npm - @strapi/admin - Versions diffs - 4.6.0-beta.1 → 4.6.0 - Mend

@strapi/admin 4.6.0-beta.1 → 4.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (497) hide show

package/ee/server/controllers/audit-logs.js ADDED Viewed

@@ -0,0 +1,24 @@
+'use strict';
+const { validateFindMany } = require('../validation/audit-logs');
+module.exports = {
+  async findMany(ctx) {
+    const { query } = ctx.request;
+    await validateFindMany(query);
+    const auditLogs = strapi.container.get('audit-logs');
+    const body = await auditLogs.findMany(query);
+    ctx.body = body;
+  },
+  async findOne(ctx) {
+    const { id } = ctx.params;
+    const auditLogs = strapi.container.get('audit-logs');
+    const body = await auditLogs.findOne(id);
+    ctx.body = body;
+  },
+};

package/ee/server/controllers/authentication/middlewares.js CHANGED Viewed

@@ -103,7 +103,8 @@ const redirectWithAuth = (ctx) => {
   const cookiesOptions = { httpOnly: false, secure: isProduction, overwrite: true };
-  strapi.eventHub.emit('admin.auth.success', { user, provider });
+  const sanitizedUser = getService('user').sanitizeUser(user);
+  strapi.eventHub.emit('admin.auth.success', { user: sanitizedUser, provider });
   ctx.cookies.set('jwtToken', jwt, cookiesOptions);
   ctx.redirect(redirectUrls.success);

package/ee/server/controllers/index.js CHANGED Viewed

@@ -5,4 +5,5 @@ module.exports = {
   permission: require('./permission'),
   role: require('./role'),
   user: require('./user'),
+  auditLogs: require('./audit-logs'),
 };

package/ee/server/destroy.js ADDED Viewed

@@ -0,0 +1,12 @@
+'use strict';
+const { features } = require('@strapi/strapi/lib/utils/ee');
+const executeCEDestroy = require('../../server/destroy');
+module.exports = async ({ strapi }) => {
+  if (features.isEnabled('audit-logs')) {
+    strapi.container.get('audit-logs').destroy();
+  }
+  await executeCEDestroy();
+};

package/ee/server/index.js CHANGED Viewed

@@ -1,7 +1,9 @@
 'use strict';
 module.exports = {
+  register: require('./register'),
   bootstrap: require('./bootstrap'),
+  destroy: require('./destroy'),
   routes: require('./routes'),
   services: require('./services'),
   controllers: require('./controllers'),

package/ee/server/register.js ADDED Viewed

@@ -0,0 +1,15 @@
+'use strict';
+const { features } = require('@strapi/strapi/lib/utils/ee');
+const executeCERegister = require('../../server/register');
+const createAuditLogsService = require('./services/audit-logs');
+module.exports = async ({ strapi }) => {
+  if (features.isEnabled('audit-logs')) {
+    const auditLogsService = createAuditLogsService(strapi);
+    strapi.container.register('audit-logs', auditLogsService);
+    await auditLogsService.register();
+  }
+  await executeCERegister({ strapi });
+};

package/ee/server/routes/index.js CHANGED Viewed

@@ -1,17 +1,13 @@
 'use strict';
-// eslint-disable-next-line node/no-extraneous-require
 const { features } = require('@strapi/strapi/lib/utils/ee');
-const featuresRoutes = require('./features-routes');
-const getFeaturesRoutes = () => {
-  return Object.entries(featuresRoutes).flatMap(([featureName, featureRoutes]) => {
-    if (features.isEnabled(featureName)) {
-      return featureRoutes;
-    }
+const enableFeatureMiddleware = (featureName) => (ctx, next) => {
+  if (features.isEnabled(featureName)) {
+    return next();
+  }
-    return [];
-  });
+  ctx.status = 404;
 };
 module.exports = [
@@ -63,5 +59,93 @@ module.exports = [
       ],
     },
   },
-  ...getFeaturesRoutes(),
+  // SSO
+  {
+    method: 'GET',
+    path: '/providers',
+    handler: 'authentication.getProviders',
+    config: {
+      middlewares: [enableFeatureMiddleware('sso')],
+      auth: false,
+    },
+  },
+  {
+    method: 'GET',
+    path: '/connect/:provider',
+    handler: 'authentication.providerLogin',
+    config: {
+      middlewares: [enableFeatureMiddleware('sso')],
+      auth: false,
+    },
+  },
+  {
+    method: 'POST',
+    path: '/connect/:provider',
+    handler: 'authentication.providerLogin',
+    config: {
+      middlewares: [enableFeatureMiddleware('sso')],
+      auth: false,
+    },
+  },
+  {
+    method: 'GET',
+    path: '/providers/options',
+    handler: 'authentication.getProviderLoginOptions',
+    config: {
+      middlewares: [enableFeatureMiddleware('sso')],
+      policies: [
+        'admin::isAuthenticatedAdmin',
+        { name: 'admin::hasPermissions', config: { actions: ['admin::provider-login.read'] } },
+      ],
+    },
+  },
+  {
+    method: 'PUT',
+    path: '/providers/options',
+    handler: 'authentication.updateProviderLoginOptions',
+    config: {
+      middlewares: [enableFeatureMiddleware('sso')],
+      policies: [
+        'admin::isAuthenticatedAdmin',
+        { name: 'admin::hasPermissions', config: { actions: ['admin::provider-login.update'] } },
+      ],
+    },
+  },
+  // Audit logs
+  {
+    method: 'GET',
+    path: '/audit-logs',
+    handler: 'auditLogs.findMany',
+    config: {
+      middlewares: [enableFeatureMiddleware('audit-logs')],
+      policies: [
+        'admin::isAuthenticatedAdmin',
+        {
+          name: 'admin::hasPermissions',
+          config: {
+            actions: ['admin::audit-logs.read'],
+          },
+        },
+      ],
+    },
+  },
+  {
+    method: 'GET',
+    path: '/audit-logs/:id',
+    handler: 'auditLogs.findOne',
+    config: {
+      middlewares: [enableFeatureMiddleware('audit-logs')],
+      policies: [
+        'admin::isAuthenticatedAdmin',
+        {
+          name: 'admin::hasPermissions',
+          config: {
+            actions: ['admin::audit-logs.read'],
+          },
+        },
+      ],
+    },
+  },
 ];

package/ee/server/services/audit-logs.js ADDED Viewed

@@ -0,0 +1,153 @@
+'use strict';
+const localProvider = require('@strapi/provider-audit-logs-local');
+const { scheduleJob } = require('node-schedule');
+const { features } = require('@strapi/strapi/lib/utils/ee');
+const DEFAULT_RETENTION_DAYS = 90;
+const defaultEvents = [
+  'entry.create',
+  'entry.update',
+  'entry.delete',
+  'entry.publish',
+  'entry.unpublish',
+  'media.create',
+  'media.update',
+  'media.delete',
+  'media-folder.create',
+  'media-folder.update',
+  'media-folder.delete',
+  'user.create',
+  'user.update',
+  'user.delete',
+  'admin.auth.success',
+  'admin.logout',
+  'content-type.create',
+  'content-type.update',
+  'content-type.delete',
+  'component.create',
+  'component.update',
+  'component.delete',
+  'role.create',
+  'role.update',
+  'role.delete',
+  'permission.create',
+  'permission.update',
+  'permission.delete',
+];
+const getSanitizedUser = (user) => ({
+  id: user.id,
+  email: user.email,
+  fullname: `${user.firstname} ${user.lastname}`,
+});
+const getEventMap = (defaultEvents) => {
+  const getDefaultPayload = (...args) => args[0];
+  // Use the default payload for all default events
+  return defaultEvents.reduce((acc, event) => {
+    acc[event] = getDefaultPayload;
+    return acc;
+  }, {});
+};
+const createAuditLogsService = (strapi) => {
+  // NOTE: providers should be able to replace getEventMap to add or remove events
+  const eventMap = getEventMap(defaultEvents);
+  const processEvent = (name, ...args) => {
+    const getPayload = eventMap[name];
+    // Ignore the event if it's not in the map
+    if (!getPayload) {
+      return null;
+    }
+    // Ignore some events based on payload
+    const ignoredUids = ['plugin::upload.file', 'plugin::upload.folder'];
+    if (ignoredUids.includes(args[0]?.uid)) {
+      return null;
+    }
+    return {
+      action: name,
+      date: new Date().toISOString(),
+      payload: getPayload(...args) || {},
+      userId: strapi.requestContext.get()?.state?.user?.id,
+    };
+  };
+  async function handleEvent(name, ...args) {
+    const processedEvent = processEvent(name, ...args);
+    if (processedEvent) {
+      await this._provider.saveEvent(processedEvent);
+    }
+  }
+  return {
+    async register() {
+      const retentionDays =
+        features.get('audit-logs')?.options.retentionDays ?? DEFAULT_RETENTION_DAYS;
+      this._provider = await localProvider.register({ strapi });
+      this._eventHubUnsubscribe = strapi.eventHub.subscribe(handleEvent.bind(this));
+      this._deleteExpiredJob = scheduleJob('0 0 * * *', () => {
+        const expirationDate = new Date(Date.now() - retentionDays * 24 * 60 * 60 * 1000);
+        this._provider.deleteExpiredEvents(expirationDate);
+      });
+      return this;
+    },
+    async findMany(query) {
+      const { results, pagination } = await this._provider.findMany(query);
+      const sanitizedResults = results.map((result) => {
+        const { user, ...rest } = result;
+        return {
+          ...rest,
+          user: user ? getSanitizedUser(user) : null,
+        };
+      });
+      return {
+        results: sanitizedResults,
+        pagination,
+      };
+    },
+    async findOne(id) {
+      const result = await this._provider.findOne(id);
+      if (!result) {
+        return null;
+      }
+      const { user, ...rest } = result;
+      return {
+        ...rest,
+        user: user ? getSanitizedUser(user) : null,
+      };
+    },
+    unsubscribe() {
+      if (this._eventHubUnsubscribe) {
+        this._eventHubUnsubscribe();
+      }
+      if (this._deleteExpiredJob) {
+        this._deleteExpiredJob.cancel();
+      }
+      return this;
+    },
+    destroy() {
+      return this.unsubscribe();
+    },
+  };
+};
+module.exports = createAuditLogsService;

package/ee/server/services/passport/sso.js CHANGED Viewed

@@ -1,13 +1,25 @@
 'use strict';
+const ee = require('@strapi/strapi/ee');
 const { authEventsMapper } = require('../../../../server/services/passport');
 const createProviderRegistry = require('./provider-registry');
 const providerRegistry = createProviderRegistry();
+const errorMessage = 'SSO is disabled. Its functionnalities cannot be accessed.';
-const getStrategyCallbackURL = (providerName) => `/admin/connect/${providerName}`;
+const getStrategyCallbackURL = (providerName) => {
+  if (!ee.features.isEnabled('sso')) {
+    throw new Error(errorMessage);
+  }
+  return `/admin/connect/${providerName}`;
+};
 const syncProviderRegistryWithConfig = () => {
+  if (!ee.features.isEnabled('sso')) {
+    throw new Error(errorMessage);
+  }
   const { providers = [] } = strapi.config.get('admin.auth', {});
   providerRegistry.registerMany(providers);

package/ee/server/services/passport.js CHANGED Viewed

@@ -25,8 +25,5 @@ const getPassportStrategies = () => {
 module.exports = {
   getPassportStrategies,
+  ...sso,
 };
-if (features.isEnabled('sso')) {
-  Object.assign(module.exports, sso);
-}

package/ee/server/validation/audit-logs.js ADDED Viewed

@@ -0,0 +1,18 @@
+'use strict';
+const { yup, validateYupSchema } = require('@strapi/utils');
+const ALLOWED_SORT_STRINGS = ['action:ASC', 'action:DESC', 'date:ASC', 'date:DESC'];
+const validateFindManySchema = yup
+  .object()
+  .shape({
+    page: yup.number().integer().min(1),
+    pageSize: yup.number().integer().min(1).max(100),
+    sort: yup.mixed().oneOf(ALLOWED_SORT_STRINGS),
+  })
+  .required();
+module.exports = {
+  validateFindMany: validateYupSchema(validateFindManySchema, { strict: false }),
+};

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@strapi/admin",
-  "version": "4.6.0-beta.1",
+  "version": "4.6.0",
   "description": "Strapi Admin",
   "repository": {
     "type": "git",
@@ -44,25 +44,28 @@
     "@babel/preset-react": "7.18.6",
     "@babel/runtime": "7.18.9",
     "@casl/ability": "^5.4.3",
-    "@fingerprintjs/fingerprintjs": "3.3.3",
-    "@pmmmwh/react-refresh-webpack-plugin": "0.5.7",
-    "@strapi/babel-plugin-switch-ee-ce": "4.6.0-beta.1",
-    "@strapi/design-system": "1.4.1",
-    "@strapi/helper-plugin": "4.6.0-beta.1",
-    "@strapi/icons": "1.4.1",
-    "@strapi/permissions": "4.6.0-beta.1",
-    "@strapi/typescript-utils": "4.6.0-beta.1",
-    "@strapi/utils": "4.6.0-beta.1",
-    "axios": "0.27.2",
+    "@fingerprintjs/fingerprintjs": "3.3.6",
+    "@pmmmwh/react-refresh-webpack-plugin": "0.5.10",
+    "@strapi/babel-plugin-switch-ee-ce": "4.6.0",
+    "@strapi/data-transfer": "4.6.0",
+    "@strapi/design-system": "1.6.1",
+    "@strapi/helper-plugin": "4.6.0",
+    "@strapi/icons": "1.6.1",
+    "@strapi/permissions": "4.6.0",
+    "@strapi/provider-audit-logs-local": "4.6.0",
+    "@strapi/typescript-utils": "4.6.0",
+    "@strapi/utils": "4.6.0",
+    "axios": "1.2.2",
     "babel-loader": "8.2.5",
     "babel-plugin-styled-components": "2.0.2",
     "bcryptjs": "2.4.3",
+    "browserslist-to-esbuild": "1.2.0",
     "chalk": "^4.1.1",
     "chokidar": "^3.5.1",
-    "codemirror": "^5.65.8",
+    "codemirror": "^5.65.11",
     "cross-env": "^7.0.3",
     "css-loader": "6.7.2",
-    "date-fns": "2.29.2",
+    "date-fns": "2.29.3",
     "dotenv": "8.5.1",
     "esbuild-loader": "^2.20.0",
     "execa": "^1.0.0",
@@ -79,10 +82,11 @@
     "immer": "9.0.15",
     "invariant": "^2.2.4",
     "js-cookie": "2.2.1",
-    "jsonwebtoken": "8.5.1",
+    "jsonwebtoken": "9.0.0",
     "koa-compose": "4.1.0",
     "koa-passport": "5.0.0",
     "koa-static": "5.0.0",
+    "koa2-ratelimit": "^1.1.2",
     "lodash": "4.17.21",
     "markdown-it": "^12.3.2",
     "markdown-it-abbr": "^1.0.4",
@@ -98,6 +102,7 @@
     "mini-css-extract-plugin": "2.4.4",
     "msw": "0.49.1",
     "node-polyfill-webpack-plugin": "2.0.1",
+    "node-schedule": "2.1.0",
     "p-map": "4.0.0",
     "passport-local": "1.0.0",
     "prop-types": "^15.7.2",
@@ -160,5 +165,5 @@
       }
     }
   },
-  "gitHead": "2c0bcabdf0bf2a269fed50c6f23ba777845968a0"
+  "gitHead": "a9e55435c489f3379d88565bf3f729deb29bfb45"
 }

package/server/controllers/admin.js CHANGED Viewed

@@ -37,7 +37,7 @@ module.exports = {
   async getProjectType() {
     // FIXME
     try {
-      return { data: { isEE: strapi.EE, features: ee.features.getEnabled() } };
+      return { data: { isEE: strapi.EE, features: ee.features.list() } };
     } catch (err) {
       return { data: { isEE: false, features: [] } };
     }
@@ -46,7 +46,7 @@ module.exports = {
   async init() {
     let uuid = strapi.config.get('uuid', false);
     const hasAdmin = await getService('user').exists();
-    const { menuLogo } = await getService('project-settings').getProjectSettings();
+    const { menuLogo, authLogo } = await getService('project-settings').getProjectSettings();
     // set to null if telemetryDisabled flag not avaialble in package.json
     const telemetryDisabled = strapi.config.get('packageJsonStrapi.telemetryDisabled', null);
@@ -59,6 +59,7 @@ module.exports = {
         uuid,
         hasAdmin,
         menuLogo: menuLogo ? menuLogo.url : null,
+        authLogo: authLogo ? authLogo.url : null,
       },
     };
   },

package/server/controllers/authentication.js CHANGED Viewed

@@ -32,7 +32,8 @@ module.exports = {
         ctx.state.user = user;
-        strapi.eventHub.emit('admin.auth.success', { user, provider: 'local' });
+        const sanitizedUser = getService('user').sanitizeUser(user);
+        strapi.eventHub.emit('admin.auth.success', { user: sanitizedUser, provider: 'local' });
         return next();
       })(ctx, next);
@@ -156,4 +157,10 @@ module.exports = {
       },
     };
   },
+  logout(ctx) {
+    const sanitizedUser = getService('user').sanitizeUser(ctx.state.user);
+    strapi.eventHub.emit('admin.logout', { user: sanitizedUser });
+    ctx.body = { data: {} };
+  },
 };

package/server/index.js CHANGED Viewed

@@ -10,6 +10,7 @@ const routes = require('./routes');
 const services = require('./services');
 const controllers = require('./controllers');
 const contentTypes = require('./content-types');
+const middlewares = require('./middlewares');
 module.exports = {
   register,
@@ -21,4 +22,5 @@ module.exports = {
   services,
   controllers,
   contentTypes,
+  middlewares,
 };

package/server/middlewares/index.js ADDED Viewed

@@ -0,0 +1,7 @@
+'use strict';
+const rateLimit = require('./rateLimit');
+module.exports = {
+  rateLimit,
+};

package/server/middlewares/rateLimit.js ADDED Viewed

@@ -0,0 +1,43 @@
+'use strict';
+const utils = require('@strapi/utils');
+const { has, toLower } = require('lodash/fp');
+const { RateLimitError } = utils.errors;
+module.exports =
+  (config, { strapi }) =>
+  async (ctx, next) => {
+    let rateLimitConfig = strapi.config.get('admin.rateLimit');
+    if (!rateLimitConfig) {
+      rateLimitConfig = {
+        enabled: true,
+      };
+    }
+    if (!has('enabled', rateLimitConfig)) {
+      rateLimitConfig.enabled = true;
+    }
+    if (rateLimitConfig.enabled === true) {
+      const rateLimit = require('koa2-ratelimit').RateLimit;
+      const userEmail = toLower(ctx.request.body.email) || 'unknownEmail';
+      const loadConfig = {
+        interval: { min: 5 },
+        max: 5,
+        prefixKey: `${userEmail}:${ctx.request.path}:${ctx.request.ip}`,
+        handler() {
+          throw new RateLimitError();
+        },
+        ...rateLimitConfig,
+        ...config,
+      };
+      return rateLimit.middleware(loadConfig)(ctx, next);
+    }
+    return next();
+  };

package/server/register.js CHANGED Viewed

@@ -1,5 +1,7 @@
 'use strict';
+// const { register: registerDataTransferRoute } = require('@strapi/data-transfer/lib/strapi');
 const registerAdminPanelRoute = require('./routes/serve-admin-panel');
 const adminAuthStrategy = require('./strategies/admin');
 const apiTokenAuthStrategy = require('./strategies/api-token');
@@ -14,4 +16,11 @@ module.exports = ({ strapi }) => {
   if (strapi.config.serveAdminPanel) {
     registerAdminPanelRoute({ strapi });
   }
+  // if (
+  //   process.env.STRAPI_EXPERIMENTAL === 'true' &&
+  //   process.env.STRAPI_DISABLE_REMOTE_DATA_TRANSFER !== 'true'
+  // ) {
+  //   registerDataTransferRoute(strapi);
+  // }
 };

package/server/routes/authentication.js CHANGED Viewed

@@ -5,7 +5,10 @@ module.exports = [
     method: 'POST',
     path: '/login',
     handler: 'authentication.login',
-    config: { auth: false },
+    config: {
+      auth: false,
+      middlewares: ['admin::rateLimit'],
+    },
   },
   {
     method: 'POST',
@@ -43,4 +46,12 @@ module.exports = [
     handler: 'authentication.resetPassword',
     config: { auth: false },
   },
+  {
+    method: 'POST',
+    path: '/logout',
+    handler: 'authentication.logout',
+    config: {
+      policies: ['admin::isAuthenticatedAdmin'],
+    },
+  },
 ];

package/server/routes/roles.js CHANGED Viewed

@@ -1,14 +1,6 @@
 'use strict';
 module.exports = [
-  {
-    method: 'POST',
-    path: '/users/batch-delete',
-    handler: 'user.deleteMany',
-    config: {
-      policies: [{ name: 'admin::hasPermissions', config: { actions: ['admin::users.delete'] } }],
-    },
-  },
   {
     method: 'GET',
     path: '/roles/:id/permissions',