@akemona-org/strapi 3.7.0

package/lib/middlewares/public/defaults.json

@@ -0,0 +1,8 @@
+{
+  "public": {
+    "enabled": true,
+    "maxAge": 60000,
+    "path": "./public",
+    "defaultIndex": true
+  }
+}

package/lib/middlewares/public/index.html

@@ -0,0 +1,66 @@
+<!doctype html>
+<html>
+  <head>
+    <meta charset="utf-8" />
+    <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1" />
+    <title>Welcome to your Strapi app</title>
+    <meta name="viewport" content="width=device-width, initial-scale=1" />
+    <meta name="robots" content="noindex, nofollow">
+    <link href="https://cdnjs.cloudflare.com/ajax/libs/meyer-reset/2.0/reset.min.css" rel="stylesheet" />
+    <link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.11.2/css/all.min.css" rel="stylesheet" />
+    <link href="https://fonts.googleapis.com/css?family=Lato:400,700&display=swap" rel="stylesheet" />
+    <style>
+      *{-webkit-box-sizing:border-box;text-decoration:none}body,html{margin:0;padding:0;font-size:62.5%;-webkit-font-smoothing:antialiased}body{font-size:1.3rem;font-family:Lato,Helvetica,Arial,Verdana,sans-serif;background:#fafafb;margin:0;padding:80px 0;color:#333740;line-height:1.8rem}strong{font-weight:700}.wrapper{width:684px;margin:auto}h1{text-align:center}h2{font-size:1.8rem;font-weight:700;margin-bottom:1px}.logo{height:40px;margin-bottom:74px}.informations{position:relative;overflow:hidden;display:flex;justify-content:space-between;width:100%;height:126px;margin-top:18px;padding:20px 30px;background:#fff;border-radius:2px;box-shadow:0 2px 4px 0 #e3e9f3}.informations:before{position:absolute;top:0;left:0;content:'';display:block;width:100%;height:2px;background:#007eff}.environment{display:inline-block;padding:0 10px;height:20px;margin-bottom:36px;background:#e6f0fb;border:1px solid #aed4fb;border-radius:2px;text-transform:uppercase;color:#007eff;font-size:1.2rem;font-weight:700;line-height:20px;letter-spacing:.05rem}.cta{display:inline-block;height:30px;padding:0 15px;margin-top:32px;border-radius:2px;color:#fff;font-weight:700;line-height:28px}.cta i{position:relative;display:inline-block;height:100%;vertical-align:middle;font-size:1rem;margin-right:20px}.cta i:before{position:absolute;top:8px}.cta-primary{background:#007eff}.cta-secondary{background:#6dbb1a}.text-align-right{text-align:right}.lets-started{position:relative;overflow:hidden;width:100%;height:144px;margin-top:18px;padding:20px 30px;background:#fff;border-radius:2px;box-shadow:0 2px 4px 0 #e3e9f3}.people-saying-hello{position:absolute;right:30px;bottom:-8px;width:113px;height:70px}.visible{opacity:1!important}.people-saying-hello img{position:absolute;max-width:100%;opacity:0;transition:opacity .2s ease-out}@media only screen and (max-width:768px){.wrapper{width:auto!important;margin:0 20px}.informations{flex-direction:column;height:auto}.environment{width:100%;text-align:center;margin-bottom:18px}.text-align-right{margin-top:18px;text-align:center}.cta{width:100%;text-align:center}.lets-started{height:auto}.people-saying-hello{display:none}}
+    </style>
+  </head>
+  <body lang="en">
+    <section class="wrapper">
+      <h1><img class="logo" src="<%= strapi.config.server.url %>/assets/images/logo_login.png" /></h1>
+      <% if (strapi.config.environment === 'development' && isInitialised) { %>
+        <div class="informations">
+          <div>
+            <span class="environment"><%= strapi.config.environment %></span>
+            <p>
+              The server is running successfully (<strong>v<%= strapi.config.info.version %>)</strong>
+            </p>
+          </div>
+          <div class="text-align-right">
+            <p><%= serverTime %></p>
+            <% if (strapi.config.serveAdminPanel) { %>
+            <a class="cta cta-primary" href="<%= strapi.config.admin.url %>" target="_blank" title="Click to open the administration" ><i class="fas fa-external-link-alt"></i>Open the administration</a>
+            <% } %>
+          </div>
+        </div>
+      <% } else if (strapi.config.environment === 'development' && !isInitialised) { %>
+        <div class="lets-started">
+          <h2>Let's get started!</h2>
+          <p>To discover the power provided by Strapi, you need to create an administrator.</p>
+          <a class="cta cta-secondary" href="<%= strapi.config.admin.url %>" target="_blank" title="Click to create the first administration" ><i class="fas fa-external-link-alt"></i>Create the first administrator</a>
+          <div class="people-saying-hello">
+            <img class="visible" src="<%= strapi.config.server.url %>/assets/images/group_people_1.png" alt="People saying hello" />
+            <img src="<%= strapi.config.server.url %>/assets/images/group_people_2.png" alt="People saying hello" />
+            <img src="<%= strapi.config.server.url %>/assets/images/group_people_3.png" alt="People saying hello" />
+          </div>
+        </div>
+      <% } else { %>
+        <div class="informations">
+          <div>
+            <span class="environment"><%= strapi.config.environment %></span>
+            <p>The server is running successfully.</p>
+          </div>
+          <div class="text-align-right">
+            <p><%= serverTime %></p>
+          </div>
+        </div>
+      <% } %>
+    </section>
+
+    <% if (strapi.config.environment === 'development' && !isInitialised) { %>
+      <script>
+        var images=document.querySelectorAll('.people-saying-hello img');var nextIndex=0;setInterval(function(){var currentIndex=0;images.forEach(function(image,index){if(image.className==='visible'){currentIndex=index}});nextIndex=currentIndex+1;if(nextIndex===images.length){nextIndex=0}
+        images.forEach(function(image){image.classList.remove('visible')})
+        images[nextIndex].classList.add('visible')},1500)
+      </script>
+    <% } %>
+  </body>
+</html>

package/lib/middlewares/public/index.js

@@ -0,0 +1,98 @@
+'use strict';
+
+/**
+ * Module dependencies
+ */
+
+// Node.js core.
+const fs = require('fs');
+const path = require('path');
+const stream = require('stream');
+const _ = require('lodash');
+const koaStatic = require('koa-static');
+const utils = require('../../utils');
+const serveStatic = require('./serve-static');
+
+/**
+ * Public assets hook
+ */
+
+module.exports = strapi => {
+  return {
+    /**
+     * Initialize the hook
+     */
+
+    async initialize() {
+      const { defaultIndex, maxAge, path: publicPath } = strapi.config.middleware.settings.public;
+      const staticDir = path.resolve(strapi.dir, publicPath || strapi.config.paths.static);
+
+      if (defaultIndex === true) {
+        const index = fs.readFileSync(path.join(__dirname, 'index.html'), 'utf8');
+
+        const serveIndexPage = async (ctx, next) => {
+          // defer rendering of strapi index page
+          await next();
+          if (ctx.body != null || ctx.status !== 404) return;
+
+          ctx.url = 'index.html';
+          const isInitialised = await utils.isInitialised(strapi);
+          const data = {
+            serverTime: new Date().toUTCString(),
+            isInitialised,
+            ..._.pick(strapi, [
+              'config.info.version',
+              'config.info.name',
+              'config.admin.url',
+              'config.server.url',
+              'config.environment',
+              'config.serveAdminPanel',
+            ]),
+          };
+          const content = _.template(index)(data);
+          const body = stream.Readable({
+            read() {
+              this.push(Buffer.from(content));
+              this.push(null);
+            },
+          });
+          // Serve static.
+          ctx.type = 'html';
+          ctx.body = body;
+        };
+
+        strapi.router.get('/', serveIndexPage);
+        strapi.router.get('/index.html', serveIndexPage);
+        strapi.router.get(
+          '/assets/images/(.*)',
+          serveStatic(path.resolve(__dirname, 'assets/images'), { maxage: maxAge, defer: true })
+        );
+      }
+
+      // serve files in public folder unless a sub router renders something else
+      strapi.router.get(
+        '/(.*)',
+        koaStatic(staticDir, {
+          maxage: maxAge,
+          defer: true,
+        })
+      );
+
+      if (!strapi.config.serveAdminPanel) return;
+
+      const buildDir = path.resolve(strapi.dir, 'build');
+      const serveAdmin = ctx => {
+        ctx.type = 'html';
+        ctx.body = fs.createReadStream(path.join(buildDir + '/index.html'));
+      };
+
+      strapi.router.get(
+        `${strapi.config.admin.path}/*`,
+        serveStatic(buildDir, { maxage: maxAge, defer: false, index: 'index.html' })
+      );
+
+      strapi.router.get(`${strapi.config.admin.path}`, serveAdmin);
+      strapi.router.get(`${strapi.config.admin.path}/*`, serveAdmin);
+    },
+  };
+};

package/lib/middlewares/public/serve-static.js

@@ -0,0 +1,23 @@
+'use strict';
+
+const path = require('path');
+const koaStatic = require('koa-static');
+
+// serveStatic is not supposed to be used to serve a folder that have sub-folders
+const serveStatic = (filesDir, koaStaticOptions = {}) => {
+  const serve = koaStatic(filesDir, koaStaticOptions);
+
+  return async (ctx, next) => {
+    const prev = ctx.path;
+    const newPath = path.basename(ctx.path);
+    ctx.path = newPath;
+    await serve(ctx, async () => {
+      ctx.path = prev;
+      await next();
+      ctx.path = newPath;
+    });
+    ctx.path = prev;
+  };
+};
+
+module.exports = serveStatic;

package/lib/middlewares/responseTime/defaults.json

@@ -0,0 +1,5 @@
+{
+  "responseTime": {
+    "enabled": true
+  }
+}

package/lib/middlewares/responseTime/index.js

@@ -0,0 +1,25 @@
+'use strict';
+
+/**
+ * X-Response-Time hook
+ */
+
+module.exports = strapi => {
+  return {
+    /**
+     * Initialize the hook
+     */
+
+    initialize() {
+      strapi.app.use(async (ctx, next) => {
+        const start = Date.now();
+
+        await next();
+
+        const delta = Math.ceil(Date.now() - start);
+
+        ctx.set('X-Response-Time', delta + 'ms'); // eslint-disable-line prefer-template
+      });
+    },
+  };
+};

package/lib/middlewares/responses/defaults.json

@@ -0,0 +1,5 @@
+{
+  "responses": {
+    "enabled": true
+  }
+}

package/lib/middlewares/responses/index.js

@@ -0,0 +1,18 @@
+'use strict';
+
+const _ = require('lodash');
+
+module.exports = strapi => {
+  return {
+    initialize() {
+      strapi.app.use(async (ctx, next) => {
+        await next();
+
+        const responseFn = strapi.config.get(['functions', 'responses', ctx.status]);
+        if (_.isFunction(responseFn)) {
+          await responseFn(ctx);
+        }
+      });
+    },
+  };
+};

package/lib/middlewares/router/defaults.json

@@ -0,0 +1,7 @@
+{
+  "router": {
+    "enabled": true,
+    "prefix": "",
+    "routes": {}
+  }
+}

package/lib/middlewares/router/index.js

@@ -0,0 +1,64 @@
+'use strict';
+
+/**
+ * Module dependencies
+ */
+
+// Public node modules.
+const _ = require('lodash');
+const Router = require('koa-router');
+const createEndpointComposer = require('./utils/composeEndpoint');
+/**
+ * Router hook
+ */
+
+module.exports = strapi => {
+  const composeEndpoint = createEndpointComposer(strapi);
+
+  return {
+    /**
+     * Initialize the hook
+     */
+
+    initialize() {
+      _.forEach(strapi.config.routes, value => {
+        composeEndpoint(value, { router: strapi.router });
+      });
+
+      strapi.router.prefix(strapi.config.get('middleware.settings.router.prefix', ''));
+
+      if (_.has(strapi.admin, 'config.routes')) {
+        const router = new Router({
+          prefix: '/admin',
+        });
+
+        _.get(strapi.admin, 'config.routes', []).forEach(route => {
+          composeEndpoint(route, { plugin: 'admin', router });
+        });
+
+        // Mount admin router on Strapi router
+        strapi.app.use(router.routes()).use(router.allowedMethods());
+      }
+
+      if (strapi.plugins) {
+        // Parse each plugin's routes.
+        _.forEach(strapi.plugins, (plugin, pluginName) => {
+          const router = new Router({
+            prefix: `/${pluginName}`,
+          });
+
+          (plugin.config.routes || []).forEach(route => {
+            const hasPrefix = _.has(route.config, 'prefix');
+            composeEndpoint(route, {
+              plugin: pluginName,
+              router: hasPrefix ? strapi.router : router,
+            });
+          });
+
+          // Mount plugin router
+          strapi.app.use(router.routes()).use(router.allowedMethods());
+        });
+      }
+    },
+  };
+};

package/lib/middlewares/router/utils/composeEndpoint.js

@@ -0,0 +1,25 @@
+'use strict';
+
+const _ = require('lodash');
+const compose = require('koa-compose');
+const createRouteChecker = require('./routerChecker');
+
+module.exports = strapi => {
+  const routerChecker = createRouteChecker(strapi);
+
+  return (value, { plugin, router }) => {
+    if (_.isEmpty(_.get(value, 'method')) || _.isEmpty(_.get(value, 'path'))) {
+      return;
+    }
+
+    const { method, endpoint, policies, action } = routerChecker(value, plugin);
+
+    if (_.isUndefined(action) || !_.isFunction(action)) {
+      return strapi.log.warn(
+        `Ignored attempt to bind route '${value.method} ${value.path}' to unknown controller/action.`
+      );
+    }
+
+    router[method](endpoint, compose(policies), action);
+  };
+};

package/lib/middlewares/router/utils/routerChecker.js

@@ -0,0 +1,92 @@
+'use strict';
+
+/**
+ * Module dependencies
+ */
+
+// Public node modules.
+const _ = require('lodash');
+
+// Strapi utilities.
+const { finder, policy: policyUtils } = require('@akemona-org/strapi-utils');
+
+const getMethod = (route) => _.trim(_.toLower(route.method));
+const getEndpoint = (route) => _.trim(route.path);
+
+module.exports = (strapi) =>
+  function routerChecker(value, plugin) {
+    const method = getMethod(value);
+    const endpoint = getEndpoint(value);
+
+    // Define controller and action names.
+    const [controllerName, actionName] = _.trim(value.handler).split('.');
+    const controllerKey = _.toLower(controllerName);
+
+    let controller;
+
+    if (plugin) {
+      controller =
+        plugin === 'admin'
+          ? strapi.admin.controllers[controllerKey]
+          : strapi.plugins[plugin].controllers[controllerKey];
+    } else {
+      controller = strapi.controllers[controllerKey];
+    }
+
+    if (!_.isFunction(controller[actionName])) {
+      strapi.stopWithError(
+        `Error creating endpoint ${method} ${endpoint}: handler not found "${controllerKey}.${actionName}"`
+      );
+    }
+
+    const action = controller[actionName].bind(controller);
+
+    // Retrieve the API's name where the controller is located
+    // to access to the right validators
+    const currentApiName = finder(strapi.plugins[plugin] || strapi.api || strapi.admin, controller);
+
+    // Add the `globalPolicy`.
+    const globalPolicy = policyUtils.globalPolicy({
+      controller: controllerKey,
+      action: actionName,
+      method,
+      endpoint,
+      plugin,
+    });
+
+    // Init policies array.
+    const policies = [globalPolicy];
+
+    let policyOption = _.get(value, 'config.policies');
+
+    // Allow string instead of array of policies.
+    if (_.isString(policyOption) && !_.isEmpty(policyOption)) {
+      policyOption = [policyOption];
+    }
+
+    if (_.isArray(policyOption)) {
+      policyOption.forEach((policyName) => {
+        try {
+          policies.push(policyUtils.get(policyName, plugin, currentApiName));
+        } catch (error) {
+          strapi.stopWithError(`Error creating endpoint ${method} ${endpoint}: ${error.message}`);
+        }
+      });
+    }
+
+    policies.push(async (ctx, next) => {
+      // Set body.
+      const values = await next();
+
+      if (_.isNil(ctx.body) && !_.isNil(values)) {
+        ctx.body = values;
+      }
+    });
+
+    return {
+      method,
+      endpoint,
+      policies,
+      action,
+    };
+  };

package/lib/middlewares/session/defaults.json

@@ -0,0 +1,18 @@
+{
+  "session": {
+    "enabled": true,
+    "client": "cookie",
+    "key": "strapi.sid",
+    "prefix": "strapi:sess:",
+    "ttl": 864000000,
+    "rolling": false,
+    "secretKeys": ["mySecretKey1", "mySecretKey2"],
+    "cookie": {
+      "path": "/",
+      "httpOnly": true,
+      "maxAge": 864000000,
+      "rewrite": true,
+      "signed": false
+    }
+  }
+}

package/lib/middlewares/session/index.js

@@ -0,0 +1,140 @@
+'use strict';
+
+const path = require('path');
+const _ = require('lodash');
+const session = require('koa-session');
+
+/**
+ * Session middleware
+ */
+module.exports = strapi => {
+  const requireStore = store => {
+    return require(path.resolve(strapi.config.appPath, 'node_modules', 'koa-' + store));
+  };
+
+  const defineStore = session => {
+    if (_.isEmpty(_.get(session, 'client'))) {
+      return strapi.log.error(
+        '(middleware:session) please provide a valid client to store session'
+      );
+    } else if (_.isEmpty(_.get(session, 'connection'))) {
+      return strapi.log.error(
+        '(middleware:session) please provide connection for the session store'
+      );
+    } else if (!strapi.config.get(`database.connections.${session.connection}`)) {
+      return strapi.log.error(
+        '(middleware:session) please provide a valid connection for the session store'
+      );
+    }
+
+    session.settings = strapi.config.get(`database.connections.${session.connection}`);
+
+    // Define correct store name to avoid require to failed.
+    switch (session.client.toLowerCase()) {
+      case 'redis': {
+        const store = requireStore('redis');
+
+        session.settings.db = session.settings.database;
+
+        return store(session.settings);
+      }
+      case 'mysql': {
+        const Store = requireStore('mysql-session');
+
+        return new Store(session.settings);
+      }
+      case 'mongo': {
+        const Store = requireStore('generic-session-mongo');
+
+        session.settings.db = session.settings.database;
+
+        return new Store(session.settings);
+      }
+      case 'postgresql': {
+        const Store = requireStore('pg-session');
+
+        return new Store(session.settings, session.options);
+      }
+      case 'rethink': {
+        const Store = requireStore('generic-session-rethinkdb');
+
+        session.settings.dbName = session.settings.database;
+        session.settings.tableName = session.settings.table;
+
+        const sessionStore = new Store({
+          connection: session.settings,
+        });
+
+        // Create the DB, tables and indexes to store sessions.
+        sessionStore.setup();
+
+        return sessionStore;
+      }
+      case 'sqlite': {
+        const Store = requireStore('sqlite3-session');
+
+        return new Store(session.fileName, session.options);
+      }
+      case 'sequelize': {
+        const Store = requireStore('generic-session-sequelize');
+
+        // Sequelize needs to be instantiated.
+        if (!_.isObject(strapi.sequelize)) {
+          return null;
+        }
+
+        return new Store(strapi.sequelize, session.options);
+      }
+      default: {
+        return null;
+      }
+    }
+  };
+
+  return {
+    initialize() {
+      strapi.app.keys = strapi.config.get('middleware.settings.session.secretKeys');
+
+      if (
+        _.has(strapi.config.middleware.settings.session, 'client') &&
+        _.isString(strapi.config.middleware.settings.session.client) &&
+        strapi.config.middleware.settings.session.client !== 'cookie'
+      ) {
+        const store = defineStore(strapi.config.middleware.settings.session);
+
+        if (!_.isEmpty(store)) {
+          // Options object contains the defined store, the custom middlewares configurations
+          // and also the function which are located to `./config/functions/session.js`
+          const options = _.assign(
+            {
+              store,
+            },
+            strapi.config.middleware.settings.session
+          );
+
+          strapi.app.use(session(options, strapi.app));
+          strapi.app.use((ctx, next) => {
+            ctx.state = ctx.state || {};
+            ctx.state.session = ctx.session || {};
+
+            return next();
+          });
+        }
+      } else if (
+        _.has(strapi.config.middleware.settings.session, 'client') &&
+        _.isString(strapi.config.middleware.settings.session.client) &&
+        strapi.config.middleware.settings.session.client === 'cookie'
+      ) {
+        const options = _.assign(strapi.config.middleware.settings.session);
+
+        strapi.app.use(session(options, strapi.app));
+        strapi.app.use((ctx, next) => {
+          ctx.state = ctx.state || {};
+          ctx.state.session = ctx.session || {};
+
+          return next();
+        });
+      }
+    },
+  };
+};

package/lib/middlewares/xframe/defaults.json

@@ -0,0 +1,6 @@
+{
+  "xframe": {
+    "enabled": true,
+    "value": "SAMEORIGIN"
+  }
+}

package/lib/middlewares/xframe/index.js

@@ -0,0 +1,33 @@
+'use strict';
+
+const convert = require('koa-convert');
+const { xframe } = require('koa-lusca');
+
+/**
+ * CRON hook
+ */
+
+module.exports = strapi => {
+  return {
+    /**
+     * Initialize the hook
+     */
+
+    initialize() {
+      const defaults = require('./defaults.json');
+
+      strapi.app.use(async (ctx, next) => {
+        if (ctx.request.admin) {
+          return await convert(xframe(defaults.xframe))(ctx, next);
+        }
+
+        const { enabled, value } = strapi.config.get('middleware.settings.xframe', {});
+        if (enabled) {
+          return await convert(xframe(value))(ctx, next);
+        }
+
+        await next();
+      });
+    },
+  };
+};

package/lib/middlewares/xss/defaults.json

@@ -0,0 +1,6 @@
+{
+  "xss": {
+    "enabled": false,
+    "mode": "block"
+  }
+}