npm - @strapi/admin - Versions diffs - 5.44.0 → 5.45.0 - Mend

@strapi/admin 5.44.0 → 5.45.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (334) hide show

package/dist/server/server/src/content-types/User.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"User.mjs","sources":["../../../../../server/src/content-types/User.ts"],"sourcesContent":["export default {\n collectionName: 'admin_users',\n info: {\n name: 'User',\n description: '',\n singularName: 'user',\n pluralName: 'users',\n displayName: 'User',\n },\n pluginOptions: {\n 'content-manager': {\n visible: false,\n },\n 'content-type-builder': {\n visible: false,\n },\n },\n attributes: {\n firstname: {\n type: 'string',\n unique: false,\n minLength: 1,\n configurable: false,\n required: false,\n },\n lastname: {\n type: 'string',\n unique: false,\n minLength: 1,\n configurable: false,\n required: false,\n },\n username: {\n type: 'string',\n unique: false,\n configurable: false,\n required: false,\n },\n email: {\n type: 'email',\n minLength: 6,\n configurable: false,\n required: true,\n unique: true,\n private: true,\n },\n password: {\n type: 'password',\n minLength: 6,\n configurable: false,\n required: false,\n private: true,\n searchable: false,\n },\n resetPasswordToken: {\n type: 'string',\n configurable: false,\n private: true,\n searchable: false,\n },\n registrationToken: {\n type: 'string',\n configurable: false,\n private: true,\n searchable: false,\n },\n isActive: {\n type: 'boolean',\n default: false,\n configurable: false,\n private: true,\n },\n roles: {\n configurable: false,\n private: true,\n type: 'relation',\n relation: 'manyToMany',\n inversedBy: 'users',\n target: 'admin::role',\n // FIXME: Allow setting this\n collectionName: 'strapi_users_roles',\n },\n blocked: {\n type: 'boolean',\n default: false,\n configurable: false,\n private: true,\n },\n preferedLanguage: {\n type: 'string',\n configurable: false,\n required: false,\n searchable: false,\n },\n },\n config: {\n attributes: {\n resetPasswordToken: {\n hidden: true,\n },\n registrationToken: {\n hidden: true,\n },\n },\n },\n};\n"],"names":["collectionName","info","name","description","singularName","pluralName","displayName","pluginOptions","visible","attributes","firstname","type","unique","minLength","configurable","required","lastname","username","email","private","password","searchable","resetPasswordToken","registrationToken","isActive","default","roles","relation","inversedBy","target","blocked","preferedLanguage","config","hidden"],"mappings":"AAAA,WAAe;IACbA,cAAAA,EAAgB,aAAA;IAChBC,IAAAA,EAAM;QACJC,IAAAA,EAAM,MAAA;QACNC,WAAAA,EAAa,EAAA;QACbC,YAAAA,EAAc,MAAA;QACdC,UAAAA,EAAY,OAAA;QACZC,WAAAA,EAAa;AACf,KAAA;IACAC,aAAAA,EAAe;QACb,iBAAA,EAAmB;YACjBC,OAAAA,EAAS;AACX,SAAA;QACA,sBAAA,EAAwB;YACtBA,OAAAA,EAAS;AACX;AACF,KAAA;IACAC,UAAAA,EAAY;QACVC,SAAAA,EAAW;YACTC,IAAAA,EAAM,QAAA;YACNC,MAAAA,EAAQ,KAAA;YACRC,SAAAA,EAAW,CAAA;YACXC,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU;AACZ,SAAA;QACAC,QAAAA,EAAU;YACRL,IAAAA,EAAM,QAAA;YACNC,MAAAA,EAAQ,KAAA;YACRC,SAAAA,EAAW,CAAA;YACXC,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU;AACZ,SAAA;QACAE,QAAAA,EAAU;YACRN,IAAAA,EAAM,QAAA;YACNC,MAAAA,EAAQ,KAAA;YACRE,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU;AACZ,SAAA;QACAG,KAAAA,EAAO;YACLP,IAAAA,EAAM,OAAA;YACNE,SAAAA,EAAW,CAAA;YACXC,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU,IAAA;YACVH,MAAAA,EAAQ,IAAA;YACRO,OAAAA,EAAS;AACX,SAAA;QACAC,QAAAA,EAAU;YACRT,IAAAA,EAAM,UAAA;YACNE,SAAAA,EAAW,CAAA;YACXC,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU,KAAA;YACVI,OAAAA,EAAS,IAAA;YACTE,UAAAA,EAAY;AACd,SAAA;QACAC,kBAAAA,EAAoB;YAClBX,IAAAA,EAAM,QAAA;YACNG,YAAAA,EAAc,KAAA;YACdK,OAAAA,EAAS,IAAA;YACTE,UAAAA,EAAY;AACd,SAAA;QACAE,iBAAAA,EAAmB;YACjBZ,IAAAA,EAAM,QAAA;YACNG,YAAAA,EAAc,KAAA;YACdK,OAAAA,EAAS,IAAA;YACTE,UAAAA,EAAY;AACd,SAAA;QACAG,QAAAA,EAAU;YACRb,IAAAA,EAAM,SAAA;YACNc,OAAAA,EAAS,KAAA;YACTX,YAAAA,EAAc,KAAA;YACdK,OAAAA,EAAS;AACX,SAAA;QACAO,KAAAA,EAAO;YACLZ,YAAAA,EAAc,KAAA;YACdK,OAAAA,EAAS,IAAA;YACTR,IAAAA,EAAM,UAAA;YACNgB,QAAAA,EAAU,YAAA;YACVC,UAAAA,EAAY,OAAA;YACZC,MAAAA,EAAQ,aAAA;;YAER7B,cAAAA,EAAgB;AAClB,SAAA;QACA8B,OAAAA,EAAS;~~YACPnB~~,IAAAA,EAAM,SAAA;YACNc,OAAAA,EAAS,KAAA;YACTX,YAAAA,EAAc,KAAA;YACdK,OAAAA,EAAS;AACX,SAAA;~~QACAY~~,gBAAAA,EAAkB;~~YAChBpB~~,IAAAA,EAAM,QAAA;YACNG,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU,KAAA;YACVM,UAAAA,EAAY;AACd;AACF,KAAA;~~IACAW~~,MAAAA,EAAQ;~~QACNvB~~,UAAAA,EAAY;YACVa,kBAAAA,EAAoB;~~gBAClBW~~,MAAAA,EAAQ;AACV,aAAA;~~YACAV~~,iBAAAA,EAAmB;~~gBACjBU~~,MAAAA,EAAQ;AACV;AACF;AACF;AACF,CAAA;;;;"}
1	+ {"version":3,"file":"User.mjs","sources":["../../../../../server/src/content-types/User.ts"],"sourcesContent":["export default {\n collectionName: 'admin_users',\n info: {\n name: 'User',\n description: '',\n singularName: 'user',\n pluralName: 'users',\n displayName: 'User',\n },\n pluginOptions: {\n 'content-manager': {\n visible: false,\n },\n 'content-type-builder': {\n visible: false,\n },\n },\n attributes: {\n firstname: {\n type: 'string',\n unique: false,\n minLength: 1,\n configurable: false,\n required: false,\n },\n lastname: {\n type: 'string',\n unique: false,\n minLength: 1,\n configurable: false,\n required: false,\n },\n username: {\n type: 'string',\n unique: false,\n configurable: false,\n required: false,\n },\n email: {\n type: 'email',\n minLength: 6,\n configurable: false,\n required: true,\n unique: true,\n private: true,\n },\n password: {\n type: 'password',\n minLength: 6,\n configurable: false,\n required: false,\n private: true,\n searchable: false,\n },\n resetPasswordToken: {\n type: 'string',\n configurable: false,\n private: true,\n searchable: false,\n },\n registrationToken: {\n type: 'string',\n configurable: false,\n private: true,\n searchable: false,\n },\n isActive: {\n type: 'boolean',\n default: false,\n configurable: false,\n private: true,\n },\n roles: {\n configurable: false,\n private: true,\n type: 'relation',\n relation: 'manyToMany',\n inversedBy: 'users',\n target: 'admin::role',\n // FIXME: Allow setting this\n collectionName: 'strapi_users_roles',\n },\n apiTokens: {\n configurable: false,\n private: true,\n type: 'relation',\n relation: 'oneToMany',\n mappedBy: 'adminUserOwner',\n target: 'admin::api-token',\n },\n blocked: {\n type: 'boolean',\n default: false,\n configurable: false,\n private: true,\n },\n preferedLanguage: {\n type: 'string',\n configurable: false,\n required: false,\n searchable: false,\n },\n },\n config: {\n attributes: {\n resetPasswordToken: {\n hidden: true,\n },\n registrationToken: {\n hidden: true,\n },\n },\n },\n};\n"],"names":["collectionName","info","name","description","singularName","pluralName","displayName","pluginOptions","visible","attributes","firstname","type","unique","minLength","configurable","required","lastname","username","email","private","password","searchable","resetPasswordToken","registrationToken","isActive","default","roles","relation","inversedBy","target","apiTokens","mappedBy","blocked","preferedLanguage","config","hidden"],"mappings":"AAAA,WAAe;IACbA,cAAAA,EAAgB,aAAA;IAChBC,IAAAA,EAAM;QACJC,IAAAA,EAAM,MAAA;QACNC,WAAAA,EAAa,EAAA;QACbC,YAAAA,EAAc,MAAA;QACdC,UAAAA,EAAY,OAAA;QACZC,WAAAA,EAAa;AACf,KAAA;IACAC,aAAAA,EAAe;QACb,iBAAA,EAAmB;YACjBC,OAAAA,EAAS;AACX,SAAA;QACA,sBAAA,EAAwB;YACtBA,OAAAA,EAAS;AACX;AACF,KAAA;IACAC,UAAAA,EAAY;QACVC,SAAAA,EAAW;YACTC,IAAAA,EAAM,QAAA;YACNC,MAAAA,EAAQ,KAAA;YACRC,SAAAA,EAAW,CAAA;YACXC,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU;AACZ,SAAA;QACAC,QAAAA,EAAU;YACRL,IAAAA,EAAM,QAAA;YACNC,MAAAA,EAAQ,KAAA;YACRC,SAAAA,EAAW,CAAA;YACXC,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU;AACZ,SAAA;QACAE,QAAAA,EAAU;YACRN,IAAAA,EAAM,QAAA;YACNC,MAAAA,EAAQ,KAAA;YACRE,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU;AACZ,SAAA;QACAG,KAAAA,EAAO;YACLP,IAAAA,EAAM,OAAA;YACNE,SAAAA,EAAW,CAAA;YACXC,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU,IAAA;YACVH,MAAAA,EAAQ,IAAA;YACRO,OAAAA,EAAS;AACX,SAAA;QACAC,QAAAA,EAAU;YACRT,IAAAA,EAAM,UAAA;YACNE,SAAAA,EAAW,CAAA;YACXC,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU,KAAA;YACVI,OAAAA,EAAS,IAAA;YACTE,UAAAA,EAAY;AACd,SAAA;QACAC,kBAAAA,EAAoB;YAClBX,IAAAA,EAAM,QAAA;YACNG,YAAAA,EAAc,KAAA;YACdK,OAAAA,EAAS,IAAA;YACTE,UAAAA,EAAY;AACd,SAAA;QACAE,iBAAAA,EAAmB;YACjBZ,IAAAA,EAAM,QAAA;YACNG,YAAAA,EAAc,KAAA;YACdK,OAAAA,EAAS,IAAA;YACTE,UAAAA,EAAY;AACd,SAAA;QACAG,QAAAA,EAAU;YACRb,IAAAA,EAAM,SAAA;YACNc,OAAAA,EAAS,KAAA;YACTX,YAAAA,EAAc,KAAA;YACdK,OAAAA,EAAS;AACX,SAAA;QACAO,KAAAA,EAAO;YACLZ,YAAAA,EAAc,KAAA;YACdK,OAAAA,EAAS,IAAA;YACTR,IAAAA,EAAM,UAAA;YACNgB,QAAAA,EAAU,YAAA;YACVC,UAAAA,EAAY,OAAA;YACZC,MAAAA,EAAQ,aAAA;;YAER7B,cAAAA,EAAgB;AAClB,SAAA;QACA8B,SAAAA,EAAW;YACThB,YAAAA,EAAc,KAAA;YACdK,OAAAA,EAAS,IAAA;YACTR,IAAAA,EAAM,UAAA;YACNgB,QAAAA,EAAU,WAAA;YACVI,QAAAA,EAAU,gBAAA;YACVF,MAAAA,EAAQ;AACV,SAAA;QACAG,OAAAA,EAAS;YACPrB,IAAAA,EAAM,SAAA;YACNc,OAAAA,EAAS,KAAA;YACTX,YAAAA,EAAc,KAAA;YACdK,OAAAA,EAAS;AACX,SAAA;QACAc,gBAAAA,EAAkB;YAChBtB,IAAAA,EAAM,QAAA;YACNG,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU,KAAA;YACVM,UAAAA,EAAY;AACd;AACF,KAAA;IACAa,MAAAA,EAAQ;QACNzB,UAAAA,EAAY;YACVa,kBAAAA,EAAoB;gBAClBa,MAAAA,EAAQ;AACV,aAAA;YACAZ,iBAAAA,EAAmB;gBACjBY,MAAAA,EAAQ;AACV;AACF;AACF;AACF,CAAA;;;;"}

package/dist/server/server/src/content-types/api-token.js CHANGED Viewed

@@ -35,11 +35,21 @@ var apiToken = {
             required: false,
             default: ''
         },
+        kind: {
+            type: 'enumeration',
+            enum: [
+                'content-api',
+                'admin'
+            ],
+            configurable: false,
+            required: true,
+            default: 'content-api'
+        },
         type: {
             type: 'enumeration',
             enum: Object.values(constants.API_TOKEN_TYPE),
             configurable: false,
-            required: true,
+            required: false,
             default: constants.API_TOKEN_TYPE.READ_ONLY
         },
         accessKey: {
@@ -69,6 +79,22 @@ var apiToken = {
             configurable: false,
             required: false
         },
+        adminPermissions: {
+            type: 'relation',
+            target: 'admin::permission',
+            relation: 'oneToMany',
+            mappedBy: 'apiToken',
+            configurable: false,
+            required: false
+        },
+        adminUserOwner: {
+            type: 'relation',
+            target: 'admin::user',
+            relation: 'manyToOne',
+            inversedBy: 'apiTokens',
+            configurable: false,
+            required: false
+        },
         expiresAt: {
             type: 'datetime',
             configurable: false,

package/dist/server/server/src/content-types/api-token.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"api-token.js","sources":["../../../../../server/src/content-types/api-token.ts"],"sourcesContent":["import constants from '../services/constants';\n\nexport default {\n collectionName: 'strapi_api_tokens',\n info: {\n name: 'Api Token',\n singularName: 'api-token',\n pluralName: 'api-tokens',\n displayName: 'Api Token',\n description: '',\n },\n options: {},\n pluginOptions: {\n 'content-manager': {\n visible: false,\n },\n 'content-type-builder': {\n visible: false,\n },\n },\n attributes: {\n name: {\n type: 'string',\n minLength: 1,\n configurable: false,\n required: true,\n unique: true,\n },\n description: {\n type: 'string',\n minLength: 1,\n configurable: false,\n required: false,\n default: '',\n },\n type: {\n type: 'enumeration',\n enum: Object.values(constants.API_TOKEN_TYPE),\n configurable: false,\n required: ~~true~~,\n default: constants.API_TOKEN_TYPE.READ_ONLY,\n },\n accessKey: {\n type: 'string',\n minLength: 1,\n configurable: false,\n required: true,\n searchable: false,\n },\n encryptedKey: {\n type: 'text',\n minLength: 1,\n configurable: false,\n required: false,\n searchable: false,\n },\n lastUsedAt: {\n type: 'datetime',\n configurable: false,\n required: false,\n },\n permissions: {\n type: 'relation',\n target: 'admin::api-token-permission',\n relation: 'oneToMany',\n mappedBy: 'token',\n configurable: false,\n required: false,\n },\n expiresAt: {\n type: 'datetime',\n configurable: false,\n required: false,\n },\n lifespan: {\n type: 'biginteger',\n configurable: false,\n required: false,\n },\n },\n};\n"],"names":["collectionName","info","name","singularName","pluralName","displayName","description","options","pluginOptions","visible","attributes","type","minLength","configurable","required","unique","default","enum","Object","values","constants","API_TOKEN_TYPE","READ_ONLY","accessKey","searchable","encryptedKey","lastUsedAt","permissions","target","relation","mappedBy","expiresAt","lifespan"],"mappings":";;;;AAEA,eAAe;IACbA,cAAAA,EAAgB,mBAAA;IAChBC,IAAAA,EAAM;QACJC,IAAAA,EAAM,WAAA;QACNC,YAAAA,EAAc,WAAA;QACdC,UAAAA,EAAY,YAAA;QACZC,WAAAA,EAAa,WAAA;QACbC,WAAAA,EAAa;AACf,KAAA;AACAC,IAAAA,OAAAA,EAAS,EAAC;IACVC,aAAAA,EAAe;QACb,iBAAA,EAAmB;YACjBC,OAAAA,EAAS;AACX,SAAA;QACA,sBAAA,EAAwB;YACtBA,OAAAA,EAAS;AACX;AACF,KAAA;IACAC,UAAAA,EAAY;QACVR,IAAAA,EAAM;YACJS,IAAAA,EAAM,QAAA;YACNC,SAAAA,EAAW,CAAA;YACXC,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU,IAAA;YACVC,MAAAA,EAAQ;AACV,SAAA;QACAT,WAAAA,EAAa;YACXK,IAAAA,EAAM,QAAA;YACNC,SAAAA,EAAW,CAAA;YACXC,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU,KAAA;YACVE,OAAAA,EAAS;AACX,SAAA;QACAL,IAAAA,EAAM;YACJA,IAAAA,EAAM,aAAA;~~AACNM~~,YAAAA,IAAAA,EAAMC,MAAAA,CAAOC,MAAM,CAACC,SAAAA,CAAUC,cAAc,CAAA;~~YAC5CR~~,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU,~~IAAA~~;YACVE,OAAAA,~~EAASI~~,SAAAA,CAAUC,cAAc,CAACC;AACpC,SAAA;QACAC,SAAAA,EAAW;~~YACTZ~~,IAAAA,EAAM,QAAA;YACNC,SAAAA,EAAW,CAAA;YACXC,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU,IAAA;~~YACVU~~,UAAAA,EAAY;AACd,SAAA;QACAC,YAAAA,EAAc;~~YACZd~~,IAAAA,EAAM,MAAA;YACNC,SAAAA,EAAW,CAAA;YACXC,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU,KAAA;~~YACVU~~,UAAAA,EAAY;AACd,SAAA;QACAE,UAAAA,EAAY;~~YACVf~~,IAAAA,EAAM,UAAA;YACNE,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU;AACZ,SAAA;~~QACAa~~,WAAAA,EAAa;~~YACXhB~~,IAAAA,EAAM,UAAA;~~YACNiB~~,MAAAA,EAAQ,6BAAA;YACRC,QAAAA,EAAU,WAAA;YACVC,QAAAA,EAAU,OAAA;~~YACVjB~~,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU;AACZ,SAAA;~~QACAiB~~,SAAAA,EAAW;~~YACTpB~~,IAAAA,EAAM,UAAA;YACNE,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU;AACZ,SAAA;~~QACAkB~~,QAAAA,EAAU;~~YACRrB~~,IAAAA,EAAM,YAAA;YACNE,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU;AACZ;AACF;AACF,CAAA;;;;"}
1	+ {"version":3,"file":"api-token.js","sources":["../../../../../server/src/content-types/api-token.ts"],"sourcesContent":["import constants from '../services/constants';\n\nexport default {\n collectionName: 'strapi_api_tokens',\n info: {\n name: 'Api Token',\n singularName: 'api-token',\n pluralName: 'api-tokens',\n displayName: 'Api Token',\n description: '',\n },\n options: {},\n pluginOptions: {\n 'content-manager': {\n visible: false,\n },\n 'content-type-builder': {\n visible: false,\n },\n },\n attributes: {\n name: {\n type: 'string',\n minLength: 1,\n configurable: false,\n required: true,\n unique: true,\n },\n description: {\n type: 'string',\n minLength: 1,\n configurable: false,\n required: false,\n default: '',\n },\n kind: {\n type: 'enumeration',\n enum: ['content-api', 'admin'],\n configurable: false,\n required: true,\n default: 'content-api',\n },\n type: {\n type: 'enumeration',\n enum: Object.values(constants.API_TOKEN_TYPE),\n configurable: false,\n required: false,\n default: constants.API_TOKEN_TYPE.READ_ONLY,\n },\n accessKey: {\n type: 'string',\n minLength: 1,\n configurable: false,\n required: true,\n searchable: false,\n },\n encryptedKey: {\n type: 'text',\n minLength: 1,\n configurable: false,\n required: false,\n searchable: false,\n },\n lastUsedAt: {\n type: 'datetime',\n configurable: false,\n required: false,\n },\n permissions: {\n type: 'relation',\n target: 'admin::api-token-permission',\n relation: 'oneToMany',\n mappedBy: 'token',\n configurable: false,\n required: false,\n },\n adminPermissions: {\n type: 'relation',\n target: 'admin::permission',\n relation: 'oneToMany',\n mappedBy: 'apiToken',\n configurable: false,\n required: false,\n },\n adminUserOwner: {\n type: 'relation',\n target: 'admin::user',\n relation: 'manyToOne',\n inversedBy: 'apiTokens',\n configurable: false,\n required: false,\n },\n expiresAt: {\n type: 'datetime',\n configurable: false,\n required: false,\n },\n lifespan: {\n type: 'biginteger',\n configurable: false,\n required: false,\n },\n },\n};\n"],"names":["collectionName","info","name","singularName","pluralName","displayName","description","options","pluginOptions","visible","attributes","type","minLength","configurable","required","unique","default","kind","enum","Object","values","constants","API_TOKEN_TYPE","READ_ONLY","accessKey","searchable","encryptedKey","lastUsedAt","permissions","target","relation","mappedBy","adminPermissions","adminUserOwner","inversedBy","expiresAt","lifespan"],"mappings":";;;;AAEA,eAAe;IACbA,cAAAA,EAAgB,mBAAA;IAChBC,IAAAA,EAAM;QACJC,IAAAA,EAAM,WAAA;QACNC,YAAAA,EAAc,WAAA;QACdC,UAAAA,EAAY,YAAA;QACZC,WAAAA,EAAa,WAAA;QACbC,WAAAA,EAAa;AACf,KAAA;AACAC,IAAAA,OAAAA,EAAS,EAAC;IACVC,aAAAA,EAAe;QACb,iBAAA,EAAmB;YACjBC,OAAAA,EAAS;AACX,SAAA;QACA,sBAAA,EAAwB;YACtBA,OAAAA,EAAS;AACX;AACF,KAAA;IACAC,UAAAA,EAAY;QACVR,IAAAA,EAAM;YACJS,IAAAA,EAAM,QAAA;YACNC,SAAAA,EAAW,CAAA;YACXC,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU,IAAA;YACVC,MAAAA,EAAQ;AACV,SAAA;QACAT,WAAAA,EAAa;YACXK,IAAAA,EAAM,QAAA;YACNC,SAAAA,EAAW,CAAA;YACXC,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU,KAAA;YACVE,OAAAA,EAAS;AACX,SAAA;QACAC,IAAAA,EAAM;YACJN,IAAAA,EAAM,aAAA;YACNO,IAAAA,EAAM;AAAC,gBAAA,aAAA;AAAe,gBAAA;AAAQ,aAAA;YAC9BL,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU,IAAA;YACVE,OAAAA,EAAS;AACX,SAAA;QACAL,IAAAA,EAAM;YACJA,IAAAA,EAAM,aAAA;AACNO,YAAAA,IAAAA,EAAMC,MAAAA,CAAOC,MAAM,CAACC,SAAAA,CAAUC,cAAc,CAAA;YAC5CT,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU,KAAA;YACVE,OAAAA,EAASK,SAAAA,CAAUC,cAAc,CAACC;AACpC,SAAA;QACAC,SAAAA,EAAW;YACTb,IAAAA,EAAM,QAAA;YACNC,SAAAA,EAAW,CAAA;YACXC,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU,IAAA;YACVW,UAAAA,EAAY;AACd,SAAA;QACAC,YAAAA,EAAc;YACZf,IAAAA,EAAM,MAAA;YACNC,SAAAA,EAAW,CAAA;YACXC,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU,KAAA;YACVW,UAAAA,EAAY;AACd,SAAA;QACAE,UAAAA,EAAY;YACVhB,IAAAA,EAAM,UAAA;YACNE,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU;AACZ,SAAA;QACAc,WAAAA,EAAa;YACXjB,IAAAA,EAAM,UAAA;YACNkB,MAAAA,EAAQ,6BAAA;YACRC,QAAAA,EAAU,WAAA;YACVC,QAAAA,EAAU,OAAA;YACVlB,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU;AACZ,SAAA;QACAkB,gBAAAA,EAAkB;YAChBrB,IAAAA,EAAM,UAAA;YACNkB,MAAAA,EAAQ,mBAAA;YACRC,QAAAA,EAAU,WAAA;YACVC,QAAAA,EAAU,UAAA;YACVlB,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU;AACZ,SAAA;QACAmB,cAAAA,EAAgB;YACdtB,IAAAA,EAAM,UAAA;YACNkB,MAAAA,EAAQ,aAAA;YACRC,QAAAA,EAAU,WAAA;YACVI,UAAAA,EAAY,WAAA;YACZrB,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU;AACZ,SAAA;QACAqB,SAAAA,EAAW;YACTxB,IAAAA,EAAM,UAAA;YACNE,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU;AACZ,SAAA;QACAsB,QAAAA,EAAU;YACRzB,IAAAA,EAAM,YAAA;YACNE,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU;AACZ;AACF;AACF,CAAA;;;;"}

package/dist/server/server/src/content-types/api-token.mjs CHANGED Viewed

@@ -33,11 +33,21 @@ var apiToken = {
             required: false,
             default: ''
         },
+        kind: {
+            type: 'enumeration',
+            enum: [
+                'content-api',
+                'admin'
+            ],
+            configurable: false,
+            required: true,
+            default: 'content-api'
+        },
         type: {
             type: 'enumeration',
             enum: Object.values(constants.API_TOKEN_TYPE),
             configurable: false,
-            required: true,
+            required: false,
             default: constants.API_TOKEN_TYPE.READ_ONLY
         },
         accessKey: {
@@ -67,6 +77,22 @@ var apiToken = {
             configurable: false,
             required: false
         },
+        adminPermissions: {
+            type: 'relation',
+            target: 'admin::permission',
+            relation: 'oneToMany',
+            mappedBy: 'apiToken',
+            configurable: false,
+            required: false
+        },
+        adminUserOwner: {
+            type: 'relation',
+            target: 'admin::user',
+            relation: 'manyToOne',
+            inversedBy: 'apiTokens',
+            configurable: false,
+            required: false
+        },
         expiresAt: {
             type: 'datetime',
             configurable: false,

package/dist/server/server/src/content-types/api-token.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"api-token.mjs","sources":["../../../../../server/src/content-types/api-token.ts"],"sourcesContent":["import constants from '../services/constants';\n\nexport default {\n collectionName: 'strapi_api_tokens',\n info: {\n name: 'Api Token',\n singularName: 'api-token',\n pluralName: 'api-tokens',\n displayName: 'Api Token',\n description: '',\n },\n options: {},\n pluginOptions: {\n 'content-manager': {\n visible: false,\n },\n 'content-type-builder': {\n visible: false,\n },\n },\n attributes: {\n name: {\n type: 'string',\n minLength: 1,\n configurable: false,\n required: true,\n unique: true,\n },\n description: {\n type: 'string',\n minLength: 1,\n configurable: false,\n required: false,\n default: '',\n },\n type: {\n type: 'enumeration',\n enum: Object.values(constants.API_TOKEN_TYPE),\n configurable: false,\n required: ~~true~~,\n default: constants.API_TOKEN_TYPE.READ_ONLY,\n },\n accessKey: {\n type: 'string',\n minLength: 1,\n configurable: false,\n required: true,\n searchable: false,\n },\n encryptedKey: {\n type: 'text',\n minLength: 1,\n configurable: false,\n required: false,\n searchable: false,\n },\n lastUsedAt: {\n type: 'datetime',\n configurable: false,\n required: false,\n },\n permissions: {\n type: 'relation',\n target: 'admin::api-token-permission',\n relation: 'oneToMany',\n mappedBy: 'token',\n configurable: false,\n required: false,\n },\n expiresAt: {\n type: 'datetime',\n configurable: false,\n required: false,\n },\n lifespan: {\n type: 'biginteger',\n configurable: false,\n required: false,\n },\n },\n};\n"],"names":["collectionName","info","name","singularName","pluralName","displayName","description","options","pluginOptions","visible","attributes","type","minLength","configurable","required","unique","default","enum","Object","values","constants","API_TOKEN_TYPE","READ_ONLY","accessKey","searchable","encryptedKey","lastUsedAt","permissions","target","relation","mappedBy","expiresAt","lifespan"],"mappings":";;AAEA,eAAe;IACbA,cAAAA,EAAgB,mBAAA;IAChBC,IAAAA,EAAM;QACJC,IAAAA,EAAM,WAAA;QACNC,YAAAA,EAAc,WAAA;QACdC,UAAAA,EAAY,YAAA;QACZC,WAAAA,EAAa,WAAA;QACbC,WAAAA,EAAa;AACf,KAAA;AACAC,IAAAA,OAAAA,EAAS,EAAC;IACVC,aAAAA,EAAe;QACb,iBAAA,EAAmB;YACjBC,OAAAA,EAAS;AACX,SAAA;QACA,sBAAA,EAAwB;YACtBA,OAAAA,EAAS;AACX;AACF,KAAA;IACAC,UAAAA,EAAY;QACVR,IAAAA,EAAM;YACJS,IAAAA,EAAM,QAAA;YACNC,SAAAA,EAAW,CAAA;YACXC,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU,IAAA;YACVC,MAAAA,EAAQ;AACV,SAAA;QACAT,WAAAA,EAAa;YACXK,IAAAA,EAAM,QAAA;YACNC,SAAAA,EAAW,CAAA;YACXC,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU,KAAA;YACVE,OAAAA,EAAS;AACX,SAAA;QACAL,IAAAA,EAAM;YACJA,IAAAA,EAAM,aAAA;~~AACNM~~,YAAAA,IAAAA,EAAMC,MAAAA,CAAOC,MAAM,CAACC,SAAAA,CAAUC,cAAc,CAAA;~~YAC5CR~~,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU,~~IAAA~~;YACVE,OAAAA,~~EAASI~~,SAAAA,CAAUC,cAAc,CAACC;AACpC,SAAA;QACAC,SAAAA,EAAW;~~YACTZ~~,IAAAA,EAAM,QAAA;YACNC,SAAAA,EAAW,CAAA;YACXC,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU,IAAA;~~YACVU~~,UAAAA,EAAY;AACd,SAAA;QACAC,YAAAA,EAAc;~~YACZd~~,IAAAA,EAAM,MAAA;YACNC,SAAAA,EAAW,CAAA;YACXC,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU,KAAA;~~YACVU~~,UAAAA,EAAY;AACd,SAAA;QACAE,UAAAA,EAAY;~~YACVf~~,IAAAA,EAAM,UAAA;YACNE,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU;AACZ,SAAA;~~QACAa~~,WAAAA,EAAa;~~YACXhB~~,IAAAA,EAAM,UAAA;~~YACNiB~~,MAAAA,EAAQ,6BAAA;YACRC,QAAAA,EAAU,WAAA;YACVC,QAAAA,EAAU,OAAA;~~YACVjB~~,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU;AACZ,SAAA;~~QACAiB~~,SAAAA,EAAW;~~YACTpB~~,IAAAA,EAAM,UAAA;YACNE,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU;AACZ,SAAA;~~QACAkB~~,QAAAA,EAAU;~~YACRrB~~,IAAAA,EAAM,YAAA;YACNE,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU;AACZ;AACF;AACF,CAAA;;;;"}
1	+ {"version":3,"file":"api-token.mjs","sources":["../../../../../server/src/content-types/api-token.ts"],"sourcesContent":["import constants from '../services/constants';\n\nexport default {\n collectionName: 'strapi_api_tokens',\n info: {\n name: 'Api Token',\n singularName: 'api-token',\n pluralName: 'api-tokens',\n displayName: 'Api Token',\n description: '',\n },\n options: {},\n pluginOptions: {\n 'content-manager': {\n visible: false,\n },\n 'content-type-builder': {\n visible: false,\n },\n },\n attributes: {\n name: {\n type: 'string',\n minLength: 1,\n configurable: false,\n required: true,\n unique: true,\n },\n description: {\n type: 'string',\n minLength: 1,\n configurable: false,\n required: false,\n default: '',\n },\n kind: {\n type: 'enumeration',\n enum: ['content-api', 'admin'],\n configurable: false,\n required: true,\n default: 'content-api',\n },\n type: {\n type: 'enumeration',\n enum: Object.values(constants.API_TOKEN_TYPE),\n configurable: false,\n required: false,\n default: constants.API_TOKEN_TYPE.READ_ONLY,\n },\n accessKey: {\n type: 'string',\n minLength: 1,\n configurable: false,\n required: true,\n searchable: false,\n },\n encryptedKey: {\n type: 'text',\n minLength: 1,\n configurable: false,\n required: false,\n searchable: false,\n },\n lastUsedAt: {\n type: 'datetime',\n configurable: false,\n required: false,\n },\n permissions: {\n type: 'relation',\n target: 'admin::api-token-permission',\n relation: 'oneToMany',\n mappedBy: 'token',\n configurable: false,\n required: false,\n },\n adminPermissions: {\n type: 'relation',\n target: 'admin::permission',\n relation: 'oneToMany',\n mappedBy: 'apiToken',\n configurable: false,\n required: false,\n },\n adminUserOwner: {\n type: 'relation',\n target: 'admin::user',\n relation: 'manyToOne',\n inversedBy: 'apiTokens',\n configurable: false,\n required: false,\n },\n expiresAt: {\n type: 'datetime',\n configurable: false,\n required: false,\n },\n lifespan: {\n type: 'biginteger',\n configurable: false,\n required: false,\n },\n },\n};\n"],"names":["collectionName","info","name","singularName","pluralName","displayName","description","options","pluginOptions","visible","attributes","type","minLength","configurable","required","unique","default","kind","enum","Object","values","constants","API_TOKEN_TYPE","READ_ONLY","accessKey","searchable","encryptedKey","lastUsedAt","permissions","target","relation","mappedBy","adminPermissions","adminUserOwner","inversedBy","expiresAt","lifespan"],"mappings":";;AAEA,eAAe;IACbA,cAAAA,EAAgB,mBAAA;IAChBC,IAAAA,EAAM;QACJC,IAAAA,EAAM,WAAA;QACNC,YAAAA,EAAc,WAAA;QACdC,UAAAA,EAAY,YAAA;QACZC,WAAAA,EAAa,WAAA;QACbC,WAAAA,EAAa;AACf,KAAA;AACAC,IAAAA,OAAAA,EAAS,EAAC;IACVC,aAAAA,EAAe;QACb,iBAAA,EAAmB;YACjBC,OAAAA,EAAS;AACX,SAAA;QACA,sBAAA,EAAwB;YACtBA,OAAAA,EAAS;AACX;AACF,KAAA;IACAC,UAAAA,EAAY;QACVR,IAAAA,EAAM;YACJS,IAAAA,EAAM,QAAA;YACNC,SAAAA,EAAW,CAAA;YACXC,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU,IAAA;YACVC,MAAAA,EAAQ;AACV,SAAA;QACAT,WAAAA,EAAa;YACXK,IAAAA,EAAM,QAAA;YACNC,SAAAA,EAAW,CAAA;YACXC,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU,KAAA;YACVE,OAAAA,EAAS;AACX,SAAA;QACAC,IAAAA,EAAM;YACJN,IAAAA,EAAM,aAAA;YACNO,IAAAA,EAAM;AAAC,gBAAA,aAAA;AAAe,gBAAA;AAAQ,aAAA;YAC9BL,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU,IAAA;YACVE,OAAAA,EAAS;AACX,SAAA;QACAL,IAAAA,EAAM;YACJA,IAAAA,EAAM,aAAA;AACNO,YAAAA,IAAAA,EAAMC,MAAAA,CAAOC,MAAM,CAACC,SAAAA,CAAUC,cAAc,CAAA;YAC5CT,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU,KAAA;YACVE,OAAAA,EAASK,SAAAA,CAAUC,cAAc,CAACC;AACpC,SAAA;QACAC,SAAAA,EAAW;YACTb,IAAAA,EAAM,QAAA;YACNC,SAAAA,EAAW,CAAA;YACXC,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU,IAAA;YACVW,UAAAA,EAAY;AACd,SAAA;QACAC,YAAAA,EAAc;YACZf,IAAAA,EAAM,MAAA;YACNC,SAAAA,EAAW,CAAA;YACXC,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU,KAAA;YACVW,UAAAA,EAAY;AACd,SAAA;QACAE,UAAAA,EAAY;YACVhB,IAAAA,EAAM,UAAA;YACNE,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU;AACZ,SAAA;QACAc,WAAAA,EAAa;YACXjB,IAAAA,EAAM,UAAA;YACNkB,MAAAA,EAAQ,6BAAA;YACRC,QAAAA,EAAU,WAAA;YACVC,QAAAA,EAAU,OAAA;YACVlB,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU;AACZ,SAAA;QACAkB,gBAAAA,EAAkB;YAChBrB,IAAAA,EAAM,UAAA;YACNkB,MAAAA,EAAQ,mBAAA;YACRC,QAAAA,EAAU,WAAA;YACVC,QAAAA,EAAU,UAAA;YACVlB,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU;AACZ,SAAA;QACAmB,cAAAA,EAAgB;YACdtB,IAAAA,EAAM,UAAA;YACNkB,MAAAA,EAAQ,aAAA;YACRC,QAAAA,EAAU,WAAA;YACVI,UAAAA,EAAY,WAAA;YACZrB,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU;AACZ,SAAA;QACAqB,SAAAA,EAAW;YACTxB,IAAAA,EAAM,UAAA;YACNE,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU;AACZ,SAAA;QACAsB,QAAAA,EAAU;YACRzB,IAAAA,EAAM,YAAA;YACNE,YAAAA,EAAc,KAAA;YACdC,QAAAA,EAAU;AACZ;AACF;AACF,CAAA;;;;"}

package/dist/server/server/src/controllers/admin-token.js ADDED Viewed

@@ -0,0 +1,194 @@
+'use strict';
+var utils = require('@strapi/utils');
+var fp = require('lodash/fp');
+var index = require('../utils/index.js');
+var constants = require('../services/constants.js');
+var adminTokens = require('../validation/admin-tokens.js');
+const { ApplicationError } = utils.errors;
+// ---------------------------------------------------------------------------
+// Access-control helpers
+// ---------------------------------------------------------------------------
+const isSuperAdmin = (user)=>user.roles.some((r)=>r.code === constants.SUPER_ADMIN_CODE) === true;
+const getOwnerId = (token)=>{
+    const owner = token.adminUserOwner;
+    return String(typeof owner === 'object' ? owner.id : owner);
+};
+/** Returns true when user is the recorded owner of an admin token. */ const isTokenOwner = (user, token)=>getOwnerId(token) === String(user.id);
+/** Owner OR super-admin can manage an admin token (read metadata, update…). */ const canAccessAdminToken = (user, token)=>isTokenOwner(user, token) || isSuperAdmin(user);
+// ---------------------------------------------------------------------------
+// Controller
+// ---------------------------------------------------------------------------
+var adminToken = {
+    // -------------------------------------------------------------------------
+    // Create
+    // -------------------------------------------------------------------------
+    async create (ctx) {
+        const { body } = ctx.request;
+        const apiTokenService = index.getService('api-token-admin');
+        if (body.type !== undefined) {
+            return ctx.badRequest('Type is not allowed for admin tokens');
+        }
+        if (body.permissions !== undefined) {
+            return ctx.badRequest('Permissions are not allowed for admin tokens');
+        }
+        const attributes = {
+            kind: 'admin',
+            name: fp.trim(body.name),
+            description: fp.trim(body.description),
+            adminPermissions: body.adminPermissions,
+            lifespan: body.lifespan,
+            adminUserOwner: ctx.state.user.id
+        };
+        await adminTokens.validateAdminTokenCreationInput(attributes);
+        const alreadyExists = await apiTokenService.exists({
+            name: attributes.name
+        });
+        if (alreadyExists) {
+            throw new ApplicationError('Name already taken');
+        }
+        const apiToken = await apiTokenService.create(attributes, ctx.state.user);
+        ctx.created({
+            data: apiToken
+        });
+    },
+    // -------------------------------------------------------------------------
+    // Regenerate — owner-only, super-admin does NOT bypass
+    // -------------------------------------------------------------------------
+    async regenerate (ctx) {
+        const { id } = ctx.params;
+        const apiTokenService = index.getService('api-token-admin');
+        const token = await apiTokenService.getById(id);
+        if (!token) {
+            ctx.notFound('API Token not found');
+            return;
+        }
+        if (!isTokenOwner(ctx.state.user, token)) {
+            return ctx.forbidden();
+        }
+        const accessToken = await apiTokenService.regenerate(id);
+        ctx.created({
+            data: accessToken
+        });
+    },
+    // -------------------------------------------------------------------------
+    // List — always filtered to kind: 'admin'
+    // -------------------------------------------------------------------------
+    async list (ctx) {
+        const apiTokenService = index.getService('api-token-admin');
+        const apiTokens = await apiTokenService.list(ctx.state.user);
+        ctx.send({
+            data: apiTokens
+        });
+    },
+    // -------------------------------------------------------------------------
+    // Revoke
+    // -------------------------------------------------------------------------
+    async revoke (ctx) {
+        const { id } = ctx.params;
+        const apiTokenService = index.getService('api-token-admin');
+        const existingToken = await apiTokenService.getById(id);
+        if (existingToken === null) {
+            return ctx.notFound('API Token not found');
+        }
+        if (canAccessAdminToken(ctx.state.user, existingToken) === false) {
+            return ctx.forbidden();
+        }
+        const apiToken = await apiTokenService.revoke(id);
+        ctx.deleted({
+            data: apiToken
+        });
+    },
+    // -------------------------------------------------------------------------
+    // Get — key exposed only to owner
+    // -------------------------------------------------------------------------
+    async get (ctx) {
+        const { id } = ctx.params;
+        const apiTokenService = index.getService('api-token-admin');
+        const token = await apiTokenService.getById(id);
+        if (!token) {
+            ctx.notFound('API Token not found');
+            return;
+        }
+        if (canAccessAdminToken(ctx.state.user, token) === false) {
+            ctx.notFound('API Token not found');
+            return;
+        }
+        if (isTokenOwner(ctx.state.user, token)) {
+            const withKey = await apiTokenService.getById(id, {
+                includeDecryptedKey: true
+            });
+            ctx.send({
+                data: withKey ?? token
+            });
+            return;
+        }
+        ctx.send({
+            data: token
+        });
+    },
+    // -------------------------------------------------------------------------
+    // Update — owner or super-admin only
+    // -------------------------------------------------------------------------
+    async update (ctx) {
+        const { body } = ctx.request;
+        const { id } = ctx.params;
+        const apiTokenService = index.getService('api-token-admin');
+        const mutableBody = body;
+        if (fp.has('name', mutableBody)) {
+            mutableBody.name = fp.trim(body.name ?? '');
+        }
+        if (fp.has('description', mutableBody) || mutableBody.description === null) {
+            mutableBody.description = fp.trim(body.description ?? '');
+        }
+        await adminTokens.validateAdminTokenUpdateInput(body);
+        const existingToken = await apiTokenService.getById(id);
+        if (!existingToken) {
+            return ctx.notFound('API Token not found');
+        }
+        if (fp.has('name', body)) {
+            const nameAlreadyTaken = await apiTokenService.getByName(body.name);
+            if (nameAlreadyTaken !== null && !utils.strings.isEqual(nameAlreadyTaken.id, id)) {
+                throw new ApplicationError('Name already taken');
+            }
+        }
+        if (!canAccessAdminToken(ctx.state.user, existingToken)) {
+            return ctx.forbidden();
+        }
+        const apiToken = await apiTokenService.update(id, body);
+        ctx.send({
+            data: apiToken
+        });
+    },
+    // -------------------------------------------------------------------------
+    // Owner permissions — effective permissions of the token owner
+    // -------------------------------------------------------------------------
+    async getOwnerPermissions (ctx) {
+        const { id } = ctx.params;
+        const apiTokenService = index.getService('api-token-admin');
+        const permissionService = index.getService('permission');
+        const userService = index.getService('user');
+        const token = await apiTokenService.getById(id);
+        if (!token) {
+            return ctx.notFound('apiToken.notFound');
+        }
+        if (!canAccessAdminToken(ctx.state.user, token)) {
+            return ctx.forbidden();
+        }
+        const ownerId = getOwnerId(token);
+        const ownerUser = await userService.findOne(ownerId);
+        if (!ownerUser) {
+            return ctx.notFound('owner.notFound');
+        }
+        const ownerPermissions = await permissionService.findUserPermissions(ownerUser);
+        const sanitizedPermissions = ownerPermissions.map(permissionService.sanitizePermission);
+        // @ts-expect-error - transform response type to sanitized permission
+        ctx.body = {
+            data: sanitizedPermissions
+        };
+    }
+};
+module.exports = adminToken;
+//# sourceMappingURL=admin-token.js.map

package/dist/server/server/src/controllers/admin-token.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"admin-token.js","sources":["../../../../../server/src/controllers/admin-token.ts"],"sourcesContent":["import type { Context } from 'koa';\n\nimport { strings, errors } from '@strapi/utils';\nimport { trim, has } from 'lodash/fp';\nimport { getService } from '../utils';\nimport constants from '../services/constants';\nimport {\n validateAdminTokenCreationInput,\n validateAdminTokenUpdateInput,\n} from '../validation/admin-tokens';\nimport {\n Create,\n List,\n Revoke,\n Get,\n Update,\n GetOwnerPermissions,\n AdminApiToken,\n} from '../../../shared/contracts/admin-token';\nimport type { ContentApiApiToken } from '../../../shared/contracts/api-token';\nimport type { AdminUser } from '../../../shared/contracts/shared';\n\nconst { ApplicationError } = errors;\n\n// ---------------------------------------------------------------------------\n// Access-control helpers\n// ---------------------------------------------------------------------------\n\nconst isSuperAdmin = (user: AdminUser): boolean =>\n user.roles.some((r) => r.code === constants.SUPER_ADMIN_CODE) === true;\n\nconst getOwnerId = (token: AdminApiToken): string => {\n const owner = token.adminUserOwner;\n return String(typeof owner === 'object' ? owner.id : owner);\n};\n\n/** Returns true when user is the recorded owner of an admin token. */\nconst isTokenOwner = (user: AdminUser, token: AdminApiToken): boolean =>\n getOwnerId(token) === String(user.id);\n\n/** Owner OR super-admin can manage an admin token (read metadata, update…). */\nconst canAccessAdminToken = (user: AdminUser, token: AdminApiToken): boolean =>\n isTokenOwner(user, token) || isSuperAdmin(user);\n\n// ---------------------------------------------------------------------------\n// Controller\n// ---------------------------------------------------------------------------\n\nexport default {\n // -------------------------------------------------------------------------\n // Create\n // -------------------------------------------------------------------------\n async create(ctx: Context) {\n const { body } = ctx.request as Create.Request;\n const apiTokenService = getService('api-token-admin');\n\n if ((body as ContentApiApiToken).type !== undefined) {\n return ctx.badRequest('Type is not allowed for admin tokens');\n }\n if ((body as ContentApiApiToken).permissions !== undefined) {\n return ctx.badRequest('Permissions are not allowed for admin tokens');\n }\n\n const attributes = {\n kind: 'admin' as const,\n name: trim(body.name),\n description: trim(body.description),\n adminPermissions: body.adminPermissions,\n lifespan: body.lifespan,\n adminUserOwner: ctx.state.user.id,\n };\n\n await validateAdminTokenCreationInput(attributes);\n\n const alreadyExists = await apiTokenService.exists({ name: attributes.name });\n if (alreadyExists) {\n throw new ApplicationError('Name already taken');\n }\n\n const apiToken = await apiTokenService.create(attributes, ctx.state.user);\n ctx.created({ data: apiToken });\n },\n\n // -------------------------------------------------------------------------\n // Regenerate — owner-only, super-admin does NOT bypass\n // -------------------------------------------------------------------------\n async regenerate(ctx: Context) {\n const { id } = ctx.params;\n const apiTokenService = getService('api-token-admin');\n\n const token = await apiTokenService.getById(id);\n if (!token) {\n ctx.notFound('API Token not found');\n return;\n }\n\n if (!isTokenOwner(ctx.state.user, token)) {\n return ctx.forbidden();\n }\n\n const accessToken = await apiTokenService.regenerate(id);\n ctx.created({ data: accessToken });\n },\n\n // -------------------------------------------------------------------------\n // List — always filtered to kind: 'admin'\n // -------------------------------------------------------------------------\n async list(ctx: Context) {\n const apiTokenService = getService('api-token-admin');\n const apiTokens = await apiTokenService.list(ctx.state.user);\n\n ctx.send({ data: apiTokens } satisfies List.Response);\n },\n\n // -------------------------------------------------------------------------\n // Revoke\n // -------------------------------------------------------------------------\n async revoke(ctx: Context) {\n const { id } = ctx.params as Revoke.Params;\n const apiTokenService = getService('api-token-admin');\n\n const existingToken = await apiTokenService.getById(id);\n if (existingToken === null) {\n return ctx.notFound('API Token not found');\n }\n\n if (canAccessAdminToken(ctx.state.user, existingToken) === false) {\n return ctx.forbidden();\n }\n\n const apiToken = await apiTokenService.revoke(id);\n ctx.deleted({ data: apiToken } satisfies Revoke.Response);\n },\n\n // -------------------------------------------------------------------------\n // Get — key exposed only to owner\n // -------------------------------------------------------------------------\n async get(ctx: Context) {\n const { id } = ctx.params;\n const apiTokenService = getService('api-token-admin');\n\n const token = await apiTokenService.getById(id);\n if (!token) {\n ctx.notFound('API Token not found');\n return;\n }\n\n if (canAccessAdminToken(ctx.state.user, token) === false) {\n ctx.notFound('API Token not found');\n return;\n }\n\n if (isTokenOwner(ctx.state.user, token)) {\n const withKey = await apiTokenService.getById(id, { includeDecryptedKey: true });\n ctx.send({ data: withKey ?? token } satisfies Get.Response);\n return;\n }\n\n ctx.send({ data: token } satisfies Get.Response);\n },\n\n // -------------------------------------------------------------------------\n // Update — owner or super-admin only\n // -------------------------------------------------------------------------\n async update(ctx: Context) {\n const { body } = ctx.request as Update.Request;\n const { id } = ctx.params as Update.Params;\n const apiTokenService = getService('api-token-admin');\n\n const mutableBody = body as Record<string, unknown>;\n if (has('name', mutableBody)) {\n mutableBody.name = trim(body.name ?? '');\n }\n if (has('description', mutableBody) || mutableBody.description === null) {\n mutableBody.description = trim(body.description ?? '');\n }\n\n await validateAdminTokenUpdateInput(body);\n\n const existingToken = await apiTokenService.getById(id);\n if (!existingToken) {\n return ctx.notFound('API Token not found');\n }\n\n if (has('name', body)) {\n const nameAlreadyTaken = await apiTokenService.getByName(body.name!);\n if (nameAlreadyTaken !== null && !strings.isEqual(nameAlreadyTaken.id, id)) {\n throw new ApplicationError('Name already taken');\n }\n }\n\n if (!canAccessAdminToken(ctx.state.user, existingToken)) {\n return ctx.forbidden();\n }\n\n const apiToken = await apiTokenService.update(id, body);\n ctx.send({ data: apiToken } satisfies Update.Response);\n },\n\n // -------------------------------------------------------------------------\n // Owner permissions — effective permissions of the token owner\n // -------------------------------------------------------------------------\n async getOwnerPermissions(ctx: Context) {\n const { id } = ctx.params as GetOwnerPermissions.Request['params'];\n const apiTokenService = getService('api-token-admin');\n const permissionService = getService('permission');\n const userService = getService('user');\n\n const token = await apiTokenService.getById(id);\n if (!token) {\n return ctx.notFound('apiToken.notFound');\n }\n\n if (!canAccessAdminToken(ctx.state.user, token)) {\n return ctx.forbidden();\n }\n\n const ownerId = getOwnerId(token);\n const ownerUser = await userService.findOne(ownerId);\n if (!ownerUser) {\n return ctx.notFound('owner.notFound');\n }\n\n const ownerPermissions = await permissionService.findUserPermissions(ownerUser);\n const sanitizedPermissions = ownerPermissions.map(permissionService.sanitizePermission);\n\n // @ts-expect-error - transform response type to sanitized permission\n ctx.body = { data: sanitizedPermissions } satisfies GetOwnerPermissions.Response;\n },\n};\n"],"names":["ApplicationError","errors","isSuperAdmin","user","roles","some","r","code","constants","SUPER_ADMIN_CODE","getOwnerId","token","owner","adminUserOwner","String","id","isTokenOwner","canAccessAdminToken","create","ctx","body","request","apiTokenService","getService","type","undefined","badRequest","permissions","attributes","kind","name","trim","description","adminPermissions","lifespan","state","validateAdminTokenCreationInput","alreadyExists","exists","apiToken","created","data","regenerate","params","getById","notFound","forbidden","accessToken","list","apiTokens","send","revoke","existingToken","deleted","get","withKey","includeDecryptedKey","update","mutableBody","has","validateAdminTokenUpdateInput","nameAlreadyTaken","getByName","strings","isEqual","getOwnerPermissions","permissionService","userService","ownerId","ownerUser","findOne","ownerPermissions","findUserPermissions","sanitizedPermissions","map","sanitizePermission"],"mappings":";;;;;;;;AAsBA,MAAM,EAAEA,gBAAgB,EAAE,GAAGC,YAAAA;AAE7B;AACA;AACA;AAEA,MAAMC,YAAAA,GAAe,CAACC,IAAAA,GACpBA,IAAAA,CAAKC,KAAK,CAACC,IAAI,CAAC,CAACC,IAAMA,CAAAA,CAAEC,IAAI,KAAKC,SAAAA,CAAUC,gBAAgB,CAAA,KAAM,IAAA;AAEpE,MAAMC,aAAa,CAACC,KAAAA,GAAAA;IAClB,MAAMC,KAAAA,GAAQD,MAAME,cAAc;AAClC,IAAA,OAAOC,OAAO,OAAOF,KAAAA,KAAU,QAAA,GAAWA,KAAAA,CAAMG,EAAE,GAAGH,KAAAA,CAAAA;AACvD,CAAA;AAEA,uEACA,MAAMI,YAAAA,GAAe,CAACb,IAAAA,EAAiBQ,QACrCD,UAAAA,CAAWC,KAAAA,CAAAA,KAAWG,MAAAA,CAAOX,IAAAA,CAAKY,EAAE,CAAA;AAEtC,gFACA,MAAME,mBAAAA,GAAsB,CAACd,MAAiBQ,KAAAA,GAC5CK,YAAAA,CAAab,IAAAA,EAAMQ,KAAAA,CAAAA,IAAUT,YAAAA,CAAaC,IAAAA,CAAAA;AAE5C;AACA;AACA;AAEA,iBAAe;;;;AAIb,IAAA,MAAMe,QAAOC,GAAY,EAAA;AACvB,QAAA,MAAM,EAAEC,IAAI,EAAE,GAAGD,IAAIE,OAAO;AAC5B,QAAA,MAAMC,kBAAkBC,gBAAAA,CAAW,iBAAA,CAAA;AAEnC,QAAA,IAAI,IAACH,CAA4BI,IAAI,KAAKC,SAAAA,EAAW;YACnD,OAAON,GAAAA,CAAIO,UAAU,CAAC,sCAAA,CAAA;AACxB,QAAA;AACA,QAAA,IAAI,IAACN,CAA4BO,WAAW,KAAKF,SAAAA,EAAW;YAC1D,OAAON,GAAAA,CAAIO,UAAU,CAAC,8CAAA,CAAA;AACxB,QAAA;AAEA,QAAA,MAAME,UAAAA,GAAa;YACjBC,IAAAA,EAAM,OAAA;YACNC,IAAAA,EAAMC,OAAAA,CAAKX,KAAKU,IAAI,CAAA;YACpBE,WAAAA,EAAaD,OAAAA,CAAKX,KAAKY,WAAW,CAAA;AAClCC,YAAAA,gBAAAA,EAAkBb,KAAKa,gBAAgB;AACvCC,YAAAA,QAAAA,EAAUd,KAAKc,QAAQ;AACvBrB,YAAAA,cAAAA,EAAgBM,GAAAA,CAAIgB,KAAK,CAAChC,IAAI,CAACY;AACjC,SAAA;AAEA,QAAA,MAAMqB,2CAAAA,CAAgCR,UAAAA,CAAAA;AAEtC,QAAA,MAAMS,aAAAA,GAAgB,MAAMf,eAAAA,CAAgBgB,MAAM,CAAC;AAAER,YAAAA,IAAAA,EAAMF,WAAWE;AAAK,SAAA,CAAA;AAC3E,QAAA,IAAIO,aAAAA,EAAe;AACjB,YAAA,MAAM,IAAIrC,gBAAAA,CAAiB,oBAAA,CAAA;AAC7B,QAAA;QAEA,MAAMuC,QAAAA,GAAW,MAAMjB,eAAAA,CAAgBJ,MAAM,CAACU,UAAAA,EAAYT,GAAAA,CAAIgB,KAAK,CAAChC,IAAI,CAAA;AACxEgB,QAAAA,GAAAA,CAAIqB,OAAO,CAAC;YAAEC,IAAAA,EAAMF;AAAS,SAAA,CAAA;AAC/B,IAAA,CAAA;;;;AAKA,IAAA,MAAMG,YAAWvB,GAAY,EAAA;AAC3B,QAAA,MAAM,EAAEJ,EAAE,EAAE,GAAGI,IAAIwB,MAAM;AACzB,QAAA,MAAMrB,kBAAkBC,gBAAAA,CAAW,iBAAA,CAAA;AAEnC,QAAA,MAAMZ,KAAAA,GAAQ,MAAMW,eAAAA,CAAgBsB,OAAO,CAAC7B,EAAAA,CAAAA;AAC5C,QAAA,IAAI,CAACJ,KAAAA,EAAO;AACVQ,YAAAA,GAAAA,CAAI0B,QAAQ,CAAC,qBAAA,CAAA;AACb,YAAA;AACF,QAAA;AAEA,QAAA,IAAI,CAAC7B,YAAAA,CAAaG,GAAAA,CAAIgB,KAAK,CAAChC,IAAI,EAAEQ,KAAAA,CAAAA,EAAQ;AACxC,YAAA,OAAOQ,IAAI2B,SAAS,EAAA;AACtB,QAAA;AAEA,QAAA,MAAMC,WAAAA,GAAc,MAAMzB,eAAAA,CAAgBoB,UAAU,CAAC3B,EAAAA,CAAAA;AACrDI,QAAAA,GAAAA,CAAIqB,OAAO,CAAC;YAAEC,IAAAA,EAAMM;AAAY,SAAA,CAAA;AAClC,IAAA,CAAA;;;;AAKA,IAAA,MAAMC,MAAK7B,GAAY,EAAA;AACrB,QAAA,MAAMG,kBAAkBC,gBAAAA,CAAW,iBAAA,CAAA;QACnC,MAAM0B,SAAAA,GAAY,MAAM3B,eAAAA,CAAgB0B,IAAI,CAAC7B,GAAAA,CAAIgB,KAAK,CAAChC,IAAI,CAAA;AAE3DgB,QAAAA,GAAAA,CAAI+B,IAAI,CAAC;YAAET,IAAAA,EAAMQ;AAAU,SAAA,CAAA;AAC7B,IAAA,CAAA;;;;AAKA,IAAA,MAAME,QAAOhC,GAAY,EAAA;AACvB,QAAA,MAAM,EAAEJ,EAAE,EAAE,GAAGI,IAAIwB,MAAM;AACzB,QAAA,MAAMrB,kBAAkBC,gBAAAA,CAAW,iBAAA,CAAA;AAEnC,QAAA,MAAM6B,aAAAA,GAAgB,MAAM9B,eAAAA,CAAgBsB,OAAO,CAAC7B,EAAAA,CAAAA;AACpD,QAAA,IAAIqC,kBAAkB,IAAA,EAAM;YAC1B,OAAOjC,GAAAA,CAAI0B,QAAQ,CAAC,qBAAA,CAAA;AACtB,QAAA;AAEA,QAAA,IAAI5B,oBAAoBE,GAAAA,CAAIgB,KAAK,CAAChC,IAAI,EAAEiD,mBAAmB,KAAA,EAAO;AAChE,YAAA,OAAOjC,IAAI2B,SAAS,EAAA;AACtB,QAAA;AAEA,QAAA,MAAMP,QAAAA,GAAW,MAAMjB,eAAAA,CAAgB6B,MAAM,CAACpC,EAAAA,CAAAA;AAC9CI,QAAAA,GAAAA,CAAIkC,OAAO,CAAC;YAAEZ,IAAAA,EAAMF;AAAS,SAAA,CAAA;AAC/B,IAAA,CAAA;;;;AAKA,IAAA,MAAMe,KAAInC,GAAY,EAAA;AACpB,QAAA,MAAM,EAAEJ,EAAE,EAAE,GAAGI,IAAIwB,MAAM;AACzB,QAAA,MAAMrB,kBAAkBC,gBAAAA,CAAW,iBAAA,CAAA;AAEnC,QAAA,MAAMZ,KAAAA,GAAQ,MAAMW,eAAAA,CAAgBsB,OAAO,CAAC7B,EAAAA,CAAAA;AAC5C,QAAA,IAAI,CAACJ,KAAAA,EAAO;AACVQ,YAAAA,GAAAA,CAAI0B,QAAQ,CAAC,qBAAA,CAAA;AACb,YAAA;AACF,QAAA;AAEA,QAAA,IAAI5B,oBAAoBE,GAAAA,CAAIgB,KAAK,CAAChC,IAAI,EAAEQ,WAAW,KAAA,EAAO;AACxDQ,YAAAA,GAAAA,CAAI0B,QAAQ,CAAC,qBAAA,CAAA;AACb,YAAA;AACF,QAAA;AAEA,QAAA,IAAI7B,aAAaG,GAAAA,CAAIgB,KAAK,CAAChC,IAAI,EAAEQ,KAAAA,CAAAA,EAAQ;AACvC,YAAA,MAAM4C,OAAAA,GAAU,MAAMjC,eAAAA,CAAgBsB,OAAO,CAAC7B,EAAAA,EAAI;gBAAEyC,mBAAAA,EAAqB;AAAK,aAAA,CAAA;AAC9ErC,YAAAA,GAAAA,CAAI+B,IAAI,CAAC;AAAET,gBAAAA,IAAAA,EAAMc,OAAAA,IAAW5C;AAAM,aAAA,CAAA;AAClC,YAAA;AACF,QAAA;AAEAQ,QAAAA,GAAAA,CAAI+B,IAAI,CAAC;YAAET,IAAAA,EAAM9B;AAAM,SAAA,CAAA;AACzB,IAAA,CAAA;;;;AAKA,IAAA,MAAM8C,QAAOtC,GAAY,EAAA;AACvB,QAAA,MAAM,EAAEC,IAAI,EAAE,GAAGD,IAAIE,OAAO;AAC5B,QAAA,MAAM,EAAEN,EAAE,EAAE,GAAGI,IAAIwB,MAAM;AACzB,QAAA,MAAMrB,kBAAkBC,gBAAAA,CAAW,iBAAA,CAAA;AAEnC,QAAA,MAAMmC,WAAAA,GAActC,IAAAA;QACpB,IAAIuC,MAAAA,CAAI,QAAQD,WAAAA,CAAAA,EAAc;AAC5BA,YAAAA,WAAAA,CAAY5B,IAAI,GAAGC,OAAAA,CAAKX,IAAAA,CAAKU,IAAI,IAAI,EAAA,CAAA;AACvC,QAAA;AACA,QAAA,IAAI6B,OAAI,aAAA,EAAeD,WAAAA,CAAAA,IAAgBA,WAAAA,CAAY1B,WAAW,KAAK,IAAA,EAAM;AACvE0B,YAAAA,WAAAA,CAAY1B,WAAW,GAAGD,OAAAA,CAAKX,IAAAA,CAAKY,WAAW,IAAI,EAAA,CAAA;AACrD,QAAA;AAEA,QAAA,MAAM4B,yCAAAA,CAA8BxC,IAAAA,CAAAA;AAEpC,QAAA,MAAMgC,aAAAA,GAAgB,MAAM9B,eAAAA,CAAgBsB,OAAO,CAAC7B,EAAAA,CAAAA;AACpD,QAAA,IAAI,CAACqC,aAAAA,EAAe;YAClB,OAAOjC,GAAAA,CAAI0B,QAAQ,CAAC,qBAAA,CAAA;AACtB,QAAA;QAEA,IAAIc,MAAAA,CAAI,QAAQvC,IAAAA,CAAAA,EAAO;AACrB,YAAA,MAAMyC,mBAAmB,MAAMvC,eAAAA,CAAgBwC,SAAS,CAAC1C,KAAKU,IAAI,CAAA;YAClE,IAAI+B,gBAAAA,KAAqB,QAAQ,CAACE,aAAAA,CAAQC,OAAO,CAACH,gBAAAA,CAAiB9C,EAAE,EAAEA,EAAAA,CAAAA,EAAK;AAC1E,gBAAA,MAAM,IAAIf,gBAAAA,CAAiB,oBAAA,CAAA;AAC7B,YAAA;AACF,QAAA;AAEA,QAAA,IAAI,CAACiB,mBAAAA,CAAoBE,GAAAA,CAAIgB,KAAK,CAAChC,IAAI,EAAEiD,aAAAA,CAAAA,EAAgB;AACvD,YAAA,OAAOjC,IAAI2B,SAAS,EAAA;AACtB,QAAA;AAEA,QAAA,MAAMP,QAAAA,GAAW,MAAMjB,eAAAA,CAAgBmC,MAAM,CAAC1C,EAAAA,EAAIK,IAAAA,CAAAA;AAClDD,QAAAA,GAAAA,CAAI+B,IAAI,CAAC;YAAET,IAAAA,EAAMF;AAAS,SAAA,CAAA;AAC5B,IAAA,CAAA;;;;AAKA,IAAA,MAAM0B,qBAAoB9C,GAAY,EAAA;AACpC,QAAA,MAAM,EAAEJ,EAAE,EAAE,GAAGI,IAAIwB,MAAM;AACzB,QAAA,MAAMrB,kBAAkBC,gBAAAA,CAAW,iBAAA,CAAA;AACnC,QAAA,MAAM2C,oBAAoB3C,gBAAAA,CAAW,YAAA,CAAA;AACrC,QAAA,MAAM4C,cAAc5C,gBAAAA,CAAW,MAAA,CAAA;AAE/B,QAAA,MAAMZ,KAAAA,GAAQ,MAAMW,eAAAA,CAAgBsB,OAAO,CAAC7B,EAAAA,CAAAA;AAC5C,QAAA,IAAI,CAACJ,KAAAA,EAAO;YACV,OAAOQ,GAAAA,CAAI0B,QAAQ,CAAC,mBAAA,CAAA;AACtB,QAAA;AAEA,QAAA,IAAI,CAAC5B,mBAAAA,CAAoBE,GAAAA,CAAIgB,KAAK,CAAChC,IAAI,EAAEQ,KAAAA,CAAAA,EAAQ;AAC/C,YAAA,OAAOQ,IAAI2B,SAAS,EAAA;AACtB,QAAA;AAEA,QAAA,MAAMsB,UAAU1D,UAAAA,CAAWC,KAAAA,CAAAA;AAC3B,QAAA,MAAM0D,SAAAA,GAAY,MAAMF,WAAAA,CAAYG,OAAO,CAACF,OAAAA,CAAAA;AAC5C,QAAA,IAAI,CAACC,SAAAA,EAAW;YACd,OAAOlD,GAAAA,CAAI0B,QAAQ,CAAC,gBAAA,CAAA;AACtB,QAAA;AAEA,QAAA,MAAM0B,gBAAAA,GAAmB,MAAML,iBAAAA,CAAkBM,mBAAmB,CAACH,SAAAA,CAAAA;AACrE,QAAA,MAAMI,oBAAAA,GAAuBF,gBAAAA,CAAiBG,GAAG,CAACR,kBAAkBS,kBAAkB,CAAA;;AAGtFxD,QAAAA,GAAAA,CAAIC,IAAI,GAAG;YAAEqB,IAAAA,EAAMgC;AAAqB,SAAA;AAC1C,IAAA;AACF,CAAA;;;;"}

package/dist/server/server/src/controllers/admin-token.mjs ADDED Viewed

@@ -0,0 +1,192 @@
+import { errors, strings } from '@strapi/utils';
+import { has, trim } from 'lodash/fp';
+import { getService } from '../utils/index.mjs';
+import constants from '../services/constants.mjs';
+import { validateAdminTokenUpdateInput, validateAdminTokenCreationInput } from '../validation/admin-tokens.mjs';
+const { ApplicationError } = errors;
+// ---------------------------------------------------------------------------
+// Access-control helpers
+// ---------------------------------------------------------------------------
+const isSuperAdmin = (user)=>user.roles.some((r)=>r.code === constants.SUPER_ADMIN_CODE) === true;
+const getOwnerId = (token)=>{
+    const owner = token.adminUserOwner;
+    return String(typeof owner === 'object' ? owner.id : owner);
+};
+/** Returns true when user is the recorded owner of an admin token. */ const isTokenOwner = (user, token)=>getOwnerId(token) === String(user.id);
+/** Owner OR super-admin can manage an admin token (read metadata, update…). */ const canAccessAdminToken = (user, token)=>isTokenOwner(user, token) || isSuperAdmin(user);
+// ---------------------------------------------------------------------------
+// Controller
+// ---------------------------------------------------------------------------
+var adminToken = {
+    // -------------------------------------------------------------------------
+    // Create
+    // -------------------------------------------------------------------------
+    async create (ctx) {
+        const { body } = ctx.request;
+        const apiTokenService = getService('api-token-admin');
+        if (body.type !== undefined) {
+            return ctx.badRequest('Type is not allowed for admin tokens');
+        }
+        if (body.permissions !== undefined) {
+            return ctx.badRequest('Permissions are not allowed for admin tokens');
+        }
+        const attributes = {
+            kind: 'admin',
+            name: trim(body.name),
+            description: trim(body.description),
+            adminPermissions: body.adminPermissions,
+            lifespan: body.lifespan,
+            adminUserOwner: ctx.state.user.id
+        };
+        await validateAdminTokenCreationInput(attributes);
+        const alreadyExists = await apiTokenService.exists({
+            name: attributes.name
+        });
+        if (alreadyExists) {
+            throw new ApplicationError('Name already taken');
+        }
+        const apiToken = await apiTokenService.create(attributes, ctx.state.user);
+        ctx.created({
+            data: apiToken
+        });
+    },
+    // -------------------------------------------------------------------------
+    // Regenerate — owner-only, super-admin does NOT bypass
+    // -------------------------------------------------------------------------
+    async regenerate (ctx) {
+        const { id } = ctx.params;
+        const apiTokenService = getService('api-token-admin');
+        const token = await apiTokenService.getById(id);
+        if (!token) {
+            ctx.notFound('API Token not found');
+            return;
+        }
+        if (!isTokenOwner(ctx.state.user, token)) {
+            return ctx.forbidden();
+        }
+        const accessToken = await apiTokenService.regenerate(id);
+        ctx.created({
+            data: accessToken
+        });
+    },
+    // -------------------------------------------------------------------------
+    // List — always filtered to kind: 'admin'
+    // -------------------------------------------------------------------------
+    async list (ctx) {
+        const apiTokenService = getService('api-token-admin');
+        const apiTokens = await apiTokenService.list(ctx.state.user);
+        ctx.send({
+            data: apiTokens
+        });
+    },
+    // -------------------------------------------------------------------------
+    // Revoke
+    // -------------------------------------------------------------------------
+    async revoke (ctx) {
+        const { id } = ctx.params;
+        const apiTokenService = getService('api-token-admin');
+        const existingToken = await apiTokenService.getById(id);
+        if (existingToken === null) {
+            return ctx.notFound('API Token not found');
+        }
+        if (canAccessAdminToken(ctx.state.user, existingToken) === false) {
+            return ctx.forbidden();
+        }
+        const apiToken = await apiTokenService.revoke(id);
+        ctx.deleted({
+            data: apiToken
+        });
+    },
+    // -------------------------------------------------------------------------
+    // Get — key exposed only to owner
+    // -------------------------------------------------------------------------
+    async get (ctx) {
+        const { id } = ctx.params;
+        const apiTokenService = getService('api-token-admin');
+        const token = await apiTokenService.getById(id);
+        if (!token) {
+            ctx.notFound('API Token not found');
+            return;
+        }
+        if (canAccessAdminToken(ctx.state.user, token) === false) {
+            ctx.notFound('API Token not found');
+            return;
+        }
+        if (isTokenOwner(ctx.state.user, token)) {
+            const withKey = await apiTokenService.getById(id, {
+                includeDecryptedKey: true
+            });
+            ctx.send({
+                data: withKey ?? token
+            });
+            return;
+        }
+        ctx.send({
+            data: token
+        });
+    },
+    // -------------------------------------------------------------------------
+    // Update — owner or super-admin only
+    // -------------------------------------------------------------------------
+    async update (ctx) {
+        const { body } = ctx.request;
+        const { id } = ctx.params;
+        const apiTokenService = getService('api-token-admin');
+        const mutableBody = body;
+        if (has('name', mutableBody)) {
+            mutableBody.name = trim(body.name ?? '');
+        }
+        if (has('description', mutableBody) || mutableBody.description === null) {
+            mutableBody.description = trim(body.description ?? '');
+        }
+        await validateAdminTokenUpdateInput(body);
+        const existingToken = await apiTokenService.getById(id);
+        if (!existingToken) {
+            return ctx.notFound('API Token not found');
+        }
+        if (has('name', body)) {
+            const nameAlreadyTaken = await apiTokenService.getByName(body.name);
+            if (nameAlreadyTaken !== null && !strings.isEqual(nameAlreadyTaken.id, id)) {
+                throw new ApplicationError('Name already taken');
+            }
+        }
+        if (!canAccessAdminToken(ctx.state.user, existingToken)) {
+            return ctx.forbidden();
+        }
+        const apiToken = await apiTokenService.update(id, body);
+        ctx.send({
+            data: apiToken
+        });
+    },
+    // -------------------------------------------------------------------------
+    // Owner permissions — effective permissions of the token owner
+    // -------------------------------------------------------------------------
+    async getOwnerPermissions (ctx) {
+        const { id } = ctx.params;
+        const apiTokenService = getService('api-token-admin');
+        const permissionService = getService('permission');
+        const userService = getService('user');
+        const token = await apiTokenService.getById(id);
+        if (!token) {
+            return ctx.notFound('apiToken.notFound');
+        }
+        if (!canAccessAdminToken(ctx.state.user, token)) {
+            return ctx.forbidden();
+        }
+        const ownerId = getOwnerId(token);
+        const ownerUser = await userService.findOne(ownerId);
+        if (!ownerUser) {
+            return ctx.notFound('owner.notFound');
+        }
+        const ownerPermissions = await permissionService.findUserPermissions(ownerUser);
+        const sanitizedPermissions = ownerPermissions.map(permissionService.sanitizePermission);
+        // @ts-expect-error - transform response type to sanitized permission
+        ctx.body = {
+            data: sanitizedPermissions
+        };
+    }
+};
+export { adminToken as default };
+//# sourceMappingURL=admin-token.mjs.map

package/dist/server/server/src/controllers/admin-token.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"admin-token.mjs","sources":["../../../../../server/src/controllers/admin-token.ts"],"sourcesContent":["import type { Context } from 'koa';\n\nimport { strings, errors } from '@strapi/utils';\nimport { trim, has } from 'lodash/fp';\nimport { getService } from '../utils';\nimport constants from '../services/constants';\nimport {\n validateAdminTokenCreationInput,\n validateAdminTokenUpdateInput,\n} from '../validation/admin-tokens';\nimport {\n Create,\n List,\n Revoke,\n Get,\n Update,\n GetOwnerPermissions,\n AdminApiToken,\n} from '../../../shared/contracts/admin-token';\nimport type { ContentApiApiToken } from '../../../shared/contracts/api-token';\nimport type { AdminUser } from '../../../shared/contracts/shared';\n\nconst { ApplicationError } = errors;\n\n// ---------------------------------------------------------------------------\n// Access-control helpers\n// ---------------------------------------------------------------------------\n\nconst isSuperAdmin = (user: AdminUser): boolean =>\n user.roles.some((r) => r.code === constants.SUPER_ADMIN_CODE) === true;\n\nconst getOwnerId = (token: AdminApiToken): string => {\n const owner = token.adminUserOwner;\n return String(typeof owner === 'object' ? owner.id : owner);\n};\n\n/** Returns true when user is the recorded owner of an admin token. */\nconst isTokenOwner = (user: AdminUser, token: AdminApiToken): boolean =>\n getOwnerId(token) === String(user.id);\n\n/** Owner OR super-admin can manage an admin token (read metadata, update…). */\nconst canAccessAdminToken = (user: AdminUser, token: AdminApiToken): boolean =>\n isTokenOwner(user, token) || isSuperAdmin(user);\n\n// ---------------------------------------------------------------------------\n// Controller\n// ---------------------------------------------------------------------------\n\nexport default {\n // -------------------------------------------------------------------------\n // Create\n // -------------------------------------------------------------------------\n async create(ctx: Context) {\n const { body } = ctx.request as Create.Request;\n const apiTokenService = getService('api-token-admin');\n\n if ((body as ContentApiApiToken).type !== undefined) {\n return ctx.badRequest('Type is not allowed for admin tokens');\n }\n if ((body as ContentApiApiToken).permissions !== undefined) {\n return ctx.badRequest('Permissions are not allowed for admin tokens');\n }\n\n const attributes = {\n kind: 'admin' as const,\n name: trim(body.name),\n description: trim(body.description),\n adminPermissions: body.adminPermissions,\n lifespan: body.lifespan,\n adminUserOwner: ctx.state.user.id,\n };\n\n await validateAdminTokenCreationInput(attributes);\n\n const alreadyExists = await apiTokenService.exists({ name: attributes.name });\n if (alreadyExists) {\n throw new ApplicationError('Name already taken');\n }\n\n const apiToken = await apiTokenService.create(attributes, ctx.state.user);\n ctx.created({ data: apiToken });\n },\n\n // -------------------------------------------------------------------------\n // Regenerate — owner-only, super-admin does NOT bypass\n // -------------------------------------------------------------------------\n async regenerate(ctx: Context) {\n const { id } = ctx.params;\n const apiTokenService = getService('api-token-admin');\n\n const token = await apiTokenService.getById(id);\n if (!token) {\n ctx.notFound('API Token not found');\n return;\n }\n\n if (!isTokenOwner(ctx.state.user, token)) {\n return ctx.forbidden();\n }\n\n const accessToken = await apiTokenService.regenerate(id);\n ctx.created({ data: accessToken });\n },\n\n // -------------------------------------------------------------------------\n // List — always filtered to kind: 'admin'\n // -------------------------------------------------------------------------\n async list(ctx: Context) {\n const apiTokenService = getService('api-token-admin');\n const apiTokens = await apiTokenService.list(ctx.state.user);\n\n ctx.send({ data: apiTokens } satisfies List.Response);\n },\n\n // -------------------------------------------------------------------------\n // Revoke\n // -------------------------------------------------------------------------\n async revoke(ctx: Context) {\n const { id } = ctx.params as Revoke.Params;\n const apiTokenService = getService('api-token-admin');\n\n const existingToken = await apiTokenService.getById(id);\n if (existingToken === null) {\n return ctx.notFound('API Token not found');\n }\n\n if (canAccessAdminToken(ctx.state.user, existingToken) === false) {\n return ctx.forbidden();\n }\n\n const apiToken = await apiTokenService.revoke(id);\n ctx.deleted({ data: apiToken } satisfies Revoke.Response);\n },\n\n // -------------------------------------------------------------------------\n // Get — key exposed only to owner\n // -------------------------------------------------------------------------\n async get(ctx: Context) {\n const { id } = ctx.params;\n const apiTokenService = getService('api-token-admin');\n\n const token = await apiTokenService.getById(id);\n if (!token) {\n ctx.notFound('API Token not found');\n return;\n }\n\n if (canAccessAdminToken(ctx.state.user, token) === false) {\n ctx.notFound('API Token not found');\n return;\n }\n\n if (isTokenOwner(ctx.state.user, token)) {\n const withKey = await apiTokenService.getById(id, { includeDecryptedKey: true });\n ctx.send({ data: withKey ?? token } satisfies Get.Response);\n return;\n }\n\n ctx.send({ data: token } satisfies Get.Response);\n },\n\n // -------------------------------------------------------------------------\n // Update — owner or super-admin only\n // -------------------------------------------------------------------------\n async update(ctx: Context) {\n const { body } = ctx.request as Update.Request;\n const { id } = ctx.params as Update.Params;\n const apiTokenService = getService('api-token-admin');\n\n const mutableBody = body as Record<string, unknown>;\n if (has('name', mutableBody)) {\n mutableBody.name = trim(body.name ?? '');\n }\n if (has('description', mutableBody) || mutableBody.description === null) {\n mutableBody.description = trim(body.description ?? '');\n }\n\n await validateAdminTokenUpdateInput(body);\n\n const existingToken = await apiTokenService.getById(id);\n if (!existingToken) {\n return ctx.notFound('API Token not found');\n }\n\n if (has('name', body)) {\n const nameAlreadyTaken = await apiTokenService.getByName(body.name!);\n if (nameAlreadyTaken !== null && !strings.isEqual(nameAlreadyTaken.id, id)) {\n throw new ApplicationError('Name already taken');\n }\n }\n\n if (!canAccessAdminToken(ctx.state.user, existingToken)) {\n return ctx.forbidden();\n }\n\n const apiToken = await apiTokenService.update(id, body);\n ctx.send({ data: apiToken } satisfies Update.Response);\n },\n\n // -------------------------------------------------------------------------\n // Owner permissions — effective permissions of the token owner\n // -------------------------------------------------------------------------\n async getOwnerPermissions(ctx: Context) {\n const { id } = ctx.params as GetOwnerPermissions.Request['params'];\n const apiTokenService = getService('api-token-admin');\n const permissionService = getService('permission');\n const userService = getService('user');\n\n const token = await apiTokenService.getById(id);\n if (!token) {\n return ctx.notFound('apiToken.notFound');\n }\n\n if (!canAccessAdminToken(ctx.state.user, token)) {\n return ctx.forbidden();\n }\n\n const ownerId = getOwnerId(token);\n const ownerUser = await userService.findOne(ownerId);\n if (!ownerUser) {\n return ctx.notFound('owner.notFound');\n }\n\n const ownerPermissions = await permissionService.findUserPermissions(ownerUser);\n const sanitizedPermissions = ownerPermissions.map(permissionService.sanitizePermission);\n\n // @ts-expect-error - transform response type to sanitized permission\n ctx.body = { data: sanitizedPermissions } satisfies GetOwnerPermissions.Response;\n },\n};\n"],"names":["ApplicationError","errors","isSuperAdmin","user","roles","some","r","code","constants","SUPER_ADMIN_CODE","getOwnerId","token","owner","adminUserOwner","String","id","isTokenOwner","canAccessAdminToken","create","ctx","body","request","apiTokenService","getService","type","undefined","badRequest","permissions","attributes","kind","name","trim","description","adminPermissions","lifespan","state","validateAdminTokenCreationInput","alreadyExists","exists","apiToken","created","data","regenerate","params","getById","notFound","forbidden","accessToken","list","apiTokens","send","revoke","existingToken","deleted","get","withKey","includeDecryptedKey","update","mutableBody","has","validateAdminTokenUpdateInput","nameAlreadyTaken","getByName","strings","isEqual","getOwnerPermissions","permissionService","userService","ownerId","ownerUser","findOne","ownerPermissions","findUserPermissions","sanitizedPermissions","map","sanitizePermission"],"mappings":";;;;;;AAsBA,MAAM,EAAEA,gBAAgB,EAAE,GAAGC,MAAAA;AAE7B;AACA;AACA;AAEA,MAAMC,YAAAA,GAAe,CAACC,IAAAA,GACpBA,IAAAA,CAAKC,KAAK,CAACC,IAAI,CAAC,CAACC,IAAMA,CAAAA,CAAEC,IAAI,KAAKC,SAAAA,CAAUC,gBAAgB,CAAA,KAAM,IAAA;AAEpE,MAAMC,aAAa,CAACC,KAAAA,GAAAA;IAClB,MAAMC,KAAAA,GAAQD,MAAME,cAAc;AAClC,IAAA,OAAOC,OAAO,OAAOF,KAAAA,KAAU,QAAA,GAAWA,KAAAA,CAAMG,EAAE,GAAGH,KAAAA,CAAAA;AACvD,CAAA;AAEA,uEACA,MAAMI,YAAAA,GAAe,CAACb,IAAAA,EAAiBQ,QACrCD,UAAAA,CAAWC,KAAAA,CAAAA,KAAWG,MAAAA,CAAOX,IAAAA,CAAKY,EAAE,CAAA;AAEtC,gFACA,MAAME,mBAAAA,GAAsB,CAACd,MAAiBQ,KAAAA,GAC5CK,YAAAA,CAAab,IAAAA,EAAMQ,KAAAA,CAAAA,IAAUT,YAAAA,CAAaC,IAAAA,CAAAA;AAE5C;AACA;AACA;AAEA,iBAAe;;;;AAIb,IAAA,MAAMe,QAAOC,GAAY,EAAA;AACvB,QAAA,MAAM,EAAEC,IAAI,EAAE,GAAGD,IAAIE,OAAO;AAC5B,QAAA,MAAMC,kBAAkBC,UAAAA,CAAW,iBAAA,CAAA;AAEnC,QAAA,IAAI,IAACH,CAA4BI,IAAI,KAAKC,SAAAA,EAAW;YACnD,OAAON,GAAAA,CAAIO,UAAU,CAAC,sCAAA,CAAA;AACxB,QAAA;AACA,QAAA,IAAI,IAACN,CAA4BO,WAAW,KAAKF,SAAAA,EAAW;YAC1D,OAAON,GAAAA,CAAIO,UAAU,CAAC,8CAAA,CAAA;AACxB,QAAA;AAEA,QAAA,MAAME,UAAAA,GAAa;YACjBC,IAAAA,EAAM,OAAA;YACNC,IAAAA,EAAMC,IAAAA,CAAKX,KAAKU,IAAI,CAAA;YACpBE,WAAAA,EAAaD,IAAAA,CAAKX,KAAKY,WAAW,CAAA;AAClCC,YAAAA,gBAAAA,EAAkBb,KAAKa,gBAAgB;AACvCC,YAAAA,QAAAA,EAAUd,KAAKc,QAAQ;AACvBrB,YAAAA,cAAAA,EAAgBM,GAAAA,CAAIgB,KAAK,CAAChC,IAAI,CAACY;AACjC,SAAA;AAEA,QAAA,MAAMqB,+BAAAA,CAAgCR,UAAAA,CAAAA;AAEtC,QAAA,MAAMS,aAAAA,GAAgB,MAAMf,eAAAA,CAAgBgB,MAAM,CAAC;AAAER,YAAAA,IAAAA,EAAMF,WAAWE;AAAK,SAAA,CAAA;AAC3E,QAAA,IAAIO,aAAAA,EAAe;AACjB,YAAA,MAAM,IAAIrC,gBAAAA,CAAiB,oBAAA,CAAA;AAC7B,QAAA;QAEA,MAAMuC,QAAAA,GAAW,MAAMjB,eAAAA,CAAgBJ,MAAM,CAACU,UAAAA,EAAYT,GAAAA,CAAIgB,KAAK,CAAChC,IAAI,CAAA;AACxEgB,QAAAA,GAAAA,CAAIqB,OAAO,CAAC;YAAEC,IAAAA,EAAMF;AAAS,SAAA,CAAA;AAC/B,IAAA,CAAA;;;;AAKA,IAAA,MAAMG,YAAWvB,GAAY,EAAA;AAC3B,QAAA,MAAM,EAAEJ,EAAE,EAAE,GAAGI,IAAIwB,MAAM;AACzB,QAAA,MAAMrB,kBAAkBC,UAAAA,CAAW,iBAAA,CAAA;AAEnC,QAAA,MAAMZ,KAAAA,GAAQ,MAAMW,eAAAA,CAAgBsB,OAAO,CAAC7B,EAAAA,CAAAA;AAC5C,QAAA,IAAI,CAACJ,KAAAA,EAAO;AACVQ,YAAAA,GAAAA,CAAI0B,QAAQ,CAAC,qBAAA,CAAA;AACb,YAAA;AACF,QAAA;AAEA,QAAA,IAAI,CAAC7B,YAAAA,CAAaG,GAAAA,CAAIgB,KAAK,CAAChC,IAAI,EAAEQ,KAAAA,CAAAA,EAAQ;AACxC,YAAA,OAAOQ,IAAI2B,SAAS,EAAA;AACtB,QAAA;AAEA,QAAA,MAAMC,WAAAA,GAAc,MAAMzB,eAAAA,CAAgBoB,UAAU,CAAC3B,EAAAA,CAAAA;AACrDI,QAAAA,GAAAA,CAAIqB,OAAO,CAAC;YAAEC,IAAAA,EAAMM;AAAY,SAAA,CAAA;AAClC,IAAA,CAAA;;;;AAKA,IAAA,MAAMC,MAAK7B,GAAY,EAAA;AACrB,QAAA,MAAMG,kBAAkBC,UAAAA,CAAW,iBAAA,CAAA;QACnC,MAAM0B,SAAAA,GAAY,MAAM3B,eAAAA,CAAgB0B,IAAI,CAAC7B,GAAAA,CAAIgB,KAAK,CAAChC,IAAI,CAAA;AAE3DgB,QAAAA,GAAAA,CAAI+B,IAAI,CAAC;YAAET,IAAAA,EAAMQ;AAAU,SAAA,CAAA;AAC7B,IAAA,CAAA;;;;AAKA,IAAA,MAAME,QAAOhC,GAAY,EAAA;AACvB,QAAA,MAAM,EAAEJ,EAAE,EAAE,GAAGI,IAAIwB,MAAM;AACzB,QAAA,MAAMrB,kBAAkBC,UAAAA,CAAW,iBAAA,CAAA;AAEnC,QAAA,MAAM6B,aAAAA,GAAgB,MAAM9B,eAAAA,CAAgBsB,OAAO,CAAC7B,EAAAA,CAAAA;AACpD,QAAA,IAAIqC,kBAAkB,IAAA,EAAM;YAC1B,OAAOjC,GAAAA,CAAI0B,QAAQ,CAAC,qBAAA,CAAA;AACtB,QAAA;AAEA,QAAA,IAAI5B,oBAAoBE,GAAAA,CAAIgB,KAAK,CAAChC,IAAI,EAAEiD,mBAAmB,KAAA,EAAO;AAChE,YAAA,OAAOjC,IAAI2B,SAAS,EAAA;AACtB,QAAA;AAEA,QAAA,MAAMP,QAAAA,GAAW,MAAMjB,eAAAA,CAAgB6B,MAAM,CAACpC,EAAAA,CAAAA;AAC9CI,QAAAA,GAAAA,CAAIkC,OAAO,CAAC;YAAEZ,IAAAA,EAAMF;AAAS,SAAA,CAAA;AAC/B,IAAA,CAAA;;;;AAKA,IAAA,MAAMe,KAAInC,GAAY,EAAA;AACpB,QAAA,MAAM,EAAEJ,EAAE,EAAE,GAAGI,IAAIwB,MAAM;AACzB,QAAA,MAAMrB,kBAAkBC,UAAAA,CAAW,iBAAA,CAAA;AAEnC,QAAA,MAAMZ,KAAAA,GAAQ,MAAMW,eAAAA,CAAgBsB,OAAO,CAAC7B,EAAAA,CAAAA;AAC5C,QAAA,IAAI,CAACJ,KAAAA,EAAO;AACVQ,YAAAA,GAAAA,CAAI0B,QAAQ,CAAC,qBAAA,CAAA;AACb,YAAA;AACF,QAAA;AAEA,QAAA,IAAI5B,oBAAoBE,GAAAA,CAAIgB,KAAK,CAAChC,IAAI,EAAEQ,WAAW,KAAA,EAAO;AACxDQ,YAAAA,GAAAA,CAAI0B,QAAQ,CAAC,qBAAA,CAAA;AACb,YAAA;AACF,QAAA;AAEA,QAAA,IAAI7B,aAAaG,GAAAA,CAAIgB,KAAK,CAAChC,IAAI,EAAEQ,KAAAA,CAAAA,EAAQ;AACvC,YAAA,MAAM4C,OAAAA,GAAU,MAAMjC,eAAAA,CAAgBsB,OAAO,CAAC7B,EAAAA,EAAI;gBAAEyC,mBAAAA,EAAqB;AAAK,aAAA,CAAA;AAC9ErC,YAAAA,GAAAA,CAAI+B,IAAI,CAAC;AAAET,gBAAAA,IAAAA,EAAMc,OAAAA,IAAW5C;AAAM,aAAA,CAAA;AAClC,YAAA;AACF,QAAA;AAEAQ,QAAAA,GAAAA,CAAI+B,IAAI,CAAC;YAAET,IAAAA,EAAM9B;AAAM,SAAA,CAAA;AACzB,IAAA,CAAA;;;;AAKA,IAAA,MAAM8C,QAAOtC,GAAY,EAAA;AACvB,QAAA,MAAM,EAAEC,IAAI,EAAE,GAAGD,IAAIE,OAAO;AAC5B,QAAA,MAAM,EAAEN,EAAE,EAAE,GAAGI,IAAIwB,MAAM;AACzB,QAAA,MAAMrB,kBAAkBC,UAAAA,CAAW,iBAAA,CAAA;AAEnC,QAAA,MAAMmC,WAAAA,GAActC,IAAAA;QACpB,IAAIuC,GAAAA,CAAI,QAAQD,WAAAA,CAAAA,EAAc;AAC5BA,YAAAA,WAAAA,CAAY5B,IAAI,GAAGC,IAAAA,CAAKX,IAAAA,CAAKU,IAAI,IAAI,EAAA,CAAA;AACvC,QAAA;AACA,QAAA,IAAI6B,IAAI,aAAA,EAAeD,WAAAA,CAAAA,IAAgBA,WAAAA,CAAY1B,WAAW,KAAK,IAAA,EAAM;AACvE0B,YAAAA,WAAAA,CAAY1B,WAAW,GAAGD,IAAAA,CAAKX,IAAAA,CAAKY,WAAW,IAAI,EAAA,CAAA;AACrD,QAAA;AAEA,QAAA,MAAM4B,6BAAAA,CAA8BxC,IAAAA,CAAAA;AAEpC,QAAA,MAAMgC,aAAAA,GAAgB,MAAM9B,eAAAA,CAAgBsB,OAAO,CAAC7B,EAAAA,CAAAA;AACpD,QAAA,IAAI,CAACqC,aAAAA,EAAe;YAClB,OAAOjC,GAAAA,CAAI0B,QAAQ,CAAC,qBAAA,CAAA;AACtB,QAAA;QAEA,IAAIc,GAAAA,CAAI,QAAQvC,IAAAA,CAAAA,EAAO;AACrB,YAAA,MAAMyC,mBAAmB,MAAMvC,eAAAA,CAAgBwC,SAAS,CAAC1C,KAAKU,IAAI,CAAA;YAClE,IAAI+B,gBAAAA,KAAqB,QAAQ,CAACE,OAAAA,CAAQC,OAAO,CAACH,gBAAAA,CAAiB9C,EAAE,EAAEA,EAAAA,CAAAA,EAAK;AAC1E,gBAAA,MAAM,IAAIf,gBAAAA,CAAiB,oBAAA,CAAA;AAC7B,YAAA;AACF,QAAA;AAEA,QAAA,IAAI,CAACiB,mBAAAA,CAAoBE,GAAAA,CAAIgB,KAAK,CAAChC,IAAI,EAAEiD,aAAAA,CAAAA,EAAgB;AACvD,YAAA,OAAOjC,IAAI2B,SAAS,EAAA;AACtB,QAAA;AAEA,QAAA,MAAMP,QAAAA,GAAW,MAAMjB,eAAAA,CAAgBmC,MAAM,CAAC1C,EAAAA,EAAIK,IAAAA,CAAAA;AAClDD,QAAAA,GAAAA,CAAI+B,IAAI,CAAC;YAAET,IAAAA,EAAMF;AAAS,SAAA,CAAA;AAC5B,IAAA,CAAA;;;;AAKA,IAAA,MAAM0B,qBAAoB9C,GAAY,EAAA;AACpC,QAAA,MAAM,EAAEJ,EAAE,EAAE,GAAGI,IAAIwB,MAAM;AACzB,QAAA,MAAMrB,kBAAkBC,UAAAA,CAAW,iBAAA,CAAA;AACnC,QAAA,MAAM2C,oBAAoB3C,UAAAA,CAAW,YAAA,CAAA;AACrC,QAAA,MAAM4C,cAAc5C,UAAAA,CAAW,MAAA,CAAA;AAE/B,QAAA,MAAMZ,KAAAA,GAAQ,MAAMW,eAAAA,CAAgBsB,OAAO,CAAC7B,EAAAA,CAAAA;AAC5C,QAAA,IAAI,CAACJ,KAAAA,EAAO;YACV,OAAOQ,GAAAA,CAAI0B,QAAQ,CAAC,mBAAA,CAAA;AACtB,QAAA;AAEA,QAAA,IAAI,CAAC5B,mBAAAA,CAAoBE,GAAAA,CAAIgB,KAAK,CAAChC,IAAI,EAAEQ,KAAAA,CAAAA,EAAQ;AAC/C,YAAA,OAAOQ,IAAI2B,SAAS,EAAA;AACtB,QAAA;AAEA,QAAA,MAAMsB,UAAU1D,UAAAA,CAAWC,KAAAA,CAAAA;AAC3B,QAAA,MAAM0D,SAAAA,GAAY,MAAMF,WAAAA,CAAYG,OAAO,CAACF,OAAAA,CAAAA;AAC5C,QAAA,IAAI,CAACC,SAAAA,EAAW;YACd,OAAOlD,GAAAA,CAAI0B,QAAQ,CAAC,gBAAA,CAAA;AACtB,QAAA;AAEA,QAAA,MAAM0B,gBAAAA,GAAmB,MAAML,iBAAAA,CAAkBM,mBAAmB,CAACH,SAAAA,CAAAA;AACrE,QAAA,MAAMI,oBAAAA,GAAuBF,gBAAAA,CAAiBG,GAAG,CAACR,kBAAkBS,kBAAkB,CAAA;;AAGtFxD,QAAAA,GAAAA,CAAIC,IAAI,GAAG;YAAEqB,IAAAA,EAAMgC;AAAqB,SAAA;AAC1C,IAAA;AACF,CAAA;;;;"}