@strapi/admin 4.5.0-alpha.0 → 4.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/admin/src/StrapiApp.js +21 -18
- package/admin/src/assets/images/hot-air-balloon.png +0 -0
- package/admin/src/assets/images/icon_offline-cloud.svg +3 -3
- package/admin/src/assets/images/logo-strapi-2022.svg +7 -0
- package/admin/src/assets/images/upgrade-details.png +0 -0
- package/admin/src/components/Providers/index.js +14 -10
- package/admin/src/content-manager/components/CollectionTypeFormWrapper/index.js +24 -0
- package/admin/src/content-manager/components/DynamicTable/CellContent/CellValue.js +1 -1
- package/admin/src/content-manager/components/DynamicTable/CellContent/RelationMultiple/index.js +5 -4
- package/admin/src/content-manager/components/DynamicTable/CellContent/index.js +10 -0
- package/admin/src/content-manager/components/DynamicTable/TableRows/index.js +20 -15
- package/admin/src/content-manager/components/DynamicTable/index.js +21 -4
- package/admin/src/content-manager/components/DynamicZone/components/Component/index.js +19 -9
- package/admin/src/content-manager/components/DynamicZone/index.js +6 -2
- package/admin/src/content-manager/components/EditViewDataManagerProvider/index.js +153 -63
- package/admin/src/content-manager/components/EditViewDataManagerProvider/reducer.js +180 -132
- package/admin/src/content-manager/components/EditViewDataManagerProvider/utils/cleanData.js +70 -16
- package/admin/src/content-manager/components/EditViewDataManagerProvider/utils/findLeafByPathAndReplace.js +52 -0
- package/admin/src/content-manager/components/EditViewDataManagerProvider/utils/index.js +2 -0
- package/admin/src/content-manager/components/EditViewDataManagerProvider/utils/recursivelyFindPathsBasedOnCondition.js +72 -0
- package/admin/src/content-manager/components/FieldComponent/index.js +9 -2
- package/admin/src/content-manager/components/FieldTypeIcon/index.js +31 -1
- package/admin/src/content-manager/components/Inputs/index.js +36 -14
- package/admin/src/content-manager/components/NonRepeatableComponent/index.js +2 -0
- package/admin/src/content-manager/components/PreviewWysiwyg/index.js +1 -1
- package/admin/src/content-manager/components/RelationInput/RelationInput.js +163 -96
- package/admin/src/content-manager/components/RelationInput/components/RelationItem.js +2 -2
- package/admin/src/content-manager/components/RelationInput/constants.js +1 -1
- package/admin/src/content-manager/components/RelationInputDataManager/RelationInputDataManager.js +116 -73
- package/admin/src/content-manager/components/RelationInputDataManager/utils/diffRelations.js +24 -0
- package/admin/src/content-manager/components/RelationInputDataManager/utils/index.js +3 -1
- package/admin/src/content-manager/components/RelationInputDataManager/utils/normalizeRelations.js +17 -31
- package/admin/src/content-manager/components/RelationInputDataManager/utils/normalizeSearchResults.js +16 -0
- package/admin/src/content-manager/components/RelationInputDataManager/utils/select.js +35 -11
- package/admin/src/content-manager/components/RepeatableComponent/DraggedItem/index.js +5 -0
- package/admin/src/content-manager/components/RepeatableComponent/index.js +4 -3
- package/admin/src/content-manager/components/SingleTypeFormWrapper/index.js +23 -0
- package/admin/src/content-manager/hooks/__test__/usePrev.test.js +26 -0
- package/admin/src/content-manager/hooks/index.js +1 -0
- package/admin/src/content-manager/hooks/useFetchContentTypeLayout/utils/formatLayouts.js +19 -48
- package/admin/src/content-manager/hooks/usePrev.js +14 -0
- package/admin/src/content-manager/hooks/useRelation/useRelation.js +116 -15
- package/admin/src/content-manager/pages/App/reducer.js +3 -0
- package/admin/src/content-manager/pages/EditSettingsView/components/FormModal.js +7 -2
- package/admin/src/content-manager/pages/EditSettingsView/index.js +2 -1
- package/admin/src/content-manager/pages/EditView/Header/index.js +118 -50
- package/admin/src/content-manager/pages/EditView/Header/utils/select.js +4 -0
- package/admin/src/content-manager/pages/EditView/index.js +102 -93
- package/admin/src/content-manager/pages/ListSettingsView/components/DraggableCard.js +3 -3
- package/admin/src/content-manager/pages/ListSettingsView/components/Settings.js +2 -2
- package/admin/src/content-manager/pages/ListSettingsView/components/SortDisplayedFields.js +1 -1
- package/admin/src/content-manager/pages/ListView/index.js +24 -15
- package/admin/src/content-manager/pages/ListView/utils/buildQueryString.js +14 -2
- package/admin/src/contexts/ApiTokenPermissions/index.js +24 -0
- package/admin/src/core/apis/CustomFields.js +79 -0
- package/admin/src/core/apis/index.js +1 -0
- package/admin/src/core/store/configureStore.js +17 -2
- package/admin/src/favicon.png +0 -0
- package/admin/src/hooks/index.js +1 -0
- package/admin/src/hooks/useFetchMarketplacePlugins/index.js +2 -2
- package/admin/src/hooks/useFetchMarketplacePlugins/utils/api.js +4 -2
- package/admin/src/hooks/useFetchMarketplaceProviders/index.js +3 -3
- package/admin/src/hooks/useFetchMarketplaceProviders/utils/api.js +5 -3
- package/admin/src/hooks/useRegenerate/index.js +34 -0
- package/admin/src/index.js +1 -0
- package/admin/src/pages/App/index.js +1 -1
- package/admin/src/pages/HomePage/SocialLinks.js +1 -1
- package/admin/src/pages/HomePage/assets/corner-ornament.svg +48 -0
- package/admin/src/pages/HomePage/index.js +3 -2
- package/admin/src/pages/MarketplacePage/components/NpmPackageCard/CardButton.js +110 -0
- package/admin/src/pages/MarketplacePage/components/NpmPackageCard/InstallPluginButton.js +32 -21
- package/admin/src/pages/MarketplacePage/components/NpmPackageCard/PackageStats.js +79 -0
- package/admin/src/pages/MarketplacePage/components/NpmPackageCard/index.js +28 -11
- package/admin/src/pages/MarketplacePage/components/NpmPackagesFilters/FilterSelect.js +41 -0
- package/admin/src/pages/MarketplacePage/components/NpmPackagesFilters/FiltersPopover.js +96 -0
- package/admin/src/pages/MarketplacePage/components/NpmPackagesFilters/index.js +106 -0
- package/admin/src/pages/MarketplacePage/components/NpmPackagesGrid/index.js +4 -0
- package/admin/src/pages/MarketplacePage/components/SortSelect/index.js +70 -0
- package/admin/src/pages/MarketplacePage/index.js +68 -8
- package/admin/src/pages/SettingsPage/pages/ApiTokens/EditView/components/ActionBoundRoutes/index.js +56 -0
- package/admin/src/pages/SettingsPage/pages/ApiTokens/EditView/components/BoundRoute/getMethodColor.js +41 -0
- package/admin/src/pages/SettingsPage/pages/ApiTokens/EditView/components/BoundRoute/index.js +72 -0
- package/admin/src/pages/SettingsPage/pages/ApiTokens/EditView/components/CollapsableContentType/CheckBoxWrapper.js +30 -0
- package/admin/src/pages/SettingsPage/pages/ApiTokens/EditView/components/CollapsableContentType/index.js +150 -0
- package/admin/src/pages/SettingsPage/pages/ApiTokens/EditView/components/ContenTypesSection/index.js +37 -0
- package/admin/src/pages/SettingsPage/pages/ApiTokens/EditView/components/FormApiTokenContainer/index.js +255 -0
- package/admin/src/pages/SettingsPage/pages/ApiTokens/EditView/components/FormBody/index.js +78 -0
- package/admin/src/pages/SettingsPage/pages/ApiTokens/EditView/components/FormHead/index.js +89 -0
- package/admin/src/pages/SettingsPage/pages/ApiTokens/EditView/components/Permissions/index.js +40 -0
- package/admin/src/pages/SettingsPage/pages/ApiTokens/EditView/components/Regenerate/index.js +68 -0
- package/admin/src/pages/SettingsPage/pages/ApiTokens/EditView/index.js +216 -197
- package/admin/src/pages/SettingsPage/pages/ApiTokens/EditView/init.js +13 -0
- package/admin/src/pages/SettingsPage/pages/ApiTokens/EditView/reducer.js +72 -0
- package/admin/src/pages/SettingsPage/pages/ApiTokens/EditView/utils/getDateOfExpiration.js +16 -0
- package/admin/src/pages/SettingsPage/pages/ApiTokens/EditView/utils/index.js +5 -0
- package/admin/src/pages/SettingsPage/pages/ApiTokens/EditView/utils/schema.js +2 -1
- package/admin/src/pages/SettingsPage/pages/ApiTokens/EditView/utils/transformPermissionsData.js +36 -0
- package/admin/src/pages/SettingsPage/pages/ApiTokens/ListView/DynamicTable/DefaultButton/index.js +63 -0
- package/admin/src/pages/SettingsPage/pages/ApiTokens/ListView/DynamicTable/DeleteButton/index.js +1 -0
- package/admin/src/pages/SettingsPage/pages/ApiTokens/ListView/DynamicTable/ReadButton/index.js +19 -0
- package/admin/src/pages/SettingsPage/pages/ApiTokens/ListView/DynamicTable/UpdateButton/index.js +3 -36
- package/admin/src/pages/SettingsPage/pages/ApiTokens/ListView/DynamicTable/index.js +13 -11
- package/admin/src/pages/SettingsPage/pages/ApiTokens/ListView/index.js +3 -2
- package/admin/src/pages/SettingsPage/pages/ApiTokens/ListView/utils/tableHeaders.js +8 -8
- package/admin/src/pages/SettingsPage/pages/ApiTokens/ProtectedEditView/index.js +1 -1
- package/admin/src/pages/SettingsPage/pages/Roles/EditPage/components/ConditionsModal/ActionRow/index.js +7 -38
- package/admin/src/pages/SettingsPage/pages/Roles/EditPage/components/ConditionsModal/ActionRow/utils/options.js +31 -0
- package/admin/src/pages/SettingsPage/pages/Roles/EditPage/components/ConditionsModal/index.js +32 -43
- package/admin/src/pages/SettingsPage/pages/Roles/EditPage/components/ContentTypeCollapse/Collapse/index.js +1 -1
- package/admin/src/pages/SettingsPage/pages/Roles/ListPage/components/RoleRow/index.js +3 -1
- package/admin/src/pages/SettingsPage/pages/Roles/ListPage/index.js +2 -1
- package/admin/src/pages/SettingsPage/pages/Users/ListPage/ModalForm/index.js +2 -2
- package/admin/src/pages/SettingsPage/pages/Webhooks/EditView/components/EventInput/index.js +2 -2
- package/admin/src/permissions/defaultPermissions.js +2 -6
- package/admin/src/translations/ca.json +4 -2
- package/admin/src/translations/de.json +5 -2
- package/admin/src/translations/dk.json +4 -1
- package/admin/src/translations/en.json +38 -3
- package/admin/src/translations/es.json +157 -158
- package/admin/src/translations/fr.json +4 -1
- package/admin/src/translations/gu.json +608 -606
- package/admin/src/translations/he.json +1 -1
- package/admin/src/translations/hi.json +689 -687
- package/admin/src/translations/hu.json +3 -1
- package/admin/src/translations/id.json +3 -1
- package/admin/src/translations/it.json +3 -1
- package/admin/src/translations/ja.json +3 -1
- package/admin/src/translations/ko.json +3 -1
- package/admin/src/translations/ml.json +689 -687
- package/admin/src/translations/nl.json +4 -1
- package/admin/src/translations/no.json +1 -1
- package/admin/src/translations/pl.json +3 -1
- package/admin/src/translations/pt-BR.json +4 -1
- package/admin/src/translations/ru.json +489 -491
- package/admin/src/translations/sa.json +86 -83
- package/admin/src/translations/sk.json +4 -1
- package/admin/src/translations/sv.json +4 -1
- package/admin/src/translations/th.json +1 -1
- package/admin/src/translations/zh-Hans.json +5 -2
- package/admin/src/translations/zh.json +4 -1
- package/build/1856.172d5fa0.chunk.js +174 -0
- package/build/2077.058590f4.chunk.js +206 -0
- package/build/2912.2c42c07b.chunk.js +259 -0
- package/build/4318.5e670740.chunk.js +30 -0
- package/build/4715.22747b59.chunk.js +387 -0
- package/build/{4800.d09f1225.chunk.js → 4800.a6935af6.chunk.js} +1 -1
- package/build/4982.1b75ddb1.chunk.js +325 -0
- package/build/617f9c948fa79e6d73bd.png +0 -0
- package/build/6d21938306785f176538.png +0 -0
- package/build/70674f63fc3904c20de0.svg +7 -0
- package/build/7379.d246dd38.chunk.js +1 -0
- package/build/7692.a36fb2c2.chunk.js +470 -0
- package/build/7841.c50e9509.chunk.js +259 -0
- package/build/7866.ba215f99.chunk.js +505 -0
- package/build/7e9af4fb7e723fcebf1f.svg +48 -0
- package/build/8380.e53e7207.chunk.js +299 -0
- package/build/8549.832ed79d.chunk.js +159 -0
- package/build/8738.0fe8a61e.chunk.js +463 -0
- package/build/{9066.08049eb1.chunk.js → 9066.eaf76ff3.chunk.js} +5 -5
- package/build/{9166.037339e0.chunk.js → 9166.90876521.chunk.js} +16 -15
- package/build/{9420.43a86e7c.chunk.js → 9420.5292d1d2.chunk.js} +38 -37
- package/build/9649.468667d9.chunk.js +199 -0
- package/build/9d5d788027e86620c234.svg +5 -0
- package/build/{Admin-authenticatedApp.e39f36c9.chunk.js → Admin-authenticatedApp.c4f68103.chunk.js} +3 -3
- package/build/{Admin_homePage.118926e0.chunk.js → Admin_homePage.26d32e30.chunk.js} +6 -5
- package/build/Admin_marketplace.32375885.chunk.js +22 -0
- package/build/{Admin_profilePage.9d50ac44.chunk.js → Admin_profilePage.da32abbc.chunk.js} +1 -1
- package/build/Admin_settingsPage.bf2234e1.chunk.js +178 -0
- package/build/admin-app.9049056c.chunk.js +112 -0
- package/build/admin-edit-roles-page.69d9fcb2.chunk.js +1 -0
- package/build/{admin-users.97a08630.chunk.js → admin-users.d71f198a.chunk.js} +3 -3
- package/build/api-tokens-create-page.93dd0689.chunk.js +1 -0
- package/build/api-tokens-edit-page.b0adac81.chunk.js +1 -0
- package/build/api-tokens-list-page.bb36535f.chunk.js +16 -0
- package/build/ca-json.07ae0f2c.chunk.js +1 -0
- package/build/content-manager.ff998bed.chunk.js +1204 -0
- package/build/content-type-builder-list-view.5b3cd768.chunk.js +194 -0
- package/build/content-type-builder-translation-en-json.f985c9c4.chunk.js +1 -0
- package/build/content-type-builder-translation-sv-json.6deff030.chunk.js +1 -0
- package/build/content-type-builder.16af63a6.chunk.js +145 -0
- package/build/de-json.6b3e1894.chunk.js +1 -0
- package/build/dk-json.144c6a8e.chunk.js +1 -0
- package/build/{email-settings-page.64037147.chunk.js → email-settings-page.c3469093.chunk.js} +6 -6
- package/build/en-json.4a269f6b.chunk.js +1 -0
- package/build/es-json.6d123a82.chunk.js +1 -0
- package/build/fr-json.28ab54cb.chunk.js +1 -0
- package/build/gu-json.9a50ea64.chunk.js +1 -0
- package/build/he-json.72f18790.chunk.js +1 -0
- package/build/hi-json.0301b7ba.chunk.js +1 -0
- package/build/hu-json.c4b641bb.chunk.js +1 -0
- package/build/{i18n-settings-page.0b73785d.chunk.js → i18n-settings-page.46d894ff.chunk.js} +5 -5
- package/build/id-json.86035797.chunk.js +1 -0
- package/build/index.html +1 -1
- package/build/it-json.bbdc8993.chunk.js +1 -0
- package/build/ja-json.1c9eeeec.chunk.js +1 -0
- package/build/ko-json.e1f66398.chunk.js +1 -0
- package/build/main.91328e7a.js +9381 -0
- package/build/ml-json.963c889f.chunk.js +1 -0
- package/build/nl-json.2b8cc3a0.chunk.js +1 -0
- package/build/no-json.a58c28bd.chunk.js +1 -0
- package/build/pl-json.249626b3.chunk.js +1 -0
- package/build/pt-BR-json.7852f808.chunk.js +1 -0
- package/build/ru-json.d7cfc2ff.chunk.js +1 -0
- package/build/runtime~main.c9c319c0.js +2 -0
- package/build/sa-json.44e95991.chunk.js +1 -0
- package/build/sk-json.7ba4b330.chunk.js +1 -0
- package/build/sso-settings-page.9ceb0140.chunk.js +1 -0
- package/build/sv-json.8e5a7911.chunk.js +1 -0
- package/build/th-json.a67309b1.chunk.js +1 -0
- package/build/{upload-settings.80ff0974.chunk.js → upload-settings.53b690f3.chunk.js} +5 -5
- package/build/{upload-translation-en-json.004a86c1.chunk.js → upload-translation-en-json.86da7b0a.chunk.js} +1 -1
- package/build/{users-advanced-settings-page.a02f4806.chunk.js → users-advanced-settings-page.3f4ee86e.chunk.js} +5 -5
- package/build/{webhook-edit-page.d2ea3351.chunk.js → webhook-edit-page.dc9442ce.chunk.js} +2 -2
- package/build/webhook-list-page.02191138.chunk.js +134 -0
- package/build/zh-Hans-json.21617c24.chunk.js +1 -0
- package/build/zh-json.608aaf24.chunk.js +1 -0
- package/ee/admin/pages/SettingsPage/pages/Roles/ListPage/index.js +3 -2
- package/ee/server/controllers/user.js +5 -3
- package/env.js +1 -0
- package/package.json +13 -11
- package/scripts/build.js +11 -0
- package/server/bootstrap.js +19 -1
- package/server/config/admin-actions.js +20 -0
- package/server/content-types/api-token-permission.js +36 -0
- package/server/content-types/api-token.js +25 -1
- package/server/content-types/index.js +1 -0
- package/server/controllers/admin.js +3 -0
- package/server/controllers/api-token.js +24 -1
- package/server/controllers/content-api.js +15 -0
- package/server/controllers/index.js +1 -0
- package/server/controllers/user.js +3 -2
- package/server/routes/api-tokens.js +11 -0
- package/server/routes/content-api.js +20 -0
- package/server/routes/index.js +2 -0
- package/server/services/api-token.js +309 -29
- package/server/services/constants.js +10 -0
- package/server/services/permission/engine.js +36 -226
- package/server/services/permission.js +4 -1
- package/server/strategies/admin.js +7 -1
- package/server/strategies/api-token.js +72 -11
- package/server/validation/api-tokens.js +12 -2
- package/utils/create-plugins-exclude-path.js +40 -0
- package/utils/get-custom-app-config-file.js +5 -0
- package/webpack.alias.js +0 -13
- package/webpack.config.js +4 -1
- package/admin/src/assets/images/banner_strapi-rocket.png +0 -0
- package/admin/src/assets/images/big-logo-home.png +0 -0
- package/admin/src/assets/images/homepage-logo.png +0 -0
- package/admin/src/assets/images/icon_made-by-strapi.svg +0 -5
- package/admin/src/assets/images/logo_strapi_auth.png +0 -0
- package/admin/src/assets/images/logo_strapi_auth_v4.png +0 -0
- package/admin/src/assets/images/logo_strapi_menu.png +0 -0
- package/admin/src/assets/images/oops.png +0 -0
- package/admin/src/content-manager/components/State/index.js +0 -37
- package/admin/src/favicon.ico +0 -0
- package/build/15026a3d58aeb2828134.png +0 -0
- package/build/1856.47226450.chunk.js +0 -173
- package/build/2077.c935ee42.chunk.js +0 -205
- package/build/2912.a015078a.chunk.js +0 -258
- package/build/4715.58cd558f.chunk.js +0 -387
- package/build/4982.05eda880.chunk.js +0 -324
- package/build/7098.40dcd7bf.chunk.js +0 -1
- package/build/7841.91f793dc.chunk.js +0 -258
- package/build/7866.1201afbd.chunk.js +0 -504
- package/build/8380.8789ff76.chunk.js +0 -284
- package/build/8549.133c4473.chunk.js +0 -158
- package/build/8851.e4ac62f2.chunk.js +0 -158
- package/build/90f49a385afb000fb1d4.svg +0 -5
- package/build/9311.7cc03f29.chunk.js +0 -508
- package/build/Admin_marketplace.82c0570b.chunk.js +0 -11
- package/build/Admin_settingsPage.98a711e5.chunk.js +0 -178
- package/build/a6b842e0b6d2b61135d1.svg +0 -5
- package/build/admin-app.4f7618a9.chunk.js +0 -112
- package/build/admin-edit-roles-page.554ba3fa.chunk.js +0 -1
- package/build/api-tokens-create-page.4c262d6e.chunk.js +0 -1
- package/build/api-tokens-edit-page.10a9d368.chunk.js +0 -1
- package/build/api-tokens-list-page.442c9f3c.chunk.js +0 -15
- package/build/b997a22a2e0b87ef1fa2.ico +0 -0
- package/build/bd81ba6c07827282255d.png +0 -0
- package/build/c3de6118ef47086ad05c.png +0 -0
- package/build/ca-json.a16899ae.chunk.js +0 -1
- package/build/content-manager.7d57c9d1.chunk.js +0 -1200
- package/build/content-type-builder-list-view.8cc534e0.chunk.js +0 -194
- package/build/content-type-builder-translation-en-json.201bfb78.chunk.js +0 -1
- package/build/content-type-builder.684df7a4.chunk.js +0 -142
- package/build/de-json.aa6026b3.chunk.js +0 -1
- package/build/dk-json.fac2bcfb.chunk.js +0 -1
- package/build/en-json.0c69c7d7.chunk.js +0 -1
- package/build/es-json.d672e181.chunk.js +0 -1
- package/build/fb376b132d18bf4522ca.png +0 -0
- package/build/fde9b1ad0670d29a2516.png +0 -0
- package/build/fr-json.71a16175.chunk.js +0 -1
- package/build/gu-json.ca345cd1.chunk.js +0 -1
- package/build/he-json.3b825d80.chunk.js +0 -1
- package/build/hi-json.50c7e6d4.chunk.js +0 -1
- package/build/hu-json.e0521dcc.chunk.js +0 -1
- package/build/id-json.4b1ff8d6.chunk.js +0 -1
- package/build/it-json.86bac220.chunk.js +0 -1
- package/build/ja-json.4e44e36b.chunk.js +0 -1
- package/build/ko-json.1003756e.chunk.js +0 -1
- package/build/main.b47db1a3.js +0 -9337
- package/build/ml-json.c7774425.chunk.js +0 -1
- package/build/nl-json.f58ea235.chunk.js +0 -1
- package/build/no-json.40386397.chunk.js +0 -1
- package/build/pl-json.fed96aba.chunk.js +0 -1
- package/build/pt-BR-json.073799ab.chunk.js +0 -1
- package/build/ru-json.7ad2cbbf.chunk.js +0 -1
- package/build/runtime~main.feeac6d3.js +0 -2
- package/build/sa-json.f0f704f0.chunk.js +0 -1
- package/build/sk-json.a848961b.chunk.js +0 -1
- package/build/sso-settings-page.445184e0.chunk.js +0 -1
- package/build/sv-json.b038acbe.chunk.js +0 -1
- package/build/th-json.72e8de3d.chunk.js +0 -1
- package/build/webhook-list-page.2775a683.chunk.js +0 -134
- package/build/zh-Hans-json.03d2bda1.chunk.js +0 -1
- package/build/zh-json.3d0cc664.chunk.js +0 -1
- package/server/services/permission/engine-hooks.js +0 -82
|
@@ -1,9 +1,13 @@
|
|
|
1
1
|
'use strict';
|
|
2
2
|
|
|
3
3
|
const crypto = require('crypto');
|
|
4
|
+
const { isNil } = require('lodash/fp');
|
|
5
|
+
const { omit, difference, isEmpty, map, isArray, uniq } = require('lodash/fp');
|
|
6
|
+
const { ValidationError, NotFoundError } = require('@strapi/utils').errors;
|
|
7
|
+
const constants = require('./constants');
|
|
4
8
|
|
|
5
9
|
/**
|
|
6
|
-
* @typedef {'read-only'|'full-access'} TokenType
|
|
10
|
+
* @typedef {'read-only'|'full-access'|'custom'} TokenType
|
|
7
11
|
*/
|
|
8
12
|
|
|
9
13
|
/**
|
|
@@ -11,20 +15,135 @@ const crypto = require('crypto');
|
|
|
11
15
|
*
|
|
12
16
|
* @property {number|string} id
|
|
13
17
|
* @property {string} name
|
|
14
|
-
* @property {string}
|
|
18
|
+
* @property {string} description
|
|
15
19
|
* @property {string} accessKey
|
|
20
|
+
* @property {number} lastUsedAt
|
|
21
|
+
* @property {number} lifespan
|
|
22
|
+
* @property {number} expiresAt
|
|
16
23
|
* @property {TokenType} type
|
|
24
|
+
* @property {(number|ApiTokenPermission)[]} permissions
|
|
17
25
|
*/
|
|
18
26
|
|
|
27
|
+
/**
|
|
28
|
+
* @typedef ApiTokenPermission
|
|
29
|
+
*
|
|
30
|
+
* @property {number|string} id
|
|
31
|
+
* @property {string} action
|
|
32
|
+
* @property {ApiToken|number} token
|
|
33
|
+
*/
|
|
34
|
+
|
|
35
|
+
/** @constant {Array<string>} */
|
|
36
|
+
const SELECT_FIELDS = [
|
|
37
|
+
'id',
|
|
38
|
+
'name',
|
|
39
|
+
'description',
|
|
40
|
+
'lastUsedAt',
|
|
41
|
+
'type',
|
|
42
|
+
'lifespan',
|
|
43
|
+
'expiresAt',
|
|
44
|
+
'createdAt',
|
|
45
|
+
'updatedAt',
|
|
46
|
+
];
|
|
47
|
+
|
|
19
48
|
/** @constant {Array<string>} */
|
|
20
|
-
const
|
|
49
|
+
const POPULATE_FIELDS = ['permissions'];
|
|
50
|
+
|
|
51
|
+
// TODO: we need to ensure the permissions are actually valid registered permissions!
|
|
52
|
+
|
|
53
|
+
/**
|
|
54
|
+
* Assert that a token's permissions attribute is valid for its type
|
|
55
|
+
*
|
|
56
|
+
* @param {ApiToken} token
|
|
57
|
+
*/
|
|
58
|
+
const assertCustomTokenPermissionsValidity = (attributes) => {
|
|
59
|
+
// Ensure non-custom tokens doesn't have permissions
|
|
60
|
+
if (attributes.type !== constants.API_TOKEN_TYPE.CUSTOM && !isEmpty(attributes.permissions)) {
|
|
61
|
+
throw new ValidationError('Non-custom tokens should not reference permissions');
|
|
62
|
+
}
|
|
63
|
+
|
|
64
|
+
// Custom type tokens should always have permissions attached to them
|
|
65
|
+
if (attributes.type === constants.API_TOKEN_TYPE.CUSTOM && !isArray(attributes.permissions)) {
|
|
66
|
+
throw new ValidationError('Missing permissions attribute for custom token');
|
|
67
|
+
}
|
|
68
|
+
|
|
69
|
+
// Permissions provided for a custom type token should be valid/registered permissions UID
|
|
70
|
+
if (attributes.type === constants.API_TOKEN_TYPE.CUSTOM) {
|
|
71
|
+
const validPermissions = strapi.contentAPI.permissions.providers.action.keys();
|
|
72
|
+
const invalidPermissions = difference(attributes.permissions, validPermissions);
|
|
73
|
+
|
|
74
|
+
if (!isEmpty(invalidPermissions)) {
|
|
75
|
+
throw new ValidationError(`Unknown permissions provided: ${invalidPermissions.join(', ')}`);
|
|
76
|
+
}
|
|
77
|
+
}
|
|
78
|
+
};
|
|
79
|
+
|
|
80
|
+
/**
|
|
81
|
+
* Assert that a token's permissions attribute is valid for its type
|
|
82
|
+
*
|
|
83
|
+
* @param {ApiToken} token
|
|
84
|
+
*/
|
|
85
|
+
const assertValidLifespan = ({ lifespan }) => {
|
|
86
|
+
if (isNil(lifespan)) {
|
|
87
|
+
return;
|
|
88
|
+
}
|
|
89
|
+
|
|
90
|
+
if (!Object.values(constants.API_TOKEN_LIFESPANS).includes(lifespan)) {
|
|
91
|
+
throw new ValidationError(
|
|
92
|
+
`lifespan must be one of the following values:
|
|
93
|
+
${Object.values(constants.API_TOKEN_LIFESPANS).join(', ')}`
|
|
94
|
+
);
|
|
95
|
+
}
|
|
96
|
+
};
|
|
97
|
+
|
|
98
|
+
/**
|
|
99
|
+
* Flatten a token's database permissions objects to an array of strings
|
|
100
|
+
*
|
|
101
|
+
* @param {ApiToken} token
|
|
102
|
+
*
|
|
103
|
+
* @returns {ApiToken}
|
|
104
|
+
*/
|
|
105
|
+
const flattenTokenPermissions = (token) => {
|
|
106
|
+
if (!token) return token;
|
|
107
|
+
return {
|
|
108
|
+
...token,
|
|
109
|
+
permissions: isArray(token.permissions) ? map('action', token.permissions) : token.permissions,
|
|
110
|
+
};
|
|
111
|
+
};
|
|
21
112
|
|
|
22
113
|
/**
|
|
114
|
+
* Get a token
|
|
115
|
+
*
|
|
23
116
|
* @param {Object} whereParams
|
|
24
|
-
* @param {string|number}
|
|
25
|
-
* @param {string}
|
|
26
|
-
* @param {
|
|
27
|
-
* @param {string}
|
|
117
|
+
* @param {string|number} whereParams.id
|
|
118
|
+
* @param {string} whereParams.name
|
|
119
|
+
* @param {number} whereParams.lastUsedAt
|
|
120
|
+
* @param {string} whereParams.description
|
|
121
|
+
* @param {string} whereParams.accessKey
|
|
122
|
+
*
|
|
123
|
+
* @returns {Promise<Omit<ApiToken, 'accessKey'> | null>}
|
|
124
|
+
*/
|
|
125
|
+
const getBy = async (whereParams = {}) => {
|
|
126
|
+
if (Object.keys(whereParams).length === 0) {
|
|
127
|
+
return null;
|
|
128
|
+
}
|
|
129
|
+
|
|
130
|
+
const token = await strapi
|
|
131
|
+
.query('admin::api-token')
|
|
132
|
+
.findOne({ select: SELECT_FIELDS, populate: POPULATE_FIELDS, where: whereParams });
|
|
133
|
+
|
|
134
|
+
if (!token) return token;
|
|
135
|
+
return flattenTokenPermissions(token);
|
|
136
|
+
};
|
|
137
|
+
|
|
138
|
+
/**
|
|
139
|
+
* Check if token exists
|
|
140
|
+
*
|
|
141
|
+
* @param {Object} whereParams
|
|
142
|
+
* @param {string|number} whereParams.id
|
|
143
|
+
* @param {string} whereParams.name
|
|
144
|
+
* @param {number} whereParams.lastUsedAt
|
|
145
|
+
* @param {string} whereParams.description
|
|
146
|
+
* @param {string} whereParams.accessKey
|
|
28
147
|
*
|
|
29
148
|
* @returns {Promise<boolean>}
|
|
30
149
|
*/
|
|
@@ -35,6 +154,8 @@ const exists = async (whereParams = {}) => {
|
|
|
35
154
|
};
|
|
36
155
|
|
|
37
156
|
/**
|
|
157
|
+
* Return a secure sha512 hash of an accessKey
|
|
158
|
+
*
|
|
38
159
|
* @param {string} accessKey
|
|
39
160
|
*
|
|
40
161
|
* @returns {string}
|
|
@@ -47,24 +168,103 @@ const hash = (accessKey) => {
|
|
|
47
168
|
};
|
|
48
169
|
|
|
49
170
|
/**
|
|
171
|
+
* @param {number} lifespan
|
|
172
|
+
*
|
|
173
|
+
* @returns { { lifespan: null | number, expiresAt: null | number } }
|
|
174
|
+
*/
|
|
175
|
+
const getExpirationFields = (lifespan) => {
|
|
176
|
+
// it must be nil or a finite number >= 0
|
|
177
|
+
const isValidNumber = Number.isFinite(lifespan) && lifespan > 0;
|
|
178
|
+
if (!isValidNumber && !isNil(lifespan)) {
|
|
179
|
+
throw new ValidationError('lifespan must be a positive number or null');
|
|
180
|
+
}
|
|
181
|
+
|
|
182
|
+
return {
|
|
183
|
+
lifespan: lifespan || null,
|
|
184
|
+
expiresAt: lifespan ? Date.now() + lifespan : null,
|
|
185
|
+
};
|
|
186
|
+
};
|
|
187
|
+
|
|
188
|
+
/**
|
|
189
|
+
* Create a token and its permissions
|
|
190
|
+
*
|
|
50
191
|
* @param {Object} attributes
|
|
51
192
|
* @param {TokenType} attributes.type
|
|
52
193
|
* @param {string} attributes.name
|
|
53
|
-
* @param {
|
|
194
|
+
* @param {number} attributes.lifespan
|
|
195
|
+
* @param {string[]} attributes.permissions
|
|
196
|
+
* @param {string} attributes.description
|
|
54
197
|
*
|
|
55
198
|
* @returns {Promise<ApiToken>}
|
|
56
199
|
*/
|
|
57
200
|
const create = async (attributes) => {
|
|
58
201
|
const accessKey = crypto.randomBytes(128).toString('hex');
|
|
59
202
|
|
|
203
|
+
assertCustomTokenPermissionsValidity(attributes);
|
|
204
|
+
assertValidLifespan(attributes);
|
|
205
|
+
|
|
206
|
+
// Create the token
|
|
60
207
|
const apiToken = await strapi.query('admin::api-token').create({
|
|
61
208
|
select: SELECT_FIELDS,
|
|
209
|
+
populate: POPULATE_FIELDS,
|
|
62
210
|
data: {
|
|
63
|
-
...attributes,
|
|
211
|
+
...omit('permissions', attributes),
|
|
64
212
|
accessKey: hash(accessKey),
|
|
213
|
+
...getExpirationFields(attributes.lifespan),
|
|
65
214
|
},
|
|
66
215
|
});
|
|
67
216
|
|
|
217
|
+
const result = { ...apiToken, accessKey };
|
|
218
|
+
|
|
219
|
+
// If this is a custom type token, create and the related permissions
|
|
220
|
+
if (attributes.type === constants.API_TOKEN_TYPE.CUSTOM) {
|
|
221
|
+
// TODO: createMany doesn't seem to create relation properly, implement a better way rather than a ton of queries
|
|
222
|
+
// const permissionsCount = await strapi.query('admin::api-token-permission').createMany({
|
|
223
|
+
// populate: POPULATE_FIELDS,
|
|
224
|
+
// data: attributes.permissions.map(action => ({ action, token: apiToken })),
|
|
225
|
+
// });
|
|
226
|
+
await Promise.all(
|
|
227
|
+
uniq(attributes.permissions).map((action) =>
|
|
228
|
+
strapi.query('admin::api-token-permission').create({
|
|
229
|
+
data: { action, token: apiToken },
|
|
230
|
+
})
|
|
231
|
+
)
|
|
232
|
+
);
|
|
233
|
+
|
|
234
|
+
const currentPermissions = await strapi.entityService.load(
|
|
235
|
+
'admin::api-token',
|
|
236
|
+
apiToken,
|
|
237
|
+
'permissions'
|
|
238
|
+
);
|
|
239
|
+
|
|
240
|
+
if (currentPermissions) {
|
|
241
|
+
Object.assign(result, { permissions: map('action', currentPermissions) });
|
|
242
|
+
}
|
|
243
|
+
}
|
|
244
|
+
|
|
245
|
+
return result;
|
|
246
|
+
};
|
|
247
|
+
|
|
248
|
+
/**
|
|
249
|
+
* @param {string|number} id
|
|
250
|
+
*
|
|
251
|
+
* @returns {Promise<ApiToken>}
|
|
252
|
+
*/
|
|
253
|
+
const regenerate = async (id) => {
|
|
254
|
+
const accessKey = crypto.randomBytes(128).toString('hex');
|
|
255
|
+
|
|
256
|
+
const apiToken = await strapi.query('admin::api-token').update({
|
|
257
|
+
select: ['id', 'accessKey'],
|
|
258
|
+
where: { id },
|
|
259
|
+
data: {
|
|
260
|
+
accessKey: hash(accessKey),
|
|
261
|
+
},
|
|
262
|
+
});
|
|
263
|
+
|
|
264
|
+
if (!apiToken) {
|
|
265
|
+
throw new NotFoundError('The provided token id does not exist');
|
|
266
|
+
}
|
|
267
|
+
|
|
68
268
|
return {
|
|
69
269
|
...apiToken,
|
|
70
270
|
accessKey,
|
|
@@ -92,25 +292,37 @@ For security reasons, prefer storing the secret in an environment variable and r
|
|
|
92
292
|
};
|
|
93
293
|
|
|
94
294
|
/**
|
|
295
|
+
* Return a list of all tokens and their permissions
|
|
296
|
+
*
|
|
95
297
|
* @returns {Promise<Omit<ApiToken, 'accessKey'>>}
|
|
96
298
|
*/
|
|
97
299
|
const list = async () => {
|
|
98
|
-
|
|
300
|
+
const tokens = await strapi.query('admin::api-token').findMany({
|
|
99
301
|
select: SELECT_FIELDS,
|
|
302
|
+
populate: POPULATE_FIELDS,
|
|
100
303
|
orderBy: { name: 'ASC' },
|
|
101
304
|
});
|
|
305
|
+
|
|
306
|
+
if (!tokens) return tokens;
|
|
307
|
+
return tokens.map((token) => flattenTokenPermissions(token));
|
|
102
308
|
};
|
|
103
309
|
|
|
104
310
|
/**
|
|
311
|
+
* Revoke (delete) a token
|
|
312
|
+
*
|
|
105
313
|
* @param {string|number} id
|
|
106
314
|
*
|
|
107
315
|
* @returns {Promise<Omit<ApiToken, 'accessKey'>>}
|
|
108
316
|
*/
|
|
109
317
|
const revoke = async (id) => {
|
|
110
|
-
return strapi
|
|
318
|
+
return strapi
|
|
319
|
+
.query('admin::api-token')
|
|
320
|
+
.delete({ select: SELECT_FIELDS, populate: POPULATE_FIELDS, where: { id } });
|
|
111
321
|
};
|
|
112
322
|
|
|
113
323
|
/**
|
|
324
|
+
* Retrieve a token by id
|
|
325
|
+
*
|
|
114
326
|
* @param {string|number} id
|
|
115
327
|
*
|
|
116
328
|
* @returns {Promise<Omit<ApiToken, 'accessKey'>>}
|
|
@@ -120,6 +332,8 @@ const getById = async (id) => {
|
|
|
120
332
|
};
|
|
121
333
|
|
|
122
334
|
/**
|
|
335
|
+
* Retrieve a token by name
|
|
336
|
+
*
|
|
123
337
|
* @param {string} name
|
|
124
338
|
*
|
|
125
339
|
* @returns {Promise<Omit<ApiToken, 'accessKey'>>}
|
|
@@ -129,39 +343,105 @@ const getByName = async (name) => {
|
|
|
129
343
|
};
|
|
130
344
|
|
|
131
345
|
/**
|
|
346
|
+
* Update a token and its permissions
|
|
347
|
+
*
|
|
132
348
|
* @param {string|number} id
|
|
133
349
|
* @param {Object} attributes
|
|
134
350
|
* @param {TokenType} attributes.type
|
|
135
351
|
* @param {string} attributes.name
|
|
136
|
-
* @param {
|
|
352
|
+
* @param {number} attributes.lastUsedAt
|
|
353
|
+
* @param {string[]} attributes.permissions
|
|
354
|
+
* @param {string} attributes.description
|
|
137
355
|
*
|
|
138
356
|
* @returns {Promise<Omit<ApiToken, 'accessKey'>>}
|
|
139
357
|
*/
|
|
140
358
|
const update = async (id, attributes) => {
|
|
141
|
-
|
|
142
|
-
|
|
143
|
-
.update({ where: { id }, data: attributes, select: SELECT_FIELDS });
|
|
144
|
-
};
|
|
359
|
+
// retrieve token without permissions
|
|
360
|
+
const originalToken = await strapi.query('admin::api-token').findOne({ where: { id } });
|
|
145
361
|
|
|
146
|
-
|
|
147
|
-
|
|
148
|
-
* @param {string|number} [whereParams.id]
|
|
149
|
-
* @param {string} [whereParams.name]
|
|
150
|
-
* @param {string} [whereParams.description]
|
|
151
|
-
* @param {string} [whereParams.accessKey]
|
|
152
|
-
*
|
|
153
|
-
* @returns {Promise<Omit<ApiToken, 'accessKey'> | null>}
|
|
154
|
-
*/
|
|
155
|
-
const getBy = async (whereParams = {}) => {
|
|
156
|
-
if (Object.keys(whereParams).length === 0) {
|
|
157
|
-
return null;
|
|
362
|
+
if (!originalToken) {
|
|
363
|
+
throw new NotFoundError('Token not found');
|
|
158
364
|
}
|
|
159
365
|
|
|
160
|
-
|
|
366
|
+
const changingTypeToCustom =
|
|
367
|
+
attributes.type === constants.API_TOKEN_TYPE.CUSTOM &&
|
|
368
|
+
originalToken.type !== constants.API_TOKEN_TYPE.CUSTOM;
|
|
369
|
+
|
|
370
|
+
// if we're updating the permissions on any token type, or changing from non-custom to custom, ensure they're still valid
|
|
371
|
+
// if neither type nor permissions are changing, we don't need to validate again or else we can't allow partial update
|
|
372
|
+
if (attributes.permissions || changingTypeToCustom) {
|
|
373
|
+
assertCustomTokenPermissionsValidity({
|
|
374
|
+
...originalToken,
|
|
375
|
+
...attributes,
|
|
376
|
+
type: attributes.type || originalToken.type,
|
|
377
|
+
});
|
|
378
|
+
}
|
|
379
|
+
|
|
380
|
+
assertValidLifespan(attributes);
|
|
381
|
+
|
|
382
|
+
const updatedToken = await strapi.query('admin::api-token').update({
|
|
383
|
+
select: SELECT_FIELDS,
|
|
384
|
+
where: { id },
|
|
385
|
+
data: omit('permissions', attributes),
|
|
386
|
+
});
|
|
387
|
+
|
|
388
|
+
// custom tokens need to have their permissions updated as well
|
|
389
|
+
if (updatedToken.type === constants.API_TOKEN_TYPE.CUSTOM && attributes.permissions) {
|
|
390
|
+
const currentPermissionsResult = await strapi.entityService.load(
|
|
391
|
+
'admin::api-token',
|
|
392
|
+
updatedToken,
|
|
393
|
+
'permissions'
|
|
394
|
+
);
|
|
395
|
+
|
|
396
|
+
const currentPermissions = map('action', currentPermissionsResult || []);
|
|
397
|
+
const newPermissions = uniq(attributes.permissions);
|
|
398
|
+
|
|
399
|
+
const actionsToDelete = difference(currentPermissions, newPermissions);
|
|
400
|
+
const actionsToAdd = difference(newPermissions, currentPermissions);
|
|
401
|
+
|
|
402
|
+
// TODO: improve efficiency here
|
|
403
|
+
// method using a loop -- works but very inefficient
|
|
404
|
+
await Promise.all(
|
|
405
|
+
actionsToDelete.map((action) =>
|
|
406
|
+
strapi.query('admin::api-token-permission').delete({
|
|
407
|
+
where: { action, token: id },
|
|
408
|
+
})
|
|
409
|
+
)
|
|
410
|
+
);
|
|
411
|
+
|
|
412
|
+
// TODO: improve efficiency here
|
|
413
|
+
// using a loop -- works but very inefficient
|
|
414
|
+
await Promise.all(
|
|
415
|
+
actionsToAdd.map((action) =>
|
|
416
|
+
strapi.query('admin::api-token-permission').create({
|
|
417
|
+
data: { action, token: id },
|
|
418
|
+
})
|
|
419
|
+
)
|
|
420
|
+
);
|
|
421
|
+
}
|
|
422
|
+
// if type is not custom, make sure any old permissions get removed
|
|
423
|
+
else if (updatedToken.type !== constants.API_TOKEN_TYPE.CUSTOM) {
|
|
424
|
+
await strapi.query('admin::api-token-permission').delete({
|
|
425
|
+
where: { token: id },
|
|
426
|
+
});
|
|
427
|
+
}
|
|
428
|
+
|
|
429
|
+
// retrieve permissions
|
|
430
|
+
const permissionsFromDb = await strapi.entityService.load(
|
|
431
|
+
'admin::api-token',
|
|
432
|
+
updatedToken,
|
|
433
|
+
'permissions'
|
|
434
|
+
);
|
|
435
|
+
|
|
436
|
+
return {
|
|
437
|
+
...updatedToken,
|
|
438
|
+
permissions: permissionsFromDb ? permissionsFromDb.map((p) => p.action) : undefined,
|
|
439
|
+
};
|
|
161
440
|
};
|
|
162
441
|
|
|
163
442
|
module.exports = {
|
|
164
443
|
create,
|
|
444
|
+
regenerate,
|
|
165
445
|
exists,
|
|
166
446
|
checkSaltIsDefined,
|
|
167
447
|
hash,
|
|
@@ -1,5 +1,7 @@
|
|
|
1
1
|
'use strict';
|
|
2
2
|
|
|
3
|
+
const DAY_IN_MS = 24 * 60 * 60 * 1000;
|
|
4
|
+
|
|
3
5
|
module.exports = {
|
|
4
6
|
CONTENT_TYPE_SECTION: 'contentTypes',
|
|
5
7
|
SUPER_ADMIN_CODE: 'strapi-super-admin',
|
|
@@ -13,5 +15,13 @@ module.exports = {
|
|
|
13
15
|
API_TOKEN_TYPE: {
|
|
14
16
|
READ_ONLY: 'read-only',
|
|
15
17
|
FULL_ACCESS: 'full-access',
|
|
18
|
+
CUSTOM: 'custom',
|
|
19
|
+
},
|
|
20
|
+
// The front-end only displays these values
|
|
21
|
+
API_TOKEN_LIFESPANS: {
|
|
22
|
+
UNLIMITED: null,
|
|
23
|
+
DAYS_7: 7 * DAY_IN_MS,
|
|
24
|
+
DAYS_30: 30 * DAY_IN_MS,
|
|
25
|
+
DAYS_90: 90 * DAY_IN_MS,
|
|
16
26
|
},
|
|
17
27
|
};
|