@sensinum/strapi-plugin-multi-domain 5.1.1

package/LICENSE.md

@@ -0,0 +1,7 @@
+# End User License Agreement (EULA)
+## Strapi Multi-Domain Plugin
+
+*All rights reserved. Copyright (c) [VirtusLab Ltd](https://virtuslab.com/).*
+
+Full content of the EULA is available - [here](https://sensinum.com/eula-strapi-multi-domain-plugin)
+

package/README.md

@@ -0,0 +1,250 @@
+<div align="center" width="150px">
+  <img style="width: 150px; height: auto;" src="https://www.sensinum.com/img/open-source/strapi-plugin-multi-domain/logo.png" alt="Logo - Strapi Plugin Multi-Domain" />
+</div>
+<div align="center">
+  <h1>Strapi - Multi-Domain Plugin</h1>
+  <p>The Strength of Many, Managed as One</p>
+  <a href="https://www.npmjs.org/package/@sensinum/strapi-plugin-multi-domain">
+    <img alt="GitHub package.json version" src="https://img.shields.io/npm/v/@sensinum/strapi-plugin-multi-domain">
+  </a>
+  <a href="https://www.npmjs.org/package/@sensinum/strapi-plugin-multi-domain">
+    <img src="https://img.shields.io/npm/dm/@sensinum/strapi-plugin-multi-domain.svg" alt="Monthly download on NPM" />
+  </a>
+  <a href="https://circleci.com/gh/VirtusLab/strapi-plugin-multi-tenant">
+    <img src="https://circleci.com/gh/VirtusLab/strapi-plugin-multi-tenant.svg?style=shield&circle-token=CCIPRJ_GvBYVgBPwwYgrsccTd71zn_3c329af4be4c2f74b2bad15d4e1336ac67c548e6" alt="CircleCI" />
+  </a>
+</div>
+
+---
+
+This plugin brings multi-domain support to your Strapi application. It allows you to isolate data between different domains, providing a robust solution for SaaS applications and other multi-user platforms where data separation is crucial.
+
+> ✅ **GET THE LICENSE**: To obtain the license we encourage you to [**visit the plugin commercial website**](http://sensinum.com/strapi-multi-domain-plugin), select the appropriate plan, and reach out to your preferred reseller or directly contact the plugin authors via [**this form**](http://sensinum.com/contact)
+
+> ⚠️ **This plugin is licensed by VirtusLab Ltd. under the [End User License Agreement (EULA)](https://sensinum.com/eula-strapi-multi-domain-plugin).**
+Unauthorized use, including usage without a valid license key or modification of the code in a way that breaches the integrity of the software, is strictly prohibited and will be treated as a violation of the [EULA](https://sensinum.com/eula-strapi-multi-domain-plugin), with all associated legal consequences.
+
+### Table of Contents
+
+1. [✨ Features](#-features)
+2. [🎨 Admin Panel Features](#-admin-panel-features)
+3. [⚙️ How it works](#%EF%B8%8F-how-it-works)
+4. [⚠️ Important Considerations](#%EF%B8%8F-important-considerations)
+5. [🔧 Configuration](#-configuration)
+6. [🧪 Testing](#-testing)
+7. [👨‍💻 For Developers: Advanced Customization](#-for-developers-advanced-customization-via-sharedpluginidsts)
+8. [📝 License](#-license)
+
+## ✨ Features
+
+-   **Domain-based Data Isolation**: Automatically scopes content types to the current user's domain.
+-   **Media Library Segregation**: Each domain has its own isolated section within the media library.
+-   **User-Domain Association**: Users can be associated with one or more domains through Strapi roles.
+-   **Domain Selector**: A convenient domain selector is added to the admin UI for users who belong to multiple domains.
+-   **Super Admin Access**: Super admins have the ability to view data across all domains.
+-   **Configurable**: Easily configure which content types should be domain-aware.
+
+## 🎨 Admin Panel Features
+
+-   **Domain Management UI**: A dedicated settings page in the admin panel (`Settings > Multi-Domain Settings`) allows administrators to create, view, update, and delete domains.
+-   **Domain Selector**: Users belonging to multiple domains will see a "Select domain" option in the user menu (top right). This opens a modal allowing them to easily switch between their assigned domains, reloading the app context for the selected domain.
+-   **"Unique by Domain" Custom Field**: The plugin registers a new custom field type named "Unique by domain". When applied to a text field on a content type, it ensures that the value of that field is unique among all entries of that type within the *same domain*.
+-   **Content Manager Integration**: To prevent content from being created without a domain, the "Create new entry" button in the Content Manager is hidden when the "Super Admin" domain is selected.
+
+## ⚙️ How it works
+
+The plugin introduces a `Domain` collection type and associates other content types with it. When a user logs in, they are associated with a domain. All their actions within the Content Manager and Media Library are then scoped to that domain. This is achieved by decorating Strapi's core services and controllers to automatically add domain filters to database queries.
+
+## ⚠️ Important Considerations
+
+### Users & Permissions Plugin Roles
+
+When using the **Users & Permissions plugin** with multi-domain functionality, there's an important limitation to be aware of:
+
+**The `public` role does not work with multi-domain by default** because the plugin cannot recognize which domain the request belongs to without proper authentication context.
+
+#### Solutions:
+
+1. **Add `auth: false` to routes**: For routes that need to be publicly accessible across domains, you can disable authentication by adding `auth: false` to the route configuration.
+
+2. **Use API tokens assigned to domains**: Ensure all requests include an API token that is properly assigned to a specific domain. This allows the plugin to identify the correct domain context for the request.
+
+#### Example:
+```javascript
+// In your route configuration
+module.exports = {
+  routes: [
+    {
+      method: 'GET',
+      path: '/my-public-endpoint',
+      handler: 'my-controller.myPublicMethod',
+      config: {
+        auth: false, // Disables authentication for this route
+      },
+    },
+  ],
+};
+```
+
+Without these configurations, public requests may fail or return unexpected results because the multi-domain plugin cannot determine the appropriate domain context.
+
+## 🔧 Configuration
+
+To configure the plugin, create a `plugins.js` (or `plugins.ts`) file in your Strapi project's `config` directory.
+
+File: `config/plugins.js`
+
+```javascript
+module.exports = {
+  'multi-domain': {
+    enabled: true,
+    config: {
+      /**
+       * The code of default domain is used to create a domain for super admins.
+       * By default, it uses the super admin role code from Strapi.
+       */
+      defaultDomain: {
+        name: 'Super Admin',
+        // code is an unique identifier for the domain
+        // by default it's 'strapi-super-admin'
+        customFields: {},
+      },
+      /**
+       * A set of content-type uids that should not be scoped by domain.
+       * By default, all content-types are scoped except for some internal Strapi models.
+       * @returns {Set<string>}
+       */
+      getOmitContentTypes: () => new Set([
+        'api::my-global-content-type.my-global-content-type',
+      ]),
+      /**
+       * A list of content-api endpoints to exclude from domain logic.
+       * e.g., ['/api/my-public-endpoint']
+       * @returns {string[]}
+       */
+      getExcludedContentAPIEndpoints: () => [],
+      getExtraProxyDecorators: () => [
+        {
+          condition: (modelName) => modelName === 'api::article.article',
+          handler(target, targetElement, ctx, prop, modelName) {
+            // This handler will apply only to the 'article' content type
+            return async (queryParams, ...restParams) => {
+              const newQueryParams = {
+                ...queryParams,
+                where: {
+                  ...(queryParams?.where || {}),
+                  // Add some custom filter based on domain or user logic
+                  customFilter: true,
+                },
+              };
+              // Call the original database method with modified params
+              return targetElement(newQueryParams, ...restParams);
+            };
+          },
+        },
+      ],
+    },
+  },
+};
+```
+
+### Configuration Options
+
+-   `defaultDomain` (object): Configures the domain that is automatically created for super admins.
+    -   `name` (string): The display name for the default domain.
+    -   `customFields` (object): A JSON object for any custom data you want to associate with the domain.
+-   `getOmitContentTypes` (function): Returns a `Set` of content-type UIDs that should be excluded from multi-domain. Use this for global, non-domain-specific content.
+-   `getExcludedContentAPIEndpoints` (function): Returns an array of URL paths for Content API endpoints that should be publicly accessible and not scoped by domain.
+-   `getExtraProxyDecorators` (function): An advanced feature that allows you to add custom logic to the database query proxy. This is useful for implementing complex, domain-specific business rules. It should return an array of objects, each with a `condition` and a `handler` function.
+    -   `condition` (function): Takes a `modelName` and returns `true` if the handler should be applied.
+    -   `handler` (function): A function that wraps the original database method, allowing you to modify its behavior. It receives the `target` repository, the original `targetElement` method, the Koa `ctx`, the method `prop` name, and the `modelName`.
+
+Here's an example of how you might use `getExtraProxyDecorators` to add an additional filter to a specific content type:
+
+```javascript
+// config/plugins.js
+module.exports = {
+  'multi-domain': {
+    enabled: true,
+    config: {
+      /**
+       * The code of default domain is used to create a domain for super admins.
+       * By default, it uses the super admin role code from Strapi.
+       */
+      defaultDomain: {
+        name: 'Super Admin',
+        // code is an unique identifier for the domain
+        // by default it's 'strapi-super-admin'
+        customFields: {},
+      },
+      /**
+       * A set of content-type uids that should not be scoped by domain.
+       * By default, all content-types are scoped except for some internal Strapi models.
+       * @returns {Set<string>}
+       */
+      getOmitContentTypes: () => new Set([
+        'api::my-global-content-type.my-global-content-type',
+      ]),
+      /**
+       * A list of content-api endpoints to exclude from domain logic.
+       * e.g., ['/api/my-public-endpoint']
+       * @returns {string[]}
+       */
+      getExcludedContentAPIEndpoints: () => [],
+      getExtraProxyDecorators: () => [
+        {
+          condition: (modelName) => modelName === 'api::article.article',
+          handler(target, targetElement, ctx, prop, modelName) {
+            // This handler will apply only to the 'article' content type
+            return async (queryParams, ...restParams) => {
+              const newQueryParams = {
+                ...queryParams,
+                where: {
+                  ...(queryParams?.where || {}),
+                  // Add some custom filter based on domain or user logic
+                  customFilter: true,
+                },
+              };
+              // Call the original database method with modified params
+              return targetElement(newQueryParams, ...restParams);
+            };
+          },
+        },
+      ],
+    },
+  },
+};
+```
+
+## 🧪 Testing
+
+To run the tests for this plugin, navigate to the plugin's directory and run the following command:
+
+
+This will execute the Jest test suite. To run tests in watch mode, you can use `yarn test:watch`.
+
+## 👨‍💻 For Developers: Advanced Customization via `shared/pluginIds.ts`
+
+The `shared/pluginIds.ts` file is a centralized module for constants that are used across both the server-side and client-side parts of the plugin. While it's not part of the standard configuration, it offers a powerful way for developers to perform advanced customizations or re-brand the plugin's core concepts.
+
+**Warning:** Modifying these values is an advanced procedure. It can have widespread effects and potentially break the plugin's functionality if not done carefully and consistently.
+
+### What can be achieved by changing this file?
+
+By changing the values in this file, you can fundamentally alter the plugin's identifiers. For example, if your business logic uses the term "Brand" instead of "Domain," you could update `modelId` to `'brand'` to make the content type, API routes, and database relationships align with your terminology.
+
+Here's a breakdown of the constants and what you can control by changing them:
+
+-   `pluginId`: The official ID of the plugin (`multi-domain`). Changing this will alter the plugin's root path in Strapi, including settings URLs and permission domains.
+
+  > **Note:** This value is derived from the `strapi.name` property in `package.json` and should always be kept in sync with it.
+
+-   `modelId`: The singular ID for the domain content type (default: `'domain'`). Changing this renames the content type itself, which affects the database table, API endpoints, and the name of the relationship field added to other content types.
+-   `modelServiceId`: The identifier for the domain service (default: `'domain'`). This should typically be kept in sync with `modelId`.
+-   `userField`: The property name on the `user` object where associated domain information is stored (default: `'domain'`).
+-   `modelRoute`: The base route for the domain management API (default: `'domains'`). This is derived from `modelId`, so changing `modelId` will automatically update this.
+-   `COOKIE_NAME`: The name of the cookie used to store the user's currently selected domain (default: `'domain'`). You might change this to avoid naming conflicts with other cookies in your application.
+
+## 📝 License
+
+All rights reserved. Copyright (c) [VirtusLab Ltd](https://virtuslab.com/).

package/dist/_chunks/QueryProvider-DLzv0qqi.mjs

@@ -0,0 +1,20 @@
+import { jsx as r } from "react/jsx-runtime";
+import { QueryClientProvider as t, QueryClient as i } from "@tanstack/react-query";
+const o = new i({
+  defaultOptions: {
+    queries: {
+      retry: !1,
+      refetchOnWindowFocus: !1,
+      staleTime: 5 * 60 * 1e3,
+      // 5 minutes
+      gcTime: 10 * 60 * 1e3
+      // 10 minutes (formerly cacheTime)
+    },
+    mutations: {
+      retry: !1
+    }
+  }
+}), l = ({ children: e }) => /* @__PURE__ */ r(t, { client: o, children: e });
+export {
+  l as Q
+};

package/dist/_chunks/QueryProvider-DUoM4JhC.js

@@ -0,0 +1 @@
+"use strict";const t=require("react/jsx-runtime"),e=require("@tanstack/react-query"),i=new e.QueryClient({defaultOptions:{queries:{retry:!1,refetchOnWindowFocus:!1,staleTime:5*60*1e3,gcTime:10*60*1e3},mutations:{retry:!1}}}),s=({children:r})=>t.jsx(e.QueryClientProvider,{client:i,children:r});exports.QueryProvider=s;

package/dist/_chunks/Settings-BPM919an.mjs

@@ -0,0 +1,23 @@
+import { jsx as e, jsxs as i } from "react/jsx-runtime";
+import { lightTheme as a, darkTheme as n, DesignSystemProvider as s } from "@strapi/design-system";
+import o from "react";
+import { Routes as l, Route as t, Navigate as p } from "react-router-dom";
+import { m as r, p as d } from "./index-Ds2z-yoa.mjs";
+import { Q as h } from "./QueryProvider-DLzv0qqi.mjs";
+const c = o.lazy(() => import("./TenantList-DWA0Z3-T.mjs")), g = o.lazy(() => import("./TenantEdit-BdSUNboL.mjs")), P = () => {
+  const m = localStorage.getItem("STRAPI_THEME") === "light" ? a : n;
+  return /* @__PURE__ */ e(s, { theme: m, children: /* @__PURE__ */ e(h, { children: /* @__PURE__ */ i(l, { children: [
+    /* @__PURE__ */ e(t, { path: r, element: /* @__PURE__ */ e(c, {}) }),
+    /* @__PURE__ */ e(t, { path: `/${r}/:id`, element: /* @__PURE__ */ e(g, {}) }),
+    /* @__PURE__ */ e(
+      t,
+      {
+        path: "*",
+        element: /* @__PURE__ */ e(p, { to: `/settings/${d}/${r}`, replace: !0 })
+      }
+    )
+  ] }) }) });
+};
+export {
+  P as default
+};

package/dist/_chunks/Settings-CT4xmD8_.js

@@ -0,0 +1 @@
+"use strict";Object.defineProperty(exports,Symbol.toStringTag,{value:"Module"});const e=require("react/jsx-runtime"),s=require("@strapi/design-system"),i=require("react"),r=require("react-router-dom"),o=require("./index-Ck1YIRr4.js"),u=require("./QueryProvider-DUoM4JhC.js"),l=t=>t&&t.__esModule?t:{default:t},n=l(i),a=n.default.lazy(()=>Promise.resolve().then(()=>require("./TenantList-Cl9445sU.js"))),d=n.default.lazy(()=>Promise.resolve().then(()=>require("./TenantEdit-C4LHKCAr.js"))),c=()=>{const t=localStorage.getItem("STRAPI_THEME")==="light"?s.lightTheme:s.darkTheme;return e.jsx(s.DesignSystemProvider,{theme:t,children:e.jsx(u.QueryProvider,{children:e.jsxs(r.Routes,{children:[e.jsx(r.Route,{path:o.modelRoute,element:e.jsx(a,{})}),e.jsx(r.Route,{path:`/${o.modelRoute}/:id`,element:e.jsx(d,{})}),e.jsx(r.Route,{path:"*",element:e.jsx(r.Navigate,{to:`/settings/${o.pluginId}/${o.modelRoute}`,replace:!0})})]})})})};exports.default=c;

package/dist/_chunks/TenantCustomField-BYDxTP5y.js

@@ -0,0 +1 @@
+"use strict";Object.defineProperty(exports,Symbol.toStringTag,{value:"Module"});const n=require("react/jsx-runtime"),a=require("@strapi/design-system"),z=require("@strapi/strapi/admin"),e=require("zod"),F=require("react"),S=require("@tanstack/react-query"),q=require("./index-D9I-QR8y.js"),p=require("./QueryProvider-DUoM4JhC.js"),C=require("remeda"),M=t=>t&&t.__esModule?t:{default:t},_=M(F),g=e.z.object({modified:e.z.boolean(),isSubmitting:e.z.boolean(),disabled:e.z.boolean(),values:e.z.record(e.z.any()),initialValues:e.z.record(e.z.any()),errors:e.z.record(e.z.any()),onChange:e.z.function().args(e.z.object({target:e.z.object({name:e.z.string(),value:e.z.any()})})).returns(e.z.void()),resetForm:e.z.function().returns(e.z.void())}),P=t=>{const r=z.unstable_useContentManagerContext(),{form:o}=r,u=t?g.merge(t):g;return _.default.useMemo(()=>({...r,form:u.passthrough().parse(o)}),[r,o,u])},R=()=>S.useMutation({mutationFn:async t=>q.api.validateCustomField(t)}),T=e.z.object({setSubmitting:e.z.function().args(e.z.boolean()).returns(e.z.void())}),Q=({disabled:t,placeholder:r,required:o,hint:u,value:f,onChange:c,label:b,name:i,rawError:l})=>{const{id:y,model:v,form:d}=P(T),m=R(),{toggleNotification:j}=z.useNotification(),x=async h=>{try{d.setSubmitting(!0);const s=await m.mutateAsync({model:v,field:i,documentId:y,value:h.target.value});c({target:{value:s.value,name:i}})}catch(s){j({type:"danger",message:s instanceof Error?s.message:s.toString()})}finally{d.setSubmitting(!1)}};return n.jsxs(a.Field.Root,{name:i,hint:m.isPending?"Validating...":u,required:o,error:l?.defaultMessage,children:[n.jsx(a.Field.Label,{children:C.capitalize(b)}),n.jsx(a.TextInput,{name:i,value:f,onChange:c,onBlur:x,placeholder:r,disabled:t,error:!!l,"aria-describedby":`${i}-hint`,"aria-required":o}),n.jsx(a.Field.Hint,{}),n.jsx(a.Field.Error,{})]})},V=t=>n.jsx(p.QueryProvider,{children:n.jsx(Q,{...t})});exports.default=V;

package/dist/_chunks/TenantCustomField-CtCNZEgB.mjs

@@ -0,0 +1,93 @@
+import { jsx as o, jsxs as F } from "react/jsx-runtime";
+import { Field as u, TextInput as S } from "@strapi/design-system";
+import { unstable_useContentManagerContext as x, useNotification as j } from "@strapi/strapi/admin";
+import { z as t } from "zod";
+import M from "react";
+import { useMutation as P } from "@tanstack/react-query";
+import { a as T } from "./index-DkEjJa1n.mjs";
+import { Q as V } from "./QueryProvider-DLzv0qqi.mjs";
+import { capitalize as z } from "remeda";
+const f = t.object({
+  modified: t.boolean(),
+  isSubmitting: t.boolean(),
+  disabled: t.boolean(),
+  values: t.record(t.any()),
+  initialValues: t.record(t.any()),
+  errors: t.record(t.any()),
+  onChange: t.function().args(t.object({ target: t.object({ name: t.string(), value: t.any() }) })).returns(t.void()),
+  resetForm: t.function().returns(t.void())
+}), B = (e) => {
+  const r = x(), { form: n } = r, s = e ? f.merge(e) : f;
+  return M.useMemo(
+    () => ({
+      ...r,
+      form: s.passthrough().parse(n)
+    }),
+    [r, n, s]
+  );
+}, I = () => P({
+  mutationFn: async (e) => T.validateCustomField(e)
+}), N = t.object({
+  setSubmitting: t.function().args(t.boolean()).returns(t.void())
+}), Q = ({
+  disabled: e,
+  placeholder: r,
+  required: n,
+  hint: s,
+  value: g,
+  onChange: c,
+  label: b,
+  name: i,
+  rawError: l
+}) => {
+  const { id: p, model: v, form: m } = B(N), d = I(), { toggleNotification: y } = j(), h = async (C) => {
+    try {
+      m.setSubmitting(!0);
+      const a = await d.mutateAsync({
+        model: v,
+        field: i,
+        documentId: p,
+        value: C.target.value
+      });
+      c({ target: { value: a.value, name: i } });
+    } catch (a) {
+      y({
+        type: "danger",
+        message: a instanceof Error ? a.message : a.toString()
+      });
+    } finally {
+      m.setSubmitting(!1);
+    }
+  };
+  return /* @__PURE__ */ F(
+    u.Root,
+    {
+      name: i,
+      hint: d.isPending ? "Validating..." : s,
+      required: n,
+      error: l?.defaultMessage,
+      children: [
+        /* @__PURE__ */ o(u.Label, { children: z(b) }),
+        /* @__PURE__ */ o(
+          S,
+          {
+            name: i,
+            value: g,
+            onChange: c,
+            onBlur: h,
+            placeholder: r,
+            disabled: e,
+            error: !!l,
+            "aria-describedby": `${i}-hint`,
+            "aria-required": n
+          }
+        ),
+        /* @__PURE__ */ o(u.Hint, {}),
+        /* @__PURE__ */ o(u.Error, {})
+      ]
+    }
+  );
+}, w = (e) => /* @__PURE__ */ o(V, { children: /* @__PURE__ */ o(Q, { ...e }) });
+export {
+  w as default
+};