@strapi/admin 5.44.0 → 5.45.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/admin/admin/src/components/Table.js.map +1 -1
- package/dist/admin/admin/src/components/Table.mjs.map +1 -1
- package/dist/admin/admin/src/constants.js +49 -0
- package/dist/admin/admin/src/constants.js.map +1 -1
- package/dist/admin/admin/src/constants.mjs +49 -0
- package/dist/admin/admin/src/constants.mjs.map +1 -1
- package/dist/admin/admin/src/core/apis/router.js +4 -4
- package/dist/admin/admin/src/core/apis/router.js.map +1 -1
- package/dist/admin/admin/src/core/apis/router.mjs +4 -4
- package/dist/admin/admin/src/core/apis/router.mjs.map +1 -1
- package/dist/admin/admin/src/features/Tracking.js.map +1 -1
- package/dist/admin/admin/src/features/Tracking.mjs.map +1 -1
- package/dist/admin/admin/src/pages/Settings/{pages/ApiTokens/EditView/components → components/Tokens}/FormApiTokenContainer.js +48 -11
- package/dist/admin/admin/src/pages/Settings/components/Tokens/FormApiTokenContainer.js.map +1 -0
- package/dist/admin/admin/src/pages/Settings/{pages/ApiTokens/EditView/components → components/Tokens}/FormApiTokenContainer.mjs +49 -12
- package/dist/admin/admin/src/pages/Settings/components/Tokens/FormApiTokenContainer.mjs.map +1 -0
- package/dist/admin/admin/src/pages/Settings/components/Tokens/FormHead.js +1 -1
- package/dist/admin/admin/src/pages/Settings/components/Tokens/FormHead.js.map +1 -1
- package/dist/admin/admin/src/pages/Settings/components/Tokens/FormHead.mjs +1 -1
- package/dist/admin/admin/src/pages/Settings/components/Tokens/FormHead.mjs.map +1 -1
- package/dist/admin/admin/src/pages/Settings/components/Tokens/LifeSpanInput.js +1 -1
- package/dist/admin/admin/src/pages/Settings/components/Tokens/LifeSpanInput.js.map +1 -1
- package/dist/admin/admin/src/pages/Settings/components/Tokens/LifeSpanInput.mjs +1 -1
- package/dist/admin/admin/src/pages/Settings/components/Tokens/LifeSpanInput.mjs.map +1 -1
- package/dist/admin/admin/src/pages/Settings/components/Tokens/Table.js +21 -1
- package/dist/admin/admin/src/pages/Settings/components/Tokens/Table.js.map +1 -1
- package/dist/admin/admin/src/pages/Settings/components/Tokens/Table.mjs +21 -1
- package/dist/admin/admin/src/pages/Settings/components/Tokens/Table.mjs.map +1 -1
- package/dist/admin/admin/src/pages/Settings/components/Tokens/TokenBox.js +1 -1
- package/dist/admin/admin/src/pages/Settings/components/Tokens/TokenBox.js.map +1 -1
- package/dist/admin/admin/src/pages/Settings/components/Tokens/TokenBox.mjs +1 -1
- package/dist/admin/admin/src/pages/Settings/components/Tokens/TokenBox.mjs.map +1 -1
- package/dist/admin/admin/src/pages/Settings/components/Tokens/constants.js +33 -0
- package/dist/admin/admin/src/pages/Settings/components/Tokens/constants.js.map +1 -1
- package/dist/admin/admin/src/pages/Settings/components/Tokens/constants.mjs +14 -1
- package/dist/admin/admin/src/pages/Settings/components/Tokens/constants.mjs.map +1 -1
- package/dist/admin/admin/src/pages/Settings/{pages/ApiTokens/EditView → components/Tokens}/utils/getDateOfExpiration.js +1 -1
- package/dist/admin/admin/src/pages/Settings/components/Tokens/utils/getDateOfExpiration.js.map +1 -0
- package/dist/admin/admin/src/pages/Settings/{pages/ApiTokens/EditView → components/Tokens}/utils/getDateOfExpiration.mjs +1 -1
- package/dist/admin/admin/src/pages/Settings/components/Tokens/utils/getDateOfExpiration.mjs.map +1 -0
- package/dist/admin/admin/src/pages/Settings/constants.js +182 -151
- package/dist/admin/admin/src/pages/Settings/constants.js.map +1 -1
- package/dist/admin/admin/src/pages/Settings/constants.mjs +182 -151
- package/dist/admin/admin/src/pages/Settings/constants.mjs.map +1 -1
- package/dist/admin/admin/src/pages/Settings/pages/AdminTokens/CreateView.js +17 -0
- package/dist/admin/admin/src/pages/Settings/pages/AdminTokens/CreateView.js.map +1 -0
- package/dist/admin/admin/src/pages/Settings/pages/AdminTokens/CreateView.mjs +15 -0
- package/dist/admin/admin/src/pages/Settings/pages/AdminTokens/CreateView.mjs.map +1 -0
- package/dist/admin/admin/src/pages/Settings/pages/AdminTokens/EditView/EditViewPage.js +314 -0
- package/dist/admin/admin/src/pages/Settings/pages/AdminTokens/EditView/EditViewPage.js.map +1 -0
- package/dist/admin/admin/src/pages/Settings/pages/AdminTokens/EditView/EditViewPage.mjs +292 -0
- package/dist/admin/admin/src/pages/Settings/pages/AdminTokens/EditView/EditViewPage.mjs.map +1 -0
- package/dist/admin/admin/src/pages/Settings/pages/AdminTokens/EditView/components/AdminPermissions.js +70 -0
- package/dist/admin/admin/src/pages/Settings/pages/AdminTokens/EditView/components/AdminPermissions.js.map +1 -0
- package/dist/admin/admin/src/pages/Settings/pages/AdminTokens/EditView/components/AdminPermissions.mjs +49 -0
- package/dist/admin/admin/src/pages/Settings/pages/AdminTokens/EditView/components/AdminPermissions.mjs.map +1 -0
- package/dist/admin/admin/src/pages/Settings/pages/AdminTokens/ListView.js +254 -0
- package/dist/admin/admin/src/pages/Settings/pages/AdminTokens/ListView.js.map +1 -0
- package/dist/admin/admin/src/pages/Settings/pages/AdminTokens/ListView.mjs +231 -0
- package/dist/admin/admin/src/pages/Settings/pages/AdminTokens/ListView.mjs.map +1 -0
- package/dist/admin/admin/src/pages/Settings/pages/ApiTokens/EditView/EditViewPage.js +42 -33
- package/dist/admin/admin/src/pages/Settings/pages/ApiTokens/EditView/EditViewPage.js.map +1 -1
- package/dist/admin/admin/src/pages/Settings/pages/ApiTokens/EditView/EditViewPage.mjs +43 -34
- package/dist/admin/admin/src/pages/Settings/pages/ApiTokens/EditView/EditViewPage.mjs.map +1 -1
- package/dist/admin/admin/src/pages/Settings/pages/ApiTokens/ListView.js +3 -2
- package/dist/admin/admin/src/pages/Settings/pages/ApiTokens/ListView.js.map +1 -1
- package/dist/admin/admin/src/pages/Settings/pages/ApiTokens/ListView.mjs +3 -2
- package/dist/admin/admin/src/pages/Settings/pages/ApiTokens/ListView.mjs.map +1 -1
- package/dist/admin/admin/src/pages/Settings/pages/Roles/components/CollapsePropertyMatrix.js +23 -12
- package/dist/admin/admin/src/pages/Settings/pages/Roles/components/CollapsePropertyMatrix.js.map +1 -1
- package/dist/admin/admin/src/pages/Settings/pages/Roles/components/CollapsePropertyMatrix.mjs +23 -12
- package/dist/admin/admin/src/pages/Settings/pages/Roles/components/CollapsePropertyMatrix.mjs.map +1 -1
- package/dist/admin/admin/src/pages/Settings/pages/Roles/components/ConditionsModal.js +124 -35
- package/dist/admin/admin/src/pages/Settings/pages/Roles/components/ConditionsModal.js.map +1 -1
- package/dist/admin/admin/src/pages/Settings/pages/Roles/components/ConditionsModal.mjs +126 -37
- package/dist/admin/admin/src/pages/Settings/pages/Roles/components/ConditionsModal.mjs.map +1 -1
- package/dist/admin/admin/src/pages/Settings/pages/Roles/components/ContentTypeCollapses.js +24 -9
- package/dist/admin/admin/src/pages/Settings/pages/Roles/components/ContentTypeCollapses.js.map +1 -1
- package/dist/admin/admin/src/pages/Settings/pages/Roles/components/ContentTypeCollapses.mjs +24 -9
- package/dist/admin/admin/src/pages/Settings/pages/Roles/components/ContentTypeCollapses.mjs.map +1 -1
- package/dist/admin/admin/src/pages/Settings/pages/Roles/components/GlobalActions.js +5 -3
- package/dist/admin/admin/src/pages/Settings/pages/Roles/components/GlobalActions.js.map +1 -1
- package/dist/admin/admin/src/pages/Settings/pages/Roles/components/GlobalActions.mjs +5 -3
- package/dist/admin/admin/src/pages/Settings/pages/Roles/components/GlobalActions.mjs.map +1 -1
- package/dist/admin/admin/src/pages/Settings/pages/Roles/components/Permissions.js +171 -36
- package/dist/admin/admin/src/pages/Settings/pages/Roles/components/Permissions.js.map +1 -1
- package/dist/admin/admin/src/pages/Settings/pages/Roles/components/Permissions.mjs +172 -37
- package/dist/admin/admin/src/pages/Settings/pages/Roles/components/Permissions.mjs.map +1 -1
- package/dist/admin/admin/src/pages/Settings/pages/Roles/components/PluginsAndSettings.js +5 -3
- package/dist/admin/admin/src/pages/Settings/pages/Roles/components/PluginsAndSettings.js.map +1 -1
- package/dist/admin/admin/src/pages/Settings/pages/Roles/components/PluginsAndSettings.mjs +5 -3
- package/dist/admin/admin/src/pages/Settings/pages/Roles/components/PluginsAndSettings.mjs.map +1 -1
- package/dist/admin/admin/src/pages/Settings/pages/Roles/hooks/usePermissionsDataManager.js +59 -1
- package/dist/admin/admin/src/pages/Settings/pages/Roles/hooks/usePermissionsDataManager.js.map +1 -1
- package/dist/admin/admin/src/pages/Settings/pages/Roles/hooks/usePermissionsDataManager.mjs +40 -1
- package/dist/admin/admin/src/pages/Settings/pages/Roles/hooks/usePermissionsDataManager.mjs.map +1 -1
- package/dist/admin/admin/src/pages/Settings/pages/Roles/utils/createPermissionChecker.js +89 -0
- package/dist/admin/admin/src/pages/Settings/pages/Roles/utils/createPermissionChecker.js.map +1 -0
- package/dist/admin/admin/src/pages/Settings/pages/Roles/utils/createPermissionChecker.mjs +86 -0
- package/dist/admin/admin/src/pages/Settings/pages/Roles/utils/createPermissionChecker.mjs.map +1 -0
- package/dist/admin/admin/src/pages/Settings/pages/Roles/utils/updateValues.js +35 -9
- package/dist/admin/admin/src/pages/Settings/pages/Roles/utils/updateValues.js.map +1 -1
- package/dist/admin/admin/src/pages/Settings/pages/Roles/utils/updateValues.mjs +35 -10
- package/dist/admin/admin/src/pages/Settings/pages/Roles/utils/updateValues.mjs.map +1 -1
- package/dist/admin/admin/src/render.js +6 -3
- package/dist/admin/admin/src/render.js.map +1 -1
- package/dist/admin/admin/src/render.mjs +6 -3
- package/dist/admin/admin/src/render.mjs.map +1 -1
- package/dist/admin/admin/src/router.js +4 -4
- package/dist/admin/admin/src/router.js.map +1 -1
- package/dist/admin/admin/src/router.mjs +1 -1
- package/dist/admin/admin/src/router.mjs.map +1 -1
- package/dist/admin/admin/src/services/apiTokens.js +85 -2
- package/dist/admin/admin/src/services/apiTokens.js.map +1 -1
- package/dist/admin/admin/src/services/apiTokens.mjs +80 -3
- package/dist/admin/admin/src/services/apiTokens.mjs.map +1 -1
- package/dist/admin/admin/src/translations/en.json.js +16 -1
- package/dist/admin/admin/src/translations/en.json.js.map +1 -1
- package/dist/admin/admin/src/translations/en.json.mjs +16 -1
- package/dist/admin/admin/src/translations/en.json.mjs.map +1 -1
- package/dist/admin/admin/src/utils/getFetchClient.js +4 -1
- package/dist/admin/admin/src/utils/getFetchClient.js.map +1 -1
- package/dist/admin/admin/src/utils/getFetchClient.mjs +4 -1
- package/dist/admin/admin/src/utils/getFetchClient.mjs.map +1 -1
- package/dist/admin/admin/tests/server.js +99 -21
- package/dist/admin/admin/tests/server.js.map +1 -1
- package/dist/admin/admin/tests/server.mjs +99 -21
- package/dist/admin/admin/tests/server.mjs.map +1 -1
- package/dist/admin/src/constants.d.ts +26 -0
- package/dist/admin/src/core/apis/router.d.ts +1 -1
- package/dist/admin/src/features/Tracking.d.ts +2 -1
- package/dist/admin/src/pages/Settings/components/Tokens/FormApiTokenContainer.d.ts +24 -0
- package/dist/admin/src/pages/Settings/components/Tokens/Table.d.ts +2 -1
- package/dist/admin/src/pages/Settings/components/Tokens/constants.d.ts +17 -0
- package/dist/admin/src/pages/Settings/constants.d.ts +1 -1
- package/dist/admin/src/pages/Settings/pages/AdminTokens/CreateView.d.ts +1 -0
- package/dist/admin/src/pages/Settings/pages/AdminTokens/EditView/EditViewPage.d.ts +2 -0
- package/dist/admin/src/pages/Settings/pages/AdminTokens/EditView/components/AdminPermissions.d.ts +13 -0
- package/dist/admin/src/pages/Settings/pages/AdminTokens/ListView.d.ts +2 -0
- package/dist/admin/src/pages/Settings/pages/Roles/components/CollapsePropertyMatrix.d.ts +4 -3
- package/dist/admin/src/pages/Settings/pages/Roles/components/ConditionsModal.d.ts +3 -1
- package/dist/admin/src/pages/Settings/pages/Roles/components/ContentTypeCollapses.d.ts +1 -0
- package/dist/admin/src/pages/Settings/pages/Roles/components/Permissions.d.ts +5 -0
- package/dist/admin/src/pages/Settings/pages/Roles/hooks/usePermissionsDataManager.d.ts +8 -7
- package/dist/admin/src/pages/Settings/pages/Roles/utils/createPermissionChecker.d.ts +27 -0
- package/dist/admin/src/pages/Settings/pages/Roles/utils/updateValues.d.ts +8 -2
- package/dist/admin/src/services/apiTokens.d.ts +5 -2
- package/dist/admin/src/types/permissions.d.ts +1 -1
- package/dist/server/server/src/bootstrap.js +37 -5
- package/dist/server/server/src/bootstrap.js.map +1 -1
- package/dist/server/server/src/bootstrap.mjs +37 -5
- package/dist/server/server/src/bootstrap.mjs.map +1 -1
- package/dist/server/server/src/config/admin-actions.js +48 -0
- package/dist/server/server/src/config/admin-actions.js.map +1 -1
- package/dist/server/server/src/config/admin-actions.mjs +48 -0
- package/dist/server/server/src/config/admin-actions.mjs.map +1 -1
- package/dist/server/server/src/content-types/Permission.js +10 -1
- package/dist/server/server/src/content-types/Permission.js.map +1 -1
- package/dist/server/server/src/content-types/Permission.mjs +10 -1
- package/dist/server/server/src/content-types/Permission.mjs.map +1 -1
- package/dist/server/server/src/content-types/User.js +8 -0
- package/dist/server/server/src/content-types/User.js.map +1 -1
- package/dist/server/server/src/content-types/User.mjs +8 -0
- package/dist/server/server/src/content-types/User.mjs.map +1 -1
- package/dist/server/server/src/content-types/api-token.js +27 -1
- package/dist/server/server/src/content-types/api-token.js.map +1 -1
- package/dist/server/server/src/content-types/api-token.mjs +27 -1
- package/dist/server/server/src/content-types/api-token.mjs.map +1 -1
- package/dist/server/server/src/controllers/admin-token.js +194 -0
- package/dist/server/server/src/controllers/admin-token.js.map +1 -0
- package/dist/server/server/src/controllers/admin-token.mjs +192 -0
- package/dist/server/server/src/controllers/admin-token.mjs.map +1 -0
- package/dist/server/server/src/controllers/api-token.js +48 -47
- package/dist/server/server/src/controllers/api-token.js.map +1 -1
- package/dist/server/server/src/controllers/api-token.mjs +48 -47
- package/dist/server/server/src/controllers/api-token.mjs.map +1 -1
- package/dist/server/server/src/controllers/index.js +2 -0
- package/dist/server/server/src/controllers/index.js.map +1 -1
- package/dist/server/server/src/controllers/index.mjs +2 -0
- package/dist/server/server/src/controllers/index.mjs.map +1 -1
- package/dist/server/server/src/domain/permission/index.js +2 -1
- package/dist/server/server/src/domain/permission/index.js.map +1 -1
- package/dist/server/server/src/domain/permission/index.mjs +2 -1
- package/dist/server/server/src/domain/permission/index.mjs.map +1 -1
- package/dist/server/server/src/policies/index.js +2 -0
- package/dist/server/server/src/policies/index.js.map +1 -1
- package/dist/server/server/src/policies/index.mjs +2 -0
- package/dist/server/server/src/policies/index.mjs.map +1 -1
- package/dist/server/server/src/policies/isAdminTokensEnabled.js +16 -0
- package/dist/server/server/src/policies/isAdminTokensEnabled.js.map +1 -0
- package/dist/server/server/src/policies/isAdminTokensEnabled.mjs +14 -0
- package/dist/server/server/src/policies/isAdminTokensEnabled.mjs.map +1 -0
- package/dist/server/server/src/register.js +4 -2
- package/dist/server/server/src/register.js.map +1 -1
- package/dist/server/server/src/register.mjs +4 -2
- package/dist/server/server/src/register.mjs.map +1 -1
- package/dist/server/server/src/routes/admin-tokens.js +140 -0
- package/dist/server/server/src/routes/admin-tokens.js.map +1 -0
- package/dist/server/server/src/routes/admin-tokens.mjs +138 -0
- package/dist/server/server/src/routes/admin-tokens.mjs.map +1 -0
- package/dist/server/server/src/routes/index.js +2 -0
- package/dist/server/server/src/routes/index.js.map +1 -1
- package/dist/server/server/src/routes/index.mjs +2 -0
- package/dist/server/server/src/routes/index.mjs.map +1 -1
- package/dist/server/server/src/services/api-token.js +805 -101
- package/dist/server/server/src/services/api-token.js.map +1 -1
- package/dist/server/server/src/services/api-token.mjs +800 -101
- package/dist/server/server/src/services/api-token.mjs.map +1 -1
- package/dist/server/server/src/services/constants.js +2 -0
- package/dist/server/server/src/services/constants.js.map +1 -1
- package/dist/server/server/src/services/constants.mjs +2 -0
- package/dist/server/server/src/services/constants.mjs.map +1 -1
- package/dist/server/server/src/services/homepage.js +1 -1
- package/dist/server/server/src/services/homepage.js.map +1 -1
- package/dist/server/server/src/services/homepage.mjs +1 -1
- package/dist/server/server/src/services/homepage.mjs.map +1 -1
- package/dist/server/server/src/services/index.js +2 -1
- package/dist/server/server/src/services/index.js.map +1 -1
- package/dist/server/server/src/services/index.mjs +3 -2
- package/dist/server/server/src/services/index.mjs.map +1 -1
- package/dist/server/server/src/services/permission/engine.js +6 -0
- package/dist/server/server/src/services/permission/engine.js.map +1 -1
- package/dist/server/server/src/services/permission/engine.mjs +6 -0
- package/dist/server/server/src/services/permission/engine.mjs.map +1 -1
- package/dist/server/server/src/services/permission/queries.js +11 -2
- package/dist/server/server/src/services/permission/queries.js.map +1 -1
- package/dist/server/server/src/services/permission/queries.mjs +12 -3
- package/dist/server/server/src/services/permission/queries.mjs.map +1 -1
- package/dist/server/server/src/services/role.js +3 -0
- package/dist/server/server/src/services/role.js.map +1 -1
- package/dist/server/server/src/services/role.mjs +3 -0
- package/dist/server/server/src/services/role.mjs.map +1 -1
- package/dist/server/server/src/strategies/admin-token.js +110 -0
- package/dist/server/server/src/strategies/admin-token.js.map +1 -0
- package/dist/server/server/src/strategies/admin-token.mjs +104 -0
- package/dist/server/server/src/strategies/admin-token.mjs.map +1 -0
- package/dist/server/server/src/strategies/api-token-utils.js +56 -0
- package/dist/server/server/src/strategies/api-token-utils.js.map +1 -0
- package/dist/server/server/src/strategies/api-token-utils.mjs +52 -0
- package/dist/server/server/src/strategies/api-token-utils.mjs.map +1 -0
- package/dist/server/server/src/strategies/content-api-token.js +104 -0
- package/dist/server/server/src/strategies/content-api-token.js.map +1 -0
- package/dist/server/server/src/strategies/content-api-token.mjs +98 -0
- package/dist/server/server/src/strategies/content-api-token.mjs.map +1 -0
- package/dist/server/server/src/validation/admin-tokens.js +28 -0
- package/dist/server/server/src/validation/admin-tokens.js.map +1 -0
- package/dist/server/server/src/validation/admin-tokens.mjs +25 -0
- package/dist/server/server/src/validation/admin-tokens.mjs.map +1 -0
- package/dist/server/server/src/validation/api-tokens.js +5 -2
- package/dist/server/server/src/validation/api-tokens.js.map +1 -1
- package/dist/server/server/src/validation/api-tokens.mjs +5 -2
- package/dist/server/server/src/validation/api-tokens.mjs.map +1 -1
- package/dist/server/server/src/validation/project-settings.js +15 -16
- package/dist/server/server/src/validation/project-settings.js.map +1 -1
- package/dist/server/server/src/validation/project-settings.mjs +4 -5
- package/dist/server/server/src/validation/project-settings.mjs.map +1 -1
- package/dist/server/src/bootstrap.d.ts.map +1 -1
- package/dist/server/src/config/admin-actions.d.ts.map +1 -1
- package/dist/server/src/content-types/Permission.d.ts +9 -0
- package/dist/server/src/content-types/Permission.d.ts.map +1 -1
- package/dist/server/src/content-types/User.d.ts +8 -0
- package/dist/server/src/content-types/User.d.ts.map +1 -1
- package/dist/server/src/content-types/api-token.d.ts +23 -0
- package/dist/server/src/content-types/api-token.d.ts.map +1 -1
- package/dist/server/src/content-types/index.d.ts +40 -0
- package/dist/server/src/content-types/index.d.ts.map +1 -1
- package/dist/server/src/controllers/admin-token.d.ts +12 -0
- package/dist/server/src/controllers/admin-token.d.ts.map +1 -0
- package/dist/server/src/controllers/api-token.d.ts +0 -1
- package/dist/server/src/controllers/api-token.d.ts.map +1 -1
- package/dist/server/src/controllers/index.d.ts +9 -1
- package/dist/server/src/controllers/index.d.ts.map +1 -1
- package/dist/server/src/domain/permission/index.d.ts.map +1 -1
- package/dist/server/src/index.d.ts +56 -2
- package/dist/server/src/index.d.ts.map +1 -1
- package/dist/server/src/policies/index.d.ts +5 -0
- package/dist/server/src/policies/index.d.ts.map +1 -1
- package/dist/server/src/policies/isAdminTokensEnabled.d.ts +7 -0
- package/dist/server/src/policies/isAdminTokensEnabled.d.ts.map +1 -0
- package/dist/server/src/register.d.ts.map +1 -1
- package/dist/server/src/routes/admin-tokens.d.ts +15 -0
- package/dist/server/src/routes/admin-tokens.d.ts.map +1 -0
- package/dist/server/src/routes/index.d.ts.map +1 -1
- package/dist/server/src/services/api-token.d.ts +136 -12
- package/dist/server/src/services/api-token.d.ts.map +1 -1
- package/dist/server/src/services/constants.d.ts +13 -11
- package/dist/server/src/services/constants.d.ts.map +1 -1
- package/dist/server/src/services/index.d.ts +2 -2
- package/dist/server/src/services/index.d.ts.map +1 -1
- package/dist/server/src/services/permission/engine.d.ts +5 -0
- package/dist/server/src/services/permission/engine.d.ts.map +1 -1
- package/dist/server/src/services/permission/queries.d.ts.map +1 -1
- package/dist/server/src/services/permission.d.ts +1 -0
- package/dist/server/src/services/permission.d.ts.map +1 -1
- package/dist/server/src/services/role.d.ts.map +1 -1
- package/dist/server/src/strategies/admin-token.d.ts +51 -0
- package/dist/server/src/strategies/admin-token.d.ts.map +1 -0
- package/dist/server/src/strategies/api-token-utils.d.ts +13 -0
- package/dist/server/src/strategies/api-token-utils.d.ts.map +1 -0
- package/dist/server/src/strategies/{api-token.d.ts → content-api-token.d.ts} +10 -11
- package/dist/server/src/strategies/content-api-token.d.ts.map +1 -0
- package/dist/server/src/strategies/index.d.ts +2 -1
- package/dist/server/src/strategies/index.d.ts.map +1 -1
- package/dist/server/src/validation/admin-tokens.d.ts +75 -0
- package/dist/server/src/validation/admin-tokens.d.ts.map +1 -0
- package/dist/server/src/validation/api-tokens.d.ts +4 -2
- package/dist/server/src/validation/api-tokens.d.ts.map +1 -1
- package/dist/server/src/validation/project-settings.d.ts +10 -10
- package/dist/server/src/validation/project-settings.d.ts.map +1 -1
- package/dist/shared/contracts/admin-token.d.ts +122 -0
- package/dist/shared/contracts/admin-token.d.ts.map +1 -0
- package/dist/shared/contracts/api-token.d.ts +6 -95
- package/dist/shared/contracts/api-token.d.ts.map +1 -1
- package/dist/shared/contracts/content-api-token.d.ts +97 -0
- package/dist/shared/contracts/content-api-token.d.ts.map +1 -0
- package/dist/shared/contracts/shared.d.ts +1 -0
- package/dist/shared/contracts/shared.d.ts.map +1 -1
- package/package.json +7 -7
- package/dist/admin/admin/src/pages/Settings/pages/ApiTokens/EditView/components/FormApiTokenContainer.js.map +0 -1
- package/dist/admin/admin/src/pages/Settings/pages/ApiTokens/EditView/components/FormApiTokenContainer.mjs.map +0 -1
- package/dist/admin/admin/src/pages/Settings/pages/ApiTokens/EditView/constants.js +0 -37
- package/dist/admin/admin/src/pages/Settings/pages/ApiTokens/EditView/constants.js.map +0 -1
- package/dist/admin/admin/src/pages/Settings/pages/ApiTokens/EditView/constants.mjs +0 -16
- package/dist/admin/admin/src/pages/Settings/pages/ApiTokens/EditView/constants.mjs.map +0 -1
- package/dist/admin/admin/src/pages/Settings/pages/ApiTokens/EditView/utils/getDateOfExpiration.js.map +0 -1
- package/dist/admin/admin/src/pages/Settings/pages/ApiTokens/EditView/utils/getDateOfExpiration.mjs.map +0 -1
- package/dist/admin/src/pages/Settings/pages/ApiTokens/EditView/components/FormApiTokenContainer.d.ts +0 -20
- package/dist/admin/src/pages/Settings/pages/ApiTokens/EditView/constants.d.ts +0 -17
- package/dist/server/server/src/strategies/api-token.js +0 -144
- package/dist/server/server/src/strategies/api-token.js.map +0 -1
- package/dist/server/server/src/strategies/api-token.mjs +0 -138
- package/dist/server/server/src/strategies/api-token.mjs.map +0 -1
- package/dist/server/src/strategies/api-token.d.ts.map +0 -1
- /package/dist/admin/src/pages/Settings/{pages/ApiTokens/EditView → components/Tokens}/utils/getDateOfExpiration.d.ts +0 -0
|
@@ -0,0 +1,110 @@
|
|
|
1
|
+
'use strict';
|
|
2
|
+
|
|
3
|
+
Object.defineProperty(exports, '__esModule', { value: true });
|
|
4
|
+
|
|
5
|
+
var utils = require('@strapi/utils');
|
|
6
|
+
var index = require('../utils/index.js');
|
|
7
|
+
var apiTokenUtils = require('./api-token-utils.js');
|
|
8
|
+
require('@strapi/types');
|
|
9
|
+
|
|
10
|
+
const { UnauthorizedError } = utils.errors;
|
|
11
|
+
/**
|
|
12
|
+
* Authenticate an admin token. Rejects tokens with kind !== 'admin'.
|
|
13
|
+
*/ const authenticate = async (ctx)=>{
|
|
14
|
+
if (strapi.features.future.isEnabled('adminTokens') !== true) {
|
|
15
|
+
return {
|
|
16
|
+
authenticated: false
|
|
17
|
+
};
|
|
18
|
+
}
|
|
19
|
+
const apiTokenService = index.getService('api-token-admin');
|
|
20
|
+
const token = apiTokenUtils.extractToken(ctx);
|
|
21
|
+
if (token === null) {
|
|
22
|
+
return {
|
|
23
|
+
authenticated: false
|
|
24
|
+
};
|
|
25
|
+
}
|
|
26
|
+
const apiToken = await apiTokenService.getByAccessKey(apiTokenService.hash(token));
|
|
27
|
+
if (apiToken === null || apiToken === undefined) {
|
|
28
|
+
return {
|
|
29
|
+
authenticated: false
|
|
30
|
+
};
|
|
31
|
+
}
|
|
32
|
+
// Defensive kind check — only handle admin tokens
|
|
33
|
+
if (apiToken.kind !== 'admin') {
|
|
34
|
+
return {
|
|
35
|
+
authenticated: false
|
|
36
|
+
};
|
|
37
|
+
}
|
|
38
|
+
const expiryError = apiTokenUtils.checkExpiry(apiToken);
|
|
39
|
+
if (expiryError !== null) {
|
|
40
|
+
return {
|
|
41
|
+
authenticated: false,
|
|
42
|
+
error: expiryError
|
|
43
|
+
};
|
|
44
|
+
}
|
|
45
|
+
await apiTokenUtils.updateLastUsedAt(apiToken);
|
|
46
|
+
const owner = apiToken.adminUserOwner;
|
|
47
|
+
const ownerId = // eslint-disable-next-line no-nested-ternary
|
|
48
|
+
owner === null || owner === undefined ? null : typeof owner === 'object' ? owner.id : owner;
|
|
49
|
+
if (ownerId === null) {
|
|
50
|
+
return {
|
|
51
|
+
authenticated: false,
|
|
52
|
+
error: new UnauthorizedError('Token owner not found')
|
|
53
|
+
};
|
|
54
|
+
}
|
|
55
|
+
// Token populate does not load `roles`; reload the user like session auth (`admin` strategy)
|
|
56
|
+
// so `isSuperAdmin` and permission ceiling logic see the full admin user.
|
|
57
|
+
const user = await strapi.db.query('admin::user').findOne({
|
|
58
|
+
where: {
|
|
59
|
+
id: ownerId
|
|
60
|
+
},
|
|
61
|
+
populate: [
|
|
62
|
+
'roles'
|
|
63
|
+
]
|
|
64
|
+
});
|
|
65
|
+
if (user === null || user === undefined) {
|
|
66
|
+
return {
|
|
67
|
+
authenticated: false,
|
|
68
|
+
error: new UnauthorizedError('Token owner not found')
|
|
69
|
+
};
|
|
70
|
+
}
|
|
71
|
+
if (user.isActive !== true || user.blocked === true) {
|
|
72
|
+
return {
|
|
73
|
+
authenticated: false,
|
|
74
|
+
error: new UnauthorizedError('Token owner is deactivated')
|
|
75
|
+
};
|
|
76
|
+
}
|
|
77
|
+
const ability = await index.getService('permission').engine.generateTokenAbility(apiToken.adminPermissions ?? [], user);
|
|
78
|
+
ctx.state.userAbility = ability;
|
|
79
|
+
ctx.state.user = user;
|
|
80
|
+
return {
|
|
81
|
+
authenticated: true,
|
|
82
|
+
credentials: apiToken,
|
|
83
|
+
ability
|
|
84
|
+
};
|
|
85
|
+
};
|
|
86
|
+
/**
|
|
87
|
+
* Re-check presence and expiry at verify time.
|
|
88
|
+
* Authorization is handled by isAuthenticatedAdmin + hasPermissions policies.
|
|
89
|
+
*
|
|
90
|
+
* @type {import('.').VerifyFunction}
|
|
91
|
+
*/ const verify = (auth)=>{
|
|
92
|
+
const { credentials: apiToken } = auth;
|
|
93
|
+
if (apiToken === null || apiToken === undefined) {
|
|
94
|
+
throw new UnauthorizedError('Token not found');
|
|
95
|
+
}
|
|
96
|
+
const expiryError = apiTokenUtils.checkExpiry(apiToken);
|
|
97
|
+
if (expiryError !== null) {
|
|
98
|
+
throw expiryError;
|
|
99
|
+
}
|
|
100
|
+
};
|
|
101
|
+
var adminTokenAuthStrategy = {
|
|
102
|
+
name: 'admin-token',
|
|
103
|
+
authenticate,
|
|
104
|
+
verify
|
|
105
|
+
};
|
|
106
|
+
|
|
107
|
+
exports.authenticate = authenticate;
|
|
108
|
+
exports.default = adminTokenAuthStrategy;
|
|
109
|
+
exports.verify = verify;
|
|
110
|
+
//# sourceMappingURL=admin-token.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"admin-token.js","sources":["../../../../../server/src/strategies/admin-token.ts"],"sourcesContent":["import type { Context } from 'koa';\nimport { errors } from '@strapi/utils';\nimport { getService } from '../utils';\nimport { extractToken, checkExpiry, updateLastUsedAt } from './api-token-utils';\nimport '@strapi/types';\n\nconst { UnauthorizedError } = errors;\n\n/**\n * Authenticate an admin token. Rejects tokens with kind !== 'admin'.\n */\nexport const authenticate = async (ctx: Context) => {\n if (strapi.features.future.isEnabled('adminTokens') !== true) {\n return { authenticated: false };\n }\n\n const apiTokenService = getService('api-token-admin');\n const token = extractToken(ctx);\n\n if (token === null) {\n return { authenticated: false };\n }\n\n const apiToken = await apiTokenService.getByAccessKey(apiTokenService.hash(token));\n\n if (apiToken === null || apiToken === undefined) {\n return { authenticated: false };\n }\n\n // Defensive kind check — only handle admin tokens\n if (apiToken.kind !== 'admin') {\n return { authenticated: false };\n }\n\n const expiryError = checkExpiry(apiToken);\n if (expiryError !== null) {\n return { authenticated: false, error: expiryError };\n }\n\n await updateLastUsedAt(apiToken);\n\n const owner = apiToken.adminUserOwner;\n const ownerId =\n // eslint-disable-next-line no-nested-ternary\n owner === null || owner === undefined ? null : typeof owner === 'object' ? owner.id : owner;\n\n if (ownerId === null) {\n return { authenticated: false, error: new UnauthorizedError('Token owner not found') };\n }\n\n // Token populate does not load `roles`; reload the user like session auth (`admin` strategy)\n // so `isSuperAdmin` and permission ceiling logic see the full admin user.\n const user = await strapi.db\n .query('admin::user')\n .findOne({ where: { id: ownerId }, populate: ['roles'] });\n\n if (user === null || user === undefined) {\n return { authenticated: false, error: new UnauthorizedError('Token owner not found') };\n }\n\n if (user.isActive !== true || user.blocked === true) {\n return { authenticated: false, error: new UnauthorizedError('Token owner is deactivated') };\n }\n\n const ability = await getService('permission').engine.generateTokenAbility(\n apiToken.adminPermissions ?? [],\n user\n );\n\n ctx.state.userAbility = ability;\n ctx.state.user = user;\n\n return { authenticated: true, credentials: apiToken, ability };\n};\n\n/**\n * Re-check presence and expiry at verify time.\n * Authorization is handled by isAuthenticatedAdmin + hasPermissions policies.\n *\n * @type {import('.').VerifyFunction}\n */\nexport const verify = (auth: any): void => {\n const { credentials: apiToken } = auth;\n\n if (apiToken === null || apiToken === undefined) {\n throw new UnauthorizedError('Token not found');\n }\n\n const expiryError = checkExpiry(apiToken);\n if (expiryError !== null) {\n throw expiryError;\n }\n};\n\nexport default {\n name: 'admin-token',\n authenticate,\n verify,\n};\n"],"names":["UnauthorizedError","errors","authenticate","ctx","strapi","features","future","isEnabled","authenticated","apiTokenService","getService","token","extractToken","apiToken","getByAccessKey","hash","undefined","kind","expiryError","checkExpiry","error","updateLastUsedAt","owner","adminUserOwner","ownerId","id","user","db","query","findOne","where","populate","isActive","blocked","ability","engine","generateTokenAbility","adminPermissions","state","userAbility","credentials","verify","auth","name"],"mappings":";;;;;;;;;AAMA,MAAM,EAAEA,iBAAiB,EAAE,GAAGC,YAAAA;AAE9B;;IAGO,MAAMC,YAAAA,GAAe,OAAOC,GAAAA,GAAAA;IACjC,IAAIC,MAAAA,CAAOC,QAAQ,CAACC,MAAM,CAACC,SAAS,CAAC,mBAAmB,IAAA,EAAM;QAC5D,OAAO;YAAEC,aAAAA,EAAe;AAAM,SAAA;AAChC,IAAA;AAEA,IAAA,MAAMC,kBAAkBC,gBAAAA,CAAW,iBAAA,CAAA;AACnC,IAAA,MAAMC,QAAQC,0BAAAA,CAAaT,GAAAA,CAAAA;AAE3B,IAAA,IAAIQ,UAAU,IAAA,EAAM;QAClB,OAAO;YAAEH,aAAAA,EAAe;AAAM,SAAA;AAChC,IAAA;AAEA,IAAA,MAAMK,WAAW,MAAMJ,eAAAA,CAAgBK,cAAc,CAACL,eAAAA,CAAgBM,IAAI,CAACJ,KAAAA,CAAAA,CAAAA;IAE3E,IAAIE,QAAAA,KAAa,IAAA,IAAQA,QAAAA,KAAaG,SAAAA,EAAW;QAC/C,OAAO;YAAER,aAAAA,EAAe;AAAM,SAAA;AAChC,IAAA;;IAGA,IAAIK,QAAAA,CAASI,IAAI,KAAK,OAAA,EAAS;QAC7B,OAAO;YAAET,aAAAA,EAAe;AAAM,SAAA;AAChC,IAAA;AAEA,IAAA,MAAMU,cAAcC,yBAAAA,CAAYN,QAAAA,CAAAA;AAChC,IAAA,IAAIK,gBAAgB,IAAA,EAAM;QACxB,OAAO;YAAEV,aAAAA,EAAe,KAAA;YAAOY,KAAAA,EAAOF;AAAY,SAAA;AACpD,IAAA;AAEA,IAAA,MAAMG,8BAAAA,CAAiBR,QAAAA,CAAAA;IAEvB,MAAMS,KAAAA,GAAQT,SAASU,cAAc;AACrC,IAAA,MAAMC;IAEJF,KAAAA,KAAU,IAAA,IAAQA,UAAUN,SAAAA,GAAY,IAAA,GAAO,OAAOM,KAAAA,KAAU,QAAA,GAAWA,KAAAA,CAAMG,EAAE,GAAGH,KAAAA;AAExF,IAAA,IAAIE,YAAY,IAAA,EAAM;QACpB,OAAO;YAAEhB,aAAAA,EAAe,KAAA;AAAOY,YAAAA,KAAAA,EAAO,IAAIpB,iBAAAA,CAAkB,uBAAA;AAAyB,SAAA;AACvF,IAAA;;;IAIA,MAAM0B,IAAAA,GAAO,MAAMtB,MAAAA,CAAOuB,EAAE,CACzBC,KAAK,CAAC,aAAA,CAAA,CACNC,OAAO,CAAC;QAAEC,KAAAA,EAAO;YAAEL,EAAAA,EAAID;AAAQ,SAAA;QAAGO,QAAAA,EAAU;AAAC,YAAA;AAAQ;AAAC,KAAA,CAAA;IAEzD,IAAIL,IAAAA,KAAS,IAAA,IAAQA,IAAAA,KAASV,SAAAA,EAAW;QACvC,OAAO;YAAER,aAAAA,EAAe,KAAA;AAAOY,YAAAA,KAAAA,EAAO,IAAIpB,iBAAAA,CAAkB,uBAAA;AAAyB,SAAA;AACvF,IAAA;AAEA,IAAA,IAAI0B,KAAKM,QAAQ,KAAK,QAAQN,IAAAA,CAAKO,OAAO,KAAK,IAAA,EAAM;QACnD,OAAO;YAAEzB,aAAAA,EAAe,KAAA;AAAOY,YAAAA,KAAAA,EAAO,IAAIpB,iBAAAA,CAAkB,4BAAA;AAA8B,SAAA;AAC5F,IAAA;AAEA,IAAA,MAAMkC,OAAAA,GAAU,MAAMxB,gBAAAA,CAAW,YAAA,CAAA,CAAcyB,MAAM,CAACC,oBAAoB,CACxEvB,QAAAA,CAASwB,gBAAgB,IAAI,EAAE,EAC/BX,IAAAA,CAAAA;IAGFvB,GAAAA,CAAImC,KAAK,CAACC,WAAW,GAAGL,OAAAA;IACxB/B,GAAAA,CAAImC,KAAK,CAACZ,IAAI,GAAGA,IAAAA;IAEjB,OAAO;QAAElB,aAAAA,EAAe,IAAA;QAAMgC,WAAAA,EAAa3B,QAAAA;AAAUqB,QAAAA;AAAQ,KAAA;AAC/D;AAEA;;;;;IAMO,MAAMO,MAAAA,GAAS,CAACC,IAAAA,GAAAA;AACrB,IAAA,MAAM,EAAEF,WAAAA,EAAa3B,QAAQ,EAAE,GAAG6B,IAAAA;IAElC,IAAI7B,QAAAA,KAAa,IAAA,IAAQA,QAAAA,KAAaG,SAAAA,EAAW;AAC/C,QAAA,MAAM,IAAIhB,iBAAAA,CAAkB,iBAAA,CAAA;AAC9B,IAAA;AAEA,IAAA,MAAMkB,cAAcC,yBAAAA,CAAYN,QAAAA,CAAAA;AAChC,IAAA,IAAIK,gBAAgB,IAAA,EAAM;QACxB,MAAMA,WAAAA;AACR,IAAA;AACF;AAEA,6BAAe;IACbyB,IAAAA,EAAM,aAAA;AACNzC,IAAAA,YAAAA;AACAuC,IAAAA;AACF,CAAA;;;;;;"}
|
|
@@ -0,0 +1,104 @@
|
|
|
1
|
+
import { errors } from '@strapi/utils';
|
|
2
|
+
import { getService } from '../utils/index.mjs';
|
|
3
|
+
import { checkExpiry, extractToken, updateLastUsedAt } from './api-token-utils.mjs';
|
|
4
|
+
import '@strapi/types';
|
|
5
|
+
|
|
6
|
+
const { UnauthorizedError } = errors;
|
|
7
|
+
/**
|
|
8
|
+
* Authenticate an admin token. Rejects tokens with kind !== 'admin'.
|
|
9
|
+
*/ const authenticate = async (ctx)=>{
|
|
10
|
+
if (strapi.features.future.isEnabled('adminTokens') !== true) {
|
|
11
|
+
return {
|
|
12
|
+
authenticated: false
|
|
13
|
+
};
|
|
14
|
+
}
|
|
15
|
+
const apiTokenService = getService('api-token-admin');
|
|
16
|
+
const token = extractToken(ctx);
|
|
17
|
+
if (token === null) {
|
|
18
|
+
return {
|
|
19
|
+
authenticated: false
|
|
20
|
+
};
|
|
21
|
+
}
|
|
22
|
+
const apiToken = await apiTokenService.getByAccessKey(apiTokenService.hash(token));
|
|
23
|
+
if (apiToken === null || apiToken === undefined) {
|
|
24
|
+
return {
|
|
25
|
+
authenticated: false
|
|
26
|
+
};
|
|
27
|
+
}
|
|
28
|
+
// Defensive kind check — only handle admin tokens
|
|
29
|
+
if (apiToken.kind !== 'admin') {
|
|
30
|
+
return {
|
|
31
|
+
authenticated: false
|
|
32
|
+
};
|
|
33
|
+
}
|
|
34
|
+
const expiryError = checkExpiry(apiToken);
|
|
35
|
+
if (expiryError !== null) {
|
|
36
|
+
return {
|
|
37
|
+
authenticated: false,
|
|
38
|
+
error: expiryError
|
|
39
|
+
};
|
|
40
|
+
}
|
|
41
|
+
await updateLastUsedAt(apiToken);
|
|
42
|
+
const owner = apiToken.adminUserOwner;
|
|
43
|
+
const ownerId = // eslint-disable-next-line no-nested-ternary
|
|
44
|
+
owner === null || owner === undefined ? null : typeof owner === 'object' ? owner.id : owner;
|
|
45
|
+
if (ownerId === null) {
|
|
46
|
+
return {
|
|
47
|
+
authenticated: false,
|
|
48
|
+
error: new UnauthorizedError('Token owner not found')
|
|
49
|
+
};
|
|
50
|
+
}
|
|
51
|
+
// Token populate does not load `roles`; reload the user like session auth (`admin` strategy)
|
|
52
|
+
// so `isSuperAdmin` and permission ceiling logic see the full admin user.
|
|
53
|
+
const user = await strapi.db.query('admin::user').findOne({
|
|
54
|
+
where: {
|
|
55
|
+
id: ownerId
|
|
56
|
+
},
|
|
57
|
+
populate: [
|
|
58
|
+
'roles'
|
|
59
|
+
]
|
|
60
|
+
});
|
|
61
|
+
if (user === null || user === undefined) {
|
|
62
|
+
return {
|
|
63
|
+
authenticated: false,
|
|
64
|
+
error: new UnauthorizedError('Token owner not found')
|
|
65
|
+
};
|
|
66
|
+
}
|
|
67
|
+
if (user.isActive !== true || user.blocked === true) {
|
|
68
|
+
return {
|
|
69
|
+
authenticated: false,
|
|
70
|
+
error: new UnauthorizedError('Token owner is deactivated')
|
|
71
|
+
};
|
|
72
|
+
}
|
|
73
|
+
const ability = await getService('permission').engine.generateTokenAbility(apiToken.adminPermissions ?? [], user);
|
|
74
|
+
ctx.state.userAbility = ability;
|
|
75
|
+
ctx.state.user = user;
|
|
76
|
+
return {
|
|
77
|
+
authenticated: true,
|
|
78
|
+
credentials: apiToken,
|
|
79
|
+
ability
|
|
80
|
+
};
|
|
81
|
+
};
|
|
82
|
+
/**
|
|
83
|
+
* Re-check presence and expiry at verify time.
|
|
84
|
+
* Authorization is handled by isAuthenticatedAdmin + hasPermissions policies.
|
|
85
|
+
*
|
|
86
|
+
* @type {import('.').VerifyFunction}
|
|
87
|
+
*/ const verify = (auth)=>{
|
|
88
|
+
const { credentials: apiToken } = auth;
|
|
89
|
+
if (apiToken === null || apiToken === undefined) {
|
|
90
|
+
throw new UnauthorizedError('Token not found');
|
|
91
|
+
}
|
|
92
|
+
const expiryError = checkExpiry(apiToken);
|
|
93
|
+
if (expiryError !== null) {
|
|
94
|
+
throw expiryError;
|
|
95
|
+
}
|
|
96
|
+
};
|
|
97
|
+
var adminTokenAuthStrategy = {
|
|
98
|
+
name: 'admin-token',
|
|
99
|
+
authenticate,
|
|
100
|
+
verify
|
|
101
|
+
};
|
|
102
|
+
|
|
103
|
+
export { authenticate, adminTokenAuthStrategy as default, verify };
|
|
104
|
+
//# sourceMappingURL=admin-token.mjs.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"admin-token.mjs","sources":["../../../../../server/src/strategies/admin-token.ts"],"sourcesContent":["import type { Context } from 'koa';\nimport { errors } from '@strapi/utils';\nimport { getService } from '../utils';\nimport { extractToken, checkExpiry, updateLastUsedAt } from './api-token-utils';\nimport '@strapi/types';\n\nconst { UnauthorizedError } = errors;\n\n/**\n * Authenticate an admin token. Rejects tokens with kind !== 'admin'.\n */\nexport const authenticate = async (ctx: Context) => {\n if (strapi.features.future.isEnabled('adminTokens') !== true) {\n return { authenticated: false };\n }\n\n const apiTokenService = getService('api-token-admin');\n const token = extractToken(ctx);\n\n if (token === null) {\n return { authenticated: false };\n }\n\n const apiToken = await apiTokenService.getByAccessKey(apiTokenService.hash(token));\n\n if (apiToken === null || apiToken === undefined) {\n return { authenticated: false };\n }\n\n // Defensive kind check — only handle admin tokens\n if (apiToken.kind !== 'admin') {\n return { authenticated: false };\n }\n\n const expiryError = checkExpiry(apiToken);\n if (expiryError !== null) {\n return { authenticated: false, error: expiryError };\n }\n\n await updateLastUsedAt(apiToken);\n\n const owner = apiToken.adminUserOwner;\n const ownerId =\n // eslint-disable-next-line no-nested-ternary\n owner === null || owner === undefined ? null : typeof owner === 'object' ? owner.id : owner;\n\n if (ownerId === null) {\n return { authenticated: false, error: new UnauthorizedError('Token owner not found') };\n }\n\n // Token populate does not load `roles`; reload the user like session auth (`admin` strategy)\n // so `isSuperAdmin` and permission ceiling logic see the full admin user.\n const user = await strapi.db\n .query('admin::user')\n .findOne({ where: { id: ownerId }, populate: ['roles'] });\n\n if (user === null || user === undefined) {\n return { authenticated: false, error: new UnauthorizedError('Token owner not found') };\n }\n\n if (user.isActive !== true || user.blocked === true) {\n return { authenticated: false, error: new UnauthorizedError('Token owner is deactivated') };\n }\n\n const ability = await getService('permission').engine.generateTokenAbility(\n apiToken.adminPermissions ?? [],\n user\n );\n\n ctx.state.userAbility = ability;\n ctx.state.user = user;\n\n return { authenticated: true, credentials: apiToken, ability };\n};\n\n/**\n * Re-check presence and expiry at verify time.\n * Authorization is handled by isAuthenticatedAdmin + hasPermissions policies.\n *\n * @type {import('.').VerifyFunction}\n */\nexport const verify = (auth: any): void => {\n const { credentials: apiToken } = auth;\n\n if (apiToken === null || apiToken === undefined) {\n throw new UnauthorizedError('Token not found');\n }\n\n const expiryError = checkExpiry(apiToken);\n if (expiryError !== null) {\n throw expiryError;\n }\n};\n\nexport default {\n name: 'admin-token',\n authenticate,\n verify,\n};\n"],"names":["UnauthorizedError","errors","authenticate","ctx","strapi","features","future","isEnabled","authenticated","apiTokenService","getService","token","extractToken","apiToken","getByAccessKey","hash","undefined","kind","expiryError","checkExpiry","error","updateLastUsedAt","owner","adminUserOwner","ownerId","id","user","db","query","findOne","where","populate","isActive","blocked","ability","engine","generateTokenAbility","adminPermissions","state","userAbility","credentials","verify","auth","name"],"mappings":";;;;;AAMA,MAAM,EAAEA,iBAAiB,EAAE,GAAGC,MAAAA;AAE9B;;IAGO,MAAMC,YAAAA,GAAe,OAAOC,GAAAA,GAAAA;IACjC,IAAIC,MAAAA,CAAOC,QAAQ,CAACC,MAAM,CAACC,SAAS,CAAC,mBAAmB,IAAA,EAAM;QAC5D,OAAO;YAAEC,aAAAA,EAAe;AAAM,SAAA;AAChC,IAAA;AAEA,IAAA,MAAMC,kBAAkBC,UAAAA,CAAW,iBAAA,CAAA;AACnC,IAAA,MAAMC,QAAQC,YAAAA,CAAaT,GAAAA,CAAAA;AAE3B,IAAA,IAAIQ,UAAU,IAAA,EAAM;QAClB,OAAO;YAAEH,aAAAA,EAAe;AAAM,SAAA;AAChC,IAAA;AAEA,IAAA,MAAMK,WAAW,MAAMJ,eAAAA,CAAgBK,cAAc,CAACL,eAAAA,CAAgBM,IAAI,CAACJ,KAAAA,CAAAA,CAAAA;IAE3E,IAAIE,QAAAA,KAAa,IAAA,IAAQA,QAAAA,KAAaG,SAAAA,EAAW;QAC/C,OAAO;YAAER,aAAAA,EAAe;AAAM,SAAA;AAChC,IAAA;;IAGA,IAAIK,QAAAA,CAASI,IAAI,KAAK,OAAA,EAAS;QAC7B,OAAO;YAAET,aAAAA,EAAe;AAAM,SAAA;AAChC,IAAA;AAEA,IAAA,MAAMU,cAAcC,WAAAA,CAAYN,QAAAA,CAAAA;AAChC,IAAA,IAAIK,gBAAgB,IAAA,EAAM;QACxB,OAAO;YAAEV,aAAAA,EAAe,KAAA;YAAOY,KAAAA,EAAOF;AAAY,SAAA;AACpD,IAAA;AAEA,IAAA,MAAMG,gBAAAA,CAAiBR,QAAAA,CAAAA;IAEvB,MAAMS,KAAAA,GAAQT,SAASU,cAAc;AACrC,IAAA,MAAMC;IAEJF,KAAAA,KAAU,IAAA,IAAQA,UAAUN,SAAAA,GAAY,IAAA,GAAO,OAAOM,KAAAA,KAAU,QAAA,GAAWA,KAAAA,CAAMG,EAAE,GAAGH,KAAAA;AAExF,IAAA,IAAIE,YAAY,IAAA,EAAM;QACpB,OAAO;YAAEhB,aAAAA,EAAe,KAAA;AAAOY,YAAAA,KAAAA,EAAO,IAAIpB,iBAAAA,CAAkB,uBAAA;AAAyB,SAAA;AACvF,IAAA;;;IAIA,MAAM0B,IAAAA,GAAO,MAAMtB,MAAAA,CAAOuB,EAAE,CACzBC,KAAK,CAAC,aAAA,CAAA,CACNC,OAAO,CAAC;QAAEC,KAAAA,EAAO;YAAEL,EAAAA,EAAID;AAAQ,SAAA;QAAGO,QAAAA,EAAU;AAAC,YAAA;AAAQ;AAAC,KAAA,CAAA;IAEzD,IAAIL,IAAAA,KAAS,IAAA,IAAQA,IAAAA,KAASV,SAAAA,EAAW;QACvC,OAAO;YAAER,aAAAA,EAAe,KAAA;AAAOY,YAAAA,KAAAA,EAAO,IAAIpB,iBAAAA,CAAkB,uBAAA;AAAyB,SAAA;AACvF,IAAA;AAEA,IAAA,IAAI0B,KAAKM,QAAQ,KAAK,QAAQN,IAAAA,CAAKO,OAAO,KAAK,IAAA,EAAM;QACnD,OAAO;YAAEzB,aAAAA,EAAe,KAAA;AAAOY,YAAAA,KAAAA,EAAO,IAAIpB,iBAAAA,CAAkB,4BAAA;AAA8B,SAAA;AAC5F,IAAA;AAEA,IAAA,MAAMkC,OAAAA,GAAU,MAAMxB,UAAAA,CAAW,YAAA,CAAA,CAAcyB,MAAM,CAACC,oBAAoB,CACxEvB,QAAAA,CAASwB,gBAAgB,IAAI,EAAE,EAC/BX,IAAAA,CAAAA;IAGFvB,GAAAA,CAAImC,KAAK,CAACC,WAAW,GAAGL,OAAAA;IACxB/B,GAAAA,CAAImC,KAAK,CAACZ,IAAI,GAAGA,IAAAA;IAEjB,OAAO;QAAElB,aAAAA,EAAe,IAAA;QAAMgC,WAAAA,EAAa3B,QAAAA;AAAUqB,QAAAA;AAAQ,KAAA;AAC/D;AAEA;;;;;IAMO,MAAMO,MAAAA,GAAS,CAACC,IAAAA,GAAAA;AACrB,IAAA,MAAM,EAAEF,WAAAA,EAAa3B,QAAQ,EAAE,GAAG6B,IAAAA;IAElC,IAAI7B,QAAAA,KAAa,IAAA,IAAQA,QAAAA,KAAaG,SAAAA,EAAW;AAC/C,QAAA,MAAM,IAAIhB,iBAAAA,CAAkB,iBAAA,CAAA;AAC9B,IAAA;AAEA,IAAA,MAAMkB,cAAcC,WAAAA,CAAYN,QAAAA,CAAAA;AAChC,IAAA,IAAIK,gBAAgB,IAAA,EAAM;QACxB,MAAMA,WAAAA;AACR,IAAA;AACF;AAEA,6BAAe;IACbyB,IAAAA,EAAM,aAAA;AACNzC,IAAAA,YAAAA;AACAuC,IAAAA;AACF,CAAA;;;;"}
|
|
@@ -0,0 +1,56 @@
|
|
|
1
|
+
'use strict';
|
|
2
|
+
|
|
3
|
+
var fp = require('lodash/fp');
|
|
4
|
+
var dateFns = require('date-fns');
|
|
5
|
+
var utils = require('@strapi/utils');
|
|
6
|
+
|
|
7
|
+
const { UnauthorizedError } = utils.errors;
|
|
8
|
+
const extractToken = (ctx)=>{
|
|
9
|
+
if (ctx.request && ctx.request.header && ctx.request.header.authorization) {
|
|
10
|
+
const parts = ctx.request.header.authorization.split(/\s+/);
|
|
11
|
+
if (parts[0].toLowerCase() !== 'bearer' || parts.length !== 2) {
|
|
12
|
+
return null;
|
|
13
|
+
}
|
|
14
|
+
return parts[1];
|
|
15
|
+
}
|
|
16
|
+
return null;
|
|
17
|
+
};
|
|
18
|
+
const checkExpiry = (apiToken)=>{
|
|
19
|
+
if (!fp.isNil(apiToken.expiresAt)) {
|
|
20
|
+
const expirationDate = new Date(apiToken.expiresAt);
|
|
21
|
+
if (expirationDate < new Date()) {
|
|
22
|
+
return new UnauthorizedError('Token expired');
|
|
23
|
+
}
|
|
24
|
+
}
|
|
25
|
+
return null;
|
|
26
|
+
};
|
|
27
|
+
const updateLastUsedAt = async (apiToken)=>{
|
|
28
|
+
const currentDate = new Date();
|
|
29
|
+
if (!fp.isNil(apiToken.lastUsedAt)) {
|
|
30
|
+
const hoursSinceLastUsed = dateFns.differenceInHours(currentDate, dateFns.parseISO(apiToken.lastUsedAt));
|
|
31
|
+
if (hoursSinceLastUsed >= 1) {
|
|
32
|
+
await strapi.db.query('admin::api-token').update({
|
|
33
|
+
where: {
|
|
34
|
+
id: apiToken.id
|
|
35
|
+
},
|
|
36
|
+
data: {
|
|
37
|
+
lastUsedAt: currentDate
|
|
38
|
+
}
|
|
39
|
+
});
|
|
40
|
+
}
|
|
41
|
+
} else {
|
|
42
|
+
await strapi.db.query('admin::api-token').update({
|
|
43
|
+
where: {
|
|
44
|
+
id: apiToken.id
|
|
45
|
+
},
|
|
46
|
+
data: {
|
|
47
|
+
lastUsedAt: currentDate
|
|
48
|
+
}
|
|
49
|
+
});
|
|
50
|
+
}
|
|
51
|
+
};
|
|
52
|
+
|
|
53
|
+
exports.checkExpiry = checkExpiry;
|
|
54
|
+
exports.extractToken = extractToken;
|
|
55
|
+
exports.updateLastUsedAt = updateLastUsedAt;
|
|
56
|
+
//# sourceMappingURL=api-token-utils.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"api-token-utils.js","sources":["../../../../../server/src/strategies/api-token-utils.ts"],"sourcesContent":["import type { Context } from 'koa';\nimport { isNil } from 'lodash/fp';\nimport { differenceInHours, parseISO } from 'date-fns';\nimport { errors } from '@strapi/utils';\n\nconst { UnauthorizedError } = errors;\n\nexport const extractToken = (ctx: Context): string | null => {\n if (ctx.request && ctx.request.header && ctx.request.header.authorization) {\n const parts = ctx.request.header.authorization.split(/\\s+/);\n\n if (parts[0].toLowerCase() !== 'bearer' || parts.length !== 2) {\n return null;\n }\n\n return parts[1];\n }\n\n return null;\n};\n\nexport const checkExpiry = (apiToken: {\n expiresAt?: string | number | null;\n}): InstanceType<typeof UnauthorizedError> | null => {\n if (!isNil(apiToken.expiresAt)) {\n const expirationDate = new Date(apiToken.expiresAt);\n if (expirationDate < new Date()) {\n return new UnauthorizedError('Token expired');\n }\n }\n\n return null;\n};\n\nexport const updateLastUsedAt = async (apiToken: {\n id: number | string;\n lastUsedAt?: string | null;\n}): Promise<void> => {\n const currentDate = new Date();\n\n if (!isNil(apiToken.lastUsedAt)) {\n const hoursSinceLastUsed = differenceInHours(currentDate, parseISO(apiToken.lastUsedAt));\n if (hoursSinceLastUsed >= 1) {\n await strapi.db.query('admin::api-token').update({\n where: { id: apiToken.id },\n data: { lastUsedAt: currentDate },\n });\n }\n } else {\n await strapi.db.query('admin::api-token').update({\n where: { id: apiToken.id },\n data: { lastUsedAt: currentDate },\n });\n }\n};\n"],"names":["UnauthorizedError","errors","extractToken","ctx","request","header","authorization","parts","split","toLowerCase","length","checkExpiry","apiToken","isNil","expiresAt","expirationDate","Date","updateLastUsedAt","currentDate","lastUsedAt","hoursSinceLastUsed","differenceInHours","parseISO","strapi","db","query","update","where","id","data"],"mappings":";;;;;;AAKA,MAAM,EAAEA,iBAAiB,EAAE,GAAGC,YAAAA;AAEvB,MAAMC,eAAe,CAACC,GAAAA,GAAAA;AAC3B,IAAA,IAAIA,GAAAA,CAAIC,OAAO,IAAID,GAAAA,CAAIC,OAAO,CAACC,MAAM,IAAIF,GAAAA,CAAIC,OAAO,CAACC,MAAM,CAACC,aAAa,EAAE;QACzE,MAAMC,KAAAA,GAAQJ,IAAIC,OAAO,CAACC,MAAM,CAACC,aAAa,CAACE,KAAK,CAAC,KAAA,CAAA;QAErD,IAAID,KAAK,CAAC,CAAA,CAAE,CAACE,WAAW,OAAO,QAAA,IAAYF,KAAAA,CAAMG,MAAM,KAAK,CAAA,EAAG;YAC7D,OAAO,IAAA;AACT,QAAA;QAEA,OAAOH,KAAK,CAAC,CAAA,CAAE;AACjB,IAAA;IAEA,OAAO,IAAA;AACT;AAEO,MAAMI,cAAc,CAACC,QAAAA,GAAAA;AAG1B,IAAA,IAAI,CAACC,QAAAA,CAAMD,QAAAA,CAASE,SAAS,CAAA,EAAG;AAC9B,QAAA,MAAMC,cAAAA,GAAiB,IAAIC,IAAAA,CAAKJ,QAAAA,CAASE,SAAS,CAAA;QAClD,IAAIC,cAAAA,GAAiB,IAAIC,IAAAA,EAAAA,EAAQ;AAC/B,YAAA,OAAO,IAAIhB,iBAAAA,CAAkB,eAAA,CAAA;AAC/B,QAAA;AACF,IAAA;IAEA,OAAO,IAAA;AACT;AAEO,MAAMiB,mBAAmB,OAAOL,QAAAA,GAAAA;AAIrC,IAAA,MAAMM,cAAc,IAAIF,IAAAA,EAAAA;AAExB,IAAA,IAAI,CAACH,QAAAA,CAAMD,QAAAA,CAASO,UAAU,CAAA,EAAG;AAC/B,QAAA,MAAMC,kBAAAA,GAAqBC,yBAAAA,CAAkBH,WAAAA,EAAaI,gBAAAA,CAASV,SAASO,UAAU,CAAA,CAAA;AACtF,QAAA,IAAIC,sBAAsB,CAAA,EAAG;AAC3B,YAAA,MAAMG,OAAOC,EAAE,CAACC,KAAK,CAAC,kBAAA,CAAA,CAAoBC,MAAM,CAAC;gBAC/CC,KAAAA,EAAO;AAAEC,oBAAAA,EAAAA,EAAIhB,SAASgB;AAAG,iBAAA;gBACzBC,IAAAA,EAAM;oBAAEV,UAAAA,EAAYD;AAAY;AAClC,aAAA,CAAA;AACF,QAAA;IACF,CAAA,MAAO;AACL,QAAA,MAAMK,OAAOC,EAAE,CAACC,KAAK,CAAC,kBAAA,CAAA,CAAoBC,MAAM,CAAC;YAC/CC,KAAAA,EAAO;AAAEC,gBAAAA,EAAAA,EAAIhB,SAASgB;AAAG,aAAA;YACzBC,IAAAA,EAAM;gBAAEV,UAAAA,EAAYD;AAAY;AAClC,SAAA,CAAA;AACF,IAAA;AACF;;;;;;"}
|
|
@@ -0,0 +1,52 @@
|
|
|
1
|
+
import { isNil } from 'lodash/fp';
|
|
2
|
+
import { differenceInHours, parseISO } from 'date-fns';
|
|
3
|
+
import { errors } from '@strapi/utils';
|
|
4
|
+
|
|
5
|
+
const { UnauthorizedError } = errors;
|
|
6
|
+
const extractToken = (ctx)=>{
|
|
7
|
+
if (ctx.request && ctx.request.header && ctx.request.header.authorization) {
|
|
8
|
+
const parts = ctx.request.header.authorization.split(/\s+/);
|
|
9
|
+
if (parts[0].toLowerCase() !== 'bearer' || parts.length !== 2) {
|
|
10
|
+
return null;
|
|
11
|
+
}
|
|
12
|
+
return parts[1];
|
|
13
|
+
}
|
|
14
|
+
return null;
|
|
15
|
+
};
|
|
16
|
+
const checkExpiry = (apiToken)=>{
|
|
17
|
+
if (!isNil(apiToken.expiresAt)) {
|
|
18
|
+
const expirationDate = new Date(apiToken.expiresAt);
|
|
19
|
+
if (expirationDate < new Date()) {
|
|
20
|
+
return new UnauthorizedError('Token expired');
|
|
21
|
+
}
|
|
22
|
+
}
|
|
23
|
+
return null;
|
|
24
|
+
};
|
|
25
|
+
const updateLastUsedAt = async (apiToken)=>{
|
|
26
|
+
const currentDate = new Date();
|
|
27
|
+
if (!isNil(apiToken.lastUsedAt)) {
|
|
28
|
+
const hoursSinceLastUsed = differenceInHours(currentDate, parseISO(apiToken.lastUsedAt));
|
|
29
|
+
if (hoursSinceLastUsed >= 1) {
|
|
30
|
+
await strapi.db.query('admin::api-token').update({
|
|
31
|
+
where: {
|
|
32
|
+
id: apiToken.id
|
|
33
|
+
},
|
|
34
|
+
data: {
|
|
35
|
+
lastUsedAt: currentDate
|
|
36
|
+
}
|
|
37
|
+
});
|
|
38
|
+
}
|
|
39
|
+
} else {
|
|
40
|
+
await strapi.db.query('admin::api-token').update({
|
|
41
|
+
where: {
|
|
42
|
+
id: apiToken.id
|
|
43
|
+
},
|
|
44
|
+
data: {
|
|
45
|
+
lastUsedAt: currentDate
|
|
46
|
+
}
|
|
47
|
+
});
|
|
48
|
+
}
|
|
49
|
+
};
|
|
50
|
+
|
|
51
|
+
export { checkExpiry, extractToken, updateLastUsedAt };
|
|
52
|
+
//# sourceMappingURL=api-token-utils.mjs.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"api-token-utils.mjs","sources":["../../../../../server/src/strategies/api-token-utils.ts"],"sourcesContent":["import type { Context } from 'koa';\nimport { isNil } from 'lodash/fp';\nimport { differenceInHours, parseISO } from 'date-fns';\nimport { errors } from '@strapi/utils';\n\nconst { UnauthorizedError } = errors;\n\nexport const extractToken = (ctx: Context): string | null => {\n if (ctx.request && ctx.request.header && ctx.request.header.authorization) {\n const parts = ctx.request.header.authorization.split(/\\s+/);\n\n if (parts[0].toLowerCase() !== 'bearer' || parts.length !== 2) {\n return null;\n }\n\n return parts[1];\n }\n\n return null;\n};\n\nexport const checkExpiry = (apiToken: {\n expiresAt?: string | number | null;\n}): InstanceType<typeof UnauthorizedError> | null => {\n if (!isNil(apiToken.expiresAt)) {\n const expirationDate = new Date(apiToken.expiresAt);\n if (expirationDate < new Date()) {\n return new UnauthorizedError('Token expired');\n }\n }\n\n return null;\n};\n\nexport const updateLastUsedAt = async (apiToken: {\n id: number | string;\n lastUsedAt?: string | null;\n}): Promise<void> => {\n const currentDate = new Date();\n\n if (!isNil(apiToken.lastUsedAt)) {\n const hoursSinceLastUsed = differenceInHours(currentDate, parseISO(apiToken.lastUsedAt));\n if (hoursSinceLastUsed >= 1) {\n await strapi.db.query('admin::api-token').update({\n where: { id: apiToken.id },\n data: { lastUsedAt: currentDate },\n });\n }\n } else {\n await strapi.db.query('admin::api-token').update({\n where: { id: apiToken.id },\n data: { lastUsedAt: currentDate },\n });\n }\n};\n"],"names":["UnauthorizedError","errors","extractToken","ctx","request","header","authorization","parts","split","toLowerCase","length","checkExpiry","apiToken","isNil","expiresAt","expirationDate","Date","updateLastUsedAt","currentDate","lastUsedAt","hoursSinceLastUsed","differenceInHours","parseISO","strapi","db","query","update","where","id","data"],"mappings":";;;;AAKA,MAAM,EAAEA,iBAAiB,EAAE,GAAGC,MAAAA;AAEvB,MAAMC,eAAe,CAACC,GAAAA,GAAAA;AAC3B,IAAA,IAAIA,GAAAA,CAAIC,OAAO,IAAID,GAAAA,CAAIC,OAAO,CAACC,MAAM,IAAIF,GAAAA,CAAIC,OAAO,CAACC,MAAM,CAACC,aAAa,EAAE;QACzE,MAAMC,KAAAA,GAAQJ,IAAIC,OAAO,CAACC,MAAM,CAACC,aAAa,CAACE,KAAK,CAAC,KAAA,CAAA;QAErD,IAAID,KAAK,CAAC,CAAA,CAAE,CAACE,WAAW,OAAO,QAAA,IAAYF,KAAAA,CAAMG,MAAM,KAAK,CAAA,EAAG;YAC7D,OAAO,IAAA;AACT,QAAA;QAEA,OAAOH,KAAK,CAAC,CAAA,CAAE;AACjB,IAAA;IAEA,OAAO,IAAA;AACT;AAEO,MAAMI,cAAc,CAACC,QAAAA,GAAAA;AAG1B,IAAA,IAAI,CAACC,KAAAA,CAAMD,QAAAA,CAASE,SAAS,CAAA,EAAG;AAC9B,QAAA,MAAMC,cAAAA,GAAiB,IAAIC,IAAAA,CAAKJ,QAAAA,CAASE,SAAS,CAAA;QAClD,IAAIC,cAAAA,GAAiB,IAAIC,IAAAA,EAAAA,EAAQ;AAC/B,YAAA,OAAO,IAAIhB,iBAAAA,CAAkB,eAAA,CAAA;AAC/B,QAAA;AACF,IAAA;IAEA,OAAO,IAAA;AACT;AAEO,MAAMiB,mBAAmB,OAAOL,QAAAA,GAAAA;AAIrC,IAAA,MAAMM,cAAc,IAAIF,IAAAA,EAAAA;AAExB,IAAA,IAAI,CAACH,KAAAA,CAAMD,QAAAA,CAASO,UAAU,CAAA,EAAG;AAC/B,QAAA,MAAMC,kBAAAA,GAAqBC,iBAAAA,CAAkBH,WAAAA,EAAaI,QAAAA,CAASV,SAASO,UAAU,CAAA,CAAA;AACtF,QAAA,IAAIC,sBAAsB,CAAA,EAAG;AAC3B,YAAA,MAAMG,OAAOC,EAAE,CAACC,KAAK,CAAC,kBAAA,CAAA,CAAoBC,MAAM,CAAC;gBAC/CC,KAAAA,EAAO;AAAEC,oBAAAA,EAAAA,EAAIhB,SAASgB;AAAG,iBAAA;gBACzBC,IAAAA,EAAM;oBAAEV,UAAAA,EAAYD;AAAY;AAClC,aAAA,CAAA;AACF,QAAA;IACF,CAAA,MAAO;AACL,QAAA,MAAMK,OAAOC,EAAE,CAACC,KAAK,CAAC,kBAAA,CAAA,CAAoBC,MAAM,CAAC;YAC/CC,KAAAA,EAAO;AAAEC,gBAAAA,EAAAA,EAAIhB,SAASgB;AAAG,aAAA;YACzBC,IAAAA,EAAM;gBAAEV,UAAAA,EAAYD;AAAY;AAClC,SAAA,CAAA;AACF,IAAA;AACF;;;;"}
|
|
@@ -0,0 +1,104 @@
|
|
|
1
|
+
'use strict';
|
|
2
|
+
|
|
3
|
+
Object.defineProperty(exports, '__esModule', { value: true });
|
|
4
|
+
|
|
5
|
+
var fp = require('lodash/fp');
|
|
6
|
+
var utils = require('@strapi/utils');
|
|
7
|
+
var constants = require('../services/constants.js');
|
|
8
|
+
var index = require('../utils/index.js');
|
|
9
|
+
var apiTokenUtils = require('./api-token-utils.js');
|
|
10
|
+
require('@strapi/types');
|
|
11
|
+
|
|
12
|
+
const { UnauthorizedError, ForbiddenError } = utils.errors;
|
|
13
|
+
const isReadScope = (scope)=>scope.endsWith('find') || scope.endsWith('findOne');
|
|
14
|
+
/**
|
|
15
|
+
* Authenticate a content-api token. Rejects tokens with kind !== 'content-api'.
|
|
16
|
+
*/ const authenticate = async (ctx)=>{
|
|
17
|
+
const apiTokenService = index.getService('api-token-admin');
|
|
18
|
+
const token = apiTokenUtils.extractToken(ctx);
|
|
19
|
+
if (token === null) {
|
|
20
|
+
return {
|
|
21
|
+
authenticated: false
|
|
22
|
+
};
|
|
23
|
+
}
|
|
24
|
+
const apiToken = await apiTokenService.getByAccessKey(apiTokenService.hash(token));
|
|
25
|
+
if (apiToken === null || apiToken === undefined) {
|
|
26
|
+
return {
|
|
27
|
+
authenticated: false
|
|
28
|
+
};
|
|
29
|
+
}
|
|
30
|
+
// Defensive kind check — only handle content-api tokens.
|
|
31
|
+
// null kind is allowed: tokens created before the kind field was introduced are implicitly content-api.
|
|
32
|
+
if (apiToken.kind !== 'content-api' && apiToken.kind !== null) {
|
|
33
|
+
return {
|
|
34
|
+
authenticated: false
|
|
35
|
+
};
|
|
36
|
+
}
|
|
37
|
+
const expiryError = apiTokenUtils.checkExpiry(apiToken);
|
|
38
|
+
if (expiryError !== null) {
|
|
39
|
+
return {
|
|
40
|
+
authenticated: false,
|
|
41
|
+
error: expiryError
|
|
42
|
+
};
|
|
43
|
+
}
|
|
44
|
+
await apiTokenUtils.updateLastUsedAt(apiToken);
|
|
45
|
+
if (apiToken.type === constants.API_TOKEN_TYPE.CUSTOM) {
|
|
46
|
+
const ability = await strapi.contentAPI.permissions.engine.generateAbility(apiToken.permissions.map((action)=>({
|
|
47
|
+
action
|
|
48
|
+
})));
|
|
49
|
+
return {
|
|
50
|
+
authenticated: true,
|
|
51
|
+
ability,
|
|
52
|
+
credentials: apiToken
|
|
53
|
+
};
|
|
54
|
+
}
|
|
55
|
+
return {
|
|
56
|
+
authenticated: true,
|
|
57
|
+
credentials: apiToken
|
|
58
|
+
};
|
|
59
|
+
};
|
|
60
|
+
/**
|
|
61
|
+
* Verify the token has the required abilities for the requested scope.
|
|
62
|
+
*
|
|
63
|
+
* @type {import('.').VerifyFunction}
|
|
64
|
+
*/ const verify = (auth, config)=>{
|
|
65
|
+
const { credentials: apiToken, ability } = auth;
|
|
66
|
+
if (apiToken === null || apiToken === undefined) {
|
|
67
|
+
throw new UnauthorizedError('Token not found');
|
|
68
|
+
}
|
|
69
|
+
const expiryError = apiTokenUtils.checkExpiry(apiToken);
|
|
70
|
+
if (expiryError !== null) {
|
|
71
|
+
throw expiryError;
|
|
72
|
+
}
|
|
73
|
+
// Full access
|
|
74
|
+
if (apiToken.type === constants.API_TOKEN_TYPE.FULL_ACCESS) {
|
|
75
|
+
return;
|
|
76
|
+
}
|
|
77
|
+
// Read only
|
|
78
|
+
if (apiToken.type === constants.API_TOKEN_TYPE.READ_ONLY) {
|
|
79
|
+
const scopes = fp.castArray(config.scope);
|
|
80
|
+
if (config.scope && scopes.every(isReadScope)) {
|
|
81
|
+
return;
|
|
82
|
+
}
|
|
83
|
+
} else if (apiToken.type === constants.API_TOKEN_TYPE.CUSTOM) {
|
|
84
|
+
if (ability === null || ability === undefined) {
|
|
85
|
+
throw new ForbiddenError();
|
|
86
|
+
}
|
|
87
|
+
const scopes = fp.castArray(config.scope);
|
|
88
|
+
const isAllowed = scopes.every((scope)=>ability.can(scope));
|
|
89
|
+
if (isAllowed === true) {
|
|
90
|
+
return;
|
|
91
|
+
}
|
|
92
|
+
}
|
|
93
|
+
throw new ForbiddenError();
|
|
94
|
+
};
|
|
95
|
+
var contentApiTokenAuthStrategy = {
|
|
96
|
+
name: 'content-api-token',
|
|
97
|
+
authenticate,
|
|
98
|
+
verify
|
|
99
|
+
};
|
|
100
|
+
|
|
101
|
+
exports.authenticate = authenticate;
|
|
102
|
+
exports.default = contentApiTokenAuthStrategy;
|
|
103
|
+
exports.verify = verify;
|
|
104
|
+
//# sourceMappingURL=content-api-token.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"content-api-token.js","sources":["../../../../../server/src/strategies/content-api-token.ts"],"sourcesContent":["import type { Context } from 'koa';\nimport { castArray } from 'lodash/fp';\nimport { errors } from '@strapi/utils';\nimport constants from '../services/constants';\nimport { getService } from '../utils';\nimport { extractToken, checkExpiry, updateLastUsedAt } from './api-token-utils';\nimport '@strapi/types';\n\nconst { UnauthorizedError, ForbiddenError } = errors;\n\nconst isReadScope = (scope: string) => scope.endsWith('find') || scope.endsWith('findOne');\n\n/**\n * Authenticate a content-api token. Rejects tokens with kind !== 'content-api'.\n */\nexport const authenticate = async (ctx: Context) => {\n const apiTokenService = getService('api-token-admin');\n const token = extractToken(ctx);\n\n if (token === null) {\n return { authenticated: false };\n }\n\n const apiToken = await apiTokenService.getByAccessKey(apiTokenService.hash(token));\n\n if (apiToken === null || apiToken === undefined) {\n return { authenticated: false };\n }\n\n // Defensive kind check — only handle content-api tokens.\n // null kind is allowed: tokens created before the kind field was introduced are implicitly content-api.\n if (apiToken.kind !== 'content-api' && apiToken.kind !== null) {\n return { authenticated: false };\n }\n\n const expiryError = checkExpiry(apiToken);\n if (expiryError !== null) {\n return { authenticated: false, error: expiryError };\n }\n\n await updateLastUsedAt(apiToken);\n\n if (apiToken.type === constants.API_TOKEN_TYPE.CUSTOM) {\n const ability = await strapi.contentAPI.permissions.engine.generateAbility(\n apiToken.permissions.map((action: string) => ({ action }))\n );\n\n return { authenticated: true, ability, credentials: apiToken };\n }\n\n return { authenticated: true, credentials: apiToken };\n};\n\n/**\n * Verify the token has the required abilities for the requested scope.\n *\n * @type {import('.').VerifyFunction}\n */\nexport const verify = (auth: any, config: any) => {\n const { credentials: apiToken, ability } = auth;\n\n if (apiToken === null || apiToken === undefined) {\n throw new UnauthorizedError('Token not found');\n }\n\n const expiryError = checkExpiry(apiToken);\n if (expiryError !== null) {\n throw expiryError;\n }\n\n // Full access\n if (apiToken.type === constants.API_TOKEN_TYPE.FULL_ACCESS) {\n return;\n }\n\n // Read only\n if (apiToken.type === constants.API_TOKEN_TYPE.READ_ONLY) {\n const scopes = castArray(config.scope);\n\n if (config.scope && scopes.every(isReadScope)) {\n return;\n }\n }\n\n // Custom\n else if (apiToken.type === constants.API_TOKEN_TYPE.CUSTOM) {\n if (ability === null || ability === undefined) {\n throw new ForbiddenError();\n }\n\n const scopes = castArray(config.scope);\n const isAllowed = scopes.every((scope: string) => ability.can(scope));\n\n if (isAllowed === true) {\n return;\n }\n }\n\n throw new ForbiddenError();\n};\n\nexport default {\n name: 'content-api-token',\n authenticate,\n verify,\n};\n"],"names":["UnauthorizedError","ForbiddenError","errors","isReadScope","scope","endsWith","authenticate","ctx","apiTokenService","getService","token","extractToken","authenticated","apiToken","getByAccessKey","hash","undefined","kind","expiryError","checkExpiry","error","updateLastUsedAt","type","constants","API_TOKEN_TYPE","CUSTOM","ability","strapi","contentAPI","permissions","engine","generateAbility","map","action","credentials","verify","auth","config","FULL_ACCESS","READ_ONLY","scopes","castArray","every","isAllowed","can","name"],"mappings":";;;;;;;;;;;AAQA,MAAM,EAAEA,iBAAiB,EAAEC,cAAc,EAAE,GAAGC,YAAAA;AAE9C,MAAMC,WAAAA,GAAc,CAACC,KAAAA,GAAkBA,KAAAA,CAAMC,QAAQ,CAAC,MAAA,CAAA,IAAWD,KAAAA,CAAMC,QAAQ,CAAC,SAAA,CAAA;AAEhF;;IAGO,MAAMC,YAAAA,GAAe,OAAOC,GAAAA,GAAAA;AACjC,IAAA,MAAMC,kBAAkBC,gBAAAA,CAAW,iBAAA,CAAA;AACnC,IAAA,MAAMC,QAAQC,0BAAAA,CAAaJ,GAAAA,CAAAA;AAE3B,IAAA,IAAIG,UAAU,IAAA,EAAM;QAClB,OAAO;YAAEE,aAAAA,EAAe;AAAM,SAAA;AAChC,IAAA;AAEA,IAAA,MAAMC,WAAW,MAAML,eAAAA,CAAgBM,cAAc,CAACN,eAAAA,CAAgBO,IAAI,CAACL,KAAAA,CAAAA,CAAAA;IAE3E,IAAIG,QAAAA,KAAa,IAAA,IAAQA,QAAAA,KAAaG,SAAAA,EAAW;QAC/C,OAAO;YAAEJ,aAAAA,EAAe;AAAM,SAAA;AAChC,IAAA;;;AAIA,IAAA,IAAIC,SAASI,IAAI,KAAK,iBAAiBJ,QAAAA,CAASI,IAAI,KAAK,IAAA,EAAM;QAC7D,OAAO;YAAEL,aAAAA,EAAe;AAAM,SAAA;AAChC,IAAA;AAEA,IAAA,MAAMM,cAAcC,yBAAAA,CAAYN,QAAAA,CAAAA;AAChC,IAAA,IAAIK,gBAAgB,IAAA,EAAM;QACxB,OAAO;YAAEN,aAAAA,EAAe,KAAA;YAAOQ,KAAAA,EAAOF;AAAY,SAAA;AACpD,IAAA;AAEA,IAAA,MAAMG,8BAAAA,CAAiBR,QAAAA,CAAAA;AAEvB,IAAA,IAAIA,SAASS,IAAI,KAAKC,UAAUC,cAAc,CAACC,MAAM,EAAE;AACrD,QAAA,MAAMC,UAAU,MAAMC,MAAAA,CAAOC,UAAU,CAACC,WAAW,CAACC,MAAM,CAACC,eAAe,CACxElB,SAASgB,WAAW,CAACG,GAAG,CAAC,CAACC,UAAoB;AAAEA,gBAAAA;aAAO,CAAA,CAAA,CAAA;QAGzD,OAAO;YAAErB,aAAAA,EAAe,IAAA;AAAMc,YAAAA,OAAAA;YAASQ,WAAAA,EAAarB;AAAS,SAAA;AAC/D,IAAA;IAEA,OAAO;QAAED,aAAAA,EAAe,IAAA;QAAMsB,WAAAA,EAAarB;AAAS,KAAA;AACtD;AAEA;;;;AAIC,IACM,MAAMsB,MAAAA,GAAS,CAACC,IAAAA,EAAWC,MAAAA,GAAAA;AAChC,IAAA,MAAM,EAAEH,WAAAA,EAAarB,QAAQ,EAAEa,OAAO,EAAE,GAAGU,IAAAA;IAE3C,IAAIvB,QAAAA,KAAa,IAAA,IAAQA,QAAAA,KAAaG,SAAAA,EAAW;AAC/C,QAAA,MAAM,IAAIhB,iBAAAA,CAAkB,iBAAA,CAAA;AAC9B,IAAA;AAEA,IAAA,MAAMkB,cAAcC,yBAAAA,CAAYN,QAAAA,CAAAA;AAChC,IAAA,IAAIK,gBAAgB,IAAA,EAAM;QACxB,MAAMA,WAAAA;AACR,IAAA;;AAGA,IAAA,IAAIL,SAASS,IAAI,KAAKC,UAAUC,cAAc,CAACc,WAAW,EAAE;AAC1D,QAAA;AACF,IAAA;;AAGA,IAAA,IAAIzB,SAASS,IAAI,KAAKC,UAAUC,cAAc,CAACe,SAAS,EAAE;QACxD,MAAMC,MAAAA,GAASC,YAAAA,CAAUJ,MAAAA,CAAOjC,KAAK,CAAA;AAErC,QAAA,IAAIiC,OAAOjC,KAAK,IAAIoC,MAAAA,CAAOE,KAAK,CAACvC,WAAAA,CAAAA,EAAc;AAC7C,YAAA;AACF,QAAA;IACF,CAAA,MAGK,IAAIU,SAASS,IAAI,KAAKC,UAAUC,cAAc,CAACC,MAAM,EAAE;QAC1D,IAAIC,OAAAA,KAAY,IAAA,IAAQA,OAAAA,KAAYV,SAAAA,EAAW;AAC7C,YAAA,MAAM,IAAIf,cAAAA,EAAAA;AACZ,QAAA;QAEA,MAAMuC,MAAAA,GAASC,YAAAA,CAAUJ,MAAAA,CAAOjC,KAAK,CAAA;QACrC,MAAMuC,SAAAA,GAAYH,OAAOE,KAAK,CAAC,CAACtC,KAAAA,GAAkBsB,OAAAA,CAAQkB,GAAG,CAACxC,KAAAA,CAAAA,CAAAA;AAE9D,QAAA,IAAIuC,cAAc,IAAA,EAAM;AACtB,YAAA;AACF,QAAA;AACF,IAAA;AAEA,IAAA,MAAM,IAAI1C,cAAAA,EAAAA;AACZ;AAEA,kCAAe;IACb4C,IAAAA,EAAM,mBAAA;AACNvC,IAAAA,YAAAA;AACA6B,IAAAA;AACF,CAAA;;;;;;"}
|
|
@@ -0,0 +1,98 @@
|
|
|
1
|
+
import { castArray } from 'lodash/fp';
|
|
2
|
+
import { errors } from '@strapi/utils';
|
|
3
|
+
import constants from '../services/constants.mjs';
|
|
4
|
+
import { getService } from '../utils/index.mjs';
|
|
5
|
+
import { checkExpiry, extractToken, updateLastUsedAt } from './api-token-utils.mjs';
|
|
6
|
+
import '@strapi/types';
|
|
7
|
+
|
|
8
|
+
const { UnauthorizedError, ForbiddenError } = errors;
|
|
9
|
+
const isReadScope = (scope)=>scope.endsWith('find') || scope.endsWith('findOne');
|
|
10
|
+
/**
|
|
11
|
+
* Authenticate a content-api token. Rejects tokens with kind !== 'content-api'.
|
|
12
|
+
*/ const authenticate = async (ctx)=>{
|
|
13
|
+
const apiTokenService = getService('api-token-admin');
|
|
14
|
+
const token = extractToken(ctx);
|
|
15
|
+
if (token === null) {
|
|
16
|
+
return {
|
|
17
|
+
authenticated: false
|
|
18
|
+
};
|
|
19
|
+
}
|
|
20
|
+
const apiToken = await apiTokenService.getByAccessKey(apiTokenService.hash(token));
|
|
21
|
+
if (apiToken === null || apiToken === undefined) {
|
|
22
|
+
return {
|
|
23
|
+
authenticated: false
|
|
24
|
+
};
|
|
25
|
+
}
|
|
26
|
+
// Defensive kind check — only handle content-api tokens.
|
|
27
|
+
// null kind is allowed: tokens created before the kind field was introduced are implicitly content-api.
|
|
28
|
+
if (apiToken.kind !== 'content-api' && apiToken.kind !== null) {
|
|
29
|
+
return {
|
|
30
|
+
authenticated: false
|
|
31
|
+
};
|
|
32
|
+
}
|
|
33
|
+
const expiryError = checkExpiry(apiToken);
|
|
34
|
+
if (expiryError !== null) {
|
|
35
|
+
return {
|
|
36
|
+
authenticated: false,
|
|
37
|
+
error: expiryError
|
|
38
|
+
};
|
|
39
|
+
}
|
|
40
|
+
await updateLastUsedAt(apiToken);
|
|
41
|
+
if (apiToken.type === constants.API_TOKEN_TYPE.CUSTOM) {
|
|
42
|
+
const ability = await strapi.contentAPI.permissions.engine.generateAbility(apiToken.permissions.map((action)=>({
|
|
43
|
+
action
|
|
44
|
+
})));
|
|
45
|
+
return {
|
|
46
|
+
authenticated: true,
|
|
47
|
+
ability,
|
|
48
|
+
credentials: apiToken
|
|
49
|
+
};
|
|
50
|
+
}
|
|
51
|
+
return {
|
|
52
|
+
authenticated: true,
|
|
53
|
+
credentials: apiToken
|
|
54
|
+
};
|
|
55
|
+
};
|
|
56
|
+
/**
|
|
57
|
+
* Verify the token has the required abilities for the requested scope.
|
|
58
|
+
*
|
|
59
|
+
* @type {import('.').VerifyFunction}
|
|
60
|
+
*/ const verify = (auth, config)=>{
|
|
61
|
+
const { credentials: apiToken, ability } = auth;
|
|
62
|
+
if (apiToken === null || apiToken === undefined) {
|
|
63
|
+
throw new UnauthorizedError('Token not found');
|
|
64
|
+
}
|
|
65
|
+
const expiryError = checkExpiry(apiToken);
|
|
66
|
+
if (expiryError !== null) {
|
|
67
|
+
throw expiryError;
|
|
68
|
+
}
|
|
69
|
+
// Full access
|
|
70
|
+
if (apiToken.type === constants.API_TOKEN_TYPE.FULL_ACCESS) {
|
|
71
|
+
return;
|
|
72
|
+
}
|
|
73
|
+
// Read only
|
|
74
|
+
if (apiToken.type === constants.API_TOKEN_TYPE.READ_ONLY) {
|
|
75
|
+
const scopes = castArray(config.scope);
|
|
76
|
+
if (config.scope && scopes.every(isReadScope)) {
|
|
77
|
+
return;
|
|
78
|
+
}
|
|
79
|
+
} else if (apiToken.type === constants.API_TOKEN_TYPE.CUSTOM) {
|
|
80
|
+
if (ability === null || ability === undefined) {
|
|
81
|
+
throw new ForbiddenError();
|
|
82
|
+
}
|
|
83
|
+
const scopes = castArray(config.scope);
|
|
84
|
+
const isAllowed = scopes.every((scope)=>ability.can(scope));
|
|
85
|
+
if (isAllowed === true) {
|
|
86
|
+
return;
|
|
87
|
+
}
|
|
88
|
+
}
|
|
89
|
+
throw new ForbiddenError();
|
|
90
|
+
};
|
|
91
|
+
var contentApiTokenAuthStrategy = {
|
|
92
|
+
name: 'content-api-token',
|
|
93
|
+
authenticate,
|
|
94
|
+
verify
|
|
95
|
+
};
|
|
96
|
+
|
|
97
|
+
export { authenticate, contentApiTokenAuthStrategy as default, verify };
|
|
98
|
+
//# sourceMappingURL=content-api-token.mjs.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"content-api-token.mjs","sources":["../../../../../server/src/strategies/content-api-token.ts"],"sourcesContent":["import type { Context } from 'koa';\nimport { castArray } from 'lodash/fp';\nimport { errors } from '@strapi/utils';\nimport constants from '../services/constants';\nimport { getService } from '../utils';\nimport { extractToken, checkExpiry, updateLastUsedAt } from './api-token-utils';\nimport '@strapi/types';\n\nconst { UnauthorizedError, ForbiddenError } = errors;\n\nconst isReadScope = (scope: string) => scope.endsWith('find') || scope.endsWith('findOne');\n\n/**\n * Authenticate a content-api token. Rejects tokens with kind !== 'content-api'.\n */\nexport const authenticate = async (ctx: Context) => {\n const apiTokenService = getService('api-token-admin');\n const token = extractToken(ctx);\n\n if (token === null) {\n return { authenticated: false };\n }\n\n const apiToken = await apiTokenService.getByAccessKey(apiTokenService.hash(token));\n\n if (apiToken === null || apiToken === undefined) {\n return { authenticated: false };\n }\n\n // Defensive kind check — only handle content-api tokens.\n // null kind is allowed: tokens created before the kind field was introduced are implicitly content-api.\n if (apiToken.kind !== 'content-api' && apiToken.kind !== null) {\n return { authenticated: false };\n }\n\n const expiryError = checkExpiry(apiToken);\n if (expiryError !== null) {\n return { authenticated: false, error: expiryError };\n }\n\n await updateLastUsedAt(apiToken);\n\n if (apiToken.type === constants.API_TOKEN_TYPE.CUSTOM) {\n const ability = await strapi.contentAPI.permissions.engine.generateAbility(\n apiToken.permissions.map((action: string) => ({ action }))\n );\n\n return { authenticated: true, ability, credentials: apiToken };\n }\n\n return { authenticated: true, credentials: apiToken };\n};\n\n/**\n * Verify the token has the required abilities for the requested scope.\n *\n * @type {import('.').VerifyFunction}\n */\nexport const verify = (auth: any, config: any) => {\n const { credentials: apiToken, ability } = auth;\n\n if (apiToken === null || apiToken === undefined) {\n throw new UnauthorizedError('Token not found');\n }\n\n const expiryError = checkExpiry(apiToken);\n if (expiryError !== null) {\n throw expiryError;\n }\n\n // Full access\n if (apiToken.type === constants.API_TOKEN_TYPE.FULL_ACCESS) {\n return;\n }\n\n // Read only\n if (apiToken.type === constants.API_TOKEN_TYPE.READ_ONLY) {\n const scopes = castArray(config.scope);\n\n if (config.scope && scopes.every(isReadScope)) {\n return;\n }\n }\n\n // Custom\n else if (apiToken.type === constants.API_TOKEN_TYPE.CUSTOM) {\n if (ability === null || ability === undefined) {\n throw new ForbiddenError();\n }\n\n const scopes = castArray(config.scope);\n const isAllowed = scopes.every((scope: string) => ability.can(scope));\n\n if (isAllowed === true) {\n return;\n }\n }\n\n throw new ForbiddenError();\n};\n\nexport default {\n name: 'content-api-token',\n authenticate,\n verify,\n};\n"],"names":["UnauthorizedError","ForbiddenError","errors","isReadScope","scope","endsWith","authenticate","ctx","apiTokenService","getService","token","extractToken","authenticated","apiToken","getByAccessKey","hash","undefined","kind","expiryError","checkExpiry","error","updateLastUsedAt","type","constants","API_TOKEN_TYPE","CUSTOM","ability","strapi","contentAPI","permissions","engine","generateAbility","map","action","credentials","verify","auth","config","FULL_ACCESS","READ_ONLY","scopes","castArray","every","isAllowed","can","name"],"mappings":";;;;;;;AAQA,MAAM,EAAEA,iBAAiB,EAAEC,cAAc,EAAE,GAAGC,MAAAA;AAE9C,MAAMC,WAAAA,GAAc,CAACC,KAAAA,GAAkBA,KAAAA,CAAMC,QAAQ,CAAC,MAAA,CAAA,IAAWD,KAAAA,CAAMC,QAAQ,CAAC,SAAA,CAAA;AAEhF;;IAGO,MAAMC,YAAAA,GAAe,OAAOC,GAAAA,GAAAA;AACjC,IAAA,MAAMC,kBAAkBC,UAAAA,CAAW,iBAAA,CAAA;AACnC,IAAA,MAAMC,QAAQC,YAAAA,CAAaJ,GAAAA,CAAAA;AAE3B,IAAA,IAAIG,UAAU,IAAA,EAAM;QAClB,OAAO;YAAEE,aAAAA,EAAe;AAAM,SAAA;AAChC,IAAA;AAEA,IAAA,MAAMC,WAAW,MAAML,eAAAA,CAAgBM,cAAc,CAACN,eAAAA,CAAgBO,IAAI,CAACL,KAAAA,CAAAA,CAAAA;IAE3E,IAAIG,QAAAA,KAAa,IAAA,IAAQA,QAAAA,KAAaG,SAAAA,EAAW;QAC/C,OAAO;YAAEJ,aAAAA,EAAe;AAAM,SAAA;AAChC,IAAA;;;AAIA,IAAA,IAAIC,SAASI,IAAI,KAAK,iBAAiBJ,QAAAA,CAASI,IAAI,KAAK,IAAA,EAAM;QAC7D,OAAO;YAAEL,aAAAA,EAAe;AAAM,SAAA;AAChC,IAAA;AAEA,IAAA,MAAMM,cAAcC,WAAAA,CAAYN,QAAAA,CAAAA;AAChC,IAAA,IAAIK,gBAAgB,IAAA,EAAM;QACxB,OAAO;YAAEN,aAAAA,EAAe,KAAA;YAAOQ,KAAAA,EAAOF;AAAY,SAAA;AACpD,IAAA;AAEA,IAAA,MAAMG,gBAAAA,CAAiBR,QAAAA,CAAAA;AAEvB,IAAA,IAAIA,SAASS,IAAI,KAAKC,UAAUC,cAAc,CAACC,MAAM,EAAE;AACrD,QAAA,MAAMC,UAAU,MAAMC,MAAAA,CAAOC,UAAU,CAACC,WAAW,CAACC,MAAM,CAACC,eAAe,CACxElB,SAASgB,WAAW,CAACG,GAAG,CAAC,CAACC,UAAoB;AAAEA,gBAAAA;aAAO,CAAA,CAAA,CAAA;QAGzD,OAAO;YAAErB,aAAAA,EAAe,IAAA;AAAMc,YAAAA,OAAAA;YAASQ,WAAAA,EAAarB;AAAS,SAAA;AAC/D,IAAA;IAEA,OAAO;QAAED,aAAAA,EAAe,IAAA;QAAMsB,WAAAA,EAAarB;AAAS,KAAA;AACtD;AAEA;;;;AAIC,IACM,MAAMsB,MAAAA,GAAS,CAACC,IAAAA,EAAWC,MAAAA,GAAAA;AAChC,IAAA,MAAM,EAAEH,WAAAA,EAAarB,QAAQ,EAAEa,OAAO,EAAE,GAAGU,IAAAA;IAE3C,IAAIvB,QAAAA,KAAa,IAAA,IAAQA,QAAAA,KAAaG,SAAAA,EAAW;AAC/C,QAAA,MAAM,IAAIhB,iBAAAA,CAAkB,iBAAA,CAAA;AAC9B,IAAA;AAEA,IAAA,MAAMkB,cAAcC,WAAAA,CAAYN,QAAAA,CAAAA;AAChC,IAAA,IAAIK,gBAAgB,IAAA,EAAM;QACxB,MAAMA,WAAAA;AACR,IAAA;;AAGA,IAAA,IAAIL,SAASS,IAAI,KAAKC,UAAUC,cAAc,CAACc,WAAW,EAAE;AAC1D,QAAA;AACF,IAAA;;AAGA,IAAA,IAAIzB,SAASS,IAAI,KAAKC,UAAUC,cAAc,CAACe,SAAS,EAAE;QACxD,MAAMC,MAAAA,GAASC,SAAAA,CAAUJ,MAAAA,CAAOjC,KAAK,CAAA;AAErC,QAAA,IAAIiC,OAAOjC,KAAK,IAAIoC,MAAAA,CAAOE,KAAK,CAACvC,WAAAA,CAAAA,EAAc;AAC7C,YAAA;AACF,QAAA;IACF,CAAA,MAGK,IAAIU,SAASS,IAAI,KAAKC,UAAUC,cAAc,CAACC,MAAM,EAAE;QAC1D,IAAIC,OAAAA,KAAY,IAAA,IAAQA,OAAAA,KAAYV,SAAAA,EAAW;AAC7C,YAAA,MAAM,IAAIf,cAAAA,EAAAA;AACZ,QAAA;QAEA,MAAMuC,MAAAA,GAASC,SAAAA,CAAUJ,MAAAA,CAAOjC,KAAK,CAAA;QACrC,MAAMuC,SAAAA,GAAYH,OAAOE,KAAK,CAAC,CAACtC,KAAAA,GAAkBsB,OAAAA,CAAQkB,GAAG,CAACxC,KAAAA,CAAAA,CAAAA;AAE9D,QAAA,IAAIuC,cAAc,IAAA,EAAM;AACtB,YAAA;AACF,QAAA;AACF,IAAA;AAEA,IAAA,MAAM,IAAI1C,cAAAA,EAAAA;AACZ;AAEA,kCAAe;IACb4C,IAAAA,EAAM,mBAAA;AACNvC,IAAAA,YAAAA;AACA6B,IAAAA;AACF,CAAA;;;;"}
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
'use strict';
|
|
2
|
+
|
|
3
|
+
var utils = require('@strapi/utils');
|
|
4
|
+
var constants = require('../services/constants.js');
|
|
5
|
+
var commonValidators = require('./common-validators.js');
|
|
6
|
+
|
|
7
|
+
const adminTokenCreationSchema = utils.yup.object().shape({
|
|
8
|
+
kind: utils.yup.string().oneOf([
|
|
9
|
+
'admin'
|
|
10
|
+
]).optional(),
|
|
11
|
+
name: utils.yup.string().min(1).required(),
|
|
12
|
+
description: utils.yup.string().optional(),
|
|
13
|
+
lifespan: utils.yup.number().min(1).oneOf(Object.values(constants.API_TOKEN_LIFESPANS)).nullable(),
|
|
14
|
+
adminPermissions: utils.yup.array().of(commonValidators.permission),
|
|
15
|
+
// adminUserOwner is set by the controller from ctx.state.user (full user object) or a strapiID from body
|
|
16
|
+
adminUserOwner: utils.yup.mixed().nullable()
|
|
17
|
+
}).noUnknown().strict();
|
|
18
|
+
const adminTokenUpdateSchema = utils.yup.object().shape({
|
|
19
|
+
name: utils.yup.string().min(1).notNull(),
|
|
20
|
+
description: utils.yup.string().nullable(),
|
|
21
|
+
adminPermissions: utils.yup.array().of(commonValidators.permission).nullable()
|
|
22
|
+
}).noUnknown().strict();
|
|
23
|
+
const validateAdminTokenCreationInput = utils.validateYupSchema(adminTokenCreationSchema);
|
|
24
|
+
const validateAdminTokenUpdateInput = utils.validateYupSchema(adminTokenUpdateSchema);
|
|
25
|
+
|
|
26
|
+
exports.validateAdminTokenCreationInput = validateAdminTokenCreationInput;
|
|
27
|
+
exports.validateAdminTokenUpdateInput = validateAdminTokenUpdateInput;
|
|
28
|
+
//# sourceMappingURL=admin-tokens.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"admin-tokens.js","sources":["../../../../../server/src/validation/admin-tokens.ts"],"sourcesContent":["import { yup, validateYupSchema } from '@strapi/utils';\nimport constants from '../services/constants';\nimport { permission } from './common-validators';\n\nconst adminTokenCreationSchema = yup\n .object()\n .shape({\n kind: yup.string().oneOf(['admin']).optional(),\n name: yup.string().min(1).required(),\n description: yup.string().optional(),\n lifespan: yup.number().min(1).oneOf(Object.values(constants.API_TOKEN_LIFESPANS)).nullable(),\n adminPermissions: yup.array().of(permission),\n // adminUserOwner is set by the controller from ctx.state.user (full user object) or a strapiID from body\n adminUserOwner: yup.mixed().nullable(),\n })\n .noUnknown()\n .strict();\n\nconst adminTokenUpdateSchema = yup\n .object()\n .shape({\n name: yup.string().min(1).notNull(),\n description: yup.string().nullable(),\n adminPermissions: yup.array().of(permission).nullable(),\n })\n .noUnknown()\n .strict();\n\nexport const validateAdminTokenCreationInput = validateYupSchema(adminTokenCreationSchema);\nexport const validateAdminTokenUpdateInput = validateYupSchema(adminTokenUpdateSchema);\n"],"names":["adminTokenCreationSchema","yup","object","shape","kind","string","oneOf","optional","name","min","required","description","lifespan","number","Object","values","constants","API_TOKEN_LIFESPANS","nullable","adminPermissions","array","of","permission","adminUserOwner","mixed","noUnknown","strict","adminTokenUpdateSchema","notNull","validateAdminTokenCreationInput","validateYupSchema","validateAdminTokenUpdateInput"],"mappings":";;;;;;AAIA,MAAMA,wBAAAA,GAA2BC,SAAAA,CAC9BC,MAAM,EAAA,CACNC,KAAK,CAAC;AACLC,IAAAA,IAAAA,EAAMH,SAAAA,CAAII,MAAM,EAAA,CAAGC,KAAK,CAAC;AAAC,QAAA;AAAQ,KAAA,CAAA,CAAEC,QAAQ,EAAA;AAC5CC,IAAAA,IAAAA,EAAMP,UAAII,MAAM,EAAA,CAAGI,GAAG,CAAC,GAAGC,QAAQ,EAAA;IAClCC,WAAAA,EAAaV,SAAAA,CAAII,MAAM,EAAA,CAAGE,QAAQ,EAAA;AAClCK,IAAAA,QAAAA,EAAUX,SAAAA,CAAIY,MAAM,EAAA,CAAGJ,GAAG,CAAC,CAAA,CAAA,CAAGH,KAAK,CAACQ,MAAAA,CAAOC,MAAM,CAACC,SAAAA,CAAUC,mBAAmB,GAAGC,QAAQ,EAAA;AAC1FC,IAAAA,gBAAAA,EAAkBlB,SAAAA,CAAImB,KAAK,EAAA,CAAGC,EAAE,CAACC,2BAAAA,CAAAA;;IAEjCC,cAAAA,EAAgBtB,SAAAA,CAAIuB,KAAK,EAAA,CAAGN,QAAQ;AACtC,CAAA,CAAA,CACCO,SAAS,GACTC,MAAM,EAAA;AAET,MAAMC,sBAAAA,GAAyB1B,SAAAA,CAC5BC,MAAM,EAAA,CACNC,KAAK,CAAC;AACLK,IAAAA,IAAAA,EAAMP,UAAII,MAAM,EAAA,CAAGI,GAAG,CAAC,GAAGmB,OAAO,EAAA;IACjCjB,WAAAA,EAAaV,SAAAA,CAAII,MAAM,EAAA,CAAGa,QAAQ,EAAA;AAClCC,IAAAA,gBAAAA,EAAkBlB,UAAImB,KAAK,EAAA,CAAGC,EAAE,CAACC,6BAAYJ,QAAQ;AACvD,CAAA,CAAA,CACCO,SAAS,GACTC,MAAM,EAAA;AAEF,MAAMG,+BAAAA,GAAkCC,uBAAAA,CAAkB9B,wBAAAA;AAC1D,MAAM+B,6BAAAA,GAAgCD,uBAAAA,CAAkBH,sBAAAA;;;;;"}
|