@sensinum/strapi-plugin-multi-domain 5.2.0-beta.1 → 5.2.0

package/README.md

@@ -22,7 +22,7 @@ This plugin brings multi-domain support to your Strapi application. It allows yo
 > ✅ **GET THE LICENSE**: To obtain the license we encourage you to [**visit the plugin commercial website**](http://sensinum.com/strapi-multi-domain-plugin), select the appropriate plan, and reach out to your preferred reseller or directly contact the plugin authors via [**this form**](http://sensinum.com/contact)
 
 > ⚠️ **This plugin is licensed by VirtusLab Ltd. under the [End User License Agreement (EULA)](https://sensinum.com/eula-strapi-multi-domain-plugin).**
-Unauthorized use, including usage without a valid license key or modification of the code in a way that breaches the integrity of the software, is strictly prohibited and will be treated as a violation of the [EULA](https://sensinum.com/eula-strapi-multi-domain-plugin), with all associated legal consequences.
+> Unauthorized use, including usage without a valid license key or modification of the code in a way that breaches the integrity of the software, is strictly prohibited and will be treated as a violation of the [EULA](https://sensinum.com/eula-strapi-multi-domain-plugin), with all associated legal consequences.
 
 ### Table of Contents
 
@@ -33,23 +33,24 @@ Unauthorized use, including usage without a valid license key or modification of
 5. [🔧 Configuration](#-configuration)
 6. [🧪 Testing](#-testing)
 7. [👨‍💻 For Developers: Advanced Customization](#-for-developers-advanced-customization-via-sharedpluginidsts)
-8. [📝 License](#-license)
+8. [🔌 Supported Third-Party Plugins](#-supported-third-party-plugins)
+9. [📝 License](#-license)
 
 ## ✨ Features
 
--   **Domain-based Data Isolation**: Automatically scopes content types to the current user's domain.
--   **Media Library Segregation**: Each domain has its own isolated section within the media library.
--   **User-Domain Association**: Users can be associated with one or more domains through Strapi roles.
--   **Domain Selector**: A convenient domain selector is added to the admin UI for users who belong to multiple domains.
--   **Super Admin Access**: Super admins have the ability to view data across all domains.
--   **Configurable**: Easily configure which content types should be domain-aware.
+- **Domain-based Data Isolation**: Automatically scopes content types to the current user's domain.
+- **Media Library Segregation**: Each domain has its own isolated section within the media library.
+- **User-Domain Association**: Users can be associated with one or more domains through Strapi roles.
+- **Domain Selector**: A convenient domain selector is added to the admin UI for users who belong to multiple domains.
+- **Super Admin Access**: Super admins have the ability to view data across all domains.
+- **Configurable**: Easily configure which content types should be domain-aware.
 
 ## 🎨 Admin Panel Features
 
--   **Domain Management UI**: A dedicated settings page in the admin panel (`Settings > Multi-Domain Settings`) allows administrators to create, view, update, and delete domains.
--   **Domain Selector**: Users belonging to multiple domains will see a "Select domain" option in the user menu (top right). This opens a modal allowing them to easily switch between their assigned domains, reloading the app context for the selected domain.
--   **"Unique by Domain" Custom Field**: The plugin registers a new custom field type named "Unique by domain". When applied to a text field on a content type, it ensures that the value of that field is unique among all entries of that type within the *same domain*.
--   **Content Manager Integration**: To prevent content from being created without a domain, the "Create new entry" button in the Content Manager is hidden when the "Super Admin" domain is selected.
+- **Domain Management UI**: A dedicated settings page in the admin panel (`Settings > Multi-Domain Settings`) allows administrators to create, view, update, and delete domains.
+- **Domain Selector**: Users belonging to multiple domains will see a "Select domain" option in the user menu (top right). This opens a modal allowing them to easily switch between their assigned domains, reloading the app context for the selected domain.
+- **"Unique by Domain" Custom Field**: The plugin registers a new custom field type named "Unique by domain". When applied to a text field on a content type, it ensures that the value of that field is unique among all entries of that type within the _same domain_.
+- **Content Manager Integration**: To prevent content from being created without a domain, the "Create new entry" button in the Content Manager is hidden when the "Super Admin" domain is selected.
 
 ## ⚙️ How it works
 
@@ -70,6 +71,7 @@ When using the **Users & Permissions plugin** with multi-domain functionality, t
 2. **Use API tokens assigned to domains**: Ensure all requests include an API token that is properly assigned to a specific domain. This allows the plugin to identify the correct domain context for the request.
 
 #### Example:
+
 ```javascript
 // In your route configuration
 module.exports = {
@@ -114,9 +116,7 @@ module.exports = {
        * By default, all content-types are scoped except for some internal Strapi models.
        * @returns {Set<string>}
        */
-      getOmitContentTypes: () => new Set([
-        'api::my-global-content-type.my-global-content-type',
-      ]),
+      getOmitContentTypes: () => new Set(['api::my-global-content-type.my-global-content-type']),
       /**
        * A list of content-api endpoints to exclude from domain logic.
        * e.g., ['/api/my-public-endpoint']
@@ -150,14 +150,14 @@ module.exports = {
 
 ### Configuration Options
 
--   `defaultDomain` (object): Configures the domain that is automatically created for super admins.
-    -   `name` (string): The display name for the default domain.
-    -   `customFields` (object): A JSON object for any custom data you want to associate with the domain.
--   `getOmitContentTypes` (function): Returns a `Set` of content-type UIDs that should be excluded from multi-domain. Use this for global, non-domain-specific content.
--   `getExcludedContentAPIEndpoints` (function): Returns an array of URL paths for Content API endpoints that should be publicly accessible and not scoped by domain.
--   `getExtraProxyDecorators` (function): An advanced feature that allows you to add custom logic to the database query proxy. This is useful for implementing complex, domain-specific business rules. It should return an array of objects, each with a `condition` and a `handler` function.
-    -   `condition` (function): Takes a `modelName` and returns `true` if the handler should be applied.
-    -   `handler` (function): A function that wraps the original database method, allowing you to modify its behavior. It receives the `target` repository, the original `targetElement` method, the Koa `ctx`, the method `prop` name, and the `modelName`.
+- `defaultDomain` (object): Configures the domain that is automatically created for super admins.
+  - `name` (string): The display name for the default domain.
+  - `customFields` (object): A JSON object for any custom data you want to associate with the domain.
+- `getOmitContentTypes` (function): Returns a `Set` of content-type UIDs that should be excluded from multi-domain. Use this for global, non-domain-specific content.
+- `getExcludedContentAPIEndpoints` (function): Returns an array of URL paths for Content API endpoints that should be publicly accessible and not scoped by domain.
+- `getExtraProxyDecorators` (function): An advanced feature that allows you to add custom logic to the database query proxy. This is useful for implementing complex, domain-specific business rules. It should return an array of objects, each with a `condition` and a `handler` function.
+  - `condition` (function): Takes a `modelName` and returns `true` if the handler should be applied.
+  - `handler` (function): A function that wraps the original database method, allowing you to modify its behavior. It receives the `target` repository, the original `targetElement` method, the Koa `ctx`, the method `prop` name, and the `modelName`.
 
 Here's an example of how you might use `getExtraProxyDecorators` to add an additional filter to a specific content type:
 
@@ -182,9 +182,7 @@ module.exports = {
        * By default, all content-types are scoped except for some internal Strapi models.
        * @returns {Set<string>}
        */
-      getOmitContentTypes: () => new Set([
-        'api::my-global-content-type.my-global-content-type',
-      ]),
+      getOmitContentTypes: () => new Set(['api::my-global-content-type.my-global-content-type']),
       /**
        * A list of content-api endpoints to exclude from domain logic.
        * e.g., ['/api/my-public-endpoint']
@@ -220,7 +218,6 @@ module.exports = {
 
 To run the tests for this plugin, navigate to the plugin's directory and run the following command:
 
-
 This will execute the Jest test suite. To run tests in watch mode, you can use `yarn test:watch`.
 
 ## 👨‍💻 For Developers: Advanced Customization via `shared/pluginIds.ts`
@@ -235,16 +232,48 @@ By changing the values in this file, you can fundamentally alter the plugin's id
 
 Here's a breakdown of the constants and what you can control by changing them:
 
--   `pluginId`: The official ID of the plugin (`multi-domain`). Changing this will alter the plugin's root path in Strapi, including settings URLs and permission domains.
+- `pluginId`: The official ID of the plugin (`multi-domain`). Changing this will alter the plugin's root path in Strapi, including settings URLs and permission domains.
+
+> **Note:** This value is derived from the `strapi.name` property in `package.json` and should always be kept in sync with it.
+
+- `modelId`: The singular ID for the domain content type (default: `'domain'`). Changing this renames the content type itself, which affects the database table, API endpoints, and the name of the relationship field added to other content types.
+- `modelServiceId`: The identifier for the domain service (default: `'domain'`). This should typically be kept in sync with `modelId`.
+- `userField`: The property name on the `user` object where associated domain information is stored (default: `'domain'`).
+- `modelRoute`: The base route for the domain management API (default: `'domains'`). This is derived from `modelId`, so changing `modelId` will automatically update this.
+- `COOKIE_NAME`: The name of the cookie used to store the user's currently selected domain (default: `'domain'`). You might change this to avoid naming conflicts with other cookies in your application.
+
+## 🔌 Supported Third-Party Plugins
+
+This plugin provides domain-scoped data isolation for the following third-party plugins:
+
+- [strapi-plugin-navigation](https://github.com/VirtusLab-Open-Source/strapi-plugin-navigation)
+- [strapi-plugin-comments](https://github.com/VirtusLab-Open-Source/strapi-plugin-comments)
+- [strapi-plugin-reactions](https://github.com/VirtusLab-Open-Source/strapi-plugin-reactions)
+
+### strapi-plugin-navigation
+
+Navigation items and navigations are automatically scoped to the current domain.
+
+### strapi-plugin-comments
 
-  > **Note:** This value is derived from the `strapi.name` property in `package.json` and should always be kept in sync with it.
+Comments and comment reports are automatically scoped to the current domain. Since the `Authorization` header is reserved for the domain API token, author identification for comments is handled via the `X-Author-Authorization` header:
+
+```
+X-Author-Authorization: Bearer <users-permissions-jwt>
+```
+
+This header is processed on comment endpoints that require author context: creating, updating, and deleting comments. If the token is valid, the resolved Strapi user is set as the comment author. Without this header, the comment must include an `author` object in the request body with `id`, `name`, and `email` fields.
+
+### strapi-plugin-reactions
+
+Reactions and reaction types are automatically scoped to the current domain. Since the `Authorization` header is reserved for the domain API token, author identification for reactions is handled via the `X-Author-Authorization` header:
+
+```
+X-Author-Authorization: Bearer <users-permissions-jwt>
+```
 
--   `modelId`: The singular ID for the domain content type (default: `'domain'`). Changing this renames the content type itself, which affects the database table, API endpoints, and the name of the relationship field added to other content types.
--   `modelServiceId`: The identifier for the domain service (default: `'domain'`). This should typically be kept in sync with `modelId`.
--   `userField`: The property name on the `user` object where associated domain information is stored (default: `'domain'`).
--   `modelRoute`: The base route for the domain management API (default: `'domains'`). This is derived from `modelId`, so changing `modelId` will automatically update this.
--   `COOKIE_NAME`: The name of the cookie used to store the user's currently selected domain (default: `'domain'`). You might change this to avoid naming conflicts with other cookies in your application.
+This header is processed on reaction endpoints: listing, creating, deleting, and toggling reactions. If the token is valid, the resolved Strapi user is set as the reaction author. The reactions plugin also supports its own `X-Reactions-Author` header for custom (non-Strapi) users. When `X-Reactions-Author` is present, `X-Author-Authorization` is ignored — custom author identification takes precedence.
 
 ## 📝 License
 
-All rights reserved. Copyright (c) [VirtusLab Ltd](https://virtuslab.com/).
+All rights reserved. Copyright (c) [VirtusLab Ltd](https://virtuslab.com/).