npm - @strapi/admin - Versions diffs - 5.29.0 → 5.30.1 - Mend

@strapi/admin 5.29.0 → 5.30.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (375) hide show

package/dist/server/server/src/services/role.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"role.mjs","sources":["../../../../../server/src/services/role.ts"],"sourcesContent":["/* eslint-disable @typescript-eslint/no-explicit-any / // TODO: TS - Use database parameters interface when they are ready\n/ eslint-disable @typescript-eslint/default-param-last /\nimport _ from 'lodash';\nimport { set, omit, pick, prop, isArray, differenceWith, differenceBy, isEqual } from 'lodash/fp';\n\nimport { dates, arrays, hooks as hooksUtils, errors } from '@strapi/utils';\nimport type { Data } from '@strapi/types';\n\nimport permissionDomain from '../domain/permission';\nimport type { AdminUser, AdminRole, Permission } from '../../../shared/contracts/shared';\nimport type { Action } from '../domain/action';\n\nimport { validatePermissionsExist } from '../validation/permission';\nimport roleConstants from './constants';\nimport { getService } from '../utils';\n\nconst { SUPER_ADMIN_CODE, CONTENT_TYPE_SECTION } = roleConstants;\n\nconst { createAsyncSeriesWaterfallHook } = hooksUtils;\nconst { ApplicationError } = errors;\n\nconst hooks = {\n willResetSuperAdminPermissions: createAsyncSeriesWaterfallHook(),\n};\n\nconst ACTIONS = {\n publish: 'plugin::content-manager.explorer.publish',\n};\n\n// @ts-expect-error lodash types\nconst sanitizeRole: <T extends object>(obj: T) => Omit<T, 'users' \| 'permissions'> = omit([\n 'users',\n 'permissions',\n] as const);\n\nexport type AdminRoleWithUsersCount = AdminRole & { usersCount: number };\n\nconst COMPARABLE_FIELDS = ['conditions', 'properties', 'subject', 'action', 'actionParameters'];\nconst pickComparableFields = pick(COMPARABLE_FIELDS);\n\nconst jsonClean = <T extends object>(data: T): T => JSON.parse(JSON.stringify(data));\n\n/\n Compare two permissions\n /\nconst arePermissionsEqual = (p1: Permission, p2: Permission): boolean => {\n if (p1.action === p2.action) {\n return isEqual(jsonClean(pickComparableFields(p1)), jsonClean(pickComparableFields(p2)));\n }\n\n return false;\n};\n\n/\n Create and save a role in database\n * @param attributes A partial role object\n /\nconst create = async (attributes: Partial<AdminRole>): Promise<AdminRole> => {\n const alreadyExists = await exists({ name: attributes.name });\n\n if (alreadyExists) {\n throw new ApplicationError(\n `The name must be unique and a role with name \\`${attributes.name}\\` already exists.`\n );\n }\n const autoGeneratedCode = `${_.kebabCase(attributes.name)}-${dates.timestampCode()}`;\n\n const rolesWithCode = {\n ...attributes,\n code: attributes.code \|\| autoGeneratedCode,\n };\n\n const result = await strapi.db.query('admin::role').create({ data: rolesWithCode });\n strapi.eventHub.emit('role.create', { role: sanitizeRole(result) });\n\n return result;\n};\n\n/\n Find a role in database\n * @param params query params to find the role\n * @param populate\n /\nconst findOne = (params = {}, populate?: unknown): Promise<AdminRole> => {\n return strapi.db.query('admin::role').findOne({ where: params, populate });\n};\n\n/\n Find a role in database with usersCounts\n * @param params query params to find the role\n * @param populate\n /\nconst findOneWithUsersCount = async (\n params = {},\n populate?: unknown\n): Promise<AdminRoleWithUsersCount> => {\n const role = await strapi.db.query('admin::role').findOne({ where: params, populate });\n\n if (role) {\n role.usersCount = await getUsersCount(role.id);\n }\n\n return role;\n};\n\n/\n Find roles in database\n * @param params query params to find the roles\n * @param populate\n /\nconst find = (params = {}, populate: unknown): Promise<AdminRole[]> => {\n return strapi.db.query('admin::role').findMany({ where: params, populate });\n};\n\n/\n Find all roles in database\n /\nconst findAllWithUsersCount = async (params: any): Promise<AdminRoleWithUsersCount[]> => {\n const roles: AdminRoleWithUsersCount[] = await strapi.db\n .query('admin::role')\n .findMany(strapi.get('query-params').transform('admin::role', params));\n\n for (const role of roles) {\n role.usersCount = await getUsersCount(role.id);\n }\n\n return roles;\n};\n\n/\n Update a role in database\n * @param params query params to find the role to update\n * @param attributes A partial role object\n /\nconst update = async (params: any, attributes: Partial<AdminRole>): Promise<AdminRole> => {\n const sanitizedAttributes = _.omit(attributes, ['code']);\n\n if (_.has(params, 'id') && _.has(sanitizedAttributes, 'name')) {\n const alreadyExists = await exists({\n name: sanitizedAttributes.name,\n id: { $ne: params.id },\n });\n if (alreadyExists) {\n throw new ApplicationError(\n `The name must be unique and a role with name \\`${sanitizedAttributes.name}\\` already exists.`\n );\n }\n }\n\n const result = await strapi.db\n .query('admin::role')\n .update({ where: params, data: sanitizedAttributes });\n\n strapi.eventHub.emit('role.update', { role: sanitizeRole(result) });\n\n return result;\n};\n\n/\n Check if a role exists in database\n * @param params query params to find the role\n /\nconst exists = async (params = {} as unknown): Promise<boolean> => {\n const count = await strapi.db.query('admin::role').count({ where: params });\n return count > 0;\n};\n\n/\n Count the number of roles based on search params\n * @param params params used for the query\n /\nconst count = async (params = {} as any): Promise<number> => {\n return strapi.db.query('admin::role').count(params);\n};\n\n/\n Check if the given roles id can be deleted safely, throw otherwise\n * @param ids\n /\nconst checkRolesIdForDeletion = async (ids = [] as Data.ID[]) => {\n const superAdminRole = await getSuperAdmin();\n\n if (superAdminRole && arrays.includesString(ids, superAdminRole.id)) {\n throw new ApplicationError('You cannot delete the super admin role');\n }\n\n for (const roleId of ids) {\n const usersCount = await getUsersCount(roleId);\n if (usersCount !== 0) {\n throw new ApplicationError('Some roles are still assigned to some users');\n }\n }\n};\n\n/\n Delete roles in database if they have no user assigned\n * @param ids query params to find the roles\n /\nconst deleteByIds = async (ids = [] as Data.ID[]): Promise<AdminRole[]> => {\n await checkRolesIdForDeletion(ids);\n\n await getService('permission').deleteByRolesIds(ids);\n\n const deletedRoles: AdminRole[] = [];\n for (const id of ids) {\n const deletedRole = await strapi.db.query('admin::role').delete({ where: { id } });\n\n if (deletedRole) {\n strapi.eventHub.emit('role.delete', { role: deletedRole });\n deletedRoles.push(deletedRole);\n }\n }\n\n return deletedRoles;\n};\n\n/* Count the number of users for some roles\n /\nconst getUsersCount = async (roleId: Data.ID): Promise<number> => {\n return strapi.db.query('admin::user').count({ where: { roles: { id: roleId } } });\n};\n\n/* Returns admin role\n /\nconst getSuperAdmin = (): Promise<AdminRole \| undefined> => findOne({ code: SUPER_ADMIN_CODE });\n\n/* Returns admin role with userCount\n * @returns {Promise<role>}\n /\nconst getSuperAdminWithUsersCount = () => findOneWithUsersCount({ code: SUPER_ADMIN_CODE });\n\n/* Create superAdmin, Author and Editor role is no role already exist\n /\nconst createRolesIfNoneExist = async () => {\n const someRolesExist = await exists();\n if (someRolesExist) {\n return;\n }\n\n const { actionProvider } = getService('permission');\n\n const allActions = actionProvider.values();\n const contentTypesActions = allActions.filter((a) => a.section === 'contentTypes');\n\n // create 3 roles\n const superAdminRole = await create({\n name: 'Super Admin',\n code: 'strapi-super-admin',\n description: 'Super Admins can access and manage all features and settings.',\n });\n\n await getService('user').assignARoleToAll(superAdminRole.id);\n\n const editorRole = await create({\n name: 'Editor',\n code: 'strapi-editor',\n description: 'Editors can manage and publish contents including those of other users.',\n });\n\n const authorRole = await create({\n name: 'Author',\n code: 'strapi-author',\n description: 'Authors can manage the content they have created.',\n });\n\n // create content-type permissions for each role\n const editorPermissions = getService('content-type').getPermissionsWithNestedFields(\n contentTypesActions,\n {\n restrictedSubjects: ['plugin::users-permissions.user'],\n }\n );\n\n const authorPermissions = editorPermissions\n .filter(({ action }: any) => action !== ACTIONS.publish)\n .map((permission: any) =>\n permissionDomain.create({ ...permission, conditions: ['admin::is-creator'] })\n );\n\n editorPermissions.push(...getDefaultPluginPermissions());\n authorPermissions.push(...getDefaultPluginPermissions({ isAuthor: true }));\n\n // assign permissions to roles\n await addPermissions(editorRole.id, editorPermissions);\n await addPermissions(authorRole.id, authorPermissions);\n};\n\nconst getDefaultPluginPermissions = ({ isAuthor = false } = {}) => {\n const conditions = isAuthor ? ['admin::is-creator'] : [];\n\n // add plugin permissions for each role\n return [\n { action: 'plugin::upload.read', conditions },\n { action: 'plugin::upload.configure-view' },\n { action: 'plugin::upload.assets.create' },\n { action: 'plugin::upload.assets.update', conditions },\n { action: 'plugin::upload.assets.download' },\n { action: 'plugin::upload.assets.copy-link' },\n ].map(permissionDomain.create);\n};\n\n/* Display a warning if the role superAdmin doesn't exist\n * or if the role is not assigned to at least one user\n /\nconst displayWarningIfNoSuperAdmin = async () => {\n const superAdminRole = await getSuperAdminWithUsersCount();\n const someUsersExists = await getService('user').exists();\n\n if (!superAdminRole) {\n strapi.log.warn(\"Your application doesn't have a super admin role.\");\n } else if (someUsersExists && superAdminRole.usersCount === 0) {\n strapi.log.warn(\"Your application doesn't have a super admin user.\");\n }\n};\n\n/\n Assign permissions to a role\n * @param roleId - role Data.ID\n * @param {Array<Permission{action,subject,fields,conditions}>} permissions - permissions to assign to the role\n /\nconst assignPermissions = async (\n roleId: Data.ID,\n permissions: Array<Pick<Permission, 'action' \| 'subject' \| 'conditions'>> = []\n) => {\n await validatePermissionsExist(permissions);\n\n // Internal actions are not handled by the role service, so any permission\n // with an internal action is filtered out\n const internalActions = getService('permission')\n .actionProvider.values()\n .filter((action) => action.section === 'internal')\n .map((action) => action.actionId);\n\n const superAdmin = await getService('role').getSuperAdmin();\n const isSuperAdmin = superAdmin && superAdmin.id === roleId;\n const assignRole = set('role', roleId);\n\n const permissionsWithRole = permissions\n // Add the role attribute to every permission\n .map(assignRole)\n // Transform each permission into a Permission instance\n // @ts-expect-error - lodash set doesn't resolve the type appropriately\n .map(permissionDomain.create);\n\n const existingPermissions = await getService('permission').findMany({\n where: { role: { id: roleId } },\n populate: ['role'],\n });\n\n const permissionsToAdd = differenceWith(\n arePermissionsEqual,\n permissionsWithRole,\n existingPermissions\n ).filter((permission: Permission) => !internalActions.includes(permission.action));\n\n const permissionsToDelete = differenceWith(\n arePermissionsEqual,\n existingPermissions,\n permissionsWithRole\n ).filter((permission: Permission) => !internalActions.includes(permission.action));\n\n const permissionsToReturn = differenceBy('id', permissionsToDelete, existingPermissions);\n\n if (permissionsToDelete.length > 0) {\n // @ts-expect-error - lodash prop doesn't resolve the type appropriately\n await getService('permission').deleteByIds(permissionsToDelete.map(prop('id')));\n }\n\n if (permissionsToAdd.length > 0) {\n const newPermissions = await addPermissions(roleId, permissionsToAdd);\n permissionsToReturn.push(...newPermissions);\n }\n\n if (!isSuperAdmin && (permissionsToAdd.length \|\| permissionsToDelete.length)) {\n await getService('metrics').sendDidUpdateRolePermissions();\n }\n\n return permissionsToReturn;\n};\n\nconst addPermissions = async (roleId: Data.ID, permissions: any) => {\n const { conditionProvider, createMany } = getService('permission');\n const { sanitizeConditions } = permissionDomain;\n\n const permissionsWithRole = permissions\n .map(set('role', roleId))\n // @ts-expect-error - refactor domain/permission Condition type, as it's now expecting\n // a string but it should be a Condition interface\n .map(sanitizeConditions(conditionProvider))\n .map(permissionDomain.create);\n\n return createMany(permissionsWithRole);\n};\n\nconst isContentTypeAction = (action: Action) => action.section === CONTENT_TYPE_SECTION;\n\n/\n Reset super admin permissions (giving it all permissions)\n /\nconst resetSuperAdminPermissions = async () => {\n const superAdminRole = await getService('role').getSuperAdmin();\n if (!superAdminRole) {\n return;\n }\n\n const permissionService = getService('permission');\n const contentTypeService = getService('content-type');\n\n const allActions = permissionService.actionProvider.values() as Action[];\n\n const contentTypesActions = allActions.filter((action) => isContentTypeAction(action));\n const otherActions = allActions.filter((action) => !isContentTypeAction(action));\n\n // First, get the content-types permissions\n const permissions = contentTypeService.getPermissionsWithNestedFields(\n contentTypesActions\n ) as Permission[];\n\n // Then add every other permission\n const otherPermissions = otherActions.reduce((acc, action) => {\n const { actionId, subjects } = action;\n\n if (isArray(subjects)) {\n acc.push(\n ...subjects.map((subject) => permissionDomain.create({ action: actionId, subject }))\n );\n } else {\n acc.push(permissionDomain.create({ action: actionId }));\n }\n\n return acc;\n }, [] as Permission[]);\n\n permissions.push(...otherPermissions);\n\n const transformedPermissions = (await hooks.willResetSuperAdminPermissions.call(\n permissions\n )) as Permission[];\n\n await assignPermissions(superAdminRole.id, transformedPermissions);\n};\n\n/\n Check if a user object includes the super admin role\n */\nconst hasSuperAdminRole = (user: AdminUser): boolean => {\n const roles = _.get(user, 'roles', []) as AdminRole[];\n\n return roles.map(prop('code')).includes(SUPER_ADMIN_CODE);\n};\n\nconst constants = {\n superAdminCode: SUPER_ADMIN_CODE,\n};\n\nexport default {\n hooks,\n sanitizeRole,\n create,\n findOne,\n findOneWithUsersCount,\n find,\n findAllWithUsersCount,\n update,\n exists,\n count,\n deleteByIds,\n getUsersCount,\n getSuperAdmin,\n getSuperAdminWithUsersCount,\n createRolesIfNoneExist,\n displayWarningIfNoSuperAdmin,\n addPermissions,\n hasSuperAdminRole,\n assignPermissions,\n resetSuperAdminPermissions,\n checkRolesIdForDeletion,\n constants,\n};\n"],"names":["SUPER_ADMIN_CODE","CONTENT_TYPE_SECTION","roleConstants","createAsyncSeriesWaterfallHook","hooksUtils","ApplicationError","errors","hooks","willResetSuperAdminPermissions","ACTIONS","publish","sanitizeRole","omit","COMPARABLE_FIELDS","pickComparableFields","pick","jsonClean","data","JSON","parse","stringify","arePermissionsEqual","p1","p2","action","isEqual","create","attributes","alreadyExists","exists","name","autoGeneratedCode","_","kebabCase","dates","timestampCode","rolesWithCode","code","result","strapi","db","query","eventHub","emit","role","findOne","params","populate","where","findOneWithUsersCount","usersCount","getUsersCount","id","find","findMany","findAllWithUsersCount","roles","get","transform","update","sanitizedAttributes","has","$ne","count","checkRolesIdForDeletion","ids","superAdminRole","getSuperAdmin","arrays","includesString","roleId","deleteByIds","getService","deleteByRolesIds","deletedRoles","deletedRole","delete","push","getSuperAdminWithUsersCount","createRolesIfNoneExist","someRolesExist","actionProvider","allActions","values","contentTypesActions","filter","a","section","description","assignARoleToAll","editorRole","authorRole","editorPermissions","getPermissionsWithNestedFields","restrictedSubjects","authorPermissions","map","permission","permissionDomain","conditions","getDefaultPluginPermissions","isAuthor","addPermissions","displayWarningIfNoSuperAdmin","someUsersExists","log","warn","assignPermissions","permissions","validatePermissionsExist","internalActions","actionId","superAdmin","isSuperAdmin","assignRole","set","permissionsWithRole","existingPermissions","permissionsToAdd","differenceWith","includes","permissionsToDelete","permissionsToReturn","differenceBy","length","prop","newPermissions","sendDidUpdateRolePermissions","conditionProvider","createMany","sanitizeConditions","isContentTypeAction","resetSuperAdminPermissions","permissionService","contentTypeService","otherActions","otherPermissions","reduce","acc","subjects","isArray","subject","transformedPermissions","call","hasSuperAdminRole","user","constants","superAdminCode"],"mappings":";;;;;;;;AAAA;AAgBA,MAAM,EAAEA,gBAAgB,EAAEC,oBAAoB,EAAE,GAAGC,WAAAA;AAEnD,MAAM,EAAEC,8BAA8B,EAAE,GAAGC,OAAAA;AAC3C,MAAM,EAAEC,gBAAgB,EAAE,GAAGC,MAAAA;AAE7B,MAAMC,KAAQ,GAAA;IACZC,8BAAgCL,EAAAA,8BAAAA;AAClC,CAAA;AAEA,MAAMM,OAAU,GAAA;IACdC,OAAS,EAAA;AACX,CAAA;AAEA;AACA,MAAMC,eAA+EC,IAAK,CAAA;AACxF,IAAA,OAAA;AACA,IAAA;AACD,CAAA,CAAA;AAID,MAAMC,iBAAoB,GAAA;AAAC,IAAA,YAAA;AAAc,IAAA,YAAA;AAAc,IAAA,SAAA;AAAW,IAAA,QAAA;AAAU,IAAA;AAAmB,CAAA;AAC/F,MAAMC,uBAAuBC,IAAKF,CAAAA,iBAAAA,CAAAA;AAElC,MAAMG,SAAAA,GAAY,CAAmBC,IAAeC,GAAAA,IAAAA,CAAKC,KAAK,CAACD,IAAAA,CAAKE,SAAS,CAACH,IAAAA,CAAAA,CAAAA;AAE9E;;IAGA,MAAMI,mBAAsB,GAAA,CAACC,EAAgBC,EAAAA,EAAAA,GAAAA;AAC3C,IAAA,IAAID,EAAGE,CAAAA,MAAM,KAAKD,EAAAA,CAAGC,MAAM,EAAE;AAC3B,QAAA,OAAOC,OAAQT,CAAAA,SAAAA,CAAUF,oBAAqBQ,CAAAA,EAAAA,CAAAA,CAAAA,EAAMN,UAAUF,oBAAqBS,CAAAA,EAAAA,CAAAA,CAAAA,CAAAA;AACrF;IAEA,OAAO,KAAA;AACT,CAAA;AAEA;;;IAIA,MAAMG,SAAS,OAAOC,UAAAA,GAAAA;IACpB,MAAMC,aAAAA,GAAgB,MAAMC,MAAO,CAAA;AAAEC,QAAAA,IAAAA,EAAMH,WAAWG;AAAK,KAAA,CAAA;AAE3D,IAAA,IAAIF,aAAe,EAAA;QACjB,MAAM,IAAIvB,iBACR,CAAC,+CAA+C,EAAEsB,UAAWG,CAAAA,IAAI,CAAC,kBAAkB,CAAC,CAAA;AAEzF;AACA,IAAA,MAAMC,iBAAoB,GAAA,CAAC,EAAEC,UAAAA,CAAEC,SAAS,CAACN,UAAAA,CAAWG,IAAI,CAAA,CAAE,CAAC,EAAEI,KAAMC,CAAAA,aAAa,GAAG,CAAC;AAEpF,IAAA,MAAMC,aAAgB,GAAA;AACpB,QAAA,GAAGT,UAAU;QACbU,IAAMV,EAAAA,UAAAA,CAAWU,IAAI,IAAIN;AAC3B,KAAA;IAEA,MAAMO,MAAAA,GAAS,MAAMC,MAAOC,CAAAA,EAAE,CAACC,KAAK,CAAC,aAAef,CAAAA,CAAAA,MAAM,CAAC;QAAET,IAAMmB,EAAAA;AAAc,KAAA,CAAA;AACjFG,IAAAA,MAAAA,CAAOG,QAAQ,CAACC,IAAI,CAAC,aAAe,EAAA;AAAEC,QAAAA,IAAAA,EAAMjC,YAAa2B,CAAAA,MAAAA;AAAQ,KAAA,CAAA;IAEjE,OAAOA,MAAAA;AACT,CAAA;AAEA;;;;AAIC,IACD,MAAMO,OAAU,GAAA,CAACC,MAAS,GAAA,EAAE,EAAEC,QAAAA,GAAAA;AAC5B,IAAA,OAAOR,OAAOC,EAAE,CAACC,KAAK,CAAC,aAAA,CAAA,CAAeI,OAAO,CAAC;QAAEG,KAAOF,EAAAA,MAAAA;AAAQC,QAAAA;AAAS,KAAA,CAAA;AAC1E,CAAA;AAEA;;;;AAIC,IACD,MAAME,qBAAwB,GAAA,OAC5BH,MAAS,GAAA,EAAE,EACXC,QAAAA,GAAAA;IAEA,MAAMH,IAAAA,GAAO,MAAML,MAAOC,CAAAA,EAAE,CAACC,KAAK,CAAC,aAAeI,CAAAA,CAAAA,OAAO,CAAC;QAAEG,KAAOF,EAAAA,MAAAA;AAAQC,QAAAA;AAAS,KAAA,CAAA;AAEpF,IAAA,IAAIH,IAAM,EAAA;AACRA,QAAAA,IAAAA,CAAKM,UAAU,GAAG,MAAMC,aAAAA,CAAcP,KAAKQ,EAAE,CAAA;AAC/C;IAEA,OAAOR,IAAAA;AACT,CAAA;AAEA;;;;AAIC,IACD,MAAMS,IAAO,GAAA,CAACP,MAAS,GAAA,EAAE,EAAEC,QAAAA,GAAAA;AACzB,IAAA,OAAOR,OAAOC,EAAE,CAACC,KAAK,CAAC,aAAA,CAAA,CAAea,QAAQ,CAAC;QAAEN,KAAOF,EAAAA,MAAAA;AAAQC,QAAAA;AAAS,KAAA,CAAA;AAC3E,CAAA;AAEA;;IAGA,MAAMQ,wBAAwB,OAAOT,MAAAA,GAAAA;AACnC,IAAA,MAAMU,QAAmC,MAAMjB,MAAAA,CAAOC,EAAE,CACrDC,KAAK,CAAC,aAAA,CAAA,CACNa,QAAQ,CAACf,OAAOkB,GAAG,CAAC,cAAgBC,CAAAA,CAAAA,SAAS,CAAC,aAAeZ,EAAAA,MAAAA,CAAAA,CAAAA;IAEhE,KAAK,MAAMF,QAAQY,KAAO,CAAA;AACxBZ,QAAAA,IAAAA,CAAKM,UAAU,GAAG,MAAMC,aAAAA,CAAcP,KAAKQ,EAAE,CAAA;AAC/C;IAEA,OAAOI,KAAAA;AACT,CAAA;AAEA;;;;IAKA,MAAMG,MAAS,GAAA,OAAOb,MAAanB,EAAAA,UAAAA,GAAAA;AACjC,IAAA,MAAMiC,mBAAsB5B,GAAAA,UAAAA,CAAEpB,IAAI,CAACe,UAAY,EAAA;AAAC,QAAA;AAAO,KAAA,CAAA;IAEvD,IAAIK,UAAAA,CAAE6B,GAAG,CAACf,MAAAA,EAAQ,SAASd,UAAE6B,CAAAA,GAAG,CAACD,mBAAAA,EAAqB,MAAS,CAAA,EAAA;QAC7D,MAAMhC,aAAAA,GAAgB,MAAMC,MAAO,CAAA;AACjCC,YAAAA,IAAAA,EAAM8B,oBAAoB9B,IAAI;YAC9BsB,EAAI,EAAA;AAAEU,gBAAAA,GAAAA,EAAKhB,OAAOM;AAAG;AACvB,SAAA,CAAA;AACA,QAAA,IAAIxB,aAAe,EAAA;YACjB,MAAM,IAAIvB,iBACR,CAAC,+CAA+C,EAAEuD,mBAAoB9B,CAAAA,IAAI,CAAC,kBAAkB,CAAC,CAAA;AAElG;AACF;IAEA,MAAMQ,MAAAA,GAAS,MAAMC,MAAOC,CAAAA,EAAE,CAC3BC,KAAK,CAAC,aACNkB,CAAAA,CAAAA,MAAM,CAAC;QAAEX,KAAOF,EAAAA,MAAAA;QAAQ7B,IAAM2C,EAAAA;AAAoB,KAAA,CAAA;AAErDrB,IAAAA,MAAAA,CAAOG,QAAQ,CAACC,IAAI,CAAC,aAAe,EAAA;AAAEC,QAAAA,IAAAA,EAAMjC,YAAa2B,CAAAA,MAAAA;AAAQ,KAAA,CAAA;IAEjE,OAAOA,MAAAA;AACT,CAAA;AAEA;;;AAGC,IACD,MAAMT,MAAAA,GAAS,OAAOiB,MAAAA,GAAS,EAAa,GAAA;IAC1C,MAAMiB,KAAAA,GAAQ,MAAMxB,MAAOC,CAAAA,EAAE,CAACC,KAAK,CAAC,aAAesB,CAAAA,CAAAA,KAAK,CAAC;QAAEf,KAAOF,EAAAA;AAAO,KAAA,CAAA;AACzE,IAAA,OAAOiB,KAAQ,GAAA,CAAA;AACjB,CAAA;AAEA;;;AAGC,IACD,MAAMA,KAAAA,GAAQ,OAAOjB,MAAAA,GAAS,EAAS,GAAA;AACrC,IAAA,OAAOP,OAAOC,EAAE,CAACC,KAAK,CAAC,aAAA,CAAA,CAAesB,KAAK,CAACjB,MAAAA,CAAAA;AAC9C,CAAA;AAEA;;;AAGC,IACD,MAAMkB,uBAAAA,GAA0B,OAAOC,GAAAA,GAAM,EAAE,GAAa;AAC1D,IAAA,MAAMC,iBAAiB,MAAMC,aAAAA,EAAAA;AAE7B,IAAA,IAAID,kBAAkBE,MAAOC,CAAAA,cAAc,CAACJ,GAAKC,EAAAA,cAAAA,CAAed,EAAE,CAAG,EAAA;AACnE,QAAA,MAAM,IAAI/C,gBAAiB,CAAA,wCAAA,CAAA;AAC7B;IAEA,KAAK,MAAMiE,UAAUL,GAAK,CAAA;QACxB,MAAMf,UAAAA,GAAa,MAAMC,aAAcmB,CAAAA,MAAAA,CAAAA;AACvC,QAAA,IAAIpB,eAAe,CAAG,EAAA;AACpB,YAAA,MAAM,IAAI7C,gBAAiB,CAAA,6CAAA,CAAA;AAC7B;AACF;AACF,CAAA;AAEA;;;AAGC,IACD,MAAMkE,WAAAA,GAAc,OAAON,GAAAA,GAAM,EAAE,GAAa;AAC9C,IAAA,MAAMD,uBAAwBC,CAAAA,GAAAA,CAAAA;IAE9B,MAAMO,UAAAA,CAAW,YAAcC,CAAAA,CAAAA,gBAAgB,CAACR,GAAAA,CAAAA;AAEhD,IAAA,MAAMS,eAA4B,EAAE;IACpC,KAAK,MAAMtB,MAAMa,GAAK,CAAA;QACpB,MAAMU,WAAAA,GAAc,MAAMpC,MAAOC,CAAAA,EAAE,CAACC,KAAK,CAAC,aAAemC,CAAAA,CAAAA,MAAM,CAAC;YAAE5B,KAAO,EAAA;AAAEI,gBAAAA;AAAG;AAAE,SAAA,CAAA;AAEhF,QAAA,IAAIuB,WAAa,EAAA;AACfpC,YAAAA,MAAAA,CAAOG,QAAQ,CAACC,IAAI,CAAC,aAAe,EAAA;gBAAEC,IAAM+B,EAAAA;AAAY,aAAA,CAAA;AACxDD,YAAAA,YAAAA,CAAaG,IAAI,CAACF,WAAAA,CAAAA;AACpB;AACF;IAEA,OAAOD,YAAAA;AACT,CAAA;AAEA;IAEA,MAAMvB,gBAAgB,OAAOmB,MAAAA,GAAAA;AAC3B,IAAA,OAAO/B,OAAOC,EAAE,CAACC,KAAK,CAAC,aAAA,CAAA,CAAesB,KAAK,CAAC;QAAEf,KAAO,EAAA;YAAEQ,KAAO,EAAA;gBAAEJ,EAAIkB,EAAAA;AAAO;AAAE;AAAE,KAAA,CAAA;AACjF,CAAA;AAEA;IAEA,MAAMH,aAAgB,GAAA,IAAsCtB,OAAQ,CAAA;QAAER,IAAMrC,EAAAA;AAAiB,KAAA,CAAA;AAE7F;;IAGA,MAAM8E,2BAA8B,GAAA,IAAM7B,qBAAsB,CAAA;QAAEZ,IAAMrC,EAAAA;AAAiB,KAAA,CAAA;AAEzF;AACC,IACD,MAAM+E,sBAAyB,GAAA,UAAA;AAC7B,IAAA,MAAMC,iBAAiB,MAAMnD,MAAAA,EAAAA;AAC7B,IAAA,IAAImD,cAAgB,EAAA;AAClB,QAAA;AACF;AAEA,IAAA,MAAM,EAAEC,cAAc,EAAE,GAAGT,UAAW,CAAA,YAAA,CAAA;IAEtC,MAAMU,UAAAA,GAAaD,eAAeE,MAAM,EAAA;IACxC,MAAMC,mBAAAA,GAAsBF,WAAWG,MAAM,CAAC,CAACC,CAAMA,GAAAA,CAAAA,CAAEC,OAAO,KAAK,cAAA,CAAA;;IAGnE,MAAMrB,cAAAA,GAAiB,MAAMxC,MAAO,CAAA;QAClCI,IAAM,EAAA,aAAA;QACNO,IAAM,EAAA,oBAAA;QACNmD,WAAa,EAAA;AACf,KAAA,CAAA;AAEA,IAAA,MAAMhB,UAAW,CAAA,MAAA,CAAA,CAAQiB,gBAAgB,CAACvB,eAAed,EAAE,CAAA;IAE3D,MAAMsC,UAAAA,GAAa,MAAMhE,MAAO,CAAA;QAC9BI,IAAM,EAAA,QAAA;QACNO,IAAM,EAAA,eAAA;QACNmD,WAAa,EAAA;AACf,KAAA,CAAA;IAEA,MAAMG,UAAAA,GAAa,MAAMjE,MAAO,CAAA;QAC9BI,IAAM,EAAA,QAAA;QACNO,IAAM,EAAA,eAAA;QACNmD,WAAa,EAAA;AACf,KAAA,CAAA;;AAGA,IAAA,MAAMI,iBAAoBpB,GAAAA,UAAAA,CAAW,cAAgBqB,CAAAA,CAAAA,8BAA8B,CACjFT,mBACA,EAAA;QACEU,kBAAoB,EAAA;AAAC,YAAA;AAAiC;AACxD,KAAA,CAAA;AAGF,IAAA,MAAMC,oBAAoBH,iBACvBP,CAAAA,MAAM,CAAC,CAAC,EAAE7D,MAAM,EAAO,GAAKA,WAAWf,OAAQC,CAAAA,OAAO,EACtDsF,GAAG,CAAC,CAACC,UACJC,GAAAA,gBAAAA,CAAiBxE,MAAM,CAAC;AAAE,YAAA,GAAGuE,UAAU;YAAEE,UAAY,EAAA;AAAC,gBAAA;AAAoB;AAAC,SAAA,CAAA,CAAA;AAG/EP,IAAAA,iBAAAA,CAAkBf,IAAI,CAAIuB,GAAAA,2BAAAA,EAAAA,CAAAA;IAC1BL,iBAAkBlB,CAAAA,IAAI,IAAIuB,2BAA4B,CAAA;QAAEC,QAAU,EAAA;AAAK,KAAA,CAAA,CAAA;;IAGvE,MAAMC,cAAAA,CAAeZ,UAAWtC,CAAAA,EAAE,EAAEwC,iBAAAA,CAAAA;IACpC,MAAMU,cAAAA,CAAeX,UAAWvC,CAAAA,EAAE,EAAE2C,iBAAAA,CAAAA;AACtC,CAAA;AAEA,MAAMK,2BAAAA,GAA8B,CAAC,EAAEC,QAAAA,GAAW,KAAK,EAAE,GAAG,EAAE,GAAA;AAC5D,IAAA,MAAMF,aAAaE,QAAW,GAAA;AAAC,QAAA;AAAoB,KAAA,GAAG,EAAE;;IAGxD,OAAO;AACL,QAAA;YAAE7E,MAAQ,EAAA,qBAAA;AAAuB2E,YAAAA;AAAW,SAAA;AAC5C,QAAA;YAAE3E,MAAQ,EAAA;AAAgC,SAAA;AAC1C,QAAA;YAAEA,MAAQ,EAAA;AAA+B,SAAA;AACzC,QAAA;YAAEA,MAAQ,EAAA,8BAAA;AAAgC2E,YAAAA;AAAW,SAAA;AACrD,QAAA;YAAE3E,MAAQ,EAAA;AAAiC,SAAA;AAC3C,QAAA;YAAEA,MAAQ,EAAA;AAAkC;KAC7C,CAACwE,GAAG,CAACE,gBAAAA,CAAiBxE,MAAM,CAAA;AAC/B,CAAA;AAEA;;AAEC,IACD,MAAM6E,4BAA+B,GAAA,UAAA;AACnC,IAAA,MAAMrC,iBAAiB,MAAMY,2BAAAA,EAAAA;AAC7B,IAAA,MAAM0B,eAAkB,GAAA,MAAMhC,UAAW,CAAA,MAAA,CAAA,CAAQ3C,MAAM,EAAA;AAEvD,IAAA,IAAI,CAACqC,cAAgB,EAAA;QACnB3B,MAAOkE,CAAAA,GAAG,CAACC,IAAI,CAAC,mDAAA,CAAA;AAClB,KAAA,MAAO,IAAIF,eAAAA,IAAmBtC,cAAehB,CAAAA,UAAU,KAAK,CAAG,EAAA;QAC7DX,MAAOkE,CAAAA,GAAG,CAACC,IAAI,CAAC,mDAAA,CAAA;AAClB;AACF,CAAA;AAEA;;;;AAIC,IACD,MAAMC,iBAAAA,GAAoB,OACxBrC,MAAAA,EACAsC,cAA4E,EAAE,GAAA;AAE9E,IAAA,MAAMC,wBAAyBD,CAAAA,WAAAA,CAAAA;;;IAI/B,MAAME,eAAAA,GAAkBtC,WAAW,YAChCS,CAAAA,CAAAA,cAAc,CAACE,MAAM,EAAA,CACrBE,MAAM,CAAC,CAAC7D,SAAWA,MAAO+D,CAAAA,OAAO,KAAK,UACtCS,CAAAA,CAAAA,GAAG,CAAC,CAACxE,MAAAA,GAAWA,OAAOuF,QAAQ,CAAA;AAElC,IAAA,MAAMC,UAAa,GAAA,MAAMxC,UAAW,CAAA,MAAA,CAAA,CAAQL,aAAa,EAAA;AACzD,IAAA,MAAM8C,YAAeD,GAAAA,UAAAA,IAAcA,UAAW5D,CAAAA,EAAE,KAAKkB,MAAAA;IACrD,MAAM4C,UAAAA,GAAaC,IAAI,MAAQ7C,EAAAA,MAAAA,CAAAA;IAE/B,MAAM8C,mBAAAA,GAAsBR,WAC1B;KACCZ,GAAG,CAACkB,WACL;;KAEClB,GAAG,CAACE,iBAAiBxE,MAAM,CAAA;AAE9B,IAAA,MAAM2F,mBAAsB,GAAA,MAAM7C,UAAW,CAAA,YAAA,CAAA,CAAclB,QAAQ,CAAC;QAClEN,KAAO,EAAA;YAAEJ,IAAM,EAAA;gBAAEQ,EAAIkB,EAAAA;AAAO;AAAE,SAAA;QAC9BvB,QAAU,EAAA;AAAC,YAAA;AAAO;AACpB,KAAA,CAAA;AAEA,IAAA,MAAMuE,gBAAmBC,GAAAA,cAAAA,CACvBlG,mBACA+F,EAAAA,mBAAAA,EACAC,qBACAhC,MAAM,CAAC,CAACY,UAAAA,GAA2B,CAACa,eAAAA,CAAgBU,QAAQ,CAACvB,WAAWzE,MAAM,CAAA,CAAA;AAEhF,IAAA,MAAMiG,mBAAsBF,GAAAA,cAAAA,CAC1BlG,mBACAgG,EAAAA,mBAAAA,EACAD,qBACA/B,MAAM,CAAC,CAACY,UAAAA,GAA2B,CAACa,eAAAA,CAAgBU,QAAQ,CAACvB,WAAWzE,MAAM,CAAA,CAAA;IAEhF,MAAMkG,mBAAAA,GAAsBC,YAAa,CAAA,IAAA,EAAMF,mBAAqBJ,EAAAA,mBAAAA,CAAAA;IAEpE,IAAII,mBAAAA,CAAoBG,MAAM,GAAG,CAAG,EAAA;;AAElC,QAAA,MAAMpD,WAAW,YAAcD,CAAAA,CAAAA,WAAW,CAACkD,mBAAoBzB,CAAAA,GAAG,CAAC6B,IAAK,CAAA,IAAA,CAAA,CAAA,CAAA;AAC1E;IAEA,IAAIP,gBAAAA,CAAiBM,MAAM,GAAG,CAAG,EAAA;QAC/B,MAAME,cAAAA,GAAiB,MAAMxB,cAAAA,CAAehC,MAAQgD,EAAAA,gBAAAA,CAAAA;AACpDI,QAAAA,mBAAAA,CAAoB7C,IAAI,CAAIiD,GAAAA,cAAAA,CAAAA;AAC9B;IAEA,IAAI,CAACb,iBAAiBK,gBAAAA,CAAiBM,MAAM,IAAIH,mBAAAA,CAAoBG,MAAK,CAAI,EAAA;QAC5E,MAAMpD,UAAAA,CAAW,WAAWuD,4BAA4B,EAAA;AAC1D;IAEA,OAAOL,mBAAAA;AACT,CAAA;AAEA,MAAMpB,cAAAA,GAAiB,OAAOhC,MAAiBsC,EAAAA,WAAAA,GAAAA;AAC7C,IAAA,MAAM,EAAEoB,iBAAiB,EAAEC,UAAU,EAAE,GAAGzD,UAAW,CAAA,YAAA,CAAA;IACrD,MAAM,EAAE0D,kBAAkB,EAAE,GAAGhC,gBAAAA;AAE/B,IAAA,MAAMkB,sBAAsBR,WACzBZ,CAAAA,GAAG,CAACmB,GAAI,CAAA,MAAA,EAAQ7C,QACjB;;AAEC0B,KAAAA,GAAG,CAACkC,kBAAmBF,CAAAA,iBAAAA,CAAAA,CAAAA,CACvBhC,GAAG,CAACE,iBAAiBxE,MAAM,CAAA;AAE9B,IAAA,OAAOuG,UAAWb,CAAAA,mBAAAA,CAAAA;AACpB,CAAA;AAEA,MAAMe,mBAAsB,GAAA,CAAC3G,MAAmBA,GAAAA,MAAAA,CAAO+D,OAAO,KAAKtF,oBAAAA;AAEnE;;AAEC,IACD,MAAMmI,0BAA6B,GAAA,UAAA;AACjC,IAAA,MAAMlE,cAAiB,GAAA,MAAMM,UAAW,CAAA,MAAA,CAAA,CAAQL,aAAa,EAAA;AAC7D,IAAA,IAAI,CAACD,cAAgB,EAAA;AACnB,QAAA;AACF;AAEA,IAAA,MAAMmE,oBAAoB7D,UAAW,CAAA,YAAA,CAAA;AACrC,IAAA,MAAM8D,qBAAqB9D,UAAW,CAAA,cAAA,CAAA;AAEtC,IAAA,MAAMU,UAAamD,GAAAA,iBAAAA,CAAkBpD,cAAc,CAACE,MAAM,EAAA;AAE1D,IAAA,MAAMC,sBAAsBF,UAAWG,CAAAA,MAAM,CAAC,CAAC7D,SAAW2G,mBAAoB3G,CAAAA,MAAAA,CAAAA,CAAAA;AAC9E,IAAA,MAAM+G,eAAerD,UAAWG,CAAAA,MAAM,CAAC,CAAC7D,MAAAA,GAAW,CAAC2G,mBAAoB3G,CAAAA,MAAAA,CAAAA,CAAAA;;IAGxE,MAAMoF,WAAAA,GAAc0B,kBAAmBzC,CAAAA,8BAA8B,CACnET,mBAAAA,CAAAA;;AAIF,IAAA,MAAMoD,gBAAmBD,GAAAA,YAAAA,CAAaE,MAAM,CAAC,CAACC,GAAKlH,EAAAA,MAAAA,GAAAA;AACjD,QAAA,MAAM,EAAEuF,QAAQ,EAAE4B,QAAQ,EAAE,GAAGnH,MAAAA;AAE/B,QAAA,IAAIoH,QAAQD,QAAW,CAAA,EAAA;YACrBD,GAAI7D,CAAAA,IAAI,IACH8D,QAAS3C,CAAAA,GAAG,CAAC,CAAC6C,OAAAA,GAAY3C,gBAAiBxE,CAAAA,MAAM,CAAC;oBAAEF,MAAQuF,EAAAA,QAAAA;AAAU8B,oBAAAA;AAAQ,iBAAA,CAAA,CAAA,CAAA;SAE9E,MAAA;AACLH,YAAAA,GAAAA,CAAI7D,IAAI,CAACqB,gBAAiBxE,CAAAA,MAAM,CAAC;gBAAEF,MAAQuF,EAAAA;AAAS,aAAA,CAAA,CAAA;AACtD;QAEA,OAAO2B,GAAAA;AACT,KAAA,EAAG,EAAE,CAAA;AAEL9B,IAAAA,WAAAA,CAAY/B,IAAI,CAAI2D,GAAAA,gBAAAA,CAAAA;AAEpB,IAAA,MAAMM,yBAA0B,MAAMvI,KAAAA,CAAMC,8BAA8B,CAACuI,IAAI,CAC7EnC,WAAAA,CAAAA;IAGF,MAAMD,iBAAAA,CAAkBzC,cAAed,CAAAA,EAAE,EAAE0F,sBAAAA,CAAAA;AAC7C,CAAA;AAEA;;IAGA,MAAME,oBAAoB,CAACC,IAAAA,GAAAA;AACzB,IAAA,MAAMzF,QAAQxB,UAAEyB,CAAAA,GAAG,CAACwF,IAAAA,EAAM,SAAS,EAAE,CAAA;AAErC,IAAA,OAAOzF,MAAMwC,GAAG,CAAC6B,IAAK,CAAA,MAAA,CAAA,CAAA,CAASL,QAAQ,CAACxH,gBAAAA,CAAAA;AAC1C,CAAA;AAEA,MAAMkJ,SAAY,GAAA;IAChBC,cAAgBnJ,EAAAA;AAClB,CAAA;AAEA,WAAe;AACbO,IAAAA,KAAAA;AACAI,IAAAA,YAAAA;AACAe,IAAAA,MAAAA;AACAmB,IAAAA,OAAAA;AACAI,IAAAA,qBAAAA;AACAI,IAAAA,IAAAA;AACAE,IAAAA,qBAAAA;AACAI,IAAAA,MAAAA;AACA9B,IAAAA,MAAAA;AACAkC,IAAAA,KAAAA;AACAQ,IAAAA,WAAAA;AACApB,IAAAA,aAAAA;AACAgB,IAAAA,aAAAA;AACAW,IAAAA,2BAAAA;AACAC,IAAAA,sBAAAA;AACAwB,IAAAA,4BAAAA;AACAD,IAAAA,cAAAA;AACA0C,IAAAA,iBAAAA;AACArC,IAAAA,iBAAAA;AACAyB,IAAAA,0BAAAA;AACApE,IAAAA,uBAAAA;AACAkF,IAAAA;AACF,CAAE;;;;"}
1	+ {"version":3,"file":"role.mjs","sources":["../../../../../server/src/services/role.ts"],"sourcesContent":["/* eslint-disable @typescript-eslint/no-explicit-any / // TODO: TS - Use database parameters interface when they are ready\n/ eslint-disable @typescript-eslint/default-param-last /\nimport _ from 'lodash';\nimport { set, omit, pick, prop, isArray, differenceWith, differenceBy, isEqual } from 'lodash/fp';\n\nimport { dates, arrays, hooks as hooksUtils, errors } from '@strapi/utils';\nimport type { Data } from '@strapi/types';\n\nimport permissionDomain from '../domain/permission';\nimport type { AdminUser, AdminRole, Permission } from '../../../shared/contracts/shared';\nimport type { Action } from '../domain/action';\n\nimport { validatePermissionsExist } from '../validation/permission';\nimport roleConstants from './constants';\nimport { getService } from '../utils';\n\nconst { SUPER_ADMIN_CODE, CONTENT_TYPE_SECTION } = roleConstants;\n\nconst { createAsyncSeriesWaterfallHook } = hooksUtils;\nconst { ApplicationError } = errors;\n\nconst hooks = {\n willResetSuperAdminPermissions: createAsyncSeriesWaterfallHook(),\n};\n\nconst ACTIONS = {\n publish: 'plugin::content-manager.explorer.publish',\n};\n\n// @ts-expect-error lodash types\nconst sanitizeRole: <T extends object>(obj: T) => Omit<T, 'users' \| 'permissions'> = omit([\n 'users',\n 'permissions',\n] as const);\n\nexport type AdminRoleWithUsersCount = AdminRole & { usersCount: number };\n\nconst COMPARABLE_FIELDS = ['conditions', 'properties', 'subject', 'action', 'actionParameters'];\nconst pickComparableFields = pick(COMPARABLE_FIELDS);\n\nconst jsonClean = <T extends object>(data: T): T => JSON.parse(JSON.stringify(data));\n\n/\n Compare two permissions\n /\nconst arePermissionsEqual = (p1: Permission, p2: Permission): boolean => {\n if (p1.action === p2.action) {\n return isEqual(jsonClean(pickComparableFields(p1)), jsonClean(pickComparableFields(p2)));\n }\n\n return false;\n};\n\n/\n Create and save a role in database\n * @param attributes A partial role object\n /\nconst create = async (attributes: Partial<AdminRole>): Promise<AdminRole> => {\n const alreadyExists = await exists({ name: attributes.name });\n\n if (alreadyExists) {\n throw new ApplicationError(\n `The name must be unique and a role with name \\`${attributes.name}\\` already exists.`\n );\n }\n const autoGeneratedCode = `${_.kebabCase(attributes.name)}-${dates.timestampCode()}`;\n\n const rolesWithCode = {\n ...attributes,\n code: attributes.code \|\| autoGeneratedCode,\n };\n\n const result = await strapi.db.query('admin::role').create({ data: rolesWithCode });\n strapi.eventHub.emit('role.create', { role: sanitizeRole(result) });\n\n return result;\n};\n\n/\n Find a role in database\n * @param params query params to find the role\n * @param populate\n /\nconst findOne = (params = {}, populate?: unknown): Promise<AdminRole> => {\n return strapi.db.query('admin::role').findOne({ where: params, populate });\n};\n\n/\n Find a role in database with usersCounts\n * @param params query params to find the role\n * @param populate\n /\nconst findOneWithUsersCount = async (\n params = {},\n populate?: unknown\n): Promise<AdminRoleWithUsersCount> => {\n const role = await strapi.db.query('admin::role').findOne({ where: params, populate });\n\n if (role) {\n role.usersCount = await getUsersCount(role.id);\n }\n\n return role;\n};\n\n/\n Find roles in database\n * @param params query params to find the roles\n * @param populate\n /\nconst find = (params = {}, populate: unknown): Promise<AdminRole[]> => {\n return strapi.db.query('admin::role').findMany({ where: params, populate });\n};\n\n/\n Find all roles in database\n /\nconst findAllWithUsersCount = async (params: any): Promise<AdminRoleWithUsersCount[]> => {\n const roles: AdminRoleWithUsersCount[] = await strapi.db\n .query('admin::role')\n .findMany(strapi.get('query-params').transform('admin::role', params));\n\n for (const role of roles) {\n role.usersCount = await getUsersCount(role.id);\n }\n\n return roles;\n};\n\n/\n Update a role in database\n * @param params query params to find the role to update\n * @param attributes A partial role object\n /\nconst update = async (params: any, attributes: Partial<AdminRole>): Promise<AdminRole> => {\n const sanitizedAttributes = _.omit(attributes, ['code']);\n\n if (_.has(params, 'id') && _.has(sanitizedAttributes, 'name')) {\n const alreadyExists = await exists({\n name: sanitizedAttributes.name,\n id: { $ne: params.id },\n });\n if (alreadyExists) {\n throw new ApplicationError(\n `The name must be unique and a role with name \\`${sanitizedAttributes.name}\\` already exists.`\n );\n }\n }\n\n const result = await strapi.db\n .query('admin::role')\n .update({ where: params, data: sanitizedAttributes });\n\n strapi.eventHub.emit('role.update', { role: sanitizeRole(result) });\n\n return result;\n};\n\n/\n Check if a role exists in database\n * @param params query params to find the role\n /\nconst exists = async (params = {} as unknown): Promise<boolean> => {\n const count = await strapi.db.query('admin::role').count({ where: params });\n return count > 0;\n};\n\n/\n Count the number of roles based on search params\n * @param params params used for the query\n /\nconst count = async (params = {} as any): Promise<number> => {\n return strapi.db.query('admin::role').count(params);\n};\n\n/\n Check if the given roles id can be deleted safely, throw otherwise\n * @param ids\n /\nconst checkRolesIdForDeletion = async (ids = [] as Data.ID[]) => {\n const superAdminRole = await getSuperAdmin();\n\n if (superAdminRole && arrays.includesString(ids, superAdminRole.id)) {\n throw new ApplicationError('You cannot delete the super admin role');\n }\n\n for (const roleId of ids) {\n const usersCount = await getUsersCount(roleId);\n if (usersCount !== 0) {\n throw new ApplicationError('Some roles are still assigned to some users');\n }\n }\n};\n\n/\n Delete roles in database if they have no user assigned\n * @param ids query params to find the roles\n /\nconst deleteByIds = async (ids = [] as Data.ID[]): Promise<AdminRole[]> => {\n await checkRolesIdForDeletion(ids);\n\n await getService('permission').deleteByRolesIds(ids);\n\n const deletedRoles: AdminRole[] = [];\n for (const id of ids) {\n const deletedRole = await strapi.db.query('admin::role').delete({ where: { id } });\n\n if (deletedRole) {\n strapi.eventHub.emit('role.delete', { role: deletedRole });\n deletedRoles.push(deletedRole);\n }\n }\n\n return deletedRoles;\n};\n\n/* Count the number of users for some roles\n /\nconst getUsersCount = async (roleId: Data.ID): Promise<number> => {\n return strapi.db.query('admin::user').count({ where: { roles: { id: roleId } } });\n};\n\n/* Returns admin role\n /\nconst getSuperAdmin = (): Promise<AdminRole \| undefined> => findOne({ code: SUPER_ADMIN_CODE });\n\n/* Returns admin role with userCount\n * @returns {Promise<role>}\n /\nconst getSuperAdminWithUsersCount = () => findOneWithUsersCount({ code: SUPER_ADMIN_CODE });\n\n/* Create superAdmin, Author and Editor role is no role already exist\n /\nconst createRolesIfNoneExist = async () => {\n const someRolesExist = await exists();\n if (someRolesExist) {\n return;\n }\n\n const { actionProvider } = getService('permission');\n\n const allActions = actionProvider.values();\n const contentTypesActions = allActions.filter((a) => a.section === 'contentTypes');\n\n // create 3 roles\n const superAdminRole = await create({\n name: 'Super Admin',\n code: 'strapi-super-admin',\n description: 'Super Admins can access and manage all features and settings.',\n });\n\n await getService('user').assignARoleToAll(superAdminRole.id);\n\n const editorRole = await create({\n name: 'Editor',\n code: 'strapi-editor',\n description: 'Editors can manage and publish contents including those of other users.',\n });\n\n const authorRole = await create({\n name: 'Author',\n code: 'strapi-author',\n description: 'Authors can manage the content they have created.',\n });\n\n // create content-type permissions for each role\n const editorPermissions = getService('content-type').getPermissionsWithNestedFields(\n contentTypesActions,\n {\n restrictedSubjects: ['plugin::users-permissions.user'],\n }\n );\n\n const authorPermissions = editorPermissions\n .filter(({ action }: any) => action !== ACTIONS.publish)\n .map((permission: any) =>\n permissionDomain.create({ ...permission, conditions: ['admin::is-creator'] })\n );\n\n editorPermissions.push(...getDefaultPluginPermissions());\n authorPermissions.push(...getDefaultPluginPermissions({ isAuthor: true }));\n\n // assign permissions to roles\n await addPermissions(editorRole.id, editorPermissions);\n await addPermissions(authorRole.id, authorPermissions);\n};\n\nconst getDefaultPluginPermissions = ({ isAuthor = false } = {}) => {\n const conditions = isAuthor ? ['admin::is-creator'] : [];\n\n // add plugin permissions for each role\n return [\n { action: 'plugin::upload.read', conditions },\n { action: 'plugin::upload.configure-view' },\n { action: 'plugin::upload.assets.create' },\n { action: 'plugin::upload.assets.update', conditions },\n { action: 'plugin::upload.assets.download' },\n { action: 'plugin::upload.assets.copy-link' },\n ].map(permissionDomain.create);\n};\n\n/* Display a warning if the role superAdmin doesn't exist\n * or if the role is not assigned to at least one user\n /\nconst displayWarningIfNoSuperAdmin = async () => {\n const superAdminRole = await getSuperAdminWithUsersCount();\n const someUsersExists = await getService('user').exists();\n\n if (!superAdminRole) {\n strapi.log.warn(\"Your application doesn't have a super admin role.\");\n } else if (someUsersExists && superAdminRole.usersCount === 0) {\n strapi.log.warn(\"Your application doesn't have a super admin user.\");\n }\n};\n\n/\n Assign permissions to a role\n * @param roleId - role Data.ID\n * @param {Array<Permission{action,subject,fields,conditions}>} permissions - permissions to assign to the role\n /\nconst assignPermissions = async (\n roleId: Data.ID,\n permissions: Array<Pick<Permission, 'action' \| 'subject' \| 'conditions'>> = []\n) => {\n await validatePermissionsExist(permissions);\n\n // Internal actions are not handled by the role service, so any permission\n // with an internal action is filtered out\n const internalActions = getService('permission')\n .actionProvider.values()\n .filter((action) => action.section === 'internal')\n .map((action) => action.actionId);\n\n const superAdmin = await getService('role').getSuperAdmin();\n const isSuperAdmin = superAdmin && superAdmin.id === roleId;\n const assignRole = set('role', roleId);\n\n const permissionsWithRole = permissions\n // Add the role attribute to every permission\n .map(assignRole)\n // Transform each permission into a Permission instance\n // @ts-expect-error - lodash set doesn't resolve the type appropriately\n .map(permissionDomain.create);\n\n const existingPermissions = await getService('permission').findMany({\n where: { role: { id: roleId } },\n populate: ['role'],\n });\n\n const permissionsToAdd = differenceWith(\n arePermissionsEqual,\n permissionsWithRole,\n existingPermissions\n ).filter((permission: Permission) => !internalActions.includes(permission.action));\n\n const permissionsToDelete = differenceWith(\n arePermissionsEqual,\n existingPermissions,\n permissionsWithRole\n ).filter((permission: Permission) => !internalActions.includes(permission.action));\n\n const permissionsToReturn = differenceBy('id', permissionsToDelete, existingPermissions);\n\n if (permissionsToDelete.length > 0) {\n // @ts-expect-error - lodash prop doesn't resolve the type appropriately\n await getService('permission').deleteByIds(permissionsToDelete.map(prop('id')));\n }\n\n if (permissionsToAdd.length > 0) {\n const newPermissions = await addPermissions(roleId, permissionsToAdd);\n permissionsToReturn.push(...newPermissions);\n }\n\n if (!isSuperAdmin && (permissionsToAdd.length \|\| permissionsToDelete.length)) {\n await getService('metrics').sendDidUpdateRolePermissions();\n }\n\n return permissionsToReturn;\n};\n\nconst addPermissions = async (roleId: Data.ID, permissions: any) => {\n const { conditionProvider, createMany } = getService('permission');\n const { sanitizeConditions } = permissionDomain;\n\n const permissionsWithRole = permissions\n .map(set('role', roleId))\n // @ts-expect-error - refactor domain/permission Condition type, as it's now expecting\n // a string but it should be a Condition interface\n .map(sanitizeConditions(conditionProvider))\n .map(permissionDomain.create);\n\n return createMany(permissionsWithRole);\n};\n\nconst isContentTypeAction = (action: Action) => action.section === CONTENT_TYPE_SECTION;\n\n/\n Reset super admin permissions (giving it all permissions)\n /\nconst resetSuperAdminPermissions = async () => {\n const superAdminRole = await getService('role').getSuperAdmin();\n if (!superAdminRole) {\n return;\n }\n\n const permissionService = getService('permission');\n const contentTypeService = getService('content-type');\n\n const allActions = permissionService.actionProvider.values() as Action[];\n\n const contentTypesActions = allActions.filter((action) => isContentTypeAction(action));\n const otherActions = allActions.filter((action) => !isContentTypeAction(action));\n\n // First, get the content-types permissions\n const permissions = contentTypeService.getPermissionsWithNestedFields(\n contentTypesActions\n ) as Permission[];\n\n // Then add every other permission\n const otherPermissions = otherActions.reduce((acc, action) => {\n const { actionId, subjects } = action;\n\n if (isArray(subjects)) {\n acc.push(\n ...subjects.map((subject) => permissionDomain.create({ action: actionId, subject }))\n );\n } else {\n acc.push(permissionDomain.create({ action: actionId }));\n }\n\n return acc;\n }, [] as Permission[]);\n\n permissions.push(...otherPermissions);\n\n const transformedPermissions = (await hooks.willResetSuperAdminPermissions.call(\n permissions\n )) as Permission[];\n\n await assignPermissions(superAdminRole.id, transformedPermissions);\n};\n\n/\n Check if a user object includes the super admin role\n */\nconst hasSuperAdminRole = (user: AdminUser): boolean => {\n const roles = _.get(user, 'roles', []) as AdminRole[];\n\n return roles.map(prop('code')).includes(SUPER_ADMIN_CODE);\n};\n\nconst constants = {\n superAdminCode: SUPER_ADMIN_CODE,\n};\n\nexport default {\n hooks,\n sanitizeRole,\n create,\n findOne,\n findOneWithUsersCount,\n find,\n findAllWithUsersCount,\n update,\n exists,\n count,\n deleteByIds,\n getUsersCount,\n getSuperAdmin,\n getSuperAdminWithUsersCount,\n createRolesIfNoneExist,\n displayWarningIfNoSuperAdmin,\n addPermissions,\n hasSuperAdminRole,\n assignPermissions,\n resetSuperAdminPermissions,\n checkRolesIdForDeletion,\n constants,\n};\n"],"names":["SUPER_ADMIN_CODE","CONTENT_TYPE_SECTION","roleConstants","createAsyncSeriesWaterfallHook","hooksUtils","ApplicationError","errors","hooks","willResetSuperAdminPermissions","ACTIONS","publish","sanitizeRole","omit","COMPARABLE_FIELDS","pickComparableFields","pick","jsonClean","data","JSON","parse","stringify","arePermissionsEqual","p1","p2","action","isEqual","create","attributes","alreadyExists","exists","name","autoGeneratedCode","_","kebabCase","dates","timestampCode","rolesWithCode","code","result","strapi","db","query","eventHub","emit","role","findOne","params","populate","where","findOneWithUsersCount","usersCount","getUsersCount","id","find","findMany","findAllWithUsersCount","roles","get","transform","update","sanitizedAttributes","has","$ne","count","checkRolesIdForDeletion","ids","superAdminRole","getSuperAdmin","arrays","includesString","roleId","deleteByIds","getService","deleteByRolesIds","deletedRoles","deletedRole","delete","push","getSuperAdminWithUsersCount","createRolesIfNoneExist","someRolesExist","actionProvider","allActions","values","contentTypesActions","filter","a","section","description","assignARoleToAll","editorRole","authorRole","editorPermissions","getPermissionsWithNestedFields","restrictedSubjects","authorPermissions","map","permission","permissionDomain","conditions","getDefaultPluginPermissions","isAuthor","addPermissions","displayWarningIfNoSuperAdmin","someUsersExists","log","warn","assignPermissions","permissions","validatePermissionsExist","internalActions","actionId","superAdmin","isSuperAdmin","assignRole","set","permissionsWithRole","existingPermissions","permissionsToAdd","differenceWith","includes","permissionsToDelete","permissionsToReturn","differenceBy","length","prop","newPermissions","sendDidUpdateRolePermissions","conditionProvider","createMany","sanitizeConditions","isContentTypeAction","resetSuperAdminPermissions","permissionService","contentTypeService","otherActions","otherPermissions","reduce","acc","subjects","isArray","subject","transformedPermissions","call","hasSuperAdminRole","user","constants","superAdminCode"],"mappings":";;;;;;;;AAAA;AAgBA,MAAM,EAAEA,gBAAgB,EAAEC,oBAAoB,EAAE,GAAGC,WAAAA;AAEnD,MAAM,EAAEC,8BAA8B,EAAE,GAAGC,OAAAA;AAC3C,MAAM,EAAEC,gBAAgB,EAAE,GAAGC,MAAAA;AAE7B,MAAMC,KAAQ,GAAA;IACZC,8BAAgCL,EAAAA,8BAAAA;AAClC,CAAA;AAEA,MAAMM,OAAU,GAAA;IACdC,OAAS,EAAA;AACX,CAAA;AAEA;AACA,MAAMC,eAA+EC,IAAK,CAAA;AACxF,IAAA,OAAA;AACA,IAAA;AACD,CAAA,CAAA;AAID,MAAMC,iBAAoB,GAAA;AAAC,IAAA,YAAA;AAAc,IAAA,YAAA;AAAc,IAAA,SAAA;AAAW,IAAA,QAAA;AAAU,IAAA;AAAmB,CAAA;AAC/F,MAAMC,uBAAuBC,IAAKF,CAAAA,iBAAAA,CAAAA;AAElC,MAAMG,SAAAA,GAAY,CAAmBC,IAAeC,GAAAA,IAAAA,CAAKC,KAAK,CAACD,IAAAA,CAAKE,SAAS,CAACH,IAAAA,CAAAA,CAAAA;AAE9E;;IAGA,MAAMI,mBAAsB,GAAA,CAACC,EAAgBC,EAAAA,EAAAA,GAAAA;AAC3C,IAAA,IAAID,EAAGE,CAAAA,MAAM,KAAKD,EAAAA,CAAGC,MAAM,EAAE;AAC3B,QAAA,OAAOC,OAAQT,CAAAA,SAAAA,CAAUF,oBAAqBQ,CAAAA,EAAAA,CAAAA,CAAAA,EAAMN,UAAUF,oBAAqBS,CAAAA,EAAAA,CAAAA,CAAAA,CAAAA;AACrF;IAEA,OAAO,KAAA;AACT,CAAA;AAEA;;;IAIA,MAAMG,SAAS,OAAOC,UAAAA,GAAAA;IACpB,MAAMC,aAAAA,GAAgB,MAAMC,MAAO,CAAA;AAAEC,QAAAA,IAAAA,EAAMH,WAAWG;AAAK,KAAA,CAAA;AAE3D,IAAA,IAAIF,aAAe,EAAA;QACjB,MAAM,IAAIvB,iBACR,CAAC,+CAA+C,EAAEsB,UAAWG,CAAAA,IAAI,CAAC,kBAAkB,CAAC,CAAA;AAEzF;AACA,IAAA,MAAMC,iBAAoB,GAAA,CAAA,EAAGC,UAAEC,CAAAA,SAAS,CAACN,UAAAA,CAAWG,IAAI,CAAA,CAAE,CAAC,EAAEI,KAAMC,CAAAA,aAAa,EAAI,CAAA,CAAA;AAEpF,IAAA,MAAMC,aAAgB,GAAA;AACpB,QAAA,GAAGT,UAAU;QACbU,IAAMV,EAAAA,UAAAA,CAAWU,IAAI,IAAIN;AAC3B,KAAA;IAEA,MAAMO,MAAAA,GAAS,MAAMC,MAAOC,CAAAA,EAAE,CAACC,KAAK,CAAC,aAAef,CAAAA,CAAAA,MAAM,CAAC;QAAET,IAAMmB,EAAAA;AAAc,KAAA,CAAA;AACjFG,IAAAA,MAAAA,CAAOG,QAAQ,CAACC,IAAI,CAAC,aAAe,EAAA;AAAEC,QAAAA,IAAAA,EAAMjC,YAAa2B,CAAAA,MAAAA;AAAQ,KAAA,CAAA;IAEjE,OAAOA,MAAAA;AACT,CAAA;AAEA;;;;AAIC,IACD,MAAMO,OAAU,GAAA,CAACC,MAAS,GAAA,EAAE,EAAEC,QAAAA,GAAAA;AAC5B,IAAA,OAAOR,OAAOC,EAAE,CAACC,KAAK,CAAC,aAAA,CAAA,CAAeI,OAAO,CAAC;QAAEG,KAAOF,EAAAA,MAAAA;AAAQC,QAAAA;AAAS,KAAA,CAAA;AAC1E,CAAA;AAEA;;;;AAIC,IACD,MAAME,qBAAwB,GAAA,OAC5BH,MAAS,GAAA,EAAE,EACXC,QAAAA,GAAAA;IAEA,MAAMH,IAAAA,GAAO,MAAML,MAAOC,CAAAA,EAAE,CAACC,KAAK,CAAC,aAAeI,CAAAA,CAAAA,OAAO,CAAC;QAAEG,KAAOF,EAAAA,MAAAA;AAAQC,QAAAA;AAAS,KAAA,CAAA;AAEpF,IAAA,IAAIH,IAAM,EAAA;AACRA,QAAAA,IAAAA,CAAKM,UAAU,GAAG,MAAMC,aAAAA,CAAcP,KAAKQ,EAAE,CAAA;AAC/C;IAEA,OAAOR,IAAAA;AACT,CAAA;AAEA;;;;AAIC,IACD,MAAMS,IAAO,GAAA,CAACP,MAAS,GAAA,EAAE,EAAEC,QAAAA,GAAAA;AACzB,IAAA,OAAOR,OAAOC,EAAE,CAACC,KAAK,CAAC,aAAA,CAAA,CAAea,QAAQ,CAAC;QAAEN,KAAOF,EAAAA,MAAAA;AAAQC,QAAAA;AAAS,KAAA,CAAA;AAC3E,CAAA;AAEA;;IAGA,MAAMQ,wBAAwB,OAAOT,MAAAA,GAAAA;AACnC,IAAA,MAAMU,QAAmC,MAAMjB,MAAAA,CAAOC,EAAE,CACrDC,KAAK,CAAC,aAAA,CAAA,CACNa,QAAQ,CAACf,OAAOkB,GAAG,CAAC,cAAgBC,CAAAA,CAAAA,SAAS,CAAC,aAAeZ,EAAAA,MAAAA,CAAAA,CAAAA;IAEhE,KAAK,MAAMF,QAAQY,KAAO,CAAA;AACxBZ,QAAAA,IAAAA,CAAKM,UAAU,GAAG,MAAMC,aAAAA,CAAcP,KAAKQ,EAAE,CAAA;AAC/C;IAEA,OAAOI,KAAAA;AACT,CAAA;AAEA;;;;IAKA,MAAMG,MAAS,GAAA,OAAOb,MAAanB,EAAAA,UAAAA,GAAAA;AACjC,IAAA,MAAMiC,mBAAsB5B,GAAAA,UAAAA,CAAEpB,IAAI,CAACe,UAAY,EAAA;AAAC,QAAA;AAAO,KAAA,CAAA;IAEvD,IAAIK,UAAAA,CAAE6B,GAAG,CAACf,MAAAA,EAAQ,SAASd,UAAE6B,CAAAA,GAAG,CAACD,mBAAAA,EAAqB,MAAS,CAAA,EAAA;QAC7D,MAAMhC,aAAAA,GAAgB,MAAMC,MAAO,CAAA;AACjCC,YAAAA,IAAAA,EAAM8B,oBAAoB9B,IAAI;YAC9BsB,EAAI,EAAA;AAAEU,gBAAAA,GAAAA,EAAKhB,OAAOM;AAAG;AACvB,SAAA,CAAA;AACA,QAAA,IAAIxB,aAAe,EAAA;YACjB,MAAM,IAAIvB,iBACR,CAAC,+CAA+C,EAAEuD,mBAAoB9B,CAAAA,IAAI,CAAC,kBAAkB,CAAC,CAAA;AAElG;AACF;IAEA,MAAMQ,MAAAA,GAAS,MAAMC,MAAOC,CAAAA,EAAE,CAC3BC,KAAK,CAAC,aACNkB,CAAAA,CAAAA,MAAM,CAAC;QAAEX,KAAOF,EAAAA,MAAAA;QAAQ7B,IAAM2C,EAAAA;AAAoB,KAAA,CAAA;AAErDrB,IAAAA,MAAAA,CAAOG,QAAQ,CAACC,IAAI,CAAC,aAAe,EAAA;AAAEC,QAAAA,IAAAA,EAAMjC,YAAa2B,CAAAA,MAAAA;AAAQ,KAAA,CAAA;IAEjE,OAAOA,MAAAA;AACT,CAAA;AAEA;;;AAGC,IACD,MAAMT,MAAAA,GAAS,OAAOiB,MAAAA,GAAS,EAAa,GAAA;IAC1C,MAAMiB,KAAAA,GAAQ,MAAMxB,MAAOC,CAAAA,EAAE,CAACC,KAAK,CAAC,aAAesB,CAAAA,CAAAA,KAAK,CAAC;QAAEf,KAAOF,EAAAA;AAAO,KAAA,CAAA;AACzE,IAAA,OAAOiB,KAAQ,GAAA,CAAA;AACjB,CAAA;AAEA;;;AAGC,IACD,MAAMA,KAAAA,GAAQ,OAAOjB,MAAAA,GAAS,EAAS,GAAA;AACrC,IAAA,OAAOP,OAAOC,EAAE,CAACC,KAAK,CAAC,aAAA,CAAA,CAAesB,KAAK,CAACjB,MAAAA,CAAAA;AAC9C,CAAA;AAEA;;;AAGC,IACD,MAAMkB,uBAAAA,GAA0B,OAAOC,GAAAA,GAAM,EAAE,GAAa;AAC1D,IAAA,MAAMC,iBAAiB,MAAMC,aAAAA,EAAAA;AAE7B,IAAA,IAAID,kBAAkBE,MAAOC,CAAAA,cAAc,CAACJ,GAAKC,EAAAA,cAAAA,CAAed,EAAE,CAAG,EAAA;AACnE,QAAA,MAAM,IAAI/C,gBAAiB,CAAA,wCAAA,CAAA;AAC7B;IAEA,KAAK,MAAMiE,UAAUL,GAAK,CAAA;QACxB,MAAMf,UAAAA,GAAa,MAAMC,aAAcmB,CAAAA,MAAAA,CAAAA;AACvC,QAAA,IAAIpB,eAAe,CAAG,EAAA;AACpB,YAAA,MAAM,IAAI7C,gBAAiB,CAAA,6CAAA,CAAA;AAC7B;AACF;AACF,CAAA;AAEA;;;AAGC,IACD,MAAMkE,WAAAA,GAAc,OAAON,GAAAA,GAAM,EAAE,GAAa;AAC9C,IAAA,MAAMD,uBAAwBC,CAAAA,GAAAA,CAAAA;IAE9B,MAAMO,UAAAA,CAAW,YAAcC,CAAAA,CAAAA,gBAAgB,CAACR,GAAAA,CAAAA;AAEhD,IAAA,MAAMS,eAA4B,EAAE;IACpC,KAAK,MAAMtB,MAAMa,GAAK,CAAA;QACpB,MAAMU,WAAAA,GAAc,MAAMpC,MAAOC,CAAAA,EAAE,CAACC,KAAK,CAAC,aAAemC,CAAAA,CAAAA,MAAM,CAAC;YAAE5B,KAAO,EAAA;AAAEI,gBAAAA;AAAG;AAAE,SAAA,CAAA;AAEhF,QAAA,IAAIuB,WAAa,EAAA;AACfpC,YAAAA,MAAAA,CAAOG,QAAQ,CAACC,IAAI,CAAC,aAAe,EAAA;gBAAEC,IAAM+B,EAAAA;AAAY,aAAA,CAAA;AACxDD,YAAAA,YAAAA,CAAaG,IAAI,CAACF,WAAAA,CAAAA;AACpB;AACF;IAEA,OAAOD,YAAAA;AACT,CAAA;AAEA;IAEA,MAAMvB,gBAAgB,OAAOmB,MAAAA,GAAAA;AAC3B,IAAA,OAAO/B,OAAOC,EAAE,CAACC,KAAK,CAAC,aAAA,CAAA,CAAesB,KAAK,CAAC;QAAEf,KAAO,EAAA;YAAEQ,KAAO,EAAA;gBAAEJ,EAAIkB,EAAAA;AAAO;AAAE;AAAE,KAAA,CAAA;AACjF,CAAA;AAEA;IAEA,MAAMH,aAAgB,GAAA,IAAsCtB,OAAQ,CAAA;QAAER,IAAMrC,EAAAA;AAAiB,KAAA,CAAA;AAE7F;;IAGA,MAAM8E,2BAA8B,GAAA,IAAM7B,qBAAsB,CAAA;QAAEZ,IAAMrC,EAAAA;AAAiB,KAAA,CAAA;AAEzF;AACC,IACD,MAAM+E,sBAAyB,GAAA,UAAA;AAC7B,IAAA,MAAMC,iBAAiB,MAAMnD,MAAAA,EAAAA;AAC7B,IAAA,IAAImD,cAAgB,EAAA;AAClB,QAAA;AACF;AAEA,IAAA,MAAM,EAAEC,cAAc,EAAE,GAAGT,UAAW,CAAA,YAAA,CAAA;IAEtC,MAAMU,UAAAA,GAAaD,eAAeE,MAAM,EAAA;IACxC,MAAMC,mBAAAA,GAAsBF,WAAWG,MAAM,CAAC,CAACC,CAAMA,GAAAA,CAAAA,CAAEC,OAAO,KAAK,cAAA,CAAA;;IAGnE,MAAMrB,cAAAA,GAAiB,MAAMxC,MAAO,CAAA;QAClCI,IAAM,EAAA,aAAA;QACNO,IAAM,EAAA,oBAAA;QACNmD,WAAa,EAAA;AACf,KAAA,CAAA;AAEA,IAAA,MAAMhB,UAAW,CAAA,MAAA,CAAA,CAAQiB,gBAAgB,CAACvB,eAAed,EAAE,CAAA;IAE3D,MAAMsC,UAAAA,GAAa,MAAMhE,MAAO,CAAA;QAC9BI,IAAM,EAAA,QAAA;QACNO,IAAM,EAAA,eAAA;QACNmD,WAAa,EAAA;AACf,KAAA,CAAA;IAEA,MAAMG,UAAAA,GAAa,MAAMjE,MAAO,CAAA;QAC9BI,IAAM,EAAA,QAAA;QACNO,IAAM,EAAA,eAAA;QACNmD,WAAa,EAAA;AACf,KAAA,CAAA;;AAGA,IAAA,MAAMI,iBAAoBpB,GAAAA,UAAAA,CAAW,cAAgBqB,CAAAA,CAAAA,8BAA8B,CACjFT,mBACA,EAAA;QACEU,kBAAoB,EAAA;AAAC,YAAA;AAAiC;AACxD,KAAA,CAAA;AAGF,IAAA,MAAMC,oBAAoBH,iBACvBP,CAAAA,MAAM,CAAC,CAAC,EAAE7D,MAAM,EAAO,GAAKA,WAAWf,OAAQC,CAAAA,OAAO,EACtDsF,GAAG,CAAC,CAACC,UACJC,GAAAA,gBAAAA,CAAiBxE,MAAM,CAAC;AAAE,YAAA,GAAGuE,UAAU;YAAEE,UAAY,EAAA;AAAC,gBAAA;AAAoB;AAAC,SAAA,CAAA,CAAA;AAG/EP,IAAAA,iBAAAA,CAAkBf,IAAI,CAAIuB,GAAAA,2BAAAA,EAAAA,CAAAA;IAC1BL,iBAAkBlB,CAAAA,IAAI,IAAIuB,2BAA4B,CAAA;QAAEC,QAAU,EAAA;AAAK,KAAA,CAAA,CAAA;;IAGvE,MAAMC,cAAAA,CAAeZ,UAAWtC,CAAAA,EAAE,EAAEwC,iBAAAA,CAAAA;IACpC,MAAMU,cAAAA,CAAeX,UAAWvC,CAAAA,EAAE,EAAE2C,iBAAAA,CAAAA;AACtC,CAAA;AAEA,MAAMK,2BAAAA,GAA8B,CAAC,EAAEC,QAAAA,GAAW,KAAK,EAAE,GAAG,EAAE,GAAA;AAC5D,IAAA,MAAMF,aAAaE,QAAW,GAAA;AAAC,QAAA;AAAoB,KAAA,GAAG,EAAE;;IAGxD,OAAO;AACL,QAAA;YAAE7E,MAAQ,EAAA,qBAAA;AAAuB2E,YAAAA;AAAW,SAAA;AAC5C,QAAA;YAAE3E,MAAQ,EAAA;AAAgC,SAAA;AAC1C,QAAA;YAAEA,MAAQ,EAAA;AAA+B,SAAA;AACzC,QAAA;YAAEA,MAAQ,EAAA,8BAAA;AAAgC2E,YAAAA;AAAW,SAAA;AACrD,QAAA;YAAE3E,MAAQ,EAAA;AAAiC,SAAA;AAC3C,QAAA;YAAEA,MAAQ,EAAA;AAAkC;KAC7C,CAACwE,GAAG,CAACE,gBAAAA,CAAiBxE,MAAM,CAAA;AAC/B,CAAA;AAEA;;AAEC,IACD,MAAM6E,4BAA+B,GAAA,UAAA;AACnC,IAAA,MAAMrC,iBAAiB,MAAMY,2BAAAA,EAAAA;AAC7B,IAAA,MAAM0B,eAAkB,GAAA,MAAMhC,UAAW,CAAA,MAAA,CAAA,CAAQ3C,MAAM,EAAA;AAEvD,IAAA,IAAI,CAACqC,cAAgB,EAAA;QACnB3B,MAAOkE,CAAAA,GAAG,CAACC,IAAI,CAAC,mDAAA,CAAA;AAClB,KAAA,MAAO,IAAIF,eAAAA,IAAmBtC,cAAehB,CAAAA,UAAU,KAAK,CAAG,EAAA;QAC7DX,MAAOkE,CAAAA,GAAG,CAACC,IAAI,CAAC,mDAAA,CAAA;AAClB;AACF,CAAA;AAEA;;;;AAIC,IACD,MAAMC,iBAAAA,GAAoB,OACxBrC,MAAAA,EACAsC,cAA4E,EAAE,GAAA;AAE9E,IAAA,MAAMC,wBAAyBD,CAAAA,WAAAA,CAAAA;;;IAI/B,MAAME,eAAAA,GAAkBtC,WAAW,YAChCS,CAAAA,CAAAA,cAAc,CAACE,MAAM,EAAA,CACrBE,MAAM,CAAC,CAAC7D,SAAWA,MAAO+D,CAAAA,OAAO,KAAK,UACtCS,CAAAA,CAAAA,GAAG,CAAC,CAACxE,MAAAA,GAAWA,OAAOuF,QAAQ,CAAA;AAElC,IAAA,MAAMC,UAAa,GAAA,MAAMxC,UAAW,CAAA,MAAA,CAAA,CAAQL,aAAa,EAAA;AACzD,IAAA,MAAM8C,YAAeD,GAAAA,UAAAA,IAAcA,UAAW5D,CAAAA,EAAE,KAAKkB,MAAAA;IACrD,MAAM4C,UAAAA,GAAaC,IAAI,MAAQ7C,EAAAA,MAAAA,CAAAA;IAE/B,MAAM8C,mBAAAA,GAAsBR,WAC1B;KACCZ,GAAG,CAACkB,WACL;;KAEClB,GAAG,CAACE,iBAAiBxE,MAAM,CAAA;AAE9B,IAAA,MAAM2F,mBAAsB,GAAA,MAAM7C,UAAW,CAAA,YAAA,CAAA,CAAclB,QAAQ,CAAC;QAClEN,KAAO,EAAA;YAAEJ,IAAM,EAAA;gBAAEQ,EAAIkB,EAAAA;AAAO;AAAE,SAAA;QAC9BvB,QAAU,EAAA;AAAC,YAAA;AAAO;AACpB,KAAA,CAAA;AAEA,IAAA,MAAMuE,gBAAmBC,GAAAA,cAAAA,CACvBlG,mBACA+F,EAAAA,mBAAAA,EACAC,qBACAhC,MAAM,CAAC,CAACY,UAAAA,GAA2B,CAACa,eAAAA,CAAgBU,QAAQ,CAACvB,WAAWzE,MAAM,CAAA,CAAA;AAEhF,IAAA,MAAMiG,mBAAsBF,GAAAA,cAAAA,CAC1BlG,mBACAgG,EAAAA,mBAAAA,EACAD,qBACA/B,MAAM,CAAC,CAACY,UAAAA,GAA2B,CAACa,eAAAA,CAAgBU,QAAQ,CAACvB,WAAWzE,MAAM,CAAA,CAAA;IAEhF,MAAMkG,mBAAAA,GAAsBC,YAAa,CAAA,IAAA,EAAMF,mBAAqBJ,EAAAA,mBAAAA,CAAAA;IAEpE,IAAII,mBAAAA,CAAoBG,MAAM,GAAG,CAAG,EAAA;;AAElC,QAAA,MAAMpD,WAAW,YAAcD,CAAAA,CAAAA,WAAW,CAACkD,mBAAoBzB,CAAAA,GAAG,CAAC6B,IAAK,CAAA,IAAA,CAAA,CAAA,CAAA;AAC1E;IAEA,IAAIP,gBAAAA,CAAiBM,MAAM,GAAG,CAAG,EAAA;QAC/B,MAAME,cAAAA,GAAiB,MAAMxB,cAAAA,CAAehC,MAAQgD,EAAAA,gBAAAA,CAAAA;AACpDI,QAAAA,mBAAAA,CAAoB7C,IAAI,CAAIiD,GAAAA,cAAAA,CAAAA;AAC9B;IAEA,IAAI,CAACb,iBAAiBK,gBAAAA,CAAiBM,MAAM,IAAIH,mBAAAA,CAAoBG,MAAK,CAAI,EAAA;QAC5E,MAAMpD,UAAAA,CAAW,WAAWuD,4BAA4B,EAAA;AAC1D;IAEA,OAAOL,mBAAAA;AACT,CAAA;AAEA,MAAMpB,cAAAA,GAAiB,OAAOhC,MAAiBsC,EAAAA,WAAAA,GAAAA;AAC7C,IAAA,MAAM,EAAEoB,iBAAiB,EAAEC,UAAU,EAAE,GAAGzD,UAAW,CAAA,YAAA,CAAA;IACrD,MAAM,EAAE0D,kBAAkB,EAAE,GAAGhC,gBAAAA;AAE/B,IAAA,MAAMkB,sBAAsBR,WACzBZ,CAAAA,GAAG,CAACmB,GAAI,CAAA,MAAA,EAAQ7C,QACjB;;AAEC0B,KAAAA,GAAG,CAACkC,kBAAmBF,CAAAA,iBAAAA,CAAAA,CAAAA,CACvBhC,GAAG,CAACE,iBAAiBxE,MAAM,CAAA;AAE9B,IAAA,OAAOuG,UAAWb,CAAAA,mBAAAA,CAAAA;AACpB,CAAA;AAEA,MAAMe,mBAAsB,GAAA,CAAC3G,MAAmBA,GAAAA,MAAAA,CAAO+D,OAAO,KAAKtF,oBAAAA;AAEnE;;AAEC,IACD,MAAMmI,0BAA6B,GAAA,UAAA;AACjC,IAAA,MAAMlE,cAAiB,GAAA,MAAMM,UAAW,CAAA,MAAA,CAAA,CAAQL,aAAa,EAAA;AAC7D,IAAA,IAAI,CAACD,cAAgB,EAAA;AACnB,QAAA;AACF;AAEA,IAAA,MAAMmE,oBAAoB7D,UAAW,CAAA,YAAA,CAAA;AACrC,IAAA,MAAM8D,qBAAqB9D,UAAW,CAAA,cAAA,CAAA;AAEtC,IAAA,MAAMU,UAAamD,GAAAA,iBAAAA,CAAkBpD,cAAc,CAACE,MAAM,EAAA;AAE1D,IAAA,MAAMC,sBAAsBF,UAAWG,CAAAA,MAAM,CAAC,CAAC7D,SAAW2G,mBAAoB3G,CAAAA,MAAAA,CAAAA,CAAAA;AAC9E,IAAA,MAAM+G,eAAerD,UAAWG,CAAAA,MAAM,CAAC,CAAC7D,MAAAA,GAAW,CAAC2G,mBAAoB3G,CAAAA,MAAAA,CAAAA,CAAAA;;IAGxE,MAAMoF,WAAAA,GAAc0B,kBAAmBzC,CAAAA,8BAA8B,CACnET,mBAAAA,CAAAA;;AAIF,IAAA,MAAMoD,gBAAmBD,GAAAA,YAAAA,CAAaE,MAAM,CAAC,CAACC,GAAKlH,EAAAA,MAAAA,GAAAA;AACjD,QAAA,MAAM,EAAEuF,QAAQ,EAAE4B,QAAQ,EAAE,GAAGnH,MAAAA;AAE/B,QAAA,IAAIoH,QAAQD,QAAW,CAAA,EAAA;YACrBD,GAAI7D,CAAAA,IAAI,IACH8D,QAAS3C,CAAAA,GAAG,CAAC,CAAC6C,OAAAA,GAAY3C,gBAAiBxE,CAAAA,MAAM,CAAC;oBAAEF,MAAQuF,EAAAA,QAAAA;AAAU8B,oBAAAA;AAAQ,iBAAA,CAAA,CAAA,CAAA;SAE9E,MAAA;AACLH,YAAAA,GAAAA,CAAI7D,IAAI,CAACqB,gBAAiBxE,CAAAA,MAAM,CAAC;gBAAEF,MAAQuF,EAAAA;AAAS,aAAA,CAAA,CAAA;AACtD;QAEA,OAAO2B,GAAAA;AACT,KAAA,EAAG,EAAE,CAAA;AAEL9B,IAAAA,WAAAA,CAAY/B,IAAI,CAAI2D,GAAAA,gBAAAA,CAAAA;AAEpB,IAAA,MAAMM,yBAA0B,MAAMvI,KAAAA,CAAMC,8BAA8B,CAACuI,IAAI,CAC7EnC,WAAAA,CAAAA;IAGF,MAAMD,iBAAAA,CAAkBzC,cAAed,CAAAA,EAAE,EAAE0F,sBAAAA,CAAAA;AAC7C,CAAA;AAEA;;IAGA,MAAME,oBAAoB,CAACC,IAAAA,GAAAA;AACzB,IAAA,MAAMzF,QAAQxB,UAAEyB,CAAAA,GAAG,CAACwF,IAAAA,EAAM,SAAS,EAAE,CAAA;AAErC,IAAA,OAAOzF,MAAMwC,GAAG,CAAC6B,IAAK,CAAA,MAAA,CAAA,CAAA,CAASL,QAAQ,CAACxH,gBAAAA,CAAAA;AAC1C,CAAA;AAEA,MAAMkJ,SAAY,GAAA;IAChBC,cAAgBnJ,EAAAA;AAClB,CAAA;AAEA,WAAe;AACbO,IAAAA,KAAAA;AACAI,IAAAA,YAAAA;AACAe,IAAAA,MAAAA;AACAmB,IAAAA,OAAAA;AACAI,IAAAA,qBAAAA;AACAI,IAAAA,IAAAA;AACAE,IAAAA,qBAAAA;AACAI,IAAAA,MAAAA;AACA9B,IAAAA,MAAAA;AACAkC,IAAAA,KAAAA;AACAQ,IAAAA,WAAAA;AACApB,IAAAA,aAAAA;AACAgB,IAAAA,aAAAA;AACAW,IAAAA,2BAAAA;AACAC,IAAAA,sBAAAA;AACAwB,IAAAA,4BAAAA;AACAD,IAAAA,cAAAA;AACA0C,IAAAA,iBAAAA;AACArC,IAAAA,iBAAAA;AACAyB,IAAAA,0BAAAA;AACApE,IAAAA,uBAAAA;AACAkF,IAAAA;AACF,CAAE;;;;"}

package/dist/server/server/src/services/transfer/token.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"token.js","sources":["../../../../../../server/src/services/transfer/token.ts"],"sourcesContent":["import crypto from 'crypto';\nimport assert from 'assert';\nimport { map, isArray, omit, uniq, isNil, difference, isEmpty, isNumber } from 'lodash/fp';\nimport { errors } from '@strapi/utils';\nimport '@strapi/types';\nimport constants from '../constants';\nimport { getService } from '../../utils';\nimport {\n DatabaseTransferToken,\n SanitizedTransferToken,\n TokenCreatePayload,\n TokenUpdatePayload,\n TransferToken,\n TransferTokenPermission,\n} from '../../../../shared/contracts/transfer';\n\nconst { ValidationError, NotFoundError } = errors;\n\nconst TRANSFER_TOKEN_UID = 'admin::transfer-token';\nconst TRANSFER_TOKEN_PERMISSION_UID = 'admin::transfer-token-permission';\n\nconst SELECT_FIELDS = [\n 'id',\n 'name',\n 'description',\n 'lastUsedAt',\n 'lifespan',\n 'expiresAt',\n 'createdAt',\n 'updatedAt',\n] as const;\n\nconst POPULATE_FIELDS = ['permissions'] as const;\n\n/*\n Return a list of all tokens and their permissions\n /\nconst list = async (): Promise<SanitizedTransferToken[]> => {\n const tokens: DatabaseTransferToken[] = await strapi.db.query(TRANSFER_TOKEN_UID).findMany({\n select: SELECT_FIELDS,\n populate: POPULATE_FIELDS,\n orderBy: { name: 'ASC' },\n });\n\n if (!tokens) return tokens;\n return tokens.map((token) => flattenTokenPermissions(token));\n};\n\n/\n Create a random token's access key\n /\nconst generateRandomAccessKey = (): string => crypto.randomBytes(128).toString('hex');\n\n/\n Validate the given access key's format and returns it if valid\n /\nconst validateAccessKey = (accessKey: string): string => {\n assert(typeof accessKey === 'string', 'Access key needs to be a string');\n assert(accessKey.length >= 15, 'Access key needs to have at least 15 characters');\n\n return accessKey;\n};\n\nexport const hasAccessKey = <T extends { accessKey?: string }>(\n attributes: T\n): attributes is T & { accessKey: string } => {\n return 'accessKey' in attributes;\n};\n\n/\n Create a token and its permissions\n /\nconst create = async (attributes: TokenCreatePayload): Promise<TransferToken> => {\n const accessKey = hasAccessKey(attributes)\n ? validateAccessKey(attributes.accessKey)\n : generateRandomAccessKey();\n\n // Make sure the access key isn't picked up directly from the attributes for the next steps\n delete attributes.accessKey;\n\n assertTokenPermissionsValidity(attributes);\n assertValidLifespan(attributes.lifespan);\n\n const result = (await strapi.db.transaction(async () => {\n const transferToken = await strapi.db.query(TRANSFER_TOKEN_UID).create({\n select: SELECT_FIELDS,\n populate: POPULATE_FIELDS,\n data: {\n ...omit('permissions', attributes),\n accessKey: hash(accessKey),\n ...getExpirationFields(attributes.lifespan),\n },\n });\n\n await Promise.all(\n uniq(attributes.permissions).map((action) =>\n strapi.db\n .query(TRANSFER_TOKEN_PERMISSION_UID)\n .create({ data: { action, token: transferToken } })\n )\n );\n\n const currentPermissions: TransferTokenPermission[] = await strapi.db\n .query(TRANSFER_TOKEN_UID)\n .load(transferToken, 'permissions');\n\n if (currentPermissions) {\n Object.assign(transferToken, { permissions: map('action', currentPermissions) });\n }\n\n return transferToken;\n })) as TransferToken;\n\n return { ...result, accessKey };\n};\n\n/\n Update a token and its permissions\n /\nconst update = async (\n id: string \| number,\n attributes: TokenUpdatePayload\n): Promise<SanitizedTransferToken> => {\n // retrieve token without permissions\n const originalToken = await strapi.db.query(TRANSFER_TOKEN_UID).findOne({ where: { id } });\n\n if (!originalToken) {\n throw new NotFoundError('Token not found');\n }\n\n assertTokenPermissionsValidity(attributes);\n assertValidLifespan(attributes.lifespan);\n\n return strapi.db.transaction(async () => {\n const updatedToken = await strapi.db.query(TRANSFER_TOKEN_UID).update({\n select: SELECT_FIELDS,\n where: { id },\n data: {\n ...omit('permissions', attributes),\n },\n });\n\n if (attributes.permissions) {\n const currentPermissionsResult = await strapi.db\n .query(TRANSFER_TOKEN_UID)\n .load(updatedToken, 'permissions');\n\n const currentPermissions = map('action', currentPermissionsResult \|\| []);\n const newPermissions = uniq(attributes.permissions);\n\n const actionsToDelete = difference(currentPermissions, newPermissions);\n const actionsToAdd = difference(newPermissions, currentPermissions);\n\n // TODO: improve efficiency here\n // method using a loop -- works but very inefficient\n await Promise.all(\n actionsToDelete.map((action) =>\n strapi.db.query(TRANSFER_TOKEN_PERMISSION_UID).delete({\n where: { action, token: id },\n })\n )\n );\n\n // TODO: improve efficiency here\n // using a loop -- works but very inefficient\n await Promise.all(\n actionsToAdd.map((action) =>\n strapi.db.query(TRANSFER_TOKEN_PERMISSION_UID).create({\n data: { action, token: id },\n })\n )\n );\n }\n\n // retrieve permissions\n const permissionsFromDb: TransferTokenPermission[] = await strapi.db\n .query(TRANSFER_TOKEN_UID)\n .load(updatedToken, 'permissions');\n\n return {\n ...updatedToken,\n permissions: permissionsFromDb ? permissionsFromDb.map((p) => p.action) : undefined,\n };\n }) as unknown as Promise<SanitizedTransferToken>;\n};\n\n/\n Revoke (delete) a token\n /\nconst revoke = async (id: string \| number): Promise<SanitizedTransferToken> => {\n return strapi.db.transaction(async () =>\n strapi.db\n .query(TRANSFER_TOKEN_UID)\n .delete({ select: SELECT_FIELDS, populate: POPULATE_FIELDS, where: { id } })\n ) as unknown as Promise<SanitizedTransferToken>;\n};\n\n/\n Get a token\n /\nconst getBy = async (\n whereParams = {} as {\n id?: string \| number;\n name?: string;\n lastUsedAt?: number;\n description?: string;\n accessKey?: string;\n }\n): Promise<SanitizedTransferToken \| null> => {\n if (Object.keys(whereParams).length === 0) {\n return null;\n }\n\n const token = await strapi.db\n .query(TRANSFER_TOKEN_UID)\n .findOne({ select: SELECT_FIELDS, populate: POPULATE_FIELDS, where: whereParams });\n\n if (!token) {\n return token;\n }\n\n return flattenTokenPermissions(token);\n};\n\n/\n Retrieve a token by id\n /\nconst getById = async (id: string \| number): Promise<SanitizedTransferToken \| null> => {\n return getBy({ id });\n};\n\n/\n Retrieve a token by name\n /\nconst getByName = async (name: string): Promise<SanitizedTransferToken \| null> => {\n return getBy({ name });\n};\n\n/\n Check if token exists\n /\nconst exists = async (\n whereParams = {} as {\n id?: string \| number;\n name?: string;\n lastUsedAt?: number;\n description?: string;\n accessKey?: string;\n }\n): Promise<boolean> => {\n const transferToken = await getBy(whereParams);\n\n return !!transferToken;\n};\n\nconst regenerate = async (id: string \| number): Promise<TransferToken> => {\n const accessKey = crypto.randomBytes(128).toString('hex');\n const transferToken = (await strapi.db.transaction(async () =>\n strapi.db.query(TRANSFER_TOKEN_UID).update({\n select: ['id', 'accessKey'],\n where: { id },\n data: {\n accessKey: hash(accessKey),\n },\n })\n )) as Promise<TransferToken>;\n\n if (!transferToken) {\n throw new NotFoundError('The provided token id does not exist');\n }\n\n return {\n ...transferToken,\n accessKey,\n };\n};\n\nconst getExpirationFields = (lifespan: TransferToken['lifespan']) => {\n // it must be nil or a finite number >= 0\n const isValidNumber = isNumber(lifespan) && Number.isFinite(lifespan) && lifespan > 0;\n if (!isValidNumber && !isNil(lifespan)) {\n throw new ValidationError('lifespan must be a positive number or null');\n }\n\n return {\n lifespan: lifespan \|\| null,\n expiresAt: lifespan ? Date.now() + lifespan : null,\n };\n};\n\n/\n Return a secure sha512 hash of an accessKey\n /\nconst hash = (accessKey: string): string => {\n const { hasValidTokenSalt } = getService('transfer').utils;\n\n if (!hasValidTokenSalt()) {\n throw new TypeError('Required token salt is not defined');\n }\n\n return crypto\n .createHmac('sha512', strapi.config.get('admin.transfer.token.salt'))\n .update(accessKey)\n .digest('hex');\n};\n\nconst checkSaltIsDefined = () => {\n const { hasValidTokenSalt } = getService('transfer').utils;\n\n // Ignore the check if the data-transfer feature is manually disabled\n if (!strapi.config.get('server.transfer.remote.enabled')) {\n return;\n }\n\n if (!hasValidTokenSalt()) {\n process.emitWarning(\n `Missing transfer.token.salt: Data transfer features have been disabled.\nPlease set transfer.token.salt in config/admin.js (ex: you can generate one using Node with \\`crypto.randomBytes(16).toString('base64')\\`)\nFor security reasons, prefer storing the secret in an environment variable and read it in config/admin.js. See https://docs.strapi.io/developer-docs/latest/setup-deployment-guides/configurations/optional/environment.html#configuration-using-environment-variables.`\n );\n }\n};\n\n/\n Flatten a token's database permissions objects to an array of strings\n /\nconst flattenTokenPermissions = (token: DatabaseTransferToken): TransferToken => {\n if (!token) {\n return token;\n }\n\n return {\n ...token,\n permissions: isArray(token.permissions)\n ? map('action', token.permissions as TransferTokenPermission[])\n : token.permissions,\n };\n};\n\n/\n Assert that a token's permissions are valid\n /\nconst assertTokenPermissionsValidity = (attributes: TokenUpdatePayload) => {\n const permissionService = strapi.service('admin::transfer').permission;\n const validPermissions = permissionService.providers.action.keys();\n const invalidPermissions = difference(attributes.permissions, validPermissions);\n\n if (!isEmpty(invalidPermissions)) {\n throw new ValidationError(`Unknown permissions provided: ${invalidPermissions.join(', ')}`);\n }\n};\n\n/\n Check if a token's lifespan is valid\n /\nconst isValidLifespan = (lifespan: unknown) => {\n if (isNil(lifespan)) {\n return true;\n }\n\n if (\n !isNumber(lifespan) \|\|\n !Object.values(constants.TRANSFER_TOKEN_LIFESPANS).includes(lifespan)\n ) {\n return false;\n }\n\n return true;\n};\n\n/\n Assert that a token's lifespan is valid\n */\nconst assertValidLifespan = (lifespan: unknown) => {\n if (!isValidLifespan(lifespan)) {\n throw new ValidationError(\n `lifespan must be one of the following values:\n ${Object.values(constants.TRANSFER_TOKEN_LIFESPANS).join(', ')}`\n );\n }\n};\n\nexport {\n create,\n list,\n exists,\n getBy,\n getById,\n getByName,\n update,\n revoke,\n regenerate,\n hash,\n checkSaltIsDefined,\n};\n"],"names":["ValidationError","NotFoundError","errors","TRANSFER_TOKEN_UID","TRANSFER_TOKEN_PERMISSION_UID","SELECT_FIELDS","POPULATE_FIELDS","list","tokens","strapi","db","query","findMany","select","populate","orderBy","name","map","token","flattenTokenPermissions","generateRandomAccessKey","crypto","randomBytes","toString","validateAccessKey","accessKey","assert","length","hasAccessKey","attributes","create","assertTokenPermissionsValidity","assertValidLifespan","lifespan","result","transaction","transferToken","data","omit","hash","getExpirationFields","Promise","all","uniq","permissions","action","currentPermissions","load","Object","assign","update","id","originalToken","findOne","where","updatedToken","currentPermissionsResult","newPermissions","actionsToDelete","difference","actionsToAdd","delete","permissionsFromDb","p","undefined","revoke","getBy","whereParams","keys","getById","getByName","exists","regenerate","isValidNumber","isNumber","Number","isFinite","isNil","expiresAt","Date","now","hasValidTokenSalt","getService","utils","TypeError","createHmac","config","get","digest","checkSaltIsDefined","process","emitWarning","isArray","permissionService","service","permission","validPermissions","providers","invalidPermissions","isEmpty","join","isValidLifespan","values","constants","TRANSFER_TOKEN_LIFESPANS","includes"],"mappings":";;;;;;;;;;AAgBA,MAAM,EAAEA,eAAe,EAAEC,aAAa,EAAE,GAAGC,YAAAA;AAE3C,MAAMC,kBAAqB,GAAA,uBAAA;AAC3B,MAAMC,6BAAgC,GAAA,kCAAA;AAEtC,MAAMC,aAAgB,GAAA;AACpB,IAAA,IAAA;AACA,IAAA,MAAA;AACA,IAAA,aAAA;AACA,IAAA,YAAA;AACA,IAAA,UAAA;AACA,IAAA,WAAA;AACA,IAAA,WAAA;AACA,IAAA;AACD,CAAA;AAED,MAAMC,eAAkB,GAAA;AAAC,IAAA;AAAc,CAAA;AAEvC;;AAEC,UACKC,IAAO,GAAA,UAAA;IACX,MAAMC,MAAAA,GAAkC,MAAMC,MAAOC,CAAAA,EAAE,CAACC,KAAK,CAACR,kBAAoBS,CAAAA,CAAAA,QAAQ,CAAC;QACzFC,MAAQR,EAAAA,aAAAA;QACRS,QAAUR,EAAAA,eAAAA;QACVS,OAAS,EAAA;YAAEC,IAAM,EAAA;AAAM;AACzB,KAAA,CAAA;IAEA,IAAI,CAACR,QAAQ,OAAOA,MAAAA;AACpB,IAAA,OAAOA,MAAOS,CAAAA,GAAG,CAAC,CAACC,QAAUC,uBAAwBD,CAAAA,KAAAA,CAAAA,CAAAA;AACvD;AAEA;;IAGA,MAAME,0BAA0B,IAAcC,MAAAA,CAAOC,WAAW,CAAC,GAAA,CAAA,CAAKC,QAAQ,CAAC,KAAA,CAAA;AAE/E;;IAGA,MAAMC,oBAAoB,CAACC,SAAAA,GAAAA;IACzBC,MAAO,CAAA,OAAOD,cAAc,QAAU,EAAA,iCAAA,CAAA;IACtCC,MAAOD,CAAAA,SAAAA,CAAUE,MAAM,IAAI,EAAI,EAAA,iDAAA,CAAA;IAE/B,OAAOF,SAAAA;AACT,CAAA;AAEO,MAAMG,eAAe,CAC1BC,UAAAA,GAAAA;AAEA,IAAA,OAAO,WAAeA,IAAAA,UAAAA;AACxB;AAEA;;IAGA,MAAMC,SAAS,OAAOD,UAAAA,GAAAA;AACpB,IAAA,MAAMJ,YAAYG,YAAaC,CAAAA,UAAAA,CAAAA,GAC3BL,iBAAkBK,CAAAA,UAAAA,CAAWJ,SAAS,CACtCL,GAAAA,uBAAAA,EAAAA;;AAGJ,IAAA,OAAOS,WAAWJ,SAAS;IAE3BM,8BAA+BF,CAAAA,UAAAA,CAAAA;AAC/BG,IAAAA,mBAAAA,CAAoBH,WAAWI,QAAQ,CAAA;AAEvC,IAAA,MAAMC,SAAU,MAAMzB,MAAAA,CAAOC,EAAE,CAACyB,WAAW,CAAC,UAAA;QAC1C,MAAMC,aAAAA,GAAgB,MAAM3B,MAAOC,CAAAA,EAAE,CAACC,KAAK,CAACR,kBAAoB2B,CAAAA,CAAAA,MAAM,CAAC;YACrEjB,MAAQR,EAAAA,aAAAA;YACRS,QAAUR,EAAAA,eAAAA;YACV+B,IAAM,EAAA;gBACJ,GAAGC,OAAAA,CAAK,eAAeT,UAAW,CAAA;AAClCJ,gBAAAA,SAAAA,EAAWc,IAAKd,CAAAA,SAAAA,CAAAA;gBAChB,GAAGe,mBAAAA,CAAoBX,UAAWI,CAAAA,QAAQ;AAC5C;AACF,SAAA,CAAA;AAEA,QAAA,MAAMQ,QAAQC,GAAG,CACfC,QAAKd,UAAWe,CAAAA,WAAW,EAAE3B,GAAG,CAAC,CAAC4B,MAAAA,GAChCpC,OAAOC,EAAE,CACNC,KAAK,CAACP,6BAAAA,CAAAA,CACN0B,MAAM,CAAC;gBAAEO,IAAM,EAAA;AAAEQ,oBAAAA,MAAAA;oBAAQ3B,KAAOkB,EAAAA;AAAc;AAAE,aAAA,CAAA,CAAA,CAAA;QAIvD,MAAMU,kBAAAA,GAAgD,MAAMrC,MAAAA,CAAOC,EAAE,CAClEC,KAAK,CAACR,kBAAAA,CAAAA,CACN4C,IAAI,CAACX,aAAe,EAAA,aAAA,CAAA;AAEvB,QAAA,IAAIU,kBAAoB,EAAA;YACtBE,MAAOC,CAAAA,MAAM,CAACb,aAAe,EAAA;AAAEQ,gBAAAA,WAAAA,EAAa3B,OAAI,QAAU6B,EAAAA,kBAAAA;AAAoB,aAAA,CAAA;AAChF;QAEA,OAAOV,aAAAA;AACT,KAAA,CAAA;IAEA,OAAO;AAAE,QAAA,GAAGF,MAAM;AAAET,QAAAA;AAAU,KAAA;AAChC;AAEA;;IAGA,MAAMyB,MAAS,GAAA,OACbC,EACAtB,EAAAA,UAAAA,GAAAA;;IAGA,MAAMuB,aAAAA,GAAgB,MAAM3C,MAAOC,CAAAA,EAAE,CAACC,KAAK,CAACR,kBAAoBkD,CAAAA,CAAAA,OAAO,CAAC;QAAEC,KAAO,EAAA;AAAEH,YAAAA;AAAG;AAAE,KAAA,CAAA;AAExF,IAAA,IAAI,CAACC,aAAe,EAAA;AAClB,QAAA,MAAM,IAAInD,aAAc,CAAA,iBAAA,CAAA;AAC1B;IAEA8B,8BAA+BF,CAAAA,UAAAA,CAAAA;AAC/BG,IAAAA,mBAAAA,CAAoBH,WAAWI,QAAQ,CAAA;AAEvC,IAAA,OAAOxB,MAAOC,CAAAA,EAAE,CAACyB,WAAW,CAAC,UAAA;QAC3B,MAAMoB,YAAAA,GAAe,MAAM9C,MAAOC,CAAAA,EAAE,CAACC,KAAK,CAACR,kBAAoB+C,CAAAA,CAAAA,MAAM,CAAC;YACpErC,MAAQR,EAAAA,aAAAA;YACRiD,KAAO,EAAA;AAAEH,gBAAAA;AAAG,aAAA;YACZd,IAAM,EAAA;gBACJ,GAAGC,OAAAA,CAAK,eAAeT,UAAW;AACpC;AACF,SAAA,CAAA;QAEA,IAAIA,UAAAA,CAAWe,WAAW,EAAE;YAC1B,MAAMY,wBAAAA,GAA2B,MAAM/C,MAAAA,CAAOC,EAAE,CAC7CC,KAAK,CAACR,kBAAAA,CAAAA,CACN4C,IAAI,CAACQ,YAAc,EAAA,aAAA,CAAA;AAEtB,YAAA,MAAMT,kBAAqB7B,GAAAA,MAAAA,CAAI,QAAUuC,EAAAA,wBAAAA,IAA4B,EAAE,CAAA;YACvE,MAAMC,cAAAA,GAAiBd,OAAKd,CAAAA,UAAAA,CAAWe,WAAW,CAAA;YAElD,MAAMc,eAAAA,GAAkBC,cAAWb,kBAAoBW,EAAAA,cAAAA,CAAAA;YACvD,MAAMG,YAAAA,GAAeD,cAAWF,cAAgBX,EAAAA,kBAAAA,CAAAA;;;AAIhD,YAAA,MAAML,OAAQC,CAAAA,GAAG,CACfgB,eAAAA,CAAgBzC,GAAG,CAAC,CAAC4B,MACnBpC,GAAAA,MAAAA,CAAOC,EAAE,CAACC,KAAK,CAACP,6BAAAA,CAAAA,CAA+ByD,MAAM,CAAC;oBACpDP,KAAO,EAAA;AAAET,wBAAAA,MAAAA;wBAAQ3B,KAAOiC,EAAAA;AAAG;AAC7B,iBAAA,CAAA,CAAA,CAAA;;;AAMJ,YAAA,MAAMV,OAAQC,CAAAA,GAAG,CACfkB,YAAAA,CAAa3C,GAAG,CAAC,CAAC4B,MAChBpC,GAAAA,MAAAA,CAAOC,EAAE,CAACC,KAAK,CAACP,6BAAAA,CAAAA,CAA+B0B,MAAM,CAAC;oBACpDO,IAAM,EAAA;AAAEQ,wBAAAA,MAAAA;wBAAQ3B,KAAOiC,EAAAA;AAAG;AAC5B,iBAAA,CAAA,CAAA,CAAA;AAGN;;QAGA,MAAMW,iBAAAA,GAA+C,MAAMrD,MAAAA,CAAOC,EAAE,CACjEC,KAAK,CAACR,kBAAAA,CAAAA,CACN4C,IAAI,CAACQ,YAAc,EAAA,aAAA,CAAA;QAEtB,OAAO;AACL,YAAA,GAAGA,YAAY;YACfX,WAAakB,EAAAA,iBAAAA,GAAoBA,kBAAkB7C,GAAG,CAAC,CAAC8C,CAAMA,GAAAA,CAAAA,CAAElB,MAAM,CAAImB,GAAAA;AAC5E,SAAA;AACF,KAAA,CAAA;AACF;AAEA;;IAGA,MAAMC,SAAS,OAAOd,EAAAA,GAAAA;AACpB,IAAA,OAAO1C,MAAOC,CAAAA,EAAE,CAACyB,WAAW,CAAC,UAC3B1B,MAAOC,CAAAA,EAAE,CACNC,KAAK,CAACR,kBAAAA,CAAAA,CACN0D,MAAM,CAAC;YAAEhD,MAAQR,EAAAA,aAAAA;YAAeS,QAAUR,EAAAA,eAAAA;YAAiBgD,KAAO,EAAA;AAAEH,gBAAAA;AAAG;AAAE,SAAA,CAAA,CAAA;AAEhF;AAEA;;AAEC,IACKe,MAAAA,KAAAA,GAAQ,OACZC,WAAAA,GAAc,EAMb,GAAA;AAED,IAAA,IAAInB,OAAOoB,IAAI,CAACD,WAAaxC,CAAAA,CAAAA,MAAM,KAAK,CAAG,EAAA;QACzC,OAAO,IAAA;AACT;IAEA,MAAMT,KAAAA,GAAQ,MAAMT,MAAOC,CAAAA,EAAE,CAC1BC,KAAK,CAACR,kBACNkD,CAAAA,CAAAA,OAAO,CAAC;QAAExC,MAAQR,EAAAA,aAAAA;QAAeS,QAAUR,EAAAA,eAAAA;QAAiBgD,KAAOa,EAAAA;AAAY,KAAA,CAAA;AAElF,IAAA,IAAI,CAACjD,KAAO,EAAA;QACV,OAAOA,KAAAA;AACT;AAEA,IAAA,OAAOC,uBAAwBD,CAAAA,KAAAA,CAAAA;AACjC;AAEA;;IAGA,MAAMmD,UAAU,OAAOlB,EAAAA,GAAAA;AACrB,IAAA,OAAOe,KAAM,CAAA;AAAEf,QAAAA;AAAG,KAAA,CAAA;AACpB;AAEA;;IAGA,MAAMmB,YAAY,OAAOtD,IAAAA,GAAAA;AACvB,IAAA,OAAOkD,KAAM,CAAA;AAAElD,QAAAA;AAAK,KAAA,CAAA;AACtB;AAEA;;AAEC,IACKuD,MAAAA,MAAAA,GAAS,OACbJ,WAAAA,GAAc,EAMb,GAAA;IAED,MAAM/B,aAAAA,GAAgB,MAAM8B,KAAMC,CAAAA,WAAAA,CAAAA;AAElC,IAAA,OAAO,CAAC,CAAC/B,aAAAA;AACX;AAEA,MAAMoC,aAAa,OAAOrB,EAAAA,GAAAA;AACxB,IAAA,MAAM1B,YAAYJ,MAAOC,CAAAA,WAAW,CAAC,GAAA,CAAA,CAAKC,QAAQ,CAAC,KAAA,CAAA;AACnD,IAAA,MAAMa,aAAiB,GAAA,MAAM3B,MAAOC,CAAAA,EAAE,CAACyB,WAAW,CAAC,UACjD1B,MAAAA,CAAOC,EAAE,CAACC,KAAK,CAACR,kBAAAA,CAAAA,CAAoB+C,MAAM,CAAC;YACzCrC,MAAQ,EAAA;AAAC,gBAAA,IAAA;AAAM,gBAAA;AAAY,aAAA;YAC3ByC,KAAO,EAAA;AAAEH,gBAAAA;AAAG,aAAA;YACZd,IAAM,EAAA;AACJZ,gBAAAA,SAAAA,EAAWc,IAAKd,CAAAA,SAAAA;AAClB;AACF,SAAA,CAAA,CAAA;AAGF,IAAA,IAAI,CAACW,aAAe,EAAA;AAClB,QAAA,MAAM,IAAInC,aAAc,CAAA,sCAAA,CAAA;AAC1B;IAEA,OAAO;AACL,QAAA,GAAGmC,aAAa;AAChBX,QAAAA;AACF,KAAA;AACF;AAEA,MAAMe,sBAAsB,CAACP,QAAAA,GAAAA;;AAE3B,IAAA,MAAMwC,gBAAgBC,WAASzC,CAAAA,QAAAA,CAAAA,IAAa0C,OAAOC,QAAQ,CAAC3C,aAAaA,QAAW,GAAA,CAAA;AACpF,IAAA,IAAI,CAACwC,aAAAA,IAAiB,CAACI,QAAAA,CAAM5C,QAAW,CAAA,EAAA;AACtC,QAAA,MAAM,IAAIjC,eAAgB,CAAA,4CAAA,CAAA;AAC5B;IAEA,OAAO;AACLiC,QAAAA,QAAAA,EAAUA,QAAY,IAAA,IAAA;AACtB6C,QAAAA,SAAAA,EAAW7C,QAAW8C,GAAAA,IAAAA,CAAKC,GAAG,EAAA,GAAK/C,QAAW,GAAA;AAChD,KAAA;AACF,CAAA;AAEA;;IAGA,MAAMM,OAAO,CAACd,SAAAA,GAAAA;AACZ,IAAA,MAAM,EAAEwD,iBAAiB,EAAE,GAAGC,gBAAAA,CAAW,YAAYC,KAAK;AAE1D,IAAA,IAAI,CAACF,iBAAqB,EAAA,EAAA;AACxB,QAAA,MAAM,IAAIG,SAAU,CAAA,oCAAA,CAAA;AACtB;AAEA,IAAA,OAAO/D,MACJgE,CAAAA,UAAU,CAAC,QAAA,EAAU5E,OAAO6E,MAAM,CAACC,GAAG,CAAC,2BACvCrC,CAAAA,CAAAA,CAAAA,MAAM,CAACzB,SAAAA,CAAAA,CACP+D,MAAM,CAAC,KAAA,CAAA;AACZ;AAEA,MAAMC,kBAAqB,GAAA,IAAA;AACzB,IAAA,MAAM,EAAER,iBAAiB,EAAE,GAAGC,gBAAAA,CAAW,YAAYC,KAAK;;AAG1D,IAAA,IAAI,CAAC1E,MAAO6E,CAAAA,MAAM,CAACC,GAAG,CAAC,gCAAmC,CAAA,EAAA;AACxD,QAAA;AACF;AAEA,IAAA,IAAI,CAACN,iBAAqB,EAAA,EAAA;QACxBS,OAAQC,CAAAA,WAAW,CACjB,CAAC;;uQAEgQ,CAAC,CAAA;AAEtQ;AACF;AAEA;;IAGA,MAAMxE,0BAA0B,CAACD,KAAAA,GAAAA;AAC/B,IAAA,IAAI,CAACA,KAAO,EAAA;QACV,OAAOA,KAAAA;AACT;IAEA,OAAO;AACL,QAAA,GAAGA,KAAK;QACR0B,WAAagD,EAAAA,UAAAA,CAAQ1E,KAAM0B,CAAAA,WAAW,CAClC3B,GAAAA,MAAAA,CAAI,UAAUC,KAAM0B,CAAAA,WAAW,CAC/B1B,GAAAA,KAAAA,CAAM0B;AACZ,KAAA;AACF,CAAA;AAEA;;IAGA,MAAMb,iCAAiC,CAACF,UAAAA,GAAAA;AACtC,IAAA,MAAMgE,iBAAoBpF,GAAAA,MAAAA,CAAOqF,OAAO,CAAC,mBAAmBC,UAAU;AACtE,IAAA,MAAMC,mBAAmBH,iBAAkBI,CAAAA,SAAS,CAACpD,MAAM,CAACuB,IAAI,EAAA;AAChE,IAAA,MAAM8B,kBAAqBvC,GAAAA,aAAAA,CAAW9B,UAAWe,CAAAA,WAAW,EAAEoD,gBAAAA,CAAAA;IAE9D,IAAI,CAACG,WAAQD,kBAAqB,CAAA,EAAA;QAChC,MAAM,IAAIlG,gBAAgB,CAAC,8BAA8B,EAAEkG,kBAAmBE,CAAAA,IAAI,CAAC,IAAA,CAAA,CAAM,CAAC,CAAA;AAC5F;AACF,CAAA;AAEA;;IAGA,MAAMC,kBAAkB,CAACpE,QAAAA,GAAAA;AACvB,IAAA,IAAI4C,SAAM5C,QAAW,CAAA,EAAA;QACnB,OAAO,IAAA;AACT;AAEA,IAAA,IACE,CAACyC,WAAAA,CAASzC,QACV,CAAA,IAAA,CAACe,MAAOsD,CAAAA,MAAM,CAACC,SAAAA,CAAUC,wBAAwB,CAAA,CAAEC,QAAQ,CAACxE,QAC5D,CAAA,EAAA;QACA,OAAO,KAAA;AACT;IAEA,OAAO,IAAA;AACT,CAAA;AAEA;;IAGA,MAAMD,sBAAsB,CAACC,QAAAA,GAAAA;IAC3B,IAAI,CAACoE,gBAAgBpE,QAAW,CAAA,EAAA;QAC9B,MAAM,IAAIjC,gBACR,CAAC;MACD,EAAEgD,MAAAA,CAAOsD,MAAM,CAACC,SAAAA,CAAUC,wBAAwB,CAAEJ,CAAAA,IAAI,CAAC,IAAA,CAAA,CAAM,CAAC,CAAA;AAEpE;AACF,CAAA;;;;;;;;;;;;;;;"}
1	+ {"version":3,"file":"token.js","sources":["../../../../../../server/src/services/transfer/token.ts"],"sourcesContent":["import crypto from 'crypto';\nimport assert from 'assert';\nimport { map, isArray, omit, uniq, isNil, difference, isEmpty, isNumber } from 'lodash/fp';\nimport { errors } from '@strapi/utils';\nimport '@strapi/types';\nimport constants from '../constants';\nimport { getService } from '../../utils';\nimport {\n DatabaseTransferToken,\n SanitizedTransferToken,\n TokenCreatePayload,\n TokenUpdatePayload,\n TransferToken,\n TransferTokenPermission,\n} from '../../../../shared/contracts/transfer';\n\nconst { ValidationError, NotFoundError } = errors;\n\nconst TRANSFER_TOKEN_UID = 'admin::transfer-token';\nconst TRANSFER_TOKEN_PERMISSION_UID = 'admin::transfer-token-permission';\n\nconst SELECT_FIELDS = [\n 'id',\n 'name',\n 'description',\n 'lastUsedAt',\n 'lifespan',\n 'expiresAt',\n 'createdAt',\n 'updatedAt',\n] as const;\n\nconst POPULATE_FIELDS = ['permissions'] as const;\n\n/*\n Return a list of all tokens and their permissions\n /\nconst list = async (): Promise<SanitizedTransferToken[]> => {\n const tokens: DatabaseTransferToken[] = await strapi.db.query(TRANSFER_TOKEN_UID).findMany({\n select: SELECT_FIELDS,\n populate: POPULATE_FIELDS,\n orderBy: { name: 'ASC' },\n });\n\n if (!tokens) return tokens;\n return tokens.map((token) => flattenTokenPermissions(token));\n};\n\n/\n Create a random token's access key\n /\nconst generateRandomAccessKey = (): string => crypto.randomBytes(128).toString('hex');\n\n/\n Validate the given access key's format and returns it if valid\n /\nconst validateAccessKey = (accessKey: string): string => {\n assert(typeof accessKey === 'string', 'Access key needs to be a string');\n assert(accessKey.length >= 15, 'Access key needs to have at least 15 characters');\n\n return accessKey;\n};\n\nexport const hasAccessKey = <T extends { accessKey?: string }>(\n attributes: T\n): attributes is T & { accessKey: string } => {\n return 'accessKey' in attributes;\n};\n\n/\n Create a token and its permissions\n /\nconst create = async (attributes: TokenCreatePayload): Promise<TransferToken> => {\n const accessKey = hasAccessKey(attributes)\n ? validateAccessKey(attributes.accessKey)\n : generateRandomAccessKey();\n\n // Make sure the access key isn't picked up directly from the attributes for the next steps\n delete attributes.accessKey;\n\n assertTokenPermissionsValidity(attributes);\n assertValidLifespan(attributes.lifespan);\n\n const result = (await strapi.db.transaction(async () => {\n const transferToken = await strapi.db.query(TRANSFER_TOKEN_UID).create({\n select: SELECT_FIELDS,\n populate: POPULATE_FIELDS,\n data: {\n ...omit('permissions', attributes),\n accessKey: hash(accessKey),\n ...getExpirationFields(attributes.lifespan),\n },\n });\n\n await Promise.all(\n uniq(attributes.permissions).map((action) =>\n strapi.db\n .query(TRANSFER_TOKEN_PERMISSION_UID)\n .create({ data: { action, token: transferToken } })\n )\n );\n\n const currentPermissions: TransferTokenPermission[] = await strapi.db\n .query(TRANSFER_TOKEN_UID)\n .load(transferToken, 'permissions');\n\n if (currentPermissions) {\n Object.assign(transferToken, { permissions: map('action', currentPermissions) });\n }\n\n return transferToken;\n })) as TransferToken;\n\n return { ...result, accessKey };\n};\n\n/\n Update a token and its permissions\n /\nconst update = async (\n id: string \| number,\n attributes: TokenUpdatePayload\n): Promise<SanitizedTransferToken> => {\n // retrieve token without permissions\n const originalToken = await strapi.db.query(TRANSFER_TOKEN_UID).findOne({ where: { id } });\n\n if (!originalToken) {\n throw new NotFoundError('Token not found');\n }\n\n assertTokenPermissionsValidity(attributes);\n assertValidLifespan(attributes.lifespan);\n\n return strapi.db.transaction(async () => {\n const updatedToken = await strapi.db.query(TRANSFER_TOKEN_UID).update({\n select: SELECT_FIELDS,\n where: { id },\n data: {\n ...omit('permissions', attributes),\n },\n });\n\n if (attributes.permissions) {\n const currentPermissionsResult = await strapi.db\n .query(TRANSFER_TOKEN_UID)\n .load(updatedToken, 'permissions');\n\n const currentPermissions = map('action', currentPermissionsResult \|\| []);\n const newPermissions = uniq(attributes.permissions);\n\n const actionsToDelete = difference(currentPermissions, newPermissions);\n const actionsToAdd = difference(newPermissions, currentPermissions);\n\n // TODO: improve efficiency here\n // method using a loop -- works but very inefficient\n await Promise.all(\n actionsToDelete.map((action) =>\n strapi.db.query(TRANSFER_TOKEN_PERMISSION_UID).delete({\n where: { action, token: id },\n })\n )\n );\n\n // TODO: improve efficiency here\n // using a loop -- works but very inefficient\n await Promise.all(\n actionsToAdd.map((action) =>\n strapi.db.query(TRANSFER_TOKEN_PERMISSION_UID).create({\n data: { action, token: id },\n })\n )\n );\n }\n\n // retrieve permissions\n const permissionsFromDb: TransferTokenPermission[] = await strapi.db\n .query(TRANSFER_TOKEN_UID)\n .load(updatedToken, 'permissions');\n\n return {\n ...updatedToken,\n permissions: permissionsFromDb ? permissionsFromDb.map((p) => p.action) : undefined,\n };\n }) as unknown as Promise<SanitizedTransferToken>;\n};\n\n/\n Revoke (delete) a token\n /\nconst revoke = async (id: string \| number): Promise<SanitizedTransferToken> => {\n return strapi.db.transaction(async () =>\n strapi.db\n .query(TRANSFER_TOKEN_UID)\n .delete({ select: SELECT_FIELDS, populate: POPULATE_FIELDS, where: { id } })\n ) as unknown as Promise<SanitizedTransferToken>;\n};\n\n/\n Get a token\n /\nconst getBy = async (\n whereParams = {} as {\n id?: string \| number;\n name?: string;\n lastUsedAt?: number;\n description?: string;\n accessKey?: string;\n }\n): Promise<SanitizedTransferToken \| null> => {\n if (Object.keys(whereParams).length === 0) {\n return null;\n }\n\n const token = await strapi.db\n .query(TRANSFER_TOKEN_UID)\n .findOne({ select: SELECT_FIELDS, populate: POPULATE_FIELDS, where: whereParams });\n\n if (!token) {\n return token;\n }\n\n return flattenTokenPermissions(token);\n};\n\n/\n Retrieve a token by id\n /\nconst getById = async (id: string \| number): Promise<SanitizedTransferToken \| null> => {\n return getBy({ id });\n};\n\n/\n Retrieve a token by name\n /\nconst getByName = async (name: string): Promise<SanitizedTransferToken \| null> => {\n return getBy({ name });\n};\n\n/\n Check if token exists\n /\nconst exists = async (\n whereParams = {} as {\n id?: string \| number;\n name?: string;\n lastUsedAt?: number;\n description?: string;\n accessKey?: string;\n }\n): Promise<boolean> => {\n const transferToken = await getBy(whereParams);\n\n return !!transferToken;\n};\n\nconst regenerate = async (id: string \| number): Promise<TransferToken> => {\n const accessKey = crypto.randomBytes(128).toString('hex');\n const transferToken = (await strapi.db.transaction(async () =>\n strapi.db.query(TRANSFER_TOKEN_UID).update({\n select: ['id', 'accessKey'],\n where: { id },\n data: {\n accessKey: hash(accessKey),\n },\n })\n )) as Promise<TransferToken>;\n\n if (!transferToken) {\n throw new NotFoundError('The provided token id does not exist');\n }\n\n return {\n ...transferToken,\n accessKey,\n };\n};\n\nconst getExpirationFields = (lifespan: TransferToken['lifespan']) => {\n // it must be nil or a finite number >= 0\n const isValidNumber = isNumber(lifespan) && Number.isFinite(lifespan) && lifespan > 0;\n if (!isValidNumber && !isNil(lifespan)) {\n throw new ValidationError('lifespan must be a positive number or null');\n }\n\n return {\n lifespan: lifespan \|\| null,\n expiresAt: lifespan ? Date.now() + lifespan : null,\n };\n};\n\n/\n Return a secure sha512 hash of an accessKey\n /\nconst hash = (accessKey: string): string => {\n const { hasValidTokenSalt } = getService('transfer').utils;\n\n if (!hasValidTokenSalt()) {\n throw new TypeError('Required token salt is not defined');\n }\n\n return crypto\n .createHmac('sha512', strapi.config.get('admin.transfer.token.salt'))\n .update(accessKey)\n .digest('hex');\n};\n\nconst checkSaltIsDefined = () => {\n const { hasValidTokenSalt } = getService('transfer').utils;\n\n // Ignore the check if the data-transfer feature is manually disabled\n if (!strapi.config.get('server.transfer.remote.enabled')) {\n return;\n }\n\n if (!hasValidTokenSalt()) {\n process.emitWarning(\n `Missing transfer.token.salt: Data transfer features have been disabled.\nPlease set transfer.token.salt in config/admin.js (ex: you can generate one using Node with \\`crypto.randomBytes(16).toString('base64')\\`)\nFor security reasons, prefer storing the secret in an environment variable and read it in config/admin.js. See https://docs.strapi.io/developer-docs/latest/setup-deployment-guides/configurations/optional/environment.html#configuration-using-environment-variables.`\n );\n }\n};\n\n/\n Flatten a token's database permissions objects to an array of strings\n /\nconst flattenTokenPermissions = (token: DatabaseTransferToken): TransferToken => {\n if (!token) {\n return token;\n }\n\n return {\n ...token,\n permissions: isArray(token.permissions)\n ? map('action', token.permissions as TransferTokenPermission[])\n : token.permissions,\n };\n};\n\n/\n Assert that a token's permissions are valid\n /\nconst assertTokenPermissionsValidity = (attributes: TokenUpdatePayload) => {\n const permissionService = strapi.service('admin::transfer').permission;\n const validPermissions = permissionService.providers.action.keys();\n const invalidPermissions = difference(attributes.permissions, validPermissions);\n\n if (!isEmpty(invalidPermissions)) {\n throw new ValidationError(`Unknown permissions provided: ${invalidPermissions.join(', ')}`);\n }\n};\n\n/\n Check if a token's lifespan is valid\n /\nconst isValidLifespan = (lifespan: unknown) => {\n if (isNil(lifespan)) {\n return true;\n }\n\n if (\n !isNumber(lifespan) \|\|\n !Object.values(constants.TRANSFER_TOKEN_LIFESPANS).includes(lifespan)\n ) {\n return false;\n }\n\n return true;\n};\n\n/\n Assert that a token's lifespan is valid\n */\nconst assertValidLifespan = (lifespan: unknown) => {\n if (!isValidLifespan(lifespan)) {\n throw new ValidationError(\n `lifespan must be one of the following values:\n ${Object.values(constants.TRANSFER_TOKEN_LIFESPANS).join(', ')}`\n );\n }\n};\n\nexport {\n create,\n list,\n exists,\n getBy,\n getById,\n getByName,\n update,\n revoke,\n regenerate,\n hash,\n checkSaltIsDefined,\n};\n"],"names":["ValidationError","NotFoundError","errors","TRANSFER_TOKEN_UID","TRANSFER_TOKEN_PERMISSION_UID","SELECT_FIELDS","POPULATE_FIELDS","list","tokens","strapi","db","query","findMany","select","populate","orderBy","name","map","token","flattenTokenPermissions","generateRandomAccessKey","crypto","randomBytes","toString","validateAccessKey","accessKey","assert","length","hasAccessKey","attributes","create","assertTokenPermissionsValidity","assertValidLifespan","lifespan","result","transaction","transferToken","data","omit","hash","getExpirationFields","Promise","all","uniq","permissions","action","currentPermissions","load","Object","assign","update","id","originalToken","findOne","where","updatedToken","currentPermissionsResult","newPermissions","actionsToDelete","difference","actionsToAdd","delete","permissionsFromDb","p","undefined","revoke","getBy","whereParams","keys","getById","getByName","exists","regenerate","isValidNumber","isNumber","Number","isFinite","isNil","expiresAt","Date","now","hasValidTokenSalt","getService","utils","TypeError","createHmac","config","get","digest","checkSaltIsDefined","process","emitWarning","isArray","permissionService","service","permission","validPermissions","providers","invalidPermissions","isEmpty","join","isValidLifespan","values","constants","TRANSFER_TOKEN_LIFESPANS","includes"],"mappings":";;;;;;;;;;AAgBA,MAAM,EAAEA,eAAe,EAAEC,aAAa,EAAE,GAAGC,YAAAA;AAE3C,MAAMC,kBAAqB,GAAA,uBAAA;AAC3B,MAAMC,6BAAgC,GAAA,kCAAA;AAEtC,MAAMC,aAAgB,GAAA;AACpB,IAAA,IAAA;AACA,IAAA,MAAA;AACA,IAAA,aAAA;AACA,IAAA,YAAA;AACA,IAAA,UAAA;AACA,IAAA,WAAA;AACA,IAAA,WAAA;AACA,IAAA;AACD,CAAA;AAED,MAAMC,eAAkB,GAAA;AAAC,IAAA;AAAc,CAAA;AAEvC;;AAEC,UACKC,IAAO,GAAA,UAAA;IACX,MAAMC,MAAAA,GAAkC,MAAMC,MAAOC,CAAAA,EAAE,CAACC,KAAK,CAACR,kBAAoBS,CAAAA,CAAAA,QAAQ,CAAC;QACzFC,MAAQR,EAAAA,aAAAA;QACRS,QAAUR,EAAAA,eAAAA;QACVS,OAAS,EAAA;YAAEC,IAAM,EAAA;AAAM;AACzB,KAAA,CAAA;IAEA,IAAI,CAACR,QAAQ,OAAOA,MAAAA;AACpB,IAAA,OAAOA,MAAOS,CAAAA,GAAG,CAAC,CAACC,QAAUC,uBAAwBD,CAAAA,KAAAA,CAAAA,CAAAA;AACvD;AAEA;;IAGA,MAAME,0BAA0B,IAAcC,MAAAA,CAAOC,WAAW,CAAC,GAAA,CAAA,CAAKC,QAAQ,CAAC,KAAA,CAAA;AAE/E;;IAGA,MAAMC,oBAAoB,CAACC,SAAAA,GAAAA;IACzBC,MAAO,CAAA,OAAOD,cAAc,QAAU,EAAA,iCAAA,CAAA;IACtCC,MAAOD,CAAAA,SAAAA,CAAUE,MAAM,IAAI,EAAI,EAAA,iDAAA,CAAA;IAE/B,OAAOF,SAAAA;AACT,CAAA;AAEO,MAAMG,eAAe,CAC1BC,UAAAA,GAAAA;AAEA,IAAA,OAAO,WAAeA,IAAAA,UAAAA;AACxB;AAEA;;IAGA,MAAMC,SAAS,OAAOD,UAAAA,GAAAA;AACpB,IAAA,MAAMJ,YAAYG,YAAaC,CAAAA,UAAAA,CAAAA,GAC3BL,iBAAkBK,CAAAA,UAAAA,CAAWJ,SAAS,CACtCL,GAAAA,uBAAAA,EAAAA;;AAGJ,IAAA,OAAOS,WAAWJ,SAAS;IAE3BM,8BAA+BF,CAAAA,UAAAA,CAAAA;AAC/BG,IAAAA,mBAAAA,CAAoBH,WAAWI,QAAQ,CAAA;AAEvC,IAAA,MAAMC,SAAU,MAAMzB,MAAAA,CAAOC,EAAE,CAACyB,WAAW,CAAC,UAAA;QAC1C,MAAMC,aAAAA,GAAgB,MAAM3B,MAAOC,CAAAA,EAAE,CAACC,KAAK,CAACR,kBAAoB2B,CAAAA,CAAAA,MAAM,CAAC;YACrEjB,MAAQR,EAAAA,aAAAA;YACRS,QAAUR,EAAAA,eAAAA;YACV+B,IAAM,EAAA;gBACJ,GAAGC,OAAAA,CAAK,eAAeT,UAAW,CAAA;AAClCJ,gBAAAA,SAAAA,EAAWc,IAAKd,CAAAA,SAAAA,CAAAA;gBAChB,GAAGe,mBAAAA,CAAoBX,UAAWI,CAAAA,QAAQ;AAC5C;AACF,SAAA,CAAA;AAEA,QAAA,MAAMQ,QAAQC,GAAG,CACfC,QAAKd,UAAWe,CAAAA,WAAW,EAAE3B,GAAG,CAAC,CAAC4B,MAAAA,GAChCpC,OAAOC,EAAE,CACNC,KAAK,CAACP,6BAAAA,CAAAA,CACN0B,MAAM,CAAC;gBAAEO,IAAM,EAAA;AAAEQ,oBAAAA,MAAAA;oBAAQ3B,KAAOkB,EAAAA;AAAc;AAAE,aAAA,CAAA,CAAA,CAAA;QAIvD,MAAMU,kBAAAA,GAAgD,MAAMrC,MAAAA,CAAOC,EAAE,CAClEC,KAAK,CAACR,kBAAAA,CAAAA,CACN4C,IAAI,CAACX,aAAe,EAAA,aAAA,CAAA;AAEvB,QAAA,IAAIU,kBAAoB,EAAA;YACtBE,MAAOC,CAAAA,MAAM,CAACb,aAAe,EAAA;AAAEQ,gBAAAA,WAAAA,EAAa3B,OAAI,QAAU6B,EAAAA,kBAAAA;AAAoB,aAAA,CAAA;AAChF;QAEA,OAAOV,aAAAA;AACT,KAAA,CAAA;IAEA,OAAO;AAAE,QAAA,GAAGF,MAAM;AAAET,QAAAA;AAAU,KAAA;AAChC;AAEA;;IAGA,MAAMyB,MAAS,GAAA,OACbC,EACAtB,EAAAA,UAAAA,GAAAA;;IAGA,MAAMuB,aAAAA,GAAgB,MAAM3C,MAAOC,CAAAA,EAAE,CAACC,KAAK,CAACR,kBAAoBkD,CAAAA,CAAAA,OAAO,CAAC;QAAEC,KAAO,EAAA;AAAEH,YAAAA;AAAG;AAAE,KAAA,CAAA;AAExF,IAAA,IAAI,CAACC,aAAe,EAAA;AAClB,QAAA,MAAM,IAAInD,aAAc,CAAA,iBAAA,CAAA;AAC1B;IAEA8B,8BAA+BF,CAAAA,UAAAA,CAAAA;AAC/BG,IAAAA,mBAAAA,CAAoBH,WAAWI,QAAQ,CAAA;AAEvC,IAAA,OAAOxB,MAAOC,CAAAA,EAAE,CAACyB,WAAW,CAAC,UAAA;QAC3B,MAAMoB,YAAAA,GAAe,MAAM9C,MAAOC,CAAAA,EAAE,CAACC,KAAK,CAACR,kBAAoB+C,CAAAA,CAAAA,MAAM,CAAC;YACpErC,MAAQR,EAAAA,aAAAA;YACRiD,KAAO,EAAA;AAAEH,gBAAAA;AAAG,aAAA;YACZd,IAAM,EAAA;gBACJ,GAAGC,OAAAA,CAAK,eAAeT,UAAW;AACpC;AACF,SAAA,CAAA;QAEA,IAAIA,UAAAA,CAAWe,WAAW,EAAE;YAC1B,MAAMY,wBAAAA,GAA2B,MAAM/C,MAAAA,CAAOC,EAAE,CAC7CC,KAAK,CAACR,kBAAAA,CAAAA,CACN4C,IAAI,CAACQ,YAAc,EAAA,aAAA,CAAA;AAEtB,YAAA,MAAMT,kBAAqB7B,GAAAA,MAAAA,CAAI,QAAUuC,EAAAA,wBAAAA,IAA4B,EAAE,CAAA;YACvE,MAAMC,cAAAA,GAAiBd,OAAKd,CAAAA,UAAAA,CAAWe,WAAW,CAAA;YAElD,MAAMc,eAAAA,GAAkBC,cAAWb,kBAAoBW,EAAAA,cAAAA,CAAAA;YACvD,MAAMG,YAAAA,GAAeD,cAAWF,cAAgBX,EAAAA,kBAAAA,CAAAA;;;AAIhD,YAAA,MAAML,OAAQC,CAAAA,GAAG,CACfgB,eAAAA,CAAgBzC,GAAG,CAAC,CAAC4B,MACnBpC,GAAAA,MAAAA,CAAOC,EAAE,CAACC,KAAK,CAACP,6BAAAA,CAAAA,CAA+ByD,MAAM,CAAC;oBACpDP,KAAO,EAAA;AAAET,wBAAAA,MAAAA;wBAAQ3B,KAAOiC,EAAAA;AAAG;AAC7B,iBAAA,CAAA,CAAA,CAAA;;;AAMJ,YAAA,MAAMV,OAAQC,CAAAA,GAAG,CACfkB,YAAAA,CAAa3C,GAAG,CAAC,CAAC4B,MAChBpC,GAAAA,MAAAA,CAAOC,EAAE,CAACC,KAAK,CAACP,6BAAAA,CAAAA,CAA+B0B,MAAM,CAAC;oBACpDO,IAAM,EAAA;AAAEQ,wBAAAA,MAAAA;wBAAQ3B,KAAOiC,EAAAA;AAAG;AAC5B,iBAAA,CAAA,CAAA,CAAA;AAGN;;QAGA,MAAMW,iBAAAA,GAA+C,MAAMrD,MAAAA,CAAOC,EAAE,CACjEC,KAAK,CAACR,kBAAAA,CAAAA,CACN4C,IAAI,CAACQ,YAAc,EAAA,aAAA,CAAA;QAEtB,OAAO;AACL,YAAA,GAAGA,YAAY;YACfX,WAAakB,EAAAA,iBAAAA,GAAoBA,kBAAkB7C,GAAG,CAAC,CAAC8C,CAAMA,GAAAA,CAAAA,CAAElB,MAAM,CAAImB,GAAAA;AAC5E,SAAA;AACF,KAAA,CAAA;AACF;AAEA;;IAGA,MAAMC,SAAS,OAAOd,EAAAA,GAAAA;AACpB,IAAA,OAAO1C,MAAOC,CAAAA,EAAE,CAACyB,WAAW,CAAC,UAC3B1B,MAAOC,CAAAA,EAAE,CACNC,KAAK,CAACR,kBAAAA,CAAAA,CACN0D,MAAM,CAAC;YAAEhD,MAAQR,EAAAA,aAAAA;YAAeS,QAAUR,EAAAA,eAAAA;YAAiBgD,KAAO,EAAA;AAAEH,gBAAAA;AAAG;AAAE,SAAA,CAAA,CAAA;AAEhF;AAEA;;AAEC,IACKe,MAAAA,KAAAA,GAAQ,OACZC,WAAAA,GAAc,EAMb,GAAA;AAED,IAAA,IAAInB,OAAOoB,IAAI,CAACD,WAAaxC,CAAAA,CAAAA,MAAM,KAAK,CAAG,EAAA;QACzC,OAAO,IAAA;AACT;IAEA,MAAMT,KAAAA,GAAQ,MAAMT,MAAOC,CAAAA,EAAE,CAC1BC,KAAK,CAACR,kBACNkD,CAAAA,CAAAA,OAAO,CAAC;QAAExC,MAAQR,EAAAA,aAAAA;QAAeS,QAAUR,EAAAA,eAAAA;QAAiBgD,KAAOa,EAAAA;AAAY,KAAA,CAAA;AAElF,IAAA,IAAI,CAACjD,KAAO,EAAA;QACV,OAAOA,KAAAA;AACT;AAEA,IAAA,OAAOC,uBAAwBD,CAAAA,KAAAA,CAAAA;AACjC;AAEA;;IAGA,MAAMmD,UAAU,OAAOlB,EAAAA,GAAAA;AACrB,IAAA,OAAOe,KAAM,CAAA;AAAEf,QAAAA;AAAG,KAAA,CAAA;AACpB;AAEA;;IAGA,MAAMmB,YAAY,OAAOtD,IAAAA,GAAAA;AACvB,IAAA,OAAOkD,KAAM,CAAA;AAAElD,QAAAA;AAAK,KAAA,CAAA;AACtB;AAEA;;AAEC,IACKuD,MAAAA,MAAAA,GAAS,OACbJ,WAAAA,GAAc,EAMb,GAAA;IAED,MAAM/B,aAAAA,GAAgB,MAAM8B,KAAMC,CAAAA,WAAAA,CAAAA;AAElC,IAAA,OAAO,CAAC,CAAC/B,aAAAA;AACX;AAEA,MAAMoC,aAAa,OAAOrB,EAAAA,GAAAA;AACxB,IAAA,MAAM1B,YAAYJ,MAAOC,CAAAA,WAAW,CAAC,GAAA,CAAA,CAAKC,QAAQ,CAAC,KAAA,CAAA;AACnD,IAAA,MAAMa,aAAiB,GAAA,MAAM3B,MAAOC,CAAAA,EAAE,CAACyB,WAAW,CAAC,UACjD1B,MAAAA,CAAOC,EAAE,CAACC,KAAK,CAACR,kBAAAA,CAAAA,CAAoB+C,MAAM,CAAC;YACzCrC,MAAQ,EAAA;AAAC,gBAAA,IAAA;AAAM,gBAAA;AAAY,aAAA;YAC3ByC,KAAO,EAAA;AAAEH,gBAAAA;AAAG,aAAA;YACZd,IAAM,EAAA;AACJZ,gBAAAA,SAAAA,EAAWc,IAAKd,CAAAA,SAAAA;AAClB;AACF,SAAA,CAAA,CAAA;AAGF,IAAA,IAAI,CAACW,aAAe,EAAA;AAClB,QAAA,MAAM,IAAInC,aAAc,CAAA,sCAAA,CAAA;AAC1B;IAEA,OAAO;AACL,QAAA,GAAGmC,aAAa;AAChBX,QAAAA;AACF,KAAA;AACF;AAEA,MAAMe,sBAAsB,CAACP,QAAAA,GAAAA;;AAE3B,IAAA,MAAMwC,gBAAgBC,WAASzC,CAAAA,QAAAA,CAAAA,IAAa0C,OAAOC,QAAQ,CAAC3C,aAAaA,QAAW,GAAA,CAAA;AACpF,IAAA,IAAI,CAACwC,aAAAA,IAAiB,CAACI,QAAAA,CAAM5C,QAAW,CAAA,EAAA;AACtC,QAAA,MAAM,IAAIjC,eAAgB,CAAA,4CAAA,CAAA;AAC5B;IAEA,OAAO;AACLiC,QAAAA,QAAAA,EAAUA,QAAY,IAAA,IAAA;AACtB6C,QAAAA,SAAAA,EAAW7C,QAAW8C,GAAAA,IAAAA,CAAKC,GAAG,EAAA,GAAK/C,QAAW,GAAA;AAChD,KAAA;AACF,CAAA;AAEA;;IAGA,MAAMM,OAAO,CAACd,SAAAA,GAAAA;AACZ,IAAA,MAAM,EAAEwD,iBAAiB,EAAE,GAAGC,gBAAAA,CAAW,YAAYC,KAAK;AAE1D,IAAA,IAAI,CAACF,iBAAqB,EAAA,EAAA;AACxB,QAAA,MAAM,IAAIG,SAAU,CAAA,oCAAA,CAAA;AACtB;AAEA,IAAA,OAAO/D,MACJgE,CAAAA,UAAU,CAAC,QAAA,EAAU5E,OAAO6E,MAAM,CAACC,GAAG,CAAC,2BACvCrC,CAAAA,CAAAA,CAAAA,MAAM,CAACzB,SAAAA,CAAAA,CACP+D,MAAM,CAAC,KAAA,CAAA;AACZ;AAEA,MAAMC,kBAAqB,GAAA,IAAA;AACzB,IAAA,MAAM,EAAER,iBAAiB,EAAE,GAAGC,gBAAAA,CAAW,YAAYC,KAAK;;AAG1D,IAAA,IAAI,CAAC1E,MAAO6E,CAAAA,MAAM,CAACC,GAAG,CAAC,gCAAmC,CAAA,EAAA;AACxD,QAAA;AACF;AAEA,IAAA,IAAI,CAACN,iBAAqB,EAAA,EAAA;QACxBS,OAAQC,CAAAA,WAAW,CACjB,CAAC;;uQAEgQ,CAAC,CAAA;AAEtQ;AACF;AAEA;;IAGA,MAAMxE,0BAA0B,CAACD,KAAAA,GAAAA;AAC/B,IAAA,IAAI,CAACA,KAAO,EAAA;QACV,OAAOA,KAAAA;AACT;IAEA,OAAO;AACL,QAAA,GAAGA,KAAK;QACR0B,WAAagD,EAAAA,UAAAA,CAAQ1E,KAAM0B,CAAAA,WAAW,CAClC3B,GAAAA,MAAAA,CAAI,UAAUC,KAAM0B,CAAAA,WAAW,CAC/B1B,GAAAA,KAAAA,CAAM0B;AACZ,KAAA;AACF,CAAA;AAEA;;IAGA,MAAMb,iCAAiC,CAACF,UAAAA,GAAAA;AACtC,IAAA,MAAMgE,iBAAoBpF,GAAAA,MAAAA,CAAOqF,OAAO,CAAC,mBAAmBC,UAAU;AACtE,IAAA,MAAMC,mBAAmBH,iBAAkBI,CAAAA,SAAS,CAACpD,MAAM,CAACuB,IAAI,EAAA;AAChE,IAAA,MAAM8B,kBAAqBvC,GAAAA,aAAAA,CAAW9B,UAAWe,CAAAA,WAAW,EAAEoD,gBAAAA,CAAAA;IAE9D,IAAI,CAACG,WAAQD,kBAAqB,CAAA,EAAA;QAChC,MAAM,IAAIlG,gBAAgB,CAAC,8BAA8B,EAAEkG,kBAAmBE,CAAAA,IAAI,CAAC,IAAO,CAAA,CAAA,CAAA,CAAA;AAC5F;AACF,CAAA;AAEA;;IAGA,MAAMC,kBAAkB,CAACpE,QAAAA,GAAAA;AACvB,IAAA,IAAI4C,SAAM5C,QAAW,CAAA,EAAA;QACnB,OAAO,IAAA;AACT;AAEA,IAAA,IACE,CAACyC,WAAAA,CAASzC,QACV,CAAA,IAAA,CAACe,MAAOsD,CAAAA,MAAM,CAACC,SAAAA,CAAUC,wBAAwB,CAAA,CAAEC,QAAQ,CAACxE,QAC5D,CAAA,EAAA;QACA,OAAO,KAAA;AACT;IAEA,OAAO,IAAA;AACT,CAAA;AAEA;;IAGA,MAAMD,sBAAsB,CAACC,QAAAA,GAAAA;IAC3B,IAAI,CAACoE,gBAAgBpE,QAAW,CAAA,EAAA;QAC9B,MAAM,IAAIjC,gBACR,CAAC;MACD,EAAEgD,MAAAA,CAAOsD,MAAM,CAACC,SAAAA,CAAUC,wBAAwB,CAAEJ,CAAAA,IAAI,CAAC,IAAO,CAAA,CAAA,CAAA,CAAA;AAEpE;AACF,CAAA;;;;;;;;;;;;;;;"}

package/dist/server/server/src/services/transfer/token.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"token.mjs","sources":["../../../../../../server/src/services/transfer/token.ts"],"sourcesContent":["import crypto from 'crypto';\nimport assert from 'assert';\nimport { map, isArray, omit, uniq, isNil, difference, isEmpty, isNumber } from 'lodash/fp';\nimport { errors } from '@strapi/utils';\nimport '@strapi/types';\nimport constants from '../constants';\nimport { getService } from '../../utils';\nimport {\n DatabaseTransferToken,\n SanitizedTransferToken,\n TokenCreatePayload,\n TokenUpdatePayload,\n TransferToken,\n TransferTokenPermission,\n} from '../../../../shared/contracts/transfer';\n\nconst { ValidationError, NotFoundError } = errors;\n\nconst TRANSFER_TOKEN_UID = 'admin::transfer-token';\nconst TRANSFER_TOKEN_PERMISSION_UID = 'admin::transfer-token-permission';\n\nconst SELECT_FIELDS = [\n 'id',\n 'name',\n 'description',\n 'lastUsedAt',\n 'lifespan',\n 'expiresAt',\n 'createdAt',\n 'updatedAt',\n] as const;\n\nconst POPULATE_FIELDS = ['permissions'] as const;\n\n/*\n Return a list of all tokens and their permissions\n /\nconst list = async (): Promise<SanitizedTransferToken[]> => {\n const tokens: DatabaseTransferToken[] = await strapi.db.query(TRANSFER_TOKEN_UID).findMany({\n select: SELECT_FIELDS,\n populate: POPULATE_FIELDS,\n orderBy: { name: 'ASC' },\n });\n\n if (!tokens) return tokens;\n return tokens.map((token) => flattenTokenPermissions(token));\n};\n\n/\n Create a random token's access key\n /\nconst generateRandomAccessKey = (): string => crypto.randomBytes(128).toString('hex');\n\n/\n Validate the given access key's format and returns it if valid\n /\nconst validateAccessKey = (accessKey: string): string => {\n assert(typeof accessKey === 'string', 'Access key needs to be a string');\n assert(accessKey.length >= 15, 'Access key needs to have at least 15 characters');\n\n return accessKey;\n};\n\nexport const hasAccessKey = <T extends { accessKey?: string }>(\n attributes: T\n): attributes is T & { accessKey: string } => {\n return 'accessKey' in attributes;\n};\n\n/\n Create a token and its permissions\n /\nconst create = async (attributes: TokenCreatePayload): Promise<TransferToken> => {\n const accessKey = hasAccessKey(attributes)\n ? validateAccessKey(attributes.accessKey)\n : generateRandomAccessKey();\n\n // Make sure the access key isn't picked up directly from the attributes for the next steps\n delete attributes.accessKey;\n\n assertTokenPermissionsValidity(attributes);\n assertValidLifespan(attributes.lifespan);\n\n const result = (await strapi.db.transaction(async () => {\n const transferToken = await strapi.db.query(TRANSFER_TOKEN_UID).create({\n select: SELECT_FIELDS,\n populate: POPULATE_FIELDS,\n data: {\n ...omit('permissions', attributes),\n accessKey: hash(accessKey),\n ...getExpirationFields(attributes.lifespan),\n },\n });\n\n await Promise.all(\n uniq(attributes.permissions).map((action) =>\n strapi.db\n .query(TRANSFER_TOKEN_PERMISSION_UID)\n .create({ data: { action, token: transferToken } })\n )\n );\n\n const currentPermissions: TransferTokenPermission[] = await strapi.db\n .query(TRANSFER_TOKEN_UID)\n .load(transferToken, 'permissions');\n\n if (currentPermissions) {\n Object.assign(transferToken, { permissions: map('action', currentPermissions) });\n }\n\n return transferToken;\n })) as TransferToken;\n\n return { ...result, accessKey };\n};\n\n/\n Update a token and its permissions\n /\nconst update = async (\n id: string \| number,\n attributes: TokenUpdatePayload\n): Promise<SanitizedTransferToken> => {\n // retrieve token without permissions\n const originalToken = await strapi.db.query(TRANSFER_TOKEN_UID).findOne({ where: { id } });\n\n if (!originalToken) {\n throw new NotFoundError('Token not found');\n }\n\n assertTokenPermissionsValidity(attributes);\n assertValidLifespan(attributes.lifespan);\n\n return strapi.db.transaction(async () => {\n const updatedToken = await strapi.db.query(TRANSFER_TOKEN_UID).update({\n select: SELECT_FIELDS,\n where: { id },\n data: {\n ...omit('permissions', attributes),\n },\n });\n\n if (attributes.permissions) {\n const currentPermissionsResult = await strapi.db\n .query(TRANSFER_TOKEN_UID)\n .load(updatedToken, 'permissions');\n\n const currentPermissions = map('action', currentPermissionsResult \|\| []);\n const newPermissions = uniq(attributes.permissions);\n\n const actionsToDelete = difference(currentPermissions, newPermissions);\n const actionsToAdd = difference(newPermissions, currentPermissions);\n\n // TODO: improve efficiency here\n // method using a loop -- works but very inefficient\n await Promise.all(\n actionsToDelete.map((action) =>\n strapi.db.query(TRANSFER_TOKEN_PERMISSION_UID).delete({\n where: { action, token: id },\n })\n )\n );\n\n // TODO: improve efficiency here\n // using a loop -- works but very inefficient\n await Promise.all(\n actionsToAdd.map((action) =>\n strapi.db.query(TRANSFER_TOKEN_PERMISSION_UID).create({\n data: { action, token: id },\n })\n )\n );\n }\n\n // retrieve permissions\n const permissionsFromDb: TransferTokenPermission[] = await strapi.db\n .query(TRANSFER_TOKEN_UID)\n .load(updatedToken, 'permissions');\n\n return {\n ...updatedToken,\n permissions: permissionsFromDb ? permissionsFromDb.map((p) => p.action) : undefined,\n };\n }) as unknown as Promise<SanitizedTransferToken>;\n};\n\n/\n Revoke (delete) a token\n /\nconst revoke = async (id: string \| number): Promise<SanitizedTransferToken> => {\n return strapi.db.transaction(async () =>\n strapi.db\n .query(TRANSFER_TOKEN_UID)\n .delete({ select: SELECT_FIELDS, populate: POPULATE_FIELDS, where: { id } })\n ) as unknown as Promise<SanitizedTransferToken>;\n};\n\n/\n Get a token\n /\nconst getBy = async (\n whereParams = {} as {\n id?: string \| number;\n name?: string;\n lastUsedAt?: number;\n description?: string;\n accessKey?: string;\n }\n): Promise<SanitizedTransferToken \| null> => {\n if (Object.keys(whereParams).length === 0) {\n return null;\n }\n\n const token = await strapi.db\n .query(TRANSFER_TOKEN_UID)\n .findOne({ select: SELECT_FIELDS, populate: POPULATE_FIELDS, where: whereParams });\n\n if (!token) {\n return token;\n }\n\n return flattenTokenPermissions(token);\n};\n\n/\n Retrieve a token by id\n /\nconst getById = async (id: string \| number): Promise<SanitizedTransferToken \| null> => {\n return getBy({ id });\n};\n\n/\n Retrieve a token by name\n /\nconst getByName = async (name: string): Promise<SanitizedTransferToken \| null> => {\n return getBy({ name });\n};\n\n/\n Check if token exists\n /\nconst exists = async (\n whereParams = {} as {\n id?: string \| number;\n name?: string;\n lastUsedAt?: number;\n description?: string;\n accessKey?: string;\n }\n): Promise<boolean> => {\n const transferToken = await getBy(whereParams);\n\n return !!transferToken;\n};\n\nconst regenerate = async (id: string \| number): Promise<TransferToken> => {\n const accessKey = crypto.randomBytes(128).toString('hex');\n const transferToken = (await strapi.db.transaction(async () =>\n strapi.db.query(TRANSFER_TOKEN_UID).update({\n select: ['id', 'accessKey'],\n where: { id },\n data: {\n accessKey: hash(accessKey),\n },\n })\n )) as Promise<TransferToken>;\n\n if (!transferToken) {\n throw new NotFoundError('The provided token id does not exist');\n }\n\n return {\n ...transferToken,\n accessKey,\n };\n};\n\nconst getExpirationFields = (lifespan: TransferToken['lifespan']) => {\n // it must be nil or a finite number >= 0\n const isValidNumber = isNumber(lifespan) && Number.isFinite(lifespan) && lifespan > 0;\n if (!isValidNumber && !isNil(lifespan)) {\n throw new ValidationError('lifespan must be a positive number or null');\n }\n\n return {\n lifespan: lifespan \|\| null,\n expiresAt: lifespan ? Date.now() + lifespan : null,\n };\n};\n\n/\n Return a secure sha512 hash of an accessKey\n /\nconst hash = (accessKey: string): string => {\n const { hasValidTokenSalt } = getService('transfer').utils;\n\n if (!hasValidTokenSalt()) {\n throw new TypeError('Required token salt is not defined');\n }\n\n return crypto\n .createHmac('sha512', strapi.config.get('admin.transfer.token.salt'))\n .update(accessKey)\n .digest('hex');\n};\n\nconst checkSaltIsDefined = () => {\n const { hasValidTokenSalt } = getService('transfer').utils;\n\n // Ignore the check if the data-transfer feature is manually disabled\n if (!strapi.config.get('server.transfer.remote.enabled')) {\n return;\n }\n\n if (!hasValidTokenSalt()) {\n process.emitWarning(\n `Missing transfer.token.salt: Data transfer features have been disabled.\nPlease set transfer.token.salt in config/admin.js (ex: you can generate one using Node with \\`crypto.randomBytes(16).toString('base64')\\`)\nFor security reasons, prefer storing the secret in an environment variable and read it in config/admin.js. See https://docs.strapi.io/developer-docs/latest/setup-deployment-guides/configurations/optional/environment.html#configuration-using-environment-variables.`\n );\n }\n};\n\n/\n Flatten a token's database permissions objects to an array of strings\n /\nconst flattenTokenPermissions = (token: DatabaseTransferToken): TransferToken => {\n if (!token) {\n return token;\n }\n\n return {\n ...token,\n permissions: isArray(token.permissions)\n ? map('action', token.permissions as TransferTokenPermission[])\n : token.permissions,\n };\n};\n\n/\n Assert that a token's permissions are valid\n /\nconst assertTokenPermissionsValidity = (attributes: TokenUpdatePayload) => {\n const permissionService = strapi.service('admin::transfer').permission;\n const validPermissions = permissionService.providers.action.keys();\n const invalidPermissions = difference(attributes.permissions, validPermissions);\n\n if (!isEmpty(invalidPermissions)) {\n throw new ValidationError(`Unknown permissions provided: ${invalidPermissions.join(', ')}`);\n }\n};\n\n/\n Check if a token's lifespan is valid\n /\nconst isValidLifespan = (lifespan: unknown) => {\n if (isNil(lifespan)) {\n return true;\n }\n\n if (\n !isNumber(lifespan) \|\|\n !Object.values(constants.TRANSFER_TOKEN_LIFESPANS).includes(lifespan)\n ) {\n return false;\n }\n\n return true;\n};\n\n/\n Assert that a token's lifespan is valid\n */\nconst assertValidLifespan = (lifespan: unknown) => {\n if (!isValidLifespan(lifespan)) {\n throw new ValidationError(\n `lifespan must be one of the following values:\n ${Object.values(constants.TRANSFER_TOKEN_LIFESPANS).join(', ')}`\n );\n }\n};\n\nexport {\n create,\n list,\n exists,\n getBy,\n getById,\n getByName,\n update,\n revoke,\n regenerate,\n hash,\n checkSaltIsDefined,\n};\n"],"names":["ValidationError","NotFoundError","errors","TRANSFER_TOKEN_UID","TRANSFER_TOKEN_PERMISSION_UID","SELECT_FIELDS","POPULATE_FIELDS","list","tokens","strapi","db","query","findMany","select","populate","orderBy","name","map","token","flattenTokenPermissions","generateRandomAccessKey","crypto","randomBytes","toString","validateAccessKey","accessKey","assert","length","hasAccessKey","attributes","create","assertTokenPermissionsValidity","assertValidLifespan","lifespan","result","transaction","transferToken","data","omit","hash","getExpirationFields","Promise","all","uniq","permissions","action","currentPermissions","load","Object","assign","update","id","originalToken","findOne","where","updatedToken","currentPermissionsResult","newPermissions","actionsToDelete","difference","actionsToAdd","delete","permissionsFromDb","p","undefined","revoke","getBy","whereParams","keys","getById","getByName","exists","regenerate","isValidNumber","isNumber","Number","isFinite","isNil","expiresAt","Date","now","hasValidTokenSalt","getService","utils","TypeError","createHmac","config","get","digest","checkSaltIsDefined","process","emitWarning","isArray","permissionService","service","permission","validPermissions","providers","invalidPermissions","isEmpty","join","isValidLifespan","values","constants","TRANSFER_TOKEN_LIFESPANS","includes"],"mappings":";;;;;;;;AAgBA,MAAM,EAAEA,eAAe,EAAEC,aAAa,EAAE,GAAGC,MAAAA;AAE3C,MAAMC,kBAAqB,GAAA,uBAAA;AAC3B,MAAMC,6BAAgC,GAAA,kCAAA;AAEtC,MAAMC,aAAgB,GAAA;AACpB,IAAA,IAAA;AACA,IAAA,MAAA;AACA,IAAA,aAAA;AACA,IAAA,YAAA;AACA,IAAA,UAAA;AACA,IAAA,WAAA;AACA,IAAA,WAAA;AACA,IAAA;AACD,CAAA;AAED,MAAMC,eAAkB,GAAA;AAAC,IAAA;AAAc,CAAA;AAEvC;;AAEC,UACKC,IAAO,GAAA,UAAA;IACX,MAAMC,MAAAA,GAAkC,MAAMC,MAAOC,CAAAA,EAAE,CAACC,KAAK,CAACR,kBAAoBS,CAAAA,CAAAA,QAAQ,CAAC;QACzFC,MAAQR,EAAAA,aAAAA;QACRS,QAAUR,EAAAA,eAAAA;QACVS,OAAS,EAAA;YAAEC,IAAM,EAAA;AAAM;AACzB,KAAA,CAAA;IAEA,IAAI,CAACR,QAAQ,OAAOA,MAAAA;AACpB,IAAA,OAAOA,MAAOS,CAAAA,GAAG,CAAC,CAACC,QAAUC,uBAAwBD,CAAAA,KAAAA,CAAAA,CAAAA;AACvD;AAEA;;IAGA,MAAME,0BAA0B,IAAcC,MAAAA,CAAOC,WAAW,CAAC,GAAA,CAAA,CAAKC,QAAQ,CAAC,KAAA,CAAA;AAE/E;;IAGA,MAAMC,oBAAoB,CAACC,SAAAA,GAAAA;IACzBC,MAAO,CAAA,OAAOD,cAAc,QAAU,EAAA,iCAAA,CAAA;IACtCC,MAAOD,CAAAA,SAAAA,CAAUE,MAAM,IAAI,EAAI,EAAA,iDAAA,CAAA;IAE/B,OAAOF,SAAAA;AACT,CAAA;AAEO,MAAMG,eAAe,CAC1BC,UAAAA,GAAAA;AAEA,IAAA,OAAO,WAAeA,IAAAA,UAAAA;AACxB;AAEA;;IAGA,MAAMC,SAAS,OAAOD,UAAAA,GAAAA;AACpB,IAAA,MAAMJ,YAAYG,YAAaC,CAAAA,UAAAA,CAAAA,GAC3BL,iBAAkBK,CAAAA,UAAAA,CAAWJ,SAAS,CACtCL,GAAAA,uBAAAA,EAAAA;;AAGJ,IAAA,OAAOS,WAAWJ,SAAS;IAE3BM,8BAA+BF,CAAAA,UAAAA,CAAAA;AAC/BG,IAAAA,mBAAAA,CAAoBH,WAAWI,QAAQ,CAAA;AAEvC,IAAA,MAAMC,SAAU,MAAMzB,MAAAA,CAAOC,EAAE,CAACyB,WAAW,CAAC,UAAA;QAC1C,MAAMC,aAAAA,GAAgB,MAAM3B,MAAOC,CAAAA,EAAE,CAACC,KAAK,CAACR,kBAAoB2B,CAAAA,CAAAA,MAAM,CAAC;YACrEjB,MAAQR,EAAAA,aAAAA;YACRS,QAAUR,EAAAA,eAAAA;YACV+B,IAAM,EAAA;gBACJ,GAAGC,IAAAA,CAAK,eAAeT,UAAW,CAAA;AAClCJ,gBAAAA,SAAAA,EAAWc,IAAKd,CAAAA,SAAAA,CAAAA;gBAChB,GAAGe,mBAAAA,CAAoBX,UAAWI,CAAAA,QAAQ;AAC5C;AACF,SAAA,CAAA;AAEA,QAAA,MAAMQ,QAAQC,GAAG,CACfC,KAAKd,UAAWe,CAAAA,WAAW,EAAE3B,GAAG,CAAC,CAAC4B,MAAAA,GAChCpC,OAAOC,EAAE,CACNC,KAAK,CAACP,6BAAAA,CAAAA,CACN0B,MAAM,CAAC;gBAAEO,IAAM,EAAA;AAAEQ,oBAAAA,MAAAA;oBAAQ3B,KAAOkB,EAAAA;AAAc;AAAE,aAAA,CAAA,CAAA,CAAA;QAIvD,MAAMU,kBAAAA,GAAgD,MAAMrC,MAAAA,CAAOC,EAAE,CAClEC,KAAK,CAACR,kBAAAA,CAAAA,CACN4C,IAAI,CAACX,aAAe,EAAA,aAAA,CAAA;AAEvB,QAAA,IAAIU,kBAAoB,EAAA;YACtBE,MAAOC,CAAAA,MAAM,CAACb,aAAe,EAAA;AAAEQ,gBAAAA,WAAAA,EAAa3B,IAAI,QAAU6B,EAAAA,kBAAAA;AAAoB,aAAA,CAAA;AAChF;QAEA,OAAOV,aAAAA;AACT,KAAA,CAAA;IAEA,OAAO;AAAE,QAAA,GAAGF,MAAM;AAAET,QAAAA;AAAU,KAAA;AAChC;AAEA;;IAGA,MAAMyB,MAAS,GAAA,OACbC,EACAtB,EAAAA,UAAAA,GAAAA;;IAGA,MAAMuB,aAAAA,GAAgB,MAAM3C,MAAOC,CAAAA,EAAE,CAACC,KAAK,CAACR,kBAAoBkD,CAAAA,CAAAA,OAAO,CAAC;QAAEC,KAAO,EAAA;AAAEH,YAAAA;AAAG;AAAE,KAAA,CAAA;AAExF,IAAA,IAAI,CAACC,aAAe,EAAA;AAClB,QAAA,MAAM,IAAInD,aAAc,CAAA,iBAAA,CAAA;AAC1B;IAEA8B,8BAA+BF,CAAAA,UAAAA,CAAAA;AAC/BG,IAAAA,mBAAAA,CAAoBH,WAAWI,QAAQ,CAAA;AAEvC,IAAA,OAAOxB,MAAOC,CAAAA,EAAE,CAACyB,WAAW,CAAC,UAAA;QAC3B,MAAMoB,YAAAA,GAAe,MAAM9C,MAAOC,CAAAA,EAAE,CAACC,KAAK,CAACR,kBAAoB+C,CAAAA,CAAAA,MAAM,CAAC;YACpErC,MAAQR,EAAAA,aAAAA;YACRiD,KAAO,EAAA;AAAEH,gBAAAA;AAAG,aAAA;YACZd,IAAM,EAAA;gBACJ,GAAGC,IAAAA,CAAK,eAAeT,UAAW;AACpC;AACF,SAAA,CAAA;QAEA,IAAIA,UAAAA,CAAWe,WAAW,EAAE;YAC1B,MAAMY,wBAAAA,GAA2B,MAAM/C,MAAAA,CAAOC,EAAE,CAC7CC,KAAK,CAACR,kBAAAA,CAAAA,CACN4C,IAAI,CAACQ,YAAc,EAAA,aAAA,CAAA;AAEtB,YAAA,MAAMT,kBAAqB7B,GAAAA,GAAAA,CAAI,QAAUuC,EAAAA,wBAAAA,IAA4B,EAAE,CAAA;YACvE,MAAMC,cAAAA,GAAiBd,IAAKd,CAAAA,UAAAA,CAAWe,WAAW,CAAA;YAElD,MAAMc,eAAAA,GAAkBC,WAAWb,kBAAoBW,EAAAA,cAAAA,CAAAA;YACvD,MAAMG,YAAAA,GAAeD,WAAWF,cAAgBX,EAAAA,kBAAAA,CAAAA;;;AAIhD,YAAA,MAAML,OAAQC,CAAAA,GAAG,CACfgB,eAAAA,CAAgBzC,GAAG,CAAC,CAAC4B,MACnBpC,GAAAA,MAAAA,CAAOC,EAAE,CAACC,KAAK,CAACP,6BAAAA,CAAAA,CAA+ByD,MAAM,CAAC;oBACpDP,KAAO,EAAA;AAAET,wBAAAA,MAAAA;wBAAQ3B,KAAOiC,EAAAA;AAAG;AAC7B,iBAAA,CAAA,CAAA,CAAA;;;AAMJ,YAAA,MAAMV,OAAQC,CAAAA,GAAG,CACfkB,YAAAA,CAAa3C,GAAG,CAAC,CAAC4B,MAChBpC,GAAAA,MAAAA,CAAOC,EAAE,CAACC,KAAK,CAACP,6BAAAA,CAAAA,CAA+B0B,MAAM,CAAC;oBACpDO,IAAM,EAAA;AAAEQ,wBAAAA,MAAAA;wBAAQ3B,KAAOiC,EAAAA;AAAG;AAC5B,iBAAA,CAAA,CAAA,CAAA;AAGN;;QAGA,MAAMW,iBAAAA,GAA+C,MAAMrD,MAAAA,CAAOC,EAAE,CACjEC,KAAK,CAACR,kBAAAA,CAAAA,CACN4C,IAAI,CAACQ,YAAc,EAAA,aAAA,CAAA;QAEtB,OAAO;AACL,YAAA,GAAGA,YAAY;YACfX,WAAakB,EAAAA,iBAAAA,GAAoBA,kBAAkB7C,GAAG,CAAC,CAAC8C,CAAMA,GAAAA,CAAAA,CAAElB,MAAM,CAAImB,GAAAA;AAC5E,SAAA;AACF,KAAA,CAAA;AACF;AAEA;;IAGA,MAAMC,SAAS,OAAOd,EAAAA,GAAAA;AACpB,IAAA,OAAO1C,MAAOC,CAAAA,EAAE,CAACyB,WAAW,CAAC,UAC3B1B,MAAOC,CAAAA,EAAE,CACNC,KAAK,CAACR,kBAAAA,CAAAA,CACN0D,MAAM,CAAC;YAAEhD,MAAQR,EAAAA,aAAAA;YAAeS,QAAUR,EAAAA,eAAAA;YAAiBgD,KAAO,EAAA;AAAEH,gBAAAA;AAAG;AAAE,SAAA,CAAA,CAAA;AAEhF;AAEA;;AAEC,IACKe,MAAAA,KAAAA,GAAQ,OACZC,WAAAA,GAAc,EAMb,GAAA;AAED,IAAA,IAAInB,OAAOoB,IAAI,CAACD,WAAaxC,CAAAA,CAAAA,MAAM,KAAK,CAAG,EAAA;QACzC,OAAO,IAAA;AACT;IAEA,MAAMT,KAAAA,GAAQ,MAAMT,MAAOC,CAAAA,EAAE,CAC1BC,KAAK,CAACR,kBACNkD,CAAAA,CAAAA,OAAO,CAAC;QAAExC,MAAQR,EAAAA,aAAAA;QAAeS,QAAUR,EAAAA,eAAAA;QAAiBgD,KAAOa,EAAAA;AAAY,KAAA,CAAA;AAElF,IAAA,IAAI,CAACjD,KAAO,EAAA;QACV,OAAOA,KAAAA;AACT;AAEA,IAAA,OAAOC,uBAAwBD,CAAAA,KAAAA,CAAAA;AACjC;AAEA;;IAGA,MAAMmD,UAAU,OAAOlB,EAAAA,GAAAA;AACrB,IAAA,OAAOe,KAAM,CAAA;AAAEf,QAAAA;AAAG,KAAA,CAAA;AACpB;AAEA;;IAGA,MAAMmB,YAAY,OAAOtD,IAAAA,GAAAA;AACvB,IAAA,OAAOkD,KAAM,CAAA;AAAElD,QAAAA;AAAK,KAAA,CAAA;AACtB;AAEA;;AAEC,IACKuD,MAAAA,MAAAA,GAAS,OACbJ,WAAAA,GAAc,EAMb,GAAA;IAED,MAAM/B,aAAAA,GAAgB,MAAM8B,KAAMC,CAAAA,WAAAA,CAAAA;AAElC,IAAA,OAAO,CAAC,CAAC/B,aAAAA;AACX;AAEA,MAAMoC,aAAa,OAAOrB,EAAAA,GAAAA;AACxB,IAAA,MAAM1B,YAAYJ,MAAOC,CAAAA,WAAW,CAAC,GAAA,CAAA,CAAKC,QAAQ,CAAC,KAAA,CAAA;AACnD,IAAA,MAAMa,aAAiB,GAAA,MAAM3B,MAAOC,CAAAA,EAAE,CAACyB,WAAW,CAAC,UACjD1B,MAAAA,CAAOC,EAAE,CAACC,KAAK,CAACR,kBAAAA,CAAAA,CAAoB+C,MAAM,CAAC;YACzCrC,MAAQ,EAAA;AAAC,gBAAA,IAAA;AAAM,gBAAA;AAAY,aAAA;YAC3ByC,KAAO,EAAA;AAAEH,gBAAAA;AAAG,aAAA;YACZd,IAAM,EAAA;AACJZ,gBAAAA,SAAAA,EAAWc,IAAKd,CAAAA,SAAAA;AAClB;AACF,SAAA,CAAA,CAAA;AAGF,IAAA,IAAI,CAACW,aAAe,EAAA;AAClB,QAAA,MAAM,IAAInC,aAAc,CAAA,sCAAA,CAAA;AAC1B;IAEA,OAAO;AACL,QAAA,GAAGmC,aAAa;AAChBX,QAAAA;AACF,KAAA;AACF;AAEA,MAAMe,sBAAsB,CAACP,QAAAA,GAAAA;;AAE3B,IAAA,MAAMwC,gBAAgBC,QAASzC,CAAAA,QAAAA,CAAAA,IAAa0C,OAAOC,QAAQ,CAAC3C,aAAaA,QAAW,GAAA,CAAA;AACpF,IAAA,IAAI,CAACwC,aAAAA,IAAiB,CAACI,KAAAA,CAAM5C,QAAW,CAAA,EAAA;AACtC,QAAA,MAAM,IAAIjC,eAAgB,CAAA,4CAAA,CAAA;AAC5B;IAEA,OAAO;AACLiC,QAAAA,QAAAA,EAAUA,QAAY,IAAA,IAAA;AACtB6C,QAAAA,SAAAA,EAAW7C,QAAW8C,GAAAA,IAAAA,CAAKC,GAAG,EAAA,GAAK/C,QAAW,GAAA;AAChD,KAAA;AACF,CAAA;AAEA;;IAGA,MAAMM,OAAO,CAACd,SAAAA,GAAAA;AACZ,IAAA,MAAM,EAAEwD,iBAAiB,EAAE,GAAGC,UAAAA,CAAW,YAAYC,KAAK;AAE1D,IAAA,IAAI,CAACF,iBAAqB,EAAA,EAAA;AACxB,QAAA,MAAM,IAAIG,SAAU,CAAA,oCAAA,CAAA;AACtB;AAEA,IAAA,OAAO/D,MACJgE,CAAAA,UAAU,CAAC,QAAA,EAAU5E,OAAO6E,MAAM,CAACC,GAAG,CAAC,2BACvCrC,CAAAA,CAAAA,CAAAA,MAAM,CAACzB,SAAAA,CAAAA,CACP+D,MAAM,CAAC,KAAA,CAAA;AACZ;AAEA,MAAMC,kBAAqB,GAAA,IAAA;AACzB,IAAA,MAAM,EAAER,iBAAiB,EAAE,GAAGC,UAAAA,CAAW,YAAYC,KAAK;;AAG1D,IAAA,IAAI,CAAC1E,MAAO6E,CAAAA,MAAM,CAACC,GAAG,CAAC,gCAAmC,CAAA,EAAA;AACxD,QAAA;AACF;AAEA,IAAA,IAAI,CAACN,iBAAqB,EAAA,EAAA;QACxBS,OAAQC,CAAAA,WAAW,CACjB,CAAC;;uQAEgQ,CAAC,CAAA;AAEtQ;AACF;AAEA;;IAGA,MAAMxE,0BAA0B,CAACD,KAAAA,GAAAA;AAC/B,IAAA,IAAI,CAACA,KAAO,EAAA;QACV,OAAOA,KAAAA;AACT;IAEA,OAAO;AACL,QAAA,GAAGA,KAAK;QACR0B,WAAagD,EAAAA,OAAAA,CAAQ1E,KAAM0B,CAAAA,WAAW,CAClC3B,GAAAA,GAAAA,CAAI,UAAUC,KAAM0B,CAAAA,WAAW,CAC/B1B,GAAAA,KAAAA,CAAM0B;AACZ,KAAA;AACF,CAAA;AAEA;;IAGA,MAAMb,iCAAiC,CAACF,UAAAA,GAAAA;AACtC,IAAA,MAAMgE,iBAAoBpF,GAAAA,MAAAA,CAAOqF,OAAO,CAAC,mBAAmBC,UAAU;AACtE,IAAA,MAAMC,mBAAmBH,iBAAkBI,CAAAA,SAAS,CAACpD,MAAM,CAACuB,IAAI,EAAA;AAChE,IAAA,MAAM8B,kBAAqBvC,GAAAA,UAAAA,CAAW9B,UAAWe,CAAAA,WAAW,EAAEoD,gBAAAA,CAAAA;IAE9D,IAAI,CAACG,QAAQD,kBAAqB,CAAA,EAAA;QAChC,MAAM,IAAIlG,gBAAgB,CAAC,8BAA8B,EAAEkG,kBAAmBE,CAAAA,IAAI,CAAC,IAAA,CAAA,CAAM,CAAC,CAAA;AAC5F;AACF,CAAA;AAEA;;IAGA,MAAMC,kBAAkB,CAACpE,QAAAA,GAAAA;AACvB,IAAA,IAAI4C,MAAM5C,QAAW,CAAA,EAAA;QACnB,OAAO,IAAA;AACT;AAEA,IAAA,IACE,CAACyC,QAAAA,CAASzC,QACV,CAAA,IAAA,CAACe,MAAOsD,CAAAA,MAAM,CAACC,SAAAA,CAAUC,wBAAwB,CAAA,CAAEC,QAAQ,CAACxE,QAC5D,CAAA,EAAA;QACA,OAAO,KAAA;AACT;IAEA,OAAO,IAAA;AACT,CAAA;AAEA;;IAGA,MAAMD,sBAAsB,CAACC,QAAAA,GAAAA;IAC3B,IAAI,CAACoE,gBAAgBpE,QAAW,CAAA,EAAA;QAC9B,MAAM,IAAIjC,gBACR,CAAC;MACD,EAAEgD,MAAAA,CAAOsD,MAAM,CAACC,SAAAA,CAAUC,wBAAwB,CAAEJ,CAAAA,IAAI,CAAC,IAAA,CAAA,CAAM,CAAC,CAAA;AAEpE;AACF,CAAA;;;;"}
1	+ {"version":3,"file":"token.mjs","sources":["../../../../../../server/src/services/transfer/token.ts"],"sourcesContent":["import crypto from 'crypto';\nimport assert from 'assert';\nimport { map, isArray, omit, uniq, isNil, difference, isEmpty, isNumber } from 'lodash/fp';\nimport { errors } from '@strapi/utils';\nimport '@strapi/types';\nimport constants from '../constants';\nimport { getService } from '../../utils';\nimport {\n DatabaseTransferToken,\n SanitizedTransferToken,\n TokenCreatePayload,\n TokenUpdatePayload,\n TransferToken,\n TransferTokenPermission,\n} from '../../../../shared/contracts/transfer';\n\nconst { ValidationError, NotFoundError } = errors;\n\nconst TRANSFER_TOKEN_UID = 'admin::transfer-token';\nconst TRANSFER_TOKEN_PERMISSION_UID = 'admin::transfer-token-permission';\n\nconst SELECT_FIELDS = [\n 'id',\n 'name',\n 'description',\n 'lastUsedAt',\n 'lifespan',\n 'expiresAt',\n 'createdAt',\n 'updatedAt',\n] as const;\n\nconst POPULATE_FIELDS = ['permissions'] as const;\n\n/*\n Return a list of all tokens and their permissions\n /\nconst list = async (): Promise<SanitizedTransferToken[]> => {\n const tokens: DatabaseTransferToken[] = await strapi.db.query(TRANSFER_TOKEN_UID).findMany({\n select: SELECT_FIELDS,\n populate: POPULATE_FIELDS,\n orderBy: { name: 'ASC' },\n });\n\n if (!tokens) return tokens;\n return tokens.map((token) => flattenTokenPermissions(token));\n};\n\n/\n Create a random token's access key\n /\nconst generateRandomAccessKey = (): string => crypto.randomBytes(128).toString('hex');\n\n/\n Validate the given access key's format and returns it if valid\n /\nconst validateAccessKey = (accessKey: string): string => {\n assert(typeof accessKey === 'string', 'Access key needs to be a string');\n assert(accessKey.length >= 15, 'Access key needs to have at least 15 characters');\n\n return accessKey;\n};\n\nexport const hasAccessKey = <T extends { accessKey?: string }>(\n attributes: T\n): attributes is T & { accessKey: string } => {\n return 'accessKey' in attributes;\n};\n\n/\n Create a token and its permissions\n /\nconst create = async (attributes: TokenCreatePayload): Promise<TransferToken> => {\n const accessKey = hasAccessKey(attributes)\n ? validateAccessKey(attributes.accessKey)\n : generateRandomAccessKey();\n\n // Make sure the access key isn't picked up directly from the attributes for the next steps\n delete attributes.accessKey;\n\n assertTokenPermissionsValidity(attributes);\n assertValidLifespan(attributes.lifespan);\n\n const result = (await strapi.db.transaction(async () => {\n const transferToken = await strapi.db.query(TRANSFER_TOKEN_UID).create({\n select: SELECT_FIELDS,\n populate: POPULATE_FIELDS,\n data: {\n ...omit('permissions', attributes),\n accessKey: hash(accessKey),\n ...getExpirationFields(attributes.lifespan),\n },\n });\n\n await Promise.all(\n uniq(attributes.permissions).map((action) =>\n strapi.db\n .query(TRANSFER_TOKEN_PERMISSION_UID)\n .create({ data: { action, token: transferToken } })\n )\n );\n\n const currentPermissions: TransferTokenPermission[] = await strapi.db\n .query(TRANSFER_TOKEN_UID)\n .load(transferToken, 'permissions');\n\n if (currentPermissions) {\n Object.assign(transferToken, { permissions: map('action', currentPermissions) });\n }\n\n return transferToken;\n })) as TransferToken;\n\n return { ...result, accessKey };\n};\n\n/\n Update a token and its permissions\n /\nconst update = async (\n id: string \| number,\n attributes: TokenUpdatePayload\n): Promise<SanitizedTransferToken> => {\n // retrieve token without permissions\n const originalToken = await strapi.db.query(TRANSFER_TOKEN_UID).findOne({ where: { id } });\n\n if (!originalToken) {\n throw new NotFoundError('Token not found');\n }\n\n assertTokenPermissionsValidity(attributes);\n assertValidLifespan(attributes.lifespan);\n\n return strapi.db.transaction(async () => {\n const updatedToken = await strapi.db.query(TRANSFER_TOKEN_UID).update({\n select: SELECT_FIELDS,\n where: { id },\n data: {\n ...omit('permissions', attributes),\n },\n });\n\n if (attributes.permissions) {\n const currentPermissionsResult = await strapi.db\n .query(TRANSFER_TOKEN_UID)\n .load(updatedToken, 'permissions');\n\n const currentPermissions = map('action', currentPermissionsResult \|\| []);\n const newPermissions = uniq(attributes.permissions);\n\n const actionsToDelete = difference(currentPermissions, newPermissions);\n const actionsToAdd = difference(newPermissions, currentPermissions);\n\n // TODO: improve efficiency here\n // method using a loop -- works but very inefficient\n await Promise.all(\n actionsToDelete.map((action) =>\n strapi.db.query(TRANSFER_TOKEN_PERMISSION_UID).delete({\n where: { action, token: id },\n })\n )\n );\n\n // TODO: improve efficiency here\n // using a loop -- works but very inefficient\n await Promise.all(\n actionsToAdd.map((action) =>\n strapi.db.query(TRANSFER_TOKEN_PERMISSION_UID).create({\n data: { action, token: id },\n })\n )\n );\n }\n\n // retrieve permissions\n const permissionsFromDb: TransferTokenPermission[] = await strapi.db\n .query(TRANSFER_TOKEN_UID)\n .load(updatedToken, 'permissions');\n\n return {\n ...updatedToken,\n permissions: permissionsFromDb ? permissionsFromDb.map((p) => p.action) : undefined,\n };\n }) as unknown as Promise<SanitizedTransferToken>;\n};\n\n/\n Revoke (delete) a token\n /\nconst revoke = async (id: string \| number): Promise<SanitizedTransferToken> => {\n return strapi.db.transaction(async () =>\n strapi.db\n .query(TRANSFER_TOKEN_UID)\n .delete({ select: SELECT_FIELDS, populate: POPULATE_FIELDS, where: { id } })\n ) as unknown as Promise<SanitizedTransferToken>;\n};\n\n/\n Get a token\n /\nconst getBy = async (\n whereParams = {} as {\n id?: string \| number;\n name?: string;\n lastUsedAt?: number;\n description?: string;\n accessKey?: string;\n }\n): Promise<SanitizedTransferToken \| null> => {\n if (Object.keys(whereParams).length === 0) {\n return null;\n }\n\n const token = await strapi.db\n .query(TRANSFER_TOKEN_UID)\n .findOne({ select: SELECT_FIELDS, populate: POPULATE_FIELDS, where: whereParams });\n\n if (!token) {\n return token;\n }\n\n return flattenTokenPermissions(token);\n};\n\n/\n Retrieve a token by id\n /\nconst getById = async (id: string \| number): Promise<SanitizedTransferToken \| null> => {\n return getBy({ id });\n};\n\n/\n Retrieve a token by name\n /\nconst getByName = async (name: string): Promise<SanitizedTransferToken \| null> => {\n return getBy({ name });\n};\n\n/\n Check if token exists\n /\nconst exists = async (\n whereParams = {} as {\n id?: string \| number;\n name?: string;\n lastUsedAt?: number;\n description?: string;\n accessKey?: string;\n }\n): Promise<boolean> => {\n const transferToken = await getBy(whereParams);\n\n return !!transferToken;\n};\n\nconst regenerate = async (id: string \| number): Promise<TransferToken> => {\n const accessKey = crypto.randomBytes(128).toString('hex');\n const transferToken = (await strapi.db.transaction(async () =>\n strapi.db.query(TRANSFER_TOKEN_UID).update({\n select: ['id', 'accessKey'],\n where: { id },\n data: {\n accessKey: hash(accessKey),\n },\n })\n )) as Promise<TransferToken>;\n\n if (!transferToken) {\n throw new NotFoundError('The provided token id does not exist');\n }\n\n return {\n ...transferToken,\n accessKey,\n };\n};\n\nconst getExpirationFields = (lifespan: TransferToken['lifespan']) => {\n // it must be nil or a finite number >= 0\n const isValidNumber = isNumber(lifespan) && Number.isFinite(lifespan) && lifespan > 0;\n if (!isValidNumber && !isNil(lifespan)) {\n throw new ValidationError('lifespan must be a positive number or null');\n }\n\n return {\n lifespan: lifespan \|\| null,\n expiresAt: lifespan ? Date.now() + lifespan : null,\n };\n};\n\n/\n Return a secure sha512 hash of an accessKey\n /\nconst hash = (accessKey: string): string => {\n const { hasValidTokenSalt } = getService('transfer').utils;\n\n if (!hasValidTokenSalt()) {\n throw new TypeError('Required token salt is not defined');\n }\n\n return crypto\n .createHmac('sha512', strapi.config.get('admin.transfer.token.salt'))\n .update(accessKey)\n .digest('hex');\n};\n\nconst checkSaltIsDefined = () => {\n const { hasValidTokenSalt } = getService('transfer').utils;\n\n // Ignore the check if the data-transfer feature is manually disabled\n if (!strapi.config.get('server.transfer.remote.enabled')) {\n return;\n }\n\n if (!hasValidTokenSalt()) {\n process.emitWarning(\n `Missing transfer.token.salt: Data transfer features have been disabled.\nPlease set transfer.token.salt in config/admin.js (ex: you can generate one using Node with \\`crypto.randomBytes(16).toString('base64')\\`)\nFor security reasons, prefer storing the secret in an environment variable and read it in config/admin.js. See https://docs.strapi.io/developer-docs/latest/setup-deployment-guides/configurations/optional/environment.html#configuration-using-environment-variables.`\n );\n }\n};\n\n/\n Flatten a token's database permissions objects to an array of strings\n /\nconst flattenTokenPermissions = (token: DatabaseTransferToken): TransferToken => {\n if (!token) {\n return token;\n }\n\n return {\n ...token,\n permissions: isArray(token.permissions)\n ? map('action', token.permissions as TransferTokenPermission[])\n : token.permissions,\n };\n};\n\n/\n Assert that a token's permissions are valid\n /\nconst assertTokenPermissionsValidity = (attributes: TokenUpdatePayload) => {\n const permissionService = strapi.service('admin::transfer').permission;\n const validPermissions = permissionService.providers.action.keys();\n const invalidPermissions = difference(attributes.permissions, validPermissions);\n\n if (!isEmpty(invalidPermissions)) {\n throw new ValidationError(`Unknown permissions provided: ${invalidPermissions.join(', ')}`);\n }\n};\n\n/\n Check if a token's lifespan is valid\n /\nconst isValidLifespan = (lifespan: unknown) => {\n if (isNil(lifespan)) {\n return true;\n }\n\n if (\n !isNumber(lifespan) \|\|\n !Object.values(constants.TRANSFER_TOKEN_LIFESPANS).includes(lifespan)\n ) {\n return false;\n }\n\n return true;\n};\n\n/\n Assert that a token's lifespan is valid\n */\nconst assertValidLifespan = (lifespan: unknown) => {\n if (!isValidLifespan(lifespan)) {\n throw new ValidationError(\n `lifespan must be one of the following values:\n ${Object.values(constants.TRANSFER_TOKEN_LIFESPANS).join(', ')}`\n );\n }\n};\n\nexport {\n create,\n list,\n exists,\n getBy,\n getById,\n getByName,\n update,\n revoke,\n regenerate,\n hash,\n checkSaltIsDefined,\n};\n"],"names":["ValidationError","NotFoundError","errors","TRANSFER_TOKEN_UID","TRANSFER_TOKEN_PERMISSION_UID","SELECT_FIELDS","POPULATE_FIELDS","list","tokens","strapi","db","query","findMany","select","populate","orderBy","name","map","token","flattenTokenPermissions","generateRandomAccessKey","crypto","randomBytes","toString","validateAccessKey","accessKey","assert","length","hasAccessKey","attributes","create","assertTokenPermissionsValidity","assertValidLifespan","lifespan","result","transaction","transferToken","data","omit","hash","getExpirationFields","Promise","all","uniq","permissions","action","currentPermissions","load","Object","assign","update","id","originalToken","findOne","where","updatedToken","currentPermissionsResult","newPermissions","actionsToDelete","difference","actionsToAdd","delete","permissionsFromDb","p","undefined","revoke","getBy","whereParams","keys","getById","getByName","exists","regenerate","isValidNumber","isNumber","Number","isFinite","isNil","expiresAt","Date","now","hasValidTokenSalt","getService","utils","TypeError","createHmac","config","get","digest","checkSaltIsDefined","process","emitWarning","isArray","permissionService","service","permission","validPermissions","providers","invalidPermissions","isEmpty","join","isValidLifespan","values","constants","TRANSFER_TOKEN_LIFESPANS","includes"],"mappings":";;;;;;;;AAgBA,MAAM,EAAEA,eAAe,EAAEC,aAAa,EAAE,GAAGC,MAAAA;AAE3C,MAAMC,kBAAqB,GAAA,uBAAA;AAC3B,MAAMC,6BAAgC,GAAA,kCAAA;AAEtC,MAAMC,aAAgB,GAAA;AACpB,IAAA,IAAA;AACA,IAAA,MAAA;AACA,IAAA,aAAA;AACA,IAAA,YAAA;AACA,IAAA,UAAA;AACA,IAAA,WAAA;AACA,IAAA,WAAA;AACA,IAAA;AACD,CAAA;AAED,MAAMC,eAAkB,GAAA;AAAC,IAAA;AAAc,CAAA;AAEvC;;AAEC,UACKC,IAAO,GAAA,UAAA;IACX,MAAMC,MAAAA,GAAkC,MAAMC,MAAOC,CAAAA,EAAE,CAACC,KAAK,CAACR,kBAAoBS,CAAAA,CAAAA,QAAQ,CAAC;QACzFC,MAAQR,EAAAA,aAAAA;QACRS,QAAUR,EAAAA,eAAAA;QACVS,OAAS,EAAA;YAAEC,IAAM,EAAA;AAAM;AACzB,KAAA,CAAA;IAEA,IAAI,CAACR,QAAQ,OAAOA,MAAAA;AACpB,IAAA,OAAOA,MAAOS,CAAAA,GAAG,CAAC,CAACC,QAAUC,uBAAwBD,CAAAA,KAAAA,CAAAA,CAAAA;AACvD;AAEA;;IAGA,MAAME,0BAA0B,IAAcC,MAAAA,CAAOC,WAAW,CAAC,GAAA,CAAA,CAAKC,QAAQ,CAAC,KAAA,CAAA;AAE/E;;IAGA,MAAMC,oBAAoB,CAACC,SAAAA,GAAAA;IACzBC,MAAO,CAAA,OAAOD,cAAc,QAAU,EAAA,iCAAA,CAAA;IACtCC,MAAOD,CAAAA,SAAAA,CAAUE,MAAM,IAAI,EAAI,EAAA,iDAAA,CAAA;IAE/B,OAAOF,SAAAA;AACT,CAAA;AAEO,MAAMG,eAAe,CAC1BC,UAAAA,GAAAA;AAEA,IAAA,OAAO,WAAeA,IAAAA,UAAAA;AACxB;AAEA;;IAGA,MAAMC,SAAS,OAAOD,UAAAA,GAAAA;AACpB,IAAA,MAAMJ,YAAYG,YAAaC,CAAAA,UAAAA,CAAAA,GAC3BL,iBAAkBK,CAAAA,UAAAA,CAAWJ,SAAS,CACtCL,GAAAA,uBAAAA,EAAAA;;AAGJ,IAAA,OAAOS,WAAWJ,SAAS;IAE3BM,8BAA+BF,CAAAA,UAAAA,CAAAA;AAC/BG,IAAAA,mBAAAA,CAAoBH,WAAWI,QAAQ,CAAA;AAEvC,IAAA,MAAMC,SAAU,MAAMzB,MAAAA,CAAOC,EAAE,CAACyB,WAAW,CAAC,UAAA;QAC1C,MAAMC,aAAAA,GAAgB,MAAM3B,MAAOC,CAAAA,EAAE,CAACC,KAAK,CAACR,kBAAoB2B,CAAAA,CAAAA,MAAM,CAAC;YACrEjB,MAAQR,EAAAA,aAAAA;YACRS,QAAUR,EAAAA,eAAAA;YACV+B,IAAM,EAAA;gBACJ,GAAGC,IAAAA,CAAK,eAAeT,UAAW,CAAA;AAClCJ,gBAAAA,SAAAA,EAAWc,IAAKd,CAAAA,SAAAA,CAAAA;gBAChB,GAAGe,mBAAAA,CAAoBX,UAAWI,CAAAA,QAAQ;AAC5C;AACF,SAAA,CAAA;AAEA,QAAA,MAAMQ,QAAQC,GAAG,CACfC,KAAKd,UAAWe,CAAAA,WAAW,EAAE3B,GAAG,CAAC,CAAC4B,MAAAA,GAChCpC,OAAOC,EAAE,CACNC,KAAK,CAACP,6BAAAA,CAAAA,CACN0B,MAAM,CAAC;gBAAEO,IAAM,EAAA;AAAEQ,oBAAAA,MAAAA;oBAAQ3B,KAAOkB,EAAAA;AAAc;AAAE,aAAA,CAAA,CAAA,CAAA;QAIvD,MAAMU,kBAAAA,GAAgD,MAAMrC,MAAAA,CAAOC,EAAE,CAClEC,KAAK,CAACR,kBAAAA,CAAAA,CACN4C,IAAI,CAACX,aAAe,EAAA,aAAA,CAAA;AAEvB,QAAA,IAAIU,kBAAoB,EAAA;YACtBE,MAAOC,CAAAA,MAAM,CAACb,aAAe,EAAA;AAAEQ,gBAAAA,WAAAA,EAAa3B,IAAI,QAAU6B,EAAAA,kBAAAA;AAAoB,aAAA,CAAA;AAChF;QAEA,OAAOV,aAAAA;AACT,KAAA,CAAA;IAEA,OAAO;AAAE,QAAA,GAAGF,MAAM;AAAET,QAAAA;AAAU,KAAA;AAChC;AAEA;;IAGA,MAAMyB,MAAS,GAAA,OACbC,EACAtB,EAAAA,UAAAA,GAAAA;;IAGA,MAAMuB,aAAAA,GAAgB,MAAM3C,MAAOC,CAAAA,EAAE,CAACC,KAAK,CAACR,kBAAoBkD,CAAAA,CAAAA,OAAO,CAAC;QAAEC,KAAO,EAAA;AAAEH,YAAAA;AAAG;AAAE,KAAA,CAAA;AAExF,IAAA,IAAI,CAACC,aAAe,EAAA;AAClB,QAAA,MAAM,IAAInD,aAAc,CAAA,iBAAA,CAAA;AAC1B;IAEA8B,8BAA+BF,CAAAA,UAAAA,CAAAA;AAC/BG,IAAAA,mBAAAA,CAAoBH,WAAWI,QAAQ,CAAA;AAEvC,IAAA,OAAOxB,MAAOC,CAAAA,EAAE,CAACyB,WAAW,CAAC,UAAA;QAC3B,MAAMoB,YAAAA,GAAe,MAAM9C,MAAOC,CAAAA,EAAE,CAACC,KAAK,CAACR,kBAAoB+C,CAAAA,CAAAA,MAAM,CAAC;YACpErC,MAAQR,EAAAA,aAAAA;YACRiD,KAAO,EAAA;AAAEH,gBAAAA;AAAG,aAAA;YACZd,IAAM,EAAA;gBACJ,GAAGC,IAAAA,CAAK,eAAeT,UAAW;AACpC;AACF,SAAA,CAAA;QAEA,IAAIA,UAAAA,CAAWe,WAAW,EAAE;YAC1B,MAAMY,wBAAAA,GAA2B,MAAM/C,MAAAA,CAAOC,EAAE,CAC7CC,KAAK,CAACR,kBAAAA,CAAAA,CACN4C,IAAI,CAACQ,YAAc,EAAA,aAAA,CAAA;AAEtB,YAAA,MAAMT,kBAAqB7B,GAAAA,GAAAA,CAAI,QAAUuC,EAAAA,wBAAAA,IAA4B,EAAE,CAAA;YACvE,MAAMC,cAAAA,GAAiBd,IAAKd,CAAAA,UAAAA,CAAWe,WAAW,CAAA;YAElD,MAAMc,eAAAA,GAAkBC,WAAWb,kBAAoBW,EAAAA,cAAAA,CAAAA;YACvD,MAAMG,YAAAA,GAAeD,WAAWF,cAAgBX,EAAAA,kBAAAA,CAAAA;;;AAIhD,YAAA,MAAML,OAAQC,CAAAA,GAAG,CACfgB,eAAAA,CAAgBzC,GAAG,CAAC,CAAC4B,MACnBpC,GAAAA,MAAAA,CAAOC,EAAE,CAACC,KAAK,CAACP,6BAAAA,CAAAA,CAA+ByD,MAAM,CAAC;oBACpDP,KAAO,EAAA;AAAET,wBAAAA,MAAAA;wBAAQ3B,KAAOiC,EAAAA;AAAG;AAC7B,iBAAA,CAAA,CAAA,CAAA;;;AAMJ,YAAA,MAAMV,OAAQC,CAAAA,GAAG,CACfkB,YAAAA,CAAa3C,GAAG,CAAC,CAAC4B,MAChBpC,GAAAA,MAAAA,CAAOC,EAAE,CAACC,KAAK,CAACP,6BAAAA,CAAAA,CAA+B0B,MAAM,CAAC;oBACpDO,IAAM,EAAA;AAAEQ,wBAAAA,MAAAA;wBAAQ3B,KAAOiC,EAAAA;AAAG;AAC5B,iBAAA,CAAA,CAAA,CAAA;AAGN;;QAGA,MAAMW,iBAAAA,GAA+C,MAAMrD,MAAAA,CAAOC,EAAE,CACjEC,KAAK,CAACR,kBAAAA,CAAAA,CACN4C,IAAI,CAACQ,YAAc,EAAA,aAAA,CAAA;QAEtB,OAAO;AACL,YAAA,GAAGA,YAAY;YACfX,WAAakB,EAAAA,iBAAAA,GAAoBA,kBAAkB7C,GAAG,CAAC,CAAC8C,CAAMA,GAAAA,CAAAA,CAAElB,MAAM,CAAImB,GAAAA;AAC5E,SAAA;AACF,KAAA,CAAA;AACF;AAEA;;IAGA,MAAMC,SAAS,OAAOd,EAAAA,GAAAA;AACpB,IAAA,OAAO1C,MAAOC,CAAAA,EAAE,CAACyB,WAAW,CAAC,UAC3B1B,MAAOC,CAAAA,EAAE,CACNC,KAAK,CAACR,kBAAAA,CAAAA,CACN0D,MAAM,CAAC;YAAEhD,MAAQR,EAAAA,aAAAA;YAAeS,QAAUR,EAAAA,eAAAA;YAAiBgD,KAAO,EAAA;AAAEH,gBAAAA;AAAG;AAAE,SAAA,CAAA,CAAA;AAEhF;AAEA;;AAEC,IACKe,MAAAA,KAAAA,GAAQ,OACZC,WAAAA,GAAc,EAMb,GAAA;AAED,IAAA,IAAInB,OAAOoB,IAAI,CAACD,WAAaxC,CAAAA,CAAAA,MAAM,KAAK,CAAG,EAAA;QACzC,OAAO,IAAA;AACT;IAEA,MAAMT,KAAAA,GAAQ,MAAMT,MAAOC,CAAAA,EAAE,CAC1BC,KAAK,CAACR,kBACNkD,CAAAA,CAAAA,OAAO,CAAC;QAAExC,MAAQR,EAAAA,aAAAA;QAAeS,QAAUR,EAAAA,eAAAA;QAAiBgD,KAAOa,EAAAA;AAAY,KAAA,CAAA;AAElF,IAAA,IAAI,CAACjD,KAAO,EAAA;QACV,OAAOA,KAAAA;AACT;AAEA,IAAA,OAAOC,uBAAwBD,CAAAA,KAAAA,CAAAA;AACjC;AAEA;;IAGA,MAAMmD,UAAU,OAAOlB,EAAAA,GAAAA;AACrB,IAAA,OAAOe,KAAM,CAAA;AAAEf,QAAAA;AAAG,KAAA,CAAA;AACpB;AAEA;;IAGA,MAAMmB,YAAY,OAAOtD,IAAAA,GAAAA;AACvB,IAAA,OAAOkD,KAAM,CAAA;AAAElD,QAAAA;AAAK,KAAA,CAAA;AACtB;AAEA;;AAEC,IACKuD,MAAAA,MAAAA,GAAS,OACbJ,WAAAA,GAAc,EAMb,GAAA;IAED,MAAM/B,aAAAA,GAAgB,MAAM8B,KAAMC,CAAAA,WAAAA,CAAAA;AAElC,IAAA,OAAO,CAAC,CAAC/B,aAAAA;AACX;AAEA,MAAMoC,aAAa,OAAOrB,EAAAA,GAAAA;AACxB,IAAA,MAAM1B,YAAYJ,MAAOC,CAAAA,WAAW,CAAC,GAAA,CAAA,CAAKC,QAAQ,CAAC,KAAA,CAAA;AACnD,IAAA,MAAMa,aAAiB,GAAA,MAAM3B,MAAOC,CAAAA,EAAE,CAACyB,WAAW,CAAC,UACjD1B,MAAAA,CAAOC,EAAE,CAACC,KAAK,CAACR,kBAAAA,CAAAA,CAAoB+C,MAAM,CAAC;YACzCrC,MAAQ,EAAA;AAAC,gBAAA,IAAA;AAAM,gBAAA;AAAY,aAAA;YAC3ByC,KAAO,EAAA;AAAEH,gBAAAA;AAAG,aAAA;YACZd,IAAM,EAAA;AACJZ,gBAAAA,SAAAA,EAAWc,IAAKd,CAAAA,SAAAA;AAClB;AACF,SAAA,CAAA,CAAA;AAGF,IAAA,IAAI,CAACW,aAAe,EAAA;AAClB,QAAA,MAAM,IAAInC,aAAc,CAAA,sCAAA,CAAA;AAC1B;IAEA,OAAO;AACL,QAAA,GAAGmC,aAAa;AAChBX,QAAAA;AACF,KAAA;AACF;AAEA,MAAMe,sBAAsB,CAACP,QAAAA,GAAAA;;AAE3B,IAAA,MAAMwC,gBAAgBC,QAASzC,CAAAA,QAAAA,CAAAA,IAAa0C,OAAOC,QAAQ,CAAC3C,aAAaA,QAAW,GAAA,CAAA;AACpF,IAAA,IAAI,CAACwC,aAAAA,IAAiB,CAACI,KAAAA,CAAM5C,QAAW,CAAA,EAAA;AACtC,QAAA,MAAM,IAAIjC,eAAgB,CAAA,4CAAA,CAAA;AAC5B;IAEA,OAAO;AACLiC,QAAAA,QAAAA,EAAUA,QAAY,IAAA,IAAA;AACtB6C,QAAAA,SAAAA,EAAW7C,QAAW8C,GAAAA,IAAAA,CAAKC,GAAG,EAAA,GAAK/C,QAAW,GAAA;AAChD,KAAA;AACF,CAAA;AAEA;;IAGA,MAAMM,OAAO,CAACd,SAAAA,GAAAA;AACZ,IAAA,MAAM,EAAEwD,iBAAiB,EAAE,GAAGC,UAAAA,CAAW,YAAYC,KAAK;AAE1D,IAAA,IAAI,CAACF,iBAAqB,EAAA,EAAA;AACxB,QAAA,MAAM,IAAIG,SAAU,CAAA,oCAAA,CAAA;AACtB;AAEA,IAAA,OAAO/D,MACJgE,CAAAA,UAAU,CAAC,QAAA,EAAU5E,OAAO6E,MAAM,CAACC,GAAG,CAAC,2BACvCrC,CAAAA,CAAAA,CAAAA,MAAM,CAACzB,SAAAA,CAAAA,CACP+D,MAAM,CAAC,KAAA,CAAA;AACZ;AAEA,MAAMC,kBAAqB,GAAA,IAAA;AACzB,IAAA,MAAM,EAAER,iBAAiB,EAAE,GAAGC,UAAAA,CAAW,YAAYC,KAAK;;AAG1D,IAAA,IAAI,CAAC1E,MAAO6E,CAAAA,MAAM,CAACC,GAAG,CAAC,gCAAmC,CAAA,EAAA;AACxD,QAAA;AACF;AAEA,IAAA,IAAI,CAACN,iBAAqB,EAAA,EAAA;QACxBS,OAAQC,CAAAA,WAAW,CACjB,CAAC;;uQAEgQ,CAAC,CAAA;AAEtQ;AACF;AAEA;;IAGA,MAAMxE,0BAA0B,CAACD,KAAAA,GAAAA;AAC/B,IAAA,IAAI,CAACA,KAAO,EAAA;QACV,OAAOA,KAAAA;AACT;IAEA,OAAO;AACL,QAAA,GAAGA,KAAK;QACR0B,WAAagD,EAAAA,OAAAA,CAAQ1E,KAAM0B,CAAAA,WAAW,CAClC3B,GAAAA,GAAAA,CAAI,UAAUC,KAAM0B,CAAAA,WAAW,CAC/B1B,GAAAA,KAAAA,CAAM0B;AACZ,KAAA;AACF,CAAA;AAEA;;IAGA,MAAMb,iCAAiC,CAACF,UAAAA,GAAAA;AACtC,IAAA,MAAMgE,iBAAoBpF,GAAAA,MAAAA,CAAOqF,OAAO,CAAC,mBAAmBC,UAAU;AACtE,IAAA,MAAMC,mBAAmBH,iBAAkBI,CAAAA,SAAS,CAACpD,MAAM,CAACuB,IAAI,EAAA;AAChE,IAAA,MAAM8B,kBAAqBvC,GAAAA,UAAAA,CAAW9B,UAAWe,CAAAA,WAAW,EAAEoD,gBAAAA,CAAAA;IAE9D,IAAI,CAACG,QAAQD,kBAAqB,CAAA,EAAA;QAChC,MAAM,IAAIlG,gBAAgB,CAAC,8BAA8B,EAAEkG,kBAAmBE,CAAAA,IAAI,CAAC,IAAO,CAAA,CAAA,CAAA,CAAA;AAC5F;AACF,CAAA;AAEA;;IAGA,MAAMC,kBAAkB,CAACpE,QAAAA,GAAAA;AACvB,IAAA,IAAI4C,MAAM5C,QAAW,CAAA,EAAA;QACnB,OAAO,IAAA;AACT;AAEA,IAAA,IACE,CAACyC,QAAAA,CAASzC,QACV,CAAA,IAAA,CAACe,MAAOsD,CAAAA,MAAM,CAACC,SAAAA,CAAUC,wBAAwB,CAAA,CAAEC,QAAQ,CAACxE,QAC5D,CAAA,EAAA;QACA,OAAO,KAAA;AACT;IAEA,OAAO,IAAA;AACT,CAAA;AAEA;;IAGA,MAAMD,sBAAsB,CAACC,QAAAA,GAAAA;IAC3B,IAAI,CAACoE,gBAAgBpE,QAAW,CAAA,EAAA;QAC9B,MAAM,IAAIjC,gBACR,CAAC;MACD,EAAEgD,MAAAA,CAAOsD,MAAM,CAACC,SAAAA,CAAUC,wBAAwB,CAAEJ,CAAAA,IAAI,CAAC,IAAO,CAAA,CAAA,CAAA,CAAA;AAEpE;AACF,CAAA;;;;"}

package/dist/server/server/src/services/user.js CHANGED Viewed

@@ -408,6 +408,10 @@ attributes)=>{
     });
     return users.map((user)=>user.preferedLanguage || 'en');
 };
+/**
+ * In-memory cache for AI tokens
+ * Key format: `${projectId}:${userId}`
+ */ const aiTokenCache = new Map();
 /**
  * Generate an AI token for the user performing the request
  */ const getAiToken = async ()=>{
@@ -450,6 +454,23 @@ attributes)=>{
         strapi.log.error(`${ERROR_PREFIX} Project ID not configured`);
         throw new Error('AI token request failed. Check server logs for details.');
     }
+    // Check cache for existing valid token
+    const cacheKey = `${projectId}:${userIdentifier}`;
+    const cachedToken = aiTokenCache.get(cacheKey);
+    if (cachedToken) {
+        const now = Date.now();
+        // Check if token is still valid (with buffer so it has time to  to be used)
+        const bufferMs = 2 * 60 * 1000; // 2 minutes
+        if (cachedToken.expiresAtMs && cachedToken.expiresAtMs - bufferMs > now) {
+            strapi.log.info('Using cached AI token');
+            return {
+                token: cachedToken.token,
+                expiresAt: cachedToken.expiresAt
+            };
+        }
+        // Token expired or will expire soon, remove from cache
+        aiTokenCache.delete(cacheKey);
+    }
     strapi.log.http('Contacting AI Server for token generation');
     try {
         // Call the AI server's getAiJWT endpoint
@@ -502,6 +523,15 @@ attributes)=>{
             userId: user.id,
             expiresAt: data.expiresAt
         });
+        // Cache the token if it has an expiration time
+        if (data.expiresAt) {
+            const expiresAtMs = new Date(data.expiresAt).getTime();
+            aiTokenCache.set(cacheKey, {
+                token: data.jwt,
+                expiresAt: data.expiresAt,
+                expiresAtMs
+            });
+        }
         // Return the AI JWT with metadata
         // Note: Token expires in 1 hour, client should handle refresh
         return {

package/dist/server/server/src/services/user.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"user.js","sources":["../../../../../server/src/services/user.ts"],"sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion /\nimport _ from 'lodash';\nimport { defaults } from 'lodash/fp';\nimport { arrays, errors } from '@strapi/utils';\nimport type { Data } from '@strapi/types';\nimport crypto from 'crypto';\nimport fs from 'fs';\nimport path from 'path';\nimport { createUser, hasSuperAdminRole } from '../domain/user';\nimport type {\n AdminUser,\n AdminRole,\n AdminUserCreationPayload,\n SanitizedAdminUser,\n SanitizedAdminRole,\n AdminUserUpdatePayload,\n // eslint-disable-next-line node/no-unpublished-import\n} from '../../../shared/contracts/shared';\nimport { password as passwordValidator } from '../validation/common-validators';\nimport { getService } from '../utils';\nimport constants from './constants';\n\nconst { SUPER_ADMIN_CODE } = constants;\n\nconst { ValidationError } = errors;\nconst sanitizeUserRoles = (role: AdminRole): SanitizedAdminRole =>\n _.pick(role, ['id', 'name', 'description', 'code']);\n\nconst getSessionManager = () => {\n const manager = strapi.sessionManager;\n return manager ?? null;\n};\n\n/\n Remove private user fields\n * @param user - user to sanitize\n /\nconst sanitizeUser = (user: AdminUser): SanitizedAdminUser => {\n return {\n ..._.omit(user, ['password', 'resetPasswordToken', 'registrationToken', 'roles']),\n roles: user.roles && user.roles.map(sanitizeUserRoles),\n };\n};\n\n/\n Create and save a user in database\n * @param attributes A partial user object\n /\nconst create = async (\n // isActive is added in the controller, it's not sent by the API.\n attributes: Partial<AdminUserCreationPayload> & { isActive?: true }\n): Promise<AdminUser> => {\n const userInfo = {\n registrationToken: getService('token').createToken(),\n ...attributes,\n };\n\n if (_.has(attributes, 'password')) {\n userInfo.password = await getService('auth').hashPassword(attributes.password!);\n }\n\n const user = createUser(userInfo);\n\n const createdUser = await strapi.db\n .query('admin::user')\n .create({ data: user, populate: ['roles'] });\n\n getService('metrics').sendDidInviteUser();\n\n strapi.eventHub.emit('user.create', { user: sanitizeUser(createdUser) });\n\n return createdUser;\n};\n\n/\n Update a user in database\n * @param id query params to find the user to update\n * @param attributes A partial user object\n /\nconst updateById = async (\n id: Data.ID,\n attributes: Partial<AdminUserUpdatePayload>\n): Promise<AdminUser> => {\n // Check at least one super admin remains\n if (_.has(attributes, 'roles')) {\n const lastAdminUser = await isLastSuperAdminUser(id);\n const superAdminRole = await getService('role').getSuperAdminWithUsersCount();\n const willRemoveSuperAdminRole = !arrays.includesString(attributes.roles!, superAdminRole.id);\n\n if (lastAdminUser && willRemoveSuperAdminRole) {\n throw new ValidationError('You must have at least one user with super admin role.');\n }\n }\n\n // cannot disable last super admin\n if (attributes.isActive === false) {\n const lastAdminUser = await isLastSuperAdminUser(id);\n if (lastAdminUser) {\n throw new ValidationError('You must have at least one user with super admin role.');\n }\n }\n\n // hash password if a new one is sent\n if (_.has(attributes, 'password')) {\n const hashedPassword = await getService('auth').hashPassword(attributes.password!);\n\n const updatedUser = await strapi.db.query('admin::user').update({\n where: { id },\n data: {\n ...attributes,\n password: hashedPassword,\n },\n populate: ['roles'],\n });\n\n strapi.eventHub.emit('user.update', { user: sanitizeUser(updatedUser) });\n\n return updatedUser;\n }\n\n const updatedUser = await strapi.db.query('admin::user').update({\n where: { id },\n data: attributes,\n populate: ['roles'],\n });\n\n if (updatedUser) {\n strapi.eventHub.emit('user.update', { user: sanitizeUser(updatedUser) });\n }\n\n return updatedUser;\n};\n\n/\n Reset a user password by email. (Used in admin:reset CLI)\n * @param email - user email\n * @param password - new password\n /\nconst resetPasswordByEmail = async (email: string, password: string) => {\n const user = await strapi.db\n .query('admin::user')\n .findOne({ where: { email }, populate: ['roles'] });\n\n if (!user) {\n throw new Error(`User not found for email: ${email}`);\n }\n\n try {\n await passwordValidator.validate(password);\n } catch (error) {\n throw new ValidationError(\n 'Invalid password. Expected a minimum of 8 characters with at least one number and one uppercase letter'\n );\n }\n\n await updateById(user.id, { password });\n};\n\n/\n Check if a user is the last super admin\n * @param userId user's id to look for\n /\nconst isLastSuperAdminUser = async (userId: Data.ID): Promise<boolean> => {\n const user = (await findOne(userId)) as AdminUser \| null;\n if (!user) return false;\n\n const superAdminRole = await getService('role').getSuperAdminWithUsersCount();\n\n return superAdminRole.usersCount === 1 && hasSuperAdminRole(user);\n};\n\n/\n Check if a user is the first super admin\n * @param userId user's id to look for\n /\nconst isFirstSuperAdminUser = async (userId: Data.ID): Promise<boolean> => {\n const currentUser = (await findOne(userId)) as AdminUser \| null;\n\n if (!currentUser \|\| !hasSuperAdminRole(currentUser)) return false;\n\n const [oldestUser] = await strapi.db.query('admin::user').findMany({\n populate: {\n roles: {\n where: {\n code: { $eq: SUPER_ADMIN_CODE },\n },\n },\n },\n orderBy: { createdAt: 'asc' },\n limit: 1,\n select: ['id'],\n });\n\n return oldestUser.id === currentUser.id;\n};\n\n/\n Check if a user with specific attributes exists in the database\n * @param attributes A partial user object\n /\nconst exists = async (attributes = {} as unknown): Promise<boolean> => {\n return (await strapi.db.query('admin::user').count({ where: attributes })) > 0;\n};\n\n/\n Returns a user registration info\n * @param registrationToken - a user registration token\n * @returns - Returns user email, firstname and lastname\n /\nconst findRegistrationInfo = async (\n registrationToken: string\n): Promise<Pick<AdminUser, 'email' \| 'firstname' \| 'lastname'> \| undefined> => {\n const user = await strapi.db.query('admin::user').findOne({ where: { registrationToken } });\n\n if (!user) {\n return undefined;\n }\n\n return _.pick(user, ['email', 'firstname', 'lastname']);\n};\n\n/\n Registers a user based on a registrationToken and some informations to update\n * @param params\n * @param params.registrationToken registration token\n * @param params.userInfo user info\n /\nconst register = async ({\n registrationToken,\n userInfo,\n}: {\n registrationToken: string;\n userInfo: Partial<AdminUser>;\n}) => {\n const matchingUser = await strapi.db\n .query('admin::user')\n .findOne({ where: { registrationToken } });\n\n if (!matchingUser) {\n throw new ValidationError('Invalid registration info');\n }\n\n return getService('user').updateById(matchingUser.id, {\n password: userInfo.password,\n firstname: userInfo.firstname,\n lastname: userInfo.lastname,\n registrationToken: null,\n isActive: true,\n });\n};\n\n/\n Find one user\n /\nconst findOne = async (id: Data.ID, populate = ['roles']) => {\n return strapi.db.query('admin::user').findOne({ where: { id }, populate });\n};\n\n/\n Find one user by its email\n * @param email\n * @param populate\n * @returns\n /\nconst findOneByEmail = async (email: string, populate = []) => {\n return strapi.db.query('admin::user').findOne({\n where: { email: { $eqi: email } },\n populate,\n });\n};\n\n/* Find many users (paginated)\n * @param params\n /\nconst findPage = async (params = {}): Promise<unknown> => {\n const query = strapi\n .get('query-params')\n .transform('admin::user', defaults({ populate: ['roles'] }, params));\n\n return strapi.db.query('admin::user').findPage(query);\n};\n\n/* Delete a user\n * @param id id of the user to delete\n /\nconst deleteById = async (id: Data.ID): Promise<AdminUser \| null> => {\n // Check at least one super admin remains\n const userToDelete: AdminUser \| null = await strapi.db.query('admin::user').findOne({\n where: { id },\n populate: ['roles'],\n });\n\n if (!userToDelete) {\n return null;\n }\n\n if (userToDelete) {\n if (userToDelete.roles.some((r) => r.code === SUPER_ADMIN_CODE)) {\n const superAdminRole = await getService('role').getSuperAdminWithUsersCount();\n if (superAdminRole.usersCount === 1) {\n throw new ValidationError('You must have at least one user with super admin role.');\n }\n }\n }\n\n const deletedUser = await strapi.db\n .query('admin::user')\n .delete({ where: { id }, populate: ['roles'] });\n\n // Invalidate all sessions for the deleted user\n const sessionManager = getSessionManager();\n if (sessionManager && sessionManager.hasOrigin('admin')) {\n await sessionManager('admin').invalidateRefreshToken(String(id));\n }\n\n strapi.eventHub.emit('user.delete', { user: sanitizeUser(deletedUser) });\n\n return deletedUser;\n};\n\n/* Delete a user\n * @param ids ids of the users to delete\n /\nconst deleteByIds = async (ids: (string \| number)[]): Promise<AdminUser[]> => {\n // Check at least one super admin remains\n const superAdminRole = await getService('role').getSuperAdminWithUsersCount();\n const nbOfSuperAdminToDelete = await strapi.db.query('admin::user').count({\n where: {\n id: ids,\n roles: { id: superAdminRole.id },\n },\n });\n\n if (superAdminRole.usersCount === nbOfSuperAdminToDelete) {\n throw new ValidationError('You must have at least one user with super admin role.');\n }\n\n const deletedUsers = [] as AdminUser[];\n for (const id of ids) {\n const deletedUser = await strapi.db.query('admin::user').delete({\n where: { id },\n populate: ['roles'],\n });\n\n // Invalidate all sessions for the deleted user\n const sessionManager = getSessionManager();\n if (sessionManager && sessionManager.hasOrigin('admin')) {\n await sessionManager('admin').invalidateRefreshToken(String(id));\n }\n\n deletedUsers.push(deletedUser);\n }\n\n strapi.eventHub.emit('user.delete', {\n users: deletedUsers.map((deletedUser) => sanitizeUser(deletedUser)),\n });\n\n return deletedUsers;\n};\n\n/* Count the users that don't have any associated roles\n /\nconst countUsersWithoutRole = async (): Promise<number> => {\n return strapi.db.query('admin::user').count({\n where: {\n roles: {\n id: { $null: true },\n },\n },\n });\n};\n\n/\n Count the number of users based on search params\n * @param params params used for the query\n /\nconst count = async (where = {}): Promise<number> => {\n return strapi.db.query('admin::user').count({ where });\n};\n\n/\n Assign some roles to several users\n /\nconst assignARoleToAll = async (roleId: Data.ID): Promise<void> => {\n const users = await strapi.db.query('admin::user').findMany({\n select: ['id'],\n where: {\n roles: { id: { $null: true } },\n },\n });\n\n await Promise.all(\n users.map((user) => {\n return strapi.db.query('admin::user').update({\n where: { id: user.id },\n data: { roles: [roleId] },\n });\n })\n );\n};\n\n/* Display a warning if some users don't have at least one role\n /\nconst displayWarningIfUsersDontHaveRole = async (): Promise<void> => {\n const count = await countUsersWithoutRole();\n\n if (count > 0) {\n strapi.log.warn(`Some users (${count}) don't have any role.`);\n }\n};\n\n/* Returns an array of interface languages currently used by users\n /\nconst getLanguagesInUse = async (): Promise<string[]> => {\n const users = await strapi.db.query('admin::user').findMany({ select: ['preferedLanguage'] });\n\n return users.map((user) => user.preferedLanguage \|\| 'en');\n};\n\n/\n Generate an AI token for the user performing the request\n */\nconst getAiToken = async (): Promise<{ token: string; expiresAt?: string }> => {\n const ERROR_PREFIX = 'AI token request failed:';\n\n // Check if EE features are enabled first\n if (!strapi.ee?.isEE) {\n strapi.log.error(`${ERROR_PREFIX} Enterprise Edition features are not enabled`);\n throw new Error('AI token request failed. Check server logs for details.');\n }\n\n // Get the EE license\n // First try environment variable, then try reading from file\n let eeLicense = process.env.STRAPI_LICENSE;\n\n if (!eeLicense) {\n try {\n const licensePath = path.join(strapi.dirs.app.root, 'license.txt');\n eeLicense = fs.readFileSync(licensePath).toString();\n } catch (error) {\n // License file doesn't exist or can't be read\n }\n }\n\n if (!eeLicense) {\n strapi.log.error(\n `${ERROR_PREFIX} No EE license found. Please ensure STRAPI_LICENSE environment variable is set or license.txt file exists.`\n );\n throw new Error('AI token request failed. Check server logs for details.');\n }\n\n const aiServerUrl = process.env.STRAPI_AI_URL \|\| 'https://strapi-ai.apps.strapi.io';\n\n if (!aiServerUrl) {\n strapi.log.error(\n `${ERROR_PREFIX} AI server URL not configured. Please set STRAPI_AI_URL environment variable.`\n );\n throw new Error('AI token request failed. Check server logs for details.');\n }\n\n // Create a secure user identifier using only user ID\n const user = strapi.requestContext.get()?.state?.user as AdminUser \| undefined;\n if (!user) {\n strapi.log.error(`${ERROR_PREFIX} No authenticated user in request context`);\n throw new Error('AI token request failed. Check server logs for details.');\n }\n\n const userIdentifier = user.id.toString();\n\n // Get project ID\n const projectId = strapi.config.get('uuid');\n if (!projectId) {\n strapi.log.error(`${ERROR_PREFIX} Project ID not configured`);\n throw new Error('AI token request failed. Check server logs for details.');\n }\n\n strapi.log.http('Contacting AI Server for token generation');\n\n try {\n // Call the AI server's getAiJWT endpoint\n const response = await fetch(`${aiServerUrl}/auth/getAiJWT`, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n // No authorization header needed for public endpoint\n // Add request ID for tracing\n 'X-Request-Id': crypto.randomUUID(),\n },\n body: JSON.stringify({\n eeLicense,\n userIdentifier,\n projectId,\n }),\n });\n\n if (!response.ok) {\n let errorData;\n let errorText;\n try {\n errorText = await response.text();\n errorData = JSON.parse(errorText);\n } catch {\n errorData = { error: errorText \|\| 'Failed to parse error response' };\n }\n\n strapi.log.error(`${ERROR_PREFIX} ${errorData?.error \|\| 'Unknown error'}`, {\n status: response.status,\n statusText: response.statusText,\n error: errorData,\n errorText,\n projectId,\n });\n\n throw new Error('AI token request failed. Check server logs for details.');\n }\n\n let data;\n try {\n data = (await response.json()) as {\n jwt: string;\n expiresAt?: string;\n };\n } catch (parseError) {\n strapi.log.error(`${ERROR_PREFIX} Failed to parse AI server response`, parseError);\n throw new Error('AI token request failed. Check server logs for details.');\n }\n\n if (!data.jwt) {\n strapi.log.error(`${ERROR_PREFIX} Invalid response: missing JWT token`);\n throw new Error('AI token request failed. Check server logs for details.');\n }\n\n strapi.log.info('AI token generated successfully', {\n userId: user.id,\n expiresAt: data.expiresAt,\n });\n\n // Return the AI JWT with metadata\n // Note: Token expires in 1 hour, client should handle refresh\n return {\n token: data.jwt,\n expiresAt: data.expiresAt, // 1 hour from generation\n };\n } catch (fetchError) {\n if (fetchError instanceof Error && fetchError.name === 'AbortError') {\n strapi.log.error(`${ERROR_PREFIX} Request to AI server timed out`);\n throw new Error('AI token request failed. Check server logs for details.');\n }\n\n throw fetchError;\n }\n};\n\nexport default {\n create,\n updateById,\n exists,\n findRegistrationInfo,\n register,\n sanitizeUser,\n findOne,\n findOneByEmail,\n findPage,\n deleteById,\n deleteByIds,\n countUsersWithoutRole,\n count,\n assignARoleToAll,\n displayWarningIfUsersDontHaveRole,\n resetPasswordByEmail,\n getLanguagesInUse,\n isFirstSuperAdminUser,\n getAiToken,\n};\n"],"names":["SUPER_ADMIN_CODE","constants","ValidationError","errors","sanitizeUserRoles","role","_","pick","getSessionManager","manager","strapi","sessionManager","sanitizeUser","user","omit","roles","map","create","attributes","userInfo","registrationToken","getService","createToken","has","password","hashPassword","createUser","createdUser","db","query","data","populate","sendDidInviteUser","eventHub","emit","updateById","id","lastAdminUser","isLastSuperAdminUser","superAdminRole","getSuperAdminWithUsersCount","willRemoveSuperAdminRole","arrays","includesString","isActive","hashedPassword","updatedUser","update","where","resetPasswordByEmail","email","findOne","Error","passwordValidator","validate","error","userId","usersCount","hasSuperAdminRole","isFirstSuperAdminUser","currentUser","oldestUser","findMany","code","$eq","orderBy","createdAt","limit","select","exists","count","findRegistrationInfo","undefined","register","matchingUser","firstname","lastname","findOneByEmail","$eqi","findPage","params","get","transform","defaults","deleteById","userToDelete","some","r","deletedUser","delete","hasOrigin","invalidateRefreshToken","String","deleteByIds","ids","nbOfSuperAdminToDelete","deletedUsers","push","users","countUsersWithoutRole","$null","assignARoleToAll","roleId","Promise","all","displayWarningIfUsersDontHaveRole","log","warn","getLanguagesInUse","preferedLanguage","getAiToken","ERROR_PREFIX","ee","isEE","eeLicense","process","env","STRAPI_LICENSE","licensePath","path","join","dirs","app","root","fs","readFileSync","toString","aiServerUrl","STRAPI_AI_URL","requestContext","state","userIdentifier","projectId","config","http","response","fetch","method","headers","crypto","randomUUID","body","JSON","stringify","ok","errorData","errorText","text","parse","status","statusText","json","parseError","jwt","info","expiresAt","token","fetchError","name"],"mappings":";;;;;;;;;;;;;AAsBA,MAAM,EAAEA,gBAAgB,EAAE,GAAGC,SAAAA;AAE7B,MAAM,EAAEC,eAAe,EAAE,GAAGC,YAAAA;AAC5B,MAAMC,oBAAoB,CAACC,IAAAA,GACzBC,CAAEC,CAAAA,IAAI,CAACF,IAAM,EAAA;AAAC,QAAA,IAAA;AAAM,QAAA,MAAA;AAAQ,QAAA,aAAA;AAAe,QAAA;AAAO,KAAA,CAAA;AAEpD,MAAMG,iBAAoB,GAAA,IAAA;IACxB,MAAMC,OAAAA,GAAUC,OAAOC,cAAc;AACrC,IAAA,OAAOF,OAAW,IAAA,IAAA;AACpB,CAAA;AAEA;;;IAIA,MAAMG,eAAe,CAACC,IAAAA,GAAAA;IACpB,OAAO;QACL,GAAGP,CAAAA,CAAEQ,IAAI,CAACD,IAAM,EAAA;AAAC,YAAA,UAAA;AAAY,YAAA,oBAAA;AAAsB,YAAA,mBAAA;AAAqB,YAAA;SAAQ,CAAC;AACjFE,QAAAA,KAAAA,EAAOF,KAAKE,KAAK,IAAIF,KAAKE,KAAK,CAACC,GAAG,CAACZ,iBAAAA;AACtC,KAAA;AACF,CAAA;AAEA;;;IAIA,MAAMa,MAAS,GAAA;AAEbC,UAAAA,GAAAA;AAEA,IAAA,MAAMC,QAAW,GAAA;QACfC,iBAAmBC,EAAAA,gBAAAA,CAAW,SAASC,WAAW,EAAA;AAClD,QAAA,GAAGJ;AACL,KAAA;AAEA,IAAA,IAAIZ,CAAEiB,CAAAA,GAAG,CAACL,UAAAA,EAAY,UAAa,CAAA,EAAA;QACjCC,QAASK,CAAAA,QAAQ,GAAG,MAAMH,gBAAAA,CAAW,QAAQI,YAAY,CAACP,WAAWM,QAAQ,CAAA;AAC/E;AAEA,IAAA,MAAMX,OAAOa,iBAAWP,CAAAA,QAAAA,CAAAA;IAExB,MAAMQ,WAAAA,GAAc,MAAMjB,MAAOkB,CAAAA,EAAE,CAChCC,KAAK,CAAC,aACNZ,CAAAA,CAAAA,MAAM,CAAC;QAAEa,IAAMjB,EAAAA,IAAAA;QAAMkB,QAAU,EAAA;AAAC,YAAA;AAAQ;AAAC,KAAA,CAAA;AAE5CV,IAAAA,gBAAAA,CAAW,WAAWW,iBAAiB,EAAA;AAEvCtB,IAAAA,MAAAA,CAAOuB,QAAQ,CAACC,IAAI,CAAC,aAAe,EAAA;AAAErB,QAAAA,IAAAA,EAAMD,YAAae,CAAAA,WAAAA;AAAa,KAAA,CAAA;IAEtE,OAAOA,WAAAA;AACT,CAAA;AAEA;;;;IAKA,MAAMQ,UAAa,GAAA,OACjBC,EACAlB,EAAAA,UAAAA,GAAAA;;AAGA,IAAA,IAAIZ,CAAEiB,CAAAA,GAAG,CAACL,UAAAA,EAAY,OAAU,CAAA,EAAA;QAC9B,MAAMmB,aAAAA,GAAgB,MAAMC,oBAAqBF,CAAAA,EAAAA,CAAAA;AACjD,QAAA,MAAMG,cAAiB,GAAA,MAAMlB,gBAAW,CAAA,MAAA,CAAA,CAAQmB,2BAA2B,EAAA;QAC3E,MAAMC,wBAAAA,GAA2B,CAACC,YAAOC,CAAAA,cAAc,CAACzB,UAAWH,CAAAA,KAAK,EAAGwB,cAAAA,CAAeH,EAAE,CAAA;AAE5F,QAAA,IAAIC,iBAAiBI,wBAA0B,EAAA;AAC7C,YAAA,MAAM,IAAIvC,eAAgB,CAAA,wDAAA,CAAA;AAC5B;AACF;;IAGA,IAAIgB,UAAAA,CAAW0B,QAAQ,KAAK,KAAO,EAAA;QACjC,MAAMP,aAAAA,GAAgB,MAAMC,oBAAqBF,CAAAA,EAAAA,CAAAA;AACjD,QAAA,IAAIC,aAAe,EAAA;AACjB,YAAA,MAAM,IAAInC,eAAgB,CAAA,wDAAA,CAAA;AAC5B;AACF;;AAGA,IAAA,IAAII,CAAEiB,CAAAA,GAAG,CAACL,UAAAA,EAAY,UAAa,CAAA,EAAA;AACjC,QAAA,MAAM2B,iBAAiB,MAAMxB,gBAAAA,CAAW,QAAQI,YAAY,CAACP,WAAWM,QAAQ,CAAA;QAEhF,MAAMsB,WAAAA,GAAc,MAAMpC,MAAOkB,CAAAA,EAAE,CAACC,KAAK,CAAC,aAAekB,CAAAA,CAAAA,MAAM,CAAC;YAC9DC,KAAO,EAAA;AAAEZ,gBAAAA;AAAG,aAAA;YACZN,IAAM,EAAA;AACJ,gBAAA,GAAGZ,UAAU;gBACbM,QAAUqB,EAAAA;AACZ,aAAA;YACAd,QAAU,EAAA;AAAC,gBAAA;AAAQ;AACrB,SAAA,CAAA;AAEArB,QAAAA,MAAAA,CAAOuB,QAAQ,CAACC,IAAI,CAAC,aAAe,EAAA;AAAErB,YAAAA,IAAAA,EAAMD,YAAakC,CAAAA,WAAAA;AAAa,SAAA,CAAA;QAEtE,OAAOA,WAAAA;AACT;IAEA,MAAMA,WAAAA,GAAc,MAAMpC,MAAOkB,CAAAA,EAAE,CAACC,KAAK,CAAC,aAAekB,CAAAA,CAAAA,MAAM,CAAC;QAC9DC,KAAO,EAAA;AAAEZ,YAAAA;AAAG,SAAA;QACZN,IAAMZ,EAAAA,UAAAA;QACNa,QAAU,EAAA;AAAC,YAAA;AAAQ;AACrB,KAAA,CAAA;AAEA,IAAA,IAAIe,WAAa,EAAA;AACfpC,QAAAA,MAAAA,CAAOuB,QAAQ,CAACC,IAAI,CAAC,aAAe,EAAA;AAAErB,YAAAA,IAAAA,EAAMD,YAAakC,CAAAA,WAAAA;AAAa,SAAA,CAAA;AACxE;IAEA,OAAOA,WAAAA;AACT,CAAA;AAEA;;;;IAKA,MAAMG,oBAAuB,GAAA,OAAOC,KAAe1B,EAAAA,QAAAA,GAAAA;IACjD,MAAMX,IAAAA,GAAO,MAAMH,MAAOkB,CAAAA,EAAE,CACzBC,KAAK,CAAC,aACNsB,CAAAA,CAAAA,OAAO,CAAC;QAAEH,KAAO,EAAA;AAAEE,YAAAA;AAAM,SAAA;QAAGnB,QAAU,EAAA;AAAC,YAAA;AAAQ;AAAC,KAAA,CAAA;AAEnD,IAAA,IAAI,CAAClB,IAAM,EAAA;AACT,QAAA,MAAM,IAAIuC,KAAM,CAAA,CAAC,0BAA0B,EAAEF,MAAM,CAAC,CAAA;AACtD;IAEA,IAAI;QACF,MAAMG,yBAAAA,CAAkBC,QAAQ,CAAC9B,QAAAA,CAAAA;AACnC,KAAA,CAAE,OAAO+B,KAAO,EAAA;AACd,QAAA,MAAM,IAAIrD,eACR,CAAA,wGAAA,CAAA;AAEJ;IAEA,MAAMiC,UAAAA,CAAWtB,IAAKuB,CAAAA,EAAE,EAAE;AAAEZ,QAAAA;AAAS,KAAA,CAAA;AACvC,CAAA;AAEA;;;IAIA,MAAMc,uBAAuB,OAAOkB,MAAAA,GAAAA;IAClC,MAAM3C,IAAAA,GAAQ,MAAMsC,OAAQK,CAAAA,MAAAA,CAAAA;IAC5B,IAAI,CAAC3C,MAAM,OAAO,KAAA;AAElB,IAAA,MAAM0B,cAAiB,GAAA,MAAMlB,gBAAW,CAAA,MAAA,CAAA,CAAQmB,2BAA2B,EAAA;AAE3E,IAAA,OAAOD,cAAekB,CAAAA,UAAU,KAAK,CAAA,IAAKC,wBAAkB7C,CAAAA,IAAAA,CAAAA;AAC9D,CAAA;AAEA;;;IAIA,MAAM8C,wBAAwB,OAAOH,MAAAA,GAAAA;IACnC,MAAMI,WAAAA,GAAe,MAAMT,OAAQK,CAAAA,MAAAA,CAAAA;AAEnC,IAAA,IAAI,CAACI,WAAAA,IAAe,CAACF,wBAAAA,CAAkBE,cAAc,OAAO,KAAA;IAE5D,MAAM,CAACC,UAAW,CAAA,GAAG,MAAMnD,MAAAA,CAAOkB,EAAE,CAACC,KAAK,CAAC,aAAeiC,CAAAA,CAAAA,QAAQ,CAAC;QACjE/B,QAAU,EAAA;YACRhB,KAAO,EAAA;gBACLiC,KAAO,EAAA;oBACLe,IAAM,EAAA;wBAAEC,GAAKhE,EAAAA;AAAiB;AAChC;AACF;AACF,SAAA;QACAiE,OAAS,EAAA;YAAEC,SAAW,EAAA;AAAM,SAAA;QAC5BC,KAAO,EAAA,CAAA;QACPC,MAAQ,EAAA;AAAC,YAAA;AAAK;AAChB,KAAA,CAAA;AAEA,IAAA,OAAOP,UAAWzB,CAAAA,EAAE,KAAKwB,WAAAA,CAAYxB,EAAE;AACzC,CAAA;AAEA;;;AAGC,IACD,MAAMiC,MAAAA,GAAS,OAAOnD,UAAAA,GAAa,EAAa,GAAA;IAC9C,OAAQ,MAAMR,MAAOkB,CAAAA,EAAE,CAACC,KAAK,CAAC,aAAeyC,CAAAA,CAAAA,KAAK,CAAC;QAAEtB,KAAO9B,EAAAA;KAAiB,CAAA,GAAA,CAAA;AAC/E,CAAA;AAEA;;;;IAKA,MAAMqD,uBAAuB,OAC3BnD,iBAAAA,GAAAA;IAEA,MAAMP,IAAAA,GAAO,MAAMH,MAAOkB,CAAAA,EAAE,CAACC,KAAK,CAAC,aAAesB,CAAAA,CAAAA,OAAO,CAAC;QAAEH,KAAO,EAAA;AAAE5B,YAAAA;AAAkB;AAAE,KAAA,CAAA;AAEzF,IAAA,IAAI,CAACP,IAAM,EAAA;QACT,OAAO2D,SAAAA;AACT;IAEA,OAAOlE,CAAAA,CAAEC,IAAI,CAACM,IAAM,EAAA;AAAC,QAAA,OAAA;AAAS,QAAA,WAAA;AAAa,QAAA;AAAW,KAAA,CAAA;AACxD,CAAA;AAEA;;;;;AAKC,IACD,MAAM4D,QAAW,GAAA,OAAO,EACtBrD,iBAAiB,EACjBD,QAAQ,EAIT,GAAA;IACC,MAAMuD,YAAAA,GAAe,MAAMhE,MAAOkB,CAAAA,EAAE,CACjCC,KAAK,CAAC,aACNsB,CAAAA,CAAAA,OAAO,CAAC;QAAEH,KAAO,EAAA;AAAE5B,YAAAA;AAAkB;AAAE,KAAA,CAAA;AAE1C,IAAA,IAAI,CAACsD,YAAc,EAAA;AACjB,QAAA,MAAM,IAAIxE,eAAgB,CAAA,2BAAA,CAAA;AAC5B;AAEA,IAAA,OAAOmB,iBAAW,MAAQc,CAAAA,CAAAA,UAAU,CAACuC,YAAAA,CAAatC,EAAE,EAAE;AACpDZ,QAAAA,QAAAA,EAAUL,SAASK,QAAQ;AAC3BmD,QAAAA,SAAAA,EAAWxD,SAASwD,SAAS;AAC7BC,QAAAA,QAAAA,EAAUzD,SAASyD,QAAQ;QAC3BxD,iBAAmB,EAAA,IAAA;QACnBwB,QAAU,EAAA;AACZ,KAAA,CAAA;AACF,CAAA;AAEA;;AAEC,IACD,MAAMO,OAAAA,GAAU,OAAOf,EAAAA,EAAaL,QAAW,GAAA;AAAC,IAAA;AAAQ,CAAA,GAAA;AACtD,IAAA,OAAOrB,OAAOkB,EAAE,CAACC,KAAK,CAAC,aAAA,CAAA,CAAesB,OAAO,CAAC;QAAEH,KAAO,EAAA;AAAEZ,YAAAA;AAAG,SAAA;AAAGL,QAAAA;AAAS,KAAA,CAAA;AAC1E,CAAA;AAEA;;;;;AAKC,IACD,MAAM8C,cAAAA,GAAiB,OAAO3B,KAAAA,EAAenB,WAAW,EAAE,GAAA;AACxD,IAAA,OAAOrB,OAAOkB,EAAE,CAACC,KAAK,CAAC,aAAA,CAAA,CAAesB,OAAO,CAAC;QAC5CH,KAAO,EAAA;YAAEE,KAAO,EAAA;gBAAE4B,IAAM5B,EAAAA;AAAM;AAAE,SAAA;AAChCnB,QAAAA;AACF,KAAA,CAAA;AACF,CAAA;AAEA;;AAEC,IACD,MAAMgD,QAAAA,GAAW,OAAOC,MAAAA,GAAS,EAAE,GAAA;IACjC,MAAMnD,KAAAA,GAAQnB,OACXuE,GAAG,CAAC,gBACJC,SAAS,CAAC,eAAeC,WAAS,CAAA;QAAEpD,QAAU,EAAA;AAAC,YAAA;AAAQ;KAAIiD,EAAAA,MAAAA,CAAAA,CAAAA;AAE9D,IAAA,OAAOtE,OAAOkB,EAAE,CAACC,KAAK,CAAC,aAAA,CAAA,CAAekD,QAAQ,CAAClD,KAAAA,CAAAA;AACjD,CAAA;AAEA;;IAGA,MAAMuD,aAAa,OAAOhD,EAAAA,GAAAA;;IAExB,MAAMiD,YAAAA,GAAiC,MAAM3E,MAAOkB,CAAAA,EAAE,CAACC,KAAK,CAAC,aAAesB,CAAAA,CAAAA,OAAO,CAAC;QAClFH,KAAO,EAAA;AAAEZ,YAAAA;AAAG,SAAA;QACZL,QAAU,EAAA;AAAC,YAAA;AAAQ;AACrB,KAAA,CAAA;AAEA,IAAA,IAAI,CAACsD,YAAc,EAAA;QACjB,OAAO,IAAA;AACT;AAEA,IAAA,IAAIA,YAAc,EAAA;QAChB,IAAIA,YAAAA,CAAatE,KAAK,CAACuE,IAAI,CAAC,CAACC,CAAMA,GAAAA,CAAAA,CAAExB,IAAI,KAAK/D,gBAAmB,CAAA,EAAA;AAC/D,YAAA,MAAMuC,cAAiB,GAAA,MAAMlB,gBAAW,CAAA,MAAA,CAAA,CAAQmB,2BAA2B,EAAA;YAC3E,IAAID,cAAAA,CAAekB,UAAU,KAAK,CAAG,EAAA;AACnC,gBAAA,MAAM,IAAIvD,eAAgB,CAAA,wDAAA,CAAA;AAC5B;AACF;AACF;IAEA,MAAMsF,WAAAA,GAAc,MAAM9E,MAAOkB,CAAAA,EAAE,CAChCC,KAAK,CAAC,aACN4D,CAAAA,CAAAA,MAAM,CAAC;QAAEzC,KAAO,EAAA;AAAEZ,YAAAA;AAAG,SAAA;QAAGL,QAAU,EAAA;AAAC,YAAA;AAAQ;AAAC,KAAA,CAAA;;AAG/C,IAAA,MAAMpB,cAAiBH,GAAAA,iBAAAA,EAAAA;AACvB,IAAA,IAAIG,cAAkBA,IAAAA,cAAAA,CAAe+E,SAAS,CAAC,OAAU,CAAA,EAAA;AACvD,QAAA,MAAM/E,cAAe,CAAA,OAAA,CAAA,CAASgF,sBAAsB,CAACC,MAAOxD,CAAAA,EAAAA,CAAAA,CAAAA;AAC9D;AAEA1B,IAAAA,MAAAA,CAAOuB,QAAQ,CAACC,IAAI,CAAC,aAAe,EAAA;AAAErB,QAAAA,IAAAA,EAAMD,YAAa4E,CAAAA,WAAAA;AAAa,KAAA,CAAA;IAEtE,OAAOA,WAAAA;AACT,CAAA;AAEA;;IAGA,MAAMK,cAAc,OAAOC,GAAAA,GAAAA;;AAEzB,IAAA,MAAMvD,cAAiB,GAAA,MAAMlB,gBAAW,CAAA,MAAA,CAAA,CAAQmB,2BAA2B,EAAA;IAC3E,MAAMuD,sBAAAA,GAAyB,MAAMrF,MAAOkB,CAAAA,EAAE,CAACC,KAAK,CAAC,aAAeyC,CAAAA,CAAAA,KAAK,CAAC;QACxEtB,KAAO,EAAA;YACLZ,EAAI0D,EAAAA,GAAAA;YACJ/E,KAAO,EAAA;AAAEqB,gBAAAA,EAAAA,EAAIG,eAAeH;AAAG;AACjC;AACF,KAAA,CAAA;IAEA,IAAIG,cAAAA,CAAekB,UAAU,KAAKsC,sBAAwB,EAAA;AACxD,QAAA,MAAM,IAAI7F,eAAgB,CAAA,wDAAA,CAAA;AAC5B;AAEA,IAAA,MAAM8F,eAAe,EAAE;IACvB,KAAK,MAAM5D,MAAM0D,GAAK,CAAA;QACpB,MAAMN,WAAAA,GAAc,MAAM9E,MAAOkB,CAAAA,EAAE,CAACC,KAAK,CAAC,aAAe4D,CAAAA,CAAAA,MAAM,CAAC;YAC9DzC,KAAO,EAAA;AAAEZ,gBAAAA;AAAG,aAAA;YACZL,QAAU,EAAA;AAAC,gBAAA;AAAQ;AACrB,SAAA,CAAA;;AAGA,QAAA,MAAMpB,cAAiBH,GAAAA,iBAAAA,EAAAA;AACvB,QAAA,IAAIG,cAAkBA,IAAAA,cAAAA,CAAe+E,SAAS,CAAC,OAAU,CAAA,EAAA;AACvD,YAAA,MAAM/E,cAAe,CAAA,OAAA,CAAA,CAASgF,sBAAsB,CAACC,MAAOxD,CAAAA,EAAAA,CAAAA,CAAAA;AAC9D;AAEA4D,QAAAA,YAAAA,CAAaC,IAAI,CAACT,WAAAA,CAAAA;AACpB;AAEA9E,IAAAA,MAAAA,CAAOuB,QAAQ,CAACC,IAAI,CAAC,aAAe,EAAA;AAClCgE,QAAAA,KAAAA,EAAOF,YAAahF,CAAAA,GAAG,CAAC,CAACwE,cAAgB5E,YAAa4E,CAAAA,WAAAA,CAAAA;AACxD,KAAA,CAAA;IAEA,OAAOQ,YAAAA;AACT,CAAA;AAEA;AACC,IACD,MAAMG,qBAAwB,GAAA,UAAA;AAC5B,IAAA,OAAOzF,OAAOkB,EAAE,CAACC,KAAK,CAAC,aAAA,CAAA,CAAeyC,KAAK,CAAC;QAC1CtB,KAAO,EAAA;YACLjC,KAAO,EAAA;gBACLqB,EAAI,EAAA;oBAAEgE,KAAO,EAAA;AAAK;AACpB;AACF;AACF,KAAA,CAAA;AACF,CAAA;AAEA;;;AAGC,IACD,MAAM9B,KAAAA,GAAQ,OAAOtB,KAAAA,GAAQ,EAAE,GAAA;AAC7B,IAAA,OAAOtC,OAAOkB,EAAE,CAACC,KAAK,CAAC,aAAA,CAAA,CAAeyC,KAAK,CAAC;AAAEtB,QAAAA;AAAM,KAAA,CAAA;AACtD,CAAA;AAEA;;IAGA,MAAMqD,mBAAmB,OAAOC,MAAAA,GAAAA;IAC9B,MAAMJ,KAAAA,GAAQ,MAAMxF,MAAOkB,CAAAA,EAAE,CAACC,KAAK,CAAC,aAAeiC,CAAAA,CAAAA,QAAQ,CAAC;QAC1DM,MAAQ,EAAA;AAAC,YAAA;AAAK,SAAA;QACdpB,KAAO,EAAA;YACLjC,KAAO,EAAA;gBAAEqB,EAAI,EAAA;oBAAEgE,KAAO,EAAA;AAAK;AAAE;AAC/B;AACF,KAAA,CAAA;AAEA,IAAA,MAAMG,QAAQC,GAAG,CACfN,KAAMlF,CAAAA,GAAG,CAAC,CAACH,IAAAA,GAAAA;AACT,QAAA,OAAOH,OAAOkB,EAAE,CAACC,KAAK,CAAC,aAAA,CAAA,CAAekB,MAAM,CAAC;YAC3CC,KAAO,EAAA;AAAEZ,gBAAAA,EAAAA,EAAIvB,KAAKuB;AAAG,aAAA;YACrBN,IAAM,EAAA;gBAAEf,KAAO,EAAA;AAACuF,oBAAAA;AAAO;AAAC;AAC1B,SAAA,CAAA;AACF,KAAA,CAAA,CAAA;AAEJ,CAAA;AAEA;AACC,IACD,MAAMG,iCAAoC,GAAA,UAAA;AACxC,IAAA,MAAMnC,QAAQ,MAAM6B,qBAAAA,EAAAA;AAEpB,IAAA,IAAI7B,QAAQ,CAAG,EAAA;QACb5D,MAAOgG,CAAAA,GAAG,CAACC,IAAI,CAAC,CAAC,YAAY,EAAErC,KAAM,CAAA,sBAAsB,CAAC,CAAA;AAC9D;AACF,CAAA;AAEA;AACC,IACD,MAAMsC,iBAAoB,GAAA,UAAA;IACxB,MAAMV,KAAAA,GAAQ,MAAMxF,MAAOkB,CAAAA,EAAE,CAACC,KAAK,CAAC,aAAeiC,CAAAA,CAAAA,QAAQ,CAAC;QAAEM,MAAQ,EAAA;AAAC,YAAA;AAAmB;AAAC,KAAA,CAAA;AAE3F,IAAA,OAAO8B,MAAMlF,GAAG,CAAC,CAACH,IAASA,GAAAA,IAAAA,CAAKgG,gBAAgB,IAAI,IAAA,CAAA;AACtD,CAAA;AAEA;;AAEC,IACD,MAAMC,UAAa,GAAA,UAAA;AACjB,IAAA,MAAMC,YAAe,GAAA,0BAAA;;AAGrB,IAAA,IAAI,CAACrG,MAAAA,CAAOsG,EAAE,EAAEC,IAAM,EAAA;QACpBvG,MAAOgG,CAAAA,GAAG,CAACnD,KAAK,CAAC,CAAC,EAAEwD,YAAAA,CAAa,4CAA4C,CAAC,CAAA;AAC9E,QAAA,MAAM,IAAI3D,KAAM,CAAA,yDAAA,CAAA;AAClB;;;AAIA,IAAA,IAAI8D,SAAYC,GAAAA,OAAAA,CAAQC,GAAG,CAACC,cAAc;AAE1C,IAAA,IAAI,CAACH,SAAW,EAAA;QACd,IAAI;YACF,MAAMI,WAAAA,GAAcC,IAAKC,CAAAA,IAAI,CAAC9G,MAAAA,CAAO+G,IAAI,CAACC,GAAG,CAACC,IAAI,EAAE,aAAA,CAAA;AACpDT,YAAAA,SAAAA,GAAYU,EAAGC,CAAAA,YAAY,CAACP,WAAAA,CAAAA,CAAaQ,QAAQ,EAAA;AACnD,SAAA,CAAE,OAAOvE,KAAO,EAAA;;AAEhB;AACF;AAEA,IAAA,IAAI,CAAC2D,SAAW,EAAA;QACdxG,MAAOgG,CAAAA,GAAG,CAACnD,KAAK,CACd,CAAC,EAAEwD,YAAAA,CAAa,0GAA0G,CAAC,CAAA;AAE7H,QAAA,MAAM,IAAI3D,KAAM,CAAA,yDAAA,CAAA;AAClB;AAEA,IAAA,MAAM2E,WAAcZ,GAAAA,OAAAA,CAAQC,GAAG,CAACY,aAAa,IAAI,kCAAA;AAEjD,IAAA,IAAI,CAACD,WAAa,EAAA;QAChBrH,MAAOgG,CAAAA,GAAG,CAACnD,KAAK,CACd,CAAC,EAAEwD,YAAAA,CAAa,6EAA6E,CAAC,CAAA;AAEhG,QAAA,MAAM,IAAI3D,KAAM,CAAA,yDAAA,CAAA;AAClB;;AAGA,IAAA,MAAMvC,OAAOH,MAAOuH,CAAAA,cAAc,CAAChD,GAAG,IAAIiD,KAAOrH,EAAAA,IAAAA;AACjD,IAAA,IAAI,CAACA,IAAM,EAAA;QACTH,MAAOgG,CAAAA,GAAG,CAACnD,KAAK,CAAC,CAAC,EAAEwD,YAAAA,CAAa,yCAAyC,CAAC,CAAA;AAC3E,QAAA,MAAM,IAAI3D,KAAM,CAAA,yDAAA,CAAA;AAClB;AAEA,IAAA,MAAM+E,cAAiBtH,GAAAA,IAAAA,CAAKuB,EAAE,CAAC0F,QAAQ,EAAA;;AAGvC,IAAA,MAAMM,SAAY1H,GAAAA,MAAAA,CAAO2H,MAAM,CAACpD,GAAG,CAAC,MAAA,CAAA;AACpC,IAAA,IAAI,CAACmD,SAAW,EAAA;QACd1H,MAAOgG,CAAAA,GAAG,CAACnD,KAAK,CAAC,CAAC,EAAEwD,YAAAA,CAAa,0BAA0B,CAAC,CAAA;AAC5D,QAAA,MAAM,IAAI3D,KAAM,CAAA,yDAAA,CAAA;AAClB;IAEA1C,MAAOgG,CAAAA,GAAG,CAAC4B,IAAI,CAAC,2CAAA,CAAA;IAEhB,IAAI;;QAEF,MAAMC,QAAAA,GAAW,MAAMC,KAAM,CAAA,CAAC,EAAET,WAAY,CAAA,cAAc,CAAC,EAAE;YAC3DU,MAAQ,EAAA,MAAA;YACRC,OAAS,EAAA;gBACP,cAAgB,EAAA,kBAAA;;;AAGhB,gBAAA,cAAA,EAAgBC,OAAOC,UAAU;AACnC,aAAA;YACAC,IAAMC,EAAAA,IAAAA,CAAKC,SAAS,CAAC;AACnB7B,gBAAAA,SAAAA;AACAiB,gBAAAA,cAAAA;AACAC,gBAAAA;AACF,aAAA;AACF,SAAA,CAAA;QAEA,IAAI,CAACG,QAASS,CAAAA,EAAE,EAAE;YAChB,IAAIC,SAAAA;YACJ,IAAIC,SAAAA;YACJ,IAAI;gBACFA,SAAY,GAAA,MAAMX,SAASY,IAAI,EAAA;gBAC/BF,SAAYH,GAAAA,IAAAA,CAAKM,KAAK,CAACF,SAAAA,CAAAA;AACzB,aAAA,CAAE,OAAM;gBACND,SAAY,GAAA;AAAE1F,oBAAAA,KAAAA,EAAO2F,SAAa,IAAA;AAAiC,iBAAA;AACrE;AAEAxI,YAAAA,MAAAA,CAAOgG,GAAG,CAACnD,KAAK,CAAC,CAAC,EAAEwD,YAAa,CAAA,CAAC,EAAEkC,SAAAA,EAAW1F,KAAS,IAAA,eAAA,CAAgB,CAAC,EAAE;AACzE8F,gBAAAA,MAAAA,EAAQd,SAASc,MAAM;AACvBC,gBAAAA,UAAAA,EAAYf,SAASe,UAAU;gBAC/B/F,KAAO0F,EAAAA,SAAAA;AACPC,gBAAAA,SAAAA;AACAd,gBAAAA;AACF,aAAA,CAAA;AAEA,YAAA,MAAM,IAAIhF,KAAM,CAAA,yDAAA,CAAA;AAClB;QAEA,IAAItB,IAAAA;QACJ,IAAI;YACFA,IAAQ,GAAA,MAAMyG,SAASgB,IAAI,EAAA;AAI7B,SAAA,CAAE,OAAOC,UAAY,EAAA;YACnB9I,MAAOgG,CAAAA,GAAG,CAACnD,KAAK,CAAC,CAAC,EAAEwD,YAAAA,CAAa,mCAAmC,CAAC,EAAEyC,UAAAA,CAAAA;AACvE,YAAA,MAAM,IAAIpG,KAAM,CAAA,yDAAA,CAAA;AAClB;QAEA,IAAI,CAACtB,IAAK2H,CAAAA,GAAG,EAAE;YACb/I,MAAOgG,CAAAA,GAAG,CAACnD,KAAK,CAAC,CAAC,EAAEwD,YAAAA,CAAa,oCAAoC,CAAC,CAAA;AACtE,YAAA,MAAM,IAAI3D,KAAM,CAAA,yDAAA,CAAA;AAClB;AAEA1C,QAAAA,MAAAA,CAAOgG,GAAG,CAACgD,IAAI,CAAC,iCAAmC,EAAA;AACjDlG,YAAAA,MAAAA,EAAQ3C,KAAKuB,EAAE;AACfuH,YAAAA,SAAAA,EAAW7H,KAAK6H;AAClB,SAAA,CAAA;;;QAIA,OAAO;AACLC,YAAAA,KAAAA,EAAO9H,KAAK2H,GAAG;AACfE,YAAAA,SAAAA,EAAW7H,KAAK6H;AAClB,SAAA;AACF,KAAA,CAAE,OAAOE,UAAY,EAAA;AACnB,QAAA,IAAIA,UAAsBzG,YAAAA,KAAAA,IAASyG,UAAWC,CAAAA,IAAI,KAAK,YAAc,EAAA;YACnEpJ,MAAOgG,CAAAA,GAAG,CAACnD,KAAK,CAAC,CAAC,EAAEwD,YAAAA,CAAa,+BAA+B,CAAC,CAAA;AACjE,YAAA,MAAM,IAAI3D,KAAM,CAAA,yDAAA,CAAA;AAClB;QAEA,MAAMyG,UAAAA;AACR;AACF,CAAA;AAEA,WAAe;AACb5I,IAAAA,MAAAA;AACAkB,IAAAA,UAAAA;AACAkC,IAAAA,MAAAA;AACAE,IAAAA,oBAAAA;AACAE,IAAAA,QAAAA;AACA7D,IAAAA,YAAAA;AACAuC,IAAAA,OAAAA;AACA0B,IAAAA,cAAAA;AACAE,IAAAA,QAAAA;AACAK,IAAAA,UAAAA;AACAS,IAAAA,WAAAA;AACAM,IAAAA,qBAAAA;AACA7B,IAAAA,KAAAA;AACA+B,IAAAA,gBAAAA;AACAI,IAAAA,iCAAAA;AACAxD,IAAAA,oBAAAA;AACA2D,IAAAA,iBAAAA;AACAjD,IAAAA,qBAAAA;AACAmD,IAAAA;AACF,CAAE;;;;"}
1	+ {"version":3,"file":"user.js","sources":["../../../../../server/src/services/user.ts"],"sourcesContent":["/* eslint-disable @typescript-eslint/no-non-null-assertion /\nimport _ from 'lodash';\nimport { defaults } from 'lodash/fp';\nimport { arrays, errors } from '@strapi/utils';\nimport type { Data } from '@strapi/types';\nimport crypto from 'crypto';\nimport fs from 'fs';\nimport path from 'path';\nimport { createUser, hasSuperAdminRole } from '../domain/user';\nimport type {\n AdminUser,\n AdminRole,\n AdminUserCreationPayload,\n SanitizedAdminUser,\n SanitizedAdminRole,\n AdminUserUpdatePayload,\n // eslint-disable-next-line node/no-unpublished-import\n} from '../../../shared/contracts/shared';\nimport { password as passwordValidator } from '../validation/common-validators';\nimport { getService } from '../utils';\nimport constants from './constants';\n\nconst { SUPER_ADMIN_CODE } = constants;\n\nconst { ValidationError } = errors;\nconst sanitizeUserRoles = (role: AdminRole): SanitizedAdminRole =>\n _.pick(role, ['id', 'name', 'description', 'code']);\n\nconst getSessionManager = () => {\n const manager = strapi.sessionManager;\n return manager ?? null;\n};\n\n/\n Remove private user fields\n * @param user - user to sanitize\n /\nconst sanitizeUser = (user: AdminUser): SanitizedAdminUser => {\n return {\n ..._.omit(user, ['password', 'resetPasswordToken', 'registrationToken', 'roles']),\n roles: user.roles && user.roles.map(sanitizeUserRoles),\n };\n};\n\n/\n Create and save a user in database\n * @param attributes A partial user object\n /\nconst create = async (\n // isActive is added in the controller, it's not sent by the API.\n attributes: Partial<AdminUserCreationPayload> & { isActive?: true }\n): Promise<AdminUser> => {\n const userInfo = {\n registrationToken: getService('token').createToken(),\n ...attributes,\n };\n\n if (_.has(attributes, 'password')) {\n userInfo.password = await getService('auth').hashPassword(attributes.password!);\n }\n\n const user = createUser(userInfo);\n\n const createdUser = await strapi.db\n .query('admin::user')\n .create({ data: user, populate: ['roles'] });\n\n getService('metrics').sendDidInviteUser();\n\n strapi.eventHub.emit('user.create', { user: sanitizeUser(createdUser) });\n\n return createdUser;\n};\n\n/\n Update a user in database\n * @param id query params to find the user to update\n * @param attributes A partial user object\n /\nconst updateById = async (\n id: Data.ID,\n attributes: Partial<AdminUserUpdatePayload>\n): Promise<AdminUser> => {\n // Check at least one super admin remains\n if (_.has(attributes, 'roles')) {\n const lastAdminUser = await isLastSuperAdminUser(id);\n const superAdminRole = await getService('role').getSuperAdminWithUsersCount();\n const willRemoveSuperAdminRole = !arrays.includesString(attributes.roles!, superAdminRole.id);\n\n if (lastAdminUser && willRemoveSuperAdminRole) {\n throw new ValidationError('You must have at least one user with super admin role.');\n }\n }\n\n // cannot disable last super admin\n if (attributes.isActive === false) {\n const lastAdminUser = await isLastSuperAdminUser(id);\n if (lastAdminUser) {\n throw new ValidationError('You must have at least one user with super admin role.');\n }\n }\n\n // hash password if a new one is sent\n if (_.has(attributes, 'password')) {\n const hashedPassword = await getService('auth').hashPassword(attributes.password!);\n\n const updatedUser = await strapi.db.query('admin::user').update({\n where: { id },\n data: {\n ...attributes,\n password: hashedPassword,\n },\n populate: ['roles'],\n });\n\n strapi.eventHub.emit('user.update', { user: sanitizeUser(updatedUser) });\n\n return updatedUser;\n }\n\n const updatedUser = await strapi.db.query('admin::user').update({\n where: { id },\n data: attributes,\n populate: ['roles'],\n });\n\n if (updatedUser) {\n strapi.eventHub.emit('user.update', { user: sanitizeUser(updatedUser) });\n }\n\n return updatedUser;\n};\n\n/\n Reset a user password by email. (Used in admin:reset CLI)\n * @param email - user email\n * @param password - new password\n /\nconst resetPasswordByEmail = async (email: string, password: string) => {\n const user = await strapi.db\n .query('admin::user')\n .findOne({ where: { email }, populate: ['roles'] });\n\n if (!user) {\n throw new Error(`User not found for email: ${email}`);\n }\n\n try {\n await passwordValidator.validate(password);\n } catch (error) {\n throw new ValidationError(\n 'Invalid password. Expected a minimum of 8 characters with at least one number and one uppercase letter'\n );\n }\n\n await updateById(user.id, { password });\n};\n\n/\n Check if a user is the last super admin\n * @param userId user's id to look for\n /\nconst isLastSuperAdminUser = async (userId: Data.ID): Promise<boolean> => {\n const user = (await findOne(userId)) as AdminUser \| null;\n if (!user) return false;\n\n const superAdminRole = await getService('role').getSuperAdminWithUsersCount();\n\n return superAdminRole.usersCount === 1 && hasSuperAdminRole(user);\n};\n\n/\n Check if a user is the first super admin\n * @param userId user's id to look for\n /\nconst isFirstSuperAdminUser = async (userId: Data.ID): Promise<boolean> => {\n const currentUser = (await findOne(userId)) as AdminUser \| null;\n\n if (!currentUser \|\| !hasSuperAdminRole(currentUser)) return false;\n\n const [oldestUser] = await strapi.db.query('admin::user').findMany({\n populate: {\n roles: {\n where: {\n code: { $eq: SUPER_ADMIN_CODE },\n },\n },\n },\n orderBy: { createdAt: 'asc' },\n limit: 1,\n select: ['id'],\n });\n\n return oldestUser.id === currentUser.id;\n};\n\n/\n Check if a user with specific attributes exists in the database\n * @param attributes A partial user object\n /\nconst exists = async (attributes = {} as unknown): Promise<boolean> => {\n return (await strapi.db.query('admin::user').count({ where: attributes })) > 0;\n};\n\n/\n Returns a user registration info\n * @param registrationToken - a user registration token\n * @returns - Returns user email, firstname and lastname\n /\nconst findRegistrationInfo = async (\n registrationToken: string\n): Promise<Pick<AdminUser, 'email' \| 'firstname' \| 'lastname'> \| undefined> => {\n const user = await strapi.db.query('admin::user').findOne({ where: { registrationToken } });\n\n if (!user) {\n return undefined;\n }\n\n return _.pick(user, ['email', 'firstname', 'lastname']);\n};\n\n/\n Registers a user based on a registrationToken and some informations to update\n * @param params\n * @param params.registrationToken registration token\n * @param params.userInfo user info\n /\nconst register = async ({\n registrationToken,\n userInfo,\n}: {\n registrationToken: string;\n userInfo: Partial<AdminUser>;\n}) => {\n const matchingUser = await strapi.db\n .query('admin::user')\n .findOne({ where: { registrationToken } });\n\n if (!matchingUser) {\n throw new ValidationError('Invalid registration info');\n }\n\n return getService('user').updateById(matchingUser.id, {\n password: userInfo.password,\n firstname: userInfo.firstname,\n lastname: userInfo.lastname,\n registrationToken: null,\n isActive: true,\n });\n};\n\n/\n Find one user\n /\nconst findOne = async (id: Data.ID, populate = ['roles']) => {\n return strapi.db.query('admin::user').findOne({ where: { id }, populate });\n};\n\n/\n Find one user by its email\n * @param email\n * @param populate\n * @returns\n /\nconst findOneByEmail = async (email: string, populate = []) => {\n return strapi.db.query('admin::user').findOne({\n where: { email: { $eqi: email } },\n populate,\n });\n};\n\n/* Find many users (paginated)\n * @param params\n /\nconst findPage = async (params = {}): Promise<unknown> => {\n const query = strapi\n .get('query-params')\n .transform('admin::user', defaults({ populate: ['roles'] }, params));\n\n return strapi.db.query('admin::user').findPage(query);\n};\n\n/* Delete a user\n * @param id id of the user to delete\n /\nconst deleteById = async (id: Data.ID): Promise<AdminUser \| null> => {\n // Check at least one super admin remains\n const userToDelete: AdminUser \| null = await strapi.db.query('admin::user').findOne({\n where: { id },\n populate: ['roles'],\n });\n\n if (!userToDelete) {\n return null;\n }\n\n if (userToDelete) {\n if (userToDelete.roles.some((r) => r.code === SUPER_ADMIN_CODE)) {\n const superAdminRole = await getService('role').getSuperAdminWithUsersCount();\n if (superAdminRole.usersCount === 1) {\n throw new ValidationError('You must have at least one user with super admin role.');\n }\n }\n }\n\n const deletedUser = await strapi.db\n .query('admin::user')\n .delete({ where: { id }, populate: ['roles'] });\n\n // Invalidate all sessions for the deleted user\n const sessionManager = getSessionManager();\n if (sessionManager && sessionManager.hasOrigin('admin')) {\n await sessionManager('admin').invalidateRefreshToken(String(id));\n }\n\n strapi.eventHub.emit('user.delete', { user: sanitizeUser(deletedUser) });\n\n return deletedUser;\n};\n\n/* Delete a user\n * @param ids ids of the users to delete\n /\nconst deleteByIds = async (ids: (string \| number)[]): Promise<AdminUser[]> => {\n // Check at least one super admin remains\n const superAdminRole = await getService('role').getSuperAdminWithUsersCount();\n const nbOfSuperAdminToDelete = await strapi.db.query('admin::user').count({\n where: {\n id: ids,\n roles: { id: superAdminRole.id },\n },\n });\n\n if (superAdminRole.usersCount === nbOfSuperAdminToDelete) {\n throw new ValidationError('You must have at least one user with super admin role.');\n }\n\n const deletedUsers = [] as AdminUser[];\n for (const id of ids) {\n const deletedUser = await strapi.db.query('admin::user').delete({\n where: { id },\n populate: ['roles'],\n });\n\n // Invalidate all sessions for the deleted user\n const sessionManager = getSessionManager();\n if (sessionManager && sessionManager.hasOrigin('admin')) {\n await sessionManager('admin').invalidateRefreshToken(String(id));\n }\n\n deletedUsers.push(deletedUser);\n }\n\n strapi.eventHub.emit('user.delete', {\n users: deletedUsers.map((deletedUser) => sanitizeUser(deletedUser)),\n });\n\n return deletedUsers;\n};\n\n/* Count the users that don't have any associated roles\n /\nconst countUsersWithoutRole = async (): Promise<number> => {\n return strapi.db.query('admin::user').count({\n where: {\n roles: {\n id: { $null: true },\n },\n },\n });\n};\n\n/\n Count the number of users based on search params\n * @param params params used for the query\n /\nconst count = async (where = {}): Promise<number> => {\n return strapi.db.query('admin::user').count({ where });\n};\n\n/\n Assign some roles to several users\n /\nconst assignARoleToAll = async (roleId: Data.ID): Promise<void> => {\n const users = await strapi.db.query('admin::user').findMany({\n select: ['id'],\n where: {\n roles: { id: { $null: true } },\n },\n });\n\n await Promise.all(\n users.map((user) => {\n return strapi.db.query('admin::user').update({\n where: { id: user.id },\n data: { roles: [roleId] },\n });\n })\n );\n};\n\n/* Display a warning if some users don't have at least one role\n /\nconst displayWarningIfUsersDontHaveRole = async (): Promise<void> => {\n const count = await countUsersWithoutRole();\n\n if (count > 0) {\n strapi.log.warn(`Some users (${count}) don't have any role.`);\n }\n};\n\n/* Returns an array of interface languages currently used by users\n /\nconst getLanguagesInUse = async (): Promise<string[]> => {\n const users = await strapi.db.query('admin::user').findMany({ select: ['preferedLanguage'] });\n\n return users.map((user) => user.preferedLanguage \|\| 'en');\n};\n\n/\n In-memory cache for AI tokens\n * Key format: `${projectId}:${userId}`\n /\nconst aiTokenCache = new Map<\n string,\n {\n token: string;\n expiresAt?: string;\n expiresAtMs?: number;\n }\n>();\n\n/\n Generate an AI token for the user performing the request\n /\nconst getAiToken = async (): Promise<{ token: string; expiresAt?: string }> => {\n const ERROR_PREFIX = 'AI token request failed:';\n\n // Check if EE features are enabled first\n if (!strapi.ee?.isEE) {\n strapi.log.error(`${ERROR_PREFIX} Enterprise Edition features are not enabled`);\n throw new Error('AI token request failed. Check server logs for details.');\n }\n\n // Get the EE license\n // First try environment variable, then try reading from file\n let eeLicense = process.env.STRAPI_LICENSE;\n\n if (!eeLicense) {\n try {\n const licensePath = path.join(strapi.dirs.app.root, 'license.txt');\n eeLicense = fs.readFileSync(licensePath).toString();\n } catch (error) {\n // License file doesn't exist or can't be read\n }\n }\n\n if (!eeLicense) {\n strapi.log.error(\n `${ERROR_PREFIX} No EE license found. Please ensure STRAPI_LICENSE environment variable is set or license.txt file exists.`\n );\n throw new Error('AI token request failed. Check server logs for details.');\n }\n\n const aiServerUrl = process.env.STRAPI_AI_URL \|\| 'https://strapi-ai.apps.strapi.io';\n\n if (!aiServerUrl) {\n strapi.log.error(\n `${ERROR_PREFIX} AI server URL not configured. Please set STRAPI_AI_URL environment variable.`\n );\n throw new Error('AI token request failed. Check server logs for details.');\n }\n\n // Create a secure user identifier using only user ID\n const user = strapi.requestContext.get()?.state?.user as AdminUser \| undefined;\n if (!user) {\n strapi.log.error(`${ERROR_PREFIX} No authenticated user in request context`);\n throw new Error('AI token request failed. Check server logs for details.');\n }\n\n const userIdentifier = user.id.toString();\n\n // Get project ID\n const projectId = strapi.config.get('uuid');\n if (!projectId) {\n strapi.log.error(`${ERROR_PREFIX} Project ID not configured`);\n throw new Error('AI token request failed. Check server logs for details.');\n }\n\n // Check cache for existing valid token\n const cacheKey = `${projectId}:${userIdentifier}`;\n const cachedToken = aiTokenCache.get(cacheKey);\n\n if (cachedToken) {\n const now = Date.now();\n // Check if token is still valid (with buffer so it has time to to be used)\n const bufferMs = 2 60 * 1000; // 2 minutes\n\n if (cachedToken.expiresAtMs && cachedToken.expiresAtMs - bufferMs > now) {\n strapi.log.info('Using cached AI token');\n\n return {\n token: cachedToken.token,\n expiresAt: cachedToken.expiresAt,\n };\n }\n\n // Token expired or will expire soon, remove from cache\n aiTokenCache.delete(cacheKey);\n }\n\n strapi.log.http('Contacting AI Server for token generation');\n\n try {\n // Call the AI server's getAiJWT endpoint\n const response = await fetch(`${aiServerUrl}/auth/getAiJWT`, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n // No authorization header needed for public endpoint\n // Add request ID for tracing\n 'X-Request-Id': crypto.randomUUID(),\n },\n body: JSON.stringify({\n eeLicense,\n userIdentifier,\n projectId,\n }),\n });\n\n if (!response.ok) {\n let errorData;\n let errorText;\n try {\n errorText = await response.text();\n errorData = JSON.parse(errorText);\n } catch {\n errorData = { error: errorText \|\| 'Failed to parse error response' };\n }\n\n strapi.log.error(`${ERROR_PREFIX} ${errorData?.error \|\| 'Unknown error'}`, {\n status: response.status,\n statusText: response.statusText,\n error: errorData,\n errorText,\n projectId,\n });\n\n throw new Error('AI token request failed. Check server logs for details.');\n }\n\n let data;\n try {\n data = (await response.json()) as {\n jwt: string;\n expiresAt?: string;\n };\n } catch (parseError) {\n strapi.log.error(`${ERROR_PREFIX} Failed to parse AI server response`, parseError);\n throw new Error('AI token request failed. Check server logs for details.');\n }\n\n if (!data.jwt) {\n strapi.log.error(`${ERROR_PREFIX} Invalid response: missing JWT token`);\n throw new Error('AI token request failed. Check server logs for details.');\n }\n\n strapi.log.info('AI token generated successfully', {\n userId: user.id,\n expiresAt: data.expiresAt,\n });\n\n // Cache the token if it has an expiration time\n if (data.expiresAt) {\n const expiresAtMs = new Date(data.expiresAt).getTime();\n aiTokenCache.set(cacheKey, {\n token: data.jwt,\n expiresAt: data.expiresAt,\n expiresAtMs,\n });\n }\n\n // Return the AI JWT with metadata\n // Note: Token expires in 1 hour, client should handle refresh\n return {\n token: data.jwt,\n expiresAt: data.expiresAt, // 1 hour from generation\n };\n } catch (fetchError) {\n if (fetchError instanceof Error && fetchError.name === 'AbortError') {\n strapi.log.error(`${ERROR_PREFIX} Request to AI server timed out`);\n throw new Error('AI token request failed. Check server logs for details.');\n }\n\n throw fetchError;\n }\n};\n\nexport default {\n create,\n updateById,\n exists,\n findRegistrationInfo,\n register,\n sanitizeUser,\n findOne,\n findOneByEmail,\n findPage,\n deleteById,\n deleteByIds,\n countUsersWithoutRole,\n count,\n assignARoleToAll,\n displayWarningIfUsersDontHaveRole,\n resetPasswordByEmail,\n getLanguagesInUse,\n isFirstSuperAdminUser,\n getAiToken,\n};\n"],"names":["SUPER_ADMIN_CODE","constants","ValidationError","errors","sanitizeUserRoles","role","_","pick","getSessionManager","manager","strapi","sessionManager","sanitizeUser","user","omit","roles","map","create","attributes","userInfo","registrationToken","getService","createToken","has","password","hashPassword","createUser","createdUser","db","query","data","populate","sendDidInviteUser","eventHub","emit","updateById","id","lastAdminUser","isLastSuperAdminUser","superAdminRole","getSuperAdminWithUsersCount","willRemoveSuperAdminRole","arrays","includesString","isActive","hashedPassword","updatedUser","update","where","resetPasswordByEmail","email","findOne","Error","passwordValidator","validate","error","userId","usersCount","hasSuperAdminRole","isFirstSuperAdminUser","currentUser","oldestUser","findMany","code","$eq","orderBy","createdAt","limit","select","exists","count","findRegistrationInfo","undefined","register","matchingUser","firstname","lastname","findOneByEmail","$eqi","findPage","params","get","transform","defaults","deleteById","userToDelete","some","r","deletedUser","delete","hasOrigin","invalidateRefreshToken","String","deleteByIds","ids","nbOfSuperAdminToDelete","deletedUsers","push","users","countUsersWithoutRole","$null","assignARoleToAll","roleId","Promise","all","displayWarningIfUsersDontHaveRole","log","warn","getLanguagesInUse","preferedLanguage","aiTokenCache","Map","getAiToken","ERROR_PREFIX","ee","isEE","eeLicense","process","env","STRAPI_LICENSE","licensePath","path","join","dirs","app","root","fs","readFileSync","toString","aiServerUrl","STRAPI_AI_URL","requestContext","state","userIdentifier","projectId","config","cacheKey","cachedToken","now","Date","bufferMs","expiresAtMs","info","token","expiresAt","http","response","fetch","method","headers","crypto","randomUUID","body","JSON","stringify","ok","errorData","errorText","text","parse","status","statusText","json","parseError","jwt","getTime","set","fetchError","name"],"mappings":";;;;;;;;;;;;;AAsBA,MAAM,EAAEA,gBAAgB,EAAE,GAAGC,SAAAA;AAE7B,MAAM,EAAEC,eAAe,EAAE,GAAGC,YAAAA;AAC5B,MAAMC,oBAAoB,CAACC,IAAAA,GACzBC,CAAEC,CAAAA,IAAI,CAACF,IAAM,EAAA;AAAC,QAAA,IAAA;AAAM,QAAA,MAAA;AAAQ,QAAA,aAAA;AAAe,QAAA;AAAO,KAAA,CAAA;AAEpD,MAAMG,iBAAoB,GAAA,IAAA;IACxB,MAAMC,OAAAA,GAAUC,OAAOC,cAAc;AACrC,IAAA,OAAOF,OAAW,IAAA,IAAA;AACpB,CAAA;AAEA;;;IAIA,MAAMG,eAAe,CAACC,IAAAA,GAAAA;IACpB,OAAO;QACL,GAAGP,CAAAA,CAAEQ,IAAI,CAACD,IAAM,EAAA;AAAC,YAAA,UAAA;AAAY,YAAA,oBAAA;AAAsB,YAAA,mBAAA;AAAqB,YAAA;SAAQ,CAAC;AACjFE,QAAAA,KAAAA,EAAOF,KAAKE,KAAK,IAAIF,KAAKE,KAAK,CAACC,GAAG,CAACZ,iBAAAA;AACtC,KAAA;AACF,CAAA;AAEA;;;IAIA,MAAMa,MAAS,GAAA;AAEbC,UAAAA,GAAAA;AAEA,IAAA,MAAMC,QAAW,GAAA;QACfC,iBAAmBC,EAAAA,gBAAAA,CAAW,SAASC,WAAW,EAAA;AAClD,QAAA,GAAGJ;AACL,KAAA;AAEA,IAAA,IAAIZ,CAAEiB,CAAAA,GAAG,CAACL,UAAAA,EAAY,UAAa,CAAA,EAAA;QACjCC,QAASK,CAAAA,QAAQ,GAAG,MAAMH,gBAAAA,CAAW,QAAQI,YAAY,CAACP,WAAWM,QAAQ,CAAA;AAC/E;AAEA,IAAA,MAAMX,OAAOa,iBAAWP,CAAAA,QAAAA,CAAAA;IAExB,MAAMQ,WAAAA,GAAc,MAAMjB,MAAOkB,CAAAA,EAAE,CAChCC,KAAK,CAAC,aACNZ,CAAAA,CAAAA,MAAM,CAAC;QAAEa,IAAMjB,EAAAA,IAAAA;QAAMkB,QAAU,EAAA;AAAC,YAAA;AAAQ;AAAC,KAAA,CAAA;AAE5CV,IAAAA,gBAAAA,CAAW,WAAWW,iBAAiB,EAAA;AAEvCtB,IAAAA,MAAAA,CAAOuB,QAAQ,CAACC,IAAI,CAAC,aAAe,EAAA;AAAErB,QAAAA,IAAAA,EAAMD,YAAae,CAAAA,WAAAA;AAAa,KAAA,CAAA;IAEtE,OAAOA,WAAAA;AACT,CAAA;AAEA;;;;IAKA,MAAMQ,UAAa,GAAA,OACjBC,EACAlB,EAAAA,UAAAA,GAAAA;;AAGA,IAAA,IAAIZ,CAAEiB,CAAAA,GAAG,CAACL,UAAAA,EAAY,OAAU,CAAA,EAAA;QAC9B,MAAMmB,aAAAA,GAAgB,MAAMC,oBAAqBF,CAAAA,EAAAA,CAAAA;AACjD,QAAA,MAAMG,cAAiB,GAAA,MAAMlB,gBAAW,CAAA,MAAA,CAAA,CAAQmB,2BAA2B,EAAA;QAC3E,MAAMC,wBAAAA,GAA2B,CAACC,YAAOC,CAAAA,cAAc,CAACzB,UAAWH,CAAAA,KAAK,EAAGwB,cAAAA,CAAeH,EAAE,CAAA;AAE5F,QAAA,IAAIC,iBAAiBI,wBAA0B,EAAA;AAC7C,YAAA,MAAM,IAAIvC,eAAgB,CAAA,wDAAA,CAAA;AAC5B;AACF;;IAGA,IAAIgB,UAAAA,CAAW0B,QAAQ,KAAK,KAAO,EAAA;QACjC,MAAMP,aAAAA,GAAgB,MAAMC,oBAAqBF,CAAAA,EAAAA,CAAAA;AACjD,QAAA,IAAIC,aAAe,EAAA;AACjB,YAAA,MAAM,IAAInC,eAAgB,CAAA,wDAAA,CAAA;AAC5B;AACF;;AAGA,IAAA,IAAII,CAAEiB,CAAAA,GAAG,CAACL,UAAAA,EAAY,UAAa,CAAA,EAAA;AACjC,QAAA,MAAM2B,iBAAiB,MAAMxB,gBAAAA,CAAW,QAAQI,YAAY,CAACP,WAAWM,QAAQ,CAAA;QAEhF,MAAMsB,WAAAA,GAAc,MAAMpC,MAAOkB,CAAAA,EAAE,CAACC,KAAK,CAAC,aAAekB,CAAAA,CAAAA,MAAM,CAAC;YAC9DC,KAAO,EAAA;AAAEZ,gBAAAA;AAAG,aAAA;YACZN,IAAM,EAAA;AACJ,gBAAA,GAAGZ,UAAU;gBACbM,QAAUqB,EAAAA;AACZ,aAAA;YACAd,QAAU,EAAA;AAAC,gBAAA;AAAQ;AACrB,SAAA,CAAA;AAEArB,QAAAA,MAAAA,CAAOuB,QAAQ,CAACC,IAAI,CAAC,aAAe,EAAA;AAAErB,YAAAA,IAAAA,EAAMD,YAAakC,CAAAA,WAAAA;AAAa,SAAA,CAAA;QAEtE,OAAOA,WAAAA;AACT;IAEA,MAAMA,WAAAA,GAAc,MAAMpC,MAAOkB,CAAAA,EAAE,CAACC,KAAK,CAAC,aAAekB,CAAAA,CAAAA,MAAM,CAAC;QAC9DC,KAAO,EAAA;AAAEZ,YAAAA;AAAG,SAAA;QACZN,IAAMZ,EAAAA,UAAAA;QACNa,QAAU,EAAA;AAAC,YAAA;AAAQ;AACrB,KAAA,CAAA;AAEA,IAAA,IAAIe,WAAa,EAAA;AACfpC,QAAAA,MAAAA,CAAOuB,QAAQ,CAACC,IAAI,CAAC,aAAe,EAAA;AAAErB,YAAAA,IAAAA,EAAMD,YAAakC,CAAAA,WAAAA;AAAa,SAAA,CAAA;AACxE;IAEA,OAAOA,WAAAA;AACT,CAAA;AAEA;;;;IAKA,MAAMG,oBAAuB,GAAA,OAAOC,KAAe1B,EAAAA,QAAAA,GAAAA;IACjD,MAAMX,IAAAA,GAAO,MAAMH,MAAOkB,CAAAA,EAAE,CACzBC,KAAK,CAAC,aACNsB,CAAAA,CAAAA,OAAO,CAAC;QAAEH,KAAO,EAAA;AAAEE,YAAAA;AAAM,SAAA;QAAGnB,QAAU,EAAA;AAAC,YAAA;AAAQ;AAAC,KAAA,CAAA;AAEnD,IAAA,IAAI,CAAClB,IAAM,EAAA;AACT,QAAA,MAAM,IAAIuC,KAAAA,CAAM,CAAC,0BAA0B,EAAEF,KAAO,CAAA,CAAA,CAAA;AACtD;IAEA,IAAI;QACF,MAAMG,yBAAAA,CAAkBC,QAAQ,CAAC9B,QAAAA,CAAAA;AACnC,KAAA,CAAE,OAAO+B,KAAO,EAAA;AACd,QAAA,MAAM,IAAIrD,eACR,CAAA,wGAAA,CAAA;AAEJ;IAEA,MAAMiC,UAAAA,CAAWtB,IAAKuB,CAAAA,EAAE,EAAE;AAAEZ,QAAAA;AAAS,KAAA,CAAA;AACvC,CAAA;AAEA;;;IAIA,MAAMc,uBAAuB,OAAOkB,MAAAA,GAAAA;IAClC,MAAM3C,IAAAA,GAAQ,MAAMsC,OAAQK,CAAAA,MAAAA,CAAAA;IAC5B,IAAI,CAAC3C,MAAM,OAAO,KAAA;AAElB,IAAA,MAAM0B,cAAiB,GAAA,MAAMlB,gBAAW,CAAA,MAAA,CAAA,CAAQmB,2BAA2B,EAAA;AAE3E,IAAA,OAAOD,cAAekB,CAAAA,UAAU,KAAK,CAAA,IAAKC,wBAAkB7C,CAAAA,IAAAA,CAAAA;AAC9D,CAAA;AAEA;;;IAIA,MAAM8C,wBAAwB,OAAOH,MAAAA,GAAAA;IACnC,MAAMI,WAAAA,GAAe,MAAMT,OAAQK,CAAAA,MAAAA,CAAAA;AAEnC,IAAA,IAAI,CAACI,WAAAA,IAAe,CAACF,wBAAAA,CAAkBE,cAAc,OAAO,KAAA;IAE5D,MAAM,CAACC,UAAW,CAAA,GAAG,MAAMnD,MAAAA,CAAOkB,EAAE,CAACC,KAAK,CAAC,aAAeiC,CAAAA,CAAAA,QAAQ,CAAC;QACjE/B,QAAU,EAAA;YACRhB,KAAO,EAAA;gBACLiC,KAAO,EAAA;oBACLe,IAAM,EAAA;wBAAEC,GAAKhE,EAAAA;AAAiB;AAChC;AACF;AACF,SAAA;QACAiE,OAAS,EAAA;YAAEC,SAAW,EAAA;AAAM,SAAA;QAC5BC,KAAO,EAAA,CAAA;QACPC,MAAQ,EAAA;AAAC,YAAA;AAAK;AAChB,KAAA,CAAA;AAEA,IAAA,OAAOP,UAAWzB,CAAAA,EAAE,KAAKwB,WAAAA,CAAYxB,EAAE;AACzC,CAAA;AAEA;;;AAGC,IACD,MAAMiC,MAAAA,GAAS,OAAOnD,UAAAA,GAAa,EAAa,GAAA;IAC9C,OAAQ,MAAMR,MAAOkB,CAAAA,EAAE,CAACC,KAAK,CAAC,aAAeyC,CAAAA,CAAAA,KAAK,CAAC;QAAEtB,KAAO9B,EAAAA;KAAiB,CAAA,GAAA,CAAA;AAC/E,CAAA;AAEA;;;;IAKA,MAAMqD,uBAAuB,OAC3BnD,iBAAAA,GAAAA;IAEA,MAAMP,IAAAA,GAAO,MAAMH,MAAOkB,CAAAA,EAAE,CAACC,KAAK,CAAC,aAAesB,CAAAA,CAAAA,OAAO,CAAC;QAAEH,KAAO,EAAA;AAAE5B,YAAAA;AAAkB;AAAE,KAAA,CAAA;AAEzF,IAAA,IAAI,CAACP,IAAM,EAAA;QACT,OAAO2D,SAAAA;AACT;IAEA,OAAOlE,CAAAA,CAAEC,IAAI,CAACM,IAAM,EAAA;AAAC,QAAA,OAAA;AAAS,QAAA,WAAA;AAAa,QAAA;AAAW,KAAA,CAAA;AACxD,CAAA;AAEA;;;;;AAKC,IACD,MAAM4D,QAAW,GAAA,OAAO,EACtBrD,iBAAiB,EACjBD,QAAQ,EAIT,GAAA;IACC,MAAMuD,YAAAA,GAAe,MAAMhE,MAAOkB,CAAAA,EAAE,CACjCC,KAAK,CAAC,aACNsB,CAAAA,CAAAA,OAAO,CAAC;QAAEH,KAAO,EAAA;AAAE5B,YAAAA;AAAkB;AAAE,KAAA,CAAA;AAE1C,IAAA,IAAI,CAACsD,YAAc,EAAA;AACjB,QAAA,MAAM,IAAIxE,eAAgB,CAAA,2BAAA,CAAA;AAC5B;AAEA,IAAA,OAAOmB,iBAAW,MAAQc,CAAAA,CAAAA,UAAU,CAACuC,YAAAA,CAAatC,EAAE,EAAE;AACpDZ,QAAAA,QAAAA,EAAUL,SAASK,QAAQ;AAC3BmD,QAAAA,SAAAA,EAAWxD,SAASwD,SAAS;AAC7BC,QAAAA,QAAAA,EAAUzD,SAASyD,QAAQ;QAC3BxD,iBAAmB,EAAA,IAAA;QACnBwB,QAAU,EAAA;AACZ,KAAA,CAAA;AACF,CAAA;AAEA;;AAEC,IACD,MAAMO,OAAAA,GAAU,OAAOf,EAAAA,EAAaL,QAAW,GAAA;AAAC,IAAA;AAAQ,CAAA,GAAA;AACtD,IAAA,OAAOrB,OAAOkB,EAAE,CAACC,KAAK,CAAC,aAAA,CAAA,CAAesB,OAAO,CAAC;QAAEH,KAAO,EAAA;AAAEZ,YAAAA;AAAG,SAAA;AAAGL,QAAAA;AAAS,KAAA,CAAA;AAC1E,CAAA;AAEA;;;;;AAKC,IACD,MAAM8C,cAAAA,GAAiB,OAAO3B,KAAAA,EAAenB,WAAW,EAAE,GAAA;AACxD,IAAA,OAAOrB,OAAOkB,EAAE,CAACC,KAAK,CAAC,aAAA,CAAA,CAAesB,OAAO,CAAC;QAC5CH,KAAO,EAAA;YAAEE,KAAO,EAAA;gBAAE4B,IAAM5B,EAAAA;AAAM;AAAE,SAAA;AAChCnB,QAAAA;AACF,KAAA,CAAA;AACF,CAAA;AAEA;;AAEC,IACD,MAAMgD,QAAAA,GAAW,OAAOC,MAAAA,GAAS,EAAE,GAAA;IACjC,MAAMnD,KAAAA,GAAQnB,OACXuE,GAAG,CAAC,gBACJC,SAAS,CAAC,eAAeC,WAAS,CAAA;QAAEpD,QAAU,EAAA;AAAC,YAAA;AAAQ;KAAIiD,EAAAA,MAAAA,CAAAA,CAAAA;AAE9D,IAAA,OAAOtE,OAAOkB,EAAE,CAACC,KAAK,CAAC,aAAA,CAAA,CAAekD,QAAQ,CAAClD,KAAAA,CAAAA;AACjD,CAAA;AAEA;;IAGA,MAAMuD,aAAa,OAAOhD,EAAAA,GAAAA;;IAExB,MAAMiD,YAAAA,GAAiC,MAAM3E,MAAOkB,CAAAA,EAAE,CAACC,KAAK,CAAC,aAAesB,CAAAA,CAAAA,OAAO,CAAC;QAClFH,KAAO,EAAA;AAAEZ,YAAAA;AAAG,SAAA;QACZL,QAAU,EAAA;AAAC,YAAA;AAAQ;AACrB,KAAA,CAAA;AAEA,IAAA,IAAI,CAACsD,YAAc,EAAA;QACjB,OAAO,IAAA;AACT;AAEA,IAAA,IAAIA,YAAc,EAAA;QAChB,IAAIA,YAAAA,CAAatE,KAAK,CAACuE,IAAI,CAAC,CAACC,CAAMA,GAAAA,CAAAA,CAAExB,IAAI,KAAK/D,gBAAmB,CAAA,EAAA;AAC/D,YAAA,MAAMuC,cAAiB,GAAA,MAAMlB,gBAAW,CAAA,MAAA,CAAA,CAAQmB,2BAA2B,EAAA;YAC3E,IAAID,cAAAA,CAAekB,UAAU,KAAK,CAAG,EAAA;AACnC,gBAAA,MAAM,IAAIvD,eAAgB,CAAA,wDAAA,CAAA;AAC5B;AACF;AACF;IAEA,MAAMsF,WAAAA,GAAc,MAAM9E,MAAOkB,CAAAA,EAAE,CAChCC,KAAK,CAAC,aACN4D,CAAAA,CAAAA,MAAM,CAAC;QAAEzC,KAAO,EAAA;AAAEZ,YAAAA;AAAG,SAAA;QAAGL,QAAU,EAAA;AAAC,YAAA;AAAQ;AAAC,KAAA,CAAA;;AAG/C,IAAA,MAAMpB,cAAiBH,GAAAA,iBAAAA,EAAAA;AACvB,IAAA,IAAIG,cAAkBA,IAAAA,cAAAA,CAAe+E,SAAS,CAAC,OAAU,CAAA,EAAA;AACvD,QAAA,MAAM/E,cAAe,CAAA,OAAA,CAAA,CAASgF,sBAAsB,CAACC,MAAOxD,CAAAA,EAAAA,CAAAA,CAAAA;AAC9D;AAEA1B,IAAAA,MAAAA,CAAOuB,QAAQ,CAACC,IAAI,CAAC,aAAe,EAAA;AAAErB,QAAAA,IAAAA,EAAMD,YAAa4E,CAAAA,WAAAA;AAAa,KAAA,CAAA;IAEtE,OAAOA,WAAAA;AACT,CAAA;AAEA;;IAGA,MAAMK,cAAc,OAAOC,GAAAA,GAAAA;;AAEzB,IAAA,MAAMvD,cAAiB,GAAA,MAAMlB,gBAAW,CAAA,MAAA,CAAA,CAAQmB,2BAA2B,EAAA;IAC3E,MAAMuD,sBAAAA,GAAyB,MAAMrF,MAAOkB,CAAAA,EAAE,CAACC,KAAK,CAAC,aAAeyC,CAAAA,CAAAA,KAAK,CAAC;QACxEtB,KAAO,EAAA;YACLZ,EAAI0D,EAAAA,GAAAA;YACJ/E,KAAO,EAAA;AAAEqB,gBAAAA,EAAAA,EAAIG,eAAeH;AAAG;AACjC;AACF,KAAA,CAAA;IAEA,IAAIG,cAAAA,CAAekB,UAAU,KAAKsC,sBAAwB,EAAA;AACxD,QAAA,MAAM,IAAI7F,eAAgB,CAAA,wDAAA,CAAA;AAC5B;AAEA,IAAA,MAAM8F,eAAe,EAAE;IACvB,KAAK,MAAM5D,MAAM0D,GAAK,CAAA;QACpB,MAAMN,WAAAA,GAAc,MAAM9E,MAAOkB,CAAAA,EAAE,CAACC,KAAK,CAAC,aAAe4D,CAAAA,CAAAA,MAAM,CAAC;YAC9DzC,KAAO,EAAA;AAAEZ,gBAAAA;AAAG,aAAA;YACZL,QAAU,EAAA;AAAC,gBAAA;AAAQ;AACrB,SAAA,CAAA;;AAGA,QAAA,MAAMpB,cAAiBH,GAAAA,iBAAAA,EAAAA;AACvB,QAAA,IAAIG,cAAkBA,IAAAA,cAAAA,CAAe+E,SAAS,CAAC,OAAU,CAAA,EAAA;AACvD,YAAA,MAAM/E,cAAe,CAAA,OAAA,CAAA,CAASgF,sBAAsB,CAACC,MAAOxD,CAAAA,EAAAA,CAAAA,CAAAA;AAC9D;AAEA4D,QAAAA,YAAAA,CAAaC,IAAI,CAACT,WAAAA,CAAAA;AACpB;AAEA9E,IAAAA,MAAAA,CAAOuB,QAAQ,CAACC,IAAI,CAAC,aAAe,EAAA;AAClCgE,QAAAA,KAAAA,EAAOF,YAAahF,CAAAA,GAAG,CAAC,CAACwE,cAAgB5E,YAAa4E,CAAAA,WAAAA,CAAAA;AACxD,KAAA,CAAA;IAEA,OAAOQ,YAAAA;AACT,CAAA;AAEA;AACC,IACD,MAAMG,qBAAwB,GAAA,UAAA;AAC5B,IAAA,OAAOzF,OAAOkB,EAAE,CAACC,KAAK,CAAC,aAAA,CAAA,CAAeyC,KAAK,CAAC;QAC1CtB,KAAO,EAAA;YACLjC,KAAO,EAAA;gBACLqB,EAAI,EAAA;oBAAEgE,KAAO,EAAA;AAAK;AACpB;AACF;AACF,KAAA,CAAA;AACF,CAAA;AAEA;;;AAGC,IACD,MAAM9B,KAAAA,GAAQ,OAAOtB,KAAAA,GAAQ,EAAE,GAAA;AAC7B,IAAA,OAAOtC,OAAOkB,EAAE,CAACC,KAAK,CAAC,aAAA,CAAA,CAAeyC,KAAK,CAAC;AAAEtB,QAAAA;AAAM,KAAA,CAAA;AACtD,CAAA;AAEA;;IAGA,MAAMqD,mBAAmB,OAAOC,MAAAA,GAAAA;IAC9B,MAAMJ,KAAAA,GAAQ,MAAMxF,MAAOkB,CAAAA,EAAE,CAACC,KAAK,CAAC,aAAeiC,CAAAA,CAAAA,QAAQ,CAAC;QAC1DM,MAAQ,EAAA;AAAC,YAAA;AAAK,SAAA;QACdpB,KAAO,EAAA;YACLjC,KAAO,EAAA;gBAAEqB,EAAI,EAAA;oBAAEgE,KAAO,EAAA;AAAK;AAAE;AAC/B;AACF,KAAA,CAAA;AAEA,IAAA,MAAMG,QAAQC,GAAG,CACfN,KAAMlF,CAAAA,GAAG,CAAC,CAACH,IAAAA,GAAAA;AACT,QAAA,OAAOH,OAAOkB,EAAE,CAACC,KAAK,CAAC,aAAA,CAAA,CAAekB,MAAM,CAAC;YAC3CC,KAAO,EAAA;AAAEZ,gBAAAA,EAAAA,EAAIvB,KAAKuB;AAAG,aAAA;YACrBN,IAAM,EAAA;gBAAEf,KAAO,EAAA;AAACuF,oBAAAA;AAAO;AAAC;AAC1B,SAAA,CAAA;AACF,KAAA,CAAA,CAAA;AAEJ,CAAA;AAEA;AACC,IACD,MAAMG,iCAAoC,GAAA,UAAA;AACxC,IAAA,MAAMnC,QAAQ,MAAM6B,qBAAAA,EAAAA;AAEpB,IAAA,IAAI7B,QAAQ,CAAG,EAAA;QACb5D,MAAOgG,CAAAA,GAAG,CAACC,IAAI,CAAC,CAAC,YAAY,EAAErC,KAAM,CAAA,sBAAsB,CAAC,CAAA;AAC9D;AACF,CAAA;AAEA;AACC,IACD,MAAMsC,iBAAoB,GAAA,UAAA;IACxB,MAAMV,KAAAA,GAAQ,MAAMxF,MAAOkB,CAAAA,EAAE,CAACC,KAAK,CAAC,aAAeiC,CAAAA,CAAAA,QAAQ,CAAC;QAAEM,MAAQ,EAAA;AAAC,YAAA;AAAmB;AAAC,KAAA,CAAA;AAE3F,IAAA,OAAO8B,MAAMlF,GAAG,CAAC,CAACH,IAASA,GAAAA,IAAAA,CAAKgG,gBAAgB,IAAI,IAAA,CAAA;AACtD,CAAA;AAEA;;;IAIA,MAAMC,eAAe,IAAIC,GAAAA,EAAAA;AASzB;;AAEC,IACD,MAAMC,UAAa,GAAA,UAAA;AACjB,IAAA,MAAMC,YAAe,GAAA,0BAAA;;AAGrB,IAAA,IAAI,CAACvG,MAAAA,CAAOwG,EAAE,EAAEC,IAAM,EAAA;AACpBzG,QAAAA,MAAAA,CAAOgG,GAAG,CAACnD,KAAK,CAAC,CAAG0D,EAAAA,YAAAA,CAAa,4CAA4C,CAAC,CAAA;AAC9E,QAAA,MAAM,IAAI7D,KAAM,CAAA,yDAAA,CAAA;AAClB;;;AAIA,IAAA,IAAIgE,SAAYC,GAAAA,OAAAA,CAAQC,GAAG,CAACC,cAAc;AAE1C,IAAA,IAAI,CAACH,SAAW,EAAA;QACd,IAAI;YACF,MAAMI,WAAAA,GAAcC,IAAKC,CAAAA,IAAI,CAAChH,MAAAA,CAAOiH,IAAI,CAACC,GAAG,CAACC,IAAI,EAAE,aAAA,CAAA;AACpDT,YAAAA,SAAAA,GAAYU,EAAGC,CAAAA,YAAY,CAACP,WAAAA,CAAAA,CAAaQ,QAAQ,EAAA;AACnD,SAAA,CAAE,OAAOzE,KAAO,EAAA;;AAEhB;AACF;AAEA,IAAA,IAAI,CAAC6D,SAAW,EAAA;AACd1G,QAAAA,MAAAA,CAAOgG,GAAG,CAACnD,KAAK,CACd,CAAG0D,EAAAA,YAAAA,CAAa,0GAA0G,CAAC,CAAA;AAE7H,QAAA,MAAM,IAAI7D,KAAM,CAAA,yDAAA,CAAA;AAClB;AAEA,IAAA,MAAM6E,WAAcZ,GAAAA,OAAAA,CAAQC,GAAG,CAACY,aAAa,IAAI,kCAAA;AAEjD,IAAA,IAAI,CAACD,WAAa,EAAA;AAChBvH,QAAAA,MAAAA,CAAOgG,GAAG,CAACnD,KAAK,CACd,CAAG0D,EAAAA,YAAAA,CAAa,6EAA6E,CAAC,CAAA;AAEhG,QAAA,MAAM,IAAI7D,KAAM,CAAA,yDAAA,CAAA;AAClB;;AAGA,IAAA,MAAMvC,OAAOH,MAAOyH,CAAAA,cAAc,CAAClD,GAAG,IAAImD,KAAOvH,EAAAA,IAAAA;AACjD,IAAA,IAAI,CAACA,IAAM,EAAA;AACTH,QAAAA,MAAAA,CAAOgG,GAAG,CAACnD,KAAK,CAAC,CAAG0D,EAAAA,YAAAA,CAAa,yCAAyC,CAAC,CAAA;AAC3E,QAAA,MAAM,IAAI7D,KAAM,CAAA,yDAAA,CAAA;AAClB;AAEA,IAAA,MAAMiF,cAAiBxH,GAAAA,IAAAA,CAAKuB,EAAE,CAAC4F,QAAQ,EAAA;;AAGvC,IAAA,MAAMM,SAAY5H,GAAAA,MAAAA,CAAO6H,MAAM,CAACtD,GAAG,CAAC,MAAA,CAAA;AACpC,IAAA,IAAI,CAACqD,SAAW,EAAA;AACd5H,QAAAA,MAAAA,CAAOgG,GAAG,CAACnD,KAAK,CAAC,CAAG0D,EAAAA,YAAAA,CAAa,0BAA0B,CAAC,CAAA;AAC5D,QAAA,MAAM,IAAI7D,KAAM,CAAA,yDAAA,CAAA;AAClB;;AAGA,IAAA,MAAMoF,QAAW,GAAA,CAAA,EAAGF,SAAU,CAAA,CAAC,EAAED,cAAgB,CAAA,CAAA;IACjD,MAAMI,WAAAA,GAAc3B,YAAa7B,CAAAA,GAAG,CAACuD,QAAAA,CAAAA;AAErC,IAAA,IAAIC,WAAa,EAAA;QACf,MAAMC,GAAAA,GAAMC,KAAKD,GAAG,EAAA;;AAEpB,QAAA,MAAME,QAAW,GAAA,CAAA,GAAI,EAAK,GAAA,IAAA,CAAA;AAE1B,QAAA,IAAIH,YAAYI,WAAW,IAAIJ,YAAYI,WAAW,GAAGD,WAAWF,GAAK,EAAA;YACvEhI,MAAOgG,CAAAA,GAAG,CAACoC,IAAI,CAAC,uBAAA,CAAA;YAEhB,OAAO;AACLC,gBAAAA,KAAAA,EAAON,YAAYM,KAAK;AACxBC,gBAAAA,SAAAA,EAAWP,YAAYO;AACzB,aAAA;AACF;;AAGAlC,QAAAA,YAAAA,CAAarB,MAAM,CAAC+C,QAAAA,CAAAA;AACtB;IAEA9H,MAAOgG,CAAAA,GAAG,CAACuC,IAAI,CAAC,2CAAA,CAAA;IAEhB,IAAI;;AAEF,QAAA,MAAMC,WAAW,MAAMC,KAAAA,CAAM,GAAGlB,WAAY,CAAA,cAAc,CAAC,EAAE;YAC3DmB,MAAQ,EAAA,MAAA;YACRC,OAAS,EAAA;gBACP,cAAgB,EAAA,kBAAA;;;AAGhB,gBAAA,cAAA,EAAgBC,OAAOC,UAAU;AACnC,aAAA;YACAC,IAAMC,EAAAA,IAAAA,CAAKC,SAAS,CAAC;AACnBtC,gBAAAA,SAAAA;AACAiB,gBAAAA,cAAAA;AACAC,gBAAAA;AACF,aAAA;AACF,SAAA,CAAA;QAEA,IAAI,CAACY,QAASS,CAAAA,EAAE,EAAE;YAChB,IAAIC,SAAAA;YACJ,IAAIC,SAAAA;YACJ,IAAI;gBACFA,SAAY,GAAA,MAAMX,SAASY,IAAI,EAAA;gBAC/BF,SAAYH,GAAAA,IAAAA,CAAKM,KAAK,CAACF,SAAAA,CAAAA;AACzB,aAAA,CAAE,OAAM;gBACND,SAAY,GAAA;AAAErG,oBAAAA,KAAAA,EAAOsG,SAAa,IAAA;AAAiC,iBAAA;AACrE;YAEAnJ,MAAOgG,CAAAA,GAAG,CAACnD,KAAK,CAAC,CAAA,EAAG0D,YAAa,CAAA,CAAC,EAAE2C,SAAAA,EAAWrG,KAAS,IAAA,eAAA,CAAA,CAAiB,EAAE;AACzEyG,gBAAAA,MAAAA,EAAQd,SAASc,MAAM;AACvBC,gBAAAA,UAAAA,EAAYf,SAASe,UAAU;gBAC/B1G,KAAOqG,EAAAA,SAAAA;AACPC,gBAAAA,SAAAA;AACAvB,gBAAAA;AACF,aAAA,CAAA;AAEA,YAAA,MAAM,IAAIlF,KAAM,CAAA,yDAAA,CAAA;AAClB;QAEA,IAAItB,IAAAA;QACJ,IAAI;YACFA,IAAQ,GAAA,MAAMoH,SAASgB,IAAI,EAAA;AAI7B,SAAA,CAAE,OAAOC,UAAY,EAAA;YACnBzJ,MAAOgG,CAAAA,GAAG,CAACnD,KAAK,CAAC,GAAG0D,YAAa,CAAA,mCAAmC,CAAC,EAAEkD,UAAAA,CAAAA;AACvE,YAAA,MAAM,IAAI/G,KAAM,CAAA,yDAAA,CAAA;AAClB;QAEA,IAAI,CAACtB,IAAKsI,CAAAA,GAAG,EAAE;AACb1J,YAAAA,MAAAA,CAAOgG,GAAG,CAACnD,KAAK,CAAC,CAAG0D,EAAAA,YAAAA,CAAa,oCAAoC,CAAC,CAAA;AACtE,YAAA,MAAM,IAAI7D,KAAM,CAAA,yDAAA,CAAA;AAClB;AAEA1C,QAAAA,MAAAA,CAAOgG,GAAG,CAACoC,IAAI,CAAC,iCAAmC,EAAA;AACjDtF,YAAAA,MAAAA,EAAQ3C,KAAKuB,EAAE;AACf4G,YAAAA,SAAAA,EAAWlH,KAAKkH;AAClB,SAAA,CAAA;;QAGA,IAAIlH,IAAAA,CAAKkH,SAAS,EAAE;AAClB,YAAA,MAAMH,cAAc,IAAIF,IAAAA,CAAK7G,IAAKkH,CAAAA,SAAS,EAAEqB,OAAO,EAAA;YACpDvD,YAAawD,CAAAA,GAAG,CAAC9B,QAAU,EAAA;AACzBO,gBAAAA,KAAAA,EAAOjH,KAAKsI,GAAG;AACfpB,gBAAAA,SAAAA,EAAWlH,KAAKkH,SAAS;AACzBH,gBAAAA;AACF,aAAA,CAAA;AACF;;;QAIA,OAAO;AACLE,YAAAA,KAAAA,EAAOjH,KAAKsI,GAAG;AACfpB,YAAAA,SAAAA,EAAWlH,KAAKkH;AAClB,SAAA;AACF,KAAA,CAAE,OAAOuB,UAAY,EAAA;AACnB,QAAA,IAAIA,UAAsBnH,YAAAA,KAAAA,IAASmH,UAAWC,CAAAA,IAAI,KAAK,YAAc,EAAA;AACnE9J,YAAAA,MAAAA,CAAOgG,GAAG,CAACnD,KAAK,CAAC,CAAG0D,EAAAA,YAAAA,CAAa,+BAA+B,CAAC,CAAA;AACjE,YAAA,MAAM,IAAI7D,KAAM,CAAA,yDAAA,CAAA;AAClB;QAEA,MAAMmH,UAAAA;AACR;AACF,CAAA;AAEA,WAAe;AACbtJ,IAAAA,MAAAA;AACAkB,IAAAA,UAAAA;AACAkC,IAAAA,MAAAA;AACAE,IAAAA,oBAAAA;AACAE,IAAAA,QAAAA;AACA7D,IAAAA,YAAAA;AACAuC,IAAAA,OAAAA;AACA0B,IAAAA,cAAAA;AACAE,IAAAA,QAAAA;AACAK,IAAAA,UAAAA;AACAS,IAAAA,WAAAA;AACAM,IAAAA,qBAAAA;AACA7B,IAAAA,KAAAA;AACA+B,IAAAA,gBAAAA;AACAI,IAAAA,iCAAAA;AACAxD,IAAAA,oBAAAA;AACA2D,IAAAA,iBAAAA;AACAjD,IAAAA,qBAAAA;AACAqD,IAAAA;AACF,CAAE;;;;"}