@strapi/admin 5.28.0 → 5.30.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (73) hide show
  1. package/dist/admin/admin/src/components/FormInputs/Json.js +1 -1
  2. package/dist/admin/admin/src/components/FormInputs/Json.js.map +1 -1
  3. package/dist/admin/admin/src/components/FormInputs/Json.mjs +1 -1
  4. package/dist/admin/admin/src/components/FormInputs/Json.mjs.map +1 -1
  5. package/dist/admin/admin/src/components/FormInputs/String.js +2 -1
  6. package/dist/admin/admin/src/components/FormInputs/String.js.map +1 -1
  7. package/dist/admin/admin/src/components/FormInputs/String.mjs +2 -1
  8. package/dist/admin/admin/src/components/FormInputs/String.mjs.map +1 -1
  9. package/dist/admin/admin/src/components/SubNav.js +9 -2
  10. package/dist/admin/admin/src/components/SubNav.js.map +1 -1
  11. package/dist/admin/admin/src/components/SubNav.mjs +9 -2
  12. package/dist/admin/admin/src/components/SubNav.mjs.map +1 -1
  13. package/dist/admin/admin/src/components/Theme.js +34 -1
  14. package/dist/admin/admin/src/components/Theme.js.map +1 -1
  15. package/dist/admin/admin/src/components/Theme.mjs +34 -1
  16. package/dist/admin/admin/src/components/Theme.mjs.map +1 -1
  17. package/dist/admin/admin/src/pages/Auth/components/Login.js +1 -1
  18. package/dist/admin/admin/src/pages/Auth/components/Login.js.map +1 -1
  19. package/dist/admin/admin/src/pages/Auth/components/Login.mjs +1 -1
  20. package/dist/admin/admin/src/pages/Auth/components/Login.mjs.map +1 -1
  21. package/dist/admin/admin/src/pages/Home/HomePage.js.map +1 -1
  22. package/dist/admin/admin/src/pages/Home/HomePage.mjs.map +1 -1
  23. package/dist/admin/admin/src/pages/Settings/components/Tokens/TokenName.js +1 -0
  24. package/dist/admin/admin/src/pages/Settings/components/Tokens/TokenName.js.map +1 -1
  25. package/dist/admin/admin/src/pages/Settings/components/Tokens/TokenName.mjs +1 -0
  26. package/dist/admin/admin/src/pages/Settings/components/Tokens/TokenName.mjs.map +1 -1
  27. package/dist/admin/admin/src/pages/Settings/pages/ApplicationInfo/components/LogoInput.js +1 -0
  28. package/dist/admin/admin/src/pages/Settings/pages/ApplicationInfo/components/LogoInput.js.map +1 -1
  29. package/dist/admin/admin/src/pages/Settings/pages/ApplicationInfo/components/LogoInput.mjs +1 -0
  30. package/dist/admin/admin/src/pages/Settings/pages/ApplicationInfo/components/LogoInput.mjs.map +1 -1
  31. package/dist/admin/admin/src/pages/Settings/pages/Roles/CreatePage.js +1 -0
  32. package/dist/admin/admin/src/pages/Settings/pages/Roles/CreatePage.js.map +1 -1
  33. package/dist/admin/admin/src/pages/Settings/pages/Roles/CreatePage.mjs +1 -0
  34. package/dist/admin/admin/src/pages/Settings/pages/Roles/CreatePage.mjs.map +1 -1
  35. package/dist/admin/admin/src/pages/Settings/pages/Roles/components/RoleForm.js +2 -1
  36. package/dist/admin/admin/src/pages/Settings/pages/Roles/components/RoleForm.js.map +1 -1
  37. package/dist/admin/admin/src/pages/Settings/pages/Roles/components/RoleForm.mjs +2 -1
  38. package/dist/admin/admin/src/pages/Settings/pages/Roles/components/RoleForm.mjs.map +1 -1
  39. package/dist/admin/admin/src/pages/Settings/pages/Webhooks/components/HeadersInput.js +1 -1
  40. package/dist/admin/admin/src/pages/Settings/pages/Webhooks/components/HeadersInput.js.map +1 -1
  41. package/dist/admin/admin/src/pages/Settings/pages/Webhooks/components/HeadersInput.mjs +1 -1
  42. package/dist/admin/admin/src/pages/Settings/pages/Webhooks/components/HeadersInput.mjs.map +1 -1
  43. package/dist/admin/admin/src/pages/UseCasePage.js +1 -0
  44. package/dist/admin/admin/src/pages/UseCasePage.js.map +1 -1
  45. package/dist/admin/admin/src/pages/UseCasePage.mjs +1 -0
  46. package/dist/admin/admin/src/pages/UseCasePage.mjs.map +1 -1
  47. package/dist/admin/admin/src/translations/en.json.js +6 -0
  48. package/dist/admin/admin/src/translations/en.json.js.map +1 -1
  49. package/dist/admin/admin/src/translations/en.json.mjs +6 -0
  50. package/dist/admin/admin/src/translations/en.json.mjs.map +1 -1
  51. package/dist/admin/src/components/SubNav.d.ts +1 -1
  52. package/dist/server/server/src/controllers/authentication.js +6 -6
  53. package/dist/server/server/src/controllers/authentication.js.map +1 -1
  54. package/dist/server/server/src/controllers/authentication.mjs +6 -6
  55. package/dist/server/server/src/controllers/authentication.mjs.map +1 -1
  56. package/dist/server/server/src/register.js +2 -1
  57. package/dist/server/server/src/register.js.map +1 -1
  58. package/dist/server/server/src/register.mjs +2 -1
  59. package/dist/server/server/src/register.mjs.map +1 -1
  60. package/dist/server/server/src/services/user.js +30 -0
  61. package/dist/server/server/src/services/user.js.map +1 -1
  62. package/dist/server/server/src/services/user.mjs +30 -0
  63. package/dist/server/server/src/services/user.mjs.map +1 -1
  64. package/dist/server/shared/utils/session-auth.js +11 -4
  65. package/dist/server/shared/utils/session-auth.js.map +1 -1
  66. package/dist/server/shared/utils/session-auth.mjs +11 -4
  67. package/dist/server/shared/utils/session-auth.mjs.map +1 -1
  68. package/dist/server/src/controllers/authentication.d.ts.map +1 -1
  69. package/dist/server/src/register.d.ts.map +1 -1
  70. package/dist/server/src/services/user.d.ts.map +1 -1
  71. package/dist/shared/utils/session-auth.d.ts +2 -2
  72. package/dist/shared/utils/session-auth.d.ts.map +1 -1
  73. package/package.json +7 -7
package/dist/admin/admin/src/translations/en.json.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"en.json.mjs","sources":[],"sourcesContent":[],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;"}
1
+ {"version":3,"file":"en.json.mjs","sources":[],"sourcesContent":[],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;"}
package/dist/admin/src/components/SubNav.d.ts CHANGED
@@ -20,7 +20,7 @@ export declare const SubNav: {
20
20
  }) => import("react/jsx-runtime").JSX.Element;
21
21
  Sections: ({ children, ...props }: {
22
22
  children: React.ReactNode[];
23
- [key: string]: any;
23
+ [key: string]: unknown;
24
24
  }) => import("react/jsx-runtime").JSX.Element;
25
25
  Section: ({ label, children, link, sectionId, badgeLabel, }: {
26
26
  label: string;
package/dist/server/server/src/controllers/authentication.js CHANGED
@@ -63,7 +63,7 @@ var authentication = {
63
63
  const { token: refreshToken, absoluteExpiresAt } = await sessionManager('admin').generateRefreshToken(userId, deviceId, {
64
64
  type: rememberMe ? 'refresh' : 'session'
65
65
  });
66
- const cookieOptions = sessionAuth.buildCookieOptionsWithExpiry(rememberMe ? 'refresh' : 'session', absoluteExpiresAt);
66
+ const cookieOptions = sessionAuth.buildCookieOptionsWithExpiry(rememberMe ? 'refresh' : 'session', absoluteExpiresAt, ctx.request.secure);
67
67
  ctx.cookies.set(sessionAuth.REFRESH_COOKIE_NAME, refreshToken, cookieOptions);
68
68
  const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);
69
69
  if ('error' in accessResult) {
@@ -108,7 +108,7 @@ var authentication = {
108
108
  const { token: refreshToken, absoluteExpiresAt } = await sessionManager('admin').generateRefreshToken(userId, deviceId, {
109
109
  type: rememberMe ? 'refresh' : 'session'
110
110
  });
111
- const cookieOptions = sessionAuth.buildCookieOptionsWithExpiry(rememberMe ? 'refresh' : 'session', absoluteExpiresAt);
111
+ const cookieOptions = sessionAuth.buildCookieOptionsWithExpiry(rememberMe ? 'refresh' : 'session', absoluteExpiresAt, ctx.request.secure);
112
112
  ctx.cookies.set(sessionAuth.REFRESH_COOKIE_NAME, refreshToken, cookieOptions);
113
113
  const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);
114
114
  if ('error' in accessResult) {
@@ -157,7 +157,7 @@ var authentication = {
157
157
  const { token: refreshToken, absoluteExpiresAt } = await sessionManager('admin').generateRefreshToken(userId, deviceId, {
158
158
  type: rememberMe ? 'refresh' : 'session'
159
159
  });
160
- const cookieOptions = sessionAuth.buildCookieOptionsWithExpiry(rememberMe ? 'refresh' : 'session', absoluteExpiresAt);
160
+ const cookieOptions = sessionAuth.buildCookieOptionsWithExpiry(rememberMe ? 'refresh' : 'session', absoluteExpiresAt, ctx.request.secure);
161
161
  ctx.cookies.set(sessionAuth.REFRESH_COOKIE_NAME, refreshToken, cookieOptions);
162
162
  const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);
163
163
  if ('error' in accessResult) {
@@ -200,7 +200,7 @@ var authentication = {
200
200
  type: 'session'
201
201
  });
202
202
  // No rememberMe flow here; expire with session by default (session cookie)
203
- const cookieOptions = sessionAuth.buildCookieOptionsWithExpiry('session', absoluteExpiresAt);
203
+ const cookieOptions = sessionAuth.buildCookieOptionsWithExpiry('session', absoluteExpiresAt, ctx.request.secure);
204
204
  ctx.cookies.set(sessionAuth.REFRESH_COOKIE_NAME, refreshToken, cookieOptions);
205
205
  const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);
206
206
  if ('error' in accessResult) {
@@ -240,7 +240,7 @@ var authentication = {
240
240
  }
241
241
  const { token } = result;
242
242
  // Preserve session-vs-remember mode using rotation.type and rotation.absoluteExpiresAt
243
- const opts = sessionAuth.buildCookieOptionsWithExpiry(rotation.type, rotation.absoluteExpiresAt);
243
+ const opts = sessionAuth.buildCookieOptionsWithExpiry(rotation.type, rotation.absoluteExpiresAt, ctx.request.secure);
244
244
  ctx.cookies.set(sessionAuth.REFRESH_COOKIE_NAME, rotation.token, opts);
245
245
  ctx.body = {
246
246
  data: {
@@ -261,7 +261,7 @@ var authentication = {
261
261
  const deviceId = typeof bodyDeviceId === 'string' ? bodyDeviceId : undefined;
262
262
  // Clear cookie regardless of token validity
263
263
  ctx.cookies.set(sessionAuth.REFRESH_COOKIE_NAME, '', {
264
- ...sessionAuth.getRefreshCookieOptions(),
264
+ ...sessionAuth.getRefreshCookieOptions(ctx.request.secure),
265
265
  expires: new Date(0)
266
266
  });
267
267
  try {
package/dist/server/server/src/controllers/authentication.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"authentication.js","sources":["../../../../../server/src/controllers/authentication.ts"],"sourcesContent":["import type { Context, Next } from 'koa';\nimport passport from 'koa-passport';\nimport compose from 'koa-compose';\nimport '@strapi/types';\nimport { errors } from '@strapi/utils';\nimport { getService } from '../utils';\nimport {\n REFRESH_COOKIE_NAME,\n buildCookieOptionsWithExpiry,\n getSessionManager,\n extractDeviceParams,\n generateDeviceId,\n getRefreshCookieOptions,\n} from '../../../shared/utils/session-auth';\n\nimport {\n validateRegistrationInput,\n validateAdminRegistrationInput,\n validateRegistrationInfoQuery,\n validateForgotPasswordInput,\n validateResetPasswordInput,\n validateLoginSessionInput,\n} from '../validation/authentication';\n\nimport type {\n ForgotPassword,\n Login,\n Register,\n RegistrationInfo,\n ResetPassword,\n} from '../../../shared/contracts/authentication';\nimport { AdminUser } from '../../../shared/contracts/shared';\n\nconst { ApplicationError, ValidationError } = errors;\n\nexport default {\n login: compose([\n async (ctx: Context, next: Next) => {\n await validateLoginSessionInput(ctx.request.body ?? {});\n return next();\n },\n (ctx: Context, next: Next) => {\n return passport.authenticate('local', { session: false }, (err, user, info) => {\n if (err) {\n strapi.eventHub.emit('admin.auth.error', { error: err, provider: 'local' });\n // if this is a recognized error, allow it to bubble up to user\n if (err.details?.code === 'LOGIN_NOT_ALLOWED') {\n throw err;\n }\n\n // for all other errors throw a generic error to prevent leaking info\n return ctx.notImplemented();\n }\n\n if (!user) {\n strapi.eventHub.emit('admin.auth.error', {\n error: new Error(info.message),\n provider: 'local',\n });\n throw new ApplicationError(info.message);\n }\n\n const query = ctx.state as Login.Request['query'];\n query.user = user;\n\n const sanitizedUser = getService('user').sanitizeUser(user);\n strapi.eventHub.emit('admin.auth.success', { user: sanitizedUser, provider: 'local' });\n\n return next();\n })(ctx, next);\n },\n async (ctx: Context) => {\n const { user } = ctx.state as { user: AdminUser };\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n const userId = String(user.id);\n const { deviceId, rememberMe } = extractDeviceParams(ctx.request.body);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, {\n type: rememberMe ? 'refresh' : 'session',\n });\n\n const cookieOptions = buildCookieOptionsWithExpiry(\n rememberMe ? 'refresh' : 'session',\n absoluteExpiresAt\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token: accessToken } = accessResult;\n\n ctx.body = {\n data: {\n token: accessToken,\n accessToken,\n user: getService('user').sanitizeUser(ctx.state.user),\n },\n } satisfies Login.Response;\n } catch (error) {\n strapi.log.error('Failed to create admin refresh session', error);\n return ctx.internalServerError();\n }\n },\n ]),\n\n async registrationInfo(ctx: Context) {\n await validateRegistrationInfoQuery(ctx.request.query);\n\n const { registrationToken } = ctx.request.query as RegistrationInfo.Request['query'];\n\n const registrationInfo = await getService('user').findRegistrationInfo(registrationToken);\n\n if (!registrationInfo) {\n throw new ValidationError('Invalid registrationToken');\n }\n\n ctx.body = { data: registrationInfo } satisfies RegistrationInfo.Response;\n },\n\n async register(ctx: Context) {\n const input = ctx.request.body as Register.Request['body'];\n\n await validateRegistrationInput(input);\n\n const user = await getService('user').register(input);\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n const userId = String(user.id);\n const { deviceId, rememberMe } = extractDeviceParams(ctx.request.body);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, { type: rememberMe ? 'refresh' : 'session' });\n\n const cookieOptions = buildCookieOptionsWithExpiry(\n rememberMe ? 'refresh' : 'session',\n absoluteExpiresAt\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token: accessToken } = accessResult;\n\n ctx.body = {\n data: {\n token: accessToken,\n accessToken,\n user: getService('user').sanitizeUser(user),\n },\n } satisfies Register.Response;\n } catch (error) {\n strapi.log.error('Failed to create admin refresh session during register', error);\n return ctx.internalServerError();\n }\n },\n\n async registerAdmin(ctx: Context) {\n const input = ctx.request.body as Register.Request['body'];\n\n await validateAdminRegistrationInput(input);\n\n const hasAdmin = await getService('user').exists();\n\n if (hasAdmin) {\n throw new ApplicationError('You cannot register a new super admin');\n }\n\n const superAdminRole = await getService('role').getSuperAdmin();\n\n if (!superAdminRole) {\n throw new ApplicationError(\n \"Cannot register the first admin because the super admin role doesn't exist.\"\n );\n }\n\n const user = await getService('user').create({\n ...input,\n registrationToken: null,\n isActive: true,\n roles: superAdminRole ? [superAdminRole.id] : [],\n });\n\n strapi.telemetry.send('didCreateFirstAdmin');\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n const userId = String(user.id);\n const { deviceId, rememberMe } = extractDeviceParams(ctx.request.body);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, { type: rememberMe ? 'refresh' : 'session' });\n\n const cookieOptions = buildCookieOptionsWithExpiry(\n rememberMe ? 'refresh' : 'session',\n absoluteExpiresAt\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token: accessToken } = accessResult;\n\n ctx.body = {\n data: {\n token: accessToken,\n accessToken,\n user: getService('user').sanitizeUser(user),\n },\n };\n } catch (error) {\n strapi.log.error('Failed to create admin refresh session during register-admin', error);\n return ctx.internalServerError();\n }\n },\n\n async forgotPassword(ctx: Context) {\n const input = ctx.request.body as ForgotPassword.Request['body'];\n\n await validateForgotPasswordInput(input);\n\n getService('auth').forgotPassword(input);\n\n ctx.status = 204;\n },\n\n async resetPassword(ctx: Context) {\n const input = ctx.request.body as ResetPassword.Request['body'];\n\n await validateResetPasswordInput(input);\n\n const user = await getService('auth').resetPassword(input);\n\n // Issue a new admin refresh session and access token after password reset.\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n\n const userId = String(user.id);\n const deviceId = generateDeviceId();\n\n // Invalidate all existing sessions before creating a new one\n await sessionManager('admin').invalidateRefreshToken(userId);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, { type: 'session' });\n\n // No rememberMe flow here; expire with session by default (session cookie)\n const cookieOptions = buildCookieOptionsWithExpiry('session', absoluteExpiresAt);\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token } = accessResult;\n\n ctx.body = {\n data: {\n token,\n user: getService('user').sanitizeUser(user),\n },\n } satisfies ResetPassword.Response;\n } catch (err) {\n strapi.log.error('Failed to create admin refresh session during reset-password', err as any);\n return ctx.internalServerError();\n }\n },\n\n async accessToken(ctx: Context) {\n const refreshToken = ctx.cookies.get(REFRESH_COOKIE_NAME);\n\n if (!refreshToken) {\n return ctx.unauthorized('Missing refresh token');\n }\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n\n // Single-use renewal: rotate on access exchange, then create access token\n // from the new refresh token\n const rotation = await sessionManager('admin').rotateRefreshToken(refreshToken);\n if ('error' in rotation) {\n return ctx.unauthorized('Invalid refresh token');\n }\n\n const result = await sessionManager('admin').generateAccessToken(rotation.token);\n if ('error' in result) {\n return ctx.unauthorized('Invalid refresh token');\n }\n\n const { token } = result;\n // Preserve session-vs-remember mode using rotation.type and rotation.absoluteExpiresAt\n const opts = buildCookieOptionsWithExpiry(rotation.type, rotation.absoluteExpiresAt);\n\n ctx.cookies.set(REFRESH_COOKIE_NAME, rotation.token, opts);\n ctx.body = { data: { token } };\n } catch (err) {\n strapi.log.error('Failed to generate access token from refresh token', err as any);\n return ctx.internalServerError();\n }\n },\n\n async logout(ctx: Context) {\n const sanitizedUser = getService('user').sanitizeUser(ctx.state.user);\n strapi.eventHub.emit('admin.logout', { user: sanitizedUser });\n\n const bodyDeviceId = ctx.request.body?.deviceId as string | undefined;\n const deviceId = typeof bodyDeviceId === 'string' ? bodyDeviceId : undefined;\n\n // Clear cookie regardless of token validity\n ctx.cookies.set(REFRESH_COOKIE_NAME, '', {\n ...getRefreshCookieOptions(),\n expires: new Date(0),\n });\n\n try {\n const sessionManager = getSessionManager();\n if (sessionManager) {\n const userId = String(ctx.state.user.id);\n await sessionManager('admin').invalidateRefreshToken(userId, deviceId);\n }\n } catch (err) {\n strapi.log.error('Failed to revoke admin sessions during logout', err as any);\n }\n\n ctx.body = { data: {} };\n },\n};\n"],"names":["ApplicationError","ValidationError","errors","login","compose","ctx","next","validateLoginSessionInput","request","body","passport","authenticate","session","err","user","info","strapi","eventHub","emit","error","provider","details","code","notImplemented","Error","message","query","state","sanitizedUser","getService","sanitizeUser","sessionManager","getSessionManager","internalServerError","userId","String","id","deviceId","rememberMe","extractDeviceParams","token","refreshToken","absoluteExpiresAt","generateRefreshToken","type","cookieOptions","buildCookieOptionsWithExpiry","cookies","set","REFRESH_COOKIE_NAME","accessResult","generateAccessToken","accessToken","data","log","registrationInfo","validateRegistrationInfoQuery","registrationToken","findRegistrationInfo","register","input","validateRegistrationInput","registerAdmin","validateAdminRegistrationInput","hasAdmin","exists","superAdminRole","getSuperAdmin","create","isActive","roles","telemetry","send","forgotPassword","validateForgotPasswordInput","status","resetPassword","validateResetPasswordInput","generateDeviceId","invalidateRefreshToken","get","unauthorized","rotation","rotateRefreshToken","result","opts","logout","bodyDeviceId","undefined","getRefreshCookieOptions","expires","Date"],"mappings":";;;;;;;;;;;;;AAiCA,MAAM,EAAEA,gBAAgB,EAAEC,eAAe,EAAE,GAAGC,YAAAA;AAE9C,qBAAe;AACbC,IAAAA,KAAAA,EAAOC,OAAQ,CAAA;AACb,QAAA,OAAOC,GAAcC,EAAAA,IAAAA,GAAAA;AACnB,YAAA,MAAMC,MAA0BF,GAAIG,CAAAA,OAAO,CAACC,IAAI,IAAI,EAAC,CAAA;YACrD,OAAOH,IAAAA,EAAAA;AACT,SAAA;AACA,QAAA,CAACD,GAAcC,EAAAA,IAAAA,GAAAA;YACb,OAAOI,QAAAA,CAASC,YAAY,CAAC,OAAS,EAAA;gBAAEC,OAAS,EAAA;aAAS,EAAA,CAACC,KAAKC,IAAMC,EAAAA,IAAAA,GAAAA;AACpE,gBAAA,IAAIF,GAAK,EAAA;AACPG,oBAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;wBAAEC,KAAON,EAAAA,GAAAA;wBAAKO,QAAU,EAAA;AAAQ,qBAAA,CAAA;;AAEzE,oBAAA,IAAIP,GAAIQ,CAAAA,OAAO,EAAEC,IAAAA,KAAS,mBAAqB,EAAA;wBAC7C,MAAMT,GAAAA;AACR;;AAGA,oBAAA,OAAOR,IAAIkB,cAAc,EAAA;AAC3B;AAEA,gBAAA,IAAI,CAACT,IAAM,EAAA;AACTE,oBAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;wBACvCC,KAAO,EAAA,IAAIK,KAAMT,CAAAA,IAAAA,CAAKU,OAAO,CAAA;wBAC7BL,QAAU,EAAA;AACZ,qBAAA,CAAA;oBACA,MAAM,IAAIpB,gBAAiBe,CAAAA,IAAAA,CAAKU,OAAO,CAAA;AACzC;gBAEA,MAAMC,KAAAA,GAAQrB,IAAIsB,KAAK;AACvBD,gBAAAA,KAAAA,CAAMZ,IAAI,GAAGA,IAAAA;AAEb,gBAAA,MAAMc,aAAgBC,GAAAA,gBAAAA,CAAW,MAAQC,CAAAA,CAAAA,YAAY,CAAChB,IAAAA,CAAAA;AACtDE,gBAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,oBAAsB,EAAA;oBAAEJ,IAAMc,EAAAA,aAAAA;oBAAeR,QAAU,EAAA;AAAQ,iBAAA,CAAA;gBAEpF,OAAOd,IAAAA,EAAAA;AACT,aAAA,CAAA,CAAGD,GAAKC,EAAAA,IAAAA,CAAAA;AACV,SAAA;QACA,OAAOD,GAAAA,GAAAA;AACL,YAAA,MAAM,EAAES,IAAI,EAAE,GAAGT,IAAIsB,KAAK;YAE1B,IAAI;AACF,gBAAA,MAAMI,cAAiBC,GAAAA,6BAAAA,EAAAA;AACvB,gBAAA,IAAI,CAACD,cAAgB,EAAA;AACnB,oBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC;gBACA,MAAMC,MAAAA,GAASC,MAAOrB,CAAAA,IAAAA,CAAKsB,EAAE,CAAA;gBAC7B,MAAM,EAAEC,QAAQ,EAAEC,UAAU,EAAE,GAAGC,+BAAoBlC,CAAAA,GAAAA,CAAIG,OAAO,CAACC,IAAI,CAAA;AAErE,gBAAA,MAAM,EAAE+B,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cACvD,CAAA,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAU,EAAA;AACvCO,oBAAAA,IAAAA,EAAMN,aAAa,SAAY,GAAA;AACjC,iBAAA,CAAA;AAEA,gBAAA,MAAMO,aAAgBC,GAAAA,wCAAAA,CACpBR,UAAa,GAAA,SAAA,GAAY,SACzBI,EAAAA,iBAAAA,CAAAA;AAEFrC,gBAAAA,GAAAA,CAAI0C,OAAO,CAACC,GAAG,CAACC,iCAAqBR,YAAcI,EAAAA,aAAAA,CAAAA;AAEnD,gBAAA,MAAMK,YAAe,GAAA,MAAMnB,cAAe,CAAA,OAAA,CAAA,CAASoB,mBAAmB,CAACV,YAAAA,CAAAA;AACvE,gBAAA,IAAI,WAAWS,YAAc,EAAA;AAC3B,oBAAA,OAAO7C,IAAI4B,mBAAmB,EAAA;AAChC;AAEA,gBAAA,MAAM,EAAEO,KAAAA,EAAOY,WAAW,EAAE,GAAGF,YAAAA;AAE/B7C,gBAAAA,GAAAA,CAAII,IAAI,GAAG;oBACT4C,IAAM,EAAA;wBACJb,KAAOY,EAAAA,WAAAA;AACPA,wBAAAA,WAAAA;AACAtC,wBAAAA,IAAAA,EAAMe,iBAAW,MAAQC,CAAAA,CAAAA,YAAY,CAACzB,GAAIsB,CAAAA,KAAK,CAACb,IAAI;AACtD;AACF,iBAAA;AACF,aAAA,CAAE,OAAOK,KAAO,EAAA;AACdH,gBAAAA,MAAAA,CAAOsC,GAAG,CAACnC,KAAK,CAAC,wCAA0CA,EAAAA,KAAAA,CAAAA;AAC3D,gBAAA,OAAOd,IAAI4B,mBAAmB,EAAA;AAChC;AACF;AACD,KAAA,CAAA;AAED,IAAA,MAAMsB,kBAAiBlD,GAAY,EAAA;AACjC,QAAA,MAAMmD,sCAA8BnD,CAAAA,GAAAA,CAAIG,OAAO,CAACkB,KAAK,CAAA;AAErD,QAAA,MAAM,EAAE+B,iBAAiB,EAAE,GAAGpD,GAAIG,CAAAA,OAAO,CAACkB,KAAK;AAE/C,QAAA,MAAM6B,gBAAmB,GAAA,MAAM1B,gBAAW,CAAA,MAAA,CAAA,CAAQ6B,oBAAoB,CAACD,iBAAAA,CAAAA;AAEvE,QAAA,IAAI,CAACF,gBAAkB,EAAA;AACrB,YAAA,MAAM,IAAItD,eAAgB,CAAA,2BAAA,CAAA;AAC5B;AAEAI,QAAAA,GAAAA,CAAII,IAAI,GAAG;YAAE4C,IAAME,EAAAA;AAAiB,SAAA;AACtC,KAAA;AAEA,IAAA,MAAMI,UAAStD,GAAY,EAAA;AACzB,QAAA,MAAMuD,KAAQvD,GAAAA,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAMoD,kCAA0BD,CAAAA,KAAAA,CAAAA;AAEhC,QAAA,MAAM9C,IAAO,GAAA,MAAMe,gBAAW,CAAA,MAAA,CAAA,CAAQ8B,QAAQ,CAACC,KAAAA,CAAAA;QAE/C,IAAI;AACF,YAAA,MAAM7B,cAAiBC,GAAAA,6BAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAgB,EAAA;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC;YACA,MAAMC,MAAAA,GAASC,MAAOrB,CAAAA,IAAAA,CAAKsB,EAAE,CAAA;YAC7B,MAAM,EAAEC,QAAQ,EAAEC,UAAU,EAAE,GAAGC,+BAAoBlC,CAAAA,GAAAA,CAAIG,OAAO,CAACC,IAAI,CAAA;AAErE,YAAA,MAAM,EAAE+B,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cACvD,CAAA,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAU,EAAA;AAAEO,gBAAAA,IAAAA,EAAMN,aAAa,SAAY,GAAA;AAAU,aAAA,CAAA;AAEpF,YAAA,MAAMO,aAAgBC,GAAAA,wCAAAA,CACpBR,UAAa,GAAA,SAAA,GAAY,SACzBI,EAAAA,iBAAAA,CAAAA;AAEFrC,YAAAA,GAAAA,CAAI0C,OAAO,CAACC,GAAG,CAACC,iCAAqBR,YAAcI,EAAAA,aAAAA,CAAAA;AAEnD,YAAA,MAAMK,YAAe,GAAA,MAAMnB,cAAe,CAAA,OAAA,CAAA,CAASoB,mBAAmB,CAACV,YAAAA,CAAAA;AACvE,YAAA,IAAI,WAAWS,YAAc,EAAA;AAC3B,gBAAA,OAAO7C,IAAI4B,mBAAmB,EAAA;AAChC;AAEA,YAAA,MAAM,EAAEO,KAAAA,EAAOY,WAAW,EAAE,GAAGF,YAAAA;AAE/B7C,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBACT4C,IAAM,EAAA;oBACJb,KAAOY,EAAAA,WAAAA;AACPA,oBAAAA,WAAAA;oBACAtC,IAAMe,EAAAA,gBAAAA,CAAW,MAAQC,CAAAA,CAAAA,YAAY,CAAChB,IAAAA;AACxC;AACF,aAAA;AACF,SAAA,CAAE,OAAOK,KAAO,EAAA;AACdH,YAAAA,MAAAA,CAAOsC,GAAG,CAACnC,KAAK,CAAC,wDAA0DA,EAAAA,KAAAA,CAAAA;AAC3E,YAAA,OAAOd,IAAI4B,mBAAmB,EAAA;AAChC;AACF,KAAA;AAEA,IAAA,MAAM6B,eAAczD,GAAY,EAAA;AAC9B,QAAA,MAAMuD,KAAQvD,GAAAA,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAMsD,uCAA+BH,CAAAA,KAAAA,CAAAA;AAErC,QAAA,MAAMI,QAAW,GAAA,MAAMnC,gBAAW,CAAA,MAAA,CAAA,CAAQoC,MAAM,EAAA;AAEhD,QAAA,IAAID,QAAU,EAAA;AACZ,YAAA,MAAM,IAAIhE,gBAAiB,CAAA,uCAAA,CAAA;AAC7B;AAEA,QAAA,MAAMkE,cAAiB,GAAA,MAAMrC,gBAAW,CAAA,MAAA,CAAA,CAAQsC,aAAa,EAAA;AAE7D,QAAA,IAAI,CAACD,cAAgB,EAAA;AACnB,YAAA,MAAM,IAAIlE,gBACR,CAAA,6EAAA,CAAA;AAEJ;AAEA,QAAA,MAAMc,IAAO,GAAA,MAAMe,gBAAW,CAAA,MAAA,CAAA,CAAQuC,MAAM,CAAC;AAC3C,YAAA,GAAGR,KAAK;YACRH,iBAAmB,EAAA,IAAA;YACnBY,QAAU,EAAA,IAAA;AACVC,YAAAA,KAAAA,EAAOJ,cAAiB,GAAA;AAACA,gBAAAA,cAAAA,CAAe9B;AAAG,aAAA,GAAG;AAChD,SAAA,CAAA;QAEApB,MAAOuD,CAAAA,SAAS,CAACC,IAAI,CAAC,qBAAA,CAAA;QAEtB,IAAI;AACF,YAAA,MAAMzC,cAAiBC,GAAAA,6BAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAgB,EAAA;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC;YACA,MAAMC,MAAAA,GAASC,MAAOrB,CAAAA,IAAAA,CAAKsB,EAAE,CAAA;YAC7B,MAAM,EAAEC,QAAQ,EAAEC,UAAU,EAAE,GAAGC,+BAAoBlC,CAAAA,GAAAA,CAAIG,OAAO,CAACC,IAAI,CAAA;AAErE,YAAA,MAAM,EAAE+B,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cACvD,CAAA,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAU,EAAA;AAAEO,gBAAAA,IAAAA,EAAMN,aAAa,SAAY,GAAA;AAAU,aAAA,CAAA;AAEpF,YAAA,MAAMO,aAAgBC,GAAAA,wCAAAA,CACpBR,UAAa,GAAA,SAAA,GAAY,SACzBI,EAAAA,iBAAAA,CAAAA;AAEFrC,YAAAA,GAAAA,CAAI0C,OAAO,CAACC,GAAG,CAACC,iCAAqBR,YAAcI,EAAAA,aAAAA,CAAAA;AAEnD,YAAA,MAAMK,YAAe,GAAA,MAAMnB,cAAe,CAAA,OAAA,CAAA,CAASoB,mBAAmB,CAACV,YAAAA,CAAAA;AACvE,YAAA,IAAI,WAAWS,YAAc,EAAA;AAC3B,gBAAA,OAAO7C,IAAI4B,mBAAmB,EAAA;AAChC;AAEA,YAAA,MAAM,EAAEO,KAAAA,EAAOY,WAAW,EAAE,GAAGF,YAAAA;AAE/B7C,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBACT4C,IAAM,EAAA;oBACJb,KAAOY,EAAAA,WAAAA;AACPA,oBAAAA,WAAAA;oBACAtC,IAAMe,EAAAA,gBAAAA,CAAW,MAAQC,CAAAA,CAAAA,YAAY,CAAChB,IAAAA;AACxC;AACF,aAAA;AACF,SAAA,CAAE,OAAOK,KAAO,EAAA;AACdH,YAAAA,MAAAA,CAAOsC,GAAG,CAACnC,KAAK,CAAC,8DAAgEA,EAAAA,KAAAA,CAAAA;AACjF,YAAA,OAAOd,IAAI4B,mBAAmB,EAAA;AAChC;AACF,KAAA;AAEA,IAAA,MAAMwC,gBAAepE,GAAY,EAAA;AAC/B,QAAA,MAAMuD,KAAQvD,GAAAA,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAMiE,cAA4Bd,CAAAA,KAAAA,CAAAA;QAElC/B,gBAAW,CAAA,MAAA,CAAA,CAAQ4C,cAAc,CAACb,KAAAA,CAAAA;AAElCvD,QAAAA,GAAAA,CAAIsE,MAAM,GAAG,GAAA;AACf,KAAA;AAEA,IAAA,MAAMC,eAAcvE,GAAY,EAAA;AAC9B,QAAA,MAAMuD,KAAQvD,GAAAA,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAMoE,aAA2BjB,CAAAA,KAAAA,CAAAA;AAEjC,QAAA,MAAM9C,IAAO,GAAA,MAAMe,gBAAW,CAAA,MAAA,CAAA,CAAQ+C,aAAa,CAAChB,KAAAA,CAAAA;;QAGpD,IAAI;AACF,YAAA,MAAM7B,cAAiBC,GAAAA,6BAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAgB,EAAA;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC;YAEA,MAAMC,MAAAA,GAASC,MAAOrB,CAAAA,IAAAA,CAAKsB,EAAE,CAAA;AAC7B,YAAA,MAAMC,QAAWyC,GAAAA,4BAAAA,EAAAA;;YAGjB,MAAM/C,cAAAA,CAAe,OAASgD,CAAAA,CAAAA,sBAAsB,CAAC7C,MAAAA,CAAAA;AAErD,YAAA,MAAM,EAAEM,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cACvD,CAAA,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAU,EAAA;gBAAEO,IAAM,EAAA;AAAU,aAAA,CAAA;;YAG3D,MAAMC,aAAAA,GAAgBC,yCAA6B,SAAWJ,EAAAA,iBAAAA,CAAAA;AAC9DrC,YAAAA,GAAAA,CAAI0C,OAAO,CAACC,GAAG,CAACC,iCAAqBR,YAAcI,EAAAA,aAAAA,CAAAA;AAEnD,YAAA,MAAMK,YAAe,GAAA,MAAMnB,cAAe,CAAA,OAAA,CAAA,CAASoB,mBAAmB,CAACV,YAAAA,CAAAA;AACvE,YAAA,IAAI,WAAWS,YAAc,EAAA;AAC3B,gBAAA,OAAO7C,IAAI4B,mBAAmB,EAAA;AAChC;YAEA,MAAM,EAAEO,KAAK,EAAE,GAAGU,YAAAA;AAElB7C,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBACT4C,IAAM,EAAA;AACJb,oBAAAA,KAAAA;oBACA1B,IAAMe,EAAAA,gBAAAA,CAAW,MAAQC,CAAAA,CAAAA,YAAY,CAAChB,IAAAA;AACxC;AACF,aAAA;AACF,SAAA,CAAE,OAAOD,GAAK,EAAA;AACZG,YAAAA,MAAAA,CAAOsC,GAAG,CAACnC,KAAK,CAAC,8DAAgEN,EAAAA,GAAAA,CAAAA;AACjF,YAAA,OAAOR,IAAI4B,mBAAmB,EAAA;AAChC;AACF,KAAA;AAEA,IAAA,MAAMmB,aAAY/C,GAAY,EAAA;AAC5B,QAAA,MAAMoC,YAAepC,GAAAA,GAAAA,CAAI0C,OAAO,CAACiC,GAAG,CAAC/B,+BAAAA,CAAAA;AAErC,QAAA,IAAI,CAACR,YAAc,EAAA;YACjB,OAAOpC,GAAAA,CAAI4E,YAAY,CAAC,uBAAA,CAAA;AAC1B;QAEA,IAAI;AACF,YAAA,MAAMlD,cAAiBC,GAAAA,6BAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAgB,EAAA;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC;;;AAIA,YAAA,MAAMiD,QAAW,GAAA,MAAMnD,cAAe,CAAA,OAAA,CAAA,CAASoD,kBAAkB,CAAC1C,YAAAA,CAAAA;AAClE,YAAA,IAAI,WAAWyC,QAAU,EAAA;gBACvB,OAAO7E,GAAAA,CAAI4E,YAAY,CAAC,uBAAA,CAAA;AAC1B;AAEA,YAAA,MAAMG,SAAS,MAAMrD,cAAAA,CAAe,SAASoB,mBAAmB,CAAC+B,SAAS1C,KAAK,CAAA;AAC/E,YAAA,IAAI,WAAW4C,MAAQ,EAAA;gBACrB,OAAO/E,GAAAA,CAAI4E,YAAY,CAAC,uBAAA,CAAA;AAC1B;YAEA,MAAM,EAAEzC,KAAK,EAAE,GAAG4C,MAAAA;;AAElB,YAAA,MAAMC,OAAOvC,wCAA6BoC,CAAAA,QAAAA,CAAStC,IAAI,EAAEsC,SAASxC,iBAAiB,CAAA;AAEnFrC,YAAAA,GAAAA,CAAI0C,OAAO,CAACC,GAAG,CAACC,+BAAqBiC,EAAAA,QAAAA,CAAS1C,KAAK,EAAE6C,IAAAA,CAAAA;AACrDhF,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBAAE4C,IAAM,EAAA;AAAEb,oBAAAA;AAAM;AAAE,aAAA;AAC/B,SAAA,CAAE,OAAO3B,GAAK,EAAA;AACZG,YAAAA,MAAAA,CAAOsC,GAAG,CAACnC,KAAK,CAAC,oDAAsDN,EAAAA,GAAAA,CAAAA;AACvE,YAAA,OAAOR,IAAI4B,mBAAmB,EAAA;AAChC;AACF,KAAA;AAEA,IAAA,MAAMqD,QAAOjF,GAAY,EAAA;QACvB,MAAMuB,aAAAA,GAAgBC,iBAAW,MAAQC,CAAAA,CAAAA,YAAY,CAACzB,GAAIsB,CAAAA,KAAK,CAACb,IAAI,CAAA;AACpEE,QAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,cAAgB,EAAA;YAAEJ,IAAMc,EAAAA;AAAc,SAAA,CAAA;AAE3D,QAAA,MAAM2D,YAAelF,GAAAA,GAAAA,CAAIG,OAAO,CAACC,IAAI,EAAE4B,QAAAA;AACvC,QAAA,MAAMA,QAAW,GAAA,OAAOkD,YAAiB,KAAA,QAAA,GAAWA,YAAeC,GAAAA,SAAAA;;AAGnEnF,QAAAA,GAAAA,CAAI0C,OAAO,CAACC,GAAG,CAACC,iCAAqB,EAAI,EAAA;AACvC,YAAA,GAAGwC,mCAAyB,EAAA;AAC5BC,YAAAA,OAAAA,EAAS,IAAIC,IAAK,CAAA,CAAA;AACpB,SAAA,CAAA;QAEA,IAAI;AACF,YAAA,MAAM5D,cAAiBC,GAAAA,6BAAAA,EAAAA;AACvB,YAAA,IAAID,cAAgB,EAAA;AAClB,gBAAA,MAAMG,SAASC,MAAO9B,CAAAA,GAAAA,CAAIsB,KAAK,CAACb,IAAI,CAACsB,EAAE,CAAA;AACvC,gBAAA,MAAML,cAAe,CAAA,OAAA,CAAA,CAASgD,sBAAsB,CAAC7C,MAAQG,EAAAA,QAAAA,CAAAA;AAC/D;AACF,SAAA,CAAE,OAAOxB,GAAK,EAAA;AACZG,YAAAA,MAAAA,CAAOsC,GAAG,CAACnC,KAAK,CAAC,+CAAiDN,EAAAA,GAAAA,CAAAA;AACpE;AAEAR,QAAAA,GAAAA,CAAII,IAAI,GAAG;AAAE4C,YAAAA,IAAAA,EAAM;AAAG,SAAA;AACxB;AACF,CAAE;;;;"}
1
+ {"version":3,"file":"authentication.js","sources":["../../../../../server/src/controllers/authentication.ts"],"sourcesContent":["import type { Context, Next } from 'koa';\nimport passport from 'koa-passport';\nimport compose from 'koa-compose';\nimport '@strapi/types';\nimport { errors } from '@strapi/utils';\nimport { getService } from '../utils';\nimport {\n REFRESH_COOKIE_NAME,\n buildCookieOptionsWithExpiry,\n getSessionManager,\n extractDeviceParams,\n generateDeviceId,\n getRefreshCookieOptions,\n} from '../../../shared/utils/session-auth';\n\nimport {\n validateRegistrationInput,\n validateAdminRegistrationInput,\n validateRegistrationInfoQuery,\n validateForgotPasswordInput,\n validateResetPasswordInput,\n validateLoginSessionInput,\n} from '../validation/authentication';\n\nimport type {\n ForgotPassword,\n Login,\n Register,\n RegistrationInfo,\n ResetPassword,\n} from '../../../shared/contracts/authentication';\nimport { AdminUser } from '../../../shared/contracts/shared';\n\nconst { ApplicationError, ValidationError } = errors;\n\nexport default {\n login: compose([\n async (ctx: Context, next: Next) => {\n await validateLoginSessionInput(ctx.request.body ?? {});\n return next();\n },\n (ctx: Context, next: Next) => {\n return passport.authenticate('local', { session: false }, (err, user, info) => {\n if (err) {\n strapi.eventHub.emit('admin.auth.error', { error: err, provider: 'local' });\n // if this is a recognized error, allow it to bubble up to user\n if (err.details?.code === 'LOGIN_NOT_ALLOWED') {\n throw err;\n }\n\n // for all other errors throw a generic error to prevent leaking info\n return ctx.notImplemented();\n }\n\n if (!user) {\n strapi.eventHub.emit('admin.auth.error', {\n error: new Error(info.message),\n provider: 'local',\n });\n throw new ApplicationError(info.message);\n }\n\n const query = ctx.state as Login.Request['query'];\n query.user = user;\n\n const sanitizedUser = getService('user').sanitizeUser(user);\n strapi.eventHub.emit('admin.auth.success', { user: sanitizedUser, provider: 'local' });\n\n return next();\n })(ctx, next);\n },\n async (ctx: Context) => {\n const { user } = ctx.state as { user: AdminUser };\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n const userId = String(user.id);\n const { deviceId, rememberMe } = extractDeviceParams(ctx.request.body);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, {\n type: rememberMe ? 'refresh' : 'session',\n });\n\n const cookieOptions = buildCookieOptionsWithExpiry(\n rememberMe ? 'refresh' : 'session',\n absoluteExpiresAt,\n ctx.request.secure\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token: accessToken } = accessResult;\n\n ctx.body = {\n data: {\n token: accessToken,\n accessToken,\n user: getService('user').sanitizeUser(ctx.state.user),\n },\n } satisfies Login.Response;\n } catch (error) {\n strapi.log.error('Failed to create admin refresh session', error);\n return ctx.internalServerError();\n }\n },\n ]),\n\n async registrationInfo(ctx: Context) {\n await validateRegistrationInfoQuery(ctx.request.query);\n\n const { registrationToken } = ctx.request.query as RegistrationInfo.Request['query'];\n\n const registrationInfo = await getService('user').findRegistrationInfo(registrationToken);\n\n if (!registrationInfo) {\n throw new ValidationError('Invalid registrationToken');\n }\n\n ctx.body = { data: registrationInfo } satisfies RegistrationInfo.Response;\n },\n\n async register(ctx: Context) {\n const input = ctx.request.body as Register.Request['body'];\n\n await validateRegistrationInput(input);\n\n const user = await getService('user').register(input);\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n const userId = String(user.id);\n const { deviceId, rememberMe } = extractDeviceParams(ctx.request.body);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, { type: rememberMe ? 'refresh' : 'session' });\n\n const cookieOptions = buildCookieOptionsWithExpiry(\n rememberMe ? 'refresh' : 'session',\n absoluteExpiresAt,\n ctx.request.secure\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token: accessToken } = accessResult;\n\n ctx.body = {\n data: {\n token: accessToken,\n accessToken,\n user: getService('user').sanitizeUser(user),\n },\n } satisfies Register.Response;\n } catch (error) {\n strapi.log.error('Failed to create admin refresh session during register', error);\n return ctx.internalServerError();\n }\n },\n\n async registerAdmin(ctx: Context) {\n const input = ctx.request.body as Register.Request['body'];\n\n await validateAdminRegistrationInput(input);\n\n const hasAdmin = await getService('user').exists();\n\n if (hasAdmin) {\n throw new ApplicationError('You cannot register a new super admin');\n }\n\n const superAdminRole = await getService('role').getSuperAdmin();\n\n if (!superAdminRole) {\n throw new ApplicationError(\n \"Cannot register the first admin because the super admin role doesn't exist.\"\n );\n }\n\n const user = await getService('user').create({\n ...input,\n registrationToken: null,\n isActive: true,\n roles: superAdminRole ? [superAdminRole.id] : [],\n });\n\n strapi.telemetry.send('didCreateFirstAdmin');\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n const userId = String(user.id);\n const { deviceId, rememberMe } = extractDeviceParams(ctx.request.body);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, { type: rememberMe ? 'refresh' : 'session' });\n\n const cookieOptions = buildCookieOptionsWithExpiry(\n rememberMe ? 'refresh' : 'session',\n absoluteExpiresAt,\n ctx.request.secure\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token: accessToken } = accessResult;\n\n ctx.body = {\n data: {\n token: accessToken,\n accessToken,\n user: getService('user').sanitizeUser(user),\n },\n };\n } catch (error) {\n strapi.log.error('Failed to create admin refresh session during register-admin', error);\n return ctx.internalServerError();\n }\n },\n\n async forgotPassword(ctx: Context) {\n const input = ctx.request.body as ForgotPassword.Request['body'];\n\n await validateForgotPasswordInput(input);\n\n getService('auth').forgotPassword(input);\n\n ctx.status = 204;\n },\n\n async resetPassword(ctx: Context) {\n const input = ctx.request.body as ResetPassword.Request['body'];\n\n await validateResetPasswordInput(input);\n\n const user = await getService('auth').resetPassword(input);\n\n // Issue a new admin refresh session and access token after password reset.\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n\n const userId = String(user.id);\n const deviceId = generateDeviceId();\n\n // Invalidate all existing sessions before creating a new one\n await sessionManager('admin').invalidateRefreshToken(userId);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, { type: 'session' });\n\n // No rememberMe flow here; expire with session by default (session cookie)\n const cookieOptions = buildCookieOptionsWithExpiry(\n 'session',\n absoluteExpiresAt,\n ctx.request.secure\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token } = accessResult;\n\n ctx.body = {\n data: {\n token,\n user: getService('user').sanitizeUser(user),\n },\n } satisfies ResetPassword.Response;\n } catch (err) {\n strapi.log.error('Failed to create admin refresh session during reset-password', err as any);\n return ctx.internalServerError();\n }\n },\n\n async accessToken(ctx: Context) {\n const refreshToken = ctx.cookies.get(REFRESH_COOKIE_NAME);\n\n if (!refreshToken) {\n return ctx.unauthorized('Missing refresh token');\n }\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n\n // Single-use renewal: rotate on access exchange, then create access token\n // from the new refresh token\n const rotation = await sessionManager('admin').rotateRefreshToken(refreshToken);\n if ('error' in rotation) {\n return ctx.unauthorized('Invalid refresh token');\n }\n\n const result = await sessionManager('admin').generateAccessToken(rotation.token);\n if ('error' in result) {\n return ctx.unauthorized('Invalid refresh token');\n }\n\n const { token } = result;\n // Preserve session-vs-remember mode using rotation.type and rotation.absoluteExpiresAt\n const opts = buildCookieOptionsWithExpiry(\n rotation.type,\n rotation.absoluteExpiresAt,\n ctx.request.secure\n );\n\n ctx.cookies.set(REFRESH_COOKIE_NAME, rotation.token, opts);\n ctx.body = { data: { token } };\n } catch (err) {\n strapi.log.error('Failed to generate access token from refresh token', err as any);\n return ctx.internalServerError();\n }\n },\n\n async logout(ctx: Context) {\n const sanitizedUser = getService('user').sanitizeUser(ctx.state.user);\n strapi.eventHub.emit('admin.logout', { user: sanitizedUser });\n\n const bodyDeviceId = ctx.request.body?.deviceId as string | undefined;\n const deviceId = typeof bodyDeviceId === 'string' ? bodyDeviceId : undefined;\n\n // Clear cookie regardless of token validity\n ctx.cookies.set(REFRESH_COOKIE_NAME, '', {\n ...getRefreshCookieOptions(ctx.request.secure),\n expires: new Date(0),\n });\n\n try {\n const sessionManager = getSessionManager();\n if (sessionManager) {\n const userId = String(ctx.state.user.id);\n await sessionManager('admin').invalidateRefreshToken(userId, deviceId);\n }\n } catch (err) {\n strapi.log.error('Failed to revoke admin sessions during logout', err as any);\n }\n\n ctx.body = { data: {} };\n },\n};\n"],"names":["ApplicationError","ValidationError","errors","login","compose","ctx","next","validateLoginSessionInput","request","body","passport","authenticate","session","err","user","info","strapi","eventHub","emit","error","provider","details","code","notImplemented","Error","message","query","state","sanitizedUser","getService","sanitizeUser","sessionManager","getSessionManager","internalServerError","userId","String","id","deviceId","rememberMe","extractDeviceParams","token","refreshToken","absoluteExpiresAt","generateRefreshToken","type","cookieOptions","buildCookieOptionsWithExpiry","secure","cookies","set","REFRESH_COOKIE_NAME","accessResult","generateAccessToken","accessToken","data","log","registrationInfo","validateRegistrationInfoQuery","registrationToken","findRegistrationInfo","register","input","validateRegistrationInput","registerAdmin","validateAdminRegistrationInput","hasAdmin","exists","superAdminRole","getSuperAdmin","create","isActive","roles","telemetry","send","forgotPassword","validateForgotPasswordInput","status","resetPassword","validateResetPasswordInput","generateDeviceId","invalidateRefreshToken","get","unauthorized","rotation","rotateRefreshToken","result","opts","logout","bodyDeviceId","undefined","getRefreshCookieOptions","expires","Date"],"mappings":";;;;;;;;;;;;;AAiCA,MAAM,EAAEA,gBAAgB,EAAEC,eAAe,EAAE,GAAGC,YAAAA;AAE9C,qBAAe;AACbC,IAAAA,KAAAA,EAAOC,OAAQ,CAAA;AACb,QAAA,OAAOC,GAAcC,EAAAA,IAAAA,GAAAA;AACnB,YAAA,MAAMC,MAA0BF,GAAIG,CAAAA,OAAO,CAACC,IAAI,IAAI,EAAC,CAAA;YACrD,OAAOH,IAAAA,EAAAA;AACT,SAAA;AACA,QAAA,CAACD,GAAcC,EAAAA,IAAAA,GAAAA;YACb,OAAOI,QAAAA,CAASC,YAAY,CAAC,OAAS,EAAA;gBAAEC,OAAS,EAAA;aAAS,EAAA,CAACC,KAAKC,IAAMC,EAAAA,IAAAA,GAAAA;AACpE,gBAAA,IAAIF,GAAK,EAAA;AACPG,oBAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;wBAAEC,KAAON,EAAAA,GAAAA;wBAAKO,QAAU,EAAA;AAAQ,qBAAA,CAAA;;AAEzE,oBAAA,IAAIP,GAAIQ,CAAAA,OAAO,EAAEC,IAAAA,KAAS,mBAAqB,EAAA;wBAC7C,MAAMT,GAAAA;AACR;;AAGA,oBAAA,OAAOR,IAAIkB,cAAc,EAAA;AAC3B;AAEA,gBAAA,IAAI,CAACT,IAAM,EAAA;AACTE,oBAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;wBACvCC,KAAO,EAAA,IAAIK,KAAMT,CAAAA,IAAAA,CAAKU,OAAO,CAAA;wBAC7BL,QAAU,EAAA;AACZ,qBAAA,CAAA;oBACA,MAAM,IAAIpB,gBAAiBe,CAAAA,IAAAA,CAAKU,OAAO,CAAA;AACzC;gBAEA,MAAMC,KAAAA,GAAQrB,IAAIsB,KAAK;AACvBD,gBAAAA,KAAAA,CAAMZ,IAAI,GAAGA,IAAAA;AAEb,gBAAA,MAAMc,aAAgBC,GAAAA,gBAAAA,CAAW,MAAQC,CAAAA,CAAAA,YAAY,CAAChB,IAAAA,CAAAA;AACtDE,gBAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,oBAAsB,EAAA;oBAAEJ,IAAMc,EAAAA,aAAAA;oBAAeR,QAAU,EAAA;AAAQ,iBAAA,CAAA;gBAEpF,OAAOd,IAAAA,EAAAA;AACT,aAAA,CAAA,CAAGD,GAAKC,EAAAA,IAAAA,CAAAA;AACV,SAAA;QACA,OAAOD,GAAAA,GAAAA;AACL,YAAA,MAAM,EAAES,IAAI,EAAE,GAAGT,IAAIsB,KAAK;YAE1B,IAAI;AACF,gBAAA,MAAMI,cAAiBC,GAAAA,6BAAAA,EAAAA;AACvB,gBAAA,IAAI,CAACD,cAAgB,EAAA;AACnB,oBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC;gBACA,MAAMC,MAAAA,GAASC,MAAOrB,CAAAA,IAAAA,CAAKsB,EAAE,CAAA;gBAC7B,MAAM,EAAEC,QAAQ,EAAEC,UAAU,EAAE,GAAGC,+BAAoBlC,CAAAA,GAAAA,CAAIG,OAAO,CAACC,IAAI,CAAA;AAErE,gBAAA,MAAM,EAAE+B,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cACvD,CAAA,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAU,EAAA;AACvCO,oBAAAA,IAAAA,EAAMN,aAAa,SAAY,GAAA;AACjC,iBAAA,CAAA;gBAEA,MAAMO,aAAAA,GAAgBC,yCACpBR,UAAa,GAAA,SAAA,GAAY,WACzBI,iBACArC,EAAAA,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAA;AAEpB1C,gBAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,iCAAqBT,YAAcI,EAAAA,aAAAA,CAAAA;AAEnD,gBAAA,MAAMM,YAAe,GAAA,MAAMpB,cAAe,CAAA,OAAA,CAAA,CAASqB,mBAAmB,CAACX,YAAAA,CAAAA;AACvE,gBAAA,IAAI,WAAWU,YAAc,EAAA;AAC3B,oBAAA,OAAO9C,IAAI4B,mBAAmB,EAAA;AAChC;AAEA,gBAAA,MAAM,EAAEO,KAAAA,EAAOa,WAAW,EAAE,GAAGF,YAAAA;AAE/B9C,gBAAAA,GAAAA,CAAII,IAAI,GAAG;oBACT6C,IAAM,EAAA;wBACJd,KAAOa,EAAAA,WAAAA;AACPA,wBAAAA,WAAAA;AACAvC,wBAAAA,IAAAA,EAAMe,iBAAW,MAAQC,CAAAA,CAAAA,YAAY,CAACzB,GAAIsB,CAAAA,KAAK,CAACb,IAAI;AACtD;AACF,iBAAA;AACF,aAAA,CAAE,OAAOK,KAAO,EAAA;AACdH,gBAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,wCAA0CA,EAAAA,KAAAA,CAAAA;AAC3D,gBAAA,OAAOd,IAAI4B,mBAAmB,EAAA;AAChC;AACF;AACD,KAAA,CAAA;AAED,IAAA,MAAMuB,kBAAiBnD,GAAY,EAAA;AACjC,QAAA,MAAMoD,sCAA8BpD,CAAAA,GAAAA,CAAIG,OAAO,CAACkB,KAAK,CAAA;AAErD,QAAA,MAAM,EAAEgC,iBAAiB,EAAE,GAAGrD,GAAIG,CAAAA,OAAO,CAACkB,KAAK;AAE/C,QAAA,MAAM8B,gBAAmB,GAAA,MAAM3B,gBAAW,CAAA,MAAA,CAAA,CAAQ8B,oBAAoB,CAACD,iBAAAA,CAAAA;AAEvE,QAAA,IAAI,CAACF,gBAAkB,EAAA;AACrB,YAAA,MAAM,IAAIvD,eAAgB,CAAA,2BAAA,CAAA;AAC5B;AAEAI,QAAAA,GAAAA,CAAII,IAAI,GAAG;YAAE6C,IAAME,EAAAA;AAAiB,SAAA;AACtC,KAAA;AAEA,IAAA,MAAMI,UAASvD,GAAY,EAAA;AACzB,QAAA,MAAMwD,KAAQxD,GAAAA,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAMqD,kCAA0BD,CAAAA,KAAAA,CAAAA;AAEhC,QAAA,MAAM/C,IAAO,GAAA,MAAMe,gBAAW,CAAA,MAAA,CAAA,CAAQ+B,QAAQ,CAACC,KAAAA,CAAAA;QAE/C,IAAI;AACF,YAAA,MAAM9B,cAAiBC,GAAAA,6BAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAgB,EAAA;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC;YACA,MAAMC,MAAAA,GAASC,MAAOrB,CAAAA,IAAAA,CAAKsB,EAAE,CAAA;YAC7B,MAAM,EAAEC,QAAQ,EAAEC,UAAU,EAAE,GAAGC,+BAAoBlC,CAAAA,GAAAA,CAAIG,OAAO,CAACC,IAAI,CAAA;AAErE,YAAA,MAAM,EAAE+B,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cACvD,CAAA,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAU,EAAA;AAAEO,gBAAAA,IAAAA,EAAMN,aAAa,SAAY,GAAA;AAAU,aAAA,CAAA;YAEpF,MAAMO,aAAAA,GAAgBC,yCACpBR,UAAa,GAAA,SAAA,GAAY,WACzBI,iBACArC,EAAAA,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAA;AAEpB1C,YAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,iCAAqBT,YAAcI,EAAAA,aAAAA,CAAAA;AAEnD,YAAA,MAAMM,YAAe,GAAA,MAAMpB,cAAe,CAAA,OAAA,CAAA,CAASqB,mBAAmB,CAACX,YAAAA,CAAAA;AACvE,YAAA,IAAI,WAAWU,YAAc,EAAA;AAC3B,gBAAA,OAAO9C,IAAI4B,mBAAmB,EAAA;AAChC;AAEA,YAAA,MAAM,EAAEO,KAAAA,EAAOa,WAAW,EAAE,GAAGF,YAAAA;AAE/B9C,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBACT6C,IAAM,EAAA;oBACJd,KAAOa,EAAAA,WAAAA;AACPA,oBAAAA,WAAAA;oBACAvC,IAAMe,EAAAA,gBAAAA,CAAW,MAAQC,CAAAA,CAAAA,YAAY,CAAChB,IAAAA;AACxC;AACF,aAAA;AACF,SAAA,CAAE,OAAOK,KAAO,EAAA;AACdH,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,wDAA0DA,EAAAA,KAAAA,CAAAA;AAC3E,YAAA,OAAOd,IAAI4B,mBAAmB,EAAA;AAChC;AACF,KAAA;AAEA,IAAA,MAAM8B,eAAc1D,GAAY,EAAA;AAC9B,QAAA,MAAMwD,KAAQxD,GAAAA,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAMuD,uCAA+BH,CAAAA,KAAAA,CAAAA;AAErC,QAAA,MAAMI,QAAW,GAAA,MAAMpC,gBAAW,CAAA,MAAA,CAAA,CAAQqC,MAAM,EAAA;AAEhD,QAAA,IAAID,QAAU,EAAA;AACZ,YAAA,MAAM,IAAIjE,gBAAiB,CAAA,uCAAA,CAAA;AAC7B;AAEA,QAAA,MAAMmE,cAAiB,GAAA,MAAMtC,gBAAW,CAAA,MAAA,CAAA,CAAQuC,aAAa,EAAA;AAE7D,QAAA,IAAI,CAACD,cAAgB,EAAA;AACnB,YAAA,MAAM,IAAInE,gBACR,CAAA,6EAAA,CAAA;AAEJ;AAEA,QAAA,MAAMc,IAAO,GAAA,MAAMe,gBAAW,CAAA,MAAA,CAAA,CAAQwC,MAAM,CAAC;AAC3C,YAAA,GAAGR,KAAK;YACRH,iBAAmB,EAAA,IAAA;YACnBY,QAAU,EAAA,IAAA;AACVC,YAAAA,KAAAA,EAAOJ,cAAiB,GAAA;AAACA,gBAAAA,cAAAA,CAAe/B;AAAG,aAAA,GAAG;AAChD,SAAA,CAAA;QAEApB,MAAOwD,CAAAA,SAAS,CAACC,IAAI,CAAC,qBAAA,CAAA;QAEtB,IAAI;AACF,YAAA,MAAM1C,cAAiBC,GAAAA,6BAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAgB,EAAA;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC;YACA,MAAMC,MAAAA,GAASC,MAAOrB,CAAAA,IAAAA,CAAKsB,EAAE,CAAA;YAC7B,MAAM,EAAEC,QAAQ,EAAEC,UAAU,EAAE,GAAGC,+BAAoBlC,CAAAA,GAAAA,CAAIG,OAAO,CAACC,IAAI,CAAA;AAErE,YAAA,MAAM,EAAE+B,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cACvD,CAAA,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAU,EAAA;AAAEO,gBAAAA,IAAAA,EAAMN,aAAa,SAAY,GAAA;AAAU,aAAA,CAAA;YAEpF,MAAMO,aAAAA,GAAgBC,yCACpBR,UAAa,GAAA,SAAA,GAAY,WACzBI,iBACArC,EAAAA,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAA;AAEpB1C,YAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,iCAAqBT,YAAcI,EAAAA,aAAAA,CAAAA;AAEnD,YAAA,MAAMM,YAAe,GAAA,MAAMpB,cAAe,CAAA,OAAA,CAAA,CAASqB,mBAAmB,CAACX,YAAAA,CAAAA;AACvE,YAAA,IAAI,WAAWU,YAAc,EAAA;AAC3B,gBAAA,OAAO9C,IAAI4B,mBAAmB,EAAA;AAChC;AAEA,YAAA,MAAM,EAAEO,KAAAA,EAAOa,WAAW,EAAE,GAAGF,YAAAA;AAE/B9C,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBACT6C,IAAM,EAAA;oBACJd,KAAOa,EAAAA,WAAAA;AACPA,oBAAAA,WAAAA;oBACAvC,IAAMe,EAAAA,gBAAAA,CAAW,MAAQC,CAAAA,CAAAA,YAAY,CAAChB,IAAAA;AACxC;AACF,aAAA;AACF,SAAA,CAAE,OAAOK,KAAO,EAAA;AACdH,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,8DAAgEA,EAAAA,KAAAA,CAAAA;AACjF,YAAA,OAAOd,IAAI4B,mBAAmB,EAAA;AAChC;AACF,KAAA;AAEA,IAAA,MAAMyC,gBAAerE,GAAY,EAAA;AAC/B,QAAA,MAAMwD,KAAQxD,GAAAA,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAMkE,cAA4Bd,CAAAA,KAAAA,CAAAA;QAElChC,gBAAW,CAAA,MAAA,CAAA,CAAQ6C,cAAc,CAACb,KAAAA,CAAAA;AAElCxD,QAAAA,GAAAA,CAAIuE,MAAM,GAAG,GAAA;AACf,KAAA;AAEA,IAAA,MAAMC,eAAcxE,GAAY,EAAA;AAC9B,QAAA,MAAMwD,KAAQxD,GAAAA,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAMqE,aAA2BjB,CAAAA,KAAAA,CAAAA;AAEjC,QAAA,MAAM/C,IAAO,GAAA,MAAMe,gBAAW,CAAA,MAAA,CAAA,CAAQgD,aAAa,CAAChB,KAAAA,CAAAA;;QAGpD,IAAI;AACF,YAAA,MAAM9B,cAAiBC,GAAAA,6BAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAgB,EAAA;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC;YAEA,MAAMC,MAAAA,GAASC,MAAOrB,CAAAA,IAAAA,CAAKsB,EAAE,CAAA;AAC7B,YAAA,MAAMC,QAAW0C,GAAAA,4BAAAA,EAAAA;;YAGjB,MAAMhD,cAAAA,CAAe,OAASiD,CAAAA,CAAAA,sBAAsB,CAAC9C,MAAAA,CAAAA;AAErD,YAAA,MAAM,EAAEM,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cACvD,CAAA,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAU,EAAA;gBAAEO,IAAM,EAAA;AAAU,aAAA,CAAA;;AAG3D,YAAA,MAAMC,gBAAgBC,wCACpB,CAAA,SAAA,EACAJ,mBACArC,GAAIG,CAAAA,OAAO,CAACuC,MAAM,CAAA;AAEpB1C,YAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,iCAAqBT,YAAcI,EAAAA,aAAAA,CAAAA;AAEnD,YAAA,MAAMM,YAAe,GAAA,MAAMpB,cAAe,CAAA,OAAA,CAAA,CAASqB,mBAAmB,CAACX,YAAAA,CAAAA;AACvE,YAAA,IAAI,WAAWU,YAAc,EAAA;AAC3B,gBAAA,OAAO9C,IAAI4B,mBAAmB,EAAA;AAChC;YAEA,MAAM,EAAEO,KAAK,EAAE,GAAGW,YAAAA;AAElB9C,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBACT6C,IAAM,EAAA;AACJd,oBAAAA,KAAAA;oBACA1B,IAAMe,EAAAA,gBAAAA,CAAW,MAAQC,CAAAA,CAAAA,YAAY,CAAChB,IAAAA;AACxC;AACF,aAAA;AACF,SAAA,CAAE,OAAOD,GAAK,EAAA;AACZG,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,8DAAgEN,EAAAA,GAAAA,CAAAA;AACjF,YAAA,OAAOR,IAAI4B,mBAAmB,EAAA;AAChC;AACF,KAAA;AAEA,IAAA,MAAMoB,aAAYhD,GAAY,EAAA;AAC5B,QAAA,MAAMoC,YAAepC,GAAAA,GAAAA,CAAI2C,OAAO,CAACiC,GAAG,CAAC/B,+BAAAA,CAAAA;AAErC,QAAA,IAAI,CAACT,YAAc,EAAA;YACjB,OAAOpC,GAAAA,CAAI6E,YAAY,CAAC,uBAAA,CAAA;AAC1B;QAEA,IAAI;AACF,YAAA,MAAMnD,cAAiBC,GAAAA,6BAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAgB,EAAA;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC;;;AAIA,YAAA,MAAMkD,QAAW,GAAA,MAAMpD,cAAe,CAAA,OAAA,CAAA,CAASqD,kBAAkB,CAAC3C,YAAAA,CAAAA;AAClE,YAAA,IAAI,WAAW0C,QAAU,EAAA;gBACvB,OAAO9E,GAAAA,CAAI6E,YAAY,CAAC,uBAAA,CAAA;AAC1B;AAEA,YAAA,MAAMG,SAAS,MAAMtD,cAAAA,CAAe,SAASqB,mBAAmB,CAAC+B,SAAS3C,KAAK,CAAA;AAC/E,YAAA,IAAI,WAAW6C,MAAQ,EAAA;gBACrB,OAAOhF,GAAAA,CAAI6E,YAAY,CAAC,uBAAA,CAAA;AAC1B;YAEA,MAAM,EAAE1C,KAAK,EAAE,GAAG6C,MAAAA;;YAElB,MAAMC,IAAAA,GAAOxC,wCACXqC,CAAAA,QAAAA,CAASvC,IAAI,EACbuC,QAASzC,CAAAA,iBAAiB,EAC1BrC,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAA;AAGpB1C,YAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,+BAAqBiC,EAAAA,QAAAA,CAAS3C,KAAK,EAAE8C,IAAAA,CAAAA;AACrDjF,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBAAE6C,IAAM,EAAA;AAAEd,oBAAAA;AAAM;AAAE,aAAA;AAC/B,SAAA,CAAE,OAAO3B,GAAK,EAAA;AACZG,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,oDAAsDN,EAAAA,GAAAA,CAAAA;AACvE,YAAA,OAAOR,IAAI4B,mBAAmB,EAAA;AAChC;AACF,KAAA;AAEA,IAAA,MAAMsD,QAAOlF,GAAY,EAAA;QACvB,MAAMuB,aAAAA,GAAgBC,iBAAW,MAAQC,CAAAA,CAAAA,YAAY,CAACzB,GAAIsB,CAAAA,KAAK,CAACb,IAAI,CAAA;AACpEE,QAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,cAAgB,EAAA;YAAEJ,IAAMc,EAAAA;AAAc,SAAA,CAAA;AAE3D,QAAA,MAAM4D,YAAenF,GAAAA,GAAAA,CAAIG,OAAO,CAACC,IAAI,EAAE4B,QAAAA;AACvC,QAAA,MAAMA,QAAW,GAAA,OAAOmD,YAAiB,KAAA,QAAA,GAAWA,YAAeC,GAAAA,SAAAA;;AAGnEpF,QAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,iCAAqB,EAAI,EAAA;AACvC,YAAA,GAAGwC,mCAAwBrF,CAAAA,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAC;AAC9C4C,YAAAA,OAAAA,EAAS,IAAIC,IAAK,CAAA,CAAA;AACpB,SAAA,CAAA;QAEA,IAAI;AACF,YAAA,MAAM7D,cAAiBC,GAAAA,6BAAAA,EAAAA;AACvB,YAAA,IAAID,cAAgB,EAAA;AAClB,gBAAA,MAAMG,SAASC,MAAO9B,CAAAA,GAAAA,CAAIsB,KAAK,CAACb,IAAI,CAACsB,EAAE,CAAA;AACvC,gBAAA,MAAML,cAAe,CAAA,OAAA,CAAA,CAASiD,sBAAsB,CAAC9C,MAAQG,EAAAA,QAAAA,CAAAA;AAC/D;AACF,SAAA,CAAE,OAAOxB,GAAK,EAAA;AACZG,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,+CAAiDN,EAAAA,GAAAA,CAAAA;AACpE;AAEAR,QAAAA,GAAAA,CAAII,IAAI,GAAG;AAAE6C,YAAAA,IAAAA,EAAM;AAAG,SAAA;AACxB;AACF,CAAE;;;;"}
package/dist/server/server/src/controllers/authentication.mjs CHANGED
@@ -61,7 +61,7 @@ var authentication = {
61
61
  const { token: refreshToken, absoluteExpiresAt } = await sessionManager('admin').generateRefreshToken(userId, deviceId, {
62
62
  type: rememberMe ? 'refresh' : 'session'
63
63
  });
64
- const cookieOptions = buildCookieOptionsWithExpiry(rememberMe ? 'refresh' : 'session', absoluteExpiresAt);
64
+ const cookieOptions = buildCookieOptionsWithExpiry(rememberMe ? 'refresh' : 'session', absoluteExpiresAt, ctx.request.secure);
65
65
  ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);
66
66
  const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);
67
67
  if ('error' in accessResult) {
@@ -106,7 +106,7 @@ var authentication = {
106
106
  const { token: refreshToken, absoluteExpiresAt } = await sessionManager('admin').generateRefreshToken(userId, deviceId, {
107
107
  type: rememberMe ? 'refresh' : 'session'
108
108
  });
109
- const cookieOptions = buildCookieOptionsWithExpiry(rememberMe ? 'refresh' : 'session', absoluteExpiresAt);
109
+ const cookieOptions = buildCookieOptionsWithExpiry(rememberMe ? 'refresh' : 'session', absoluteExpiresAt, ctx.request.secure);
110
110
  ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);
111
111
  const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);
112
112
  if ('error' in accessResult) {
@@ -155,7 +155,7 @@ var authentication = {
155
155
  const { token: refreshToken, absoluteExpiresAt } = await sessionManager('admin').generateRefreshToken(userId, deviceId, {
156
156
  type: rememberMe ? 'refresh' : 'session'
157
157
  });
158
- const cookieOptions = buildCookieOptionsWithExpiry(rememberMe ? 'refresh' : 'session', absoluteExpiresAt);
158
+ const cookieOptions = buildCookieOptionsWithExpiry(rememberMe ? 'refresh' : 'session', absoluteExpiresAt, ctx.request.secure);
159
159
  ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);
160
160
  const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);
161
161
  if ('error' in accessResult) {
@@ -198,7 +198,7 @@ var authentication = {
198
198
  type: 'session'
199
199
  });
200
200
  // No rememberMe flow here; expire with session by default (session cookie)
201
- const cookieOptions = buildCookieOptionsWithExpiry('session', absoluteExpiresAt);
201
+ const cookieOptions = buildCookieOptionsWithExpiry('session', absoluteExpiresAt, ctx.request.secure);
202
202
  ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);
203
203
  const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);
204
204
  if ('error' in accessResult) {
@@ -238,7 +238,7 @@ var authentication = {
238
238
  }
239
239
  const { token } = result;
240
240
  // Preserve session-vs-remember mode using rotation.type and rotation.absoluteExpiresAt
241
- const opts = buildCookieOptionsWithExpiry(rotation.type, rotation.absoluteExpiresAt);
241
+ const opts = buildCookieOptionsWithExpiry(rotation.type, rotation.absoluteExpiresAt, ctx.request.secure);
242
242
  ctx.cookies.set(REFRESH_COOKIE_NAME, rotation.token, opts);
243
243
  ctx.body = {
244
244
  data: {
@@ -259,7 +259,7 @@ var authentication = {
259
259
  const deviceId = typeof bodyDeviceId === 'string' ? bodyDeviceId : undefined;
260
260
  // Clear cookie regardless of token validity
261
261
  ctx.cookies.set(REFRESH_COOKIE_NAME, '', {
262
- ...getRefreshCookieOptions(),
262
+ ...getRefreshCookieOptions(ctx.request.secure),
263
263
  expires: new Date(0)
264
264
  });
265
265
  try {
package/dist/server/server/src/controllers/authentication.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"authentication.mjs","sources":["../../../../../server/src/controllers/authentication.ts"],"sourcesContent":["import type { Context, Next } from 'koa';\nimport passport from 'koa-passport';\nimport compose from 'koa-compose';\nimport '@strapi/types';\nimport { errors } from '@strapi/utils';\nimport { getService } from '../utils';\nimport {\n REFRESH_COOKIE_NAME,\n buildCookieOptionsWithExpiry,\n getSessionManager,\n extractDeviceParams,\n generateDeviceId,\n getRefreshCookieOptions,\n} from '../../../shared/utils/session-auth';\n\nimport {\n validateRegistrationInput,\n validateAdminRegistrationInput,\n validateRegistrationInfoQuery,\n validateForgotPasswordInput,\n validateResetPasswordInput,\n validateLoginSessionInput,\n} from '../validation/authentication';\n\nimport type {\n ForgotPassword,\n Login,\n Register,\n RegistrationInfo,\n ResetPassword,\n} from '../../../shared/contracts/authentication';\nimport { AdminUser } from '../../../shared/contracts/shared';\n\nconst { ApplicationError, ValidationError } = errors;\n\nexport default {\n login: compose([\n async (ctx: Context, next: Next) => {\n await validateLoginSessionInput(ctx.request.body ?? {});\n return next();\n },\n (ctx: Context, next: Next) => {\n return passport.authenticate('local', { session: false }, (err, user, info) => {\n if (err) {\n strapi.eventHub.emit('admin.auth.error', { error: err, provider: 'local' });\n // if this is a recognized error, allow it to bubble up to user\n if (err.details?.code === 'LOGIN_NOT_ALLOWED') {\n throw err;\n }\n\n // for all other errors throw a generic error to prevent leaking info\n return ctx.notImplemented();\n }\n\n if (!user) {\n strapi.eventHub.emit('admin.auth.error', {\n error: new Error(info.message),\n provider: 'local',\n });\n throw new ApplicationError(info.message);\n }\n\n const query = ctx.state as Login.Request['query'];\n query.user = user;\n\n const sanitizedUser = getService('user').sanitizeUser(user);\n strapi.eventHub.emit('admin.auth.success', { user: sanitizedUser, provider: 'local' });\n\n return next();\n })(ctx, next);\n },\n async (ctx: Context) => {\n const { user } = ctx.state as { user: AdminUser };\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n const userId = String(user.id);\n const { deviceId, rememberMe } = extractDeviceParams(ctx.request.body);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, {\n type: rememberMe ? 'refresh' : 'session',\n });\n\n const cookieOptions = buildCookieOptionsWithExpiry(\n rememberMe ? 'refresh' : 'session',\n absoluteExpiresAt\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token: accessToken } = accessResult;\n\n ctx.body = {\n data: {\n token: accessToken,\n accessToken,\n user: getService('user').sanitizeUser(ctx.state.user),\n },\n } satisfies Login.Response;\n } catch (error) {\n strapi.log.error('Failed to create admin refresh session', error);\n return ctx.internalServerError();\n }\n },\n ]),\n\n async registrationInfo(ctx: Context) {\n await validateRegistrationInfoQuery(ctx.request.query);\n\n const { registrationToken } = ctx.request.query as RegistrationInfo.Request['query'];\n\n const registrationInfo = await getService('user').findRegistrationInfo(registrationToken);\n\n if (!registrationInfo) {\n throw new ValidationError('Invalid registrationToken');\n }\n\n ctx.body = { data: registrationInfo } satisfies RegistrationInfo.Response;\n },\n\n async register(ctx: Context) {\n const input = ctx.request.body as Register.Request['body'];\n\n await validateRegistrationInput(input);\n\n const user = await getService('user').register(input);\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n const userId = String(user.id);\n const { deviceId, rememberMe } = extractDeviceParams(ctx.request.body);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, { type: rememberMe ? 'refresh' : 'session' });\n\n const cookieOptions = buildCookieOptionsWithExpiry(\n rememberMe ? 'refresh' : 'session',\n absoluteExpiresAt\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token: accessToken } = accessResult;\n\n ctx.body = {\n data: {\n token: accessToken,\n accessToken,\n user: getService('user').sanitizeUser(user),\n },\n } satisfies Register.Response;\n } catch (error) {\n strapi.log.error('Failed to create admin refresh session during register', error);\n return ctx.internalServerError();\n }\n },\n\n async registerAdmin(ctx: Context) {\n const input = ctx.request.body as Register.Request['body'];\n\n await validateAdminRegistrationInput(input);\n\n const hasAdmin = await getService('user').exists();\n\n if (hasAdmin) {\n throw new ApplicationError('You cannot register a new super admin');\n }\n\n const superAdminRole = await getService('role').getSuperAdmin();\n\n if (!superAdminRole) {\n throw new ApplicationError(\n \"Cannot register the first admin because the super admin role doesn't exist.\"\n );\n }\n\n const user = await getService('user').create({\n ...input,\n registrationToken: null,\n isActive: true,\n roles: superAdminRole ? [superAdminRole.id] : [],\n });\n\n strapi.telemetry.send('didCreateFirstAdmin');\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n const userId = String(user.id);\n const { deviceId, rememberMe } = extractDeviceParams(ctx.request.body);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, { type: rememberMe ? 'refresh' : 'session' });\n\n const cookieOptions = buildCookieOptionsWithExpiry(\n rememberMe ? 'refresh' : 'session',\n absoluteExpiresAt\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token: accessToken } = accessResult;\n\n ctx.body = {\n data: {\n token: accessToken,\n accessToken,\n user: getService('user').sanitizeUser(user),\n },\n };\n } catch (error) {\n strapi.log.error('Failed to create admin refresh session during register-admin', error);\n return ctx.internalServerError();\n }\n },\n\n async forgotPassword(ctx: Context) {\n const input = ctx.request.body as ForgotPassword.Request['body'];\n\n await validateForgotPasswordInput(input);\n\n getService('auth').forgotPassword(input);\n\n ctx.status = 204;\n },\n\n async resetPassword(ctx: Context) {\n const input = ctx.request.body as ResetPassword.Request['body'];\n\n await validateResetPasswordInput(input);\n\n const user = await getService('auth').resetPassword(input);\n\n // Issue a new admin refresh session and access token after password reset.\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n\n const userId = String(user.id);\n const deviceId = generateDeviceId();\n\n // Invalidate all existing sessions before creating a new one\n await sessionManager('admin').invalidateRefreshToken(userId);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, { type: 'session' });\n\n // No rememberMe flow here; expire with session by default (session cookie)\n const cookieOptions = buildCookieOptionsWithExpiry('session', absoluteExpiresAt);\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token } = accessResult;\n\n ctx.body = {\n data: {\n token,\n user: getService('user').sanitizeUser(user),\n },\n } satisfies ResetPassword.Response;\n } catch (err) {\n strapi.log.error('Failed to create admin refresh session during reset-password', err as any);\n return ctx.internalServerError();\n }\n },\n\n async accessToken(ctx: Context) {\n const refreshToken = ctx.cookies.get(REFRESH_COOKIE_NAME);\n\n if (!refreshToken) {\n return ctx.unauthorized('Missing refresh token');\n }\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n\n // Single-use renewal: rotate on access exchange, then create access token\n // from the new refresh token\n const rotation = await sessionManager('admin').rotateRefreshToken(refreshToken);\n if ('error' in rotation) {\n return ctx.unauthorized('Invalid refresh token');\n }\n\n const result = await sessionManager('admin').generateAccessToken(rotation.token);\n if ('error' in result) {\n return ctx.unauthorized('Invalid refresh token');\n }\n\n const { token } = result;\n // Preserve session-vs-remember mode using rotation.type and rotation.absoluteExpiresAt\n const opts = buildCookieOptionsWithExpiry(rotation.type, rotation.absoluteExpiresAt);\n\n ctx.cookies.set(REFRESH_COOKIE_NAME, rotation.token, opts);\n ctx.body = { data: { token } };\n } catch (err) {\n strapi.log.error('Failed to generate access token from refresh token', err as any);\n return ctx.internalServerError();\n }\n },\n\n async logout(ctx: Context) {\n const sanitizedUser = getService('user').sanitizeUser(ctx.state.user);\n strapi.eventHub.emit('admin.logout', { user: sanitizedUser });\n\n const bodyDeviceId = ctx.request.body?.deviceId as string | undefined;\n const deviceId = typeof bodyDeviceId === 'string' ? bodyDeviceId : undefined;\n\n // Clear cookie regardless of token validity\n ctx.cookies.set(REFRESH_COOKIE_NAME, '', {\n ...getRefreshCookieOptions(),\n expires: new Date(0),\n });\n\n try {\n const sessionManager = getSessionManager();\n if (sessionManager) {\n const userId = String(ctx.state.user.id);\n await sessionManager('admin').invalidateRefreshToken(userId, deviceId);\n }\n } catch (err) {\n strapi.log.error('Failed to revoke admin sessions during logout', err as any);\n }\n\n ctx.body = { data: {} };\n },\n};\n"],"names":["ApplicationError","ValidationError","errors","login","compose","ctx","next","validateLoginSessionInput","request","body","passport","authenticate","session","err","user","info","strapi","eventHub","emit","error","provider","details","code","notImplemented","Error","message","query","state","sanitizedUser","getService","sanitizeUser","sessionManager","getSessionManager","internalServerError","userId","String","id","deviceId","rememberMe","extractDeviceParams","token","refreshToken","absoluteExpiresAt","generateRefreshToken","type","cookieOptions","buildCookieOptionsWithExpiry","cookies","set","REFRESH_COOKIE_NAME","accessResult","generateAccessToken","accessToken","data","log","registrationInfo","validateRegistrationInfoQuery","registrationToken","findRegistrationInfo","register","input","validateRegistrationInput","registerAdmin","validateAdminRegistrationInput","hasAdmin","exists","superAdminRole","getSuperAdmin","create","isActive","roles","telemetry","send","forgotPassword","validateForgotPasswordInput","status","resetPassword","validateResetPasswordInput","generateDeviceId","invalidateRefreshToken","get","unauthorized","rotation","rotateRefreshToken","result","opts","logout","bodyDeviceId","undefined","getRefreshCookieOptions","expires","Date"],"mappings":";;;;;;;;;;;AAiCA,MAAM,EAAEA,gBAAgB,EAAEC,eAAe,EAAE,GAAGC,MAAAA;AAE9C,qBAAe;AACbC,IAAAA,KAAAA,EAAOC,OAAQ,CAAA;AACb,QAAA,OAAOC,GAAcC,EAAAA,IAAAA,GAAAA;AACnB,YAAA,MAAMC,0BAA0BF,GAAIG,CAAAA,OAAO,CAACC,IAAI,IAAI,EAAC,CAAA;YACrD,OAAOH,IAAAA,EAAAA;AACT,SAAA;AACA,QAAA,CAACD,GAAcC,EAAAA,IAAAA,GAAAA;YACb,OAAOI,QAAAA,CAASC,YAAY,CAAC,OAAS,EAAA;gBAAEC,OAAS,EAAA;aAAS,EAAA,CAACC,KAAKC,IAAMC,EAAAA,IAAAA,GAAAA;AACpE,gBAAA,IAAIF,GAAK,EAAA;AACPG,oBAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;wBAAEC,KAAON,EAAAA,GAAAA;wBAAKO,QAAU,EAAA;AAAQ,qBAAA,CAAA;;AAEzE,oBAAA,IAAIP,GAAIQ,CAAAA,OAAO,EAAEC,IAAAA,KAAS,mBAAqB,EAAA;wBAC7C,MAAMT,GAAAA;AACR;;AAGA,oBAAA,OAAOR,IAAIkB,cAAc,EAAA;AAC3B;AAEA,gBAAA,IAAI,CAACT,IAAM,EAAA;AACTE,oBAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;wBACvCC,KAAO,EAAA,IAAIK,KAAMT,CAAAA,IAAAA,CAAKU,OAAO,CAAA;wBAC7BL,QAAU,EAAA;AACZ,qBAAA,CAAA;oBACA,MAAM,IAAIpB,gBAAiBe,CAAAA,IAAAA,CAAKU,OAAO,CAAA;AACzC;gBAEA,MAAMC,KAAAA,GAAQrB,IAAIsB,KAAK;AACvBD,gBAAAA,KAAAA,CAAMZ,IAAI,GAAGA,IAAAA;AAEb,gBAAA,MAAMc,aAAgBC,GAAAA,UAAAA,CAAW,MAAQC,CAAAA,CAAAA,YAAY,CAAChB,IAAAA,CAAAA;AACtDE,gBAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,oBAAsB,EAAA;oBAAEJ,IAAMc,EAAAA,aAAAA;oBAAeR,QAAU,EAAA;AAAQ,iBAAA,CAAA;gBAEpF,OAAOd,IAAAA,EAAAA;AACT,aAAA,CAAA,CAAGD,GAAKC,EAAAA,IAAAA,CAAAA;AACV,SAAA;QACA,OAAOD,GAAAA,GAAAA;AACL,YAAA,MAAM,EAAES,IAAI,EAAE,GAAGT,IAAIsB,KAAK;YAE1B,IAAI;AACF,gBAAA,MAAMI,cAAiBC,GAAAA,iBAAAA,EAAAA;AACvB,gBAAA,IAAI,CAACD,cAAgB,EAAA;AACnB,oBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC;gBACA,MAAMC,MAAAA,GAASC,MAAOrB,CAAAA,IAAAA,CAAKsB,EAAE,CAAA;gBAC7B,MAAM,EAAEC,QAAQ,EAAEC,UAAU,EAAE,GAAGC,mBAAoBlC,CAAAA,GAAAA,CAAIG,OAAO,CAACC,IAAI,CAAA;AAErE,gBAAA,MAAM,EAAE+B,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cACvD,CAAA,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAU,EAAA;AACvCO,oBAAAA,IAAAA,EAAMN,aAAa,SAAY,GAAA;AACjC,iBAAA,CAAA;AAEA,gBAAA,MAAMO,aAAgBC,GAAAA,4BAAAA,CACpBR,UAAa,GAAA,SAAA,GAAY,SACzBI,EAAAA,iBAAAA,CAAAA;AAEFrC,gBAAAA,GAAAA,CAAI0C,OAAO,CAACC,GAAG,CAACC,qBAAqBR,YAAcI,EAAAA,aAAAA,CAAAA;AAEnD,gBAAA,MAAMK,YAAe,GAAA,MAAMnB,cAAe,CAAA,OAAA,CAAA,CAASoB,mBAAmB,CAACV,YAAAA,CAAAA;AACvE,gBAAA,IAAI,WAAWS,YAAc,EAAA;AAC3B,oBAAA,OAAO7C,IAAI4B,mBAAmB,EAAA;AAChC;AAEA,gBAAA,MAAM,EAAEO,KAAAA,EAAOY,WAAW,EAAE,GAAGF,YAAAA;AAE/B7C,gBAAAA,GAAAA,CAAII,IAAI,GAAG;oBACT4C,IAAM,EAAA;wBACJb,KAAOY,EAAAA,WAAAA;AACPA,wBAAAA,WAAAA;AACAtC,wBAAAA,IAAAA,EAAMe,WAAW,MAAQC,CAAAA,CAAAA,YAAY,CAACzB,GAAIsB,CAAAA,KAAK,CAACb,IAAI;AACtD;AACF,iBAAA;AACF,aAAA,CAAE,OAAOK,KAAO,EAAA;AACdH,gBAAAA,MAAAA,CAAOsC,GAAG,CAACnC,KAAK,CAAC,wCAA0CA,EAAAA,KAAAA,CAAAA;AAC3D,gBAAA,OAAOd,IAAI4B,mBAAmB,EAAA;AAChC;AACF;AACD,KAAA,CAAA;AAED,IAAA,MAAMsB,kBAAiBlD,GAAY,EAAA;AACjC,QAAA,MAAMmD,6BAA8BnD,CAAAA,GAAAA,CAAIG,OAAO,CAACkB,KAAK,CAAA;AAErD,QAAA,MAAM,EAAE+B,iBAAiB,EAAE,GAAGpD,GAAIG,CAAAA,OAAO,CAACkB,KAAK;AAE/C,QAAA,MAAM6B,gBAAmB,GAAA,MAAM1B,UAAW,CAAA,MAAA,CAAA,CAAQ6B,oBAAoB,CAACD,iBAAAA,CAAAA;AAEvE,QAAA,IAAI,CAACF,gBAAkB,EAAA;AACrB,YAAA,MAAM,IAAItD,eAAgB,CAAA,2BAAA,CAAA;AAC5B;AAEAI,QAAAA,GAAAA,CAAII,IAAI,GAAG;YAAE4C,IAAME,EAAAA;AAAiB,SAAA;AACtC,KAAA;AAEA,IAAA,MAAMI,UAAStD,GAAY,EAAA;AACzB,QAAA,MAAMuD,KAAQvD,GAAAA,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAMoD,yBAA0BD,CAAAA,KAAAA,CAAAA;AAEhC,QAAA,MAAM9C,IAAO,GAAA,MAAMe,UAAW,CAAA,MAAA,CAAA,CAAQ8B,QAAQ,CAACC,KAAAA,CAAAA;QAE/C,IAAI;AACF,YAAA,MAAM7B,cAAiBC,GAAAA,iBAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAgB,EAAA;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC;YACA,MAAMC,MAAAA,GAASC,MAAOrB,CAAAA,IAAAA,CAAKsB,EAAE,CAAA;YAC7B,MAAM,EAAEC,QAAQ,EAAEC,UAAU,EAAE,GAAGC,mBAAoBlC,CAAAA,GAAAA,CAAIG,OAAO,CAACC,IAAI,CAAA;AAErE,YAAA,MAAM,EAAE+B,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cACvD,CAAA,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAU,EAAA;AAAEO,gBAAAA,IAAAA,EAAMN,aAAa,SAAY,GAAA;AAAU,aAAA,CAAA;AAEpF,YAAA,MAAMO,aAAgBC,GAAAA,4BAAAA,CACpBR,UAAa,GAAA,SAAA,GAAY,SACzBI,EAAAA,iBAAAA,CAAAA;AAEFrC,YAAAA,GAAAA,CAAI0C,OAAO,CAACC,GAAG,CAACC,qBAAqBR,YAAcI,EAAAA,aAAAA,CAAAA;AAEnD,YAAA,MAAMK,YAAe,GAAA,MAAMnB,cAAe,CAAA,OAAA,CAAA,CAASoB,mBAAmB,CAACV,YAAAA,CAAAA;AACvE,YAAA,IAAI,WAAWS,YAAc,EAAA;AAC3B,gBAAA,OAAO7C,IAAI4B,mBAAmB,EAAA;AAChC;AAEA,YAAA,MAAM,EAAEO,KAAAA,EAAOY,WAAW,EAAE,GAAGF,YAAAA;AAE/B7C,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBACT4C,IAAM,EAAA;oBACJb,KAAOY,EAAAA,WAAAA;AACPA,oBAAAA,WAAAA;oBACAtC,IAAMe,EAAAA,UAAAA,CAAW,MAAQC,CAAAA,CAAAA,YAAY,CAAChB,IAAAA;AACxC;AACF,aAAA;AACF,SAAA,CAAE,OAAOK,KAAO,EAAA;AACdH,YAAAA,MAAAA,CAAOsC,GAAG,CAACnC,KAAK,CAAC,wDAA0DA,EAAAA,KAAAA,CAAAA;AAC3E,YAAA,OAAOd,IAAI4B,mBAAmB,EAAA;AAChC;AACF,KAAA;AAEA,IAAA,MAAM6B,eAAczD,GAAY,EAAA;AAC9B,QAAA,MAAMuD,KAAQvD,GAAAA,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAMsD,8BAA+BH,CAAAA,KAAAA,CAAAA;AAErC,QAAA,MAAMI,QAAW,GAAA,MAAMnC,UAAW,CAAA,MAAA,CAAA,CAAQoC,MAAM,EAAA;AAEhD,QAAA,IAAID,QAAU,EAAA;AACZ,YAAA,MAAM,IAAIhE,gBAAiB,CAAA,uCAAA,CAAA;AAC7B;AAEA,QAAA,MAAMkE,cAAiB,GAAA,MAAMrC,UAAW,CAAA,MAAA,CAAA,CAAQsC,aAAa,EAAA;AAE7D,QAAA,IAAI,CAACD,cAAgB,EAAA;AACnB,YAAA,MAAM,IAAIlE,gBACR,CAAA,6EAAA,CAAA;AAEJ;AAEA,QAAA,MAAMc,IAAO,GAAA,MAAMe,UAAW,CAAA,MAAA,CAAA,CAAQuC,MAAM,CAAC;AAC3C,YAAA,GAAGR,KAAK;YACRH,iBAAmB,EAAA,IAAA;YACnBY,QAAU,EAAA,IAAA;AACVC,YAAAA,KAAAA,EAAOJ,cAAiB,GAAA;AAACA,gBAAAA,cAAAA,CAAe9B;AAAG,aAAA,GAAG;AAChD,SAAA,CAAA;QAEApB,MAAOuD,CAAAA,SAAS,CAACC,IAAI,CAAC,qBAAA,CAAA;QAEtB,IAAI;AACF,YAAA,MAAMzC,cAAiBC,GAAAA,iBAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAgB,EAAA;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC;YACA,MAAMC,MAAAA,GAASC,MAAOrB,CAAAA,IAAAA,CAAKsB,EAAE,CAAA;YAC7B,MAAM,EAAEC,QAAQ,EAAEC,UAAU,EAAE,GAAGC,mBAAoBlC,CAAAA,GAAAA,CAAIG,OAAO,CAACC,IAAI,CAAA;AAErE,YAAA,MAAM,EAAE+B,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cACvD,CAAA,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAU,EAAA;AAAEO,gBAAAA,IAAAA,EAAMN,aAAa,SAAY,GAAA;AAAU,aAAA,CAAA;AAEpF,YAAA,MAAMO,aAAgBC,GAAAA,4BAAAA,CACpBR,UAAa,GAAA,SAAA,GAAY,SACzBI,EAAAA,iBAAAA,CAAAA;AAEFrC,YAAAA,GAAAA,CAAI0C,OAAO,CAACC,GAAG,CAACC,qBAAqBR,YAAcI,EAAAA,aAAAA,CAAAA;AAEnD,YAAA,MAAMK,YAAe,GAAA,MAAMnB,cAAe,CAAA,OAAA,CAAA,CAASoB,mBAAmB,CAACV,YAAAA,CAAAA;AACvE,YAAA,IAAI,WAAWS,YAAc,EAAA;AAC3B,gBAAA,OAAO7C,IAAI4B,mBAAmB,EAAA;AAChC;AAEA,YAAA,MAAM,EAAEO,KAAAA,EAAOY,WAAW,EAAE,GAAGF,YAAAA;AAE/B7C,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBACT4C,IAAM,EAAA;oBACJb,KAAOY,EAAAA,WAAAA;AACPA,oBAAAA,WAAAA;oBACAtC,IAAMe,EAAAA,UAAAA,CAAW,MAAQC,CAAAA,CAAAA,YAAY,CAAChB,IAAAA;AACxC;AACF,aAAA;AACF,SAAA,CAAE,OAAOK,KAAO,EAAA;AACdH,YAAAA,MAAAA,CAAOsC,GAAG,CAACnC,KAAK,CAAC,8DAAgEA,EAAAA,KAAAA,CAAAA;AACjF,YAAA,OAAOd,IAAI4B,mBAAmB,EAAA;AAChC;AACF,KAAA;AAEA,IAAA,MAAMwC,gBAAepE,GAAY,EAAA;AAC/B,QAAA,MAAMuD,KAAQvD,GAAAA,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAMiE,2BAA4Bd,CAAAA,KAAAA,CAAAA;QAElC/B,UAAW,CAAA,MAAA,CAAA,CAAQ4C,cAAc,CAACb,KAAAA,CAAAA;AAElCvD,QAAAA,GAAAA,CAAIsE,MAAM,GAAG,GAAA;AACf,KAAA;AAEA,IAAA,MAAMC,eAAcvE,GAAY,EAAA;AAC9B,QAAA,MAAMuD,KAAQvD,GAAAA,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAMoE,0BAA2BjB,CAAAA,KAAAA,CAAAA;AAEjC,QAAA,MAAM9C,IAAO,GAAA,MAAMe,UAAW,CAAA,MAAA,CAAA,CAAQ+C,aAAa,CAAChB,KAAAA,CAAAA;;QAGpD,IAAI;AACF,YAAA,MAAM7B,cAAiBC,GAAAA,iBAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAgB,EAAA;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC;YAEA,MAAMC,MAAAA,GAASC,MAAOrB,CAAAA,IAAAA,CAAKsB,EAAE,CAAA;AAC7B,YAAA,MAAMC,QAAWyC,GAAAA,gBAAAA,EAAAA;;YAGjB,MAAM/C,cAAAA,CAAe,OAASgD,CAAAA,CAAAA,sBAAsB,CAAC7C,MAAAA,CAAAA;AAErD,YAAA,MAAM,EAAEM,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cACvD,CAAA,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAU,EAAA;gBAAEO,IAAM,EAAA;AAAU,aAAA,CAAA;;YAG3D,MAAMC,aAAAA,GAAgBC,6BAA6B,SAAWJ,EAAAA,iBAAAA,CAAAA;AAC9DrC,YAAAA,GAAAA,CAAI0C,OAAO,CAACC,GAAG,CAACC,qBAAqBR,YAAcI,EAAAA,aAAAA,CAAAA;AAEnD,YAAA,MAAMK,YAAe,GAAA,MAAMnB,cAAe,CAAA,OAAA,CAAA,CAASoB,mBAAmB,CAACV,YAAAA,CAAAA;AACvE,YAAA,IAAI,WAAWS,YAAc,EAAA;AAC3B,gBAAA,OAAO7C,IAAI4B,mBAAmB,EAAA;AAChC;YAEA,MAAM,EAAEO,KAAK,EAAE,GAAGU,YAAAA;AAElB7C,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBACT4C,IAAM,EAAA;AACJb,oBAAAA,KAAAA;oBACA1B,IAAMe,EAAAA,UAAAA,CAAW,MAAQC,CAAAA,CAAAA,YAAY,CAAChB,IAAAA;AACxC;AACF,aAAA;AACF,SAAA,CAAE,OAAOD,GAAK,EAAA;AACZG,YAAAA,MAAAA,CAAOsC,GAAG,CAACnC,KAAK,CAAC,8DAAgEN,EAAAA,GAAAA,CAAAA;AACjF,YAAA,OAAOR,IAAI4B,mBAAmB,EAAA;AAChC;AACF,KAAA;AAEA,IAAA,MAAMmB,aAAY/C,GAAY,EAAA;AAC5B,QAAA,MAAMoC,YAAepC,GAAAA,GAAAA,CAAI0C,OAAO,CAACiC,GAAG,CAAC/B,mBAAAA,CAAAA;AAErC,QAAA,IAAI,CAACR,YAAc,EAAA;YACjB,OAAOpC,GAAAA,CAAI4E,YAAY,CAAC,uBAAA,CAAA;AAC1B;QAEA,IAAI;AACF,YAAA,MAAMlD,cAAiBC,GAAAA,iBAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAgB,EAAA;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC;;;AAIA,YAAA,MAAMiD,QAAW,GAAA,MAAMnD,cAAe,CAAA,OAAA,CAAA,CAASoD,kBAAkB,CAAC1C,YAAAA,CAAAA;AAClE,YAAA,IAAI,WAAWyC,QAAU,EAAA;gBACvB,OAAO7E,GAAAA,CAAI4E,YAAY,CAAC,uBAAA,CAAA;AAC1B;AAEA,YAAA,MAAMG,SAAS,MAAMrD,cAAAA,CAAe,SAASoB,mBAAmB,CAAC+B,SAAS1C,KAAK,CAAA;AAC/E,YAAA,IAAI,WAAW4C,MAAQ,EAAA;gBACrB,OAAO/E,GAAAA,CAAI4E,YAAY,CAAC,uBAAA,CAAA;AAC1B;YAEA,MAAM,EAAEzC,KAAK,EAAE,GAAG4C,MAAAA;;AAElB,YAAA,MAAMC,OAAOvC,4BAA6BoC,CAAAA,QAAAA,CAAStC,IAAI,EAAEsC,SAASxC,iBAAiB,CAAA;AAEnFrC,YAAAA,GAAAA,CAAI0C,OAAO,CAACC,GAAG,CAACC,mBAAqBiC,EAAAA,QAAAA,CAAS1C,KAAK,EAAE6C,IAAAA,CAAAA;AACrDhF,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBAAE4C,IAAM,EAAA;AAAEb,oBAAAA;AAAM;AAAE,aAAA;AAC/B,SAAA,CAAE,OAAO3B,GAAK,EAAA;AACZG,YAAAA,MAAAA,CAAOsC,GAAG,CAACnC,KAAK,CAAC,oDAAsDN,EAAAA,GAAAA,CAAAA;AACvE,YAAA,OAAOR,IAAI4B,mBAAmB,EAAA;AAChC;AACF,KAAA;AAEA,IAAA,MAAMqD,QAAOjF,GAAY,EAAA;QACvB,MAAMuB,aAAAA,GAAgBC,WAAW,MAAQC,CAAAA,CAAAA,YAAY,CAACzB,GAAIsB,CAAAA,KAAK,CAACb,IAAI,CAAA;AACpEE,QAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,cAAgB,EAAA;YAAEJ,IAAMc,EAAAA;AAAc,SAAA,CAAA;AAE3D,QAAA,MAAM2D,YAAelF,GAAAA,GAAAA,CAAIG,OAAO,CAACC,IAAI,EAAE4B,QAAAA;AACvC,QAAA,MAAMA,QAAW,GAAA,OAAOkD,YAAiB,KAAA,QAAA,GAAWA,YAAeC,GAAAA,SAAAA;;AAGnEnF,QAAAA,GAAAA,CAAI0C,OAAO,CAACC,GAAG,CAACC,qBAAqB,EAAI,EAAA;AACvC,YAAA,GAAGwC,uBAAyB,EAAA;AAC5BC,YAAAA,OAAAA,EAAS,IAAIC,IAAK,CAAA,CAAA;AACpB,SAAA,CAAA;QAEA,IAAI;AACF,YAAA,MAAM5D,cAAiBC,GAAAA,iBAAAA,EAAAA;AACvB,YAAA,IAAID,cAAgB,EAAA;AAClB,gBAAA,MAAMG,SAASC,MAAO9B,CAAAA,GAAAA,CAAIsB,KAAK,CAACb,IAAI,CAACsB,EAAE,CAAA;AACvC,gBAAA,MAAML,cAAe,CAAA,OAAA,CAAA,CAASgD,sBAAsB,CAAC7C,MAAQG,EAAAA,QAAAA,CAAAA;AAC/D;AACF,SAAA,CAAE,OAAOxB,GAAK,EAAA;AACZG,YAAAA,MAAAA,CAAOsC,GAAG,CAACnC,KAAK,CAAC,+CAAiDN,EAAAA,GAAAA,CAAAA;AACpE;AAEAR,QAAAA,GAAAA,CAAII,IAAI,GAAG;AAAE4C,YAAAA,IAAAA,EAAM;AAAG,SAAA;AACxB;AACF,CAAE;;;;"}
1
+ {"version":3,"file":"authentication.mjs","sources":["../../../../../server/src/controllers/authentication.ts"],"sourcesContent":["import type { Context, Next } from 'koa';\nimport passport from 'koa-passport';\nimport compose from 'koa-compose';\nimport '@strapi/types';\nimport { errors } from '@strapi/utils';\nimport { getService } from '../utils';\nimport {\n REFRESH_COOKIE_NAME,\n buildCookieOptionsWithExpiry,\n getSessionManager,\n extractDeviceParams,\n generateDeviceId,\n getRefreshCookieOptions,\n} from '../../../shared/utils/session-auth';\n\nimport {\n validateRegistrationInput,\n validateAdminRegistrationInput,\n validateRegistrationInfoQuery,\n validateForgotPasswordInput,\n validateResetPasswordInput,\n validateLoginSessionInput,\n} from '../validation/authentication';\n\nimport type {\n ForgotPassword,\n Login,\n Register,\n RegistrationInfo,\n ResetPassword,\n} from '../../../shared/contracts/authentication';\nimport { AdminUser } from '../../../shared/contracts/shared';\n\nconst { ApplicationError, ValidationError } = errors;\n\nexport default {\n login: compose([\n async (ctx: Context, next: Next) => {\n await validateLoginSessionInput(ctx.request.body ?? {});\n return next();\n },\n (ctx: Context, next: Next) => {\n return passport.authenticate('local', { session: false }, (err, user, info) => {\n if (err) {\n strapi.eventHub.emit('admin.auth.error', { error: err, provider: 'local' });\n // if this is a recognized error, allow it to bubble up to user\n if (err.details?.code === 'LOGIN_NOT_ALLOWED') {\n throw err;\n }\n\n // for all other errors throw a generic error to prevent leaking info\n return ctx.notImplemented();\n }\n\n if (!user) {\n strapi.eventHub.emit('admin.auth.error', {\n error: new Error(info.message),\n provider: 'local',\n });\n throw new ApplicationError(info.message);\n }\n\n const query = ctx.state as Login.Request['query'];\n query.user = user;\n\n const sanitizedUser = getService('user').sanitizeUser(user);\n strapi.eventHub.emit('admin.auth.success', { user: sanitizedUser, provider: 'local' });\n\n return next();\n })(ctx, next);\n },\n async (ctx: Context) => {\n const { user } = ctx.state as { user: AdminUser };\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n const userId = String(user.id);\n const { deviceId, rememberMe } = extractDeviceParams(ctx.request.body);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, {\n type: rememberMe ? 'refresh' : 'session',\n });\n\n const cookieOptions = buildCookieOptionsWithExpiry(\n rememberMe ? 'refresh' : 'session',\n absoluteExpiresAt,\n ctx.request.secure\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token: accessToken } = accessResult;\n\n ctx.body = {\n data: {\n token: accessToken,\n accessToken,\n user: getService('user').sanitizeUser(ctx.state.user),\n },\n } satisfies Login.Response;\n } catch (error) {\n strapi.log.error('Failed to create admin refresh session', error);\n return ctx.internalServerError();\n }\n },\n ]),\n\n async registrationInfo(ctx: Context) {\n await validateRegistrationInfoQuery(ctx.request.query);\n\n const { registrationToken } = ctx.request.query as RegistrationInfo.Request['query'];\n\n const registrationInfo = await getService('user').findRegistrationInfo(registrationToken);\n\n if (!registrationInfo) {\n throw new ValidationError('Invalid registrationToken');\n }\n\n ctx.body = { data: registrationInfo } satisfies RegistrationInfo.Response;\n },\n\n async register(ctx: Context) {\n const input = ctx.request.body as Register.Request['body'];\n\n await validateRegistrationInput(input);\n\n const user = await getService('user').register(input);\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n const userId = String(user.id);\n const { deviceId, rememberMe } = extractDeviceParams(ctx.request.body);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, { type: rememberMe ? 'refresh' : 'session' });\n\n const cookieOptions = buildCookieOptionsWithExpiry(\n rememberMe ? 'refresh' : 'session',\n absoluteExpiresAt,\n ctx.request.secure\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token: accessToken } = accessResult;\n\n ctx.body = {\n data: {\n token: accessToken,\n accessToken,\n user: getService('user').sanitizeUser(user),\n },\n } satisfies Register.Response;\n } catch (error) {\n strapi.log.error('Failed to create admin refresh session during register', error);\n return ctx.internalServerError();\n }\n },\n\n async registerAdmin(ctx: Context) {\n const input = ctx.request.body as Register.Request['body'];\n\n await validateAdminRegistrationInput(input);\n\n const hasAdmin = await getService('user').exists();\n\n if (hasAdmin) {\n throw new ApplicationError('You cannot register a new super admin');\n }\n\n const superAdminRole = await getService('role').getSuperAdmin();\n\n if (!superAdminRole) {\n throw new ApplicationError(\n \"Cannot register the first admin because the super admin role doesn't exist.\"\n );\n }\n\n const user = await getService('user').create({\n ...input,\n registrationToken: null,\n isActive: true,\n roles: superAdminRole ? [superAdminRole.id] : [],\n });\n\n strapi.telemetry.send('didCreateFirstAdmin');\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n const userId = String(user.id);\n const { deviceId, rememberMe } = extractDeviceParams(ctx.request.body);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, { type: rememberMe ? 'refresh' : 'session' });\n\n const cookieOptions = buildCookieOptionsWithExpiry(\n rememberMe ? 'refresh' : 'session',\n absoluteExpiresAt,\n ctx.request.secure\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token: accessToken } = accessResult;\n\n ctx.body = {\n data: {\n token: accessToken,\n accessToken,\n user: getService('user').sanitizeUser(user),\n },\n };\n } catch (error) {\n strapi.log.error('Failed to create admin refresh session during register-admin', error);\n return ctx.internalServerError();\n }\n },\n\n async forgotPassword(ctx: Context) {\n const input = ctx.request.body as ForgotPassword.Request['body'];\n\n await validateForgotPasswordInput(input);\n\n getService('auth').forgotPassword(input);\n\n ctx.status = 204;\n },\n\n async resetPassword(ctx: Context) {\n const input = ctx.request.body as ResetPassword.Request['body'];\n\n await validateResetPasswordInput(input);\n\n const user = await getService('auth').resetPassword(input);\n\n // Issue a new admin refresh session and access token after password reset.\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n\n const userId = String(user.id);\n const deviceId = generateDeviceId();\n\n // Invalidate all existing sessions before creating a new one\n await sessionManager('admin').invalidateRefreshToken(userId);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, { type: 'session' });\n\n // No rememberMe flow here; expire with session by default (session cookie)\n const cookieOptions = buildCookieOptionsWithExpiry(\n 'session',\n absoluteExpiresAt,\n ctx.request.secure\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token } = accessResult;\n\n ctx.body = {\n data: {\n token,\n user: getService('user').sanitizeUser(user),\n },\n } satisfies ResetPassword.Response;\n } catch (err) {\n strapi.log.error('Failed to create admin refresh session during reset-password', err as any);\n return ctx.internalServerError();\n }\n },\n\n async accessToken(ctx: Context) {\n const refreshToken = ctx.cookies.get(REFRESH_COOKIE_NAME);\n\n if (!refreshToken) {\n return ctx.unauthorized('Missing refresh token');\n }\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n\n // Single-use renewal: rotate on access exchange, then create access token\n // from the new refresh token\n const rotation = await sessionManager('admin').rotateRefreshToken(refreshToken);\n if ('error' in rotation) {\n return ctx.unauthorized('Invalid refresh token');\n }\n\n const result = await sessionManager('admin').generateAccessToken(rotation.token);\n if ('error' in result) {\n return ctx.unauthorized('Invalid refresh token');\n }\n\n const { token } = result;\n // Preserve session-vs-remember mode using rotation.type and rotation.absoluteExpiresAt\n const opts = buildCookieOptionsWithExpiry(\n rotation.type,\n rotation.absoluteExpiresAt,\n ctx.request.secure\n );\n\n ctx.cookies.set(REFRESH_COOKIE_NAME, rotation.token, opts);\n ctx.body = { data: { token } };\n } catch (err) {\n strapi.log.error('Failed to generate access token from refresh token', err as any);\n return ctx.internalServerError();\n }\n },\n\n async logout(ctx: Context) {\n const sanitizedUser = getService('user').sanitizeUser(ctx.state.user);\n strapi.eventHub.emit('admin.logout', { user: sanitizedUser });\n\n const bodyDeviceId = ctx.request.body?.deviceId as string | undefined;\n const deviceId = typeof bodyDeviceId === 'string' ? bodyDeviceId : undefined;\n\n // Clear cookie regardless of token validity\n ctx.cookies.set(REFRESH_COOKIE_NAME, '', {\n ...getRefreshCookieOptions(ctx.request.secure),\n expires: new Date(0),\n });\n\n try {\n const sessionManager = getSessionManager();\n if (sessionManager) {\n const userId = String(ctx.state.user.id);\n await sessionManager('admin').invalidateRefreshToken(userId, deviceId);\n }\n } catch (err) {\n strapi.log.error('Failed to revoke admin sessions during logout', err as any);\n }\n\n ctx.body = { data: {} };\n },\n};\n"],"names":["ApplicationError","ValidationError","errors","login","compose","ctx","next","validateLoginSessionInput","request","body","passport","authenticate","session","err","user","info","strapi","eventHub","emit","error","provider","details","code","notImplemented","Error","message","query","state","sanitizedUser","getService","sanitizeUser","sessionManager","getSessionManager","internalServerError","userId","String","id","deviceId","rememberMe","extractDeviceParams","token","refreshToken","absoluteExpiresAt","generateRefreshToken","type","cookieOptions","buildCookieOptionsWithExpiry","secure","cookies","set","REFRESH_COOKIE_NAME","accessResult","generateAccessToken","accessToken","data","log","registrationInfo","validateRegistrationInfoQuery","registrationToken","findRegistrationInfo","register","input","validateRegistrationInput","registerAdmin","validateAdminRegistrationInput","hasAdmin","exists","superAdminRole","getSuperAdmin","create","isActive","roles","telemetry","send","forgotPassword","validateForgotPasswordInput","status","resetPassword","validateResetPasswordInput","generateDeviceId","invalidateRefreshToken","get","unauthorized","rotation","rotateRefreshToken","result","opts","logout","bodyDeviceId","undefined","getRefreshCookieOptions","expires","Date"],"mappings":";;;;;;;;;;;AAiCA,MAAM,EAAEA,gBAAgB,EAAEC,eAAe,EAAE,GAAGC,MAAAA;AAE9C,qBAAe;AACbC,IAAAA,KAAAA,EAAOC,OAAQ,CAAA;AACb,QAAA,OAAOC,GAAcC,EAAAA,IAAAA,GAAAA;AACnB,YAAA,MAAMC,0BAA0BF,GAAIG,CAAAA,OAAO,CAACC,IAAI,IAAI,EAAC,CAAA;YACrD,OAAOH,IAAAA,EAAAA;AACT,SAAA;AACA,QAAA,CAACD,GAAcC,EAAAA,IAAAA,GAAAA;YACb,OAAOI,QAAAA,CAASC,YAAY,CAAC,OAAS,EAAA;gBAAEC,OAAS,EAAA;aAAS,EAAA,CAACC,KAAKC,IAAMC,EAAAA,IAAAA,GAAAA;AACpE,gBAAA,IAAIF,GAAK,EAAA;AACPG,oBAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;wBAAEC,KAAON,EAAAA,GAAAA;wBAAKO,QAAU,EAAA;AAAQ,qBAAA,CAAA;;AAEzE,oBAAA,IAAIP,GAAIQ,CAAAA,OAAO,EAAEC,IAAAA,KAAS,mBAAqB,EAAA;wBAC7C,MAAMT,GAAAA;AACR;;AAGA,oBAAA,OAAOR,IAAIkB,cAAc,EAAA;AAC3B;AAEA,gBAAA,IAAI,CAACT,IAAM,EAAA;AACTE,oBAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;wBACvCC,KAAO,EAAA,IAAIK,KAAMT,CAAAA,IAAAA,CAAKU,OAAO,CAAA;wBAC7BL,QAAU,EAAA;AACZ,qBAAA,CAAA;oBACA,MAAM,IAAIpB,gBAAiBe,CAAAA,IAAAA,CAAKU,OAAO,CAAA;AACzC;gBAEA,MAAMC,KAAAA,GAAQrB,IAAIsB,KAAK;AACvBD,gBAAAA,KAAAA,CAAMZ,IAAI,GAAGA,IAAAA;AAEb,gBAAA,MAAMc,aAAgBC,GAAAA,UAAAA,CAAW,MAAQC,CAAAA,CAAAA,YAAY,CAAChB,IAAAA,CAAAA;AACtDE,gBAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,oBAAsB,EAAA;oBAAEJ,IAAMc,EAAAA,aAAAA;oBAAeR,QAAU,EAAA;AAAQ,iBAAA,CAAA;gBAEpF,OAAOd,IAAAA,EAAAA;AACT,aAAA,CAAA,CAAGD,GAAKC,EAAAA,IAAAA,CAAAA;AACV,SAAA;QACA,OAAOD,GAAAA,GAAAA;AACL,YAAA,MAAM,EAAES,IAAI,EAAE,GAAGT,IAAIsB,KAAK;YAE1B,IAAI;AACF,gBAAA,MAAMI,cAAiBC,GAAAA,iBAAAA,EAAAA;AACvB,gBAAA,IAAI,CAACD,cAAgB,EAAA;AACnB,oBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC;gBACA,MAAMC,MAAAA,GAASC,MAAOrB,CAAAA,IAAAA,CAAKsB,EAAE,CAAA;gBAC7B,MAAM,EAAEC,QAAQ,EAAEC,UAAU,EAAE,GAAGC,mBAAoBlC,CAAAA,GAAAA,CAAIG,OAAO,CAACC,IAAI,CAAA;AAErE,gBAAA,MAAM,EAAE+B,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cACvD,CAAA,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAU,EAAA;AACvCO,oBAAAA,IAAAA,EAAMN,aAAa,SAAY,GAAA;AACjC,iBAAA,CAAA;gBAEA,MAAMO,aAAAA,GAAgBC,6BACpBR,UAAa,GAAA,SAAA,GAAY,WACzBI,iBACArC,EAAAA,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAA;AAEpB1C,gBAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,qBAAqBT,YAAcI,EAAAA,aAAAA,CAAAA;AAEnD,gBAAA,MAAMM,YAAe,GAAA,MAAMpB,cAAe,CAAA,OAAA,CAAA,CAASqB,mBAAmB,CAACX,YAAAA,CAAAA;AACvE,gBAAA,IAAI,WAAWU,YAAc,EAAA;AAC3B,oBAAA,OAAO9C,IAAI4B,mBAAmB,EAAA;AAChC;AAEA,gBAAA,MAAM,EAAEO,KAAAA,EAAOa,WAAW,EAAE,GAAGF,YAAAA;AAE/B9C,gBAAAA,GAAAA,CAAII,IAAI,GAAG;oBACT6C,IAAM,EAAA;wBACJd,KAAOa,EAAAA,WAAAA;AACPA,wBAAAA,WAAAA;AACAvC,wBAAAA,IAAAA,EAAMe,WAAW,MAAQC,CAAAA,CAAAA,YAAY,CAACzB,GAAIsB,CAAAA,KAAK,CAACb,IAAI;AACtD;AACF,iBAAA;AACF,aAAA,CAAE,OAAOK,KAAO,EAAA;AACdH,gBAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,wCAA0CA,EAAAA,KAAAA,CAAAA;AAC3D,gBAAA,OAAOd,IAAI4B,mBAAmB,EAAA;AAChC;AACF;AACD,KAAA,CAAA;AAED,IAAA,MAAMuB,kBAAiBnD,GAAY,EAAA;AACjC,QAAA,MAAMoD,6BAA8BpD,CAAAA,GAAAA,CAAIG,OAAO,CAACkB,KAAK,CAAA;AAErD,QAAA,MAAM,EAAEgC,iBAAiB,EAAE,GAAGrD,GAAIG,CAAAA,OAAO,CAACkB,KAAK;AAE/C,QAAA,MAAM8B,gBAAmB,GAAA,MAAM3B,UAAW,CAAA,MAAA,CAAA,CAAQ8B,oBAAoB,CAACD,iBAAAA,CAAAA;AAEvE,QAAA,IAAI,CAACF,gBAAkB,EAAA;AACrB,YAAA,MAAM,IAAIvD,eAAgB,CAAA,2BAAA,CAAA;AAC5B;AAEAI,QAAAA,GAAAA,CAAII,IAAI,GAAG;YAAE6C,IAAME,EAAAA;AAAiB,SAAA;AACtC,KAAA;AAEA,IAAA,MAAMI,UAASvD,GAAY,EAAA;AACzB,QAAA,MAAMwD,KAAQxD,GAAAA,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAMqD,yBAA0BD,CAAAA,KAAAA,CAAAA;AAEhC,QAAA,MAAM/C,IAAO,GAAA,MAAMe,UAAW,CAAA,MAAA,CAAA,CAAQ+B,QAAQ,CAACC,KAAAA,CAAAA;QAE/C,IAAI;AACF,YAAA,MAAM9B,cAAiBC,GAAAA,iBAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAgB,EAAA;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC;YACA,MAAMC,MAAAA,GAASC,MAAOrB,CAAAA,IAAAA,CAAKsB,EAAE,CAAA;YAC7B,MAAM,EAAEC,QAAQ,EAAEC,UAAU,EAAE,GAAGC,mBAAoBlC,CAAAA,GAAAA,CAAIG,OAAO,CAACC,IAAI,CAAA;AAErE,YAAA,MAAM,EAAE+B,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cACvD,CAAA,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAU,EAAA;AAAEO,gBAAAA,IAAAA,EAAMN,aAAa,SAAY,GAAA;AAAU,aAAA,CAAA;YAEpF,MAAMO,aAAAA,GAAgBC,6BACpBR,UAAa,GAAA,SAAA,GAAY,WACzBI,iBACArC,EAAAA,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAA;AAEpB1C,YAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,qBAAqBT,YAAcI,EAAAA,aAAAA,CAAAA;AAEnD,YAAA,MAAMM,YAAe,GAAA,MAAMpB,cAAe,CAAA,OAAA,CAAA,CAASqB,mBAAmB,CAACX,YAAAA,CAAAA;AACvE,YAAA,IAAI,WAAWU,YAAc,EAAA;AAC3B,gBAAA,OAAO9C,IAAI4B,mBAAmB,EAAA;AAChC;AAEA,YAAA,MAAM,EAAEO,KAAAA,EAAOa,WAAW,EAAE,GAAGF,YAAAA;AAE/B9C,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBACT6C,IAAM,EAAA;oBACJd,KAAOa,EAAAA,WAAAA;AACPA,oBAAAA,WAAAA;oBACAvC,IAAMe,EAAAA,UAAAA,CAAW,MAAQC,CAAAA,CAAAA,YAAY,CAAChB,IAAAA;AACxC;AACF,aAAA;AACF,SAAA,CAAE,OAAOK,KAAO,EAAA;AACdH,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,wDAA0DA,EAAAA,KAAAA,CAAAA;AAC3E,YAAA,OAAOd,IAAI4B,mBAAmB,EAAA;AAChC;AACF,KAAA;AAEA,IAAA,MAAM8B,eAAc1D,GAAY,EAAA;AAC9B,QAAA,MAAMwD,KAAQxD,GAAAA,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAMuD,8BAA+BH,CAAAA,KAAAA,CAAAA;AAErC,QAAA,MAAMI,QAAW,GAAA,MAAMpC,UAAW,CAAA,MAAA,CAAA,CAAQqC,MAAM,EAAA;AAEhD,QAAA,IAAID,QAAU,EAAA;AACZ,YAAA,MAAM,IAAIjE,gBAAiB,CAAA,uCAAA,CAAA;AAC7B;AAEA,QAAA,MAAMmE,cAAiB,GAAA,MAAMtC,UAAW,CAAA,MAAA,CAAA,CAAQuC,aAAa,EAAA;AAE7D,QAAA,IAAI,CAACD,cAAgB,EAAA;AACnB,YAAA,MAAM,IAAInE,gBACR,CAAA,6EAAA,CAAA;AAEJ;AAEA,QAAA,MAAMc,IAAO,GAAA,MAAMe,UAAW,CAAA,MAAA,CAAA,CAAQwC,MAAM,CAAC;AAC3C,YAAA,GAAGR,KAAK;YACRH,iBAAmB,EAAA,IAAA;YACnBY,QAAU,EAAA,IAAA;AACVC,YAAAA,KAAAA,EAAOJ,cAAiB,GAAA;AAACA,gBAAAA,cAAAA,CAAe/B;AAAG,aAAA,GAAG;AAChD,SAAA,CAAA;QAEApB,MAAOwD,CAAAA,SAAS,CAACC,IAAI,CAAC,qBAAA,CAAA;QAEtB,IAAI;AACF,YAAA,MAAM1C,cAAiBC,GAAAA,iBAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAgB,EAAA;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC;YACA,MAAMC,MAAAA,GAASC,MAAOrB,CAAAA,IAAAA,CAAKsB,EAAE,CAAA;YAC7B,MAAM,EAAEC,QAAQ,EAAEC,UAAU,EAAE,GAAGC,mBAAoBlC,CAAAA,GAAAA,CAAIG,OAAO,CAACC,IAAI,CAAA;AAErE,YAAA,MAAM,EAAE+B,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cACvD,CAAA,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAU,EAAA;AAAEO,gBAAAA,IAAAA,EAAMN,aAAa,SAAY,GAAA;AAAU,aAAA,CAAA;YAEpF,MAAMO,aAAAA,GAAgBC,6BACpBR,UAAa,GAAA,SAAA,GAAY,WACzBI,iBACArC,EAAAA,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAA;AAEpB1C,YAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,qBAAqBT,YAAcI,EAAAA,aAAAA,CAAAA;AAEnD,YAAA,MAAMM,YAAe,GAAA,MAAMpB,cAAe,CAAA,OAAA,CAAA,CAASqB,mBAAmB,CAACX,YAAAA,CAAAA;AACvE,YAAA,IAAI,WAAWU,YAAc,EAAA;AAC3B,gBAAA,OAAO9C,IAAI4B,mBAAmB,EAAA;AAChC;AAEA,YAAA,MAAM,EAAEO,KAAAA,EAAOa,WAAW,EAAE,GAAGF,YAAAA;AAE/B9C,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBACT6C,IAAM,EAAA;oBACJd,KAAOa,EAAAA,WAAAA;AACPA,oBAAAA,WAAAA;oBACAvC,IAAMe,EAAAA,UAAAA,CAAW,MAAQC,CAAAA,CAAAA,YAAY,CAAChB,IAAAA;AACxC;AACF,aAAA;AACF,SAAA,CAAE,OAAOK,KAAO,EAAA;AACdH,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,8DAAgEA,EAAAA,KAAAA,CAAAA;AACjF,YAAA,OAAOd,IAAI4B,mBAAmB,EAAA;AAChC;AACF,KAAA;AAEA,IAAA,MAAMyC,gBAAerE,GAAY,EAAA;AAC/B,QAAA,MAAMwD,KAAQxD,GAAAA,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAMkE,2BAA4Bd,CAAAA,KAAAA,CAAAA;QAElChC,UAAW,CAAA,MAAA,CAAA,CAAQ6C,cAAc,CAACb,KAAAA,CAAAA;AAElCxD,QAAAA,GAAAA,CAAIuE,MAAM,GAAG,GAAA;AACf,KAAA;AAEA,IAAA,MAAMC,eAAcxE,GAAY,EAAA;AAC9B,QAAA,MAAMwD,KAAQxD,GAAAA,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAMqE,0BAA2BjB,CAAAA,KAAAA,CAAAA;AAEjC,QAAA,MAAM/C,IAAO,GAAA,MAAMe,UAAW,CAAA,MAAA,CAAA,CAAQgD,aAAa,CAAChB,KAAAA,CAAAA;;QAGpD,IAAI;AACF,YAAA,MAAM9B,cAAiBC,GAAAA,iBAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAgB,EAAA;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC;YAEA,MAAMC,MAAAA,GAASC,MAAOrB,CAAAA,IAAAA,CAAKsB,EAAE,CAAA;AAC7B,YAAA,MAAMC,QAAW0C,GAAAA,gBAAAA,EAAAA;;YAGjB,MAAMhD,cAAAA,CAAe,OAASiD,CAAAA,CAAAA,sBAAsB,CAAC9C,MAAAA,CAAAA;AAErD,YAAA,MAAM,EAAEM,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cACvD,CAAA,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAU,EAAA;gBAAEO,IAAM,EAAA;AAAU,aAAA,CAAA;;AAG3D,YAAA,MAAMC,gBAAgBC,4BACpB,CAAA,SAAA,EACAJ,mBACArC,GAAIG,CAAAA,OAAO,CAACuC,MAAM,CAAA;AAEpB1C,YAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,qBAAqBT,YAAcI,EAAAA,aAAAA,CAAAA;AAEnD,YAAA,MAAMM,YAAe,GAAA,MAAMpB,cAAe,CAAA,OAAA,CAAA,CAASqB,mBAAmB,CAACX,YAAAA,CAAAA;AACvE,YAAA,IAAI,WAAWU,YAAc,EAAA;AAC3B,gBAAA,OAAO9C,IAAI4B,mBAAmB,EAAA;AAChC;YAEA,MAAM,EAAEO,KAAK,EAAE,GAAGW,YAAAA;AAElB9C,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBACT6C,IAAM,EAAA;AACJd,oBAAAA,KAAAA;oBACA1B,IAAMe,EAAAA,UAAAA,CAAW,MAAQC,CAAAA,CAAAA,YAAY,CAAChB,IAAAA;AACxC;AACF,aAAA;AACF,SAAA,CAAE,OAAOD,GAAK,EAAA;AACZG,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,8DAAgEN,EAAAA,GAAAA,CAAAA;AACjF,YAAA,OAAOR,IAAI4B,mBAAmB,EAAA;AAChC;AACF,KAAA;AAEA,IAAA,MAAMoB,aAAYhD,GAAY,EAAA;AAC5B,QAAA,MAAMoC,YAAepC,GAAAA,GAAAA,CAAI2C,OAAO,CAACiC,GAAG,CAAC/B,mBAAAA,CAAAA;AAErC,QAAA,IAAI,CAACT,YAAc,EAAA;YACjB,OAAOpC,GAAAA,CAAI6E,YAAY,CAAC,uBAAA,CAAA;AAC1B;QAEA,IAAI;AACF,YAAA,MAAMnD,cAAiBC,GAAAA,iBAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAgB,EAAA;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC;;;AAIA,YAAA,MAAMkD,QAAW,GAAA,MAAMpD,cAAe,CAAA,OAAA,CAAA,CAASqD,kBAAkB,CAAC3C,YAAAA,CAAAA;AAClE,YAAA,IAAI,WAAW0C,QAAU,EAAA;gBACvB,OAAO9E,GAAAA,CAAI6E,YAAY,CAAC,uBAAA,CAAA;AAC1B;AAEA,YAAA,MAAMG,SAAS,MAAMtD,cAAAA,CAAe,SAASqB,mBAAmB,CAAC+B,SAAS3C,KAAK,CAAA;AAC/E,YAAA,IAAI,WAAW6C,MAAQ,EAAA;gBACrB,OAAOhF,GAAAA,CAAI6E,YAAY,CAAC,uBAAA,CAAA;AAC1B;YAEA,MAAM,EAAE1C,KAAK,EAAE,GAAG6C,MAAAA;;YAElB,MAAMC,IAAAA,GAAOxC,4BACXqC,CAAAA,QAAAA,CAASvC,IAAI,EACbuC,QAASzC,CAAAA,iBAAiB,EAC1BrC,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAA;AAGpB1C,YAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,mBAAqBiC,EAAAA,QAAAA,CAAS3C,KAAK,EAAE8C,IAAAA,CAAAA;AACrDjF,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBAAE6C,IAAM,EAAA;AAAEd,oBAAAA;AAAM;AAAE,aAAA;AAC/B,SAAA,CAAE,OAAO3B,GAAK,EAAA;AACZG,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,oDAAsDN,EAAAA,GAAAA,CAAAA;AACvE,YAAA,OAAOR,IAAI4B,mBAAmB,EAAA;AAChC;AACF,KAAA;AAEA,IAAA,MAAMsD,QAAOlF,GAAY,EAAA;QACvB,MAAMuB,aAAAA,GAAgBC,WAAW,MAAQC,CAAAA,CAAAA,YAAY,CAACzB,GAAIsB,CAAAA,KAAK,CAACb,IAAI,CAAA;AACpEE,QAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,cAAgB,EAAA;YAAEJ,IAAMc,EAAAA;AAAc,SAAA,CAAA;AAE3D,QAAA,MAAM4D,YAAenF,GAAAA,GAAAA,CAAIG,OAAO,CAACC,IAAI,EAAE4B,QAAAA;AACvC,QAAA,MAAMA,QAAW,GAAA,OAAOmD,YAAiB,KAAA,QAAA,GAAWA,YAAeC,GAAAA,SAAAA;;AAGnEpF,QAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,qBAAqB,EAAI,EAAA;AACvC,YAAA,GAAGwC,uBAAwBrF,CAAAA,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAC;AAC9C4C,YAAAA,OAAAA,EAAS,IAAIC,IAAK,CAAA,CAAA;AACpB,SAAA,CAAA;QAEA,IAAI;AACF,YAAA,MAAM7D,cAAiBC,GAAAA,iBAAAA,EAAAA;AACvB,YAAA,IAAID,cAAgB,EAAA;AAClB,gBAAA,MAAMG,SAASC,MAAO9B,CAAAA,GAAAA,CAAIsB,KAAK,CAACb,IAAI,CAACsB,EAAE,CAAA;AACvC,gBAAA,MAAML,cAAe,CAAA,OAAA,CAAA,CAASiD,sBAAsB,CAAC9C,MAAQG,EAAAA,QAAAA,CAAAA;AAC/D;AACF,SAAA,CAAE,OAAOxB,GAAK,EAAA;AACZG,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,+CAAiDN,EAAAA,GAAAA,CAAAA;AACpE;AAEAR,QAAAA,GAAAA,CAAII,IAAI,GAAG;AAAE6C,YAAAA,IAAAA,EAAM;AAAG,SAAA;AACxB;AACF,CAAE;;;;"}
package/dist/server/server/src/register.js CHANGED
@@ -9,7 +9,8 @@ var register = (({ strapi })=>{
9
9
  strapi.server.api('admin').use(passportMiddleware);
10
10
  strapi.get('auth').register('admin', admin.default);
11
11
  strapi.get('auth').register('content-api', apiToken.default);
12
- if (strapi.config.get('admin.serveAdminPanel')) {
12
+ const shouldServeAdminPanel = strapi.config.get('admin.serveAdminPanel');
13
+ if (shouldServeAdminPanel) {
13
14
  serveAdminPanel({
14
15
  strapi
15
16
  });
package/dist/server/server/src/register.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"register.js","sources":["../../../../server/src/register.ts"],"sourcesContent":["import type { Core } from '@strapi/types';\nimport registerAdminPanelRoute from './routes/serve-admin-panel';\nimport adminAuthStrategy from './strategies/admin';\nimport apiTokenAuthStrategy from './strategies/api-token';\n\nexport default ({ strapi }: { strapi: Core.Strapi }) => {\n const passportMiddleware = strapi.service('admin::passport').init();\n\n strapi.server.api('admin').use(passportMiddleware);\n strapi.get('auth').register('admin', adminAuthStrategy);\n strapi.get('auth').register('content-api', apiTokenAuthStrategy);\n\n if (strapi.config.get('admin.serveAdminPanel')) {\n registerAdminPanelRoute({ strapi });\n }\n};\n"],"names":["strapi","passportMiddleware","service","init","server","api","use","get","register","adminAuthStrategy","apiTokenAuthStrategy","config","registerAdminPanelRoute"],"mappings":";;;;;;AAKA,eAAe,CAAA,CAAC,EAAEA,MAAM,EAA2B,GAAA;AACjD,IAAA,MAAMC,kBAAqBD,GAAAA,MAAAA,CAAOE,OAAO,CAAC,mBAAmBC,IAAI,EAAA;AAEjEH,IAAAA,MAAAA,CAAOI,MAAM,CAACC,GAAG,CAAC,OAAA,CAAA,CAASC,GAAG,CAACL,kBAAAA,CAAAA;AAC/BD,IAAAA,MAAAA,CAAOO,GAAG,CAAC,MAAQC,CAAAA,CAAAA,QAAQ,CAAC,OAASC,EAAAA,aAAAA,CAAAA;AACrCT,IAAAA,MAAAA,CAAOO,GAAG,CAAC,MAAQC,CAAAA,CAAAA,QAAQ,CAAC,aAAeE,EAAAA,gBAAAA,CAAAA;AAE3C,IAAA,IAAIV,MAAOW,CAAAA,MAAM,CAACJ,GAAG,CAAC,uBAA0B,CAAA,EAAA;QAC9CK,eAAwB,CAAA;AAAEZ,YAAAA;AAAO,SAAA,CAAA;AACnC;AACF,CAAA;;;;"}
1
+ {"version":3,"file":"register.js","sources":["../../../../server/src/register.ts"],"sourcesContent":["import type { Core } from '@strapi/types';\nimport registerAdminPanelRoute from './routes/serve-admin-panel';\nimport adminAuthStrategy from './strategies/admin';\nimport apiTokenAuthStrategy from './strategies/api-token';\n\nexport default ({ strapi }: { strapi: Core.Strapi }) => {\n const passportMiddleware = strapi.service('admin::passport').init();\n\n strapi.server.api('admin').use(passportMiddleware);\n strapi.get('auth').register('admin', adminAuthStrategy);\n strapi.get('auth').register('content-api', apiTokenAuthStrategy);\n\n const shouldServeAdminPanel = strapi.config.get('admin.serveAdminPanel');\n\n if (shouldServeAdminPanel) {\n registerAdminPanelRoute({ strapi });\n }\n};\n"],"names":["strapi","passportMiddleware","service","init","server","api","use","get","register","adminAuthStrategy","apiTokenAuthStrategy","shouldServeAdminPanel","config","registerAdminPanelRoute"],"mappings":";;;;;;AAKA,eAAe,CAAA,CAAC,EAAEA,MAAM,EAA2B,GAAA;AACjD,IAAA,MAAMC,kBAAqBD,GAAAA,MAAAA,CAAOE,OAAO,CAAC,mBAAmBC,IAAI,EAAA;AAEjEH,IAAAA,MAAAA,CAAOI,MAAM,CAACC,GAAG,CAAC,OAAA,CAAA,CAASC,GAAG,CAACL,kBAAAA,CAAAA;AAC/BD,IAAAA,MAAAA,CAAOO,GAAG,CAAC,MAAQC,CAAAA,CAAAA,QAAQ,CAAC,OAASC,EAAAA,aAAAA,CAAAA;AACrCT,IAAAA,MAAAA,CAAOO,GAAG,CAAC,MAAQC,CAAAA,CAAAA,QAAQ,CAAC,aAAeE,EAAAA,gBAAAA,CAAAA;AAE3C,IAAA,MAAMC,qBAAwBX,GAAAA,MAAAA,CAAOY,MAAM,CAACL,GAAG,CAAC,uBAAA,CAAA;AAEhD,IAAA,IAAII,qBAAuB,EAAA;QACzBE,eAAwB,CAAA;AAAEb,YAAAA;AAAO,SAAA,CAAA;AACnC;AACF,CAAA;;;;"}
package/dist/server/server/src/register.mjs CHANGED
@@ -7,7 +7,8 @@ var register = (({ strapi })=>{
7
7
  strapi.server.api('admin').use(passportMiddleware);
8
8
  strapi.get('auth').register('admin', adminAuthStrategy);
9
9
  strapi.get('auth').register('content-api', apiTokenAuthStrategy);
10
- if (strapi.config.get('admin.serveAdminPanel')) {
10
+ const shouldServeAdminPanel = strapi.config.get('admin.serveAdminPanel');
11
+ if (shouldServeAdminPanel) {
11
12
  registerAdminPanelRoute({
12
13
  strapi
13
14
  });
package/dist/server/server/src/register.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"register.mjs","sources":["../../../../server/src/register.ts"],"sourcesContent":["import type { Core } from '@strapi/types';\nimport registerAdminPanelRoute from './routes/serve-admin-panel';\nimport adminAuthStrategy from './strategies/admin';\nimport apiTokenAuthStrategy from './strategies/api-token';\n\nexport default ({ strapi }: { strapi: Core.Strapi }) => {\n const passportMiddleware = strapi.service('admin::passport').init();\n\n strapi.server.api('admin').use(passportMiddleware);\n strapi.get('auth').register('admin', adminAuthStrategy);\n strapi.get('auth').register('content-api', apiTokenAuthStrategy);\n\n if (strapi.config.get('admin.serveAdminPanel')) {\n registerAdminPanelRoute({ strapi });\n }\n};\n"],"names":["strapi","passportMiddleware","service","init","server","api","use","get","register","adminAuthStrategy","apiTokenAuthStrategy","config","registerAdminPanelRoute"],"mappings":";;;;AAKA,eAAe,CAAA,CAAC,EAAEA,MAAM,EAA2B,GAAA;AACjD,IAAA,MAAMC,kBAAqBD,GAAAA,MAAAA,CAAOE,OAAO,CAAC,mBAAmBC,IAAI,EAAA;AAEjEH,IAAAA,MAAAA,CAAOI,MAAM,CAACC,GAAG,CAAC,OAAA,CAAA,CAASC,GAAG,CAACL,kBAAAA,CAAAA;AAC/BD,IAAAA,MAAAA,CAAOO,GAAG,CAAC,MAAQC,CAAAA,CAAAA,QAAQ,CAAC,OAASC,EAAAA,iBAAAA,CAAAA;AACrCT,IAAAA,MAAAA,CAAOO,GAAG,CAAC,MAAQC,CAAAA,CAAAA,QAAQ,CAAC,aAAeE,EAAAA,oBAAAA,CAAAA;AAE3C,IAAA,IAAIV,MAAOW,CAAAA,MAAM,CAACJ,GAAG,CAAC,uBAA0B,CAAA,EAAA;QAC9CK,uBAAwB,CAAA;AAAEZ,YAAAA;AAAO,SAAA,CAAA;AACnC;AACF,CAAA;;;;"}
1
+ {"version":3,"file":"register.mjs","sources":["../../../../server/src/register.ts"],"sourcesContent":["import type { Core } from '@strapi/types';\nimport registerAdminPanelRoute from './routes/serve-admin-panel';\nimport adminAuthStrategy from './strategies/admin';\nimport apiTokenAuthStrategy from './strategies/api-token';\n\nexport default ({ strapi }: { strapi: Core.Strapi }) => {\n const passportMiddleware = strapi.service('admin::passport').init();\n\n strapi.server.api('admin').use(passportMiddleware);\n strapi.get('auth').register('admin', adminAuthStrategy);\n strapi.get('auth').register('content-api', apiTokenAuthStrategy);\n\n const shouldServeAdminPanel = strapi.config.get('admin.serveAdminPanel');\n\n if (shouldServeAdminPanel) {\n registerAdminPanelRoute({ strapi });\n }\n};\n"],"names":["strapi","passportMiddleware","service","init","server","api","use","get","register","adminAuthStrategy","apiTokenAuthStrategy","shouldServeAdminPanel","config","registerAdminPanelRoute"],"mappings":";;;;AAKA,eAAe,CAAA,CAAC,EAAEA,MAAM,EAA2B,GAAA;AACjD,IAAA,MAAMC,kBAAqBD,GAAAA,MAAAA,CAAOE,OAAO,CAAC,mBAAmBC,IAAI,EAAA;AAEjEH,IAAAA,MAAAA,CAAOI,MAAM,CAACC,GAAG,CAAC,OAAA,CAAA,CAASC,GAAG,CAACL,kBAAAA,CAAAA;AAC/BD,IAAAA,MAAAA,CAAOO,GAAG,CAAC,MAAQC,CAAAA,CAAAA,QAAQ,CAAC,OAASC,EAAAA,iBAAAA,CAAAA;AACrCT,IAAAA,MAAAA,CAAOO,GAAG,CAAC,MAAQC,CAAAA,CAAAA,QAAQ,CAAC,aAAeE,EAAAA,oBAAAA,CAAAA;AAE3C,IAAA,MAAMC,qBAAwBX,GAAAA,MAAAA,CAAOY,MAAM,CAACL,GAAG,CAAC,uBAAA,CAAA;AAEhD,IAAA,IAAII,qBAAuB,EAAA;QACzBE,uBAAwB,CAAA;AAAEb,YAAAA;AAAO,SAAA,CAAA;AACnC;AACF,CAAA;;;;"}
package/dist/server/server/src/services/user.js CHANGED
@@ -408,6 +408,10 @@ attributes)=>{
408
408
  });
409
409
  return users.map((user)=>user.preferedLanguage || 'en');
410
410
  };
411
+ /**
412
+ * In-memory cache for AI tokens
413
+ * Key format: `${projectId}:${userId}`
414
+ */ const aiTokenCache = new Map();
411
415
  /**
412
416
  * Generate an AI token for the user performing the request
413
417
  */ const getAiToken = async ()=>{
@@ -450,6 +454,23 @@ attributes)=>{
450
454
  strapi.log.error(`${ERROR_PREFIX} Project ID not configured`);
451
455
  throw new Error('AI token request failed. Check server logs for details.');
452
456
  }
457
+ // Check cache for existing valid token
458
+ const cacheKey = `${projectId}:${userIdentifier}`;
459
+ const cachedToken = aiTokenCache.get(cacheKey);
460
+ if (cachedToken) {
461
+ const now = Date.now();
462
+ // Check if token is still valid (with buffer so it has time to to be used)
463
+ const bufferMs = 2 * 60 * 1000; // 2 minutes
464
+ if (cachedToken.expiresAtMs && cachedToken.expiresAtMs - bufferMs > now) {
465
+ strapi.log.info('Using cached AI token');
466
+ return {
467
+ token: cachedToken.token,
468
+ expiresAt: cachedToken.expiresAt
469
+ };
470
+ }
471
+ // Token expired or will expire soon, remove from cache
472
+ aiTokenCache.delete(cacheKey);
473
+ }
453
474
  strapi.log.http('Contacting AI Server for token generation');
454
475
  try {
455
476
  // Call the AI server's getAiJWT endpoint
@@ -502,6 +523,15 @@ attributes)=>{
502
523
  userId: user.id,
503
524
  expiresAt: data.expiresAt
504
525
  });
526
+ // Cache the token if it has an expiration time
527
+ if (data.expiresAt) {
528
+ const expiresAtMs = new Date(data.expiresAt).getTime();
529
+ aiTokenCache.set(cacheKey, {
530
+ token: data.jwt,
531
+ expiresAt: data.expiresAt,
532
+ expiresAtMs
533
+ });
534
+ }
505
535
  // Return the AI JWT with metadata
506
536
  // Note: Token expires in 1 hour, client should handle refresh
507
537
  return {