npm - @strapi/admin - Versions diffs - 4.20.4 → 5.0.0-alpha.0 - Mend

@strapi/admin 4.20.4 → 5.0.0-alpha.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (1192) hide show

package/dist/server/index.mjs CHANGED Viewed

@@ -1,5 +1,5 @@
-import { merge, map, uniq, difference, isNil, castArray, pick, curry, pipe, prop, includes, isArray, set, omit, isEmpty, has, defaults, remove, eq, get, differenceWith, differenceBy, toLower, isFunction, some, flatMap, isObject, cloneDeep, getOr, intersection, isPlainObject, matchesProperty, propEq, xor, startsWith, isString, isNumber, values, sumBy, trim, isUndefined, mapKeys } from "lodash/fp";
-import utils$1, { pipeAsync, errors, yup, validateYupSchema, policy, getAbsoluteAdminUrl, stringIncludes, hooks as hooks$1, generateTimestampCode, validateYupSchemaSync, providerFactory, sanitize, contentTypes, traverse, traverseEntity, validate, env, stringEquals } from "@strapi/utils";
+import { merge, map, uniq, difference, isNil, castArray, pick, curry, pipe, prop, includes, isArray, set, omit, isEmpty, has, defaults, remove, eq, get, differenceWith, differenceBy, isEqual, toLower, isFunction, some, flatMap, isObject, cloneDeep, getOr, intersection, isPlainObject, matchesProperty, propEq, xor, startsWith, isString, isNumber, values, sumBy, trim, isUndefined, mapKeys } from "lodash/fp";
+import utils$1, { async, errors, yup, validateYupSchema, policy, arrays, convertQueryParams, hooks as hooks$1, dates, validateYupSchemaSync, providerFactory, sanitize, contentTypes, traverse, traverseEntity, validate, env, strings } from "@strapi/utils";
 import "@strapi/types";
 import path, { resolve, basename, join, extname } from "path";
 import fse, { exists as exists$4 } from "fs-extra";
@@ -7,7 +7,6 @@ import koaStatic from "koa-static";
 import { differenceInHours, parseISO } from "date-fns";
 import _$1, { pick as pick$1 } from "lodash";
 import bcrypt from "bcryptjs";
-import deepEqual from "fast-deep-equal";
 import passport$1 from "koa-passport";
 import { Strategy } from "passport-local";
 import crypto from "crypto";
@@ -18,7 +17,6 @@ import permissions$1 from "@strapi/permissions";
 import pmap from "p-map";
 import assert from "assert";
 import fs from "fs";
-import "koa-bodyparser";
 import tsUtils from "@strapi/typescript-utils";
 import compose from "koa-compose";
 import { strapi as strapi$1 } from "@strapi/data-transfer";
@@ -305,14 +303,13 @@ const syncAuthSettings = async () => {
 };
 const syncAPITokensPermissions = async () => {
   const validPermissions = strapi.contentAPI.permissions.providers.action.keys();
-  const permissionsInDB = await pipeAsync(
-    strapi.query("admin::api-token-permission").findMany,
-    // @ts-expect-error lodash types
+  const permissionsInDB = await async.pipe(
+    strapi.db.query("admin::api-token-permission").findMany,
     map("action")
   )();
   const unknownPermissions = uniq(difference(permissionsInDB, validPermissions));
   if (unknownPermissions.length > 0) {
-    await strapi.query("admin::api-token-permission").deleteMany({ where: { action: { $in: unknownPermissions } } });
+    await strapi.db.query("admin::api-token-permission").deleteMany({ where: { action: { $in: unknownPermissions } } });
   }
 };
 const bootstrap = async ({ strapi: strapi2 }) => {
@@ -332,7 +329,7 @@ const bootstrap = async ({ strapi: strapi2 }) => {
   await userService.displayWarningIfUsersDontHaveRole();
   await syncAuthSettings();
   await syncAPITokensPermissions();
-  getService("metrics").sendUpdateProjectInformation();
+  getService("metrics").sendUpdateProjectInformation(strapi2);
   getService("metrics").startCron(strapi2);
   apiTokenService.checkSaltIsDefined();
   transferService.token.checkSaltIsDefined();
@@ -404,7 +401,7 @@ const authenticate$2 = async (ctx) => {
   if (!isValid) {
     return { authenticated: false };
   }
-  const user2 = await strapi.query("admin::user").findOne({ where: { id: payload.id }, populate: ["roles"] });
+  const user2 = await strapi.db.query("admin::user").findOne({ where: { id: payload.id }, populate: ["roles"] });
   if (!user2 || !(user2.isActive === true)) {
     return { authenticated: false };
   }
@@ -493,7 +490,7 @@ const authenticate$1 = async (ctx) => {
   }
   const hoursSinceLastUsed = differenceInHours(currentDate, parseISO(apiToken2.lastUsedAt));
   if (hoursSinceLastUsed >= 1) {
-    await strapi.query("admin::api-token").update({
+    await strapi.db.query("admin::api-token").update({
       where: { id: apiToken2.id },
       data: { lastUsedAt: currentDate }
     });
@@ -546,9 +543,9 @@ const apiTokenAuthStrategy = {
 const register$1 = ({ strapi: strapi2 }) => {
   const passportMiddleware = strapi2.admin?.services.passport.init();
   strapi2.server.api("admin").use(passportMiddleware);
-  strapi2.container.get("auth").register("admin", adminAuthStrategy);
-  strapi2.container.get("auth").register("content-api", apiTokenAuthStrategy);
-  if (strapi2.config.serveAdminPanel) {
+  strapi2.get("auth").register("admin", adminAuthStrategy);
+  strapi2.get("auth").register("content-api", apiTokenAuthStrategy);
+  if (strapi2.config.get("admin.serveAdminPanel")) {
     registerAdminPanelRoute({ strapi: strapi2 });
   }
 };
@@ -1169,7 +1166,7 @@ const authenticate = async (ctx) => {
   }
   const hoursSinceLastUsed = differenceInHours(currentDate, parseISO(transferToken2.lastUsedAt));
   if (hoursSinceLastUsed >= 1) {
-    await strapi.query("admin::api-token").update({
+    await strapi.db.query("admin::api-token").update({
       where: { id: transferToken2.id },
       data: { lastUsedAt: currentDate }
     });
@@ -1324,7 +1321,7 @@ const { ApplicationError: ApplicationError$7 } = errors;
 const hashPassword = (password2) => bcrypt.hash(password2, 10);
 const validatePassword = (password2, hash2) => bcrypt.compare(password2, hash2);
 const checkCredentials = async ({ email: email2, password: password2 }) => {
-  const user2 = await strapi.query("admin::user").findOne({ where: { email: email2 } });
+  const user2 = await strapi.db.query("admin::user").findOne({ where: { email: email2 } });
   if (!user2 || !user2.password) {
     return [null, false, { message: "Invalid credentials" }];
   }
@@ -1338,14 +1335,14 @@ const checkCredentials = async ({ email: email2, password: password2 }) => {
   return [null, user2];
 };
 const forgotPassword = async ({ email: email2 } = {}) => {
-  const user2 = await strapi.query("admin::user").findOne({ where: { email: email2, isActive: true } });
+  const user2 = await strapi.db.query("admin::user").findOne({ where: { email: email2, isActive: true } });
   if (!user2) {
     return;
   }
   const resetPasswordToken = getService("token").createToken();
   await getService("user").updateById(user2.id, { resetPasswordToken });
-  const url = `${getAbsoluteAdminUrl(
-    strapi.config
+  const url = `${strapi.config.get(
+    "admin.absoluteUrl"
   )}/auth/reset-password?code=${resetPasswordToken}`;
   return strapi.plugin("email").service("email").sendTemplatedEmail(
     {
@@ -1363,7 +1360,7 @@ const forgotPassword = async ({ email: email2 } = {}) => {
   });
 };
 const resetPassword = async ({ resetPasswordToken, password: password2 } = {}) => {
-  const matchingUser = await strapi.query("admin::user").findOne({ where: { resetPasswordToken, isActive: true } });
+  const matchingUser = await strapi.db.query("admin::user").findOne({ where: { resetPasswordToken, isActive: true } });
   if (!matchingUser) {
     throw new ApplicationError$7();
   }
@@ -1610,7 +1607,7 @@ const create$5 = async (attributes) => {
     userInfo.password = await getService("auth").hashPassword(attributes.password);
   }
   const user2 = createUser(userInfo);
-  const createdUser = await strapi.query("admin::user").create({ data: user2, populate: ["roles"] });
+  const createdUser = await strapi.db.query("admin::user").create({ data: user2, populate: ["roles"] });
   getService("metrics").sendDidInviteUser();
   strapi.eventHub.emit("user.create", { user: sanitizeUser(createdUser) });
   return createdUser;
@@ -1619,7 +1616,7 @@ const updateById = async (id, attributes) => {
   if (_$1.has(attributes, "roles")) {
     const lastAdminUser = await isLastSuperAdminUser(id);
     const superAdminRole = await getService("role").getSuperAdminWithUsersCount();
-    const willRemoveSuperAdminRole = !stringIncludes(attributes.roles, superAdminRole.id);
+    const willRemoveSuperAdminRole = !arrays.includesString(attributes.roles, superAdminRole.id);
     if (lastAdminUser && willRemoveSuperAdminRole) {
       throw new ValidationError$4("You must have at least one user with super admin role.");
     }
@@ -1632,7 +1629,7 @@ const updateById = async (id, attributes) => {
   }
   if (_$1.has(attributes, "password")) {
     const hashedPassword = await getService("auth").hashPassword(attributes.password);
-    const updatedUser2 = await strapi.query("admin::user").update({
+    const updatedUser2 = await strapi.db.query("admin::user").update({
       where: { id },
       data: {
         ...attributes,
@@ -1643,7 +1640,7 @@ const updateById = async (id, attributes) => {
     strapi.eventHub.emit("user.update", { user: sanitizeUser(updatedUser2) });
     return updatedUser2;
   }
-  const updatedUser = await strapi.query("admin::user").update({
+  const updatedUser = await strapi.db.query("admin::user").update({
     where: { id },
     data: attributes,
     populate: ["roles"]
@@ -1654,7 +1651,7 @@ const updateById = async (id, attributes) => {
   return updatedUser;
 };
 const resetPasswordByEmail = async (email2, password$1) => {
-  const user2 = await strapi.query("admin::user").findOne({ where: { email: email2 }, populate: ["roles"] });
+  const user2 = await strapi.db.query("admin::user").findOne({ where: { email: email2 }, populate: ["roles"] });
   if (!user2) {
     throw new Error(`User not found for email: ${email2}`);
   }
@@ -1675,10 +1672,10 @@ const isLastSuperAdminUser = async (userId) => {
   return superAdminRole.usersCount === 1 && hasSuperAdminRole$1(user2);
 };
 const exists$3 = async (attributes = {}) => {
-  return await strapi.query("admin::user").count({ where: attributes }) > 0;
+  return await strapi.db.query("admin::user").count({ where: attributes }) > 0;
 };
 const findRegistrationInfo = async (registrationToken) => {
-  const user2 = await strapi.query("admin::user").findOne({ where: { registrationToken } });
+  const user2 = await strapi.db.query("admin::user").findOne({ where: { registrationToken } });
   if (!user2) {
     return void 0;
   }
@@ -1688,7 +1685,7 @@ const register = async ({
   registrationToken,
   userInfo
 }) => {
-  const matchingUser = await strapi.query("admin::user").findOne({ where: { registrationToken } });
+  const matchingUser = await strapi.db.query("admin::user").findOne({ where: { registrationToken } });
   if (!matchingUser) {
     throw new ValidationError$4("Invalid registration info");
   }
@@ -1701,20 +1698,23 @@ const register = async ({
   });
 };
 const findOne$1 = async (id, populate = ["roles"]) => {
-  return strapi.entityService.findOne("admin::user", id, { populate });
+  return strapi.db.query("admin::user").findOne({ where: { id }, populate });
 };
 const findOneByEmail = async (email2, populate = []) => {
-  return strapi.query("admin::user").findOne({
+  return strapi.db.query("admin::user").findOne({
     where: { email: { $eqi: email2 } },
     populate
   });
 };
-const findPage = async (query = {}) => {
-  const enrichedQuery = defaults({ populate: ["roles"] }, query);
-  return strapi.entityService.findPage("admin::user", enrichedQuery);
+const findPage = async (params = {}) => {
+  const query = convertQueryParams.transformParamsToQuery(
+    "admin::user",
+    defaults({ populate: ["roles"] }, params)
+  );
+  return strapi.db.query("admin::user").findPage(query);
 };
 const deleteById = async (id) => {
-  const userToDelete = await strapi.query("admin::user").findOne({
+  const userToDelete = await strapi.db.query("admin::user").findOne({
     where: { id },
     populate: ["roles"]
   });
@@ -1729,13 +1729,13 @@ const deleteById = async (id) => {
       }
     }
   }
-  const deletedUser = await strapi.query("admin::user").delete({ where: { id }, populate: ["roles"] });
+  const deletedUser = await strapi.db.query("admin::user").delete({ where: { id }, populate: ["roles"] });
   strapi.eventHub.emit("user.delete", { user: sanitizeUser(deletedUser) });
   return deletedUser;
 };
 const deleteByIds$2 = async (ids) => {
   const superAdminRole = await getService("role").getSuperAdminWithUsersCount();
-  const nbOfSuperAdminToDelete = await strapi.query("admin::user").count({
+  const nbOfSuperAdminToDelete = await strapi.db.query("admin::user").count({
     where: {
       id: ids,
       roles: { id: superAdminRole.id }
@@ -1746,7 +1746,7 @@ const deleteByIds$2 = async (ids) => {
   }
   const deletedUsers = [];
   for (const id of ids) {
-    const deletedUser = await strapi.query("admin::user").delete({
+    const deletedUser = await strapi.db.query("admin::user").delete({
       where: { id },
       populate: ["roles"]
     });
@@ -1758,7 +1758,7 @@ const deleteByIds$2 = async (ids) => {
   return deletedUsers;
 };
 const countUsersWithoutRole = async () => {
-  return strapi.query("admin::user").count({
+  return strapi.db.query("admin::user").count({
     where: {
       roles: {
         id: { $null: true }
@@ -1767,10 +1767,10 @@ const countUsersWithoutRole = async () => {
   });
 };
 const count$1 = async (where = {}) => {
-  return strapi.query("admin::user").count({ where });
+  return strapi.db.query("admin::user").count({ where });
 };
 const assignARoleToAll = async (roleId) => {
-  const users2 = await strapi.query("admin::user").findMany({
+  const users2 = await strapi.db.query("admin::user").findMany({
     select: ["id"],
     where: {
       roles: { id: { $null: true } }
@@ -1778,7 +1778,7 @@ const assignARoleToAll = async (roleId) => {
   });
   await Promise.all(
     users2.map((user2) => {
-      return strapi.query("admin::user").update({
+      return strapi.db.query("admin::user").update({
         where: { id: user2.id },
         data: { roles: [roleId] }
       });
@@ -1792,7 +1792,7 @@ const displayWarningIfUsersDontHaveRole = async () => {
   }
 };
 const getLanguagesInUse = async () => {
-  const users2 = await strapi.query("admin::user").findMany({ select: ["preferedLanguage"] });
+  const users2 = await strapi.db.query("admin::user").findMany({ select: ["preferedLanguage"] });
   return users2.map((user2) => user2.preferedLanguage || "en");
 };
 const user$1 = {
@@ -1867,10 +1867,12 @@ const sanitizeConditions = curry(
     );
   }
 );
-const toPermission = (payload) => (
-  // @ts-expect-error
-  isArray(payload) ? map(create$4, payload) : create$4(payload)
-);
+function toPermission(payload) {
+  if (isArray(payload)) {
+    return map((value) => create$4(value), payload);
+  }
+  return create$4(payload);
+}
 const permissionDomain = {
   addCondition,
   removeCondition,
@@ -1934,7 +1936,7 @@ const pickComparableFields = pick(COMPARABLE_FIELDS);
 const jsonClean = (data) => JSON.parse(JSON.stringify(data));
 const arePermissionsEqual = (p1, p2) => {
   if (p1.action === p2.action) {
-    return deepEqual(jsonClean(pickComparableFields(p1)), jsonClean(pickComparableFields(p2)));
+    return isEqual(jsonClean(pickComparableFields(p1)), jsonClean(pickComparableFields(p2)));
   }
   return false;
 };
@@ -1945,33 +1947,30 @@ const create$3 = async (attributes) => {
       `The name must be unique and a role with name \`${attributes.name}\` already exists.`
     );
   }
-  const autoGeneratedCode = `${_$1.kebabCase(attributes.name)}-${generateTimestampCode()}`;
+  const autoGeneratedCode = `${_$1.kebabCase(attributes.name)}-${dates.timestampCode()}`;
   const rolesWithCode = {
     ...attributes,
     code: attributes.code || autoGeneratedCode
   };
-  const result = await strapi.query("admin::role").create({ data: rolesWithCode });
+  const result = await strapi.db.query("admin::role").create({ data: rolesWithCode });
   strapi.eventHub.emit("role.create", { role: sanitizeRole(result) });
   return result;
 };
 const findOne = (params = {}, populate) => {
-  return strapi.query("admin::role").findOne({ where: params, populate });
+  return strapi.db.query("admin::role").findOne({ where: params, populate });
 };
 const findOneWithUsersCount = async (params = {}, populate) => {
-  const role2 = await strapi.query("admin::role").findOne({ where: params, populate });
+  const role2 = await strapi.db.query("admin::role").findOne({ where: params, populate });
   if (role2) {
     role2.usersCount = await getUsersCount(role2.id);
   }
   return role2;
 };
 const find = (params = {}, populate) => {
-  return strapi.query("admin::role").findMany({ where: params, populate });
+  return strapi.db.query("admin::role").findMany({ where: params, populate });
 };
 const findAllWithUsersCount = async (params) => {
-  const roles2 = await strapi.entityService.findMany(
-    "admin::role",
-    params
-  );
+  const roles2 = await strapi.db.query("admin::role").findMany(convertQueryParams.transformParamsToQuery("admin::role", params));
   for (const role2 of roles2) {
     role2.usersCount = await getUsersCount(role2.id);
   }
@@ -1990,20 +1989,20 @@ const update$3 = async (params, attributes) => {
       );
     }
   }
-  const result = await strapi.query("admin::role").update({ where: params, data: sanitizedAttributes });
+  const result = await strapi.db.query("admin::role").update({ where: params, data: sanitizedAttributes });
   strapi.eventHub.emit("role.update", { role: sanitizeRole(result) });
   return result;
 };
 const exists$2 = async (params = {}) => {
-  const count2 = await strapi.query("admin::role").count({ where: params });
+  const count2 = await strapi.db.query("admin::role").count({ where: params });
   return count2 > 0;
 };
 const count = async (params = {}) => {
-  return strapi.query("admin::role").count(params);
+  return strapi.db.query("admin::role").count(params);
 };
 const checkRolesIdForDeletion = async (ids = []) => {
   const superAdminRole = await getSuperAdmin();
-  if (superAdminRole && stringIncludes(ids, superAdminRole.id)) {
+  if (superAdminRole && arrays.includesString(ids, superAdminRole.id)) {
     throw new ApplicationError$6("You cannot delete the super admin role");
   }
   for (const roleId of ids) {
@@ -2018,7 +2017,7 @@ const deleteByIds$1 = async (ids = []) => {
   await getService("permission").deleteByRolesIds(ids);
   const deletedRoles = [];
   for (const id of ids) {
-    const deletedRole = await strapi.query("admin::role").delete({ where: { id } });
+    const deletedRole = await strapi.db.query("admin::role").delete({ where: { id } });
     if (deletedRole) {
       strapi.eventHub.emit("role.delete", { role: deletedRole });
       deletedRoles.push(deletedRole);
@@ -2027,7 +2026,7 @@ const deleteByIds$1 = async (ids = []) => {
   return deletedRoles;
 };
 const getUsersCount = async (roleId) => {
-  return strapi.query("admin::user").count({ where: { roles: { id: roleId } } });
+  return strapi.db.query("admin::user").count({ where: { roles: { id: roleId } } });
 };
 const getSuperAdmin = () => findOne({ code: SUPER_ADMIN_CODE$1 });
 const getSuperAdminWithUsersCount = () => findOneWithUsersCount({ code: SUPER_ADMIN_CODE$1 });
@@ -2259,7 +2258,7 @@ const decodeJwtToken = (token2) => {
   }
 };
 const checkSecretIsDefined = () => {
-  if (strapi.config.serveAdminPanel && !strapi.config.get("admin.auth.secret")) {
+  if (strapi.config.get("admin.serveAdminPanel") && !strapi.config.get("admin.auth.secret")) {
     throw new Error(
       `Missing auth.secret. Please set auth.secret in config/admin.js (ex: you can generate one using Node with \`crypto.randomBytes(16).toString('base64')\`).
 For security reasons, prefer storing the secret in an environment variable and read it in config/admin.js. See https://docs.strapi.io/developer-docs/latest/setup-deployment-guides/configurations/optional/environment.html#configuration-using-environment-variables.`
@@ -2422,7 +2421,7 @@ const createConditionProvider = () => {
   };
 };
 const {
-  visitors: { removePassword }
+  visitors: { removePassword, expandWildcardPopulate }
 } = sanitize;
 const {
   constants: constants$1,
@@ -2433,6 +2432,7 @@ const {
 } = contentTypes;
 const {
   ID_ATTRIBUTE: ID_ATTRIBUTE$1,
+  DOC_ID_ATTRIBUTE: DOC_ID_ATTRIBUTE$1,
   CREATED_AT_ATTRIBUTE: CREATED_AT_ATTRIBUTE$1,
   UPDATED_AT_ATTRIBUTE: UPDATED_AT_ATTRIBUTE$1,
   PUBLISHED_AT_ATTRIBUTE: PUBLISHED_AT_ATTRIBUTE$1,
@@ -2440,14 +2440,14 @@ const {
   UPDATED_BY_ATTRIBUTE: UPDATED_BY_ATTRIBUTE$1
 } = constants$1;
 const COMPONENT_FIELDS$1 = ["__component"];
-const STATIC_FIELDS$1 = [ID_ATTRIBUTE$1];
+const STATIC_FIELDS$1 = [ID_ATTRIBUTE$1, DOC_ID_ATTRIBUTE$1];
 const createSanitizeHelpers = ({ action: action2, ability, model }) => {
   const schema = strapi.getModel(model);
   const { removeDisallowedFields } = sanitize.visitors;
   const createSanitizeQuery = (options = {}) => {
     const { fields } = options;
     const permittedFields = fields.shouldIncludeAll ? null : getQueryFields(fields.permitted);
-    const sanitizeFilters = pipeAsync(
+    const sanitizeFilters = async.pipe(
       traverse.traverseQueryFilters(removeDisallowedFields(permittedFields), { schema }),
       traverse.traverseQueryFilters(omitDisallowedAdminUserFields, { schema }),
       traverse.traverseQueryFilters(omitHiddenFields, { schema }),
@@ -2461,7 +2461,7 @@ const createSanitizeHelpers = ({ action: action2, ability, model }) => {
         { schema }
       )
     );
-    const sanitizeSort = pipeAsync(
+    const sanitizeSort = async.pipe(
       traverse.traverseQuerySort(removeDisallowedFields(permittedFields), { schema }),
       traverse.traverseQuerySort(omitDisallowedAdminUserFields, { schema }),
       traverse.traverseQuerySort(omitHiddenFields, { schema }),
@@ -2475,13 +2475,14 @@ const createSanitizeHelpers = ({ action: action2, ability, model }) => {
         { schema }
       )
     );
-    const sanitizePopulate = pipeAsync(
+    const sanitizePopulate = async.pipe(
+      traverse.traverseQueryPopulate(expandWildcardPopulate, { schema }),
       traverse.traverseQueryPopulate(removeDisallowedFields(permittedFields), { schema }),
       traverse.traverseQueryPopulate(omitDisallowedAdminUserFields, { schema }),
       traverse.traverseQueryPopulate(omitHiddenFields, { schema }),
       traverse.traverseQueryPopulate(removePassword, { schema })
     );
-    const sanitizeFields = pipeAsync(
+    const sanitizeFields = async.pipe(
       traverse.traverseQueryFields(removeDisallowedFields(permittedFields), { schema }),
       traverse.traverseQueryFields(omitHiddenFields, { schema }),
       traverse.traverseQueryFields(removePassword, { schema })
@@ -2506,11 +2507,10 @@ const createSanitizeHelpers = ({ action: action2, ability, model }) => {
   const createSanitizeOutput = (options = {}) => {
     const { fields } = options;
     const permittedFields = fields.shouldIncludeAll ? null : getOutputFields(fields.permitted);
-    return pipeAsync(
+    return async.pipe(
       // Remove fields hidden from the admin
       traverseEntity(omitHiddenFields, { schema }),
       // Remove unallowed fields from admin::user relations
-      // @ts-expect-error lodash types
       traverseEntity(pickAllowedAdminUserFields, { schema }),
       // Remove not allowed fields (RBAC)
       traverseEntity(removeDisallowedFields(permittedFields), { schema }),
@@ -2521,11 +2521,10 @@ const createSanitizeHelpers = ({ action: action2, ability, model }) => {
   const createSanitizeInput = (options = {}) => {
     const { fields } = options;
     const permittedFields = fields.shouldIncludeAll ? null : getInputFields(fields.permitted);
-    return pipeAsync(
+    return async.pipe(
       // Remove fields hidden from the admin
       traverseEntity(omitHiddenFields, { schema }),
       // Remove not allowed fields (RBAC)
-      // @ts-expect-error lodash types
       traverseEntity(removeDisallowedFields(permittedFields), { schema }),
       // Remove roles from createdBy & updateBy fields
       omitCreatorRoles
@@ -2629,6 +2628,7 @@ const { throwPassword, throwDisallowedFields } = validate.visitors;
 const { constants, isScalarAttribute, getNonVisibleAttributes, getWritableAttributes } = contentTypes;
 const {
   ID_ATTRIBUTE,
+  DOC_ID_ATTRIBUTE,
   CREATED_AT_ATTRIBUTE,
   UPDATED_AT_ATTRIBUTE,
   PUBLISHED_AT_ATTRIBUTE,
@@ -2636,45 +2636,52 @@ const {
   UPDATED_BY_ATTRIBUTE
 } = constants;
 const COMPONENT_FIELDS = ["__component"];
-const STATIC_FIELDS = [ID_ATTRIBUTE];
-const throwInvalidParam = ({ key }) => {
-  throw new ValidationError$3(`Invalid parameter ${key}`);
+const STATIC_FIELDS = [ID_ATTRIBUTE, DOC_ID_ATTRIBUTE];
+const throwInvalidParam = ({ key, path: path2 }) => {
+  const msg = path2 && path2 !== key ? `Invalid parameter ${key} at ${path2}` : `Invalid parameter ${key}`;
+  throw new ValidationError$3(msg);
 };
 const createValidateHelpers = ({ action: action2, ability, model }) => {
   const schema = strapi.getModel(model);
   const createValidateQuery = (options = {}) => {
     const { fields } = options;
     const permittedFields = fields.shouldIncludeAll ? null : getQueryFields(fields.permitted);
-    const validateFilters = pipeAsync(
+    const validateFilters = async.pipe(
       traverse.traverseQueryFilters(throwDisallowedFields(permittedFields), { schema }),
       traverse.traverseQueryFilters(throwDisallowedAdminUserFields, { schema }),
       traverse.traverseQueryFilters(throwPassword, { schema }),
       traverse.traverseQueryFilters(
-        ({ key, value }) => {
+        ({ key, value, path: path2 }) => {
           if (isObject(value) && isEmpty(value)) {
-            throwInvalidParam({ key });
+            throwInvalidParam({ key, path: path2.attribute });
           }
         },
         { schema }
       )
     );
-    const validateSort = pipeAsync(
+    const validateSort = async.pipe(
       traverse.traverseQuerySort(throwDisallowedFields(permittedFields), { schema }),
       traverse.traverseQuerySort(throwDisallowedAdminUserFields, { schema }),
       traverse.traverseQuerySort(throwPassword, { schema }),
       traverse.traverseQuerySort(
-        ({ key, attribute, value }) => {
+        ({ key, attribute, value, path: path2 }) => {
           if (!isScalarAttribute(attribute) && isEmpty(value)) {
-            throwInvalidParam({ key });
+            throwInvalidParam({ key, path: path2.attribute });
           }
         },
         { schema }
       )
     );
-    const validateFields = pipeAsync(
+    const validateFields = async.pipe(
       traverse.traverseQueryFields(throwDisallowedFields(permittedFields), { schema }),
       traverse.traverseQueryFields(throwPassword, { schema })
     );
+    const validatePopulate = async.pipe(
+      traverse.traverseQueryPopulate(throwDisallowedFields(permittedFields), { schema }),
+      traverse.traverseQueryPopulate(throwDisallowedAdminUserFields, { schema }),
+      traverse.traverseQueryPopulate(throwHiddenFields, { schema }),
+      traverse.traverseQueryPopulate(throwPassword, { schema })
+    );
     return async (query) => {
       if (query.filters) {
         await validateFilters(query.filters);
@@ -2685,17 +2692,19 @@ const createValidateHelpers = ({ action: action2, ability, model }) => {
       if (query.fields) {
         await validateFields(query.fields);
       }
+      if (query.populate && query.populate !== "*") {
+        await validatePopulate(query.populate);
+      }
       return true;
     };
   };
   const createValidateInput = (options = {}) => {
     const { fields } = options;
     const permittedFields = fields.shouldIncludeAll ? null : getInputFields(fields.permitted);
-    return pipeAsync(
+    return async.pipe(
       // Remove fields hidden from the admin
       traverseEntity(throwHiddenFields, { schema }),
       // Remove not allowed fields (RBAC)
-      // @ts-expect-error lodash types
       traverseEntity(throwDisallowedFields(permittedFields), { schema }),
       // Remove roles from createdBy & updatedBy fields
       omitCreatorRoles
@@ -2732,15 +2741,15 @@ const createValidateHelpers = ({ action: action2, ability, model }) => {
     return defaults({ subject: subject$1(model, data), action: action2 }, options);
   };
   const omitCreatorRoles = omit([`${CREATED_BY_ATTRIBUTE}.roles`, `${UPDATED_BY_ATTRIBUTE}.roles`]);
-  const throwHiddenFields = ({ key, schema: schema2 }) => {
+  const throwHiddenFields = ({ key, schema: schema2, path: path2 }) => {
     const isHidden = getOr(false, ["config", "attributes", key, "hidden"], schema2);
     if (isHidden) {
-      throwInvalidParam({ key });
+      throwInvalidParam({ key, path: path2.attribute });
     }
   };
-  const throwDisallowedAdminUserFields = ({ key, attribute, schema: schema2 }) => {
+  const throwDisallowedAdminUserFields = ({ key, attribute, schema: schema2, path: path2 }) => {
     if (schema2.uid === "admin::user" && attribute && !ADMIN_USER_ALLOWED_FIELDS.includes(key)) {
-      throwInvalidParam({ key });
+      throwInvalidParam({ key, path: path2.attribute });
     }
   };
   const getInputFields = (fields = []) => {
@@ -3111,7 +3120,7 @@ const createDefaultSectionBuilder = () => {
   return builder;
 };
 const deleteByRolesIds = async (rolesIds) => {
-  const permissionsToDelete = await strapi.query("admin::permission").findMany({
+  const permissionsToDelete = await strapi.db.query("admin::permission").findMany({
     select: ["id"],
     where: {
       role: { id: rolesIds }
@@ -3124,7 +3133,7 @@ const deleteByRolesIds = async (rolesIds) => {
 const deleteByIds = async (ids) => {
   const result = [];
   for (const id of ids) {
-    const queryResult = await strapi.query("admin::permission").delete({ where: { id } });
+    const queryResult = await strapi.db.query("admin::permission").delete({ where: { id } });
     result.push(queryResult);
   }
   strapi.eventHub.emit("permission.delete", { permissions: result });
@@ -3132,7 +3141,7 @@ const deleteByIds = async (ids) => {
 const createMany = async (permissions2) => {
   const createdPermissions = [];
   for (const permission2 of permissions2) {
-    const newPerm = await strapi.query("admin::permission").create({ data: permission2 });
+    const newPerm = await strapi.db.query("admin::permission").create({ data: permission2 });
     createdPermissions.push(newPerm);
   }
   const permissionsToReturn = permissionDomain.toPermission(createdPermissions);
@@ -3140,13 +3149,13 @@ const createMany = async (permissions2) => {
   return permissionsToReturn;
 };
 const update$2 = async (params, attributes) => {
-  const updatedPermission = await strapi.query("admin::permission").update({ where: params, data: attributes });
+  const updatedPermission = await strapi.db.query("admin::permission").update({ where: params, data: attributes });
   const permissionToReturn = permissionDomain.toPermission(updatedPermission);
   strapi.eventHub.emit("permission.update", { permissions: permissionToReturn });
   return permissionToReturn;
 };
 const findMany = async (params = {}) => {
-  const rawPermissions = await strapi.query("admin::permission").findMany(params);
+  const rawPermissions = await strapi.db.query("admin::permission").findMany(params);
   return permissionDomain.toPermission(rawPermissions);
 };
 const findUserPermissions = async (user2) => {
@@ -3180,10 +3189,10 @@ const filterPermissionsToRemove = async (permissions2) => {
 const cleanPermissionsInDatabase = async () => {
   const pageSize = 200;
   const contentTypeService = getService("content-type");
-  const total = await strapi.query("admin::permission").count();
+  const total = await strapi.db.query("admin::permission").count();
   const pageCount = Math.ceil(total / pageSize);
   for (let page = 0; page < pageCount; page += 1) {
-    const results = await strapi.query("admin::permission").findMany({ limit: pageSize, offset: page * pageSize });
+    const results = await strapi.db.query("admin::permission").findMany({ limit: pageSize, offset: page * pageSize });
     const permissions2 = permissionDomain.toPermission(results);
     const permissionsToRemove = await filterPermissionsToRemove(permissions2);
     const permissionsIdToRemove = map(prop("id"), permissionsToRemove);
@@ -3248,16 +3257,16 @@ const sendDidChangeInterfaceLanguage = async () => {
   const languagesInUse = await getService("user").getLanguagesInUse();
   strapi.telemetry.send("didChangeInterfaceLanguage", { userProperties: { languagesInUse } });
 };
-const sendUpdateProjectInformation = async () => {
+const sendUpdateProjectInformation = async (strapi2) => {
   const numberOfActiveAdminUsers = await getService("user").count({ isActive: true });
   const numberOfAdminUsers = await getService("user").count();
-  strapi.telemetry.send("didUpdateProjectInformation", {
+  strapi2.telemetry.send("didUpdateProjectInformation", {
     groupProperties: { numberOfActiveAdminUsers, numberOfAdminUsers }
   });
 };
 const startCron = (strapi2) => {
   strapi2.cron.add({
-    "0 0 0 * * *": () => sendUpdateProjectInformation()
+    "0 0 0 * * *": () => sendUpdateProjectInformation(strapi2)
   });
 };
 const metrics = /* @__PURE__ */ Object.freeze(/* @__PURE__ */ Object.defineProperty({
@@ -3462,7 +3471,7 @@ const isValidLifespan$1 = (lifespan) => {
 const assertValidLifespan$1 = (lifespan) => {
   if (!isValidLifespan$1(lifespan)) {
     throw new ValidationError$2(
-      `lifespan must be one of the following values:
+      `lifespan must be one of the following values:
       ${Object.values(constants$3.API_TOKEN_LIFESPANS).join(", ")}`
     );
   }
@@ -3480,7 +3489,7 @@ const getBy$1 = async (whereParams = {}) => {
   if (Object.keys(whereParams).length === 0) {
     return null;
   }
-  const token2 = await strapi.query("admin::api-token").findOne({ select: SELECT_FIELDS$1, populate: POPULATE_FIELDS$1, where: whereParams });
+  const token2 = await strapi.db.query("admin::api-token").findOne({ select: SELECT_FIELDS$1, populate: POPULATE_FIELDS$1, where: whereParams });
   if (!token2) {
     return token2;
   }
@@ -3507,7 +3516,7 @@ const create$1 = async (attributes) => {
   const accessKey = crypto.randomBytes(128).toString("hex");
   assertCustomTokenPermissionsValidity(attributes.type, attributes.permissions);
   assertValidLifespan$1(attributes.lifespan);
-  const apiToken2 = await strapi.query("admin::api-token").create({
+  const apiToken2 = await strapi.db.query("admin::api-token").create({
     select: SELECT_FIELDS$1,
     populate: POPULATE_FIELDS$1,
     data: {
@@ -3520,16 +3529,12 @@ const create$1 = async (attributes) => {
   if (attributes.type === constants$3.API_TOKEN_TYPE.CUSTOM) {
     await Promise.all(
       uniq(attributes.permissions).map(
-        (action2) => strapi.query("admin::api-token-permission").create({
+        (action2) => strapi.db.query("admin::api-token-permission").create({
           data: { action: action2, token: apiToken2 }
         })
       )
     );
-    const currentPermissions = await strapi.entityService.load(
-      "admin::api-token",
-      apiToken2,
-      "permissions"
-    );
+    const currentPermissions = await strapi.db.query("admin::api-token").load(apiToken2, "permissions");
     if (currentPermissions) {
       Object.assign(result, { permissions: map("action", currentPermissions) });
     }
@@ -3538,7 +3543,7 @@ const create$1 = async (attributes) => {
 };
 const regenerate$1 = async (id) => {
   const accessKey = crypto.randomBytes(128).toString("hex");
-  const apiToken2 = await strapi.query("admin::api-token").update({
+  const apiToken2 = await strapi.db.query("admin::api-token").update({
     select: ["id", "accessKey"],
     where: { id },
     data: {
@@ -3568,7 +3573,7 @@ For security reasons, prefer storing the secret in an environment variable and r
   }
 };
 const list$1 = async () => {
-  const tokens = await strapi.query("admin::api-token").findMany({
+  const tokens = await strapi.db.query("admin::api-token").findMany({
     select: SELECT_FIELDS$1,
     populate: POPULATE_FIELDS$1,
     orderBy: { name: "ASC" }
@@ -3579,7 +3584,7 @@ const list$1 = async () => {
   return tokens.map((token2) => flattenTokenPermissions$1(token2));
 };
 const revoke$1 = async (id) => {
-  return strapi.query("admin::api-token").delete({ select: SELECT_FIELDS$1, populate: POPULATE_FIELDS$1, where: { id } });
+  return strapi.db.query("admin::api-token").delete({ select: SELECT_FIELDS$1, populate: POPULATE_FIELDS$1, where: { id } });
 };
 const getById$1 = async (id) => {
   return getBy$1({ id });
@@ -3588,7 +3593,7 @@ const getByName$1 = async (name2) => {
   return getBy$1({ name: name2 });
 };
 const update$1 = async (id, attributes) => {
-  const originalToken = await strapi.query("admin::api-token").findOne({ where: { id } });
+  const originalToken = await strapi.db.query("admin::api-token").findOne({ where: { id } });
   if (!originalToken) {
     throw new NotFoundError$1("Token not found");
   }
@@ -3600,45 +3605,37 @@ const update$1 = async (id, attributes) => {
     );
   }
   assertValidLifespan$1(attributes.lifespan);
-  const updatedToken = await strapi.query("admin::api-token").update({
+  const updatedToken = await strapi.db.query("admin::api-token").update({
     select: SELECT_FIELDS$1,
     where: { id },
     data: omit("permissions", attributes)
   });
   if (updatedToken.type === constants$3.API_TOKEN_TYPE.CUSTOM && attributes.permissions) {
-    const currentPermissionsResult = await strapi.entityService.load(
-      "admin::api-token",
-      updatedToken,
-      "permissions"
-    );
+    const currentPermissionsResult = await strapi.db.query("admin::api-token").load(updatedToken, "permissions");
     const currentPermissions = map("action", currentPermissionsResult || []);
     const newPermissions = uniq(attributes.permissions);
     const actionsToDelete = difference(currentPermissions, newPermissions);
     const actionsToAdd = difference(newPermissions, currentPermissions);
     await Promise.all(
       actionsToDelete.map(
-        (action2) => strapi.query("admin::api-token-permission").delete({
+        (action2) => strapi.db.query("admin::api-token-permission").delete({
           where: { action: action2, token: id }
         })
       )
     );
     await Promise.all(
       actionsToAdd.map(
-        (action2) => strapi.query("admin::api-token-permission").create({
+        (action2) => strapi.db.query("admin::api-token-permission").create({
           data: { action: action2, token: id }
         })
       )
     );
   } else if (updatedToken.type !== constants$3.API_TOKEN_TYPE.CUSTOM) {
-    await strapi.query("admin::api-token-permission").delete({
+    await strapi.db.query("admin::api-token-permission").delete({
       where: { token: id }
     });
   }
-  const permissionsFromDb = await strapi.entityService.load(
-    "admin::api-token",
-    updatedToken,
-    "permissions"
-  );
+  const permissionsFromDb = await strapi.db.query("admin::api-token").load(updatedToken, "permissions");
   return {
     ...updatedToken,
     permissions: permissionsFromDb ? permissionsFromDb.map((p) => p.action) : void 0
@@ -3687,7 +3684,7 @@ const SELECT_FIELDS = [
 ];
 const POPULATE_FIELDS = ["permissions"];
 const list = async () => {
-  const tokens = await strapi.query(TRANSFER_TOKEN_UID).findMany({
+  const tokens = await strapi.db.query(TRANSFER_TOKEN_UID).findMany({
     select: SELECT_FIELDS,
     populate: POPULATE_FIELDS,
     orderBy: { name: "ASC" }
@@ -3711,7 +3708,7 @@ const create = async (attributes) => {
   assertTokenPermissionsValidity(attributes);
   assertValidLifespan(attributes.lifespan);
   const result = await strapi.db.transaction(async () => {
-    const transferToken2 = await strapi.query(TRANSFER_TOKEN_UID).create({
+    const transferToken2 = await strapi.db.query(TRANSFER_TOKEN_UID).create({
       select: SELECT_FIELDS,
       populate: POPULATE_FIELDS,
       data: {
@@ -3722,14 +3719,10 @@ const create = async (attributes) => {
     });
     await Promise.all(
       uniq(attributes.permissions).map(
-        (action2) => strapi.query(TRANSFER_TOKEN_PERMISSION_UID).create({ data: { action: action2, token: transferToken2 } })
+        (action2) => strapi.db.query(TRANSFER_TOKEN_PERMISSION_UID).create({ data: { action: action2, token: transferToken2 } })
       )
     );
-    const currentPermissions = await strapi.entityService.load(
-      TRANSFER_TOKEN_UID,
-      transferToken2,
-      "permissions"
-    );
+    const currentPermissions = await strapi.db.query(TRANSFER_TOKEN_UID).load(transferToken2, "permissions");
     if (currentPermissions) {
       Object.assign(transferToken2, { permissions: map("action", currentPermissions) });
     }
@@ -3738,14 +3731,14 @@ const create = async (attributes) => {
   return { ...result, accessKey };
 };
 const update = async (id, attributes) => {
-  const originalToken = await strapi.query(TRANSFER_TOKEN_UID).findOne({ where: { id } });
+  const originalToken = await strapi.db.query(TRANSFER_TOKEN_UID).findOne({ where: { id } });
   if (!originalToken) {
     throw new NotFoundError("Token not found");
   }
   assertTokenPermissionsValidity(attributes);
   assertValidLifespan(attributes.lifespan);
   return strapi.db.transaction(async () => {
-    const updatedToken = await strapi.query(TRANSFER_TOKEN_UID).update({
+    const updatedToken = await strapi.db.query(TRANSFER_TOKEN_UID).update({
       select: SELECT_FIELDS,
       where: { id },
       data: {
@@ -3753,35 +3746,27 @@ const update = async (id, attributes) => {
       }
     });
     if (attributes.permissions) {
-      const currentPermissionsResult = await strapi.entityService.load(
-        TRANSFER_TOKEN_UID,
-        updatedToken,
-        "permissions"
-      );
+      const currentPermissionsResult = await strapi.db.query(TRANSFER_TOKEN_UID).load(updatedToken, "permissions");
       const currentPermissions = map("action", currentPermissionsResult || []);
       const newPermissions = uniq(attributes.permissions);
       const actionsToDelete = difference(currentPermissions, newPermissions);
       const actionsToAdd = difference(newPermissions, currentPermissions);
       await Promise.all(
         actionsToDelete.map(
-          (action2) => strapi.query(TRANSFER_TOKEN_PERMISSION_UID).delete({
+          (action2) => strapi.db.query(TRANSFER_TOKEN_PERMISSION_UID).delete({
             where: { action: action2, token: id }
           })
         )
       );
       await Promise.all(
         actionsToAdd.map(
-          (action2) => strapi.query(TRANSFER_TOKEN_PERMISSION_UID).create({
+          (action2) => strapi.db.query(TRANSFER_TOKEN_PERMISSION_UID).create({
             data: { action: action2, token: id }
           })
         )
       );
     }
-    const permissionsFromDb = await strapi.entityService.load(
-      TRANSFER_TOKEN_UID,
-      updatedToken,
-      "permissions"
-    );
+    const permissionsFromDb = await strapi.db.query(TRANSFER_TOKEN_UID).load(updatedToken, "permissions");
     return {
       ...updatedToken,
       permissions: permissionsFromDb ? permissionsFromDb.map((p) => p.action) : void 0
@@ -3790,14 +3775,14 @@ const update = async (id, attributes) => {
 };
 const revoke = async (id) => {
   return strapi.db.transaction(
-    async () => strapi.query(TRANSFER_TOKEN_UID).delete({ select: SELECT_FIELDS, populate: POPULATE_FIELDS, where: { id } })
+    async () => strapi.db.query(TRANSFER_TOKEN_UID).delete({ select: SELECT_FIELDS, populate: POPULATE_FIELDS, where: { id } })
   );
 };
 const getBy = async (whereParams = {}) => {
   if (Object.keys(whereParams).length === 0) {
     return null;
   }
-  const token2 = await strapi.query(TRANSFER_TOKEN_UID).findOne({ select: SELECT_FIELDS, populate: POPULATE_FIELDS, where: whereParams });
+  const token2 = await strapi.db.query(TRANSFER_TOKEN_UID).findOne({ select: SELECT_FIELDS, populate: POPULATE_FIELDS, where: whereParams });
   if (!token2) {
     return token2;
   }
@@ -3816,7 +3801,7 @@ const exists = async (whereParams = {}) => {
 const regenerate = async (id) => {
   const accessKey = crypto.randomBytes(128).toString("hex");
   const transferToken2 = await strapi.db.transaction(
-    async () => strapi.query(TRANSFER_TOKEN_UID).update({
+    async () => strapi.db.query(TRANSFER_TOKEN_UID).update({
       select: ["id", "accessKey"],
       where: { id },
       data: {
@@ -3850,8 +3835,8 @@ const hash = (accessKey) => {
   return crypto.createHmac("sha512", strapi.config.get("admin.transfer.token.salt")).update(accessKey).digest("hex");
 };
 const checkSaltIsDefined = () => {
-  const { hasValidTokenSalt: hasValidTokenSalt2, isDisabledFromEnv: isDisabledFromEnv2 } = getService("transfer").utils;
-  if (isDisabledFromEnv2()) {
+  const { hasValidTokenSalt: hasValidTokenSalt2 } = getService("transfer").utils;
+  if (!strapi.config.get("server.transfer.remote.enabled")) {
     return;
   }
   if (!hasValidTokenSalt2()) {
@@ -3891,7 +3876,7 @@ const isValidLifespan = (lifespan) => {
 const assertValidLifespan = (lifespan) => {
   if (!isValidLifespan(lifespan)) {
     throw new ValidationError$1(
-      `lifespan must be one of the following values:
+      `lifespan must be one of the following values:
       ${Object.values(constants$3.TRANSFER_TOKEN_LIFESPANS).join(", ")}`
     );
   }
@@ -3911,22 +3896,23 @@ const token$2 = /* @__PURE__ */ Object.freeze(/* @__PURE__ */ Object.definePrope
   revoke,
   update
 }, Symbol.toStringTag, { value: "Module" }));
-const isDisabledFromEnv = () => {
-  return env.bool("STRAPI_DISABLE_REMOTE_DATA_TRANSFER", false);
-};
 const hasValidTokenSalt = () => {
   const salt = strapi.config.get("admin.transfer.token.salt", null);
   return typeof salt === "string" && salt.length > 0;
 };
-const isDataTransferEnabled = () => {
+const isRemoteTransferEnabled = () => {
   const { utils: utils2 } = getService("transfer");
-  return !utils2.isDisabledFromEnv() && utils2.hasValidTokenSalt();
+  if (env.bool("STRAPI_DISABLE_REMOTE_DATA_TRANSFER") !== void 0) {
+    strapi.log.warn(
+      "STRAPI_DISABLE_REMOTE_DATA_TRANSFER is no longer supported. Instead, set transfer.remote.enabled to false in your server configuration"
+    );
+  }
+  return utils2.hasValidTokenSalt() && strapi.config.get("server.transfer.remote.enabled");
 };
 const utils = /* @__PURE__ */ Object.freeze(/* @__PURE__ */ Object.defineProperty({
   __proto__: null,
   hasValidTokenSalt,
-  isDataTransferEnabled,
-  isDisabledFromEnv
+  isRemoteTransferEnabled
 }, Symbol.toStringTag, { value: "Module" }));
 const transfer$1 = /* @__PURE__ */ Object.freeze(/* @__PURE__ */ Object.defineProperty({
   __proto__: null,
@@ -3958,7 +3944,7 @@ const parseFilesData = async (files) => {
         tmpPath: file.path,
         // TODO
         // @ts-expect-error define the correct return type
-        provider: strapi.config.get("plugin.upload").provider
+        provider: strapi.config.get("plugin::upload").provider
       });
     })
   );
@@ -4007,7 +3993,7 @@ const deleteOldFiles = async ({ previousSettings, newSettings }) => {
       if (newSettings[inputName] && previousSettings[inputName].hash === newSettings[inputName].hash) {
         return;
       }
-      if (strapi.config.get("plugin.upload").provider !== previousSettings[inputName].provider) {
+      if (strapi.config.get("plugin::upload").provider !== previousSettings[inputName].provider) {
         return;
       }
       strapi.plugin("upload").provider.delete(previousSettings[inputName]);
@@ -4299,7 +4285,7 @@ const apiToken$1 = {
     }
     if (has("name", attributes)) {
       const nameAlreadyTaken = await apiTokenService.getByName(attributes.name);
-      if (!!nameAlreadyTaken && !stringEquals(nameAlreadyTaken.id, id)) {
+      if (!!nameAlreadyTaken && !strings.isEqual(nameAlreadyTaken.id, id)) {
         throw new ApplicationError$4("Name already taken");
       }
     }
@@ -4830,7 +4816,7 @@ const token = {
     }
     if (has("name", attributes)) {
       const nameAlreadyTaken = await tokenService.getByName(attributes.name);
-      if (!!nameAlreadyTaken && !stringEquals(nameAlreadyTaken.id, id)) {
+      if (!!nameAlreadyTaken && !strings.isEqual(nameAlreadyTaken.id, id)) {
         throw new ApplicationError$1("Name already taken");
       }
     }
@@ -5510,7 +5496,8 @@ const rateLimit = (config, { strapi: strapi2 }) => async (ctx, next) => {
   }
   if (rateLimitConfig.enabled === true) {
     const rateLimit2 = require("koa2-ratelimit").RateLimit;
-    const userEmail = toLower(ctx.request.body.email) || "unknownEmail";
+    const requestEmail = get("request.body.email")(ctx);
+    const userEmail = isString(requestEmail) ? requestEmail.toLowerCase() : "unknownEmail";
     const requestPath = isString(ctx.request.path) ? toLower(path.normalize(ctx.request.path)).replace(/\/$/, "") : "invalidPath";
     const loadConfig = {
       interval: { min: 5 },
@@ -5528,22 +5515,21 @@ const rateLimit = (config, { strapi: strapi2 }) => async (ctx, next) => {
 };
 const dataTransfer = () => async (ctx, next) => {
   const transferUtils = getService("transfer").utils;
-  const { hasValidTokenSalt: hasValidTokenSalt2, isDataTransferEnabled: isDataTransferEnabled2, isDisabledFromEnv: isDisabledFromEnv2 } = transferUtils;
-  if (isDataTransferEnabled2()) {
+  const { hasValidTokenSalt: hasValidTokenSalt2, isRemoteTransferEnabled: isRemoteTransferEnabled2 } = transferUtils;
+  if (isRemoteTransferEnabled2()) {
     return next();
   }
+  if (strapi.config.get("server.transfer.remote.enabled") === false) {
+    return ctx.notFound();
+  }
   if (!hasValidTokenSalt2()) {
     return ctx.notImplemented(
       "The server configuration for data transfer is invalid. Please contact your server administrator.",
-      // @ts-expect-error have to pass multiple arguments to surface the error details
       {
         code: "INVALID_TOKEN_SALT"
       }
     );
   }
-  if (isDisabledFromEnv2()) {
-    return ctx.notFound();
-  }
   throw new Error("Unexpected error while trying to access a data transfer route");
 };
 const index = {