npm - @strapi/admin - Versions diffs - 5.43.0 → 5.45.0 - Mend

@strapi/admin 5.43.0 → 5.45.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (384) hide show

package/dist/server/server/src/content-types/api-token.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"api-token.mjs","sources":["../../../../../server/src/content-types/api-token.ts"],"sourcesContent":["import constants from '../services/constants';\n\nexport default {\n collectionName: 'strapi_api_tokens',\n info: {\n name: 'Api Token',\n singularName: 'api-token',\n pluralName: 'api-tokens',\n displayName: 'Api Token',\n description: '',\n },\n options: {},\n pluginOptions: {\n 'content-manager': {\n visible: false,\n },\n 'content-type-builder': {\n visible: false,\n },\n },\n attributes: {\n name: {\n type: 'string',\n minLength: 1,\n configurable: false,\n required: true,\n unique: true,\n },\n description: {\n type: 'string',\n minLength: 1,\n configurable: false,\n required: false,\n default: '',\n },\n type: {\n type: 'enumeration',\n enum: Object.values(constants.API_TOKEN_TYPE),\n configurable: false,\n required: ~~true~~,\n default: constants.API_TOKEN_TYPE.READ_ONLY,\n },\n accessKey: {\n type: 'string',\n minLength: 1,\n configurable: false,\n required: true,\n searchable: false,\n },\n encryptedKey: {\n type: 'text',\n minLength: 1,\n configurable: false,\n required: false,\n searchable: false,\n },\n lastUsedAt: {\n type: 'datetime',\n configurable: false,\n required: false,\n },\n permissions: {\n type: 'relation',\n target: 'admin::api-token-permission',\n relation: 'oneToMany',\n mappedBy: 'token',\n configurable: false,\n required: false,\n },\n expiresAt: {\n type: 'datetime',\n configurable: false,\n required: false,\n },\n lifespan: {\n type: 'biginteger',\n configurable: false,\n required: false,\n },\n },\n};\n"],"names":["collectionName","info","name","singularName","pluralName","displayName","description","options","pluginOptions","visible","attributes","type","minLength","configurable","required","unique","default","enum","Object","values","constants","API_TOKEN_TYPE","READ_ONLY","accessKey","searchable","encryptedKey","lastUsedAt","permissions","target","relation","mappedBy","expiresAt","lifespan"],"mappings":";;AAEA,eAAe;IACbA,cAAAA,EAAgB,mBAAA;IAChBC,IAAAA,EAAM;QACJC,IAAAA,EAAM,WAAA;QACNC,YAAAA,EAAc,WAAA;QACdC,UAAAA,EAAY,YAAA;QACZC,WAAAA,EAAa,WAAA;QACbC,WAAAA,EAAa;AACf,KAAA;AACAC,IAAAA,OAAAA,EAAS,EAAC;IACVC,aAAAA,EAAe;QACb,iBAAA,EAAmB;YACjBC,OAAAA,EAAS;AACX,SAAA;QACA,sBAAA,EAAwB;YACtBA,OAAAA,EAAS;AACX;AACF,KAAA;IACAC,UAAAA,EAAY;QACVR,IAAAA,EAAM;YACJS,IAAAA,EAAM,QAAA;YACNC,SAAAA,EAAW,CAAA;YACXC,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU,IAAA;YACVC,MAAAA,EAAQ;AACV,SAAA;QACAT,WAAAA,EAAa;YACXK,IAAAA,EAAM,QAAA;YACNC,SAAAA,EAAW,CAAA;YACXC,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU,KAAA;YACVE,OAAAA,EAAS;AACX,SAAA;QACAL,IAAAA,EAAM;YACJA,IAAAA,EAAM,aAAA;~~AACNM~~,YAAAA,IAAAA,EAAMC,MAAAA,CAAOC,MAAM,CAACC,SAAAA,CAAUC,cAAc,CAAA;~~YAC5CR~~,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU,~~IAAA~~;YACVE,OAAAA,~~EAASI~~,SAAAA,CAAUC,cAAc,CAACC;AACpC,SAAA;QACAC,SAAAA,EAAW;~~YACTZ~~,IAAAA,EAAM,QAAA;YACNC,SAAAA,EAAW,CAAA;YACXC,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU,IAAA;~~YACVU~~,UAAAA,EAAY;AACd,SAAA;QACAC,YAAAA,EAAc;~~YACZd~~,IAAAA,EAAM,MAAA;YACNC,SAAAA,EAAW,CAAA;YACXC,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU,KAAA;~~YACVU~~,UAAAA,EAAY;AACd,SAAA;QACAE,UAAAA,EAAY;~~YACVf~~,IAAAA,EAAM,UAAA;YACNE,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU;AACZ,SAAA;~~QACAa~~,WAAAA,EAAa;~~YACXhB~~,IAAAA,EAAM,UAAA;~~YACNiB~~,MAAAA,EAAQ,6BAAA;YACRC,QAAAA,EAAU,WAAA;YACVC,QAAAA,EAAU,OAAA;~~YACVjB~~,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU;AACZ,SAAA;~~QACAiB~~,SAAAA,EAAW;~~YACTpB~~,IAAAA,EAAM,UAAA;YACNE,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU;AACZ,SAAA;~~QACAkB~~,QAAAA,EAAU;~~YACRrB~~,IAAAA,EAAM,YAAA;YACNE,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU;AACZ;AACF;AACF,CAAA;;;;"}
1	+ {"version":3,"file":"api-token.mjs","sources":["../../../../../server/src/content-types/api-token.ts"],"sourcesContent":["import constants from '../services/constants';\n\nexport default {\n collectionName: 'strapi_api_tokens',\n info: {\n name: 'Api Token',\n singularName: 'api-token',\n pluralName: 'api-tokens',\n displayName: 'Api Token',\n description: '',\n },\n options: {},\n pluginOptions: {\n 'content-manager': {\n visible: false,\n },\n 'content-type-builder': {\n visible: false,\n },\n },\n attributes: {\n name: {\n type: 'string',\n minLength: 1,\n configurable: false,\n required: true,\n unique: true,\n },\n description: {\n type: 'string',\n minLength: 1,\n configurable: false,\n required: false,\n default: '',\n },\n kind: {\n type: 'enumeration',\n enum: ['content-api', 'admin'],\n configurable: false,\n required: true,\n default: 'content-api',\n },\n type: {\n type: 'enumeration',\n enum: Object.values(constants.API_TOKEN_TYPE),\n configurable: false,\n required: false,\n default: constants.API_TOKEN_TYPE.READ_ONLY,\n },\n accessKey: {\n type: 'string',\n minLength: 1,\n configurable: false,\n required: true,\n searchable: false,\n },\n encryptedKey: {\n type: 'text',\n minLength: 1,\n configurable: false,\n required: false,\n searchable: false,\n },\n lastUsedAt: {\n type: 'datetime',\n configurable: false,\n required: false,\n },\n permissions: {\n type: 'relation',\n target: 'admin::api-token-permission',\n relation: 'oneToMany',\n mappedBy: 'token',\n configurable: false,\n required: false,\n },\n adminPermissions: {\n type: 'relation',\n target: 'admin::permission',\n relation: 'oneToMany',\n mappedBy: 'apiToken',\n configurable: false,\n required: false,\n },\n adminUserOwner: {\n type: 'relation',\n target: 'admin::user',\n relation: 'manyToOne',\n inversedBy: 'apiTokens',\n configurable: false,\n required: false,\n },\n expiresAt: {\n type: 'datetime',\n configurable: false,\n required: false,\n },\n lifespan: {\n type: 'biginteger',\n configurable: false,\n required: false,\n },\n },\n};\n"],"names":["collectionName","info","name","singularName","pluralName","displayName","description","options","pluginOptions","visible","attributes","type","minLength","configurable","required","unique","default","kind","enum","Object","values","constants","API_TOKEN_TYPE","READ_ONLY","accessKey","searchable","encryptedKey","lastUsedAt","permissions","target","relation","mappedBy","adminPermissions","adminUserOwner","inversedBy","expiresAt","lifespan"],"mappings":";;AAEA,eAAe;IACbA,cAAAA,EAAgB,mBAAA;IAChBC,IAAAA,EAAM;QACJC,IAAAA,EAAM,WAAA;QACNC,YAAAA,EAAc,WAAA;QACdC,UAAAA,EAAY,YAAA;QACZC,WAAAA,EAAa,WAAA;QACbC,WAAAA,EAAa;AACf,KAAA;AACAC,IAAAA,OAAAA,EAAS,EAAC;IACVC,aAAAA,EAAe;QACb,iBAAA,EAAmB;YACjBC,OAAAA,EAAS;AACX,SAAA;QACA,sBAAA,EAAwB;YACtBA,OAAAA,EAAS;AACX;AACF,KAAA;IACAC,UAAAA,EAAY;QACVR,IAAAA,EAAM;YACJS,IAAAA,EAAM,QAAA;YACNC,SAAAA,EAAW,CAAA;YACXC,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU,IAAA;YACVC,MAAAA,EAAQ;AACV,SAAA;QACAT,WAAAA,EAAa;YACXK,IAAAA,EAAM,QAAA;YACNC,SAAAA,EAAW,CAAA;YACXC,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU,KAAA;YACVE,OAAAA,EAAS;AACX,SAAA;QACAC,IAAAA,EAAM;YACJN,IAAAA,EAAM,aAAA;YACNO,IAAAA,EAAM;AAAC,gBAAA,aAAA;AAAe,gBAAA;AAAQ,aAAA;YAC9BL,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU,IAAA;YACVE,OAAAA,EAAS;AACX,SAAA;QACAL,IAAAA,EAAM;YACJA,IAAAA,EAAM,aAAA;AACNO,YAAAA,IAAAA,EAAMC,MAAAA,CAAOC,MAAM,CAACC,SAAAA,CAAUC,cAAc,CAAA;YAC5CT,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU,KAAA;YACVE,OAAAA,EAASK,SAAAA,CAAUC,cAAc,CAACC;AACpC,SAAA;QACAC,SAAAA,EAAW;YACTb,IAAAA,EAAM,QAAA;YACNC,SAAAA,EAAW,CAAA;YACXC,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU,IAAA;YACVW,UAAAA,EAAY;AACd,SAAA;QACAC,YAAAA,EAAc;YACZf,IAAAA,EAAM,MAAA;YACNC,SAAAA,EAAW,CAAA;YACXC,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU,KAAA;YACVW,UAAAA,EAAY;AACd,SAAA;QACAE,UAAAA,EAAY;YACVhB,IAAAA,EAAM,UAAA;YACNE,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU;AACZ,SAAA;QACAc,WAAAA,EAAa;YACXjB,IAAAA,EAAM,UAAA;YACNkB,MAAAA,EAAQ,6BAAA;YACRC,QAAAA,EAAU,WAAA;YACVC,QAAAA,EAAU,OAAA;YACVlB,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU;AACZ,SAAA;QACAkB,gBAAAA,EAAkB;YAChBrB,IAAAA,EAAM,UAAA;YACNkB,MAAAA,EAAQ,mBAAA;YACRC,QAAAA,EAAU,WAAA;YACVC,QAAAA,EAAU,UAAA;YACVlB,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU;AACZ,SAAA;QACAmB,cAAAA,EAAgB;YACdtB,IAAAA,EAAM,UAAA;YACNkB,MAAAA,EAAQ,aAAA;YACRC,QAAAA,EAAU,WAAA;YACVI,UAAAA,EAAY,WAAA;YACZrB,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU;AACZ,SAAA;QACAqB,SAAAA,EAAW;YACTxB,IAAAA,EAAM,UAAA;YACNE,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU;AACZ,SAAA;QACAsB,QAAAA,EAAU;YACRzB,IAAAA,EAAM,YAAA;YACNE,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU;AACZ;AACF;AACF,CAAA;;;;"}

package/dist/server/server/src/controllers/admin-token.js ADDED Viewed

@@ -0,0 +1,194 @@
+'use strict';
+var utils = require('@strapi/utils');
+var fp = require('lodash/fp');
+var index = require('../utils/index.js');
+var constants = require('../services/constants.js');
+var adminTokens = require('../validation/admin-tokens.js');
+const { ApplicationError } = utils.errors;
+// ---------------------------------------------------------------------------
+// Access-control helpers
+// ---------------------------------------------------------------------------
+const isSuperAdmin = (user)=>user.roles.some((r)=>r.code === constants.SUPER_ADMIN_CODE) === true;
+const getOwnerId = (token)=>{
+    const owner = token.adminUserOwner;
+    return String(typeof owner === 'object' ? owner.id : owner);
+};
+/** Returns true when user is the recorded owner of an admin token. */ const isTokenOwner = (user, token)=>getOwnerId(token) === String(user.id);
+/** Owner OR super-admin can manage an admin token (read metadata, update…). */ const canAccessAdminToken = (user, token)=>isTokenOwner(user, token) || isSuperAdmin(user);
+// ---------------------------------------------------------------------------
+// Controller
+// ---------------------------------------------------------------------------
+var adminToken = {
+    // -------------------------------------------------------------------------
+    // Create
+    // -------------------------------------------------------------------------
+    async create (ctx) {
+        const { body } = ctx.request;
+        const apiTokenService = index.getService('api-token-admin');
+        if (body.type !== undefined) {
+            return ctx.badRequest('Type is not allowed for admin tokens');
+        }
+        if (body.permissions !== undefined) {
+            return ctx.badRequest('Permissions are not allowed for admin tokens');
+        }
+        const attributes = {
+            kind: 'admin',
+            name: fp.trim(body.name),
+            description: fp.trim(body.description),
+            adminPermissions: body.adminPermissions,
+            lifespan: body.lifespan,
+            adminUserOwner: ctx.state.user.id
+        };
+        await adminTokens.validateAdminTokenCreationInput(attributes);
+        const alreadyExists = await apiTokenService.exists({
+            name: attributes.name
+        });
+        if (alreadyExists) {
+            throw new ApplicationError('Name already taken');
+        }
+        const apiToken = await apiTokenService.create(attributes, ctx.state.user);
+        ctx.created({
+            data: apiToken
+        });
+    },
+    // -------------------------------------------------------------------------
+    // Regenerate — owner-only, super-admin does NOT bypass
+    // -------------------------------------------------------------------------
+    async regenerate (ctx) {
+        const { id } = ctx.params;
+        const apiTokenService = index.getService('api-token-admin');
+        const token = await apiTokenService.getById(id);
+        if (!token) {
+            ctx.notFound('API Token not found');
+            return;
+        }
+        if (!isTokenOwner(ctx.state.user, token)) {
+            return ctx.forbidden();
+        }
+        const accessToken = await apiTokenService.regenerate(id);
+        ctx.created({
+            data: accessToken
+        });
+    },
+    // -------------------------------------------------------------------------
+    // List — always filtered to kind: 'admin'
+    // -------------------------------------------------------------------------
+    async list (ctx) {
+        const apiTokenService = index.getService('api-token-admin');
+        const apiTokens = await apiTokenService.list(ctx.state.user);
+        ctx.send({
+            data: apiTokens
+        });
+    },
+    // -------------------------------------------------------------------------
+    // Revoke
+    // -------------------------------------------------------------------------
+    async revoke (ctx) {
+        const { id } = ctx.params;
+        const apiTokenService = index.getService('api-token-admin');
+        const existingToken = await apiTokenService.getById(id);
+        if (existingToken === null) {
+            return ctx.notFound('API Token not found');
+        }
+        if (canAccessAdminToken(ctx.state.user, existingToken) === false) {
+            return ctx.forbidden();
+        }
+        const apiToken = await apiTokenService.revoke(id);
+        ctx.deleted({
+            data: apiToken
+        });
+    },
+    // -------------------------------------------------------------------------
+    // Get — key exposed only to owner
+    // -------------------------------------------------------------------------
+    async get (ctx) {
+        const { id } = ctx.params;
+        const apiTokenService = index.getService('api-token-admin');
+        const token = await apiTokenService.getById(id);
+        if (!token) {
+            ctx.notFound('API Token not found');
+            return;
+        }
+        if (canAccessAdminToken(ctx.state.user, token) === false) {
+            ctx.notFound('API Token not found');
+            return;
+        }
+        if (isTokenOwner(ctx.state.user, token)) {
+            const withKey = await apiTokenService.getById(id, {
+                includeDecryptedKey: true
+            });
+            ctx.send({
+                data: withKey ?? token
+            });
+            return;
+        }
+        ctx.send({
+            data: token
+        });
+    },
+    // -------------------------------------------------------------------------
+    // Update — owner or super-admin only
+    // -------------------------------------------------------------------------
+    async update (ctx) {
+        const { body } = ctx.request;
+        const { id } = ctx.params;
+        const apiTokenService = index.getService('api-token-admin');
+        const mutableBody = body;
+        if (fp.has('name', mutableBody)) {
+            mutableBody.name = fp.trim(body.name ?? '');
+        }
+        if (fp.has('description', mutableBody) || mutableBody.description === null) {
+            mutableBody.description = fp.trim(body.description ?? '');
+        }
+        await adminTokens.validateAdminTokenUpdateInput(body);
+        const existingToken = await apiTokenService.getById(id);
+        if (!existingToken) {
+            return ctx.notFound('API Token not found');
+        }
+        if (fp.has('name', body)) {
+            const nameAlreadyTaken = await apiTokenService.getByName(body.name);
+            if (nameAlreadyTaken !== null && !utils.strings.isEqual(nameAlreadyTaken.id, id)) {
+                throw new ApplicationError('Name already taken');
+            }
+        }
+        if (!canAccessAdminToken(ctx.state.user, existingToken)) {
+            return ctx.forbidden();
+        }
+        const apiToken = await apiTokenService.update(id, body);
+        ctx.send({
+            data: apiToken
+        });
+    },
+    // -------------------------------------------------------------------------
+    // Owner permissions — effective permissions of the token owner
+    // -------------------------------------------------------------------------
+    async getOwnerPermissions (ctx) {
+        const { id } = ctx.params;
+        const apiTokenService = index.getService('api-token-admin');
+        const permissionService = index.getService('permission');
+        const userService = index.getService('user');
+        const token = await apiTokenService.getById(id);
+        if (!token) {
+            return ctx.notFound('apiToken.notFound');
+        }
+        if (!canAccessAdminToken(ctx.state.user, token)) {
+            return ctx.forbidden();
+        }
+        const ownerId = getOwnerId(token);
+        const ownerUser = await userService.findOne(ownerId);
+        if (!ownerUser) {
+            return ctx.notFound('owner.notFound');
+        }
+        const ownerPermissions = await permissionService.findUserPermissions(ownerUser);
+        const sanitizedPermissions = ownerPermissions.map(permissionService.sanitizePermission);
+        // @ts-expect-error - transform response type to sanitized permission
+        ctx.body = {
+            data: sanitizedPermissions
+        };
+    }
+};
+module.exports = adminToken;
+//# sourceMappingURL=admin-token.js.map

package/dist/server/server/src/controllers/admin-token.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"admin-token.js","sources":["../../../../../server/src/controllers/admin-token.ts"],"sourcesContent":["import type { Context } from 'koa';\n\nimport { strings, errors } from '@strapi/utils';\nimport { trim, has } from 'lodash/fp';\nimport { getService } from '../utils';\nimport constants from '../services/constants';\nimport {\n validateAdminTokenCreationInput,\n validateAdminTokenUpdateInput,\n} from '../validation/admin-tokens';\nimport {\n Create,\n List,\n Revoke,\n Get,\n Update,\n GetOwnerPermissions,\n AdminApiToken,\n} from '../../../shared/contracts/admin-token';\nimport type { ContentApiApiToken } from '../../../shared/contracts/api-token';\nimport type { AdminUser } from '../../../shared/contracts/shared';\n\nconst { ApplicationError } = errors;\n\n// ---------------------------------------------------------------------------\n// Access-control helpers\n// ---------------------------------------------------------------------------\n\nconst isSuperAdmin = (user: AdminUser): boolean =>\n user.roles.some((r) => r.code === constants.SUPER_ADMIN_CODE) === true;\n\nconst getOwnerId = (token: AdminApiToken): string => {\n const owner = token.adminUserOwner;\n return String(typeof owner === 'object' ? owner.id : owner);\n};\n\n/** Returns true when user is the recorded owner of an admin token. */\nconst isTokenOwner = (user: AdminUser, token: AdminApiToken): boolean =>\n getOwnerId(token) === String(user.id);\n\n/** Owner OR super-admin can manage an admin token (read metadata, update…). */\nconst canAccessAdminToken = (user: AdminUser, token: AdminApiToken): boolean =>\n isTokenOwner(user, token) || isSuperAdmin(user);\n\n// ---------------------------------------------------------------------------\n// Controller\n// ---------------------------------------------------------------------------\n\nexport default {\n // -------------------------------------------------------------------------\n // Create\n // -------------------------------------------------------------------------\n async create(ctx: Context) {\n const { body } = ctx.request as Create.Request;\n const apiTokenService = getService('api-token-admin');\n\n if ((body as ContentApiApiToken).type !== undefined) {\n return ctx.badRequest('Type is not allowed for admin tokens');\n }\n if ((body as ContentApiApiToken).permissions !== undefined) {\n return ctx.badRequest('Permissions are not allowed for admin tokens');\n }\n\n const attributes = {\n kind: 'admin' as const,\n name: trim(body.name),\n description: trim(body.description),\n adminPermissions: body.adminPermissions,\n lifespan: body.lifespan,\n adminUserOwner: ctx.state.user.id,\n };\n\n await validateAdminTokenCreationInput(attributes);\n\n const alreadyExists = await apiTokenService.exists({ name: attributes.name });\n if (alreadyExists) {\n throw new ApplicationError('Name already taken');\n }\n\n const apiToken = await apiTokenService.create(attributes, ctx.state.user);\n ctx.created({ data: apiToken });\n },\n\n // -------------------------------------------------------------------------\n // Regenerate — owner-only, super-admin does NOT bypass\n // -------------------------------------------------------------------------\n async regenerate(ctx: Context) {\n const { id } = ctx.params;\n const apiTokenService = getService('api-token-admin');\n\n const token = await apiTokenService.getById(id);\n if (!token) {\n ctx.notFound('API Token not found');\n return;\n }\n\n if (!isTokenOwner(ctx.state.user, token)) {\n return ctx.forbidden();\n }\n\n const accessToken = await apiTokenService.regenerate(id);\n ctx.created({ data: accessToken });\n },\n\n // -------------------------------------------------------------------------\n // List — always filtered to kind: 'admin'\n // -------------------------------------------------------------------------\n async list(ctx: Context) {\n const apiTokenService = getService('api-token-admin');\n const apiTokens = await apiTokenService.list(ctx.state.user);\n\n ctx.send({ data: apiTokens } satisfies List.Response);\n },\n\n // -------------------------------------------------------------------------\n // Revoke\n // -------------------------------------------------------------------------\n async revoke(ctx: Context) {\n const { id } = ctx.params as Revoke.Params;\n const apiTokenService = getService('api-token-admin');\n\n const existingToken = await apiTokenService.getById(id);\n if (existingToken === null) {\n return ctx.notFound('API Token not found');\n }\n\n if (canAccessAdminToken(ctx.state.user, existingToken) === false) {\n return ctx.forbidden();\n }\n\n const apiToken = await apiTokenService.revoke(id);\n ctx.deleted({ data: apiToken } satisfies Revoke.Response);\n },\n\n // -------------------------------------------------------------------------\n // Get — key exposed only to owner\n // -------------------------------------------------------------------------\n async get(ctx: Context) {\n const { id } = ctx.params;\n const apiTokenService = getService('api-token-admin');\n\n const token = await apiTokenService.getById(id);\n if (!token) {\n ctx.notFound('API Token not found');\n return;\n }\n\n if (canAccessAdminToken(ctx.state.user, token) === false) {\n ctx.notFound('API Token not found');\n return;\n }\n\n if (isTokenOwner(ctx.state.user, token)) {\n const withKey = await apiTokenService.getById(id, { includeDecryptedKey: true });\n ctx.send({ data: withKey ?? token } satisfies Get.Response);\n return;\n }\n\n ctx.send({ data: token } satisfies Get.Response);\n },\n\n // -------------------------------------------------------------------------\n // Update — owner or super-admin only\n // -------------------------------------------------------------------------\n async update(ctx: Context) {\n const { body } = ctx.request as Update.Request;\n const { id } = ctx.params as Update.Params;\n const apiTokenService = getService('api-token-admin');\n\n const mutableBody = body as Record<string, unknown>;\n if (has('name', mutableBody)) {\n mutableBody.name = trim(body.name ?? '');\n }\n if (has('description', mutableBody) || mutableBody.description === null) {\n mutableBody.description = trim(body.description ?? '');\n }\n\n await validateAdminTokenUpdateInput(body);\n\n const existingToken = await apiTokenService.getById(id);\n if (!existingToken) {\n return ctx.notFound('API Token not found');\n }\n\n if (has('name', body)) {\n const nameAlreadyTaken = await apiTokenService.getByName(body.name!);\n if (nameAlreadyTaken !== null && !strings.isEqual(nameAlreadyTaken.id, id)) {\n throw new ApplicationError('Name already taken');\n }\n }\n\n if (!canAccessAdminToken(ctx.state.user, existingToken)) {\n return ctx.forbidden();\n }\n\n const apiToken = await apiTokenService.update(id, body);\n ctx.send({ data: apiToken } satisfies Update.Response);\n },\n\n // -------------------------------------------------------------------------\n // Owner permissions — effective permissions of the token owner\n // -------------------------------------------------------------------------\n async getOwnerPermissions(ctx: Context) {\n const { id } = ctx.params as GetOwnerPermissions.Request['params'];\n const apiTokenService = getService('api-token-admin');\n const permissionService = getService('permission');\n const userService = getService('user');\n\n const token = await apiTokenService.getById(id);\n if (!token) {\n return ctx.notFound('apiToken.notFound');\n }\n\n if (!canAccessAdminToken(ctx.state.user, token)) {\n return ctx.forbidden();\n }\n\n const ownerId = getOwnerId(token);\n const ownerUser = await userService.findOne(ownerId);\n if (!ownerUser) {\n return ctx.notFound('owner.notFound');\n }\n\n const ownerPermissions = await permissionService.findUserPermissions(ownerUser);\n const sanitizedPermissions = ownerPermissions.map(permissionService.sanitizePermission);\n\n // @ts-expect-error - transform response type to sanitized permission\n ctx.body = { data: sanitizedPermissions } satisfies GetOwnerPermissions.Response;\n },\n};\n"],"names":["ApplicationError","errors","isSuperAdmin","user","roles","some","r","code","constants","SUPER_ADMIN_CODE","getOwnerId","token","owner","adminUserOwner","String","id","isTokenOwner","canAccessAdminToken","create","ctx","body","request","apiTokenService","getService","type","undefined","badRequest","permissions","attributes","kind","name","trim","description","adminPermissions","lifespan","state","validateAdminTokenCreationInput","alreadyExists","exists","apiToken","created","data","regenerate","params","getById","notFound","forbidden","accessToken","list","apiTokens","send","revoke","existingToken","deleted","get","withKey","includeDecryptedKey","update","mutableBody","has","validateAdminTokenUpdateInput","nameAlreadyTaken","getByName","strings","isEqual","getOwnerPermissions","permissionService","userService","ownerId","ownerUser","findOne","ownerPermissions","findUserPermissions","sanitizedPermissions","map","sanitizePermission"],"mappings":";;;;;;;;AAsBA,MAAM,EAAEA,gBAAgB,EAAE,GAAGC,YAAAA;AAE7B;AACA;AACA;AAEA,MAAMC,YAAAA,GAAe,CAACC,IAAAA,GACpBA,IAAAA,CAAKC,KAAK,CAACC,IAAI,CAAC,CAACC,IAAMA,CAAAA,CAAEC,IAAI,KAAKC,SAAAA,CAAUC,gBAAgB,CAAA,KAAM,IAAA;AAEpE,MAAMC,aAAa,CAACC,KAAAA,GAAAA;IAClB,MAAMC,KAAAA,GAAQD,MAAME,cAAc;AAClC,IAAA,OAAOC,OAAO,OAAOF,KAAAA,KAAU,QAAA,GAAWA,KAAAA,CAAMG,EAAE,GAAGH,KAAAA,CAAAA;AACvD,CAAA;AAEA,uEACA,MAAMI,YAAAA,GAAe,CAACb,IAAAA,EAAiBQ,QACrCD,UAAAA,CAAWC,KAAAA,CAAAA,KAAWG,MAAAA,CAAOX,IAAAA,CAAKY,EAAE,CAAA;AAEtC,gFACA,MAAME,mBAAAA,GAAsB,CAACd,MAAiBQ,KAAAA,GAC5CK,YAAAA,CAAab,IAAAA,EAAMQ,KAAAA,CAAAA,IAAUT,YAAAA,CAAaC,IAAAA,CAAAA;AAE5C;AACA;AACA;AAEA,iBAAe;;;;AAIb,IAAA,MAAMe,QAAOC,GAAY,EAAA;AACvB,QAAA,MAAM,EAAEC,IAAI,EAAE,GAAGD,IAAIE,OAAO;AAC5B,QAAA,MAAMC,kBAAkBC,gBAAAA,CAAW,iBAAA,CAAA;AAEnC,QAAA,IAAI,IAACH,CAA4BI,IAAI,KAAKC,SAAAA,EAAW;YACnD,OAAON,GAAAA,CAAIO,UAAU,CAAC,sCAAA,CAAA;AACxB,QAAA;AACA,QAAA,IAAI,IAACN,CAA4BO,WAAW,KAAKF,SAAAA,EAAW;YAC1D,OAAON,GAAAA,CAAIO,UAAU,CAAC,8CAAA,CAAA;AACxB,QAAA;AAEA,QAAA,MAAME,UAAAA,GAAa;YACjBC,IAAAA,EAAM,OAAA;YACNC,IAAAA,EAAMC,OAAAA,CAAKX,KAAKU,IAAI,CAAA;YACpBE,WAAAA,EAAaD,OAAAA,CAAKX,KAAKY,WAAW,CAAA;AAClCC,YAAAA,gBAAAA,EAAkBb,KAAKa,gBAAgB;AACvCC,YAAAA,QAAAA,EAAUd,KAAKc,QAAQ;AACvBrB,YAAAA,cAAAA,EAAgBM,GAAAA,CAAIgB,KAAK,CAAChC,IAAI,CAACY;AACjC,SAAA;AAEA,QAAA,MAAMqB,2CAAAA,CAAgCR,UAAAA,CAAAA;AAEtC,QAAA,MAAMS,aAAAA,GAAgB,MAAMf,eAAAA,CAAgBgB,MAAM,CAAC;AAAER,YAAAA,IAAAA,EAAMF,WAAWE;AAAK,SAAA,CAAA;AAC3E,QAAA,IAAIO,aAAAA,EAAe;AACjB,YAAA,MAAM,IAAIrC,gBAAAA,CAAiB,oBAAA,CAAA;AAC7B,QAAA;QAEA,MAAMuC,QAAAA,GAAW,MAAMjB,eAAAA,CAAgBJ,MAAM,CAACU,UAAAA,EAAYT,GAAAA,CAAIgB,KAAK,CAAChC,IAAI,CAAA;AACxEgB,QAAAA,GAAAA,CAAIqB,OAAO,CAAC;YAAEC,IAAAA,EAAMF;AAAS,SAAA,CAAA;AAC/B,IAAA,CAAA;;;;AAKA,IAAA,MAAMG,YAAWvB,GAAY,EAAA;AAC3B,QAAA,MAAM,EAAEJ,EAAE,EAAE,GAAGI,IAAIwB,MAAM;AACzB,QAAA,MAAMrB,kBAAkBC,gBAAAA,CAAW,iBAAA,CAAA;AAEnC,QAAA,MAAMZ,KAAAA,GAAQ,MAAMW,eAAAA,CAAgBsB,OAAO,CAAC7B,EAAAA,CAAAA;AAC5C,QAAA,IAAI,CAACJ,KAAAA,EAAO;AACVQ,YAAAA,GAAAA,CAAI0B,QAAQ,CAAC,qBAAA,CAAA;AACb,YAAA;AACF,QAAA;AAEA,QAAA,IAAI,CAAC7B,YAAAA,CAAaG,GAAAA,CAAIgB,KAAK,CAAChC,IAAI,EAAEQ,KAAAA,CAAAA,EAAQ;AACxC,YAAA,OAAOQ,IAAI2B,SAAS,EAAA;AACtB,QAAA;AAEA,QAAA,MAAMC,WAAAA,GAAc,MAAMzB,eAAAA,CAAgBoB,UAAU,CAAC3B,EAAAA,CAAAA;AACrDI,QAAAA,GAAAA,CAAIqB,OAAO,CAAC;YAAEC,IAAAA,EAAMM;AAAY,SAAA,CAAA;AAClC,IAAA,CAAA;;;;AAKA,IAAA,MAAMC,MAAK7B,GAAY,EAAA;AACrB,QAAA,MAAMG,kBAAkBC,gBAAAA,CAAW,iBAAA,CAAA;QACnC,MAAM0B,SAAAA,GAAY,MAAM3B,eAAAA,CAAgB0B,IAAI,CAAC7B,GAAAA,CAAIgB,KAAK,CAAChC,IAAI,CAAA;AAE3DgB,QAAAA,GAAAA,CAAI+B,IAAI,CAAC;YAAET,IAAAA,EAAMQ;AAAU,SAAA,CAAA;AAC7B,IAAA,CAAA;;;;AAKA,IAAA,MAAME,QAAOhC,GAAY,EAAA;AACvB,QAAA,MAAM,EAAEJ,EAAE,EAAE,GAAGI,IAAIwB,MAAM;AACzB,QAAA,MAAMrB,kBAAkBC,gBAAAA,CAAW,iBAAA,CAAA;AAEnC,QAAA,MAAM6B,aAAAA,GAAgB,MAAM9B,eAAAA,CAAgBsB,OAAO,CAAC7B,EAAAA,CAAAA;AACpD,QAAA,IAAIqC,kBAAkB,IAAA,EAAM;YAC1B,OAAOjC,GAAAA,CAAI0B,QAAQ,CAAC,qBAAA,CAAA;AACtB,QAAA;AAEA,QAAA,IAAI5B,oBAAoBE,GAAAA,CAAIgB,KAAK,CAAChC,IAAI,EAAEiD,mBAAmB,KAAA,EAAO;AAChE,YAAA,OAAOjC,IAAI2B,SAAS,EAAA;AACtB,QAAA;AAEA,QAAA,MAAMP,QAAAA,GAAW,MAAMjB,eAAAA,CAAgB6B,MAAM,CAACpC,EAAAA,CAAAA;AAC9CI,QAAAA,GAAAA,CAAIkC,OAAO,CAAC;YAAEZ,IAAAA,EAAMF;AAAS,SAAA,CAAA;AAC/B,IAAA,CAAA;;;;AAKA,IAAA,MAAMe,KAAInC,GAAY,EAAA;AACpB,QAAA,MAAM,EAAEJ,EAAE,EAAE,GAAGI,IAAIwB,MAAM;AACzB,QAAA,MAAMrB,kBAAkBC,gBAAAA,CAAW,iBAAA,CAAA;AAEnC,QAAA,MAAMZ,KAAAA,GAAQ,MAAMW,eAAAA,CAAgBsB,OAAO,CAAC7B,EAAAA,CAAAA;AAC5C,QAAA,IAAI,CAACJ,KAAAA,EAAO;AACVQ,YAAAA,GAAAA,CAAI0B,QAAQ,CAAC,qBAAA,CAAA;AACb,YAAA;AACF,QAAA;AAEA,QAAA,IAAI5B,oBAAoBE,GAAAA,CAAIgB,KAAK,CAAChC,IAAI,EAAEQ,WAAW,KAAA,EAAO;AACxDQ,YAAAA,GAAAA,CAAI0B,QAAQ,CAAC,qBAAA,CAAA;AACb,YAAA;AACF,QAAA;AAEA,QAAA,IAAI7B,aAAaG,GAAAA,CAAIgB,KAAK,CAAChC,IAAI,EAAEQ,KAAAA,CAAAA,EAAQ;AACvC,YAAA,MAAM4C,OAAAA,GAAU,MAAMjC,eAAAA,CAAgBsB,OAAO,CAAC7B,EAAAA,EAAI;gBAAEyC,mBAAAA,EAAqB;AAAK,aAAA,CAAA;AAC9ErC,YAAAA,GAAAA,CAAI+B,IAAI,CAAC;AAAET,gBAAAA,IAAAA,EAAMc,OAAAA,IAAW5C;AAAM,aAAA,CAAA;AAClC,YAAA;AACF,QAAA;AAEAQ,QAAAA,GAAAA,CAAI+B,IAAI,CAAC;YAAET,IAAAA,EAAM9B;AAAM,SAAA,CAAA;AACzB,IAAA,CAAA;;;;AAKA,IAAA,MAAM8C,QAAOtC,GAAY,EAAA;AACvB,QAAA,MAAM,EAAEC,IAAI,EAAE,GAAGD,IAAIE,OAAO;AAC5B,QAAA,MAAM,EAAEN,EAAE,EAAE,GAAGI,IAAIwB,MAAM;AACzB,QAAA,MAAMrB,kBAAkBC,gBAAAA,CAAW,iBAAA,CAAA;AAEnC,QAAA,MAAMmC,WAAAA,GAActC,IAAAA;QACpB,IAAIuC,MAAAA,CAAI,QAAQD,WAAAA,CAAAA,EAAc;AAC5BA,YAAAA,WAAAA,CAAY5B,IAAI,GAAGC,OAAAA,CAAKX,IAAAA,CAAKU,IAAI,IAAI,EAAA,CAAA;AACvC,QAAA;AACA,QAAA,IAAI6B,OAAI,aAAA,EAAeD,WAAAA,CAAAA,IAAgBA,WAAAA,CAAY1B,WAAW,KAAK,IAAA,EAAM;AACvE0B,YAAAA,WAAAA,CAAY1B,WAAW,GAAGD,OAAAA,CAAKX,IAAAA,CAAKY,WAAW,IAAI,EAAA,CAAA;AACrD,QAAA;AAEA,QAAA,MAAM4B,yCAAAA,CAA8BxC,IAAAA,CAAAA;AAEpC,QAAA,MAAMgC,aAAAA,GAAgB,MAAM9B,eAAAA,CAAgBsB,OAAO,CAAC7B,EAAAA,CAAAA;AACpD,QAAA,IAAI,CAACqC,aAAAA,EAAe;YAClB,OAAOjC,GAAAA,CAAI0B,QAAQ,CAAC,qBAAA,CAAA;AACtB,QAAA;QAEA,IAAIc,MAAAA,CAAI,QAAQvC,IAAAA,CAAAA,EAAO;AACrB,YAAA,MAAMyC,mBAAmB,MAAMvC,eAAAA,CAAgBwC,SAAS,CAAC1C,KAAKU,IAAI,CAAA;YAClE,IAAI+B,gBAAAA,KAAqB,QAAQ,CAACE,aAAAA,CAAQC,OAAO,CAACH,gBAAAA,CAAiB9C,EAAE,EAAEA,EAAAA,CAAAA,EAAK;AAC1E,gBAAA,MAAM,IAAIf,gBAAAA,CAAiB,oBAAA,CAAA;AAC7B,YAAA;AACF,QAAA;AAEA,QAAA,IAAI,CAACiB,mBAAAA,CAAoBE,GAAAA,CAAIgB,KAAK,CAAChC,IAAI,EAAEiD,aAAAA,CAAAA,EAAgB;AACvD,YAAA,OAAOjC,IAAI2B,SAAS,EAAA;AACtB,QAAA;AAEA,QAAA,MAAMP,QAAAA,GAAW,MAAMjB,eAAAA,CAAgBmC,MAAM,CAAC1C,EAAAA,EAAIK,IAAAA,CAAAA;AAClDD,QAAAA,GAAAA,CAAI+B,IAAI,CAAC;YAAET,IAAAA,EAAMF;AAAS,SAAA,CAAA;AAC5B,IAAA,CAAA;;;;AAKA,IAAA,MAAM0B,qBAAoB9C,GAAY,EAAA;AACpC,QAAA,MAAM,EAAEJ,EAAE,EAAE,GAAGI,IAAIwB,MAAM;AACzB,QAAA,MAAMrB,kBAAkBC,gBAAAA,CAAW,iBAAA,CAAA;AACnC,QAAA,MAAM2C,oBAAoB3C,gBAAAA,CAAW,YAAA,CAAA;AACrC,QAAA,MAAM4C,cAAc5C,gBAAAA,CAAW,MAAA,CAAA;AAE/B,QAAA,MAAMZ,KAAAA,GAAQ,MAAMW,eAAAA,CAAgBsB,OAAO,CAAC7B,EAAAA,CAAAA;AAC5C,QAAA,IAAI,CAACJ,KAAAA,EAAO;YACV,OAAOQ,GAAAA,CAAI0B,QAAQ,CAAC,mBAAA,CAAA;AACtB,QAAA;AAEA,QAAA,IAAI,CAAC5B,mBAAAA,CAAoBE,GAAAA,CAAIgB,KAAK,CAAChC,IAAI,EAAEQ,KAAAA,CAAAA,EAAQ;AAC/C,YAAA,OAAOQ,IAAI2B,SAAS,EAAA;AACtB,QAAA;AAEA,QAAA,MAAMsB,UAAU1D,UAAAA,CAAWC,KAAAA,CAAAA;AAC3B,QAAA,MAAM0D,SAAAA,GAAY,MAAMF,WAAAA,CAAYG,OAAO,CAACF,OAAAA,CAAAA;AAC5C,QAAA,IAAI,CAACC,SAAAA,EAAW;YACd,OAAOlD,GAAAA,CAAI0B,QAAQ,CAAC,gBAAA,CAAA;AACtB,QAAA;AAEA,QAAA,MAAM0B,gBAAAA,GAAmB,MAAML,iBAAAA,CAAkBM,mBAAmB,CAACH,SAAAA,CAAAA;AACrE,QAAA,MAAMI,oBAAAA,GAAuBF,gBAAAA,CAAiBG,GAAG,CAACR,kBAAkBS,kBAAkB,CAAA;;AAGtFxD,QAAAA,GAAAA,CAAIC,IAAI,GAAG;YAAEqB,IAAAA,EAAMgC;AAAqB,SAAA;AAC1C,IAAA;AACF,CAAA;;;;"}

package/dist/server/server/src/controllers/admin-token.mjs ADDED Viewed

@@ -0,0 +1,192 @@
+import { errors, strings } from '@strapi/utils';
+import { has, trim } from 'lodash/fp';
+import { getService } from '../utils/index.mjs';
+import constants from '../services/constants.mjs';
+import { validateAdminTokenUpdateInput, validateAdminTokenCreationInput } from '../validation/admin-tokens.mjs';
+const { ApplicationError } = errors;
+// ---------------------------------------------------------------------------
+// Access-control helpers
+// ---------------------------------------------------------------------------
+const isSuperAdmin = (user)=>user.roles.some((r)=>r.code === constants.SUPER_ADMIN_CODE) === true;
+const getOwnerId = (token)=>{
+    const owner = token.adminUserOwner;
+    return String(typeof owner === 'object' ? owner.id : owner);
+};
+/** Returns true when user is the recorded owner of an admin token. */ const isTokenOwner = (user, token)=>getOwnerId(token) === String(user.id);
+/** Owner OR super-admin can manage an admin token (read metadata, update…). */ const canAccessAdminToken = (user, token)=>isTokenOwner(user, token) || isSuperAdmin(user);
+// ---------------------------------------------------------------------------
+// Controller
+// ---------------------------------------------------------------------------
+var adminToken = {
+    // -------------------------------------------------------------------------
+    // Create
+    // -------------------------------------------------------------------------
+    async create (ctx) {
+        const { body } = ctx.request;
+        const apiTokenService = getService('api-token-admin');
+        if (body.type !== undefined) {
+            return ctx.badRequest('Type is not allowed for admin tokens');
+        }
+        if (body.permissions !== undefined) {
+            return ctx.badRequest('Permissions are not allowed for admin tokens');
+        }
+        const attributes = {
+            kind: 'admin',
+            name: trim(body.name),
+            description: trim(body.description),
+            adminPermissions: body.adminPermissions,
+            lifespan: body.lifespan,
+            adminUserOwner: ctx.state.user.id
+        };
+        await validateAdminTokenCreationInput(attributes);
+        const alreadyExists = await apiTokenService.exists({
+            name: attributes.name
+        });
+        if (alreadyExists) {
+            throw new ApplicationError('Name already taken');
+        }
+        const apiToken = await apiTokenService.create(attributes, ctx.state.user);
+        ctx.created({
+            data: apiToken
+        });
+    },
+    // -------------------------------------------------------------------------
+    // Regenerate — owner-only, super-admin does NOT bypass
+    // -------------------------------------------------------------------------
+    async regenerate (ctx) {
+        const { id } = ctx.params;
+        const apiTokenService = getService('api-token-admin');
+        const token = await apiTokenService.getById(id);
+        if (!token) {
+            ctx.notFound('API Token not found');
+            return;
+        }
+        if (!isTokenOwner(ctx.state.user, token)) {
+            return ctx.forbidden();
+        }
+        const accessToken = await apiTokenService.regenerate(id);
+        ctx.created({
+            data: accessToken
+        });
+    },
+    // -------------------------------------------------------------------------
+    // List — always filtered to kind: 'admin'
+    // -------------------------------------------------------------------------
+    async list (ctx) {
+        const apiTokenService = getService('api-token-admin');
+        const apiTokens = await apiTokenService.list(ctx.state.user);
+        ctx.send({
+            data: apiTokens
+        });
+    },
+    // -------------------------------------------------------------------------
+    // Revoke
+    // -------------------------------------------------------------------------
+    async revoke (ctx) {
+        const { id } = ctx.params;
+        const apiTokenService = getService('api-token-admin');
+        const existingToken = await apiTokenService.getById(id);
+        if (existingToken === null) {
+            return ctx.notFound('API Token not found');
+        }
+        if (canAccessAdminToken(ctx.state.user, existingToken) === false) {
+            return ctx.forbidden();
+        }
+        const apiToken = await apiTokenService.revoke(id);
+        ctx.deleted({
+            data: apiToken
+        });
+    },
+    // -------------------------------------------------------------------------
+    // Get — key exposed only to owner
+    // -------------------------------------------------------------------------
+    async get (ctx) {
+        const { id } = ctx.params;
+        const apiTokenService = getService('api-token-admin');
+        const token = await apiTokenService.getById(id);
+        if (!token) {
+            ctx.notFound('API Token not found');
+            return;
+        }
+        if (canAccessAdminToken(ctx.state.user, token) === false) {
+            ctx.notFound('API Token not found');
+            return;
+        }
+        if (isTokenOwner(ctx.state.user, token)) {
+            const withKey = await apiTokenService.getById(id, {
+                includeDecryptedKey: true
+            });
+            ctx.send({
+                data: withKey ?? token
+            });
+            return;
+        }
+        ctx.send({
+            data: token
+        });
+    },
+    // -------------------------------------------------------------------------
+    // Update — owner or super-admin only
+    // -------------------------------------------------------------------------
+    async update (ctx) {
+        const { body } = ctx.request;
+        const { id } = ctx.params;
+        const apiTokenService = getService('api-token-admin');
+        const mutableBody = body;
+        if (has('name', mutableBody)) {
+            mutableBody.name = trim(body.name ?? '');
+        }
+        if (has('description', mutableBody) || mutableBody.description === null) {
+            mutableBody.description = trim(body.description ?? '');
+        }
+        await validateAdminTokenUpdateInput(body);
+        const existingToken = await apiTokenService.getById(id);
+        if (!existingToken) {
+            return ctx.notFound('API Token not found');
+        }
+        if (has('name', body)) {
+            const nameAlreadyTaken = await apiTokenService.getByName(body.name);
+            if (nameAlreadyTaken !== null && !strings.isEqual(nameAlreadyTaken.id, id)) {
+                throw new ApplicationError('Name already taken');
+            }
+        }
+        if (!canAccessAdminToken(ctx.state.user, existingToken)) {
+            return ctx.forbidden();
+        }
+        const apiToken = await apiTokenService.update(id, body);
+        ctx.send({
+            data: apiToken
+        });
+    },
+    // -------------------------------------------------------------------------
+    // Owner permissions — effective permissions of the token owner
+    // -------------------------------------------------------------------------
+    async getOwnerPermissions (ctx) {
+        const { id } = ctx.params;
+        const apiTokenService = getService('api-token-admin');
+        const permissionService = getService('permission');
+        const userService = getService('user');
+        const token = await apiTokenService.getById(id);
+        if (!token) {
+            return ctx.notFound('apiToken.notFound');
+        }
+        if (!canAccessAdminToken(ctx.state.user, token)) {
+            return ctx.forbidden();
+        }
+        const ownerId = getOwnerId(token);
+        const ownerUser = await userService.findOne(ownerId);
+        if (!ownerUser) {
+            return ctx.notFound('owner.notFound');
+        }
+        const ownerPermissions = await permissionService.findUserPermissions(ownerUser);
+        const sanitizedPermissions = ownerPermissions.map(permissionService.sanitizePermission);
+        // @ts-expect-error - transform response type to sanitized permission
+        ctx.body = {
+            data: sanitizedPermissions
+        };
+    }
+};
+export { adminToken as default };
+//# sourceMappingURL=admin-token.mjs.map

package/dist/server/server/src/controllers/admin-token.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"admin-token.mjs","sources":["../../../../../server/src/controllers/admin-token.ts"],"sourcesContent":["import type { Context } from 'koa';\n\nimport { strings, errors } from '@strapi/utils';\nimport { trim, has } from 'lodash/fp';\nimport { getService } from '../utils';\nimport constants from '../services/constants';\nimport {\n validateAdminTokenCreationInput,\n validateAdminTokenUpdateInput,\n} from '../validation/admin-tokens';\nimport {\n Create,\n List,\n Revoke,\n Get,\n Update,\n GetOwnerPermissions,\n AdminApiToken,\n} from '../../../shared/contracts/admin-token';\nimport type { ContentApiApiToken } from '../../../shared/contracts/api-token';\nimport type { AdminUser } from '../../../shared/contracts/shared';\n\nconst { ApplicationError } = errors;\n\n// ---------------------------------------------------------------------------\n// Access-control helpers\n// ---------------------------------------------------------------------------\n\nconst isSuperAdmin = (user: AdminUser): boolean =>\n user.roles.some((r) => r.code === constants.SUPER_ADMIN_CODE) === true;\n\nconst getOwnerId = (token: AdminApiToken): string => {\n const owner = token.adminUserOwner;\n return String(typeof owner === 'object' ? owner.id : owner);\n};\n\n/** Returns true when user is the recorded owner of an admin token. */\nconst isTokenOwner = (user: AdminUser, token: AdminApiToken): boolean =>\n getOwnerId(token) === String(user.id);\n\n/** Owner OR super-admin can manage an admin token (read metadata, update…). */\nconst canAccessAdminToken = (user: AdminUser, token: AdminApiToken): boolean =>\n isTokenOwner(user, token) || isSuperAdmin(user);\n\n// ---------------------------------------------------------------------------\n// Controller\n// ---------------------------------------------------------------------------\n\nexport default {\n // -------------------------------------------------------------------------\n // Create\n // -------------------------------------------------------------------------\n async create(ctx: Context) {\n const { body } = ctx.request as Create.Request;\n const apiTokenService = getService('api-token-admin');\n\n if ((body as ContentApiApiToken).type !== undefined) {\n return ctx.badRequest('Type is not allowed for admin tokens');\n }\n if ((body as ContentApiApiToken).permissions !== undefined) {\n return ctx.badRequest('Permissions are not allowed for admin tokens');\n }\n\n const attributes = {\n kind: 'admin' as const,\n name: trim(body.name),\n description: trim(body.description),\n adminPermissions: body.adminPermissions,\n lifespan: body.lifespan,\n adminUserOwner: ctx.state.user.id,\n };\n\n await validateAdminTokenCreationInput(attributes);\n\n const alreadyExists = await apiTokenService.exists({ name: attributes.name });\n if (alreadyExists) {\n throw new ApplicationError('Name already taken');\n }\n\n const apiToken = await apiTokenService.create(attributes, ctx.state.user);\n ctx.created({ data: apiToken });\n },\n\n // -------------------------------------------------------------------------\n // Regenerate — owner-only, super-admin does NOT bypass\n // -------------------------------------------------------------------------\n async regenerate(ctx: Context) {\n const { id } = ctx.params;\n const apiTokenService = getService('api-token-admin');\n\n const token = await apiTokenService.getById(id);\n if (!token) {\n ctx.notFound('API Token not found');\n return;\n }\n\n if (!isTokenOwner(ctx.state.user, token)) {\n return ctx.forbidden();\n }\n\n const accessToken = await apiTokenService.regenerate(id);\n ctx.created({ data: accessToken });\n },\n\n // -------------------------------------------------------------------------\n // List — always filtered to kind: 'admin'\n // -------------------------------------------------------------------------\n async list(ctx: Context) {\n const apiTokenService = getService('api-token-admin');\n const apiTokens = await apiTokenService.list(ctx.state.user);\n\n ctx.send({ data: apiTokens } satisfies List.Response);\n },\n\n // -------------------------------------------------------------------------\n // Revoke\n // -------------------------------------------------------------------------\n async revoke(ctx: Context) {\n const { id } = ctx.params as Revoke.Params;\n const apiTokenService = getService('api-token-admin');\n\n const existingToken = await apiTokenService.getById(id);\n if (existingToken === null) {\n return ctx.notFound('API Token not found');\n }\n\n if (canAccessAdminToken(ctx.state.user, existingToken) === false) {\n return ctx.forbidden();\n }\n\n const apiToken = await apiTokenService.revoke(id);\n ctx.deleted({ data: apiToken } satisfies Revoke.Response);\n },\n\n // -------------------------------------------------------------------------\n // Get — key exposed only to owner\n // -------------------------------------------------------------------------\n async get(ctx: Context) {\n const { id } = ctx.params;\n const apiTokenService = getService('api-token-admin');\n\n const token = await apiTokenService.getById(id);\n if (!token) {\n ctx.notFound('API Token not found');\n return;\n }\n\n if (canAccessAdminToken(ctx.state.user, token) === false) {\n ctx.notFound('API Token not found');\n return;\n }\n\n if (isTokenOwner(ctx.state.user, token)) {\n const withKey = await apiTokenService.getById(id, { includeDecryptedKey: true });\n ctx.send({ data: withKey ?? token } satisfies Get.Response);\n return;\n }\n\n ctx.send({ data: token } satisfies Get.Response);\n },\n\n // -------------------------------------------------------------------------\n // Update — owner or super-admin only\n // -------------------------------------------------------------------------\n async update(ctx: Context) {\n const { body } = ctx.request as Update.Request;\n const { id } = ctx.params as Update.Params;\n const apiTokenService = getService('api-token-admin');\n\n const mutableBody = body as Record<string, unknown>;\n if (has('name', mutableBody)) {\n mutableBody.name = trim(body.name ?? '');\n }\n if (has('description', mutableBody) || mutableBody.description === null) {\n mutableBody.description = trim(body.description ?? '');\n }\n\n await validateAdminTokenUpdateInput(body);\n\n const existingToken = await apiTokenService.getById(id);\n if (!existingToken) {\n return ctx.notFound('API Token not found');\n }\n\n if (has('name', body)) {\n const nameAlreadyTaken = await apiTokenService.getByName(body.name!);\n if (nameAlreadyTaken !== null && !strings.isEqual(nameAlreadyTaken.id, id)) {\n throw new ApplicationError('Name already taken');\n }\n }\n\n if (!canAccessAdminToken(ctx.state.user, existingToken)) {\n return ctx.forbidden();\n }\n\n const apiToken = await apiTokenService.update(id, body);\n ctx.send({ data: apiToken } satisfies Update.Response);\n },\n\n // -------------------------------------------------------------------------\n // Owner permissions — effective permissions of the token owner\n // -------------------------------------------------------------------------\n async getOwnerPermissions(ctx: Context) {\n const { id } = ctx.params as GetOwnerPermissions.Request['params'];\n const apiTokenService = getService('api-token-admin');\n const permissionService = getService('permission');\n const userService = getService('user');\n\n const token = await apiTokenService.getById(id);\n if (!token) {\n return ctx.notFound('apiToken.notFound');\n }\n\n if (!canAccessAdminToken(ctx.state.user, token)) {\n return ctx.forbidden();\n }\n\n const ownerId = getOwnerId(token);\n const ownerUser = await userService.findOne(ownerId);\n if (!ownerUser) {\n return ctx.notFound('owner.notFound');\n }\n\n const ownerPermissions = await permissionService.findUserPermissions(ownerUser);\n const sanitizedPermissions = ownerPermissions.map(permissionService.sanitizePermission);\n\n // @ts-expect-error - transform response type to sanitized permission\n ctx.body = { data: sanitizedPermissions } satisfies GetOwnerPermissions.Response;\n },\n};\n"],"names":["ApplicationError","errors","isSuperAdmin","user","roles","some","r","code","constants","SUPER_ADMIN_CODE","getOwnerId","token","owner","adminUserOwner","String","id","isTokenOwner","canAccessAdminToken","create","ctx","body","request","apiTokenService","getService","type","undefined","badRequest","permissions","attributes","kind","name","trim","description","adminPermissions","lifespan","state","validateAdminTokenCreationInput","alreadyExists","exists","apiToken","created","data","regenerate","params","getById","notFound","forbidden","accessToken","list","apiTokens","send","revoke","existingToken","deleted","get","withKey","includeDecryptedKey","update","mutableBody","has","validateAdminTokenUpdateInput","nameAlreadyTaken","getByName","strings","isEqual","getOwnerPermissions","permissionService","userService","ownerId","ownerUser","findOne","ownerPermissions","findUserPermissions","sanitizedPermissions","map","sanitizePermission"],"mappings":";;;;;;AAsBA,MAAM,EAAEA,gBAAgB,EAAE,GAAGC,MAAAA;AAE7B;AACA;AACA;AAEA,MAAMC,YAAAA,GAAe,CAACC,IAAAA,GACpBA,IAAAA,CAAKC,KAAK,CAACC,IAAI,CAAC,CAACC,IAAMA,CAAAA,CAAEC,IAAI,KAAKC,SAAAA,CAAUC,gBAAgB,CAAA,KAAM,IAAA;AAEpE,MAAMC,aAAa,CAACC,KAAAA,GAAAA;IAClB,MAAMC,KAAAA,GAAQD,MAAME,cAAc;AAClC,IAAA,OAAOC,OAAO,OAAOF,KAAAA,KAAU,QAAA,GAAWA,KAAAA,CAAMG,EAAE,GAAGH,KAAAA,CAAAA;AACvD,CAAA;AAEA,uEACA,MAAMI,YAAAA,GAAe,CAACb,IAAAA,EAAiBQ,QACrCD,UAAAA,CAAWC,KAAAA,CAAAA,KAAWG,MAAAA,CAAOX,IAAAA,CAAKY,EAAE,CAAA;AAEtC,gFACA,MAAME,mBAAAA,GAAsB,CAACd,MAAiBQ,KAAAA,GAC5CK,YAAAA,CAAab,IAAAA,EAAMQ,KAAAA,CAAAA,IAAUT,YAAAA,CAAaC,IAAAA,CAAAA;AAE5C;AACA;AACA;AAEA,iBAAe;;;;AAIb,IAAA,MAAMe,QAAOC,GAAY,EAAA;AACvB,QAAA,MAAM,EAAEC,IAAI,EAAE,GAAGD,IAAIE,OAAO;AAC5B,QAAA,MAAMC,kBAAkBC,UAAAA,CAAW,iBAAA,CAAA;AAEnC,QAAA,IAAI,IAACH,CAA4BI,IAAI,KAAKC,SAAAA,EAAW;YACnD,OAAON,GAAAA,CAAIO,UAAU,CAAC,sCAAA,CAAA;AACxB,QAAA;AACA,QAAA,IAAI,IAACN,CAA4BO,WAAW,KAAKF,SAAAA,EAAW;YAC1D,OAAON,GAAAA,CAAIO,UAAU,CAAC,8CAAA,CAAA;AACxB,QAAA;AAEA,QAAA,MAAME,UAAAA,GAAa;YACjBC,IAAAA,EAAM,OAAA;YACNC,IAAAA,EAAMC,IAAAA,CAAKX,KAAKU,IAAI,CAAA;YACpBE,WAAAA,EAAaD,IAAAA,CAAKX,KAAKY,WAAW,CAAA;AAClCC,YAAAA,gBAAAA,EAAkBb,KAAKa,gBAAgB;AACvCC,YAAAA,QAAAA,EAAUd,KAAKc,QAAQ;AACvBrB,YAAAA,cAAAA,EAAgBM,GAAAA,CAAIgB,KAAK,CAAChC,IAAI,CAACY;AACjC,SAAA;AAEA,QAAA,MAAMqB,+BAAAA,CAAgCR,UAAAA,CAAAA;AAEtC,QAAA,MAAMS,aAAAA,GAAgB,MAAMf,eAAAA,CAAgBgB,MAAM,CAAC;AAAER,YAAAA,IAAAA,EAAMF,WAAWE;AAAK,SAAA,CAAA;AAC3E,QAAA,IAAIO,aAAAA,EAAe;AACjB,YAAA,MAAM,IAAIrC,gBAAAA,CAAiB,oBAAA,CAAA;AAC7B,QAAA;QAEA,MAAMuC,QAAAA,GAAW,MAAMjB,eAAAA,CAAgBJ,MAAM,CAACU,UAAAA,EAAYT,GAAAA,CAAIgB,KAAK,CAAChC,IAAI,CAAA;AACxEgB,QAAAA,GAAAA,CAAIqB,OAAO,CAAC;YAAEC,IAAAA,EAAMF;AAAS,SAAA,CAAA;AAC/B,IAAA,CAAA;;;;AAKA,IAAA,MAAMG,YAAWvB,GAAY,EAAA;AAC3B,QAAA,MAAM,EAAEJ,EAAE,EAAE,GAAGI,IAAIwB,MAAM;AACzB,QAAA,MAAMrB,kBAAkBC,UAAAA,CAAW,iBAAA,CAAA;AAEnC,QAAA,MAAMZ,KAAAA,GAAQ,MAAMW,eAAAA,CAAgBsB,OAAO,CAAC7B,EAAAA,CAAAA;AAC5C,QAAA,IAAI,CAACJ,KAAAA,EAAO;AACVQ,YAAAA,GAAAA,CAAI0B,QAAQ,CAAC,qBAAA,CAAA;AACb,YAAA;AACF,QAAA;AAEA,QAAA,IAAI,CAAC7B,YAAAA,CAAaG,GAAAA,CAAIgB,KAAK,CAAChC,IAAI,EAAEQ,KAAAA,CAAAA,EAAQ;AACxC,YAAA,OAAOQ,IAAI2B,SAAS,EAAA;AACtB,QAAA;AAEA,QAAA,MAAMC,WAAAA,GAAc,MAAMzB,eAAAA,CAAgBoB,UAAU,CAAC3B,EAAAA,CAAAA;AACrDI,QAAAA,GAAAA,CAAIqB,OAAO,CAAC;YAAEC,IAAAA,EAAMM;AAAY,SAAA,CAAA;AAClC,IAAA,CAAA;;;;AAKA,IAAA,MAAMC,MAAK7B,GAAY,EAAA;AACrB,QAAA,MAAMG,kBAAkBC,UAAAA,CAAW,iBAAA,CAAA;QACnC,MAAM0B,SAAAA,GAAY,MAAM3B,eAAAA,CAAgB0B,IAAI,CAAC7B,GAAAA,CAAIgB,KAAK,CAAChC,IAAI,CAAA;AAE3DgB,QAAAA,GAAAA,CAAI+B,IAAI,CAAC;YAAET,IAAAA,EAAMQ;AAAU,SAAA,CAAA;AAC7B,IAAA,CAAA;;;;AAKA,IAAA,MAAME,QAAOhC,GAAY,EAAA;AACvB,QAAA,MAAM,EAAEJ,EAAE,EAAE,GAAGI,IAAIwB,MAAM;AACzB,QAAA,MAAMrB,kBAAkBC,UAAAA,CAAW,iBAAA,CAAA;AAEnC,QAAA,MAAM6B,aAAAA,GAAgB,MAAM9B,eAAAA,CAAgBsB,OAAO,CAAC7B,EAAAA,CAAAA;AACpD,QAAA,IAAIqC,kBAAkB,IAAA,EAAM;YAC1B,OAAOjC,GAAAA,CAAI0B,QAAQ,CAAC,qBAAA,CAAA;AACtB,QAAA;AAEA,QAAA,IAAI5B,oBAAoBE,GAAAA,CAAIgB,KAAK,CAAChC,IAAI,EAAEiD,mBAAmB,KAAA,EAAO;AAChE,YAAA,OAAOjC,IAAI2B,SAAS,EAAA;AACtB,QAAA;AAEA,QAAA,MAAMP,QAAAA,GAAW,MAAMjB,eAAAA,CAAgB6B,MAAM,CAACpC,EAAAA,CAAAA;AAC9CI,QAAAA,GAAAA,CAAIkC,OAAO,CAAC;YAAEZ,IAAAA,EAAMF;AAAS,SAAA,CAAA;AAC/B,IAAA,CAAA;;;;AAKA,IAAA,MAAMe,KAAInC,GAAY,EAAA;AACpB,QAAA,MAAM,EAAEJ,EAAE,EAAE,GAAGI,IAAIwB,MAAM;AACzB,QAAA,MAAMrB,kBAAkBC,UAAAA,CAAW,iBAAA,CAAA;AAEnC,QAAA,MAAMZ,KAAAA,GAAQ,MAAMW,eAAAA,CAAgBsB,OAAO,CAAC7B,EAAAA,CAAAA;AAC5C,QAAA,IAAI,CAACJ,KAAAA,EAAO;AACVQ,YAAAA,GAAAA,CAAI0B,QAAQ,CAAC,qBAAA,CAAA;AACb,YAAA;AACF,QAAA;AAEA,QAAA,IAAI5B,oBAAoBE,GAAAA,CAAIgB,KAAK,CAAChC,IAAI,EAAEQ,WAAW,KAAA,EAAO;AACxDQ,YAAAA,GAAAA,CAAI0B,QAAQ,CAAC,qBAAA,CAAA;AACb,YAAA;AACF,QAAA;AAEA,QAAA,IAAI7B,aAAaG,GAAAA,CAAIgB,KAAK,CAAChC,IAAI,EAAEQ,KAAAA,CAAAA,EAAQ;AACvC,YAAA,MAAM4C,OAAAA,GAAU,MAAMjC,eAAAA,CAAgBsB,OAAO,CAAC7B,EAAAA,EAAI;gBAAEyC,mBAAAA,EAAqB;AAAK,aAAA,CAAA;AAC9ErC,YAAAA,GAAAA,CAAI+B,IAAI,CAAC;AAAET,gBAAAA,IAAAA,EAAMc,OAAAA,IAAW5C;AAAM,aAAA,CAAA;AAClC,YAAA;AACF,QAAA;AAEAQ,QAAAA,GAAAA,CAAI+B,IAAI,CAAC;YAAET,IAAAA,EAAM9B;AAAM,SAAA,CAAA;AACzB,IAAA,CAAA;;;;AAKA,IAAA,MAAM8C,QAAOtC,GAAY,EAAA;AACvB,QAAA,MAAM,EAAEC,IAAI,EAAE,GAAGD,IAAIE,OAAO;AAC5B,QAAA,MAAM,EAAEN,EAAE,EAAE,GAAGI,IAAIwB,MAAM;AACzB,QAAA,MAAMrB,kBAAkBC,UAAAA,CAAW,iBAAA,CAAA;AAEnC,QAAA,MAAMmC,WAAAA,GAActC,IAAAA;QACpB,IAAIuC,GAAAA,CAAI,QAAQD,WAAAA,CAAAA,EAAc;AAC5BA,YAAAA,WAAAA,CAAY5B,IAAI,GAAGC,IAAAA,CAAKX,IAAAA,CAAKU,IAAI,IAAI,EAAA,CAAA;AACvC,QAAA;AACA,QAAA,IAAI6B,IAAI,aAAA,EAAeD,WAAAA,CAAAA,IAAgBA,WAAAA,CAAY1B,WAAW,KAAK,IAAA,EAAM;AACvE0B,YAAAA,WAAAA,CAAY1B,WAAW,GAAGD,IAAAA,CAAKX,IAAAA,CAAKY,WAAW,IAAI,EAAA,CAAA;AACrD,QAAA;AAEA,QAAA,MAAM4B,6BAAAA,CAA8BxC,IAAAA,CAAAA;AAEpC,QAAA,MAAMgC,aAAAA,GAAgB,MAAM9B,eAAAA,CAAgBsB,OAAO,CAAC7B,EAAAA,CAAAA;AACpD,QAAA,IAAI,CAACqC,aAAAA,EAAe;YAClB,OAAOjC,GAAAA,CAAI0B,QAAQ,CAAC,qBAAA,CAAA;AACtB,QAAA;QAEA,IAAIc,GAAAA,CAAI,QAAQvC,IAAAA,CAAAA,EAAO;AACrB,YAAA,MAAMyC,mBAAmB,MAAMvC,eAAAA,CAAgBwC,SAAS,CAAC1C,KAAKU,IAAI,CAAA;YAClE,IAAI+B,gBAAAA,KAAqB,QAAQ,CAACE,OAAAA,CAAQC,OAAO,CAACH,gBAAAA,CAAiB9C,EAAE,EAAEA,EAAAA,CAAAA,EAAK;AAC1E,gBAAA,MAAM,IAAIf,gBAAAA,CAAiB,oBAAA,CAAA;AAC7B,YAAA;AACF,QAAA;AAEA,QAAA,IAAI,CAACiB,mBAAAA,CAAoBE,GAAAA,CAAIgB,KAAK,CAAChC,IAAI,EAAEiD,aAAAA,CAAAA,EAAgB;AACvD,YAAA,OAAOjC,IAAI2B,SAAS,EAAA;AACtB,QAAA;AAEA,QAAA,MAAMP,QAAAA,GAAW,MAAMjB,eAAAA,CAAgBmC,MAAM,CAAC1C,EAAAA,EAAIK,IAAAA,CAAAA;AAClDD,QAAAA,GAAAA,CAAI+B,IAAI,CAAC;YAAET,IAAAA,EAAMF;AAAS,SAAA,CAAA;AAC5B,IAAA,CAAA;;;;AAKA,IAAA,MAAM0B,qBAAoB9C,GAAY,EAAA;AACpC,QAAA,MAAM,EAAEJ,EAAE,EAAE,GAAGI,IAAIwB,MAAM;AACzB,QAAA,MAAMrB,kBAAkBC,UAAAA,CAAW,iBAAA,CAAA;AACnC,QAAA,MAAM2C,oBAAoB3C,UAAAA,CAAW,YAAA,CAAA;AACrC,QAAA,MAAM4C,cAAc5C,UAAAA,CAAW,MAAA,CAAA;AAE/B,QAAA,MAAMZ,KAAAA,GAAQ,MAAMW,eAAAA,CAAgBsB,OAAO,CAAC7B,EAAAA,CAAAA;AAC5C,QAAA,IAAI,CAACJ,KAAAA,EAAO;YACV,OAAOQ,GAAAA,CAAI0B,QAAQ,CAAC,mBAAA,CAAA;AACtB,QAAA;AAEA,QAAA,IAAI,CAAC5B,mBAAAA,CAAoBE,GAAAA,CAAIgB,KAAK,CAAChC,IAAI,EAAEQ,KAAAA,CAAAA,EAAQ;AAC/C,YAAA,OAAOQ,IAAI2B,SAAS,EAAA;AACtB,QAAA;AAEA,QAAA,MAAMsB,UAAU1D,UAAAA,CAAWC,KAAAA,CAAAA;AAC3B,QAAA,MAAM0D,SAAAA,GAAY,MAAMF,WAAAA,CAAYG,OAAO,CAACF,OAAAA,CAAAA;AAC5C,QAAA,IAAI,CAACC,SAAAA,EAAW;YACd,OAAOlD,GAAAA,CAAI0B,QAAQ,CAAC,gBAAA,CAAA;AACtB,QAAA;AAEA,QAAA,MAAM0B,gBAAAA,GAAmB,MAAML,iBAAAA,CAAkBM,mBAAmB,CAACH,SAAAA,CAAAA;AACrE,QAAA,MAAMI,oBAAAA,GAAuBF,gBAAAA,CAAiBG,GAAG,CAACR,kBAAkBS,kBAAkB,CAAA;;AAGtFxD,QAAAA,GAAAA,CAAIC,IAAI,GAAG;YAAEqB,IAAAA,EAAMgC;AAAqB,SAAA;AAC1C,IAAA;AACF,CAAA;;;;"}

package/dist/server/server/src/controllers/api-token.js CHANGED Viewed

@@ -7,14 +7,14 @@ var apiTokens = require('../validation/api-tokens.js');
 const { ApplicationError } = utils.errors;
 var apiToken = {
+    // -------------------------------------------------------------------------
+    // Create
+    // -------------------------------------------------------------------------
     async create (ctx) {
         const { body } = ctx.request;
-        const apiTokenService = index.getService('api-token');
-        /**
-     * We trim both field to avoid having issues with either:
-     * - having a space at the end or start of the value.
-     * - having only spaces as value;
-     */ const attributes = {
+        const apiTokenService = index.getService('api-token-content-api');
+        const attributes = {
+            kind: 'content-api',
             name: fp.trim(body.name),
             description: fp.trim(body.description),
             type: body.type,
@@ -28,16 +28,19 @@ var apiToken = {
         if (alreadyExists) {
             throw new ApplicationError('Name already taken');
         }
-        const apiToken = await apiTokenService.create(attributes);
+        const apiToken = await apiTokenService.create(attributes, ctx.state.user);
         ctx.created({
             data: apiToken
         });
     },
+    // -------------------------------------------------------------------------
+    // Regenerate
+    // -------------------------------------------------------------------------
     async regenerate (ctx) {
         const { id } = ctx.params;
-        const apiTokenService = index.getService('api-token');
-        const apiTokenExists = await apiTokenService.getById(id);
-        if (!apiTokenExists) {
+        const apiTokenService = index.getService('api-token-content-api');
+        const token = await apiTokenService.getById(id);
+        if (!token) {
             ctx.notFound('API Token not found');
             return;
         }
@@ -46,76 +49,74 @@ var apiToken = {
             data: accessToken
         });
     },
+    // -------------------------------------------------------------------------
+    // List — always content-api
+    // -------------------------------------------------------------------------
     async list (ctx) {
-        const apiTokenService = index.getService('api-token');
-        const apiTokens = await apiTokenService.list();
+        const apiTokenService = index.getService('api-token-content-api');
+        const apiTokens = await apiTokenService.list(ctx.state.user);
         ctx.send({
             data: apiTokens
         });
     },
+    // -------------------------------------------------------------------------
+    // Revoke
+    // -------------------------------------------------------------------------
     async revoke (ctx) {
         const { id } = ctx.params;
-        const apiTokenService = index.getService('api-token');
+        const apiTokenService = index.getService('api-token-content-api');
         const apiToken = await apiTokenService.revoke(id);
         ctx.deleted({
             data: apiToken
         });
     },
+    // -------------------------------------------------------------------------
+    // Get — always expose the decrypted key (content-api back-compat)
+    // -------------------------------------------------------------------------
     async get (ctx) {
         const { id } = ctx.params;
-        const apiTokenService = index.getService('api-token');
-        const apiToken = await apiTokenService.getById(id);
-        if (!apiToken) {
+        const apiTokenService = index.getService('api-token-content-api');
+        const token = await apiTokenService.getById(id);
+        if (!token) {
             ctx.notFound('API Token not found');
             return;
         }
+        const withKey = await apiTokenService.getById(id, {
+            includeDecryptedKey: true
+        });
         ctx.send({
-            data: apiToken
+            data: withKey ?? token
         });
     },
+    // -------------------------------------------------------------------------
+    // Update
+    // -------------------------------------------------------------------------
     async update (ctx) {
         const { body } = ctx.request;
         const { id } = ctx.params;
-        const apiTokenService = index.getService('api-token');
-        const attributes = body;
-        /**
-     * We trim both field to avoid having issues with either:
-     * - having a space at the end or start of the value.
-     * - having only spaces as value;
-     */ if (fp.has('name', attributes)) {
-            attributes.name = fp.trim(body.name);
+        const apiTokenService = index.getService('api-token-content-api');
+        const mutableBody = body;
+        if (fp.has('name', mutableBody)) {
+            mutableBody.name = fp.trim(body.name ?? '');
         }
-        if (fp.has('description', attributes) || attributes.description === null) {
-            attributes.description = fp.trim(body.description);
+        if (fp.has('description', mutableBody) || mutableBody.description === null) {
+            mutableBody.description = fp.trim(body.description ?? '');
         }
-        await apiTokens.validateApiTokenUpdateInput(attributes);
-        const apiTokenExists = await apiTokenService.getById(id);
-        if (!apiTokenExists) {
+        await apiTokens.validateApiTokenUpdateInput(body);
+        const existingToken = await apiTokenService.getById(id);
+        if (!existingToken) {
             return ctx.notFound('API Token not found');
         }
-        if (fp.has('name', attributes)) {
-            const nameAlreadyTaken = await apiTokenService.getByName(attributes.name);
-            /**
-       * We cast the ids as string as the one coming from the ctx isn't cast
-       * as a Number in case it is supposed to be an integer. It remains
-       * as a string. This way we avoid issues with integers in the db.
-       */ if (!!nameAlreadyTaken && !utils.strings.isEqual(nameAlreadyTaken.id, id)) {
+        if (fp.has('name', body)) {
+            const nameAlreadyTaken = await apiTokenService.getByName(body.name);
+            if (nameAlreadyTaken !== null && !utils.strings.isEqual(nameAlreadyTaken.id, id)) {
                 throw new ApplicationError('Name already taken');
             }
         }
-        const apiToken = await apiTokenService.update(id, attributes);
+        const apiToken = await apiTokenService.update(id, body);
         ctx.send({
             data: apiToken
         });
-    },
-    async getLayout (ctx) {
-        const apiTokenService = index.getService('api-token');
-        // TODO
-        // @ts-expect-error remove this controller if not used
-        const layout = await apiTokenService.getApiTokenLayout();
-        ctx.send({
-            data: layout
-        });
     }
 };