npm - @strapi/admin - Versions diffs - 4.14.2 → 4.14.3 - Mend

@strapi/admin 4.14.2 → 4.14.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (378) hide show

package/dist/server/services/user.d.ts ADDED Viewed

@@ -0,0 +1,96 @@
+/**
+ * Remove private user fields
+ * @param {Object} user - user to sanitize
+ */
+declare const sanitizeUser: (user: any) => {
+    roles: any;
+};
+/**
+ * Create and save a user in database
+ * @param attributes A partial user object
+ * @returns {Promise<user>}
+ */
+declare const create: (attributes: any) => Promise<any>;
+/**
+ * Update a user in database
+ * @param id query params to find the user to update
+ * @param attributes A partial user object
+ * @returns {Promise<user>}
+ */
+declare const updateById: (id: any, attributes: any) => Promise<any>;
+/**
+ * Reset a user password by email. (Used in admin:reset CLI)
+ * @param {string} email - user email
+ * @param {string} password - new password
+ */
+declare const resetPasswordByEmail: (email: string, password: string) => Promise<void>;
+/**
+ * Check if a user with specific attributes exists in the database
+ * @param attributes A partial user object
+ * @returns {Promise<boolean>}
+ */
+declare const exists: (attributes?: {}) => Promise<boolean>;
+/**
+ * Returns a user registration info
+ * @param {string} registrationToken - a user registration token
+ * @returns {Promise<registrationInfo>} - Returns user email, firstname and lastname
+ */
+declare const findRegistrationInfo: (registrationToken: string) => Promise<Pick<any, "email" | "firstname" | "lastname"> | undefined>;
+/**
+ * Registers a user based on a registrationToken and some informations to update
+ * @param {Object} params
+ * @param {Object} params.registrationToken registration token
+ * @param {Object} params.userInfo user info
+ */
+declare const register: ({ registrationToken, userInfo }: any) => Promise<any>;
+/**
+ * Find one user
+ */
+declare const findOne: (id: any, populate?: string[]) => Promise<import("@strapi/types/dist/types/core/attributes").GetValues<"admin::user", string> | null>;
+/**
+ * Find one user by its email
+ * @param {string} id  email
+ * @param {string || string[] || object} populate
+ * @returns
+ */
+declare const findOneByEmail: (email: string, populate?: never[]) => Promise<any>;
+/** Find many users (paginated)
+ * @param query
+ * @returns {Promise<user>}
+ */
+declare const findPage: (query?: {}) => Promise<import("@strapi/types/dist/modules/entity-service").PaginatedResult<"admin::user", {
+    populate: string[];
+}>>;
+/** Delete a user
+ * @param id id of the user to delete
+ * @returns {Promise<user>}
+ */
+declare const deleteById: (id: any) => Promise<any>;
+/** Delete a user
+ * @param ids ids of the users to delete
+ * @returns {Promise<user>}
+ */
+declare const deleteByIds: (ids: any[]) => Promise<any[]>;
+/** Count the users that don't have any associated roles
+ * @returns {Promise<number>}
+ */
+declare const countUsersWithoutRole: () => Promise<number>;
+/**
+ * Count the number of users based on search params
+ * @param params params used for the query
+ * @returns {Promise<number>}
+ */
+declare const count: (where?: {}) => Promise<number>;
+/** Assign some roles to several users
+ * @returns {undefined}
+ */
+declare const assignARoleToAll: (roleId: any) => Promise<void>;
+/** Display a warning if some users don't have at least one role
+ * @returns {Promise<>}
+ */
+declare const displayWarningIfUsersDontHaveRole: () => Promise<void>;
+/** Returns an array of interface languages currently used by users
+ * @returns {Promise<Array<string>>}
+ */
+declare const getLanguagesInUse: () => Promise<any[]>;
+export { create, updateById, exists, findRegistrationInfo, register, sanitizeUser, findOne, findOneByEmail, findPage, deleteById, deleteByIds, countUsersWithoutRole, count, assignARoleToAll, displayWarningIfUsersDontHaveRole, resetPasswordByEmail, getLanguagesInUse, };

package/dist/server/services/user.js ADDED Viewed

@@ -0,0 +1,311 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getLanguagesInUse = exports.resetPasswordByEmail = exports.displayWarningIfUsersDontHaveRole = exports.assignARoleToAll = exports.count = exports.countUsersWithoutRole = exports.deleteByIds = exports.deleteById = exports.findPage = exports.findOneByEmail = exports.findOne = exports.sanitizeUser = exports.register = exports.findRegistrationInfo = exports.exists = exports.updateById = exports.create = void 0;
+const lodash_1 = __importDefault(require("lodash"));
+const fp_1 = require("lodash/fp");
+const utils_1 = require("@strapi/utils");
+const user_1 = require("../domain/user");
+const common_validators_1 = require("../validation/common-validators");
+const utils_2 = require("../utils");
+const constants_1 = require("./constants");
+const { ValidationError } = utils_1.errors;
+const sanitizeUserRoles = (role) => lodash_1.default.pick(role, ['id', 'name', 'description', 'code']);
+/**
+ * Remove private user fields
+ * @param {Object} user - user to sanitize
+ */
+const sanitizeUser = (user) => {
+    return {
+        ...lodash_1.default.omit(user, ['password', 'resetPasswordToken', 'registrationToken', 'roles']),
+        roles: user.roles && user.roles.map(sanitizeUserRoles),
+    };
+};
+exports.sanitizeUser = sanitizeUser;
+/**
+ * Create and save a user in database
+ * @param attributes A partial user object
+ * @returns {Promise<user>}
+ */
+const create = async (attributes) => {
+    const userInfo = {
+        registrationToken: (0, utils_2.getService)('token').createToken(),
+        ...attributes,
+    };
+    if (lodash_1.default.has(attributes, 'password')) {
+        userInfo.password = await (0, utils_2.getService)('auth').hashPassword(attributes.password);
+    }
+    const user = (0, user_1.createUser)(userInfo);
+    const createdUser = await strapi.query('admin::user').create({ data: user, populate: ['roles'] });
+    (0, utils_2.getService)('metrics').sendDidInviteUser();
+    strapi.eventHub.emit('user.create', { user: sanitizeUser(createdUser) });
+    return createdUser;
+};
+exports.create = create;
+/**
+ * Update a user in database
+ * @param id query params to find the user to update
+ * @param attributes A partial user object
+ * @returns {Promise<user>}
+ */
+const updateById = async (id, attributes) => {
+    // Check at least one super admin remains
+    if (lodash_1.default.has(attributes, 'roles')) {
+        const lastAdminUser = await isLastSuperAdminUser(id);
+        const superAdminRole = await (0, utils_2.getService)('role').getSuperAdminWithUsersCount();
+        const willRemoveSuperAdminRole = !(0, utils_1.stringIncludes)(attributes.roles, superAdminRole.id);
+        if (lastAdminUser && willRemoveSuperAdminRole) {
+            throw new ValidationError('You must have at least one user with super admin role.');
+        }
+    }
+    // cannot disable last super admin
+    if (attributes.isActive === false) {
+        const lastAdminUser = await isLastSuperAdminUser(id);
+        if (lastAdminUser) {
+            throw new ValidationError('You must have at least one user with super admin role.');
+        }
+    }
+    // hash password if a new one is sent
+    if (lodash_1.default.has(attributes, 'password')) {
+        const hashedPassword = await (0, utils_2.getService)('auth').hashPassword(attributes.password);
+        const updatedUser = await strapi.query('admin::user').update({
+            where: { id },
+            data: {
+                ...attributes,
+                password: hashedPassword,
+            },
+            populate: ['roles'],
+        });
+        strapi.eventHub.emit('user.update', { user: sanitizeUser(updatedUser) });
+        return updatedUser;
+    }
+    const updatedUser = await strapi.query('admin::user').update({
+        where: { id },
+        data: attributes,
+        populate: ['roles'],
+    });
+    if (updatedUser) {
+        strapi.eventHub.emit('user.update', { user: sanitizeUser(updatedUser) });
+    }
+    return updatedUser;
+};
+exports.updateById = updateById;
+/**
+ * Reset a user password by email. (Used in admin:reset CLI)
+ * @param {string} email - user email
+ * @param {string} password - new password
+ */
+const resetPasswordByEmail = async (email, password) => {
+    const user = await strapi.query('admin::user').findOne({ where: { email }, populate: ['roles'] });
+    if (!user) {
+        throw new Error(`User not found for email: ${email}`);
+    }
+    try {
+        await common_validators_1.password.validate(password);
+    }
+    catch (error) {
+        throw new ValidationError('Invalid password. Expected a minimum of 8 characters with at least one number and one uppercase letter');
+    }
+    await updateById(user.id, { password });
+};
+exports.resetPasswordByEmail = resetPasswordByEmail;
+/**
+ * Check if a user is the last super admin
+ * @param {int|string} userId user's id to look for
+ */
+const isLastSuperAdminUser = async (userId) => {
+    const user = await findOne(userId);
+    const superAdminRole = await (0, utils_2.getService)('role').getSuperAdminWithUsersCount();
+    // @ts-expect-error
+    return superAdminRole.usersCount === 1 && (0, user_1.hasSuperAdminRole)(user);
+};
+/**
+ * Check if a user with specific attributes exists in the database
+ * @param attributes A partial user object
+ * @returns {Promise<boolean>}
+ */
+const exists = async (attributes = {}) => {
+    return (await strapi.query('admin::user').count({ where: attributes })) > 0;
+};
+exports.exists = exists;
+/**
+ * Returns a user registration info
+ * @param {string} registrationToken - a user registration token
+ * @returns {Promise<registrationInfo>} - Returns user email, firstname and lastname
+ */
+const findRegistrationInfo = async (registrationToken) => {
+    const user = await strapi.query('admin::user').findOne({ where: { registrationToken } });
+    if (!user) {
+        return undefined;
+    }
+    return lodash_1.default.pick(user, ['email', 'firstname', 'lastname']);
+};
+exports.findRegistrationInfo = findRegistrationInfo;
+/**
+ * Registers a user based on a registrationToken and some informations to update
+ * @param {Object} params
+ * @param {Object} params.registrationToken registration token
+ * @param {Object} params.userInfo user info
+ */
+const register = async ({ registrationToken, userInfo }) => {
+    const matchingUser = await strapi.query('admin::user').findOne({ where: { registrationToken } });
+    if (!matchingUser) {
+        throw new ValidationError('Invalid registration info');
+    }
+    return (0, utils_2.getService)('user').updateById(matchingUser.id, {
+        password: userInfo.password,
+        firstname: userInfo.firstname,
+        lastname: userInfo.lastname,
+        registrationToken: null,
+        isActive: true,
+    });
+};
+exports.register = register;
+/**
+ * Find one user
+ */
+const findOne = async (id, populate = ['roles']) => {
+    return strapi.entityService.findOne('admin::user', id, { populate });
+};
+exports.findOne = findOne;
+/**
+ * Find one user by its email
+ * @param {string} id  email
+ * @param {string || string[] || object} populate
+ * @returns
+ */
+const findOneByEmail = async (email, populate = []) => {
+    return strapi.query('admin::user').findOne({
+        where: { email },
+        populate,
+    });
+};
+exports.findOneByEmail = findOneByEmail;
+/** Find many users (paginated)
+ * @param query
+ * @returns {Promise<user>}
+ */
+const findPage = async (query = {}) => {
+    const enrichedQuery = (0, fp_1.defaults)({ populate: ['roles'] }, query);
+    return strapi.entityService.findPage('admin::user', enrichedQuery);
+};
+exports.findPage = findPage;
+/** Delete a user
+ * @param id id of the user to delete
+ * @returns {Promise<user>}
+ */
+const deleteById = async (id) => {
+    // Check at least one super admin remains
+    const userToDelete = await strapi.query('admin::user').findOne({
+        where: { id },
+        populate: ['roles'],
+    });
+    if (!userToDelete) {
+        return null;
+    }
+    if (userToDelete) {
+        if (userToDelete.roles.some((r) => r.code === constants_1.SUPER_ADMIN_CODE)) {
+            const superAdminRole = await (0, utils_2.getService)('role').getSuperAdminWithUsersCount();
+            if (superAdminRole.usersCount === 1) {
+                throw new ValidationError('You must have at least one user with super admin role.');
+            }
+        }
+    }
+    const deletedUser = await strapi
+        .query('admin::user')
+        .delete({ where: { id }, populate: ['roles'] });
+    strapi.eventHub.emit('user.delete', { user: sanitizeUser(deletedUser) });
+    return deletedUser;
+};
+exports.deleteById = deleteById;
+/** Delete a user
+ * @param ids ids of the users to delete
+ * @returns {Promise<user>}
+ */
+const deleteByIds = async (ids) => {
+    // Check at least one super admin remains
+    const superAdminRole = await (0, utils_2.getService)('role').getSuperAdminWithUsersCount();
+    const nbOfSuperAdminToDelete = await strapi.query('admin::user').count({
+        where: {
+            id: ids,
+            roles: { id: superAdminRole.id },
+        },
+    });
+    if (superAdminRole.usersCount === nbOfSuperAdminToDelete) {
+        throw new ValidationError('You must have at least one user with super admin role.');
+    }
+    const deletedUsers = [];
+    for (const id of ids) {
+        const deletedUser = await strapi.query('admin::user').delete({
+            where: { id },
+            populate: ['roles'],
+        });
+        deletedUsers.push(deletedUser);
+    }
+    strapi.eventHub.emit('user.delete', {
+        users: deletedUsers.map((deletedUser) => sanitizeUser(deletedUser)),
+    });
+    return deletedUsers;
+};
+exports.deleteByIds = deleteByIds;
+/** Count the users that don't have any associated roles
+ * @returns {Promise<number>}
+ */
+const countUsersWithoutRole = async () => {
+    return strapi.query('admin::user').count({
+        where: {
+            roles: {
+                id: { $null: true },
+            },
+        },
+    });
+};
+exports.countUsersWithoutRole = countUsersWithoutRole;
+/**
+ * Count the number of users based on search params
+ * @param params params used for the query
+ * @returns {Promise<number>}
+ */
+const count = async (where = {}) => {
+    return strapi.query('admin::user').count({ where });
+};
+exports.count = count;
+/** Assign some roles to several users
+ * @returns {undefined}
+ */
+const assignARoleToAll = async (roleId) => {
+    const users = await strapi.query('admin::user').findMany({
+        select: ['id'],
+        where: {
+            roles: { id: { $null: true } },
+        },
+    });
+    await Promise.all(users.map((user) => {
+        return strapi.query('admin::user').update({
+            where: { id: user.id },
+            data: { roles: [roleId] },
+        });
+    }));
+};
+exports.assignARoleToAll = assignARoleToAll;
+/** Display a warning if some users don't have at least one role
+ * @returns {Promise<>}
+ */
+const displayWarningIfUsersDontHaveRole = async () => {
+    const count = await countUsersWithoutRole();
+    if (count > 0) {
+        strapi.log.warn(`Some users (${count}) don't have any role.`);
+    }
+};
+exports.displayWarningIfUsersDontHaveRole = displayWarningIfUsersDontHaveRole;
+/** Returns an array of interface languages currently used by users
+ * @returns {Promise<Array<string>>}
+ */
+const getLanguagesInUse = async () => {
+    const users = await strapi.query('admin::user').findMany({ select: ['preferedLanguage'] });
+    return users.map((user) => user.preferedLanguage || 'en');
+};
+exports.getLanguagesInUse = getLanguagesInUse;
+//# sourceMappingURL=user.js.map

package/dist/server/services/user.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"user.js","sourceRoot":"","sources":["../../../server/src/services/user.ts"],"names":[],"mappings":";;;;;;AAAA,oDAAuB;AACvB,kCAAqC;AACrC,yCAAuD;AACvD,yCAA+D;AAC/D,uEAAgF;AAChF,oCAAsC;AACtC,2CAA+C;AAE/C,MAAM,EAAE,eAAe,EAAE,GAAG,cAAM,CAAC;AACnC,MAAM,iBAAiB,GAAG,CAAC,IAAY,EAAE,EAAE,CAAC,gBAAC,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,CAAC,CAAC,CAAC;AAEhG;;;GAGG;AACH,MAAM,YAAY,GAAG,CAAC,IAAS,EAAE,EAAE;IACjC,OAAO;QACL,GAAG,gBAAC,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,UAAU,EAAE,oBAAoB,EAAE,mBAAmB,EAAE,OAAO,CAAC,CAAC;QACjF,KAAK,EAAE,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,iBAAiB,CAAC;KACvD,CAAC;AACJ,CAAC,CAAC;AA4UA,oCAAY;AA1Ud;;;;GAIG;AACH,MAAM,MAAM,GAAG,KAAK,EAAE,UAAe,EAAE,EAAE;IACvC,MAAM,QAAQ,GAAG;QACf,iBAAiB,EAAE,IAAA,kBAAU,EAAC,OAAO,CAAC,CAAC,WAAW,EAAE;QACpD,GAAG,UAAU;KACd,CAAC;IAEF,IAAI,gBAAC,CAAC,GAAG,CAAC,UAAU,EAAE,UAAU,CAAC,EAAE;QACjC,QAAQ,CAAC,QAAQ,GAAG,MAAM,IAAA,kBAAU,EAAC,MAAM,CAAC,CAAC,YAAY,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;KAChF;IAED,MAAM,IAAI,GAAG,IAAA,iBAAU,EAAC,QAAQ,CAAC,CAAC;IAElC,MAAM,WAAW,GAAG,MAAM,MAAM,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;IAElG,IAAA,kBAAU,EAAC,SAAS,CAAC,CAAC,iBAAiB,EAAE,CAAC;IAE1C,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,EAAE,EAAE,IAAI,EAAE,YAAY,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;IAEzE,OAAO,WAAW,CAAC;AACrB,CAAC,CAAC;AA6SA,wBAAM;AA3SR;;;;;GAKG;AACH,MAAM,UAAU,GAAG,KAAK,EAAE,EAAO,EAAE,UAAe,EAAE,EAAE;IACpD,yCAAyC;IACzC,IAAI,gBAAC,CAAC,GAAG,CAAC,UAAU,EAAE,OAAO,CAAC,EAAE;QAC9B,MAAM,aAAa,GAAG,MAAM,oBAAoB,CAAC,EAAE,CAAC,CAAC;QACrD,MAAM,cAAc,GAAG,MAAM,IAAA,kBAAU,EAAC,MAAM,CAAC,CAAC,2BAA2B,EAAE,CAAC;QAC9E,MAAM,wBAAwB,GAAG,CAAC,IAAA,sBAAc,EAAC,UAAU,CAAC,KAAK,EAAE,cAAc,CAAC,EAAE,CAAC,CAAC;QAEtF,IAAI,aAAa,IAAI,wBAAwB,EAAE;YAC7C,MAAM,IAAI,eAAe,CAAC,wDAAwD,CAAC,CAAC;SACrF;KACF;IAED,kCAAkC;IAClC,IAAI,UAAU,CAAC,QAAQ,KAAK,KAAK,EAAE;QACjC,MAAM,aAAa,GAAG,MAAM,oBAAoB,CAAC,EAAE,CAAC,CAAC;QACrD,IAAI,aAAa,EAAE;YACjB,MAAM,IAAI,eAAe,CAAC,wDAAwD,CAAC,CAAC;SACrF;KACF;IAED,qCAAqC;IACrC,IAAI,gBAAC,CAAC,GAAG,CAAC,UAAU,EAAE,UAAU,CAAC,EAAE;QACjC,MAAM,cAAc,GAAG,MAAM,IAAA,kBAAU,EAAC,MAAM,CAAC,CAAC,YAAY,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;QAElF,MAAM,WAAW,GAAG,MAAM,MAAM,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,MAAM,CAAC;YAC3D,KAAK,EAAE,EAAE,EAAE,EAAE;YACb,IAAI,EAAE;gBACJ,GAAG,UAAU;gBACb,QAAQ,EAAE,cAAc;aACzB;YACD,QAAQ,EAAE,CAAC,OAAO,CAAC;SACpB,CAAC,CAAC;QAEH,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,EAAE,EAAE,IAAI,EAAE,YAAY,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;QAEzE,OAAO,WAAW,CAAC;KACpB;IAED,MAAM,WAAW,GAAG,MAAM,MAAM,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,MAAM,CAAC;QAC3D,KAAK,EAAE,EAAE,EAAE,EAAE;QACb,IAAI,EAAE,UAAU;QAChB,QAAQ,EAAE,CAAC,OAAO,CAAC;KACpB,CAAC,CAAC;IAEH,IAAI,WAAW,EAAE;QACf,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,EAAE,EAAE,IAAI,EAAE,YAAY,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;KAC1E;IAED,OAAO,WAAW,CAAC;AACrB,CAAC,CAAC;AAqPA,gCAAU;AAnPZ;;;;GAIG;AACH,MAAM,oBAAoB,GAAG,KAAK,EAAE,KAAa,EAAE,QAAgB,EAAE,EAAE;IACrE,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,EAAE,QAAQ,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;IAElG,IAAI,CAAC,IAAI,EAAE;QACT,MAAM,IAAI,KAAK,CAAC,6BAA6B,KAAK,EAAE,CAAC,CAAC;KACvD;IAED,IAAI;QACF,MAAM,4BAAiB,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;KAC5C;IAAC,OAAO,KAAK,EAAE;QACd,MAAM,IAAI,eAAe,CACvB,wGAAwG,CACzG,CAAC;KACH;IAED,MAAM,UAAU,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,QAAQ,EAAE,CAAC,CAAC;AAC1C,CAAC,CAAC;AA4OA,oDAAoB;AA1OtB;;;GAGG;AACH,MAAM,oBAAoB,GAAG,KAAK,EAAE,MAAW,EAAE,EAAE;IACjD,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,MAAM,CAAC,CAAC;IACnC,MAAM,cAAc,GAAG,MAAM,IAAA,kBAAU,EAAC,MAAM,CAAC,CAAC,2BAA2B,EAAE,CAAC;IAE9E,mBAAmB;IACnB,OAAO,cAAc,CAAC,UAAU,KAAK,CAAC,IAAI,IAAA,wBAAiB,EAAC,IAAI,CAAC,CAAC;AACpE,CAAC,CAAC;AAEF;;;;GAIG;AACH,MAAM,MAAM,GAAG,KAAK,EAAE,UAAU,GAAG,EAAE,EAAE,EAAE;IACvC,OAAO,CAAC,MAAM,MAAM,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,KAAK,CAAC,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC;AAC9E,CAAC,CAAC;AA0MA,wBAAM;AAxMR;;;;GAIG;AACH,MAAM,oBAAoB,GAAG,KAAK,EAAE,iBAAyB,EAAE,EAAE;IAC/D,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,EAAE,iBAAiB,EAAE,EAAE,CAAC,CAAC;IAEzF,IAAI,CAAC,IAAI,EAAE;QACT,OAAO,SAAS,CAAC;KAClB;IAED,OAAO,gBAAC,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,OAAO,EAAE,WAAW,EAAE,UAAU,CAAC,CAAC,CAAC;AAC1D,CAAC,CAAC;AA4LA,oDAAoB;AA1LtB;;;;;GAKG;AACH,MAAM,QAAQ,GAAG,KAAK,EAAE,EAAE,iBAAiB,EAAE,QAAQ,EAAO,EAAE,EAAE;IAC9D,MAAM,YAAY,GAAG,MAAM,MAAM,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,EAAE,iBAAiB,EAAE,EAAE,CAAC,CAAC;IAEjG,IAAI,CAAC,YAAY,EAAE;QACjB,MAAM,IAAI,eAAe,CAAC,2BAA2B,CAAC,CAAC;KACxD;IAED,OAAO,IAAA,kBAAU,EAAC,MAAM,CAAC,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,EAAE;QACpD,QAAQ,EAAE,QAAQ,CAAC,QAAQ;QAC3B,SAAS,EAAE,QAAQ,CAAC,SAAS;QAC7B,QAAQ,EAAE,QAAQ,CAAC,QAAQ;QAC3B,iBAAiB,EAAE,IAAI;QACvB,QAAQ,EAAE,IAAI;KACf,CAAC,CAAC;AACL,CAAC,CAAC;AAuKA,4BAAQ;AArKV;;GAEG;AACH,MAAM,OAAO,GAAG,KAAK,EAAE,EAAO,EAAE,QAAQ,GAAG,CAAC,OAAO,CAAC,EAAE,EAAE;IACtD,OAAO,MAAM,CAAC,aAAa,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,EAAE,EAAE,QAAQ,EAAE,CAAC,CAAC;AACvE,CAAC,CAAC;AAkKA,0BAAO;AAhKT;;;;;GAKG;AACH,MAAM,cAAc,GAAG,KAAK,EAAE,KAAa,EAAE,QAAQ,GAAG,EAAE,EAAE,EAAE;IAC5D,OAAO,MAAM,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,OAAO,CAAC;QACzC,KAAK,EAAE,EAAE,KAAK,EAAE;QAChB,QAAQ;KACT,CAAC,CAAC;AACL,CAAC,CAAC;AAsJA,wCAAc;AApJhB;;;GAGG;AACH,MAAM,QAAQ,GAAG,KAAK,EAAE,KAAK,GAAG,EAAE,EAAE,EAAE;IACpC,MAAM,aAAa,GAAG,IAAA,aAAQ,EAAC,EAAE,QAAQ,EAAE,CAAC,OAAO,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC;IAC/D,OAAO,MAAM,CAAC,aAAa,CAAC,QAAQ,CAAC,aAAa,EAAE,aAAa,CAAC,CAAC;AACrE,CAAC,CAAC;AA8IA,4BAAQ;AA5IV;;;GAGG;AACH,MAAM,UAAU,GAAG,KAAK,EAAE,EAAO,EAAE,EAAE;IACnC,yCAAyC;IACzC,MAAM,YAAY,GAAG,MAAM,MAAM,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,OAAO,CAAC;QAC7D,KAAK,EAAE,EAAE,EAAE,EAAE;QACb,QAAQ,EAAE,CAAC,OAAO,CAAC;KACpB,CAAC,CAAC;IAEH,IAAI,CAAC,YAAY,EAAE;QACjB,OAAO,IAAI,CAAC;KACb;IAED,IAAI,YAAY,EAAE;QAChB,IAAI,YAAY,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,4BAAgB,CAAC,EAAE;YACpE,MAAM,cAAc,GAAG,MAAM,IAAA,kBAAU,EAAC,MAAM,CAAC,CAAC,2BAA2B,EAAE,CAAC;YAC9E,IAAI,cAAc,CAAC,UAAU,KAAK,CAAC,EAAE;gBACnC,MAAM,IAAI,eAAe,CAAC,wDAAwD,CAAC,CAAC;aACrF;SACF;KACF;IAED,MAAM,WAAW,GAAG,MAAM,MAAM;SAC7B,KAAK,CAAC,aAAa,CAAC;SACpB,MAAM,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,EAAE,QAAQ,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;IAElD,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,EAAE,EAAE,IAAI,EAAE,YAAY,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;IAEzE,OAAO,WAAW,CAAC;AACrB,CAAC,CAAC;AA8GA,gCAAU;AA5GZ;;;GAGG;AACH,MAAM,WAAW,GAAG,KAAK,EAAE,GAAU,EAAE,EAAE;IACvC,yCAAyC;IACzC,MAAM,cAAc,GAAG,MAAM,IAAA,kBAAU,EAAC,MAAM,CAAC,CAAC,2BAA2B,EAAE,CAAC;IAC9E,MAAM,sBAAsB,GAAG,MAAM,MAAM,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,KAAK,CAAC;QACrE,KAAK,EAAE;YACL,EAAE,EAAE,GAAG;YACP,KAAK,EAAE,EAAE,EAAE,EAAE,cAAc,CAAC,EAAE,EAAE;SACjC;KACF,CAAC,CAAC;IAEH,IAAI,cAAc,CAAC,UAAU,KAAK,sBAAsB,EAAE;QACxD,MAAM,IAAI,eAAe,CAAC,wDAAwD,CAAC,CAAC;KACrF;IAED,MAAM,YAAY,GAAG,EAAE,CAAC;IACxB,KAAK,MAAM,EAAE,IAAI,GAAG,EAAE;QACpB,MAAM,WAAW,GAAG,MAAM,MAAM,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,MAAM,CAAC;YAC3D,KAAK,EAAE,EAAE,EAAE,EAAE;YACb,QAAQ,EAAE,CAAC,OAAO,CAAC;SACpB,CAAC,CAAC;QAEH,YAAY,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;KAChC;IAED,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,EAAE;QAClC,KAAK,EAAE,YAAY,CAAC,GAAG,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC,YAAY,CAAC,WAAW,CAAC,CAAC;KACpE,CAAC,CAAC;IAEH,OAAO,YAAY,CAAC;AACtB,CAAC,CAAC;AA4EA,kCAAW;AA1Eb;;GAEG;AACH,MAAM,qBAAqB,GAAG,KAAK,IAAI,EAAE;IACvC,OAAO,MAAM,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,KAAK,CAAC;QACvC,KAAK,EAAE;YACL,KAAK,EAAE;gBACL,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE;aACpB;SACF;KACF,CAAC,CAAC;AACL,CAAC,CAAC;AAgEA,sDAAqB;AA9DvB;;;;GAIG;AACH,MAAM,KAAK,GAAG,KAAK,EAAE,KAAK,GAAG,EAAE,EAAE,EAAE;IACjC,OAAO,MAAM,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,KAAK,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;AACtD,CAAC,CAAC;AAwDA,sBAAK;AAtDP;;GAEG;AACH,MAAM,gBAAgB,GAAG,KAAK,EAAE,MAAW,EAAE,EAAE;IAC7C,MAAM,KAAK,GAAG,MAAM,MAAM,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,QAAQ,CAAC;QACvD,MAAM,EAAE,CAAC,IAAI,CAAC;QACd,KAAK,EAAE;YACL,KAAK,EAAE,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;SAC/B;KACF,CAAC,CAAC;IAEH,MAAM,OAAO,CAAC,GAAG,CACf,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE;QACjB,OAAO,MAAM,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,MAAM,CAAC;YACxC,KAAK,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE;YACtB,IAAI,EAAE,EAAE,KAAK,EAAE,CAAC,MAAM,CAAC,EAAE;SAC1B,CAAC,CAAC;IACL,CAAC,CAAC,CACH,CAAC;AACJ,CAAC,CAAC;AAoCA,4CAAgB;AAlClB;;GAEG;AACH,MAAM,iCAAiC,GAAG,KAAK,IAAI,EAAE;IACnD,MAAM,KAAK,GAAG,MAAM,qBAAqB,EAAE,CAAC;IAE5C,IAAI,KAAK,GAAG,CAAC,EAAE;QACb,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,eAAe,KAAK,wBAAwB,CAAC,CAAC;KAC/D;AACH,CAAC,CAAC;AA0BA,8EAAiC;AAxBnC;;GAEG;AACH,MAAM,iBAAiB,GAAG,KAAK,IAAI,EAAE;IACnC,MAAM,KAAK,GAAG,MAAM,MAAM,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC,kBAAkB,CAAC,EAAE,CAAC,CAAC;IAE3F,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,gBAAgB,IAAI,IAAI,CAAC,CAAC;AAC5D,CAAC,CAAC;AAmBA,8CAAiB"}

package/dist/server/strategies/admin.d.ts ADDED Viewed

@@ -0,0 +1,25 @@
+/** @type {import('.').AuthenticateFunction} */
+export declare const authenticate: (ctx: any) => Promise<{
+    authenticated: boolean;
+    credentials?: undefined;
+    ability?: undefined;
+} | {
+    authenticated: boolean;
+    credentials: any;
+    ability: import("@casl/ability").Ability<import("@casl/ability").AbilityTuple, any>;
+}>;
+export declare const name = "admin";
+/** @type {import('.').AuthStrategy} */
+declare const _default: {
+    name: string;
+    authenticate: (ctx: any) => Promise<{
+        authenticated: boolean;
+        credentials?: undefined;
+        ability?: undefined;
+    } | {
+        authenticated: boolean;
+        credentials: any;
+        ability: import("@casl/ability").Ability<import("@casl/ability").AbilityTuple, any>;
+    }>;
+};
+export default _default;

package/dist/server/strategies/admin.js ADDED Viewed

@@ -0,0 +1,44 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.name = exports.authenticate = void 0;
+const utils_1 = require("../utils");
+/** @type {import('.').AuthenticateFunction} */
+const authenticate = async (ctx) => {
+    const { authorization } = ctx.request.header;
+    if (!authorization) {
+        return { authenticated: false };
+    }
+    const parts = authorization.split(/\s+/);
+    if (parts[0].toLowerCase() !== 'bearer' || parts.length !== 2) {
+        return { authenticated: false };
+    }
+    const token = parts[1];
+    const { payload, isValid } = (0, utils_1.getService)('token').decodeJwtToken(token);
+    if (!isValid) {
+        return { authenticated: false };
+    }
+    const user = await strapi
+        .query('admin::user')
+        .findOne({ where: { id: payload.id }, populate: ['roles'] });
+    if (!user || !(user.isActive === true)) {
+        return { authenticated: false };
+    }
+    const userAbility = await (0, utils_1.getService)('permission').engine.generateUserAbility(user);
+    // TODO: use the ability from ctx.state.auth instead of
+    // ctx.state.userAbility, and remove the assign below
+    ctx.state.userAbility = userAbility;
+    ctx.state.user = user;
+    return {
+        authenticated: true,
+        credentials: user,
+        ability: userAbility,
+    };
+};
+exports.authenticate = authenticate;
+exports.name = 'admin';
+/** @type {import('.').AuthStrategy} */
+exports.default = {
+    name: exports.name,
+    authenticate: exports.authenticate,
+};
+//# sourceMappingURL=admin.js.map

package/dist/server/strategies/admin.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"admin.js","sourceRoot":"","sources":["../../../server/src/strategies/admin.ts"],"names":[],"mappings":";;;AAAA,oCAAsC;AAEtC,+CAA+C;AACxC,MAAM,YAAY,GAAG,KAAK,EAAE,GAAQ,EAAE,EAAE;IAC7C,MAAM,EAAE,aAAa,EAAE,GAAG,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC;IAE7C,IAAI,CAAC,aAAa,EAAE;QAClB,OAAO,EAAE,aAAa,EAAE,KAAK,EAAE,CAAC;KACjC;IAED,MAAM,KAAK,GAAG,aAAa,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAEzC,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,KAAK,QAAQ,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE;QAC7D,OAAO,EAAE,aAAa,EAAE,KAAK,EAAE,CAAC;KACjC;IAED,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;IACvB,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,IAAA,kBAAU,EAAC,OAAO,CAAC,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;IAEvE,IAAI,CAAC,OAAO,EAAE;QACZ,OAAO,EAAE,aAAa,EAAE,KAAK,EAAE,CAAC;KACjC;IAED,MAAM,IAAI,GAAG,MAAM,MAAM;SACtB,KAAK,CAAC,aAAa,CAAC;SACpB,OAAO,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,OAAO,CAAC,EAAE,EAAE,EAAE,QAAQ,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;IAE/D,IAAI,CAAC,IAAI,IAAI,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,IAAI,CAAC,EAAE;QACtC,OAAO,EAAE,aAAa,EAAE,KAAK,EAAE,CAAC;KACjC;IAED,MAAM,WAAW,GAAG,MAAM,IAAA,kBAAU,EAAC,YAAY,CAAC,CAAC,MAAM,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC;IAEpF,uDAAuD;IACvD,qDAAqD;IACrD,GAAG,CAAC,KAAK,CAAC,WAAW,GAAG,WAAW,CAAC;IACpC,GAAG,CAAC,KAAK,CAAC,IAAI,GAAG,IAAI,CAAC;IAEtB,OAAO;QACL,aAAa,EAAE,IAAI;QACnB,WAAW,EAAE,IAAI;QACjB,OAAO,EAAE,WAAW;KACrB,CAAC;AACJ,CAAC,CAAC;AAxCW,QAAA,YAAY,gBAwCvB;AAEW,QAAA,IAAI,GAAG,OAAO,CAAC;AAE5B,uCAAuC;AACvC,kBAAe;IACb,IAAI,EAAJ,YAAI;IACJ,YAAY,EAAZ,oBAAY;CACb,CAAC"}

package/dist/server/strategies/api-token.d.ts ADDED Viewed

@@ -0,0 +1,60 @@
+/**
+ * Authenticate the validity of the token
+ *
+ *  @type {import('.').AuthenticateFunction}
+ */
+export declare const authenticate: (ctx: any) => Promise<{
+    authenticated: boolean;
+    error?: undefined;
+    ability?: undefined;
+    credentials?: undefined;
+} | {
+    authenticated: boolean;
+    error: import("@strapi/utils/dist/errors").UnauthorizedError;
+    ability?: undefined;
+    credentials?: undefined;
+} | {
+    authenticated: boolean;
+    ability: import("@casl/ability").Ability<import("@casl/ability").AbilityTuple, any>;
+    credentials: any;
+    error?: undefined;
+} | {
+    authenticated: boolean;
+    credentials: any;
+    error?: undefined;
+    ability?: undefined;
+}>;
+/**
+ * Verify the token has the required abilities for the requested scope
+ *
+ *  @type {import('.').VerifyFunction}
+ */
+export declare const verify: (auth: any, config: any) => void;
+export declare const name = "api-token";
+/** @type {import('.').AuthStrategy} */
+declare const _default: {
+    name: string;
+    authenticate: (ctx: any) => Promise<{
+        authenticated: boolean;
+        error?: undefined;
+        ability?: undefined;
+        credentials?: undefined;
+    } | {
+        authenticated: boolean;
+        error: import("@strapi/utils/dist/errors").UnauthorizedError;
+        ability?: undefined;
+        credentials?: undefined;
+    } | {
+        authenticated: boolean;
+        ability: import("@casl/ability").Ability<import("@casl/ability").AbilityTuple, any>;
+        credentials: any;
+        error?: undefined;
+    } | {
+        authenticated: boolean;
+        credentials: any;
+        error?: undefined;
+        ability?: undefined;
+    }>;
+    verify: (auth: any, config: any) => void;
+};
+export default _default;

package/dist/server/strategies/api-token.js ADDED Viewed

@@ -0,0 +1,121 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.name = exports.verify = exports.authenticate = void 0;
+const fp_1 = require("lodash/fp");
+const date_fns_1 = require("date-fns");
+const utils_1 = require("@strapi/utils");
+const constants_1 = __importDefault(require("../services/constants"));
+const utils_2 = require("../utils");
+const { UnauthorizedError, ForbiddenError } = utils_1.errors;
+const isReadScope = (scope) => scope.endsWith('find') || scope.endsWith('findOne');
+const extractToken = (ctx) => {
+    if (ctx.request && ctx.request.header && ctx.request.header.authorization) {
+        const parts = ctx.request.header.authorization.split(/\s+/);
+        if (parts[0].toLowerCase() !== 'bearer' || parts.length !== 2) {
+            return null;
+        }
+        return parts[1];
+    }
+    return null;
+};
+/**
+ * Authenticate the validity of the token
+ *
+ *  @type {import('.').AuthenticateFunction}
+ */
+const authenticate = async (ctx) => {
+    const apiTokenService = (0, utils_2.getService)('api-token');
+    const token = extractToken(ctx);
+    if (!token) {
+        return { authenticated: false };
+    }
+    // @ts-ignore
+    const apiToken = await apiTokenService.getBy({
+        accessKey: apiTokenService.hash(token),
+    });
+    // token not found
+    if (!apiToken) {
+        return { authenticated: false };
+    }
+    const currentDate = new Date();
+    if (!(0, fp_1.isNil)(apiToken.expiresAt)) {
+        const expirationDate = new Date(apiToken.expiresAt);
+        // token has expired
+        if (expirationDate < currentDate) {
+            return { authenticated: false, error: new UnauthorizedError('Token expired') };
+        }
+    }
+    // update lastUsedAt if the token has not been used in the last hour
+    // @ts-ignore
+    const hoursSinceLastUsed = (0, date_fns_1.differenceInHours)(currentDate, (0, date_fns_1.parseISO)(apiToken.lastUsedAt));
+    if (hoursSinceLastUsed >= 1) {
+        await strapi.query('admin::api-token').update({
+            where: { id: apiToken.id },
+            data: { lastUsedAt: currentDate },
+        });
+    }
+    if (apiToken.type === constants_1.default.API_TOKEN_TYPE.CUSTOM) {
+        const ability = await strapi.contentAPI.permissions.engine.generateAbility(apiToken.permissions.map((action) => ({ action })));
+        return { authenticated: true, ability, credentials: apiToken };
+    }
+    return { authenticated: true, credentials: apiToken };
+};
+exports.authenticate = authenticate;
+/**
+ * Verify the token has the required abilities for the requested scope
+ *
+ *  @type {import('.').VerifyFunction}
+ */
+const verify = (auth, config) => {
+    const { credentials: apiToken, ability } = auth;
+    if (!apiToken) {
+        throw new UnauthorizedError('Token not found');
+    }
+    const currentDate = new Date();
+    if (!(0, fp_1.isNil)(apiToken.expiresAt)) {
+        const expirationDate = new Date(apiToken.expiresAt);
+        // token has expired
+        if (expirationDate < currentDate) {
+            throw new UnauthorizedError('Token expired');
+        }
+    }
+    // Full access
+    if (apiToken.type === constants_1.default.API_TOKEN_TYPE.FULL_ACCESS) {
+        return;
+    }
+    // Read only
+    if (apiToken.type === constants_1.default.API_TOKEN_TYPE.READ_ONLY) {
+        /**
+         * If you don't have `full-access` you can only access `find` and `findOne`
+         * scopes. If the route has no scope, then you can't get access to it.
+         */
+        const scopes = (0, fp_1.castArray)(config.scope);
+        if (config.scope && scopes.every(isReadScope)) {
+            return;
+        }
+    }
+    // Custom
+    else if (apiToken.type === constants_1.default.API_TOKEN_TYPE.CUSTOM) {
+        if (!ability) {
+            throw new ForbiddenError();
+        }
+        const scopes = (0, fp_1.castArray)(config.scope);
+        const isAllowed = scopes.every((scope) => ability.can(scope));
+        if (isAllowed) {
+            return;
+        }
+    }
+    throw new ForbiddenError();
+};
+exports.verify = verify;
+exports.name = 'api-token';
+/** @type {import('.').AuthStrategy} */
+exports.default = {
+    name: 'api-token',
+    authenticate: exports.authenticate,
+    verify: exports.verify,
+};
+//# sourceMappingURL=api-token.js.map