@strapi/admin 5.27.0 → 5.29.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (101) hide show
  1. package/dist/admin/admin/src/components/DragLayer.js +67 -0
  2. package/dist/admin/admin/src/components/DragLayer.js.map +1 -0
  3. package/dist/admin/admin/src/components/DragLayer.mjs +64 -0
  4. package/dist/admin/admin/src/components/DragLayer.mjs.map +1 -0
  5. package/dist/admin/admin/src/components/FormInputs/Json.js +1 -1
  6. package/dist/admin/admin/src/components/FormInputs/Json.js.map +1 -1
  7. package/dist/admin/admin/src/components/FormInputs/Json.mjs +1 -1
  8. package/dist/admin/admin/src/components/FormInputs/Json.mjs.map +1 -1
  9. package/dist/admin/admin/src/components/GapDropZone.js +292 -0
  10. package/dist/admin/admin/src/components/GapDropZone.js.map +1 -0
  11. package/dist/admin/admin/src/components/GapDropZone.mjs +268 -0
  12. package/dist/admin/admin/src/components/GapDropZone.mjs.map +1 -0
  13. package/dist/admin/admin/src/components/ResizeIndicator.js +353 -0
  14. package/dist/admin/admin/src/components/ResizeIndicator.js.map +1 -0
  15. package/dist/admin/admin/src/components/ResizeIndicator.mjs +332 -0
  16. package/dist/admin/admin/src/components/ResizeIndicator.mjs.map +1 -0
  17. package/dist/admin/admin/src/components/SubNav.js +9 -2
  18. package/dist/admin/admin/src/components/SubNav.js.map +1 -1
  19. package/dist/admin/admin/src/components/SubNav.mjs +9 -2
  20. package/dist/admin/admin/src/components/SubNav.mjs.map +1 -1
  21. package/dist/admin/admin/src/components/WidgetRoot.js +216 -0
  22. package/dist/admin/admin/src/components/WidgetRoot.js.map +1 -0
  23. package/dist/admin/admin/src/components/WidgetRoot.mjs +195 -0
  24. package/dist/admin/admin/src/components/WidgetRoot.mjs.map +1 -0
  25. package/dist/admin/admin/src/features/Tracking.js.map +1 -1
  26. package/dist/admin/admin/src/features/Tracking.mjs.map +1 -1
  27. package/dist/admin/admin/src/features/Widgets.js +276 -0
  28. package/dist/admin/admin/src/features/Widgets.js.map +1 -0
  29. package/dist/admin/admin/src/features/Widgets.mjs +255 -0
  30. package/dist/admin/admin/src/features/Widgets.mjs.map +1 -0
  31. package/dist/admin/admin/src/hooks/useAPIErrorHandler.js +1 -1
  32. package/dist/admin/admin/src/hooks/useAPIErrorHandler.js.map +1 -1
  33. package/dist/admin/admin/src/hooks/useAPIErrorHandler.mjs +1 -1
  34. package/dist/admin/admin/src/hooks/useAPIErrorHandler.mjs.map +1 -1
  35. package/dist/admin/admin/src/pages/Home/HomePage.js +160 -91
  36. package/dist/admin/admin/src/pages/Home/HomePage.js.map +1 -1
  37. package/dist/admin/admin/src/pages/Home/HomePage.mjs +162 -93
  38. package/dist/admin/admin/src/pages/Home/HomePage.mjs.map +1 -1
  39. package/dist/admin/admin/src/pages/Home/components/AddWidgetModal.js +189 -0
  40. package/dist/admin/admin/src/pages/Home/components/AddWidgetModal.js.map +1 -0
  41. package/dist/admin/admin/src/pages/Home/components/AddWidgetModal.mjs +168 -0
  42. package/dist/admin/admin/src/pages/Home/components/AddWidgetModal.mjs.map +1 -0
  43. package/dist/admin/admin/src/services/homepage.js +11 -4
  44. package/dist/admin/admin/src/services/homepage.js.map +1 -1
  45. package/dist/admin/admin/src/services/homepage.mjs +11 -4
  46. package/dist/admin/admin/src/services/homepage.mjs.map +1 -1
  47. package/dist/admin/admin/src/translations/en.json.js +8 -1
  48. package/dist/admin/admin/src/translations/en.json.js.map +1 -1
  49. package/dist/admin/admin/src/translations/en.json.mjs +8 -1
  50. package/dist/admin/admin/src/translations/en.json.mjs.map +1 -1
  51. package/dist/admin/admin/src/translations/uk.json.js +9 -9
  52. package/dist/admin/admin/src/translations/uk.json.mjs +9 -9
  53. package/dist/admin/admin/src/utils/resizeHandlers.js +109 -0
  54. package/dist/admin/admin/src/utils/resizeHandlers.js.map +1 -0
  55. package/dist/admin/admin/src/utils/resizeHandlers.mjs +100 -0
  56. package/dist/admin/admin/src/utils/resizeHandlers.mjs.map +1 -0
  57. package/dist/admin/admin/src/utils/widgetLayout.js +293 -0
  58. package/dist/admin/admin/src/utils/widgetLayout.js.map +1 -0
  59. package/dist/admin/admin/src/utils/widgetLayout.mjs +273 -0
  60. package/dist/admin/admin/src/utils/widgetLayout.mjs.map +1 -0
  61. package/dist/admin/src/components/DragLayer.d.ts +8 -4
  62. package/dist/admin/src/components/GapDropZone.d.ts +36 -0
  63. package/dist/admin/src/components/ResizeIndicator.d.ts +12 -0
  64. package/dist/admin/src/components/SubNav.d.ts +1 -1
  65. package/dist/admin/src/components/WidgetRoot.d.ts +14 -0
  66. package/dist/admin/src/features/Tracking.d.ts +1 -1
  67. package/dist/admin/src/features/Widgets.d.ts +29 -0
  68. package/dist/admin/src/pages/Home/HomePage.d.ts +4 -5
  69. package/dist/admin/src/pages/Home/components/AddWidgetModal.d.ts +10 -0
  70. package/dist/admin/src/services/homepage.d.ts +3 -3
  71. package/dist/admin/src/utils/resizeHandlers.d.ts +58 -0
  72. package/dist/admin/src/utils/widgetLayout.d.ts +78 -0
  73. package/dist/ee/server/src/controllers/authentication-utils/middlewares.d.ts.map +1 -1
  74. package/dist/server/ee/server/src/controllers/authentication-utils/middlewares.js +4 -2
  75. package/dist/server/ee/server/src/controllers/authentication-utils/middlewares.js.map +1 -1
  76. package/dist/server/ee/server/src/controllers/authentication-utils/middlewares.mjs +4 -2
  77. package/dist/server/ee/server/src/controllers/authentication-utils/middlewares.mjs.map +1 -1
  78. package/dist/server/server/src/bootstrap.js +5 -0
  79. package/dist/server/server/src/bootstrap.js.map +1 -1
  80. package/dist/server/server/src/bootstrap.mjs +5 -0
  81. package/dist/server/server/src/bootstrap.mjs.map +1 -1
  82. package/dist/server/server/src/controllers/authentication.js +6 -6
  83. package/dist/server/server/src/controllers/authentication.js.map +1 -1
  84. package/dist/server/server/src/controllers/authentication.mjs +6 -6
  85. package/dist/server/server/src/controllers/authentication.mjs.map +1 -1
  86. package/dist/server/server/src/register.js +2 -1
  87. package/dist/server/server/src/register.js.map +1 -1
  88. package/dist/server/server/src/register.mjs +2 -1
  89. package/dist/server/server/src/register.mjs.map +1 -1
  90. package/dist/server/shared/utils/session-auth.js +14 -5
  91. package/dist/server/shared/utils/session-auth.js.map +1 -1
  92. package/dist/server/shared/utils/session-auth.mjs +14 -5
  93. package/dist/server/shared/utils/session-auth.mjs.map +1 -1
  94. package/dist/server/src/bootstrap.d.ts.map +1 -1
  95. package/dist/server/src/controllers/authentication.d.ts.map +1 -1
  96. package/dist/server/src/register.d.ts.map +1 -1
  97. package/dist/shared/contracts/homepage.d.ts +8 -4
  98. package/dist/shared/contracts/homepage.d.ts.map +1 -1
  99. package/dist/shared/utils/session-auth.d.ts +2 -2
  100. package/dist/shared/utils/session-auth.d.ts.map +1 -1
  101. package/package.json +7 -7
package/dist/admin/src/utils/widgetLayout.d.ts ADDED
@@ -0,0 +1,78 @@
1
+ /**
2
+ *
3
+ * Comprehensive utilities for widget layout operations including sizing, positioning, and layout calculations.
4
+ *
5
+ * Constraints:
6
+ * - Maximum 3 widgets per row (since minimum widget width is 4 columns)
7
+ * - Widget widths are snapped to discrete values: 4 (1/3), 6 (1/2), 8 (2/3), 12 (3/3)
8
+ */
9
+ import type { Homepage } from '../../../shared/contracts/homepage';
10
+ import type { WidgetWithUID } from '../core/apis/Widgets';
11
+ export declare const WIDGET_SIZING: {
12
+ readonly TOTAL_COLUMNS: 12;
13
+ readonly MIN_WIDGET_WIDTH: 4;
14
+ readonly DISCRETE_SIZES: readonly [4, 6, 8, 12];
15
+ };
16
+ export declare const WIDGET_DATA_ATTRIBUTES: {
17
+ readonly WIDGET_ID: "data-strapi-widget-id";
18
+ readonly GRID_CONTAINER: "data-strapi-grid-container";
19
+ };
20
+ export declare const getWidgetElement: (uid: string) => HTMLElement | null;
21
+ export declare const getWidgetGridContainer: () => HTMLElement | null;
22
+ export interface WidgetRow {
23
+ widgets: WidgetWithUID[];
24
+ totalWidth: number;
25
+ startIndex: number;
26
+ endIndex: number;
27
+ }
28
+ /**
29
+ * Validates if a widget width is valid (within constraints)
30
+ */
31
+ export declare const isValidWidgetWidth: (width: number) => boolean;
32
+ /**
33
+ * Validates if a resize operation is allowed between two widgets
34
+ */
35
+ export declare const isValidResizeOperation: (leftWidth: number, rightWidth: number) => boolean;
36
+ /**
37
+ * Gets widget width with fallback to default value
38
+ */
39
+ export declare const getWidgetWidth: (columnWidths: Record<string, number>, widgetId: string | undefined, defaultWidth?: number) => number;
40
+ /**
41
+ * Calculates the current row structure from widgets and their widths
42
+ */
43
+ export declare const calculateWidgetRows: (widgets: WidgetWithUID[], columnWidths: Record<string, number>) => WidgetRow[];
44
+ /**
45
+ * Calculates optimal layout for a specific row based on widget count
46
+ * Only enforces constraints when necessary:
47
+ * - 1 widget in row: must be 3/3 (12 columns)
48
+ * - 3 widgets in row: must be 1/3+1/3+1/3 (4+4+4 columns)
49
+ * - 2 widgets in row: preserves existing proportions or uses 1/2+1/2
50
+ */
51
+ export declare const calculateOptimalLayoutForRow: (widgetsInRow: WidgetWithUID[], currentColumnWidths: Record<string, number>) => Record<string, number>;
52
+ export declare const moveWidgetInArray: (widgets: WidgetWithUID[], widgetId: string, insertIndex: number) => WidgetWithUID[];
53
+ export declare const findRowContainingWidget: (widgetRows: WidgetRow[], widgetId: string, widgets: WidgetWithUID[]) => WidgetRow | undefined;
54
+ export declare const resizeRowAfterRemoval: (row: WidgetRow | undefined, removedWidgetId: string, currentWidths: Record<string, number>) => Record<string, number>;
55
+ export declare const resizeRowAfterAddition: (row: WidgetRow | undefined, addedWidget: WidgetWithUID, insertIndex: number, currentWidths: Record<string, number>) => Record<string, number>;
56
+ export declare const isLastWidgetInRow: (widgetIndex: number, widgets: WidgetWithUID[], columnWidths: Record<string, number>) => boolean;
57
+ export declare const canResizeBetweenWidgets: (leftWidgetId: string, rightWidgetId: string, columnWidths: Record<string, number>, widgets: WidgetWithUID[]) => boolean;
58
+ /**
59
+ * Filters widgets to only include those present in the homepage layout
60
+ */
61
+ export declare const filterWidgetsByHomepageLayout: (widgets: WidgetWithUID[], homepageLayout: Homepage.Layout) => WidgetWithUID[];
62
+ /**
63
+ * Sorts widgets according to the homepage layout order
64
+ */
65
+ export declare const sortWidgetsByHomepageLayout: (widgets: WidgetWithUID[], homepageLayout: Homepage.Layout) => WidgetWithUID[];
66
+ /**
67
+ * Applies homepage layout to widgets (filters, sorts, and extracts widths)
68
+ */
69
+ export declare const applyHomepageLayout: (authorizedWidgets: WidgetWithUID[], homepageLayout: Homepage.Layout) => {
70
+ filteredWidgets: WidgetWithUID[];
71
+ widths: Record<string, number>;
72
+ };
73
+ /**
74
+ * Creates default widget widths based on widget count
75
+ * Even count: all widgets get width 6
76
+ * Odd count: all widgets get width 6 except the last one which gets width 12
77
+ */
78
+ export declare const createDefaultWidgetWidths: (widgets: WidgetWithUID[]) => Record<string, number>;
package/dist/ee/server/src/controllers/authentication-utils/middlewares.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"middlewares.d.ts","sourceRoot":"","sources":["../../../../../../ee/server/src/controllers/authentication-utils/middlewares.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;AAa1C,eAAO,MAAM,YAAY,EAAE,IAAI,CAAC,iBA0B/B,CAAC;AA4DF,eAAO,MAAM,gBAAgB,EAAE,IAAI,CAAC,iBAuDnC,CAAC;;;;;AAEF,wBAGE"}
1
+ {"version":3,"file":"middlewares.d.ts","sourceRoot":"","sources":["../../../../../../ee/server/src/controllers/authentication-utils/middlewares.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;AAa1C,eAAO,MAAM,YAAY,EAAE,IAAI,CAAC,iBA0B/B,CAAC;AA4DF,eAAO,MAAM,gBAAgB,EAAE,IAAI,CAAC,iBA0DnC,CAAC;;;;;AAEF,wBAGE"}
package/dist/server/ee/server/src/controllers/authentication-utils/middlewares.js CHANGED
@@ -108,11 +108,13 @@ const redirectWithAuth = async (ctx)=>{
108
108
  return ctx.redirect(redirectUrls.error);
109
109
  }
110
110
  const { token: accessToken } = accessResult;
111
- const isProduction = strapi.config.get('environment') === 'production';
111
+ const configuredSecure = strapi.config.get('admin.auth.cookie.secure');
112
+ const isProduction = process.env.NODE_ENV === 'production';
113
+ const isSecure = typeof configuredSecure === 'boolean' ? configuredSecure : isProduction;
112
114
  const domain = strapi.config.get('admin.auth.domain');
113
115
  ctx.cookies.set('jwtToken', accessToken, {
114
116
  httpOnly: false,
115
- secure: isProduction,
117
+ secure: isSecure,
116
118
  overwrite: true,
117
119
  domain
118
120
  });
package/dist/server/ee/server/src/controllers/authentication-utils/middlewares.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"middlewares.js","sources":["../../../../../../../ee/server/src/controllers/authentication-utils/middlewares.ts"],"sourcesContent":["import type { Core } from '@strapi/types';\nimport passport from 'koa-passport';\nimport { getService } from '../../utils';\nimport utils from './utils';\nimport {\n REFRESH_COOKIE_NAME,\n buildCookieOptionsWithExpiry,\n getSessionManager,\n generateDeviceId,\n} from '../../../../../shared/utils/session-auth';\n\nconst defaultConnectionError = () => new Error('Invalid connection payload');\n\nexport const authenticate: Core.MiddlewareHandler = async (ctx, next) => {\n const {\n params: { provider },\n } = ctx;\n const redirectUrls = utils.getPrefixedRedirectUrls();\n\n // @ts-expect-error - can not use null to authenticate\n return passport.authenticate(provider, null, async (error, profile) => {\n if (error || !profile || !profile.email) {\n if (error) {\n strapi.log.error(error);\n }\n\n strapi.eventHub.emit('admin.auth.error', {\n error: error || defaultConnectionError(),\n provider,\n });\n\n return ctx.redirect(redirectUrls.error);\n }\n\n const user = await getService('user').findOneByEmail(profile.email);\n const scenario = user ? existingUserScenario : nonExistingUserScenario;\n\n return scenario(ctx, next)(user || profile, provider);\n })(ctx, next);\n};\n\nconst existingUserScenario: Core.MiddlewareHandler =\n (ctx, next) => async (user: any, provider: any) => {\n const redirectUrls = utils.getPrefixedRedirectUrls();\n\n if (!user.isActive) {\n strapi.eventHub.emit('admin.auth.error', {\n error: new Error(`Deactivated user tried to login (${user.id})`),\n provider,\n });\n return ctx.redirect(redirectUrls.error);\n }\n\n ctx.state.user = user;\n return next();\n };\n\nconst nonExistingUserScenario: Core.MiddlewareHandler =\n (ctx, next) => async (profile: any, provider: any) => {\n const { email, firstname, lastname, username } = profile;\n const redirectUrls = utils.getPrefixedRedirectUrls();\n const adminStore = await utils.getAdminStore();\n const { providers } = (await adminStore.get({ key: 'auth' })) as any;\n\n // We need at least the username or the firstname/lastname combination to register a new user\n const isMissingRegisterFields = !username && (!firstname || !lastname);\n\n if (!providers.autoRegister || !providers.defaultRole || isMissingRegisterFields) {\n strapi.eventHub.emit('admin.auth.error', { error: defaultConnectionError(), provider });\n return ctx.redirect(redirectUrls.error);\n }\n\n const defaultRole = await getService('role').findOne({ id: providers.defaultRole });\n\n // If the default role has been misconfigured, redirect with an error\n if (!defaultRole) {\n strapi.eventHub.emit('admin.auth.error', { error: defaultConnectionError(), provider });\n return ctx.redirect(redirectUrls.error);\n }\n\n // Register a new user with the information given by the provider and login with it\n ctx.state.user = await getService('user').create({\n email,\n username,\n firstname,\n lastname,\n roles: [defaultRole.id],\n isActive: true,\n registrationToken: null,\n });\n\n strapi.eventHub.emit('admin.auth.autoRegistration', {\n user: ctx.state.user,\n provider,\n });\n\n return next();\n };\n\nexport const redirectWithAuth: Core.MiddlewareHandler = async (ctx) => {\n const {\n params: { provider },\n } = ctx;\n const redirectUrls = utils.getPrefixedRedirectUrls();\n const { user } = ctx.state;\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n strapi.log.error('SessionManager not available for SSO authentication');\n return ctx.redirect(redirectUrls.error);\n }\n\n const userId = String(user.id);\n const deviceId = generateDeviceId();\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, {\n type: 'refresh',\n });\n\n const cookieOptions = buildCookieOptionsWithExpiry('refresh', absoluteExpiresAt);\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n strapi.log.error('Failed to generate access token for SSO user');\n return ctx.redirect(redirectUrls.error);\n }\n\n const { token: accessToken } = accessResult;\n\n const isProduction = strapi.config.get('environment') === 'production';\n const domain: string | undefined = strapi.config.get('admin.auth.domain');\n ctx.cookies.set('jwtToken', accessToken, {\n httpOnly: false,\n secure: isProduction,\n overwrite: true,\n domain,\n });\n\n const sanitizedUser = getService('user').sanitizeUser(user);\n strapi.eventHub.emit('admin.auth.success', { user: sanitizedUser, provider });\n\n ctx.redirect(redirectUrls.success);\n } catch (error) {\n strapi.log.error('SSO authentication failed during token generation', error);\n strapi.eventHub.emit('admin.auth.error', {\n error: error instanceof Error ? error : new Error('Unknown SSO error'),\n provider,\n });\n return ctx.redirect(redirectUrls.error);\n }\n};\n\nexport default {\n authenticate,\n redirectWithAuth,\n};\n"],"names":["defaultConnectionError","Error","authenticate","ctx","next","params","provider","redirectUrls","utils","getPrefixedRedirectUrls","passport","error","profile","email","strapi","log","eventHub","emit","redirect","user","getService","findOneByEmail","scenario","existingUserScenario","nonExistingUserScenario","isActive","id","state","firstname","lastname","username","adminStore","getAdminStore","providers","get","key","isMissingRegisterFields","autoRegister","defaultRole","findOne","create","roles","registrationToken","redirectWithAuth","sessionManager","getSessionManager","userId","String","deviceId","generateDeviceId","token","refreshToken","absoluteExpiresAt","generateRefreshToken","type","cookieOptions","buildCookieOptionsWithExpiry","cookies","set","REFRESH_COOKIE_NAME","accessResult","generateAccessToken","accessToken","isProduction","config","domain","httpOnly","secure","overwrite","sanitizedUser","sanitizeUser","success"],"mappings":";;;;;;;;;AAWA,MAAMA,sBAAAA,GAAyB,IAAM,IAAIC,KAAM,CAAA,4BAAA,CAAA;AAExC,MAAMC,YAAuC,GAAA,OAAOC,GAAKC,EAAAA,IAAAA,GAAAA;AAC9D,IAAA,MAAM,EACJC,MAAQ,EAAA,EAAEC,QAAQ,EAAE,EACrB,GAAGH,GAAAA;IACJ,MAAMI,YAAAA,GAAeC,cAAMC,uBAAuB,EAAA;;AAGlD,IAAA,OAAOC,SAASR,YAAY,CAACI,QAAU,EAAA,IAAA,EAAM,OAAOK,KAAOC,EAAAA,OAAAA,GAAAA;AACzD,QAAA,IAAID,SAAS,CAACC,OAAAA,IAAW,CAACA,OAAAA,CAAQC,KAAK,EAAE;AACvC,YAAA,IAAIF,KAAO,EAAA;gBACTG,MAAOC,CAAAA,GAAG,CAACJ,KAAK,CAACA,KAAAA,CAAAA;AACnB;AAEAG,YAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;AACvCN,gBAAAA,KAAAA,EAAOA,KAASX,IAAAA,sBAAAA,EAAAA;AAChBM,gBAAAA;AACF,aAAA,CAAA;AAEA,YAAA,OAAOH,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;AAEA,QAAA,MAAMQ,OAAO,MAAMC,gBAAAA,CAAW,QAAQC,cAAc,CAACT,QAAQC,KAAK,CAAA;QAClE,MAAMS,QAAAA,GAAWH,OAAOI,oBAAuBC,GAAAA,uBAAAA;AAE/C,QAAA,OAAOF,QAASnB,CAAAA,GAAAA,EAAKC,IAAMe,CAAAA,CAAAA,IAAAA,IAAQP,OAASN,EAAAA,QAAAA,CAAAA;AAC9C,KAAA,CAAA,CAAGH,GAAKC,EAAAA,IAAAA,CAAAA;AACV;AAEA,MAAMmB,oBACJ,GAAA,CAACpB,GAAKC,EAAAA,IAAAA,GAAS,OAAOe,IAAWb,EAAAA,QAAAA,GAAAA;QAC/B,MAAMC,YAAAA,GAAeC,cAAMC,uBAAuB,EAAA;QAElD,IAAI,CAACU,IAAKM,CAAAA,QAAQ,EAAE;AAClBX,YAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;gBACvCN,KAAO,EAAA,IAAIV,MAAM,CAAC,iCAAiC,EAAEkB,IAAKO,CAAAA,EAAE,CAAC,CAAC,CAAC,CAAA;AAC/DpB,gBAAAA;AACF,aAAA,CAAA;AACA,YAAA,OAAOH,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;QAEAR,GAAIwB,CAAAA,KAAK,CAACR,IAAI,GAAGA,IAAAA;QACjB,OAAOf,IAAAA,EAAAA;AACT,KAAA;AAEF,MAAMoB,uBACJ,GAAA,CAACrB,GAAKC,EAAAA,IAAAA,GAAS,OAAOQ,OAAcN,EAAAA,QAAAA,GAAAA;QAClC,MAAM,EAAEO,KAAK,EAAEe,SAAS,EAAEC,QAAQ,EAAEC,QAAQ,EAAE,GAAGlB,OAAAA;QACjD,MAAML,YAAAA,GAAeC,cAAMC,uBAAuB,EAAA;QAClD,MAAMsB,UAAAA,GAAa,MAAMvB,aAAAA,CAAMwB,aAAa,EAAA;AAC5C,QAAA,MAAM,EAAEC,SAAS,EAAE,GAAI,MAAMF,UAAAA,CAAWG,GAAG,CAAC;YAAEC,GAAK,EAAA;AAAO,SAAA,CAAA;;AAG1D,QAAA,MAAMC,0BAA0B,CAACN,QAAAA,KAAa,CAACF,SAAAA,IAAa,CAACC,QAAO,CAAA;QAEpE,IAAI,CAACI,UAAUI,YAAY,IAAI,CAACJ,SAAUK,CAAAA,WAAW,IAAIF,uBAAyB,EAAA;AAChFtB,YAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;gBAAEN,KAAOX,EAAAA,sBAAAA,EAAAA;AAA0BM,gBAAAA;AAAS,aAAA,CAAA;AACrF,YAAA,OAAOH,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;AAEA,QAAA,MAAM2B,WAAc,GAAA,MAAMlB,gBAAW,CAAA,MAAA,CAAA,CAAQmB,OAAO,CAAC;AAAEb,YAAAA,EAAAA,EAAIO,UAAUK;AAAY,SAAA,CAAA;;AAGjF,QAAA,IAAI,CAACA,WAAa,EAAA;AAChBxB,YAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;gBAAEN,KAAOX,EAAAA,sBAAAA,EAAAA;AAA0BM,gBAAAA;AAAS,aAAA,CAAA;AACrF,YAAA,OAAOH,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;;QAGAR,GAAIwB,CAAAA,KAAK,CAACR,IAAI,GAAG,MAAMC,gBAAW,CAAA,MAAA,CAAA,CAAQoB,MAAM,CAAC;AAC/C3B,YAAAA,KAAAA;AACAiB,YAAAA,QAAAA;AACAF,YAAAA,SAAAA;AACAC,YAAAA,QAAAA;YACAY,KAAO,EAAA;AAACH,gBAAAA,WAAAA,CAAYZ;AAAG,aAAA;YACvBD,QAAU,EAAA,IAAA;YACViB,iBAAmB,EAAA;AACrB,SAAA,CAAA;AAEA5B,QAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,6BAA+B,EAAA;YAClDE,IAAMhB,EAAAA,GAAAA,CAAIwB,KAAK,CAACR,IAAI;AACpBb,YAAAA;AACF,SAAA,CAAA;QAEA,OAAOF,IAAAA,EAAAA;AACT,KAAA;AAEK,MAAMuC,mBAA2C,OAAOxC,GAAAA,GAAAA;AAC7D,IAAA,MAAM,EACJE,MAAQ,EAAA,EAAEC,QAAQ,EAAE,EACrB,GAAGH,GAAAA;IACJ,MAAMI,YAAAA,GAAeC,cAAMC,uBAAuB,EAAA;AAClD,IAAA,MAAM,EAAEU,IAAI,EAAE,GAAGhB,IAAIwB,KAAK;IAE1B,IAAI;AACF,QAAA,MAAMiB,cAAiBC,GAAAA,6BAAAA,EAAAA;AACvB,QAAA,IAAI,CAACD,cAAgB,EAAA;YACnB9B,MAAOC,CAAAA,GAAG,CAACJ,KAAK,CAAC,qDAAA,CAAA;AACjB,YAAA,OAAOR,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;QAEA,MAAMmC,MAAAA,GAASC,MAAO5B,CAAAA,IAAAA,CAAKO,EAAE,CAAA;AAC7B,QAAA,MAAMsB,QAAWC,GAAAA,4BAAAA,EAAAA;AAEjB,QAAA,MAAM,EAAEC,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMR,cACvD,CAAA,OAAA,CAAA,CACAS,oBAAoB,CAACP,QAAQE,QAAU,EAAA;YACvCM,IAAM,EAAA;AACR,SAAA,CAAA;QAEA,MAAMC,aAAAA,GAAgBC,yCAA6B,SAAWJ,EAAAA,iBAAAA,CAAAA;AAC9DjD,QAAAA,GAAAA,CAAIsD,OAAO,CAACC,GAAG,CAACC,iCAAqBR,YAAcI,EAAAA,aAAAA,CAAAA;AAEnD,QAAA,MAAMK,YAAe,GAAA,MAAMhB,cAAe,CAAA,OAAA,CAAA,CAASiB,mBAAmB,CAACV,YAAAA,CAAAA;AACvE,QAAA,IAAI,WAAWS,YAAc,EAAA;YAC3B9C,MAAOC,CAAAA,GAAG,CAACJ,KAAK,CAAC,8CAAA,CAAA;AACjB,YAAA,OAAOR,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;AAEA,QAAA,MAAM,EAAEuC,KAAAA,EAAOY,WAAW,EAAE,GAAGF,YAAAA;AAE/B,QAAA,MAAMG,eAAejD,MAAOkD,CAAAA,MAAM,CAAC9B,GAAG,CAAC,aAAmB,CAAA,KAAA,YAAA;AAC1D,QAAA,MAAM+B,MAA6BnD,GAAAA,MAAAA,CAAOkD,MAAM,CAAC9B,GAAG,CAAC,mBAAA,CAAA;AACrD/B,QAAAA,GAAAA,CAAIsD,OAAO,CAACC,GAAG,CAAC,YAAYI,WAAa,EAAA;YACvCI,QAAU,EAAA,KAAA;YACVC,MAAQJ,EAAAA,YAAAA;YACRK,SAAW,EAAA,IAAA;AACXH,YAAAA;AACF,SAAA,CAAA;AAEA,QAAA,MAAMI,aAAgBjD,GAAAA,gBAAAA,CAAW,MAAQkD,CAAAA,CAAAA,YAAY,CAACnD,IAAAA,CAAAA;AACtDL,QAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,oBAAsB,EAAA;YAAEE,IAAMkD,EAAAA,aAAAA;AAAe/D,YAAAA;AAAS,SAAA,CAAA;QAE3EH,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAagE,OAAO,CAAA;AACnC,KAAA,CAAE,OAAO5D,KAAO,EAAA;AACdG,QAAAA,MAAAA,CAAOC,GAAG,CAACJ,KAAK,CAAC,mDAAqDA,EAAAA,KAAAA,CAAAA;AACtEG,QAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;AACvCN,YAAAA,KAAAA,EAAOA,KAAiBV,YAAAA,KAAAA,GAAQU,KAAQ,GAAA,IAAIV,KAAM,CAAA,mBAAA,CAAA;AAClDK,YAAAA;AACF,SAAA,CAAA;AACA,QAAA,OAAOH,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;AACF;AAEA,kBAAe;AACbT,IAAAA,YAAAA;AACAyC,IAAAA;AACF,CAAE;;;;;;"}
1
+ {"version":3,"file":"middlewares.js","sources":["../../../../../../../ee/server/src/controllers/authentication-utils/middlewares.ts"],"sourcesContent":["import type { Core } from '@strapi/types';\nimport passport from 'koa-passport';\nimport { getService } from '../../utils';\nimport utils from './utils';\nimport {\n REFRESH_COOKIE_NAME,\n buildCookieOptionsWithExpiry,\n getSessionManager,\n generateDeviceId,\n} from '../../../../../shared/utils/session-auth';\n\nconst defaultConnectionError = () => new Error('Invalid connection payload');\n\nexport const authenticate: Core.MiddlewareHandler = async (ctx, next) => {\n const {\n params: { provider },\n } = ctx;\n const redirectUrls = utils.getPrefixedRedirectUrls();\n\n // @ts-expect-error - can not use null to authenticate\n return passport.authenticate(provider, null, async (error, profile) => {\n if (error || !profile || !profile.email) {\n if (error) {\n strapi.log.error(error);\n }\n\n strapi.eventHub.emit('admin.auth.error', {\n error: error || defaultConnectionError(),\n provider,\n });\n\n return ctx.redirect(redirectUrls.error);\n }\n\n const user = await getService('user').findOneByEmail(profile.email);\n const scenario = user ? existingUserScenario : nonExistingUserScenario;\n\n return scenario(ctx, next)(user || profile, provider);\n })(ctx, next);\n};\n\nconst existingUserScenario: Core.MiddlewareHandler =\n (ctx, next) => async (user: any, provider: any) => {\n const redirectUrls = utils.getPrefixedRedirectUrls();\n\n if (!user.isActive) {\n strapi.eventHub.emit('admin.auth.error', {\n error: new Error(`Deactivated user tried to login (${user.id})`),\n provider,\n });\n return ctx.redirect(redirectUrls.error);\n }\n\n ctx.state.user = user;\n return next();\n };\n\nconst nonExistingUserScenario: Core.MiddlewareHandler =\n (ctx, next) => async (profile: any, provider: any) => {\n const { email, firstname, lastname, username } = profile;\n const redirectUrls = utils.getPrefixedRedirectUrls();\n const adminStore = await utils.getAdminStore();\n const { providers } = (await adminStore.get({ key: 'auth' })) as any;\n\n // We need at least the username or the firstname/lastname combination to register a new user\n const isMissingRegisterFields = !username && (!firstname || !lastname);\n\n if (!providers.autoRegister || !providers.defaultRole || isMissingRegisterFields) {\n strapi.eventHub.emit('admin.auth.error', { error: defaultConnectionError(), provider });\n return ctx.redirect(redirectUrls.error);\n }\n\n const defaultRole = await getService('role').findOne({ id: providers.defaultRole });\n\n // If the default role has been misconfigured, redirect with an error\n if (!defaultRole) {\n strapi.eventHub.emit('admin.auth.error', { error: defaultConnectionError(), provider });\n return ctx.redirect(redirectUrls.error);\n }\n\n // Register a new user with the information given by the provider and login with it\n ctx.state.user = await getService('user').create({\n email,\n username,\n firstname,\n lastname,\n roles: [defaultRole.id],\n isActive: true,\n registrationToken: null,\n });\n\n strapi.eventHub.emit('admin.auth.autoRegistration', {\n user: ctx.state.user,\n provider,\n });\n\n return next();\n };\n\nexport const redirectWithAuth: Core.MiddlewareHandler = async (ctx) => {\n const {\n params: { provider },\n } = ctx;\n const redirectUrls = utils.getPrefixedRedirectUrls();\n const { user } = ctx.state;\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n strapi.log.error('SessionManager not available for SSO authentication');\n return ctx.redirect(redirectUrls.error);\n }\n\n const userId = String(user.id);\n const deviceId = generateDeviceId();\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, {\n type: 'refresh',\n });\n\n const cookieOptions = buildCookieOptionsWithExpiry('refresh', absoluteExpiresAt);\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n strapi.log.error('Failed to generate access token for SSO user');\n return ctx.redirect(redirectUrls.error);\n }\n\n const { token: accessToken } = accessResult;\n\n const configuredSecure = strapi.config.get('admin.auth.cookie.secure');\n const isProduction = process.env.NODE_ENV === 'production';\n const isSecure = typeof configuredSecure === 'boolean' ? configuredSecure : isProduction;\n\n const domain: string | undefined = strapi.config.get('admin.auth.domain');\n ctx.cookies.set('jwtToken', accessToken, {\n httpOnly: false,\n secure: isSecure,\n overwrite: true,\n domain,\n });\n\n const sanitizedUser = getService('user').sanitizeUser(user);\n strapi.eventHub.emit('admin.auth.success', { user: sanitizedUser, provider });\n\n ctx.redirect(redirectUrls.success);\n } catch (error) {\n strapi.log.error('SSO authentication failed during token generation', error);\n strapi.eventHub.emit('admin.auth.error', {\n error: error instanceof Error ? error : new Error('Unknown SSO error'),\n provider,\n });\n return ctx.redirect(redirectUrls.error);\n }\n};\n\nexport default {\n authenticate,\n redirectWithAuth,\n};\n"],"names":["defaultConnectionError","Error","authenticate","ctx","next","params","provider","redirectUrls","utils","getPrefixedRedirectUrls","passport","error","profile","email","strapi","log","eventHub","emit","redirect","user","getService","findOneByEmail","scenario","existingUserScenario","nonExistingUserScenario","isActive","id","state","firstname","lastname","username","adminStore","getAdminStore","providers","get","key","isMissingRegisterFields","autoRegister","defaultRole","findOne","create","roles","registrationToken","redirectWithAuth","sessionManager","getSessionManager","userId","String","deviceId","generateDeviceId","token","refreshToken","absoluteExpiresAt","generateRefreshToken","type","cookieOptions","buildCookieOptionsWithExpiry","cookies","set","REFRESH_COOKIE_NAME","accessResult","generateAccessToken","accessToken","configuredSecure","config","isProduction","process","env","NODE_ENV","isSecure","domain","httpOnly","secure","overwrite","sanitizedUser","sanitizeUser","success"],"mappings":";;;;;;;;;AAWA,MAAMA,sBAAAA,GAAyB,IAAM,IAAIC,KAAM,CAAA,4BAAA,CAAA;AAExC,MAAMC,YAAuC,GAAA,OAAOC,GAAKC,EAAAA,IAAAA,GAAAA;AAC9D,IAAA,MAAM,EACJC,MAAQ,EAAA,EAAEC,QAAQ,EAAE,EACrB,GAAGH,GAAAA;IACJ,MAAMI,YAAAA,GAAeC,cAAMC,uBAAuB,EAAA;;AAGlD,IAAA,OAAOC,SAASR,YAAY,CAACI,QAAU,EAAA,IAAA,EAAM,OAAOK,KAAOC,EAAAA,OAAAA,GAAAA;AACzD,QAAA,IAAID,SAAS,CAACC,OAAAA,IAAW,CAACA,OAAAA,CAAQC,KAAK,EAAE;AACvC,YAAA,IAAIF,KAAO,EAAA;gBACTG,MAAOC,CAAAA,GAAG,CAACJ,KAAK,CAACA,KAAAA,CAAAA;AACnB;AAEAG,YAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;AACvCN,gBAAAA,KAAAA,EAAOA,KAASX,IAAAA,sBAAAA,EAAAA;AAChBM,gBAAAA;AACF,aAAA,CAAA;AAEA,YAAA,OAAOH,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;AAEA,QAAA,MAAMQ,OAAO,MAAMC,gBAAAA,CAAW,QAAQC,cAAc,CAACT,QAAQC,KAAK,CAAA;QAClE,MAAMS,QAAAA,GAAWH,OAAOI,oBAAuBC,GAAAA,uBAAAA;AAE/C,QAAA,OAAOF,QAASnB,CAAAA,GAAAA,EAAKC,IAAMe,CAAAA,CAAAA,IAAAA,IAAQP,OAASN,EAAAA,QAAAA,CAAAA;AAC9C,KAAA,CAAA,CAAGH,GAAKC,EAAAA,IAAAA,CAAAA;AACV;AAEA,MAAMmB,oBACJ,GAAA,CAACpB,GAAKC,EAAAA,IAAAA,GAAS,OAAOe,IAAWb,EAAAA,QAAAA,GAAAA;QAC/B,MAAMC,YAAAA,GAAeC,cAAMC,uBAAuB,EAAA;QAElD,IAAI,CAACU,IAAKM,CAAAA,QAAQ,EAAE;AAClBX,YAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;gBACvCN,KAAO,EAAA,IAAIV,MAAM,CAAC,iCAAiC,EAAEkB,IAAKO,CAAAA,EAAE,CAAC,CAAC,CAAC,CAAA;AAC/DpB,gBAAAA;AACF,aAAA,CAAA;AACA,YAAA,OAAOH,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;QAEAR,GAAIwB,CAAAA,KAAK,CAACR,IAAI,GAAGA,IAAAA;QACjB,OAAOf,IAAAA,EAAAA;AACT,KAAA;AAEF,MAAMoB,uBACJ,GAAA,CAACrB,GAAKC,EAAAA,IAAAA,GAAS,OAAOQ,OAAcN,EAAAA,QAAAA,GAAAA;QAClC,MAAM,EAAEO,KAAK,EAAEe,SAAS,EAAEC,QAAQ,EAAEC,QAAQ,EAAE,GAAGlB,OAAAA;QACjD,MAAML,YAAAA,GAAeC,cAAMC,uBAAuB,EAAA;QAClD,MAAMsB,UAAAA,GAAa,MAAMvB,aAAAA,CAAMwB,aAAa,EAAA;AAC5C,QAAA,MAAM,EAAEC,SAAS,EAAE,GAAI,MAAMF,UAAAA,CAAWG,GAAG,CAAC;YAAEC,GAAK,EAAA;AAAO,SAAA,CAAA;;AAG1D,QAAA,MAAMC,0BAA0B,CAACN,QAAAA,KAAa,CAACF,SAAAA,IAAa,CAACC,QAAO,CAAA;QAEpE,IAAI,CAACI,UAAUI,YAAY,IAAI,CAACJ,SAAUK,CAAAA,WAAW,IAAIF,uBAAyB,EAAA;AAChFtB,YAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;gBAAEN,KAAOX,EAAAA,sBAAAA,EAAAA;AAA0BM,gBAAAA;AAAS,aAAA,CAAA;AACrF,YAAA,OAAOH,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;AAEA,QAAA,MAAM2B,WAAc,GAAA,MAAMlB,gBAAW,CAAA,MAAA,CAAA,CAAQmB,OAAO,CAAC;AAAEb,YAAAA,EAAAA,EAAIO,UAAUK;AAAY,SAAA,CAAA;;AAGjF,QAAA,IAAI,CAACA,WAAa,EAAA;AAChBxB,YAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;gBAAEN,KAAOX,EAAAA,sBAAAA,EAAAA;AAA0BM,gBAAAA;AAAS,aAAA,CAAA;AACrF,YAAA,OAAOH,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;;QAGAR,GAAIwB,CAAAA,KAAK,CAACR,IAAI,GAAG,MAAMC,gBAAW,CAAA,MAAA,CAAA,CAAQoB,MAAM,CAAC;AAC/C3B,YAAAA,KAAAA;AACAiB,YAAAA,QAAAA;AACAF,YAAAA,SAAAA;AACAC,YAAAA,QAAAA;YACAY,KAAO,EAAA;AAACH,gBAAAA,WAAAA,CAAYZ;AAAG,aAAA;YACvBD,QAAU,EAAA,IAAA;YACViB,iBAAmB,EAAA;AACrB,SAAA,CAAA;AAEA5B,QAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,6BAA+B,EAAA;YAClDE,IAAMhB,EAAAA,GAAAA,CAAIwB,KAAK,CAACR,IAAI;AACpBb,YAAAA;AACF,SAAA,CAAA;QAEA,OAAOF,IAAAA,EAAAA;AACT,KAAA;AAEK,MAAMuC,mBAA2C,OAAOxC,GAAAA,GAAAA;AAC7D,IAAA,MAAM,EACJE,MAAQ,EAAA,EAAEC,QAAQ,EAAE,EACrB,GAAGH,GAAAA;IACJ,MAAMI,YAAAA,GAAeC,cAAMC,uBAAuB,EAAA;AAClD,IAAA,MAAM,EAAEU,IAAI,EAAE,GAAGhB,IAAIwB,KAAK;IAE1B,IAAI;AACF,QAAA,MAAMiB,cAAiBC,GAAAA,6BAAAA,EAAAA;AACvB,QAAA,IAAI,CAACD,cAAgB,EAAA;YACnB9B,MAAOC,CAAAA,GAAG,CAACJ,KAAK,CAAC,qDAAA,CAAA;AACjB,YAAA,OAAOR,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;QAEA,MAAMmC,MAAAA,GAASC,MAAO5B,CAAAA,IAAAA,CAAKO,EAAE,CAAA;AAC7B,QAAA,MAAMsB,QAAWC,GAAAA,4BAAAA,EAAAA;AAEjB,QAAA,MAAM,EAAEC,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMR,cACvD,CAAA,OAAA,CAAA,CACAS,oBAAoB,CAACP,QAAQE,QAAU,EAAA;YACvCM,IAAM,EAAA;AACR,SAAA,CAAA;QAEA,MAAMC,aAAAA,GAAgBC,yCAA6B,SAAWJ,EAAAA,iBAAAA,CAAAA;AAC9DjD,QAAAA,GAAAA,CAAIsD,OAAO,CAACC,GAAG,CAACC,iCAAqBR,YAAcI,EAAAA,aAAAA,CAAAA;AAEnD,QAAA,MAAMK,YAAe,GAAA,MAAMhB,cAAe,CAAA,OAAA,CAAA,CAASiB,mBAAmB,CAACV,YAAAA,CAAAA;AACvE,QAAA,IAAI,WAAWS,YAAc,EAAA;YAC3B9C,MAAOC,CAAAA,GAAG,CAACJ,KAAK,CAAC,8CAAA,CAAA;AACjB,YAAA,OAAOR,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;AAEA,QAAA,MAAM,EAAEuC,KAAAA,EAAOY,WAAW,EAAE,GAAGF,YAAAA;AAE/B,QAAA,MAAMG,gBAAmBjD,GAAAA,MAAAA,CAAOkD,MAAM,CAAC9B,GAAG,CAAC,0BAAA,CAAA;AAC3C,QAAA,MAAM+B,YAAeC,GAAAA,OAAAA,CAAQC,GAAG,CAACC,QAAQ,KAAK,YAAA;AAC9C,QAAA,MAAMC,QAAW,GAAA,OAAON,gBAAqB,KAAA,SAAA,GAAYA,gBAAmBE,GAAAA,YAAAA;AAE5E,QAAA,MAAMK,MAA6BxD,GAAAA,MAAAA,CAAOkD,MAAM,CAAC9B,GAAG,CAAC,mBAAA,CAAA;AACrD/B,QAAAA,GAAAA,CAAIsD,OAAO,CAACC,GAAG,CAAC,YAAYI,WAAa,EAAA;YACvCS,QAAU,EAAA,KAAA;YACVC,MAAQH,EAAAA,QAAAA;YACRI,SAAW,EAAA,IAAA;AACXH,YAAAA;AACF,SAAA,CAAA;AAEA,QAAA,MAAMI,aAAgBtD,GAAAA,gBAAAA,CAAW,MAAQuD,CAAAA,CAAAA,YAAY,CAACxD,IAAAA,CAAAA;AACtDL,QAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,oBAAsB,EAAA;YAAEE,IAAMuD,EAAAA,aAAAA;AAAepE,YAAAA;AAAS,SAAA,CAAA;QAE3EH,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaqE,OAAO,CAAA;AACnC,KAAA,CAAE,OAAOjE,KAAO,EAAA;AACdG,QAAAA,MAAAA,CAAOC,GAAG,CAACJ,KAAK,CAAC,mDAAqDA,EAAAA,KAAAA,CAAAA;AACtEG,QAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;AACvCN,YAAAA,KAAAA,EAAOA,KAAiBV,YAAAA,KAAAA,GAAQU,KAAQ,GAAA,IAAIV,KAAM,CAAA,mBAAA,CAAA;AAClDK,YAAAA;AACF,SAAA,CAAA;AACA,QAAA,OAAOH,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;AACF;AAEA,kBAAe;AACbT,IAAAA,YAAAA;AACAyC,IAAAA;AACF,CAAE;;;;;;"}
package/dist/server/ee/server/src/controllers/authentication-utils/middlewares.mjs CHANGED
@@ -104,11 +104,13 @@ const redirectWithAuth = async (ctx)=>{
104
104
  return ctx.redirect(redirectUrls.error);
105
105
  }
106
106
  const { token: accessToken } = accessResult;
107
- const isProduction = strapi.config.get('environment') === 'production';
107
+ const configuredSecure = strapi.config.get('admin.auth.cookie.secure');
108
+ const isProduction = process.env.NODE_ENV === 'production';
109
+ const isSecure = typeof configuredSecure === 'boolean' ? configuredSecure : isProduction;
108
110
  const domain = strapi.config.get('admin.auth.domain');
109
111
  ctx.cookies.set('jwtToken', accessToken, {
110
112
  httpOnly: false,
111
- secure: isProduction,
113
+ secure: isSecure,
112
114
  overwrite: true,
113
115
  domain
114
116
  });
package/dist/server/ee/server/src/controllers/authentication-utils/middlewares.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"middlewares.mjs","sources":["../../../../../../../ee/server/src/controllers/authentication-utils/middlewares.ts"],"sourcesContent":["import type { Core } from '@strapi/types';\nimport passport from 'koa-passport';\nimport { getService } from '../../utils';\nimport utils from './utils';\nimport {\n REFRESH_COOKIE_NAME,\n buildCookieOptionsWithExpiry,\n getSessionManager,\n generateDeviceId,\n} from '../../../../../shared/utils/session-auth';\n\nconst defaultConnectionError = () => new Error('Invalid connection payload');\n\nexport const authenticate: Core.MiddlewareHandler = async (ctx, next) => {\n const {\n params: { provider },\n } = ctx;\n const redirectUrls = utils.getPrefixedRedirectUrls();\n\n // @ts-expect-error - can not use null to authenticate\n return passport.authenticate(provider, null, async (error, profile) => {\n if (error || !profile || !profile.email) {\n if (error) {\n strapi.log.error(error);\n }\n\n strapi.eventHub.emit('admin.auth.error', {\n error: error || defaultConnectionError(),\n provider,\n });\n\n return ctx.redirect(redirectUrls.error);\n }\n\n const user = await getService('user').findOneByEmail(profile.email);\n const scenario = user ? existingUserScenario : nonExistingUserScenario;\n\n return scenario(ctx, next)(user || profile, provider);\n })(ctx, next);\n};\n\nconst existingUserScenario: Core.MiddlewareHandler =\n (ctx, next) => async (user: any, provider: any) => {\n const redirectUrls = utils.getPrefixedRedirectUrls();\n\n if (!user.isActive) {\n strapi.eventHub.emit('admin.auth.error', {\n error: new Error(`Deactivated user tried to login (${user.id})`),\n provider,\n });\n return ctx.redirect(redirectUrls.error);\n }\n\n ctx.state.user = user;\n return next();\n };\n\nconst nonExistingUserScenario: Core.MiddlewareHandler =\n (ctx, next) => async (profile: any, provider: any) => {\n const { email, firstname, lastname, username } = profile;\n const redirectUrls = utils.getPrefixedRedirectUrls();\n const adminStore = await utils.getAdminStore();\n const { providers } = (await adminStore.get({ key: 'auth' })) as any;\n\n // We need at least the username or the firstname/lastname combination to register a new user\n const isMissingRegisterFields = !username && (!firstname || !lastname);\n\n if (!providers.autoRegister || !providers.defaultRole || isMissingRegisterFields) {\n strapi.eventHub.emit('admin.auth.error', { error: defaultConnectionError(), provider });\n return ctx.redirect(redirectUrls.error);\n }\n\n const defaultRole = await getService('role').findOne({ id: providers.defaultRole });\n\n // If the default role has been misconfigured, redirect with an error\n if (!defaultRole) {\n strapi.eventHub.emit('admin.auth.error', { error: defaultConnectionError(), provider });\n return ctx.redirect(redirectUrls.error);\n }\n\n // Register a new user with the information given by the provider and login with it\n ctx.state.user = await getService('user').create({\n email,\n username,\n firstname,\n lastname,\n roles: [defaultRole.id],\n isActive: true,\n registrationToken: null,\n });\n\n strapi.eventHub.emit('admin.auth.autoRegistration', {\n user: ctx.state.user,\n provider,\n });\n\n return next();\n };\n\nexport const redirectWithAuth: Core.MiddlewareHandler = async (ctx) => {\n const {\n params: { provider },\n } = ctx;\n const redirectUrls = utils.getPrefixedRedirectUrls();\n const { user } = ctx.state;\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n strapi.log.error('SessionManager not available for SSO authentication');\n return ctx.redirect(redirectUrls.error);\n }\n\n const userId = String(user.id);\n const deviceId = generateDeviceId();\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, {\n type: 'refresh',\n });\n\n const cookieOptions = buildCookieOptionsWithExpiry('refresh', absoluteExpiresAt);\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n strapi.log.error('Failed to generate access token for SSO user');\n return ctx.redirect(redirectUrls.error);\n }\n\n const { token: accessToken } = accessResult;\n\n const isProduction = strapi.config.get('environment') === 'production';\n const domain: string | undefined = strapi.config.get('admin.auth.domain');\n ctx.cookies.set('jwtToken', accessToken, {\n httpOnly: false,\n secure: isProduction,\n overwrite: true,\n domain,\n });\n\n const sanitizedUser = getService('user').sanitizeUser(user);\n strapi.eventHub.emit('admin.auth.success', { user: sanitizedUser, provider });\n\n ctx.redirect(redirectUrls.success);\n } catch (error) {\n strapi.log.error('SSO authentication failed during token generation', error);\n strapi.eventHub.emit('admin.auth.error', {\n error: error instanceof Error ? error : new Error('Unknown SSO error'),\n provider,\n });\n return ctx.redirect(redirectUrls.error);\n }\n};\n\nexport default {\n authenticate,\n redirectWithAuth,\n};\n"],"names":["defaultConnectionError","Error","authenticate","ctx","next","params","provider","redirectUrls","utils","getPrefixedRedirectUrls","passport","error","profile","email","strapi","log","eventHub","emit","redirect","user","getService","findOneByEmail","scenario","existingUserScenario","nonExistingUserScenario","isActive","id","state","firstname","lastname","username","adminStore","getAdminStore","providers","get","key","isMissingRegisterFields","autoRegister","defaultRole","findOne","create","roles","registrationToken","redirectWithAuth","sessionManager","getSessionManager","userId","String","deviceId","generateDeviceId","token","refreshToken","absoluteExpiresAt","generateRefreshToken","type","cookieOptions","buildCookieOptionsWithExpiry","cookies","set","REFRESH_COOKIE_NAME","accessResult","generateAccessToken","accessToken","isProduction","config","domain","httpOnly","secure","overwrite","sanitizedUser","sanitizeUser","success"],"mappings":";;;;;AAWA,MAAMA,sBAAAA,GAAyB,IAAM,IAAIC,KAAM,CAAA,4BAAA,CAAA;AAExC,MAAMC,YAAuC,GAAA,OAAOC,GAAKC,EAAAA,IAAAA,GAAAA;AAC9D,IAAA,MAAM,EACJC,MAAQ,EAAA,EAAEC,QAAQ,EAAE,EACrB,GAAGH,GAAAA;IACJ,MAAMI,YAAAA,GAAeC,MAAMC,uBAAuB,EAAA;;AAGlD,IAAA,OAAOC,SAASR,YAAY,CAACI,QAAU,EAAA,IAAA,EAAM,OAAOK,KAAOC,EAAAA,OAAAA,GAAAA;AACzD,QAAA,IAAID,SAAS,CAACC,OAAAA,IAAW,CAACA,OAAAA,CAAQC,KAAK,EAAE;AACvC,YAAA,IAAIF,KAAO,EAAA;gBACTG,MAAOC,CAAAA,GAAG,CAACJ,KAAK,CAACA,KAAAA,CAAAA;AACnB;AAEAG,YAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;AACvCN,gBAAAA,KAAAA,EAAOA,KAASX,IAAAA,sBAAAA,EAAAA;AAChBM,gBAAAA;AACF,aAAA,CAAA;AAEA,YAAA,OAAOH,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;AAEA,QAAA,MAAMQ,OAAO,MAAMC,UAAAA,CAAW,QAAQC,cAAc,CAACT,QAAQC,KAAK,CAAA;QAClE,MAAMS,QAAAA,GAAWH,OAAOI,oBAAuBC,GAAAA,uBAAAA;AAE/C,QAAA,OAAOF,QAASnB,CAAAA,GAAAA,EAAKC,IAAMe,CAAAA,CAAAA,IAAAA,IAAQP,OAASN,EAAAA,QAAAA,CAAAA;AAC9C,KAAA,CAAA,CAAGH,GAAKC,EAAAA,IAAAA,CAAAA;AACV;AAEA,MAAMmB,oBACJ,GAAA,CAACpB,GAAKC,EAAAA,IAAAA,GAAS,OAAOe,IAAWb,EAAAA,QAAAA,GAAAA;QAC/B,MAAMC,YAAAA,GAAeC,MAAMC,uBAAuB,EAAA;QAElD,IAAI,CAACU,IAAKM,CAAAA,QAAQ,EAAE;AAClBX,YAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;gBACvCN,KAAO,EAAA,IAAIV,MAAM,CAAC,iCAAiC,EAAEkB,IAAKO,CAAAA,EAAE,CAAC,CAAC,CAAC,CAAA;AAC/DpB,gBAAAA;AACF,aAAA,CAAA;AACA,YAAA,OAAOH,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;QAEAR,GAAIwB,CAAAA,KAAK,CAACR,IAAI,GAAGA,IAAAA;QACjB,OAAOf,IAAAA,EAAAA;AACT,KAAA;AAEF,MAAMoB,uBACJ,GAAA,CAACrB,GAAKC,EAAAA,IAAAA,GAAS,OAAOQ,OAAcN,EAAAA,QAAAA,GAAAA;QAClC,MAAM,EAAEO,KAAK,EAAEe,SAAS,EAAEC,QAAQ,EAAEC,QAAQ,EAAE,GAAGlB,OAAAA;QACjD,MAAML,YAAAA,GAAeC,MAAMC,uBAAuB,EAAA;QAClD,MAAMsB,UAAAA,GAAa,MAAMvB,KAAAA,CAAMwB,aAAa,EAAA;AAC5C,QAAA,MAAM,EAAEC,SAAS,EAAE,GAAI,MAAMF,UAAAA,CAAWG,GAAG,CAAC;YAAEC,GAAK,EAAA;AAAO,SAAA,CAAA;;AAG1D,QAAA,MAAMC,0BAA0B,CAACN,QAAAA,KAAa,CAACF,SAAAA,IAAa,CAACC,QAAO,CAAA;QAEpE,IAAI,CAACI,UAAUI,YAAY,IAAI,CAACJ,SAAUK,CAAAA,WAAW,IAAIF,uBAAyB,EAAA;AAChFtB,YAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;gBAAEN,KAAOX,EAAAA,sBAAAA,EAAAA;AAA0BM,gBAAAA;AAAS,aAAA,CAAA;AACrF,YAAA,OAAOH,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;AAEA,QAAA,MAAM2B,WAAc,GAAA,MAAMlB,UAAW,CAAA,MAAA,CAAA,CAAQmB,OAAO,CAAC;AAAEb,YAAAA,EAAAA,EAAIO,UAAUK;AAAY,SAAA,CAAA;;AAGjF,QAAA,IAAI,CAACA,WAAa,EAAA;AAChBxB,YAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;gBAAEN,KAAOX,EAAAA,sBAAAA,EAAAA;AAA0BM,gBAAAA;AAAS,aAAA,CAAA;AACrF,YAAA,OAAOH,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;;QAGAR,GAAIwB,CAAAA,KAAK,CAACR,IAAI,GAAG,MAAMC,UAAW,CAAA,MAAA,CAAA,CAAQoB,MAAM,CAAC;AAC/C3B,YAAAA,KAAAA;AACAiB,YAAAA,QAAAA;AACAF,YAAAA,SAAAA;AACAC,YAAAA,QAAAA;YACAY,KAAO,EAAA;AAACH,gBAAAA,WAAAA,CAAYZ;AAAG,aAAA;YACvBD,QAAU,EAAA,IAAA;YACViB,iBAAmB,EAAA;AACrB,SAAA,CAAA;AAEA5B,QAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,6BAA+B,EAAA;YAClDE,IAAMhB,EAAAA,GAAAA,CAAIwB,KAAK,CAACR,IAAI;AACpBb,YAAAA;AACF,SAAA,CAAA;QAEA,OAAOF,IAAAA,EAAAA;AACT,KAAA;AAEK,MAAMuC,mBAA2C,OAAOxC,GAAAA,GAAAA;AAC7D,IAAA,MAAM,EACJE,MAAQ,EAAA,EAAEC,QAAQ,EAAE,EACrB,GAAGH,GAAAA;IACJ,MAAMI,YAAAA,GAAeC,MAAMC,uBAAuB,EAAA;AAClD,IAAA,MAAM,EAAEU,IAAI,EAAE,GAAGhB,IAAIwB,KAAK;IAE1B,IAAI;AACF,QAAA,MAAMiB,cAAiBC,GAAAA,iBAAAA,EAAAA;AACvB,QAAA,IAAI,CAACD,cAAgB,EAAA;YACnB9B,MAAOC,CAAAA,GAAG,CAACJ,KAAK,CAAC,qDAAA,CAAA;AACjB,YAAA,OAAOR,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;QAEA,MAAMmC,MAAAA,GAASC,MAAO5B,CAAAA,IAAAA,CAAKO,EAAE,CAAA;AAC7B,QAAA,MAAMsB,QAAWC,GAAAA,gBAAAA,EAAAA;AAEjB,QAAA,MAAM,EAAEC,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMR,cACvD,CAAA,OAAA,CAAA,CACAS,oBAAoB,CAACP,QAAQE,QAAU,EAAA;YACvCM,IAAM,EAAA;AACR,SAAA,CAAA;QAEA,MAAMC,aAAAA,GAAgBC,6BAA6B,SAAWJ,EAAAA,iBAAAA,CAAAA;AAC9DjD,QAAAA,GAAAA,CAAIsD,OAAO,CAACC,GAAG,CAACC,qBAAqBR,YAAcI,EAAAA,aAAAA,CAAAA;AAEnD,QAAA,MAAMK,YAAe,GAAA,MAAMhB,cAAe,CAAA,OAAA,CAAA,CAASiB,mBAAmB,CAACV,YAAAA,CAAAA;AACvE,QAAA,IAAI,WAAWS,YAAc,EAAA;YAC3B9C,MAAOC,CAAAA,GAAG,CAACJ,KAAK,CAAC,8CAAA,CAAA;AACjB,YAAA,OAAOR,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;AAEA,QAAA,MAAM,EAAEuC,KAAAA,EAAOY,WAAW,EAAE,GAAGF,YAAAA;AAE/B,QAAA,MAAMG,eAAejD,MAAOkD,CAAAA,MAAM,CAAC9B,GAAG,CAAC,aAAmB,CAAA,KAAA,YAAA;AAC1D,QAAA,MAAM+B,MAA6BnD,GAAAA,MAAAA,CAAOkD,MAAM,CAAC9B,GAAG,CAAC,mBAAA,CAAA;AACrD/B,QAAAA,GAAAA,CAAIsD,OAAO,CAACC,GAAG,CAAC,YAAYI,WAAa,EAAA;YACvCI,QAAU,EAAA,KAAA;YACVC,MAAQJ,EAAAA,YAAAA;YACRK,SAAW,EAAA,IAAA;AACXH,YAAAA;AACF,SAAA,CAAA;AAEA,QAAA,MAAMI,aAAgBjD,GAAAA,UAAAA,CAAW,MAAQkD,CAAAA,CAAAA,YAAY,CAACnD,IAAAA,CAAAA;AACtDL,QAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,oBAAsB,EAAA;YAAEE,IAAMkD,EAAAA,aAAAA;AAAe/D,YAAAA;AAAS,SAAA,CAAA;QAE3EH,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAagE,OAAO,CAAA;AACnC,KAAA,CAAE,OAAO5D,KAAO,EAAA;AACdG,QAAAA,MAAAA,CAAOC,GAAG,CAACJ,KAAK,CAAC,mDAAqDA,EAAAA,KAAAA,CAAAA;AACtEG,QAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;AACvCN,YAAAA,KAAAA,EAAOA,KAAiBV,YAAAA,KAAAA,GAAQU,KAAQ,GAAA,IAAIV,KAAM,CAAA,mBAAA,CAAA;AAClDK,YAAAA;AACF,SAAA,CAAA;AACA,QAAA,OAAOH,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;AACF;AAEA,kBAAe;AACbT,IAAAA,YAAAA;AACAyC,IAAAA;AACF,CAAE;;;;"}
1
+ {"version":3,"file":"middlewares.mjs","sources":["../../../../../../../ee/server/src/controllers/authentication-utils/middlewares.ts"],"sourcesContent":["import type { Core } from '@strapi/types';\nimport passport from 'koa-passport';\nimport { getService } from '../../utils';\nimport utils from './utils';\nimport {\n REFRESH_COOKIE_NAME,\n buildCookieOptionsWithExpiry,\n getSessionManager,\n generateDeviceId,\n} from '../../../../../shared/utils/session-auth';\n\nconst defaultConnectionError = () => new Error('Invalid connection payload');\n\nexport const authenticate: Core.MiddlewareHandler = async (ctx, next) => {\n const {\n params: { provider },\n } = ctx;\n const redirectUrls = utils.getPrefixedRedirectUrls();\n\n // @ts-expect-error - can not use null to authenticate\n return passport.authenticate(provider, null, async (error, profile) => {\n if (error || !profile || !profile.email) {\n if (error) {\n strapi.log.error(error);\n }\n\n strapi.eventHub.emit('admin.auth.error', {\n error: error || defaultConnectionError(),\n provider,\n });\n\n return ctx.redirect(redirectUrls.error);\n }\n\n const user = await getService('user').findOneByEmail(profile.email);\n const scenario = user ? existingUserScenario : nonExistingUserScenario;\n\n return scenario(ctx, next)(user || profile, provider);\n })(ctx, next);\n};\n\nconst existingUserScenario: Core.MiddlewareHandler =\n (ctx, next) => async (user: any, provider: any) => {\n const redirectUrls = utils.getPrefixedRedirectUrls();\n\n if (!user.isActive) {\n strapi.eventHub.emit('admin.auth.error', {\n error: new Error(`Deactivated user tried to login (${user.id})`),\n provider,\n });\n return ctx.redirect(redirectUrls.error);\n }\n\n ctx.state.user = user;\n return next();\n };\n\nconst nonExistingUserScenario: Core.MiddlewareHandler =\n (ctx, next) => async (profile: any, provider: any) => {\n const { email, firstname, lastname, username } = profile;\n const redirectUrls = utils.getPrefixedRedirectUrls();\n const adminStore = await utils.getAdminStore();\n const { providers } = (await adminStore.get({ key: 'auth' })) as any;\n\n // We need at least the username or the firstname/lastname combination to register a new user\n const isMissingRegisterFields = !username && (!firstname || !lastname);\n\n if (!providers.autoRegister || !providers.defaultRole || isMissingRegisterFields) {\n strapi.eventHub.emit('admin.auth.error', { error: defaultConnectionError(), provider });\n return ctx.redirect(redirectUrls.error);\n }\n\n const defaultRole = await getService('role').findOne({ id: providers.defaultRole });\n\n // If the default role has been misconfigured, redirect with an error\n if (!defaultRole) {\n strapi.eventHub.emit('admin.auth.error', { error: defaultConnectionError(), provider });\n return ctx.redirect(redirectUrls.error);\n }\n\n // Register a new user with the information given by the provider and login with it\n ctx.state.user = await getService('user').create({\n email,\n username,\n firstname,\n lastname,\n roles: [defaultRole.id],\n isActive: true,\n registrationToken: null,\n });\n\n strapi.eventHub.emit('admin.auth.autoRegistration', {\n user: ctx.state.user,\n provider,\n });\n\n return next();\n };\n\nexport const redirectWithAuth: Core.MiddlewareHandler = async (ctx) => {\n const {\n params: { provider },\n } = ctx;\n const redirectUrls = utils.getPrefixedRedirectUrls();\n const { user } = ctx.state;\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n strapi.log.error('SessionManager not available for SSO authentication');\n return ctx.redirect(redirectUrls.error);\n }\n\n const userId = String(user.id);\n const deviceId = generateDeviceId();\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, {\n type: 'refresh',\n });\n\n const cookieOptions = buildCookieOptionsWithExpiry('refresh', absoluteExpiresAt);\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n strapi.log.error('Failed to generate access token for SSO user');\n return ctx.redirect(redirectUrls.error);\n }\n\n const { token: accessToken } = accessResult;\n\n const configuredSecure = strapi.config.get('admin.auth.cookie.secure');\n const isProduction = process.env.NODE_ENV === 'production';\n const isSecure = typeof configuredSecure === 'boolean' ? configuredSecure : isProduction;\n\n const domain: string | undefined = strapi.config.get('admin.auth.domain');\n ctx.cookies.set('jwtToken', accessToken, {\n httpOnly: false,\n secure: isSecure,\n overwrite: true,\n domain,\n });\n\n const sanitizedUser = getService('user').sanitizeUser(user);\n strapi.eventHub.emit('admin.auth.success', { user: sanitizedUser, provider });\n\n ctx.redirect(redirectUrls.success);\n } catch (error) {\n strapi.log.error('SSO authentication failed during token generation', error);\n strapi.eventHub.emit('admin.auth.error', {\n error: error instanceof Error ? error : new Error('Unknown SSO error'),\n provider,\n });\n return ctx.redirect(redirectUrls.error);\n }\n};\n\nexport default {\n authenticate,\n redirectWithAuth,\n};\n"],"names":["defaultConnectionError","Error","authenticate","ctx","next","params","provider","redirectUrls","utils","getPrefixedRedirectUrls","passport","error","profile","email","strapi","log","eventHub","emit","redirect","user","getService","findOneByEmail","scenario","existingUserScenario","nonExistingUserScenario","isActive","id","state","firstname","lastname","username","adminStore","getAdminStore","providers","get","key","isMissingRegisterFields","autoRegister","defaultRole","findOne","create","roles","registrationToken","redirectWithAuth","sessionManager","getSessionManager","userId","String","deviceId","generateDeviceId","token","refreshToken","absoluteExpiresAt","generateRefreshToken","type","cookieOptions","buildCookieOptionsWithExpiry","cookies","set","REFRESH_COOKIE_NAME","accessResult","generateAccessToken","accessToken","configuredSecure","config","isProduction","process","env","NODE_ENV","isSecure","domain","httpOnly","secure","overwrite","sanitizedUser","sanitizeUser","success"],"mappings":";;;;;AAWA,MAAMA,sBAAAA,GAAyB,IAAM,IAAIC,KAAM,CAAA,4BAAA,CAAA;AAExC,MAAMC,YAAuC,GAAA,OAAOC,GAAKC,EAAAA,IAAAA,GAAAA;AAC9D,IAAA,MAAM,EACJC,MAAQ,EAAA,EAAEC,QAAQ,EAAE,EACrB,GAAGH,GAAAA;IACJ,MAAMI,YAAAA,GAAeC,MAAMC,uBAAuB,EAAA;;AAGlD,IAAA,OAAOC,SAASR,YAAY,CAACI,QAAU,EAAA,IAAA,EAAM,OAAOK,KAAOC,EAAAA,OAAAA,GAAAA;AACzD,QAAA,IAAID,SAAS,CAACC,OAAAA,IAAW,CAACA,OAAAA,CAAQC,KAAK,EAAE;AACvC,YAAA,IAAIF,KAAO,EAAA;gBACTG,MAAOC,CAAAA,GAAG,CAACJ,KAAK,CAACA,KAAAA,CAAAA;AACnB;AAEAG,YAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;AACvCN,gBAAAA,KAAAA,EAAOA,KAASX,IAAAA,sBAAAA,EAAAA;AAChBM,gBAAAA;AACF,aAAA,CAAA;AAEA,YAAA,OAAOH,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;AAEA,QAAA,MAAMQ,OAAO,MAAMC,UAAAA,CAAW,QAAQC,cAAc,CAACT,QAAQC,KAAK,CAAA;QAClE,MAAMS,QAAAA,GAAWH,OAAOI,oBAAuBC,GAAAA,uBAAAA;AAE/C,QAAA,OAAOF,QAASnB,CAAAA,GAAAA,EAAKC,IAAMe,CAAAA,CAAAA,IAAAA,IAAQP,OAASN,EAAAA,QAAAA,CAAAA;AAC9C,KAAA,CAAA,CAAGH,GAAKC,EAAAA,IAAAA,CAAAA;AACV;AAEA,MAAMmB,oBACJ,GAAA,CAACpB,GAAKC,EAAAA,IAAAA,GAAS,OAAOe,IAAWb,EAAAA,QAAAA,GAAAA;QAC/B,MAAMC,YAAAA,GAAeC,MAAMC,uBAAuB,EAAA;QAElD,IAAI,CAACU,IAAKM,CAAAA,QAAQ,EAAE;AAClBX,YAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;gBACvCN,KAAO,EAAA,IAAIV,MAAM,CAAC,iCAAiC,EAAEkB,IAAKO,CAAAA,EAAE,CAAC,CAAC,CAAC,CAAA;AAC/DpB,gBAAAA;AACF,aAAA,CAAA;AACA,YAAA,OAAOH,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;QAEAR,GAAIwB,CAAAA,KAAK,CAACR,IAAI,GAAGA,IAAAA;QACjB,OAAOf,IAAAA,EAAAA;AACT,KAAA;AAEF,MAAMoB,uBACJ,GAAA,CAACrB,GAAKC,EAAAA,IAAAA,GAAS,OAAOQ,OAAcN,EAAAA,QAAAA,GAAAA;QAClC,MAAM,EAAEO,KAAK,EAAEe,SAAS,EAAEC,QAAQ,EAAEC,QAAQ,EAAE,GAAGlB,OAAAA;QACjD,MAAML,YAAAA,GAAeC,MAAMC,uBAAuB,EAAA;QAClD,MAAMsB,UAAAA,GAAa,MAAMvB,KAAAA,CAAMwB,aAAa,EAAA;AAC5C,QAAA,MAAM,EAAEC,SAAS,EAAE,GAAI,MAAMF,UAAAA,CAAWG,GAAG,CAAC;YAAEC,GAAK,EAAA;AAAO,SAAA,CAAA;;AAG1D,QAAA,MAAMC,0BAA0B,CAACN,QAAAA,KAAa,CAACF,SAAAA,IAAa,CAACC,QAAO,CAAA;QAEpE,IAAI,CAACI,UAAUI,YAAY,IAAI,CAACJ,SAAUK,CAAAA,WAAW,IAAIF,uBAAyB,EAAA;AAChFtB,YAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;gBAAEN,KAAOX,EAAAA,sBAAAA,EAAAA;AAA0BM,gBAAAA;AAAS,aAAA,CAAA;AACrF,YAAA,OAAOH,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;AAEA,QAAA,MAAM2B,WAAc,GAAA,MAAMlB,UAAW,CAAA,MAAA,CAAA,CAAQmB,OAAO,CAAC;AAAEb,YAAAA,EAAAA,EAAIO,UAAUK;AAAY,SAAA,CAAA;;AAGjF,QAAA,IAAI,CAACA,WAAa,EAAA;AAChBxB,YAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;gBAAEN,KAAOX,EAAAA,sBAAAA,EAAAA;AAA0BM,gBAAAA;AAAS,aAAA,CAAA;AACrF,YAAA,OAAOH,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;;QAGAR,GAAIwB,CAAAA,KAAK,CAACR,IAAI,GAAG,MAAMC,UAAW,CAAA,MAAA,CAAA,CAAQoB,MAAM,CAAC;AAC/C3B,YAAAA,KAAAA;AACAiB,YAAAA,QAAAA;AACAF,YAAAA,SAAAA;AACAC,YAAAA,QAAAA;YACAY,KAAO,EAAA;AAACH,gBAAAA,WAAAA,CAAYZ;AAAG,aAAA;YACvBD,QAAU,EAAA,IAAA;YACViB,iBAAmB,EAAA;AACrB,SAAA,CAAA;AAEA5B,QAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,6BAA+B,EAAA;YAClDE,IAAMhB,EAAAA,GAAAA,CAAIwB,KAAK,CAACR,IAAI;AACpBb,YAAAA;AACF,SAAA,CAAA;QAEA,OAAOF,IAAAA,EAAAA;AACT,KAAA;AAEK,MAAMuC,mBAA2C,OAAOxC,GAAAA,GAAAA;AAC7D,IAAA,MAAM,EACJE,MAAQ,EAAA,EAAEC,QAAQ,EAAE,EACrB,GAAGH,GAAAA;IACJ,MAAMI,YAAAA,GAAeC,MAAMC,uBAAuB,EAAA;AAClD,IAAA,MAAM,EAAEU,IAAI,EAAE,GAAGhB,IAAIwB,KAAK;IAE1B,IAAI;AACF,QAAA,MAAMiB,cAAiBC,GAAAA,iBAAAA,EAAAA;AACvB,QAAA,IAAI,CAACD,cAAgB,EAAA;YACnB9B,MAAOC,CAAAA,GAAG,CAACJ,KAAK,CAAC,qDAAA,CAAA;AACjB,YAAA,OAAOR,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;QAEA,MAAMmC,MAAAA,GAASC,MAAO5B,CAAAA,IAAAA,CAAKO,EAAE,CAAA;AAC7B,QAAA,MAAMsB,QAAWC,GAAAA,gBAAAA,EAAAA;AAEjB,QAAA,MAAM,EAAEC,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMR,cACvD,CAAA,OAAA,CAAA,CACAS,oBAAoB,CAACP,QAAQE,QAAU,EAAA;YACvCM,IAAM,EAAA;AACR,SAAA,CAAA;QAEA,MAAMC,aAAAA,GAAgBC,6BAA6B,SAAWJ,EAAAA,iBAAAA,CAAAA;AAC9DjD,QAAAA,GAAAA,CAAIsD,OAAO,CAACC,GAAG,CAACC,qBAAqBR,YAAcI,EAAAA,aAAAA,CAAAA;AAEnD,QAAA,MAAMK,YAAe,GAAA,MAAMhB,cAAe,CAAA,OAAA,CAAA,CAASiB,mBAAmB,CAACV,YAAAA,CAAAA;AACvE,QAAA,IAAI,WAAWS,YAAc,EAAA;YAC3B9C,MAAOC,CAAAA,GAAG,CAACJ,KAAK,CAAC,8CAAA,CAAA;AACjB,YAAA,OAAOR,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;AAEA,QAAA,MAAM,EAAEuC,KAAAA,EAAOY,WAAW,EAAE,GAAGF,YAAAA;AAE/B,QAAA,MAAMG,gBAAmBjD,GAAAA,MAAAA,CAAOkD,MAAM,CAAC9B,GAAG,CAAC,0BAAA,CAAA;AAC3C,QAAA,MAAM+B,YAAeC,GAAAA,OAAAA,CAAQC,GAAG,CAACC,QAAQ,KAAK,YAAA;AAC9C,QAAA,MAAMC,QAAW,GAAA,OAAON,gBAAqB,KAAA,SAAA,GAAYA,gBAAmBE,GAAAA,YAAAA;AAE5E,QAAA,MAAMK,MAA6BxD,GAAAA,MAAAA,CAAOkD,MAAM,CAAC9B,GAAG,CAAC,mBAAA,CAAA;AACrD/B,QAAAA,GAAAA,CAAIsD,OAAO,CAACC,GAAG,CAAC,YAAYI,WAAa,EAAA;YACvCS,QAAU,EAAA,KAAA;YACVC,MAAQH,EAAAA,QAAAA;YACRI,SAAW,EAAA,IAAA;AACXH,YAAAA;AACF,SAAA,CAAA;AAEA,QAAA,MAAMI,aAAgBtD,GAAAA,UAAAA,CAAW,MAAQuD,CAAAA,CAAAA,YAAY,CAACxD,IAAAA,CAAAA;AACtDL,QAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,oBAAsB,EAAA;YAAEE,IAAMuD,EAAAA,aAAAA;AAAepE,YAAAA;AAAS,SAAA,CAAA;QAE3EH,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaqE,OAAO,CAAA;AACnC,KAAA,CAAE,OAAOjE,KAAO,EAAA;AACdG,QAAAA,MAAAA,CAAOC,GAAG,CAACJ,KAAK,CAAC,mDAAqDA,EAAAA,KAAAA,CAAAA;AACtEG,QAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;AACvCN,YAAAA,KAAAA,EAAOA,KAAiBV,YAAAA,KAAAA,GAAQU,KAAQ,GAAA,IAAIV,KAAM,CAAA,mBAAA,CAAA;AAClDK,YAAAA;AACF,SAAA,CAAA;AACA,QAAA,OAAOH,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;AACF;AAEA,kBAAe;AACbT,IAAAA,YAAAA;AACAyC,IAAAA;AACF,CAAE;;;;"}
package/dist/server/server/src/bootstrap.js CHANGED
@@ -115,6 +115,11 @@ var bootstrap = (async ({ strapi: strapi1 })=>{
115
115
  // Pass through all JWT options (includes privateKey, publicKey, and any other options)
116
116
  jwtOptions: options
117
117
  });
118
+ const isProduction = process.env.NODE_ENV === 'production';
119
+ const adminCookieSecure = strapi1.config.get('admin.auth.cookie.secure');
120
+ if (isProduction && adminCookieSecure === false) {
121
+ strapi1.log.warn('Server is in production mode, but admin.auth.cookie.secure has been set to false. This is not recommended and will allow cookies to be sent over insecure connections.');
122
+ }
118
123
  await registerAdminConditions();
119
124
  await registerPermissionActions();
120
125
  registerModelHooks();
package/dist/server/server/src/bootstrap.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"bootstrap.js","sources":["../../../../server/src/bootstrap.ts"],"sourcesContent":["import { merge, map, difference, uniq } from 'lodash/fp';\nimport type { Core } from '@strapi/types';\nimport { async } from '@strapi/utils';\nimport { getService } from './utils';\nimport { getTokenOptions, expiresInToSeconds } from './services/token';\nimport adminActions from './config/admin-actions';\nimport adminConditions from './config/admin-conditions';\nimport constants from './services/constants';\nimport {\n DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN,\n DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN,\n DEFAULT_MAX_SESSION_LIFESPAN,\n DEFAULT_IDLE_SESSION_LIFESPAN,\n} from '../../shared/utils/session-auth';\n\nconst defaultAdminAuthSettings = {\n providers: {\n autoRegister: false,\n defaultRole: null,\n ssoLockedRoles: null,\n },\n};\n\nconst registerPermissionActions = async () => {\n await getService('permission').actionProvider.registerMany(adminActions.actions);\n};\n\nconst registerAdminConditions = async () => {\n await getService('permission').conditionProvider.registerMany(adminConditions.conditions);\n};\n\nconst registerModelHooks = () => {\n const { sendDidChangeInterfaceLanguage } = getService('metrics');\n\n strapi.db.lifecycles.subscribe({\n models: ['admin::user'],\n afterCreate: sendDidChangeInterfaceLanguage,\n afterDelete: sendDidChangeInterfaceLanguage,\n afterUpdate({ params }) {\n if (params.data.preferedLanguage) {\n sendDidChangeInterfaceLanguage();\n }\n },\n });\n};\n\nconst syncAuthSettings = async () => {\n const adminStore = await strapi.store({ type: 'core', name: 'admin' });\n const adminAuthSettings = await adminStore.get({ key: 'auth' });\n const newAuthSettings = merge(defaultAdminAuthSettings, adminAuthSettings);\n\n const roleExists = await getService('role').exists({\n id: newAuthSettings.providers.defaultRole,\n });\n\n // Reset the default SSO role if it has been deleted manually\n if (!roleExists) {\n newAuthSettings.providers.defaultRole = null;\n }\n\n await adminStore.set({ key: 'auth', value: newAuthSettings });\n};\n\nconst syncAPITokensPermissions = async () => {\n const validPermissions = strapi.contentAPI.permissions.providers.action.keys();\n const permissionsInDB = await async.pipe(\n strapi.db.query('admin::api-token-permission').findMany,\n map('action')\n )();\n\n const unknownPermissions = uniq(difference(permissionsInDB, validPermissions));\n\n if (unknownPermissions.length > 0) {\n await strapi.db\n .query('admin::api-token-permission')\n .deleteMany({ where: { action: { $in: unknownPermissions } } });\n }\n};\n\n/**\n * Ensures the creation of default API tokens during the app creation.\n *\n * Checks the database for existing users and API tokens:\n * - If there are no users and no API tokens, it creates two default API tokens:\n * 1. A \"Read Only\" API token with permissions for accessing resources.\n * 2. A \"Full Access\" API token with permissions for accessing and modifying resources.\n *\n * @sideEffects Creates new API tokens in the database if conditions are met.\n */\n\nconst createDefaultAPITokensIfNeeded = async () => {\n const userService = getService('user');\n const apiTokenService = getService('api-token');\n\n const usersCount = await userService.count();\n const apiTokenCount = await apiTokenService.count();\n\n if (usersCount === 0 && apiTokenCount === 0) {\n for (const token of constants.DEFAULT_API_TOKENS) {\n await apiTokenService.create(token);\n }\n }\n};\n\nexport default async ({ strapi }: { strapi: Core.Strapi }) => {\n // Get the merged token options (includes defaults merged with user config)\n const { options } = getTokenOptions();\n const legacyMaxRefreshFallback =\n expiresInToSeconds(options?.expiresIn) ?? DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN;\n const legacyMaxSessionFallback =\n expiresInToSeconds(options?.expiresIn) ?? DEFAULT_MAX_SESSION_LIFESPAN;\n\n // Warn if using deprecated legacy expiresIn for new session settings\n const hasLegacyExpires = options?.expiresIn != null;\n const hasNewMaxRefresh = strapi.config.get('admin.auth.sessions.maxRefreshTokenLifespan') != null;\n const hasNewMaxSession = strapi.config.get('admin.auth.sessions.maxSessionLifespan') != null;\n\n if (hasLegacyExpires && (!hasNewMaxRefresh || !hasNewMaxSession)) {\n strapi.log.warn(\n 'admin.auth.options.expiresIn is deprecated and will be removed in Strapi 6. Please configure admin.auth.sessions.maxRefreshTokenLifespan and admin.auth.sessions.maxSessionLifespan.'\n );\n }\n\n strapi.sessionManager.defineOrigin('admin', {\n jwtSecret: strapi.config.get('admin.auth.secret'),\n accessTokenLifespan: strapi.config.get('admin.auth.sessions.accessTokenLifespan', 30 * 60),\n maxRefreshTokenLifespan: strapi.config.get(\n 'admin.auth.sessions.maxRefreshTokenLifespan',\n legacyMaxRefreshFallback\n ),\n idleRefreshTokenLifespan: strapi.config.get(\n 'admin.auth.sessions.idleRefreshTokenLifespan',\n DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN\n ),\n maxSessionLifespan: strapi.config.get(\n 'admin.auth.sessions.maxSessionLifespan',\n legacyMaxSessionFallback\n ),\n idleSessionLifespan: strapi.config.get(\n 'admin.auth.sessions.idleSessionLifespan',\n DEFAULT_IDLE_SESSION_LIFESPAN\n ),\n algorithm: options?.algorithm,\n // Pass through all JWT options (includes privateKey, publicKey, and any other options)\n jwtOptions: options,\n });\n\n await registerAdminConditions();\n await registerPermissionActions();\n registerModelHooks();\n\n const permissionService = getService('permission');\n const userService = getService('user');\n const roleService = getService('role');\n const apiTokenService = getService('api-token');\n const transferService = getService('transfer');\n const tokenService = getService('token');\n\n await roleService.createRolesIfNoneExist();\n await roleService.resetSuperAdminPermissions();\n await roleService.displayWarningIfNoSuperAdmin();\n\n await permissionService.cleanPermissionsInDatabase();\n\n await userService.displayWarningIfUsersDontHaveRole();\n\n await syncAuthSettings();\n await syncAPITokensPermissions();\n\n await getService('metrics').sendUpdateProjectInformation(strapi);\n getService('metrics').startCron(strapi);\n\n apiTokenService.checkSaltIsDefined();\n transferService.token.checkSaltIsDefined();\n tokenService.checkSecretIsDefined();\n\n await createDefaultAPITokensIfNeeded();\n};\n"],"names":["defaultAdminAuthSettings","providers","autoRegister","defaultRole","ssoLockedRoles","registerPermissionActions","getService","actionProvider","registerMany","adminActions","actions","registerAdminConditions","conditionProvider","adminConditions","conditions","registerModelHooks","sendDidChangeInterfaceLanguage","strapi","db","lifecycles","subscribe","models","afterCreate","afterDelete","afterUpdate","params","data","preferedLanguage","syncAuthSettings","adminStore","store","type","name","adminAuthSettings","get","key","newAuthSettings","merge","roleExists","exists","id","set","value","syncAPITokensPermissions","validPermissions","contentAPI","permissions","action","keys","permissionsInDB","async","pipe","query","findMany","map","unknownPermissions","uniq","difference","length","deleteMany","where","$in","createDefaultAPITokensIfNeeded","userService","apiTokenService","usersCount","count","apiTokenCount","token","constants","DEFAULT_API_TOKENS","create","options","getTokenOptions","legacyMaxRefreshFallback","expiresInToSeconds","expiresIn","DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN","legacyMaxSessionFallback","DEFAULT_MAX_SESSION_LIFESPAN","hasLegacyExpires","hasNewMaxRefresh","config","hasNewMaxSession","log","warn","sessionManager","defineOrigin","jwtSecret","accessTokenLifespan","maxRefreshTokenLifespan","idleRefreshTokenLifespan","DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN","maxSessionLifespan","idleSessionLifespan","DEFAULT_IDLE_SESSION_LIFESPAN","algorithm","jwtOptions","permissionService","roleService","transferService","tokenService","createRolesIfNoneExist","resetSuperAdminPermissions","displayWarningIfNoSuperAdmin","cleanPermissionsInDatabase","displayWarningIfUsersDontHaveRole","sendUpdateProjectInformation","startCron","checkSaltIsDefined","checkSecretIsDefined"],"mappings":";;;;;;;;;;;AAeA,MAAMA,wBAA2B,GAAA;IAC/BC,SAAW,EAAA;QACTC,YAAc,EAAA,KAAA;QACdC,WAAa,EAAA,IAAA;QACbC,cAAgB,EAAA;AAClB;AACF,CAAA;AAEA,MAAMC,yBAA4B,GAAA,UAAA;AAChC,IAAA,MAAMC,iBAAW,YAAcC,CAAAA,CAAAA,cAAc,CAACC,YAAY,CAACC,qBAAaC,OAAO,CAAA;AACjF,CAAA;AAEA,MAAMC,uBAA0B,GAAA,UAAA;AAC9B,IAAA,MAAML,iBAAW,YAAcM,CAAAA,CAAAA,iBAAiB,CAACJ,YAAY,CAACK,wBAAgBC,UAAU,CAAA;AAC1F,CAAA;AAEA,MAAMC,kBAAqB,GAAA,IAAA;AACzB,IAAA,MAAM,EAAEC,8BAA8B,EAAE,GAAGV,gBAAW,CAAA,SAAA,CAAA;AAEtDW,IAAAA,MAAAA,CAAOC,EAAE,CAACC,UAAU,CAACC,SAAS,CAAC;QAC7BC,MAAQ,EAAA;AAAC,YAAA;AAAc,SAAA;QACvBC,WAAaN,EAAAA,8BAAAA;QACbO,WAAaP,EAAAA,8BAAAA;QACbQ,WAAY,CAAA,CAAA,EAAEC,MAAM,EAAE,EAAA;AACpB,YAAA,IAAIA,MAAOC,CAAAA,IAAI,CAACC,gBAAgB,EAAE;AAChCX,gBAAAA,8BAAAA,EAAAA;AACF;AACF;AACF,KAAA,CAAA;AACF,CAAA;AAEA,MAAMY,gBAAmB,GAAA,UAAA;AACvB,IAAA,MAAMC,UAAa,GAAA,MAAMZ,MAAOa,CAAAA,KAAK,CAAC;QAAEC,IAAM,EAAA,MAAA;QAAQC,IAAM,EAAA;AAAQ,KAAA,CAAA;AACpE,IAAA,MAAMC,iBAAoB,GAAA,MAAMJ,UAAWK,CAAAA,GAAG,CAAC;QAAEC,GAAK,EAAA;AAAO,KAAA,CAAA;IAC7D,MAAMC,eAAAA,GAAkBC,SAAMrC,wBAA0BiC,EAAAA,iBAAAA,CAAAA;AAExD,IAAA,MAAMK,UAAa,GAAA,MAAMhC,gBAAW,CAAA,MAAA,CAAA,CAAQiC,MAAM,CAAC;QACjDC,EAAIJ,EAAAA,eAAAA,CAAgBnC,SAAS,CAACE;AAChC,KAAA,CAAA;;AAGA,IAAA,IAAI,CAACmC,UAAY,EAAA;QACfF,eAAgBnC,CAAAA,SAAS,CAACE,WAAW,GAAG,IAAA;AAC1C;IAEA,MAAM0B,UAAAA,CAAWY,GAAG,CAAC;QAAEN,GAAK,EAAA,MAAA;QAAQO,KAAON,EAAAA;AAAgB,KAAA,CAAA;AAC7D,CAAA;AAEA,MAAMO,wBAA2B,GAAA,UAAA;IAC/B,MAAMC,gBAAAA,GAAmB3B,MAAO4B,CAAAA,UAAU,CAACC,WAAW,CAAC7C,SAAS,CAAC8C,MAAM,CAACC,IAAI,EAAA;AAC5E,IAAA,MAAMC,eAAkB,GAAA,MAAMC,WAAMC,CAAAA,IAAI,CACtClC,MAAAA,CAAOC,EAAE,CAACkC,KAAK,CAAC,6BAA+BC,CAAAA,CAAAA,QAAQ,EACvDC,MAAI,CAAA,QAAA,CAAA,CAAA,EAAA;IAGN,MAAMC,kBAAAA,GAAqBC,OAAKC,CAAAA,aAAAA,CAAWR,eAAiBL,EAAAA,gBAAAA,CAAAA,CAAAA;IAE5D,IAAIW,kBAAAA,CAAmBG,MAAM,GAAG,CAAG,EAAA;AACjC,QAAA,MAAMzC,OAAOC,EAAE,CACZkC,KAAK,CAAC,6BAAA,CAAA,CACNO,UAAU,CAAC;YAAEC,KAAO,EAAA;gBAAEb,MAAQ,EAAA;oBAAEc,GAAKN,EAAAA;AAAmB;AAAE;AAAE,SAAA,CAAA;AACjE;AACF,CAAA;AAEA;;;;;;;;;AASC,IAED,MAAMO,8BAAiC,GAAA,UAAA;AACrC,IAAA,MAAMC,cAAczD,gBAAW,CAAA,MAAA,CAAA;AAC/B,IAAA,MAAM0D,kBAAkB1D,gBAAW,CAAA,WAAA,CAAA;IAEnC,MAAM2D,UAAAA,GAAa,MAAMF,WAAAA,CAAYG,KAAK,EAAA;IAC1C,MAAMC,aAAAA,GAAgB,MAAMH,eAAAA,CAAgBE,KAAK,EAAA;IAEjD,IAAID,UAAAA,KAAe,CAAKE,IAAAA,aAAAA,KAAkB,CAAG,EAAA;AAC3C,QAAA,KAAK,MAAMC,KAAAA,IAASC,SAAUC,CAAAA,kBAAkB,CAAE;YAChD,MAAMN,eAAAA,CAAgBO,MAAM,CAACH,KAAAA,CAAAA;AAC/B;AACF;AACF,CAAA;AAEA,gBAAe,CAAA,OAAO,EAAEnD,MAAAA,EAAAA,OAAM,EAA2B,GAAA;;IAEvD,MAAM,EAAEuD,OAAO,EAAE,GAAGC,qBAAAA,EAAAA;IACpB,MAAMC,wBAAAA,GACJC,wBAAmBH,CAAAA,OAAAA,EAASI,SAAcC,CAAAA,IAAAA,8CAAAA;IAC5C,MAAMC,wBAAAA,GACJH,wBAAmBH,CAAAA,OAAAA,EAASI,SAAcG,CAAAA,IAAAA,wCAAAA;;IAG5C,MAAMC,gBAAAA,GAAmBR,SAASI,SAAa,IAAA,IAAA;AAC/C,IAAA,MAAMK,mBAAmBhE,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CAAC,6CAAkD,CAAA,IAAA,IAAA;AAC7F,IAAA,MAAMiD,mBAAmBlE,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CAAC,wCAA6C,CAAA,IAAA,IAAA;AAExF,IAAA,IAAI8C,qBAAqB,CAACC,gBAAoB,IAAA,CAACE,gBAAe,CAAI,EAAA;QAChElE,OAAOmE,CAAAA,GAAG,CAACC,IAAI,CACb,sLAAA,CAAA;AAEJ;AAEApE,IAAAA,OAAAA,CAAOqE,cAAc,CAACC,YAAY,CAAC,OAAS,EAAA;AAC1CC,QAAAA,SAAAA,EAAWvE,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CAAC,mBAAA,CAAA;AAC7BuD,QAAAA,mBAAAA,EAAqBxE,QAAOiE,MAAM,CAAChD,GAAG,CAAC,2CAA2C,EAAK,GAAA,EAAA,CAAA;AACvFwD,QAAAA,uBAAAA,EAAyBzE,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CACxC,6CACAwC,EAAAA,wBAAAA,CAAAA;AAEFiB,QAAAA,wBAAAA,EAA0B1E,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CACzC,8CACA0D,EAAAA,+CAAAA,CAAAA;AAEFC,QAAAA,kBAAAA,EAAoB5E,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CACnC,wCACA4C,EAAAA,wBAAAA,CAAAA;AAEFgB,QAAAA,mBAAAA,EAAqB7E,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CACpC,yCACA6D,EAAAA,yCAAAA,CAAAA;AAEFC,QAAAA,SAAAA,EAAWxB,OAASwB,EAAAA,SAAAA;;QAEpBC,UAAYzB,EAAAA;AACd,KAAA,CAAA;IAEA,MAAM7D,uBAAAA,EAAAA;IACN,MAAMN,yBAAAA,EAAAA;AACNU,IAAAA,kBAAAA,EAAAA;AAEA,IAAA,MAAMmF,oBAAoB5F,gBAAW,CAAA,YAAA,CAAA;AACrC,IAAA,MAAMyD,cAAczD,gBAAW,CAAA,MAAA,CAAA;AAC/B,IAAA,MAAM6F,cAAc7F,gBAAW,CAAA,MAAA,CAAA;AAC/B,IAAA,MAAM0D,kBAAkB1D,gBAAW,CAAA,WAAA,CAAA;AACnC,IAAA,MAAM8F,kBAAkB9F,gBAAW,CAAA,UAAA,CAAA;AACnC,IAAA,MAAM+F,eAAe/F,gBAAW,CAAA,OAAA,CAAA;AAEhC,IAAA,MAAM6F,YAAYG,sBAAsB,EAAA;AACxC,IAAA,MAAMH,YAAYI,0BAA0B,EAAA;AAC5C,IAAA,MAAMJ,YAAYK,4BAA4B,EAAA;AAE9C,IAAA,MAAMN,kBAAkBO,0BAA0B,EAAA;AAElD,IAAA,MAAM1C,YAAY2C,iCAAiC,EAAA;IAEnD,MAAM9E,gBAAAA,EAAAA;IACN,MAAMe,wBAAAA,EAAAA;IAEN,MAAMrC,gBAAAA,CAAW,SAAWqG,CAAAA,CAAAA,4BAA4B,CAAC1F,OAAAA,CAAAA;IACzDX,gBAAW,CAAA,SAAA,CAAA,CAAWsG,SAAS,CAAC3F,OAAAA,CAAAA;AAEhC+C,IAAAA,eAAAA,CAAgB6C,kBAAkB,EAAA;IAClCT,eAAgBhC,CAAAA,KAAK,CAACyC,kBAAkB,EAAA;AACxCR,IAAAA,YAAAA,CAAaS,oBAAoB,EAAA;IAEjC,MAAMhD,8BAAAA,EAAAA;AACR,CAAA;;;;"}
1
+ {"version":3,"file":"bootstrap.js","sources":["../../../../server/src/bootstrap.ts"],"sourcesContent":["import { merge, map, difference, uniq } from 'lodash/fp';\nimport type { Core } from '@strapi/types';\nimport { async } from '@strapi/utils';\nimport { getService } from './utils';\nimport { getTokenOptions, expiresInToSeconds } from './services/token';\nimport adminActions from './config/admin-actions';\nimport adminConditions from './config/admin-conditions';\nimport constants from './services/constants';\nimport {\n DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN,\n DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN,\n DEFAULT_MAX_SESSION_LIFESPAN,\n DEFAULT_IDLE_SESSION_LIFESPAN,\n} from '../../shared/utils/session-auth';\n\nconst defaultAdminAuthSettings = {\n providers: {\n autoRegister: false,\n defaultRole: null,\n ssoLockedRoles: null,\n },\n};\n\nconst registerPermissionActions = async () => {\n await getService('permission').actionProvider.registerMany(adminActions.actions);\n};\n\nconst registerAdminConditions = async () => {\n await getService('permission').conditionProvider.registerMany(adminConditions.conditions);\n};\n\nconst registerModelHooks = () => {\n const { sendDidChangeInterfaceLanguage } = getService('metrics');\n\n strapi.db.lifecycles.subscribe({\n models: ['admin::user'],\n afterCreate: sendDidChangeInterfaceLanguage,\n afterDelete: sendDidChangeInterfaceLanguage,\n afterUpdate({ params }) {\n if (params.data.preferedLanguage) {\n sendDidChangeInterfaceLanguage();\n }\n },\n });\n};\n\nconst syncAuthSettings = async () => {\n const adminStore = await strapi.store({ type: 'core', name: 'admin' });\n const adminAuthSettings = await adminStore.get({ key: 'auth' });\n const newAuthSettings = merge(defaultAdminAuthSettings, adminAuthSettings);\n\n const roleExists = await getService('role').exists({\n id: newAuthSettings.providers.defaultRole,\n });\n\n // Reset the default SSO role if it has been deleted manually\n if (!roleExists) {\n newAuthSettings.providers.defaultRole = null;\n }\n\n await adminStore.set({ key: 'auth', value: newAuthSettings });\n};\n\nconst syncAPITokensPermissions = async () => {\n const validPermissions = strapi.contentAPI.permissions.providers.action.keys();\n const permissionsInDB = await async.pipe(\n strapi.db.query('admin::api-token-permission').findMany,\n map('action')\n )();\n\n const unknownPermissions = uniq(difference(permissionsInDB, validPermissions));\n\n if (unknownPermissions.length > 0) {\n await strapi.db\n .query('admin::api-token-permission')\n .deleteMany({ where: { action: { $in: unknownPermissions } } });\n }\n};\n\n/**\n * Ensures the creation of default API tokens during the app creation.\n *\n * Checks the database for existing users and API tokens:\n * - If there are no users and no API tokens, it creates two default API tokens:\n * 1. A \"Read Only\" API token with permissions for accessing resources.\n * 2. A \"Full Access\" API token with permissions for accessing and modifying resources.\n *\n * @sideEffects Creates new API tokens in the database if conditions are met.\n */\n\nconst createDefaultAPITokensIfNeeded = async () => {\n const userService = getService('user');\n const apiTokenService = getService('api-token');\n\n const usersCount = await userService.count();\n const apiTokenCount = await apiTokenService.count();\n\n if (usersCount === 0 && apiTokenCount === 0) {\n for (const token of constants.DEFAULT_API_TOKENS) {\n await apiTokenService.create(token);\n }\n }\n};\n\nexport default async ({ strapi }: { strapi: Core.Strapi }) => {\n // Get the merged token options (includes defaults merged with user config)\n const { options } = getTokenOptions();\n const legacyMaxRefreshFallback =\n expiresInToSeconds(options?.expiresIn) ?? DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN;\n const legacyMaxSessionFallback =\n expiresInToSeconds(options?.expiresIn) ?? DEFAULT_MAX_SESSION_LIFESPAN;\n\n // Warn if using deprecated legacy expiresIn for new session settings\n const hasLegacyExpires = options?.expiresIn != null;\n const hasNewMaxRefresh = strapi.config.get('admin.auth.sessions.maxRefreshTokenLifespan') != null;\n const hasNewMaxSession = strapi.config.get('admin.auth.sessions.maxSessionLifespan') != null;\n\n if (hasLegacyExpires && (!hasNewMaxRefresh || !hasNewMaxSession)) {\n strapi.log.warn(\n 'admin.auth.options.expiresIn is deprecated and will be removed in Strapi 6. Please configure admin.auth.sessions.maxRefreshTokenLifespan and admin.auth.sessions.maxSessionLifespan.'\n );\n }\n\n strapi.sessionManager.defineOrigin('admin', {\n jwtSecret: strapi.config.get('admin.auth.secret'),\n accessTokenLifespan: strapi.config.get('admin.auth.sessions.accessTokenLifespan', 30 * 60),\n maxRefreshTokenLifespan: strapi.config.get(\n 'admin.auth.sessions.maxRefreshTokenLifespan',\n legacyMaxRefreshFallback\n ),\n idleRefreshTokenLifespan: strapi.config.get(\n 'admin.auth.sessions.idleRefreshTokenLifespan',\n DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN\n ),\n maxSessionLifespan: strapi.config.get(\n 'admin.auth.sessions.maxSessionLifespan',\n legacyMaxSessionFallback\n ),\n idleSessionLifespan: strapi.config.get(\n 'admin.auth.sessions.idleSessionLifespan',\n DEFAULT_IDLE_SESSION_LIFESPAN\n ),\n algorithm: options?.algorithm,\n // Pass through all JWT options (includes privateKey, publicKey, and any other options)\n jwtOptions: options,\n });\n\n const isProduction = process.env.NODE_ENV === 'production';\n const adminCookieSecure = strapi.config.get('admin.auth.cookie.secure');\n if (isProduction && adminCookieSecure === false) {\n strapi.log.warn(\n 'Server is in production mode, but admin.auth.cookie.secure has been set to false. This is not recommended and will allow cookies to be sent over insecure connections.'\n );\n }\n\n await registerAdminConditions();\n await registerPermissionActions();\n registerModelHooks();\n\n const permissionService = getService('permission');\n const userService = getService('user');\n const roleService = getService('role');\n const apiTokenService = getService('api-token');\n const transferService = getService('transfer');\n const tokenService = getService('token');\n\n await roleService.createRolesIfNoneExist();\n await roleService.resetSuperAdminPermissions();\n await roleService.displayWarningIfNoSuperAdmin();\n\n await permissionService.cleanPermissionsInDatabase();\n\n await userService.displayWarningIfUsersDontHaveRole();\n\n await syncAuthSettings();\n await syncAPITokensPermissions();\n\n await getService('metrics').sendUpdateProjectInformation(strapi);\n getService('metrics').startCron(strapi);\n\n apiTokenService.checkSaltIsDefined();\n transferService.token.checkSaltIsDefined();\n tokenService.checkSecretIsDefined();\n\n await createDefaultAPITokensIfNeeded();\n};\n"],"names":["defaultAdminAuthSettings","providers","autoRegister","defaultRole","ssoLockedRoles","registerPermissionActions","getService","actionProvider","registerMany","adminActions","actions","registerAdminConditions","conditionProvider","adminConditions","conditions","registerModelHooks","sendDidChangeInterfaceLanguage","strapi","db","lifecycles","subscribe","models","afterCreate","afterDelete","afterUpdate","params","data","preferedLanguage","syncAuthSettings","adminStore","store","type","name","adminAuthSettings","get","key","newAuthSettings","merge","roleExists","exists","id","set","value","syncAPITokensPermissions","validPermissions","contentAPI","permissions","action","keys","permissionsInDB","async","pipe","query","findMany","map","unknownPermissions","uniq","difference","length","deleteMany","where","$in","createDefaultAPITokensIfNeeded","userService","apiTokenService","usersCount","count","apiTokenCount","token","constants","DEFAULT_API_TOKENS","create","options","getTokenOptions","legacyMaxRefreshFallback","expiresInToSeconds","expiresIn","DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN","legacyMaxSessionFallback","DEFAULT_MAX_SESSION_LIFESPAN","hasLegacyExpires","hasNewMaxRefresh","config","hasNewMaxSession","log","warn","sessionManager","defineOrigin","jwtSecret","accessTokenLifespan","maxRefreshTokenLifespan","idleRefreshTokenLifespan","DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN","maxSessionLifespan","idleSessionLifespan","DEFAULT_IDLE_SESSION_LIFESPAN","algorithm","jwtOptions","isProduction","process","env","NODE_ENV","adminCookieSecure","permissionService","roleService","transferService","tokenService","createRolesIfNoneExist","resetSuperAdminPermissions","displayWarningIfNoSuperAdmin","cleanPermissionsInDatabase","displayWarningIfUsersDontHaveRole","sendUpdateProjectInformation","startCron","checkSaltIsDefined","checkSecretIsDefined"],"mappings":";;;;;;;;;;;AAeA,MAAMA,wBAA2B,GAAA;IAC/BC,SAAW,EAAA;QACTC,YAAc,EAAA,KAAA;QACdC,WAAa,EAAA,IAAA;QACbC,cAAgB,EAAA;AAClB;AACF,CAAA;AAEA,MAAMC,yBAA4B,GAAA,UAAA;AAChC,IAAA,MAAMC,iBAAW,YAAcC,CAAAA,CAAAA,cAAc,CAACC,YAAY,CAACC,qBAAaC,OAAO,CAAA;AACjF,CAAA;AAEA,MAAMC,uBAA0B,GAAA,UAAA;AAC9B,IAAA,MAAML,iBAAW,YAAcM,CAAAA,CAAAA,iBAAiB,CAACJ,YAAY,CAACK,wBAAgBC,UAAU,CAAA;AAC1F,CAAA;AAEA,MAAMC,kBAAqB,GAAA,IAAA;AACzB,IAAA,MAAM,EAAEC,8BAA8B,EAAE,GAAGV,gBAAW,CAAA,SAAA,CAAA;AAEtDW,IAAAA,MAAAA,CAAOC,EAAE,CAACC,UAAU,CAACC,SAAS,CAAC;QAC7BC,MAAQ,EAAA;AAAC,YAAA;AAAc,SAAA;QACvBC,WAAaN,EAAAA,8BAAAA;QACbO,WAAaP,EAAAA,8BAAAA;QACbQ,WAAY,CAAA,CAAA,EAAEC,MAAM,EAAE,EAAA;AACpB,YAAA,IAAIA,MAAOC,CAAAA,IAAI,CAACC,gBAAgB,EAAE;AAChCX,gBAAAA,8BAAAA,EAAAA;AACF;AACF;AACF,KAAA,CAAA;AACF,CAAA;AAEA,MAAMY,gBAAmB,GAAA,UAAA;AACvB,IAAA,MAAMC,UAAa,GAAA,MAAMZ,MAAOa,CAAAA,KAAK,CAAC;QAAEC,IAAM,EAAA,MAAA;QAAQC,IAAM,EAAA;AAAQ,KAAA,CAAA;AACpE,IAAA,MAAMC,iBAAoB,GAAA,MAAMJ,UAAWK,CAAAA,GAAG,CAAC;QAAEC,GAAK,EAAA;AAAO,KAAA,CAAA;IAC7D,MAAMC,eAAAA,GAAkBC,SAAMrC,wBAA0BiC,EAAAA,iBAAAA,CAAAA;AAExD,IAAA,MAAMK,UAAa,GAAA,MAAMhC,gBAAW,CAAA,MAAA,CAAA,CAAQiC,MAAM,CAAC;QACjDC,EAAIJ,EAAAA,eAAAA,CAAgBnC,SAAS,CAACE;AAChC,KAAA,CAAA;;AAGA,IAAA,IAAI,CAACmC,UAAY,EAAA;QACfF,eAAgBnC,CAAAA,SAAS,CAACE,WAAW,GAAG,IAAA;AAC1C;IAEA,MAAM0B,UAAAA,CAAWY,GAAG,CAAC;QAAEN,GAAK,EAAA,MAAA;QAAQO,KAAON,EAAAA;AAAgB,KAAA,CAAA;AAC7D,CAAA;AAEA,MAAMO,wBAA2B,GAAA,UAAA;IAC/B,MAAMC,gBAAAA,GAAmB3B,MAAO4B,CAAAA,UAAU,CAACC,WAAW,CAAC7C,SAAS,CAAC8C,MAAM,CAACC,IAAI,EAAA;AAC5E,IAAA,MAAMC,eAAkB,GAAA,MAAMC,WAAMC,CAAAA,IAAI,CACtClC,MAAAA,CAAOC,EAAE,CAACkC,KAAK,CAAC,6BAA+BC,CAAAA,CAAAA,QAAQ,EACvDC,MAAI,CAAA,QAAA,CAAA,CAAA,EAAA;IAGN,MAAMC,kBAAAA,GAAqBC,OAAKC,CAAAA,aAAAA,CAAWR,eAAiBL,EAAAA,gBAAAA,CAAAA,CAAAA;IAE5D,IAAIW,kBAAAA,CAAmBG,MAAM,GAAG,CAAG,EAAA;AACjC,QAAA,MAAMzC,OAAOC,EAAE,CACZkC,KAAK,CAAC,6BAAA,CAAA,CACNO,UAAU,CAAC;YAAEC,KAAO,EAAA;gBAAEb,MAAQ,EAAA;oBAAEc,GAAKN,EAAAA;AAAmB;AAAE;AAAE,SAAA,CAAA;AACjE;AACF,CAAA;AAEA;;;;;;;;;AASC,IAED,MAAMO,8BAAiC,GAAA,UAAA;AACrC,IAAA,MAAMC,cAAczD,gBAAW,CAAA,MAAA,CAAA;AAC/B,IAAA,MAAM0D,kBAAkB1D,gBAAW,CAAA,WAAA,CAAA;IAEnC,MAAM2D,UAAAA,GAAa,MAAMF,WAAAA,CAAYG,KAAK,EAAA;IAC1C,MAAMC,aAAAA,GAAgB,MAAMH,eAAAA,CAAgBE,KAAK,EAAA;IAEjD,IAAID,UAAAA,KAAe,CAAKE,IAAAA,aAAAA,KAAkB,CAAG,EAAA;AAC3C,QAAA,KAAK,MAAMC,KAAAA,IAASC,SAAUC,CAAAA,kBAAkB,CAAE;YAChD,MAAMN,eAAAA,CAAgBO,MAAM,CAACH,KAAAA,CAAAA;AAC/B;AACF;AACF,CAAA;AAEA,gBAAe,CAAA,OAAO,EAAEnD,MAAAA,EAAAA,OAAM,EAA2B,GAAA;;IAEvD,MAAM,EAAEuD,OAAO,EAAE,GAAGC,qBAAAA,EAAAA;IACpB,MAAMC,wBAAAA,GACJC,wBAAmBH,CAAAA,OAAAA,EAASI,SAAcC,CAAAA,IAAAA,8CAAAA;IAC5C,MAAMC,wBAAAA,GACJH,wBAAmBH,CAAAA,OAAAA,EAASI,SAAcG,CAAAA,IAAAA,wCAAAA;;IAG5C,MAAMC,gBAAAA,GAAmBR,SAASI,SAAa,IAAA,IAAA;AAC/C,IAAA,MAAMK,mBAAmBhE,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CAAC,6CAAkD,CAAA,IAAA,IAAA;AAC7F,IAAA,MAAMiD,mBAAmBlE,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CAAC,wCAA6C,CAAA,IAAA,IAAA;AAExF,IAAA,IAAI8C,qBAAqB,CAACC,gBAAoB,IAAA,CAACE,gBAAe,CAAI,EAAA;QAChElE,OAAOmE,CAAAA,GAAG,CAACC,IAAI,CACb,sLAAA,CAAA;AAEJ;AAEApE,IAAAA,OAAAA,CAAOqE,cAAc,CAACC,YAAY,CAAC,OAAS,EAAA;AAC1CC,QAAAA,SAAAA,EAAWvE,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CAAC,mBAAA,CAAA;AAC7BuD,QAAAA,mBAAAA,EAAqBxE,QAAOiE,MAAM,CAAChD,GAAG,CAAC,2CAA2C,EAAK,GAAA,EAAA,CAAA;AACvFwD,QAAAA,uBAAAA,EAAyBzE,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CACxC,6CACAwC,EAAAA,wBAAAA,CAAAA;AAEFiB,QAAAA,wBAAAA,EAA0B1E,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CACzC,8CACA0D,EAAAA,+CAAAA,CAAAA;AAEFC,QAAAA,kBAAAA,EAAoB5E,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CACnC,wCACA4C,EAAAA,wBAAAA,CAAAA;AAEFgB,QAAAA,mBAAAA,EAAqB7E,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CACpC,yCACA6D,EAAAA,yCAAAA,CAAAA;AAEFC,QAAAA,SAAAA,EAAWxB,OAASwB,EAAAA,SAAAA;;QAEpBC,UAAYzB,EAAAA;AACd,KAAA,CAAA;AAEA,IAAA,MAAM0B,YAAeC,GAAAA,OAAAA,CAAQC,GAAG,CAACC,QAAQ,KAAK,YAAA;AAC9C,IAAA,MAAMC,iBAAoBrF,GAAAA,OAAAA,CAAOiE,MAAM,CAAChD,GAAG,CAAC,0BAAA,CAAA;IAC5C,IAAIgE,YAAAA,IAAgBI,sBAAsB,KAAO,EAAA;QAC/CrF,OAAOmE,CAAAA,GAAG,CAACC,IAAI,CACb,wKAAA,CAAA;AAEJ;IAEA,MAAM1E,uBAAAA,EAAAA;IACN,MAAMN,yBAAAA,EAAAA;AACNU,IAAAA,kBAAAA,EAAAA;AAEA,IAAA,MAAMwF,oBAAoBjG,gBAAW,CAAA,YAAA,CAAA;AACrC,IAAA,MAAMyD,cAAczD,gBAAW,CAAA,MAAA,CAAA;AAC/B,IAAA,MAAMkG,cAAclG,gBAAW,CAAA,MAAA,CAAA;AAC/B,IAAA,MAAM0D,kBAAkB1D,gBAAW,CAAA,WAAA,CAAA;AACnC,IAAA,MAAMmG,kBAAkBnG,gBAAW,CAAA,UAAA,CAAA;AACnC,IAAA,MAAMoG,eAAepG,gBAAW,CAAA,OAAA,CAAA;AAEhC,IAAA,MAAMkG,YAAYG,sBAAsB,EAAA;AACxC,IAAA,MAAMH,YAAYI,0BAA0B,EAAA;AAC5C,IAAA,MAAMJ,YAAYK,4BAA4B,EAAA;AAE9C,IAAA,MAAMN,kBAAkBO,0BAA0B,EAAA;AAElD,IAAA,MAAM/C,YAAYgD,iCAAiC,EAAA;IAEnD,MAAMnF,gBAAAA,EAAAA;IACN,MAAMe,wBAAAA,EAAAA;IAEN,MAAMrC,gBAAAA,CAAW,SAAW0G,CAAAA,CAAAA,4BAA4B,CAAC/F,OAAAA,CAAAA;IACzDX,gBAAW,CAAA,SAAA,CAAA,CAAW2G,SAAS,CAAChG,OAAAA,CAAAA;AAEhC+C,IAAAA,eAAAA,CAAgBkD,kBAAkB,EAAA;IAClCT,eAAgBrC,CAAAA,KAAK,CAAC8C,kBAAkB,EAAA;AACxCR,IAAAA,YAAAA,CAAaS,oBAAoB,EAAA;IAEjC,MAAMrD,8BAAAA,EAAAA;AACR,CAAA;;;;"}
package/dist/server/server/src/bootstrap.mjs CHANGED
@@ -113,6 +113,11 @@ var bootstrap = (async ({ strapi: strapi1 })=>{
113
113
  // Pass through all JWT options (includes privateKey, publicKey, and any other options)
114
114
  jwtOptions: options
115
115
  });
116
+ const isProduction = process.env.NODE_ENV === 'production';
117
+ const adminCookieSecure = strapi1.config.get('admin.auth.cookie.secure');
118
+ if (isProduction && adminCookieSecure === false) {
119
+ strapi1.log.warn('Server is in production mode, but admin.auth.cookie.secure has been set to false. This is not recommended and will allow cookies to be sent over insecure connections.');
120
+ }
116
121
  await registerAdminConditions();
117
122
  await registerPermissionActions();
118
123
  registerModelHooks();
package/dist/server/server/src/bootstrap.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"bootstrap.mjs","sources":["../../../../server/src/bootstrap.ts"],"sourcesContent":["import { merge, map, difference, uniq } from 'lodash/fp';\nimport type { Core } from '@strapi/types';\nimport { async } from '@strapi/utils';\nimport { getService } from './utils';\nimport { getTokenOptions, expiresInToSeconds } from './services/token';\nimport adminActions from './config/admin-actions';\nimport adminConditions from './config/admin-conditions';\nimport constants from './services/constants';\nimport {\n DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN,\n DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN,\n DEFAULT_MAX_SESSION_LIFESPAN,\n DEFAULT_IDLE_SESSION_LIFESPAN,\n} from '../../shared/utils/session-auth';\n\nconst defaultAdminAuthSettings = {\n providers: {\n autoRegister: false,\n defaultRole: null,\n ssoLockedRoles: null,\n },\n};\n\nconst registerPermissionActions = async () => {\n await getService('permission').actionProvider.registerMany(adminActions.actions);\n};\n\nconst registerAdminConditions = async () => {\n await getService('permission').conditionProvider.registerMany(adminConditions.conditions);\n};\n\nconst registerModelHooks = () => {\n const { sendDidChangeInterfaceLanguage } = getService('metrics');\n\n strapi.db.lifecycles.subscribe({\n models: ['admin::user'],\n afterCreate: sendDidChangeInterfaceLanguage,\n afterDelete: sendDidChangeInterfaceLanguage,\n afterUpdate({ params }) {\n if (params.data.preferedLanguage) {\n sendDidChangeInterfaceLanguage();\n }\n },\n });\n};\n\nconst syncAuthSettings = async () => {\n const adminStore = await strapi.store({ type: 'core', name: 'admin' });\n const adminAuthSettings = await adminStore.get({ key: 'auth' });\n const newAuthSettings = merge(defaultAdminAuthSettings, adminAuthSettings);\n\n const roleExists = await getService('role').exists({\n id: newAuthSettings.providers.defaultRole,\n });\n\n // Reset the default SSO role if it has been deleted manually\n if (!roleExists) {\n newAuthSettings.providers.defaultRole = null;\n }\n\n await adminStore.set({ key: 'auth', value: newAuthSettings });\n};\n\nconst syncAPITokensPermissions = async () => {\n const validPermissions = strapi.contentAPI.permissions.providers.action.keys();\n const permissionsInDB = await async.pipe(\n strapi.db.query('admin::api-token-permission').findMany,\n map('action')\n )();\n\n const unknownPermissions = uniq(difference(permissionsInDB, validPermissions));\n\n if (unknownPermissions.length > 0) {\n await strapi.db\n .query('admin::api-token-permission')\n .deleteMany({ where: { action: { $in: unknownPermissions } } });\n }\n};\n\n/**\n * Ensures the creation of default API tokens during the app creation.\n *\n * Checks the database for existing users and API tokens:\n * - If there are no users and no API tokens, it creates two default API tokens:\n * 1. A \"Read Only\" API token with permissions for accessing resources.\n * 2. A \"Full Access\" API token with permissions for accessing and modifying resources.\n *\n * @sideEffects Creates new API tokens in the database if conditions are met.\n */\n\nconst createDefaultAPITokensIfNeeded = async () => {\n const userService = getService('user');\n const apiTokenService = getService('api-token');\n\n const usersCount = await userService.count();\n const apiTokenCount = await apiTokenService.count();\n\n if (usersCount === 0 && apiTokenCount === 0) {\n for (const token of constants.DEFAULT_API_TOKENS) {\n await apiTokenService.create(token);\n }\n }\n};\n\nexport default async ({ strapi }: { strapi: Core.Strapi }) => {\n // Get the merged token options (includes defaults merged with user config)\n const { options } = getTokenOptions();\n const legacyMaxRefreshFallback =\n expiresInToSeconds(options?.expiresIn) ?? DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN;\n const legacyMaxSessionFallback =\n expiresInToSeconds(options?.expiresIn) ?? DEFAULT_MAX_SESSION_LIFESPAN;\n\n // Warn if using deprecated legacy expiresIn for new session settings\n const hasLegacyExpires = options?.expiresIn != null;\n const hasNewMaxRefresh = strapi.config.get('admin.auth.sessions.maxRefreshTokenLifespan') != null;\n const hasNewMaxSession = strapi.config.get('admin.auth.sessions.maxSessionLifespan') != null;\n\n if (hasLegacyExpires && (!hasNewMaxRefresh || !hasNewMaxSession)) {\n strapi.log.warn(\n 'admin.auth.options.expiresIn is deprecated and will be removed in Strapi 6. Please configure admin.auth.sessions.maxRefreshTokenLifespan and admin.auth.sessions.maxSessionLifespan.'\n );\n }\n\n strapi.sessionManager.defineOrigin('admin', {\n jwtSecret: strapi.config.get('admin.auth.secret'),\n accessTokenLifespan: strapi.config.get('admin.auth.sessions.accessTokenLifespan', 30 * 60),\n maxRefreshTokenLifespan: strapi.config.get(\n 'admin.auth.sessions.maxRefreshTokenLifespan',\n legacyMaxRefreshFallback\n ),\n idleRefreshTokenLifespan: strapi.config.get(\n 'admin.auth.sessions.idleRefreshTokenLifespan',\n DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN\n ),\n maxSessionLifespan: strapi.config.get(\n 'admin.auth.sessions.maxSessionLifespan',\n legacyMaxSessionFallback\n ),\n idleSessionLifespan: strapi.config.get(\n 'admin.auth.sessions.idleSessionLifespan',\n DEFAULT_IDLE_SESSION_LIFESPAN\n ),\n algorithm: options?.algorithm,\n // Pass through all JWT options (includes privateKey, publicKey, and any other options)\n jwtOptions: options,\n });\n\n await registerAdminConditions();\n await registerPermissionActions();\n registerModelHooks();\n\n const permissionService = getService('permission');\n const userService = getService('user');\n const roleService = getService('role');\n const apiTokenService = getService('api-token');\n const transferService = getService('transfer');\n const tokenService = getService('token');\n\n await roleService.createRolesIfNoneExist();\n await roleService.resetSuperAdminPermissions();\n await roleService.displayWarningIfNoSuperAdmin();\n\n await permissionService.cleanPermissionsInDatabase();\n\n await userService.displayWarningIfUsersDontHaveRole();\n\n await syncAuthSettings();\n await syncAPITokensPermissions();\n\n await getService('metrics').sendUpdateProjectInformation(strapi);\n getService('metrics').startCron(strapi);\n\n apiTokenService.checkSaltIsDefined();\n transferService.token.checkSaltIsDefined();\n tokenService.checkSecretIsDefined();\n\n await createDefaultAPITokensIfNeeded();\n};\n"],"names":["defaultAdminAuthSettings","providers","autoRegister","defaultRole","ssoLockedRoles","registerPermissionActions","getService","actionProvider","registerMany","adminActions","actions","registerAdminConditions","conditionProvider","adminConditions","conditions","registerModelHooks","sendDidChangeInterfaceLanguage","strapi","db","lifecycles","subscribe","models","afterCreate","afterDelete","afterUpdate","params","data","preferedLanguage","syncAuthSettings","adminStore","store","type","name","adminAuthSettings","get","key","newAuthSettings","merge","roleExists","exists","id","set","value","syncAPITokensPermissions","validPermissions","contentAPI","permissions","action","keys","permissionsInDB","async","pipe","query","findMany","map","unknownPermissions","uniq","difference","length","deleteMany","where","$in","createDefaultAPITokensIfNeeded","userService","apiTokenService","usersCount","count","apiTokenCount","token","constants","DEFAULT_API_TOKENS","create","options","getTokenOptions","legacyMaxRefreshFallback","expiresInToSeconds","expiresIn","DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN","legacyMaxSessionFallback","DEFAULT_MAX_SESSION_LIFESPAN","hasLegacyExpires","hasNewMaxRefresh","config","hasNewMaxSession","log","warn","sessionManager","defineOrigin","jwtSecret","accessTokenLifespan","maxRefreshTokenLifespan","idleRefreshTokenLifespan","DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN","maxSessionLifespan","idleSessionLifespan","DEFAULT_IDLE_SESSION_LIFESPAN","algorithm","jwtOptions","permissionService","roleService","transferService","tokenService","createRolesIfNoneExist","resetSuperAdminPermissions","displayWarningIfNoSuperAdmin","cleanPermissionsInDatabase","displayWarningIfUsersDontHaveRole","sendUpdateProjectInformation","startCron","checkSaltIsDefined","checkSecretIsDefined"],"mappings":";;;;;;;;;AAeA,MAAMA,wBAA2B,GAAA;IAC/BC,SAAW,EAAA;QACTC,YAAc,EAAA,KAAA;QACdC,WAAa,EAAA,IAAA;QACbC,cAAgB,EAAA;AAClB;AACF,CAAA;AAEA,MAAMC,yBAA4B,GAAA,UAAA;AAChC,IAAA,MAAMC,WAAW,YAAcC,CAAAA,CAAAA,cAAc,CAACC,YAAY,CAACC,aAAaC,OAAO,CAAA;AACjF,CAAA;AAEA,MAAMC,uBAA0B,GAAA,UAAA;AAC9B,IAAA,MAAML,WAAW,YAAcM,CAAAA,CAAAA,iBAAiB,CAACJ,YAAY,CAACK,gBAAgBC,UAAU,CAAA;AAC1F,CAAA;AAEA,MAAMC,kBAAqB,GAAA,IAAA;AACzB,IAAA,MAAM,EAAEC,8BAA8B,EAAE,GAAGV,UAAW,CAAA,SAAA,CAAA;AAEtDW,IAAAA,MAAAA,CAAOC,EAAE,CAACC,UAAU,CAACC,SAAS,CAAC;QAC7BC,MAAQ,EAAA;AAAC,YAAA;AAAc,SAAA;QACvBC,WAAaN,EAAAA,8BAAAA;QACbO,WAAaP,EAAAA,8BAAAA;QACbQ,WAAY,CAAA,CAAA,EAAEC,MAAM,EAAE,EAAA;AACpB,YAAA,IAAIA,MAAOC,CAAAA,IAAI,CAACC,gBAAgB,EAAE;AAChCX,gBAAAA,8BAAAA,EAAAA;AACF;AACF;AACF,KAAA,CAAA;AACF,CAAA;AAEA,MAAMY,gBAAmB,GAAA,UAAA;AACvB,IAAA,MAAMC,UAAa,GAAA,MAAMZ,MAAOa,CAAAA,KAAK,CAAC;QAAEC,IAAM,EAAA,MAAA;QAAQC,IAAM,EAAA;AAAQ,KAAA,CAAA;AACpE,IAAA,MAAMC,iBAAoB,GAAA,MAAMJ,UAAWK,CAAAA,GAAG,CAAC;QAAEC,GAAK,EAAA;AAAO,KAAA,CAAA;IAC7D,MAAMC,eAAAA,GAAkBC,MAAMrC,wBAA0BiC,EAAAA,iBAAAA,CAAAA;AAExD,IAAA,MAAMK,UAAa,GAAA,MAAMhC,UAAW,CAAA,MAAA,CAAA,CAAQiC,MAAM,CAAC;QACjDC,EAAIJ,EAAAA,eAAAA,CAAgBnC,SAAS,CAACE;AAChC,KAAA,CAAA;;AAGA,IAAA,IAAI,CAACmC,UAAY,EAAA;QACfF,eAAgBnC,CAAAA,SAAS,CAACE,WAAW,GAAG,IAAA;AAC1C;IAEA,MAAM0B,UAAAA,CAAWY,GAAG,CAAC;QAAEN,GAAK,EAAA,MAAA;QAAQO,KAAON,EAAAA;AAAgB,KAAA,CAAA;AAC7D,CAAA;AAEA,MAAMO,wBAA2B,GAAA,UAAA;IAC/B,MAAMC,gBAAAA,GAAmB3B,MAAO4B,CAAAA,UAAU,CAACC,WAAW,CAAC7C,SAAS,CAAC8C,MAAM,CAACC,IAAI,EAAA;AAC5E,IAAA,MAAMC,eAAkB,GAAA,MAAMC,KAAMC,CAAAA,IAAI,CACtClC,MAAAA,CAAOC,EAAE,CAACkC,KAAK,CAAC,6BAA+BC,CAAAA,CAAAA,QAAQ,EACvDC,GAAI,CAAA,QAAA,CAAA,CAAA,EAAA;IAGN,MAAMC,kBAAAA,GAAqBC,IAAKC,CAAAA,UAAAA,CAAWR,eAAiBL,EAAAA,gBAAAA,CAAAA,CAAAA;IAE5D,IAAIW,kBAAAA,CAAmBG,MAAM,GAAG,CAAG,EAAA;AACjC,QAAA,MAAMzC,OAAOC,EAAE,CACZkC,KAAK,CAAC,6BAAA,CAAA,CACNO,UAAU,CAAC;YAAEC,KAAO,EAAA;gBAAEb,MAAQ,EAAA;oBAAEc,GAAKN,EAAAA;AAAmB;AAAE;AAAE,SAAA,CAAA;AACjE;AACF,CAAA;AAEA;;;;;;;;;AASC,IAED,MAAMO,8BAAiC,GAAA,UAAA;AACrC,IAAA,MAAMC,cAAczD,UAAW,CAAA,MAAA,CAAA;AAC/B,IAAA,MAAM0D,kBAAkB1D,UAAW,CAAA,WAAA,CAAA;IAEnC,MAAM2D,UAAAA,GAAa,MAAMF,WAAAA,CAAYG,KAAK,EAAA;IAC1C,MAAMC,aAAAA,GAAgB,MAAMH,eAAAA,CAAgBE,KAAK,EAAA;IAEjD,IAAID,UAAAA,KAAe,CAAKE,IAAAA,aAAAA,KAAkB,CAAG,EAAA;AAC3C,QAAA,KAAK,MAAMC,KAAAA,IAASC,SAAUC,CAAAA,kBAAkB,CAAE;YAChD,MAAMN,eAAAA,CAAgBO,MAAM,CAACH,KAAAA,CAAAA;AAC/B;AACF;AACF,CAAA;AAEA,gBAAe,CAAA,OAAO,EAAEnD,MAAAA,EAAAA,OAAM,EAA2B,GAAA;;IAEvD,MAAM,EAAEuD,OAAO,EAAE,GAAGC,eAAAA,EAAAA;IACpB,MAAMC,wBAAAA,GACJC,kBAAmBH,CAAAA,OAAAA,EAASI,SAAcC,CAAAA,IAAAA,kCAAAA;IAC5C,MAAMC,wBAAAA,GACJH,kBAAmBH,CAAAA,OAAAA,EAASI,SAAcG,CAAAA,IAAAA,4BAAAA;;IAG5C,MAAMC,gBAAAA,GAAmBR,SAASI,SAAa,IAAA,IAAA;AAC/C,IAAA,MAAMK,mBAAmBhE,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CAAC,6CAAkD,CAAA,IAAA,IAAA;AAC7F,IAAA,MAAMiD,mBAAmBlE,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CAAC,wCAA6C,CAAA,IAAA,IAAA;AAExF,IAAA,IAAI8C,qBAAqB,CAACC,gBAAoB,IAAA,CAACE,gBAAe,CAAI,EAAA;QAChElE,OAAOmE,CAAAA,GAAG,CAACC,IAAI,CACb,sLAAA,CAAA;AAEJ;AAEApE,IAAAA,OAAAA,CAAOqE,cAAc,CAACC,YAAY,CAAC,OAAS,EAAA;AAC1CC,QAAAA,SAAAA,EAAWvE,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CAAC,mBAAA,CAAA;AAC7BuD,QAAAA,mBAAAA,EAAqBxE,QAAOiE,MAAM,CAAChD,GAAG,CAAC,2CAA2C,EAAK,GAAA,EAAA,CAAA;AACvFwD,QAAAA,uBAAAA,EAAyBzE,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CACxC,6CACAwC,EAAAA,wBAAAA,CAAAA;AAEFiB,QAAAA,wBAAAA,EAA0B1E,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CACzC,8CACA0D,EAAAA,mCAAAA,CAAAA;AAEFC,QAAAA,kBAAAA,EAAoB5E,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CACnC,wCACA4C,EAAAA,wBAAAA,CAAAA;AAEFgB,QAAAA,mBAAAA,EAAqB7E,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CACpC,yCACA6D,EAAAA,6BAAAA,CAAAA;AAEFC,QAAAA,SAAAA,EAAWxB,OAASwB,EAAAA,SAAAA;;QAEpBC,UAAYzB,EAAAA;AACd,KAAA,CAAA;IAEA,MAAM7D,uBAAAA,EAAAA;IACN,MAAMN,yBAAAA,EAAAA;AACNU,IAAAA,kBAAAA,EAAAA;AAEA,IAAA,MAAMmF,oBAAoB5F,UAAW,CAAA,YAAA,CAAA;AACrC,IAAA,MAAMyD,cAAczD,UAAW,CAAA,MAAA,CAAA;AAC/B,IAAA,MAAM6F,cAAc7F,UAAW,CAAA,MAAA,CAAA;AAC/B,IAAA,MAAM0D,kBAAkB1D,UAAW,CAAA,WAAA,CAAA;AACnC,IAAA,MAAM8F,kBAAkB9F,UAAW,CAAA,UAAA,CAAA;AACnC,IAAA,MAAM+F,eAAe/F,UAAW,CAAA,OAAA,CAAA;AAEhC,IAAA,MAAM6F,YAAYG,sBAAsB,EAAA;AACxC,IAAA,MAAMH,YAAYI,0BAA0B,EAAA;AAC5C,IAAA,MAAMJ,YAAYK,4BAA4B,EAAA;AAE9C,IAAA,MAAMN,kBAAkBO,0BAA0B,EAAA;AAElD,IAAA,MAAM1C,YAAY2C,iCAAiC,EAAA;IAEnD,MAAM9E,gBAAAA,EAAAA;IACN,MAAMe,wBAAAA,EAAAA;IAEN,MAAMrC,UAAAA,CAAW,SAAWqG,CAAAA,CAAAA,4BAA4B,CAAC1F,OAAAA,CAAAA;IACzDX,UAAW,CAAA,SAAA,CAAA,CAAWsG,SAAS,CAAC3F,OAAAA,CAAAA;AAEhC+C,IAAAA,eAAAA,CAAgB6C,kBAAkB,EAAA;IAClCT,eAAgBhC,CAAAA,KAAK,CAACyC,kBAAkB,EAAA;AACxCR,IAAAA,YAAAA,CAAaS,oBAAoB,EAAA;IAEjC,MAAMhD,8BAAAA,EAAAA;AACR,CAAA;;;;"}
1
+ {"version":3,"file":"bootstrap.mjs","sources":["../../../../server/src/bootstrap.ts"],"sourcesContent":["import { merge, map, difference, uniq } from 'lodash/fp';\nimport type { Core } from '@strapi/types';\nimport { async } from '@strapi/utils';\nimport { getService } from './utils';\nimport { getTokenOptions, expiresInToSeconds } from './services/token';\nimport adminActions from './config/admin-actions';\nimport adminConditions from './config/admin-conditions';\nimport constants from './services/constants';\nimport {\n DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN,\n DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN,\n DEFAULT_MAX_SESSION_LIFESPAN,\n DEFAULT_IDLE_SESSION_LIFESPAN,\n} from '../../shared/utils/session-auth';\n\nconst defaultAdminAuthSettings = {\n providers: {\n autoRegister: false,\n defaultRole: null,\n ssoLockedRoles: null,\n },\n};\n\nconst registerPermissionActions = async () => {\n await getService('permission').actionProvider.registerMany(adminActions.actions);\n};\n\nconst registerAdminConditions = async () => {\n await getService('permission').conditionProvider.registerMany(adminConditions.conditions);\n};\n\nconst registerModelHooks = () => {\n const { sendDidChangeInterfaceLanguage } = getService('metrics');\n\n strapi.db.lifecycles.subscribe({\n models: ['admin::user'],\n afterCreate: sendDidChangeInterfaceLanguage,\n afterDelete: sendDidChangeInterfaceLanguage,\n afterUpdate({ params }) {\n if (params.data.preferedLanguage) {\n sendDidChangeInterfaceLanguage();\n }\n },\n });\n};\n\nconst syncAuthSettings = async () => {\n const adminStore = await strapi.store({ type: 'core', name: 'admin' });\n const adminAuthSettings = await adminStore.get({ key: 'auth' });\n const newAuthSettings = merge(defaultAdminAuthSettings, adminAuthSettings);\n\n const roleExists = await getService('role').exists({\n id: newAuthSettings.providers.defaultRole,\n });\n\n // Reset the default SSO role if it has been deleted manually\n if (!roleExists) {\n newAuthSettings.providers.defaultRole = null;\n }\n\n await adminStore.set({ key: 'auth', value: newAuthSettings });\n};\n\nconst syncAPITokensPermissions = async () => {\n const validPermissions = strapi.contentAPI.permissions.providers.action.keys();\n const permissionsInDB = await async.pipe(\n strapi.db.query('admin::api-token-permission').findMany,\n map('action')\n )();\n\n const unknownPermissions = uniq(difference(permissionsInDB, validPermissions));\n\n if (unknownPermissions.length > 0) {\n await strapi.db\n .query('admin::api-token-permission')\n .deleteMany({ where: { action: { $in: unknownPermissions } } });\n }\n};\n\n/**\n * Ensures the creation of default API tokens during the app creation.\n *\n * Checks the database for existing users and API tokens:\n * - If there are no users and no API tokens, it creates two default API tokens:\n * 1. A \"Read Only\" API token with permissions for accessing resources.\n * 2. A \"Full Access\" API token with permissions for accessing and modifying resources.\n *\n * @sideEffects Creates new API tokens in the database if conditions are met.\n */\n\nconst createDefaultAPITokensIfNeeded = async () => {\n const userService = getService('user');\n const apiTokenService = getService('api-token');\n\n const usersCount = await userService.count();\n const apiTokenCount = await apiTokenService.count();\n\n if (usersCount === 0 && apiTokenCount === 0) {\n for (const token of constants.DEFAULT_API_TOKENS) {\n await apiTokenService.create(token);\n }\n }\n};\n\nexport default async ({ strapi }: { strapi: Core.Strapi }) => {\n // Get the merged token options (includes defaults merged with user config)\n const { options } = getTokenOptions();\n const legacyMaxRefreshFallback =\n expiresInToSeconds(options?.expiresIn) ?? DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN;\n const legacyMaxSessionFallback =\n expiresInToSeconds(options?.expiresIn) ?? DEFAULT_MAX_SESSION_LIFESPAN;\n\n // Warn if using deprecated legacy expiresIn for new session settings\n const hasLegacyExpires = options?.expiresIn != null;\n const hasNewMaxRefresh = strapi.config.get('admin.auth.sessions.maxRefreshTokenLifespan') != null;\n const hasNewMaxSession = strapi.config.get('admin.auth.sessions.maxSessionLifespan') != null;\n\n if (hasLegacyExpires && (!hasNewMaxRefresh || !hasNewMaxSession)) {\n strapi.log.warn(\n 'admin.auth.options.expiresIn is deprecated and will be removed in Strapi 6. Please configure admin.auth.sessions.maxRefreshTokenLifespan and admin.auth.sessions.maxSessionLifespan.'\n );\n }\n\n strapi.sessionManager.defineOrigin('admin', {\n jwtSecret: strapi.config.get('admin.auth.secret'),\n accessTokenLifespan: strapi.config.get('admin.auth.sessions.accessTokenLifespan', 30 * 60),\n maxRefreshTokenLifespan: strapi.config.get(\n 'admin.auth.sessions.maxRefreshTokenLifespan',\n legacyMaxRefreshFallback\n ),\n idleRefreshTokenLifespan: strapi.config.get(\n 'admin.auth.sessions.idleRefreshTokenLifespan',\n DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN\n ),\n maxSessionLifespan: strapi.config.get(\n 'admin.auth.sessions.maxSessionLifespan',\n legacyMaxSessionFallback\n ),\n idleSessionLifespan: strapi.config.get(\n 'admin.auth.sessions.idleSessionLifespan',\n DEFAULT_IDLE_SESSION_LIFESPAN\n ),\n algorithm: options?.algorithm,\n // Pass through all JWT options (includes privateKey, publicKey, and any other options)\n jwtOptions: options,\n });\n\n const isProduction = process.env.NODE_ENV === 'production';\n const adminCookieSecure = strapi.config.get('admin.auth.cookie.secure');\n if (isProduction && adminCookieSecure === false) {\n strapi.log.warn(\n 'Server is in production mode, but admin.auth.cookie.secure has been set to false. This is not recommended and will allow cookies to be sent over insecure connections.'\n );\n }\n\n await registerAdminConditions();\n await registerPermissionActions();\n registerModelHooks();\n\n const permissionService = getService('permission');\n const userService = getService('user');\n const roleService = getService('role');\n const apiTokenService = getService('api-token');\n const transferService = getService('transfer');\n const tokenService = getService('token');\n\n await roleService.createRolesIfNoneExist();\n await roleService.resetSuperAdminPermissions();\n await roleService.displayWarningIfNoSuperAdmin();\n\n await permissionService.cleanPermissionsInDatabase();\n\n await userService.displayWarningIfUsersDontHaveRole();\n\n await syncAuthSettings();\n await syncAPITokensPermissions();\n\n await getService('metrics').sendUpdateProjectInformation(strapi);\n getService('metrics').startCron(strapi);\n\n apiTokenService.checkSaltIsDefined();\n transferService.token.checkSaltIsDefined();\n tokenService.checkSecretIsDefined();\n\n await createDefaultAPITokensIfNeeded();\n};\n"],"names":["defaultAdminAuthSettings","providers","autoRegister","defaultRole","ssoLockedRoles","registerPermissionActions","getService","actionProvider","registerMany","adminActions","actions","registerAdminConditions","conditionProvider","adminConditions","conditions","registerModelHooks","sendDidChangeInterfaceLanguage","strapi","db","lifecycles","subscribe","models","afterCreate","afterDelete","afterUpdate","params","data","preferedLanguage","syncAuthSettings","adminStore","store","type","name","adminAuthSettings","get","key","newAuthSettings","merge","roleExists","exists","id","set","value","syncAPITokensPermissions","validPermissions","contentAPI","permissions","action","keys","permissionsInDB","async","pipe","query","findMany","map","unknownPermissions","uniq","difference","length","deleteMany","where","$in","createDefaultAPITokensIfNeeded","userService","apiTokenService","usersCount","count","apiTokenCount","token","constants","DEFAULT_API_TOKENS","create","options","getTokenOptions","legacyMaxRefreshFallback","expiresInToSeconds","expiresIn","DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN","legacyMaxSessionFallback","DEFAULT_MAX_SESSION_LIFESPAN","hasLegacyExpires","hasNewMaxRefresh","config","hasNewMaxSession","log","warn","sessionManager","defineOrigin","jwtSecret","accessTokenLifespan","maxRefreshTokenLifespan","idleRefreshTokenLifespan","DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN","maxSessionLifespan","idleSessionLifespan","DEFAULT_IDLE_SESSION_LIFESPAN","algorithm","jwtOptions","isProduction","process","env","NODE_ENV","adminCookieSecure","permissionService","roleService","transferService","tokenService","createRolesIfNoneExist","resetSuperAdminPermissions","displayWarningIfNoSuperAdmin","cleanPermissionsInDatabase","displayWarningIfUsersDontHaveRole","sendUpdateProjectInformation","startCron","checkSaltIsDefined","checkSecretIsDefined"],"mappings":";;;;;;;;;AAeA,MAAMA,wBAA2B,GAAA;IAC/BC,SAAW,EAAA;QACTC,YAAc,EAAA,KAAA;QACdC,WAAa,EAAA,IAAA;QACbC,cAAgB,EAAA;AAClB;AACF,CAAA;AAEA,MAAMC,yBAA4B,GAAA,UAAA;AAChC,IAAA,MAAMC,WAAW,YAAcC,CAAAA,CAAAA,cAAc,CAACC,YAAY,CAACC,aAAaC,OAAO,CAAA;AACjF,CAAA;AAEA,MAAMC,uBAA0B,GAAA,UAAA;AAC9B,IAAA,MAAML,WAAW,YAAcM,CAAAA,CAAAA,iBAAiB,CAACJ,YAAY,CAACK,gBAAgBC,UAAU,CAAA;AAC1F,CAAA;AAEA,MAAMC,kBAAqB,GAAA,IAAA;AACzB,IAAA,MAAM,EAAEC,8BAA8B,EAAE,GAAGV,UAAW,CAAA,SAAA,CAAA;AAEtDW,IAAAA,MAAAA,CAAOC,EAAE,CAACC,UAAU,CAACC,SAAS,CAAC;QAC7BC,MAAQ,EAAA;AAAC,YAAA;AAAc,SAAA;QACvBC,WAAaN,EAAAA,8BAAAA;QACbO,WAAaP,EAAAA,8BAAAA;QACbQ,WAAY,CAAA,CAAA,EAAEC,MAAM,EAAE,EAAA;AACpB,YAAA,IAAIA,MAAOC,CAAAA,IAAI,CAACC,gBAAgB,EAAE;AAChCX,gBAAAA,8BAAAA,EAAAA;AACF;AACF;AACF,KAAA,CAAA;AACF,CAAA;AAEA,MAAMY,gBAAmB,GAAA,UAAA;AACvB,IAAA,MAAMC,UAAa,GAAA,MAAMZ,MAAOa,CAAAA,KAAK,CAAC;QAAEC,IAAM,EAAA,MAAA;QAAQC,IAAM,EAAA;AAAQ,KAAA,CAAA;AACpE,IAAA,MAAMC,iBAAoB,GAAA,MAAMJ,UAAWK,CAAAA,GAAG,CAAC;QAAEC,GAAK,EAAA;AAAO,KAAA,CAAA;IAC7D,MAAMC,eAAAA,GAAkBC,MAAMrC,wBAA0BiC,EAAAA,iBAAAA,CAAAA;AAExD,IAAA,MAAMK,UAAa,GAAA,MAAMhC,UAAW,CAAA,MAAA,CAAA,CAAQiC,MAAM,CAAC;QACjDC,EAAIJ,EAAAA,eAAAA,CAAgBnC,SAAS,CAACE;AAChC,KAAA,CAAA;;AAGA,IAAA,IAAI,CAACmC,UAAY,EAAA;QACfF,eAAgBnC,CAAAA,SAAS,CAACE,WAAW,GAAG,IAAA;AAC1C;IAEA,MAAM0B,UAAAA,CAAWY,GAAG,CAAC;QAAEN,GAAK,EAAA,MAAA;QAAQO,KAAON,EAAAA;AAAgB,KAAA,CAAA;AAC7D,CAAA;AAEA,MAAMO,wBAA2B,GAAA,UAAA;IAC/B,MAAMC,gBAAAA,GAAmB3B,MAAO4B,CAAAA,UAAU,CAACC,WAAW,CAAC7C,SAAS,CAAC8C,MAAM,CAACC,IAAI,EAAA;AAC5E,IAAA,MAAMC,eAAkB,GAAA,MAAMC,KAAMC,CAAAA,IAAI,CACtClC,MAAAA,CAAOC,EAAE,CAACkC,KAAK,CAAC,6BAA+BC,CAAAA,CAAAA,QAAQ,EACvDC,GAAI,CAAA,QAAA,CAAA,CAAA,EAAA;IAGN,MAAMC,kBAAAA,GAAqBC,IAAKC,CAAAA,UAAAA,CAAWR,eAAiBL,EAAAA,gBAAAA,CAAAA,CAAAA;IAE5D,IAAIW,kBAAAA,CAAmBG,MAAM,GAAG,CAAG,EAAA;AACjC,QAAA,MAAMzC,OAAOC,EAAE,CACZkC,KAAK,CAAC,6BAAA,CAAA,CACNO,UAAU,CAAC;YAAEC,KAAO,EAAA;gBAAEb,MAAQ,EAAA;oBAAEc,GAAKN,EAAAA;AAAmB;AAAE;AAAE,SAAA,CAAA;AACjE;AACF,CAAA;AAEA;;;;;;;;;AASC,IAED,MAAMO,8BAAiC,GAAA,UAAA;AACrC,IAAA,MAAMC,cAAczD,UAAW,CAAA,MAAA,CAAA;AAC/B,IAAA,MAAM0D,kBAAkB1D,UAAW,CAAA,WAAA,CAAA;IAEnC,MAAM2D,UAAAA,GAAa,MAAMF,WAAAA,CAAYG,KAAK,EAAA;IAC1C,MAAMC,aAAAA,GAAgB,MAAMH,eAAAA,CAAgBE,KAAK,EAAA;IAEjD,IAAID,UAAAA,KAAe,CAAKE,IAAAA,aAAAA,KAAkB,CAAG,EAAA;AAC3C,QAAA,KAAK,MAAMC,KAAAA,IAASC,SAAUC,CAAAA,kBAAkB,CAAE;YAChD,MAAMN,eAAAA,CAAgBO,MAAM,CAACH,KAAAA,CAAAA;AAC/B;AACF;AACF,CAAA;AAEA,gBAAe,CAAA,OAAO,EAAEnD,MAAAA,EAAAA,OAAM,EAA2B,GAAA;;IAEvD,MAAM,EAAEuD,OAAO,EAAE,GAAGC,eAAAA,EAAAA;IACpB,MAAMC,wBAAAA,GACJC,kBAAmBH,CAAAA,OAAAA,EAASI,SAAcC,CAAAA,IAAAA,kCAAAA;IAC5C,MAAMC,wBAAAA,GACJH,kBAAmBH,CAAAA,OAAAA,EAASI,SAAcG,CAAAA,IAAAA,4BAAAA;;IAG5C,MAAMC,gBAAAA,GAAmBR,SAASI,SAAa,IAAA,IAAA;AAC/C,IAAA,MAAMK,mBAAmBhE,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CAAC,6CAAkD,CAAA,IAAA,IAAA;AAC7F,IAAA,MAAMiD,mBAAmBlE,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CAAC,wCAA6C,CAAA,IAAA,IAAA;AAExF,IAAA,IAAI8C,qBAAqB,CAACC,gBAAoB,IAAA,CAACE,gBAAe,CAAI,EAAA;QAChElE,OAAOmE,CAAAA,GAAG,CAACC,IAAI,CACb,sLAAA,CAAA;AAEJ;AAEApE,IAAAA,OAAAA,CAAOqE,cAAc,CAACC,YAAY,CAAC,OAAS,EAAA;AAC1CC,QAAAA,SAAAA,EAAWvE,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CAAC,mBAAA,CAAA;AAC7BuD,QAAAA,mBAAAA,EAAqBxE,QAAOiE,MAAM,CAAChD,GAAG,CAAC,2CAA2C,EAAK,GAAA,EAAA,CAAA;AACvFwD,QAAAA,uBAAAA,EAAyBzE,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CACxC,6CACAwC,EAAAA,wBAAAA,CAAAA;AAEFiB,QAAAA,wBAAAA,EAA0B1E,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CACzC,8CACA0D,EAAAA,mCAAAA,CAAAA;AAEFC,QAAAA,kBAAAA,EAAoB5E,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CACnC,wCACA4C,EAAAA,wBAAAA,CAAAA;AAEFgB,QAAAA,mBAAAA,EAAqB7E,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CACpC,yCACA6D,EAAAA,6BAAAA,CAAAA;AAEFC,QAAAA,SAAAA,EAAWxB,OAASwB,EAAAA,SAAAA;;QAEpBC,UAAYzB,EAAAA;AACd,KAAA,CAAA;AAEA,IAAA,MAAM0B,YAAeC,GAAAA,OAAAA,CAAQC,GAAG,CAACC,QAAQ,KAAK,YAAA;AAC9C,IAAA,MAAMC,iBAAoBrF,GAAAA,OAAAA,CAAOiE,MAAM,CAAChD,GAAG,CAAC,0BAAA,CAAA;IAC5C,IAAIgE,YAAAA,IAAgBI,sBAAsB,KAAO,EAAA;QAC/CrF,OAAOmE,CAAAA,GAAG,CAACC,IAAI,CACb,wKAAA,CAAA;AAEJ;IAEA,MAAM1E,uBAAAA,EAAAA;IACN,MAAMN,yBAAAA,EAAAA;AACNU,IAAAA,kBAAAA,EAAAA;AAEA,IAAA,MAAMwF,oBAAoBjG,UAAW,CAAA,YAAA,CAAA;AACrC,IAAA,MAAMyD,cAAczD,UAAW,CAAA,MAAA,CAAA;AAC/B,IAAA,MAAMkG,cAAclG,UAAW,CAAA,MAAA,CAAA;AAC/B,IAAA,MAAM0D,kBAAkB1D,UAAW,CAAA,WAAA,CAAA;AACnC,IAAA,MAAMmG,kBAAkBnG,UAAW,CAAA,UAAA,CAAA;AACnC,IAAA,MAAMoG,eAAepG,UAAW,CAAA,OAAA,CAAA;AAEhC,IAAA,MAAMkG,YAAYG,sBAAsB,EAAA;AACxC,IAAA,MAAMH,YAAYI,0BAA0B,EAAA;AAC5C,IAAA,MAAMJ,YAAYK,4BAA4B,EAAA;AAE9C,IAAA,MAAMN,kBAAkBO,0BAA0B,EAAA;AAElD,IAAA,MAAM/C,YAAYgD,iCAAiC,EAAA;IAEnD,MAAMnF,gBAAAA,EAAAA;IACN,MAAMe,wBAAAA,EAAAA;IAEN,MAAMrC,UAAAA,CAAW,SAAW0G,CAAAA,CAAAA,4BAA4B,CAAC/F,OAAAA,CAAAA;IACzDX,UAAW,CAAA,SAAA,CAAA,CAAW2G,SAAS,CAAChG,OAAAA,CAAAA;AAEhC+C,IAAAA,eAAAA,CAAgBkD,kBAAkB,EAAA;IAClCT,eAAgBrC,CAAAA,KAAK,CAAC8C,kBAAkB,EAAA;AACxCR,IAAAA,YAAAA,CAAaS,oBAAoB,EAAA;IAEjC,MAAMrD,8BAAAA,EAAAA;AACR,CAAA;;;;"}
package/dist/server/server/src/controllers/authentication.js CHANGED
@@ -63,7 +63,7 @@ var authentication = {
63
63
  const { token: refreshToken, absoluteExpiresAt } = await sessionManager('admin').generateRefreshToken(userId, deviceId, {
64
64
  type: rememberMe ? 'refresh' : 'session'
65
65
  });
66
- const cookieOptions = sessionAuth.buildCookieOptionsWithExpiry(rememberMe ? 'refresh' : 'session', absoluteExpiresAt);
66
+ const cookieOptions = sessionAuth.buildCookieOptionsWithExpiry(rememberMe ? 'refresh' : 'session', absoluteExpiresAt, ctx.request.secure);
67
67
  ctx.cookies.set(sessionAuth.REFRESH_COOKIE_NAME, refreshToken, cookieOptions);
68
68
  const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);
69
69
  if ('error' in accessResult) {
@@ -108,7 +108,7 @@ var authentication = {
108
108
  const { token: refreshToken, absoluteExpiresAt } = await sessionManager('admin').generateRefreshToken(userId, deviceId, {
109
109
  type: rememberMe ? 'refresh' : 'session'
110
110
  });
111
- const cookieOptions = sessionAuth.buildCookieOptionsWithExpiry(rememberMe ? 'refresh' : 'session', absoluteExpiresAt);
111
+ const cookieOptions = sessionAuth.buildCookieOptionsWithExpiry(rememberMe ? 'refresh' : 'session', absoluteExpiresAt, ctx.request.secure);
112
112
  ctx.cookies.set(sessionAuth.REFRESH_COOKIE_NAME, refreshToken, cookieOptions);
113
113
  const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);
114
114
  if ('error' in accessResult) {
@@ -157,7 +157,7 @@ var authentication = {
157
157
  const { token: refreshToken, absoluteExpiresAt } = await sessionManager('admin').generateRefreshToken(userId, deviceId, {
158
158
  type: rememberMe ? 'refresh' : 'session'
159
159
  });
160
- const cookieOptions = sessionAuth.buildCookieOptionsWithExpiry(rememberMe ? 'refresh' : 'session', absoluteExpiresAt);
160
+ const cookieOptions = sessionAuth.buildCookieOptionsWithExpiry(rememberMe ? 'refresh' : 'session', absoluteExpiresAt, ctx.request.secure);
161
161
  ctx.cookies.set(sessionAuth.REFRESH_COOKIE_NAME, refreshToken, cookieOptions);
162
162
  const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);
163
163
  if ('error' in accessResult) {
@@ -200,7 +200,7 @@ var authentication = {
200
200
  type: 'session'
201
201
  });
202
202
  // No rememberMe flow here; expire with session by default (session cookie)
203
- const cookieOptions = sessionAuth.buildCookieOptionsWithExpiry('session', absoluteExpiresAt);
203
+ const cookieOptions = sessionAuth.buildCookieOptionsWithExpiry('session', absoluteExpiresAt, ctx.request.secure);
204
204
  ctx.cookies.set(sessionAuth.REFRESH_COOKIE_NAME, refreshToken, cookieOptions);
205
205
  const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);
206
206
  if ('error' in accessResult) {
@@ -240,7 +240,7 @@ var authentication = {
240
240
  }
241
241
  const { token } = result;
242
242
  // Preserve session-vs-remember mode using rotation.type and rotation.absoluteExpiresAt
243
- const opts = sessionAuth.buildCookieOptionsWithExpiry(rotation.type, rotation.absoluteExpiresAt);
243
+ const opts = sessionAuth.buildCookieOptionsWithExpiry(rotation.type, rotation.absoluteExpiresAt, ctx.request.secure);
244
244
  ctx.cookies.set(sessionAuth.REFRESH_COOKIE_NAME, rotation.token, opts);
245
245
  ctx.body = {
246
246
  data: {
@@ -261,7 +261,7 @@ var authentication = {
261
261
  const deviceId = typeof bodyDeviceId === 'string' ? bodyDeviceId : undefined;
262
262
  // Clear cookie regardless of token validity
263
263
  ctx.cookies.set(sessionAuth.REFRESH_COOKIE_NAME, '', {
264
- ...sessionAuth.getRefreshCookieOptions(),
264
+ ...sessionAuth.getRefreshCookieOptions(ctx.request.secure),
265
265
  expires: new Date(0)
266
266
  });
267
267
  try {
package/dist/server/server/src/controllers/authentication.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"authentication.js","sources":["../../../../../server/src/controllers/authentication.ts"],"sourcesContent":["import type { Context, Next } from 'koa';\nimport passport from 'koa-passport';\nimport compose from 'koa-compose';\nimport '@strapi/types';\nimport { errors } from '@strapi/utils';\nimport { getService } from '../utils';\nimport {\n REFRESH_COOKIE_NAME,\n buildCookieOptionsWithExpiry,\n getSessionManager,\n extractDeviceParams,\n generateDeviceId,\n getRefreshCookieOptions,\n} from '../../../shared/utils/session-auth';\n\nimport {\n validateRegistrationInput,\n validateAdminRegistrationInput,\n validateRegistrationInfoQuery,\n validateForgotPasswordInput,\n validateResetPasswordInput,\n validateLoginSessionInput,\n} from '../validation/authentication';\n\nimport type {\n ForgotPassword,\n Login,\n Register,\n RegistrationInfo,\n ResetPassword,\n} from '../../../shared/contracts/authentication';\nimport { AdminUser } from '../../../shared/contracts/shared';\n\nconst { ApplicationError, ValidationError } = errors;\n\nexport default {\n login: compose([\n async (ctx: Context, next: Next) => {\n await validateLoginSessionInput(ctx.request.body ?? {});\n return next();\n },\n (ctx: Context, next: Next) => {\n return passport.authenticate('local', { session: false }, (err, user, info) => {\n if (err) {\n strapi.eventHub.emit('admin.auth.error', { error: err, provider: 'local' });\n // if this is a recognized error, allow it to bubble up to user\n if (err.details?.code === 'LOGIN_NOT_ALLOWED') {\n throw err;\n }\n\n // for all other errors throw a generic error to prevent leaking info\n return ctx.notImplemented();\n }\n\n if (!user) {\n strapi.eventHub.emit('admin.auth.error', {\n error: new Error(info.message),\n provider: 'local',\n });\n throw new ApplicationError(info.message);\n }\n\n const query = ctx.state as Login.Request['query'];\n query.user = user;\n\n const sanitizedUser = getService('user').sanitizeUser(user);\n strapi.eventHub.emit('admin.auth.success', { user: sanitizedUser, provider: 'local' });\n\n return next();\n })(ctx, next);\n },\n async (ctx: Context) => {\n const { user } = ctx.state as { user: AdminUser };\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n const userId = String(user.id);\n const { deviceId, rememberMe } = extractDeviceParams(ctx.request.body);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, {\n type: rememberMe ? 'refresh' : 'session',\n });\n\n const cookieOptions = buildCookieOptionsWithExpiry(\n rememberMe ? 'refresh' : 'session',\n absoluteExpiresAt\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token: accessToken } = accessResult;\n\n ctx.body = {\n data: {\n token: accessToken,\n accessToken,\n user: getService('user').sanitizeUser(ctx.state.user),\n },\n } satisfies Login.Response;\n } catch (error) {\n strapi.log.error('Failed to create admin refresh session', error);\n return ctx.internalServerError();\n }\n },\n ]),\n\n async registrationInfo(ctx: Context) {\n await validateRegistrationInfoQuery(ctx.request.query);\n\n const { registrationToken } = ctx.request.query as RegistrationInfo.Request['query'];\n\n const registrationInfo = await getService('user').findRegistrationInfo(registrationToken);\n\n if (!registrationInfo) {\n throw new ValidationError('Invalid registrationToken');\n }\n\n ctx.body = { data: registrationInfo } satisfies RegistrationInfo.Response;\n },\n\n async register(ctx: Context) {\n const input = ctx.request.body as Register.Request['body'];\n\n await validateRegistrationInput(input);\n\n const user = await getService('user').register(input);\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n const userId = String(user.id);\n const { deviceId, rememberMe } = extractDeviceParams(ctx.request.body);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, { type: rememberMe ? 'refresh' : 'session' });\n\n const cookieOptions = buildCookieOptionsWithExpiry(\n rememberMe ? 'refresh' : 'session',\n absoluteExpiresAt\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token: accessToken } = accessResult;\n\n ctx.body = {\n data: {\n token: accessToken,\n accessToken,\n user: getService('user').sanitizeUser(user),\n },\n } satisfies Register.Response;\n } catch (error) {\n strapi.log.error('Failed to create admin refresh session during register', error);\n return ctx.internalServerError();\n }\n },\n\n async registerAdmin(ctx: Context) {\n const input = ctx.request.body as Register.Request['body'];\n\n await validateAdminRegistrationInput(input);\n\n const hasAdmin = await getService('user').exists();\n\n if (hasAdmin) {\n throw new ApplicationError('You cannot register a new super admin');\n }\n\n const superAdminRole = await getService('role').getSuperAdmin();\n\n if (!superAdminRole) {\n throw new ApplicationError(\n \"Cannot register the first admin because the super admin role doesn't exist.\"\n );\n }\n\n const user = await getService('user').create({\n ...input,\n registrationToken: null,\n isActive: true,\n roles: superAdminRole ? [superAdminRole.id] : [],\n });\n\n strapi.telemetry.send('didCreateFirstAdmin');\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n const userId = String(user.id);\n const { deviceId, rememberMe } = extractDeviceParams(ctx.request.body);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, { type: rememberMe ? 'refresh' : 'session' });\n\n const cookieOptions = buildCookieOptionsWithExpiry(\n rememberMe ? 'refresh' : 'session',\n absoluteExpiresAt\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token: accessToken } = accessResult;\n\n ctx.body = {\n data: {\n token: accessToken,\n accessToken,\n user: getService('user').sanitizeUser(user),\n },\n };\n } catch (error) {\n strapi.log.error('Failed to create admin refresh session during register-admin', error);\n return ctx.internalServerError();\n }\n },\n\n async forgotPassword(ctx: Context) {\n const input = ctx.request.body as ForgotPassword.Request['body'];\n\n await validateForgotPasswordInput(input);\n\n getService('auth').forgotPassword(input);\n\n ctx.status = 204;\n },\n\n async resetPassword(ctx: Context) {\n const input = ctx.request.body as ResetPassword.Request['body'];\n\n await validateResetPasswordInput(input);\n\n const user = await getService('auth').resetPassword(input);\n\n // Issue a new admin refresh session and access token after password reset.\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n\n const userId = String(user.id);\n const deviceId = generateDeviceId();\n\n // Invalidate all existing sessions before creating a new one\n await sessionManager('admin').invalidateRefreshToken(userId);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, { type: 'session' });\n\n // No rememberMe flow here; expire with session by default (session cookie)\n const cookieOptions = buildCookieOptionsWithExpiry('session', absoluteExpiresAt);\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token } = accessResult;\n\n ctx.body = {\n data: {\n token,\n user: getService('user').sanitizeUser(user),\n },\n } satisfies ResetPassword.Response;\n } catch (err) {\n strapi.log.error('Failed to create admin refresh session during reset-password', err as any);\n return ctx.internalServerError();\n }\n },\n\n async accessToken(ctx: Context) {\n const refreshToken = ctx.cookies.get(REFRESH_COOKIE_NAME);\n\n if (!refreshToken) {\n return ctx.unauthorized('Missing refresh token');\n }\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n\n // Single-use renewal: rotate on access exchange, then create access token\n // from the new refresh token\n const rotation = await sessionManager('admin').rotateRefreshToken(refreshToken);\n if ('error' in rotation) {\n return ctx.unauthorized('Invalid refresh token');\n }\n\n const result = await sessionManager('admin').generateAccessToken(rotation.token);\n if ('error' in result) {\n return ctx.unauthorized('Invalid refresh token');\n }\n\n const { token } = result;\n // Preserve session-vs-remember mode using rotation.type and rotation.absoluteExpiresAt\n const opts = buildCookieOptionsWithExpiry(rotation.type, rotation.absoluteExpiresAt);\n\n ctx.cookies.set(REFRESH_COOKIE_NAME, rotation.token, opts);\n ctx.body = { data: { token } };\n } catch (err) {\n strapi.log.error('Failed to generate access token from refresh token', err as any);\n return ctx.internalServerError();\n }\n },\n\n async logout(ctx: Context) {\n const sanitizedUser = getService('user').sanitizeUser(ctx.state.user);\n strapi.eventHub.emit('admin.logout', { user: sanitizedUser });\n\n const bodyDeviceId = ctx.request.body?.deviceId as string | undefined;\n const deviceId = typeof bodyDeviceId === 'string' ? bodyDeviceId : undefined;\n\n // Clear cookie regardless of token validity\n ctx.cookies.set(REFRESH_COOKIE_NAME, '', {\n ...getRefreshCookieOptions(),\n expires: new Date(0),\n });\n\n try {\n const sessionManager = getSessionManager();\n if (sessionManager) {\n const userId = String(ctx.state.user.id);\n await sessionManager('admin').invalidateRefreshToken(userId, deviceId);\n }\n } catch (err) {\n strapi.log.error('Failed to revoke admin sessions during logout', err as any);\n }\n\n ctx.body = { data: {} };\n },\n};\n"],"names":["ApplicationError","ValidationError","errors","login","compose","ctx","next","validateLoginSessionInput","request","body","passport","authenticate","session","err","user","info","strapi","eventHub","emit","error","provider","details","code","notImplemented","Error","message","query","state","sanitizedUser","getService","sanitizeUser","sessionManager","getSessionManager","internalServerError","userId","String","id","deviceId","rememberMe","extractDeviceParams","token","refreshToken","absoluteExpiresAt","generateRefreshToken","type","cookieOptions","buildCookieOptionsWithExpiry","cookies","set","REFRESH_COOKIE_NAME","accessResult","generateAccessToken","accessToken","data","log","registrationInfo","validateRegistrationInfoQuery","registrationToken","findRegistrationInfo","register","input","validateRegistrationInput","registerAdmin","validateAdminRegistrationInput","hasAdmin","exists","superAdminRole","getSuperAdmin","create","isActive","roles","telemetry","send","forgotPassword","validateForgotPasswordInput","status","resetPassword","validateResetPasswordInput","generateDeviceId","invalidateRefreshToken","get","unauthorized","rotation","rotateRefreshToken","result","opts","logout","bodyDeviceId","undefined","getRefreshCookieOptions","expires","Date"],"mappings":";;;;;;;;;;;;;AAiCA,MAAM,EAAEA,gBAAgB,EAAEC,eAAe,EAAE,GAAGC,YAAAA;AAE9C,qBAAe;AACbC,IAAAA,KAAAA,EAAOC,OAAQ,CAAA;AACb,QAAA,OAAOC,GAAcC,EAAAA,IAAAA,GAAAA;AACnB,YAAA,MAAMC,MAA0BF,GAAIG,CAAAA,OAAO,CAACC,IAAI,IAAI,EAAC,CAAA;YACrD,OAAOH,IAAAA,EAAAA;AACT,SAAA;AACA,QAAA,CAACD,GAAcC,EAAAA,IAAAA,GAAAA;YACb,OAAOI,QAAAA,CAASC,YAAY,CAAC,OAAS,EAAA;gBAAEC,OAAS,EAAA;aAAS,EAAA,CAACC,KAAKC,IAAMC,EAAAA,IAAAA,GAAAA;AACpE,gBAAA,IAAIF,GAAK,EAAA;AACPG,oBAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;wBAAEC,KAAON,EAAAA,GAAAA;wBAAKO,QAAU,EAAA;AAAQ,qBAAA,CAAA;;AAEzE,oBAAA,IAAIP,GAAIQ,CAAAA,OAAO,EAAEC,IAAAA,KAAS,mBAAqB,EAAA;wBAC7C,MAAMT,GAAAA;AACR;;AAGA,oBAAA,OAAOR,IAAIkB,cAAc,EAAA;AAC3B;AAEA,gBAAA,IAAI,CAACT,IAAM,EAAA;AACTE,oBAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;wBACvCC,KAAO,EAAA,IAAIK,KAAMT,CAAAA,IAAAA,CAAKU,OAAO,CAAA;wBAC7BL,QAAU,EAAA;AACZ,qBAAA,CAAA;oBACA,MAAM,IAAIpB,gBAAiBe,CAAAA,IAAAA,CAAKU,OAAO,CAAA;AACzC;gBAEA,MAAMC,KAAAA,GAAQrB,IAAIsB,KAAK;AACvBD,gBAAAA,KAAAA,CAAMZ,IAAI,GAAGA,IAAAA;AAEb,gBAAA,MAAMc,aAAgBC,GAAAA,gBAAAA,CAAW,MAAQC,CAAAA,CAAAA,YAAY,CAAChB,IAAAA,CAAAA;AACtDE,gBAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,oBAAsB,EAAA;oBAAEJ,IAAMc,EAAAA,aAAAA;oBAAeR,QAAU,EAAA;AAAQ,iBAAA,CAAA;gBAEpF,OAAOd,IAAAA,EAAAA;AACT,aAAA,CAAA,CAAGD,GAAKC,EAAAA,IAAAA,CAAAA;AACV,SAAA;QACA,OAAOD,GAAAA,GAAAA;AACL,YAAA,MAAM,EAAES,IAAI,EAAE,GAAGT,IAAIsB,KAAK;YAE1B,IAAI;AACF,gBAAA,MAAMI,cAAiBC,GAAAA,6BAAAA,EAAAA;AACvB,gBAAA,IAAI,CAACD,cAAgB,EAAA;AACnB,oBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC;gBACA,MAAMC,MAAAA,GAASC,MAAOrB,CAAAA,IAAAA,CAAKsB,EAAE,CAAA;gBAC7B,MAAM,EAAEC,QAAQ,EAAEC,UAAU,EAAE,GAAGC,+BAAoBlC,CAAAA,GAAAA,CAAIG,OAAO,CAACC,IAAI,CAAA;AAErE,gBAAA,MAAM,EAAE+B,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cACvD,CAAA,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAU,EAAA;AACvCO,oBAAAA,IAAAA,EAAMN,aAAa,SAAY,GAAA;AACjC,iBAAA,CAAA;AAEA,gBAAA,MAAMO,aAAgBC,GAAAA,wCAAAA,CACpBR,UAAa,GAAA,SAAA,GAAY,SACzBI,EAAAA,iBAAAA,CAAAA;AAEFrC,gBAAAA,GAAAA,CAAI0C,OAAO,CAACC,GAAG,CAACC,iCAAqBR,YAAcI,EAAAA,aAAAA,CAAAA;AAEnD,gBAAA,MAAMK,YAAe,GAAA,MAAMnB,cAAe,CAAA,OAAA,CAAA,CAASoB,mBAAmB,CAACV,YAAAA,CAAAA;AACvE,gBAAA,IAAI,WAAWS,YAAc,EAAA;AAC3B,oBAAA,OAAO7C,IAAI4B,mBAAmB,EAAA;AAChC;AAEA,gBAAA,MAAM,EAAEO,KAAAA,EAAOY,WAAW,EAAE,GAAGF,YAAAA;AAE/B7C,gBAAAA,GAAAA,CAAII,IAAI,GAAG;oBACT4C,IAAM,EAAA;wBACJb,KAAOY,EAAAA,WAAAA;AACPA,wBAAAA,WAAAA;AACAtC,wBAAAA,IAAAA,EAAMe,iBAAW,MAAQC,CAAAA,CAAAA,YAAY,CAACzB,GAAIsB,CAAAA,KAAK,CAACb,IAAI;AACtD;AACF,iBAAA;AACF,aAAA,CAAE,OAAOK,KAAO,EAAA;AACdH,gBAAAA,MAAAA,CAAOsC,GAAG,CAACnC,KAAK,CAAC,wCAA0CA,EAAAA,KAAAA,CAAAA;AAC3D,gBAAA,OAAOd,IAAI4B,mBAAmB,EAAA;AAChC;AACF;AACD,KAAA,CAAA;AAED,IAAA,MAAMsB,kBAAiBlD,GAAY,EAAA;AACjC,QAAA,MAAMmD,sCAA8BnD,CAAAA,GAAAA,CAAIG,OAAO,CAACkB,KAAK,CAAA;AAErD,QAAA,MAAM,EAAE+B,iBAAiB,EAAE,GAAGpD,GAAIG,CAAAA,OAAO,CAACkB,KAAK;AAE/C,QAAA,MAAM6B,gBAAmB,GAAA,MAAM1B,gBAAW,CAAA,MAAA,CAAA,CAAQ6B,oBAAoB,CAACD,iBAAAA,CAAAA;AAEvE,QAAA,IAAI,CAACF,gBAAkB,EAAA;AACrB,YAAA,MAAM,IAAItD,eAAgB,CAAA,2BAAA,CAAA;AAC5B;AAEAI,QAAAA,GAAAA,CAAII,IAAI,GAAG;YAAE4C,IAAME,EAAAA;AAAiB,SAAA;AACtC,KAAA;AAEA,IAAA,MAAMI,UAAStD,GAAY,EAAA;AACzB,QAAA,MAAMuD,KAAQvD,GAAAA,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAMoD,kCAA0BD,CAAAA,KAAAA,CAAAA;AAEhC,QAAA,MAAM9C,IAAO,GAAA,MAAMe,gBAAW,CAAA,MAAA,CAAA,CAAQ8B,QAAQ,CAACC,KAAAA,CAAAA;QAE/C,IAAI;AACF,YAAA,MAAM7B,cAAiBC,GAAAA,6BAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAgB,EAAA;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC;YACA,MAAMC,MAAAA,GAASC,MAAOrB,CAAAA,IAAAA,CAAKsB,EAAE,CAAA;YAC7B,MAAM,EAAEC,QAAQ,EAAEC,UAAU,EAAE,GAAGC,+BAAoBlC,CAAAA,GAAAA,CAAIG,OAAO,CAACC,IAAI,CAAA;AAErE,YAAA,MAAM,EAAE+B,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cACvD,CAAA,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAU,EAAA;AAAEO,gBAAAA,IAAAA,EAAMN,aAAa,SAAY,GAAA;AAAU,aAAA,CAAA;AAEpF,YAAA,MAAMO,aAAgBC,GAAAA,wCAAAA,CACpBR,UAAa,GAAA,SAAA,GAAY,SACzBI,EAAAA,iBAAAA,CAAAA;AAEFrC,YAAAA,GAAAA,CAAI0C,OAAO,CAACC,GAAG,CAACC,iCAAqBR,YAAcI,EAAAA,aAAAA,CAAAA;AAEnD,YAAA,MAAMK,YAAe,GAAA,MAAMnB,cAAe,CAAA,OAAA,CAAA,CAASoB,mBAAmB,CAACV,YAAAA,CAAAA;AACvE,YAAA,IAAI,WAAWS,YAAc,EAAA;AAC3B,gBAAA,OAAO7C,IAAI4B,mBAAmB,EAAA;AAChC;AAEA,YAAA,MAAM,EAAEO,KAAAA,EAAOY,WAAW,EAAE,GAAGF,YAAAA;AAE/B7C,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBACT4C,IAAM,EAAA;oBACJb,KAAOY,EAAAA,WAAAA;AACPA,oBAAAA,WAAAA;oBACAtC,IAAMe,EAAAA,gBAAAA,CAAW,MAAQC,CAAAA,CAAAA,YAAY,CAAChB,IAAAA;AACxC;AACF,aAAA;AACF,SAAA,CAAE,OAAOK,KAAO,EAAA;AACdH,YAAAA,MAAAA,CAAOsC,GAAG,CAACnC,KAAK,CAAC,wDAA0DA,EAAAA,KAAAA,CAAAA;AAC3E,YAAA,OAAOd,IAAI4B,mBAAmB,EAAA;AAChC;AACF,KAAA;AAEA,IAAA,MAAM6B,eAAczD,GAAY,EAAA;AAC9B,QAAA,MAAMuD,KAAQvD,GAAAA,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAMsD,uCAA+BH,CAAAA,KAAAA,CAAAA;AAErC,QAAA,MAAMI,QAAW,GAAA,MAAMnC,gBAAW,CAAA,MAAA,CAAA,CAAQoC,MAAM,EAAA;AAEhD,QAAA,IAAID,QAAU,EAAA;AACZ,YAAA,MAAM,IAAIhE,gBAAiB,CAAA,uCAAA,CAAA;AAC7B;AAEA,QAAA,MAAMkE,cAAiB,GAAA,MAAMrC,gBAAW,CAAA,MAAA,CAAA,CAAQsC,aAAa,EAAA;AAE7D,QAAA,IAAI,CAACD,cAAgB,EAAA;AACnB,YAAA,MAAM,IAAIlE,gBACR,CAAA,6EAAA,CAAA;AAEJ;AAEA,QAAA,MAAMc,IAAO,GAAA,MAAMe,gBAAW,CAAA,MAAA,CAAA,CAAQuC,MAAM,CAAC;AAC3C,YAAA,GAAGR,KAAK;YACRH,iBAAmB,EAAA,IAAA;YACnBY,QAAU,EAAA,IAAA;AACVC,YAAAA,KAAAA,EAAOJ,cAAiB,GAAA;AAACA,gBAAAA,cAAAA,CAAe9B;AAAG,aAAA,GAAG;AAChD,SAAA,CAAA;QAEApB,MAAOuD,CAAAA,SAAS,CAACC,IAAI,CAAC,qBAAA,CAAA;QAEtB,IAAI;AACF,YAAA,MAAMzC,cAAiBC,GAAAA,6BAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAgB,EAAA;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC;YACA,MAAMC,MAAAA,GAASC,MAAOrB,CAAAA,IAAAA,CAAKsB,EAAE,CAAA;YAC7B,MAAM,EAAEC,QAAQ,EAAEC,UAAU,EAAE,GAAGC,+BAAoBlC,CAAAA,GAAAA,CAAIG,OAAO,CAACC,IAAI,CAAA;AAErE,YAAA,MAAM,EAAE+B,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cACvD,CAAA,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAU,EAAA;AAAEO,gBAAAA,IAAAA,EAAMN,aAAa,SAAY,GAAA;AAAU,aAAA,CAAA;AAEpF,YAAA,MAAMO,aAAgBC,GAAAA,wCAAAA,CACpBR,UAAa,GAAA,SAAA,GAAY,SACzBI,EAAAA,iBAAAA,CAAAA;AAEFrC,YAAAA,GAAAA,CAAI0C,OAAO,CAACC,GAAG,CAACC,iCAAqBR,YAAcI,EAAAA,aAAAA,CAAAA;AAEnD,YAAA,MAAMK,YAAe,GAAA,MAAMnB,cAAe,CAAA,OAAA,CAAA,CAASoB,mBAAmB,CAACV,YAAAA,CAAAA;AACvE,YAAA,IAAI,WAAWS,YAAc,EAAA;AAC3B,gBAAA,OAAO7C,IAAI4B,mBAAmB,EAAA;AAChC;AAEA,YAAA,MAAM,EAAEO,KAAAA,EAAOY,WAAW,EAAE,GAAGF,YAAAA;AAE/B7C,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBACT4C,IAAM,EAAA;oBACJb,KAAOY,EAAAA,WAAAA;AACPA,oBAAAA,WAAAA;oBACAtC,IAAMe,EAAAA,gBAAAA,CAAW,MAAQC,CAAAA,CAAAA,YAAY,CAAChB,IAAAA;AACxC;AACF,aAAA;AACF,SAAA,CAAE,OAAOK,KAAO,EAAA;AACdH,YAAAA,MAAAA,CAAOsC,GAAG,CAACnC,KAAK,CAAC,8DAAgEA,EAAAA,KAAAA,CAAAA;AACjF,YAAA,OAAOd,IAAI4B,mBAAmB,EAAA;AAChC;AACF,KAAA;AAEA,IAAA,MAAMwC,gBAAepE,GAAY,EAAA;AAC/B,QAAA,MAAMuD,KAAQvD,GAAAA,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAMiE,cAA4Bd,CAAAA,KAAAA,CAAAA;QAElC/B,gBAAW,CAAA,MAAA,CAAA,CAAQ4C,cAAc,CAACb,KAAAA,CAAAA;AAElCvD,QAAAA,GAAAA,CAAIsE,MAAM,GAAG,GAAA;AACf,KAAA;AAEA,IAAA,MAAMC,eAAcvE,GAAY,EAAA;AAC9B,QAAA,MAAMuD,KAAQvD,GAAAA,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAMoE,aAA2BjB,CAAAA,KAAAA,CAAAA;AAEjC,QAAA,MAAM9C,IAAO,GAAA,MAAMe,gBAAW,CAAA,MAAA,CAAA,CAAQ+C,aAAa,CAAChB,KAAAA,CAAAA;;QAGpD,IAAI;AACF,YAAA,MAAM7B,cAAiBC,GAAAA,6BAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAgB,EAAA;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC;YAEA,MAAMC,MAAAA,GAASC,MAAOrB,CAAAA,IAAAA,CAAKsB,EAAE,CAAA;AAC7B,YAAA,MAAMC,QAAWyC,GAAAA,4BAAAA,EAAAA;;YAGjB,MAAM/C,cAAAA,CAAe,OAASgD,CAAAA,CAAAA,sBAAsB,CAAC7C,MAAAA,CAAAA;AAErD,YAAA,MAAM,EAAEM,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cACvD,CAAA,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAU,EAAA;gBAAEO,IAAM,EAAA;AAAU,aAAA,CAAA;;YAG3D,MAAMC,aAAAA,GAAgBC,yCAA6B,SAAWJ,EAAAA,iBAAAA,CAAAA;AAC9DrC,YAAAA,GAAAA,CAAI0C,OAAO,CAACC,GAAG,CAACC,iCAAqBR,YAAcI,EAAAA,aAAAA,CAAAA;AAEnD,YAAA,MAAMK,YAAe,GAAA,MAAMnB,cAAe,CAAA,OAAA,CAAA,CAASoB,mBAAmB,CAACV,YAAAA,CAAAA;AACvE,YAAA,IAAI,WAAWS,YAAc,EAAA;AAC3B,gBAAA,OAAO7C,IAAI4B,mBAAmB,EAAA;AAChC;YAEA,MAAM,EAAEO,KAAK,EAAE,GAAGU,YAAAA;AAElB7C,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBACT4C,IAAM,EAAA;AACJb,oBAAAA,KAAAA;oBACA1B,IAAMe,EAAAA,gBAAAA,CAAW,MAAQC,CAAAA,CAAAA,YAAY,CAAChB,IAAAA;AACxC;AACF,aAAA;AACF,SAAA,CAAE,OAAOD,GAAK,EAAA;AACZG,YAAAA,MAAAA,CAAOsC,GAAG,CAACnC,KAAK,CAAC,8DAAgEN,EAAAA,GAAAA,CAAAA;AACjF,YAAA,OAAOR,IAAI4B,mBAAmB,EAAA;AAChC;AACF,KAAA;AAEA,IAAA,MAAMmB,aAAY/C,GAAY,EAAA;AAC5B,QAAA,MAAMoC,YAAepC,GAAAA,GAAAA,CAAI0C,OAAO,CAACiC,GAAG,CAAC/B,+BAAAA,CAAAA;AAErC,QAAA,IAAI,CAACR,YAAc,EAAA;YACjB,OAAOpC,GAAAA,CAAI4E,YAAY,CAAC,uBAAA,CAAA;AAC1B;QAEA,IAAI;AACF,YAAA,MAAMlD,cAAiBC,GAAAA,6BAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAgB,EAAA;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC;;;AAIA,YAAA,MAAMiD,QAAW,GAAA,MAAMnD,cAAe,CAAA,OAAA,CAAA,CAASoD,kBAAkB,CAAC1C,YAAAA,CAAAA;AAClE,YAAA,IAAI,WAAWyC,QAAU,EAAA;gBACvB,OAAO7E,GAAAA,CAAI4E,YAAY,CAAC,uBAAA,CAAA;AAC1B;AAEA,YAAA,MAAMG,SAAS,MAAMrD,cAAAA,CAAe,SAASoB,mBAAmB,CAAC+B,SAAS1C,KAAK,CAAA;AAC/E,YAAA,IAAI,WAAW4C,MAAQ,EAAA;gBACrB,OAAO/E,GAAAA,CAAI4E,YAAY,CAAC,uBAAA,CAAA;AAC1B;YAEA,MAAM,EAAEzC,KAAK,EAAE,GAAG4C,MAAAA;;AAElB,YAAA,MAAMC,OAAOvC,wCAA6BoC,CAAAA,QAAAA,CAAStC,IAAI,EAAEsC,SAASxC,iBAAiB,CAAA;AAEnFrC,YAAAA,GAAAA,CAAI0C,OAAO,CAACC,GAAG,CAACC,+BAAqBiC,EAAAA,QAAAA,CAAS1C,KAAK,EAAE6C,IAAAA,CAAAA;AACrDhF,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBAAE4C,IAAM,EAAA;AAAEb,oBAAAA;AAAM;AAAE,aAAA;AAC/B,SAAA,CAAE,OAAO3B,GAAK,EAAA;AACZG,YAAAA,MAAAA,CAAOsC,GAAG,CAACnC,KAAK,CAAC,oDAAsDN,EAAAA,GAAAA,CAAAA;AACvE,YAAA,OAAOR,IAAI4B,mBAAmB,EAAA;AAChC;AACF,KAAA;AAEA,IAAA,MAAMqD,QAAOjF,GAAY,EAAA;QACvB,MAAMuB,aAAAA,GAAgBC,iBAAW,MAAQC,CAAAA,CAAAA,YAAY,CAACzB,GAAIsB,CAAAA,KAAK,CAACb,IAAI,CAAA;AACpEE,QAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,cAAgB,EAAA;YAAEJ,IAAMc,EAAAA;AAAc,SAAA,CAAA;AAE3D,QAAA,MAAM2D,YAAelF,GAAAA,GAAAA,CAAIG,OAAO,CAACC,IAAI,EAAE4B,QAAAA;AACvC,QAAA,MAAMA,QAAW,GAAA,OAAOkD,YAAiB,KAAA,QAAA,GAAWA,YAAeC,GAAAA,SAAAA;;AAGnEnF,QAAAA,GAAAA,CAAI0C,OAAO,CAACC,GAAG,CAACC,iCAAqB,EAAI,EAAA;AACvC,YAAA,GAAGwC,mCAAyB,EAAA;AAC5BC,YAAAA,OAAAA,EAAS,IAAIC,IAAK,CAAA,CAAA;AACpB,SAAA,CAAA;QAEA,IAAI;AACF,YAAA,MAAM5D,cAAiBC,GAAAA,6BAAAA,EAAAA;AACvB,YAAA,IAAID,cAAgB,EAAA;AAClB,gBAAA,MAAMG,SAASC,MAAO9B,CAAAA,GAAAA,CAAIsB,KAAK,CAACb,IAAI,CAACsB,EAAE,CAAA;AACvC,gBAAA,MAAML,cAAe,CAAA,OAAA,CAAA,CAASgD,sBAAsB,CAAC7C,MAAQG,EAAAA,QAAAA,CAAAA;AAC/D;AACF,SAAA,CAAE,OAAOxB,GAAK,EAAA;AACZG,YAAAA,MAAAA,CAAOsC,GAAG,CAACnC,KAAK,CAAC,+CAAiDN,EAAAA,GAAAA,CAAAA;AACpE;AAEAR,QAAAA,GAAAA,CAAII,IAAI,GAAG;AAAE4C,YAAAA,IAAAA,EAAM;AAAG,SAAA;AACxB;AACF,CAAE;;;;"}
1
+ {"version":3,"file":"authentication.js","sources":["../../../../../server/src/controllers/authentication.ts"],"sourcesContent":["import type { Context, Next } from 'koa';\nimport passport from 'koa-passport';\nimport compose from 'koa-compose';\nimport '@strapi/types';\nimport { errors } from '@strapi/utils';\nimport { getService } from '../utils';\nimport {\n REFRESH_COOKIE_NAME,\n buildCookieOptionsWithExpiry,\n getSessionManager,\n extractDeviceParams,\n generateDeviceId,\n getRefreshCookieOptions,\n} from '../../../shared/utils/session-auth';\n\nimport {\n validateRegistrationInput,\n validateAdminRegistrationInput,\n validateRegistrationInfoQuery,\n validateForgotPasswordInput,\n validateResetPasswordInput,\n validateLoginSessionInput,\n} from '../validation/authentication';\n\nimport type {\n ForgotPassword,\n Login,\n Register,\n RegistrationInfo,\n ResetPassword,\n} from '../../../shared/contracts/authentication';\nimport { AdminUser } from '../../../shared/contracts/shared';\n\nconst { ApplicationError, ValidationError } = errors;\n\nexport default {\n login: compose([\n async (ctx: Context, next: Next) => {\n await validateLoginSessionInput(ctx.request.body ?? {});\n return next();\n },\n (ctx: Context, next: Next) => {\n return passport.authenticate('local', { session: false }, (err, user, info) => {\n if (err) {\n strapi.eventHub.emit('admin.auth.error', { error: err, provider: 'local' });\n // if this is a recognized error, allow it to bubble up to user\n if (err.details?.code === 'LOGIN_NOT_ALLOWED') {\n throw err;\n }\n\n // for all other errors throw a generic error to prevent leaking info\n return ctx.notImplemented();\n }\n\n if (!user) {\n strapi.eventHub.emit('admin.auth.error', {\n error: new Error(info.message),\n provider: 'local',\n });\n throw new ApplicationError(info.message);\n }\n\n const query = ctx.state as Login.Request['query'];\n query.user = user;\n\n const sanitizedUser = getService('user').sanitizeUser(user);\n strapi.eventHub.emit('admin.auth.success', { user: sanitizedUser, provider: 'local' });\n\n return next();\n })(ctx, next);\n },\n async (ctx: Context) => {\n const { user } = ctx.state as { user: AdminUser };\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n const userId = String(user.id);\n const { deviceId, rememberMe } = extractDeviceParams(ctx.request.body);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, {\n type: rememberMe ? 'refresh' : 'session',\n });\n\n const cookieOptions = buildCookieOptionsWithExpiry(\n rememberMe ? 'refresh' : 'session',\n absoluteExpiresAt,\n ctx.request.secure\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token: accessToken } = accessResult;\n\n ctx.body = {\n data: {\n token: accessToken,\n accessToken,\n user: getService('user').sanitizeUser(ctx.state.user),\n },\n } satisfies Login.Response;\n } catch (error) {\n strapi.log.error('Failed to create admin refresh session', error);\n return ctx.internalServerError();\n }\n },\n ]),\n\n async registrationInfo(ctx: Context) {\n await validateRegistrationInfoQuery(ctx.request.query);\n\n const { registrationToken } = ctx.request.query as RegistrationInfo.Request['query'];\n\n const registrationInfo = await getService('user').findRegistrationInfo(registrationToken);\n\n if (!registrationInfo) {\n throw new ValidationError('Invalid registrationToken');\n }\n\n ctx.body = { data: registrationInfo } satisfies RegistrationInfo.Response;\n },\n\n async register(ctx: Context) {\n const input = ctx.request.body as Register.Request['body'];\n\n await validateRegistrationInput(input);\n\n const user = await getService('user').register(input);\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n const userId = String(user.id);\n const { deviceId, rememberMe } = extractDeviceParams(ctx.request.body);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, { type: rememberMe ? 'refresh' : 'session' });\n\n const cookieOptions = buildCookieOptionsWithExpiry(\n rememberMe ? 'refresh' : 'session',\n absoluteExpiresAt,\n ctx.request.secure\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token: accessToken } = accessResult;\n\n ctx.body = {\n data: {\n token: accessToken,\n accessToken,\n user: getService('user').sanitizeUser(user),\n },\n } satisfies Register.Response;\n } catch (error) {\n strapi.log.error('Failed to create admin refresh session during register', error);\n return ctx.internalServerError();\n }\n },\n\n async registerAdmin(ctx: Context) {\n const input = ctx.request.body as Register.Request['body'];\n\n await validateAdminRegistrationInput(input);\n\n const hasAdmin = await getService('user').exists();\n\n if (hasAdmin) {\n throw new ApplicationError('You cannot register a new super admin');\n }\n\n const superAdminRole = await getService('role').getSuperAdmin();\n\n if (!superAdminRole) {\n throw new ApplicationError(\n \"Cannot register the first admin because the super admin role doesn't exist.\"\n );\n }\n\n const user = await getService('user').create({\n ...input,\n registrationToken: null,\n isActive: true,\n roles: superAdminRole ? [superAdminRole.id] : [],\n });\n\n strapi.telemetry.send('didCreateFirstAdmin');\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n const userId = String(user.id);\n const { deviceId, rememberMe } = extractDeviceParams(ctx.request.body);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, { type: rememberMe ? 'refresh' : 'session' });\n\n const cookieOptions = buildCookieOptionsWithExpiry(\n rememberMe ? 'refresh' : 'session',\n absoluteExpiresAt,\n ctx.request.secure\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token: accessToken } = accessResult;\n\n ctx.body = {\n data: {\n token: accessToken,\n accessToken,\n user: getService('user').sanitizeUser(user),\n },\n };\n } catch (error) {\n strapi.log.error('Failed to create admin refresh session during register-admin', error);\n return ctx.internalServerError();\n }\n },\n\n async forgotPassword(ctx: Context) {\n const input = ctx.request.body as ForgotPassword.Request['body'];\n\n await validateForgotPasswordInput(input);\n\n getService('auth').forgotPassword(input);\n\n ctx.status = 204;\n },\n\n async resetPassword(ctx: Context) {\n const input = ctx.request.body as ResetPassword.Request['body'];\n\n await validateResetPasswordInput(input);\n\n const user = await getService('auth').resetPassword(input);\n\n // Issue a new admin refresh session and access token after password reset.\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n\n const userId = String(user.id);\n const deviceId = generateDeviceId();\n\n // Invalidate all existing sessions before creating a new one\n await sessionManager('admin').invalidateRefreshToken(userId);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, { type: 'session' });\n\n // No rememberMe flow here; expire with session by default (session cookie)\n const cookieOptions = buildCookieOptionsWithExpiry(\n 'session',\n absoluteExpiresAt,\n ctx.request.secure\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token } = accessResult;\n\n ctx.body = {\n data: {\n token,\n user: getService('user').sanitizeUser(user),\n },\n } satisfies ResetPassword.Response;\n } catch (err) {\n strapi.log.error('Failed to create admin refresh session during reset-password', err as any);\n return ctx.internalServerError();\n }\n },\n\n async accessToken(ctx: Context) {\n const refreshToken = ctx.cookies.get(REFRESH_COOKIE_NAME);\n\n if (!refreshToken) {\n return ctx.unauthorized('Missing refresh token');\n }\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n\n // Single-use renewal: rotate on access exchange, then create access token\n // from the new refresh token\n const rotation = await sessionManager('admin').rotateRefreshToken(refreshToken);\n if ('error' in rotation) {\n return ctx.unauthorized('Invalid refresh token');\n }\n\n const result = await sessionManager('admin').generateAccessToken(rotation.token);\n if ('error' in result) {\n return ctx.unauthorized('Invalid refresh token');\n }\n\n const { token } = result;\n // Preserve session-vs-remember mode using rotation.type and rotation.absoluteExpiresAt\n const opts = buildCookieOptionsWithExpiry(\n rotation.type,\n rotation.absoluteExpiresAt,\n ctx.request.secure\n );\n\n ctx.cookies.set(REFRESH_COOKIE_NAME, rotation.token, opts);\n ctx.body = { data: { token } };\n } catch (err) {\n strapi.log.error('Failed to generate access token from refresh token', err as any);\n return ctx.internalServerError();\n }\n },\n\n async logout(ctx: Context) {\n const sanitizedUser = getService('user').sanitizeUser(ctx.state.user);\n strapi.eventHub.emit('admin.logout', { user: sanitizedUser });\n\n const bodyDeviceId = ctx.request.body?.deviceId as string | undefined;\n const deviceId = typeof bodyDeviceId === 'string' ? bodyDeviceId : undefined;\n\n // Clear cookie regardless of token validity\n ctx.cookies.set(REFRESH_COOKIE_NAME, '', {\n ...getRefreshCookieOptions(ctx.request.secure),\n expires: new Date(0),\n });\n\n try {\n const sessionManager = getSessionManager();\n if (sessionManager) {\n const userId = String(ctx.state.user.id);\n await sessionManager('admin').invalidateRefreshToken(userId, deviceId);\n }\n } catch (err) {\n strapi.log.error('Failed to revoke admin sessions during logout', err as any);\n }\n\n ctx.body = { data: {} };\n },\n};\n"],"names":["ApplicationError","ValidationError","errors","login","compose","ctx","next","validateLoginSessionInput","request","body","passport","authenticate","session","err","user","info","strapi","eventHub","emit","error","provider","details","code","notImplemented","Error","message","query","state","sanitizedUser","getService","sanitizeUser","sessionManager","getSessionManager","internalServerError","userId","String","id","deviceId","rememberMe","extractDeviceParams","token","refreshToken","absoluteExpiresAt","generateRefreshToken","type","cookieOptions","buildCookieOptionsWithExpiry","secure","cookies","set","REFRESH_COOKIE_NAME","accessResult","generateAccessToken","accessToken","data","log","registrationInfo","validateRegistrationInfoQuery","registrationToken","findRegistrationInfo","register","input","validateRegistrationInput","registerAdmin","validateAdminRegistrationInput","hasAdmin","exists","superAdminRole","getSuperAdmin","create","isActive","roles","telemetry","send","forgotPassword","validateForgotPasswordInput","status","resetPassword","validateResetPasswordInput","generateDeviceId","invalidateRefreshToken","get","unauthorized","rotation","rotateRefreshToken","result","opts","logout","bodyDeviceId","undefined","getRefreshCookieOptions","expires","Date"],"mappings":";;;;;;;;;;;;;AAiCA,MAAM,EAAEA,gBAAgB,EAAEC,eAAe,EAAE,GAAGC,YAAAA;AAE9C,qBAAe;AACbC,IAAAA,KAAAA,EAAOC,OAAQ,CAAA;AACb,QAAA,OAAOC,GAAcC,EAAAA,IAAAA,GAAAA;AACnB,YAAA,MAAMC,MAA0BF,GAAIG,CAAAA,OAAO,CAACC,IAAI,IAAI,EAAC,CAAA;YACrD,OAAOH,IAAAA,EAAAA;AACT,SAAA;AACA,QAAA,CAACD,GAAcC,EAAAA,IAAAA,GAAAA;YACb,OAAOI,QAAAA,CAASC,YAAY,CAAC,OAAS,EAAA;gBAAEC,OAAS,EAAA;aAAS,EAAA,CAACC,KAAKC,IAAMC,EAAAA,IAAAA,GAAAA;AACpE,gBAAA,IAAIF,GAAK,EAAA;AACPG,oBAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;wBAAEC,KAAON,EAAAA,GAAAA;wBAAKO,QAAU,EAAA;AAAQ,qBAAA,CAAA;;AAEzE,oBAAA,IAAIP,GAAIQ,CAAAA,OAAO,EAAEC,IAAAA,KAAS,mBAAqB,EAAA;wBAC7C,MAAMT,GAAAA;AACR;;AAGA,oBAAA,OAAOR,IAAIkB,cAAc,EAAA;AAC3B;AAEA,gBAAA,IAAI,CAACT,IAAM,EAAA;AACTE,oBAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;wBACvCC,KAAO,EAAA,IAAIK,KAAMT,CAAAA,IAAAA,CAAKU,OAAO,CAAA;wBAC7BL,QAAU,EAAA;AACZ,qBAAA,CAAA;oBACA,MAAM,IAAIpB,gBAAiBe,CAAAA,IAAAA,CAAKU,OAAO,CAAA;AACzC;gBAEA,MAAMC,KAAAA,GAAQrB,IAAIsB,KAAK;AACvBD,gBAAAA,KAAAA,CAAMZ,IAAI,GAAGA,IAAAA;AAEb,gBAAA,MAAMc,aAAgBC,GAAAA,gBAAAA,CAAW,MAAQC,CAAAA,CAAAA,YAAY,CAAChB,IAAAA,CAAAA;AACtDE,gBAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,oBAAsB,EAAA;oBAAEJ,IAAMc,EAAAA,aAAAA;oBAAeR,QAAU,EAAA;AAAQ,iBAAA,CAAA;gBAEpF,OAAOd,IAAAA,EAAAA;AACT,aAAA,CAAA,CAAGD,GAAKC,EAAAA,IAAAA,CAAAA;AACV,SAAA;QACA,OAAOD,GAAAA,GAAAA;AACL,YAAA,MAAM,EAAES,IAAI,EAAE,GAAGT,IAAIsB,KAAK;YAE1B,IAAI;AACF,gBAAA,MAAMI,cAAiBC,GAAAA,6BAAAA,EAAAA;AACvB,gBAAA,IAAI,CAACD,cAAgB,EAAA;AACnB,oBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC;gBACA,MAAMC,MAAAA,GAASC,MAAOrB,CAAAA,IAAAA,CAAKsB,EAAE,CAAA;gBAC7B,MAAM,EAAEC,QAAQ,EAAEC,UAAU,EAAE,GAAGC,+BAAoBlC,CAAAA,GAAAA,CAAIG,OAAO,CAACC,IAAI,CAAA;AAErE,gBAAA,MAAM,EAAE+B,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cACvD,CAAA,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAU,EAAA;AACvCO,oBAAAA,IAAAA,EAAMN,aAAa,SAAY,GAAA;AACjC,iBAAA,CAAA;gBAEA,MAAMO,aAAAA,GAAgBC,yCACpBR,UAAa,GAAA,SAAA,GAAY,WACzBI,iBACArC,EAAAA,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAA;AAEpB1C,gBAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,iCAAqBT,YAAcI,EAAAA,aAAAA,CAAAA;AAEnD,gBAAA,MAAMM,YAAe,GAAA,MAAMpB,cAAe,CAAA,OAAA,CAAA,CAASqB,mBAAmB,CAACX,YAAAA,CAAAA;AACvE,gBAAA,IAAI,WAAWU,YAAc,EAAA;AAC3B,oBAAA,OAAO9C,IAAI4B,mBAAmB,EAAA;AAChC;AAEA,gBAAA,MAAM,EAAEO,KAAAA,EAAOa,WAAW,EAAE,GAAGF,YAAAA;AAE/B9C,gBAAAA,GAAAA,CAAII,IAAI,GAAG;oBACT6C,IAAM,EAAA;wBACJd,KAAOa,EAAAA,WAAAA;AACPA,wBAAAA,WAAAA;AACAvC,wBAAAA,IAAAA,EAAMe,iBAAW,MAAQC,CAAAA,CAAAA,YAAY,CAACzB,GAAIsB,CAAAA,KAAK,CAACb,IAAI;AACtD;AACF,iBAAA;AACF,aAAA,CAAE,OAAOK,KAAO,EAAA;AACdH,gBAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,wCAA0CA,EAAAA,KAAAA,CAAAA;AAC3D,gBAAA,OAAOd,IAAI4B,mBAAmB,EAAA;AAChC;AACF;AACD,KAAA,CAAA;AAED,IAAA,MAAMuB,kBAAiBnD,GAAY,EAAA;AACjC,QAAA,MAAMoD,sCAA8BpD,CAAAA,GAAAA,CAAIG,OAAO,CAACkB,KAAK,CAAA;AAErD,QAAA,MAAM,EAAEgC,iBAAiB,EAAE,GAAGrD,GAAIG,CAAAA,OAAO,CAACkB,KAAK;AAE/C,QAAA,MAAM8B,gBAAmB,GAAA,MAAM3B,gBAAW,CAAA,MAAA,CAAA,CAAQ8B,oBAAoB,CAACD,iBAAAA,CAAAA;AAEvE,QAAA,IAAI,CAACF,gBAAkB,EAAA;AACrB,YAAA,MAAM,IAAIvD,eAAgB,CAAA,2BAAA,CAAA;AAC5B;AAEAI,QAAAA,GAAAA,CAAII,IAAI,GAAG;YAAE6C,IAAME,EAAAA;AAAiB,SAAA;AACtC,KAAA;AAEA,IAAA,MAAMI,UAASvD,GAAY,EAAA;AACzB,QAAA,MAAMwD,KAAQxD,GAAAA,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAMqD,kCAA0BD,CAAAA,KAAAA,CAAAA;AAEhC,QAAA,MAAM/C,IAAO,GAAA,MAAMe,gBAAW,CAAA,MAAA,CAAA,CAAQ+B,QAAQ,CAACC,KAAAA,CAAAA;QAE/C,IAAI;AACF,YAAA,MAAM9B,cAAiBC,GAAAA,6BAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAgB,EAAA;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC;YACA,MAAMC,MAAAA,GAASC,MAAOrB,CAAAA,IAAAA,CAAKsB,EAAE,CAAA;YAC7B,MAAM,EAAEC,QAAQ,EAAEC,UAAU,EAAE,GAAGC,+BAAoBlC,CAAAA,GAAAA,CAAIG,OAAO,CAACC,IAAI,CAAA;AAErE,YAAA,MAAM,EAAE+B,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cACvD,CAAA,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAU,EAAA;AAAEO,gBAAAA,IAAAA,EAAMN,aAAa,SAAY,GAAA;AAAU,aAAA,CAAA;YAEpF,MAAMO,aAAAA,GAAgBC,yCACpBR,UAAa,GAAA,SAAA,GAAY,WACzBI,iBACArC,EAAAA,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAA;AAEpB1C,YAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,iCAAqBT,YAAcI,EAAAA,aAAAA,CAAAA;AAEnD,YAAA,MAAMM,YAAe,GAAA,MAAMpB,cAAe,CAAA,OAAA,CAAA,CAASqB,mBAAmB,CAACX,YAAAA,CAAAA;AACvE,YAAA,IAAI,WAAWU,YAAc,EAAA;AAC3B,gBAAA,OAAO9C,IAAI4B,mBAAmB,EAAA;AAChC;AAEA,YAAA,MAAM,EAAEO,KAAAA,EAAOa,WAAW,EAAE,GAAGF,YAAAA;AAE/B9C,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBACT6C,IAAM,EAAA;oBACJd,KAAOa,EAAAA,WAAAA;AACPA,oBAAAA,WAAAA;oBACAvC,IAAMe,EAAAA,gBAAAA,CAAW,MAAQC,CAAAA,CAAAA,YAAY,CAAChB,IAAAA;AACxC;AACF,aAAA;AACF,SAAA,CAAE,OAAOK,KAAO,EAAA;AACdH,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,wDAA0DA,EAAAA,KAAAA,CAAAA;AAC3E,YAAA,OAAOd,IAAI4B,mBAAmB,EAAA;AAChC;AACF,KAAA;AAEA,IAAA,MAAM8B,eAAc1D,GAAY,EAAA;AAC9B,QAAA,MAAMwD,KAAQxD,GAAAA,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAMuD,uCAA+BH,CAAAA,KAAAA,CAAAA;AAErC,QAAA,MAAMI,QAAW,GAAA,MAAMpC,gBAAW,CAAA,MAAA,CAAA,CAAQqC,MAAM,EAAA;AAEhD,QAAA,IAAID,QAAU,EAAA;AACZ,YAAA,MAAM,IAAIjE,gBAAiB,CAAA,uCAAA,CAAA;AAC7B;AAEA,QAAA,MAAMmE,cAAiB,GAAA,MAAMtC,gBAAW,CAAA,MAAA,CAAA,CAAQuC,aAAa,EAAA;AAE7D,QAAA,IAAI,CAACD,cAAgB,EAAA;AACnB,YAAA,MAAM,IAAInE,gBACR,CAAA,6EAAA,CAAA;AAEJ;AAEA,QAAA,MAAMc,IAAO,GAAA,MAAMe,gBAAW,CAAA,MAAA,CAAA,CAAQwC,MAAM,CAAC;AAC3C,YAAA,GAAGR,KAAK;YACRH,iBAAmB,EAAA,IAAA;YACnBY,QAAU,EAAA,IAAA;AACVC,YAAAA,KAAAA,EAAOJ,cAAiB,GAAA;AAACA,gBAAAA,cAAAA,CAAe/B;AAAG,aAAA,GAAG;AAChD,SAAA,CAAA;QAEApB,MAAOwD,CAAAA,SAAS,CAACC,IAAI,CAAC,qBAAA,CAAA;QAEtB,IAAI;AACF,YAAA,MAAM1C,cAAiBC,GAAAA,6BAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAgB,EAAA;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC;YACA,MAAMC,MAAAA,GAASC,MAAOrB,CAAAA,IAAAA,CAAKsB,EAAE,CAAA;YAC7B,MAAM,EAAEC,QAAQ,EAAEC,UAAU,EAAE,GAAGC,+BAAoBlC,CAAAA,GAAAA,CAAIG,OAAO,CAACC,IAAI,CAAA;AAErE,YAAA,MAAM,EAAE+B,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cACvD,CAAA,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAU,EAAA;AAAEO,gBAAAA,IAAAA,EAAMN,aAAa,SAAY,GAAA;AAAU,aAAA,CAAA;YAEpF,MAAMO,aAAAA,GAAgBC,yCACpBR,UAAa,GAAA,SAAA,GAAY,WACzBI,iBACArC,EAAAA,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAA;AAEpB1C,YAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,iCAAqBT,YAAcI,EAAAA,aAAAA,CAAAA;AAEnD,YAAA,MAAMM,YAAe,GAAA,MAAMpB,cAAe,CAAA,OAAA,CAAA,CAASqB,mBAAmB,CAACX,YAAAA,CAAAA;AACvE,YAAA,IAAI,WAAWU,YAAc,EAAA;AAC3B,gBAAA,OAAO9C,IAAI4B,mBAAmB,EAAA;AAChC;AAEA,YAAA,MAAM,EAAEO,KAAAA,EAAOa,WAAW,EAAE,GAAGF,YAAAA;AAE/B9C,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBACT6C,IAAM,EAAA;oBACJd,KAAOa,EAAAA,WAAAA;AACPA,oBAAAA,WAAAA;oBACAvC,IAAMe,EAAAA,gBAAAA,CAAW,MAAQC,CAAAA,CAAAA,YAAY,CAAChB,IAAAA;AACxC;AACF,aAAA;AACF,SAAA,CAAE,OAAOK,KAAO,EAAA;AACdH,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,8DAAgEA,EAAAA,KAAAA,CAAAA;AACjF,YAAA,OAAOd,IAAI4B,mBAAmB,EAAA;AAChC;AACF,KAAA;AAEA,IAAA,MAAMyC,gBAAerE,GAAY,EAAA;AAC/B,QAAA,MAAMwD,KAAQxD,GAAAA,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAMkE,cAA4Bd,CAAAA,KAAAA,CAAAA;QAElChC,gBAAW,CAAA,MAAA,CAAA,CAAQ6C,cAAc,CAACb,KAAAA,CAAAA;AAElCxD,QAAAA,GAAAA,CAAIuE,MAAM,GAAG,GAAA;AACf,KAAA;AAEA,IAAA,MAAMC,eAAcxE,GAAY,EAAA;AAC9B,QAAA,MAAMwD,KAAQxD,GAAAA,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAMqE,aAA2BjB,CAAAA,KAAAA,CAAAA;AAEjC,QAAA,MAAM/C,IAAO,GAAA,MAAMe,gBAAW,CAAA,MAAA,CAAA,CAAQgD,aAAa,CAAChB,KAAAA,CAAAA;;QAGpD,IAAI;AACF,YAAA,MAAM9B,cAAiBC,GAAAA,6BAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAgB,EAAA;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC;YAEA,MAAMC,MAAAA,GAASC,MAAOrB,CAAAA,IAAAA,CAAKsB,EAAE,CAAA;AAC7B,YAAA,MAAMC,QAAW0C,GAAAA,4BAAAA,EAAAA;;YAGjB,MAAMhD,cAAAA,CAAe,OAASiD,CAAAA,CAAAA,sBAAsB,CAAC9C,MAAAA,CAAAA;AAErD,YAAA,MAAM,EAAEM,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cACvD,CAAA,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAU,EAAA;gBAAEO,IAAM,EAAA;AAAU,aAAA,CAAA;;AAG3D,YAAA,MAAMC,gBAAgBC,wCACpB,CAAA,SAAA,EACAJ,mBACArC,GAAIG,CAAAA,OAAO,CAACuC,MAAM,CAAA;AAEpB1C,YAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,iCAAqBT,YAAcI,EAAAA,aAAAA,CAAAA;AAEnD,YAAA,MAAMM,YAAe,GAAA,MAAMpB,cAAe,CAAA,OAAA,CAAA,CAASqB,mBAAmB,CAACX,YAAAA,CAAAA;AACvE,YAAA,IAAI,WAAWU,YAAc,EAAA;AAC3B,gBAAA,OAAO9C,IAAI4B,mBAAmB,EAAA;AAChC;YAEA,MAAM,EAAEO,KAAK,EAAE,GAAGW,YAAAA;AAElB9C,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBACT6C,IAAM,EAAA;AACJd,oBAAAA,KAAAA;oBACA1B,IAAMe,EAAAA,gBAAAA,CAAW,MAAQC,CAAAA,CAAAA,YAAY,CAAChB,IAAAA;AACxC;AACF,aAAA;AACF,SAAA,CAAE,OAAOD,GAAK,EAAA;AACZG,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,8DAAgEN,EAAAA,GAAAA,CAAAA;AACjF,YAAA,OAAOR,IAAI4B,mBAAmB,EAAA;AAChC;AACF,KAAA;AAEA,IAAA,MAAMoB,aAAYhD,GAAY,EAAA;AAC5B,QAAA,MAAMoC,YAAepC,GAAAA,GAAAA,CAAI2C,OAAO,CAACiC,GAAG,CAAC/B,+BAAAA,CAAAA;AAErC,QAAA,IAAI,CAACT,YAAc,EAAA;YACjB,OAAOpC,GAAAA,CAAI6E,YAAY,CAAC,uBAAA,CAAA;AAC1B;QAEA,IAAI;AACF,YAAA,MAAMnD,cAAiBC,GAAAA,6BAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAgB,EAAA;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC;;;AAIA,YAAA,MAAMkD,QAAW,GAAA,MAAMpD,cAAe,CAAA,OAAA,CAAA,CAASqD,kBAAkB,CAAC3C,YAAAA,CAAAA;AAClE,YAAA,IAAI,WAAW0C,QAAU,EAAA;gBACvB,OAAO9E,GAAAA,CAAI6E,YAAY,CAAC,uBAAA,CAAA;AAC1B;AAEA,YAAA,MAAMG,SAAS,MAAMtD,cAAAA,CAAe,SAASqB,mBAAmB,CAAC+B,SAAS3C,KAAK,CAAA;AAC/E,YAAA,IAAI,WAAW6C,MAAQ,EAAA;gBACrB,OAAOhF,GAAAA,CAAI6E,YAAY,CAAC,uBAAA,CAAA;AAC1B;YAEA,MAAM,EAAE1C,KAAK,EAAE,GAAG6C,MAAAA;;YAElB,MAAMC,IAAAA,GAAOxC,wCACXqC,CAAAA,QAAAA,CAASvC,IAAI,EACbuC,QAASzC,CAAAA,iBAAiB,EAC1BrC,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAA;AAGpB1C,YAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,+BAAqBiC,EAAAA,QAAAA,CAAS3C,KAAK,EAAE8C,IAAAA,CAAAA;AACrDjF,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBAAE6C,IAAM,EAAA;AAAEd,oBAAAA;AAAM;AAAE,aAAA;AAC/B,SAAA,CAAE,OAAO3B,GAAK,EAAA;AACZG,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,oDAAsDN,EAAAA,GAAAA,CAAAA;AACvE,YAAA,OAAOR,IAAI4B,mBAAmB,EAAA;AAChC;AACF,KAAA;AAEA,IAAA,MAAMsD,QAAOlF,GAAY,EAAA;QACvB,MAAMuB,aAAAA,GAAgBC,iBAAW,MAAQC,CAAAA,CAAAA,YAAY,CAACzB,GAAIsB,CAAAA,KAAK,CAACb,IAAI,CAAA;AACpEE,QAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,cAAgB,EAAA;YAAEJ,IAAMc,EAAAA;AAAc,SAAA,CAAA;AAE3D,QAAA,MAAM4D,YAAenF,GAAAA,GAAAA,CAAIG,OAAO,CAACC,IAAI,EAAE4B,QAAAA;AACvC,QAAA,MAAMA,QAAW,GAAA,OAAOmD,YAAiB,KAAA,QAAA,GAAWA,YAAeC,GAAAA,SAAAA;;AAGnEpF,QAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,iCAAqB,EAAI,EAAA;AACvC,YAAA,GAAGwC,mCAAwBrF,CAAAA,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAC;AAC9C4C,YAAAA,OAAAA,EAAS,IAAIC,IAAK,CAAA,CAAA;AACpB,SAAA,CAAA;QAEA,IAAI;AACF,YAAA,MAAM7D,cAAiBC,GAAAA,6BAAAA,EAAAA;AACvB,YAAA,IAAID,cAAgB,EAAA;AAClB,gBAAA,MAAMG,SAASC,MAAO9B,CAAAA,GAAAA,CAAIsB,KAAK,CAACb,IAAI,CAACsB,EAAE,CAAA;AACvC,gBAAA,MAAML,cAAe,CAAA,OAAA,CAAA,CAASiD,sBAAsB,CAAC9C,MAAQG,EAAAA,QAAAA,CAAAA;AAC/D;AACF,SAAA,CAAE,OAAOxB,GAAK,EAAA;AACZG,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,+CAAiDN,EAAAA,GAAAA,CAAAA;AACpE;AAEAR,QAAAA,GAAAA,CAAII,IAAI,GAAG;AAAE6C,YAAAA,IAAAA,EAAM;AAAG,SAAA;AACxB;AACF,CAAE;;;;"}