctx.url === '/graphql') {
+          return next();
+        }
+
+        try {
+          const res = await body({
+            patchKoa: true,
+            ...omit(strapi.config.middleware.settings.parser, 'queryStringParser'),
+          })(ctx, next);
+          return res;
+        } catch (e) {
+          if ((e || {}).message && e.message.includes('maxFileSize exceeded')) {
+            throw strapi.errors.entityTooLarge('FileTooBig', {
+              errors: [
+                {
+                  id: 'Upload.status.sizeLimit',
+                  message: `file is bigger than the limit size!`,
+                },
+              ],
+            });
+          }
+          throw e;
+        }
+      });
+
+      addQsParser(strapi.app, strapi.config.get('middleware.settings.parser.queryStringParser'));
+    },
+  };
+};

package/lib/middlewares/poweredBy/defaults.json

@@ -0,0 +1,5 @@
+{
+  "poweredBy": {
+    "enabled": true
+  }
+}

package/lib/middlewares/poweredBy/index.js

@@ -0,0 +1,16 @@
+'use strict';
+
+module.exports = strapi => {
+  return {
+    initialize() {
+      strapi.app.use(async (ctx, next) => {
+        await next();
+
+        ctx.set(
+          'X-Powered-By',
+          strapi.config.get('middleware.settings.poweredBy.value', 'Strapi <strapi.io>')
+        );
+      });
+    },
+  };
+};