@strapi/admin 5.26.0 → 5.28.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (318) hide show
  1. package/dist/admin/admin/src/components/DragLayer.js +67 -0
  2. package/dist/admin/admin/src/components/DragLayer.js.map +1 -0
  3. package/dist/admin/admin/src/components/DragLayer.mjs +64 -0
  4. package/dist/admin/admin/src/components/DragLayer.mjs.map +1 -0
  5. package/dist/admin/admin/src/components/ErrorElement.js +10 -3
  6. package/dist/admin/admin/src/components/ErrorElement.js.map +1 -1
  7. package/dist/admin/admin/src/components/ErrorElement.mjs +10 -3
  8. package/dist/admin/admin/src/components/ErrorElement.mjs.map +1 -1
  9. package/dist/admin/admin/src/components/GapDropZone.js +292 -0
  10. package/dist/admin/admin/src/components/GapDropZone.js.map +1 -0
  11. package/dist/admin/admin/src/components/GapDropZone.mjs +268 -0
  12. package/dist/admin/admin/src/components/GapDropZone.mjs.map +1 -0
  13. package/dist/admin/admin/src/components/GuidedTour/Context.js +15 -0
  14. package/dist/admin/admin/src/components/GuidedTour/Context.js.map +1 -1
  15. package/dist/admin/admin/src/components/GuidedTour/Context.mjs +15 -0
  16. package/dist/admin/admin/src/components/GuidedTour/Context.mjs.map +1 -1
  17. package/dist/admin/admin/src/components/GuidedTour/GuidedTourProvider.js +15 -0
  18. package/dist/admin/admin/src/components/GuidedTour/GuidedTourProvider.js.map +1 -0
  19. package/dist/admin/admin/src/components/GuidedTour/GuidedTourProvider.mjs +13 -0
  20. package/dist/admin/admin/src/components/GuidedTour/GuidedTourProvider.mjs.map +1 -0
  21. package/dist/admin/admin/src/components/GuidedTour/Overview.js +2 -1
  22. package/dist/admin/admin/src/components/GuidedTour/Overview.js.map +1 -1
  23. package/dist/admin/admin/src/components/GuidedTour/Overview.mjs +2 -1
  24. package/dist/admin/admin/src/components/GuidedTour/Overview.mjs.map +1 -1
  25. package/dist/admin/admin/src/components/GuidedTour/Steps/ContentTypeBuilderSteps.js +2 -2
  26. package/dist/admin/admin/src/components/GuidedTour/Steps/ContentTypeBuilderSteps.js.map +1 -1
  27. package/dist/admin/admin/src/components/GuidedTour/Steps/ContentTypeBuilderSteps.mjs +2 -2
  28. package/dist/admin/admin/src/components/GuidedTour/Steps/ContentTypeBuilderSteps.mjs.map +1 -1
  29. package/dist/admin/admin/src/components/GuidedTour/Tours.js +1 -1
  30. package/dist/admin/admin/src/components/GuidedTour/Tours.js.map +1 -1
  31. package/dist/admin/admin/src/components/GuidedTour/Tours.mjs +1 -1
  32. package/dist/admin/admin/src/components/GuidedTour/Tours.mjs.map +1 -1
  33. package/dist/admin/admin/src/components/Layouts/ActionLayout.js +3 -2
  34. package/dist/admin/admin/src/components/Layouts/ActionLayout.js.map +1 -1
  35. package/dist/admin/admin/src/components/Layouts/ActionLayout.mjs +3 -2
  36. package/dist/admin/admin/src/components/Layouts/ActionLayout.mjs.map +1 -1
  37. package/dist/admin/admin/src/components/Layouts/ContentLayout.js +3 -2
  38. package/dist/admin/admin/src/components/Layouts/ContentLayout.js.map +1 -1
  39. package/dist/admin/admin/src/components/Layouts/ContentLayout.mjs +3 -2
  40. package/dist/admin/admin/src/components/Layouts/ContentLayout.mjs.map +1 -1
  41. package/dist/admin/admin/src/components/Layouts/HeaderLayout.js +65 -32
  42. package/dist/admin/admin/src/components/Layouts/HeaderLayout.js.map +1 -1
  43. package/dist/admin/admin/src/components/Layouts/HeaderLayout.mjs +66 -33
  44. package/dist/admin/admin/src/components/Layouts/HeaderLayout.mjs.map +1 -1
  45. package/dist/admin/admin/src/components/Layouts/Layout.js +29 -6
  46. package/dist/admin/admin/src/components/Layouts/Layout.js.map +1 -1
  47. package/dist/admin/admin/src/components/Layouts/Layout.mjs +30 -7
  48. package/dist/admin/admin/src/components/Layouts/Layout.mjs.map +1 -1
  49. package/dist/admin/admin/src/components/LeftMenu.js +147 -92
  50. package/dist/admin/admin/src/components/LeftMenu.js.map +1 -1
  51. package/dist/admin/admin/src/components/LeftMenu.mjs +131 -95
  52. package/dist/admin/admin/src/components/LeftMenu.mjs.map +1 -1
  53. package/dist/admin/admin/src/components/MainNav/MainNav.js +20 -6
  54. package/dist/admin/admin/src/components/MainNav/MainNav.js.map +1 -1
  55. package/dist/admin/admin/src/components/MainNav/MainNav.mjs +20 -6
  56. package/dist/admin/admin/src/components/MainNav/MainNav.mjs.map +1 -1
  57. package/dist/admin/admin/src/components/MainNav/MainNavLinks.js +157 -0
  58. package/dist/admin/admin/src/components/MainNav/MainNavLinks.js.map +1 -0
  59. package/dist/admin/admin/src/components/MainNav/MainNavLinks.mjs +154 -0
  60. package/dist/admin/admin/src/components/MainNav/MainNavLinks.mjs.map +1 -0
  61. package/dist/admin/admin/src/components/MainNav/NavBurgerMenu.js +65 -0
  62. package/dist/admin/admin/src/components/MainNav/NavBurgerMenu.js.map +1 -0
  63. package/dist/admin/admin/src/components/MainNav/NavBurgerMenu.mjs +63 -0
  64. package/dist/admin/admin/src/components/MainNav/NavBurgerMenu.mjs.map +1 -0
  65. package/dist/admin/admin/src/components/MainNav/NavLink.js +2 -1
  66. package/dist/admin/admin/src/components/MainNav/NavLink.js.map +1 -1
  67. package/dist/admin/admin/src/components/MainNav/NavLink.mjs +2 -1
  68. package/dist/admin/admin/src/components/MainNav/NavLink.mjs.map +1 -1
  69. package/dist/admin/admin/src/components/MainNav/NavUser.js +39 -22
  70. package/dist/admin/admin/src/components/MainNav/NavUser.js.map +1 -1
  71. package/dist/admin/admin/src/components/MainNav/NavUser.mjs +39 -22
  72. package/dist/admin/admin/src/components/MainNav/NavUser.mjs.map +1 -1
  73. package/dist/admin/admin/src/components/MainNav/TrialCountdown.js +8 -1
  74. package/dist/admin/admin/src/components/MainNav/TrialCountdown.js.map +1 -1
  75. package/dist/admin/admin/src/components/MainNav/TrialCountdown.mjs +9 -2
  76. package/dist/admin/admin/src/components/MainNav/TrialCountdown.mjs.map +1 -1
  77. package/dist/admin/admin/src/components/NpsSurvey.js +159 -119
  78. package/dist/admin/admin/src/components/NpsSurvey.js.map +1 -1
  79. package/dist/admin/admin/src/components/NpsSurvey.mjs +160 -120
  80. package/dist/admin/admin/src/components/NpsSurvey.mjs.map +1 -1
  81. package/dist/admin/admin/src/components/PageHelpers.js +1 -1
  82. package/dist/admin/admin/src/components/PageHelpers.js.map +1 -1
  83. package/dist/admin/admin/src/components/PageHelpers.mjs +1 -1
  84. package/dist/admin/admin/src/components/PageHelpers.mjs.map +1 -1
  85. package/dist/admin/admin/src/components/Providers.js +2 -4
  86. package/dist/admin/admin/src/components/Providers.js.map +1 -1
  87. package/dist/admin/admin/src/components/Providers.mjs +2 -4
  88. package/dist/admin/admin/src/components/Providers.mjs.map +1 -1
  89. package/dist/admin/admin/src/components/ResizeIndicator.js +353 -0
  90. package/dist/admin/admin/src/components/ResizeIndicator.js.map +1 -0
  91. package/dist/admin/admin/src/components/ResizeIndicator.mjs +332 -0
  92. package/dist/admin/admin/src/components/ResizeIndicator.mjs.map +1 -0
  93. package/dist/admin/admin/src/components/SubNav.js +98 -33
  94. package/dist/admin/admin/src/components/SubNav.js.map +1 -1
  95. package/dist/admin/admin/src/components/SubNav.mjs +99 -34
  96. package/dist/admin/admin/src/components/SubNav.mjs.map +1 -1
  97. package/dist/admin/admin/src/components/UpsellBanner.js +3 -2
  98. package/dist/admin/admin/src/components/UpsellBanner.js.map +1 -1
  99. package/dist/admin/admin/src/components/UpsellBanner.mjs +3 -2
  100. package/dist/admin/admin/src/components/UpsellBanner.mjs.map +1 -1
  101. package/dist/admin/admin/src/components/WidgetRoot.js +216 -0
  102. package/dist/admin/admin/src/components/WidgetRoot.js.map +1 -0
  103. package/dist/admin/admin/src/components/WidgetRoot.mjs +195 -0
  104. package/dist/admin/admin/src/components/WidgetRoot.mjs.map +1 -0
  105. package/dist/admin/admin/src/constants/theme.js +12 -0
  106. package/dist/admin/admin/src/constants/theme.js.map +1 -0
  107. package/dist/admin/admin/src/constants/theme.mjs +9 -0
  108. package/dist/admin/admin/src/constants/theme.mjs.map +1 -0
  109. package/dist/admin/admin/src/features/Notifications.js +14 -7
  110. package/dist/admin/admin/src/features/Notifications.js.map +1 -1
  111. package/dist/admin/admin/src/features/Notifications.mjs +15 -8
  112. package/dist/admin/admin/src/features/Notifications.mjs.map +1 -1
  113. package/dist/admin/admin/src/features/Tracking.js +5 -1
  114. package/dist/admin/admin/src/features/Tracking.js.map +1 -1
  115. package/dist/admin/admin/src/features/Tracking.mjs +5 -1
  116. package/dist/admin/admin/src/features/Tracking.mjs.map +1 -1
  117. package/dist/admin/admin/src/features/Widgets.js +276 -0
  118. package/dist/admin/admin/src/features/Widgets.js.map +1 -0
  119. package/dist/admin/admin/src/features/Widgets.mjs +255 -0
  120. package/dist/admin/admin/src/features/Widgets.mjs.map +1 -0
  121. package/dist/admin/admin/src/hooks/useAPIErrorHandler.js +1 -1
  122. package/dist/admin/admin/src/hooks/useAPIErrorHandler.js.map +1 -1
  123. package/dist/admin/admin/src/hooks/useAPIErrorHandler.mjs +1 -1
  124. package/dist/admin/admin/src/hooks/useAPIErrorHandler.mjs.map +1 -1
  125. package/dist/admin/admin/src/hooks/useDeviceType.js +43 -0
  126. package/dist/admin/admin/src/hooks/useDeviceType.js.map +1 -0
  127. package/dist/admin/admin/src/hooks/useDeviceType.mjs +22 -0
  128. package/dist/admin/admin/src/hooks/useDeviceType.mjs.map +1 -0
  129. package/dist/admin/admin/src/hooks/useMediaQuery.js +70 -0
  130. package/dist/admin/admin/src/hooks/useMediaQuery.js.map +1 -0
  131. package/dist/admin/admin/src/hooks/useMediaQuery.mjs +46 -0
  132. package/dist/admin/admin/src/hooks/useMediaQuery.mjs.map +1 -0
  133. package/dist/admin/admin/src/hooks/useMenu.js +19 -0
  134. package/dist/admin/admin/src/hooks/useMenu.js.map +1 -1
  135. package/dist/admin/admin/src/hooks/useMenu.mjs +19 -0
  136. package/dist/admin/admin/src/hooks/useMenu.mjs.map +1 -1
  137. package/dist/admin/admin/src/layouts/AuthenticatedLayout.js +15 -2
  138. package/dist/admin/admin/src/layouts/AuthenticatedLayout.js.map +1 -1
  139. package/dist/admin/admin/src/layouts/AuthenticatedLayout.mjs +15 -2
  140. package/dist/admin/admin/src/layouts/AuthenticatedLayout.mjs.map +1 -1
  141. package/dist/admin/admin/src/layouts/UnauthenticatedLayout.js +11 -7
  142. package/dist/admin/admin/src/layouts/UnauthenticatedLayout.js.map +1 -1
  143. package/dist/admin/admin/src/layouts/UnauthenticatedLayout.mjs +11 -7
  144. package/dist/admin/admin/src/layouts/UnauthenticatedLayout.mjs.map +1 -1
  145. package/dist/admin/admin/src/pages/Auth/components/Login.js +3 -0
  146. package/dist/admin/admin/src/pages/Auth/components/Login.js.map +1 -1
  147. package/dist/admin/admin/src/pages/Auth/components/Login.mjs +3 -0
  148. package/dist/admin/admin/src/pages/Auth/components/Login.mjs.map +1 -1
  149. package/dist/admin/admin/src/pages/Home/HomePage.js +200 -130
  150. package/dist/admin/admin/src/pages/Home/HomePage.js.map +1 -1
  151. package/dist/admin/admin/src/pages/Home/HomePage.mjs +202 -132
  152. package/dist/admin/admin/src/pages/Home/HomePage.mjs.map +1 -1
  153. package/dist/admin/admin/src/pages/Home/components/AddWidgetModal.js +189 -0
  154. package/dist/admin/admin/src/pages/Home/components/AddWidgetModal.js.map +1 -0
  155. package/dist/admin/admin/src/pages/Home/components/AddWidgetModal.mjs +168 -0
  156. package/dist/admin/admin/src/pages/Home/components/AddWidgetModal.mjs.map +1 -0
  157. package/dist/admin/admin/src/pages/ProfilePage.js +54 -51
  158. package/dist/admin/admin/src/pages/ProfilePage.js.map +1 -1
  159. package/dist/admin/admin/src/pages/ProfilePage.mjs +55 -52
  160. package/dist/admin/admin/src/pages/ProfilePage.mjs.map +1 -1
  161. package/dist/admin/admin/src/pages/Settings/Layout.js +42 -6
  162. package/dist/admin/admin/src/pages/Settings/Layout.js.map +1 -1
  163. package/dist/admin/admin/src/pages/Settings/Layout.mjs +43 -7
  164. package/dist/admin/admin/src/pages/Settings/Layout.mjs.map +1 -1
  165. package/dist/admin/admin/src/pages/Settings/components/SettingsNav.js +44 -32
  166. package/dist/admin/admin/src/pages/Settings/components/SettingsNav.js.map +1 -1
  167. package/dist/admin/admin/src/pages/Settings/components/SettingsNav.mjs +45 -33
  168. package/dist/admin/admin/src/pages/Settings/components/SettingsNav.mjs.map +1 -1
  169. package/dist/admin/admin/src/pages/Settings/pages/ApplicationInfo/ApplicationInfoPage.js +1 -1
  170. package/dist/admin/admin/src/pages/Settings/pages/ApplicationInfo/ApplicationInfoPage.js.map +1 -1
  171. package/dist/admin/admin/src/pages/Settings/pages/ApplicationInfo/ApplicationInfoPage.mjs +2 -2
  172. package/dist/admin/admin/src/pages/Settings/pages/ApplicationInfo/ApplicationInfoPage.mjs.map +1 -1
  173. package/dist/admin/admin/src/pages/Settings/pages/InstalledPlugins.js +1 -1
  174. package/dist/admin/admin/src/pages/Settings/pages/InstalledPlugins.js.map +1 -1
  175. package/dist/admin/admin/src/pages/Settings/pages/InstalledPlugins.mjs +2 -2
  176. package/dist/admin/admin/src/pages/Settings/pages/InstalledPlugins.mjs.map +1 -1
  177. package/dist/admin/admin/src/pages/Settings/pages/PurchaseAuditLogs.js +4 -3
  178. package/dist/admin/admin/src/pages/Settings/pages/PurchaseAuditLogs.js.map +1 -1
  179. package/dist/admin/admin/src/pages/Settings/pages/PurchaseAuditLogs.mjs +5 -4
  180. package/dist/admin/admin/src/pages/Settings/pages/PurchaseAuditLogs.mjs.map +1 -1
  181. package/dist/admin/admin/src/pages/Settings/pages/PurchaseContentHistory.js +4 -3
  182. package/dist/admin/admin/src/pages/Settings/pages/PurchaseContentHistory.js.map +1 -1
  183. package/dist/admin/admin/src/pages/Settings/pages/PurchaseContentHistory.mjs +5 -4
  184. package/dist/admin/admin/src/pages/Settings/pages/PurchaseContentHistory.mjs.map +1 -1
  185. package/dist/admin/admin/src/pages/Settings/pages/PurchaseSingleSignOn.js +4 -3
  186. package/dist/admin/admin/src/pages/Settings/pages/PurchaseSingleSignOn.js.map +1 -1
  187. package/dist/admin/admin/src/pages/Settings/pages/PurchaseSingleSignOn.mjs +5 -4
  188. package/dist/admin/admin/src/pages/Settings/pages/PurchaseSingleSignOn.mjs.map +1 -1
  189. package/dist/admin/admin/src/pages/Settings/pages/Roles/components/ContentTypeCollapses.js +36 -32
  190. package/dist/admin/admin/src/pages/Settings/pages/Roles/components/ContentTypeCollapses.js.map +1 -1
  191. package/dist/admin/admin/src/pages/Settings/pages/Roles/components/ContentTypeCollapses.mjs +36 -32
  192. package/dist/admin/admin/src/pages/Settings/pages/Roles/components/ContentTypeCollapses.mjs.map +1 -1
  193. package/dist/admin/admin/src/pages/Settings/pages/Webhooks/ListPage.js +1 -1
  194. package/dist/admin/admin/src/pages/Settings/pages/Webhooks/ListPage.js.map +1 -1
  195. package/dist/admin/admin/src/pages/Settings/pages/Webhooks/ListPage.mjs +1 -1
  196. package/dist/admin/admin/src/pages/Settings/pages/Webhooks/ListPage.mjs.map +1 -1
  197. package/dist/admin/admin/src/services/api.js +2 -1
  198. package/dist/admin/admin/src/services/api.js.map +1 -1
  199. package/dist/admin/admin/src/services/api.mjs +2 -1
  200. package/dist/admin/admin/src/services/api.mjs.map +1 -1
  201. package/dist/admin/admin/src/services/auth.js +13 -2
  202. package/dist/admin/admin/src/services/auth.js.map +1 -1
  203. package/dist/admin/admin/src/services/auth.mjs +12 -3
  204. package/dist/admin/admin/src/services/auth.mjs.map +1 -1
  205. package/dist/admin/admin/src/services/homepage.js +11 -4
  206. package/dist/admin/admin/src/services/homepage.js.map +1 -1
  207. package/dist/admin/admin/src/services/homepage.mjs +11 -4
  208. package/dist/admin/admin/src/services/homepage.mjs.map +1 -1
  209. package/dist/admin/admin/src/translations/en.json.js +7 -1
  210. package/dist/admin/admin/src/translations/en.json.js.map +1 -1
  211. package/dist/admin/admin/src/translations/en.json.mjs +7 -1
  212. package/dist/admin/admin/src/translations/en.json.mjs.map +1 -1
  213. package/dist/admin/admin/src/translations/uk.json.js +9 -9
  214. package/dist/admin/admin/src/translations/uk.json.mjs +9 -9
  215. package/dist/admin/admin/src/utils/resizeHandlers.js +109 -0
  216. package/dist/admin/admin/src/utils/resizeHandlers.js.map +1 -0
  217. package/dist/admin/admin/src/utils/resizeHandlers.mjs +100 -0
  218. package/dist/admin/admin/src/utils/resizeHandlers.mjs.map +1 -0
  219. package/dist/admin/admin/src/utils/widgetLayout.js +293 -0
  220. package/dist/admin/admin/src/utils/widgetLayout.js.map +1 -0
  221. package/dist/admin/admin/src/utils/widgetLayout.mjs +273 -0
  222. package/dist/admin/admin/src/utils/widgetLayout.mjs.map +1 -0
  223. package/dist/admin/ee/admin/src/pages/SettingsPage/pages/SingleSignOnPage.js +1 -1
  224. package/dist/admin/ee/admin/src/pages/SettingsPage/pages/SingleSignOnPage.js.map +1 -1
  225. package/dist/admin/ee/admin/src/pages/SettingsPage/pages/SingleSignOnPage.mjs +1 -1
  226. package/dist/admin/ee/admin/src/pages/SettingsPage/pages/SingleSignOnPage.mjs.map +1 -1
  227. package/dist/admin/ee/admin/src/services/ai.js +5 -2
  228. package/dist/admin/ee/admin/src/services/ai.js.map +1 -1
  229. package/dist/admin/ee/admin/src/services/ai.mjs +5 -2
  230. package/dist/admin/ee/admin/src/services/ai.mjs.map +1 -1
  231. package/dist/admin/index.js +11 -0
  232. package/dist/admin/index.js.map +1 -1
  233. package/dist/admin/index.mjs +4 -0
  234. package/dist/admin/index.mjs.map +1 -1
  235. package/dist/admin/src/components/DragLayer.d.ts +8 -4
  236. package/dist/admin/src/components/GapDropZone.d.ts +36 -0
  237. package/dist/admin/src/components/GuidedTour/Context.d.ts +4 -0
  238. package/dist/admin/src/components/GuidedTour/GuidedTourProvider.d.ts +6 -0
  239. package/dist/admin/src/components/LeftMenu.d.ts +2 -2
  240. package/dist/admin/src/components/MainNav/MainNavLinks.d.ts +11 -0
  241. package/dist/admin/src/components/MainNav/NavBurgerMenu.d.ts +9 -0
  242. package/dist/admin/src/components/MainNav/NavUser.d.ts +5 -4
  243. package/dist/admin/src/components/ResizeIndicator.d.ts +12 -0
  244. package/dist/admin/src/components/SubNav.d.ts +18 -5
  245. package/dist/admin/src/components/WidgetRoot.d.ts +14 -0
  246. package/dist/admin/src/constants/theme.d.ts +7 -0
  247. package/dist/admin/src/core/store/configure.d.ts +2 -2
  248. package/dist/admin/src/core/store/hooks.d.ts +2 -2
  249. package/dist/admin/src/features/Tracking.d.ts +1 -1
  250. package/dist/admin/src/features/Widgets.d.ts +29 -0
  251. package/dist/admin/src/hooks/useAdminRoles.d.ts +1 -1
  252. package/dist/admin/src/hooks/useDeviceType.d.ts +6 -0
  253. package/dist/admin/src/hooks/useMediaQuery.d.ts +21 -0
  254. package/dist/admin/src/hooks/useMenu.d.ts +9 -1
  255. package/dist/admin/src/index.d.ts +4 -0
  256. package/dist/admin/src/pages/Home/HomePage.d.ts +4 -5
  257. package/dist/admin/src/pages/Home/components/AddWidgetModal.d.ts +10 -0
  258. package/dist/admin/src/pages/Settings/components/SettingsNav.d.ts +3 -6
  259. package/dist/admin/src/pages/Settings/pages/Webhooks/hooks/useWebhooks.d.ts +4 -4
  260. package/dist/admin/src/selectors.d.ts +2 -2
  261. package/dist/admin/src/services/admin.d.ts +6 -6
  262. package/dist/admin/src/services/api.d.ts +1 -1
  263. package/dist/admin/src/services/apiTokens.d.ts +1 -1
  264. package/dist/admin/src/services/auth.d.ts +21 -12
  265. package/dist/admin/src/services/contentApi.d.ts +1 -1
  266. package/dist/admin/src/services/contentManager.d.ts +1 -1
  267. package/dist/admin/src/services/homepage.d.ts +3 -3
  268. package/dist/admin/src/services/transferTokens.d.ts +1 -1
  269. package/dist/admin/src/services/users.d.ts +8 -8
  270. package/dist/admin/src/services/webhooks.d.ts +2 -2
  271. package/dist/admin/src/utils/resizeHandlers.d.ts +58 -0
  272. package/dist/admin/src/utils/widgetLayout.d.ts +78 -0
  273. package/dist/admin/tests/utils.d.ts +1 -1
  274. package/dist/ee/admin/src/services/ai.d.ts +2 -2
  275. package/dist/ee/admin/src/services/auditLogs.d.ts +1 -1
  276. package/dist/ee/server/src/controllers/authentication-utils/middlewares.d.ts.map +1 -1
  277. package/dist/server/ee/server/src/controllers/authentication-utils/middlewares.js +4 -2
  278. package/dist/server/ee/server/src/controllers/authentication-utils/middlewares.js.map +1 -1
  279. package/dist/server/ee/server/src/controllers/authentication-utils/middlewares.mjs +4 -2
  280. package/dist/server/ee/server/src/controllers/authentication-utils/middlewares.mjs.map +1 -1
  281. package/dist/server/server/src/bootstrap.js +5 -0
  282. package/dist/server/server/src/bootstrap.js.map +1 -1
  283. package/dist/server/server/src/bootstrap.mjs +5 -0
  284. package/dist/server/server/src/bootstrap.mjs.map +1 -1
  285. package/dist/server/server/src/controllers/authenticated-user.js +15 -0
  286. package/dist/server/server/src/controllers/authenticated-user.js.map +1 -1
  287. package/dist/server/server/src/controllers/authenticated-user.mjs +15 -0
  288. package/dist/server/server/src/controllers/authenticated-user.mjs.map +1 -1
  289. package/dist/server/server/src/routes/users.js +10 -0
  290. package/dist/server/server/src/routes/users.js.map +1 -1
  291. package/dist/server/server/src/routes/users.mjs +10 -0
  292. package/dist/server/server/src/routes/users.mjs.map +1 -1
  293. package/dist/server/server/src/services/user.js +113 -1
  294. package/dist/server/server/src/services/user.js.map +1 -1
  295. package/dist/server/server/src/services/user.mjs +113 -1
  296. package/dist/server/server/src/services/user.mjs.map +1 -1
  297. package/dist/server/shared/utils/session-auth.js +4 -2
  298. package/dist/server/shared/utils/session-auth.js.map +1 -1
  299. package/dist/server/shared/utils/session-auth.mjs +4 -2
  300. package/dist/server/shared/utils/session-auth.mjs.map +1 -1
  301. package/dist/server/src/bootstrap.d.ts.map +1 -1
  302. package/dist/server/src/controllers/authenticated-user.d.ts +1 -0
  303. package/dist/server/src/controllers/authenticated-user.d.ts.map +1 -1
  304. package/dist/server/src/controllers/index.d.ts +1 -0
  305. package/dist/server/src/controllers/index.d.ts.map +1 -1
  306. package/dist/server/src/index.d.ts +5 -0
  307. package/dist/server/src/index.d.ts.map +1 -1
  308. package/dist/server/src/routes/users.d.ts.map +1 -1
  309. package/dist/server/src/services/index.d.ts +4 -0
  310. package/dist/server/src/services/index.d.ts.map +1 -1
  311. package/dist/server/src/services/user.d.ts +4 -0
  312. package/dist/server/src/services/user.d.ts.map +1 -1
  313. package/dist/shared/contracts/homepage.d.ts +8 -4
  314. package/dist/shared/contracts/homepage.d.ts.map +1 -1
  315. package/dist/shared/contracts/users.d.ts +16 -0
  316. package/dist/shared/contracts/users.d.ts.map +1 -1
  317. package/dist/shared/utils/session-auth.d.ts.map +1 -1
  318. package/package.json +7 -7
package/dist/server/ee/server/src/controllers/authentication-utils/middlewares.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"middlewares.mjs","sources":["../../../../../../../ee/server/src/controllers/authentication-utils/middlewares.ts"],"sourcesContent":["import type { Core } from '@strapi/types';\nimport passport from 'koa-passport';\nimport { getService } from '../../utils';\nimport utils from './utils';\nimport {\n REFRESH_COOKIE_NAME,\n buildCookieOptionsWithExpiry,\n getSessionManager,\n generateDeviceId,\n} from '../../../../../shared/utils/session-auth';\n\nconst defaultConnectionError = () => new Error('Invalid connection payload');\n\nexport const authenticate: Core.MiddlewareHandler = async (ctx, next) => {\n const {\n params: { provider },\n } = ctx;\n const redirectUrls = utils.getPrefixedRedirectUrls();\n\n // @ts-expect-error - can not use null to authenticate\n return passport.authenticate(provider, null, async (error, profile) => {\n if (error || !profile || !profile.email) {\n if (error) {\n strapi.log.error(error);\n }\n\n strapi.eventHub.emit('admin.auth.error', {\n error: error || defaultConnectionError(),\n provider,\n });\n\n return ctx.redirect(redirectUrls.error);\n }\n\n const user = await getService('user').findOneByEmail(profile.email);\n const scenario = user ? existingUserScenario : nonExistingUserScenario;\n\n return scenario(ctx, next)(user || profile, provider);\n })(ctx, next);\n};\n\nconst existingUserScenario: Core.MiddlewareHandler =\n (ctx, next) => async (user: any, provider: any) => {\n const redirectUrls = utils.getPrefixedRedirectUrls();\n\n if (!user.isActive) {\n strapi.eventHub.emit('admin.auth.error', {\n error: new Error(`Deactivated user tried to login (${user.id})`),\n provider,\n });\n return ctx.redirect(redirectUrls.error);\n }\n\n ctx.state.user = user;\n return next();\n };\n\nconst nonExistingUserScenario: Core.MiddlewareHandler =\n (ctx, next) => async (profile: any, provider: any) => {\n const { email, firstname, lastname, username } = profile;\n const redirectUrls = utils.getPrefixedRedirectUrls();\n const adminStore = await utils.getAdminStore();\n const { providers } = (await adminStore.get({ key: 'auth' })) as any;\n\n // We need at least the username or the firstname/lastname combination to register a new user\n const isMissingRegisterFields = !username && (!firstname || !lastname);\n\n if (!providers.autoRegister || !providers.defaultRole || isMissingRegisterFields) {\n strapi.eventHub.emit('admin.auth.error', { error: defaultConnectionError(), provider });\n return ctx.redirect(redirectUrls.error);\n }\n\n const defaultRole = await getService('role').findOne({ id: providers.defaultRole });\n\n // If the default role has been misconfigured, redirect with an error\n if (!defaultRole) {\n strapi.eventHub.emit('admin.auth.error', { error: defaultConnectionError(), provider });\n return ctx.redirect(redirectUrls.error);\n }\n\n // Register a new user with the information given by the provider and login with it\n ctx.state.user = await getService('user').create({\n email,\n username,\n firstname,\n lastname,\n roles: [defaultRole.id],\n isActive: true,\n registrationToken: null,\n });\n\n strapi.eventHub.emit('admin.auth.autoRegistration', {\n user: ctx.state.user,\n provider,\n });\n\n return next();\n };\n\nexport const redirectWithAuth: Core.MiddlewareHandler = async (ctx) => {\n const {\n params: { provider },\n } = ctx;\n const redirectUrls = utils.getPrefixedRedirectUrls();\n const { user } = ctx.state;\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n strapi.log.error('SessionManager not available for SSO authentication');\n return ctx.redirect(redirectUrls.error);\n }\n\n const userId = String(user.id);\n const deviceId = generateDeviceId();\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, {\n type: 'refresh',\n });\n\n const cookieOptions = buildCookieOptionsWithExpiry('refresh', absoluteExpiresAt);\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n strapi.log.error('Failed to generate access token for SSO user');\n return ctx.redirect(redirectUrls.error);\n }\n\n const { token: accessToken } = accessResult;\n\n const isProduction = strapi.config.get('environment') === 'production';\n const domain: string | undefined = strapi.config.get('admin.auth.domain');\n ctx.cookies.set('jwtToken', accessToken, {\n httpOnly: false,\n secure: isProduction,\n overwrite: true,\n domain,\n });\n\n const sanitizedUser = getService('user').sanitizeUser(user);\n strapi.eventHub.emit('admin.auth.success', { user: sanitizedUser, provider });\n\n ctx.redirect(redirectUrls.success);\n } catch (error) {\n strapi.log.error('SSO authentication failed during token generation', error);\n strapi.eventHub.emit('admin.auth.error', {\n error: error instanceof Error ? error : new Error('Unknown SSO error'),\n provider,\n });\n return ctx.redirect(redirectUrls.error);\n }\n};\n\nexport default {\n authenticate,\n redirectWithAuth,\n};\n"],"names":["defaultConnectionError","Error","authenticate","ctx","next","params","provider","redirectUrls","utils","getPrefixedRedirectUrls","passport","error","profile","email","strapi","log","eventHub","emit","redirect","user","getService","findOneByEmail","scenario","existingUserScenario","nonExistingUserScenario","isActive","id","state","firstname","lastname","username","adminStore","getAdminStore","providers","get","key","isMissingRegisterFields","autoRegister","defaultRole","findOne","create","roles","registrationToken","redirectWithAuth","sessionManager","getSessionManager","userId","String","deviceId","generateDeviceId","token","refreshToken","absoluteExpiresAt","generateRefreshToken","type","cookieOptions","buildCookieOptionsWithExpiry","cookies","set","REFRESH_COOKIE_NAME","accessResult","generateAccessToken","accessToken","isProduction","config","domain","httpOnly","secure","overwrite","sanitizedUser","sanitizeUser","success"],"mappings":";;;;;AAWA,MAAMA,sBAAAA,GAAyB,IAAM,IAAIC,KAAM,CAAA,4BAAA,CAAA;AAExC,MAAMC,YAAuC,GAAA,OAAOC,GAAKC,EAAAA,IAAAA,GAAAA;AAC9D,IAAA,MAAM,EACJC,MAAQ,EAAA,EAAEC,QAAQ,EAAE,EACrB,GAAGH,GAAAA;IACJ,MAAMI,YAAAA,GAAeC,MAAMC,uBAAuB,EAAA;;AAGlD,IAAA,OAAOC,SAASR,YAAY,CAACI,QAAU,EAAA,IAAA,EAAM,OAAOK,KAAOC,EAAAA,OAAAA,GAAAA;AACzD,QAAA,IAAID,SAAS,CAACC,OAAAA,IAAW,CAACA,OAAAA,CAAQC,KAAK,EAAE;AACvC,YAAA,IAAIF,KAAO,EAAA;gBACTG,MAAOC,CAAAA,GAAG,CAACJ,KAAK,CAACA,KAAAA,CAAAA;AACnB;AAEAG,YAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;AACvCN,gBAAAA,KAAAA,EAAOA,KAASX,IAAAA,sBAAAA,EAAAA;AAChBM,gBAAAA;AACF,aAAA,CAAA;AAEA,YAAA,OAAOH,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;AAEA,QAAA,MAAMQ,OAAO,MAAMC,UAAAA,CAAW,QAAQC,cAAc,CAACT,QAAQC,KAAK,CAAA;QAClE,MAAMS,QAAAA,GAAWH,OAAOI,oBAAuBC,GAAAA,uBAAAA;AAE/C,QAAA,OAAOF,QAASnB,CAAAA,GAAAA,EAAKC,IAAMe,CAAAA,CAAAA,IAAAA,IAAQP,OAASN,EAAAA,QAAAA,CAAAA;AAC9C,KAAA,CAAA,CAAGH,GAAKC,EAAAA,IAAAA,CAAAA;AACV;AAEA,MAAMmB,oBACJ,GAAA,CAACpB,GAAKC,EAAAA,IAAAA,GAAS,OAAOe,IAAWb,EAAAA,QAAAA,GAAAA;QAC/B,MAAMC,YAAAA,GAAeC,MAAMC,uBAAuB,EAAA;QAElD,IAAI,CAACU,IAAKM,CAAAA,QAAQ,EAAE;AAClBX,YAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;gBACvCN,KAAO,EAAA,IAAIV,MAAM,CAAC,iCAAiC,EAAEkB,IAAKO,CAAAA,EAAE,CAAC,CAAC,CAAC,CAAA;AAC/DpB,gBAAAA;AACF,aAAA,CAAA;AACA,YAAA,OAAOH,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;QAEAR,GAAIwB,CAAAA,KAAK,CAACR,IAAI,GAAGA,IAAAA;QACjB,OAAOf,IAAAA,EAAAA;AACT,KAAA;AAEF,MAAMoB,uBACJ,GAAA,CAACrB,GAAKC,EAAAA,IAAAA,GAAS,OAAOQ,OAAcN,EAAAA,QAAAA,GAAAA;QAClC,MAAM,EAAEO,KAAK,EAAEe,SAAS,EAAEC,QAAQ,EAAEC,QAAQ,EAAE,GAAGlB,OAAAA;QACjD,MAAML,YAAAA,GAAeC,MAAMC,uBAAuB,EAAA;QAClD,MAAMsB,UAAAA,GAAa,MAAMvB,KAAAA,CAAMwB,aAAa,EAAA;AAC5C,QAAA,MAAM,EAAEC,SAAS,EAAE,GAAI,MAAMF,UAAAA,CAAWG,GAAG,CAAC;YAAEC,GAAK,EAAA;AAAO,SAAA,CAAA;;AAG1D,QAAA,MAAMC,0BAA0B,CAACN,QAAAA,KAAa,CAACF,SAAAA,IAAa,CAACC,QAAO,CAAA;QAEpE,IAAI,CAACI,UAAUI,YAAY,IAAI,CAACJ,SAAUK,CAAAA,WAAW,IAAIF,uBAAyB,EAAA;AAChFtB,YAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;gBAAEN,KAAOX,EAAAA,sBAAAA,EAAAA;AAA0BM,gBAAAA;AAAS,aAAA,CAAA;AACrF,YAAA,OAAOH,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;AAEA,QAAA,MAAM2B,WAAc,GAAA,MAAMlB,UAAW,CAAA,MAAA,CAAA,CAAQmB,OAAO,CAAC;AAAEb,YAAAA,EAAAA,EAAIO,UAAUK;AAAY,SAAA,CAAA;;AAGjF,QAAA,IAAI,CAACA,WAAa,EAAA;AAChBxB,YAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;gBAAEN,KAAOX,EAAAA,sBAAAA,EAAAA;AAA0BM,gBAAAA;AAAS,aAAA,CAAA;AACrF,YAAA,OAAOH,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;;QAGAR,GAAIwB,CAAAA,KAAK,CAACR,IAAI,GAAG,MAAMC,UAAW,CAAA,MAAA,CAAA,CAAQoB,MAAM,CAAC;AAC/C3B,YAAAA,KAAAA;AACAiB,YAAAA,QAAAA;AACAF,YAAAA,SAAAA;AACAC,YAAAA,QAAAA;YACAY,KAAO,EAAA;AAACH,gBAAAA,WAAAA,CAAYZ;AAAG,aAAA;YACvBD,QAAU,EAAA,IAAA;YACViB,iBAAmB,EAAA;AACrB,SAAA,CAAA;AAEA5B,QAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,6BAA+B,EAAA;YAClDE,IAAMhB,EAAAA,GAAAA,CAAIwB,KAAK,CAACR,IAAI;AACpBb,YAAAA;AACF,SAAA,CAAA;QAEA,OAAOF,IAAAA,EAAAA;AACT,KAAA;AAEK,MAAMuC,mBAA2C,OAAOxC,GAAAA,GAAAA;AAC7D,IAAA,MAAM,EACJE,MAAQ,EAAA,EAAEC,QAAQ,EAAE,EACrB,GAAGH,GAAAA;IACJ,MAAMI,YAAAA,GAAeC,MAAMC,uBAAuB,EAAA;AAClD,IAAA,MAAM,EAAEU,IAAI,EAAE,GAAGhB,IAAIwB,KAAK;IAE1B,IAAI;AACF,QAAA,MAAMiB,cAAiBC,GAAAA,iBAAAA,EAAAA;AACvB,QAAA,IAAI,CAACD,cAAgB,EAAA;YACnB9B,MAAOC,CAAAA,GAAG,CAACJ,KAAK,CAAC,qDAAA,CAAA;AACjB,YAAA,OAAOR,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;QAEA,MAAMmC,MAAAA,GAASC,MAAO5B,CAAAA,IAAAA,CAAKO,EAAE,CAAA;AAC7B,QAAA,MAAMsB,QAAWC,GAAAA,gBAAAA,EAAAA;AAEjB,QAAA,MAAM,EAAEC,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMR,cACvD,CAAA,OAAA,CAAA,CACAS,oBAAoB,CAACP,QAAQE,QAAU,EAAA;YACvCM,IAAM,EAAA;AACR,SAAA,CAAA;QAEA,MAAMC,aAAAA,GAAgBC,6BAA6B,SAAWJ,EAAAA,iBAAAA,CAAAA;AAC9DjD,QAAAA,GAAAA,CAAIsD,OAAO,CAACC,GAAG,CAACC,qBAAqBR,YAAcI,EAAAA,aAAAA,CAAAA;AAEnD,QAAA,MAAMK,YAAe,GAAA,MAAMhB,cAAe,CAAA,OAAA,CAAA,CAASiB,mBAAmB,CAACV,YAAAA,CAAAA;AACvE,QAAA,IAAI,WAAWS,YAAc,EAAA;YAC3B9C,MAAOC,CAAAA,GAAG,CAACJ,KAAK,CAAC,8CAAA,CAAA;AACjB,YAAA,OAAOR,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;AAEA,QAAA,MAAM,EAAEuC,KAAAA,EAAOY,WAAW,EAAE,GAAGF,YAAAA;AAE/B,QAAA,MAAMG,eAAejD,MAAOkD,CAAAA,MAAM,CAAC9B,GAAG,CAAC,aAAmB,CAAA,KAAA,YAAA;AAC1D,QAAA,MAAM+B,MAA6BnD,GAAAA,MAAAA,CAAOkD,MAAM,CAAC9B,GAAG,CAAC,mBAAA,CAAA;AACrD/B,QAAAA,GAAAA,CAAIsD,OAAO,CAACC,GAAG,CAAC,YAAYI,WAAa,EAAA;YACvCI,QAAU,EAAA,KAAA;YACVC,MAAQJ,EAAAA,YAAAA;YACRK,SAAW,EAAA,IAAA;AACXH,YAAAA;AACF,SAAA,CAAA;AAEA,QAAA,MAAMI,aAAgBjD,GAAAA,UAAAA,CAAW,MAAQkD,CAAAA,CAAAA,YAAY,CAACnD,IAAAA,CAAAA;AACtDL,QAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,oBAAsB,EAAA;YAAEE,IAAMkD,EAAAA,aAAAA;AAAe/D,YAAAA;AAAS,SAAA,CAAA;QAE3EH,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAagE,OAAO,CAAA;AACnC,KAAA,CAAE,OAAO5D,KAAO,EAAA;AACdG,QAAAA,MAAAA,CAAOC,GAAG,CAACJ,KAAK,CAAC,mDAAqDA,EAAAA,KAAAA,CAAAA;AACtEG,QAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;AACvCN,YAAAA,KAAAA,EAAOA,KAAiBV,YAAAA,KAAAA,GAAQU,KAAQ,GAAA,IAAIV,KAAM,CAAA,mBAAA,CAAA;AAClDK,YAAAA;AACF,SAAA,CAAA;AACA,QAAA,OAAOH,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;AACF;AAEA,kBAAe;AACbT,IAAAA,YAAAA;AACAyC,IAAAA;AACF,CAAE;;;;"}
1
+ {"version":3,"file":"middlewares.mjs","sources":["../../../../../../../ee/server/src/controllers/authentication-utils/middlewares.ts"],"sourcesContent":["import type { Core } from '@strapi/types';\nimport passport from 'koa-passport';\nimport { getService } from '../../utils';\nimport utils from './utils';\nimport {\n REFRESH_COOKIE_NAME,\n buildCookieOptionsWithExpiry,\n getSessionManager,\n generateDeviceId,\n} from '../../../../../shared/utils/session-auth';\n\nconst defaultConnectionError = () => new Error('Invalid connection payload');\n\nexport const authenticate: Core.MiddlewareHandler = async (ctx, next) => {\n const {\n params: { provider },\n } = ctx;\n const redirectUrls = utils.getPrefixedRedirectUrls();\n\n // @ts-expect-error - can not use null to authenticate\n return passport.authenticate(provider, null, async (error, profile) => {\n if (error || !profile || !profile.email) {\n if (error) {\n strapi.log.error(error);\n }\n\n strapi.eventHub.emit('admin.auth.error', {\n error: error || defaultConnectionError(),\n provider,\n });\n\n return ctx.redirect(redirectUrls.error);\n }\n\n const user = await getService('user').findOneByEmail(profile.email);\n const scenario = user ? existingUserScenario : nonExistingUserScenario;\n\n return scenario(ctx, next)(user || profile, provider);\n })(ctx, next);\n};\n\nconst existingUserScenario: Core.MiddlewareHandler =\n (ctx, next) => async (user: any, provider: any) => {\n const redirectUrls = utils.getPrefixedRedirectUrls();\n\n if (!user.isActive) {\n strapi.eventHub.emit('admin.auth.error', {\n error: new Error(`Deactivated user tried to login (${user.id})`),\n provider,\n });\n return ctx.redirect(redirectUrls.error);\n }\n\n ctx.state.user = user;\n return next();\n };\n\nconst nonExistingUserScenario: Core.MiddlewareHandler =\n (ctx, next) => async (profile: any, provider: any) => {\n const { email, firstname, lastname, username } = profile;\n const redirectUrls = utils.getPrefixedRedirectUrls();\n const adminStore = await utils.getAdminStore();\n const { providers } = (await adminStore.get({ key: 'auth' })) as any;\n\n // We need at least the username or the firstname/lastname combination to register a new user\n const isMissingRegisterFields = !username && (!firstname || !lastname);\n\n if (!providers.autoRegister || !providers.defaultRole || isMissingRegisterFields) {\n strapi.eventHub.emit('admin.auth.error', { error: defaultConnectionError(), provider });\n return ctx.redirect(redirectUrls.error);\n }\n\n const defaultRole = await getService('role').findOne({ id: providers.defaultRole });\n\n // If the default role has been misconfigured, redirect with an error\n if (!defaultRole) {\n strapi.eventHub.emit('admin.auth.error', { error: defaultConnectionError(), provider });\n return ctx.redirect(redirectUrls.error);\n }\n\n // Register a new user with the information given by the provider and login with it\n ctx.state.user = await getService('user').create({\n email,\n username,\n firstname,\n lastname,\n roles: [defaultRole.id],\n isActive: true,\n registrationToken: null,\n });\n\n strapi.eventHub.emit('admin.auth.autoRegistration', {\n user: ctx.state.user,\n provider,\n });\n\n return next();\n };\n\nexport const redirectWithAuth: Core.MiddlewareHandler = async (ctx) => {\n const {\n params: { provider },\n } = ctx;\n const redirectUrls = utils.getPrefixedRedirectUrls();\n const { user } = ctx.state;\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n strapi.log.error('SessionManager not available for SSO authentication');\n return ctx.redirect(redirectUrls.error);\n }\n\n const userId = String(user.id);\n const deviceId = generateDeviceId();\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, {\n type: 'refresh',\n });\n\n const cookieOptions = buildCookieOptionsWithExpiry('refresh', absoluteExpiresAt);\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n strapi.log.error('Failed to generate access token for SSO user');\n return ctx.redirect(redirectUrls.error);\n }\n\n const { token: accessToken } = accessResult;\n\n const configuredSecure = strapi.config.get('admin.auth.cookie.secure');\n const isProduction = process.env.NODE_ENV === 'production';\n const isSecure = typeof configuredSecure === 'boolean' ? configuredSecure : isProduction;\n\n const domain: string | undefined = strapi.config.get('admin.auth.domain');\n ctx.cookies.set('jwtToken', accessToken, {\n httpOnly: false,\n secure: isSecure,\n overwrite: true,\n domain,\n });\n\n const sanitizedUser = getService('user').sanitizeUser(user);\n strapi.eventHub.emit('admin.auth.success', { user: sanitizedUser, provider });\n\n ctx.redirect(redirectUrls.success);\n } catch (error) {\n strapi.log.error('SSO authentication failed during token generation', error);\n strapi.eventHub.emit('admin.auth.error', {\n error: error instanceof Error ? error : new Error('Unknown SSO error'),\n provider,\n });\n return ctx.redirect(redirectUrls.error);\n }\n};\n\nexport default {\n authenticate,\n redirectWithAuth,\n};\n"],"names":["defaultConnectionError","Error","authenticate","ctx","next","params","provider","redirectUrls","utils","getPrefixedRedirectUrls","passport","error","profile","email","strapi","log","eventHub","emit","redirect","user","getService","findOneByEmail","scenario","existingUserScenario","nonExistingUserScenario","isActive","id","state","firstname","lastname","username","adminStore","getAdminStore","providers","get","key","isMissingRegisterFields","autoRegister","defaultRole","findOne","create","roles","registrationToken","redirectWithAuth","sessionManager","getSessionManager","userId","String","deviceId","generateDeviceId","token","refreshToken","absoluteExpiresAt","generateRefreshToken","type","cookieOptions","buildCookieOptionsWithExpiry","cookies","set","REFRESH_COOKIE_NAME","accessResult","generateAccessToken","accessToken","configuredSecure","config","isProduction","process","env","NODE_ENV","isSecure","domain","httpOnly","secure","overwrite","sanitizedUser","sanitizeUser","success"],"mappings":";;;;;AAWA,MAAMA,sBAAAA,GAAyB,IAAM,IAAIC,KAAM,CAAA,4BAAA,CAAA;AAExC,MAAMC,YAAuC,GAAA,OAAOC,GAAKC,EAAAA,IAAAA,GAAAA;AAC9D,IAAA,MAAM,EACJC,MAAQ,EAAA,EAAEC,QAAQ,EAAE,EACrB,GAAGH,GAAAA;IACJ,MAAMI,YAAAA,GAAeC,MAAMC,uBAAuB,EAAA;;AAGlD,IAAA,OAAOC,SAASR,YAAY,CAACI,QAAU,EAAA,IAAA,EAAM,OAAOK,KAAOC,EAAAA,OAAAA,GAAAA;AACzD,QAAA,IAAID,SAAS,CAACC,OAAAA,IAAW,CAACA,OAAAA,CAAQC,KAAK,EAAE;AACvC,YAAA,IAAIF,KAAO,EAAA;gBACTG,MAAOC,CAAAA,GAAG,CAACJ,KAAK,CAACA,KAAAA,CAAAA;AACnB;AAEAG,YAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;AACvCN,gBAAAA,KAAAA,EAAOA,KAASX,IAAAA,sBAAAA,EAAAA;AAChBM,gBAAAA;AACF,aAAA,CAAA;AAEA,YAAA,OAAOH,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;AAEA,QAAA,MAAMQ,OAAO,MAAMC,UAAAA,CAAW,QAAQC,cAAc,CAACT,QAAQC,KAAK,CAAA;QAClE,MAAMS,QAAAA,GAAWH,OAAOI,oBAAuBC,GAAAA,uBAAAA;AAE/C,QAAA,OAAOF,QAASnB,CAAAA,GAAAA,EAAKC,IAAMe,CAAAA,CAAAA,IAAAA,IAAQP,OAASN,EAAAA,QAAAA,CAAAA;AAC9C,KAAA,CAAA,CAAGH,GAAKC,EAAAA,IAAAA,CAAAA;AACV;AAEA,MAAMmB,oBACJ,GAAA,CAACpB,GAAKC,EAAAA,IAAAA,GAAS,OAAOe,IAAWb,EAAAA,QAAAA,GAAAA;QAC/B,MAAMC,YAAAA,GAAeC,MAAMC,uBAAuB,EAAA;QAElD,IAAI,CAACU,IAAKM,CAAAA,QAAQ,EAAE;AAClBX,YAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;gBACvCN,KAAO,EAAA,IAAIV,MAAM,CAAC,iCAAiC,EAAEkB,IAAKO,CAAAA,EAAE,CAAC,CAAC,CAAC,CAAA;AAC/DpB,gBAAAA;AACF,aAAA,CAAA;AACA,YAAA,OAAOH,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;QAEAR,GAAIwB,CAAAA,KAAK,CAACR,IAAI,GAAGA,IAAAA;QACjB,OAAOf,IAAAA,EAAAA;AACT,KAAA;AAEF,MAAMoB,uBACJ,GAAA,CAACrB,GAAKC,EAAAA,IAAAA,GAAS,OAAOQ,OAAcN,EAAAA,QAAAA,GAAAA;QAClC,MAAM,EAAEO,KAAK,EAAEe,SAAS,EAAEC,QAAQ,EAAEC,QAAQ,EAAE,GAAGlB,OAAAA;QACjD,MAAML,YAAAA,GAAeC,MAAMC,uBAAuB,EAAA;QAClD,MAAMsB,UAAAA,GAAa,MAAMvB,KAAAA,CAAMwB,aAAa,EAAA;AAC5C,QAAA,MAAM,EAAEC,SAAS,EAAE,GAAI,MAAMF,UAAAA,CAAWG,GAAG,CAAC;YAAEC,GAAK,EAAA;AAAO,SAAA,CAAA;;AAG1D,QAAA,MAAMC,0BAA0B,CAACN,QAAAA,KAAa,CAACF,SAAAA,IAAa,CAACC,QAAO,CAAA;QAEpE,IAAI,CAACI,UAAUI,YAAY,IAAI,CAACJ,SAAUK,CAAAA,WAAW,IAAIF,uBAAyB,EAAA;AAChFtB,YAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;gBAAEN,KAAOX,EAAAA,sBAAAA,EAAAA;AAA0BM,gBAAAA;AAAS,aAAA,CAAA;AACrF,YAAA,OAAOH,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;AAEA,QAAA,MAAM2B,WAAc,GAAA,MAAMlB,UAAW,CAAA,MAAA,CAAA,CAAQmB,OAAO,CAAC;AAAEb,YAAAA,EAAAA,EAAIO,UAAUK;AAAY,SAAA,CAAA;;AAGjF,QAAA,IAAI,CAACA,WAAa,EAAA;AAChBxB,YAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;gBAAEN,KAAOX,EAAAA,sBAAAA,EAAAA;AAA0BM,gBAAAA;AAAS,aAAA,CAAA;AACrF,YAAA,OAAOH,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;;QAGAR,GAAIwB,CAAAA,KAAK,CAACR,IAAI,GAAG,MAAMC,UAAW,CAAA,MAAA,CAAA,CAAQoB,MAAM,CAAC;AAC/C3B,YAAAA,KAAAA;AACAiB,YAAAA,QAAAA;AACAF,YAAAA,SAAAA;AACAC,YAAAA,QAAAA;YACAY,KAAO,EAAA;AAACH,gBAAAA,WAAAA,CAAYZ;AAAG,aAAA;YACvBD,QAAU,EAAA,IAAA;YACViB,iBAAmB,EAAA;AACrB,SAAA,CAAA;AAEA5B,QAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,6BAA+B,EAAA;YAClDE,IAAMhB,EAAAA,GAAAA,CAAIwB,KAAK,CAACR,IAAI;AACpBb,YAAAA;AACF,SAAA,CAAA;QAEA,OAAOF,IAAAA,EAAAA;AACT,KAAA;AAEK,MAAMuC,mBAA2C,OAAOxC,GAAAA,GAAAA;AAC7D,IAAA,MAAM,EACJE,MAAQ,EAAA,EAAEC,QAAQ,EAAE,EACrB,GAAGH,GAAAA;IACJ,MAAMI,YAAAA,GAAeC,MAAMC,uBAAuB,EAAA;AAClD,IAAA,MAAM,EAAEU,IAAI,EAAE,GAAGhB,IAAIwB,KAAK;IAE1B,IAAI;AACF,QAAA,MAAMiB,cAAiBC,GAAAA,iBAAAA,EAAAA;AACvB,QAAA,IAAI,CAACD,cAAgB,EAAA;YACnB9B,MAAOC,CAAAA,GAAG,CAACJ,KAAK,CAAC,qDAAA,CAAA;AACjB,YAAA,OAAOR,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;QAEA,MAAMmC,MAAAA,GAASC,MAAO5B,CAAAA,IAAAA,CAAKO,EAAE,CAAA;AAC7B,QAAA,MAAMsB,QAAWC,GAAAA,gBAAAA,EAAAA;AAEjB,QAAA,MAAM,EAAEC,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMR,cACvD,CAAA,OAAA,CAAA,CACAS,oBAAoB,CAACP,QAAQE,QAAU,EAAA;YACvCM,IAAM,EAAA;AACR,SAAA,CAAA;QAEA,MAAMC,aAAAA,GAAgBC,6BAA6B,SAAWJ,EAAAA,iBAAAA,CAAAA;AAC9DjD,QAAAA,GAAAA,CAAIsD,OAAO,CAACC,GAAG,CAACC,qBAAqBR,YAAcI,EAAAA,aAAAA,CAAAA;AAEnD,QAAA,MAAMK,YAAe,GAAA,MAAMhB,cAAe,CAAA,OAAA,CAAA,CAASiB,mBAAmB,CAACV,YAAAA,CAAAA;AACvE,QAAA,IAAI,WAAWS,YAAc,EAAA;YAC3B9C,MAAOC,CAAAA,GAAG,CAACJ,KAAK,CAAC,8CAAA,CAAA;AACjB,YAAA,OAAOR,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;AAEA,QAAA,MAAM,EAAEuC,KAAAA,EAAOY,WAAW,EAAE,GAAGF,YAAAA;AAE/B,QAAA,MAAMG,gBAAmBjD,GAAAA,MAAAA,CAAOkD,MAAM,CAAC9B,GAAG,CAAC,0BAAA,CAAA;AAC3C,QAAA,MAAM+B,YAAeC,GAAAA,OAAAA,CAAQC,GAAG,CAACC,QAAQ,KAAK,YAAA;AAC9C,QAAA,MAAMC,QAAW,GAAA,OAAON,gBAAqB,KAAA,SAAA,GAAYA,gBAAmBE,GAAAA,YAAAA;AAE5E,QAAA,MAAMK,MAA6BxD,GAAAA,MAAAA,CAAOkD,MAAM,CAAC9B,GAAG,CAAC,mBAAA,CAAA;AACrD/B,QAAAA,GAAAA,CAAIsD,OAAO,CAACC,GAAG,CAAC,YAAYI,WAAa,EAAA;YACvCS,QAAU,EAAA,KAAA;YACVC,MAAQH,EAAAA,QAAAA;YACRI,SAAW,EAAA,IAAA;AACXH,YAAAA;AACF,SAAA,CAAA;AAEA,QAAA,MAAMI,aAAgBtD,GAAAA,UAAAA,CAAW,MAAQuD,CAAAA,CAAAA,YAAY,CAACxD,IAAAA,CAAAA;AACtDL,QAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,oBAAsB,EAAA;YAAEE,IAAMuD,EAAAA,aAAAA;AAAepE,YAAAA;AAAS,SAAA,CAAA;QAE3EH,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaqE,OAAO,CAAA;AACnC,KAAA,CAAE,OAAOjE,KAAO,EAAA;AACdG,QAAAA,MAAAA,CAAOC,GAAG,CAACJ,KAAK,CAAC,mDAAqDA,EAAAA,KAAAA,CAAAA;AACtEG,QAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;AACvCN,YAAAA,KAAAA,EAAOA,KAAiBV,YAAAA,KAAAA,GAAQU,KAAQ,GAAA,IAAIV,KAAM,CAAA,mBAAA,CAAA;AAClDK,YAAAA;AACF,SAAA,CAAA;AACA,QAAA,OAAOH,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;AACF;AAEA,kBAAe;AACbT,IAAAA,YAAAA;AACAyC,IAAAA;AACF,CAAE;;;;"}
package/dist/server/server/src/bootstrap.js CHANGED
@@ -115,6 +115,11 @@ var bootstrap = (async ({ strapi: strapi1 })=>{
115
115
  // Pass through all JWT options (includes privateKey, publicKey, and any other options)
116
116
  jwtOptions: options
117
117
  });
118
+ const isProduction = process.env.NODE_ENV === 'production';
119
+ const adminCookieSecure = strapi1.config.get('admin.auth.cookie.secure');
120
+ if (isProduction && adminCookieSecure === false) {
121
+ strapi1.log.warn('Server is in production mode, but admin.auth.cookie.secure has been set to false. This is not recommended and will allow cookies to be sent over insecure connections.');
122
+ }
118
123
  await registerAdminConditions();
119
124
  await registerPermissionActions();
120
125
  registerModelHooks();
package/dist/server/server/src/bootstrap.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"bootstrap.js","sources":["../../../../server/src/bootstrap.ts"],"sourcesContent":["import { merge, map, difference, uniq } from 'lodash/fp';\nimport type { Core } from '@strapi/types';\nimport { async } from '@strapi/utils';\nimport { getService } from './utils';\nimport { getTokenOptions, expiresInToSeconds } from './services/token';\nimport adminActions from './config/admin-actions';\nimport adminConditions from './config/admin-conditions';\nimport constants from './services/constants';\nimport {\n DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN,\n DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN,\n DEFAULT_MAX_SESSION_LIFESPAN,\n DEFAULT_IDLE_SESSION_LIFESPAN,\n} from '../../shared/utils/session-auth';\n\nconst defaultAdminAuthSettings = {\n providers: {\n autoRegister: false,\n defaultRole: null,\n ssoLockedRoles: null,\n },\n};\n\nconst registerPermissionActions = async () => {\n await getService('permission').actionProvider.registerMany(adminActions.actions);\n};\n\nconst registerAdminConditions = async () => {\n await getService('permission').conditionProvider.registerMany(adminConditions.conditions);\n};\n\nconst registerModelHooks = () => {\n const { sendDidChangeInterfaceLanguage } = getService('metrics');\n\n strapi.db.lifecycles.subscribe({\n models: ['admin::user'],\n afterCreate: sendDidChangeInterfaceLanguage,\n afterDelete: sendDidChangeInterfaceLanguage,\n afterUpdate({ params }) {\n if (params.data.preferedLanguage) {\n sendDidChangeInterfaceLanguage();\n }\n },\n });\n};\n\nconst syncAuthSettings = async () => {\n const adminStore = await strapi.store({ type: 'core', name: 'admin' });\n const adminAuthSettings = await adminStore.get({ key: 'auth' });\n const newAuthSettings = merge(defaultAdminAuthSettings, adminAuthSettings);\n\n const roleExists = await getService('role').exists({\n id: newAuthSettings.providers.defaultRole,\n });\n\n // Reset the default SSO role if it has been deleted manually\n if (!roleExists) {\n newAuthSettings.providers.defaultRole = null;\n }\n\n await adminStore.set({ key: 'auth', value: newAuthSettings });\n};\n\nconst syncAPITokensPermissions = async () => {\n const validPermissions = strapi.contentAPI.permissions.providers.action.keys();\n const permissionsInDB = await async.pipe(\n strapi.db.query('admin::api-token-permission').findMany,\n map('action')\n )();\n\n const unknownPermissions = uniq(difference(permissionsInDB, validPermissions));\n\n if (unknownPermissions.length > 0) {\n await strapi.db\n .query('admin::api-token-permission')\n .deleteMany({ where: { action: { $in: unknownPermissions } } });\n }\n};\n\n/**\n * Ensures the creation of default API tokens during the app creation.\n *\n * Checks the database for existing users and API tokens:\n * - If there are no users and no API tokens, it creates two default API tokens:\n * 1. A \"Read Only\" API token with permissions for accessing resources.\n * 2. A \"Full Access\" API token with permissions for accessing and modifying resources.\n *\n * @sideEffects Creates new API tokens in the database if conditions are met.\n */\n\nconst createDefaultAPITokensIfNeeded = async () => {\n const userService = getService('user');\n const apiTokenService = getService('api-token');\n\n const usersCount = await userService.count();\n const apiTokenCount = await apiTokenService.count();\n\n if (usersCount === 0 && apiTokenCount === 0) {\n for (const token of constants.DEFAULT_API_TOKENS) {\n await apiTokenService.create(token);\n }\n }\n};\n\nexport default async ({ strapi }: { strapi: Core.Strapi }) => {\n // Get the merged token options (includes defaults merged with user config)\n const { options } = getTokenOptions();\n const legacyMaxRefreshFallback =\n expiresInToSeconds(options?.expiresIn) ?? DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN;\n const legacyMaxSessionFallback =\n expiresInToSeconds(options?.expiresIn) ?? DEFAULT_MAX_SESSION_LIFESPAN;\n\n // Warn if using deprecated legacy expiresIn for new session settings\n const hasLegacyExpires = options?.expiresIn != null;\n const hasNewMaxRefresh = strapi.config.get('admin.auth.sessions.maxRefreshTokenLifespan') != null;\n const hasNewMaxSession = strapi.config.get('admin.auth.sessions.maxSessionLifespan') != null;\n\n if (hasLegacyExpires && (!hasNewMaxRefresh || !hasNewMaxSession)) {\n strapi.log.warn(\n 'admin.auth.options.expiresIn is deprecated and will be removed in Strapi 6. Please configure admin.auth.sessions.maxRefreshTokenLifespan and admin.auth.sessions.maxSessionLifespan.'\n );\n }\n\n strapi.sessionManager.defineOrigin('admin', {\n jwtSecret: strapi.config.get('admin.auth.secret'),\n accessTokenLifespan: strapi.config.get('admin.auth.sessions.accessTokenLifespan', 30 * 60),\n maxRefreshTokenLifespan: strapi.config.get(\n 'admin.auth.sessions.maxRefreshTokenLifespan',\n legacyMaxRefreshFallback\n ),\n idleRefreshTokenLifespan: strapi.config.get(\n 'admin.auth.sessions.idleRefreshTokenLifespan',\n DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN\n ),\n maxSessionLifespan: strapi.config.get(\n 'admin.auth.sessions.maxSessionLifespan',\n legacyMaxSessionFallback\n ),\n idleSessionLifespan: strapi.config.get(\n 'admin.auth.sessions.idleSessionLifespan',\n DEFAULT_IDLE_SESSION_LIFESPAN\n ),\n algorithm: options?.algorithm,\n // Pass through all JWT options (includes privateKey, publicKey, and any other options)\n jwtOptions: options,\n });\n\n await registerAdminConditions();\n await registerPermissionActions();\n registerModelHooks();\n\n const permissionService = getService('permission');\n const userService = getService('user');\n const roleService = getService('role');\n const apiTokenService = getService('api-token');\n const transferService = getService('transfer');\n const tokenService = getService('token');\n\n await roleService.createRolesIfNoneExist();\n await roleService.resetSuperAdminPermissions();\n await roleService.displayWarningIfNoSuperAdmin();\n\n await permissionService.cleanPermissionsInDatabase();\n\n await userService.displayWarningIfUsersDontHaveRole();\n\n await syncAuthSettings();\n await syncAPITokensPermissions();\n\n await getService('metrics').sendUpdateProjectInformation(strapi);\n getService('metrics').startCron(strapi);\n\n apiTokenService.checkSaltIsDefined();\n transferService.token.checkSaltIsDefined();\n tokenService.checkSecretIsDefined();\n\n await createDefaultAPITokensIfNeeded();\n};\n"],"names":["defaultAdminAuthSettings","providers","autoRegister","defaultRole","ssoLockedRoles","registerPermissionActions","getService","actionProvider","registerMany","adminActions","actions","registerAdminConditions","conditionProvider","adminConditions","conditions","registerModelHooks","sendDidChangeInterfaceLanguage","strapi","db","lifecycles","subscribe","models","afterCreate","afterDelete","afterUpdate","params","data","preferedLanguage","syncAuthSettings","adminStore","store","type","name","adminAuthSettings","get","key","newAuthSettings","merge","roleExists","exists","id","set","value","syncAPITokensPermissions","validPermissions","contentAPI","permissions","action","keys","permissionsInDB","async","pipe","query","findMany","map","unknownPermissions","uniq","difference","length","deleteMany","where","$in","createDefaultAPITokensIfNeeded","userService","apiTokenService","usersCount","count","apiTokenCount","token","constants","DEFAULT_API_TOKENS","create","options","getTokenOptions","legacyMaxRefreshFallback","expiresInToSeconds","expiresIn","DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN","legacyMaxSessionFallback","DEFAULT_MAX_SESSION_LIFESPAN","hasLegacyExpires","hasNewMaxRefresh","config","hasNewMaxSession","log","warn","sessionManager","defineOrigin","jwtSecret","accessTokenLifespan","maxRefreshTokenLifespan","idleRefreshTokenLifespan","DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN","maxSessionLifespan","idleSessionLifespan","DEFAULT_IDLE_SESSION_LIFESPAN","algorithm","jwtOptions","permissionService","roleService","transferService","tokenService","createRolesIfNoneExist","resetSuperAdminPermissions","displayWarningIfNoSuperAdmin","cleanPermissionsInDatabase","displayWarningIfUsersDontHaveRole","sendUpdateProjectInformation","startCron","checkSaltIsDefined","checkSecretIsDefined"],"mappings":";;;;;;;;;;;AAeA,MAAMA,wBAA2B,GAAA;IAC/BC,SAAW,EAAA;QACTC,YAAc,EAAA,KAAA;QACdC,WAAa,EAAA,IAAA;QACbC,cAAgB,EAAA;AAClB;AACF,CAAA;AAEA,MAAMC,yBAA4B,GAAA,UAAA;AAChC,IAAA,MAAMC,iBAAW,YAAcC,CAAAA,CAAAA,cAAc,CAACC,YAAY,CAACC,qBAAaC,OAAO,CAAA;AACjF,CAAA;AAEA,MAAMC,uBAA0B,GAAA,UAAA;AAC9B,IAAA,MAAML,iBAAW,YAAcM,CAAAA,CAAAA,iBAAiB,CAACJ,YAAY,CAACK,wBAAgBC,UAAU,CAAA;AAC1F,CAAA;AAEA,MAAMC,kBAAqB,GAAA,IAAA;AACzB,IAAA,MAAM,EAAEC,8BAA8B,EAAE,GAAGV,gBAAW,CAAA,SAAA,CAAA;AAEtDW,IAAAA,MAAAA,CAAOC,EAAE,CAACC,UAAU,CAACC,SAAS,CAAC;QAC7BC,MAAQ,EAAA;AAAC,YAAA;AAAc,SAAA;QACvBC,WAAaN,EAAAA,8BAAAA;QACbO,WAAaP,EAAAA,8BAAAA;QACbQ,WAAY,CAAA,CAAA,EAAEC,MAAM,EAAE,EAAA;AACpB,YAAA,IAAIA,MAAOC,CAAAA,IAAI,CAACC,gBAAgB,EAAE;AAChCX,gBAAAA,8BAAAA,EAAAA;AACF;AACF;AACF,KAAA,CAAA;AACF,CAAA;AAEA,MAAMY,gBAAmB,GAAA,UAAA;AACvB,IAAA,MAAMC,UAAa,GAAA,MAAMZ,MAAOa,CAAAA,KAAK,CAAC;QAAEC,IAAM,EAAA,MAAA;QAAQC,IAAM,EAAA;AAAQ,KAAA,CAAA;AACpE,IAAA,MAAMC,iBAAoB,GAAA,MAAMJ,UAAWK,CAAAA,GAAG,CAAC;QAAEC,GAAK,EAAA;AAAO,KAAA,CAAA;IAC7D,MAAMC,eAAAA,GAAkBC,SAAMrC,wBAA0BiC,EAAAA,iBAAAA,CAAAA;AAExD,IAAA,MAAMK,UAAa,GAAA,MAAMhC,gBAAW,CAAA,MAAA,CAAA,CAAQiC,MAAM,CAAC;QACjDC,EAAIJ,EAAAA,eAAAA,CAAgBnC,SAAS,CAACE;AAChC,KAAA,CAAA;;AAGA,IAAA,IAAI,CAACmC,UAAY,EAAA;QACfF,eAAgBnC,CAAAA,SAAS,CAACE,WAAW,GAAG,IAAA;AAC1C;IAEA,MAAM0B,UAAAA,CAAWY,GAAG,CAAC;QAAEN,GAAK,EAAA,MAAA;QAAQO,KAAON,EAAAA;AAAgB,KAAA,CAAA;AAC7D,CAAA;AAEA,MAAMO,wBAA2B,GAAA,UAAA;IAC/B,MAAMC,gBAAAA,GAAmB3B,MAAO4B,CAAAA,UAAU,CAACC,WAAW,CAAC7C,SAAS,CAAC8C,MAAM,CAACC,IAAI,EAAA;AAC5E,IAAA,MAAMC,eAAkB,GAAA,MAAMC,WAAMC,CAAAA,IAAI,CACtClC,MAAAA,CAAOC,EAAE,CAACkC,KAAK,CAAC,6BAA+BC,CAAAA,CAAAA,QAAQ,EACvDC,MAAI,CAAA,QAAA,CAAA,CAAA,EAAA;IAGN,MAAMC,kBAAAA,GAAqBC,OAAKC,CAAAA,aAAAA,CAAWR,eAAiBL,EAAAA,gBAAAA,CAAAA,CAAAA;IAE5D,IAAIW,kBAAAA,CAAmBG,MAAM,GAAG,CAAG,EAAA;AACjC,QAAA,MAAMzC,OAAOC,EAAE,CACZkC,KAAK,CAAC,6BAAA,CAAA,CACNO,UAAU,CAAC;YAAEC,KAAO,EAAA;gBAAEb,MAAQ,EAAA;oBAAEc,GAAKN,EAAAA;AAAmB;AAAE;AAAE,SAAA,CAAA;AACjE;AACF,CAAA;AAEA;;;;;;;;;AASC,IAED,MAAMO,8BAAiC,GAAA,UAAA;AACrC,IAAA,MAAMC,cAAczD,gBAAW,CAAA,MAAA,CAAA;AAC/B,IAAA,MAAM0D,kBAAkB1D,gBAAW,CAAA,WAAA,CAAA;IAEnC,MAAM2D,UAAAA,GAAa,MAAMF,WAAAA,CAAYG,KAAK,EAAA;IAC1C,MAAMC,aAAAA,GAAgB,MAAMH,eAAAA,CAAgBE,KAAK,EAAA;IAEjD,IAAID,UAAAA,KAAe,CAAKE,IAAAA,aAAAA,KAAkB,CAAG,EAAA;AAC3C,QAAA,KAAK,MAAMC,KAAAA,IAASC,SAAUC,CAAAA,kBAAkB,CAAE;YAChD,MAAMN,eAAAA,CAAgBO,MAAM,CAACH,KAAAA,CAAAA;AAC/B;AACF;AACF,CAAA;AAEA,gBAAe,CAAA,OAAO,EAAEnD,MAAAA,EAAAA,OAAM,EAA2B,GAAA;;IAEvD,MAAM,EAAEuD,OAAO,EAAE,GAAGC,qBAAAA,EAAAA;IACpB,MAAMC,wBAAAA,GACJC,wBAAmBH,CAAAA,OAAAA,EAASI,SAAcC,CAAAA,IAAAA,8CAAAA;IAC5C,MAAMC,wBAAAA,GACJH,wBAAmBH,CAAAA,OAAAA,EAASI,SAAcG,CAAAA,IAAAA,wCAAAA;;IAG5C,MAAMC,gBAAAA,GAAmBR,SAASI,SAAa,IAAA,IAAA;AAC/C,IAAA,MAAMK,mBAAmBhE,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CAAC,6CAAkD,CAAA,IAAA,IAAA;AAC7F,IAAA,MAAMiD,mBAAmBlE,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CAAC,wCAA6C,CAAA,IAAA,IAAA;AAExF,IAAA,IAAI8C,qBAAqB,CAACC,gBAAoB,IAAA,CAACE,gBAAe,CAAI,EAAA;QAChElE,OAAOmE,CAAAA,GAAG,CAACC,IAAI,CACb,sLAAA,CAAA;AAEJ;AAEApE,IAAAA,OAAAA,CAAOqE,cAAc,CAACC,YAAY,CAAC,OAAS,EAAA;AAC1CC,QAAAA,SAAAA,EAAWvE,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CAAC,mBAAA,CAAA;AAC7BuD,QAAAA,mBAAAA,EAAqBxE,QAAOiE,MAAM,CAAChD,GAAG,CAAC,2CAA2C,EAAK,GAAA,EAAA,CAAA;AACvFwD,QAAAA,uBAAAA,EAAyBzE,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CACxC,6CACAwC,EAAAA,wBAAAA,CAAAA;AAEFiB,QAAAA,wBAAAA,EAA0B1E,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CACzC,8CACA0D,EAAAA,+CAAAA,CAAAA;AAEFC,QAAAA,kBAAAA,EAAoB5E,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CACnC,wCACA4C,EAAAA,wBAAAA,CAAAA;AAEFgB,QAAAA,mBAAAA,EAAqB7E,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CACpC,yCACA6D,EAAAA,yCAAAA,CAAAA;AAEFC,QAAAA,SAAAA,EAAWxB,OAASwB,EAAAA,SAAAA;;QAEpBC,UAAYzB,EAAAA;AACd,KAAA,CAAA;IAEA,MAAM7D,uBAAAA,EAAAA;IACN,MAAMN,yBAAAA,EAAAA;AACNU,IAAAA,kBAAAA,EAAAA;AAEA,IAAA,MAAMmF,oBAAoB5F,gBAAW,CAAA,YAAA,CAAA;AACrC,IAAA,MAAMyD,cAAczD,gBAAW,CAAA,MAAA,CAAA;AAC/B,IAAA,MAAM6F,cAAc7F,gBAAW,CAAA,MAAA,CAAA;AAC/B,IAAA,MAAM0D,kBAAkB1D,gBAAW,CAAA,WAAA,CAAA;AACnC,IAAA,MAAM8F,kBAAkB9F,gBAAW,CAAA,UAAA,CAAA;AACnC,IAAA,MAAM+F,eAAe/F,gBAAW,CAAA,OAAA,CAAA;AAEhC,IAAA,MAAM6F,YAAYG,sBAAsB,EAAA;AACxC,IAAA,MAAMH,YAAYI,0BAA0B,EAAA;AAC5C,IAAA,MAAMJ,YAAYK,4BAA4B,EAAA;AAE9C,IAAA,MAAMN,kBAAkBO,0BAA0B,EAAA;AAElD,IAAA,MAAM1C,YAAY2C,iCAAiC,EAAA;IAEnD,MAAM9E,gBAAAA,EAAAA;IACN,MAAMe,wBAAAA,EAAAA;IAEN,MAAMrC,gBAAAA,CAAW,SAAWqG,CAAAA,CAAAA,4BAA4B,CAAC1F,OAAAA,CAAAA;IACzDX,gBAAW,CAAA,SAAA,CAAA,CAAWsG,SAAS,CAAC3F,OAAAA,CAAAA;AAEhC+C,IAAAA,eAAAA,CAAgB6C,kBAAkB,EAAA;IAClCT,eAAgBhC,CAAAA,KAAK,CAACyC,kBAAkB,EAAA;AACxCR,IAAAA,YAAAA,CAAaS,oBAAoB,EAAA;IAEjC,MAAMhD,8BAAAA,EAAAA;AACR,CAAA;;;;"}
1
+ {"version":3,"file":"bootstrap.js","sources":["../../../../server/src/bootstrap.ts"],"sourcesContent":["import { merge, map, difference, uniq } from 'lodash/fp';\nimport type { Core } from '@strapi/types';\nimport { async } from '@strapi/utils';\nimport { getService } from './utils';\nimport { getTokenOptions, expiresInToSeconds } from './services/token';\nimport adminActions from './config/admin-actions';\nimport adminConditions from './config/admin-conditions';\nimport constants from './services/constants';\nimport {\n DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN,\n DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN,\n DEFAULT_MAX_SESSION_LIFESPAN,\n DEFAULT_IDLE_SESSION_LIFESPAN,\n} from '../../shared/utils/session-auth';\n\nconst defaultAdminAuthSettings = {\n providers: {\n autoRegister: false,\n defaultRole: null,\n ssoLockedRoles: null,\n },\n};\n\nconst registerPermissionActions = async () => {\n await getService('permission').actionProvider.registerMany(adminActions.actions);\n};\n\nconst registerAdminConditions = async () => {\n await getService('permission').conditionProvider.registerMany(adminConditions.conditions);\n};\n\nconst registerModelHooks = () => {\n const { sendDidChangeInterfaceLanguage } = getService('metrics');\n\n strapi.db.lifecycles.subscribe({\n models: ['admin::user'],\n afterCreate: sendDidChangeInterfaceLanguage,\n afterDelete: sendDidChangeInterfaceLanguage,\n afterUpdate({ params }) {\n if (params.data.preferedLanguage) {\n sendDidChangeInterfaceLanguage();\n }\n },\n });\n};\n\nconst syncAuthSettings = async () => {\n const adminStore = await strapi.store({ type: 'core', name: 'admin' });\n const adminAuthSettings = await adminStore.get({ key: 'auth' });\n const newAuthSettings = merge(defaultAdminAuthSettings, adminAuthSettings);\n\n const roleExists = await getService('role').exists({\n id: newAuthSettings.providers.defaultRole,\n });\n\n // Reset the default SSO role if it has been deleted manually\n if (!roleExists) {\n newAuthSettings.providers.defaultRole = null;\n }\n\n await adminStore.set({ key: 'auth', value: newAuthSettings });\n};\n\nconst syncAPITokensPermissions = async () => {\n const validPermissions = strapi.contentAPI.permissions.providers.action.keys();\n const permissionsInDB = await async.pipe(\n strapi.db.query('admin::api-token-permission').findMany,\n map('action')\n )();\n\n const unknownPermissions = uniq(difference(permissionsInDB, validPermissions));\n\n if (unknownPermissions.length > 0) {\n await strapi.db\n .query('admin::api-token-permission')\n .deleteMany({ where: { action: { $in: unknownPermissions } } });\n }\n};\n\n/**\n * Ensures the creation of default API tokens during the app creation.\n *\n * Checks the database for existing users and API tokens:\n * - If there are no users and no API tokens, it creates two default API tokens:\n * 1. A \"Read Only\" API token with permissions for accessing resources.\n * 2. A \"Full Access\" API token with permissions for accessing and modifying resources.\n *\n * @sideEffects Creates new API tokens in the database if conditions are met.\n */\n\nconst createDefaultAPITokensIfNeeded = async () => {\n const userService = getService('user');\n const apiTokenService = getService('api-token');\n\n const usersCount = await userService.count();\n const apiTokenCount = await apiTokenService.count();\n\n if (usersCount === 0 && apiTokenCount === 0) {\n for (const token of constants.DEFAULT_API_TOKENS) {\n await apiTokenService.create(token);\n }\n }\n};\n\nexport default async ({ strapi }: { strapi: Core.Strapi }) => {\n // Get the merged token options (includes defaults merged with user config)\n const { options } = getTokenOptions();\n const legacyMaxRefreshFallback =\n expiresInToSeconds(options?.expiresIn) ?? DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN;\n const legacyMaxSessionFallback =\n expiresInToSeconds(options?.expiresIn) ?? DEFAULT_MAX_SESSION_LIFESPAN;\n\n // Warn if using deprecated legacy expiresIn for new session settings\n const hasLegacyExpires = options?.expiresIn != null;\n const hasNewMaxRefresh = strapi.config.get('admin.auth.sessions.maxRefreshTokenLifespan') != null;\n const hasNewMaxSession = strapi.config.get('admin.auth.sessions.maxSessionLifespan') != null;\n\n if (hasLegacyExpires && (!hasNewMaxRefresh || !hasNewMaxSession)) {\n strapi.log.warn(\n 'admin.auth.options.expiresIn is deprecated and will be removed in Strapi 6. Please configure admin.auth.sessions.maxRefreshTokenLifespan and admin.auth.sessions.maxSessionLifespan.'\n );\n }\n\n strapi.sessionManager.defineOrigin('admin', {\n jwtSecret: strapi.config.get('admin.auth.secret'),\n accessTokenLifespan: strapi.config.get('admin.auth.sessions.accessTokenLifespan', 30 * 60),\n maxRefreshTokenLifespan: strapi.config.get(\n 'admin.auth.sessions.maxRefreshTokenLifespan',\n legacyMaxRefreshFallback\n ),\n idleRefreshTokenLifespan: strapi.config.get(\n 'admin.auth.sessions.idleRefreshTokenLifespan',\n DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN\n ),\n maxSessionLifespan: strapi.config.get(\n 'admin.auth.sessions.maxSessionLifespan',\n legacyMaxSessionFallback\n ),\n idleSessionLifespan: strapi.config.get(\n 'admin.auth.sessions.idleSessionLifespan',\n DEFAULT_IDLE_SESSION_LIFESPAN\n ),\n algorithm: options?.algorithm,\n // Pass through all JWT options (includes privateKey, publicKey, and any other options)\n jwtOptions: options,\n });\n\n const isProduction = process.env.NODE_ENV === 'production';\n const adminCookieSecure = strapi.config.get('admin.auth.cookie.secure');\n if (isProduction && adminCookieSecure === false) {\n strapi.log.warn(\n 'Server is in production mode, but admin.auth.cookie.secure has been set to false. This is not recommended and will allow cookies to be sent over insecure connections.'\n );\n }\n\n await registerAdminConditions();\n await registerPermissionActions();\n registerModelHooks();\n\n const permissionService = getService('permission');\n const userService = getService('user');\n const roleService = getService('role');\n const apiTokenService = getService('api-token');\n const transferService = getService('transfer');\n const tokenService = getService('token');\n\n await roleService.createRolesIfNoneExist();\n await roleService.resetSuperAdminPermissions();\n await roleService.displayWarningIfNoSuperAdmin();\n\n await permissionService.cleanPermissionsInDatabase();\n\n await userService.displayWarningIfUsersDontHaveRole();\n\n await syncAuthSettings();\n await syncAPITokensPermissions();\n\n await getService('metrics').sendUpdateProjectInformation(strapi);\n getService('metrics').startCron(strapi);\n\n apiTokenService.checkSaltIsDefined();\n transferService.token.checkSaltIsDefined();\n tokenService.checkSecretIsDefined();\n\n await createDefaultAPITokensIfNeeded();\n};\n"],"names":["defaultAdminAuthSettings","providers","autoRegister","defaultRole","ssoLockedRoles","registerPermissionActions","getService","actionProvider","registerMany","adminActions","actions","registerAdminConditions","conditionProvider","adminConditions","conditions","registerModelHooks","sendDidChangeInterfaceLanguage","strapi","db","lifecycles","subscribe","models","afterCreate","afterDelete","afterUpdate","params","data","preferedLanguage","syncAuthSettings","adminStore","store","type","name","adminAuthSettings","get","key","newAuthSettings","merge","roleExists","exists","id","set","value","syncAPITokensPermissions","validPermissions","contentAPI","permissions","action","keys","permissionsInDB","async","pipe","query","findMany","map","unknownPermissions","uniq","difference","length","deleteMany","where","$in","createDefaultAPITokensIfNeeded","userService","apiTokenService","usersCount","count","apiTokenCount","token","constants","DEFAULT_API_TOKENS","create","options","getTokenOptions","legacyMaxRefreshFallback","expiresInToSeconds","expiresIn","DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN","legacyMaxSessionFallback","DEFAULT_MAX_SESSION_LIFESPAN","hasLegacyExpires","hasNewMaxRefresh","config","hasNewMaxSession","log","warn","sessionManager","defineOrigin","jwtSecret","accessTokenLifespan","maxRefreshTokenLifespan","idleRefreshTokenLifespan","DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN","maxSessionLifespan","idleSessionLifespan","DEFAULT_IDLE_SESSION_LIFESPAN","algorithm","jwtOptions","isProduction","process","env","NODE_ENV","adminCookieSecure","permissionService","roleService","transferService","tokenService","createRolesIfNoneExist","resetSuperAdminPermissions","displayWarningIfNoSuperAdmin","cleanPermissionsInDatabase","displayWarningIfUsersDontHaveRole","sendUpdateProjectInformation","startCron","checkSaltIsDefined","checkSecretIsDefined"],"mappings":";;;;;;;;;;;AAeA,MAAMA,wBAA2B,GAAA;IAC/BC,SAAW,EAAA;QACTC,YAAc,EAAA,KAAA;QACdC,WAAa,EAAA,IAAA;QACbC,cAAgB,EAAA;AAClB;AACF,CAAA;AAEA,MAAMC,yBAA4B,GAAA,UAAA;AAChC,IAAA,MAAMC,iBAAW,YAAcC,CAAAA,CAAAA,cAAc,CAACC,YAAY,CAACC,qBAAaC,OAAO,CAAA;AACjF,CAAA;AAEA,MAAMC,uBAA0B,GAAA,UAAA;AAC9B,IAAA,MAAML,iBAAW,YAAcM,CAAAA,CAAAA,iBAAiB,CAACJ,YAAY,CAACK,wBAAgBC,UAAU,CAAA;AAC1F,CAAA;AAEA,MAAMC,kBAAqB,GAAA,IAAA;AACzB,IAAA,MAAM,EAAEC,8BAA8B,EAAE,GAAGV,gBAAW,CAAA,SAAA,CAAA;AAEtDW,IAAAA,MAAAA,CAAOC,EAAE,CAACC,UAAU,CAACC,SAAS,CAAC;QAC7BC,MAAQ,EAAA;AAAC,YAAA;AAAc,SAAA;QACvBC,WAAaN,EAAAA,8BAAAA;QACbO,WAAaP,EAAAA,8BAAAA;QACbQ,WAAY,CAAA,CAAA,EAAEC,MAAM,EAAE,EAAA;AACpB,YAAA,IAAIA,MAAOC,CAAAA,IAAI,CAACC,gBAAgB,EAAE;AAChCX,gBAAAA,8BAAAA,EAAAA;AACF;AACF;AACF,KAAA,CAAA;AACF,CAAA;AAEA,MAAMY,gBAAmB,GAAA,UAAA;AACvB,IAAA,MAAMC,UAAa,GAAA,MAAMZ,MAAOa,CAAAA,KAAK,CAAC;QAAEC,IAAM,EAAA,MAAA;QAAQC,IAAM,EAAA;AAAQ,KAAA,CAAA;AACpE,IAAA,MAAMC,iBAAoB,GAAA,MAAMJ,UAAWK,CAAAA,GAAG,CAAC;QAAEC,GAAK,EAAA;AAAO,KAAA,CAAA;IAC7D,MAAMC,eAAAA,GAAkBC,SAAMrC,wBAA0BiC,EAAAA,iBAAAA,CAAAA;AAExD,IAAA,MAAMK,UAAa,GAAA,MAAMhC,gBAAW,CAAA,MAAA,CAAA,CAAQiC,MAAM,CAAC;QACjDC,EAAIJ,EAAAA,eAAAA,CAAgBnC,SAAS,CAACE;AAChC,KAAA,CAAA;;AAGA,IAAA,IAAI,CAACmC,UAAY,EAAA;QACfF,eAAgBnC,CAAAA,SAAS,CAACE,WAAW,GAAG,IAAA;AAC1C;IAEA,MAAM0B,UAAAA,CAAWY,GAAG,CAAC;QAAEN,GAAK,EAAA,MAAA;QAAQO,KAAON,EAAAA;AAAgB,KAAA,CAAA;AAC7D,CAAA;AAEA,MAAMO,wBAA2B,GAAA,UAAA;IAC/B,MAAMC,gBAAAA,GAAmB3B,MAAO4B,CAAAA,UAAU,CAACC,WAAW,CAAC7C,SAAS,CAAC8C,MAAM,CAACC,IAAI,EAAA;AAC5E,IAAA,MAAMC,eAAkB,GAAA,MAAMC,WAAMC,CAAAA,IAAI,CACtClC,MAAAA,CAAOC,EAAE,CAACkC,KAAK,CAAC,6BAA+BC,CAAAA,CAAAA,QAAQ,EACvDC,MAAI,CAAA,QAAA,CAAA,CAAA,EAAA;IAGN,MAAMC,kBAAAA,GAAqBC,OAAKC,CAAAA,aAAAA,CAAWR,eAAiBL,EAAAA,gBAAAA,CAAAA,CAAAA;IAE5D,IAAIW,kBAAAA,CAAmBG,MAAM,GAAG,CAAG,EAAA;AACjC,QAAA,MAAMzC,OAAOC,EAAE,CACZkC,KAAK,CAAC,6BAAA,CAAA,CACNO,UAAU,CAAC;YAAEC,KAAO,EAAA;gBAAEb,MAAQ,EAAA;oBAAEc,GAAKN,EAAAA;AAAmB;AAAE;AAAE,SAAA,CAAA;AACjE;AACF,CAAA;AAEA;;;;;;;;;AASC,IAED,MAAMO,8BAAiC,GAAA,UAAA;AACrC,IAAA,MAAMC,cAAczD,gBAAW,CAAA,MAAA,CAAA;AAC/B,IAAA,MAAM0D,kBAAkB1D,gBAAW,CAAA,WAAA,CAAA;IAEnC,MAAM2D,UAAAA,GAAa,MAAMF,WAAAA,CAAYG,KAAK,EAAA;IAC1C,MAAMC,aAAAA,GAAgB,MAAMH,eAAAA,CAAgBE,KAAK,EAAA;IAEjD,IAAID,UAAAA,KAAe,CAAKE,IAAAA,aAAAA,KAAkB,CAAG,EAAA;AAC3C,QAAA,KAAK,MAAMC,KAAAA,IAASC,SAAUC,CAAAA,kBAAkB,CAAE;YAChD,MAAMN,eAAAA,CAAgBO,MAAM,CAACH,KAAAA,CAAAA;AAC/B;AACF;AACF,CAAA;AAEA,gBAAe,CAAA,OAAO,EAAEnD,MAAAA,EAAAA,OAAM,EAA2B,GAAA;;IAEvD,MAAM,EAAEuD,OAAO,EAAE,GAAGC,qBAAAA,EAAAA;IACpB,MAAMC,wBAAAA,GACJC,wBAAmBH,CAAAA,OAAAA,EAASI,SAAcC,CAAAA,IAAAA,8CAAAA;IAC5C,MAAMC,wBAAAA,GACJH,wBAAmBH,CAAAA,OAAAA,EAASI,SAAcG,CAAAA,IAAAA,wCAAAA;;IAG5C,MAAMC,gBAAAA,GAAmBR,SAASI,SAAa,IAAA,IAAA;AAC/C,IAAA,MAAMK,mBAAmBhE,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CAAC,6CAAkD,CAAA,IAAA,IAAA;AAC7F,IAAA,MAAMiD,mBAAmBlE,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CAAC,wCAA6C,CAAA,IAAA,IAAA;AAExF,IAAA,IAAI8C,qBAAqB,CAACC,gBAAoB,IAAA,CAACE,gBAAe,CAAI,EAAA;QAChElE,OAAOmE,CAAAA,GAAG,CAACC,IAAI,CACb,sLAAA,CAAA;AAEJ;AAEApE,IAAAA,OAAAA,CAAOqE,cAAc,CAACC,YAAY,CAAC,OAAS,EAAA;AAC1CC,QAAAA,SAAAA,EAAWvE,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CAAC,mBAAA,CAAA;AAC7BuD,QAAAA,mBAAAA,EAAqBxE,QAAOiE,MAAM,CAAChD,GAAG,CAAC,2CAA2C,EAAK,GAAA,EAAA,CAAA;AACvFwD,QAAAA,uBAAAA,EAAyBzE,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CACxC,6CACAwC,EAAAA,wBAAAA,CAAAA;AAEFiB,QAAAA,wBAAAA,EAA0B1E,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CACzC,8CACA0D,EAAAA,+CAAAA,CAAAA;AAEFC,QAAAA,kBAAAA,EAAoB5E,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CACnC,wCACA4C,EAAAA,wBAAAA,CAAAA;AAEFgB,QAAAA,mBAAAA,EAAqB7E,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CACpC,yCACA6D,EAAAA,yCAAAA,CAAAA;AAEFC,QAAAA,SAAAA,EAAWxB,OAASwB,EAAAA,SAAAA;;QAEpBC,UAAYzB,EAAAA;AACd,KAAA,CAAA;AAEA,IAAA,MAAM0B,YAAeC,GAAAA,OAAAA,CAAQC,GAAG,CAACC,QAAQ,KAAK,YAAA;AAC9C,IAAA,MAAMC,iBAAoBrF,GAAAA,OAAAA,CAAOiE,MAAM,CAAChD,GAAG,CAAC,0BAAA,CAAA;IAC5C,IAAIgE,YAAAA,IAAgBI,sBAAsB,KAAO,EAAA;QAC/CrF,OAAOmE,CAAAA,GAAG,CAACC,IAAI,CACb,wKAAA,CAAA;AAEJ;IAEA,MAAM1E,uBAAAA,EAAAA;IACN,MAAMN,yBAAAA,EAAAA;AACNU,IAAAA,kBAAAA,EAAAA;AAEA,IAAA,MAAMwF,oBAAoBjG,gBAAW,CAAA,YAAA,CAAA;AACrC,IAAA,MAAMyD,cAAczD,gBAAW,CAAA,MAAA,CAAA;AAC/B,IAAA,MAAMkG,cAAclG,gBAAW,CAAA,MAAA,CAAA;AAC/B,IAAA,MAAM0D,kBAAkB1D,gBAAW,CAAA,WAAA,CAAA;AACnC,IAAA,MAAMmG,kBAAkBnG,gBAAW,CAAA,UAAA,CAAA;AACnC,IAAA,MAAMoG,eAAepG,gBAAW,CAAA,OAAA,CAAA;AAEhC,IAAA,MAAMkG,YAAYG,sBAAsB,EAAA;AACxC,IAAA,MAAMH,YAAYI,0BAA0B,EAAA;AAC5C,IAAA,MAAMJ,YAAYK,4BAA4B,EAAA;AAE9C,IAAA,MAAMN,kBAAkBO,0BAA0B,EAAA;AAElD,IAAA,MAAM/C,YAAYgD,iCAAiC,EAAA;IAEnD,MAAMnF,gBAAAA,EAAAA;IACN,MAAMe,wBAAAA,EAAAA;IAEN,MAAMrC,gBAAAA,CAAW,SAAW0G,CAAAA,CAAAA,4BAA4B,CAAC/F,OAAAA,CAAAA;IACzDX,gBAAW,CAAA,SAAA,CAAA,CAAW2G,SAAS,CAAChG,OAAAA,CAAAA;AAEhC+C,IAAAA,eAAAA,CAAgBkD,kBAAkB,EAAA;IAClCT,eAAgBrC,CAAAA,KAAK,CAAC8C,kBAAkB,EAAA;AACxCR,IAAAA,YAAAA,CAAaS,oBAAoB,EAAA;IAEjC,MAAMrD,8BAAAA,EAAAA;AACR,CAAA;;;;"}
package/dist/server/server/src/bootstrap.mjs CHANGED
@@ -113,6 +113,11 @@ var bootstrap = (async ({ strapi: strapi1 })=>{
113
113
  // Pass through all JWT options (includes privateKey, publicKey, and any other options)
114
114
  jwtOptions: options
115
115
  });
116
+ const isProduction = process.env.NODE_ENV === 'production';
117
+ const adminCookieSecure = strapi1.config.get('admin.auth.cookie.secure');
118
+ if (isProduction && adminCookieSecure === false) {
119
+ strapi1.log.warn('Server is in production mode, but admin.auth.cookie.secure has been set to false. This is not recommended and will allow cookies to be sent over insecure connections.');
120
+ }
116
121
  await registerAdminConditions();
117
122
  await registerPermissionActions();
118
123
  registerModelHooks();
package/dist/server/server/src/bootstrap.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"bootstrap.mjs","sources":["../../../../server/src/bootstrap.ts"],"sourcesContent":["import { merge, map, difference, uniq } from 'lodash/fp';\nimport type { Core } from '@strapi/types';\nimport { async } from '@strapi/utils';\nimport { getService } from './utils';\nimport { getTokenOptions, expiresInToSeconds } from './services/token';\nimport adminActions from './config/admin-actions';\nimport adminConditions from './config/admin-conditions';\nimport constants from './services/constants';\nimport {\n DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN,\n DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN,\n DEFAULT_MAX_SESSION_LIFESPAN,\n DEFAULT_IDLE_SESSION_LIFESPAN,\n} from '../../shared/utils/session-auth';\n\nconst defaultAdminAuthSettings = {\n providers: {\n autoRegister: false,\n defaultRole: null,\n ssoLockedRoles: null,\n },\n};\n\nconst registerPermissionActions = async () => {\n await getService('permission').actionProvider.registerMany(adminActions.actions);\n};\n\nconst registerAdminConditions = async () => {\n await getService('permission').conditionProvider.registerMany(adminConditions.conditions);\n};\n\nconst registerModelHooks = () => {\n const { sendDidChangeInterfaceLanguage } = getService('metrics');\n\n strapi.db.lifecycles.subscribe({\n models: ['admin::user'],\n afterCreate: sendDidChangeInterfaceLanguage,\n afterDelete: sendDidChangeInterfaceLanguage,\n afterUpdate({ params }) {\n if (params.data.preferedLanguage) {\n sendDidChangeInterfaceLanguage();\n }\n },\n });\n};\n\nconst syncAuthSettings = async () => {\n const adminStore = await strapi.store({ type: 'core', name: 'admin' });\n const adminAuthSettings = await adminStore.get({ key: 'auth' });\n const newAuthSettings = merge(defaultAdminAuthSettings, adminAuthSettings);\n\n const roleExists = await getService('role').exists({\n id: newAuthSettings.providers.defaultRole,\n });\n\n // Reset the default SSO role if it has been deleted manually\n if (!roleExists) {\n newAuthSettings.providers.defaultRole = null;\n }\n\n await adminStore.set({ key: 'auth', value: newAuthSettings });\n};\n\nconst syncAPITokensPermissions = async () => {\n const validPermissions = strapi.contentAPI.permissions.providers.action.keys();\n const permissionsInDB = await async.pipe(\n strapi.db.query('admin::api-token-permission').findMany,\n map('action')\n )();\n\n const unknownPermissions = uniq(difference(permissionsInDB, validPermissions));\n\n if (unknownPermissions.length > 0) {\n await strapi.db\n .query('admin::api-token-permission')\n .deleteMany({ where: { action: { $in: unknownPermissions } } });\n }\n};\n\n/**\n * Ensures the creation of default API tokens during the app creation.\n *\n * Checks the database for existing users and API tokens:\n * - If there are no users and no API tokens, it creates two default API tokens:\n * 1. A \"Read Only\" API token with permissions for accessing resources.\n * 2. A \"Full Access\" API token with permissions for accessing and modifying resources.\n *\n * @sideEffects Creates new API tokens in the database if conditions are met.\n */\n\nconst createDefaultAPITokensIfNeeded = async () => {\n const userService = getService('user');\n const apiTokenService = getService('api-token');\n\n const usersCount = await userService.count();\n const apiTokenCount = await apiTokenService.count();\n\n if (usersCount === 0 && apiTokenCount === 0) {\n for (const token of constants.DEFAULT_API_TOKENS) {\n await apiTokenService.create(token);\n }\n }\n};\n\nexport default async ({ strapi }: { strapi: Core.Strapi }) => {\n // Get the merged token options (includes defaults merged with user config)\n const { options } = getTokenOptions();\n const legacyMaxRefreshFallback =\n expiresInToSeconds(options?.expiresIn) ?? DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN;\n const legacyMaxSessionFallback =\n expiresInToSeconds(options?.expiresIn) ?? DEFAULT_MAX_SESSION_LIFESPAN;\n\n // Warn if using deprecated legacy expiresIn for new session settings\n const hasLegacyExpires = options?.expiresIn != null;\n const hasNewMaxRefresh = strapi.config.get('admin.auth.sessions.maxRefreshTokenLifespan') != null;\n const hasNewMaxSession = strapi.config.get('admin.auth.sessions.maxSessionLifespan') != null;\n\n if (hasLegacyExpires && (!hasNewMaxRefresh || !hasNewMaxSession)) {\n strapi.log.warn(\n 'admin.auth.options.expiresIn is deprecated and will be removed in Strapi 6. Please configure admin.auth.sessions.maxRefreshTokenLifespan and admin.auth.sessions.maxSessionLifespan.'\n );\n }\n\n strapi.sessionManager.defineOrigin('admin', {\n jwtSecret: strapi.config.get('admin.auth.secret'),\n accessTokenLifespan: strapi.config.get('admin.auth.sessions.accessTokenLifespan', 30 * 60),\n maxRefreshTokenLifespan: strapi.config.get(\n 'admin.auth.sessions.maxRefreshTokenLifespan',\n legacyMaxRefreshFallback\n ),\n idleRefreshTokenLifespan: strapi.config.get(\n 'admin.auth.sessions.idleRefreshTokenLifespan',\n DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN\n ),\n maxSessionLifespan: strapi.config.get(\n 'admin.auth.sessions.maxSessionLifespan',\n legacyMaxSessionFallback\n ),\n idleSessionLifespan: strapi.config.get(\n 'admin.auth.sessions.idleSessionLifespan',\n DEFAULT_IDLE_SESSION_LIFESPAN\n ),\n algorithm: options?.algorithm,\n // Pass through all JWT options (includes privateKey, publicKey, and any other options)\n jwtOptions: options,\n });\n\n await registerAdminConditions();\n await registerPermissionActions();\n registerModelHooks();\n\n const permissionService = getService('permission');\n const userService = getService('user');\n const roleService = getService('role');\n const apiTokenService = getService('api-token');\n const transferService = getService('transfer');\n const tokenService = getService('token');\n\n await roleService.createRolesIfNoneExist();\n await roleService.resetSuperAdminPermissions();\n await roleService.displayWarningIfNoSuperAdmin();\n\n await permissionService.cleanPermissionsInDatabase();\n\n await userService.displayWarningIfUsersDontHaveRole();\n\n await syncAuthSettings();\n await syncAPITokensPermissions();\n\n await getService('metrics').sendUpdateProjectInformation(strapi);\n getService('metrics').startCron(strapi);\n\n apiTokenService.checkSaltIsDefined();\n transferService.token.checkSaltIsDefined();\n tokenService.checkSecretIsDefined();\n\n await createDefaultAPITokensIfNeeded();\n};\n"],"names":["defaultAdminAuthSettings","providers","autoRegister","defaultRole","ssoLockedRoles","registerPermissionActions","getService","actionProvider","registerMany","adminActions","actions","registerAdminConditions","conditionProvider","adminConditions","conditions","registerModelHooks","sendDidChangeInterfaceLanguage","strapi","db","lifecycles","subscribe","models","afterCreate","afterDelete","afterUpdate","params","data","preferedLanguage","syncAuthSettings","adminStore","store","type","name","adminAuthSettings","get","key","newAuthSettings","merge","roleExists","exists","id","set","value","syncAPITokensPermissions","validPermissions","contentAPI","permissions","action","keys","permissionsInDB","async","pipe","query","findMany","map","unknownPermissions","uniq","difference","length","deleteMany","where","$in","createDefaultAPITokensIfNeeded","userService","apiTokenService","usersCount","count","apiTokenCount","token","constants","DEFAULT_API_TOKENS","create","options","getTokenOptions","legacyMaxRefreshFallback","expiresInToSeconds","expiresIn","DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN","legacyMaxSessionFallback","DEFAULT_MAX_SESSION_LIFESPAN","hasLegacyExpires","hasNewMaxRefresh","config","hasNewMaxSession","log","warn","sessionManager","defineOrigin","jwtSecret","accessTokenLifespan","maxRefreshTokenLifespan","idleRefreshTokenLifespan","DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN","maxSessionLifespan","idleSessionLifespan","DEFAULT_IDLE_SESSION_LIFESPAN","algorithm","jwtOptions","permissionService","roleService","transferService","tokenService","createRolesIfNoneExist","resetSuperAdminPermissions","displayWarningIfNoSuperAdmin","cleanPermissionsInDatabase","displayWarningIfUsersDontHaveRole","sendUpdateProjectInformation","startCron","checkSaltIsDefined","checkSecretIsDefined"],"mappings":";;;;;;;;;AAeA,MAAMA,wBAA2B,GAAA;IAC/BC,SAAW,EAAA;QACTC,YAAc,EAAA,KAAA;QACdC,WAAa,EAAA,IAAA;QACbC,cAAgB,EAAA;AAClB;AACF,CAAA;AAEA,MAAMC,yBAA4B,GAAA,UAAA;AAChC,IAAA,MAAMC,WAAW,YAAcC,CAAAA,CAAAA,cAAc,CAACC,YAAY,CAACC,aAAaC,OAAO,CAAA;AACjF,CAAA;AAEA,MAAMC,uBAA0B,GAAA,UAAA;AAC9B,IAAA,MAAML,WAAW,YAAcM,CAAAA,CAAAA,iBAAiB,CAACJ,YAAY,CAACK,gBAAgBC,UAAU,CAAA;AAC1F,CAAA;AAEA,MAAMC,kBAAqB,GAAA,IAAA;AACzB,IAAA,MAAM,EAAEC,8BAA8B,EAAE,GAAGV,UAAW,CAAA,SAAA,CAAA;AAEtDW,IAAAA,MAAAA,CAAOC,EAAE,CAACC,UAAU,CAACC,SAAS,CAAC;QAC7BC,MAAQ,EAAA;AAAC,YAAA;AAAc,SAAA;QACvBC,WAAaN,EAAAA,8BAAAA;QACbO,WAAaP,EAAAA,8BAAAA;QACbQ,WAAY,CAAA,CAAA,EAAEC,MAAM,EAAE,EAAA;AACpB,YAAA,IAAIA,MAAOC,CAAAA,IAAI,CAACC,gBAAgB,EAAE;AAChCX,gBAAAA,8BAAAA,EAAAA;AACF;AACF;AACF,KAAA,CAAA;AACF,CAAA;AAEA,MAAMY,gBAAmB,GAAA,UAAA;AACvB,IAAA,MAAMC,UAAa,GAAA,MAAMZ,MAAOa,CAAAA,KAAK,CAAC;QAAEC,IAAM,EAAA,MAAA;QAAQC,IAAM,EAAA;AAAQ,KAAA,CAAA;AACpE,IAAA,MAAMC,iBAAoB,GAAA,MAAMJ,UAAWK,CAAAA,GAAG,CAAC;QAAEC,GAAK,EAAA;AAAO,KAAA,CAAA;IAC7D,MAAMC,eAAAA,GAAkBC,MAAMrC,wBAA0BiC,EAAAA,iBAAAA,CAAAA;AAExD,IAAA,MAAMK,UAAa,GAAA,MAAMhC,UAAW,CAAA,MAAA,CAAA,CAAQiC,MAAM,CAAC;QACjDC,EAAIJ,EAAAA,eAAAA,CAAgBnC,SAAS,CAACE;AAChC,KAAA,CAAA;;AAGA,IAAA,IAAI,CAACmC,UAAY,EAAA;QACfF,eAAgBnC,CAAAA,SAAS,CAACE,WAAW,GAAG,IAAA;AAC1C;IAEA,MAAM0B,UAAAA,CAAWY,GAAG,CAAC;QAAEN,GAAK,EAAA,MAAA;QAAQO,KAAON,EAAAA;AAAgB,KAAA,CAAA;AAC7D,CAAA;AAEA,MAAMO,wBAA2B,GAAA,UAAA;IAC/B,MAAMC,gBAAAA,GAAmB3B,MAAO4B,CAAAA,UAAU,CAACC,WAAW,CAAC7C,SAAS,CAAC8C,MAAM,CAACC,IAAI,EAAA;AAC5E,IAAA,MAAMC,eAAkB,GAAA,MAAMC,KAAMC,CAAAA,IAAI,CACtClC,MAAAA,CAAOC,EAAE,CAACkC,KAAK,CAAC,6BAA+BC,CAAAA,CAAAA,QAAQ,EACvDC,GAAI,CAAA,QAAA,CAAA,CAAA,EAAA;IAGN,MAAMC,kBAAAA,GAAqBC,IAAKC,CAAAA,UAAAA,CAAWR,eAAiBL,EAAAA,gBAAAA,CAAAA,CAAAA;IAE5D,IAAIW,kBAAAA,CAAmBG,MAAM,GAAG,CAAG,EAAA;AACjC,QAAA,MAAMzC,OAAOC,EAAE,CACZkC,KAAK,CAAC,6BAAA,CAAA,CACNO,UAAU,CAAC;YAAEC,KAAO,EAAA;gBAAEb,MAAQ,EAAA;oBAAEc,GAAKN,EAAAA;AAAmB;AAAE;AAAE,SAAA,CAAA;AACjE;AACF,CAAA;AAEA;;;;;;;;;AASC,IAED,MAAMO,8BAAiC,GAAA,UAAA;AACrC,IAAA,MAAMC,cAAczD,UAAW,CAAA,MAAA,CAAA;AAC/B,IAAA,MAAM0D,kBAAkB1D,UAAW,CAAA,WAAA,CAAA;IAEnC,MAAM2D,UAAAA,GAAa,MAAMF,WAAAA,CAAYG,KAAK,EAAA;IAC1C,MAAMC,aAAAA,GAAgB,MAAMH,eAAAA,CAAgBE,KAAK,EAAA;IAEjD,IAAID,UAAAA,KAAe,CAAKE,IAAAA,aAAAA,KAAkB,CAAG,EAAA;AAC3C,QAAA,KAAK,MAAMC,KAAAA,IAASC,SAAUC,CAAAA,kBAAkB,CAAE;YAChD,MAAMN,eAAAA,CAAgBO,MAAM,CAACH,KAAAA,CAAAA;AAC/B;AACF;AACF,CAAA;AAEA,gBAAe,CAAA,OAAO,EAAEnD,MAAAA,EAAAA,OAAM,EAA2B,GAAA;;IAEvD,MAAM,EAAEuD,OAAO,EAAE,GAAGC,eAAAA,EAAAA;IACpB,MAAMC,wBAAAA,GACJC,kBAAmBH,CAAAA,OAAAA,EAASI,SAAcC,CAAAA,IAAAA,kCAAAA;IAC5C,MAAMC,wBAAAA,GACJH,kBAAmBH,CAAAA,OAAAA,EAASI,SAAcG,CAAAA,IAAAA,4BAAAA;;IAG5C,MAAMC,gBAAAA,GAAmBR,SAASI,SAAa,IAAA,IAAA;AAC/C,IAAA,MAAMK,mBAAmBhE,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CAAC,6CAAkD,CAAA,IAAA,IAAA;AAC7F,IAAA,MAAMiD,mBAAmBlE,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CAAC,wCAA6C,CAAA,IAAA,IAAA;AAExF,IAAA,IAAI8C,qBAAqB,CAACC,gBAAoB,IAAA,CAACE,gBAAe,CAAI,EAAA;QAChElE,OAAOmE,CAAAA,GAAG,CAACC,IAAI,CACb,sLAAA,CAAA;AAEJ;AAEApE,IAAAA,OAAAA,CAAOqE,cAAc,CAACC,YAAY,CAAC,OAAS,EAAA;AAC1CC,QAAAA,SAAAA,EAAWvE,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CAAC,mBAAA,CAAA;AAC7BuD,QAAAA,mBAAAA,EAAqBxE,QAAOiE,MAAM,CAAChD,GAAG,CAAC,2CAA2C,EAAK,GAAA,EAAA,CAAA;AACvFwD,QAAAA,uBAAAA,EAAyBzE,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CACxC,6CACAwC,EAAAA,wBAAAA,CAAAA;AAEFiB,QAAAA,wBAAAA,EAA0B1E,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CACzC,8CACA0D,EAAAA,mCAAAA,CAAAA;AAEFC,QAAAA,kBAAAA,EAAoB5E,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CACnC,wCACA4C,EAAAA,wBAAAA,CAAAA;AAEFgB,QAAAA,mBAAAA,EAAqB7E,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CACpC,yCACA6D,EAAAA,6BAAAA,CAAAA;AAEFC,QAAAA,SAAAA,EAAWxB,OAASwB,EAAAA,SAAAA;;QAEpBC,UAAYzB,EAAAA;AACd,KAAA,CAAA;IAEA,MAAM7D,uBAAAA,EAAAA;IACN,MAAMN,yBAAAA,EAAAA;AACNU,IAAAA,kBAAAA,EAAAA;AAEA,IAAA,MAAMmF,oBAAoB5F,UAAW,CAAA,YAAA,CAAA;AACrC,IAAA,MAAMyD,cAAczD,UAAW,CAAA,MAAA,CAAA;AAC/B,IAAA,MAAM6F,cAAc7F,UAAW,CAAA,MAAA,CAAA;AAC/B,IAAA,MAAM0D,kBAAkB1D,UAAW,CAAA,WAAA,CAAA;AACnC,IAAA,MAAM8F,kBAAkB9F,UAAW,CAAA,UAAA,CAAA;AACnC,IAAA,MAAM+F,eAAe/F,UAAW,CAAA,OAAA,CAAA;AAEhC,IAAA,MAAM6F,YAAYG,sBAAsB,EAAA;AACxC,IAAA,MAAMH,YAAYI,0BAA0B,EAAA;AAC5C,IAAA,MAAMJ,YAAYK,4BAA4B,EAAA;AAE9C,IAAA,MAAMN,kBAAkBO,0BAA0B,EAAA;AAElD,IAAA,MAAM1C,YAAY2C,iCAAiC,EAAA;IAEnD,MAAM9E,gBAAAA,EAAAA;IACN,MAAMe,wBAAAA,EAAAA;IAEN,MAAMrC,UAAAA,CAAW,SAAWqG,CAAAA,CAAAA,4BAA4B,CAAC1F,OAAAA,CAAAA;IACzDX,UAAW,CAAA,SAAA,CAAA,CAAWsG,SAAS,CAAC3F,OAAAA,CAAAA;AAEhC+C,IAAAA,eAAAA,CAAgB6C,kBAAkB,EAAA;IAClCT,eAAgBhC,CAAAA,KAAK,CAACyC,kBAAkB,EAAA;AACxCR,IAAAA,YAAAA,CAAaS,oBAAoB,EAAA;IAEjC,MAAMhD,8BAAAA,EAAAA;AACR,CAAA;;;;"}
1
+ {"version":3,"file":"bootstrap.mjs","sources":["../../../../server/src/bootstrap.ts"],"sourcesContent":["import { merge, map, difference, uniq } from 'lodash/fp';\nimport type { Core } from '@strapi/types';\nimport { async } from '@strapi/utils';\nimport { getService } from './utils';\nimport { getTokenOptions, expiresInToSeconds } from './services/token';\nimport adminActions from './config/admin-actions';\nimport adminConditions from './config/admin-conditions';\nimport constants from './services/constants';\nimport {\n DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN,\n DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN,\n DEFAULT_MAX_SESSION_LIFESPAN,\n DEFAULT_IDLE_SESSION_LIFESPAN,\n} from '../../shared/utils/session-auth';\n\nconst defaultAdminAuthSettings = {\n providers: {\n autoRegister: false,\n defaultRole: null,\n ssoLockedRoles: null,\n },\n};\n\nconst registerPermissionActions = async () => {\n await getService('permission').actionProvider.registerMany(adminActions.actions);\n};\n\nconst registerAdminConditions = async () => {\n await getService('permission').conditionProvider.registerMany(adminConditions.conditions);\n};\n\nconst registerModelHooks = () => {\n const { sendDidChangeInterfaceLanguage } = getService('metrics');\n\n strapi.db.lifecycles.subscribe({\n models: ['admin::user'],\n afterCreate: sendDidChangeInterfaceLanguage,\n afterDelete: sendDidChangeInterfaceLanguage,\n afterUpdate({ params }) {\n if (params.data.preferedLanguage) {\n sendDidChangeInterfaceLanguage();\n }\n },\n });\n};\n\nconst syncAuthSettings = async () => {\n const adminStore = await strapi.store({ type: 'core', name: 'admin' });\n const adminAuthSettings = await adminStore.get({ key: 'auth' });\n const newAuthSettings = merge(defaultAdminAuthSettings, adminAuthSettings);\n\n const roleExists = await getService('role').exists({\n id: newAuthSettings.providers.defaultRole,\n });\n\n // Reset the default SSO role if it has been deleted manually\n if (!roleExists) {\n newAuthSettings.providers.defaultRole = null;\n }\n\n await adminStore.set({ key: 'auth', value: newAuthSettings });\n};\n\nconst syncAPITokensPermissions = async () => {\n const validPermissions = strapi.contentAPI.permissions.providers.action.keys();\n const permissionsInDB = await async.pipe(\n strapi.db.query('admin::api-token-permission').findMany,\n map('action')\n )();\n\n const unknownPermissions = uniq(difference(permissionsInDB, validPermissions));\n\n if (unknownPermissions.length > 0) {\n await strapi.db\n .query('admin::api-token-permission')\n .deleteMany({ where: { action: { $in: unknownPermissions } } });\n }\n};\n\n/**\n * Ensures the creation of default API tokens during the app creation.\n *\n * Checks the database for existing users and API tokens:\n * - If there are no users and no API tokens, it creates two default API tokens:\n * 1. A \"Read Only\" API token with permissions for accessing resources.\n * 2. A \"Full Access\" API token with permissions for accessing and modifying resources.\n *\n * @sideEffects Creates new API tokens in the database if conditions are met.\n */\n\nconst createDefaultAPITokensIfNeeded = async () => {\n const userService = getService('user');\n const apiTokenService = getService('api-token');\n\n const usersCount = await userService.count();\n const apiTokenCount = await apiTokenService.count();\n\n if (usersCount === 0 && apiTokenCount === 0) {\n for (const token of constants.DEFAULT_API_TOKENS) {\n await apiTokenService.create(token);\n }\n }\n};\n\nexport default async ({ strapi }: { strapi: Core.Strapi }) => {\n // Get the merged token options (includes defaults merged with user config)\n const { options } = getTokenOptions();\n const legacyMaxRefreshFallback =\n expiresInToSeconds(options?.expiresIn) ?? DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN;\n const legacyMaxSessionFallback =\n expiresInToSeconds(options?.expiresIn) ?? DEFAULT_MAX_SESSION_LIFESPAN;\n\n // Warn if using deprecated legacy expiresIn for new session settings\n const hasLegacyExpires = options?.expiresIn != null;\n const hasNewMaxRefresh = strapi.config.get('admin.auth.sessions.maxRefreshTokenLifespan') != null;\n const hasNewMaxSession = strapi.config.get('admin.auth.sessions.maxSessionLifespan') != null;\n\n if (hasLegacyExpires && (!hasNewMaxRefresh || !hasNewMaxSession)) {\n strapi.log.warn(\n 'admin.auth.options.expiresIn is deprecated and will be removed in Strapi 6. Please configure admin.auth.sessions.maxRefreshTokenLifespan and admin.auth.sessions.maxSessionLifespan.'\n );\n }\n\n strapi.sessionManager.defineOrigin('admin', {\n jwtSecret: strapi.config.get('admin.auth.secret'),\n accessTokenLifespan: strapi.config.get('admin.auth.sessions.accessTokenLifespan', 30 * 60),\n maxRefreshTokenLifespan: strapi.config.get(\n 'admin.auth.sessions.maxRefreshTokenLifespan',\n legacyMaxRefreshFallback\n ),\n idleRefreshTokenLifespan: strapi.config.get(\n 'admin.auth.sessions.idleRefreshTokenLifespan',\n DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN\n ),\n maxSessionLifespan: strapi.config.get(\n 'admin.auth.sessions.maxSessionLifespan',\n legacyMaxSessionFallback\n ),\n idleSessionLifespan: strapi.config.get(\n 'admin.auth.sessions.idleSessionLifespan',\n DEFAULT_IDLE_SESSION_LIFESPAN\n ),\n algorithm: options?.algorithm,\n // Pass through all JWT options (includes privateKey, publicKey, and any other options)\n jwtOptions: options,\n });\n\n const isProduction = process.env.NODE_ENV === 'production';\n const adminCookieSecure = strapi.config.get('admin.auth.cookie.secure');\n if (isProduction && adminCookieSecure === false) {\n strapi.log.warn(\n 'Server is in production mode, but admin.auth.cookie.secure has been set to false. This is not recommended and will allow cookies to be sent over insecure connections.'\n );\n }\n\n await registerAdminConditions();\n await registerPermissionActions();\n registerModelHooks();\n\n const permissionService = getService('permission');\n const userService = getService('user');\n const roleService = getService('role');\n const apiTokenService = getService('api-token');\n const transferService = getService('transfer');\n const tokenService = getService('token');\n\n await roleService.createRolesIfNoneExist();\n await roleService.resetSuperAdminPermissions();\n await roleService.displayWarningIfNoSuperAdmin();\n\n await permissionService.cleanPermissionsInDatabase();\n\n await userService.displayWarningIfUsersDontHaveRole();\n\n await syncAuthSettings();\n await syncAPITokensPermissions();\n\n await getService('metrics').sendUpdateProjectInformation(strapi);\n getService('metrics').startCron(strapi);\n\n apiTokenService.checkSaltIsDefined();\n transferService.token.checkSaltIsDefined();\n tokenService.checkSecretIsDefined();\n\n await createDefaultAPITokensIfNeeded();\n};\n"],"names":["defaultAdminAuthSettings","providers","autoRegister","defaultRole","ssoLockedRoles","registerPermissionActions","getService","actionProvider","registerMany","adminActions","actions","registerAdminConditions","conditionProvider","adminConditions","conditions","registerModelHooks","sendDidChangeInterfaceLanguage","strapi","db","lifecycles","subscribe","models","afterCreate","afterDelete","afterUpdate","params","data","preferedLanguage","syncAuthSettings","adminStore","store","type","name","adminAuthSettings","get","key","newAuthSettings","merge","roleExists","exists","id","set","value","syncAPITokensPermissions","validPermissions","contentAPI","permissions","action","keys","permissionsInDB","async","pipe","query","findMany","map","unknownPermissions","uniq","difference","length","deleteMany","where","$in","createDefaultAPITokensIfNeeded","userService","apiTokenService","usersCount","count","apiTokenCount","token","constants","DEFAULT_API_TOKENS","create","options","getTokenOptions","legacyMaxRefreshFallback","expiresInToSeconds","expiresIn","DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN","legacyMaxSessionFallback","DEFAULT_MAX_SESSION_LIFESPAN","hasLegacyExpires","hasNewMaxRefresh","config","hasNewMaxSession","log","warn","sessionManager","defineOrigin","jwtSecret","accessTokenLifespan","maxRefreshTokenLifespan","idleRefreshTokenLifespan","DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN","maxSessionLifespan","idleSessionLifespan","DEFAULT_IDLE_SESSION_LIFESPAN","algorithm","jwtOptions","isProduction","process","env","NODE_ENV","adminCookieSecure","permissionService","roleService","transferService","tokenService","createRolesIfNoneExist","resetSuperAdminPermissions","displayWarningIfNoSuperAdmin","cleanPermissionsInDatabase","displayWarningIfUsersDontHaveRole","sendUpdateProjectInformation","startCron","checkSaltIsDefined","checkSecretIsDefined"],"mappings":";;;;;;;;;AAeA,MAAMA,wBAA2B,GAAA;IAC/BC,SAAW,EAAA;QACTC,YAAc,EAAA,KAAA;QACdC,WAAa,EAAA,IAAA;QACbC,cAAgB,EAAA;AAClB;AACF,CAAA;AAEA,MAAMC,yBAA4B,GAAA,UAAA;AAChC,IAAA,MAAMC,WAAW,YAAcC,CAAAA,CAAAA,cAAc,CAACC,YAAY,CAACC,aAAaC,OAAO,CAAA;AACjF,CAAA;AAEA,MAAMC,uBAA0B,GAAA,UAAA;AAC9B,IAAA,MAAML,WAAW,YAAcM,CAAAA,CAAAA,iBAAiB,CAACJ,YAAY,CAACK,gBAAgBC,UAAU,CAAA;AAC1F,CAAA;AAEA,MAAMC,kBAAqB,GAAA,IAAA;AACzB,IAAA,MAAM,EAAEC,8BAA8B,EAAE,GAAGV,UAAW,CAAA,SAAA,CAAA;AAEtDW,IAAAA,MAAAA,CAAOC,EAAE,CAACC,UAAU,CAACC,SAAS,CAAC;QAC7BC,MAAQ,EAAA;AAAC,YAAA;AAAc,SAAA;QACvBC,WAAaN,EAAAA,8BAAAA;QACbO,WAAaP,EAAAA,8BAAAA;QACbQ,WAAY,CAAA,CAAA,EAAEC,MAAM,EAAE,EAAA;AACpB,YAAA,IAAIA,MAAOC,CAAAA,IAAI,CAACC,gBAAgB,EAAE;AAChCX,gBAAAA,8BAAAA,EAAAA;AACF;AACF;AACF,KAAA,CAAA;AACF,CAAA;AAEA,MAAMY,gBAAmB,GAAA,UAAA;AACvB,IAAA,MAAMC,UAAa,GAAA,MAAMZ,MAAOa,CAAAA,KAAK,CAAC;QAAEC,IAAM,EAAA,MAAA;QAAQC,IAAM,EAAA;AAAQ,KAAA,CAAA;AACpE,IAAA,MAAMC,iBAAoB,GAAA,MAAMJ,UAAWK,CAAAA,GAAG,CAAC;QAAEC,GAAK,EAAA;AAAO,KAAA,CAAA;IAC7D,MAAMC,eAAAA,GAAkBC,MAAMrC,wBAA0BiC,EAAAA,iBAAAA,CAAAA;AAExD,IAAA,MAAMK,UAAa,GAAA,MAAMhC,UAAW,CAAA,MAAA,CAAA,CAAQiC,MAAM,CAAC;QACjDC,EAAIJ,EAAAA,eAAAA,CAAgBnC,SAAS,CAACE;AAChC,KAAA,CAAA;;AAGA,IAAA,IAAI,CAACmC,UAAY,EAAA;QACfF,eAAgBnC,CAAAA,SAAS,CAACE,WAAW,GAAG,IAAA;AAC1C;IAEA,MAAM0B,UAAAA,CAAWY,GAAG,CAAC;QAAEN,GAAK,EAAA,MAAA;QAAQO,KAAON,EAAAA;AAAgB,KAAA,CAAA;AAC7D,CAAA;AAEA,MAAMO,wBAA2B,GAAA,UAAA;IAC/B,MAAMC,gBAAAA,GAAmB3B,MAAO4B,CAAAA,UAAU,CAACC,WAAW,CAAC7C,SAAS,CAAC8C,MAAM,CAACC,IAAI,EAAA;AAC5E,IAAA,MAAMC,eAAkB,GAAA,MAAMC,KAAMC,CAAAA,IAAI,CACtClC,MAAAA,CAAOC,EAAE,CAACkC,KAAK,CAAC,6BAA+BC,CAAAA,CAAAA,QAAQ,EACvDC,GAAI,CAAA,QAAA,CAAA,CAAA,EAAA;IAGN,MAAMC,kBAAAA,GAAqBC,IAAKC,CAAAA,UAAAA,CAAWR,eAAiBL,EAAAA,gBAAAA,CAAAA,CAAAA;IAE5D,IAAIW,kBAAAA,CAAmBG,MAAM,GAAG,CAAG,EAAA;AACjC,QAAA,MAAMzC,OAAOC,EAAE,CACZkC,KAAK,CAAC,6BAAA,CAAA,CACNO,UAAU,CAAC;YAAEC,KAAO,EAAA;gBAAEb,MAAQ,EAAA;oBAAEc,GAAKN,EAAAA;AAAmB;AAAE;AAAE,SAAA,CAAA;AACjE;AACF,CAAA;AAEA;;;;;;;;;AASC,IAED,MAAMO,8BAAiC,GAAA,UAAA;AACrC,IAAA,MAAMC,cAAczD,UAAW,CAAA,MAAA,CAAA;AAC/B,IAAA,MAAM0D,kBAAkB1D,UAAW,CAAA,WAAA,CAAA;IAEnC,MAAM2D,UAAAA,GAAa,MAAMF,WAAAA,CAAYG,KAAK,EAAA;IAC1C,MAAMC,aAAAA,GAAgB,MAAMH,eAAAA,CAAgBE,KAAK,EAAA;IAEjD,IAAID,UAAAA,KAAe,CAAKE,IAAAA,aAAAA,KAAkB,CAAG,EAAA;AAC3C,QAAA,KAAK,MAAMC,KAAAA,IAASC,SAAUC,CAAAA,kBAAkB,CAAE;YAChD,MAAMN,eAAAA,CAAgBO,MAAM,CAACH,KAAAA,CAAAA;AAC/B;AACF;AACF,CAAA;AAEA,gBAAe,CAAA,OAAO,EAAEnD,MAAAA,EAAAA,OAAM,EAA2B,GAAA;;IAEvD,MAAM,EAAEuD,OAAO,EAAE,GAAGC,eAAAA,EAAAA;IACpB,MAAMC,wBAAAA,GACJC,kBAAmBH,CAAAA,OAAAA,EAASI,SAAcC,CAAAA,IAAAA,kCAAAA;IAC5C,MAAMC,wBAAAA,GACJH,kBAAmBH,CAAAA,OAAAA,EAASI,SAAcG,CAAAA,IAAAA,4BAAAA;;IAG5C,MAAMC,gBAAAA,GAAmBR,SAASI,SAAa,IAAA,IAAA;AAC/C,IAAA,MAAMK,mBAAmBhE,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CAAC,6CAAkD,CAAA,IAAA,IAAA;AAC7F,IAAA,MAAMiD,mBAAmBlE,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CAAC,wCAA6C,CAAA,IAAA,IAAA;AAExF,IAAA,IAAI8C,qBAAqB,CAACC,gBAAoB,IAAA,CAACE,gBAAe,CAAI,EAAA;QAChElE,OAAOmE,CAAAA,GAAG,CAACC,IAAI,CACb,sLAAA,CAAA;AAEJ;AAEApE,IAAAA,OAAAA,CAAOqE,cAAc,CAACC,YAAY,CAAC,OAAS,EAAA;AAC1CC,QAAAA,SAAAA,EAAWvE,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CAAC,mBAAA,CAAA;AAC7BuD,QAAAA,mBAAAA,EAAqBxE,QAAOiE,MAAM,CAAChD,GAAG,CAAC,2CAA2C,EAAK,GAAA,EAAA,CAAA;AACvFwD,QAAAA,uBAAAA,EAAyBzE,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CACxC,6CACAwC,EAAAA,wBAAAA,CAAAA;AAEFiB,QAAAA,wBAAAA,EAA0B1E,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CACzC,8CACA0D,EAAAA,mCAAAA,CAAAA;AAEFC,QAAAA,kBAAAA,EAAoB5E,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CACnC,wCACA4C,EAAAA,wBAAAA,CAAAA;AAEFgB,QAAAA,mBAAAA,EAAqB7E,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CACpC,yCACA6D,EAAAA,6BAAAA,CAAAA;AAEFC,QAAAA,SAAAA,EAAWxB,OAASwB,EAAAA,SAAAA;;QAEpBC,UAAYzB,EAAAA;AACd,KAAA,CAAA;AAEA,IAAA,MAAM0B,YAAeC,GAAAA,OAAAA,CAAQC,GAAG,CAACC,QAAQ,KAAK,YAAA;AAC9C,IAAA,MAAMC,iBAAoBrF,GAAAA,OAAAA,CAAOiE,MAAM,CAAChD,GAAG,CAAC,0BAAA,CAAA;IAC5C,IAAIgE,YAAAA,IAAgBI,sBAAsB,KAAO,EAAA;QAC/CrF,OAAOmE,CAAAA,GAAG,CAACC,IAAI,CACb,wKAAA,CAAA;AAEJ;IAEA,MAAM1E,uBAAAA,EAAAA;IACN,MAAMN,yBAAAA,EAAAA;AACNU,IAAAA,kBAAAA,EAAAA;AAEA,IAAA,MAAMwF,oBAAoBjG,UAAW,CAAA,YAAA,CAAA;AACrC,IAAA,MAAMyD,cAAczD,UAAW,CAAA,MAAA,CAAA;AAC/B,IAAA,MAAMkG,cAAclG,UAAW,CAAA,MAAA,CAAA;AAC/B,IAAA,MAAM0D,kBAAkB1D,UAAW,CAAA,WAAA,CAAA;AACnC,IAAA,MAAMmG,kBAAkBnG,UAAW,CAAA,UAAA,CAAA;AACnC,IAAA,MAAMoG,eAAepG,UAAW,CAAA,OAAA,CAAA;AAEhC,IAAA,MAAMkG,YAAYG,sBAAsB,EAAA;AACxC,IAAA,MAAMH,YAAYI,0BAA0B,EAAA;AAC5C,IAAA,MAAMJ,YAAYK,4BAA4B,EAAA;AAE9C,IAAA,MAAMN,kBAAkBO,0BAA0B,EAAA;AAElD,IAAA,MAAM/C,YAAYgD,iCAAiC,EAAA;IAEnD,MAAMnF,gBAAAA,EAAAA;IACN,MAAMe,wBAAAA,EAAAA;IAEN,MAAMrC,UAAAA,CAAW,SAAW0G,CAAAA,CAAAA,4BAA4B,CAAC/F,OAAAA,CAAAA;IACzDX,UAAW,CAAA,SAAA,CAAA,CAAW2G,SAAS,CAAChG,OAAAA,CAAAA;AAEhC+C,IAAAA,eAAAA,CAAgBkD,kBAAkB,EAAA;IAClCT,eAAgBrC,CAAAA,KAAK,CAAC8C,kBAAkB,EAAA;AACxCR,IAAAA,YAAAA,CAAaS,oBAAoB,EAAA;IAEjC,MAAMrD,8BAAAA,EAAAA;AACR,CAAA;;;;"}
package/dist/server/server/src/controllers/authenticated-user.js CHANGED
@@ -39,6 +39,21 @@ var authenticatedUser = {
39
39
  // @ts-expect-error - transform response type to sanitized permission
40
40
  data: userPermissions.map(sanitizePermission)
41
41
  };
42
+ },
43
+ async getAiToken (ctx) {
44
+ try {
45
+ // Security check: Ensure user is authenticated and has proper permissions
46
+ if (!ctx.state.user) {
47
+ return ctx.unauthorized('Authentication required');
48
+ }
49
+ const tokenData = await index.getService('user').getAiToken();
50
+ ctx.body = {
51
+ data: tokenData
52
+ };
53
+ } catch (error) {
54
+ const errorMessage = 'AI token request failed. Check server logs for details.';
55
+ return ctx.internalServerError(errorMessage);
56
+ }
42
57
  }
43
58
  };
44
59
 
package/dist/server/server/src/controllers/authenticated-user.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"authenticated-user.js","sources":["../../../../../server/src/controllers/authenticated-user.ts"],"sourcesContent":["import type { Context } from 'koa';\nimport type { AdminUser } from '../../../shared/contracts/shared';\n\nimport { getService } from '../utils';\nimport { validateProfileUpdateInput } from '../validation/user';\nimport { GetMe, GetOwnPermissions, UpdateMe } from '../../../shared/contracts/users';\n\nexport default {\n async getMe(ctx: Context) {\n const userInfo = getService('user').sanitizeUser(ctx.state.user as AdminUser);\n\n ctx.body = {\n data: userInfo,\n } satisfies GetMe.Response;\n },\n\n async updateMe(ctx: Context) {\n const input = ctx.request.body as UpdateMe.Request['body'];\n\n await validateProfileUpdateInput(input);\n\n const userService = getService('user');\n const authServer = getService('auth');\n\n const { currentPassword, ...userInfo } = input;\n\n if (currentPassword && userInfo.password) {\n const isValid = await authServer.validatePassword(currentPassword, ctx.state.user.password);\n\n if (!isValid) {\n return ctx.badRequest('ValidationError', {\n currentPassword: ['Invalid credentials'],\n });\n }\n }\n\n const updatedUser = await userService.updateById(ctx.state.user.id, userInfo);\n\n ctx.body = {\n data: userService.sanitizeUser(updatedUser),\n } satisfies UpdateMe.Response;\n },\n\n async getOwnPermissions(ctx: Context) {\n const { findUserPermissions, sanitizePermission } = getService('permission');\n const { user } = ctx.state;\n\n const userPermissions = await findUserPermissions(user as AdminUser);\n\n ctx.body = {\n // @ts-expect-error - transform response type to sanitized permission\n data: userPermissions.map(sanitizePermission),\n } satisfies GetOwnPermissions.Response;\n },\n};\n"],"names":["getMe","ctx","userInfo","getService","sanitizeUser","state","user","body","data","updateMe","input","request","validateProfileUpdateInput","userService","authServer","currentPassword","password","isValid","validatePassword","badRequest","updatedUser","updateById","id","getOwnPermissions","findUserPermissions","sanitizePermission","userPermissions","map"],"mappings":";;;;;AAOA,wBAAe;AACb,IAAA,MAAMA,OAAMC,GAAY,EAAA;QACtB,MAAMC,QAAAA,GAAWC,iBAAW,MAAQC,CAAAA,CAAAA,YAAY,CAACH,GAAII,CAAAA,KAAK,CAACC,IAAI,CAAA;AAE/DL,QAAAA,GAAAA,CAAIM,IAAI,GAAG;YACTC,IAAMN,EAAAA;AACR,SAAA;AACF,KAAA;AAEA,IAAA,MAAMO,UAASR,GAAY,EAAA;AACzB,QAAA,MAAMS,KAAQT,GAAAA,GAAAA,CAAIU,OAAO,CAACJ,IAAI;AAE9B,QAAA,MAAMK,+BAA2BF,CAAAA,KAAAA,CAAAA;AAEjC,QAAA,MAAMG,cAAcV,gBAAW,CAAA,MAAA,CAAA;AAC/B,QAAA,MAAMW,aAAaX,gBAAW,CAAA,MAAA,CAAA;AAE9B,QAAA,MAAM,EAAEY,eAAe,EAAE,GAAGb,UAAU,GAAGQ,KAAAA;QAEzC,IAAIK,eAAAA,IAAmBb,QAASc,CAAAA,QAAQ,EAAE;YACxC,MAAMC,OAAAA,GAAU,MAAMH,UAAAA,CAAWI,gBAAgB,CAACH,eAAiBd,EAAAA,GAAAA,CAAII,KAAK,CAACC,IAAI,CAACU,QAAQ,CAAA;AAE1F,YAAA,IAAI,CAACC,OAAS,EAAA;gBACZ,OAAOhB,GAAAA,CAAIkB,UAAU,CAAC,iBAAmB,EAAA;oBACvCJ,eAAiB,EAAA;AAAC,wBAAA;AAAsB;AAC1C,iBAAA,CAAA;AACF;AACF;QAEA,MAAMK,WAAAA,GAAc,MAAMP,WAAAA,CAAYQ,UAAU,CAACpB,GAAII,CAAAA,KAAK,CAACC,IAAI,CAACgB,EAAE,EAAEpB,QAAAA,CAAAA;AAEpED,QAAAA,GAAAA,CAAIM,IAAI,GAAG;YACTC,IAAMK,EAAAA,WAAAA,CAAYT,YAAY,CAACgB,WAAAA;AACjC,SAAA;AACF,KAAA;AAEA,IAAA,MAAMG,mBAAkBtB,GAAY,EAAA;AAClC,QAAA,MAAM,EAAEuB,mBAAmB,EAAEC,kBAAkB,EAAE,GAAGtB,gBAAW,CAAA,YAAA,CAAA;AAC/D,QAAA,MAAM,EAAEG,IAAI,EAAE,GAAGL,IAAII,KAAK;QAE1B,MAAMqB,eAAAA,GAAkB,MAAMF,mBAAoBlB,CAAAA,IAAAA,CAAAA;AAElDL,QAAAA,GAAAA,CAAIM,IAAI,GAAG;;YAETC,IAAMkB,EAAAA,eAAAA,CAAgBC,GAAG,CAACF,kBAAAA;AAC5B,SAAA;AACF;AACF,CAAE;;;;"}
1
+ {"version":3,"file":"authenticated-user.js","sources":["../../../../../server/src/controllers/authenticated-user.ts"],"sourcesContent":["import type { Context } from 'koa';\nimport type { AdminUser } from '../../../shared/contracts/shared';\n\nimport { getService } from '../utils';\nimport { validateProfileUpdateInput } from '../validation/user';\nimport { GetMe, GetOwnPermissions, UpdateMe, GetAiToken } from '../../../shared/contracts/users';\n\nexport default {\n async getMe(ctx: Context) {\n const userInfo = getService('user').sanitizeUser(ctx.state.user as AdminUser);\n\n ctx.body = {\n data: userInfo,\n } satisfies GetMe.Response;\n },\n\n async updateMe(ctx: Context) {\n const input = ctx.request.body as UpdateMe.Request['body'];\n\n await validateProfileUpdateInput(input);\n\n const userService = getService('user');\n const authServer = getService('auth');\n\n const { currentPassword, ...userInfo } = input;\n\n if (currentPassword && userInfo.password) {\n const isValid = await authServer.validatePassword(currentPassword, ctx.state.user.password);\n\n if (!isValid) {\n return ctx.badRequest('ValidationError', {\n currentPassword: ['Invalid credentials'],\n });\n }\n }\n\n const updatedUser = await userService.updateById(ctx.state.user.id, userInfo);\n\n ctx.body = {\n data: userService.sanitizeUser(updatedUser),\n } satisfies UpdateMe.Response;\n },\n\n async getOwnPermissions(ctx: Context) {\n const { findUserPermissions, sanitizePermission } = getService('permission');\n const { user } = ctx.state;\n\n const userPermissions = await findUserPermissions(user as AdminUser);\n\n ctx.body = {\n // @ts-expect-error - transform response type to sanitized permission\n data: userPermissions.map(sanitizePermission),\n } satisfies GetOwnPermissions.Response;\n },\n\n async getAiToken(ctx: Context) {\n try {\n // Security check: Ensure user is authenticated and has proper permissions\n if (!ctx.state.user) {\n return ctx.unauthorized('Authentication required');\n }\n\n const tokenData = await getService('user').getAiToken();\n\n ctx.body = {\n data: tokenData,\n } satisfies GetAiToken.Response;\n } catch (error) {\n const errorMessage = 'AI token request failed. Check server logs for details.';\n return ctx.internalServerError(errorMessage);\n }\n },\n};\n"],"names":["getMe","ctx","userInfo","getService","sanitizeUser","state","user","body","data","updateMe","input","request","validateProfileUpdateInput","userService","authServer","currentPassword","password","isValid","validatePassword","badRequest","updatedUser","updateById","id","getOwnPermissions","findUserPermissions","sanitizePermission","userPermissions","map","getAiToken","unauthorized","tokenData","error","errorMessage","internalServerError"],"mappings":";;;;;AAOA,wBAAe;AACb,IAAA,MAAMA,OAAMC,GAAY,EAAA;QACtB,MAAMC,QAAAA,GAAWC,iBAAW,MAAQC,CAAAA,CAAAA,YAAY,CAACH,GAAII,CAAAA,KAAK,CAACC,IAAI,CAAA;AAE/DL,QAAAA,GAAAA,CAAIM,IAAI,GAAG;YACTC,IAAMN,EAAAA;AACR,SAAA;AACF,KAAA;AAEA,IAAA,MAAMO,UAASR,GAAY,EAAA;AACzB,QAAA,MAAMS,KAAQT,GAAAA,GAAAA,CAAIU,OAAO,CAACJ,IAAI;AAE9B,QAAA,MAAMK,+BAA2BF,CAAAA,KAAAA,CAAAA;AAEjC,QAAA,MAAMG,cAAcV,gBAAW,CAAA,MAAA,CAAA;AAC/B,QAAA,MAAMW,aAAaX,gBAAW,CAAA,MAAA,CAAA;AAE9B,QAAA,MAAM,EAAEY,eAAe,EAAE,GAAGb,UAAU,GAAGQ,KAAAA;QAEzC,IAAIK,eAAAA,IAAmBb,QAASc,CAAAA,QAAQ,EAAE;YACxC,MAAMC,OAAAA,GAAU,MAAMH,UAAAA,CAAWI,gBAAgB,CAACH,eAAiBd,EAAAA,GAAAA,CAAII,KAAK,CAACC,IAAI,CAACU,QAAQ,CAAA;AAE1F,YAAA,IAAI,CAACC,OAAS,EAAA;gBACZ,OAAOhB,GAAAA,CAAIkB,UAAU,CAAC,iBAAmB,EAAA;oBACvCJ,eAAiB,EAAA;AAAC,wBAAA;AAAsB;AAC1C,iBAAA,CAAA;AACF;AACF;QAEA,MAAMK,WAAAA,GAAc,MAAMP,WAAAA,CAAYQ,UAAU,CAACpB,GAAII,CAAAA,KAAK,CAACC,IAAI,CAACgB,EAAE,EAAEpB,QAAAA,CAAAA;AAEpED,QAAAA,GAAAA,CAAIM,IAAI,GAAG;YACTC,IAAMK,EAAAA,WAAAA,CAAYT,YAAY,CAACgB,WAAAA;AACjC,SAAA;AACF,KAAA;AAEA,IAAA,MAAMG,mBAAkBtB,GAAY,EAAA;AAClC,QAAA,MAAM,EAAEuB,mBAAmB,EAAEC,kBAAkB,EAAE,GAAGtB,gBAAW,CAAA,YAAA,CAAA;AAC/D,QAAA,MAAM,EAAEG,IAAI,EAAE,GAAGL,IAAII,KAAK;QAE1B,MAAMqB,eAAAA,GAAkB,MAAMF,mBAAoBlB,CAAAA,IAAAA,CAAAA;AAElDL,QAAAA,GAAAA,CAAIM,IAAI,GAAG;;YAETC,IAAMkB,EAAAA,eAAAA,CAAgBC,GAAG,CAACF,kBAAAA;AAC5B,SAAA;AACF,KAAA;AAEA,IAAA,MAAMG,YAAW3B,GAAY,EAAA;QAC3B,IAAI;;AAEF,YAAA,IAAI,CAACA,GAAAA,CAAII,KAAK,CAACC,IAAI,EAAE;gBACnB,OAAOL,GAAAA,CAAI4B,YAAY,CAAC,yBAAA,CAAA;AAC1B;AAEA,YAAA,MAAMC,SAAY,GAAA,MAAM3B,gBAAW,CAAA,MAAA,CAAA,CAAQyB,UAAU,EAAA;AAErD3B,YAAAA,GAAAA,CAAIM,IAAI,GAAG;gBACTC,IAAMsB,EAAAA;AACR,aAAA;AACF,SAAA,CAAE,OAAOC,KAAO,EAAA;AACd,YAAA,MAAMC,YAAe,GAAA,yDAAA;YACrB,OAAO/B,GAAAA,CAAIgC,mBAAmB,CAACD,YAAAA,CAAAA;AACjC;AACF;AACF,CAAE;;;;"}
package/dist/server/server/src/controllers/authenticated-user.mjs CHANGED
@@ -37,6 +37,21 @@ var authenticatedUser = {
37
37
  // @ts-expect-error - transform response type to sanitized permission
38
38
  data: userPermissions.map(sanitizePermission)
39
39
  };
40
+ },
41
+ async getAiToken (ctx) {
42
+ try {
43
+ // Security check: Ensure user is authenticated and has proper permissions
44
+ if (!ctx.state.user) {
45
+ return ctx.unauthorized('Authentication required');
46
+ }
47
+ const tokenData = await getService('user').getAiToken();
48
+ ctx.body = {
49
+ data: tokenData
50
+ };
51
+ } catch (error) {
52
+ const errorMessage = 'AI token request failed. Check server logs for details.';
53
+ return ctx.internalServerError(errorMessage);
54
+ }
40
55
  }
41
56
  };
42
57
 
package/dist/server/server/src/controllers/authenticated-user.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"authenticated-user.mjs","sources":["../../../../../server/src/controllers/authenticated-user.ts"],"sourcesContent":["import type { Context } from 'koa';\nimport type { AdminUser } from '../../../shared/contracts/shared';\n\nimport { getService } from '../utils';\nimport { validateProfileUpdateInput } from '../validation/user';\nimport { GetMe, GetOwnPermissions, UpdateMe } from '../../../shared/contracts/users';\n\nexport default {\n async getMe(ctx: Context) {\n const userInfo = getService('user').sanitizeUser(ctx.state.user as AdminUser);\n\n ctx.body = {\n data: userInfo,\n } satisfies GetMe.Response;\n },\n\n async updateMe(ctx: Context) {\n const input = ctx.request.body as UpdateMe.Request['body'];\n\n await validateProfileUpdateInput(input);\n\n const userService = getService('user');\n const authServer = getService('auth');\n\n const { currentPassword, ...userInfo } = input;\n\n if (currentPassword && userInfo.password) {\n const isValid = await authServer.validatePassword(currentPassword, ctx.state.user.password);\n\n if (!isValid) {\n return ctx.badRequest('ValidationError', {\n currentPassword: ['Invalid credentials'],\n });\n }\n }\n\n const updatedUser = await userService.updateById(ctx.state.user.id, userInfo);\n\n ctx.body = {\n data: userService.sanitizeUser(updatedUser),\n } satisfies UpdateMe.Response;\n },\n\n async getOwnPermissions(ctx: Context) {\n const { findUserPermissions, sanitizePermission } = getService('permission');\n const { user } = ctx.state;\n\n const userPermissions = await findUserPermissions(user as AdminUser);\n\n ctx.body = {\n // @ts-expect-error - transform response type to sanitized permission\n data: userPermissions.map(sanitizePermission),\n } satisfies GetOwnPermissions.Response;\n },\n};\n"],"names":["getMe","ctx","userInfo","getService","sanitizeUser","state","user","body","data","updateMe","input","request","validateProfileUpdateInput","userService","authServer","currentPassword","password","isValid","validatePassword","badRequest","updatedUser","updateById","id","getOwnPermissions","findUserPermissions","sanitizePermission","userPermissions","map"],"mappings":";;;AAOA,wBAAe;AACb,IAAA,MAAMA,OAAMC,GAAY,EAAA;QACtB,MAAMC,QAAAA,GAAWC,WAAW,MAAQC,CAAAA,CAAAA,YAAY,CAACH,GAAII,CAAAA,KAAK,CAACC,IAAI,CAAA;AAE/DL,QAAAA,GAAAA,CAAIM,IAAI,GAAG;YACTC,IAAMN,EAAAA;AACR,SAAA;AACF,KAAA;AAEA,IAAA,MAAMO,UAASR,GAAY,EAAA;AACzB,QAAA,MAAMS,KAAQT,GAAAA,GAAAA,CAAIU,OAAO,CAACJ,IAAI;AAE9B,QAAA,MAAMK,0BAA2BF,CAAAA,KAAAA,CAAAA;AAEjC,QAAA,MAAMG,cAAcV,UAAW,CAAA,MAAA,CAAA;AAC/B,QAAA,MAAMW,aAAaX,UAAW,CAAA,MAAA,CAAA;AAE9B,QAAA,MAAM,EAAEY,eAAe,EAAE,GAAGb,UAAU,GAAGQ,KAAAA;QAEzC,IAAIK,eAAAA,IAAmBb,QAASc,CAAAA,QAAQ,EAAE;YACxC,MAAMC,OAAAA,GAAU,MAAMH,UAAAA,CAAWI,gBAAgB,CAACH,eAAiBd,EAAAA,GAAAA,CAAII,KAAK,CAACC,IAAI,CAACU,QAAQ,CAAA;AAE1F,YAAA,IAAI,CAACC,OAAS,EAAA;gBACZ,OAAOhB,GAAAA,CAAIkB,UAAU,CAAC,iBAAmB,EAAA;oBACvCJ,eAAiB,EAAA;AAAC,wBAAA;AAAsB;AAC1C,iBAAA,CAAA;AACF;AACF;QAEA,MAAMK,WAAAA,GAAc,MAAMP,WAAAA,CAAYQ,UAAU,CAACpB,GAAII,CAAAA,KAAK,CAACC,IAAI,CAACgB,EAAE,EAAEpB,QAAAA,CAAAA;AAEpED,QAAAA,GAAAA,CAAIM,IAAI,GAAG;YACTC,IAAMK,EAAAA,WAAAA,CAAYT,YAAY,CAACgB,WAAAA;AACjC,SAAA;AACF,KAAA;AAEA,IAAA,MAAMG,mBAAkBtB,GAAY,EAAA;AAClC,QAAA,MAAM,EAAEuB,mBAAmB,EAAEC,kBAAkB,EAAE,GAAGtB,UAAW,CAAA,YAAA,CAAA;AAC/D,QAAA,MAAM,EAAEG,IAAI,EAAE,GAAGL,IAAII,KAAK;QAE1B,MAAMqB,eAAAA,GAAkB,MAAMF,mBAAoBlB,CAAAA,IAAAA,CAAAA;AAElDL,QAAAA,GAAAA,CAAIM,IAAI,GAAG;;YAETC,IAAMkB,EAAAA,eAAAA,CAAgBC,GAAG,CAACF,kBAAAA;AAC5B,SAAA;AACF;AACF,CAAE;;;;"}
1
+ {"version":3,"file":"authenticated-user.mjs","sources":["../../../../../server/src/controllers/authenticated-user.ts"],"sourcesContent":["import type { Context } from 'koa';\nimport type { AdminUser } from '../../../shared/contracts/shared';\n\nimport { getService } from '../utils';\nimport { validateProfileUpdateInput } from '../validation/user';\nimport { GetMe, GetOwnPermissions, UpdateMe, GetAiToken } from '../../../shared/contracts/users';\n\nexport default {\n async getMe(ctx: Context) {\n const userInfo = getService('user').sanitizeUser(ctx.state.user as AdminUser);\n\n ctx.body = {\n data: userInfo,\n } satisfies GetMe.Response;\n },\n\n async updateMe(ctx: Context) {\n const input = ctx.request.body as UpdateMe.Request['body'];\n\n await validateProfileUpdateInput(input);\n\n const userService = getService('user');\n const authServer = getService('auth');\n\n const { currentPassword, ...userInfo } = input;\n\n if (currentPassword && userInfo.password) {\n const isValid = await authServer.validatePassword(currentPassword, ctx.state.user.password);\n\n if (!isValid) {\n return ctx.badRequest('ValidationError', {\n currentPassword: ['Invalid credentials'],\n });\n }\n }\n\n const updatedUser = await userService.updateById(ctx.state.user.id, userInfo);\n\n ctx.body = {\n data: userService.sanitizeUser(updatedUser),\n } satisfies UpdateMe.Response;\n },\n\n async getOwnPermissions(ctx: Context) {\n const { findUserPermissions, sanitizePermission } = getService('permission');\n const { user } = ctx.state;\n\n const userPermissions = await findUserPermissions(user as AdminUser);\n\n ctx.body = {\n // @ts-expect-error - transform response type to sanitized permission\n data: userPermissions.map(sanitizePermission),\n } satisfies GetOwnPermissions.Response;\n },\n\n async getAiToken(ctx: Context) {\n try {\n // Security check: Ensure user is authenticated and has proper permissions\n if (!ctx.state.user) {\n return ctx.unauthorized('Authentication required');\n }\n\n const tokenData = await getService('user').getAiToken();\n\n ctx.body = {\n data: tokenData,\n } satisfies GetAiToken.Response;\n } catch (error) {\n const errorMessage = 'AI token request failed. Check server logs for details.';\n return ctx.internalServerError(errorMessage);\n }\n },\n};\n"],"names":["getMe","ctx","userInfo","getService","sanitizeUser","state","user","body","data","updateMe","input","request","validateProfileUpdateInput","userService","authServer","currentPassword","password","isValid","validatePassword","badRequest","updatedUser","updateById","id","getOwnPermissions","findUserPermissions","sanitizePermission","userPermissions","map","getAiToken","unauthorized","tokenData","error","errorMessage","internalServerError"],"mappings":";;;AAOA,wBAAe;AACb,IAAA,MAAMA,OAAMC,GAAY,EAAA;QACtB,MAAMC,QAAAA,GAAWC,WAAW,MAAQC,CAAAA,CAAAA,YAAY,CAACH,GAAII,CAAAA,KAAK,CAACC,IAAI,CAAA;AAE/DL,QAAAA,GAAAA,CAAIM,IAAI,GAAG;YACTC,IAAMN,EAAAA;AACR,SAAA;AACF,KAAA;AAEA,IAAA,MAAMO,UAASR,GAAY,EAAA;AACzB,QAAA,MAAMS,KAAQT,GAAAA,GAAAA,CAAIU,OAAO,CAACJ,IAAI;AAE9B,QAAA,MAAMK,0BAA2BF,CAAAA,KAAAA,CAAAA;AAEjC,QAAA,MAAMG,cAAcV,UAAW,CAAA,MAAA,CAAA;AAC/B,QAAA,MAAMW,aAAaX,UAAW,CAAA,MAAA,CAAA;AAE9B,QAAA,MAAM,EAAEY,eAAe,EAAE,GAAGb,UAAU,GAAGQ,KAAAA;QAEzC,IAAIK,eAAAA,IAAmBb,QAASc,CAAAA,QAAQ,EAAE;YACxC,MAAMC,OAAAA,GAAU,MAAMH,UAAAA,CAAWI,gBAAgB,CAACH,eAAiBd,EAAAA,GAAAA,CAAII,KAAK,CAACC,IAAI,CAACU,QAAQ,CAAA;AAE1F,YAAA,IAAI,CAACC,OAAS,EAAA;gBACZ,OAAOhB,GAAAA,CAAIkB,UAAU,CAAC,iBAAmB,EAAA;oBACvCJ,eAAiB,EAAA;AAAC,wBAAA;AAAsB;AAC1C,iBAAA,CAAA;AACF;AACF;QAEA,MAAMK,WAAAA,GAAc,MAAMP,WAAAA,CAAYQ,UAAU,CAACpB,GAAII,CAAAA,KAAK,CAACC,IAAI,CAACgB,EAAE,EAAEpB,QAAAA,CAAAA;AAEpED,QAAAA,GAAAA,CAAIM,IAAI,GAAG;YACTC,IAAMK,EAAAA,WAAAA,CAAYT,YAAY,CAACgB,WAAAA;AACjC,SAAA;AACF,KAAA;AAEA,IAAA,MAAMG,mBAAkBtB,GAAY,EAAA;AAClC,QAAA,MAAM,EAAEuB,mBAAmB,EAAEC,kBAAkB,EAAE,GAAGtB,UAAW,CAAA,YAAA,CAAA;AAC/D,QAAA,MAAM,EAAEG,IAAI,EAAE,GAAGL,IAAII,KAAK;QAE1B,MAAMqB,eAAAA,GAAkB,MAAMF,mBAAoBlB,CAAAA,IAAAA,CAAAA;AAElDL,QAAAA,GAAAA,CAAIM,IAAI,GAAG;;YAETC,IAAMkB,EAAAA,eAAAA,CAAgBC,GAAG,CAACF,kBAAAA;AAC5B,SAAA;AACF,KAAA;AAEA,IAAA,MAAMG,YAAW3B,GAAY,EAAA;QAC3B,IAAI;;AAEF,YAAA,IAAI,CAACA,GAAAA,CAAII,KAAK,CAACC,IAAI,EAAE;gBACnB,OAAOL,GAAAA,CAAI4B,YAAY,CAAC,yBAAA,CAAA;AAC1B;AAEA,YAAA,MAAMC,SAAY,GAAA,MAAM3B,UAAW,CAAA,MAAA,CAAA,CAAQyB,UAAU,EAAA;AAErD3B,YAAAA,GAAAA,CAAIM,IAAI,GAAG;gBACTC,IAAMsB,EAAAA;AACR,aAAA;AACF,SAAA,CAAE,OAAOC,KAAO,EAAA;AACd,YAAA,MAAMC,YAAe,GAAA,yDAAA;YACrB,OAAO/B,GAAAA,CAAIgC,mBAAmB,CAACD,YAAAA,CAAAA;AACjC;AACF;AACF,CAAE;;;;"}
package/dist/server/server/src/routes/users.js CHANGED
@@ -31,6 +31,16 @@ var users = [
31
31
  ]
32
32
  }
33
33
  },
34
+ {
35
+ method: 'GET',
36
+ path: '/users/me/ai-token',
37
+ handler: 'authenticated-user.getAiToken',
38
+ config: {
39
+ policies: [
40
+ 'admin::isAuthenticatedAdmin'
41
+ ]
42
+ }
43
+ },
34
44
  {
35
45
  method: 'POST',
36
46
  path: '/users',
package/dist/server/server/src/routes/users.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"users.js","sources":["../../../../../server/src/routes/users.ts"],"sourcesContent":["export default [\n {\n method: 'GET',\n path: '/users/me',\n handler: 'authenticated-user.getMe',\n config: {\n policies: ['admin::isAuthenticatedAdmin'],\n },\n },\n {\n method: 'PUT',\n path: '/users/me',\n handler: 'authenticated-user.updateMe',\n config: {\n policies: ['admin::isAuthenticatedAdmin'],\n },\n },\n {\n method: 'GET',\n path: '/users/me/permissions',\n handler: 'authenticated-user.getOwnPermissions',\n config: {\n policies: ['admin::isAuthenticatedAdmin'],\n },\n },\n {\n method: 'POST',\n path: '/users',\n handler: 'user.create',\n config: {\n policies: [\n 'admin::isAuthenticatedAdmin',\n { name: 'admin::hasPermissions', config: { actions: ['admin::users.create'] } },\n ],\n },\n },\n {\n method: 'GET',\n path: '/users',\n handler: 'user.find',\n config: {\n policies: [\n 'admin::isAuthenticatedAdmin',\n { name: 'admin::hasPermissions', config: { actions: ['admin::users.read'] } },\n ],\n },\n },\n {\n method: 'GET',\n path: '/users/:id',\n handler: 'user.findOne',\n config: {\n policies: [\n 'admin::isAuthenticatedAdmin',\n { name: 'admin::hasPermissions', config: { actions: ['admin::users.read'] } },\n ],\n },\n },\n {\n method: 'PUT',\n path: '/users/:id',\n handler: 'user.update',\n config: {\n policies: [\n 'admin::isAuthenticatedAdmin',\n { name: 'admin::hasPermissions', config: { actions: ['admin::users.update'] } },\n ],\n },\n },\n {\n method: 'DELETE',\n path: '/users/:id',\n handler: 'user.deleteOne',\n config: {\n policies: [{ name: 'admin::hasPermissions', config: { actions: ['admin::users.delete'] } }],\n },\n },\n {\n method: 'POST',\n path: '/users/batch-delete',\n handler: 'user.deleteMany',\n config: {\n policies: [{ name: 'admin::hasPermissions', config: { actions: ['admin::users.delete'] } }],\n },\n },\n];\n"],"names":["method","path","handler","config","policies","name","actions"],"mappings":";;AAAA,YAAe;AACb,IAAA;QACEA,MAAQ,EAAA,KAAA;QACRC,IAAM,EAAA,WAAA;QACNC,OAAS,EAAA,0BAAA;QACTC,MAAQ,EAAA;YACNC,QAAU,EAAA;AAAC,gBAAA;AAA8B;AAC3C;AACF,KAAA;AACA,IAAA;QACEJ,MAAQ,EAAA,KAAA;QACRC,IAAM,EAAA,WAAA;QACNC,OAAS,EAAA,6BAAA;QACTC,MAAQ,EAAA;YACNC,QAAU,EAAA;AAAC,gBAAA;AAA8B;AAC3C;AACF,KAAA;AACA,IAAA;QACEJ,MAAQ,EAAA,KAAA;QACRC,IAAM,EAAA,uBAAA;QACNC,OAAS,EAAA,sCAAA;QACTC,MAAQ,EAAA;YACNC,QAAU,EAAA;AAAC,gBAAA;AAA8B;AAC3C;AACF,KAAA;AACA,IAAA;QACEJ,MAAQ,EAAA,MAAA;QACRC,IAAM,EAAA,QAAA;QACNC,OAAS,EAAA,aAAA;QACTC,MAAQ,EAAA;YACNC,QAAU,EAAA;AACR,gBAAA,6BAAA;AACA,gBAAA;oBAAEC,IAAM,EAAA,uBAAA;oBAAyBF,MAAQ,EAAA;wBAAEG,OAAS,EAAA;AAAC,4BAAA;AAAsB;AAAC;AAAE;AAC/E;AACH;AACF,KAAA;AACA,IAAA;QACEN,MAAQ,EAAA,KAAA;QACRC,IAAM,EAAA,QAAA;QACNC,OAAS,EAAA,WAAA;QACTC,MAAQ,EAAA;YACNC,QAAU,EAAA;AACR,gBAAA,6BAAA;AACA,gBAAA;oBAAEC,IAAM,EAAA,uBAAA;oBAAyBF,MAAQ,EAAA;wBAAEG,OAAS,EAAA;AAAC,4BAAA;AAAoB;AAAC;AAAE;AAC7E;AACH;AACF,KAAA;AACA,IAAA;QACEN,MAAQ,EAAA,KAAA;QACRC,IAAM,EAAA,YAAA;QACNC,OAAS,EAAA,cAAA;QACTC,MAAQ,EAAA;YACNC,QAAU,EAAA;AACR,gBAAA,6BAAA;AACA,gBAAA;oBAAEC,IAAM,EAAA,uBAAA;oBAAyBF,MAAQ,EAAA;wBAAEG,OAAS,EAAA;AAAC,4BAAA;AAAoB;AAAC;AAAE;AAC7E;AACH;AACF,KAAA;AACA,IAAA;QACEN,MAAQ,EAAA,KAAA;QACRC,IAAM,EAAA,YAAA;QACNC,OAAS,EAAA,aAAA;QACTC,MAAQ,EAAA;YACNC,QAAU,EAAA;AACR,gBAAA,6BAAA;AACA,gBAAA;oBAAEC,IAAM,EAAA,uBAAA;oBAAyBF,MAAQ,EAAA;wBAAEG,OAAS,EAAA;AAAC,4BAAA;AAAsB;AAAC;AAAE;AAC/E;AACH;AACF,KAAA;AACA,IAAA;QACEN,MAAQ,EAAA,QAAA;QACRC,IAAM,EAAA,YAAA;QACNC,OAAS,EAAA,gBAAA;QACTC,MAAQ,EAAA;YACNC,QAAU,EAAA;AAAC,gBAAA;oBAAEC,IAAM,EAAA,uBAAA;oBAAyBF,MAAQ,EAAA;wBAAEG,OAAS,EAAA;AAAC,4BAAA;AAAsB;AAAC;AAAE;AAAE;AAC7F;AACF,KAAA;AACA,IAAA;QACEN,MAAQ,EAAA,MAAA;QACRC,IAAM,EAAA,qBAAA;QACNC,OAAS,EAAA,iBAAA;QACTC,MAAQ,EAAA;YACNC,QAAU,EAAA;AAAC,gBAAA;oBAAEC,IAAM,EAAA,uBAAA;oBAAyBF,MAAQ,EAAA;wBAAEG,OAAS,EAAA;AAAC,4BAAA;AAAsB;AAAC;AAAE;AAAE;AAC7F;AACF;CACD;;;;"}
1
+ {"version":3,"file":"users.js","sources":["../../../../../server/src/routes/users.ts"],"sourcesContent":["export default [\n {\n method: 'GET',\n path: '/users/me',\n handler: 'authenticated-user.getMe',\n config: {\n policies: ['admin::isAuthenticatedAdmin'],\n },\n },\n {\n method: 'PUT',\n path: '/users/me',\n handler: 'authenticated-user.updateMe',\n config: {\n policies: ['admin::isAuthenticatedAdmin'],\n },\n },\n {\n method: 'GET',\n path: '/users/me/permissions',\n handler: 'authenticated-user.getOwnPermissions',\n config: {\n policies: ['admin::isAuthenticatedAdmin'],\n },\n },\n {\n method: 'GET',\n path: '/users/me/ai-token',\n handler: 'authenticated-user.getAiToken',\n config: {\n policies: ['admin::isAuthenticatedAdmin'],\n },\n },\n {\n method: 'POST',\n path: '/users',\n handler: 'user.create',\n config: {\n policies: [\n 'admin::isAuthenticatedAdmin',\n { name: 'admin::hasPermissions', config: { actions: ['admin::users.create'] } },\n ],\n },\n },\n {\n method: 'GET',\n path: '/users',\n handler: 'user.find',\n config: {\n policies: [\n 'admin::isAuthenticatedAdmin',\n { name: 'admin::hasPermissions', config: { actions: ['admin::users.read'] } },\n ],\n },\n },\n {\n method: 'GET',\n path: '/users/:id',\n handler: 'user.findOne',\n config: {\n policies: [\n 'admin::isAuthenticatedAdmin',\n { name: 'admin::hasPermissions', config: { actions: ['admin::users.read'] } },\n ],\n },\n },\n {\n method: 'PUT',\n path: '/users/:id',\n handler: 'user.update',\n config: {\n policies: [\n 'admin::isAuthenticatedAdmin',\n { name: 'admin::hasPermissions', config: { actions: ['admin::users.update'] } },\n ],\n },\n },\n {\n method: 'DELETE',\n path: '/users/:id',\n handler: 'user.deleteOne',\n config: {\n policies: [{ name: 'admin::hasPermissions', config: { actions: ['admin::users.delete'] } }],\n },\n },\n {\n method: 'POST',\n path: '/users/batch-delete',\n handler: 'user.deleteMany',\n config: {\n policies: [{ name: 'admin::hasPermissions', config: { actions: ['admin::users.delete'] } }],\n },\n },\n];\n"],"names":["method","path","handler","config","policies","name","actions"],"mappings":";;AAAA,YAAe;AACb,IAAA;QACEA,MAAQ,EAAA,KAAA;QACRC,IAAM,EAAA,WAAA;QACNC,OAAS,EAAA,0BAAA;QACTC,MAAQ,EAAA;YACNC,QAAU,EAAA;AAAC,gBAAA;AAA8B;AAC3C;AACF,KAAA;AACA,IAAA;QACEJ,MAAQ,EAAA,KAAA;QACRC,IAAM,EAAA,WAAA;QACNC,OAAS,EAAA,6BAAA;QACTC,MAAQ,EAAA;YACNC,QAAU,EAAA;AAAC,gBAAA;AAA8B;AAC3C;AACF,KAAA;AACA,IAAA;QACEJ,MAAQ,EAAA,KAAA;QACRC,IAAM,EAAA,uBAAA;QACNC,OAAS,EAAA,sCAAA;QACTC,MAAQ,EAAA;YACNC,QAAU,EAAA;AAAC,gBAAA;AAA8B;AAC3C;AACF,KAAA;AACA,IAAA;QACEJ,MAAQ,EAAA,KAAA;QACRC,IAAM,EAAA,oBAAA;QACNC,OAAS,EAAA,+BAAA;QACTC,MAAQ,EAAA;YACNC,QAAU,EAAA;AAAC,gBAAA;AAA8B;AAC3C;AACF,KAAA;AACA,IAAA;QACEJ,MAAQ,EAAA,MAAA;QACRC,IAAM,EAAA,QAAA;QACNC,OAAS,EAAA,aAAA;QACTC,MAAQ,EAAA;YACNC,QAAU,EAAA;AACR,gBAAA,6BAAA;AACA,gBAAA;oBAAEC,IAAM,EAAA,uBAAA;oBAAyBF,MAAQ,EAAA;wBAAEG,OAAS,EAAA;AAAC,4BAAA;AAAsB;AAAC;AAAE;AAC/E;AACH;AACF,KAAA;AACA,IAAA;QACEN,MAAQ,EAAA,KAAA;QACRC,IAAM,EAAA,QAAA;QACNC,OAAS,EAAA,WAAA;QACTC,MAAQ,EAAA;YACNC,QAAU,EAAA;AACR,gBAAA,6BAAA;AACA,gBAAA;oBAAEC,IAAM,EAAA,uBAAA;oBAAyBF,MAAQ,EAAA;wBAAEG,OAAS,EAAA;AAAC,4BAAA;AAAoB;AAAC;AAAE;AAC7E;AACH;AACF,KAAA;AACA,IAAA;QACEN,MAAQ,EAAA,KAAA;QACRC,IAAM,EAAA,YAAA;QACNC,OAAS,EAAA,cAAA;QACTC,MAAQ,EAAA;YACNC,QAAU,EAAA;AACR,gBAAA,6BAAA;AACA,gBAAA;oBAAEC,IAAM,EAAA,uBAAA;oBAAyBF,MAAQ,EAAA;wBAAEG,OAAS,EAAA;AAAC,4BAAA;AAAoB;AAAC;AAAE;AAC7E;AACH;AACF,KAAA;AACA,IAAA;QACEN,MAAQ,EAAA,KAAA;QACRC,IAAM,EAAA,YAAA;QACNC,OAAS,EAAA,aAAA;QACTC,MAAQ,EAAA;YACNC,QAAU,EAAA;AACR,gBAAA,6BAAA;AACA,gBAAA;oBAAEC,IAAM,EAAA,uBAAA;oBAAyBF,MAAQ,EAAA;wBAAEG,OAAS,EAAA;AAAC,4BAAA;AAAsB;AAAC;AAAE;AAC/E;AACH;AACF,KAAA;AACA,IAAA;QACEN,MAAQ,EAAA,QAAA;QACRC,IAAM,EAAA,YAAA;QACNC,OAAS,EAAA,gBAAA;QACTC,MAAQ,EAAA;YACNC,QAAU,EAAA;AAAC,gBAAA;oBAAEC,IAAM,EAAA,uBAAA;oBAAyBF,MAAQ,EAAA;wBAAEG,OAAS,EAAA;AAAC,4BAAA;AAAsB;AAAC;AAAE;AAAE;AAC7F;AACF,KAAA;AACA,IAAA;QACEN,MAAQ,EAAA,MAAA;QACRC,IAAM,EAAA,qBAAA;QACNC,OAAS,EAAA,iBAAA;QACTC,MAAQ,EAAA;YACNC,QAAU,EAAA;AAAC,gBAAA;oBAAEC,IAAM,EAAA,uBAAA;oBAAyBF,MAAQ,EAAA;wBAAEG,OAAS,EAAA;AAAC,4BAAA;AAAsB;AAAC;AAAE;AAAE;AAC7F;AACF;CACD;;;;"}
package/dist/server/server/src/routes/users.mjs CHANGED
@@ -29,6 +29,16 @@ var users = [
29
29
  ]
30
30
  }
31
31
  },
32
+ {
33
+ method: 'GET',
34
+ path: '/users/me/ai-token',
35
+ handler: 'authenticated-user.getAiToken',
36
+ config: {
37
+ policies: [
38
+ 'admin::isAuthenticatedAdmin'
39
+ ]
40
+ }
41
+ },
32
42
  {
33
43
  method: 'POST',
34
44
  path: '/users',
package/dist/server/server/src/routes/users.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"users.mjs","sources":["../../../../../server/src/routes/users.ts"],"sourcesContent":["export default [\n {\n method: 'GET',\n path: '/users/me',\n handler: 'authenticated-user.getMe',\n config: {\n policies: ['admin::isAuthenticatedAdmin'],\n },\n },\n {\n method: 'PUT',\n path: '/users/me',\n handler: 'authenticated-user.updateMe',\n config: {\n policies: ['admin::isAuthenticatedAdmin'],\n },\n },\n {\n method: 'GET',\n path: '/users/me/permissions',\n handler: 'authenticated-user.getOwnPermissions',\n config: {\n policies: ['admin::isAuthenticatedAdmin'],\n },\n },\n {\n method: 'POST',\n path: '/users',\n handler: 'user.create',\n config: {\n policies: [\n 'admin::isAuthenticatedAdmin',\n { name: 'admin::hasPermissions', config: { actions: ['admin::users.create'] } },\n ],\n },\n },\n {\n method: 'GET',\n path: '/users',\n handler: 'user.find',\n config: {\n policies: [\n 'admin::isAuthenticatedAdmin',\n { name: 'admin::hasPermissions', config: { actions: ['admin::users.read'] } },\n ],\n },\n },\n {\n method: 'GET',\n path: '/users/:id',\n handler: 'user.findOne',\n config: {\n policies: [\n 'admin::isAuthenticatedAdmin',\n { name: 'admin::hasPermissions', config: { actions: ['admin::users.read'] } },\n ],\n },\n },\n {\n method: 'PUT',\n path: '/users/:id',\n handler: 'user.update',\n config: {\n policies: [\n 'admin::isAuthenticatedAdmin',\n { name: 'admin::hasPermissions', config: { actions: ['admin::users.update'] } },\n ],\n },\n },\n {\n method: 'DELETE',\n path: '/users/:id',\n handler: 'user.deleteOne',\n config: {\n policies: [{ name: 'admin::hasPermissions', config: { actions: ['admin::users.delete'] } }],\n },\n },\n {\n method: 'POST',\n path: '/users/batch-delete',\n handler: 'user.deleteMany',\n config: {\n policies: [{ name: 'admin::hasPermissions', config: { actions: ['admin::users.delete'] } }],\n },\n },\n];\n"],"names":["method","path","handler","config","policies","name","actions"],"mappings":"AAAA,YAAe;AACb,IAAA;QACEA,MAAQ,EAAA,KAAA;QACRC,IAAM,EAAA,WAAA;QACNC,OAAS,EAAA,0BAAA;QACTC,MAAQ,EAAA;YACNC,QAAU,EAAA;AAAC,gBAAA;AAA8B;AAC3C;AACF,KAAA;AACA,IAAA;QACEJ,MAAQ,EAAA,KAAA;QACRC,IAAM,EAAA,WAAA;QACNC,OAAS,EAAA,6BAAA;QACTC,MAAQ,EAAA;YACNC,QAAU,EAAA;AAAC,gBAAA;AAA8B;AAC3C;AACF,KAAA;AACA,IAAA;QACEJ,MAAQ,EAAA,KAAA;QACRC,IAAM,EAAA,uBAAA;QACNC,OAAS,EAAA,sCAAA;QACTC,MAAQ,EAAA;YACNC,QAAU,EAAA;AAAC,gBAAA;AAA8B;AAC3C;AACF,KAAA;AACA,IAAA;QACEJ,MAAQ,EAAA,MAAA;QACRC,IAAM,EAAA,QAAA;QACNC,OAAS,EAAA,aAAA;QACTC,MAAQ,EAAA;YACNC,QAAU,EAAA;AACR,gBAAA,6BAAA;AACA,gBAAA;oBAAEC,IAAM,EAAA,uBAAA;oBAAyBF,MAAQ,EAAA;wBAAEG,OAAS,EAAA;AAAC,4BAAA;AAAsB;AAAC;AAAE;AAC/E;AACH;AACF,KAAA;AACA,IAAA;QACEN,MAAQ,EAAA,KAAA;QACRC,IAAM,EAAA,QAAA;QACNC,OAAS,EAAA,WAAA;QACTC,MAAQ,EAAA;YACNC,QAAU,EAAA;AACR,gBAAA,6BAAA;AACA,gBAAA;oBAAEC,IAAM,EAAA,uBAAA;oBAAyBF,MAAQ,EAAA;wBAAEG,OAAS,EAAA;AAAC,4BAAA;AAAoB;AAAC;AAAE;AAC7E;AACH;AACF,KAAA;AACA,IAAA;QACEN,MAAQ,EAAA,KAAA;QACRC,IAAM,EAAA,YAAA;QACNC,OAAS,EAAA,cAAA;QACTC,MAAQ,EAAA;YACNC,QAAU,EAAA;AACR,gBAAA,6BAAA;AACA,gBAAA;oBAAEC,IAAM,EAAA,uBAAA;oBAAyBF,MAAQ,EAAA;wBAAEG,OAAS,EAAA;AAAC,4BAAA;AAAoB;AAAC;AAAE;AAC7E;AACH;AACF,KAAA;AACA,IAAA;QACEN,MAAQ,EAAA,KAAA;QACRC,IAAM,EAAA,YAAA;QACNC,OAAS,EAAA,aAAA;QACTC,MAAQ,EAAA;YACNC,QAAU,EAAA;AACR,gBAAA,6BAAA;AACA,gBAAA;oBAAEC,IAAM,EAAA,uBAAA;oBAAyBF,MAAQ,EAAA;wBAAEG,OAAS,EAAA;AAAC,4BAAA;AAAsB;AAAC;AAAE;AAC/E;AACH;AACF,KAAA;AACA,IAAA;QACEN,MAAQ,EAAA,QAAA;QACRC,IAAM,EAAA,YAAA;QACNC,OAAS,EAAA,gBAAA;QACTC,MAAQ,EAAA;YACNC,QAAU,EAAA;AAAC,gBAAA;oBAAEC,IAAM,EAAA,uBAAA;oBAAyBF,MAAQ,EAAA;wBAAEG,OAAS,EAAA;AAAC,4BAAA;AAAsB;AAAC;AAAE;AAAE;AAC7F;AACF,KAAA;AACA,IAAA;QACEN,MAAQ,EAAA,MAAA;QACRC,IAAM,EAAA,qBAAA;QACNC,OAAS,EAAA,iBAAA;QACTC,MAAQ,EAAA;YACNC,QAAU,EAAA;AAAC,gBAAA;oBAAEC,IAAM,EAAA,uBAAA;oBAAyBF,MAAQ,EAAA;wBAAEG,OAAS,EAAA;AAAC,4BAAA;AAAsB;AAAC;AAAE;AAAE;AAC7F;AACF;CACD;;;;"}
1
+ {"version":3,"file":"users.mjs","sources":["../../../../../server/src/routes/users.ts"],"sourcesContent":["export default [\n {\n method: 'GET',\n path: '/users/me',\n handler: 'authenticated-user.getMe',\n config: {\n policies: ['admin::isAuthenticatedAdmin'],\n },\n },\n {\n method: 'PUT',\n path: '/users/me',\n handler: 'authenticated-user.updateMe',\n config: {\n policies: ['admin::isAuthenticatedAdmin'],\n },\n },\n {\n method: 'GET',\n path: '/users/me/permissions',\n handler: 'authenticated-user.getOwnPermissions',\n config: {\n policies: ['admin::isAuthenticatedAdmin'],\n },\n },\n {\n method: 'GET',\n path: '/users/me/ai-token',\n handler: 'authenticated-user.getAiToken',\n config: {\n policies: ['admin::isAuthenticatedAdmin'],\n },\n },\n {\n method: 'POST',\n path: '/users',\n handler: 'user.create',\n config: {\n policies: [\n 'admin::isAuthenticatedAdmin',\n { name: 'admin::hasPermissions', config: { actions: ['admin::users.create'] } },\n ],\n },\n },\n {\n method: 'GET',\n path: '/users',\n handler: 'user.find',\n config: {\n policies: [\n 'admin::isAuthenticatedAdmin',\n { name: 'admin::hasPermissions', config: { actions: ['admin::users.read'] } },\n ],\n },\n },\n {\n method: 'GET',\n path: '/users/:id',\n handler: 'user.findOne',\n config: {\n policies: [\n 'admin::isAuthenticatedAdmin',\n { name: 'admin::hasPermissions', config: { actions: ['admin::users.read'] } },\n ],\n },\n },\n {\n method: 'PUT',\n path: '/users/:id',\n handler: 'user.update',\n config: {\n policies: [\n 'admin::isAuthenticatedAdmin',\n { name: 'admin::hasPermissions', config: { actions: ['admin::users.update'] } },\n ],\n },\n },\n {\n method: 'DELETE',\n path: '/users/:id',\n handler: 'user.deleteOne',\n config: {\n policies: [{ name: 'admin::hasPermissions', config: { actions: ['admin::users.delete'] } }],\n },\n },\n {\n method: 'POST',\n path: '/users/batch-delete',\n handler: 'user.deleteMany',\n config: {\n policies: [{ name: 'admin::hasPermissions', config: { actions: ['admin::users.delete'] } }],\n },\n },\n];\n"],"names":["method","path","handler","config","policies","name","actions"],"mappings":"AAAA,YAAe;AACb,IAAA;QACEA,MAAQ,EAAA,KAAA;QACRC,IAAM,EAAA,WAAA;QACNC,OAAS,EAAA,0BAAA;QACTC,MAAQ,EAAA;YACNC,QAAU,EAAA;AAAC,gBAAA;AAA8B;AAC3C;AACF,KAAA;AACA,IAAA;QACEJ,MAAQ,EAAA,KAAA;QACRC,IAAM,EAAA,WAAA;QACNC,OAAS,EAAA,6BAAA;QACTC,MAAQ,EAAA;YACNC,QAAU,EAAA;AAAC,gBAAA;AAA8B;AAC3C;AACF,KAAA;AACA,IAAA;QACEJ,MAAQ,EAAA,KAAA;QACRC,IAAM,EAAA,uBAAA;QACNC,OAAS,EAAA,sCAAA;QACTC,MAAQ,EAAA;YACNC,QAAU,EAAA;AAAC,gBAAA;AAA8B;AAC3C;AACF,KAAA;AACA,IAAA;QACEJ,MAAQ,EAAA,KAAA;QACRC,IAAM,EAAA,oBAAA;QACNC,OAAS,EAAA,+BAAA;QACTC,MAAQ,EAAA;YACNC,QAAU,EAAA;AAAC,gBAAA;AAA8B;AAC3C;AACF,KAAA;AACA,IAAA;QACEJ,MAAQ,EAAA,MAAA;QACRC,IAAM,EAAA,QAAA;QACNC,OAAS,EAAA,aAAA;QACTC,MAAQ,EAAA;YACNC,QAAU,EAAA;AACR,gBAAA,6BAAA;AACA,gBAAA;oBAAEC,IAAM,EAAA,uBAAA;oBAAyBF,MAAQ,EAAA;wBAAEG,OAAS,EAAA;AAAC,4BAAA;AAAsB;AAAC;AAAE;AAC/E;AACH;AACF,KAAA;AACA,IAAA;QACEN,MAAQ,EAAA,KAAA;QACRC,IAAM,EAAA,QAAA;QACNC,OAAS,EAAA,WAAA;QACTC,MAAQ,EAAA;YACNC,QAAU,EAAA;AACR,gBAAA,6BAAA;AACA,gBAAA;oBAAEC,IAAM,EAAA,uBAAA;oBAAyBF,MAAQ,EAAA;wBAAEG,OAAS,EAAA;AAAC,4BAAA;AAAoB;AAAC;AAAE;AAC7E;AACH;AACF,KAAA;AACA,IAAA;QACEN,MAAQ,EAAA,KAAA;QACRC,IAAM,EAAA,YAAA;QACNC,OAAS,EAAA,cAAA;QACTC,MAAQ,EAAA;YACNC,QAAU,EAAA;AACR,gBAAA,6BAAA;AACA,gBAAA;oBAAEC,IAAM,EAAA,uBAAA;oBAAyBF,MAAQ,EAAA;wBAAEG,OAAS,EAAA;AAAC,4BAAA;AAAoB;AAAC;AAAE;AAC7E;AACH;AACF,KAAA;AACA,IAAA;QACEN,MAAQ,EAAA,KAAA;QACRC,IAAM,EAAA,YAAA;QACNC,OAAS,EAAA,aAAA;QACTC,MAAQ,EAAA;YACNC,QAAU,EAAA;AACR,gBAAA,6BAAA;AACA,gBAAA;oBAAEC,IAAM,EAAA,uBAAA;oBAAyBF,MAAQ,EAAA;wBAAEG,OAAS,EAAA;AAAC,4BAAA;AAAsB;AAAC;AAAE;AAC/E;AACH;AACF,KAAA;AACA,IAAA;QACEN,MAAQ,EAAA,QAAA;QACRC,IAAM,EAAA,YAAA;QACNC,OAAS,EAAA,gBAAA;QACTC,MAAQ,EAAA;YACNC,QAAU,EAAA;AAAC,gBAAA;oBAAEC,IAAM,EAAA,uBAAA;oBAAyBF,MAAQ,EAAA;wBAAEG,OAAS,EAAA;AAAC,4BAAA;AAAsB;AAAC;AAAE;AAAE;AAC7F;AACF,KAAA;AACA,IAAA;QACEN,MAAQ,EAAA,MAAA;QACRC,IAAM,EAAA,qBAAA;QACNC,OAAS,EAAA,iBAAA;QACTC,MAAQ,EAAA;YACNC,QAAU,EAAA;AAAC,gBAAA;oBAAEC,IAAM,EAAA,uBAAA;oBAAyBF,MAAQ,EAAA;wBAAEG,OAAS,EAAA;AAAC,4BAAA;AAAsB;AAAC;AAAE;AAAE;AAC7F;AACF;CACD;;;;"}
package/dist/server/server/src/services/user.js CHANGED
@@ -3,6 +3,9 @@
3
3
  var _ = require('lodash');
4
4
  var fp = require('lodash/fp');
5
5
  var utils = require('@strapi/utils');
6
+ var crypto = require('crypto');
7
+ var fs = require('fs');
8
+ var path = require('path');
6
9
  var user$1 = require('../domain/user.js');
7
10
  var commonValidators = require('../validation/common-validators.js');
8
11
  var index = require('../utils/index.js');
@@ -405,6 +408,114 @@ attributes)=>{
405
408
  });
406
409
  return users.map((user)=>user.preferedLanguage || 'en');
407
410
  };
411
+ /**
412
+ * Generate an AI token for the user performing the request
413
+ */ const getAiToken = async ()=>{
414
+ const ERROR_PREFIX = 'AI token request failed:';
415
+ // Check if EE features are enabled first
416
+ if (!strapi.ee?.isEE) {
417
+ strapi.log.error(`${ERROR_PREFIX} Enterprise Edition features are not enabled`);
418
+ throw new Error('AI token request failed. Check server logs for details.');
419
+ }
420
+ // Get the EE license
421
+ // First try environment variable, then try reading from file
422
+ let eeLicense = process.env.STRAPI_LICENSE;
423
+ if (!eeLicense) {
424
+ try {
425
+ const licensePath = path.join(strapi.dirs.app.root, 'license.txt');
426
+ eeLicense = fs.readFileSync(licensePath).toString();
427
+ } catch (error) {
428
+ // License file doesn't exist or can't be read
429
+ }
430
+ }
431
+ if (!eeLicense) {
432
+ strapi.log.error(`${ERROR_PREFIX} No EE license found. Please ensure STRAPI_LICENSE environment variable is set or license.txt file exists.`);
433
+ throw new Error('AI token request failed. Check server logs for details.');
434
+ }
435
+ const aiServerUrl = process.env.STRAPI_AI_URL || 'https://strapi-ai.apps.strapi.io';
436
+ if (!aiServerUrl) {
437
+ strapi.log.error(`${ERROR_PREFIX} AI server URL not configured. Please set STRAPI_AI_URL environment variable.`);
438
+ throw new Error('AI token request failed. Check server logs for details.');
439
+ }
440
+ // Create a secure user identifier using only user ID
441
+ const user = strapi.requestContext.get()?.state?.user;
442
+ if (!user) {
443
+ strapi.log.error(`${ERROR_PREFIX} No authenticated user in request context`);
444
+ throw new Error('AI token request failed. Check server logs for details.');
445
+ }
446
+ const userIdentifier = user.id.toString();
447
+ // Get project ID
448
+ const projectId = strapi.config.get('uuid');
449
+ if (!projectId) {
450
+ strapi.log.error(`${ERROR_PREFIX} Project ID not configured`);
451
+ throw new Error('AI token request failed. Check server logs for details.');
452
+ }
453
+ strapi.log.http('Contacting AI Server for token generation');
454
+ try {
455
+ // Call the AI server's getAiJWT endpoint
456
+ const response = await fetch(`${aiServerUrl}/auth/getAiJWT`, {
457
+ method: 'POST',
458
+ headers: {
459
+ 'Content-Type': 'application/json',
460
+ // No authorization header needed for public endpoint
461
+ // Add request ID for tracing
462
+ 'X-Request-Id': crypto.randomUUID()
463
+ },
464
+ body: JSON.stringify({
465
+ eeLicense,
466
+ userIdentifier,
467
+ projectId
468
+ })
469
+ });
470
+ if (!response.ok) {
471
+ let errorData;
472
+ let errorText;
473
+ try {
474
+ errorText = await response.text();
475
+ errorData = JSON.parse(errorText);
476
+ } catch {
477
+ errorData = {
478
+ error: errorText || 'Failed to parse error response'
479
+ };
480
+ }
481
+ strapi.log.error(`${ERROR_PREFIX} ${errorData?.error || 'Unknown error'}`, {
482
+ status: response.status,
483
+ statusText: response.statusText,
484
+ error: errorData,
485
+ errorText,
486
+ projectId
487
+ });
488
+ throw new Error('AI token request failed. Check server logs for details.');
489
+ }
490
+ let data;
491
+ try {
492
+ data = await response.json();
493
+ } catch (parseError) {
494
+ strapi.log.error(`${ERROR_PREFIX} Failed to parse AI server response`, parseError);
495
+ throw new Error('AI token request failed. Check server logs for details.');
496
+ }
497
+ if (!data.jwt) {
498
+ strapi.log.error(`${ERROR_PREFIX} Invalid response: missing JWT token`);
499
+ throw new Error('AI token request failed. Check server logs for details.');
500
+ }
501
+ strapi.log.info('AI token generated successfully', {
502
+ userId: user.id,
503
+ expiresAt: data.expiresAt
504
+ });
505
+ // Return the AI JWT with metadata
506
+ // Note: Token expires in 1 hour, client should handle refresh
507
+ return {
508
+ token: data.jwt,
509
+ expiresAt: data.expiresAt
510
+ };
511
+ } catch (fetchError) {
512
+ if (fetchError instanceof Error && fetchError.name === 'AbortError') {
513
+ strapi.log.error(`${ERROR_PREFIX} Request to AI server timed out`);
514
+ throw new Error('AI token request failed. Check server logs for details.');
515
+ }
516
+ throw fetchError;
517
+ }
518
+ };
408
519
  var user = {
409
520
  create,
410
521
  updateById,
@@ -423,7 +534,8 @@ var user = {
423
534
  displayWarningIfUsersDontHaveRole,
424
535
  resetPasswordByEmail,
425
536
  getLanguagesInUse,
426
- isFirstSuperAdminUser
537
+ isFirstSuperAdminUser,
538
+ getAiToken
427
539
  };
428
540
 
429
541
  module.exports = user;