@strapi/admin 5.0.0-rc.9 → 5.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/admin/{AdminSeatInfo-j58AKYvZ.js → AdminSeatInfo-8vtNB3ck.js} +3 -3
- package/dist/admin/{AdminSeatInfo-j58AKYvZ.js.map → AdminSeatInfo-8vtNB3ck.js.map} +1 -1
- package/dist/admin/{AdminSeatInfo-qGNvhfii.mjs → AdminSeatInfo-qIgh5-QA.mjs} +4 -4
- package/dist/admin/{AdminSeatInfo-qGNvhfii.mjs.map → AdminSeatInfo-qIgh5-QA.mjs.map} +1 -1
- package/dist/admin/{ApplicationInfoPage-ahnTcFV1.mjs → ApplicationInfoPage-AAIv_ZkF.mjs} +5 -5
- package/dist/admin/{ApplicationInfoPage-ahnTcFV1.mjs.map → ApplicationInfoPage-AAIv_ZkF.mjs.map} +1 -1
- package/dist/admin/{ApplicationInfoPage-JfdJ0U4H.js → ApplicationInfoPage-bkWa99An.js} +5 -5
- package/dist/admin/{ApplicationInfoPage-JfdJ0U4H.js.map → ApplicationInfoPage-bkWa99An.js.map} +1 -1
- package/dist/admin/{AuthResponse-J8A48xdo.mjs → AuthResponse-HYXVuTDF.mjs} +2 -2
- package/dist/admin/{AuthResponse-J8A48xdo.mjs.map → AuthResponse-HYXVuTDF.mjs.map} +1 -1
- package/dist/admin/{AuthResponse-KlTDmm2i.js → AuthResponse-R8kR_yqS.js} +2 -2
- package/dist/admin/{AuthResponse-KlTDmm2i.js.map → AuthResponse-R8kR_yqS.js.map} +1 -1
- package/dist/admin/{AuthenticatedLayout-06fn7qrH.mjs → AuthenticatedLayout-J22BBdYe.mjs} +31 -39
- package/dist/admin/AuthenticatedLayout-J22BBdYe.mjs.map +1 -0
- package/dist/admin/{AuthenticatedLayout-eKDwvUFO.js → AuthenticatedLayout-ZAXB7o93.js} +30 -38
- package/dist/admin/AuthenticatedLayout-ZAXB7o93.js.map +1 -0
- package/dist/admin/{CreateActionEE-Yfp4hs7a.mjs → CreateActionEE-X2nnG2dm.mjs} +2 -2
- package/dist/admin/{CreateActionEE-Yfp4hs7a.mjs.map → CreateActionEE-X2nnG2dm.mjs.map} +1 -1
- package/dist/admin/{CreatePage-68skzZjY.js → CreatePage-3V_sa8A4.js} +3 -3
- package/dist/admin/{CreatePage-68skzZjY.js.map → CreatePage-3V_sa8A4.js.map} +1 -1
- package/dist/admin/{CreatePage-bdWb1wg4.mjs → CreatePage-5WzWwepG.mjs} +7 -7
- package/dist/admin/CreatePage-5WzWwepG.mjs.map +1 -0
- package/dist/admin/{CreatePage-Yd5JyWS5.mjs → CreatePage-hEdR3uWK.mjs} +3 -3
- package/dist/admin/{CreatePage-Yd5JyWS5.mjs.map → CreatePage-hEdR3uWK.mjs.map} +1 -1
- package/dist/admin/{CreatePage-t5HQUOqJ.js → CreatePage-zzbF8IhD.js} +6 -6
- package/dist/admin/CreatePage-zzbF8IhD.js.map +1 -0
- package/dist/admin/{CreateView-yv51Pyvw.js → CreateView-5EC5Yv96.js} +3 -3
- package/dist/admin/{CreateView-yv51Pyvw.js.map → CreateView-5EC5Yv96.js.map} +1 -1
- package/dist/admin/{CreateView-ZZaA8hbe.mjs → CreateView-OjaERndy.mjs} +3 -3
- package/dist/admin/{CreateView-ZZaA8hbe.mjs.map → CreateView-OjaERndy.mjs.map} +1 -1
- package/dist/admin/{CreateView-V0v5CK8t.mjs → CreateView-S8gDQUCt.mjs} +3 -3
- package/dist/admin/{CreateView-V0v5CK8t.mjs.map → CreateView-S8gDQUCt.mjs.map} +1 -1
- package/dist/admin/{CreateView-nzILLv0g.js → CreateView-ZQEmP8-n.js} +3 -3
- package/dist/admin/{CreateView-nzILLv0g.js.map → CreateView-ZQEmP8-n.js.map} +1 -1
- package/dist/admin/{EditPage-cWJ8V1BK.mjs → EditPage-493L2-vV.mjs} +27 -23
- package/dist/admin/EditPage-493L2-vV.mjs.map +1 -0
- package/dist/admin/{EditPage-A7-BewPd.mjs → EditPage-7fMqo-c-.mjs} +7 -7
- package/dist/admin/EditPage-7fMqo-c-.mjs.map +1 -0
- package/dist/admin/{EditPage-pTQCDncU.js → EditPage-8T9gBnnc.js} +25 -21
- package/dist/admin/EditPage-8T9gBnnc.js.map +1 -0
- package/dist/admin/{EditPage-Lw36XG9G.js → EditPage-OFlfNGv0.js} +6 -6
- package/dist/admin/EditPage-OFlfNGv0.js.map +1 -0
- package/dist/admin/{EditPage-2cMhX4F_.mjs → EditPage-akxbKeqK.mjs} +8 -8
- package/dist/admin/{EditPage-2cMhX4F_.mjs.map → EditPage-akxbKeqK.mjs.map} +1 -1
- package/dist/admin/{EditPage-LoESB5pq.js → EditPage-gJJgatNc.js} +7 -7
- package/dist/admin/{EditPage-LoESB5pq.js.map → EditPage-gJJgatNc.js.map} +1 -1
- package/dist/admin/{EditView-KzdDTSO-.js → EditView-ZJPPeal2.js} +5 -6
- package/dist/admin/EditView-ZJPPeal2.js.map +1 -0
- package/dist/admin/{EditView-HygMdUSf.mjs → EditView-_QID3gT5.mjs} +7 -8
- package/dist/admin/EditView-_QID3gT5.mjs.map +1 -0
- package/dist/admin/{EditViewPage-FgsrW_wV.js → EditViewPage-_wx5u6QJ.js} +5 -5
- package/dist/admin/{EditViewPage-FgsrW_wV.js.map → EditViewPage-_wx5u6QJ.js.map} +1 -1
- package/dist/admin/{EditViewPage-47F2xHBt.mjs → EditViewPage-zkNmb1zg.mjs} +6 -6
- package/dist/admin/{EditViewPage-47F2xHBt.mjs.map → EditViewPage-zkNmb1zg.mjs.map} +1 -1
- package/dist/admin/{EventsTable--XlOTHxM.js → EventsTable-31485Cwq.js} +2 -2
- package/dist/admin/{EventsTable--XlOTHxM.js.map → EventsTable-31485Cwq.js.map} +1 -1
- package/dist/admin/{EventsTable-mgIyB8DL.mjs → EventsTable-_BT8dIHY.mjs} +2 -2
- package/dist/admin/{EventsTable-mgIyB8DL.mjs.map → EventsTable-_BT8dIHY.mjs.map} +1 -1
- package/dist/admin/{HomePage-dyDldozB.mjs → HomePage-LenrY0bj.mjs} +7 -10
- package/dist/admin/HomePage-LenrY0bj.mjs.map +1 -0
- package/dist/admin/{HomePage-H77dsrr1.mjs → HomePage-NdId9gqT.mjs} +3 -3
- package/dist/admin/{HomePage-H77dsrr1.mjs.map → HomePage-NdId9gqT.mjs.map} +1 -1
- package/dist/admin/{HomePage-ywYHZHMa.js → HomePage-T2yVEfC3.js} +15 -18
- package/dist/admin/HomePage-T2yVEfC3.js.map +1 -0
- package/dist/admin/{HomePage-uVwht52t.js → HomePage-yyizKL39.js} +3 -3
- package/dist/admin/{HomePage-uVwht52t.js.map → HomePage-yyizKL39.js.map} +1 -1
- package/dist/admin/{InstalledPluginsPage-3OSkplVn.mjs → InstalledPlugins-Z_uS95dC.mjs} +9 -11
- package/dist/admin/InstalledPlugins-Z_uS95dC.mjs.map +1 -0
- package/dist/admin/{InstalledPluginsPage-JkruwT2d.js → InstalledPlugins-spdwM8ub.js} +9 -11
- package/dist/admin/InstalledPlugins-spdwM8ub.js.map +1 -0
- package/dist/admin/{Layout-8Ds_z3XN.mjs → Layout-5lg6USuO.mjs} +5 -5
- package/dist/admin/{Layout-8Ds_z3XN.mjs.map → Layout-5lg6USuO.mjs.map} +1 -1
- package/dist/admin/{Layout-pVTNV6PU.js → Layout-B3TQMQxb.js} +5 -5
- package/dist/admin/{Layout-pVTNV6PU.js.map → Layout-B3TQMQxb.js.map} +1 -1
- package/dist/admin/{ListPage-semY3kTl.mjs → ListPage--B6TB-mt.mjs} +4 -4
- package/dist/admin/{ListPage-semY3kTl.mjs.map → ListPage--B6TB-mt.mjs.map} +1 -1
- package/dist/admin/{ListPage-DHUp0PDw.js → ListPage-GRLtmRuy.js} +8 -8
- package/dist/admin/ListPage-GRLtmRuy.js.map +1 -0
- package/dist/admin/{ListPage-NtjeF8R2.mjs → ListPage-Ggd99FLO.mjs} +4 -4
- package/dist/admin/{ListPage-NtjeF8R2.mjs.map → ListPage-Ggd99FLO.mjs.map} +1 -1
- package/dist/admin/{ListPage-OIdhjljI.js → ListPage-Hc3VZ9O3.js} +6 -6
- package/dist/admin/{ListPage-OIdhjljI.js.map → ListPage-Hc3VZ9O3.js.map} +1 -1
- package/dist/admin/{ListPage-LokTy34i.mjs → ListPage-LIn0aEKt.mjs} +3 -3
- package/dist/admin/{ListPage-LokTy34i.mjs.map → ListPage-LIn0aEKt.mjs.map} +1 -1
- package/dist/admin/{ListPage-15KiUCLt.js → ListPage-UEsKYDPH.js} +3 -3
- package/dist/admin/{ListPage-15KiUCLt.js.map → ListPage-UEsKYDPH.js.map} +1 -1
- package/dist/admin/{ListPage-dApwERT6.js → ListPage-Vf4xtn8w.js} +5 -5
- package/dist/admin/{ListPage-dApwERT6.js.map → ListPage-Vf4xtn8w.js.map} +1 -1
- package/dist/admin/{ListPage-8M-bmv0a.mjs → ListPage-rCkaHmeP.mjs} +6 -6
- package/dist/admin/{ListPage-8M-bmv0a.mjs.map → ListPage-rCkaHmeP.mjs.map} +1 -1
- package/dist/admin/{ListPage-hNIbvh17.mjs → ListPage-vJik-wkj.mjs} +10 -10
- package/dist/admin/ListPage-vJik-wkj.mjs.map +1 -0
- package/dist/admin/{ListPage-jTpJnTuQ.js → ListPage-y3rcDJX1.js} +3 -3
- package/dist/admin/{ListPage-jTpJnTuQ.js.map → ListPage-y3rcDJX1.js.map} +1 -1
- package/dist/admin/{ListView-ZSEn2tK5.js → ListView-8pEtfLsu.js} +5 -5
- package/dist/admin/{ListView-ZSEn2tK5.js.map → ListView-8pEtfLsu.js.map} +1 -1
- package/dist/admin/{ListView-tCCo7pVS.mjs → ListView-iCqFRGiO.mjs} +5 -5
- package/dist/admin/{ListView-tCCo7pVS.mjs.map → ListView-iCqFRGiO.mjs.map} +1 -1
- package/dist/admin/{ListView-kEuSmXPm.mjs → ListView-jrsV1wF_.mjs} +5 -5
- package/dist/admin/{ListView-kEuSmXPm.mjs.map → ListView-jrsV1wF_.mjs.map} +1 -1
- package/dist/admin/{ListView-MA83TDJF.js → ListView-noYLY_DM.js} +4 -4
- package/dist/admin/{ListView-MA83TDJF.js.map → ListView-noYLY_DM.js.map} +1 -1
- package/dist/admin/{Login-GLcLgHUd.mjs → Login--GgWQano.mjs} +3 -3
- package/dist/admin/{Login-GLcLgHUd.mjs.map → Login--GgWQano.mjs.map} +1 -1
- package/dist/admin/{Login-RrWZQA_X.js → Login-qr72UXGp.js} +3 -3
- package/dist/admin/{Login-RrWZQA_X.js.map → Login-qr72UXGp.js.map} +1 -1
- package/dist/admin/{MagicLinkEE-u0n-nwtv.js → MagicLinkEE-uTufI4yx.js} +3 -3
- package/dist/admin/{MagicLinkEE-u0n-nwtv.js.map → MagicLinkEE-uTufI4yx.js.map} +1 -1
- package/dist/admin/{MagicLinkEE-_qltdLkk.mjs → MagicLinkEE-vQcgXndx.mjs} +3 -3
- package/dist/admin/{MagicLinkEE-_qltdLkk.mjs.map → MagicLinkEE-vQcgXndx.mjs.map} +1 -1
- package/dist/admin/{MarketplacePage-41CstG0b.mjs → MarketplacePage-LRlL_4ys.mjs} +64 -63
- package/dist/admin/MarketplacePage-LRlL_4ys.mjs.map +1 -0
- package/dist/admin/{MarketplacePage-uyOTT12t.js → MarketplacePage-yRWZ54oN.js} +65 -64
- package/dist/admin/MarketplacePage-yRWZ54oN.js.map +1 -0
- package/dist/admin/{Permissions-J2jRpCh_.mjs → Permissions-aSGK8VGG.mjs} +2 -2
- package/dist/admin/{Permissions-J2jRpCh_.mjs.map → Permissions-aSGK8VGG.mjs.map} +1 -1
- package/dist/admin/{Permissions-LMVH6wf4.js → Permissions-bmMBmcv7.js} +2 -2
- package/dist/admin/{Permissions-LMVH6wf4.js.map → Permissions-bmMBmcv7.js.map} +1 -1
- package/dist/admin/{PrivateRoute-ndqg7K6H.js → PrivateRoute-LO9G_pCJ.js} +2 -2
- package/dist/admin/{PrivateRoute-ndqg7K6H.js.map → PrivateRoute-LO9G_pCJ.js.map} +1 -1
- package/dist/admin/{PrivateRoute-4oRTB_tX.mjs → PrivateRoute-S4Lol0B9.mjs} +2 -2
- package/dist/admin/{PrivateRoute-4oRTB_tX.mjs.map → PrivateRoute-S4Lol0B9.mjs.map} +1 -1
- package/dist/admin/{ProfilePage-wxZFen3W.js → ProfilePage-Mte9RhXw.js} +5 -5
- package/dist/admin/ProfilePage-Mte9RhXw.js.map +1 -0
- package/dist/admin/{ProfilePage-zwG0fq_e.mjs → ProfilePage-voofTYei.mjs} +6 -6
- package/dist/admin/ProfilePage-voofTYei.mjs.map +1 -0
- package/dist/admin/{PurchaseAuditLogs-FDPV-ZqU.mjs → PurchaseAuditLogs-8wmVhLCb.mjs} +2 -2
- package/dist/admin/{PurchaseAuditLogs-FDPV-ZqU.mjs.map → PurchaseAuditLogs-8wmVhLCb.mjs.map} +1 -1
- package/dist/admin/{PurchaseAuditLogs-f6iczpRi.js → PurchaseAuditLogs-qxVh-U_P.js} +2 -2
- package/dist/admin/{PurchaseAuditLogs-f6iczpRi.js.map → PurchaseAuditLogs-qxVh-U_P.js.map} +1 -1
- package/dist/admin/{PurchaseSingleSignOn-S0B2HM4d.mjs → PurchaseSingleSignOn-kgjD8gsd.mjs} +2 -2
- package/dist/admin/{PurchaseSingleSignOn-S0B2HM4d.mjs.map → PurchaseSingleSignOn-kgjD8gsd.mjs.map} +1 -1
- package/dist/admin/{PurchaseSingleSignOn-0wXAjOLm.js → PurchaseSingleSignOn-ovEsG_Ud.js} +2 -2
- package/dist/admin/{PurchaseSingleSignOn-0wXAjOLm.js.map → PurchaseSingleSignOn-ovEsG_Ud.js.map} +1 -1
- package/dist/admin/{SelectRoles-h_1srnVz.mjs → SelectRoles-Kzqv2-TI.mjs} +6 -6
- package/dist/admin/SelectRoles-Kzqv2-TI.mjs.map +1 -0
- package/dist/admin/{SelectRoles-MoDtdDcM.js → SelectRoles-pjJ11lBU.js} +7 -7
- package/dist/admin/SelectRoles-pjJ11lBU.js.map +1 -0
- package/dist/admin/{SingleSignOnPage-5CdOsumW.js → SingleSignOnPage-WjL8NvC5.js} +4 -4
- package/dist/admin/{SingleSignOnPage-5CdOsumW.js.map → SingleSignOnPage-WjL8NvC5.js.map} +1 -1
- package/dist/admin/{SingleSignOnPage-AZVczKwR.mjs → SingleSignOnPage-p1fTOytT.mjs} +5 -5
- package/dist/admin/{SingleSignOnPage-AZVczKwR.mjs.map → SingleSignOnPage-p1fTOytT.mjs.map} +1 -1
- package/dist/admin/{Table-EPKfcF5-.mjs → Table-ARSVxoYe.mjs} +12 -19
- package/dist/admin/Table-ARSVxoYe.mjs.map +1 -0
- package/dist/admin/{Table-CpbvaRQh.js → Table-QAvKSSis.js} +12 -19
- package/dist/admin/Table-QAvKSSis.js.map +1 -0
- package/dist/admin/{Theme-PrUuuGtN.mjs → Theme-frC82ceE.mjs} +221 -20
- package/dist/admin/Theme-frC82ceE.mjs.map +1 -0
- package/dist/admin/{Theme-7W0we6BI.js → Theme-y_rWTknM.js} +225 -19
- package/dist/admin/Theme-y_rWTknM.js.map +1 -0
- package/dist/admin/{TokenTypeSelect-yRV19q7R.js → TokenTypeSelect-biZzRJv2.js} +4 -5
- package/dist/admin/{TokenTypeSelect-yRV19q7R.js.map → TokenTypeSelect-biZzRJv2.js.map} +1 -1
- package/dist/admin/{TokenTypeSelect-7Ki5z_3z.mjs → TokenTypeSelect-j-b_9iB9.mjs} +4 -5
- package/dist/admin/{TokenTypeSelect-7Ki5z_3z.mjs.map → TokenTypeSelect-j-b_9iB9.mjs.map} +1 -1
- package/dist/admin/{UseCasePage-as6-3qKD.mjs → UseCasePage-b2VozaZB.mjs} +4 -4
- package/dist/admin/{UseCasePage-as6-3qKD.mjs.map → UseCasePage-b2VozaZB.mjs.map} +1 -1
- package/dist/admin/{UseCasePage-l9OmQYhK.js → UseCasePage-hJH0orUl.js} +4 -4
- package/dist/admin/{UseCasePage-l9OmQYhK.js.map → UseCasePage-hJH0orUl.js.map} +1 -1
- package/dist/admin/{admin-B6AW0Kov.mjs → admin-GZ-AP2T0.mjs} +2 -2
- package/dist/admin/{admin-B6AW0Kov.mjs.map → admin-GZ-AP2T0.mjs.map} +1 -1
- package/dist/admin/{apiTokens-YMUmHnrH.mjs → apiTokens-GQe-GqwZ.mjs} +2 -2
- package/dist/admin/{apiTokens-YMUmHnrH.mjs.map → apiTokens-GQe-GqwZ.mjs.map} +1 -1
- package/dist/admin/{constants-X2uDAtEA.js → constants-bgMqSKBQ.js} +3 -3
- package/dist/admin/{constants-X2uDAtEA.js.map → constants-bgMqSKBQ.js.map} +1 -1
- package/dist/admin/{constants-AYR471DB.mjs → constants-jKuNcrQj.mjs} +3 -3
- package/dist/admin/{constants-AYR471DB.mjs.map → constants-jKuNcrQj.mjs.map} +1 -1
- package/dist/admin/ee.mjs +1 -1
- package/dist/admin/{en-TbnMBjZf.js → en-_1-Nn7iH.js} +3 -2
- package/dist/admin/{en-TbnMBjZf.js.map → en-_1-Nn7iH.js.map} +1 -1
- package/dist/admin/{en-0Ld-ipyI.mjs → en-lDO5lPD0.mjs} +3 -2
- package/dist/admin/{en-0Ld-ipyI.mjs.map → en-lDO5lPD0.mjs.map} +1 -1
- package/dist/admin/{index-Fu3hPmaj.mjs → index-hoTsgrwy.mjs} +136 -279
- package/dist/admin/index-hoTsgrwy.mjs.map +1 -0
- package/dist/admin/{index-w33_0vI-.js → index-we0DbzVF.js} +140 -286
- package/dist/admin/index-we0DbzVF.js.map +1 -0
- package/dist/admin/index.js +5 -4
- package/dist/admin/index.js.map +1 -1
- package/dist/admin/index.mjs +3 -3
- package/dist/admin/{selectors-ZpHhvPK4.mjs → selectors--muHmKGe.mjs} +2 -2
- package/dist/admin/{selectors-ZpHhvPK4.mjs.map → selectors--muHmKGe.mjs.map} +1 -1
- package/dist/admin/{selectors-zQKcCNuz.js → selectors-1ySxKbos.js} +2 -2
- package/dist/admin/{selectors-zQKcCNuz.js.map → selectors-1ySxKbos.js.map} +1 -1
- package/dist/admin/src/StrapiApp.d.ts +8 -6
- package/dist/admin/src/components/Form.d.ts +3 -1
- package/dist/admin/src/components/GuidedTour/Provider.d.ts +0 -4
- package/dist/admin/src/constants.d.ts +10 -0
- package/dist/admin/src/features/Auth.d.ts +1 -1
- package/dist/admin/src/hooks/useRBAC.d.ts +1 -1
- package/dist/admin/src/index.d.ts +3 -0
- package/dist/admin/src/layouts/UnauthenticatedLayout.d.ts +1 -1
- package/dist/admin/src/pages/Marketplace/hooks/useMarketplaceData.d.ts +2 -1
- package/dist/admin/src/pages/Settings/pages/InstalledPlugins.d.ts +3 -0
- package/dist/admin/src/pages/Settings/pages/Roles/components/CollapseLabel.d.ts +1 -1
- package/dist/admin/src/types/permissions.d.ts +3 -1
- package/dist/admin/test.js +3 -3
- package/dist/admin/test.js.map +1 -1
- package/dist/admin/test.mjs +4 -4
- package/dist/admin/test.mjs.map +1 -1
- package/dist/admin/{transferTokens-CNI0TFdA.mjs → transferTokens-v8tNpI_l.mjs} +2 -2
- package/dist/admin/{transferTokens-CNI0TFdA.mjs.map → transferTokens-v8tNpI_l.mjs.map} +1 -1
- package/dist/admin/{useAdminRoles-w6h8NFK5.js → useAdminRoles-0gM7o3f2.js} +2 -2
- package/dist/admin/{useAdminRoles-w6h8NFK5.js.map → useAdminRoles-0gM7o3f2.js.map} +1 -1
- package/dist/admin/{useAdminRoles-lDesL4gN.mjs → useAdminRoles-uRNvxyDX.mjs} +2 -2
- package/dist/admin/{useAdminRoles-lDesL4gN.mjs.map → useAdminRoles-uRNvxyDX.mjs.map} +1 -1
- package/dist/admin/{useLicenseLimitNotification-PaR7jmqd.mjs → useLicenseLimitNotification-Qx_rSpUQ.mjs} +3 -3
- package/dist/admin/{useLicenseLimitNotification-PaR7jmqd.mjs.map → useLicenseLimitNotification-Qx_rSpUQ.mjs.map} +1 -1
- package/dist/admin/{useLicenseLimitNotification-g1vq6nzk.js → useLicenseLimitNotification-eau4ja6h.js} +2 -2
- package/dist/admin/{useLicenseLimitNotification-g1vq6nzk.js.map → useLicenseLimitNotification-eau4ja6h.js.map} +1 -1
- package/dist/admin/{useLicenseLimits-Jy6E6qc2.mjs → useLicenseLimits-j5znikzW.mjs} +2 -2
- package/dist/admin/{useLicenseLimits-Jy6E6qc2.mjs.map → useLicenseLimits-j5znikzW.mjs.map} +1 -1
- package/dist/admin/{useWebhooks-7thg-d57.mjs → useWebhooks-upF7mgdZ.mjs} +2 -2
- package/dist/admin/{useWebhooks-7thg-d57.mjs.map → useWebhooks-upF7mgdZ.mjs.map} +1 -1
- package/dist/admin/{validation-IcNGA_ef.mjs → validation-OR7t0a-C.mjs} +4 -4
- package/dist/admin/validation-OR7t0a-C.mjs.map +1 -0
- package/dist/admin/{validation-4SWh9S5z.js → validation-VuxEFW4W.js} +4 -4
- package/dist/admin/validation-VuxEFW4W.js.map +1 -0
- package/dist/ee/server/src/audit-logs/content-types/audit-log.d.ts +41 -0
- package/dist/ee/server/src/audit-logs/content-types/audit-log.d.ts.map +1 -0
- package/dist/ee/server/src/audit-logs/controllers/audit-logs.d.ts +7 -0
- package/dist/ee/server/src/audit-logs/controllers/audit-logs.d.ts.map +1 -0
- package/dist/ee/server/src/audit-logs/routes/audit-logs.d.ts +19 -0
- package/dist/ee/server/src/audit-logs/routes/audit-logs.d.ts.map +1 -0
- package/dist/ee/server/src/audit-logs/services/audit-logs.d.ts +27 -0
- package/dist/ee/server/src/audit-logs/services/audit-logs.d.ts.map +1 -0
- package/dist/ee/server/src/audit-logs/services/lifecycles.d.ts +12 -0
- package/dist/ee/server/src/audit-logs/services/lifecycles.d.ts.map +1 -0
- package/dist/ee/server/src/audit-logs/validation/audit-logs.d.ts +6 -0
- package/dist/ee/server/src/audit-logs/validation/audit-logs.d.ts.map +1 -0
- package/dist/ee/server/src/bootstrap.d.ts +3 -0
- package/dist/ee/server/src/bootstrap.d.ts.map +1 -0
- package/dist/ee/server/src/config/admin-actions.d.ts +20 -0
- package/dist/ee/server/src/config/admin-actions.d.ts.map +1 -0
- package/dist/ee/server/src/content-types/index.d.ts +3 -0
- package/dist/ee/server/src/content-types/index.d.ts.map +1 -0
- package/dist/ee/server/src/controllers/admin.d.ts +29 -0
- package/dist/ee/server/src/controllers/admin.d.ts.map +1 -0
- package/dist/ee/server/src/controllers/authentication-utils/constants.d.ts +10 -0
- package/dist/ee/server/src/controllers/authentication-utils/constants.d.ts.map +1 -0
- package/dist/ee/server/src/controllers/authentication-utils/index.d.ts +5 -0
- package/dist/ee/server/src/controllers/authentication-utils/index.d.ts.map +1 -0
- package/dist/ee/server/src/controllers/authentication-utils/middlewares.d.ts +9 -0
- package/dist/ee/server/src/controllers/authentication-utils/middlewares.d.ts.map +1 -0
- package/dist/ee/server/src/controllers/authentication-utils/utils.d.ts +55 -0
- package/dist/ee/server/src/controllers/authentication-utils/utils.d.ts.map +1 -0
- package/dist/ee/server/src/controllers/authentication.d.ts +9 -0
- package/dist/ee/server/src/controllers/authentication.d.ts.map +1 -0
- package/dist/ee/server/src/controllers/index.d.ts +48 -0
- package/dist/ee/server/src/controllers/index.d.ts.map +1 -0
- package/dist/ee/server/src/controllers/role.d.ts +20 -0
- package/dist/ee/server/src/controllers/role.d.ts.map +1 -0
- package/dist/ee/server/src/controllers/user.d.ts +8 -0
- package/dist/ee/server/src/controllers/user.d.ts.map +1 -0
- package/dist/ee/server/src/destroy.d.ts +6 -0
- package/dist/ee/server/src/destroy.d.ts.map +1 -0
- package/dist/ee/server/src/index.d.ts +380 -0
- package/dist/ee/server/src/index.d.ts.map +1 -0
- package/dist/ee/server/src/register.d.ts +6 -0
- package/dist/ee/server/src/register.d.ts.map +1 -0
- package/dist/ee/server/src/routes/index.d.ts +47 -0
- package/dist/ee/server/src/routes/index.d.ts.map +1 -0
- package/dist/ee/server/src/routes/license-limit.d.ts +18 -0
- package/dist/ee/server/src/routes/license-limit.d.ts.map +1 -0
- package/dist/ee/server/src/routes/sso.d.ts +29 -0
- package/dist/ee/server/src/routes/sso.d.ts.map +1 -0
- package/dist/ee/server/src/routes/utils.d.ts +3 -0
- package/dist/ee/server/src/routes/utils.d.ts.map +1 -0
- package/dist/ee/server/src/services/auth.d.ts +6 -0
- package/dist/ee/server/src/services/auth.d.ts.map +1 -0
- package/dist/ee/server/src/services/index.d.ts +39 -0
- package/dist/ee/server/src/services/index.d.ts.map +1 -0
- package/dist/ee/server/src/services/metrics.d.ts +8 -0
- package/dist/ee/server/src/services/metrics.d.ts.map +1 -0
- package/dist/ee/server/src/services/passport/provider-registry.d.ts +4 -0
- package/dist/ee/server/src/services/passport/provider-registry.d.ts.map +1 -0
- package/dist/ee/server/src/services/passport/sso.d.ts +19 -0
- package/dist/ee/server/src/services/passport/sso.d.ts.map +1 -0
- package/dist/ee/server/src/services/passport.d.ts +13 -0
- package/dist/ee/server/src/services/passport.d.ts.map +1 -0
- package/dist/ee/server/src/services/role.d.ts +5 -0
- package/dist/ee/server/src/services/role.d.ts.map +1 -0
- package/dist/ee/server/src/services/seat-enforcement.d.ts +6 -0
- package/dist/ee/server/src/services/seat-enforcement.d.ts.map +1 -0
- package/dist/ee/server/src/services/user.d.ts +10 -0
- package/dist/ee/server/src/services/user.d.ts.map +1 -0
- package/dist/ee/server/src/utils/index.d.ts +11 -0
- package/dist/ee/server/src/utils/index.d.ts.map +1 -0
- package/dist/ee/server/src/utils/persisted-tables.d.ts +42 -0
- package/dist/ee/server/src/utils/persisted-tables.d.ts.map +1 -0
- package/dist/ee/server/src/utils/sso-lock.d.ts +6 -0
- package/dist/ee/server/src/utils/sso-lock.d.ts.map +1 -0
- package/dist/ee/server/src/validation/authentication.d.ts +15 -0
- package/dist/ee/server/src/validation/authentication.d.ts.map +1 -0
- package/dist/ee/server/src/validation/role.d.ts +21 -0
- package/dist/ee/server/src/validation/role.d.ts.map +1 -0
- package/dist/ee/server/src/validation/user.d.ts +19 -0
- package/dist/ee/server/src/validation/user.d.ts.map +1 -0
- package/dist/package.json.d.ts +10 -9
- package/dist/server/index.js +1891 -538
- package/dist/server/index.js.map +1 -1
- package/dist/server/index.mjs +1687 -333
- package/dist/server/index.mjs.map +1 -1
- package/dist/server/src/domain/action/provider.d.ts +1 -1
- package/dist/server/src/domain/condition/provider.d.ts +3 -1
- package/dist/server/src/domain/condition/provider.d.ts.map +1 -1
- package/dist/server/src/index.d.ts +738 -10
- package/dist/server/src/index.d.ts.map +1 -1
- package/dist/server/src/services/permission.d.ts +4 -2
- package/dist/server/src/services/permission.d.ts.map +1 -1
- package/dist/shared/contracts/admin.d.ts +1 -0
- package/dist/shared/contracts/admin.d.ts.map +1 -1
- package/dist/shared/contracts/user.d.ts +1 -1
- package/dist/shared/contracts/user.d.ts.map +1 -1
- package/package.json +17 -16
- package/dist/admin/AuthenticatedLayout-06fn7qrH.mjs.map +0 -1
- package/dist/admin/AuthenticatedLayout-eKDwvUFO.js.map +0 -1
- package/dist/admin/ContentBox-3MRTNw0X.js +0 -43
- package/dist/admin/ContentBox-3MRTNw0X.js.map +0 -1
- package/dist/admin/ContentBox-9LBDzws0.mjs +0 -41
- package/dist/admin/ContentBox-9LBDzws0.mjs.map +0 -1
- package/dist/admin/CreatePage-bdWb1wg4.mjs.map +0 -1
- package/dist/admin/CreatePage-t5HQUOqJ.js.map +0 -1
- package/dist/admin/EditPage-A7-BewPd.mjs.map +0 -1
- package/dist/admin/EditPage-Lw36XG9G.js.map +0 -1
- package/dist/admin/EditPage-cWJ8V1BK.mjs.map +0 -1
- package/dist/admin/EditPage-pTQCDncU.js.map +0 -1
- package/dist/admin/EditView-HygMdUSf.mjs.map +0 -1
- package/dist/admin/EditView-KzdDTSO-.js.map +0 -1
- package/dist/admin/HomePage-dyDldozB.mjs.map +0 -1
- package/dist/admin/HomePage-ywYHZHMa.js.map +0 -1
- package/dist/admin/InstalledPluginsPage-3OSkplVn.mjs.map +0 -1
- package/dist/admin/InstalledPluginsPage-JkruwT2d.js.map +0 -1
- package/dist/admin/ListPage-DHUp0PDw.js.map +0 -1
- package/dist/admin/ListPage-hNIbvh17.mjs.map +0 -1
- package/dist/admin/MarketplacePage-41CstG0b.mjs.map +0 -1
- package/dist/admin/MarketplacePage-uyOTT12t.js.map +0 -1
- package/dist/admin/ProfilePage-wxZFen3W.js.map +0 -1
- package/dist/admin/ProfilePage-zwG0fq_e.mjs.map +0 -1
- package/dist/admin/SelectRoles-MoDtdDcM.js.map +0 -1
- package/dist/admin/SelectRoles-h_1srnVz.mjs.map +0 -1
- package/dist/admin/Table-CpbvaRQh.js.map +0 -1
- package/dist/admin/Table-EPKfcF5-.mjs.map +0 -1
- package/dist/admin/Theme-7W0we6BI.js.map +0 -1
- package/dist/admin/Theme-PrUuuGtN.mjs.map +0 -1
- package/dist/admin/index-Fu3hPmaj.mjs.map +0 -1
- package/dist/admin/index-w33_0vI-.js.map +0 -1
- package/dist/admin/src/pages/InstalledPluginsPage.d.ts +0 -3
- package/dist/admin/validation-4SWh9S5z.js.map +0 -1
- package/dist/admin/validation-IcNGA_ef.mjs.map +0 -1
- package/dist/ee/server/index.js +0 -2193
- package/dist/ee/server/index.js.map +0 -1
- package/dist/ee/server/index.mjs +0 -2188
- package/dist/ee/server/index.mjs.map +0 -1
- package/strapi-server.js +0 -18
package/dist/ee/server/index.js
DELETED
|
@@ -1,2193 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
const path = require("path");
|
|
3
|
-
const fse = require("fs-extra");
|
|
4
|
-
const koaStatic = require("koa-static");
|
|
5
|
-
const fp = require("lodash/fp");
|
|
6
|
-
const dateFns = require("date-fns");
|
|
7
|
-
const utils$1 = require("@strapi/utils");
|
|
8
|
-
require("@strapi/types");
|
|
9
|
-
const _ = require("lodash");
|
|
10
|
-
const passportLocal = require("passport-local");
|
|
11
|
-
const passport$2 = require("koa-passport");
|
|
12
|
-
const compose = require("koa-compose");
|
|
13
|
-
const nodeSchedule = require("node-schedule");
|
|
14
|
-
const _interopDefault = (e) => e && e.__esModule ? e : { default: e };
|
|
15
|
-
const fse__default = /* @__PURE__ */ _interopDefault(fse);
|
|
16
|
-
const koaStatic__default = /* @__PURE__ */ _interopDefault(koaStatic);
|
|
17
|
-
const ___default = /* @__PURE__ */ _interopDefault(_);
|
|
18
|
-
const passport__default = /* @__PURE__ */ _interopDefault(passport$2);
|
|
19
|
-
const compose__default = /* @__PURE__ */ _interopDefault(compose);
|
|
20
|
-
const registerAdminPanelRoute = ({ strapi: strapi2 }) => {
|
|
21
|
-
let buildDir = path.resolve(strapi2.dirs.dist.root, "build");
|
|
22
|
-
if (!fse__default.default.pathExistsSync(buildDir)) {
|
|
23
|
-
buildDir = path.resolve(__dirname, "../../build");
|
|
24
|
-
}
|
|
25
|
-
const serveAdminMiddleware = async (ctx, next) => {
|
|
26
|
-
await next();
|
|
27
|
-
if (ctx.method !== "HEAD" && ctx.method !== "GET") {
|
|
28
|
-
return;
|
|
29
|
-
}
|
|
30
|
-
if (ctx.body != null || ctx.status !== 404) {
|
|
31
|
-
return;
|
|
32
|
-
}
|
|
33
|
-
ctx.type = "html";
|
|
34
|
-
ctx.body = fse__default.default.createReadStream(path.join(buildDir, "index.html"));
|
|
35
|
-
};
|
|
36
|
-
strapi2.server.routes([
|
|
37
|
-
{
|
|
38
|
-
method: "GET",
|
|
39
|
-
path: `${strapi2.config.admin.path}/:path*`,
|
|
40
|
-
handler: [
|
|
41
|
-
serveAdminMiddleware,
|
|
42
|
-
serveStatic(buildDir, {
|
|
43
|
-
maxage: 31536e3,
|
|
44
|
-
defer: false,
|
|
45
|
-
index: "index.html",
|
|
46
|
-
setHeaders(res, path$1) {
|
|
47
|
-
const ext = path.extname(path$1);
|
|
48
|
-
if (ext !== ".html") {
|
|
49
|
-
res.setHeader("cache-control", "public, max-age=31536000, immutable");
|
|
50
|
-
}
|
|
51
|
-
}
|
|
52
|
-
})
|
|
53
|
-
],
|
|
54
|
-
config: { auth: false }
|
|
55
|
-
}
|
|
56
|
-
]);
|
|
57
|
-
};
|
|
58
|
-
const serveStatic = (filesDir, koaStaticOptions = {}) => {
|
|
59
|
-
const serve = koaStatic__default.default(filesDir, koaStaticOptions);
|
|
60
|
-
return async (ctx, next) => {
|
|
61
|
-
const prev = ctx.path;
|
|
62
|
-
const newPath = path.basename(ctx.path);
|
|
63
|
-
ctx.path = newPath;
|
|
64
|
-
await serve(ctx, async () => {
|
|
65
|
-
ctx.path = prev;
|
|
66
|
-
await next();
|
|
67
|
-
ctx.path = newPath;
|
|
68
|
-
});
|
|
69
|
-
ctx.path = prev;
|
|
70
|
-
};
|
|
71
|
-
};
|
|
72
|
-
const getService$1 = (name2) => {
|
|
73
|
-
return strapi.service(`admin::${name2}`);
|
|
74
|
-
};
|
|
75
|
-
const authenticate$2 = async (ctx) => {
|
|
76
|
-
const { authorization } = ctx.request.header;
|
|
77
|
-
if (!authorization) {
|
|
78
|
-
return { authenticated: false };
|
|
79
|
-
}
|
|
80
|
-
const parts = authorization.split(/\s+/);
|
|
81
|
-
if (parts[0].toLowerCase() !== "bearer" || parts.length !== 2) {
|
|
82
|
-
return { authenticated: false };
|
|
83
|
-
}
|
|
84
|
-
const token = parts[1];
|
|
85
|
-
const { payload, isValid } = getService$1("token").decodeJwtToken(token);
|
|
86
|
-
if (!isValid) {
|
|
87
|
-
return { authenticated: false };
|
|
88
|
-
}
|
|
89
|
-
const user2 = await strapi.db.query("admin::user").findOne({ where: { id: payload.id }, populate: ["roles"] });
|
|
90
|
-
if (!user2 || !(user2.isActive === true)) {
|
|
91
|
-
return { authenticated: false };
|
|
92
|
-
}
|
|
93
|
-
const userAbility = await getService$1("permission").engine.generateUserAbility(user2);
|
|
94
|
-
ctx.state.userAbility = userAbility;
|
|
95
|
-
ctx.state.user = user2;
|
|
96
|
-
return {
|
|
97
|
-
authenticated: true,
|
|
98
|
-
credentials: user2,
|
|
99
|
-
ability: userAbility
|
|
100
|
-
};
|
|
101
|
-
};
|
|
102
|
-
const name = "admin";
|
|
103
|
-
const adminAuthStrategy = {
|
|
104
|
-
name,
|
|
105
|
-
authenticate: authenticate$2
|
|
106
|
-
};
|
|
107
|
-
const DAY_IN_MS = 24 * 60 * 60 * 1e3;
|
|
108
|
-
const constants = {
|
|
109
|
-
CONTENT_TYPE_SECTION: "contentTypes",
|
|
110
|
-
SUPER_ADMIN_CODE: "strapi-super-admin",
|
|
111
|
-
EDITOR_CODE: "strapi-editor",
|
|
112
|
-
AUTHOR_CODE: "strapi-author",
|
|
113
|
-
READ_ACTION: "plugin::content-manager.explorer.read",
|
|
114
|
-
CREATE_ACTION: "plugin::content-manager.explorer.create",
|
|
115
|
-
UPDATE_ACTION: "plugin::content-manager.explorer.update",
|
|
116
|
-
DELETE_ACTION: "plugin::content-manager.explorer.delete",
|
|
117
|
-
PUBLISH_ACTION: "plugin::content-manager.explorer.publish",
|
|
118
|
-
API_TOKEN_TYPE: {
|
|
119
|
-
READ_ONLY: "read-only",
|
|
120
|
-
FULL_ACCESS: "full-access",
|
|
121
|
-
CUSTOM: "custom"
|
|
122
|
-
},
|
|
123
|
-
// The front-end only displays these values
|
|
124
|
-
API_TOKEN_LIFESPANS: {
|
|
125
|
-
UNLIMITED: null,
|
|
126
|
-
DAYS_7: 7 * DAY_IN_MS,
|
|
127
|
-
DAYS_30: 30 * DAY_IN_MS,
|
|
128
|
-
DAYS_90: 90 * DAY_IN_MS
|
|
129
|
-
},
|
|
130
|
-
TRANSFER_TOKEN_TYPE: {
|
|
131
|
-
PUSH: "push",
|
|
132
|
-
PULL: "pull"
|
|
133
|
-
},
|
|
134
|
-
TRANSFER_TOKEN_LIFESPANS: {
|
|
135
|
-
UNLIMITED: null,
|
|
136
|
-
DAYS_7: 7 * DAY_IN_MS,
|
|
137
|
-
DAYS_30: 30 * DAY_IN_MS,
|
|
138
|
-
DAYS_90: 90 * DAY_IN_MS
|
|
139
|
-
}
|
|
140
|
-
};
|
|
141
|
-
const { UnauthorizedError: UnauthorizedError$1, ForbiddenError: ForbiddenError$1 } = utils$1.errors;
|
|
142
|
-
const isReadScope = (scope) => scope.endsWith("find") || scope.endsWith("findOne");
|
|
143
|
-
const extractToken = (ctx) => {
|
|
144
|
-
if (ctx.request && ctx.request.header && ctx.request.header.authorization) {
|
|
145
|
-
const parts = ctx.request.header.authorization.split(/\s+/);
|
|
146
|
-
if (parts[0].toLowerCase() !== "bearer" || parts.length !== 2) {
|
|
147
|
-
return null;
|
|
148
|
-
}
|
|
149
|
-
return parts[1];
|
|
150
|
-
}
|
|
151
|
-
return null;
|
|
152
|
-
};
|
|
153
|
-
const authenticate$1 = async (ctx) => {
|
|
154
|
-
const apiTokenService = getService$1("api-token");
|
|
155
|
-
const token = extractToken(ctx);
|
|
156
|
-
if (!token) {
|
|
157
|
-
return { authenticated: false };
|
|
158
|
-
}
|
|
159
|
-
const apiToken = await apiTokenService.getBy({
|
|
160
|
-
accessKey: apiTokenService.hash(token)
|
|
161
|
-
});
|
|
162
|
-
if (!apiToken) {
|
|
163
|
-
return { authenticated: false };
|
|
164
|
-
}
|
|
165
|
-
const currentDate = /* @__PURE__ */ new Date();
|
|
166
|
-
if (!fp.isNil(apiToken.expiresAt)) {
|
|
167
|
-
const expirationDate = new Date(apiToken.expiresAt);
|
|
168
|
-
if (expirationDate < currentDate) {
|
|
169
|
-
return { authenticated: false, error: new UnauthorizedError$1("Token expired") };
|
|
170
|
-
}
|
|
171
|
-
}
|
|
172
|
-
const hoursSinceLastUsed = dateFns.differenceInHours(currentDate, dateFns.parseISO(apiToken.lastUsedAt));
|
|
173
|
-
if (hoursSinceLastUsed >= 1) {
|
|
174
|
-
await strapi.db.query("admin::api-token").update({
|
|
175
|
-
where: { id: apiToken.id },
|
|
176
|
-
data: { lastUsedAt: currentDate }
|
|
177
|
-
});
|
|
178
|
-
}
|
|
179
|
-
if (apiToken.type === constants.API_TOKEN_TYPE.CUSTOM) {
|
|
180
|
-
const ability = await strapi.contentAPI.permissions.engine.generateAbility(
|
|
181
|
-
apiToken.permissions.map((action) => ({ action }))
|
|
182
|
-
);
|
|
183
|
-
return { authenticated: true, ability, credentials: apiToken };
|
|
184
|
-
}
|
|
185
|
-
return { authenticated: true, credentials: apiToken };
|
|
186
|
-
};
|
|
187
|
-
const verify = (auth2, config) => {
|
|
188
|
-
const { credentials: apiToken, ability } = auth2;
|
|
189
|
-
if (!apiToken) {
|
|
190
|
-
throw new UnauthorizedError$1("Token not found");
|
|
191
|
-
}
|
|
192
|
-
const currentDate = /* @__PURE__ */ new Date();
|
|
193
|
-
if (!fp.isNil(apiToken.expiresAt)) {
|
|
194
|
-
const expirationDate = new Date(apiToken.expiresAt);
|
|
195
|
-
if (expirationDate < currentDate) {
|
|
196
|
-
throw new UnauthorizedError$1("Token expired");
|
|
197
|
-
}
|
|
198
|
-
}
|
|
199
|
-
if (apiToken.type === constants.API_TOKEN_TYPE.FULL_ACCESS) {
|
|
200
|
-
return;
|
|
201
|
-
}
|
|
202
|
-
if (apiToken.type === constants.API_TOKEN_TYPE.READ_ONLY) {
|
|
203
|
-
const scopes = fp.castArray(config.scope);
|
|
204
|
-
if (config.scope && scopes.every(isReadScope)) {
|
|
205
|
-
return;
|
|
206
|
-
}
|
|
207
|
-
} else if (apiToken.type === constants.API_TOKEN_TYPE.CUSTOM) {
|
|
208
|
-
if (!ability) {
|
|
209
|
-
throw new ForbiddenError$1();
|
|
210
|
-
}
|
|
211
|
-
const scopes = fp.castArray(config.scope);
|
|
212
|
-
const isAllowed = scopes.every((scope) => ability.can(scope));
|
|
213
|
-
if (isAllowed) {
|
|
214
|
-
return;
|
|
215
|
-
}
|
|
216
|
-
}
|
|
217
|
-
throw new ForbiddenError$1();
|
|
218
|
-
};
|
|
219
|
-
const apiTokenAuthStrategy = {
|
|
220
|
-
name: "api-token",
|
|
221
|
-
authenticate: authenticate$1,
|
|
222
|
-
verify
|
|
223
|
-
};
|
|
224
|
-
const executeCERegister = ({ strapi: strapi2 }) => {
|
|
225
|
-
const passportMiddleware = strapi2.service("admin::passport").init();
|
|
226
|
-
strapi2.server.api("admin").use(passportMiddleware);
|
|
227
|
-
strapi2.get("auth").register("admin", adminAuthStrategy);
|
|
228
|
-
strapi2.get("auth").register("content-api", apiTokenAuthStrategy);
|
|
229
|
-
if (strapi2.config.get("admin.serveAdminPanel")) {
|
|
230
|
-
registerAdminPanelRoute({ strapi: strapi2 });
|
|
231
|
-
}
|
|
232
|
-
};
|
|
233
|
-
const register = async ({ strapi: strapi2 }) => {
|
|
234
|
-
await executeCERegister({ strapi: strapi2 });
|
|
235
|
-
};
|
|
236
|
-
const actions$1 = [
|
|
237
|
-
{
|
|
238
|
-
uid: "marketplace.read",
|
|
239
|
-
displayName: "Access the marketplace",
|
|
240
|
-
pluginName: "admin",
|
|
241
|
-
section: "settings",
|
|
242
|
-
category: "plugins and marketplace",
|
|
243
|
-
subCategory: "marketplace"
|
|
244
|
-
},
|
|
245
|
-
{
|
|
246
|
-
uid: "webhooks.create",
|
|
247
|
-
displayName: "Create",
|
|
248
|
-
pluginName: "admin",
|
|
249
|
-
section: "settings",
|
|
250
|
-
category: "webhooks"
|
|
251
|
-
},
|
|
252
|
-
{
|
|
253
|
-
uid: "webhooks.read",
|
|
254
|
-
displayName: "Read",
|
|
255
|
-
pluginName: "admin",
|
|
256
|
-
section: "settings",
|
|
257
|
-
category: "webhooks"
|
|
258
|
-
},
|
|
259
|
-
{
|
|
260
|
-
uid: "webhooks.update",
|
|
261
|
-
displayName: "Update",
|
|
262
|
-
pluginName: "admin",
|
|
263
|
-
section: "settings",
|
|
264
|
-
category: "webhooks"
|
|
265
|
-
},
|
|
266
|
-
{
|
|
267
|
-
uid: "webhooks.delete",
|
|
268
|
-
displayName: "Delete",
|
|
269
|
-
pluginName: "admin",
|
|
270
|
-
section: "settings",
|
|
271
|
-
category: "webhooks"
|
|
272
|
-
},
|
|
273
|
-
{
|
|
274
|
-
uid: "users.create",
|
|
275
|
-
displayName: "Create (invite)",
|
|
276
|
-
pluginName: "admin",
|
|
277
|
-
section: "settings",
|
|
278
|
-
category: "users and roles",
|
|
279
|
-
subCategory: "users"
|
|
280
|
-
},
|
|
281
|
-
{
|
|
282
|
-
uid: "users.read",
|
|
283
|
-
displayName: "Read",
|
|
284
|
-
pluginName: "admin",
|
|
285
|
-
section: "settings",
|
|
286
|
-
category: "users and roles",
|
|
287
|
-
subCategory: "users",
|
|
288
|
-
aliases: [
|
|
289
|
-
{
|
|
290
|
-
actionId: "plugin::content-manager.explorer.read",
|
|
291
|
-
subjects: ["admin::user"]
|
|
292
|
-
}
|
|
293
|
-
]
|
|
294
|
-
},
|
|
295
|
-
{
|
|
296
|
-
uid: "users.update",
|
|
297
|
-
displayName: "Update",
|
|
298
|
-
pluginName: "admin",
|
|
299
|
-
section: "settings",
|
|
300
|
-
category: "users and roles",
|
|
301
|
-
subCategory: "users"
|
|
302
|
-
},
|
|
303
|
-
{
|
|
304
|
-
uid: "users.delete",
|
|
305
|
-
displayName: "Delete",
|
|
306
|
-
pluginName: "admin",
|
|
307
|
-
section: "settings",
|
|
308
|
-
category: "users and roles",
|
|
309
|
-
subCategory: "users"
|
|
310
|
-
},
|
|
311
|
-
{
|
|
312
|
-
uid: "roles.create",
|
|
313
|
-
displayName: "Create",
|
|
314
|
-
pluginName: "admin",
|
|
315
|
-
section: "settings",
|
|
316
|
-
category: "users and roles",
|
|
317
|
-
subCategory: "roles"
|
|
318
|
-
},
|
|
319
|
-
{
|
|
320
|
-
uid: "roles.read",
|
|
321
|
-
displayName: "Read",
|
|
322
|
-
pluginName: "admin",
|
|
323
|
-
section: "settings",
|
|
324
|
-
category: "users and roles",
|
|
325
|
-
subCategory: "roles",
|
|
326
|
-
aliases: [
|
|
327
|
-
{
|
|
328
|
-
actionId: "plugin::content-manager.explorer.read",
|
|
329
|
-
subjects: ["admin::role"]
|
|
330
|
-
}
|
|
331
|
-
]
|
|
332
|
-
},
|
|
333
|
-
{
|
|
334
|
-
uid: "roles.update",
|
|
335
|
-
displayName: "Update",
|
|
336
|
-
pluginName: "admin",
|
|
337
|
-
section: "settings",
|
|
338
|
-
category: "users and roles",
|
|
339
|
-
subCategory: "roles"
|
|
340
|
-
},
|
|
341
|
-
{
|
|
342
|
-
uid: "roles.delete",
|
|
343
|
-
displayName: "Delete",
|
|
344
|
-
pluginName: "admin",
|
|
345
|
-
section: "settings",
|
|
346
|
-
category: "users and roles",
|
|
347
|
-
subCategory: "roles"
|
|
348
|
-
},
|
|
349
|
-
{
|
|
350
|
-
uid: "api-tokens.access",
|
|
351
|
-
displayName: "Access the API tokens settings page",
|
|
352
|
-
pluginName: "admin",
|
|
353
|
-
section: "settings",
|
|
354
|
-
category: "api tokens",
|
|
355
|
-
subCategory: "api Tokens"
|
|
356
|
-
},
|
|
357
|
-
{
|
|
358
|
-
uid: "api-tokens.create",
|
|
359
|
-
displayName: "Create (generate)",
|
|
360
|
-
pluginName: "admin",
|
|
361
|
-
section: "settings",
|
|
362
|
-
category: "api tokens",
|
|
363
|
-
subCategory: "general"
|
|
364
|
-
},
|
|
365
|
-
{
|
|
366
|
-
uid: "api-tokens.read",
|
|
367
|
-
displayName: "Read",
|
|
368
|
-
pluginName: "admin",
|
|
369
|
-
section: "settings",
|
|
370
|
-
category: "api tokens",
|
|
371
|
-
subCategory: "general"
|
|
372
|
-
},
|
|
373
|
-
{
|
|
374
|
-
uid: "api-tokens.update",
|
|
375
|
-
displayName: "Update",
|
|
376
|
-
pluginName: "admin",
|
|
377
|
-
section: "settings",
|
|
378
|
-
category: "api tokens",
|
|
379
|
-
subCategory: "general"
|
|
380
|
-
},
|
|
381
|
-
{
|
|
382
|
-
uid: "api-tokens.regenerate",
|
|
383
|
-
displayName: "Regenerate",
|
|
384
|
-
pluginName: "admin",
|
|
385
|
-
section: "settings",
|
|
386
|
-
category: "api tokens",
|
|
387
|
-
subCategory: "general"
|
|
388
|
-
},
|
|
389
|
-
{
|
|
390
|
-
uid: "api-tokens.delete",
|
|
391
|
-
displayName: "Delete (revoke)",
|
|
392
|
-
pluginName: "admin",
|
|
393
|
-
section: "settings",
|
|
394
|
-
category: "api tokens",
|
|
395
|
-
subCategory: "general"
|
|
396
|
-
},
|
|
397
|
-
{
|
|
398
|
-
uid: "project-settings.update",
|
|
399
|
-
displayName: "Update the project level settings",
|
|
400
|
-
pluginName: "admin",
|
|
401
|
-
section: "settings",
|
|
402
|
-
category: "project"
|
|
403
|
-
},
|
|
404
|
-
{
|
|
405
|
-
uid: "project-settings.read",
|
|
406
|
-
displayName: "Read the project level settings",
|
|
407
|
-
pluginName: "admin",
|
|
408
|
-
section: "settings",
|
|
409
|
-
category: "project"
|
|
410
|
-
},
|
|
411
|
-
{
|
|
412
|
-
uid: "transfer.tokens.access",
|
|
413
|
-
displayName: "Access the transfer tokens settings page",
|
|
414
|
-
pluginName: "admin",
|
|
415
|
-
section: "settings",
|
|
416
|
-
category: "transfer tokens",
|
|
417
|
-
subCategory: "transfer tokens"
|
|
418
|
-
},
|
|
419
|
-
{
|
|
420
|
-
uid: "transfer.tokens.create",
|
|
421
|
-
displayName: "Create (generate)",
|
|
422
|
-
pluginName: "admin",
|
|
423
|
-
section: "settings",
|
|
424
|
-
category: "transfer tokens",
|
|
425
|
-
subCategory: "general"
|
|
426
|
-
},
|
|
427
|
-
{
|
|
428
|
-
uid: "transfer.tokens.read",
|
|
429
|
-
displayName: "Read",
|
|
430
|
-
pluginName: "admin",
|
|
431
|
-
section: "settings",
|
|
432
|
-
category: "transfer tokens",
|
|
433
|
-
subCategory: "general"
|
|
434
|
-
},
|
|
435
|
-
{
|
|
436
|
-
uid: "transfer.tokens.update",
|
|
437
|
-
displayName: "Update",
|
|
438
|
-
pluginName: "admin",
|
|
439
|
-
section: "settings",
|
|
440
|
-
category: "transfer tokens",
|
|
441
|
-
subCategory: "general"
|
|
442
|
-
},
|
|
443
|
-
{
|
|
444
|
-
uid: "transfer.tokens.regenerate",
|
|
445
|
-
displayName: "Regenerate",
|
|
446
|
-
pluginName: "admin",
|
|
447
|
-
section: "settings",
|
|
448
|
-
category: "transfer tokens",
|
|
449
|
-
subCategory: "general"
|
|
450
|
-
},
|
|
451
|
-
{
|
|
452
|
-
uid: "transfer.tokens.delete",
|
|
453
|
-
displayName: "Delete (revoke)",
|
|
454
|
-
pluginName: "admin",
|
|
455
|
-
section: "settings",
|
|
456
|
-
category: "transfer tokens",
|
|
457
|
-
subCategory: "general"
|
|
458
|
-
}
|
|
459
|
-
];
|
|
460
|
-
const adminActions = {
|
|
461
|
-
actions: actions$1
|
|
462
|
-
};
|
|
463
|
-
const conditions = [
|
|
464
|
-
{
|
|
465
|
-
displayName: "Is creator",
|
|
466
|
-
name: "is-creator",
|
|
467
|
-
plugin: "admin",
|
|
468
|
-
handler: (user2) => ({ "createdBy.id": user2.id })
|
|
469
|
-
},
|
|
470
|
-
{
|
|
471
|
-
displayName: "Has same role as creator",
|
|
472
|
-
name: "has-same-role-as-creator",
|
|
473
|
-
plugin: "admin",
|
|
474
|
-
handler: (user2) => ({
|
|
475
|
-
"createdBy.roles": {
|
|
476
|
-
$elemMatch: {
|
|
477
|
-
id: {
|
|
478
|
-
$in: user2.roles.map((r) => r.id)
|
|
479
|
-
}
|
|
480
|
-
}
|
|
481
|
-
}
|
|
482
|
-
})
|
|
483
|
-
}
|
|
484
|
-
];
|
|
485
|
-
const adminConditions = {
|
|
486
|
-
conditions
|
|
487
|
-
};
|
|
488
|
-
const defaultAdminAuthSettings = {
|
|
489
|
-
providers: {
|
|
490
|
-
autoRegister: false,
|
|
491
|
-
defaultRole: null,
|
|
492
|
-
ssoLockedRoles: null
|
|
493
|
-
}
|
|
494
|
-
};
|
|
495
|
-
const registerPermissionActions = async () => {
|
|
496
|
-
await getService$1("permission").actionProvider.registerMany(adminActions.actions);
|
|
497
|
-
};
|
|
498
|
-
const registerAdminConditions = async () => {
|
|
499
|
-
await getService$1("permission").conditionProvider.registerMany(adminConditions.conditions);
|
|
500
|
-
};
|
|
501
|
-
const registerModelHooks = () => {
|
|
502
|
-
const { sendDidChangeInterfaceLanguage } = getService$1("metrics");
|
|
503
|
-
strapi.db.lifecycles.subscribe({
|
|
504
|
-
models: ["admin::user"],
|
|
505
|
-
afterCreate: sendDidChangeInterfaceLanguage,
|
|
506
|
-
afterDelete: sendDidChangeInterfaceLanguage,
|
|
507
|
-
afterUpdate({ params }) {
|
|
508
|
-
if (params.data.preferedLanguage) {
|
|
509
|
-
sendDidChangeInterfaceLanguage();
|
|
510
|
-
}
|
|
511
|
-
}
|
|
512
|
-
});
|
|
513
|
-
};
|
|
514
|
-
const syncAuthSettings = async () => {
|
|
515
|
-
const adminStore = await strapi.store({ type: "core", name: "admin" });
|
|
516
|
-
const adminAuthSettings = await adminStore.get({ key: "auth" });
|
|
517
|
-
const newAuthSettings = fp.merge(defaultAdminAuthSettings, adminAuthSettings);
|
|
518
|
-
const roleExists = await getService$1("role").exists({
|
|
519
|
-
id: newAuthSettings.providers.defaultRole
|
|
520
|
-
});
|
|
521
|
-
if (!roleExists) {
|
|
522
|
-
newAuthSettings.providers.defaultRole = null;
|
|
523
|
-
}
|
|
524
|
-
await adminStore.set({ key: "auth", value: newAuthSettings });
|
|
525
|
-
};
|
|
526
|
-
const syncAPITokensPermissions = async () => {
|
|
527
|
-
const validPermissions = strapi.contentAPI.permissions.providers.action.keys();
|
|
528
|
-
const permissionsInDB = await utils$1.async.pipe(
|
|
529
|
-
strapi.db.query("admin::api-token-permission").findMany,
|
|
530
|
-
fp.map("action")
|
|
531
|
-
)();
|
|
532
|
-
const unknownPermissions = fp.uniq(fp.difference(permissionsInDB, validPermissions));
|
|
533
|
-
if (unknownPermissions.length > 0) {
|
|
534
|
-
await strapi.db.query("admin::api-token-permission").deleteMany({ where: { action: { $in: unknownPermissions } } });
|
|
535
|
-
}
|
|
536
|
-
};
|
|
537
|
-
const executeCEBootstrap = async ({ strapi: strapi2 }) => {
|
|
538
|
-
await registerAdminConditions();
|
|
539
|
-
await registerPermissionActions();
|
|
540
|
-
registerModelHooks();
|
|
541
|
-
const permissionService = getService$1("permission");
|
|
542
|
-
const userService = getService$1("user");
|
|
543
|
-
const roleService = getService$1("role");
|
|
544
|
-
const apiTokenService = getService$1("api-token");
|
|
545
|
-
const transferService = getService$1("transfer");
|
|
546
|
-
const tokenService = getService$1("token");
|
|
547
|
-
await roleService.createRolesIfNoneExist();
|
|
548
|
-
await roleService.resetSuperAdminPermissions();
|
|
549
|
-
await roleService.displayWarningIfNoSuperAdmin();
|
|
550
|
-
await permissionService.cleanPermissionsInDatabase();
|
|
551
|
-
await userService.displayWarningIfUsersDontHaveRole();
|
|
552
|
-
await syncAuthSettings();
|
|
553
|
-
await syncAPITokensPermissions();
|
|
554
|
-
await getService$1("metrics").sendUpdateProjectInformation(strapi2);
|
|
555
|
-
getService$1("metrics").startCron(strapi2);
|
|
556
|
-
apiTokenService.checkSaltIsDefined();
|
|
557
|
-
transferService.token.checkSaltIsDefined();
|
|
558
|
-
tokenService.checkSecretIsDefined();
|
|
559
|
-
};
|
|
560
|
-
const getService = (name2, { strapi: strapi2 } = { strapi: global.strapi }) => {
|
|
561
|
-
return strapi2.service(`admin::${name2}`);
|
|
562
|
-
};
|
|
563
|
-
const actions = {
|
|
564
|
-
sso: [
|
|
565
|
-
{
|
|
566
|
-
uid: "provider-login.read",
|
|
567
|
-
displayName: "Read",
|
|
568
|
-
pluginName: "admin",
|
|
569
|
-
section: "settings",
|
|
570
|
-
category: "single sign on",
|
|
571
|
-
subCategory: "options"
|
|
572
|
-
},
|
|
573
|
-
{
|
|
574
|
-
uid: "provider-login.update",
|
|
575
|
-
displayName: "Update",
|
|
576
|
-
pluginName: "admin",
|
|
577
|
-
section: "settings",
|
|
578
|
-
category: "single sign on",
|
|
579
|
-
subCategory: "options"
|
|
580
|
-
}
|
|
581
|
-
],
|
|
582
|
-
auditLogs: [
|
|
583
|
-
{
|
|
584
|
-
uid: "audit-logs.read",
|
|
585
|
-
displayName: "Read",
|
|
586
|
-
pluginName: "admin",
|
|
587
|
-
section: "settings",
|
|
588
|
-
category: "audit logs",
|
|
589
|
-
subCategory: "options"
|
|
590
|
-
}
|
|
591
|
-
]
|
|
592
|
-
};
|
|
593
|
-
const transformTableName = (table) => {
|
|
594
|
-
if (typeof table === "string") {
|
|
595
|
-
return { name: table };
|
|
596
|
-
}
|
|
597
|
-
return table;
|
|
598
|
-
};
|
|
599
|
-
async function findTables({ strapi: strapi2 }, regex) {
|
|
600
|
-
const tables = await strapi2.db.dialect.schemaInspector.getTables();
|
|
601
|
-
return tables.filter((tableName) => regex.test(tableName));
|
|
602
|
-
}
|
|
603
|
-
async function addPersistTables({ strapi: strapi2 }, tableNames) {
|
|
604
|
-
const persistedTables = await getPersistedTables({ strapi: strapi2 });
|
|
605
|
-
const tables = tableNames.map(transformTableName);
|
|
606
|
-
const notPersistedTableNames = fp.differenceWith(fp.isEqual, tables, persistedTables);
|
|
607
|
-
const tablesToPersist = fp.differenceWith(
|
|
608
|
-
(t1, t2) => t1.name === t2.name,
|
|
609
|
-
persistedTables,
|
|
610
|
-
notPersistedTableNames
|
|
611
|
-
);
|
|
612
|
-
if (!notPersistedTableNames.length) {
|
|
613
|
-
return;
|
|
614
|
-
}
|
|
615
|
-
tablesToPersist.push(...notPersistedTableNames);
|
|
616
|
-
await strapi2.store.set({
|
|
617
|
-
type: "core",
|
|
618
|
-
key: "persisted_tables",
|
|
619
|
-
value: tablesToPersist
|
|
620
|
-
});
|
|
621
|
-
}
|
|
622
|
-
async function getPersistedTables({ strapi: strapi2 }) {
|
|
623
|
-
const persistedTables = await strapi2.store.get({
|
|
624
|
-
type: "core",
|
|
625
|
-
key: "persisted_tables"
|
|
626
|
-
});
|
|
627
|
-
return (persistedTables || []).map(transformTableName);
|
|
628
|
-
}
|
|
629
|
-
const persistTablesWithPrefix = async (tableNamePrefix) => {
|
|
630
|
-
const tableNameRegex = new RegExp(`^${tableNamePrefix}.*`);
|
|
631
|
-
const tableNames = await findTables({ strapi }, tableNameRegex);
|
|
632
|
-
await addPersistTables({ strapi }, tableNames);
|
|
633
|
-
};
|
|
634
|
-
const bootstrap = async (args) => {
|
|
635
|
-
const { actionProvider } = getService("permission");
|
|
636
|
-
if (strapi.ee.features.isEnabled("sso")) {
|
|
637
|
-
await actionProvider.registerMany(actions.sso);
|
|
638
|
-
}
|
|
639
|
-
if (strapi.ee.features.isEnabled("audit-logs")) {
|
|
640
|
-
await persistTablesWithPrefix("strapi_audit_logs");
|
|
641
|
-
await actionProvider.registerMany(actions.auditLogs);
|
|
642
|
-
}
|
|
643
|
-
await getService("seat-enforcement").seatEnforcementWorkflow();
|
|
644
|
-
await executeCEBootstrap(args);
|
|
645
|
-
};
|
|
646
|
-
const executeCEDestroy = async () => {
|
|
647
|
-
const { conditionProvider, actionProvider } = getService$1("permission");
|
|
648
|
-
await conditionProvider.clear();
|
|
649
|
-
await actionProvider.clear();
|
|
650
|
-
};
|
|
651
|
-
const destroy = async ({ strapi: strapi2 }) => {
|
|
652
|
-
await executeCEDestroy();
|
|
653
|
-
};
|
|
654
|
-
const adminContentTypes = {};
|
|
655
|
-
const isSsoLocked = async (user2) => {
|
|
656
|
-
if (!strapi.ee.features.isEnabled("sso")) {
|
|
657
|
-
return false;
|
|
658
|
-
}
|
|
659
|
-
if (!user2) {
|
|
660
|
-
throw new Error("Missing user object");
|
|
661
|
-
}
|
|
662
|
-
const adminStore = await strapi.store({ type: "core", name: "admin" });
|
|
663
|
-
const { providers } = await adminStore.get({ key: "auth" });
|
|
664
|
-
const lockedRoles = providers.ssoLockedRoles ?? [];
|
|
665
|
-
if (fp.isEmpty(lockedRoles)) {
|
|
666
|
-
return false;
|
|
667
|
-
}
|
|
668
|
-
const roles2 = (
|
|
669
|
-
// If the roles are pre-loaded for the given user, then use them
|
|
670
|
-
user2.roles ?? // Otherwise, try to load the role based on the given user ID
|
|
671
|
-
await strapi.db.query("admin::user").load(user2, "roles", { roles: { fields: ["id"] } }) ?? // If the query fails somehow, default to an empty array
|
|
672
|
-
[]
|
|
673
|
-
);
|
|
674
|
-
const isLocked = lockedRoles.some(
|
|
675
|
-
(lockedId) => (
|
|
676
|
-
// lockedRoles will be a string to avoid issues with frontend and bigints
|
|
677
|
-
roles2.some((role2) => lockedId === role2.id.toString())
|
|
678
|
-
)
|
|
679
|
-
);
|
|
680
|
-
return isLocked;
|
|
681
|
-
};
|
|
682
|
-
const { ApplicationError: ApplicationError$2 } = utils$1.errors;
|
|
683
|
-
const forgotPassword = async ({ email: email2 } = {}) => {
|
|
684
|
-
const user2 = await strapi.db.query("admin::user").findOne({ where: { email: email2, isActive: true } });
|
|
685
|
-
if (!user2 || await isSsoLocked(user2)) {
|
|
686
|
-
return;
|
|
687
|
-
}
|
|
688
|
-
const resetPasswordToken = getService("token").createToken();
|
|
689
|
-
await getService("user").updateById(user2.id, { resetPasswordToken });
|
|
690
|
-
const url = `${strapi.config.get(
|
|
691
|
-
"admin.absoluteUrl"
|
|
692
|
-
)}/auth/reset-password?code=${resetPasswordToken}`;
|
|
693
|
-
return strapi.plugin("email").service("email").sendTemplatedEmail(
|
|
694
|
-
{
|
|
695
|
-
to: user2.email,
|
|
696
|
-
from: strapi.config.get("admin.forgotPassword.from"),
|
|
697
|
-
replyTo: strapi.config.get("admin.forgotPassword.replyTo")
|
|
698
|
-
},
|
|
699
|
-
strapi.config.get("admin.forgotPassword.emailTemplate"),
|
|
700
|
-
{
|
|
701
|
-
url,
|
|
702
|
-
user: ___default.default.pick(user2, ["email", "firstname", "lastname", "username"])
|
|
703
|
-
}
|
|
704
|
-
).catch((err) => {
|
|
705
|
-
strapi.log.error(err);
|
|
706
|
-
});
|
|
707
|
-
};
|
|
708
|
-
const resetPassword = async ({ resetPasswordToken, password: password2 } = {}) => {
|
|
709
|
-
const matchingUser = await strapi.db.query("admin::user").findOne({ where: { resetPasswordToken, isActive: true } });
|
|
710
|
-
if (!matchingUser || await isSsoLocked(matchingUser)) {
|
|
711
|
-
throw new ApplicationError$2();
|
|
712
|
-
}
|
|
713
|
-
return getService("user").updateById(matchingUser.id, {
|
|
714
|
-
password: password2,
|
|
715
|
-
resetPasswordToken: null
|
|
716
|
-
});
|
|
717
|
-
};
|
|
718
|
-
const auth = {
|
|
719
|
-
forgotPassword,
|
|
720
|
-
resetPassword
|
|
721
|
-
};
|
|
722
|
-
const createLocalStrategy = (strapi2, middleware) => {
|
|
723
|
-
return new passportLocal.Strategy(
|
|
724
|
-
{
|
|
725
|
-
usernameField: "email",
|
|
726
|
-
passwordField: "password",
|
|
727
|
-
session: false
|
|
728
|
-
},
|
|
729
|
-
(email2, password2, done) => {
|
|
730
|
-
return getService$1("auth").checkCredentials({ email: fp.toLower(email2), password: password2 }).then(async ([error, user2, message]) => {
|
|
731
|
-
if (middleware) {
|
|
732
|
-
return middleware([error, user2, message], done);
|
|
733
|
-
}
|
|
734
|
-
return done(error, user2, message);
|
|
735
|
-
}).catch((error) => done(error));
|
|
736
|
-
}
|
|
737
|
-
);
|
|
738
|
-
};
|
|
739
|
-
const authEventsMapper = {
|
|
740
|
-
onConnectionSuccess: "admin.auth.success",
|
|
741
|
-
onConnectionError: "admin.auth.error"
|
|
742
|
-
};
|
|
743
|
-
const valueIsFunctionType = ([, value]) => fp.isFunction(value);
|
|
744
|
-
const keyIsValidEventName = ([key]) => {
|
|
745
|
-
return Object.keys(strapi.service("admin::passport").authEventsMapper).includes(key);
|
|
746
|
-
};
|
|
747
|
-
const getPassportStrategies$1 = () => [createLocalStrategy(strapi)];
|
|
748
|
-
const registerAuthEvents = () => {
|
|
749
|
-
const { events = {} } = strapi.config.get("admin.auth", {});
|
|
750
|
-
const { authEventsMapper: authEventsMapper2 } = strapi.service("admin::passport");
|
|
751
|
-
const eventList = Object.entries(events).filter(keyIsValidEventName).filter(valueIsFunctionType);
|
|
752
|
-
for (const [eventName, handler] of eventList) {
|
|
753
|
-
strapi.eventHub.on(authEventsMapper2[eventName], handler);
|
|
754
|
-
}
|
|
755
|
-
};
|
|
756
|
-
const init = () => {
|
|
757
|
-
strapi.service("admin::passport").getPassportStrategies().forEach((strategy) => passport__default.default.use(strategy));
|
|
758
|
-
registerAuthEvents();
|
|
759
|
-
return passport__default.default.initialize();
|
|
760
|
-
};
|
|
761
|
-
const passport$1 = { init, getPassportStrategies: getPassportStrategies$1, authEventsMapper };
|
|
762
|
-
const createProviderRegistry = () => {
|
|
763
|
-
const registry = /* @__PURE__ */ new Map();
|
|
764
|
-
Object.assign(registry, {
|
|
765
|
-
register(provider) {
|
|
766
|
-
if (strapi.isLoaded) {
|
|
767
|
-
throw new Error(`You can't register new provider after the bootstrap`);
|
|
768
|
-
}
|
|
769
|
-
this.set(provider.uid, provider);
|
|
770
|
-
},
|
|
771
|
-
registerMany(providers) {
|
|
772
|
-
providers.forEach((provider) => {
|
|
773
|
-
this.register(provider);
|
|
774
|
-
});
|
|
775
|
-
},
|
|
776
|
-
getAll() {
|
|
777
|
-
return Array.from(this.values());
|
|
778
|
-
}
|
|
779
|
-
});
|
|
780
|
-
return registry;
|
|
781
|
-
};
|
|
782
|
-
const providerRegistry = createProviderRegistry();
|
|
783
|
-
const errorMessage = "SSO is disabled. Its functionnalities cannot be accessed.";
|
|
784
|
-
const getStrategyCallbackURL = (providerName) => {
|
|
785
|
-
if (!strapi.ee.features.isEnabled("sso")) {
|
|
786
|
-
throw new Error(errorMessage);
|
|
787
|
-
}
|
|
788
|
-
return `/admin/connect/${providerName}`;
|
|
789
|
-
};
|
|
790
|
-
const syncProviderRegistryWithConfig = () => {
|
|
791
|
-
if (!strapi.ee.features.isEnabled("sso")) {
|
|
792
|
-
throw new Error(errorMessage);
|
|
793
|
-
}
|
|
794
|
-
const { providers = [] } = strapi.config.get("admin.auth", {});
|
|
795
|
-
providerRegistry.registerMany(providers);
|
|
796
|
-
};
|
|
797
|
-
const SSOAuthEventsMapper = {
|
|
798
|
-
onSSOAutoRegistration: "admin.auth.autoRegistration"
|
|
799
|
-
};
|
|
800
|
-
const sso$1 = {
|
|
801
|
-
providerRegistry,
|
|
802
|
-
getStrategyCallbackURL,
|
|
803
|
-
syncProviderRegistryWithConfig,
|
|
804
|
-
authEventsMapper: { ...passport$1.authEventsMapper, ...SSOAuthEventsMapper }
|
|
805
|
-
};
|
|
806
|
-
const { UnauthorizedError } = utils$1.errors;
|
|
807
|
-
const localStrategyMiddleware = async ([error, user2, message], done) => {
|
|
808
|
-
if (user2 && !error && await isSsoLocked(user2)) {
|
|
809
|
-
return done(
|
|
810
|
-
new UnauthorizedError("Login not allowed, please contact your administrator", {
|
|
811
|
-
code: "LOGIN_NOT_ALLOWED"
|
|
812
|
-
}),
|
|
813
|
-
user2,
|
|
814
|
-
message
|
|
815
|
-
);
|
|
816
|
-
}
|
|
817
|
-
return done(error, user2, message);
|
|
818
|
-
};
|
|
819
|
-
const getPassportStrategies = () => {
|
|
820
|
-
if (!strapi.ee.features.isEnabled("sso")) {
|
|
821
|
-
return [createLocalStrategy(strapi)];
|
|
822
|
-
}
|
|
823
|
-
const localStrategy = createLocalStrategy(strapi, localStrategyMiddleware);
|
|
824
|
-
if (!strapi.isLoaded) {
|
|
825
|
-
sso$1.syncProviderRegistryWithConfig();
|
|
826
|
-
}
|
|
827
|
-
const providers = sso$1.providerRegistry.getAll();
|
|
828
|
-
const strategies = providers.map((provider) => provider.createStrategy(strapi));
|
|
829
|
-
return [localStrategy, ...strategies];
|
|
830
|
-
};
|
|
831
|
-
const passport = {
|
|
832
|
-
getPassportStrategies,
|
|
833
|
-
...sso$1
|
|
834
|
-
};
|
|
835
|
-
const { ApplicationError: ApplicationError$1 } = utils$1.errors;
|
|
836
|
-
const ssoCheckRolesIdForDeletion = async (ids) => {
|
|
837
|
-
const adminStore = await strapi.store({ type: "core", name: "admin" });
|
|
838
|
-
const {
|
|
839
|
-
providers: { defaultRole }
|
|
840
|
-
} = await adminStore.get({ key: "auth" });
|
|
841
|
-
for (const roleId of ids) {
|
|
842
|
-
if (defaultRole && fp.toString(defaultRole) === fp.toString(roleId)) {
|
|
843
|
-
throw new ApplicationError$1(
|
|
844
|
-
"This role is used as the default SSO role. Make sure to change this configuration before deleting the role"
|
|
845
|
-
);
|
|
846
|
-
}
|
|
847
|
-
}
|
|
848
|
-
};
|
|
849
|
-
const role$1 = {
|
|
850
|
-
ssoCheckRolesIdForDeletion
|
|
851
|
-
};
|
|
852
|
-
const { SUPER_ADMIN_CODE: SUPER_ADMIN_CODE$2 } = constants;
|
|
853
|
-
const hasSuperAdminRole = (user2) => {
|
|
854
|
-
return user2.roles.filter((role2) => role2.code === SUPER_ADMIN_CODE$2).length > 0;
|
|
855
|
-
};
|
|
856
|
-
const { ValidationError: ValidationError$1 } = utils$1.errors;
|
|
857
|
-
const { SUPER_ADMIN_CODE: SUPER_ADMIN_CODE$1 } = constants;
|
|
858
|
-
const updateEEDisabledUsersList = async (id, input) => {
|
|
859
|
-
const disabledUsers = await getService("seat-enforcement").getDisabledUserList();
|
|
860
|
-
if (!disabledUsers) {
|
|
861
|
-
return;
|
|
862
|
-
}
|
|
863
|
-
const user2 = disabledUsers.find((user22) => user22.id === Number(id));
|
|
864
|
-
if (!user2) {
|
|
865
|
-
return;
|
|
866
|
-
}
|
|
867
|
-
if (user2.isActive !== input.isActive) {
|
|
868
|
-
const newDisabledUsersList = disabledUsers.filter((user22) => user22.id !== Number(id));
|
|
869
|
-
await strapi.store.set({
|
|
870
|
-
type: "ee",
|
|
871
|
-
key: "disabled_users",
|
|
872
|
-
value: newDisabledUsersList
|
|
873
|
-
});
|
|
874
|
-
}
|
|
875
|
-
};
|
|
876
|
-
const castNumberArray = fp.pipe(fp.castArray, fp.map(fp.toNumber));
|
|
877
|
-
const removeFromEEDisabledUsersList = async (ids) => {
|
|
878
|
-
let idsToCheck;
|
|
879
|
-
if (typeof ids === "object") {
|
|
880
|
-
idsToCheck = castNumberArray(ids);
|
|
881
|
-
} else {
|
|
882
|
-
idsToCheck = [Number(ids)];
|
|
883
|
-
}
|
|
884
|
-
const disabledUsers = await getService("seat-enforcement").getDisabledUserList();
|
|
885
|
-
if (!disabledUsers) {
|
|
886
|
-
return;
|
|
887
|
-
}
|
|
888
|
-
const newDisabledUsersList = disabledUsers.filter((user2) => !idsToCheck.includes(user2.id));
|
|
889
|
-
await strapi.store.set({
|
|
890
|
-
type: "ee",
|
|
891
|
-
key: "disabled_users",
|
|
892
|
-
value: newDisabledUsersList
|
|
893
|
-
});
|
|
894
|
-
};
|
|
895
|
-
const updateById = async (id, attributes) => {
|
|
896
|
-
if (___default.default.has(attributes, "roles")) {
|
|
897
|
-
const lastAdminUser = await isLastSuperAdminUser(id);
|
|
898
|
-
const superAdminRole = await getService("role").getSuperAdminWithUsersCount();
|
|
899
|
-
const willRemoveSuperAdminRole = !utils$1.arrays.includesString(attributes.roles, superAdminRole.id);
|
|
900
|
-
if (lastAdminUser && willRemoveSuperAdminRole) {
|
|
901
|
-
throw new ValidationError$1("You must have at least one user with super admin role.");
|
|
902
|
-
}
|
|
903
|
-
}
|
|
904
|
-
if (attributes.isActive === false) {
|
|
905
|
-
const lastAdminUser = await isLastSuperAdminUser(id);
|
|
906
|
-
if (lastAdminUser) {
|
|
907
|
-
throw new ValidationError$1("You must have at least one user with super admin role.");
|
|
908
|
-
}
|
|
909
|
-
}
|
|
910
|
-
if (___default.default.has(attributes, "password")) {
|
|
911
|
-
const hashedPassword = await getService("auth").hashPassword(attributes.password);
|
|
912
|
-
const updatedUser2 = await strapi.db.query("admin::user").update({
|
|
913
|
-
where: { id },
|
|
914
|
-
data: {
|
|
915
|
-
...attributes,
|
|
916
|
-
password: hashedPassword
|
|
917
|
-
},
|
|
918
|
-
populate: ["roles"]
|
|
919
|
-
});
|
|
920
|
-
strapi.eventHub.emit("user.update", { user: sanitizeUser(updatedUser2) });
|
|
921
|
-
return updatedUser2;
|
|
922
|
-
}
|
|
923
|
-
const updatedUser = await strapi.db.query("admin::user").update({
|
|
924
|
-
where: { id },
|
|
925
|
-
data: attributes,
|
|
926
|
-
populate: ["roles"]
|
|
927
|
-
});
|
|
928
|
-
await updateEEDisabledUsersList(id, attributes);
|
|
929
|
-
if (updatedUser) {
|
|
930
|
-
strapi.eventHub.emit("user.update", { user: sanitizeUser(updatedUser) });
|
|
931
|
-
}
|
|
932
|
-
return updatedUser;
|
|
933
|
-
};
|
|
934
|
-
const deleteById = async (id) => {
|
|
935
|
-
const userToDelete = await strapi.db.query("admin::user").findOne({
|
|
936
|
-
where: { id },
|
|
937
|
-
populate: ["roles"]
|
|
938
|
-
});
|
|
939
|
-
if (!userToDelete) {
|
|
940
|
-
return null;
|
|
941
|
-
}
|
|
942
|
-
if (userToDelete) {
|
|
943
|
-
if (userToDelete.roles.some((r) => r.code === SUPER_ADMIN_CODE$1)) {
|
|
944
|
-
const superAdminRole = await getService("role").getSuperAdminWithUsersCount();
|
|
945
|
-
if (superAdminRole.usersCount === 1) {
|
|
946
|
-
throw new ValidationError$1("You must have at least one user with super admin role.");
|
|
947
|
-
}
|
|
948
|
-
}
|
|
949
|
-
}
|
|
950
|
-
const deletedUser = await strapi.db.query("admin::user").delete({ where: { id }, populate: ["roles"] });
|
|
951
|
-
await removeFromEEDisabledUsersList(id);
|
|
952
|
-
strapi.eventHub.emit("user.delete", { user: sanitizeUser(deletedUser) });
|
|
953
|
-
return deletedUser;
|
|
954
|
-
};
|
|
955
|
-
const deleteByIds = async (ids) => {
|
|
956
|
-
const superAdminRole = await getService("role").getSuperAdminWithUsersCount();
|
|
957
|
-
const nbOfSuperAdminToDelete = await strapi.db.query("admin::user").count({
|
|
958
|
-
where: {
|
|
959
|
-
id: ids,
|
|
960
|
-
roles: { id: superAdminRole.id }
|
|
961
|
-
}
|
|
962
|
-
});
|
|
963
|
-
if (superAdminRole.usersCount === nbOfSuperAdminToDelete) {
|
|
964
|
-
throw new ValidationError$1("You must have at least one user with super admin role.");
|
|
965
|
-
}
|
|
966
|
-
const deletedUsers = [];
|
|
967
|
-
for (const id of ids) {
|
|
968
|
-
const deletedUser = await strapi.db.query("admin::user").delete({
|
|
969
|
-
where: { id },
|
|
970
|
-
populate: ["roles"]
|
|
971
|
-
});
|
|
972
|
-
deletedUsers.push(deletedUser);
|
|
973
|
-
}
|
|
974
|
-
await removeFromEEDisabledUsersList(ids);
|
|
975
|
-
strapi.eventHub.emit("user.delete", {
|
|
976
|
-
users: deletedUsers.map((deletedUser) => sanitizeUser(deletedUser))
|
|
977
|
-
});
|
|
978
|
-
return deletedUsers;
|
|
979
|
-
};
|
|
980
|
-
const sanitizeUserRoles = (role2) => ___default.default.pick(role2, ["id", "name", "description", "code"]);
|
|
981
|
-
const isLastSuperAdminUser = async (userId) => {
|
|
982
|
-
const user2 = await findOne(userId);
|
|
983
|
-
const superAdminRole = await getService("role").getSuperAdminWithUsersCount();
|
|
984
|
-
return superAdminRole.usersCount === 1 && hasSuperAdminRole(user2);
|
|
985
|
-
};
|
|
986
|
-
const sanitizeUser = (user2) => {
|
|
987
|
-
return {
|
|
988
|
-
...___default.default.omit(user2, ["password", "resetPasswordToken", "registrationToken", "roles"]),
|
|
989
|
-
roles: user2.roles && user2.roles.map(sanitizeUserRoles)
|
|
990
|
-
};
|
|
991
|
-
};
|
|
992
|
-
const findOne = async (id, populate = ["roles"]) => {
|
|
993
|
-
return strapi.db.query("admin::user").findOne({ where: { id }, populate });
|
|
994
|
-
};
|
|
995
|
-
const getCurrentActiveUserCount = async () => {
|
|
996
|
-
return strapi.db.query("admin::user").count({ where: { isActive: true } });
|
|
997
|
-
};
|
|
998
|
-
const user$1 = {
|
|
999
|
-
updateEEDisabledUsersList,
|
|
1000
|
-
removeFromEEDisabledUsersList,
|
|
1001
|
-
getCurrentActiveUserCount,
|
|
1002
|
-
deleteByIds,
|
|
1003
|
-
deleteById,
|
|
1004
|
-
updateById
|
|
1005
|
-
};
|
|
1006
|
-
const getSSOProvidersList = async () => {
|
|
1007
|
-
const { providerRegistry: providerRegistry2 } = strapi.service("admin::passport");
|
|
1008
|
-
return providerRegistry2.getAll().map(({ uid }) => uid);
|
|
1009
|
-
};
|
|
1010
|
-
const sendUpdateProjectInformation = async (strapi2) => {
|
|
1011
|
-
let groupProperties = {};
|
|
1012
|
-
const numberOfActiveAdminUsers = await getService("user").count({ isActive: true });
|
|
1013
|
-
const numberOfAdminUsers = await getService("user").count();
|
|
1014
|
-
if (strapi2.ee.features.isEnabled("sso")) {
|
|
1015
|
-
const SSOProviders = await getSSOProvidersList();
|
|
1016
|
-
groupProperties = fp.assign(groupProperties, {
|
|
1017
|
-
SSOProviders,
|
|
1018
|
-
isSSOConfigured: SSOProviders.length !== 0
|
|
1019
|
-
});
|
|
1020
|
-
}
|
|
1021
|
-
if (strapi2.ee.features.isEnabled("cms-content-releases")) {
|
|
1022
|
-
const numberOfContentReleases = await strapi2.db.query("plugin::content-releases.release").count();
|
|
1023
|
-
const numberOfPublishedContentReleases = await strapi2.db.query("plugin::content-releases.release").count({
|
|
1024
|
-
filters: { releasedAt: { $notNull: true } }
|
|
1025
|
-
});
|
|
1026
|
-
groupProperties = fp.assign(groupProperties, {
|
|
1027
|
-
numberOfContentReleases,
|
|
1028
|
-
numberOfPublishedContentReleases
|
|
1029
|
-
});
|
|
1030
|
-
}
|
|
1031
|
-
groupProperties = fp.assign(groupProperties, { numberOfActiveAdminUsers, numberOfAdminUsers });
|
|
1032
|
-
strapi2.telemetry.send("didUpdateProjectInformation", {
|
|
1033
|
-
groupProperties
|
|
1034
|
-
});
|
|
1035
|
-
};
|
|
1036
|
-
const startCron = (strapi2) => {
|
|
1037
|
-
strapi2.cron.add({
|
|
1038
|
-
"0 0 0 * * *": () => sendUpdateProjectInformation(strapi2)
|
|
1039
|
-
});
|
|
1040
|
-
};
|
|
1041
|
-
const metrics = { startCron, getSSOProvidersList, sendUpdateProjectInformation };
|
|
1042
|
-
const { SUPER_ADMIN_CODE } = constants;
|
|
1043
|
-
const getDisabledUserList = async () => {
|
|
1044
|
-
return strapi.store.get({ type: "ee", key: "disabled_users" });
|
|
1045
|
-
};
|
|
1046
|
-
const enableMaximumUserCount = async (numberOfUsersToEnable) => {
|
|
1047
|
-
const disabledUsers = await getDisabledUserList();
|
|
1048
|
-
const orderedDisabledUsers = fp.reverse(disabledUsers);
|
|
1049
|
-
const usersToEnable = fp.take(numberOfUsersToEnable, orderedDisabledUsers);
|
|
1050
|
-
await strapi.db.query("admin::user").updateMany({
|
|
1051
|
-
where: { id: fp.map(fp.prop("id"), usersToEnable) },
|
|
1052
|
-
data: { isActive: true }
|
|
1053
|
-
});
|
|
1054
|
-
const remainingDisabledUsers = fp.drop(numberOfUsersToEnable, orderedDisabledUsers);
|
|
1055
|
-
await strapi.store.set({
|
|
1056
|
-
type: "ee",
|
|
1057
|
-
key: "disabled_users",
|
|
1058
|
-
value: remainingDisabledUsers
|
|
1059
|
-
});
|
|
1060
|
-
};
|
|
1061
|
-
const disableUsersAboveLicenseLimit = async (numberOfUsersToDisable) => {
|
|
1062
|
-
const currentlyDisabledUsers = await getDisabledUserList() ?? [];
|
|
1063
|
-
const usersToDisable = [];
|
|
1064
|
-
const nonSuperAdminUsersToDisable = await strapi.db.query("admin::user").findMany({
|
|
1065
|
-
where: {
|
|
1066
|
-
isActive: true,
|
|
1067
|
-
roles: {
|
|
1068
|
-
code: { $ne: SUPER_ADMIN_CODE }
|
|
1069
|
-
}
|
|
1070
|
-
},
|
|
1071
|
-
orderBy: { createdAt: "DESC" },
|
|
1072
|
-
limit: numberOfUsersToDisable
|
|
1073
|
-
});
|
|
1074
|
-
usersToDisable.push(...nonSuperAdminUsersToDisable);
|
|
1075
|
-
if (nonSuperAdminUsersToDisable.length < numberOfUsersToDisable) {
|
|
1076
|
-
const superAdminUsersToDisable = await strapi.db.query("admin::user").findMany({
|
|
1077
|
-
where: {
|
|
1078
|
-
isActive: true,
|
|
1079
|
-
roles: { code: SUPER_ADMIN_CODE }
|
|
1080
|
-
},
|
|
1081
|
-
orderBy: { createdAt: "DESC" },
|
|
1082
|
-
limit: numberOfUsersToDisable - nonSuperAdminUsersToDisable.length
|
|
1083
|
-
});
|
|
1084
|
-
usersToDisable.push(...superAdminUsersToDisable);
|
|
1085
|
-
}
|
|
1086
|
-
await strapi.db.query("admin::user").updateMany({
|
|
1087
|
-
where: { id: fp.map(fp.prop("id"), usersToDisable) },
|
|
1088
|
-
data: { isActive: false }
|
|
1089
|
-
});
|
|
1090
|
-
await strapi.store.set({
|
|
1091
|
-
type: "ee",
|
|
1092
|
-
key: "disabled_users",
|
|
1093
|
-
value: currentlyDisabledUsers.concat(fp.map(fp.pick(["id", "isActive"]), usersToDisable))
|
|
1094
|
-
});
|
|
1095
|
-
};
|
|
1096
|
-
const syncDisabledUserRecords = async () => {
|
|
1097
|
-
const disabledUsers = await strapi.store.get({ type: "ee", key: "disabled_users" });
|
|
1098
|
-
if (!disabledUsers) {
|
|
1099
|
-
return;
|
|
1100
|
-
}
|
|
1101
|
-
await strapi.db.query("admin::user").updateMany({
|
|
1102
|
-
where: { id: fp.map(fp.prop("id"), disabledUsers) },
|
|
1103
|
-
data: { isActive: false }
|
|
1104
|
-
});
|
|
1105
|
-
};
|
|
1106
|
-
const seatEnforcementWorkflow = async () => {
|
|
1107
|
-
const adminSeats = strapi.ee.seats;
|
|
1108
|
-
if (fp.isNil(adminSeats)) {
|
|
1109
|
-
return;
|
|
1110
|
-
}
|
|
1111
|
-
await syncDisabledUserRecords();
|
|
1112
|
-
const currentActiveUserCount = await getService("user").getCurrentActiveUserCount();
|
|
1113
|
-
const adminSeatsLeft = adminSeats - currentActiveUserCount;
|
|
1114
|
-
if (adminSeatsLeft > 0) {
|
|
1115
|
-
await enableMaximumUserCount(adminSeatsLeft);
|
|
1116
|
-
} else if (adminSeatsLeft < 0) {
|
|
1117
|
-
await disableUsersAboveLicenseLimit(-adminSeatsLeft);
|
|
1118
|
-
}
|
|
1119
|
-
};
|
|
1120
|
-
const seatEnforcement = {
|
|
1121
|
-
seatEnforcementWorkflow,
|
|
1122
|
-
getDisabledUserList
|
|
1123
|
-
};
|
|
1124
|
-
const services = {
|
|
1125
|
-
auth,
|
|
1126
|
-
passport,
|
|
1127
|
-
role: role$1,
|
|
1128
|
-
user: user$1,
|
|
1129
|
-
metrics,
|
|
1130
|
-
"seat-enforcement": seatEnforcement
|
|
1131
|
-
};
|
|
1132
|
-
const providerOptionsUpdateSchema = utils$1.yup.object().shape({
|
|
1133
|
-
autoRegister: utils$1.yup.boolean().required(),
|
|
1134
|
-
defaultRole: utils$1.yup.strapiID().when("autoRegister", (value, initSchema) => {
|
|
1135
|
-
return value ? initSchema.required() : initSchema.nullable();
|
|
1136
|
-
}).test("is-valid-role", "You must submit a valid default role", (roleId) => {
|
|
1137
|
-
if (roleId === null) {
|
|
1138
|
-
return true;
|
|
1139
|
-
}
|
|
1140
|
-
return strapi.service("admin::role").exists({ id: roleId });
|
|
1141
|
-
}),
|
|
1142
|
-
ssoLockedRoles: utils$1.yup.array().nullable().of(
|
|
1143
|
-
utils$1.yup.strapiID().test(
|
|
1144
|
-
"is-valid-role",
|
|
1145
|
-
"You must submit a valid role for the SSO Locked roles",
|
|
1146
|
-
(roleId) => {
|
|
1147
|
-
return strapi.service("admin::role").exists({ id: roleId });
|
|
1148
|
-
}
|
|
1149
|
-
)
|
|
1150
|
-
)
|
|
1151
|
-
});
|
|
1152
|
-
const validateProviderOptionsUpdate = utils$1.validateYupSchema(providerOptionsUpdateSchema);
|
|
1153
|
-
const PROVIDER_REDIRECT_BASE = "/auth/login";
|
|
1154
|
-
const PROVIDER_REDIRECT_SUCCESS = `${PROVIDER_REDIRECT_BASE}/success`;
|
|
1155
|
-
const PROVIDER_REDIRECT_ERROR = `${PROVIDER_REDIRECT_BASE}/error`;
|
|
1156
|
-
const PROVIDER_URLS_MAP = {
|
|
1157
|
-
success: PROVIDER_REDIRECT_SUCCESS,
|
|
1158
|
-
error: PROVIDER_REDIRECT_ERROR
|
|
1159
|
-
};
|
|
1160
|
-
const getAdminStore = async () => strapi.store({ type: "core", name: "admin" });
|
|
1161
|
-
const getPrefixedRedirectUrls = () => {
|
|
1162
|
-
const { url: adminUrl } = strapi.config.get("admin");
|
|
1163
|
-
const prefixUrl = (url) => `${adminUrl || "/admin"}${url}`;
|
|
1164
|
-
return fp.mapValues(prefixUrl, PROVIDER_URLS_MAP);
|
|
1165
|
-
};
|
|
1166
|
-
const utils = {
|
|
1167
|
-
getAdminStore,
|
|
1168
|
-
getPrefixedRedirectUrls
|
|
1169
|
-
};
|
|
1170
|
-
const defaultConnectionError = () => new Error("Invalid connection payload");
|
|
1171
|
-
const authenticate = async (ctx, next) => {
|
|
1172
|
-
const {
|
|
1173
|
-
params: { provider }
|
|
1174
|
-
} = ctx;
|
|
1175
|
-
const redirectUrls = utils.getPrefixedRedirectUrls();
|
|
1176
|
-
return passport__default.default.authenticate(provider, null, async (error, profile) => {
|
|
1177
|
-
if (error || !profile || !profile.email) {
|
|
1178
|
-
if (error) {
|
|
1179
|
-
strapi.log.error(error);
|
|
1180
|
-
}
|
|
1181
|
-
strapi.eventHub.emit("admin.auth.error", {
|
|
1182
|
-
error: error || defaultConnectionError(),
|
|
1183
|
-
provider
|
|
1184
|
-
});
|
|
1185
|
-
return ctx.redirect(redirectUrls.error);
|
|
1186
|
-
}
|
|
1187
|
-
const user2 = await getService("user").findOneByEmail(profile.email);
|
|
1188
|
-
const scenario = user2 ? existingUserScenario : nonExistingUserScenario;
|
|
1189
|
-
return scenario(ctx, next)(user2 || profile, provider);
|
|
1190
|
-
})(ctx, next);
|
|
1191
|
-
};
|
|
1192
|
-
const existingUserScenario = (ctx, next) => async (user2, provider) => {
|
|
1193
|
-
const redirectUrls = utils.getPrefixedRedirectUrls();
|
|
1194
|
-
if (!user2.isActive) {
|
|
1195
|
-
strapi.eventHub.emit("admin.auth.error", {
|
|
1196
|
-
error: new Error(`Deactivated user tried to login (${user2.id})`),
|
|
1197
|
-
provider
|
|
1198
|
-
});
|
|
1199
|
-
return ctx.redirect(redirectUrls.error);
|
|
1200
|
-
}
|
|
1201
|
-
ctx.state.user = user2;
|
|
1202
|
-
return next();
|
|
1203
|
-
};
|
|
1204
|
-
const nonExistingUserScenario = (ctx, next) => async (profile, provider) => {
|
|
1205
|
-
const { email: email2, firstname: firstname2, lastname: lastname2, username: username2 } = profile;
|
|
1206
|
-
const redirectUrls = utils.getPrefixedRedirectUrls();
|
|
1207
|
-
const adminStore = await utils.getAdminStore();
|
|
1208
|
-
const { providers } = await adminStore.get({ key: "auth" });
|
|
1209
|
-
const isMissingRegisterFields = !username2 && (!firstname2 || !lastname2);
|
|
1210
|
-
if (!providers.autoRegister || !providers.defaultRole || isMissingRegisterFields) {
|
|
1211
|
-
strapi.eventHub.emit("admin.auth.error", { error: defaultConnectionError(), provider });
|
|
1212
|
-
return ctx.redirect(redirectUrls.error);
|
|
1213
|
-
}
|
|
1214
|
-
const defaultRole = await getService("role").findOne({ id: providers.defaultRole });
|
|
1215
|
-
if (!defaultRole) {
|
|
1216
|
-
strapi.eventHub.emit("admin.auth.error", { error: defaultConnectionError(), provider });
|
|
1217
|
-
return ctx.redirect(redirectUrls.error);
|
|
1218
|
-
}
|
|
1219
|
-
ctx.state.user = await getService("user").create({
|
|
1220
|
-
email: email2,
|
|
1221
|
-
username: username2,
|
|
1222
|
-
firstname: firstname2,
|
|
1223
|
-
lastname: lastname2,
|
|
1224
|
-
roles: [defaultRole.id],
|
|
1225
|
-
isActive: true,
|
|
1226
|
-
registrationToken: null
|
|
1227
|
-
});
|
|
1228
|
-
strapi.eventHub.emit("admin.auth.autoRegistration", {
|
|
1229
|
-
user: ctx.state.user,
|
|
1230
|
-
provider
|
|
1231
|
-
});
|
|
1232
|
-
return next();
|
|
1233
|
-
};
|
|
1234
|
-
const redirectWithAuth = (ctx) => {
|
|
1235
|
-
const {
|
|
1236
|
-
params: { provider }
|
|
1237
|
-
} = ctx;
|
|
1238
|
-
const redirectUrls = utils.getPrefixedRedirectUrls();
|
|
1239
|
-
const domain = strapi.config.get("admin.auth.domain");
|
|
1240
|
-
const { user: user2 } = ctx.state;
|
|
1241
|
-
const jwt = getService("token").createJwtToken(user2);
|
|
1242
|
-
const isProduction = strapi.config.get("environment") === "production";
|
|
1243
|
-
const cookiesOptions = { httpOnly: false, secure: isProduction, overwrite: true, domain };
|
|
1244
|
-
const sanitizedUser = getService("user").sanitizeUser(user2);
|
|
1245
|
-
strapi.eventHub.emit("admin.auth.success", { user: sanitizedUser, provider });
|
|
1246
|
-
ctx.cookies.set("jwtToken", jwt, cookiesOptions);
|
|
1247
|
-
ctx.redirect(redirectUrls.success);
|
|
1248
|
-
};
|
|
1249
|
-
const middlewares = {
|
|
1250
|
-
authenticate,
|
|
1251
|
-
redirectWithAuth
|
|
1252
|
-
};
|
|
1253
|
-
const toProviderDTO = fp.pick(["uid", "displayName", "icon"]);
|
|
1254
|
-
const toProviderLoginOptionsDTO = fp.pick(["autoRegister", "defaultRole", "ssoLockedRoles"]);
|
|
1255
|
-
const { ValidationError } = utils$1.errors;
|
|
1256
|
-
const providerAuthenticationFlow = compose__default.default([
|
|
1257
|
-
middlewares.authenticate,
|
|
1258
|
-
middlewares.redirectWithAuth
|
|
1259
|
-
]);
|
|
1260
|
-
const authentication = {
|
|
1261
|
-
async getProviders(ctx) {
|
|
1262
|
-
const { providerRegistry: providerRegistry2 } = strapi.service("admin::passport");
|
|
1263
|
-
ctx.body = providerRegistry2.getAll().map(toProviderDTO);
|
|
1264
|
-
},
|
|
1265
|
-
async getProviderLoginOptions(ctx) {
|
|
1266
|
-
const adminStore = await utils.getAdminStore();
|
|
1267
|
-
const { providers: providersOptions } = await adminStore.get({ key: "auth" });
|
|
1268
|
-
ctx.body = {
|
|
1269
|
-
data: toProviderLoginOptionsDTO(providersOptions)
|
|
1270
|
-
};
|
|
1271
|
-
},
|
|
1272
|
-
async updateProviderLoginOptions(ctx) {
|
|
1273
|
-
const {
|
|
1274
|
-
request: { body }
|
|
1275
|
-
} = ctx;
|
|
1276
|
-
await validateProviderOptionsUpdate(body);
|
|
1277
|
-
const adminStore = await utils.getAdminStore();
|
|
1278
|
-
const currentAuthOptions = await adminStore.get({ key: "auth" });
|
|
1279
|
-
const newAuthOptions = { ...currentAuthOptions, providers: body };
|
|
1280
|
-
await adminStore.set({ key: "auth", value: newAuthOptions });
|
|
1281
|
-
strapi.telemetry.send("didUpdateSSOSettings");
|
|
1282
|
-
ctx.body = {
|
|
1283
|
-
data: toProviderLoginOptionsDTO(newAuthOptions.providers)
|
|
1284
|
-
};
|
|
1285
|
-
},
|
|
1286
|
-
providerLogin(ctx, next) {
|
|
1287
|
-
const {
|
|
1288
|
-
params: { provider: providerName }
|
|
1289
|
-
} = ctx;
|
|
1290
|
-
const { providerRegistry: providerRegistry2 } = strapi.service("admin::passport");
|
|
1291
|
-
if (!providerRegistry2.has(providerName)) {
|
|
1292
|
-
throw new ValidationError(`Invalid provider supplied: ${providerName}`);
|
|
1293
|
-
}
|
|
1294
|
-
return providerAuthenticationFlow(ctx, next);
|
|
1295
|
-
}
|
|
1296
|
-
};
|
|
1297
|
-
const roleCreateSchema = utils$1.yup.object().shape({
|
|
1298
|
-
name: utils$1.yup.string().min(1).required(),
|
|
1299
|
-
description: utils$1.yup.string().nullable()
|
|
1300
|
-
}).noUnknown();
|
|
1301
|
-
const rolesDeleteSchema = utils$1.yup.object().shape({
|
|
1302
|
-
ids: utils$1.yup.array().of(utils$1.yup.strapiID()).min(1).required().test(
|
|
1303
|
-
"roles-deletion-checks",
|
|
1304
|
-
"Roles deletion checks have failed",
|
|
1305
|
-
async function rolesDeletionChecks(ids) {
|
|
1306
|
-
try {
|
|
1307
|
-
await strapi.service("admin::role").checkRolesIdForDeletion(ids);
|
|
1308
|
-
if (strapi.ee.features.isEnabled("sso")) {
|
|
1309
|
-
await strapi.service("admin::role").ssoCheckRolesIdForDeletion(ids);
|
|
1310
|
-
}
|
|
1311
|
-
} catch (e) {
|
|
1312
|
-
return this.createError({ path: "ids", message: e.message });
|
|
1313
|
-
}
|
|
1314
|
-
return true;
|
|
1315
|
-
}
|
|
1316
|
-
)
|
|
1317
|
-
}).noUnknown();
|
|
1318
|
-
const roleDeleteSchema = utils$1.yup.strapiID().required().test(
|
|
1319
|
-
"no-admin-single-delete",
|
|
1320
|
-
"Role deletion checks have failed",
|
|
1321
|
-
async function noAdminSingleDelete(id) {
|
|
1322
|
-
try {
|
|
1323
|
-
await strapi.service("admin::role").checkRolesIdForDeletion([id]);
|
|
1324
|
-
if (strapi.ee.features.isEnabled("sso")) {
|
|
1325
|
-
await strapi.service("admin::role").ssoCheckRolesIdForDeletion([id]);
|
|
1326
|
-
}
|
|
1327
|
-
} catch (e) {
|
|
1328
|
-
return this.createError({ path: "id", message: e.message });
|
|
1329
|
-
}
|
|
1330
|
-
return true;
|
|
1331
|
-
}
|
|
1332
|
-
);
|
|
1333
|
-
const validateRoleCreateInput = utils$1.validateYupSchema(roleCreateSchema);
|
|
1334
|
-
const validateRolesDeleteInput = utils$1.validateYupSchema(rolesDeleteSchema);
|
|
1335
|
-
const validateRoleDeleteInput = utils$1.validateYupSchema(roleDeleteSchema);
|
|
1336
|
-
const role = {
|
|
1337
|
-
/**
|
|
1338
|
-
* Create a new role
|
|
1339
|
-
* @param {KoaContext} ctx - koa context
|
|
1340
|
-
*/
|
|
1341
|
-
async create(ctx) {
|
|
1342
|
-
await validateRoleCreateInput(ctx.request.body);
|
|
1343
|
-
const roleService = getService("role");
|
|
1344
|
-
const role2 = await roleService.create(ctx.request.body);
|
|
1345
|
-
const sanitizedRole = roleService.sanitizeRole(role2);
|
|
1346
|
-
ctx.created({ data: sanitizedRole });
|
|
1347
|
-
},
|
|
1348
|
-
/**
|
|
1349
|
-
* Delete a role
|
|
1350
|
-
* @param {KoaContext} ctx - koa context
|
|
1351
|
-
*/
|
|
1352
|
-
async deleteOne(ctx) {
|
|
1353
|
-
const { id } = ctx.params;
|
|
1354
|
-
await validateRoleDeleteInput(id);
|
|
1355
|
-
const roleService = getService("role");
|
|
1356
|
-
const roles2 = await roleService.deleteByIds([id]);
|
|
1357
|
-
const sanitizedRole = roles2.map((role2) => roleService.sanitizeRole(role2))[0] || null;
|
|
1358
|
-
return ctx.deleted({
|
|
1359
|
-
data: sanitizedRole
|
|
1360
|
-
});
|
|
1361
|
-
},
|
|
1362
|
-
/**
|
|
1363
|
-
* delete several roles
|
|
1364
|
-
* @param {KoaContext} ctx - koa context
|
|
1365
|
-
*/
|
|
1366
|
-
async deleteMany(ctx) {
|
|
1367
|
-
const { body } = ctx.request;
|
|
1368
|
-
await validateRolesDeleteInput(body);
|
|
1369
|
-
const roleService = getService("role");
|
|
1370
|
-
const roles2 = await roleService.deleteByIds(body.ids);
|
|
1371
|
-
const sanitizedRoles = roles2.map(roleService.sanitizeRole);
|
|
1372
|
-
return ctx.deleted({
|
|
1373
|
-
data: sanitizedRoles
|
|
1374
|
-
});
|
|
1375
|
-
}
|
|
1376
|
-
};
|
|
1377
|
-
const getDefaultActionAttributes = () => ({
|
|
1378
|
-
options: {
|
|
1379
|
-
applyToProperties: null
|
|
1380
|
-
}
|
|
1381
|
-
});
|
|
1382
|
-
const actionFields = [
|
|
1383
|
-
"section",
|
|
1384
|
-
"displayName",
|
|
1385
|
-
"category",
|
|
1386
|
-
"subCategory",
|
|
1387
|
-
"pluginName",
|
|
1388
|
-
"subjects",
|
|
1389
|
-
"options",
|
|
1390
|
-
"actionId",
|
|
1391
|
-
"aliases"
|
|
1392
|
-
];
|
|
1393
|
-
const sanitizeActionAttributes = fp.pick(actionFields);
|
|
1394
|
-
const computeActionId = (attributes) => {
|
|
1395
|
-
const { pluginName, uid } = attributes;
|
|
1396
|
-
if (!pluginName) {
|
|
1397
|
-
return `api::${uid}`;
|
|
1398
|
-
}
|
|
1399
|
-
if (pluginName === "admin") {
|
|
1400
|
-
return `admin::${uid}`;
|
|
1401
|
-
}
|
|
1402
|
-
return `plugin::${pluginName}.${uid}`;
|
|
1403
|
-
};
|
|
1404
|
-
const assignActionId = (attrs) => fp.set("actionId", computeActionId(attrs), attrs);
|
|
1405
|
-
const assignOrOmitSubCategory = (action) => {
|
|
1406
|
-
const shouldHaveSubCategory = ["settings", "plugins"].includes(action.section);
|
|
1407
|
-
return shouldHaveSubCategory ? fp.set("subCategory", action.subCategory || "general", action) : fp.omit("subCategory", action);
|
|
1408
|
-
};
|
|
1409
|
-
const appliesToProperty = fp.curry((property, action) => {
|
|
1410
|
-
return fp.pipe(fp.prop("options.applyToProperties"), fp.includes(property))(action);
|
|
1411
|
-
});
|
|
1412
|
-
const appliesToSubject = fp.curry((subject, action) => {
|
|
1413
|
-
return fp.isArray(action.subjects) && fp.includes(subject, action.subjects);
|
|
1414
|
-
});
|
|
1415
|
-
const create = fp.pipe(
|
|
1416
|
-
// Create and assign an action identifier to the action
|
|
1417
|
-
// (need to be done before the sanitizeActionAttributes since we need the uid here)
|
|
1418
|
-
assignActionId,
|
|
1419
|
-
// Add or remove the sub category field based on the pluginName attribute
|
|
1420
|
-
assignOrOmitSubCategory,
|
|
1421
|
-
// Remove unwanted attributes from the payload
|
|
1422
|
-
sanitizeActionAttributes,
|
|
1423
|
-
// Complete the action creation by adding default values for some attributes
|
|
1424
|
-
fp.merge(getDefaultActionAttributes())
|
|
1425
|
-
);
|
|
1426
|
-
const actionDomain = {
|
|
1427
|
-
actionFields,
|
|
1428
|
-
appliesToProperty,
|
|
1429
|
-
appliesToSubject,
|
|
1430
|
-
assignActionId,
|
|
1431
|
-
assignOrOmitSubCategory,
|
|
1432
|
-
create,
|
|
1433
|
-
computeActionId,
|
|
1434
|
-
getDefaultActionAttributes,
|
|
1435
|
-
sanitizeActionAttributes
|
|
1436
|
-
};
|
|
1437
|
-
const checkFieldsAreCorrectlyNested = (fields) => {
|
|
1438
|
-
if (___default.default.isNil(fields)) {
|
|
1439
|
-
return true;
|
|
1440
|
-
}
|
|
1441
|
-
if (!Array.isArray(fields)) {
|
|
1442
|
-
return false;
|
|
1443
|
-
}
|
|
1444
|
-
let failed = false;
|
|
1445
|
-
for (let indexA = 0; indexA < fields.length; indexA += 1) {
|
|
1446
|
-
failed = fields.slice(indexA + 1).some(
|
|
1447
|
-
(fieldB) => fieldB.startsWith(`${fields[indexA]}.`) || fields[indexA].startsWith(`${fieldB}.`)
|
|
1448
|
-
);
|
|
1449
|
-
if (failed)
|
|
1450
|
-
break;
|
|
1451
|
-
}
|
|
1452
|
-
return !failed;
|
|
1453
|
-
};
|
|
1454
|
-
const checkFieldsDontHaveDuplicates = (fields) => {
|
|
1455
|
-
if (___default.default.isNil(fields)) {
|
|
1456
|
-
return true;
|
|
1457
|
-
}
|
|
1458
|
-
if (!Array.isArray(fields)) {
|
|
1459
|
-
return false;
|
|
1460
|
-
}
|
|
1461
|
-
return ___default.default.uniq(fields).length === fields.length;
|
|
1462
|
-
};
|
|
1463
|
-
const getActionFromProvider = (actionId) => {
|
|
1464
|
-
return getService$1("permission").actionProvider.get(actionId);
|
|
1465
|
-
};
|
|
1466
|
-
const email = utils$1.yup.string().email().lowercase();
|
|
1467
|
-
const firstname = utils$1.yup.string().trim().min(1);
|
|
1468
|
-
const lastname = utils$1.yup.string();
|
|
1469
|
-
const username = utils$1.yup.string().min(1);
|
|
1470
|
-
const password = utils$1.yup.string().min(8).matches(/[a-z]/, "${path} must contain at least one lowercase character").matches(/[A-Z]/, "${path} must contain at least one uppercase character").matches(/\d/, "${path} must contain at least one number");
|
|
1471
|
-
const roles = utils$1.yup.array(utils$1.yup.strapiID()).min(1);
|
|
1472
|
-
const isAPluginName = utils$1.yup.string().test("is-a-plugin-name", "is not a plugin name", function(value) {
|
|
1473
|
-
return [void 0, "admin", ...Object.keys(strapi.plugins)].includes(value) ? true : this.createError({ path: this.path, message: `${this.path} is not an existing plugin` });
|
|
1474
|
-
});
|
|
1475
|
-
const arrayOfConditionNames = utils$1.yup.array().of(utils$1.yup.string()).test("is-an-array-of-conditions", "is not a plugin name", function(value) {
|
|
1476
|
-
const ids = strapi.service("admin::permission").conditionProvider.keys();
|
|
1477
|
-
return ___default.default.isUndefined(value) || ___default.default.difference(value, ids).length === 0 ? true : this.createError({ path: this.path, message: `contains conditions that don't exist` });
|
|
1478
|
-
});
|
|
1479
|
-
const permissionsAreEquals = (a, b) => a.action === b.action && (a.subject === b.subject || ___default.default.isNil(a.subject) && ___default.default.isNil(b.subject));
|
|
1480
|
-
const checkNoDuplicatedPermissions = (permissions) => !Array.isArray(permissions) || permissions.every(
|
|
1481
|
-
(permA, i) => permissions.slice(i + 1).every((permB) => !permissionsAreEquals(permA, permB))
|
|
1482
|
-
);
|
|
1483
|
-
const checkNilFields = (action) => function(fields) {
|
|
1484
|
-
if (fp.isNil(action)) {
|
|
1485
|
-
return true;
|
|
1486
|
-
}
|
|
1487
|
-
return actionDomain.appliesToProperty("fields", action) || fp.isNil(fields);
|
|
1488
|
-
};
|
|
1489
|
-
const fieldsPropertyValidation = (action) => utils$1.yup.array().of(utils$1.yup.string()).nullable().test(
|
|
1490
|
-
"field-nested",
|
|
1491
|
-
"Fields format are incorrect (bad nesting).",
|
|
1492
|
-
checkFieldsAreCorrectlyNested
|
|
1493
|
-
).test(
|
|
1494
|
-
"field-nested",
|
|
1495
|
-
"Fields format are incorrect (duplicates).",
|
|
1496
|
-
checkFieldsDontHaveDuplicates
|
|
1497
|
-
).test(
|
|
1498
|
-
"fields-restriction",
|
|
1499
|
-
"The permission at ${path} must have fields set to null or undefined",
|
|
1500
|
-
// @ts-expect-error yup types
|
|
1501
|
-
checkNilFields(action)
|
|
1502
|
-
);
|
|
1503
|
-
const permission = utils$1.yup.object().shape({
|
|
1504
|
-
action: utils$1.yup.string().required().test("action-validity", "action is not an existing permission action", function(actionId) {
|
|
1505
|
-
if (fp.isNil(actionId)) {
|
|
1506
|
-
return true;
|
|
1507
|
-
}
|
|
1508
|
-
return !!getActionFromProvider(actionId);
|
|
1509
|
-
}),
|
|
1510
|
-
actionParameters: utils$1.yup.object().nullable(),
|
|
1511
|
-
subject: utils$1.yup.string().nullable().test("subject-validity", "Invalid subject submitted", function(subject) {
|
|
1512
|
-
const action = getActionFromProvider(this.options.parent.action);
|
|
1513
|
-
if (!action) {
|
|
1514
|
-
return true;
|
|
1515
|
-
}
|
|
1516
|
-
if (fp.isNil(action.subjects)) {
|
|
1517
|
-
return fp.isNil(subject);
|
|
1518
|
-
}
|
|
1519
|
-
if (fp.isArray(action.subjects) && !fp.isNil(subject)) {
|
|
1520
|
-
return action.subjects.includes(subject);
|
|
1521
|
-
}
|
|
1522
|
-
return false;
|
|
1523
|
-
}),
|
|
1524
|
-
properties: utils$1.yup.object().test("properties-structure", "Invalid property set at ${path}", function(properties) {
|
|
1525
|
-
const action = getActionFromProvider(this.options.parent.action);
|
|
1526
|
-
const hasNoProperties = fp.isEmpty(properties) || fp.isNil(properties);
|
|
1527
|
-
if (!fp.has("options.applyToProperties", action)) {
|
|
1528
|
-
return hasNoProperties;
|
|
1529
|
-
}
|
|
1530
|
-
if (hasNoProperties) {
|
|
1531
|
-
return true;
|
|
1532
|
-
}
|
|
1533
|
-
const { applyToProperties } = action.options;
|
|
1534
|
-
if (!fp.isArray(applyToProperties)) {
|
|
1535
|
-
return false;
|
|
1536
|
-
}
|
|
1537
|
-
return Object.keys(properties).every((property) => applyToProperties.includes(property));
|
|
1538
|
-
}).test(
|
|
1539
|
-
"fields-property",
|
|
1540
|
-
"Invalid fields property at ${path}",
|
|
1541
|
-
async function(properties = {}) {
|
|
1542
|
-
const action = getActionFromProvider(this.options.parent.action);
|
|
1543
|
-
if (!action || !properties) {
|
|
1544
|
-
return true;
|
|
1545
|
-
}
|
|
1546
|
-
if (!actionDomain.appliesToProperty("fields", action)) {
|
|
1547
|
-
return true;
|
|
1548
|
-
}
|
|
1549
|
-
try {
|
|
1550
|
-
await fieldsPropertyValidation(action).validate(properties.fields, {
|
|
1551
|
-
strict: true,
|
|
1552
|
-
abortEarly: false
|
|
1553
|
-
});
|
|
1554
|
-
return true;
|
|
1555
|
-
} catch (e) {
|
|
1556
|
-
throw this.createError({
|
|
1557
|
-
message: e.message,
|
|
1558
|
-
path: `${this.path}.fields`
|
|
1559
|
-
});
|
|
1560
|
-
}
|
|
1561
|
-
}
|
|
1562
|
-
),
|
|
1563
|
-
conditions: utils$1.yup.array().of(utils$1.yup.string())
|
|
1564
|
-
}).noUnknown();
|
|
1565
|
-
const updatePermissions = utils$1.yup.object().shape({
|
|
1566
|
-
permissions: utils$1.yup.array().required().of(permission).test(
|
|
1567
|
-
"duplicated-permissions",
|
|
1568
|
-
"Some permissions are duplicated (same action and subject)",
|
|
1569
|
-
checkNoDuplicatedPermissions
|
|
1570
|
-
)
|
|
1571
|
-
}).required().noUnknown();
|
|
1572
|
-
const validators = {
|
|
1573
|
-
email,
|
|
1574
|
-
firstname,
|
|
1575
|
-
lastname,
|
|
1576
|
-
username,
|
|
1577
|
-
password,
|
|
1578
|
-
roles,
|
|
1579
|
-
isAPluginName,
|
|
1580
|
-
arrayOfConditionNames,
|
|
1581
|
-
permission,
|
|
1582
|
-
updatePermissions
|
|
1583
|
-
};
|
|
1584
|
-
const userCreationSchema = utils$1.yup.object().shape({
|
|
1585
|
-
email: validators.email.required(),
|
|
1586
|
-
firstname: validators.firstname.required(),
|
|
1587
|
-
lastname: validators.lastname,
|
|
1588
|
-
roles: validators.roles.min(1),
|
|
1589
|
-
preferedLanguage: utils$1.yup.string().nullable()
|
|
1590
|
-
}).noUnknown();
|
|
1591
|
-
const profileUpdateSchema = utils$1.yup.object().shape({
|
|
1592
|
-
email: validators.email.notNull(),
|
|
1593
|
-
firstname: validators.firstname.notNull(),
|
|
1594
|
-
lastname: validators.lastname.nullable(),
|
|
1595
|
-
username: validators.username.nullable(),
|
|
1596
|
-
password: validators.password.notNull(),
|
|
1597
|
-
currentPassword: utils$1.yup.string().when(
|
|
1598
|
-
"password",
|
|
1599
|
-
(password2, schema) => !fp.isUndefined(password2) ? schema.required() : schema
|
|
1600
|
-
).notNull(),
|
|
1601
|
-
preferedLanguage: utils$1.yup.string().nullable()
|
|
1602
|
-
}).noUnknown();
|
|
1603
|
-
const userUpdateSchema = utils$1.yup.object().shape({
|
|
1604
|
-
email: validators.email.notNull(),
|
|
1605
|
-
firstname: validators.firstname.notNull(),
|
|
1606
|
-
lastname: validators.lastname.nullable(),
|
|
1607
|
-
username: validators.username.nullable(),
|
|
1608
|
-
password: validators.password.notNull(),
|
|
1609
|
-
isActive: utils$1.yup.bool().notNull(),
|
|
1610
|
-
roles: validators.roles.min(1).notNull()
|
|
1611
|
-
}).noUnknown();
|
|
1612
|
-
const usersDeleteSchema = utils$1.yup.object().shape({
|
|
1613
|
-
ids: utils$1.yup.array().of(utils$1.yup.strapiID()).min(1).required()
|
|
1614
|
-
}).noUnknown();
|
|
1615
|
-
utils$1.validateYupSchema(userCreationSchema);
|
|
1616
|
-
utils$1.validateYupSchema(profileUpdateSchema);
|
|
1617
|
-
const validateUserUpdateInput = utils$1.validateYupSchema(userUpdateSchema);
|
|
1618
|
-
utils$1.validateYupSchema(usersDeleteSchema);
|
|
1619
|
-
const schemas = {
|
|
1620
|
-
userCreationSchema,
|
|
1621
|
-
usersDeleteSchema,
|
|
1622
|
-
userUpdateSchema
|
|
1623
|
-
};
|
|
1624
|
-
const ssoUserCreationInputExtension = utils$1.yup.object().shape({
|
|
1625
|
-
useSSORegistration: utils$1.yup.boolean()
|
|
1626
|
-
}).noUnknown();
|
|
1627
|
-
const validateUserCreationInput = (data) => {
|
|
1628
|
-
let schema = schemas.userCreationSchema;
|
|
1629
|
-
if (strapi.ee.features.isEnabled("sso")) {
|
|
1630
|
-
schema = schema.concat(ssoUserCreationInputExtension);
|
|
1631
|
-
}
|
|
1632
|
-
return utils$1.validateYupSchema(schema)(data);
|
|
1633
|
-
};
|
|
1634
|
-
const { ApplicationError, ForbiddenError } = utils$1.errors;
|
|
1635
|
-
const pickUserCreationAttributes = fp.pick(["firstname", "lastname", "email", "roles"]);
|
|
1636
|
-
const hasAdminSeatsAvaialble = async () => {
|
|
1637
|
-
if (!strapi.EE) {
|
|
1638
|
-
return true;
|
|
1639
|
-
}
|
|
1640
|
-
const permittedSeats = strapi.ee.seats;
|
|
1641
|
-
if (fp.isNil(permittedSeats)) {
|
|
1642
|
-
return true;
|
|
1643
|
-
}
|
|
1644
|
-
const userCount = await strapi.service("admin::user").getCurrentActiveUserCount();
|
|
1645
|
-
if (userCount < permittedSeats) {
|
|
1646
|
-
return true;
|
|
1647
|
-
}
|
|
1648
|
-
};
|
|
1649
|
-
const user = {
|
|
1650
|
-
async create(ctx) {
|
|
1651
|
-
if (!await hasAdminSeatsAvaialble()) {
|
|
1652
|
-
throw new ForbiddenError("License seat limit reached. You cannot create a new user");
|
|
1653
|
-
}
|
|
1654
|
-
const { body } = ctx.request;
|
|
1655
|
-
const cleanData = { ...body, email: ___default.default.get(body, `email`, ``).toLowerCase() };
|
|
1656
|
-
await validateUserCreationInput(cleanData);
|
|
1657
|
-
const attributes = pickUserCreationAttributes(cleanData);
|
|
1658
|
-
const { useSSORegistration } = cleanData;
|
|
1659
|
-
const userAlreadyExists = await getService("user").exists({ email: attributes.email });
|
|
1660
|
-
if (userAlreadyExists) {
|
|
1661
|
-
throw new ApplicationError("Email already taken");
|
|
1662
|
-
}
|
|
1663
|
-
if (useSSORegistration) {
|
|
1664
|
-
Object.assign(attributes, { registrationToken: null, isActive: true });
|
|
1665
|
-
}
|
|
1666
|
-
const createdUser = await getService("user").create(attributes);
|
|
1667
|
-
const userInfo = getService("user").sanitizeUser(createdUser);
|
|
1668
|
-
Object.assign(userInfo, { registrationToken: createdUser.registrationToken });
|
|
1669
|
-
ctx.created({ data: userInfo });
|
|
1670
|
-
},
|
|
1671
|
-
async update(ctx) {
|
|
1672
|
-
const { id } = ctx.params;
|
|
1673
|
-
const { body: input } = ctx.request;
|
|
1674
|
-
await validateUserUpdateInput(input);
|
|
1675
|
-
if (___default.default.has(input, "email")) {
|
|
1676
|
-
const uniqueEmailCheck = await getService("user").exists({
|
|
1677
|
-
id: { $ne: id },
|
|
1678
|
-
email: input.email
|
|
1679
|
-
});
|
|
1680
|
-
if (uniqueEmailCheck) {
|
|
1681
|
-
throw new ApplicationError("A user with this email address already exists");
|
|
1682
|
-
}
|
|
1683
|
-
}
|
|
1684
|
-
const user2 = await getService("user").findOne(id, null);
|
|
1685
|
-
if (!await hasAdminSeatsAvaialble() && !user2.isActive && input.isActive) {
|
|
1686
|
-
throw new ForbiddenError("License seat limit reached. You cannot active this user");
|
|
1687
|
-
}
|
|
1688
|
-
const updatedUser = await getService("user").updateById(id, input);
|
|
1689
|
-
if (!updatedUser) {
|
|
1690
|
-
return ctx.notFound("User does not exist");
|
|
1691
|
-
}
|
|
1692
|
-
ctx.body = {
|
|
1693
|
-
data: getService("user").sanitizeUser(updatedUser)
|
|
1694
|
-
};
|
|
1695
|
-
},
|
|
1696
|
-
async isSSOLocked(ctx) {
|
|
1697
|
-
const { user: user2 } = ctx.state;
|
|
1698
|
-
const isSSOLocked = await isSsoLocked(user2);
|
|
1699
|
-
ctx.body = {
|
|
1700
|
-
data: {
|
|
1701
|
-
isSSOLocked
|
|
1702
|
-
}
|
|
1703
|
-
};
|
|
1704
|
-
}
|
|
1705
|
-
};
|
|
1706
|
-
const admin = {
|
|
1707
|
-
// NOTE: Overrides CE admin controller
|
|
1708
|
-
async getProjectType() {
|
|
1709
|
-
const flags = strapi.config.get("admin.flags", {});
|
|
1710
|
-
try {
|
|
1711
|
-
return { data: { isEE: strapi.EE, features: strapi.ee.features.list(), flags } };
|
|
1712
|
-
} catch (err) {
|
|
1713
|
-
return { data: { isEE: false, features: [], flags } };
|
|
1714
|
-
}
|
|
1715
|
-
},
|
|
1716
|
-
async licenseLimitInformation() {
|
|
1717
|
-
const permittedSeats = strapi.ee.seats;
|
|
1718
|
-
let shouldNotify = false;
|
|
1719
|
-
let licenseLimitStatus = null;
|
|
1720
|
-
let enforcementUserCount;
|
|
1721
|
-
const currentActiveUserCount = await getService("user").getCurrentActiveUserCount();
|
|
1722
|
-
const eeDisabledUsers = await getService("seat-enforcement").getDisabledUserList();
|
|
1723
|
-
if (eeDisabledUsers) {
|
|
1724
|
-
enforcementUserCount = currentActiveUserCount + eeDisabledUsers.length;
|
|
1725
|
-
} else {
|
|
1726
|
-
enforcementUserCount = currentActiveUserCount;
|
|
1727
|
-
}
|
|
1728
|
-
if (!fp.isNil(permittedSeats) && enforcementUserCount > permittedSeats) {
|
|
1729
|
-
shouldNotify = true;
|
|
1730
|
-
licenseLimitStatus = "OVER_LIMIT";
|
|
1731
|
-
}
|
|
1732
|
-
if (!fp.isNil(permittedSeats) && enforcementUserCount === permittedSeats) {
|
|
1733
|
-
shouldNotify = true;
|
|
1734
|
-
licenseLimitStatus = "AT_LIMIT";
|
|
1735
|
-
}
|
|
1736
|
-
const data = {
|
|
1737
|
-
enforcementUserCount,
|
|
1738
|
-
currentActiveUserCount,
|
|
1739
|
-
permittedSeats,
|
|
1740
|
-
shouldNotify,
|
|
1741
|
-
shouldStopCreate: fp.isNil(permittedSeats) ? false : currentActiveUserCount >= permittedSeats,
|
|
1742
|
-
licenseLimitStatus,
|
|
1743
|
-
isHostedOnStrapiCloud: utils$1.env("STRAPI_HOSTING", null) === "strapi.cloud",
|
|
1744
|
-
features: strapi.ee.features.list() ?? []
|
|
1745
|
-
};
|
|
1746
|
-
return { data };
|
|
1747
|
-
}
|
|
1748
|
-
};
|
|
1749
|
-
const controllers = {
|
|
1750
|
-
authentication,
|
|
1751
|
-
role,
|
|
1752
|
-
user,
|
|
1753
|
-
admin
|
|
1754
|
-
};
|
|
1755
|
-
const enableFeatureMiddleware = (featureName) => (ctx, next) => {
|
|
1756
|
-
if (strapi.ee.features.isEnabled(featureName)) {
|
|
1757
|
-
return next();
|
|
1758
|
-
}
|
|
1759
|
-
ctx.status = 404;
|
|
1760
|
-
};
|
|
1761
|
-
const sso = {
|
|
1762
|
-
type: "admin",
|
|
1763
|
-
routes: [
|
|
1764
|
-
{
|
|
1765
|
-
method: "GET",
|
|
1766
|
-
path: "/providers",
|
|
1767
|
-
handler: "authentication.getProviders",
|
|
1768
|
-
config: {
|
|
1769
|
-
middlewares: [enableFeatureMiddleware("sso")],
|
|
1770
|
-
auth: false
|
|
1771
|
-
}
|
|
1772
|
-
},
|
|
1773
|
-
{
|
|
1774
|
-
method: "GET",
|
|
1775
|
-
path: "/connect/:provider",
|
|
1776
|
-
handler: "authentication.providerLogin",
|
|
1777
|
-
config: {
|
|
1778
|
-
middlewares: [enableFeatureMiddleware("sso")],
|
|
1779
|
-
auth: false
|
|
1780
|
-
}
|
|
1781
|
-
},
|
|
1782
|
-
{
|
|
1783
|
-
method: "POST",
|
|
1784
|
-
path: "/connect/:provider",
|
|
1785
|
-
handler: "authentication.providerLogin",
|
|
1786
|
-
config: {
|
|
1787
|
-
middlewares: [enableFeatureMiddleware("sso")],
|
|
1788
|
-
auth: false
|
|
1789
|
-
}
|
|
1790
|
-
},
|
|
1791
|
-
{
|
|
1792
|
-
method: "GET",
|
|
1793
|
-
path: "/providers/options",
|
|
1794
|
-
handler: "authentication.getProviderLoginOptions",
|
|
1795
|
-
config: {
|
|
1796
|
-
middlewares: [enableFeatureMiddleware("sso")],
|
|
1797
|
-
policies: [
|
|
1798
|
-
"admin::isAuthenticatedAdmin",
|
|
1799
|
-
{ name: "admin::hasPermissions", config: { actions: ["admin::provider-login.read"] } }
|
|
1800
|
-
]
|
|
1801
|
-
}
|
|
1802
|
-
},
|
|
1803
|
-
{
|
|
1804
|
-
method: "PUT",
|
|
1805
|
-
path: "/providers/options",
|
|
1806
|
-
handler: "authentication.updateProviderLoginOptions",
|
|
1807
|
-
config: {
|
|
1808
|
-
middlewares: [enableFeatureMiddleware("sso")],
|
|
1809
|
-
policies: [
|
|
1810
|
-
"admin::isAuthenticatedAdmin",
|
|
1811
|
-
{ name: "admin::hasPermissions", config: { actions: ["admin::provider-login.update"] } }
|
|
1812
|
-
]
|
|
1813
|
-
}
|
|
1814
|
-
},
|
|
1815
|
-
{
|
|
1816
|
-
method: "GET",
|
|
1817
|
-
path: "/providers/isSSOLocked",
|
|
1818
|
-
handler: "user.isSSOLocked",
|
|
1819
|
-
config: {
|
|
1820
|
-
middlewares: [enableFeatureMiddleware("sso")],
|
|
1821
|
-
policies: ["admin::isAuthenticatedAdmin"]
|
|
1822
|
-
}
|
|
1823
|
-
}
|
|
1824
|
-
]
|
|
1825
|
-
};
|
|
1826
|
-
const licenseLimit = {
|
|
1827
|
-
type: "admin",
|
|
1828
|
-
routes: [
|
|
1829
|
-
// License limit infos
|
|
1830
|
-
{
|
|
1831
|
-
method: "GET",
|
|
1832
|
-
path: "/license-limit-information",
|
|
1833
|
-
handler: "admin.licenseLimitInformation",
|
|
1834
|
-
config: {
|
|
1835
|
-
policies: [
|
|
1836
|
-
"admin::isAuthenticatedAdmin",
|
|
1837
|
-
{
|
|
1838
|
-
name: "admin::hasPermissions",
|
|
1839
|
-
config: {
|
|
1840
|
-
actions: [
|
|
1841
|
-
"admin::users.create",
|
|
1842
|
-
"admin::users.read",
|
|
1843
|
-
"admin::users.update",
|
|
1844
|
-
"admin::users.delete"
|
|
1845
|
-
]
|
|
1846
|
-
}
|
|
1847
|
-
}
|
|
1848
|
-
]
|
|
1849
|
-
}
|
|
1850
|
-
}
|
|
1851
|
-
]
|
|
1852
|
-
};
|
|
1853
|
-
const routes = {
|
|
1854
|
-
sso,
|
|
1855
|
-
"license-limit": licenseLimit
|
|
1856
|
-
};
|
|
1857
|
-
const auditLogsRoutes = {
|
|
1858
|
-
type: "admin",
|
|
1859
|
-
routes: [
|
|
1860
|
-
{
|
|
1861
|
-
method: "GET",
|
|
1862
|
-
path: "/audit-logs",
|
|
1863
|
-
handler: "audit-logs.findMany",
|
|
1864
|
-
config: {
|
|
1865
|
-
middlewares: [enableFeatureMiddleware("audit-logs")],
|
|
1866
|
-
policies: [
|
|
1867
|
-
"admin::isAuthenticatedAdmin",
|
|
1868
|
-
{
|
|
1869
|
-
name: "admin::hasPermissions",
|
|
1870
|
-
config: {
|
|
1871
|
-
actions: ["admin::audit-logs.read"]
|
|
1872
|
-
}
|
|
1873
|
-
}
|
|
1874
|
-
]
|
|
1875
|
-
}
|
|
1876
|
-
},
|
|
1877
|
-
{
|
|
1878
|
-
method: "GET",
|
|
1879
|
-
path: "/audit-logs/:id",
|
|
1880
|
-
handler: "audit-logs.findOne",
|
|
1881
|
-
config: {
|
|
1882
|
-
middlewares: [enableFeatureMiddleware("audit-logs")],
|
|
1883
|
-
policies: [
|
|
1884
|
-
"admin::isAuthenticatedAdmin",
|
|
1885
|
-
{
|
|
1886
|
-
name: "admin::hasPermissions",
|
|
1887
|
-
config: {
|
|
1888
|
-
actions: ["admin::audit-logs.read"]
|
|
1889
|
-
}
|
|
1890
|
-
}
|
|
1891
|
-
]
|
|
1892
|
-
}
|
|
1893
|
-
}
|
|
1894
|
-
]
|
|
1895
|
-
};
|
|
1896
|
-
const ALLOWED_SORT_STRINGS = ["action:ASC", "action:DESC", "date:ASC", "date:DESC"];
|
|
1897
|
-
const validateFindManySchema = utils$1.yup.object().shape({
|
|
1898
|
-
page: utils$1.yup.number().integer().min(1),
|
|
1899
|
-
pageSize: utils$1.yup.number().integer().min(1).max(100),
|
|
1900
|
-
sort: utils$1.yup.mixed().oneOf(ALLOWED_SORT_STRINGS)
|
|
1901
|
-
}).required();
|
|
1902
|
-
const validateFindMany = utils$1.validateYupSchema(validateFindManySchema, { strict: false });
|
|
1903
|
-
const auditLogsController = {
|
|
1904
|
-
async findMany(ctx) {
|
|
1905
|
-
const { query } = ctx.request;
|
|
1906
|
-
await validateFindMany(query);
|
|
1907
|
-
const auditLogs = strapi.get("audit-logs");
|
|
1908
|
-
const body = await auditLogs.findMany(query);
|
|
1909
|
-
ctx.body = body;
|
|
1910
|
-
},
|
|
1911
|
-
async findOne(ctx) {
|
|
1912
|
-
const { id } = ctx.params;
|
|
1913
|
-
const auditLogs = strapi.get("audit-logs");
|
|
1914
|
-
const body = await auditLogs.findOne(id);
|
|
1915
|
-
ctx.body = body;
|
|
1916
|
-
strapi.telemetry.send("didWatchAnAuditLog");
|
|
1917
|
-
}
|
|
1918
|
-
};
|
|
1919
|
-
const getSanitizedUser = (user2) => {
|
|
1920
|
-
let displayName = user2.email;
|
|
1921
|
-
if (user2.username) {
|
|
1922
|
-
displayName = user2.username;
|
|
1923
|
-
} else if (user2.firstname && user2.lastname) {
|
|
1924
|
-
displayName = `${user2.firstname} ${user2.lastname}`;
|
|
1925
|
-
}
|
|
1926
|
-
return {
|
|
1927
|
-
id: user2.id,
|
|
1928
|
-
email: user2.email,
|
|
1929
|
-
displayName
|
|
1930
|
-
};
|
|
1931
|
-
};
|
|
1932
|
-
const createAuditLogsService = (strapi2) => {
|
|
1933
|
-
return {
|
|
1934
|
-
async saveEvent(event) {
|
|
1935
|
-
const { userId, ...rest } = event;
|
|
1936
|
-
const auditLog2 = { ...rest, user: userId };
|
|
1937
|
-
await strapi2.db?.query("admin::audit-log").create({ data: auditLog2 });
|
|
1938
|
-
return this;
|
|
1939
|
-
},
|
|
1940
|
-
async findMany(query) {
|
|
1941
|
-
const { results, pagination } = await strapi2.db?.query("admin::audit-log").findPage({
|
|
1942
|
-
populate: ["user"],
|
|
1943
|
-
select: ["action", "date", "payload"],
|
|
1944
|
-
...strapi2.get("query-params").transform("admin::audit-log", query)
|
|
1945
|
-
});
|
|
1946
|
-
const sanitizedResults = results.map((result) => {
|
|
1947
|
-
const { user: user2, ...rest } = result;
|
|
1948
|
-
return {
|
|
1949
|
-
...rest,
|
|
1950
|
-
user: user2 ? getSanitizedUser(user2) : null
|
|
1951
|
-
};
|
|
1952
|
-
});
|
|
1953
|
-
return {
|
|
1954
|
-
results: sanitizedResults,
|
|
1955
|
-
pagination
|
|
1956
|
-
};
|
|
1957
|
-
},
|
|
1958
|
-
async findOne(id) {
|
|
1959
|
-
const result = await strapi2.db?.query("admin::audit-log").findOne({
|
|
1960
|
-
where: { id },
|
|
1961
|
-
populate: ["user"],
|
|
1962
|
-
select: ["action", "date", "payload"]
|
|
1963
|
-
});
|
|
1964
|
-
if (!result) {
|
|
1965
|
-
return null;
|
|
1966
|
-
}
|
|
1967
|
-
const { user: user2, ...rest } = result;
|
|
1968
|
-
return {
|
|
1969
|
-
...rest,
|
|
1970
|
-
user: user2 ? getSanitizedUser(user2) : null
|
|
1971
|
-
};
|
|
1972
|
-
},
|
|
1973
|
-
deleteExpiredEvents(expirationDate) {
|
|
1974
|
-
return strapi2.db?.query("admin::audit-log").deleteMany({
|
|
1975
|
-
where: {
|
|
1976
|
-
date: {
|
|
1977
|
-
$lt: expirationDate.toISOString()
|
|
1978
|
-
}
|
|
1979
|
-
}
|
|
1980
|
-
});
|
|
1981
|
-
}
|
|
1982
|
-
};
|
|
1983
|
-
};
|
|
1984
|
-
const DEFAULT_RETENTION_DAYS = 90;
|
|
1985
|
-
const defaultEvents = [
|
|
1986
|
-
"entry.create",
|
|
1987
|
-
"entry.update",
|
|
1988
|
-
"entry.delete",
|
|
1989
|
-
"entry.publish",
|
|
1990
|
-
"entry.unpublish",
|
|
1991
|
-
"media.create",
|
|
1992
|
-
"media.update",
|
|
1993
|
-
"media.delete",
|
|
1994
|
-
"media-folder.create",
|
|
1995
|
-
"media-folder.update",
|
|
1996
|
-
"media-folder.delete",
|
|
1997
|
-
"user.create",
|
|
1998
|
-
"user.update",
|
|
1999
|
-
"user.delete",
|
|
2000
|
-
"admin.auth.success",
|
|
2001
|
-
"admin.logout",
|
|
2002
|
-
"content-type.create",
|
|
2003
|
-
"content-type.update",
|
|
2004
|
-
"content-type.delete",
|
|
2005
|
-
"component.create",
|
|
2006
|
-
"component.update",
|
|
2007
|
-
"component.delete",
|
|
2008
|
-
"role.create",
|
|
2009
|
-
"role.update",
|
|
2010
|
-
"role.delete",
|
|
2011
|
-
"permission.create",
|
|
2012
|
-
"permission.update",
|
|
2013
|
-
"permission.delete"
|
|
2014
|
-
];
|
|
2015
|
-
const getEventMap = (defaultEvents2) => {
|
|
2016
|
-
const getDefaultPayload = (...args) => args[0];
|
|
2017
|
-
return defaultEvents2.reduce((acc, event) => {
|
|
2018
|
-
acc[event] = getDefaultPayload;
|
|
2019
|
-
return acc;
|
|
2020
|
-
}, {});
|
|
2021
|
-
};
|
|
2022
|
-
const getRetentionDays = (strapi2) => {
|
|
2023
|
-
const featureConfig = strapi2.ee.features.get("audit-logs");
|
|
2024
|
-
const licenseRetentionDays = typeof featureConfig === "object" && featureConfig?.options.retentionDays;
|
|
2025
|
-
const userRetentionDays = strapi2.config.get("admin.auditLogs.retentionDays");
|
|
2026
|
-
if (licenseRetentionDays == null) {
|
|
2027
|
-
return userRetentionDays ?? DEFAULT_RETENTION_DAYS;
|
|
2028
|
-
}
|
|
2029
|
-
if (userRetentionDays && userRetentionDays < licenseRetentionDays) {
|
|
2030
|
-
return userRetentionDays;
|
|
2031
|
-
}
|
|
2032
|
-
return licenseRetentionDays;
|
|
2033
|
-
};
|
|
2034
|
-
const createAuditLogsLifecycleService = (strapi2) => {
|
|
2035
|
-
const state = {};
|
|
2036
|
-
const auditLogsService = strapi2.get("audit-logs");
|
|
2037
|
-
const eventMap = getEventMap(defaultEvents);
|
|
2038
|
-
const processEvent = (name2, ...args) => {
|
|
2039
|
-
const requestState = strapi2.requestContext.get()?.state;
|
|
2040
|
-
const isUsingAdminAuth = requestState?.route.info.type === "admin";
|
|
2041
|
-
const user2 = requestState?.user;
|
|
2042
|
-
if (!isUsingAdminAuth || !user2) {
|
|
2043
|
-
return null;
|
|
2044
|
-
}
|
|
2045
|
-
const getPayload = eventMap[name2];
|
|
2046
|
-
if (!getPayload) {
|
|
2047
|
-
return null;
|
|
2048
|
-
}
|
|
2049
|
-
const ignoredUids = ["plugin::upload.file", "plugin::upload.folder"];
|
|
2050
|
-
if (ignoredUids.includes(args[0]?.uid)) {
|
|
2051
|
-
return null;
|
|
2052
|
-
}
|
|
2053
|
-
return {
|
|
2054
|
-
action: name2,
|
|
2055
|
-
date: (/* @__PURE__ */ new Date()).toISOString(),
|
|
2056
|
-
payload: getPayload(...args) || {},
|
|
2057
|
-
userId: user2.id
|
|
2058
|
-
};
|
|
2059
|
-
};
|
|
2060
|
-
const handleEvent = async (name2, ...args) => {
|
|
2061
|
-
const processedEvent = processEvent(name2, ...args);
|
|
2062
|
-
if (processedEvent) {
|
|
2063
|
-
await auditLogsService.saveEvent(processedEvent);
|
|
2064
|
-
}
|
|
2065
|
-
};
|
|
2066
|
-
return {
|
|
2067
|
-
async register() {
|
|
2068
|
-
if (!state.eeEnableUnsubscribe) {
|
|
2069
|
-
state.eeEnableUnsubscribe = strapi2.eventHub.on("ee.enable", () => {
|
|
2070
|
-
this.destroy();
|
|
2071
|
-
this.register();
|
|
2072
|
-
});
|
|
2073
|
-
}
|
|
2074
|
-
if (!state.eeUpdateUnsubscribe) {
|
|
2075
|
-
state.eeUpdateUnsubscribe = strapi2.eventHub.on("ee.update", () => {
|
|
2076
|
-
this.destroy();
|
|
2077
|
-
this.register();
|
|
2078
|
-
});
|
|
2079
|
-
}
|
|
2080
|
-
state.eeDisableUnsubscribe = strapi2.eventHub.on("ee.disable", () => {
|
|
2081
|
-
this.destroy();
|
|
2082
|
-
});
|
|
2083
|
-
if (!strapi2.ee.features.isEnabled("audit-logs")) {
|
|
2084
|
-
return this;
|
|
2085
|
-
}
|
|
2086
|
-
state.eventHubUnsubscribe = strapi2.eventHub.subscribe(handleEvent);
|
|
2087
|
-
const retentionDays = getRetentionDays(strapi2);
|
|
2088
|
-
state.deleteExpiredJob = nodeSchedule.scheduleJob("0 0 * * *", () => {
|
|
2089
|
-
const expirationDate = new Date(Date.now() - retentionDays * 24 * 60 * 60 * 1e3);
|
|
2090
|
-
auditLogsService.deleteExpiredEvents(expirationDate);
|
|
2091
|
-
});
|
|
2092
|
-
return this;
|
|
2093
|
-
},
|
|
2094
|
-
unsubscribe() {
|
|
2095
|
-
if (state.eeDisableUnsubscribe) {
|
|
2096
|
-
state.eeDisableUnsubscribe();
|
|
2097
|
-
}
|
|
2098
|
-
if (state.eventHubUnsubscribe) {
|
|
2099
|
-
state.eventHubUnsubscribe();
|
|
2100
|
-
}
|
|
2101
|
-
if (state.deleteExpiredJob) {
|
|
2102
|
-
state.deleteExpiredJob.cancel();
|
|
2103
|
-
}
|
|
2104
|
-
return this;
|
|
2105
|
-
},
|
|
2106
|
-
destroy() {
|
|
2107
|
-
return this.unsubscribe();
|
|
2108
|
-
}
|
|
2109
|
-
};
|
|
2110
|
-
};
|
|
2111
|
-
const auditLog = {
|
|
2112
|
-
schema: {
|
|
2113
|
-
kind: "collectionType",
|
|
2114
|
-
collectionName: "strapi_audit_logs",
|
|
2115
|
-
info: {
|
|
2116
|
-
singularName: "audit-log",
|
|
2117
|
-
pluralName: "audit-logs",
|
|
2118
|
-
displayName: "Audit Log"
|
|
2119
|
-
},
|
|
2120
|
-
options: {
|
|
2121
|
-
timestamps: false
|
|
2122
|
-
},
|
|
2123
|
-
pluginOptions: {
|
|
2124
|
-
"content-manager": {
|
|
2125
|
-
visible: false
|
|
2126
|
-
},
|
|
2127
|
-
"content-type-builder": {
|
|
2128
|
-
visible: false
|
|
2129
|
-
}
|
|
2130
|
-
},
|
|
2131
|
-
attributes: {
|
|
2132
|
-
action: {
|
|
2133
|
-
type: "string",
|
|
2134
|
-
required: true
|
|
2135
|
-
},
|
|
2136
|
-
date: {
|
|
2137
|
-
type: "datetime",
|
|
2138
|
-
required: true
|
|
2139
|
-
},
|
|
2140
|
-
user: {
|
|
2141
|
-
type: "relation",
|
|
2142
|
-
relation: "oneToOne",
|
|
2143
|
-
target: "admin::user"
|
|
2144
|
-
},
|
|
2145
|
-
payload: {
|
|
2146
|
-
type: "json"
|
|
2147
|
-
}
|
|
2148
|
-
}
|
|
2149
|
-
}
|
|
2150
|
-
};
|
|
2151
|
-
const getAdminEE = () => {
|
|
2152
|
-
const eeAdmin = {
|
|
2153
|
-
register,
|
|
2154
|
-
bootstrap,
|
|
2155
|
-
destroy,
|
|
2156
|
-
contentTypes: {
|
|
2157
|
-
// Always register the audit-log content type to prevent data loss
|
|
2158
|
-
"audit-log": auditLog,
|
|
2159
|
-
...adminContentTypes
|
|
2160
|
-
},
|
|
2161
|
-
services,
|
|
2162
|
-
controllers,
|
|
2163
|
-
routes
|
|
2164
|
-
};
|
|
2165
|
-
if (strapi.config.get("admin.auditLogs.enabled", true) && strapi.ee.features.isEnabled("audit-logs")) {
|
|
2166
|
-
return {
|
|
2167
|
-
...eeAdmin,
|
|
2168
|
-
controllers: {
|
|
2169
|
-
...eeAdmin.controllers,
|
|
2170
|
-
"audit-logs": auditLogsController
|
|
2171
|
-
},
|
|
2172
|
-
routes: {
|
|
2173
|
-
...eeAdmin.routes,
|
|
2174
|
-
"audit-logs": auditLogsRoutes
|
|
2175
|
-
},
|
|
2176
|
-
async register({ strapi: strapi2 }) {
|
|
2177
|
-
await eeAdmin.register({ strapi: strapi2 });
|
|
2178
|
-
strapi2.add("audit-logs", createAuditLogsService(strapi2));
|
|
2179
|
-
const auditLogsLifecycle = createAuditLogsLifecycleService(strapi2);
|
|
2180
|
-
strapi2.add("audit-logs-lifecycle", auditLogsLifecycle);
|
|
2181
|
-
await auditLogsLifecycle.register();
|
|
2182
|
-
},
|
|
2183
|
-
async destroy({ strapi: strapi2 }) {
|
|
2184
|
-
strapi2.get("audit-logs-lifecycle").destroy();
|
|
2185
|
-
await eeAdmin.destroy({ strapi: strapi2 });
|
|
2186
|
-
}
|
|
2187
|
-
};
|
|
2188
|
-
}
|
|
2189
|
-
return eeAdmin;
|
|
2190
|
-
};
|
|
2191
|
-
const index = getAdminEE();
|
|
2192
|
-
module.exports = index;
|
|
2193
|
-
//# sourceMappingURL=index.js.map
|