@strapi/admin 5.27.0 → 5.28.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (81) hide show
  1. package/dist/admin/admin/src/components/DragLayer.js +67 -0
  2. package/dist/admin/admin/src/components/DragLayer.js.map +1 -0
  3. package/dist/admin/admin/src/components/DragLayer.mjs +64 -0
  4. package/dist/admin/admin/src/components/DragLayer.mjs.map +1 -0
  5. package/dist/admin/admin/src/components/GapDropZone.js +292 -0
  6. package/dist/admin/admin/src/components/GapDropZone.js.map +1 -0
  7. package/dist/admin/admin/src/components/GapDropZone.mjs +268 -0
  8. package/dist/admin/admin/src/components/GapDropZone.mjs.map +1 -0
  9. package/dist/admin/admin/src/components/ResizeIndicator.js +353 -0
  10. package/dist/admin/admin/src/components/ResizeIndicator.js.map +1 -0
  11. package/dist/admin/admin/src/components/ResizeIndicator.mjs +332 -0
  12. package/dist/admin/admin/src/components/ResizeIndicator.mjs.map +1 -0
  13. package/dist/admin/admin/src/components/WidgetRoot.js +216 -0
  14. package/dist/admin/admin/src/components/WidgetRoot.js.map +1 -0
  15. package/dist/admin/admin/src/components/WidgetRoot.mjs +195 -0
  16. package/dist/admin/admin/src/components/WidgetRoot.mjs.map +1 -0
  17. package/dist/admin/admin/src/features/Tracking.js.map +1 -1
  18. package/dist/admin/admin/src/features/Tracking.mjs.map +1 -1
  19. package/dist/admin/admin/src/features/Widgets.js +276 -0
  20. package/dist/admin/admin/src/features/Widgets.js.map +1 -0
  21. package/dist/admin/admin/src/features/Widgets.mjs +255 -0
  22. package/dist/admin/admin/src/features/Widgets.mjs.map +1 -0
  23. package/dist/admin/admin/src/hooks/useAPIErrorHandler.js +1 -1
  24. package/dist/admin/admin/src/hooks/useAPIErrorHandler.js.map +1 -1
  25. package/dist/admin/admin/src/hooks/useAPIErrorHandler.mjs +1 -1
  26. package/dist/admin/admin/src/hooks/useAPIErrorHandler.mjs.map +1 -1
  27. package/dist/admin/admin/src/pages/Home/HomePage.js +160 -91
  28. package/dist/admin/admin/src/pages/Home/HomePage.js.map +1 -1
  29. package/dist/admin/admin/src/pages/Home/HomePage.mjs +162 -93
  30. package/dist/admin/admin/src/pages/Home/HomePage.mjs.map +1 -1
  31. package/dist/admin/admin/src/pages/Home/components/AddWidgetModal.js +189 -0
  32. package/dist/admin/admin/src/pages/Home/components/AddWidgetModal.js.map +1 -0
  33. package/dist/admin/admin/src/pages/Home/components/AddWidgetModal.mjs +168 -0
  34. package/dist/admin/admin/src/pages/Home/components/AddWidgetModal.mjs.map +1 -0
  35. package/dist/admin/admin/src/services/homepage.js +11 -4
  36. package/dist/admin/admin/src/services/homepage.js.map +1 -1
  37. package/dist/admin/admin/src/services/homepage.mjs +11 -4
  38. package/dist/admin/admin/src/services/homepage.mjs.map +1 -1
  39. package/dist/admin/admin/src/translations/en.json.js +6 -1
  40. package/dist/admin/admin/src/translations/en.json.js.map +1 -1
  41. package/dist/admin/admin/src/translations/en.json.mjs +6 -1
  42. package/dist/admin/admin/src/translations/en.json.mjs.map +1 -1
  43. package/dist/admin/admin/src/translations/uk.json.js +9 -9
  44. package/dist/admin/admin/src/translations/uk.json.mjs +9 -9
  45. package/dist/admin/admin/src/utils/resizeHandlers.js +109 -0
  46. package/dist/admin/admin/src/utils/resizeHandlers.js.map +1 -0
  47. package/dist/admin/admin/src/utils/resizeHandlers.mjs +100 -0
  48. package/dist/admin/admin/src/utils/resizeHandlers.mjs.map +1 -0
  49. package/dist/admin/admin/src/utils/widgetLayout.js +293 -0
  50. package/dist/admin/admin/src/utils/widgetLayout.js.map +1 -0
  51. package/dist/admin/admin/src/utils/widgetLayout.mjs +273 -0
  52. package/dist/admin/admin/src/utils/widgetLayout.mjs.map +1 -0
  53. package/dist/admin/src/components/DragLayer.d.ts +8 -4
  54. package/dist/admin/src/components/GapDropZone.d.ts +36 -0
  55. package/dist/admin/src/components/ResizeIndicator.d.ts +12 -0
  56. package/dist/admin/src/components/WidgetRoot.d.ts +14 -0
  57. package/dist/admin/src/features/Tracking.d.ts +1 -1
  58. package/dist/admin/src/features/Widgets.d.ts +29 -0
  59. package/dist/admin/src/pages/Home/HomePage.d.ts +4 -5
  60. package/dist/admin/src/pages/Home/components/AddWidgetModal.d.ts +10 -0
  61. package/dist/admin/src/services/homepage.d.ts +3 -3
  62. package/dist/admin/src/utils/resizeHandlers.d.ts +58 -0
  63. package/dist/admin/src/utils/widgetLayout.d.ts +78 -0
  64. package/dist/ee/server/src/controllers/authentication-utils/middlewares.d.ts.map +1 -1
  65. package/dist/server/ee/server/src/controllers/authentication-utils/middlewares.js +4 -2
  66. package/dist/server/ee/server/src/controllers/authentication-utils/middlewares.js.map +1 -1
  67. package/dist/server/ee/server/src/controllers/authentication-utils/middlewares.mjs +4 -2
  68. package/dist/server/ee/server/src/controllers/authentication-utils/middlewares.mjs.map +1 -1
  69. package/dist/server/server/src/bootstrap.js +5 -0
  70. package/dist/server/server/src/bootstrap.js.map +1 -1
  71. package/dist/server/server/src/bootstrap.mjs +5 -0
  72. package/dist/server/server/src/bootstrap.mjs.map +1 -1
  73. package/dist/server/shared/utils/session-auth.js +4 -2
  74. package/dist/server/shared/utils/session-auth.js.map +1 -1
  75. package/dist/server/shared/utils/session-auth.mjs +4 -2
  76. package/dist/server/shared/utils/session-auth.mjs.map +1 -1
  77. package/dist/server/src/bootstrap.d.ts.map +1 -1
  78. package/dist/shared/contracts/homepage.d.ts +8 -4
  79. package/dist/shared/contracts/homepage.d.ts.map +1 -1
  80. package/dist/shared/utils/session-auth.d.ts.map +1 -1
  81. package/package.json +7 -7
package/dist/admin/src/utils/widgetLayout.d.ts ADDED
@@ -0,0 +1,78 @@
1
+ /**
2
+ *
3
+ * Comprehensive utilities for widget layout operations including sizing, positioning, and layout calculations.
4
+ *
5
+ * Constraints:
6
+ * - Maximum 3 widgets per row (since minimum widget width is 4 columns)
7
+ * - Widget widths are snapped to discrete values: 4 (1/3), 6 (1/2), 8 (2/3), 12 (3/3)
8
+ */
9
+ import type { Homepage } from '../../../shared/contracts/homepage';
10
+ import type { WidgetWithUID } from '../core/apis/Widgets';
11
+ export declare const WIDGET_SIZING: {
12
+ readonly TOTAL_COLUMNS: 12;
13
+ readonly MIN_WIDGET_WIDTH: 4;
14
+ readonly DISCRETE_SIZES: readonly [4, 6, 8, 12];
15
+ };
16
+ export declare const WIDGET_DATA_ATTRIBUTES: {
17
+ readonly WIDGET_ID: "data-strapi-widget-id";
18
+ readonly GRID_CONTAINER: "data-strapi-grid-container";
19
+ };
20
+ export declare const getWidgetElement: (uid: string) => HTMLElement | null;
21
+ export declare const getWidgetGridContainer: () => HTMLElement | null;
22
+ export interface WidgetRow {
23
+ widgets: WidgetWithUID[];
24
+ totalWidth: number;
25
+ startIndex: number;
26
+ endIndex: number;
27
+ }
28
+ /**
29
+ * Validates if a widget width is valid (within constraints)
30
+ */
31
+ export declare const isValidWidgetWidth: (width: number) => boolean;
32
+ /**
33
+ * Validates if a resize operation is allowed between two widgets
34
+ */
35
+ export declare const isValidResizeOperation: (leftWidth: number, rightWidth: number) => boolean;
36
+ /**
37
+ * Gets widget width with fallback to default value
38
+ */
39
+ export declare const getWidgetWidth: (columnWidths: Record<string, number>, widgetId: string | undefined, defaultWidth?: number) => number;
40
+ /**
41
+ * Calculates the current row structure from widgets and their widths
42
+ */
43
+ export declare const calculateWidgetRows: (widgets: WidgetWithUID[], columnWidths: Record<string, number>) => WidgetRow[];
44
+ /**
45
+ * Calculates optimal layout for a specific row based on widget count
46
+ * Only enforces constraints when necessary:
47
+ * - 1 widget in row: must be 3/3 (12 columns)
48
+ * - 3 widgets in row: must be 1/3+1/3+1/3 (4+4+4 columns)
49
+ * - 2 widgets in row: preserves existing proportions or uses 1/2+1/2
50
+ */
51
+ export declare const calculateOptimalLayoutForRow: (widgetsInRow: WidgetWithUID[], currentColumnWidths: Record<string, number>) => Record<string, number>;
52
+ export declare const moveWidgetInArray: (widgets: WidgetWithUID[], widgetId: string, insertIndex: number) => WidgetWithUID[];
53
+ export declare const findRowContainingWidget: (widgetRows: WidgetRow[], widgetId: string, widgets: WidgetWithUID[]) => WidgetRow | undefined;
54
+ export declare const resizeRowAfterRemoval: (row: WidgetRow | undefined, removedWidgetId: string, currentWidths: Record<string, number>) => Record<string, number>;
55
+ export declare const resizeRowAfterAddition: (row: WidgetRow | undefined, addedWidget: WidgetWithUID, insertIndex: number, currentWidths: Record<string, number>) => Record<string, number>;
56
+ export declare const isLastWidgetInRow: (widgetIndex: number, widgets: WidgetWithUID[], columnWidths: Record<string, number>) => boolean;
57
+ export declare const canResizeBetweenWidgets: (leftWidgetId: string, rightWidgetId: string, columnWidths: Record<string, number>, widgets: WidgetWithUID[]) => boolean;
58
+ /**
59
+ * Filters widgets to only include those present in the homepage layout
60
+ */
61
+ export declare const filterWidgetsByHomepageLayout: (widgets: WidgetWithUID[], homepageLayout: Homepage.Layout) => WidgetWithUID[];
62
+ /**
63
+ * Sorts widgets according to the homepage layout order
64
+ */
65
+ export declare const sortWidgetsByHomepageLayout: (widgets: WidgetWithUID[], homepageLayout: Homepage.Layout) => WidgetWithUID[];
66
+ /**
67
+ * Applies homepage layout to widgets (filters, sorts, and extracts widths)
68
+ */
69
+ export declare const applyHomepageLayout: (authorizedWidgets: WidgetWithUID[], homepageLayout: Homepage.Layout) => {
70
+ filteredWidgets: WidgetWithUID[];
71
+ widths: Record<string, number>;
72
+ };
73
+ /**
74
+ * Creates default widget widths based on widget count
75
+ * Even count: all widgets get width 6
76
+ * Odd count: all widgets get width 6 except the last one which gets width 12
77
+ */
78
+ export declare const createDefaultWidgetWidths: (widgets: WidgetWithUID[]) => Record<string, number>;
package/dist/ee/server/src/controllers/authentication-utils/middlewares.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"middlewares.d.ts","sourceRoot":"","sources":["../../../../../../ee/server/src/controllers/authentication-utils/middlewares.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;AAa1C,eAAO,MAAM,YAAY,EAAE,IAAI,CAAC,iBA0B/B,CAAC;AA4DF,eAAO,MAAM,gBAAgB,EAAE,IAAI,CAAC,iBAuDnC,CAAC;;;;;AAEF,wBAGE"}
1
+ {"version":3,"file":"middlewares.d.ts","sourceRoot":"","sources":["../../../../../../ee/server/src/controllers/authentication-utils/middlewares.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;AAa1C,eAAO,MAAM,YAAY,EAAE,IAAI,CAAC,iBA0B/B,CAAC;AA4DF,eAAO,MAAM,gBAAgB,EAAE,IAAI,CAAC,iBA0DnC,CAAC;;;;;AAEF,wBAGE"}
package/dist/server/ee/server/src/controllers/authentication-utils/middlewares.js CHANGED
@@ -108,11 +108,13 @@ const redirectWithAuth = async (ctx)=>{
108
108
  return ctx.redirect(redirectUrls.error);
109
109
  }
110
110
  const { token: accessToken } = accessResult;
111
- const isProduction = strapi.config.get('environment') === 'production';
111
+ const configuredSecure = strapi.config.get('admin.auth.cookie.secure');
112
+ const isProduction = process.env.NODE_ENV === 'production';
113
+ const isSecure = typeof configuredSecure === 'boolean' ? configuredSecure : isProduction;
112
114
  const domain = strapi.config.get('admin.auth.domain');
113
115
  ctx.cookies.set('jwtToken', accessToken, {
114
116
  httpOnly: false,
115
- secure: isProduction,
117
+ secure: isSecure,
116
118
  overwrite: true,
117
119
  domain
118
120
  });
package/dist/server/ee/server/src/controllers/authentication-utils/middlewares.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"middlewares.js","sources":["../../../../../../../ee/server/src/controllers/authentication-utils/middlewares.ts"],"sourcesContent":["import type { Core } from '@strapi/types';\nimport passport from 'koa-passport';\nimport { getService } from '../../utils';\nimport utils from './utils';\nimport {\n REFRESH_COOKIE_NAME,\n buildCookieOptionsWithExpiry,\n getSessionManager,\n generateDeviceId,\n} from '../../../../../shared/utils/session-auth';\n\nconst defaultConnectionError = () => new Error('Invalid connection payload');\n\nexport const authenticate: Core.MiddlewareHandler = async (ctx, next) => {\n const {\n params: { provider },\n } = ctx;\n const redirectUrls = utils.getPrefixedRedirectUrls();\n\n // @ts-expect-error - can not use null to authenticate\n return passport.authenticate(provider, null, async (error, profile) => {\n if (error || !profile || !profile.email) {\n if (error) {\n strapi.log.error(error);\n }\n\n strapi.eventHub.emit('admin.auth.error', {\n error: error || defaultConnectionError(),\n provider,\n });\n\n return ctx.redirect(redirectUrls.error);\n }\n\n const user = await getService('user').findOneByEmail(profile.email);\n const scenario = user ? existingUserScenario : nonExistingUserScenario;\n\n return scenario(ctx, next)(user || profile, provider);\n })(ctx, next);\n};\n\nconst existingUserScenario: Core.MiddlewareHandler =\n (ctx, next) => async (user: any, provider: any) => {\n const redirectUrls = utils.getPrefixedRedirectUrls();\n\n if (!user.isActive) {\n strapi.eventHub.emit('admin.auth.error', {\n error: new Error(`Deactivated user tried to login (${user.id})`),\n provider,\n });\n return ctx.redirect(redirectUrls.error);\n }\n\n ctx.state.user = user;\n return next();\n };\n\nconst nonExistingUserScenario: Core.MiddlewareHandler =\n (ctx, next) => async (profile: any, provider: any) => {\n const { email, firstname, lastname, username } = profile;\n const redirectUrls = utils.getPrefixedRedirectUrls();\n const adminStore = await utils.getAdminStore();\n const { providers } = (await adminStore.get({ key: 'auth' })) as any;\n\n // We need at least the username or the firstname/lastname combination to register a new user\n const isMissingRegisterFields = !username && (!firstname || !lastname);\n\n if (!providers.autoRegister || !providers.defaultRole || isMissingRegisterFields) {\n strapi.eventHub.emit('admin.auth.error', { error: defaultConnectionError(), provider });\n return ctx.redirect(redirectUrls.error);\n }\n\n const defaultRole = await getService('role').findOne({ id: providers.defaultRole });\n\n // If the default role has been misconfigured, redirect with an error\n if (!defaultRole) {\n strapi.eventHub.emit('admin.auth.error', { error: defaultConnectionError(), provider });\n return ctx.redirect(redirectUrls.error);\n }\n\n // Register a new user with the information given by the provider and login with it\n ctx.state.user = await getService('user').create({\n email,\n username,\n firstname,\n lastname,\n roles: [defaultRole.id],\n isActive: true,\n registrationToken: null,\n });\n\n strapi.eventHub.emit('admin.auth.autoRegistration', {\n user: ctx.state.user,\n provider,\n });\n\n return next();\n };\n\nexport const redirectWithAuth: Core.MiddlewareHandler = async (ctx) => {\n const {\n params: { provider },\n } = ctx;\n const redirectUrls = utils.getPrefixedRedirectUrls();\n const { user } = ctx.state;\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n strapi.log.error('SessionManager not available for SSO authentication');\n return ctx.redirect(redirectUrls.error);\n }\n\n const userId = String(user.id);\n const deviceId = generateDeviceId();\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, {\n type: 'refresh',\n });\n\n const cookieOptions = buildCookieOptionsWithExpiry('refresh', absoluteExpiresAt);\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n strapi.log.error('Failed to generate access token for SSO user');\n return ctx.redirect(redirectUrls.error);\n }\n\n const { token: accessToken } = accessResult;\n\n const isProduction = strapi.config.get('environment') === 'production';\n const domain: string | undefined = strapi.config.get('admin.auth.domain');\n ctx.cookies.set('jwtToken', accessToken, {\n httpOnly: false,\n secure: isProduction,\n overwrite: true,\n domain,\n });\n\n const sanitizedUser = getService('user').sanitizeUser(user);\n strapi.eventHub.emit('admin.auth.success', { user: sanitizedUser, provider });\n\n ctx.redirect(redirectUrls.success);\n } catch (error) {\n strapi.log.error('SSO authentication failed during token generation', error);\n strapi.eventHub.emit('admin.auth.error', {\n error: error instanceof Error ? error : new Error('Unknown SSO error'),\n provider,\n });\n return ctx.redirect(redirectUrls.error);\n }\n};\n\nexport default {\n authenticate,\n redirectWithAuth,\n};\n"],"names":["defaultConnectionError","Error","authenticate","ctx","next","params","provider","redirectUrls","utils","getPrefixedRedirectUrls","passport","error","profile","email","strapi","log","eventHub","emit","redirect","user","getService","findOneByEmail","scenario","existingUserScenario","nonExistingUserScenario","isActive","id","state","firstname","lastname","username","adminStore","getAdminStore","providers","get","key","isMissingRegisterFields","autoRegister","defaultRole","findOne","create","roles","registrationToken","redirectWithAuth","sessionManager","getSessionManager","userId","String","deviceId","generateDeviceId","token","refreshToken","absoluteExpiresAt","generateRefreshToken","type","cookieOptions","buildCookieOptionsWithExpiry","cookies","set","REFRESH_COOKIE_NAME","accessResult","generateAccessToken","accessToken","isProduction","config","domain","httpOnly","secure","overwrite","sanitizedUser","sanitizeUser","success"],"mappings":";;;;;;;;;AAWA,MAAMA,sBAAAA,GAAyB,IAAM,IAAIC,KAAM,CAAA,4BAAA,CAAA;AAExC,MAAMC,YAAuC,GAAA,OAAOC,GAAKC,EAAAA,IAAAA,GAAAA;AAC9D,IAAA,MAAM,EACJC,MAAQ,EAAA,EAAEC,QAAQ,EAAE,EACrB,GAAGH,GAAAA;IACJ,MAAMI,YAAAA,GAAeC,cAAMC,uBAAuB,EAAA;;AAGlD,IAAA,OAAOC,SAASR,YAAY,CAACI,QAAU,EAAA,IAAA,EAAM,OAAOK,KAAOC,EAAAA,OAAAA,GAAAA;AACzD,QAAA,IAAID,SAAS,CAACC,OAAAA,IAAW,CAACA,OAAAA,CAAQC,KAAK,EAAE;AACvC,YAAA,IAAIF,KAAO,EAAA;gBACTG,MAAOC,CAAAA,GAAG,CAACJ,KAAK,CAACA,KAAAA,CAAAA;AACnB;AAEAG,YAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;AACvCN,gBAAAA,KAAAA,EAAOA,KAASX,IAAAA,sBAAAA,EAAAA;AAChBM,gBAAAA;AACF,aAAA,CAAA;AAEA,YAAA,OAAOH,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;AAEA,QAAA,MAAMQ,OAAO,MAAMC,gBAAAA,CAAW,QAAQC,cAAc,CAACT,QAAQC,KAAK,CAAA;QAClE,MAAMS,QAAAA,GAAWH,OAAOI,oBAAuBC,GAAAA,uBAAAA;AAE/C,QAAA,OAAOF,QAASnB,CAAAA,GAAAA,EAAKC,IAAMe,CAAAA,CAAAA,IAAAA,IAAQP,OAASN,EAAAA,QAAAA,CAAAA;AAC9C,KAAA,CAAA,CAAGH,GAAKC,EAAAA,IAAAA,CAAAA;AACV;AAEA,MAAMmB,oBACJ,GAAA,CAACpB,GAAKC,EAAAA,IAAAA,GAAS,OAAOe,IAAWb,EAAAA,QAAAA,GAAAA;QAC/B,MAAMC,YAAAA,GAAeC,cAAMC,uBAAuB,EAAA;QAElD,IAAI,CAACU,IAAKM,CAAAA,QAAQ,EAAE;AAClBX,YAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;gBACvCN,KAAO,EAAA,IAAIV,MAAM,CAAC,iCAAiC,EAAEkB,IAAKO,CAAAA,EAAE,CAAC,CAAC,CAAC,CAAA;AAC/DpB,gBAAAA;AACF,aAAA,CAAA;AACA,YAAA,OAAOH,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;QAEAR,GAAIwB,CAAAA,KAAK,CAACR,IAAI,GAAGA,IAAAA;QACjB,OAAOf,IAAAA,EAAAA;AACT,KAAA;AAEF,MAAMoB,uBACJ,GAAA,CAACrB,GAAKC,EAAAA,IAAAA,GAAS,OAAOQ,OAAcN,EAAAA,QAAAA,GAAAA;QAClC,MAAM,EAAEO,KAAK,EAAEe,SAAS,EAAEC,QAAQ,EAAEC,QAAQ,EAAE,GAAGlB,OAAAA;QACjD,MAAML,YAAAA,GAAeC,cAAMC,uBAAuB,EAAA;QAClD,MAAMsB,UAAAA,GAAa,MAAMvB,aAAAA,CAAMwB,aAAa,EAAA;AAC5C,QAAA,MAAM,EAAEC,SAAS,EAAE,GAAI,MAAMF,UAAAA,CAAWG,GAAG,CAAC;YAAEC,GAAK,EAAA;AAAO,SAAA,CAAA;;AAG1D,QAAA,MAAMC,0BAA0B,CAACN,QAAAA,KAAa,CAACF,SAAAA,IAAa,CAACC,QAAO,CAAA;QAEpE,IAAI,CAACI,UAAUI,YAAY,IAAI,CAACJ,SAAUK,CAAAA,WAAW,IAAIF,uBAAyB,EAAA;AAChFtB,YAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;gBAAEN,KAAOX,EAAAA,sBAAAA,EAAAA;AAA0BM,gBAAAA;AAAS,aAAA,CAAA;AACrF,YAAA,OAAOH,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;AAEA,QAAA,MAAM2B,WAAc,GAAA,MAAMlB,gBAAW,CAAA,MAAA,CAAA,CAAQmB,OAAO,CAAC;AAAEb,YAAAA,EAAAA,EAAIO,UAAUK;AAAY,SAAA,CAAA;;AAGjF,QAAA,IAAI,CAACA,WAAa,EAAA;AAChBxB,YAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;gBAAEN,KAAOX,EAAAA,sBAAAA,EAAAA;AAA0BM,gBAAAA;AAAS,aAAA,CAAA;AACrF,YAAA,OAAOH,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;;QAGAR,GAAIwB,CAAAA,KAAK,CAACR,IAAI,GAAG,MAAMC,gBAAW,CAAA,MAAA,CAAA,CAAQoB,MAAM,CAAC;AAC/C3B,YAAAA,KAAAA;AACAiB,YAAAA,QAAAA;AACAF,YAAAA,SAAAA;AACAC,YAAAA,QAAAA;YACAY,KAAO,EAAA;AAACH,gBAAAA,WAAAA,CAAYZ;AAAG,aAAA;YACvBD,QAAU,EAAA,IAAA;YACViB,iBAAmB,EAAA;AACrB,SAAA,CAAA;AAEA5B,QAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,6BAA+B,EAAA;YAClDE,IAAMhB,EAAAA,GAAAA,CAAIwB,KAAK,CAACR,IAAI;AACpBb,YAAAA;AACF,SAAA,CAAA;QAEA,OAAOF,IAAAA,EAAAA;AACT,KAAA;AAEK,MAAMuC,mBAA2C,OAAOxC,GAAAA,GAAAA;AAC7D,IAAA,MAAM,EACJE,MAAQ,EAAA,EAAEC,QAAQ,EAAE,EACrB,GAAGH,GAAAA;IACJ,MAAMI,YAAAA,GAAeC,cAAMC,uBAAuB,EAAA;AAClD,IAAA,MAAM,EAAEU,IAAI,EAAE,GAAGhB,IAAIwB,KAAK;IAE1B,IAAI;AACF,QAAA,MAAMiB,cAAiBC,GAAAA,6BAAAA,EAAAA;AACvB,QAAA,IAAI,CAACD,cAAgB,EAAA;YACnB9B,MAAOC,CAAAA,GAAG,CAACJ,KAAK,CAAC,qDAAA,CAAA;AACjB,YAAA,OAAOR,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;QAEA,MAAMmC,MAAAA,GAASC,MAAO5B,CAAAA,IAAAA,CAAKO,EAAE,CAAA;AAC7B,QAAA,MAAMsB,QAAWC,GAAAA,4BAAAA,EAAAA;AAEjB,QAAA,MAAM,EAAEC,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMR,cACvD,CAAA,OAAA,CAAA,CACAS,oBAAoB,CAACP,QAAQE,QAAU,EAAA;YACvCM,IAAM,EAAA;AACR,SAAA,CAAA;QAEA,MAAMC,aAAAA,GAAgBC,yCAA6B,SAAWJ,EAAAA,iBAAAA,CAAAA;AAC9DjD,QAAAA,GAAAA,CAAIsD,OAAO,CAACC,GAAG,CAACC,iCAAqBR,YAAcI,EAAAA,aAAAA,CAAAA;AAEnD,QAAA,MAAMK,YAAe,GAAA,MAAMhB,cAAe,CAAA,OAAA,CAAA,CAASiB,mBAAmB,CAACV,YAAAA,CAAAA;AACvE,QAAA,IAAI,WAAWS,YAAc,EAAA;YAC3B9C,MAAOC,CAAAA,GAAG,CAACJ,KAAK,CAAC,8CAAA,CAAA;AACjB,YAAA,OAAOR,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;AAEA,QAAA,MAAM,EAAEuC,KAAAA,EAAOY,WAAW,EAAE,GAAGF,YAAAA;AAE/B,QAAA,MAAMG,eAAejD,MAAOkD,CAAAA,MAAM,CAAC9B,GAAG,CAAC,aAAmB,CAAA,KAAA,YAAA;AAC1D,QAAA,MAAM+B,MAA6BnD,GAAAA,MAAAA,CAAOkD,MAAM,CAAC9B,GAAG,CAAC,mBAAA,CAAA;AACrD/B,QAAAA,GAAAA,CAAIsD,OAAO,CAACC,GAAG,CAAC,YAAYI,WAAa,EAAA;YACvCI,QAAU,EAAA,KAAA;YACVC,MAAQJ,EAAAA,YAAAA;YACRK,SAAW,EAAA,IAAA;AACXH,YAAAA;AACF,SAAA,CAAA;AAEA,QAAA,MAAMI,aAAgBjD,GAAAA,gBAAAA,CAAW,MAAQkD,CAAAA,CAAAA,YAAY,CAACnD,IAAAA,CAAAA;AACtDL,QAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,oBAAsB,EAAA;YAAEE,IAAMkD,EAAAA,aAAAA;AAAe/D,YAAAA;AAAS,SAAA,CAAA;QAE3EH,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAagE,OAAO,CAAA;AACnC,KAAA,CAAE,OAAO5D,KAAO,EAAA;AACdG,QAAAA,MAAAA,CAAOC,GAAG,CAACJ,KAAK,CAAC,mDAAqDA,EAAAA,KAAAA,CAAAA;AACtEG,QAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;AACvCN,YAAAA,KAAAA,EAAOA,KAAiBV,YAAAA,KAAAA,GAAQU,KAAQ,GAAA,IAAIV,KAAM,CAAA,mBAAA,CAAA;AAClDK,YAAAA;AACF,SAAA,CAAA;AACA,QAAA,OAAOH,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;AACF;AAEA,kBAAe;AACbT,IAAAA,YAAAA;AACAyC,IAAAA;AACF,CAAE;;;;;;"}
1
+ {"version":3,"file":"middlewares.js","sources":["../../../../../../../ee/server/src/controllers/authentication-utils/middlewares.ts"],"sourcesContent":["import type { Core } from '@strapi/types';\nimport passport from 'koa-passport';\nimport { getService } from '../../utils';\nimport utils from './utils';\nimport {\n REFRESH_COOKIE_NAME,\n buildCookieOptionsWithExpiry,\n getSessionManager,\n generateDeviceId,\n} from '../../../../../shared/utils/session-auth';\n\nconst defaultConnectionError = () => new Error('Invalid connection payload');\n\nexport const authenticate: Core.MiddlewareHandler = async (ctx, next) => {\n const {\n params: { provider },\n } = ctx;\n const redirectUrls = utils.getPrefixedRedirectUrls();\n\n // @ts-expect-error - can not use null to authenticate\n return passport.authenticate(provider, null, async (error, profile) => {\n if (error || !profile || !profile.email) {\n if (error) {\n strapi.log.error(error);\n }\n\n strapi.eventHub.emit('admin.auth.error', {\n error: error || defaultConnectionError(),\n provider,\n });\n\n return ctx.redirect(redirectUrls.error);\n }\n\n const user = await getService('user').findOneByEmail(profile.email);\n const scenario = user ? existingUserScenario : nonExistingUserScenario;\n\n return scenario(ctx, next)(user || profile, provider);\n })(ctx, next);\n};\n\nconst existingUserScenario: Core.MiddlewareHandler =\n (ctx, next) => async (user: any, provider: any) => {\n const redirectUrls = utils.getPrefixedRedirectUrls();\n\n if (!user.isActive) {\n strapi.eventHub.emit('admin.auth.error', {\n error: new Error(`Deactivated user tried to login (${user.id})`),\n provider,\n });\n return ctx.redirect(redirectUrls.error);\n }\n\n ctx.state.user = user;\n return next();\n };\n\nconst nonExistingUserScenario: Core.MiddlewareHandler =\n (ctx, next) => async (profile: any, provider: any) => {\n const { email, firstname, lastname, username } = profile;\n const redirectUrls = utils.getPrefixedRedirectUrls();\n const adminStore = await utils.getAdminStore();\n const { providers } = (await adminStore.get({ key: 'auth' })) as any;\n\n // We need at least the username or the firstname/lastname combination to register a new user\n const isMissingRegisterFields = !username && (!firstname || !lastname);\n\n if (!providers.autoRegister || !providers.defaultRole || isMissingRegisterFields) {\n strapi.eventHub.emit('admin.auth.error', { error: defaultConnectionError(), provider });\n return ctx.redirect(redirectUrls.error);\n }\n\n const defaultRole = await getService('role').findOne({ id: providers.defaultRole });\n\n // If the default role has been misconfigured, redirect with an error\n if (!defaultRole) {\n strapi.eventHub.emit('admin.auth.error', { error: defaultConnectionError(), provider });\n return ctx.redirect(redirectUrls.error);\n }\n\n // Register a new user with the information given by the provider and login with it\n ctx.state.user = await getService('user').create({\n email,\n username,\n firstname,\n lastname,\n roles: [defaultRole.id],\n isActive: true,\n registrationToken: null,\n });\n\n strapi.eventHub.emit('admin.auth.autoRegistration', {\n user: ctx.state.user,\n provider,\n });\n\n return next();\n };\n\nexport const redirectWithAuth: Core.MiddlewareHandler = async (ctx) => {\n const {\n params: { provider },\n } = ctx;\n const redirectUrls = utils.getPrefixedRedirectUrls();\n const { user } = ctx.state;\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n strapi.log.error('SessionManager not available for SSO authentication');\n return ctx.redirect(redirectUrls.error);\n }\n\n const userId = String(user.id);\n const deviceId = generateDeviceId();\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, {\n type: 'refresh',\n });\n\n const cookieOptions = buildCookieOptionsWithExpiry('refresh', absoluteExpiresAt);\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n strapi.log.error('Failed to generate access token for SSO user');\n return ctx.redirect(redirectUrls.error);\n }\n\n const { token: accessToken } = accessResult;\n\n const configuredSecure = strapi.config.get('admin.auth.cookie.secure');\n const isProduction = process.env.NODE_ENV === 'production';\n const isSecure = typeof configuredSecure === 'boolean' ? configuredSecure : isProduction;\n\n const domain: string | undefined = strapi.config.get('admin.auth.domain');\n ctx.cookies.set('jwtToken', accessToken, {\n httpOnly: false,\n secure: isSecure,\n overwrite: true,\n domain,\n });\n\n const sanitizedUser = getService('user').sanitizeUser(user);\n strapi.eventHub.emit('admin.auth.success', { user: sanitizedUser, provider });\n\n ctx.redirect(redirectUrls.success);\n } catch (error) {\n strapi.log.error('SSO authentication failed during token generation', error);\n strapi.eventHub.emit('admin.auth.error', {\n error: error instanceof Error ? error : new Error('Unknown SSO error'),\n provider,\n });\n return ctx.redirect(redirectUrls.error);\n }\n};\n\nexport default {\n authenticate,\n redirectWithAuth,\n};\n"],"names":["defaultConnectionError","Error","authenticate","ctx","next","params","provider","redirectUrls","utils","getPrefixedRedirectUrls","passport","error","profile","email","strapi","log","eventHub","emit","redirect","user","getService","findOneByEmail","scenario","existingUserScenario","nonExistingUserScenario","isActive","id","state","firstname","lastname","username","adminStore","getAdminStore","providers","get","key","isMissingRegisterFields","autoRegister","defaultRole","findOne","create","roles","registrationToken","redirectWithAuth","sessionManager","getSessionManager","userId","String","deviceId","generateDeviceId","token","refreshToken","absoluteExpiresAt","generateRefreshToken","type","cookieOptions","buildCookieOptionsWithExpiry","cookies","set","REFRESH_COOKIE_NAME","accessResult","generateAccessToken","accessToken","configuredSecure","config","isProduction","process","env","NODE_ENV","isSecure","domain","httpOnly","secure","overwrite","sanitizedUser","sanitizeUser","success"],"mappings":";;;;;;;;;AAWA,MAAMA,sBAAAA,GAAyB,IAAM,IAAIC,KAAM,CAAA,4BAAA,CAAA;AAExC,MAAMC,YAAuC,GAAA,OAAOC,GAAKC,EAAAA,IAAAA,GAAAA;AAC9D,IAAA,MAAM,EACJC,MAAQ,EAAA,EAAEC,QAAQ,EAAE,EACrB,GAAGH,GAAAA;IACJ,MAAMI,YAAAA,GAAeC,cAAMC,uBAAuB,EAAA;;AAGlD,IAAA,OAAOC,SAASR,YAAY,CAACI,QAAU,EAAA,IAAA,EAAM,OAAOK,KAAOC,EAAAA,OAAAA,GAAAA;AACzD,QAAA,IAAID,SAAS,CAACC,OAAAA,IAAW,CAACA,OAAAA,CAAQC,KAAK,EAAE;AACvC,YAAA,IAAIF,KAAO,EAAA;gBACTG,MAAOC,CAAAA,GAAG,CAACJ,KAAK,CAACA,KAAAA,CAAAA;AACnB;AAEAG,YAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;AACvCN,gBAAAA,KAAAA,EAAOA,KAASX,IAAAA,sBAAAA,EAAAA;AAChBM,gBAAAA;AACF,aAAA,CAAA;AAEA,YAAA,OAAOH,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;AAEA,QAAA,MAAMQ,OAAO,MAAMC,gBAAAA,CAAW,QAAQC,cAAc,CAACT,QAAQC,KAAK,CAAA;QAClE,MAAMS,QAAAA,GAAWH,OAAOI,oBAAuBC,GAAAA,uBAAAA;AAE/C,QAAA,OAAOF,QAASnB,CAAAA,GAAAA,EAAKC,IAAMe,CAAAA,CAAAA,IAAAA,IAAQP,OAASN,EAAAA,QAAAA,CAAAA;AAC9C,KAAA,CAAA,CAAGH,GAAKC,EAAAA,IAAAA,CAAAA;AACV;AAEA,MAAMmB,oBACJ,GAAA,CAACpB,GAAKC,EAAAA,IAAAA,GAAS,OAAOe,IAAWb,EAAAA,QAAAA,GAAAA;QAC/B,MAAMC,YAAAA,GAAeC,cAAMC,uBAAuB,EAAA;QAElD,IAAI,CAACU,IAAKM,CAAAA,QAAQ,EAAE;AAClBX,YAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;gBACvCN,KAAO,EAAA,IAAIV,MAAM,CAAC,iCAAiC,EAAEkB,IAAKO,CAAAA,EAAE,CAAC,CAAC,CAAC,CAAA;AAC/DpB,gBAAAA;AACF,aAAA,CAAA;AACA,YAAA,OAAOH,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;QAEAR,GAAIwB,CAAAA,KAAK,CAACR,IAAI,GAAGA,IAAAA;QACjB,OAAOf,IAAAA,EAAAA;AACT,KAAA;AAEF,MAAMoB,uBACJ,GAAA,CAACrB,GAAKC,EAAAA,IAAAA,GAAS,OAAOQ,OAAcN,EAAAA,QAAAA,GAAAA;QAClC,MAAM,EAAEO,KAAK,EAAEe,SAAS,EAAEC,QAAQ,EAAEC,QAAQ,EAAE,GAAGlB,OAAAA;QACjD,MAAML,YAAAA,GAAeC,cAAMC,uBAAuB,EAAA;QAClD,MAAMsB,UAAAA,GAAa,MAAMvB,aAAAA,CAAMwB,aAAa,EAAA;AAC5C,QAAA,MAAM,EAAEC,SAAS,EAAE,GAAI,MAAMF,UAAAA,CAAWG,GAAG,CAAC;YAAEC,GAAK,EAAA;AAAO,SAAA,CAAA;;AAG1D,QAAA,MAAMC,0BAA0B,CAACN,QAAAA,KAAa,CAACF,SAAAA,IAAa,CAACC,QAAO,CAAA;QAEpE,IAAI,CAACI,UAAUI,YAAY,IAAI,CAACJ,SAAUK,CAAAA,WAAW,IAAIF,uBAAyB,EAAA;AAChFtB,YAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;gBAAEN,KAAOX,EAAAA,sBAAAA,EAAAA;AAA0BM,gBAAAA;AAAS,aAAA,CAAA;AACrF,YAAA,OAAOH,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;AAEA,QAAA,MAAM2B,WAAc,GAAA,MAAMlB,gBAAW,CAAA,MAAA,CAAA,CAAQmB,OAAO,CAAC;AAAEb,YAAAA,EAAAA,EAAIO,UAAUK;AAAY,SAAA,CAAA;;AAGjF,QAAA,IAAI,CAACA,WAAa,EAAA;AAChBxB,YAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;gBAAEN,KAAOX,EAAAA,sBAAAA,EAAAA;AAA0BM,gBAAAA;AAAS,aAAA,CAAA;AACrF,YAAA,OAAOH,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;;QAGAR,GAAIwB,CAAAA,KAAK,CAACR,IAAI,GAAG,MAAMC,gBAAW,CAAA,MAAA,CAAA,CAAQoB,MAAM,CAAC;AAC/C3B,YAAAA,KAAAA;AACAiB,YAAAA,QAAAA;AACAF,YAAAA,SAAAA;AACAC,YAAAA,QAAAA;YACAY,KAAO,EAAA;AAACH,gBAAAA,WAAAA,CAAYZ;AAAG,aAAA;YACvBD,QAAU,EAAA,IAAA;YACViB,iBAAmB,EAAA;AACrB,SAAA,CAAA;AAEA5B,QAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,6BAA+B,EAAA;YAClDE,IAAMhB,EAAAA,GAAAA,CAAIwB,KAAK,CAACR,IAAI;AACpBb,YAAAA;AACF,SAAA,CAAA;QAEA,OAAOF,IAAAA,EAAAA;AACT,KAAA;AAEK,MAAMuC,mBAA2C,OAAOxC,GAAAA,GAAAA;AAC7D,IAAA,MAAM,EACJE,MAAQ,EAAA,EAAEC,QAAQ,EAAE,EACrB,GAAGH,GAAAA;IACJ,MAAMI,YAAAA,GAAeC,cAAMC,uBAAuB,EAAA;AAClD,IAAA,MAAM,EAAEU,IAAI,EAAE,GAAGhB,IAAIwB,KAAK;IAE1B,IAAI;AACF,QAAA,MAAMiB,cAAiBC,GAAAA,6BAAAA,EAAAA;AACvB,QAAA,IAAI,CAACD,cAAgB,EAAA;YACnB9B,MAAOC,CAAAA,GAAG,CAACJ,KAAK,CAAC,qDAAA,CAAA;AACjB,YAAA,OAAOR,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;QAEA,MAAMmC,MAAAA,GAASC,MAAO5B,CAAAA,IAAAA,CAAKO,EAAE,CAAA;AAC7B,QAAA,MAAMsB,QAAWC,GAAAA,4BAAAA,EAAAA;AAEjB,QAAA,MAAM,EAAEC,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMR,cACvD,CAAA,OAAA,CAAA,CACAS,oBAAoB,CAACP,QAAQE,QAAU,EAAA;YACvCM,IAAM,EAAA;AACR,SAAA,CAAA;QAEA,MAAMC,aAAAA,GAAgBC,yCAA6B,SAAWJ,EAAAA,iBAAAA,CAAAA;AAC9DjD,QAAAA,GAAAA,CAAIsD,OAAO,CAACC,GAAG,CAACC,iCAAqBR,YAAcI,EAAAA,aAAAA,CAAAA;AAEnD,QAAA,MAAMK,YAAe,GAAA,MAAMhB,cAAe,CAAA,OAAA,CAAA,CAASiB,mBAAmB,CAACV,YAAAA,CAAAA;AACvE,QAAA,IAAI,WAAWS,YAAc,EAAA;YAC3B9C,MAAOC,CAAAA,GAAG,CAACJ,KAAK,CAAC,8CAAA,CAAA;AACjB,YAAA,OAAOR,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;AAEA,QAAA,MAAM,EAAEuC,KAAAA,EAAOY,WAAW,EAAE,GAAGF,YAAAA;AAE/B,QAAA,MAAMG,gBAAmBjD,GAAAA,MAAAA,CAAOkD,MAAM,CAAC9B,GAAG,CAAC,0BAAA,CAAA;AAC3C,QAAA,MAAM+B,YAAeC,GAAAA,OAAAA,CAAQC,GAAG,CAACC,QAAQ,KAAK,YAAA;AAC9C,QAAA,MAAMC,QAAW,GAAA,OAAON,gBAAqB,KAAA,SAAA,GAAYA,gBAAmBE,GAAAA,YAAAA;AAE5E,QAAA,MAAMK,MAA6BxD,GAAAA,MAAAA,CAAOkD,MAAM,CAAC9B,GAAG,CAAC,mBAAA,CAAA;AACrD/B,QAAAA,GAAAA,CAAIsD,OAAO,CAACC,GAAG,CAAC,YAAYI,WAAa,EAAA;YACvCS,QAAU,EAAA,KAAA;YACVC,MAAQH,EAAAA,QAAAA;YACRI,SAAW,EAAA,IAAA;AACXH,YAAAA;AACF,SAAA,CAAA;AAEA,QAAA,MAAMI,aAAgBtD,GAAAA,gBAAAA,CAAW,MAAQuD,CAAAA,CAAAA,YAAY,CAACxD,IAAAA,CAAAA;AACtDL,QAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,oBAAsB,EAAA;YAAEE,IAAMuD,EAAAA,aAAAA;AAAepE,YAAAA;AAAS,SAAA,CAAA;QAE3EH,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaqE,OAAO,CAAA;AACnC,KAAA,CAAE,OAAOjE,KAAO,EAAA;AACdG,QAAAA,MAAAA,CAAOC,GAAG,CAACJ,KAAK,CAAC,mDAAqDA,EAAAA,KAAAA,CAAAA;AACtEG,QAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;AACvCN,YAAAA,KAAAA,EAAOA,KAAiBV,YAAAA,KAAAA,GAAQU,KAAQ,GAAA,IAAIV,KAAM,CAAA,mBAAA,CAAA;AAClDK,YAAAA;AACF,SAAA,CAAA;AACA,QAAA,OAAOH,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;AACF;AAEA,kBAAe;AACbT,IAAAA,YAAAA;AACAyC,IAAAA;AACF,CAAE;;;;;;"}
package/dist/server/ee/server/src/controllers/authentication-utils/middlewares.mjs CHANGED
@@ -104,11 +104,13 @@ const redirectWithAuth = async (ctx)=>{
104
104
  return ctx.redirect(redirectUrls.error);
105
105
  }
106
106
  const { token: accessToken } = accessResult;
107
- const isProduction = strapi.config.get('environment') === 'production';
107
+ const configuredSecure = strapi.config.get('admin.auth.cookie.secure');
108
+ const isProduction = process.env.NODE_ENV === 'production';
109
+ const isSecure = typeof configuredSecure === 'boolean' ? configuredSecure : isProduction;
108
110
  const domain = strapi.config.get('admin.auth.domain');
109
111
  ctx.cookies.set('jwtToken', accessToken, {
110
112
  httpOnly: false,
111
- secure: isProduction,
113
+ secure: isSecure,
112
114
  overwrite: true,
113
115
  domain
114
116
  });
package/dist/server/ee/server/src/controllers/authentication-utils/middlewares.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"middlewares.mjs","sources":["../../../../../../../ee/server/src/controllers/authentication-utils/middlewares.ts"],"sourcesContent":["import type { Core } from '@strapi/types';\nimport passport from 'koa-passport';\nimport { getService } from '../../utils';\nimport utils from './utils';\nimport {\n REFRESH_COOKIE_NAME,\n buildCookieOptionsWithExpiry,\n getSessionManager,\n generateDeviceId,\n} from '../../../../../shared/utils/session-auth';\n\nconst defaultConnectionError = () => new Error('Invalid connection payload');\n\nexport const authenticate: Core.MiddlewareHandler = async (ctx, next) => {\n const {\n params: { provider },\n } = ctx;\n const redirectUrls = utils.getPrefixedRedirectUrls();\n\n // @ts-expect-error - can not use null to authenticate\n return passport.authenticate(provider, null, async (error, profile) => {\n if (error || !profile || !profile.email) {\n if (error) {\n strapi.log.error(error);\n }\n\n strapi.eventHub.emit('admin.auth.error', {\n error: error || defaultConnectionError(),\n provider,\n });\n\n return ctx.redirect(redirectUrls.error);\n }\n\n const user = await getService('user').findOneByEmail(profile.email);\n const scenario = user ? existingUserScenario : nonExistingUserScenario;\n\n return scenario(ctx, next)(user || profile, provider);\n })(ctx, next);\n};\n\nconst existingUserScenario: Core.MiddlewareHandler =\n (ctx, next) => async (user: any, provider: any) => {\n const redirectUrls = utils.getPrefixedRedirectUrls();\n\n if (!user.isActive) {\n strapi.eventHub.emit('admin.auth.error', {\n error: new Error(`Deactivated user tried to login (${user.id})`),\n provider,\n });\n return ctx.redirect(redirectUrls.error);\n }\n\n ctx.state.user = user;\n return next();\n };\n\nconst nonExistingUserScenario: Core.MiddlewareHandler =\n (ctx, next) => async (profile: any, provider: any) => {\n const { email, firstname, lastname, username } = profile;\n const redirectUrls = utils.getPrefixedRedirectUrls();\n const adminStore = await utils.getAdminStore();\n const { providers } = (await adminStore.get({ key: 'auth' })) as any;\n\n // We need at least the username or the firstname/lastname combination to register a new user\n const isMissingRegisterFields = !username && (!firstname || !lastname);\n\n if (!providers.autoRegister || !providers.defaultRole || isMissingRegisterFields) {\n strapi.eventHub.emit('admin.auth.error', { error: defaultConnectionError(), provider });\n return ctx.redirect(redirectUrls.error);\n }\n\n const defaultRole = await getService('role').findOne({ id: providers.defaultRole });\n\n // If the default role has been misconfigured, redirect with an error\n if (!defaultRole) {\n strapi.eventHub.emit('admin.auth.error', { error: defaultConnectionError(), provider });\n return ctx.redirect(redirectUrls.error);\n }\n\n // Register a new user with the information given by the provider and login with it\n ctx.state.user = await getService('user').create({\n email,\n username,\n firstname,\n lastname,\n roles: [defaultRole.id],\n isActive: true,\n registrationToken: null,\n });\n\n strapi.eventHub.emit('admin.auth.autoRegistration', {\n user: ctx.state.user,\n provider,\n });\n\n return next();\n };\n\nexport const redirectWithAuth: Core.MiddlewareHandler = async (ctx) => {\n const {\n params: { provider },\n } = ctx;\n const redirectUrls = utils.getPrefixedRedirectUrls();\n const { user } = ctx.state;\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n strapi.log.error('SessionManager not available for SSO authentication');\n return ctx.redirect(redirectUrls.error);\n }\n\n const userId = String(user.id);\n const deviceId = generateDeviceId();\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, {\n type: 'refresh',\n });\n\n const cookieOptions = buildCookieOptionsWithExpiry('refresh', absoluteExpiresAt);\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n strapi.log.error('Failed to generate access token for SSO user');\n return ctx.redirect(redirectUrls.error);\n }\n\n const { token: accessToken } = accessResult;\n\n const isProduction = strapi.config.get('environment') === 'production';\n const domain: string | undefined = strapi.config.get('admin.auth.domain');\n ctx.cookies.set('jwtToken', accessToken, {\n httpOnly: false,\n secure: isProduction,\n overwrite: true,\n domain,\n });\n\n const sanitizedUser = getService('user').sanitizeUser(user);\n strapi.eventHub.emit('admin.auth.success', { user: sanitizedUser, provider });\n\n ctx.redirect(redirectUrls.success);\n } catch (error) {\n strapi.log.error('SSO authentication failed during token generation', error);\n strapi.eventHub.emit('admin.auth.error', {\n error: error instanceof Error ? error : new Error('Unknown SSO error'),\n provider,\n });\n return ctx.redirect(redirectUrls.error);\n }\n};\n\nexport default {\n authenticate,\n redirectWithAuth,\n};\n"],"names":["defaultConnectionError","Error","authenticate","ctx","next","params","provider","redirectUrls","utils","getPrefixedRedirectUrls","passport","error","profile","email","strapi","log","eventHub","emit","redirect","user","getService","findOneByEmail","scenario","existingUserScenario","nonExistingUserScenario","isActive","id","state","firstname","lastname","username","adminStore","getAdminStore","providers","get","key","isMissingRegisterFields","autoRegister","defaultRole","findOne","create","roles","registrationToken","redirectWithAuth","sessionManager","getSessionManager","userId","String","deviceId","generateDeviceId","token","refreshToken","absoluteExpiresAt","generateRefreshToken","type","cookieOptions","buildCookieOptionsWithExpiry","cookies","set","REFRESH_COOKIE_NAME","accessResult","generateAccessToken","accessToken","isProduction","config","domain","httpOnly","secure","overwrite","sanitizedUser","sanitizeUser","success"],"mappings":";;;;;AAWA,MAAMA,sBAAAA,GAAyB,IAAM,IAAIC,KAAM,CAAA,4BAAA,CAAA;AAExC,MAAMC,YAAuC,GAAA,OAAOC,GAAKC,EAAAA,IAAAA,GAAAA;AAC9D,IAAA,MAAM,EACJC,MAAQ,EAAA,EAAEC,QAAQ,EAAE,EACrB,GAAGH,GAAAA;IACJ,MAAMI,YAAAA,GAAeC,MAAMC,uBAAuB,EAAA;;AAGlD,IAAA,OAAOC,SAASR,YAAY,CAACI,QAAU,EAAA,IAAA,EAAM,OAAOK,KAAOC,EAAAA,OAAAA,GAAAA;AACzD,QAAA,IAAID,SAAS,CAACC,OAAAA,IAAW,CAACA,OAAAA,CAAQC,KAAK,EAAE;AACvC,YAAA,IAAIF,KAAO,EAAA;gBACTG,MAAOC,CAAAA,GAAG,CAACJ,KAAK,CAACA,KAAAA,CAAAA;AACnB;AAEAG,YAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;AACvCN,gBAAAA,KAAAA,EAAOA,KAASX,IAAAA,sBAAAA,EAAAA;AAChBM,gBAAAA;AACF,aAAA,CAAA;AAEA,YAAA,OAAOH,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;AAEA,QAAA,MAAMQ,OAAO,MAAMC,UAAAA,CAAW,QAAQC,cAAc,CAACT,QAAQC,KAAK,CAAA;QAClE,MAAMS,QAAAA,GAAWH,OAAOI,oBAAuBC,GAAAA,uBAAAA;AAE/C,QAAA,OAAOF,QAASnB,CAAAA,GAAAA,EAAKC,IAAMe,CAAAA,CAAAA,IAAAA,IAAQP,OAASN,EAAAA,QAAAA,CAAAA;AAC9C,KAAA,CAAA,CAAGH,GAAKC,EAAAA,IAAAA,CAAAA;AACV;AAEA,MAAMmB,oBACJ,GAAA,CAACpB,GAAKC,EAAAA,IAAAA,GAAS,OAAOe,IAAWb,EAAAA,QAAAA,GAAAA;QAC/B,MAAMC,YAAAA,GAAeC,MAAMC,uBAAuB,EAAA;QAElD,IAAI,CAACU,IAAKM,CAAAA,QAAQ,EAAE;AAClBX,YAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;gBACvCN,KAAO,EAAA,IAAIV,MAAM,CAAC,iCAAiC,EAAEkB,IAAKO,CAAAA,EAAE,CAAC,CAAC,CAAC,CAAA;AAC/DpB,gBAAAA;AACF,aAAA,CAAA;AACA,YAAA,OAAOH,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;QAEAR,GAAIwB,CAAAA,KAAK,CAACR,IAAI,GAAGA,IAAAA;QACjB,OAAOf,IAAAA,EAAAA;AACT,KAAA;AAEF,MAAMoB,uBACJ,GAAA,CAACrB,GAAKC,EAAAA,IAAAA,GAAS,OAAOQ,OAAcN,EAAAA,QAAAA,GAAAA;QAClC,MAAM,EAAEO,KAAK,EAAEe,SAAS,EAAEC,QAAQ,EAAEC,QAAQ,EAAE,GAAGlB,OAAAA;QACjD,MAAML,YAAAA,GAAeC,MAAMC,uBAAuB,EAAA;QAClD,MAAMsB,UAAAA,GAAa,MAAMvB,KAAAA,CAAMwB,aAAa,EAAA;AAC5C,QAAA,MAAM,EAAEC,SAAS,EAAE,GAAI,MAAMF,UAAAA,CAAWG,GAAG,CAAC;YAAEC,GAAK,EAAA;AAAO,SAAA,CAAA;;AAG1D,QAAA,MAAMC,0BAA0B,CAACN,QAAAA,KAAa,CAACF,SAAAA,IAAa,CAACC,QAAO,CAAA;QAEpE,IAAI,CAACI,UAAUI,YAAY,IAAI,CAACJ,SAAUK,CAAAA,WAAW,IAAIF,uBAAyB,EAAA;AAChFtB,YAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;gBAAEN,KAAOX,EAAAA,sBAAAA,EAAAA;AAA0BM,gBAAAA;AAAS,aAAA,CAAA;AACrF,YAAA,OAAOH,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;AAEA,QAAA,MAAM2B,WAAc,GAAA,MAAMlB,UAAW,CAAA,MAAA,CAAA,CAAQmB,OAAO,CAAC;AAAEb,YAAAA,EAAAA,EAAIO,UAAUK;AAAY,SAAA,CAAA;;AAGjF,QAAA,IAAI,CAACA,WAAa,EAAA;AAChBxB,YAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;gBAAEN,KAAOX,EAAAA,sBAAAA,EAAAA;AAA0BM,gBAAAA;AAAS,aAAA,CAAA;AACrF,YAAA,OAAOH,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;;QAGAR,GAAIwB,CAAAA,KAAK,CAACR,IAAI,GAAG,MAAMC,UAAW,CAAA,MAAA,CAAA,CAAQoB,MAAM,CAAC;AAC/C3B,YAAAA,KAAAA;AACAiB,YAAAA,QAAAA;AACAF,YAAAA,SAAAA;AACAC,YAAAA,QAAAA;YACAY,KAAO,EAAA;AAACH,gBAAAA,WAAAA,CAAYZ;AAAG,aAAA;YACvBD,QAAU,EAAA,IAAA;YACViB,iBAAmB,EAAA;AACrB,SAAA,CAAA;AAEA5B,QAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,6BAA+B,EAAA;YAClDE,IAAMhB,EAAAA,GAAAA,CAAIwB,KAAK,CAACR,IAAI;AACpBb,YAAAA;AACF,SAAA,CAAA;QAEA,OAAOF,IAAAA,EAAAA;AACT,KAAA;AAEK,MAAMuC,mBAA2C,OAAOxC,GAAAA,GAAAA;AAC7D,IAAA,MAAM,EACJE,MAAQ,EAAA,EAAEC,QAAQ,EAAE,EACrB,GAAGH,GAAAA;IACJ,MAAMI,YAAAA,GAAeC,MAAMC,uBAAuB,EAAA;AAClD,IAAA,MAAM,EAAEU,IAAI,EAAE,GAAGhB,IAAIwB,KAAK;IAE1B,IAAI;AACF,QAAA,MAAMiB,cAAiBC,GAAAA,iBAAAA,EAAAA;AACvB,QAAA,IAAI,CAACD,cAAgB,EAAA;YACnB9B,MAAOC,CAAAA,GAAG,CAACJ,KAAK,CAAC,qDAAA,CAAA;AACjB,YAAA,OAAOR,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;QAEA,MAAMmC,MAAAA,GAASC,MAAO5B,CAAAA,IAAAA,CAAKO,EAAE,CAAA;AAC7B,QAAA,MAAMsB,QAAWC,GAAAA,gBAAAA,EAAAA;AAEjB,QAAA,MAAM,EAAEC,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMR,cACvD,CAAA,OAAA,CAAA,CACAS,oBAAoB,CAACP,QAAQE,QAAU,EAAA;YACvCM,IAAM,EAAA;AACR,SAAA,CAAA;QAEA,MAAMC,aAAAA,GAAgBC,6BAA6B,SAAWJ,EAAAA,iBAAAA,CAAAA;AAC9DjD,QAAAA,GAAAA,CAAIsD,OAAO,CAACC,GAAG,CAACC,qBAAqBR,YAAcI,EAAAA,aAAAA,CAAAA;AAEnD,QAAA,MAAMK,YAAe,GAAA,MAAMhB,cAAe,CAAA,OAAA,CAAA,CAASiB,mBAAmB,CAACV,YAAAA,CAAAA;AACvE,QAAA,IAAI,WAAWS,YAAc,EAAA;YAC3B9C,MAAOC,CAAAA,GAAG,CAACJ,KAAK,CAAC,8CAAA,CAAA;AACjB,YAAA,OAAOR,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;AAEA,QAAA,MAAM,EAAEuC,KAAAA,EAAOY,WAAW,EAAE,GAAGF,YAAAA;AAE/B,QAAA,MAAMG,eAAejD,MAAOkD,CAAAA,MAAM,CAAC9B,GAAG,CAAC,aAAmB,CAAA,KAAA,YAAA;AAC1D,QAAA,MAAM+B,MAA6BnD,GAAAA,MAAAA,CAAOkD,MAAM,CAAC9B,GAAG,CAAC,mBAAA,CAAA;AACrD/B,QAAAA,GAAAA,CAAIsD,OAAO,CAACC,GAAG,CAAC,YAAYI,WAAa,EAAA;YACvCI,QAAU,EAAA,KAAA;YACVC,MAAQJ,EAAAA,YAAAA;YACRK,SAAW,EAAA,IAAA;AACXH,YAAAA;AACF,SAAA,CAAA;AAEA,QAAA,MAAMI,aAAgBjD,GAAAA,UAAAA,CAAW,MAAQkD,CAAAA,CAAAA,YAAY,CAACnD,IAAAA,CAAAA;AACtDL,QAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,oBAAsB,EAAA;YAAEE,IAAMkD,EAAAA,aAAAA;AAAe/D,YAAAA;AAAS,SAAA,CAAA;QAE3EH,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAagE,OAAO,CAAA;AACnC,KAAA,CAAE,OAAO5D,KAAO,EAAA;AACdG,QAAAA,MAAAA,CAAOC,GAAG,CAACJ,KAAK,CAAC,mDAAqDA,EAAAA,KAAAA,CAAAA;AACtEG,QAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;AACvCN,YAAAA,KAAAA,EAAOA,KAAiBV,YAAAA,KAAAA,GAAQU,KAAQ,GAAA,IAAIV,KAAM,CAAA,mBAAA,CAAA;AAClDK,YAAAA;AACF,SAAA,CAAA;AACA,QAAA,OAAOH,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;AACF;AAEA,kBAAe;AACbT,IAAAA,YAAAA;AACAyC,IAAAA;AACF,CAAE;;;;"}
1
+ {"version":3,"file":"middlewares.mjs","sources":["../../../../../../../ee/server/src/controllers/authentication-utils/middlewares.ts"],"sourcesContent":["import type { Core } from '@strapi/types';\nimport passport from 'koa-passport';\nimport { getService } from '../../utils';\nimport utils from './utils';\nimport {\n REFRESH_COOKIE_NAME,\n buildCookieOptionsWithExpiry,\n getSessionManager,\n generateDeviceId,\n} from '../../../../../shared/utils/session-auth';\n\nconst defaultConnectionError = () => new Error('Invalid connection payload');\n\nexport const authenticate: Core.MiddlewareHandler = async (ctx, next) => {\n const {\n params: { provider },\n } = ctx;\n const redirectUrls = utils.getPrefixedRedirectUrls();\n\n // @ts-expect-error - can not use null to authenticate\n return passport.authenticate(provider, null, async (error, profile) => {\n if (error || !profile || !profile.email) {\n if (error) {\n strapi.log.error(error);\n }\n\n strapi.eventHub.emit('admin.auth.error', {\n error: error || defaultConnectionError(),\n provider,\n });\n\n return ctx.redirect(redirectUrls.error);\n }\n\n const user = await getService('user').findOneByEmail(profile.email);\n const scenario = user ? existingUserScenario : nonExistingUserScenario;\n\n return scenario(ctx, next)(user || profile, provider);\n })(ctx, next);\n};\n\nconst existingUserScenario: Core.MiddlewareHandler =\n (ctx, next) => async (user: any, provider: any) => {\n const redirectUrls = utils.getPrefixedRedirectUrls();\n\n if (!user.isActive) {\n strapi.eventHub.emit('admin.auth.error', {\n error: new Error(`Deactivated user tried to login (${user.id})`),\n provider,\n });\n return ctx.redirect(redirectUrls.error);\n }\n\n ctx.state.user = user;\n return next();\n };\n\nconst nonExistingUserScenario: Core.MiddlewareHandler =\n (ctx, next) => async (profile: any, provider: any) => {\n const { email, firstname, lastname, username } = profile;\n const redirectUrls = utils.getPrefixedRedirectUrls();\n const adminStore = await utils.getAdminStore();\n const { providers } = (await adminStore.get({ key: 'auth' })) as any;\n\n // We need at least the username or the firstname/lastname combination to register a new user\n const isMissingRegisterFields = !username && (!firstname || !lastname);\n\n if (!providers.autoRegister || !providers.defaultRole || isMissingRegisterFields) {\n strapi.eventHub.emit('admin.auth.error', { error: defaultConnectionError(), provider });\n return ctx.redirect(redirectUrls.error);\n }\n\n const defaultRole = await getService('role').findOne({ id: providers.defaultRole });\n\n // If the default role has been misconfigured, redirect with an error\n if (!defaultRole) {\n strapi.eventHub.emit('admin.auth.error', { error: defaultConnectionError(), provider });\n return ctx.redirect(redirectUrls.error);\n }\n\n // Register a new user with the information given by the provider and login with it\n ctx.state.user = await getService('user').create({\n email,\n username,\n firstname,\n lastname,\n roles: [defaultRole.id],\n isActive: true,\n registrationToken: null,\n });\n\n strapi.eventHub.emit('admin.auth.autoRegistration', {\n user: ctx.state.user,\n provider,\n });\n\n return next();\n };\n\nexport const redirectWithAuth: Core.MiddlewareHandler = async (ctx) => {\n const {\n params: { provider },\n } = ctx;\n const redirectUrls = utils.getPrefixedRedirectUrls();\n const { user } = ctx.state;\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n strapi.log.error('SessionManager not available for SSO authentication');\n return ctx.redirect(redirectUrls.error);\n }\n\n const userId = String(user.id);\n const deviceId = generateDeviceId();\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, {\n type: 'refresh',\n });\n\n const cookieOptions = buildCookieOptionsWithExpiry('refresh', absoluteExpiresAt);\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n strapi.log.error('Failed to generate access token for SSO user');\n return ctx.redirect(redirectUrls.error);\n }\n\n const { token: accessToken } = accessResult;\n\n const configuredSecure = strapi.config.get('admin.auth.cookie.secure');\n const isProduction = process.env.NODE_ENV === 'production';\n const isSecure = typeof configuredSecure === 'boolean' ? configuredSecure : isProduction;\n\n const domain: string | undefined = strapi.config.get('admin.auth.domain');\n ctx.cookies.set('jwtToken', accessToken, {\n httpOnly: false,\n secure: isSecure,\n overwrite: true,\n domain,\n });\n\n const sanitizedUser = getService('user').sanitizeUser(user);\n strapi.eventHub.emit('admin.auth.success', { user: sanitizedUser, provider });\n\n ctx.redirect(redirectUrls.success);\n } catch (error) {\n strapi.log.error('SSO authentication failed during token generation', error);\n strapi.eventHub.emit('admin.auth.error', {\n error: error instanceof Error ? error : new Error('Unknown SSO error'),\n provider,\n });\n return ctx.redirect(redirectUrls.error);\n }\n};\n\nexport default {\n authenticate,\n redirectWithAuth,\n};\n"],"names":["defaultConnectionError","Error","authenticate","ctx","next","params","provider","redirectUrls","utils","getPrefixedRedirectUrls","passport","error","profile","email","strapi","log","eventHub","emit","redirect","user","getService","findOneByEmail","scenario","existingUserScenario","nonExistingUserScenario","isActive","id","state","firstname","lastname","username","adminStore","getAdminStore","providers","get","key","isMissingRegisterFields","autoRegister","defaultRole","findOne","create","roles","registrationToken","redirectWithAuth","sessionManager","getSessionManager","userId","String","deviceId","generateDeviceId","token","refreshToken","absoluteExpiresAt","generateRefreshToken","type","cookieOptions","buildCookieOptionsWithExpiry","cookies","set","REFRESH_COOKIE_NAME","accessResult","generateAccessToken","accessToken","configuredSecure","config","isProduction","process","env","NODE_ENV","isSecure","domain","httpOnly","secure","overwrite","sanitizedUser","sanitizeUser","success"],"mappings":";;;;;AAWA,MAAMA,sBAAAA,GAAyB,IAAM,IAAIC,KAAM,CAAA,4BAAA,CAAA;AAExC,MAAMC,YAAuC,GAAA,OAAOC,GAAKC,EAAAA,IAAAA,GAAAA;AAC9D,IAAA,MAAM,EACJC,MAAQ,EAAA,EAAEC,QAAQ,EAAE,EACrB,GAAGH,GAAAA;IACJ,MAAMI,YAAAA,GAAeC,MAAMC,uBAAuB,EAAA;;AAGlD,IAAA,OAAOC,SAASR,YAAY,CAACI,QAAU,EAAA,IAAA,EAAM,OAAOK,KAAOC,EAAAA,OAAAA,GAAAA;AACzD,QAAA,IAAID,SAAS,CAACC,OAAAA,IAAW,CAACA,OAAAA,CAAQC,KAAK,EAAE;AACvC,YAAA,IAAIF,KAAO,EAAA;gBACTG,MAAOC,CAAAA,GAAG,CAACJ,KAAK,CAACA,KAAAA,CAAAA;AACnB;AAEAG,YAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;AACvCN,gBAAAA,KAAAA,EAAOA,KAASX,IAAAA,sBAAAA,EAAAA;AAChBM,gBAAAA;AACF,aAAA,CAAA;AAEA,YAAA,OAAOH,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;AAEA,QAAA,MAAMQ,OAAO,MAAMC,UAAAA,CAAW,QAAQC,cAAc,CAACT,QAAQC,KAAK,CAAA;QAClE,MAAMS,QAAAA,GAAWH,OAAOI,oBAAuBC,GAAAA,uBAAAA;AAE/C,QAAA,OAAOF,QAASnB,CAAAA,GAAAA,EAAKC,IAAMe,CAAAA,CAAAA,IAAAA,IAAQP,OAASN,EAAAA,QAAAA,CAAAA;AAC9C,KAAA,CAAA,CAAGH,GAAKC,EAAAA,IAAAA,CAAAA;AACV;AAEA,MAAMmB,oBACJ,GAAA,CAACpB,GAAKC,EAAAA,IAAAA,GAAS,OAAOe,IAAWb,EAAAA,QAAAA,GAAAA;QAC/B,MAAMC,YAAAA,GAAeC,MAAMC,uBAAuB,EAAA;QAElD,IAAI,CAACU,IAAKM,CAAAA,QAAQ,EAAE;AAClBX,YAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;gBACvCN,KAAO,EAAA,IAAIV,MAAM,CAAC,iCAAiC,EAAEkB,IAAKO,CAAAA,EAAE,CAAC,CAAC,CAAC,CAAA;AAC/DpB,gBAAAA;AACF,aAAA,CAAA;AACA,YAAA,OAAOH,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;QAEAR,GAAIwB,CAAAA,KAAK,CAACR,IAAI,GAAGA,IAAAA;QACjB,OAAOf,IAAAA,EAAAA;AACT,KAAA;AAEF,MAAMoB,uBACJ,GAAA,CAACrB,GAAKC,EAAAA,IAAAA,GAAS,OAAOQ,OAAcN,EAAAA,QAAAA,GAAAA;QAClC,MAAM,EAAEO,KAAK,EAAEe,SAAS,EAAEC,QAAQ,EAAEC,QAAQ,EAAE,GAAGlB,OAAAA;QACjD,MAAML,YAAAA,GAAeC,MAAMC,uBAAuB,EAAA;QAClD,MAAMsB,UAAAA,GAAa,MAAMvB,KAAAA,CAAMwB,aAAa,EAAA;AAC5C,QAAA,MAAM,EAAEC,SAAS,EAAE,GAAI,MAAMF,UAAAA,CAAWG,GAAG,CAAC;YAAEC,GAAK,EAAA;AAAO,SAAA,CAAA;;AAG1D,QAAA,MAAMC,0BAA0B,CAACN,QAAAA,KAAa,CAACF,SAAAA,IAAa,CAACC,QAAO,CAAA;QAEpE,IAAI,CAACI,UAAUI,YAAY,IAAI,CAACJ,SAAUK,CAAAA,WAAW,IAAIF,uBAAyB,EAAA;AAChFtB,YAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;gBAAEN,KAAOX,EAAAA,sBAAAA,EAAAA;AAA0BM,gBAAAA;AAAS,aAAA,CAAA;AACrF,YAAA,OAAOH,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;AAEA,QAAA,MAAM2B,WAAc,GAAA,MAAMlB,UAAW,CAAA,MAAA,CAAA,CAAQmB,OAAO,CAAC;AAAEb,YAAAA,EAAAA,EAAIO,UAAUK;AAAY,SAAA,CAAA;;AAGjF,QAAA,IAAI,CAACA,WAAa,EAAA;AAChBxB,YAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;gBAAEN,KAAOX,EAAAA,sBAAAA,EAAAA;AAA0BM,gBAAAA;AAAS,aAAA,CAAA;AACrF,YAAA,OAAOH,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;;QAGAR,GAAIwB,CAAAA,KAAK,CAACR,IAAI,GAAG,MAAMC,UAAW,CAAA,MAAA,CAAA,CAAQoB,MAAM,CAAC;AAC/C3B,YAAAA,KAAAA;AACAiB,YAAAA,QAAAA;AACAF,YAAAA,SAAAA;AACAC,YAAAA,QAAAA;YACAY,KAAO,EAAA;AAACH,gBAAAA,WAAAA,CAAYZ;AAAG,aAAA;YACvBD,QAAU,EAAA,IAAA;YACViB,iBAAmB,EAAA;AACrB,SAAA,CAAA;AAEA5B,QAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,6BAA+B,EAAA;YAClDE,IAAMhB,EAAAA,GAAAA,CAAIwB,KAAK,CAACR,IAAI;AACpBb,YAAAA;AACF,SAAA,CAAA;QAEA,OAAOF,IAAAA,EAAAA;AACT,KAAA;AAEK,MAAMuC,mBAA2C,OAAOxC,GAAAA,GAAAA;AAC7D,IAAA,MAAM,EACJE,MAAQ,EAAA,EAAEC,QAAQ,EAAE,EACrB,GAAGH,GAAAA;IACJ,MAAMI,YAAAA,GAAeC,MAAMC,uBAAuB,EAAA;AAClD,IAAA,MAAM,EAAEU,IAAI,EAAE,GAAGhB,IAAIwB,KAAK;IAE1B,IAAI;AACF,QAAA,MAAMiB,cAAiBC,GAAAA,iBAAAA,EAAAA;AACvB,QAAA,IAAI,CAACD,cAAgB,EAAA;YACnB9B,MAAOC,CAAAA,GAAG,CAACJ,KAAK,CAAC,qDAAA,CAAA;AACjB,YAAA,OAAOR,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;QAEA,MAAMmC,MAAAA,GAASC,MAAO5B,CAAAA,IAAAA,CAAKO,EAAE,CAAA;AAC7B,QAAA,MAAMsB,QAAWC,GAAAA,gBAAAA,EAAAA;AAEjB,QAAA,MAAM,EAAEC,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMR,cACvD,CAAA,OAAA,CAAA,CACAS,oBAAoB,CAACP,QAAQE,QAAU,EAAA;YACvCM,IAAM,EAAA;AACR,SAAA,CAAA;QAEA,MAAMC,aAAAA,GAAgBC,6BAA6B,SAAWJ,EAAAA,iBAAAA,CAAAA;AAC9DjD,QAAAA,GAAAA,CAAIsD,OAAO,CAACC,GAAG,CAACC,qBAAqBR,YAAcI,EAAAA,aAAAA,CAAAA;AAEnD,QAAA,MAAMK,YAAe,GAAA,MAAMhB,cAAe,CAAA,OAAA,CAAA,CAASiB,mBAAmB,CAACV,YAAAA,CAAAA;AACvE,QAAA,IAAI,WAAWS,YAAc,EAAA;YAC3B9C,MAAOC,CAAAA,GAAG,CAACJ,KAAK,CAAC,8CAAA,CAAA;AACjB,YAAA,OAAOR,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;AAEA,QAAA,MAAM,EAAEuC,KAAAA,EAAOY,WAAW,EAAE,GAAGF,YAAAA;AAE/B,QAAA,MAAMG,gBAAmBjD,GAAAA,MAAAA,CAAOkD,MAAM,CAAC9B,GAAG,CAAC,0BAAA,CAAA;AAC3C,QAAA,MAAM+B,YAAeC,GAAAA,OAAAA,CAAQC,GAAG,CAACC,QAAQ,KAAK,YAAA;AAC9C,QAAA,MAAMC,QAAW,GAAA,OAAON,gBAAqB,KAAA,SAAA,GAAYA,gBAAmBE,GAAAA,YAAAA;AAE5E,QAAA,MAAMK,MAA6BxD,GAAAA,MAAAA,CAAOkD,MAAM,CAAC9B,GAAG,CAAC,mBAAA,CAAA;AACrD/B,QAAAA,GAAAA,CAAIsD,OAAO,CAACC,GAAG,CAAC,YAAYI,WAAa,EAAA;YACvCS,QAAU,EAAA,KAAA;YACVC,MAAQH,EAAAA,QAAAA;YACRI,SAAW,EAAA,IAAA;AACXH,YAAAA;AACF,SAAA,CAAA;AAEA,QAAA,MAAMI,aAAgBtD,GAAAA,UAAAA,CAAW,MAAQuD,CAAAA,CAAAA,YAAY,CAACxD,IAAAA,CAAAA;AACtDL,QAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,oBAAsB,EAAA;YAAEE,IAAMuD,EAAAA,aAAAA;AAAepE,YAAAA;AAAS,SAAA,CAAA;QAE3EH,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaqE,OAAO,CAAA;AACnC,KAAA,CAAE,OAAOjE,KAAO,EAAA;AACdG,QAAAA,MAAAA,CAAOC,GAAG,CAACJ,KAAK,CAAC,mDAAqDA,EAAAA,KAAAA,CAAAA;AACtEG,QAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;AACvCN,YAAAA,KAAAA,EAAOA,KAAiBV,YAAAA,KAAAA,GAAQU,KAAQ,GAAA,IAAIV,KAAM,CAAA,mBAAA,CAAA;AAClDK,YAAAA;AACF,SAAA,CAAA;AACA,QAAA,OAAOH,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;AACF;AAEA,kBAAe;AACbT,IAAAA,YAAAA;AACAyC,IAAAA;AACF,CAAE;;;;"}
package/dist/server/server/src/bootstrap.js CHANGED
@@ -115,6 +115,11 @@ var bootstrap = (async ({ strapi: strapi1 })=>{
115
115
  // Pass through all JWT options (includes privateKey, publicKey, and any other options)
116
116
  jwtOptions: options
117
117
  });
118
+ const isProduction = process.env.NODE_ENV === 'production';
119
+ const adminCookieSecure = strapi1.config.get('admin.auth.cookie.secure');
120
+ if (isProduction && adminCookieSecure === false) {
121
+ strapi1.log.warn('Server is in production mode, but admin.auth.cookie.secure has been set to false. This is not recommended and will allow cookies to be sent over insecure connections.');
122
+ }
118
123
  await registerAdminConditions();
119
124
  await registerPermissionActions();
120
125
  registerModelHooks();
package/dist/server/server/src/bootstrap.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"bootstrap.js","sources":["../../../../server/src/bootstrap.ts"],"sourcesContent":["import { merge, map, difference, uniq } from 'lodash/fp';\nimport type { Core } from '@strapi/types';\nimport { async } from '@strapi/utils';\nimport { getService } from './utils';\nimport { getTokenOptions, expiresInToSeconds } from './services/token';\nimport adminActions from './config/admin-actions';\nimport adminConditions from './config/admin-conditions';\nimport constants from './services/constants';\nimport {\n DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN,\n DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN,\n DEFAULT_MAX_SESSION_LIFESPAN,\n DEFAULT_IDLE_SESSION_LIFESPAN,\n} from '../../shared/utils/session-auth';\n\nconst defaultAdminAuthSettings = {\n providers: {\n autoRegister: false,\n defaultRole: null,\n ssoLockedRoles: null,\n },\n};\n\nconst registerPermissionActions = async () => {\n await getService('permission').actionProvider.registerMany(adminActions.actions);\n};\n\nconst registerAdminConditions = async () => {\n await getService('permission').conditionProvider.registerMany(adminConditions.conditions);\n};\n\nconst registerModelHooks = () => {\n const { sendDidChangeInterfaceLanguage } = getService('metrics');\n\n strapi.db.lifecycles.subscribe({\n models: ['admin::user'],\n afterCreate: sendDidChangeInterfaceLanguage,\n afterDelete: sendDidChangeInterfaceLanguage,\n afterUpdate({ params }) {\n if (params.data.preferedLanguage) {\n sendDidChangeInterfaceLanguage();\n }\n },\n });\n};\n\nconst syncAuthSettings = async () => {\n const adminStore = await strapi.store({ type: 'core', name: 'admin' });\n const adminAuthSettings = await adminStore.get({ key: 'auth' });\n const newAuthSettings = merge(defaultAdminAuthSettings, adminAuthSettings);\n\n const roleExists = await getService('role').exists({\n id: newAuthSettings.providers.defaultRole,\n });\n\n // Reset the default SSO role if it has been deleted manually\n if (!roleExists) {\n newAuthSettings.providers.defaultRole = null;\n }\n\n await adminStore.set({ key: 'auth', value: newAuthSettings });\n};\n\nconst syncAPITokensPermissions = async () => {\n const validPermissions = strapi.contentAPI.permissions.providers.action.keys();\n const permissionsInDB = await async.pipe(\n strapi.db.query('admin::api-token-permission').findMany,\n map('action')\n )();\n\n const unknownPermissions = uniq(difference(permissionsInDB, validPermissions));\n\n if (unknownPermissions.length > 0) {\n await strapi.db\n .query('admin::api-token-permission')\n .deleteMany({ where: { action: { $in: unknownPermissions } } });\n }\n};\n\n/**\n * Ensures the creation of default API tokens during the app creation.\n *\n * Checks the database for existing users and API tokens:\n * - If there are no users and no API tokens, it creates two default API tokens:\n * 1. A \"Read Only\" API token with permissions for accessing resources.\n * 2. A \"Full Access\" API token with permissions for accessing and modifying resources.\n *\n * @sideEffects Creates new API tokens in the database if conditions are met.\n */\n\nconst createDefaultAPITokensIfNeeded = async () => {\n const userService = getService('user');\n const apiTokenService = getService('api-token');\n\n const usersCount = await userService.count();\n const apiTokenCount = await apiTokenService.count();\n\n if (usersCount === 0 && apiTokenCount === 0) {\n for (const token of constants.DEFAULT_API_TOKENS) {\n await apiTokenService.create(token);\n }\n }\n};\n\nexport default async ({ strapi }: { strapi: Core.Strapi }) => {\n // Get the merged token options (includes defaults merged with user config)\n const { options } = getTokenOptions();\n const legacyMaxRefreshFallback =\n expiresInToSeconds(options?.expiresIn) ?? DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN;\n const legacyMaxSessionFallback =\n expiresInToSeconds(options?.expiresIn) ?? DEFAULT_MAX_SESSION_LIFESPAN;\n\n // Warn if using deprecated legacy expiresIn for new session settings\n const hasLegacyExpires = options?.expiresIn != null;\n const hasNewMaxRefresh = strapi.config.get('admin.auth.sessions.maxRefreshTokenLifespan') != null;\n const hasNewMaxSession = strapi.config.get('admin.auth.sessions.maxSessionLifespan') != null;\n\n if (hasLegacyExpires && (!hasNewMaxRefresh || !hasNewMaxSession)) {\n strapi.log.warn(\n 'admin.auth.options.expiresIn is deprecated and will be removed in Strapi 6. Please configure admin.auth.sessions.maxRefreshTokenLifespan and admin.auth.sessions.maxSessionLifespan.'\n );\n }\n\n strapi.sessionManager.defineOrigin('admin', {\n jwtSecret: strapi.config.get('admin.auth.secret'),\n accessTokenLifespan: strapi.config.get('admin.auth.sessions.accessTokenLifespan', 30 * 60),\n maxRefreshTokenLifespan: strapi.config.get(\n 'admin.auth.sessions.maxRefreshTokenLifespan',\n legacyMaxRefreshFallback\n ),\n idleRefreshTokenLifespan: strapi.config.get(\n 'admin.auth.sessions.idleRefreshTokenLifespan',\n DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN\n ),\n maxSessionLifespan: strapi.config.get(\n 'admin.auth.sessions.maxSessionLifespan',\n legacyMaxSessionFallback\n ),\n idleSessionLifespan: strapi.config.get(\n 'admin.auth.sessions.idleSessionLifespan',\n DEFAULT_IDLE_SESSION_LIFESPAN\n ),\n algorithm: options?.algorithm,\n // Pass through all JWT options (includes privateKey, publicKey, and any other options)\n jwtOptions: options,\n });\n\n await registerAdminConditions();\n await registerPermissionActions();\n registerModelHooks();\n\n const permissionService = getService('permission');\n const userService = getService('user');\n const roleService = getService('role');\n const apiTokenService = getService('api-token');\n const transferService = getService('transfer');\n const tokenService = getService('token');\n\n await roleService.createRolesIfNoneExist();\n await roleService.resetSuperAdminPermissions();\n await roleService.displayWarningIfNoSuperAdmin();\n\n await permissionService.cleanPermissionsInDatabase();\n\n await userService.displayWarningIfUsersDontHaveRole();\n\n await syncAuthSettings();\n await syncAPITokensPermissions();\n\n await getService('metrics').sendUpdateProjectInformation(strapi);\n getService('metrics').startCron(strapi);\n\n apiTokenService.checkSaltIsDefined();\n transferService.token.checkSaltIsDefined();\n tokenService.checkSecretIsDefined();\n\n await createDefaultAPITokensIfNeeded();\n};\n"],"names":["defaultAdminAuthSettings","providers","autoRegister","defaultRole","ssoLockedRoles","registerPermissionActions","getService","actionProvider","registerMany","adminActions","actions","registerAdminConditions","conditionProvider","adminConditions","conditions","registerModelHooks","sendDidChangeInterfaceLanguage","strapi","db","lifecycles","subscribe","models","afterCreate","afterDelete","afterUpdate","params","data","preferedLanguage","syncAuthSettings","adminStore","store","type","name","adminAuthSettings","get","key","newAuthSettings","merge","roleExists","exists","id","set","value","syncAPITokensPermissions","validPermissions","contentAPI","permissions","action","keys","permissionsInDB","async","pipe","query","findMany","map","unknownPermissions","uniq","difference","length","deleteMany","where","$in","createDefaultAPITokensIfNeeded","userService","apiTokenService","usersCount","count","apiTokenCount","token","constants","DEFAULT_API_TOKENS","create","options","getTokenOptions","legacyMaxRefreshFallback","expiresInToSeconds","expiresIn","DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN","legacyMaxSessionFallback","DEFAULT_MAX_SESSION_LIFESPAN","hasLegacyExpires","hasNewMaxRefresh","config","hasNewMaxSession","log","warn","sessionManager","defineOrigin","jwtSecret","accessTokenLifespan","maxRefreshTokenLifespan","idleRefreshTokenLifespan","DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN","maxSessionLifespan","idleSessionLifespan","DEFAULT_IDLE_SESSION_LIFESPAN","algorithm","jwtOptions","permissionService","roleService","transferService","tokenService","createRolesIfNoneExist","resetSuperAdminPermissions","displayWarningIfNoSuperAdmin","cleanPermissionsInDatabase","displayWarningIfUsersDontHaveRole","sendUpdateProjectInformation","startCron","checkSaltIsDefined","checkSecretIsDefined"],"mappings":";;;;;;;;;;;AAeA,MAAMA,wBAA2B,GAAA;IAC/BC,SAAW,EAAA;QACTC,YAAc,EAAA,KAAA;QACdC,WAAa,EAAA,IAAA;QACbC,cAAgB,EAAA;AAClB;AACF,CAAA;AAEA,MAAMC,yBAA4B,GAAA,UAAA;AAChC,IAAA,MAAMC,iBAAW,YAAcC,CAAAA,CAAAA,cAAc,CAACC,YAAY,CAACC,qBAAaC,OAAO,CAAA;AACjF,CAAA;AAEA,MAAMC,uBAA0B,GAAA,UAAA;AAC9B,IAAA,MAAML,iBAAW,YAAcM,CAAAA,CAAAA,iBAAiB,CAACJ,YAAY,CAACK,wBAAgBC,UAAU,CAAA;AAC1F,CAAA;AAEA,MAAMC,kBAAqB,GAAA,IAAA;AACzB,IAAA,MAAM,EAAEC,8BAA8B,EAAE,GAAGV,gBAAW,CAAA,SAAA,CAAA;AAEtDW,IAAAA,MAAAA,CAAOC,EAAE,CAACC,UAAU,CAACC,SAAS,CAAC;QAC7BC,MAAQ,EAAA;AAAC,YAAA;AAAc,SAAA;QACvBC,WAAaN,EAAAA,8BAAAA;QACbO,WAAaP,EAAAA,8BAAAA;QACbQ,WAAY,CAAA,CAAA,EAAEC,MAAM,EAAE,EAAA;AACpB,YAAA,IAAIA,MAAOC,CAAAA,IAAI,CAACC,gBAAgB,EAAE;AAChCX,gBAAAA,8BAAAA,EAAAA;AACF;AACF;AACF,KAAA,CAAA;AACF,CAAA;AAEA,MAAMY,gBAAmB,GAAA,UAAA;AACvB,IAAA,MAAMC,UAAa,GAAA,MAAMZ,MAAOa,CAAAA,KAAK,CAAC;QAAEC,IAAM,EAAA,MAAA;QAAQC,IAAM,EAAA;AAAQ,KAAA,CAAA;AACpE,IAAA,MAAMC,iBAAoB,GAAA,MAAMJ,UAAWK,CAAAA,GAAG,CAAC;QAAEC,GAAK,EAAA;AAAO,KAAA,CAAA;IAC7D,MAAMC,eAAAA,GAAkBC,SAAMrC,wBAA0BiC,EAAAA,iBAAAA,CAAAA;AAExD,IAAA,MAAMK,UAAa,GAAA,MAAMhC,gBAAW,CAAA,MAAA,CAAA,CAAQiC,MAAM,CAAC;QACjDC,EAAIJ,EAAAA,eAAAA,CAAgBnC,SAAS,CAACE;AAChC,KAAA,CAAA;;AAGA,IAAA,IAAI,CAACmC,UAAY,EAAA;QACfF,eAAgBnC,CAAAA,SAAS,CAACE,WAAW,GAAG,IAAA;AAC1C;IAEA,MAAM0B,UAAAA,CAAWY,GAAG,CAAC;QAAEN,GAAK,EAAA,MAAA;QAAQO,KAAON,EAAAA;AAAgB,KAAA,CAAA;AAC7D,CAAA;AAEA,MAAMO,wBAA2B,GAAA,UAAA;IAC/B,MAAMC,gBAAAA,GAAmB3B,MAAO4B,CAAAA,UAAU,CAACC,WAAW,CAAC7C,SAAS,CAAC8C,MAAM,CAACC,IAAI,EAAA;AAC5E,IAAA,MAAMC,eAAkB,GAAA,MAAMC,WAAMC,CAAAA,IAAI,CACtClC,MAAAA,CAAOC,EAAE,CAACkC,KAAK,CAAC,6BAA+BC,CAAAA,CAAAA,QAAQ,EACvDC,MAAI,CAAA,QAAA,CAAA,CAAA,EAAA;IAGN,MAAMC,kBAAAA,GAAqBC,OAAKC,CAAAA,aAAAA,CAAWR,eAAiBL,EAAAA,gBAAAA,CAAAA,CAAAA;IAE5D,IAAIW,kBAAAA,CAAmBG,MAAM,GAAG,CAAG,EAAA;AACjC,QAAA,MAAMzC,OAAOC,EAAE,CACZkC,KAAK,CAAC,6BAAA,CAAA,CACNO,UAAU,CAAC;YAAEC,KAAO,EAAA;gBAAEb,MAAQ,EAAA;oBAAEc,GAAKN,EAAAA;AAAmB;AAAE;AAAE,SAAA,CAAA;AACjE;AACF,CAAA;AAEA;;;;;;;;;AASC,IAED,MAAMO,8BAAiC,GAAA,UAAA;AACrC,IAAA,MAAMC,cAAczD,gBAAW,CAAA,MAAA,CAAA;AAC/B,IAAA,MAAM0D,kBAAkB1D,gBAAW,CAAA,WAAA,CAAA;IAEnC,MAAM2D,UAAAA,GAAa,MAAMF,WAAAA,CAAYG,KAAK,EAAA;IAC1C,MAAMC,aAAAA,GAAgB,MAAMH,eAAAA,CAAgBE,KAAK,EAAA;IAEjD,IAAID,UAAAA,KAAe,CAAKE,IAAAA,aAAAA,KAAkB,CAAG,EAAA;AAC3C,QAAA,KAAK,MAAMC,KAAAA,IAASC,SAAUC,CAAAA,kBAAkB,CAAE;YAChD,MAAMN,eAAAA,CAAgBO,MAAM,CAACH,KAAAA,CAAAA;AAC/B;AACF;AACF,CAAA;AAEA,gBAAe,CAAA,OAAO,EAAEnD,MAAAA,EAAAA,OAAM,EAA2B,GAAA;;IAEvD,MAAM,EAAEuD,OAAO,EAAE,GAAGC,qBAAAA,EAAAA;IACpB,MAAMC,wBAAAA,GACJC,wBAAmBH,CAAAA,OAAAA,EAASI,SAAcC,CAAAA,IAAAA,8CAAAA;IAC5C,MAAMC,wBAAAA,GACJH,wBAAmBH,CAAAA,OAAAA,EAASI,SAAcG,CAAAA,IAAAA,wCAAAA;;IAG5C,MAAMC,gBAAAA,GAAmBR,SAASI,SAAa,IAAA,IAAA;AAC/C,IAAA,MAAMK,mBAAmBhE,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CAAC,6CAAkD,CAAA,IAAA,IAAA;AAC7F,IAAA,MAAMiD,mBAAmBlE,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CAAC,wCAA6C,CAAA,IAAA,IAAA;AAExF,IAAA,IAAI8C,qBAAqB,CAACC,gBAAoB,IAAA,CAACE,gBAAe,CAAI,EAAA;QAChElE,OAAOmE,CAAAA,GAAG,CAACC,IAAI,CACb,sLAAA,CAAA;AAEJ;AAEApE,IAAAA,OAAAA,CAAOqE,cAAc,CAACC,YAAY,CAAC,OAAS,EAAA;AAC1CC,QAAAA,SAAAA,EAAWvE,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CAAC,mBAAA,CAAA;AAC7BuD,QAAAA,mBAAAA,EAAqBxE,QAAOiE,MAAM,CAAChD,GAAG,CAAC,2CAA2C,EAAK,GAAA,EAAA,CAAA;AACvFwD,QAAAA,uBAAAA,EAAyBzE,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CACxC,6CACAwC,EAAAA,wBAAAA,CAAAA;AAEFiB,QAAAA,wBAAAA,EAA0B1E,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CACzC,8CACA0D,EAAAA,+CAAAA,CAAAA;AAEFC,QAAAA,kBAAAA,EAAoB5E,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CACnC,wCACA4C,EAAAA,wBAAAA,CAAAA;AAEFgB,QAAAA,mBAAAA,EAAqB7E,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CACpC,yCACA6D,EAAAA,yCAAAA,CAAAA;AAEFC,QAAAA,SAAAA,EAAWxB,OAASwB,EAAAA,SAAAA;;QAEpBC,UAAYzB,EAAAA;AACd,KAAA,CAAA;IAEA,MAAM7D,uBAAAA,EAAAA;IACN,MAAMN,yBAAAA,EAAAA;AACNU,IAAAA,kBAAAA,EAAAA;AAEA,IAAA,MAAMmF,oBAAoB5F,gBAAW,CAAA,YAAA,CAAA;AACrC,IAAA,MAAMyD,cAAczD,gBAAW,CAAA,MAAA,CAAA;AAC/B,IAAA,MAAM6F,cAAc7F,gBAAW,CAAA,MAAA,CAAA;AAC/B,IAAA,MAAM0D,kBAAkB1D,gBAAW,CAAA,WAAA,CAAA;AACnC,IAAA,MAAM8F,kBAAkB9F,gBAAW,CAAA,UAAA,CAAA;AACnC,IAAA,MAAM+F,eAAe/F,gBAAW,CAAA,OAAA,CAAA;AAEhC,IAAA,MAAM6F,YAAYG,sBAAsB,EAAA;AACxC,IAAA,MAAMH,YAAYI,0BAA0B,EAAA;AAC5C,IAAA,MAAMJ,YAAYK,4BAA4B,EAAA;AAE9C,IAAA,MAAMN,kBAAkBO,0BAA0B,EAAA;AAElD,IAAA,MAAM1C,YAAY2C,iCAAiC,EAAA;IAEnD,MAAM9E,gBAAAA,EAAAA;IACN,MAAMe,wBAAAA,EAAAA;IAEN,MAAMrC,gBAAAA,CAAW,SAAWqG,CAAAA,CAAAA,4BAA4B,CAAC1F,OAAAA,CAAAA;IACzDX,gBAAW,CAAA,SAAA,CAAA,CAAWsG,SAAS,CAAC3F,OAAAA,CAAAA;AAEhC+C,IAAAA,eAAAA,CAAgB6C,kBAAkB,EAAA;IAClCT,eAAgBhC,CAAAA,KAAK,CAACyC,kBAAkB,EAAA;AACxCR,IAAAA,YAAAA,CAAaS,oBAAoB,EAAA;IAEjC,MAAMhD,8BAAAA,EAAAA;AACR,CAAA;;;;"}
1
+ {"version":3,"file":"bootstrap.js","sources":["../../../../server/src/bootstrap.ts"],"sourcesContent":["import { merge, map, difference, uniq } from 'lodash/fp';\nimport type { Core } from '@strapi/types';\nimport { async } from '@strapi/utils';\nimport { getService } from './utils';\nimport { getTokenOptions, expiresInToSeconds } from './services/token';\nimport adminActions from './config/admin-actions';\nimport adminConditions from './config/admin-conditions';\nimport constants from './services/constants';\nimport {\n DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN,\n DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN,\n DEFAULT_MAX_SESSION_LIFESPAN,\n DEFAULT_IDLE_SESSION_LIFESPAN,\n} from '../../shared/utils/session-auth';\n\nconst defaultAdminAuthSettings = {\n providers: {\n autoRegister: false,\n defaultRole: null,\n ssoLockedRoles: null,\n },\n};\n\nconst registerPermissionActions = async () => {\n await getService('permission').actionProvider.registerMany(adminActions.actions);\n};\n\nconst registerAdminConditions = async () => {\n await getService('permission').conditionProvider.registerMany(adminConditions.conditions);\n};\n\nconst registerModelHooks = () => {\n const { sendDidChangeInterfaceLanguage } = getService('metrics');\n\n strapi.db.lifecycles.subscribe({\n models: ['admin::user'],\n afterCreate: sendDidChangeInterfaceLanguage,\n afterDelete: sendDidChangeInterfaceLanguage,\n afterUpdate({ params }) {\n if (params.data.preferedLanguage) {\n sendDidChangeInterfaceLanguage();\n }\n },\n });\n};\n\nconst syncAuthSettings = async () => {\n const adminStore = await strapi.store({ type: 'core', name: 'admin' });\n const adminAuthSettings = await adminStore.get({ key: 'auth' });\n const newAuthSettings = merge(defaultAdminAuthSettings, adminAuthSettings);\n\n const roleExists = await getService('role').exists({\n id: newAuthSettings.providers.defaultRole,\n });\n\n // Reset the default SSO role if it has been deleted manually\n if (!roleExists) {\n newAuthSettings.providers.defaultRole = null;\n }\n\n await adminStore.set({ key: 'auth', value: newAuthSettings });\n};\n\nconst syncAPITokensPermissions = async () => {\n const validPermissions = strapi.contentAPI.permissions.providers.action.keys();\n const permissionsInDB = await async.pipe(\n strapi.db.query('admin::api-token-permission').findMany,\n map('action')\n )();\n\n const unknownPermissions = uniq(difference(permissionsInDB, validPermissions));\n\n if (unknownPermissions.length > 0) {\n await strapi.db\n .query('admin::api-token-permission')\n .deleteMany({ where: { action: { $in: unknownPermissions } } });\n }\n};\n\n/**\n * Ensures the creation of default API tokens during the app creation.\n *\n * Checks the database for existing users and API tokens:\n * - If there are no users and no API tokens, it creates two default API tokens:\n * 1. A \"Read Only\" API token with permissions for accessing resources.\n * 2. A \"Full Access\" API token with permissions for accessing and modifying resources.\n *\n * @sideEffects Creates new API tokens in the database if conditions are met.\n */\n\nconst createDefaultAPITokensIfNeeded = async () => {\n const userService = getService('user');\n const apiTokenService = getService('api-token');\n\n const usersCount = await userService.count();\n const apiTokenCount = await apiTokenService.count();\n\n if (usersCount === 0 && apiTokenCount === 0) {\n for (const token of constants.DEFAULT_API_TOKENS) {\n await apiTokenService.create(token);\n }\n }\n};\n\nexport default async ({ strapi }: { strapi: Core.Strapi }) => {\n // Get the merged token options (includes defaults merged with user config)\n const { options } = getTokenOptions();\n const legacyMaxRefreshFallback =\n expiresInToSeconds(options?.expiresIn) ?? DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN;\n const legacyMaxSessionFallback =\n expiresInToSeconds(options?.expiresIn) ?? DEFAULT_MAX_SESSION_LIFESPAN;\n\n // Warn if using deprecated legacy expiresIn for new session settings\n const hasLegacyExpires = options?.expiresIn != null;\n const hasNewMaxRefresh = strapi.config.get('admin.auth.sessions.maxRefreshTokenLifespan') != null;\n const hasNewMaxSession = strapi.config.get('admin.auth.sessions.maxSessionLifespan') != null;\n\n if (hasLegacyExpires && (!hasNewMaxRefresh || !hasNewMaxSession)) {\n strapi.log.warn(\n 'admin.auth.options.expiresIn is deprecated and will be removed in Strapi 6. Please configure admin.auth.sessions.maxRefreshTokenLifespan and admin.auth.sessions.maxSessionLifespan.'\n );\n }\n\n strapi.sessionManager.defineOrigin('admin', {\n jwtSecret: strapi.config.get('admin.auth.secret'),\n accessTokenLifespan: strapi.config.get('admin.auth.sessions.accessTokenLifespan', 30 * 60),\n maxRefreshTokenLifespan: strapi.config.get(\n 'admin.auth.sessions.maxRefreshTokenLifespan',\n legacyMaxRefreshFallback\n ),\n idleRefreshTokenLifespan: strapi.config.get(\n 'admin.auth.sessions.idleRefreshTokenLifespan',\n DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN\n ),\n maxSessionLifespan: strapi.config.get(\n 'admin.auth.sessions.maxSessionLifespan',\n legacyMaxSessionFallback\n ),\n idleSessionLifespan: strapi.config.get(\n 'admin.auth.sessions.idleSessionLifespan',\n DEFAULT_IDLE_SESSION_LIFESPAN\n ),\n algorithm: options?.algorithm,\n // Pass through all JWT options (includes privateKey, publicKey, and any other options)\n jwtOptions: options,\n });\n\n const isProduction = process.env.NODE_ENV === 'production';\n const adminCookieSecure = strapi.config.get('admin.auth.cookie.secure');\n if (isProduction && adminCookieSecure === false) {\n strapi.log.warn(\n 'Server is in production mode, but admin.auth.cookie.secure has been set to false. This is not recommended and will allow cookies to be sent over insecure connections.'\n );\n }\n\n await registerAdminConditions();\n await registerPermissionActions();\n registerModelHooks();\n\n const permissionService = getService('permission');\n const userService = getService('user');\n const roleService = getService('role');\n const apiTokenService = getService('api-token');\n const transferService = getService('transfer');\n const tokenService = getService('token');\n\n await roleService.createRolesIfNoneExist();\n await roleService.resetSuperAdminPermissions();\n await roleService.displayWarningIfNoSuperAdmin();\n\n await permissionService.cleanPermissionsInDatabase();\n\n await userService.displayWarningIfUsersDontHaveRole();\n\n await syncAuthSettings();\n await syncAPITokensPermissions();\n\n await getService('metrics').sendUpdateProjectInformation(strapi);\n getService('metrics').startCron(strapi);\n\n apiTokenService.checkSaltIsDefined();\n transferService.token.checkSaltIsDefined();\n tokenService.checkSecretIsDefined();\n\n await createDefaultAPITokensIfNeeded();\n};\n"],"names":["defaultAdminAuthSettings","providers","autoRegister","defaultRole","ssoLockedRoles","registerPermissionActions","getService","actionProvider","registerMany","adminActions","actions","registerAdminConditions","conditionProvider","adminConditions","conditions","registerModelHooks","sendDidChangeInterfaceLanguage","strapi","db","lifecycles","subscribe","models","afterCreate","afterDelete","afterUpdate","params","data","preferedLanguage","syncAuthSettings","adminStore","store","type","name","adminAuthSettings","get","key","newAuthSettings","merge","roleExists","exists","id","set","value","syncAPITokensPermissions","validPermissions","contentAPI","permissions","action","keys","permissionsInDB","async","pipe","query","findMany","map","unknownPermissions","uniq","difference","length","deleteMany","where","$in","createDefaultAPITokensIfNeeded","userService","apiTokenService","usersCount","count","apiTokenCount","token","constants","DEFAULT_API_TOKENS","create","options","getTokenOptions","legacyMaxRefreshFallback","expiresInToSeconds","expiresIn","DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN","legacyMaxSessionFallback","DEFAULT_MAX_SESSION_LIFESPAN","hasLegacyExpires","hasNewMaxRefresh","config","hasNewMaxSession","log","warn","sessionManager","defineOrigin","jwtSecret","accessTokenLifespan","maxRefreshTokenLifespan","idleRefreshTokenLifespan","DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN","maxSessionLifespan","idleSessionLifespan","DEFAULT_IDLE_SESSION_LIFESPAN","algorithm","jwtOptions","isProduction","process","env","NODE_ENV","adminCookieSecure","permissionService","roleService","transferService","tokenService","createRolesIfNoneExist","resetSuperAdminPermissions","displayWarningIfNoSuperAdmin","cleanPermissionsInDatabase","displayWarningIfUsersDontHaveRole","sendUpdateProjectInformation","startCron","checkSaltIsDefined","checkSecretIsDefined"],"mappings":";;;;;;;;;;;AAeA,MAAMA,wBAA2B,GAAA;IAC/BC,SAAW,EAAA;QACTC,YAAc,EAAA,KAAA;QACdC,WAAa,EAAA,IAAA;QACbC,cAAgB,EAAA;AAClB;AACF,CAAA;AAEA,MAAMC,yBAA4B,GAAA,UAAA;AAChC,IAAA,MAAMC,iBAAW,YAAcC,CAAAA,CAAAA,cAAc,CAACC,YAAY,CAACC,qBAAaC,OAAO,CAAA;AACjF,CAAA;AAEA,MAAMC,uBAA0B,GAAA,UAAA;AAC9B,IAAA,MAAML,iBAAW,YAAcM,CAAAA,CAAAA,iBAAiB,CAACJ,YAAY,CAACK,wBAAgBC,UAAU,CAAA;AAC1F,CAAA;AAEA,MAAMC,kBAAqB,GAAA,IAAA;AACzB,IAAA,MAAM,EAAEC,8BAA8B,EAAE,GAAGV,gBAAW,CAAA,SAAA,CAAA;AAEtDW,IAAAA,MAAAA,CAAOC,EAAE,CAACC,UAAU,CAACC,SAAS,CAAC;QAC7BC,MAAQ,EAAA;AAAC,YAAA;AAAc,SAAA;QACvBC,WAAaN,EAAAA,8BAAAA;QACbO,WAAaP,EAAAA,8BAAAA;QACbQ,WAAY,CAAA,CAAA,EAAEC,MAAM,EAAE,EAAA;AACpB,YAAA,IAAIA,MAAOC,CAAAA,IAAI,CAACC,gBAAgB,EAAE;AAChCX,gBAAAA,8BAAAA,EAAAA;AACF;AACF;AACF,KAAA,CAAA;AACF,CAAA;AAEA,MAAMY,gBAAmB,GAAA,UAAA;AACvB,IAAA,MAAMC,UAAa,GAAA,MAAMZ,MAAOa,CAAAA,KAAK,CAAC;QAAEC,IAAM,EAAA,MAAA;QAAQC,IAAM,EAAA;AAAQ,KAAA,CAAA;AACpE,IAAA,MAAMC,iBAAoB,GAAA,MAAMJ,UAAWK,CAAAA,GAAG,CAAC;QAAEC,GAAK,EAAA;AAAO,KAAA,CAAA;IAC7D,MAAMC,eAAAA,GAAkBC,SAAMrC,wBAA0BiC,EAAAA,iBAAAA,CAAAA;AAExD,IAAA,MAAMK,UAAa,GAAA,MAAMhC,gBAAW,CAAA,MAAA,CAAA,CAAQiC,MAAM,CAAC;QACjDC,EAAIJ,EAAAA,eAAAA,CAAgBnC,SAAS,CAACE;AAChC,KAAA,CAAA;;AAGA,IAAA,IAAI,CAACmC,UAAY,EAAA;QACfF,eAAgBnC,CAAAA,SAAS,CAACE,WAAW,GAAG,IAAA;AAC1C;IAEA,MAAM0B,UAAAA,CAAWY,GAAG,CAAC;QAAEN,GAAK,EAAA,MAAA;QAAQO,KAAON,EAAAA;AAAgB,KAAA,CAAA;AAC7D,CAAA;AAEA,MAAMO,wBAA2B,GAAA,UAAA;IAC/B,MAAMC,gBAAAA,GAAmB3B,MAAO4B,CAAAA,UAAU,CAACC,WAAW,CAAC7C,SAAS,CAAC8C,MAAM,CAACC,IAAI,EAAA;AAC5E,IAAA,MAAMC,eAAkB,GAAA,MAAMC,WAAMC,CAAAA,IAAI,CACtClC,MAAAA,CAAOC,EAAE,CAACkC,KAAK,CAAC,6BAA+BC,CAAAA,CAAAA,QAAQ,EACvDC,MAAI,CAAA,QAAA,CAAA,CAAA,EAAA;IAGN,MAAMC,kBAAAA,GAAqBC,OAAKC,CAAAA,aAAAA,CAAWR,eAAiBL,EAAAA,gBAAAA,CAAAA,CAAAA;IAE5D,IAAIW,kBAAAA,CAAmBG,MAAM,GAAG,CAAG,EAAA;AACjC,QAAA,MAAMzC,OAAOC,EAAE,CACZkC,KAAK,CAAC,6BAAA,CAAA,CACNO,UAAU,CAAC;YAAEC,KAAO,EAAA;gBAAEb,MAAQ,EAAA;oBAAEc,GAAKN,EAAAA;AAAmB;AAAE;AAAE,SAAA,CAAA;AACjE;AACF,CAAA;AAEA;;;;;;;;;AASC,IAED,MAAMO,8BAAiC,GAAA,UAAA;AACrC,IAAA,MAAMC,cAAczD,gBAAW,CAAA,MAAA,CAAA;AAC/B,IAAA,MAAM0D,kBAAkB1D,gBAAW,CAAA,WAAA,CAAA;IAEnC,MAAM2D,UAAAA,GAAa,MAAMF,WAAAA,CAAYG,KAAK,EAAA;IAC1C,MAAMC,aAAAA,GAAgB,MAAMH,eAAAA,CAAgBE,KAAK,EAAA;IAEjD,IAAID,UAAAA,KAAe,CAAKE,IAAAA,aAAAA,KAAkB,CAAG,EAAA;AAC3C,QAAA,KAAK,MAAMC,KAAAA,IAASC,SAAUC,CAAAA,kBAAkB,CAAE;YAChD,MAAMN,eAAAA,CAAgBO,MAAM,CAACH,KAAAA,CAAAA;AAC/B;AACF;AACF,CAAA;AAEA,gBAAe,CAAA,OAAO,EAAEnD,MAAAA,EAAAA,OAAM,EAA2B,GAAA;;IAEvD,MAAM,EAAEuD,OAAO,EAAE,GAAGC,qBAAAA,EAAAA;IACpB,MAAMC,wBAAAA,GACJC,wBAAmBH,CAAAA,OAAAA,EAASI,SAAcC,CAAAA,IAAAA,8CAAAA;IAC5C,MAAMC,wBAAAA,GACJH,wBAAmBH,CAAAA,OAAAA,EAASI,SAAcG,CAAAA,IAAAA,wCAAAA;;IAG5C,MAAMC,gBAAAA,GAAmBR,SAASI,SAAa,IAAA,IAAA;AAC/C,IAAA,MAAMK,mBAAmBhE,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CAAC,6CAAkD,CAAA,IAAA,IAAA;AAC7F,IAAA,MAAMiD,mBAAmBlE,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CAAC,wCAA6C,CAAA,IAAA,IAAA;AAExF,IAAA,IAAI8C,qBAAqB,CAACC,gBAAoB,IAAA,CAACE,gBAAe,CAAI,EAAA;QAChElE,OAAOmE,CAAAA,GAAG,CAACC,IAAI,CACb,sLAAA,CAAA;AAEJ;AAEApE,IAAAA,OAAAA,CAAOqE,cAAc,CAACC,YAAY,CAAC,OAAS,EAAA;AAC1CC,QAAAA,SAAAA,EAAWvE,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CAAC,mBAAA,CAAA;AAC7BuD,QAAAA,mBAAAA,EAAqBxE,QAAOiE,MAAM,CAAChD,GAAG,CAAC,2CAA2C,EAAK,GAAA,EAAA,CAAA;AACvFwD,QAAAA,uBAAAA,EAAyBzE,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CACxC,6CACAwC,EAAAA,wBAAAA,CAAAA;AAEFiB,QAAAA,wBAAAA,EAA0B1E,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CACzC,8CACA0D,EAAAA,+CAAAA,CAAAA;AAEFC,QAAAA,kBAAAA,EAAoB5E,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CACnC,wCACA4C,EAAAA,wBAAAA,CAAAA;AAEFgB,QAAAA,mBAAAA,EAAqB7E,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CACpC,yCACA6D,EAAAA,yCAAAA,CAAAA;AAEFC,QAAAA,SAAAA,EAAWxB,OAASwB,EAAAA,SAAAA;;QAEpBC,UAAYzB,EAAAA;AACd,KAAA,CAAA;AAEA,IAAA,MAAM0B,YAAeC,GAAAA,OAAAA,CAAQC,GAAG,CAACC,QAAQ,KAAK,YAAA;AAC9C,IAAA,MAAMC,iBAAoBrF,GAAAA,OAAAA,CAAOiE,MAAM,CAAChD,GAAG,CAAC,0BAAA,CAAA;IAC5C,IAAIgE,YAAAA,IAAgBI,sBAAsB,KAAO,EAAA;QAC/CrF,OAAOmE,CAAAA,GAAG,CAACC,IAAI,CACb,wKAAA,CAAA;AAEJ;IAEA,MAAM1E,uBAAAA,EAAAA;IACN,MAAMN,yBAAAA,EAAAA;AACNU,IAAAA,kBAAAA,EAAAA;AAEA,IAAA,MAAMwF,oBAAoBjG,gBAAW,CAAA,YAAA,CAAA;AACrC,IAAA,MAAMyD,cAAczD,gBAAW,CAAA,MAAA,CAAA;AAC/B,IAAA,MAAMkG,cAAclG,gBAAW,CAAA,MAAA,CAAA;AAC/B,IAAA,MAAM0D,kBAAkB1D,gBAAW,CAAA,WAAA,CAAA;AACnC,IAAA,MAAMmG,kBAAkBnG,gBAAW,CAAA,UAAA,CAAA;AACnC,IAAA,MAAMoG,eAAepG,gBAAW,CAAA,OAAA,CAAA;AAEhC,IAAA,MAAMkG,YAAYG,sBAAsB,EAAA;AACxC,IAAA,MAAMH,YAAYI,0BAA0B,EAAA;AAC5C,IAAA,MAAMJ,YAAYK,4BAA4B,EAAA;AAE9C,IAAA,MAAMN,kBAAkBO,0BAA0B,EAAA;AAElD,IAAA,MAAM/C,YAAYgD,iCAAiC,EAAA;IAEnD,MAAMnF,gBAAAA,EAAAA;IACN,MAAMe,wBAAAA,EAAAA;IAEN,MAAMrC,gBAAAA,CAAW,SAAW0G,CAAAA,CAAAA,4BAA4B,CAAC/F,OAAAA,CAAAA;IACzDX,gBAAW,CAAA,SAAA,CAAA,CAAW2G,SAAS,CAAChG,OAAAA,CAAAA;AAEhC+C,IAAAA,eAAAA,CAAgBkD,kBAAkB,EAAA;IAClCT,eAAgBrC,CAAAA,KAAK,CAAC8C,kBAAkB,EAAA;AACxCR,IAAAA,YAAAA,CAAaS,oBAAoB,EAAA;IAEjC,MAAMrD,8BAAAA,EAAAA;AACR,CAAA;;;;"}
package/dist/server/server/src/bootstrap.mjs CHANGED
@@ -113,6 +113,11 @@ var bootstrap = (async ({ strapi: strapi1 })=>{
113
113
  // Pass through all JWT options (includes privateKey, publicKey, and any other options)
114
114
  jwtOptions: options
115
115
  });
116
+ const isProduction = process.env.NODE_ENV === 'production';
117
+ const adminCookieSecure = strapi1.config.get('admin.auth.cookie.secure');
118
+ if (isProduction && adminCookieSecure === false) {
119
+ strapi1.log.warn('Server is in production mode, but admin.auth.cookie.secure has been set to false. This is not recommended and will allow cookies to be sent over insecure connections.');
120
+ }
116
121
  await registerAdminConditions();
117
122
  await registerPermissionActions();
118
123
  registerModelHooks();
package/dist/server/server/src/bootstrap.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"bootstrap.mjs","sources":["../../../../server/src/bootstrap.ts"],"sourcesContent":["import { merge, map, difference, uniq } from 'lodash/fp';\nimport type { Core } from '@strapi/types';\nimport { async } from '@strapi/utils';\nimport { getService } from './utils';\nimport { getTokenOptions, expiresInToSeconds } from './services/token';\nimport adminActions from './config/admin-actions';\nimport adminConditions from './config/admin-conditions';\nimport constants from './services/constants';\nimport {\n DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN,\n DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN,\n DEFAULT_MAX_SESSION_LIFESPAN,\n DEFAULT_IDLE_SESSION_LIFESPAN,\n} from '../../shared/utils/session-auth';\n\nconst defaultAdminAuthSettings = {\n providers: {\n autoRegister: false,\n defaultRole: null,\n ssoLockedRoles: null,\n },\n};\n\nconst registerPermissionActions = async () => {\n await getService('permission').actionProvider.registerMany(adminActions.actions);\n};\n\nconst registerAdminConditions = async () => {\n await getService('permission').conditionProvider.registerMany(adminConditions.conditions);\n};\n\nconst registerModelHooks = () => {\n const { sendDidChangeInterfaceLanguage } = getService('metrics');\n\n strapi.db.lifecycles.subscribe({\n models: ['admin::user'],\n afterCreate: sendDidChangeInterfaceLanguage,\n afterDelete: sendDidChangeInterfaceLanguage,\n afterUpdate({ params }) {\n if (params.data.preferedLanguage) {\n sendDidChangeInterfaceLanguage();\n }\n },\n });\n};\n\nconst syncAuthSettings = async () => {\n const adminStore = await strapi.store({ type: 'core', name: 'admin' });\n const adminAuthSettings = await adminStore.get({ key: 'auth' });\n const newAuthSettings = merge(defaultAdminAuthSettings, adminAuthSettings);\n\n const roleExists = await getService('role').exists({\n id: newAuthSettings.providers.defaultRole,\n });\n\n // Reset the default SSO role if it has been deleted manually\n if (!roleExists) {\n newAuthSettings.providers.defaultRole = null;\n }\n\n await adminStore.set({ key: 'auth', value: newAuthSettings });\n};\n\nconst syncAPITokensPermissions = async () => {\n const validPermissions = strapi.contentAPI.permissions.providers.action.keys();\n const permissionsInDB = await async.pipe(\n strapi.db.query('admin::api-token-permission').findMany,\n map('action')\n )();\n\n const unknownPermissions = uniq(difference(permissionsInDB, validPermissions));\n\n if (unknownPermissions.length > 0) {\n await strapi.db\n .query('admin::api-token-permission')\n .deleteMany({ where: { action: { $in: unknownPermissions } } });\n }\n};\n\n/**\n * Ensures the creation of default API tokens during the app creation.\n *\n * Checks the database for existing users and API tokens:\n * - If there are no users and no API tokens, it creates two default API tokens:\n * 1. A \"Read Only\" API token with permissions for accessing resources.\n * 2. A \"Full Access\" API token with permissions for accessing and modifying resources.\n *\n * @sideEffects Creates new API tokens in the database if conditions are met.\n */\n\nconst createDefaultAPITokensIfNeeded = async () => {\n const userService = getService('user');\n const apiTokenService = getService('api-token');\n\n const usersCount = await userService.count();\n const apiTokenCount = await apiTokenService.count();\n\n if (usersCount === 0 && apiTokenCount === 0) {\n for (const token of constants.DEFAULT_API_TOKENS) {\n await apiTokenService.create(token);\n }\n }\n};\n\nexport default async ({ strapi }: { strapi: Core.Strapi }) => {\n // Get the merged token options (includes defaults merged with user config)\n const { options } = getTokenOptions();\n const legacyMaxRefreshFallback =\n expiresInToSeconds(options?.expiresIn) ?? DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN;\n const legacyMaxSessionFallback =\n expiresInToSeconds(options?.expiresIn) ?? DEFAULT_MAX_SESSION_LIFESPAN;\n\n // Warn if using deprecated legacy expiresIn for new session settings\n const hasLegacyExpires = options?.expiresIn != null;\n const hasNewMaxRefresh = strapi.config.get('admin.auth.sessions.maxRefreshTokenLifespan') != null;\n const hasNewMaxSession = strapi.config.get('admin.auth.sessions.maxSessionLifespan') != null;\n\n if (hasLegacyExpires && (!hasNewMaxRefresh || !hasNewMaxSession)) {\n strapi.log.warn(\n 'admin.auth.options.expiresIn is deprecated and will be removed in Strapi 6. Please configure admin.auth.sessions.maxRefreshTokenLifespan and admin.auth.sessions.maxSessionLifespan.'\n );\n }\n\n strapi.sessionManager.defineOrigin('admin', {\n jwtSecret: strapi.config.get('admin.auth.secret'),\n accessTokenLifespan: strapi.config.get('admin.auth.sessions.accessTokenLifespan', 30 * 60),\n maxRefreshTokenLifespan: strapi.config.get(\n 'admin.auth.sessions.maxRefreshTokenLifespan',\n legacyMaxRefreshFallback\n ),\n idleRefreshTokenLifespan: strapi.config.get(\n 'admin.auth.sessions.idleRefreshTokenLifespan',\n DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN\n ),\n maxSessionLifespan: strapi.config.get(\n 'admin.auth.sessions.maxSessionLifespan',\n legacyMaxSessionFallback\n ),\n idleSessionLifespan: strapi.config.get(\n 'admin.auth.sessions.idleSessionLifespan',\n DEFAULT_IDLE_SESSION_LIFESPAN\n ),\n algorithm: options?.algorithm,\n // Pass through all JWT options (includes privateKey, publicKey, and any other options)\n jwtOptions: options,\n });\n\n await registerAdminConditions();\n await registerPermissionActions();\n registerModelHooks();\n\n const permissionService = getService('permission');\n const userService = getService('user');\n const roleService = getService('role');\n const apiTokenService = getService('api-token');\n const transferService = getService('transfer');\n const tokenService = getService('token');\n\n await roleService.createRolesIfNoneExist();\n await roleService.resetSuperAdminPermissions();\n await roleService.displayWarningIfNoSuperAdmin();\n\n await permissionService.cleanPermissionsInDatabase();\n\n await userService.displayWarningIfUsersDontHaveRole();\n\n await syncAuthSettings();\n await syncAPITokensPermissions();\n\n await getService('metrics').sendUpdateProjectInformation(strapi);\n getService('metrics').startCron(strapi);\n\n apiTokenService.checkSaltIsDefined();\n transferService.token.checkSaltIsDefined();\n tokenService.checkSecretIsDefined();\n\n await createDefaultAPITokensIfNeeded();\n};\n"],"names":["defaultAdminAuthSettings","providers","autoRegister","defaultRole","ssoLockedRoles","registerPermissionActions","getService","actionProvider","registerMany","adminActions","actions","registerAdminConditions","conditionProvider","adminConditions","conditions","registerModelHooks","sendDidChangeInterfaceLanguage","strapi","db","lifecycles","subscribe","models","afterCreate","afterDelete","afterUpdate","params","data","preferedLanguage","syncAuthSettings","adminStore","store","type","name","adminAuthSettings","get","key","newAuthSettings","merge","roleExists","exists","id","set","value","syncAPITokensPermissions","validPermissions","contentAPI","permissions","action","keys","permissionsInDB","async","pipe","query","findMany","map","unknownPermissions","uniq","difference","length","deleteMany","where","$in","createDefaultAPITokensIfNeeded","userService","apiTokenService","usersCount","count","apiTokenCount","token","constants","DEFAULT_API_TOKENS","create","options","getTokenOptions","legacyMaxRefreshFallback","expiresInToSeconds","expiresIn","DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN","legacyMaxSessionFallback","DEFAULT_MAX_SESSION_LIFESPAN","hasLegacyExpires","hasNewMaxRefresh","config","hasNewMaxSession","log","warn","sessionManager","defineOrigin","jwtSecret","accessTokenLifespan","maxRefreshTokenLifespan","idleRefreshTokenLifespan","DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN","maxSessionLifespan","idleSessionLifespan","DEFAULT_IDLE_SESSION_LIFESPAN","algorithm","jwtOptions","permissionService","roleService","transferService","tokenService","createRolesIfNoneExist","resetSuperAdminPermissions","displayWarningIfNoSuperAdmin","cleanPermissionsInDatabase","displayWarningIfUsersDontHaveRole","sendUpdateProjectInformation","startCron","checkSaltIsDefined","checkSecretIsDefined"],"mappings":";;;;;;;;;AAeA,MAAMA,wBAA2B,GAAA;IAC/BC,SAAW,EAAA;QACTC,YAAc,EAAA,KAAA;QACdC,WAAa,EAAA,IAAA;QACbC,cAAgB,EAAA;AAClB;AACF,CAAA;AAEA,MAAMC,yBAA4B,GAAA,UAAA;AAChC,IAAA,MAAMC,WAAW,YAAcC,CAAAA,CAAAA,cAAc,CAACC,YAAY,CAACC,aAAaC,OAAO,CAAA;AACjF,CAAA;AAEA,MAAMC,uBAA0B,GAAA,UAAA;AAC9B,IAAA,MAAML,WAAW,YAAcM,CAAAA,CAAAA,iBAAiB,CAACJ,YAAY,CAACK,gBAAgBC,UAAU,CAAA;AAC1F,CAAA;AAEA,MAAMC,kBAAqB,GAAA,IAAA;AACzB,IAAA,MAAM,EAAEC,8BAA8B,EAAE,GAAGV,UAAW,CAAA,SAAA,CAAA;AAEtDW,IAAAA,MAAAA,CAAOC,EAAE,CAACC,UAAU,CAACC,SAAS,CAAC;QAC7BC,MAAQ,EAAA;AAAC,YAAA;AAAc,SAAA;QACvBC,WAAaN,EAAAA,8BAAAA;QACbO,WAAaP,EAAAA,8BAAAA;QACbQ,WAAY,CAAA,CAAA,EAAEC,MAAM,EAAE,EAAA;AACpB,YAAA,IAAIA,MAAOC,CAAAA,IAAI,CAACC,gBAAgB,EAAE;AAChCX,gBAAAA,8BAAAA,EAAAA;AACF;AACF;AACF,KAAA,CAAA;AACF,CAAA;AAEA,MAAMY,gBAAmB,GAAA,UAAA;AACvB,IAAA,MAAMC,UAAa,GAAA,MAAMZ,MAAOa,CAAAA,KAAK,CAAC;QAAEC,IAAM,EAAA,MAAA;QAAQC,IAAM,EAAA;AAAQ,KAAA,CAAA;AACpE,IAAA,MAAMC,iBAAoB,GAAA,MAAMJ,UAAWK,CAAAA,GAAG,CAAC;QAAEC,GAAK,EAAA;AAAO,KAAA,CAAA;IAC7D,MAAMC,eAAAA,GAAkBC,MAAMrC,wBAA0BiC,EAAAA,iBAAAA,CAAAA;AAExD,IAAA,MAAMK,UAAa,GAAA,MAAMhC,UAAW,CAAA,MAAA,CAAA,CAAQiC,MAAM,CAAC;QACjDC,EAAIJ,EAAAA,eAAAA,CAAgBnC,SAAS,CAACE;AAChC,KAAA,CAAA;;AAGA,IAAA,IAAI,CAACmC,UAAY,EAAA;QACfF,eAAgBnC,CAAAA,SAAS,CAACE,WAAW,GAAG,IAAA;AAC1C;IAEA,MAAM0B,UAAAA,CAAWY,GAAG,CAAC;QAAEN,GAAK,EAAA,MAAA;QAAQO,KAAON,EAAAA;AAAgB,KAAA,CAAA;AAC7D,CAAA;AAEA,MAAMO,wBAA2B,GAAA,UAAA;IAC/B,MAAMC,gBAAAA,GAAmB3B,MAAO4B,CAAAA,UAAU,CAACC,WAAW,CAAC7C,SAAS,CAAC8C,MAAM,CAACC,IAAI,EAAA;AAC5E,IAAA,MAAMC,eAAkB,GAAA,MAAMC,KAAMC,CAAAA,IAAI,CACtClC,MAAAA,CAAOC,EAAE,CAACkC,KAAK,CAAC,6BAA+BC,CAAAA,CAAAA,QAAQ,EACvDC,GAAI,CAAA,QAAA,CAAA,CAAA,EAAA;IAGN,MAAMC,kBAAAA,GAAqBC,IAAKC,CAAAA,UAAAA,CAAWR,eAAiBL,EAAAA,gBAAAA,CAAAA,CAAAA;IAE5D,IAAIW,kBAAAA,CAAmBG,MAAM,GAAG,CAAG,EAAA;AACjC,QAAA,MAAMzC,OAAOC,EAAE,CACZkC,KAAK,CAAC,6BAAA,CAAA,CACNO,UAAU,CAAC;YAAEC,KAAO,EAAA;gBAAEb,MAAQ,EAAA;oBAAEc,GAAKN,EAAAA;AAAmB;AAAE;AAAE,SAAA,CAAA;AACjE;AACF,CAAA;AAEA;;;;;;;;;AASC,IAED,MAAMO,8BAAiC,GAAA,UAAA;AACrC,IAAA,MAAMC,cAAczD,UAAW,CAAA,MAAA,CAAA;AAC/B,IAAA,MAAM0D,kBAAkB1D,UAAW,CAAA,WAAA,CAAA;IAEnC,MAAM2D,UAAAA,GAAa,MAAMF,WAAAA,CAAYG,KAAK,EAAA;IAC1C,MAAMC,aAAAA,GAAgB,MAAMH,eAAAA,CAAgBE,KAAK,EAAA;IAEjD,IAAID,UAAAA,KAAe,CAAKE,IAAAA,aAAAA,KAAkB,CAAG,EAAA;AAC3C,QAAA,KAAK,MAAMC,KAAAA,IAASC,SAAUC,CAAAA,kBAAkB,CAAE;YAChD,MAAMN,eAAAA,CAAgBO,MAAM,CAACH,KAAAA,CAAAA;AAC/B;AACF;AACF,CAAA;AAEA,gBAAe,CAAA,OAAO,EAAEnD,MAAAA,EAAAA,OAAM,EAA2B,GAAA;;IAEvD,MAAM,EAAEuD,OAAO,EAAE,GAAGC,eAAAA,EAAAA;IACpB,MAAMC,wBAAAA,GACJC,kBAAmBH,CAAAA,OAAAA,EAASI,SAAcC,CAAAA,IAAAA,kCAAAA;IAC5C,MAAMC,wBAAAA,GACJH,kBAAmBH,CAAAA,OAAAA,EAASI,SAAcG,CAAAA,IAAAA,4BAAAA;;IAG5C,MAAMC,gBAAAA,GAAmBR,SAASI,SAAa,IAAA,IAAA;AAC/C,IAAA,MAAMK,mBAAmBhE,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CAAC,6CAAkD,CAAA,IAAA,IAAA;AAC7F,IAAA,MAAMiD,mBAAmBlE,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CAAC,wCAA6C,CAAA,IAAA,IAAA;AAExF,IAAA,IAAI8C,qBAAqB,CAACC,gBAAoB,IAAA,CAACE,gBAAe,CAAI,EAAA;QAChElE,OAAOmE,CAAAA,GAAG,CAACC,IAAI,CACb,sLAAA,CAAA;AAEJ;AAEApE,IAAAA,OAAAA,CAAOqE,cAAc,CAACC,YAAY,CAAC,OAAS,EAAA;AAC1CC,QAAAA,SAAAA,EAAWvE,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CAAC,mBAAA,CAAA;AAC7BuD,QAAAA,mBAAAA,EAAqBxE,QAAOiE,MAAM,CAAChD,GAAG,CAAC,2CAA2C,EAAK,GAAA,EAAA,CAAA;AACvFwD,QAAAA,uBAAAA,EAAyBzE,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CACxC,6CACAwC,EAAAA,wBAAAA,CAAAA;AAEFiB,QAAAA,wBAAAA,EAA0B1E,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CACzC,8CACA0D,EAAAA,mCAAAA,CAAAA;AAEFC,QAAAA,kBAAAA,EAAoB5E,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CACnC,wCACA4C,EAAAA,wBAAAA,CAAAA;AAEFgB,QAAAA,mBAAAA,EAAqB7E,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CACpC,yCACA6D,EAAAA,6BAAAA,CAAAA;AAEFC,QAAAA,SAAAA,EAAWxB,OAASwB,EAAAA,SAAAA;;QAEpBC,UAAYzB,EAAAA;AACd,KAAA,CAAA;IAEA,MAAM7D,uBAAAA,EAAAA;IACN,MAAMN,yBAAAA,EAAAA;AACNU,IAAAA,kBAAAA,EAAAA;AAEA,IAAA,MAAMmF,oBAAoB5F,UAAW,CAAA,YAAA,CAAA;AACrC,IAAA,MAAMyD,cAAczD,UAAW,CAAA,MAAA,CAAA;AAC/B,IAAA,MAAM6F,cAAc7F,UAAW,CAAA,MAAA,CAAA;AAC/B,IAAA,MAAM0D,kBAAkB1D,UAAW,CAAA,WAAA,CAAA;AACnC,IAAA,MAAM8F,kBAAkB9F,UAAW,CAAA,UAAA,CAAA;AACnC,IAAA,MAAM+F,eAAe/F,UAAW,CAAA,OAAA,CAAA;AAEhC,IAAA,MAAM6F,YAAYG,sBAAsB,EAAA;AACxC,IAAA,MAAMH,YAAYI,0BAA0B,EAAA;AAC5C,IAAA,MAAMJ,YAAYK,4BAA4B,EAAA;AAE9C,IAAA,MAAMN,kBAAkBO,0BAA0B,EAAA;AAElD,IAAA,MAAM1C,YAAY2C,iCAAiC,EAAA;IAEnD,MAAM9E,gBAAAA,EAAAA;IACN,MAAMe,wBAAAA,EAAAA;IAEN,MAAMrC,UAAAA,CAAW,SAAWqG,CAAAA,CAAAA,4BAA4B,CAAC1F,OAAAA,CAAAA;IACzDX,UAAW,CAAA,SAAA,CAAA,CAAWsG,SAAS,CAAC3F,OAAAA,CAAAA;AAEhC+C,IAAAA,eAAAA,CAAgB6C,kBAAkB,EAAA;IAClCT,eAAgBhC,CAAAA,KAAK,CAACyC,kBAAkB,EAAA;AACxCR,IAAAA,YAAAA,CAAaS,oBAAoB,EAAA;IAEjC,MAAMhD,8BAAAA,EAAAA;AACR,CAAA;;;;"}
1
+ {"version":3,"file":"bootstrap.mjs","sources":["../../../../server/src/bootstrap.ts"],"sourcesContent":["import { merge, map, difference, uniq } from 'lodash/fp';\nimport type { Core } from '@strapi/types';\nimport { async } from '@strapi/utils';\nimport { getService } from './utils';\nimport { getTokenOptions, expiresInToSeconds } from './services/token';\nimport adminActions from './config/admin-actions';\nimport adminConditions from './config/admin-conditions';\nimport constants from './services/constants';\nimport {\n DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN,\n DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN,\n DEFAULT_MAX_SESSION_LIFESPAN,\n DEFAULT_IDLE_SESSION_LIFESPAN,\n} from '../../shared/utils/session-auth';\n\nconst defaultAdminAuthSettings = {\n providers: {\n autoRegister: false,\n defaultRole: null,\n ssoLockedRoles: null,\n },\n};\n\nconst registerPermissionActions = async () => {\n await getService('permission').actionProvider.registerMany(adminActions.actions);\n};\n\nconst registerAdminConditions = async () => {\n await getService('permission').conditionProvider.registerMany(adminConditions.conditions);\n};\n\nconst registerModelHooks = () => {\n const { sendDidChangeInterfaceLanguage } = getService('metrics');\n\n strapi.db.lifecycles.subscribe({\n models: ['admin::user'],\n afterCreate: sendDidChangeInterfaceLanguage,\n afterDelete: sendDidChangeInterfaceLanguage,\n afterUpdate({ params }) {\n if (params.data.preferedLanguage) {\n sendDidChangeInterfaceLanguage();\n }\n },\n });\n};\n\nconst syncAuthSettings = async () => {\n const adminStore = await strapi.store({ type: 'core', name: 'admin' });\n const adminAuthSettings = await adminStore.get({ key: 'auth' });\n const newAuthSettings = merge(defaultAdminAuthSettings, adminAuthSettings);\n\n const roleExists = await getService('role').exists({\n id: newAuthSettings.providers.defaultRole,\n });\n\n // Reset the default SSO role if it has been deleted manually\n if (!roleExists) {\n newAuthSettings.providers.defaultRole = null;\n }\n\n await adminStore.set({ key: 'auth', value: newAuthSettings });\n};\n\nconst syncAPITokensPermissions = async () => {\n const validPermissions = strapi.contentAPI.permissions.providers.action.keys();\n const permissionsInDB = await async.pipe(\n strapi.db.query('admin::api-token-permission').findMany,\n map('action')\n )();\n\n const unknownPermissions = uniq(difference(permissionsInDB, validPermissions));\n\n if (unknownPermissions.length > 0) {\n await strapi.db\n .query('admin::api-token-permission')\n .deleteMany({ where: { action: { $in: unknownPermissions } } });\n }\n};\n\n/**\n * Ensures the creation of default API tokens during the app creation.\n *\n * Checks the database for existing users and API tokens:\n * - If there are no users and no API tokens, it creates two default API tokens:\n * 1. A \"Read Only\" API token with permissions for accessing resources.\n * 2. A \"Full Access\" API token with permissions for accessing and modifying resources.\n *\n * @sideEffects Creates new API tokens in the database if conditions are met.\n */\n\nconst createDefaultAPITokensIfNeeded = async () => {\n const userService = getService('user');\n const apiTokenService = getService('api-token');\n\n const usersCount = await userService.count();\n const apiTokenCount = await apiTokenService.count();\n\n if (usersCount === 0 && apiTokenCount === 0) {\n for (const token of constants.DEFAULT_API_TOKENS) {\n await apiTokenService.create(token);\n }\n }\n};\n\nexport default async ({ strapi }: { strapi: Core.Strapi }) => {\n // Get the merged token options (includes defaults merged with user config)\n const { options } = getTokenOptions();\n const legacyMaxRefreshFallback =\n expiresInToSeconds(options?.expiresIn) ?? DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN;\n const legacyMaxSessionFallback =\n expiresInToSeconds(options?.expiresIn) ?? DEFAULT_MAX_SESSION_LIFESPAN;\n\n // Warn if using deprecated legacy expiresIn for new session settings\n const hasLegacyExpires = options?.expiresIn != null;\n const hasNewMaxRefresh = strapi.config.get('admin.auth.sessions.maxRefreshTokenLifespan') != null;\n const hasNewMaxSession = strapi.config.get('admin.auth.sessions.maxSessionLifespan') != null;\n\n if (hasLegacyExpires && (!hasNewMaxRefresh || !hasNewMaxSession)) {\n strapi.log.warn(\n 'admin.auth.options.expiresIn is deprecated and will be removed in Strapi 6. Please configure admin.auth.sessions.maxRefreshTokenLifespan and admin.auth.sessions.maxSessionLifespan.'\n );\n }\n\n strapi.sessionManager.defineOrigin('admin', {\n jwtSecret: strapi.config.get('admin.auth.secret'),\n accessTokenLifespan: strapi.config.get('admin.auth.sessions.accessTokenLifespan', 30 * 60),\n maxRefreshTokenLifespan: strapi.config.get(\n 'admin.auth.sessions.maxRefreshTokenLifespan',\n legacyMaxRefreshFallback\n ),\n idleRefreshTokenLifespan: strapi.config.get(\n 'admin.auth.sessions.idleRefreshTokenLifespan',\n DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN\n ),\n maxSessionLifespan: strapi.config.get(\n 'admin.auth.sessions.maxSessionLifespan',\n legacyMaxSessionFallback\n ),\n idleSessionLifespan: strapi.config.get(\n 'admin.auth.sessions.idleSessionLifespan',\n DEFAULT_IDLE_SESSION_LIFESPAN\n ),\n algorithm: options?.algorithm,\n // Pass through all JWT options (includes privateKey, publicKey, and any other options)\n jwtOptions: options,\n });\n\n const isProduction = process.env.NODE_ENV === 'production';\n const adminCookieSecure = strapi.config.get('admin.auth.cookie.secure');\n if (isProduction && adminCookieSecure === false) {\n strapi.log.warn(\n 'Server is in production mode, but admin.auth.cookie.secure has been set to false. This is not recommended and will allow cookies to be sent over insecure connections.'\n );\n }\n\n await registerAdminConditions();\n await registerPermissionActions();\n registerModelHooks();\n\n const permissionService = getService('permission');\n const userService = getService('user');\n const roleService = getService('role');\n const apiTokenService = getService('api-token');\n const transferService = getService('transfer');\n const tokenService = getService('token');\n\n await roleService.createRolesIfNoneExist();\n await roleService.resetSuperAdminPermissions();\n await roleService.displayWarningIfNoSuperAdmin();\n\n await permissionService.cleanPermissionsInDatabase();\n\n await userService.displayWarningIfUsersDontHaveRole();\n\n await syncAuthSettings();\n await syncAPITokensPermissions();\n\n await getService('metrics').sendUpdateProjectInformation(strapi);\n getService('metrics').startCron(strapi);\n\n apiTokenService.checkSaltIsDefined();\n transferService.token.checkSaltIsDefined();\n tokenService.checkSecretIsDefined();\n\n await createDefaultAPITokensIfNeeded();\n};\n"],"names":["defaultAdminAuthSettings","providers","autoRegister","defaultRole","ssoLockedRoles","registerPermissionActions","getService","actionProvider","registerMany","adminActions","actions","registerAdminConditions","conditionProvider","adminConditions","conditions","registerModelHooks","sendDidChangeInterfaceLanguage","strapi","db","lifecycles","subscribe","models","afterCreate","afterDelete","afterUpdate","params","data","preferedLanguage","syncAuthSettings","adminStore","store","type","name","adminAuthSettings","get","key","newAuthSettings","merge","roleExists","exists","id","set","value","syncAPITokensPermissions","validPermissions","contentAPI","permissions","action","keys","permissionsInDB","async","pipe","query","findMany","map","unknownPermissions","uniq","difference","length","deleteMany","where","$in","createDefaultAPITokensIfNeeded","userService","apiTokenService","usersCount","count","apiTokenCount","token","constants","DEFAULT_API_TOKENS","create","options","getTokenOptions","legacyMaxRefreshFallback","expiresInToSeconds","expiresIn","DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN","legacyMaxSessionFallback","DEFAULT_MAX_SESSION_LIFESPAN","hasLegacyExpires","hasNewMaxRefresh","config","hasNewMaxSession","log","warn","sessionManager","defineOrigin","jwtSecret","accessTokenLifespan","maxRefreshTokenLifespan","idleRefreshTokenLifespan","DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN","maxSessionLifespan","idleSessionLifespan","DEFAULT_IDLE_SESSION_LIFESPAN","algorithm","jwtOptions","isProduction","process","env","NODE_ENV","adminCookieSecure","permissionService","roleService","transferService","tokenService","createRolesIfNoneExist","resetSuperAdminPermissions","displayWarningIfNoSuperAdmin","cleanPermissionsInDatabase","displayWarningIfUsersDontHaveRole","sendUpdateProjectInformation","startCron","checkSaltIsDefined","checkSecretIsDefined"],"mappings":";;;;;;;;;AAeA,MAAMA,wBAA2B,GAAA;IAC/BC,SAAW,EAAA;QACTC,YAAc,EAAA,KAAA;QACdC,WAAa,EAAA,IAAA;QACbC,cAAgB,EAAA;AAClB;AACF,CAAA;AAEA,MAAMC,yBAA4B,GAAA,UAAA;AAChC,IAAA,MAAMC,WAAW,YAAcC,CAAAA,CAAAA,cAAc,CAACC,YAAY,CAACC,aAAaC,OAAO,CAAA;AACjF,CAAA;AAEA,MAAMC,uBAA0B,GAAA,UAAA;AAC9B,IAAA,MAAML,WAAW,YAAcM,CAAAA,CAAAA,iBAAiB,CAACJ,YAAY,CAACK,gBAAgBC,UAAU,CAAA;AAC1F,CAAA;AAEA,MAAMC,kBAAqB,GAAA,IAAA;AACzB,IAAA,MAAM,EAAEC,8BAA8B,EAAE,GAAGV,UAAW,CAAA,SAAA,CAAA;AAEtDW,IAAAA,MAAAA,CAAOC,EAAE,CAACC,UAAU,CAACC,SAAS,CAAC;QAC7BC,MAAQ,EAAA;AAAC,YAAA;AAAc,SAAA;QACvBC,WAAaN,EAAAA,8BAAAA;QACbO,WAAaP,EAAAA,8BAAAA;QACbQ,WAAY,CAAA,CAAA,EAAEC,MAAM,EAAE,EAAA;AACpB,YAAA,IAAIA,MAAOC,CAAAA,IAAI,CAACC,gBAAgB,EAAE;AAChCX,gBAAAA,8BAAAA,EAAAA;AACF;AACF;AACF,KAAA,CAAA;AACF,CAAA;AAEA,MAAMY,gBAAmB,GAAA,UAAA;AACvB,IAAA,MAAMC,UAAa,GAAA,MAAMZ,MAAOa,CAAAA,KAAK,CAAC;QAAEC,IAAM,EAAA,MAAA;QAAQC,IAAM,EAAA;AAAQ,KAAA,CAAA;AACpE,IAAA,MAAMC,iBAAoB,GAAA,MAAMJ,UAAWK,CAAAA,GAAG,CAAC;QAAEC,GAAK,EAAA;AAAO,KAAA,CAAA;IAC7D,MAAMC,eAAAA,GAAkBC,MAAMrC,wBAA0BiC,EAAAA,iBAAAA,CAAAA;AAExD,IAAA,MAAMK,UAAa,GAAA,MAAMhC,UAAW,CAAA,MAAA,CAAA,CAAQiC,MAAM,CAAC;QACjDC,EAAIJ,EAAAA,eAAAA,CAAgBnC,SAAS,CAACE;AAChC,KAAA,CAAA;;AAGA,IAAA,IAAI,CAACmC,UAAY,EAAA;QACfF,eAAgBnC,CAAAA,SAAS,CAACE,WAAW,GAAG,IAAA;AAC1C;IAEA,MAAM0B,UAAAA,CAAWY,GAAG,CAAC;QAAEN,GAAK,EAAA,MAAA;QAAQO,KAAON,EAAAA;AAAgB,KAAA,CAAA;AAC7D,CAAA;AAEA,MAAMO,wBAA2B,GAAA,UAAA;IAC/B,MAAMC,gBAAAA,GAAmB3B,MAAO4B,CAAAA,UAAU,CAACC,WAAW,CAAC7C,SAAS,CAAC8C,MAAM,CAACC,IAAI,EAAA;AAC5E,IAAA,MAAMC,eAAkB,GAAA,MAAMC,KAAMC,CAAAA,IAAI,CACtClC,MAAAA,CAAOC,EAAE,CAACkC,KAAK,CAAC,6BAA+BC,CAAAA,CAAAA,QAAQ,EACvDC,GAAI,CAAA,QAAA,CAAA,CAAA,EAAA;IAGN,MAAMC,kBAAAA,GAAqBC,IAAKC,CAAAA,UAAAA,CAAWR,eAAiBL,EAAAA,gBAAAA,CAAAA,CAAAA;IAE5D,IAAIW,kBAAAA,CAAmBG,MAAM,GAAG,CAAG,EAAA;AACjC,QAAA,MAAMzC,OAAOC,EAAE,CACZkC,KAAK,CAAC,6BAAA,CAAA,CACNO,UAAU,CAAC;YAAEC,KAAO,EAAA;gBAAEb,MAAQ,EAAA;oBAAEc,GAAKN,EAAAA;AAAmB;AAAE;AAAE,SAAA,CAAA;AACjE;AACF,CAAA;AAEA;;;;;;;;;AASC,IAED,MAAMO,8BAAiC,GAAA,UAAA;AACrC,IAAA,MAAMC,cAAczD,UAAW,CAAA,MAAA,CAAA;AAC/B,IAAA,MAAM0D,kBAAkB1D,UAAW,CAAA,WAAA,CAAA;IAEnC,MAAM2D,UAAAA,GAAa,MAAMF,WAAAA,CAAYG,KAAK,EAAA;IAC1C,MAAMC,aAAAA,GAAgB,MAAMH,eAAAA,CAAgBE,KAAK,EAAA;IAEjD,IAAID,UAAAA,KAAe,CAAKE,IAAAA,aAAAA,KAAkB,CAAG,EAAA;AAC3C,QAAA,KAAK,MAAMC,KAAAA,IAASC,SAAUC,CAAAA,kBAAkB,CAAE;YAChD,MAAMN,eAAAA,CAAgBO,MAAM,CAACH,KAAAA,CAAAA;AAC/B;AACF;AACF,CAAA;AAEA,gBAAe,CAAA,OAAO,EAAEnD,MAAAA,EAAAA,OAAM,EAA2B,GAAA;;IAEvD,MAAM,EAAEuD,OAAO,EAAE,GAAGC,eAAAA,EAAAA;IACpB,MAAMC,wBAAAA,GACJC,kBAAmBH,CAAAA,OAAAA,EAASI,SAAcC,CAAAA,IAAAA,kCAAAA;IAC5C,MAAMC,wBAAAA,GACJH,kBAAmBH,CAAAA,OAAAA,EAASI,SAAcG,CAAAA,IAAAA,4BAAAA;;IAG5C,MAAMC,gBAAAA,GAAmBR,SAASI,SAAa,IAAA,IAAA;AAC/C,IAAA,MAAMK,mBAAmBhE,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CAAC,6CAAkD,CAAA,IAAA,IAAA;AAC7F,IAAA,MAAMiD,mBAAmBlE,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CAAC,wCAA6C,CAAA,IAAA,IAAA;AAExF,IAAA,IAAI8C,qBAAqB,CAACC,gBAAoB,IAAA,CAACE,gBAAe,CAAI,EAAA;QAChElE,OAAOmE,CAAAA,GAAG,CAACC,IAAI,CACb,sLAAA,CAAA;AAEJ;AAEApE,IAAAA,OAAAA,CAAOqE,cAAc,CAACC,YAAY,CAAC,OAAS,EAAA;AAC1CC,QAAAA,SAAAA,EAAWvE,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CAAC,mBAAA,CAAA;AAC7BuD,QAAAA,mBAAAA,EAAqBxE,QAAOiE,MAAM,CAAChD,GAAG,CAAC,2CAA2C,EAAK,GAAA,EAAA,CAAA;AACvFwD,QAAAA,uBAAAA,EAAyBzE,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CACxC,6CACAwC,EAAAA,wBAAAA,CAAAA;AAEFiB,QAAAA,wBAAAA,EAA0B1E,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CACzC,8CACA0D,EAAAA,mCAAAA,CAAAA;AAEFC,QAAAA,kBAAAA,EAAoB5E,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CACnC,wCACA4C,EAAAA,wBAAAA,CAAAA;AAEFgB,QAAAA,mBAAAA,EAAqB7E,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CACpC,yCACA6D,EAAAA,6BAAAA,CAAAA;AAEFC,QAAAA,SAAAA,EAAWxB,OAASwB,EAAAA,SAAAA;;QAEpBC,UAAYzB,EAAAA;AACd,KAAA,CAAA;AAEA,IAAA,MAAM0B,YAAeC,GAAAA,OAAAA,CAAQC,GAAG,CAACC,QAAQ,KAAK,YAAA;AAC9C,IAAA,MAAMC,iBAAoBrF,GAAAA,OAAAA,CAAOiE,MAAM,CAAChD,GAAG,CAAC,0BAAA,CAAA;IAC5C,IAAIgE,YAAAA,IAAgBI,sBAAsB,KAAO,EAAA;QAC/CrF,OAAOmE,CAAAA,GAAG,CAACC,IAAI,CACb,wKAAA,CAAA;AAEJ;IAEA,MAAM1E,uBAAAA,EAAAA;IACN,MAAMN,yBAAAA,EAAAA;AACNU,IAAAA,kBAAAA,EAAAA;AAEA,IAAA,MAAMwF,oBAAoBjG,UAAW,CAAA,YAAA,CAAA;AACrC,IAAA,MAAMyD,cAAczD,UAAW,CAAA,MAAA,CAAA;AAC/B,IAAA,MAAMkG,cAAclG,UAAW,CAAA,MAAA,CAAA;AAC/B,IAAA,MAAM0D,kBAAkB1D,UAAW,CAAA,WAAA,CAAA;AACnC,IAAA,MAAMmG,kBAAkBnG,UAAW,CAAA,UAAA,CAAA;AACnC,IAAA,MAAMoG,eAAepG,UAAW,CAAA,OAAA,CAAA;AAEhC,IAAA,MAAMkG,YAAYG,sBAAsB,EAAA;AACxC,IAAA,MAAMH,YAAYI,0BAA0B,EAAA;AAC5C,IAAA,MAAMJ,YAAYK,4BAA4B,EAAA;AAE9C,IAAA,MAAMN,kBAAkBO,0BAA0B,EAAA;AAElD,IAAA,MAAM/C,YAAYgD,iCAAiC,EAAA;IAEnD,MAAMnF,gBAAAA,EAAAA;IACN,MAAMe,wBAAAA,EAAAA;IAEN,MAAMrC,UAAAA,CAAW,SAAW0G,CAAAA,CAAAA,4BAA4B,CAAC/F,OAAAA,CAAAA;IACzDX,UAAW,CAAA,SAAA,CAAA,CAAW2G,SAAS,CAAChG,OAAAA,CAAAA;AAEhC+C,IAAAA,eAAAA,CAAgBkD,kBAAkB,EAAA;IAClCT,eAAgBrC,CAAAA,KAAK,CAAC8C,kBAAkB,EAAA;AACxCR,IAAAA,YAAAA,CAAaS,oBAAoB,EAAA;IAEjC,MAAMrD,8BAAAA,EAAAA;AACR,CAAA;;;;"}
package/dist/server/shared/utils/session-auth.js CHANGED
@@ -8,13 +8,15 @@ const DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN = 14 * 24 * 60 * 60;
8
8
  const DEFAULT_MAX_SESSION_LIFESPAN = 1 * 24 * 60 * 60;
9
9
  const DEFAULT_IDLE_SESSION_LIFESPAN = 2 * 60 * 60;
10
10
  const getRefreshCookieOptions = ()=>{
11
- const isProduction = strapi.config.get('environment') === 'production';
11
+ const configuredSecure = strapi.config.get('admin.auth.cookie.secure');
12
+ const isProduction = process.env.NODE_ENV === 'production';
12
13
  const domain = strapi.config.get('admin.auth.cookie.domain') || strapi.config.get('admin.auth.domain');
13
14
  const path = strapi.config.get('admin.auth.cookie.path', '/admin');
14
15
  const sameSite = strapi.config.get('admin.auth.cookie.sameSite') ?? 'lax';
16
+ const isSecure = typeof configuredSecure === 'boolean' ? configuredSecure : isProduction;
15
17
  return {
16
18
  httpOnly: true,
17
- secure: isProduction,
19
+ secure: isSecure,
18
20
  overwrite: true,
19
21
  domain,
20
22
  path,
package/dist/server/shared/utils/session-auth.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"session-auth.js","sources":["../../../../shared/utils/session-auth.ts"],"sourcesContent":["import crypto from 'crypto';\nimport type { Modules } from '@strapi/types';\n\nexport const REFRESH_COOKIE_NAME = 'strapi_admin_refresh';\n\nexport const DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN = 30 * 24 * 60 * 60;\nexport const DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN = 14 * 24 * 60 * 60;\nexport const DEFAULT_MAX_SESSION_LIFESPAN = 1 * 24 * 60 * 60;\nexport const DEFAULT_IDLE_SESSION_LIFESPAN = 2 * 60 * 60;\n\nexport const getRefreshCookieOptions = () => {\n const isProduction = strapi.config.get('environment') === 'production';\n const domain: string | undefined =\n strapi.config.get('admin.auth.cookie.domain') || strapi.config.get('admin.auth.domain');\n const path: string = strapi.config.get('admin.auth.cookie.path', '/admin');\n\n const sameSite: boolean | 'lax' | 'strict' | 'none' =\n strapi.config.get('admin.auth.cookie.sameSite') ?? 'lax';\n\n return {\n httpOnly: true,\n secure: isProduction,\n overwrite: true,\n domain,\n path,\n sameSite,\n maxAge: undefined,\n };\n};\n\nconst getLifespansForType = (\n type: 'refresh' | 'session'\n): { idleSeconds: number; maxSeconds: number } => {\n if (type === 'refresh') {\n const idleSeconds = Number(\n strapi.config.get(\n 'admin.auth.sessions.idleRefreshTokenLifespan',\n DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN\n )\n );\n const maxSeconds = Number(\n strapi.config.get(\n 'admin.auth.sessions.maxRefreshTokenLifespan',\n DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN\n )\n );\n\n return { idleSeconds, maxSeconds };\n }\n\n const idleSeconds = Number(\n strapi.config.get('admin.auth.sessions.idleSessionLifespan', DEFAULT_IDLE_SESSION_LIFESPAN)\n );\n const maxSeconds = Number(\n strapi.config.get('admin.auth.sessions.maxSessionLifespan', DEFAULT_MAX_SESSION_LIFESPAN)\n );\n\n return { idleSeconds, maxSeconds };\n};\n\nexport const buildCookieOptionsWithExpiry = (\n type: 'refresh' | 'session',\n absoluteExpiresAtISO?: string\n) => {\n const base = getRefreshCookieOptions();\n if (type === 'session') {\n return base;\n }\n\n const { idleSeconds } = getLifespansForType('refresh');\n const now = Date.now();\n const idleExpiry = now + idleSeconds * 1000;\n const absoluteExpiry = absoluteExpiresAtISO\n ? new Date(absoluteExpiresAtISO).getTime()\n : idleExpiry;\n const chosen = new Date(Math.min(idleExpiry, absoluteExpiry));\n\n return { ...base, expires: chosen, maxAge: Math.max(0, chosen.getTime() - now) };\n};\n\nexport const getSessionManager = (): Modules.SessionManager.SessionManagerService | null => {\n const manager = strapi.sessionManager as Modules.SessionManager.SessionManagerService | undefined;\n return manager ?? null;\n};\n\nexport const generateDeviceId = (): string => crypto.randomUUID();\n\nexport const extractDeviceParams = (\n requestBody: unknown\n): { deviceId: string; rememberMe: boolean } => {\n const body = (requestBody ?? {}) as { deviceId?: string; rememberMe?: boolean };\n const deviceId = body.deviceId || generateDeviceId();\n const rememberMe = Boolean(body.rememberMe);\n\n return { deviceId, rememberMe };\n};\n"],"names":["REFRESH_COOKIE_NAME","DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN","DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN","DEFAULT_MAX_SESSION_LIFESPAN","DEFAULT_IDLE_SESSION_LIFESPAN","getRefreshCookieOptions","isProduction","strapi","config","get","domain","path","sameSite","httpOnly","secure","overwrite","maxAge","undefined","getLifespansForType","type","idleSeconds","Number","maxSeconds","buildCookieOptionsWithExpiry","absoluteExpiresAtISO","base","now","Date","idleExpiry","absoluteExpiry","getTime","chosen","Math","min","expires","max","getSessionManager","manager","sessionManager","generateDeviceId","crypto","randomUUID","extractDeviceParams","requestBody","body","deviceId","rememberMe","Boolean"],"mappings":";;;;AAGO,MAAMA,sBAAsB;AAEtBC,MAAAA,kCAAAA,GAAqC,EAAK,GAAA,EAAA,GAAK,KAAK;AACpDC,MAAAA,mCAAAA,GAAsC,EAAK,GAAA,EAAA,GAAK,KAAK;AACrDC,MAAAA,4BAAAA,GAA+B,CAAI,GAAA,EAAA,GAAK,KAAK;AAC7CC,MAAAA,6BAAAA,GAAgC,CAAI,GAAA,EAAA,GAAK;MAEzCC,uBAA0B,GAAA,IAAA;AACrC,IAAA,MAAMC,eAAeC,MAAOC,CAAAA,MAAM,CAACC,GAAG,CAAC,aAAmB,CAAA,KAAA,YAAA;IAC1D,MAAMC,MAAAA,GACJH,MAAOC,CAAAA,MAAM,CAACC,GAAG,CAAC,0BAAA,CAAA,IAA+BF,MAAOC,CAAAA,MAAM,CAACC,GAAG,CAAC,mBAAA,CAAA;AACrE,IAAA,MAAME,OAAeJ,MAAOC,CAAAA,MAAM,CAACC,GAAG,CAAC,wBAA0B,EAAA,QAAA,CAAA;AAEjE,IAAA,MAAMG,WACJL,MAAOC,CAAAA,MAAM,CAACC,GAAG,CAAC,4BAAiC,CAAA,IAAA,KAAA;IAErD,OAAO;QACLI,QAAU,EAAA,IAAA;QACVC,MAAQR,EAAAA,YAAAA;QACRS,SAAW,EAAA,IAAA;AACXL,QAAAA,MAAAA;AACAC,QAAAA,IAAAA;AACAC,QAAAA,QAAAA;QACAI,MAAQC,EAAAA;AACV,KAAA;AACF;AAEA,MAAMC,sBAAsB,CAC1BC,IAAAA,GAAAA;AAEA,IAAwB;AACtB,QAAA,MAAMC,cAAcC,MAClBd,CAAAA,MAAAA,CAAOC,MAAM,CAACC,GAAG,CACf,8CACAP,EAAAA,mCAAAA,CAAAA,CAAAA;AAGJ,QAAA,MAAMoB,aAAaD,MACjBd,CAAAA,MAAAA,CAAOC,MAAM,CAACC,GAAG,CACf,6CACAR,EAAAA,kCAAAA,CAAAA,CAAAA;QAIJ,OAAO;AAAEmB,YAAAA,WAAAA;AAAaE,YAAAA;AAAW,SAAA;AACnC;AAUF,CAAA;AAEO,MAAMC,4BAA+B,GAAA,CAC1CJ,IACAK,EAAAA,oBAAAA,GAAAA;AAEA,IAAA,MAAMC,IAAOpB,GAAAA,uBAAAA,EAAAA;AACb,IAAA,IAAIc,SAAS,SAAW,EAAA;QACtB,OAAOM,IAAAA;AACT;AAEA,IAAA,MAAM,EAAEL,WAAW,EAAE,GAAGF,mBAAoB,CAAA,CAAA;IAC5C,MAAMQ,GAAAA,GAAMC,KAAKD,GAAG,EAAA;IACpB,MAAME,UAAAA,GAAaF,MAAMN,WAAc,GAAA,IAAA;AACvC,IAAA,MAAMS,iBAAiBL,oBACnB,GAAA,IAAIG,IAAKH,CAAAA,oBAAAA,CAAAA,CAAsBM,OAAO,EACtCF,GAAAA,UAAAA;AACJ,IAAA,MAAMG,SAAS,IAAIJ,IAAAA,CAAKK,IAAKC,CAAAA,GAAG,CAACL,UAAYC,EAAAA,cAAAA,CAAAA,CAAAA;IAE7C,OAAO;AAAE,QAAA,GAAGJ,IAAI;QAAES,OAASH,EAAAA,MAAAA;AAAQf,QAAAA,MAAAA,EAAQgB,KAAKG,GAAG,CAAC,CAAGJ,EAAAA,MAAAA,CAAOD,OAAO,EAAKJ,GAAAA,GAAAA;AAAK,KAAA;AACjF;MAEaU,iBAAoB,GAAA,IAAA;IAC/B,MAAMC,OAAAA,GAAU9B,OAAO+B,cAAc;AACrC,IAAA,OAAOD,OAAW,IAAA,IAAA;AACpB;AAEaE,MAAAA,gBAAAA,GAAmB,IAAcC,MAAAA,CAAOC,UAAU;AAExD,MAAMC,sBAAsB,CACjCC,WAAAA,GAAAA;IAEA,MAAMC,IAAAA,GAAQD,eAAe,EAAC;IAC9B,MAAME,QAAAA,GAAWD,IAAKC,CAAAA,QAAQ,IAAIN,gBAAAA,EAAAA;IAClC,MAAMO,UAAAA,GAAaC,OAAQH,CAAAA,IAAAA,CAAKE,UAAU,CAAA;IAE1C,OAAO;AAAED,QAAAA,QAAAA;AAAUC,QAAAA;AAAW,KAAA;AAChC;;;;;;;;;;;;;"}
1
+ {"version":3,"file":"session-auth.js","sources":["../../../../shared/utils/session-auth.ts"],"sourcesContent":["import crypto from 'crypto';\nimport type { Modules } from '@strapi/types';\n\nexport const REFRESH_COOKIE_NAME = 'strapi_admin_refresh';\n\nexport const DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN = 30 * 24 * 60 * 60;\nexport const DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN = 14 * 24 * 60 * 60;\nexport const DEFAULT_MAX_SESSION_LIFESPAN = 1 * 24 * 60 * 60;\nexport const DEFAULT_IDLE_SESSION_LIFESPAN = 2 * 60 * 60;\n\nexport const getRefreshCookieOptions = () => {\n const configuredSecure = strapi.config.get('admin.auth.cookie.secure');\n const isProduction = process.env.NODE_ENV === 'production';\n\n const domain: string | undefined =\n strapi.config.get('admin.auth.cookie.domain') || strapi.config.get('admin.auth.domain');\n const path: string = strapi.config.get('admin.auth.cookie.path', '/admin');\n\n const sameSite: boolean | 'lax' | 'strict' | 'none' =\n strapi.config.get('admin.auth.cookie.sameSite') ?? 'lax';\n\n const isSecure = typeof configuredSecure === 'boolean' ? configuredSecure : isProduction;\n\n return {\n httpOnly: true,\n secure: isSecure,\n overwrite: true,\n domain,\n path,\n sameSite,\n maxAge: undefined,\n };\n};\n\nconst getLifespansForType = (\n type: 'refresh' | 'session'\n): { idleSeconds: number; maxSeconds: number } => {\n if (type === 'refresh') {\n const idleSeconds = Number(\n strapi.config.get(\n 'admin.auth.sessions.idleRefreshTokenLifespan',\n DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN\n )\n );\n const maxSeconds = Number(\n strapi.config.get(\n 'admin.auth.sessions.maxRefreshTokenLifespan',\n DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN\n )\n );\n\n return { idleSeconds, maxSeconds };\n }\n\n const idleSeconds = Number(\n strapi.config.get('admin.auth.sessions.idleSessionLifespan', DEFAULT_IDLE_SESSION_LIFESPAN)\n );\n const maxSeconds = Number(\n strapi.config.get('admin.auth.sessions.maxSessionLifespan', DEFAULT_MAX_SESSION_LIFESPAN)\n );\n\n return { idleSeconds, maxSeconds };\n};\n\nexport const buildCookieOptionsWithExpiry = (\n type: 'refresh' | 'session',\n absoluteExpiresAtISO?: string\n) => {\n const base = getRefreshCookieOptions();\n if (type === 'session') {\n return base;\n }\n\n const { idleSeconds } = getLifespansForType('refresh');\n const now = Date.now();\n const idleExpiry = now + idleSeconds * 1000;\n const absoluteExpiry = absoluteExpiresAtISO\n ? new Date(absoluteExpiresAtISO).getTime()\n : idleExpiry;\n const chosen = new Date(Math.min(idleExpiry, absoluteExpiry));\n\n return { ...base, expires: chosen, maxAge: Math.max(0, chosen.getTime() - now) };\n};\n\nexport const getSessionManager = (): Modules.SessionManager.SessionManagerService | null => {\n const manager = strapi.sessionManager as Modules.SessionManager.SessionManagerService | undefined;\n return manager ?? null;\n};\n\nexport const generateDeviceId = (): string => crypto.randomUUID();\n\nexport const extractDeviceParams = (\n requestBody: unknown\n): { deviceId: string; rememberMe: boolean } => {\n const body = (requestBody ?? {}) as { deviceId?: string; rememberMe?: boolean };\n const deviceId = body.deviceId || generateDeviceId();\n const rememberMe = Boolean(body.rememberMe);\n\n return { deviceId, rememberMe };\n};\n"],"names":["REFRESH_COOKIE_NAME","DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN","DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN","DEFAULT_MAX_SESSION_LIFESPAN","DEFAULT_IDLE_SESSION_LIFESPAN","getRefreshCookieOptions","configuredSecure","strapi","config","get","isProduction","process","env","NODE_ENV","domain","path","sameSite","isSecure","httpOnly","secure","overwrite","maxAge","undefined","getLifespansForType","type","idleSeconds","Number","maxSeconds","buildCookieOptionsWithExpiry","absoluteExpiresAtISO","base","now","Date","idleExpiry","absoluteExpiry","getTime","chosen","Math","min","expires","max","getSessionManager","manager","sessionManager","generateDeviceId","crypto","randomUUID","extractDeviceParams","requestBody","body","deviceId","rememberMe","Boolean"],"mappings":";;;;AAGO,MAAMA,sBAAsB;AAEtBC,MAAAA,kCAAAA,GAAqC,EAAK,GAAA,EAAA,GAAK,KAAK;AACpDC,MAAAA,mCAAAA,GAAsC,EAAK,GAAA,EAAA,GAAK,KAAK;AACrDC,MAAAA,4BAAAA,GAA+B,CAAI,GAAA,EAAA,GAAK,KAAK;AAC7CC,MAAAA,6BAAAA,GAAgC,CAAI,GAAA,EAAA,GAAK;MAEzCC,uBAA0B,GAAA,IAAA;AACrC,IAAA,MAAMC,gBAAmBC,GAAAA,MAAAA,CAAOC,MAAM,CAACC,GAAG,CAAC,0BAAA,CAAA;AAC3C,IAAA,MAAMC,YAAeC,GAAAA,OAAAA,CAAQC,GAAG,CAACC,QAAQ,KAAK,YAAA;IAE9C,MAAMC,MAAAA,GACJP,MAAOC,CAAAA,MAAM,CAACC,GAAG,CAAC,0BAAA,CAAA,IAA+BF,MAAOC,CAAAA,MAAM,CAACC,GAAG,CAAC,mBAAA,CAAA;AACrE,IAAA,MAAMM,OAAeR,MAAOC,CAAAA,MAAM,CAACC,GAAG,CAAC,wBAA0B,EAAA,QAAA,CAAA;AAEjE,IAAA,MAAMO,WACJT,MAAOC,CAAAA,MAAM,CAACC,GAAG,CAAC,4BAAiC,CAAA,IAAA,KAAA;AAErD,IAAA,MAAMQ,QAAW,GAAA,OAAOX,gBAAqB,KAAA,SAAA,GAAYA,gBAAmBI,GAAAA,YAAAA;IAE5E,OAAO;QACLQ,QAAU,EAAA,IAAA;QACVC,MAAQF,EAAAA,QAAAA;QACRG,SAAW,EAAA,IAAA;AACXN,QAAAA,MAAAA;AACAC,QAAAA,IAAAA;AACAC,QAAAA,QAAAA;QACAK,MAAQC,EAAAA;AACV,KAAA;AACF;AAEA,MAAMC,sBAAsB,CAC1BC,IAAAA,GAAAA;AAEA,IAAwB;AACtB,QAAA,MAAMC,cAAcC,MAClBnB,CAAAA,MAAAA,CAAOC,MAAM,CAACC,GAAG,CACf,8CACAP,EAAAA,mCAAAA,CAAAA,CAAAA;AAGJ,QAAA,MAAMyB,aAAaD,MACjBnB,CAAAA,MAAAA,CAAOC,MAAM,CAACC,GAAG,CACf,6CACAR,EAAAA,kCAAAA,CAAAA,CAAAA;QAIJ,OAAO;AAAEwB,YAAAA,WAAAA;AAAaE,YAAAA;AAAW,SAAA;AACnC;AAUF,CAAA;AAEO,MAAMC,4BAA+B,GAAA,CAC1CJ,IACAK,EAAAA,oBAAAA,GAAAA;AAEA,IAAA,MAAMC,IAAOzB,GAAAA,uBAAAA,EAAAA;AACb,IAAA,IAAImB,SAAS,SAAW,EAAA;QACtB,OAAOM,IAAAA;AACT;AAEA,IAAA,MAAM,EAAEL,WAAW,EAAE,GAAGF,mBAAoB,CAAA,CAAA;IAC5C,MAAMQ,GAAAA,GAAMC,KAAKD,GAAG,EAAA;IACpB,MAAME,UAAAA,GAAaF,MAAMN,WAAc,GAAA,IAAA;AACvC,IAAA,MAAMS,iBAAiBL,oBACnB,GAAA,IAAIG,IAAKH,CAAAA,oBAAAA,CAAAA,CAAsBM,OAAO,EACtCF,GAAAA,UAAAA;AACJ,IAAA,MAAMG,SAAS,IAAIJ,IAAAA,CAAKK,IAAKC,CAAAA,GAAG,CAACL,UAAYC,EAAAA,cAAAA,CAAAA,CAAAA;IAE7C,OAAO;AAAE,QAAA,GAAGJ,IAAI;QAAES,OAASH,EAAAA,MAAAA;AAAQf,QAAAA,MAAAA,EAAQgB,KAAKG,GAAG,CAAC,CAAGJ,EAAAA,MAAAA,CAAOD,OAAO,EAAKJ,GAAAA,GAAAA;AAAK,KAAA;AACjF;MAEaU,iBAAoB,GAAA,IAAA;IAC/B,MAAMC,OAAAA,GAAUnC,OAAOoC,cAAc;AACrC,IAAA,OAAOD,OAAW,IAAA,IAAA;AACpB;AAEaE,MAAAA,gBAAAA,GAAmB,IAAcC,MAAAA,CAAOC,UAAU;AAExD,MAAMC,sBAAsB,CACjCC,WAAAA,GAAAA;IAEA,MAAMC,IAAAA,GAAQD,eAAe,EAAC;IAC9B,MAAME,QAAAA,GAAWD,IAAKC,CAAAA,QAAQ,IAAIN,gBAAAA,EAAAA;IAClC,MAAMO,UAAAA,GAAaC,OAAQH,CAAAA,IAAAA,CAAKE,UAAU,CAAA;IAE1C,OAAO;AAAED,QAAAA,QAAAA;AAAUC,QAAAA;AAAW,KAAA;AAChC;;;;;;;;;;;;;"}
package/dist/server/shared/utils/session-auth.mjs CHANGED
@@ -6,13 +6,15 @@ const DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN = 14 * 24 * 60 * 60;
6
6
  const DEFAULT_MAX_SESSION_LIFESPAN = 1 * 24 * 60 * 60;
7
7
  const DEFAULT_IDLE_SESSION_LIFESPAN = 2 * 60 * 60;
8
8
  const getRefreshCookieOptions = ()=>{
9
- const isProduction = strapi.config.get('environment') === 'production';
9
+ const configuredSecure = strapi.config.get('admin.auth.cookie.secure');
10
+ const isProduction = process.env.NODE_ENV === 'production';
10
11
  const domain = strapi.config.get('admin.auth.cookie.domain') || strapi.config.get('admin.auth.domain');
11
12
  const path = strapi.config.get('admin.auth.cookie.path', '/admin');
12
13
  const sameSite = strapi.config.get('admin.auth.cookie.sameSite') ?? 'lax';
14
+ const isSecure = typeof configuredSecure === 'boolean' ? configuredSecure : isProduction;
13
15
  return {
14
16
  httpOnly: true,
15
- secure: isProduction,
17
+ secure: isSecure,
16
18
  overwrite: true,
17
19
  domain,
18
20
  path,
package/dist/server/shared/utils/session-auth.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"session-auth.mjs","sources":["../../../../shared/utils/session-auth.ts"],"sourcesContent":["import crypto from 'crypto';\nimport type { Modules } from '@strapi/types';\n\nexport const REFRESH_COOKIE_NAME = 'strapi_admin_refresh';\n\nexport const DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN = 30 * 24 * 60 * 60;\nexport const DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN = 14 * 24 * 60 * 60;\nexport const DEFAULT_MAX_SESSION_LIFESPAN = 1 * 24 * 60 * 60;\nexport const DEFAULT_IDLE_SESSION_LIFESPAN = 2 * 60 * 60;\n\nexport const getRefreshCookieOptions = () => {\n const isProduction = strapi.config.get('environment') === 'production';\n const domain: string | undefined =\n strapi.config.get('admin.auth.cookie.domain') || strapi.config.get('admin.auth.domain');\n const path: string = strapi.config.get('admin.auth.cookie.path', '/admin');\n\n const sameSite: boolean | 'lax' | 'strict' | 'none' =\n strapi.config.get('admin.auth.cookie.sameSite') ?? 'lax';\n\n return {\n httpOnly: true,\n secure: isProduction,\n overwrite: true,\n domain,\n path,\n sameSite,\n maxAge: undefined,\n };\n};\n\nconst getLifespansForType = (\n type: 'refresh' | 'session'\n): { idleSeconds: number; maxSeconds: number } => {\n if (type === 'refresh') {\n const idleSeconds = Number(\n strapi.config.get(\n 'admin.auth.sessions.idleRefreshTokenLifespan',\n DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN\n )\n );\n const maxSeconds = Number(\n strapi.config.get(\n 'admin.auth.sessions.maxRefreshTokenLifespan',\n DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN\n )\n );\n\n return { idleSeconds, maxSeconds };\n }\n\n const idleSeconds = Number(\n strapi.config.get('admin.auth.sessions.idleSessionLifespan', DEFAULT_IDLE_SESSION_LIFESPAN)\n );\n const maxSeconds = Number(\n strapi.config.get('admin.auth.sessions.maxSessionLifespan', DEFAULT_MAX_SESSION_LIFESPAN)\n );\n\n return { idleSeconds, maxSeconds };\n};\n\nexport const buildCookieOptionsWithExpiry = (\n type: 'refresh' | 'session',\n absoluteExpiresAtISO?: string\n) => {\n const base = getRefreshCookieOptions();\n if (type === 'session') {\n return base;\n }\n\n const { idleSeconds } = getLifespansForType('refresh');\n const now = Date.now();\n const idleExpiry = now + idleSeconds * 1000;\n const absoluteExpiry = absoluteExpiresAtISO\n ? new Date(absoluteExpiresAtISO).getTime()\n : idleExpiry;\n const chosen = new Date(Math.min(idleExpiry, absoluteExpiry));\n\n return { ...base, expires: chosen, maxAge: Math.max(0, chosen.getTime() - now) };\n};\n\nexport const getSessionManager = (): Modules.SessionManager.SessionManagerService | null => {\n const manager = strapi.sessionManager as Modules.SessionManager.SessionManagerService | undefined;\n return manager ?? null;\n};\n\nexport const generateDeviceId = (): string => crypto.randomUUID();\n\nexport const extractDeviceParams = (\n requestBody: unknown\n): { deviceId: string; rememberMe: boolean } => {\n const body = (requestBody ?? {}) as { deviceId?: string; rememberMe?: boolean };\n const deviceId = body.deviceId || generateDeviceId();\n const rememberMe = Boolean(body.rememberMe);\n\n return { deviceId, rememberMe };\n};\n"],"names":["REFRESH_COOKIE_NAME","DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN","DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN","DEFAULT_MAX_SESSION_LIFESPAN","DEFAULT_IDLE_SESSION_LIFESPAN","getRefreshCookieOptions","isProduction","strapi","config","get","domain","path","sameSite","httpOnly","secure","overwrite","maxAge","undefined","getLifespansForType","type","idleSeconds","Number","maxSeconds","buildCookieOptionsWithExpiry","absoluteExpiresAtISO","base","now","Date","idleExpiry","absoluteExpiry","getTime","chosen","Math","min","expires","max","getSessionManager","manager","sessionManager","generateDeviceId","crypto","randomUUID","extractDeviceParams","requestBody","body","deviceId","rememberMe","Boolean"],"mappings":";;AAGO,MAAMA,sBAAsB;AAEtBC,MAAAA,kCAAAA,GAAqC,EAAK,GAAA,EAAA,GAAK,KAAK;AACpDC,MAAAA,mCAAAA,GAAsC,EAAK,GAAA,EAAA,GAAK,KAAK;AACrDC,MAAAA,4BAAAA,GAA+B,CAAI,GAAA,EAAA,GAAK,KAAK;AAC7CC,MAAAA,6BAAAA,GAAgC,CAAI,GAAA,EAAA,GAAK;MAEzCC,uBAA0B,GAAA,IAAA;AACrC,IAAA,MAAMC,eAAeC,MAAOC,CAAAA,MAAM,CAACC,GAAG,CAAC,aAAmB,CAAA,KAAA,YAAA;IAC1D,MAAMC,MAAAA,GACJH,MAAOC,CAAAA,MAAM,CAACC,GAAG,CAAC,0BAAA,CAAA,IAA+BF,MAAOC,CAAAA,MAAM,CAACC,GAAG,CAAC,mBAAA,CAAA;AACrE,IAAA,MAAME,OAAeJ,MAAOC,CAAAA,MAAM,CAACC,GAAG,CAAC,wBAA0B,EAAA,QAAA,CAAA;AAEjE,IAAA,MAAMG,WACJL,MAAOC,CAAAA,MAAM,CAACC,GAAG,CAAC,4BAAiC,CAAA,IAAA,KAAA;IAErD,OAAO;QACLI,QAAU,EAAA,IAAA;QACVC,MAAQR,EAAAA,YAAAA;QACRS,SAAW,EAAA,IAAA;AACXL,QAAAA,MAAAA;AACAC,QAAAA,IAAAA;AACAC,QAAAA,QAAAA;QACAI,MAAQC,EAAAA;AACV,KAAA;AACF;AAEA,MAAMC,sBAAsB,CAC1BC,IAAAA,GAAAA;AAEA,IAAwB;AACtB,QAAA,MAAMC,cAAcC,MAClBd,CAAAA,MAAAA,CAAOC,MAAM,CAACC,GAAG,CACf,8CACAP,EAAAA,mCAAAA,CAAAA,CAAAA;AAGJ,QAAA,MAAMoB,aAAaD,MACjBd,CAAAA,MAAAA,CAAOC,MAAM,CAACC,GAAG,CACf,6CACAR,EAAAA,kCAAAA,CAAAA,CAAAA;QAIJ,OAAO;AAAEmB,YAAAA,WAAAA;AAAaE,YAAAA;AAAW,SAAA;AACnC;AAUF,CAAA;AAEO,MAAMC,4BAA+B,GAAA,CAC1CJ,IACAK,EAAAA,oBAAAA,GAAAA;AAEA,IAAA,MAAMC,IAAOpB,GAAAA,uBAAAA,EAAAA;AACb,IAAA,IAAIc,SAAS,SAAW,EAAA;QACtB,OAAOM,IAAAA;AACT;AAEA,IAAA,MAAM,EAAEL,WAAW,EAAE,GAAGF,mBAAoB,CAAA,CAAA;IAC5C,MAAMQ,GAAAA,GAAMC,KAAKD,GAAG,EAAA;IACpB,MAAME,UAAAA,GAAaF,MAAMN,WAAc,GAAA,IAAA;AACvC,IAAA,MAAMS,iBAAiBL,oBACnB,GAAA,IAAIG,IAAKH,CAAAA,oBAAAA,CAAAA,CAAsBM,OAAO,EACtCF,GAAAA,UAAAA;AACJ,IAAA,MAAMG,SAAS,IAAIJ,IAAAA,CAAKK,IAAKC,CAAAA,GAAG,CAACL,UAAYC,EAAAA,cAAAA,CAAAA,CAAAA;IAE7C,OAAO;AAAE,QAAA,GAAGJ,IAAI;QAAES,OAASH,EAAAA,MAAAA;AAAQf,QAAAA,MAAAA,EAAQgB,KAAKG,GAAG,CAAC,CAAGJ,EAAAA,MAAAA,CAAOD,OAAO,EAAKJ,GAAAA,GAAAA;AAAK,KAAA;AACjF;MAEaU,iBAAoB,GAAA,IAAA;IAC/B,MAAMC,OAAAA,GAAU9B,OAAO+B,cAAc;AACrC,IAAA,OAAOD,OAAW,IAAA,IAAA;AACpB;AAEaE,MAAAA,gBAAAA,GAAmB,IAAcC,MAAAA,CAAOC,UAAU;AAExD,MAAMC,sBAAsB,CACjCC,WAAAA,GAAAA;IAEA,MAAMC,IAAAA,GAAQD,eAAe,EAAC;IAC9B,MAAME,QAAAA,GAAWD,IAAKC,CAAAA,QAAQ,IAAIN,gBAAAA,EAAAA;IAClC,MAAMO,UAAAA,GAAaC,OAAQH,CAAAA,IAAAA,CAAKE,UAAU,CAAA;IAE1C,OAAO;AAAED,QAAAA,QAAAA;AAAUC,QAAAA;AAAW,KAAA;AAChC;;;;"}
1
+ {"version":3,"file":"session-auth.mjs","sources":["../../../../shared/utils/session-auth.ts"],"sourcesContent":["import crypto from 'crypto';\nimport type { Modules } from '@strapi/types';\n\nexport const REFRESH_COOKIE_NAME = 'strapi_admin_refresh';\n\nexport const DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN = 30 * 24 * 60 * 60;\nexport const DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN = 14 * 24 * 60 * 60;\nexport const DEFAULT_MAX_SESSION_LIFESPAN = 1 * 24 * 60 * 60;\nexport const DEFAULT_IDLE_SESSION_LIFESPAN = 2 * 60 * 60;\n\nexport const getRefreshCookieOptions = () => {\n const configuredSecure = strapi.config.get('admin.auth.cookie.secure');\n const isProduction = process.env.NODE_ENV === 'production';\n\n const domain: string | undefined =\n strapi.config.get('admin.auth.cookie.domain') || strapi.config.get('admin.auth.domain');\n const path: string = strapi.config.get('admin.auth.cookie.path', '/admin');\n\n const sameSite: boolean | 'lax' | 'strict' | 'none' =\n strapi.config.get('admin.auth.cookie.sameSite') ?? 'lax';\n\n const isSecure = typeof configuredSecure === 'boolean' ? configuredSecure : isProduction;\n\n return {\n httpOnly: true,\n secure: isSecure,\n overwrite: true,\n domain,\n path,\n sameSite,\n maxAge: undefined,\n };\n};\n\nconst getLifespansForType = (\n type: 'refresh' | 'session'\n): { idleSeconds: number; maxSeconds: number } => {\n if (type === 'refresh') {\n const idleSeconds = Number(\n strapi.config.get(\n 'admin.auth.sessions.idleRefreshTokenLifespan',\n DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN\n )\n );\n const maxSeconds = Number(\n strapi.config.get(\n 'admin.auth.sessions.maxRefreshTokenLifespan',\n DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN\n )\n );\n\n return { idleSeconds, maxSeconds };\n }\n\n const idleSeconds = Number(\n strapi.config.get('admin.auth.sessions.idleSessionLifespan', DEFAULT_IDLE_SESSION_LIFESPAN)\n );\n const maxSeconds = Number(\n strapi.config.get('admin.auth.sessions.maxSessionLifespan', DEFAULT_MAX_SESSION_LIFESPAN)\n );\n\n return { idleSeconds, maxSeconds };\n};\n\nexport const buildCookieOptionsWithExpiry = (\n type: 'refresh' | 'session',\n absoluteExpiresAtISO?: string\n) => {\n const base = getRefreshCookieOptions();\n if (type === 'session') {\n return base;\n }\n\n const { idleSeconds } = getLifespansForType('refresh');\n const now = Date.now();\n const idleExpiry = now + idleSeconds * 1000;\n const absoluteExpiry = absoluteExpiresAtISO\n ? new Date(absoluteExpiresAtISO).getTime()\n : idleExpiry;\n const chosen = new Date(Math.min(idleExpiry, absoluteExpiry));\n\n return { ...base, expires: chosen, maxAge: Math.max(0, chosen.getTime() - now) };\n};\n\nexport const getSessionManager = (): Modules.SessionManager.SessionManagerService | null => {\n const manager = strapi.sessionManager as Modules.SessionManager.SessionManagerService | undefined;\n return manager ?? null;\n};\n\nexport const generateDeviceId = (): string => crypto.randomUUID();\n\nexport const extractDeviceParams = (\n requestBody: unknown\n): { deviceId: string; rememberMe: boolean } => {\n const body = (requestBody ?? {}) as { deviceId?: string; rememberMe?: boolean };\n const deviceId = body.deviceId || generateDeviceId();\n const rememberMe = Boolean(body.rememberMe);\n\n return { deviceId, rememberMe };\n};\n"],"names":["REFRESH_COOKIE_NAME","DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN","DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN","DEFAULT_MAX_SESSION_LIFESPAN","DEFAULT_IDLE_SESSION_LIFESPAN","getRefreshCookieOptions","configuredSecure","strapi","config","get","isProduction","process","env","NODE_ENV","domain","path","sameSite","isSecure","httpOnly","secure","overwrite","maxAge","undefined","getLifespansForType","type","idleSeconds","Number","maxSeconds","buildCookieOptionsWithExpiry","absoluteExpiresAtISO","base","now","Date","idleExpiry","absoluteExpiry","getTime","chosen","Math","min","expires","max","getSessionManager","manager","sessionManager","generateDeviceId","crypto","randomUUID","extractDeviceParams","requestBody","body","deviceId","rememberMe","Boolean"],"mappings":";;AAGO,MAAMA,sBAAsB;AAEtBC,MAAAA,kCAAAA,GAAqC,EAAK,GAAA,EAAA,GAAK,KAAK;AACpDC,MAAAA,mCAAAA,GAAsC,EAAK,GAAA,EAAA,GAAK,KAAK;AACrDC,MAAAA,4BAAAA,GAA+B,CAAI,GAAA,EAAA,GAAK,KAAK;AAC7CC,MAAAA,6BAAAA,GAAgC,CAAI,GAAA,EAAA,GAAK;MAEzCC,uBAA0B,GAAA,IAAA;AACrC,IAAA,MAAMC,gBAAmBC,GAAAA,MAAAA,CAAOC,MAAM,CAACC,GAAG,CAAC,0BAAA,CAAA;AAC3C,IAAA,MAAMC,YAAeC,GAAAA,OAAAA,CAAQC,GAAG,CAACC,QAAQ,KAAK,YAAA;IAE9C,MAAMC,MAAAA,GACJP,MAAOC,CAAAA,MAAM,CAACC,GAAG,CAAC,0BAAA,CAAA,IAA+BF,MAAOC,CAAAA,MAAM,CAACC,GAAG,CAAC,mBAAA,CAAA;AACrE,IAAA,MAAMM,OAAeR,MAAOC,CAAAA,MAAM,CAACC,GAAG,CAAC,wBAA0B,EAAA,QAAA,CAAA;AAEjE,IAAA,MAAMO,WACJT,MAAOC,CAAAA,MAAM,CAACC,GAAG,CAAC,4BAAiC,CAAA,IAAA,KAAA;AAErD,IAAA,MAAMQ,QAAW,GAAA,OAAOX,gBAAqB,KAAA,SAAA,GAAYA,gBAAmBI,GAAAA,YAAAA;IAE5E,OAAO;QACLQ,QAAU,EAAA,IAAA;QACVC,MAAQF,EAAAA,QAAAA;QACRG,SAAW,EAAA,IAAA;AACXN,QAAAA,MAAAA;AACAC,QAAAA,IAAAA;AACAC,QAAAA,QAAAA;QACAK,MAAQC,EAAAA;AACV,KAAA;AACF;AAEA,MAAMC,sBAAsB,CAC1BC,IAAAA,GAAAA;AAEA,IAAwB;AACtB,QAAA,MAAMC,cAAcC,MAClBnB,CAAAA,MAAAA,CAAOC,MAAM,CAACC,GAAG,CACf,8CACAP,EAAAA,mCAAAA,CAAAA,CAAAA;AAGJ,QAAA,MAAMyB,aAAaD,MACjBnB,CAAAA,MAAAA,CAAOC,MAAM,CAACC,GAAG,CACf,6CACAR,EAAAA,kCAAAA,CAAAA,CAAAA;QAIJ,OAAO;AAAEwB,YAAAA,WAAAA;AAAaE,YAAAA;AAAW,SAAA;AACnC;AAUF,CAAA;AAEO,MAAMC,4BAA+B,GAAA,CAC1CJ,IACAK,EAAAA,oBAAAA,GAAAA;AAEA,IAAA,MAAMC,IAAOzB,GAAAA,uBAAAA,EAAAA;AACb,IAAA,IAAImB,SAAS,SAAW,EAAA;QACtB,OAAOM,IAAAA;AACT;AAEA,IAAA,MAAM,EAAEL,WAAW,EAAE,GAAGF,mBAAoB,CAAA,CAAA;IAC5C,MAAMQ,GAAAA,GAAMC,KAAKD,GAAG,EAAA;IACpB,MAAME,UAAAA,GAAaF,MAAMN,WAAc,GAAA,IAAA;AACvC,IAAA,MAAMS,iBAAiBL,oBACnB,GAAA,IAAIG,IAAKH,CAAAA,oBAAAA,CAAAA,CAAsBM,OAAO,EACtCF,GAAAA,UAAAA;AACJ,IAAA,MAAMG,SAAS,IAAIJ,IAAAA,CAAKK,IAAKC,CAAAA,GAAG,CAACL,UAAYC,EAAAA,cAAAA,CAAAA,CAAAA;IAE7C,OAAO;AAAE,QAAA,GAAGJ,IAAI;QAAES,OAASH,EAAAA,MAAAA;AAAQf,QAAAA,MAAAA,EAAQgB,KAAKG,GAAG,CAAC,CAAGJ,EAAAA,MAAAA,CAAOD,OAAO,EAAKJ,GAAAA,GAAAA;AAAK,KAAA;AACjF;MAEaU,iBAAoB,GAAA,IAAA;IAC/B,MAAMC,OAAAA,GAAUnC,OAAOoC,cAAc;AACrC,IAAA,OAAOD,OAAW,IAAA,IAAA;AACpB;AAEaE,MAAAA,gBAAAA,GAAmB,IAAcC,MAAAA,CAAOC,UAAU;AAExD,MAAMC,sBAAsB,CACjCC,WAAAA,GAAAA;IAEA,MAAMC,IAAAA,GAAQD,eAAe,EAAC;IAC9B,MAAME,QAAAA,GAAWD,IAAKC,CAAAA,QAAQ,IAAIN,gBAAAA,EAAAA;IAClC,MAAMO,UAAAA,GAAaC,OAAQH,CAAAA,IAAAA,CAAKE,UAAU,CAAA;IAE1C,OAAO;AAAED,QAAAA,QAAAA;AAAUC,QAAAA;AAAW,KAAA;AAChC;;;;"}
package/dist/server/src/bootstrap.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"bootstrap.d.ts","sourceRoot":"","sources":["../../../server/src/bootstrap.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;qCAuGR;IAAE,MAAM,EAAE,KAAK,MAAM,CAAA;CAAE;AAAzD,wBAyEE"}
1
+ {"version":3,"file":"bootstrap.d.ts","sourceRoot":"","sources":["../../../server/src/bootstrap.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;qCAuGR;IAAE,MAAM,EAAE,KAAK,MAAM,CAAA;CAAE;AAAzD,wBAiFE"}
package/dist/shared/contracts/homepage.d.ts CHANGED
@@ -58,13 +58,17 @@ export declare namespace Homepage {
58
58
  type Width = 4 | 6 | 8 | 12;
59
59
  interface Layout {
60
60
  version: number;
61
- order: WidgetUID[];
62
- widths: Record<WidgetUID, Width>;
61
+ widgets: Array<{
62
+ uid: WidgetUID;
63
+ width: Width;
64
+ }>;
63
65
  updatedAt: string;
64
66
  }
65
67
  interface LayoutWrite {
66
- order: WidgetUID[];
67
- widths: Record<WidgetUID, Width>;
68
+ widgets: Array<{
69
+ uid: WidgetUID;
70
+ width: Width;
71
+ }>;
68
72
  }
69
73
  }
70
74
  export declare namespace GetHomepageLayout {
package/dist/shared/contracts/homepage.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"homepage.d.ts","sourceRoot":"","sources":["../../../shared/contracts/homepage.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,eAAe,CAAC;AAC5C,OAAO,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,eAAe,CAAC;AAGjD,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC,eAAe,CAAC;IAC7B,cAAc,EAAE,GAAG,CAAC,WAAW,CAAC;IAChC,sBAAsB,EAAE,MAAM,CAAC;IAC/B,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,MAAM,CAAC,EAAE,OAAO,GAAG,WAAW,GAAG,UAAU,CAAC;IAC5C,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,IAAI,CAAC;IAChB,WAAW,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;CAC3B;AAED,MAAM,CAAC,OAAO,WAAW,kBAAkB,CAAC;IAC1C,UAAiB,OAAO;QACtB,IAAI,EAAE,EAAE,CAAC;QACT,KAAK,EAAE;YACL,MAAM,EAAE,QAAQ,GAAG,SAAS,CAAC;SAC9B,CAAC;KACH;IAED,UAAiB,QAAQ;QACvB,IAAI,EAAE,cAAc,EAAE,CAAC;QACvB,KAAK,CAAC,EAAE,MAAM,CAAC,gBAAgB,CAAC;KACjC;CACF;AAED,MAAM,CAAC,OAAO,WAAW,gBAAgB,CAAC;IACxC,UAAiB,OAAO;QACtB,IAAI,EAAE,EAAE,CAAC;KACV;IAED,UAAiB,QAAQ;QACvB,IAAI,EAAE;YACJ,MAAM,EAAE,MAAM,CAAC;YACf,YAAY,EAAE,MAAM,CAAC;YACrB,UAAU,EAAE,MAAM,CAAC;YACnB,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;YACvB,MAAM,EAAE,MAAM,CAAC;YACf,QAAQ,EAAE,MAAM,CAAC;YACjB,SAAS,EAAE,MAAM,CAAC;SACnB,CAAC;QACF,KAAK,CAAC,EAAE,MAAM,CAAC,gBAAgB,CAAC;KACjC;CACF;AAED,MAAM,CAAC,OAAO,WAAW,iBAAiB,CAAC;IACzC,UAAiB,OAAO;QACtB,IAAI,EAAE,EAAE,CAAC;KACV;IAED,UAAiB,QAAQ;QACvB,IAAI,EAAE;YACJ,KAAK,EAAE,MAAM,CAAC;YACd,SAAS,EAAE,MAAM,CAAC;YAClB,QAAQ,EAAE,MAAM,CAAC;SAClB,CAAC;QACF,KAAK,CAAC,EAAE,MAAM,CAAC,gBAAgB,CAAC;KACjC;CACF;AAED,MAAM,CAAC,OAAO,WAAW,QAAQ,CAAC;IAChC,KAAY,SAAS,GAAG,MAAM,CAAC;IAC/B,KAAY,KAAK,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC;IAEnC,UAAiB,MAAM;QACrB,OAAO,EAAE,MAAM,CAAC;QAChB,KAAK,EAAE,SAAS,EAAE,CAAC;QACnB,MAAM,EAAE,MAAM,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;QACjC,SAAS,EAAE,MAAM,CAAC;KACnB;IAED,UAAiB,WAAW;QAC1B,KAAK,EAAE,SAAS,EAAE,CAAC;QACnB,MAAM,EAAE,MAAM,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;KAClC;CACF;AAED,MAAM,CAAC,OAAO,WAAW,iBAAiB,CAAC;IACzC,UAAiB,QAAQ;QACvB,IAAI,EAAE,QAAQ,CAAC,MAAM,CAAC;KACvB;CACF;AAED,MAAM,CAAC,OAAO,WAAW,oBAAoB,CAAC;IAC5C,UAAiB,OAAO;QACtB,IAAI,EAAE,QAAQ,CAAC,WAAW,CAAC;KAC5B;IAED,UAAiB,QAAQ;QACvB,IAAI,EAAE,QAAQ,CAAC,MAAM,CAAC;KACvB;CACF"}
1
+ {"version":3,"file":"homepage.d.ts","sourceRoot":"","sources":["../../../shared/contracts/homepage.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,eAAe,CAAC;AAC5C,OAAO,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,eAAe,CAAC;AAGjD,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC,eAAe,CAAC;IAC7B,cAAc,EAAE,GAAG,CAAC,WAAW,CAAC;IAChC,sBAAsB,EAAE,MAAM,CAAC;IAC/B,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,MAAM,CAAC,EAAE,OAAO,GAAG,WAAW,GAAG,UAAU,CAAC;IAC5C,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,IAAI,CAAC;IAChB,WAAW,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;CAC3B;AAED,MAAM,CAAC,OAAO,WAAW,kBAAkB,CAAC;IAC1C,UAAiB,OAAO;QACtB,IAAI,EAAE,EAAE,CAAC;QACT,KAAK,EAAE;YACL,MAAM,EAAE,QAAQ,GAAG,SAAS,CAAC;SAC9B,CAAC;KACH;IAED,UAAiB,QAAQ;QACvB,IAAI,EAAE,cAAc,EAAE,CAAC;QACvB,KAAK,CAAC,EAAE,MAAM,CAAC,gBAAgB,CAAC;KACjC;CACF;AAED,MAAM,CAAC,OAAO,WAAW,gBAAgB,CAAC;IACxC,UAAiB,OAAO;QACtB,IAAI,EAAE,EAAE,CAAC;KACV;IAED,UAAiB,QAAQ;QACvB,IAAI,EAAE;YACJ,MAAM,EAAE,MAAM,CAAC;YACf,YAAY,EAAE,MAAM,CAAC;YACrB,UAAU,EAAE,MAAM,CAAC;YACnB,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;YACvB,MAAM,EAAE,MAAM,CAAC;YACf,QAAQ,EAAE,MAAM,CAAC;YACjB,SAAS,EAAE,MAAM,CAAC;SACnB,CAAC;QACF,KAAK,CAAC,EAAE,MAAM,CAAC,gBAAgB,CAAC;KACjC;CACF;AAED,MAAM,CAAC,OAAO,WAAW,iBAAiB,CAAC;IACzC,UAAiB,OAAO;QACtB,IAAI,EAAE,EAAE,CAAC;KACV;IAED,UAAiB,QAAQ;QACvB,IAAI,EAAE;YACJ,KAAK,EAAE,MAAM,CAAC;YACd,SAAS,EAAE,MAAM,CAAC;YAClB,QAAQ,EAAE,MAAM,CAAC;SAClB,CAAC;QACF,KAAK,CAAC,EAAE,MAAM,CAAC,gBAAgB,CAAC;KACjC;CACF;AAED,MAAM,CAAC,OAAO,WAAW,QAAQ,CAAC;IAChC,KAAY,SAAS,GAAG,MAAM,CAAC;IAC/B,KAAY,KAAK,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC;IAEnC,UAAiB,MAAM;QACrB,OAAO,EAAE,MAAM,CAAC;QAChB,OAAO,EAAE,KAAK,CAAC;YACb,GAAG,EAAE,SAAS,CAAC;YACf,KAAK,EAAE,KAAK,CAAC;SACd,CAAC,CAAC;QACH,SAAS,EAAE,MAAM,CAAC;KACnB;IAED,UAAiB,WAAW;QAC1B,OAAO,EAAE,KAAK,CAAC;YACb,GAAG,EAAE,SAAS,CAAC;YACf,KAAK,EAAE,KAAK,CAAC;SACd,CAAC,CAAC;KACJ;CACF;AAED,MAAM,CAAC,OAAO,WAAW,iBAAiB,CAAC;IACzC,UAAiB,QAAQ;QACvB,IAAI,EAAE,QAAQ,CAAC,MAAM,CAAC;KACvB;CACF;AAED,MAAM,CAAC,OAAO,WAAW,oBAAoB,CAAC;IAC5C,UAAiB,OAAO;QACtB,IAAI,EAAE,QAAQ,CAAC,WAAW,CAAC;KAC5B;IAED,UAAiB,QAAQ;QACvB,IAAI,EAAE,QAAQ,CAAC,MAAM,CAAC;KACvB;CACF"}
package/dist/shared/utils/session-auth.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"session-auth.d.ts","sourceRoot":"","sources":["../../../shared/utils/session-auth.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AAE7C,eAAO,MAAM,mBAAmB,yBAAyB,CAAC;AAE1D,eAAO,MAAM,kCAAkC,QAAoB,CAAC;AACpE,eAAO,MAAM,mCAAmC,QAAoB,CAAC;AACrE,eAAO,MAAM,4BAA4B,QAAmB,CAAC;AAC7D,eAAO,MAAM,6BAA6B,QAAc,CAAC;AAEzD,eAAO,MAAM,uBAAuB;;;;;;;;CAkBnC,CAAC;AAgCF,eAAO,MAAM,4BAA4B,SACjC,SAAS,GAAG,SAAS,yBACJ,MAAM;;;;;;;;;;;;;;;;;CAgB9B,CAAC;AAEF,eAAO,MAAM,iBAAiB,QAAO,QAAQ,cAAc,CAAC,qBAAqB,GAAG,IAGnF,CAAC;AAEF,eAAO,MAAM,gBAAgB,QAAO,MAA6B,CAAC;AAElE,eAAO,MAAM,mBAAmB,gBACjB,OAAO,KACnB;IAAE,QAAQ,EAAE,MAAM,CAAC;IAAC,UAAU,EAAE,OAAO,CAAA;CAMzC,CAAC"}
1
+ {"version":3,"file":"session-auth.d.ts","sourceRoot":"","sources":["../../../shared/utils/session-auth.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AAE7C,eAAO,MAAM,mBAAmB,yBAAyB,CAAC;AAE1D,eAAO,MAAM,kCAAkC,QAAoB,CAAC;AACpE,eAAO,MAAM,mCAAmC,QAAoB,CAAC;AACrE,eAAO,MAAM,4BAA4B,QAAmB,CAAC;AAC7D,eAAO,MAAM,6BAA6B,QAAc,CAAC;AAEzD,eAAO,MAAM,uBAAuB;;;;;;;;CAsBnC,CAAC;AAgCF,eAAO,MAAM,4BAA4B,SACjC,SAAS,GAAG,SAAS,yBACJ,MAAM;;;;;;;;;;;;;;;;;CAgB9B,CAAC;AAEF,eAAO,MAAM,iBAAiB,QAAO,QAAQ,cAAc,CAAC,qBAAqB,GAAG,IAGnF,CAAC;AAEF,eAAO,MAAM,gBAAgB,QAAO,MAA6B,CAAC;AAElE,eAAO,MAAM,mBAAmB,gBACjB,OAAO,KACnB;IAAE,QAAQ,EAAE,MAAM,CAAC;IAAC,UAAU,EAAE,OAAO,CAAA;CAMzC,CAAC"}