npm - @strapi/admin - Versions diffs - 5.44.0 → 5.45.0 - Mend

@strapi/admin 5.44.0 → 5.45.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (334) hide show

package/dist/server/src/register.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"register.d.ts","sourceRoot":"","sources":["../../../server/src/register.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;~~qCAMd~~;IAAE,MAAM,EAAE,KAAK,MAAM,CAAA;CAAE;AAAnD,~~wBAcE~~"}
1	+ {"version":3,"file":"register.d.ts","sourceRoot":"","sources":["../../../server/src/register.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;qCAOd;IAAE,MAAM,EAAE,KAAK,MAAM,CAAA;CAAE;AAAnD,wBAeE"}

package/dist/server/src/routes/admin-tokens.d.ts ADDED Viewed

@@ -0,0 +1,15 @@
+declare const _default: {
+    method: string;
+    path: string;
+    handler: string;
+    config: {
+        policies: (string | {
+            name: string;
+            config: {
+                actions: string[];
+            };
+        })[];
+    };
+}[];
+export default _default;
+//# sourceMappingURL=admin-tokens.d.ts.map

package/dist/server/src/routes/admin-tokens.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"admin-tokens.d.ts","sourceRoot":"","sources":["../../../../server/src/routes/admin-tokens.ts"],"names":[],"mappings":";;;;;;;;;;;;;AAAA,wBAqFE"}

package/dist/server/src/routes/index.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../server/src/routes/index.ts"],"names":[],"mappings":";~~AAYA~~,QAAA,MAAM,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;~~CAiBX~~,CAAC;AAEF,eAAe,MAAM,CAAC"}
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../server/src/routes/index.ts"],"names":[],"mappings":";AAaA,QAAA,MAAM,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAkBX,CAAC;AAEF,eAAe,MAAM,CAAC"}

package/dist/server/src/services/api-token.d.ts CHANGED Viewed

@@ -1,16 +1,84 @@
 /// <reference types="node" />
-import type { Update, ApiToken, ApiTokenBody } from '../../../shared/contracts/api-token';
+import type { Data } from '@strapi/types';
+import type { Update, ContentApiApiToken, ContentApiApiTokenBody } from '../../../shared/contracts/api-token';
+import type { AdminApiToken, AdminTokenBody } from '../../../shared/contracts/admin-token';
+import type { AdminUser, Permission } from '../../../shared/contracts/shared';
+type AnyApiToken = ContentApiApiToken | AdminApiToken;
+/** API/body shape: permission without ids/timestamps and without actionParameters (defaulted by domain when creating). */
+type PermissionInput = Omit<Permission, 'id' | 'createdAt' | 'updatedAt' | 'actionParameters'>;
+/**
+ * Enforce that every requested admin permission stays within the calling
+ * user's own permission ceiling, then return the clamped permissions.
+ *
+ * Super-admins bypass this (they hold every permission).
+ * When admin permissions are requested, an authenticated user is required (no bypass when user is missing).
+ *
+ * For each requested permission:
+ *  - action + subject must match at least one user permission
+ *  - properties.fields must be ⊆ user's properties.fields
+ *    (if the user's permission defines no fields, all fields are allowed)
+ *  - conditions are inherited from the user's matching permission(s);
+ *    the caller cannot configure conditions on their own tokens
+ *
+ * Returns the permissions with conditions enforced from the user's role.
+ * Throws ValidationError if any permission exceeds the user's ceiling.
+ *
+ * Guaranteed postcondition: all returned permissions have conditions filtered to
+ * registered conditions only, regardless of the user type.
+ */
+declare const enforceAdminPermissionsCeiling: (user: AdminUser | undefined | null, requestedPermissions?: PermissionInput[]) => Promise<PermissionInput[]>;
+/**
+ * Assign admin permissions to an API token (similar to role permission assignment).
+ * ceilingUser is the user whose permissions act as the ceiling — always the token owner,
+ * regardless of who is making the request.
+ */
+declare const assignAdminPermissionsToToken: (tokenId: Data.ID, permissions: PermissionInput[], ceilingUser: AdminUser) => Promise<Permission[]>;
+/**
+ * Reconcile a token's admin permissions against the owner's current effective ceiling.
+ *
+ * Pure / sync — no DB calls. Returns two buckets:
+ *   toDelete  – permissions that are no longer within the user's scope (action/subject missing
+ *               or requested fields exceed the allowed set)
+ *   toUpdate  – permissions that are still in scope but whose conditions must be re-clamped
+ *               to the current union of the matching user permissions' conditions
+ */
+declare const reconcileTokenPermissionsToUserCeiling: (userPermissions: Permission[], tokenPermissions: Permission[]) => {
+    toDelete: Permission[];
+    toUpdate: {
+        id: Data.ID;
+        conditions: string[];
+    }[];
+};
+/**
+ * Re-sync all admin token permissions for a given user against their current effective ceiling.
+ *
+ * Skips super-admins (no ceiling). For each admin token owned by the user:
+ *   - Deletes permissions that are no longer within the user's scope
+ *   - Updates conditions on permissions whose conditions have drifted from the role's current set
+ */
+declare const syncApiTokenPermissionsForUser: (userId: Data.ID) => Promise<void>;
+/**
+ * Re-sync admin token permissions for all admin users who hold a given role.
+ * Called after role permissions are updated.
+ */
+declare const syncApiTokenPermissionsForRole: (roleId: Data.ID) => Promise<void>;
 type WhereParams = {
     id?: string | number;
     name?: string;
     lastUsedAt?: number;
     description?: string;
     accessKey?: string;
+    kind?: 'content-api' | 'admin';
+};
+type GetByOptions = {
+    includeDecryptedKey?: boolean;
 };
 /**
- *  Get a token
+ *  Get a token.
+ *  By default the plaintext accessKey is NOT included.
+ *  Pass { includeDecryptedKey: true } to decrypt and return it (owner-only paths).
  */
-declare const getBy: (whereParams?: WhereParams) => Promise<ApiToken | null>;
+declare const getBy: (whereParams?: WhereParams, options?: GetByOptions) => Promise<AnyApiToken | null>;
 /**
  * Check if token exists
  */
@@ -22,29 +90,85 @@ declare const hash: (accessKey: string) => string;
 /**
  * Create a token and its permissions
  */
-declare const create: (attributes: ApiTokenBody) => Promise<ApiToken>;
-declare const regenerate: (id: string | number) => Promise<ApiToken>;
+declare const create: <K extends "admin" | "content-api">(attributes: {
+    kind: K;
+} & (ContentApiApiTokenBody | AdminTokenBody), callingUser?: AdminUser) => Promise<K extends 'content-api' ? ContentApiApiToken : K extends 'admin' ? AdminApiToken : AnyApiToken>;
+declare const regenerate: (id: string | number) => Promise<ContentApiApiToken | AdminApiToken>;
 declare const checkSaltIsDefined: () => void;
 /**
- * Return a list of all tokens and their permissions
+ * Return a list of tokens visible to the calling user.
+ * Super-admins see all tokens; regular admins see only ownerless tokens and their own.
  */
-declare const list: () => Promise<Array<ApiToken>>;
+declare const list: <K extends "admin" | "content-api">(callingUser: AdminUser, { filter }?: {
+    filter?: {
+        kind?: K;
+    };
+}) => Promise<Array<K extends 'content-api' ? ContentApiApiToken : K extends 'admin' ? AdminApiToken : AnyApiToken>>;
 /**
  * Revoke (delete) a token
  */
-declare const revoke: (id: string | number) => Promise<ApiToken>;
+declare const revoke: (id: string | number) => Promise<AnyApiToken>;
 /**
  * Retrieve a token by id
  */
-declare const getById: (id: string | number) => Promise<ApiToken | null>;
+declare const getById: (id: string | number, options?: GetByOptions) => Promise<AnyApiToken | null>;
 /**
  * Retrieve a token by name
  */
-declare const getByName: (name: string) => Promise<ApiToken | null>;
+declare const getByName: (name: string, options?: GetByOptions) => Promise<AnyApiToken | null>;
 /**
  * Update a token and its permissions
  */
-declare const update: (id: string | number, attributes: Update.Request['body']) => Promise<ApiToken>;
+declare const update: (id: string | number, attributes: Update.Request['body']) => Promise<AnyApiToken>;
 declare const count: (where?: {}) => Promise<number>;
-export { create, count, regenerate, exists, checkSaltIsDefined, hash, list, revoke, getById, update, getByName, getBy, };
+/**
+ * Delete all admin API tokens owned by the given user, including their associated admin permissions.
+ * Called when the owner user is deleted so tokens don't linger with a dangling owner FK.
+ */
+declare const deleteAdminTokensForUser: (userId: Data.ID) => Promise<void>;
+interface SharedTokenMethods {
+    hash(accessKey: string): string;
+    checkSaltIsDefined(): void;
+    /** Kind-agnostic lookup by hashed access key — used by the auth strategy. */
+    getByAccessKey(accessKeyHash: string, options?: GetByOptions): Promise<AnyApiToken | null>;
+    /** Total count across all kinds. */
+    countAll(where?: object): Promise<number>;
+    reconcileTokenPermissionsToUserCeiling(userPermissions: Permission[], tokenPermissions: Permission[]): {
+        toDelete: Permission[];
+        toUpdate: {
+            id: Data.ID;
+            conditions: string[];
+        }[];
+    };
+}
+export interface ContentApiTokenService extends SharedTokenMethods {
+    create(attributes: ContentApiApiTokenBody, callingUser?: AdminUser): Promise<ContentApiApiToken>;
+    list(callingUser: AdminUser): Promise<ContentApiApiToken[]>;
+    getById(id: string | number, options?: GetByOptions): Promise<ContentApiApiToken | null>;
+    getByName(name: string, options?: GetByOptions): Promise<ContentApiApiToken | null>;
+    update(id: string | number, attributes: Partial<ContentApiApiTokenBody>): Promise<ContentApiApiToken>;
+    revoke(id: string | number): Promise<ContentApiApiToken>;
+    regenerate(id: string | number): Promise<ContentApiApiToken>;
+    exists(where: WhereParams): Promise<boolean>;
+    count(where?: object): Promise<number>;
+}
+export interface AdminTokenService extends SharedTokenMethods {
+    create(attributes: AdminTokenBody, callingUser: AdminUser): Promise<AdminApiToken>;
+    list(callingUser: AdminUser): Promise<AdminApiToken[]>;
+    getById(id: string | number, options?: GetByOptions): Promise<AdminApiToken | null>;
+    getByName(name: string, options?: GetByOptions): Promise<AdminApiToken | null>;
+    update(id: string | number, attributes: Partial<AdminTokenBody>): Promise<AdminApiToken>;
+    revoke(id: string | number): Promise<AdminApiToken>;
+    regenerate(id: string | number): Promise<AdminApiToken>;
+    exists(where: WhereParams): Promise<boolean>;
+    count(where?: object): Promise<number>;
+    assignAdminPermissionsToToken(tokenId: Data.ID, permissions: PermissionInput[], ceilingUser: AdminUser): Promise<Permission[]>;
+    syncPermissionsForUser(userId: Data.ID): Promise<void>;
+    syncPermissionsForRole(roleId: Data.ID): Promise<void>;
+    deleteTokensForUser(userId: Data.ID): Promise<void>;
+}
+declare function createTokenService(kind: 'content-api'): ContentApiTokenService;
+declare function createTokenService(kind: 'admin'): AdminTokenService;
+export type { GetByOptions };
+export { createTokenService, create, count, regenerate, exists, checkSaltIsDefined, hash, list, revoke, getById, update, getByName, getBy, assignAdminPermissionsToToken, enforceAdminPermissionsCeiling, reconcileTokenPermissionsToUserCeiling, syncApiTokenPermissionsForUser, syncApiTokenPermissionsForRole, deleteAdminTokensForUser, };
 //# sourceMappingURL=api-token.d.ts.map

package/dist/server/src/services/api-token.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"api-token.d.ts","sourceRoot":"","sources":["../../../../server/src/services/api-token.ts"],"names":[],"mappings":";~~AAIA~~,OAAO,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,~~YAAY~~,EAAE,MAAM,~~qCAAqC~~,CAAC;~~AAqG1F~~,KAAK,WAAW,GAAG;IACjB,EAAE,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;~~CACpB~~,CAAC;AAEF~~;;GAEG~~;AACH,QAAA,MAAM,KAAK,~~iBAAuB~~,WAAW,~~KAAQ~~,~~QAAQ~~,QAAQ,GAAG,IAAI,~~CA2B3E~~,CAAC;AAEF;;GAEG;AACH,QAAA,MAAM,MAAM,iBAAuB,WAAW,KAAQ,QAAQ,OAAO,CAIpE,CAAC;AAEF;;GAEG;AACH,QAAA,MAAM,IAAI,cAAe,MAAM,WAK9B,CAAC;AAeF;;GAEG;AACH,QAAA,MAAM,MAAM,~~eAAsB~~,~~YAAY~~,~~KAAG~~,~~QAAQ~~,~~QAAQ~~,~~CA+ChE~~,CAAC;AAEF,QAAA,MAAM,UAAU,OAAc,MAAM,GAAG,MAAM,KAAG,QAAQ,~~QAAQ~~,~~CAsB/D~~,CAAC;AAEF,QAAA,MAAM,kBAAkB,YAgBvB,CAAC;AAEF~~;;GAEG~~;AACH,QAAA,MAAM,IAAI,~~QAAa~~,~~QAAQ~~,MAAM,~~QAAQ~~,CAAC,~~CAY7C~~,CAAC;AAEF;;GAEG;AACH,QAAA,MAAM,MAAM,OAAc,MAAM,GAAG,MAAM,KAAG,QAAQ,~~QAAQ~~,~~CAI3D~~,CAAC;AAEF;;GAEG;AACH,QAAA,MAAM,OAAO,OAAc,MAAM,GAAG,MAAM,~~6BAEzC~~,CAAC;AAEF;;GAEG;AACH,QAAA,MAAM,SAAS,SAAgB,MAAM,~~6BAEpC~~,CAAC;AAEF;;GAEG;AACH,QAAA,MAAM,MAAM,OACN,MAAM,GAAG,MAAM,cACP,cAAc,CAAC,MAAM,CAAC,KACjC,QAAQ,~~QAAQ~~,~~CA+ElB~~,CAAC;AAEF,QAAA,MAAM,KAAK,kBAAuB,QAAQ,MAAM,CAE/C,CAAC;AAEF,OAAO,EACL,MAAM,EACN,KAAK,EACL,UAAU,EACV,MAAM,EACN,kBAAkB,EAClB,IAAI,EACJ,IAAI,EACJ,MAAM,EACN,OAAO,EACP,MAAM,EACN,SAAS,EACT,KAAK,~~GACN~~,CAAC"}
1	+ {"version":3,"file":"api-token.d.ts","sourceRoot":"","sources":["../../../../server/src/services/api-token.ts"],"names":[],"mappings":";AAeA,OAAO,KAAK,EAAQ,IAAI,EAAE,MAAM,eAAe,CAAC;AAEhD,OAAO,KAAK,EACV,MAAM,EACN,kBAAkB,EAClB,sBAAsB,EACvB,MAAM,qCAAqC,CAAC;AAC7C,OAAO,KAAK,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,uCAAuC,CAAC;AAC3F,OAAO,KAAK,EAAmB,SAAS,EAAE,UAAU,EAAE,MAAM,kCAAkC,CAAC;AAM/F,KAAK,WAAW,GAAG,kBAAkB,GAAG,aAAa,CAAC;AAoItD,0HAA0H;AAC1H,KAAK,eAAe,GAAG,IAAI,CAAC,UAAU,EAAE,IAAI,GAAG,WAAW,GAAG,WAAW,GAAG,kBAAkB,CAAC,CAAC;AAmD/F;;;;;;;;;;;;;;;;;;;GAmBG;AACH,QAAA,MAAM,8BAA8B,SAC5B,SAAS,GAAG,SAAS,GAAG,IAAI,yBACX,eAAe,EAAE,KACvC,QAAQ,eAAe,EAAE,CAoG3B,CAAC;AA6CF;;;;GAIG;AACH,QAAA,MAAM,6BAA6B,YACxB,KAAK,EAAE,eACH,eAAe,EAAE,eACjB,SAAS,KACrB,QAAQ,UAAU,EAAE,CA0CtB,CAAC;AAEF;;;;;;;;GAQG;AACH,QAAA,MAAM,sCAAsC,oBACzB,UAAU,EAAE,oBACX,UAAU,EAAE,KAC7B;IAAE,QAAQ,EAAE,UAAU,EAAE,CAAC;IAAC,QAAQ,EAAE;QAAE,EAAE,EAAE,KAAK,EAAE,CAAC;QAAC,UAAU,EAAE,MAAM,EAAE,CAAA;KAAE,EAAE,CAAA;CA2D7E,CAAC;AAEF;;;;;;GAMG;AACH,QAAA,MAAM,8BAA8B,WAAkB,KAAK,EAAE,KAAG,QAAQ,IAAI,CAuC3E,CAAC;AAEF;;;GAGG;AACH,QAAA,MAAM,8BAA8B,WAAkB,KAAK,EAAE,KAAG,QAAQ,IAAI,CAO3E,CAAC;AASF,KAAK,WAAW,GAAG;IACjB,EAAE,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,IAAI,CAAC,EAAE,aAAa,GAAG,OAAO,CAAC;CAChC,CAAC;AAEF,KAAK,YAAY,GAAG;IAClB,mBAAmB,CAAC,EAAE,OAAO,CAAC;CAC/B,CAAC;AAEF;;;;GAIG;AACH,QAAA,MAAM,KAAK,iBACI,WAAW,YACf,YAAY,KACpB,QAAQ,WAAW,GAAG,IAAI,CA8C5B,CAAC;AAEF;;GAEG;AACH,QAAA,MAAM,MAAM,iBAAuB,WAAW,KAAQ,QAAQ,OAAO,CAIpE,CAAC;AAEF;;GAEG;AACH,QAAA,MAAM,IAAI,cAAe,MAAM,WAK9B,CAAC;AAeF;;GAEG;AACH,QAAA,MAAM,MAAM,kDACE;IAAE,IAAI,EAAE,CAAC,CAAA;CAAE,GAAG,CAAC,sBAAsB,GAAG,cAAc,CAAC,gBACrD,SAAS,KACtB,QACD,CAAC,SAAS,aAAa,GAAG,kBAAkB,GAAG,CAAC,SAAS,OAAO,GAAG,aAAa,GAAG,WAAW,CAgH/F,CAAC;AAEF,QAAA,MAAM,UAAU,OAAc,MAAM,GAAG,MAAM,KAAG,QAAQ,kBAAkB,GAAG,aAAa,CAsBzF,CAAC;AAEF,QAAA,MAAM,kBAAkB,YAgBvB,CAAC;AAEF;;;GAGG;AACH,QAAA,MAAM,IAAI,mDACK,SAAS,eACV;IAAE,MAAM,CAAC,EAAE;QAAE,IAAI,CAAC,EAAE,CAAC,CAAA;KAAE,CAAA;CAAE,KACpC,QACD,MACE,CAAC,SAAS,aAAa,GAAG,kBAAkB,GAAG,CAAC,SAAS,OAAO,GAAG,aAAa,GAAG,WAAW,CAC/F,CAwCF,CAAC;AAEF;;GAEG;AACH,QAAA,MAAM,MAAM,OAAc,MAAM,GAAG,MAAM,KAAG,QAAQ,WAAW,CA6B9D,CAAC;AAEF;;GAEG;AACH,QAAA,MAAM,OAAO,OAAc,MAAM,GAAG,MAAM,YAAY,YAAY,gCAEjE,CAAC;AAEF;;GAEG;AACH,QAAA,MAAM,SAAS,SAAgB,MAAM,YAAY,YAAY,gCAE5D,CAAC;AAEF;;GAEG;AACH,QAAA,MAAM,MAAM,OACN,MAAM,GAAG,MAAM,cACP,cAAc,CAAC,MAAM,CAAC,KACjC,QAAQ,WAAW,CA6JrB,CAAC;AAEF,QAAA,MAAM,KAAK,kBAAuB,QAAQ,MAAM,CAE/C,CAAC;AAEF;;;GAGG;AACH,QAAA,MAAM,wBAAwB,WAAkB,KAAK,EAAE,KAAG,QAAQ,IAAI,CAkBrE,CAAC;AAMF,UAAU,kBAAkB;IAC1B,IAAI,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,CAAC;IAChC,kBAAkB,IAAI,IAAI,CAAC;IAC3B,6EAA6E;IAC7E,cAAc,CAAC,aAAa,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,YAAY,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,CAAC;IAC3F,oCAAoC;IACpC,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAC1C,sCAAsC,CACpC,eAAe,EAAE,UAAU,EAAE,EAC7B,gBAAgB,EAAE,UAAU,EAAE,GAC7B;QAAE,QAAQ,EAAE,UAAU,EAAE,CAAC;QAAC,QAAQ,EAAE;YAAE,EAAE,EAAE,IAAI,CAAC,EAAE,CAAC;YAAC,UAAU,EAAE,MAAM,EAAE,CAAA;SAAE,EAAE,CAAA;KAAE,CAAC;CAClF;AAED,MAAM,WAAW,sBAAuB,SAAQ,kBAAkB;IAChE,MAAM,CAAC,UAAU,EAAE,sBAAsB,EAAE,WAAW,CAAC,EAAE,SAAS,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;IACjG,IAAI,CAAC,WAAW,EAAE,SAAS,GAAG,OAAO,CAAC,kBAAkB,EAAE,CAAC,CAAC;IAC5D,OAAO,CAAC,EAAE,EAAE,MAAM,GAAG,MAAM,EAAE,OAAO,CAAC,EAAE,YAAY,GAAG,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC,CAAC;IACzF,SAAS,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,YAAY,GAAG,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC,CAAC;IACpF,MAAM,CACJ,EAAE,EAAE,MAAM,GAAG,MAAM,EACnB,UAAU,EAAE,OAAO,CAAC,sBAAsB,CAAC,GAC1C,OAAO,CAAC,kBAAkB,CAAC,CAAC;IAC/B,MAAM,CAAC,EAAE,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;IACzD,UAAU,CAAC,EAAE,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;IAC7D,MAAM,CAAC,KAAK,EAAE,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAC7C,KAAK,CAAC,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;CACxC;AAED,MAAM,WAAW,iBAAkB,SAAQ,kBAAkB;IAC3D,MAAM,CAAC,UAAU,EAAE,cAAc,EAAE,WAAW,EAAE,SAAS,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC;IACnF,IAAI,CAAC,WAAW,EAAE,SAAS,GAAG,OAAO,CAAC,aAAa,EAAE,CAAC,CAAC;IACvD,OAAO,CAAC,EAAE,EAAE,MAAM,GAAG,MAAM,EAAE,OAAO,CAAC,EAAE,YAAY,GAAG,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC,CAAC;IACpF,SAAS,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,YAAY,GAAG,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC,CAAC;IAC/E,MAAM,CAAC,EAAE,EAAE,MAAM,GAAG,MAAM,EAAE,UAAU,EAAE,OAAO,CAAC,cAAc,CAAC,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC;IACzF,MAAM,CAAC,EAAE,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC;IACpD,UAAU,CAAC,EAAE,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC;IACxD,MAAM,CAAC,KAAK,EAAE,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAC7C,KAAK,CAAC,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IACvC,6BAA6B,CAC3B,OAAO,EAAE,IAAI,CAAC,EAAE,EAChB,WAAW,EAAE,eAAe,EAAE,EAC9B,WAAW,EAAE,SAAS,GACrB,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC;IACzB,sBAAsB,CAAC,MAAM,EAAE,IAAI,CAAC,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACvD,sBAAsB,CAAC,MAAM,EAAE,IAAI,CAAC,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACvD,mBAAmB,CAAC,MAAM,EAAE,IAAI,CAAC,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACrD;AAMD,iBAAS,kBAAkB,CAAC,IAAI,EAAE,aAAa,GAAG,sBAAsB,CAAC;AACzE,iBAAS,kBAAkB,CAAC,IAAI,EAAE,OAAO,GAAG,iBAAiB,CAAC;AAmE9D,YAAY,EAAE,YAAY,EAAE,CAAC;AAE7B,OAAO,EACL,kBAAkB,EAClB,MAAM,EACN,KAAK,EACL,UAAU,EACV,MAAM,EACN,kBAAkB,EAClB,IAAI,EACJ,IAAI,EACJ,MAAM,EACN,OAAO,EACP,MAAM,EACN,SAAS,EACT,KAAK,EACL,6BAA6B,EAC7B,8BAA8B,EAC9B,sCAAsC,EACtC,8BAA8B,EAC9B,8BAA8B,EAC9B,wBAAwB,GACzB,CAAC"}

package/dist/server/src/services/constants.d.ts CHANGED Viewed

@@ -19,17 +19,19 @@ declare const constants: {
         DAYS_30: number;
         DAYS_90: number;
     };
-    DEFAULT_API_TOKENS: readonly [{
-        readonly name: "Read Only";
-        readonly description: "A default API token with read-only permissions, only used for accessing resources";
-        readonly type: "read-only";
-        readonly lifespan: null;
-    }, {
-        readonly name: "Full Access";
-        readonly description: "A default API token with full access permissions, used for accessing or modifying resources";
-        readonly type: "full-access";
-        readonly lifespan: null;
-    }];
+    DEFAULT_API_TOKENS: ({
+        name: string;
+        description: string;
+        kind: "content-api";
+        type: "read-only";
+        lifespan: null;
+    } | {
+        name: string;
+        description: string;
+        kind: "content-api";
+        type: "full-access";
+        lifespan: null;
+    })[];
     TRANSFER_TOKEN_TYPE: {
         PUSH: string;
         PULL: string;

package/dist/server/src/services/constants.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../../../server/src/services/constants.ts"],"names":[],"mappings":"~~AAEA~~,QAAA,MAAM,SAAS~~;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAgDd~~,CAAC;AAEF,eAAe,SAAS,CAAC"}
1	+ {"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../../../server/src/services/constants.ts"],"names":[],"mappings":"AAIA,QAAA,MAAM,SAAS;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAqDd,CAAC;AAEF,eAAe,SAAS,CAAC"}

package/dist/server/src/services/index.d.ts CHANGED Viewed

@@ -5,7 +5,6 @@ import * as contentType from './content-type';
 import * as constants from './constants';
 import * as condition from './condition';
 import * as action from './action';
-import * as apiToken from './api-token';
 import * as transfer from './transfer';
 import * as projectSettings from './project-settings';
 declare const _default: {
@@ -105,7 +104,8 @@ declare const _default: {
     constants: typeof constants;
     condition: typeof condition;
     action: typeof action;
-    'api-token': typeof apiToken;
+    'api-token-content-api': import("./api-token").ContentApiTokenService;
+    'api-token-admin': import("./api-token").AdminTokenService;
     transfer: typeof transfer;
     'project-settings': typeof projectSettings;
     encryption: {

package/dist/server/src/services/index.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../server/src/services/index.ts"],"names":[],"mappings":";AAOA,OAAO,KAAK,KAAK,MAAM,SAAS,CAAC;AACjC,OAAO,KAAK,UAAU,MAAM,cAAc,CAAC;AAC3C,OAAO,KAAK,WAAW,MAAM,gBAAgB,CAAC;AAC9C,OAAO,KAAK,SAAS,MAAM,aAAa,CAAC;AACzC,OAAO,KAAK,SAAS,MAAM,aAAa,CAAC;AACzC,OAAO,KAAK,MAAM,MAAM,UAAU,CAAC;~~AACnC~~,OAAO,KAAK,QAAQ,MAAM,~~aAAa,CAAC;AACxC,OAAO,KAAK,QAAQ,MAAM,~~YAAY,CAAC;AACvC,OAAO,KAAK,eAAe,MAAM,oBAAoB,CAAC~~;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;~~AAItD,~~wBAiBE~~"}
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../server/src/services/index.ts"],"names":[],"mappings":";AAOA,OAAO,KAAK,KAAK,MAAM,SAAS,CAAC;AACjC,OAAO,KAAK,UAAU,MAAM,cAAc,CAAC;AAC3C,OAAO,KAAK,WAAW,MAAM,gBAAgB,CAAC;AAC9C,OAAO,KAAK,SAAS,MAAM,aAAa,CAAC;AACzC,OAAO,KAAK,SAAS,MAAM,aAAa,CAAC;AACzC,OAAO,KAAK,MAAM,MAAM,UAAU,CAAC;AAEnC,OAAO,KAAK,QAAQ,MAAM,YAAY,CAAC;AACvC,OAAO,KAAK,eAAe,MAAM,oBAAoB,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAItD,wBAkBE"}

package/dist/server/src/services/permission/engine.d.ts CHANGED Viewed

@@ -11,6 +11,11 @@ declare const _default: (params: {
      * @param user
      */
     generateUserAbility(user: AdminUser): Promise<Ability>;
+    /**
+     * Generate an ability based on an admin token's stored permissions, scoped to the owner.
+     * Token permissions are already validated and ceiling-clamped at write time.
+     */
+    generateTokenAbility(tokenPermissions: Permission[], owner: AdminUser): Promise<Ability>;
     /**
      * Check many permissions based on an ability
      */

package/dist/server/src/services/permission/engine.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"engine.d.ts","sourceRoot":"","sources":["../../../../../server/src/services/permission/engine.ts"],"names":[],"mappings":";AACA,OAAoB,EAAE,KAAK,MAAM,EAAE,MAAM,qBAAqB,CAAC;AAC/D,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AAI7C,OAAO,KAAK,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,qCAAqC,CAAC;iCAEzD;IAAE,SAAS,EAAE,OAAO,YAAY,CAAC,WAAW,CAAC,CAAA;CAAE;;IA4DnE;;;OAGG;8BAC6B,SAAS,GAAG,QAAQ,OAAO,CAAC;IAM5D;;OAEG;;;~~AAxEP~~,~~wBA8EE~~"}
1	+ {"version":3,"file":"engine.d.ts","sourceRoot":"","sources":["../../../../../server/src/services/permission/engine.ts"],"names":[],"mappings":";AACA,OAAoB,EAAE,KAAK,MAAM,EAAE,MAAM,qBAAqB,CAAC;AAC/D,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AAI7C,OAAO,KAAK,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,qCAAqC,CAAC;iCAEzD;IAAE,SAAS,EAAE,OAAO,YAAY,CAAC,WAAW,CAAC,CAAA;CAAE;;IA4DnE;;;OAGG;8BAC6B,SAAS,GAAG,QAAQ,OAAO,CAAC;IAM5D;;;OAGG;2CAC0C,UAAU,EAAE,SAAS,SAAS,GAAG,QAAQ,OAAO,CAAC;IAI9F;;OAEG;;;AAhFP,wBAsFE"}

package/dist/server/src/services/permission/queries.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"queries.d.ts","sourceRoot":"","sources":["../../../../../server/src/services/permission/queries.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;AAE1C,OAAyB,EAAE,uBAAuB,EAAE,MAAM,yBAAyB,CAAC;AACpF,OAAO,KAAK,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,qCAAqC,CAAC;AAGjF;;;GAGG;AACH,eAAO,MAAM,gBAAgB,aAAoB,KAAK,EAAE,EAAE,KAAG,QAAQ,IAAI,CAWxE,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,WAAW,QAAe,KAAK,EAAE,EAAE,KAAG,QAAQ,IAAI,CAO9D,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,UAAU,gBAAuB,uBAAuB,EAAE,KAAG,QAAQ,UAAU,EAAE,CAW7F,CAAC;AAkBF;;;GAGG;AACH,eAAO,MAAM,QAAQ,mBAAwB,QAAQ,UAAU,EAAE,CAIhE,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,mBAAmB,SAAgB,SAAS,KAAG,QAAQ,UAAU,EAAE,CAE/E,CAAC;AAqCF;;GAEG;AACH,eAAO,MAAM,0BAA0B,QAAa,QAAQ,IAAI,~~CAiD~~/D,CAAC;;;;;;;;;AAEF,wBAOE"}
1	+ {"version":3,"file":"queries.d.ts","sourceRoot":"","sources":["../../../../../server/src/services/permission/queries.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;AAE1C,OAAyB,EAAE,uBAAuB,EAAE,MAAM,yBAAyB,CAAC;AACpF,OAAO,KAAK,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,qCAAqC,CAAC;AAGjF;;;GAGG;AACH,eAAO,MAAM,gBAAgB,aAAoB,KAAK,EAAE,EAAE,KAAG,QAAQ,IAAI,CAWxE,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,WAAW,QAAe,KAAK,EAAE,EAAE,KAAG,QAAQ,IAAI,CAO9D,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,UAAU,gBAAuB,uBAAuB,EAAE,KAAG,QAAQ,UAAU,EAAE,CAW7F,CAAC;AAkBF;;;GAGG;AACH,eAAO,MAAM,QAAQ,mBAAwB,QAAQ,UAAU,EAAE,CAIhE,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,mBAAmB,SAAgB,SAAS,KAAG,QAAQ,UAAU,EAAE,CAE/E,CAAC;AAqCF;;GAEG;AACH,eAAO,MAAM,0BAA0B,QAAa,QAAQ,IAAI,CA2D/D,CAAC;;;;;;;;;AAEF,wBAOE"}

package/dist/server/src/services/permission.d.ts CHANGED Viewed

@@ -79,6 +79,7 @@ declare const sanitizePermission: (p: import("../../../shared/contracts/shared")
 declare const engine: {
     readonly hooks: import("@strapi/permissions/dist/engine/hooks").PermissionEngineHooks;
     generateUserAbility(user: import("../../../shared/contracts/shared").AdminUser): Promise<import("@casl/ability").Ability<import("@casl/ability").AbilityTuple, any>>;
+    generateTokenAbility(tokenPermissions: import("../../../shared/contracts/shared").Permission[], owner: import("../../../shared/contracts/shared").AdminUser): Promise<import("@casl/ability").Ability<import("@casl/ability").AbilityTuple, any>>;
     checkMany: import("lodash").CurriedFunction2<import("@casl/ability").Ability<import("@casl/ability").AbilityTuple, any>, import("../../../shared/contracts/shared").Permission[], boolean[]>;
 };
 export { cleanPermissionsInDatabase, createMany, deleteByIds, deleteByRolesIds, findMany, findUserPermissions, createPermissionsManager, sectionsBuilder, sanitizePermission, engine, actionProvider, conditionProvider, };

package/dist/server/src/services/permission.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"permission.d.ts","sourceRoot":"","sources":["../../../../server/src/services/permission.ts"],"names":[],"mappings":";AAGA,OAAO,wBAAwB,MAAM,kCAAkC,CAAC;AAGxE,OAAO,EACL,0BAA0B,EAC1B,UAAU,EACV,WAAW,EACX,gBAAgB,EAChB,QAAQ,EACR,mBAAmB,EACpB,MAAM,sBAAsB,CAAC;AAE9B,QAAA,MAAM,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAAyB,CAAC;AAC9C,QAAA,MAAM,iBAAiB;;;;;;;;;;;;;;;;;CAA4B,CAAC;AACpD,QAAA,MAAM,eAAe;;;;;;CAA0B,CAAC;AAEhD,QAAA,MAAM,kBAAkB,6HAAkC,CAAC;AAE3D,QAAA,MAAM,MAAM~~;;;;~~CAEV,CAAC;AAEH,OAAO,EAEL,0BAA0B,EAC1B,UAAU,EACV,WAAW,EACX,gBAAgB,EAChB,QAAQ,EACR,mBAAmB,EAEnB,wBAAwB,EACxB,eAAe,EACf,kBAAkB,EAElB,MAAM,EAEN,cAAc,EACd,iBAAiB,GAClB,CAAC"}
1	+ {"version":3,"file":"permission.d.ts","sourceRoot":"","sources":["../../../../server/src/services/permission.ts"],"names":[],"mappings":";AAGA,OAAO,wBAAwB,MAAM,kCAAkC,CAAC;AAGxE,OAAO,EACL,0BAA0B,EAC1B,UAAU,EACV,WAAW,EACX,gBAAgB,EAChB,QAAQ,EACR,mBAAmB,EACpB,MAAM,sBAAsB,CAAC;AAE9B,QAAA,MAAM,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAAyB,CAAC;AAC9C,QAAA,MAAM,iBAAiB;;;;;;;;;;;;;;;;;CAA4B,CAAC;AACpD,QAAA,MAAM,eAAe;;;;;;CAA0B,CAAC;AAEhD,QAAA,MAAM,kBAAkB,6HAAkC,CAAC;AAE3D,QAAA,MAAM,MAAM;;;;;CAEV,CAAC;AAEH,OAAO,EAEL,0BAA0B,EAC1B,UAAU,EACV,WAAW,EACX,gBAAgB,EAChB,QAAQ,EACR,mBAAmB,EAEnB,wBAAwB,EACxB,eAAe,EACf,kBAAkB,EAElB,MAAM,EAEN,cAAc,EACd,iBAAiB,GAClB,CAAC"}

package/dist/server/src/services/role.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"role.d.ts","sourceRoot":"","sources":["../../../../server/src/services/role.ts"],"names":[],"mappings":"AAKA,OAAO,EAAiB,KAAK,IAAI,UAAU,EAAU,MAAM,eAAe,CAAC;AAC3E,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;AAG1C,OAAO,KAAK,EAAE,SAAS,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,kCAAkC,CAAC;AA0BzF,MAAM,MAAM,uBAAuB,GAAG,SAAS,GAAG;IAAE,UAAU,EAAE,MAAM,CAAA;CAAE,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;~~AAoazE~~,wBAuBE"}
1	+ {"version":3,"file":"role.d.ts","sourceRoot":"","sources":["../../../../server/src/services/role.ts"],"names":[],"mappings":"AAKA,OAAO,EAAiB,KAAK,IAAI,UAAU,EAAU,MAAM,eAAe,CAAC;AAC3E,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;AAG1C,OAAO,KAAK,EAAE,SAAS,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,kCAAkC,CAAC;AA0BzF,MAAM,MAAM,uBAAuB,GAAG,SAAS,GAAG;IAAE,UAAU,EAAE,MAAM,CAAA;CAAE,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAwazE,wBAuBE"}

package/dist/server/src/strategies/admin-token.d.ts ADDED Viewed

@@ -0,0 +1,51 @@
+import type { Context } from 'koa';
+import { errors } from '@strapi/utils';
+import '@strapi/types';
+/**
+ * Authenticate an admin token. Rejects tokens with kind !== 'admin'.
+ */
+export declare const authenticate: (ctx: Context) => Promise<{
+    authenticated: boolean;
+    error?: undefined;
+    credentials?: undefined;
+    ability?: undefined;
+} | {
+    authenticated: boolean;
+    error: errors.UnauthorizedError<string, unknown>;
+    credentials?: undefined;
+    ability?: undefined;
+} | {
+    authenticated: boolean;
+    credentials: import("../../../shared/contracts/admin-token").AdminApiToken;
+    ability: import("@casl/ability").Ability<import("@casl/ability").AbilityTuple, any>;
+    error?: undefined;
+}>;
+/**
+ * Re-check presence and expiry at verify time.
+ * Authorization is handled by isAuthenticatedAdmin + hasPermissions policies.
+ *
+ * @type {import('.').VerifyFunction}
+ */
+export declare const verify: (auth: any) => void;
+declare const _default: {
+    name: string;
+    authenticate: (ctx: Context) => Promise<{
+        authenticated: boolean;
+        error?: undefined;
+        credentials?: undefined;
+        ability?: undefined;
+    } | {
+        authenticated: boolean;
+        error: errors.UnauthorizedError<string, unknown>;
+        credentials?: undefined;
+        ability?: undefined;
+    } | {
+        authenticated: boolean;
+        credentials: import("../../../shared/contracts/admin-token").AdminApiToken;
+        ability: import("@casl/ability").Ability<import("@casl/ability").AbilityTuple, any>;
+        error?: undefined;
+    }>;
+    verify: (auth: any) => void;
+};
+export default _default;
+//# sourceMappingURL=admin-token.d.ts.map

package/dist/server/src/strategies/admin-token.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"admin-token.d.ts","sourceRoot":"","sources":["../../../../server/src/strategies/admin-token.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,KAAK,CAAC;AACnC,OAAO,EAAE,MAAM,EAAE,MAAM,eAAe,CAAC;AAGvC,OAAO,eAAe,CAAC;AAIvB;;GAEG;AACH,eAAO,MAAM,YAAY,QAAe,OAAO;;;;;;;;;;;;;;;EA8D9C,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,MAAM,SAAU,GAAG,KAAG,IAWlC,CAAC;;;;;;;;;;;;;;;;;;;;;AAEF,wBAIE"}

package/dist/server/src/strategies/api-token-utils.d.ts ADDED Viewed

@@ -0,0 +1,13 @@
+import type { Context } from 'koa';
+import { errors } from '@strapi/utils';
+declare const UnauthorizedError: typeof errors.UnauthorizedError;
+export declare const extractToken: (ctx: Context) => string | null;
+export declare const checkExpiry: (apiToken: {
+    expiresAt?: string | number | null;
+}) => InstanceType<typeof UnauthorizedError> | null;
+export declare const updateLastUsedAt: (apiToken: {
+    id: number | string;
+    lastUsedAt?: string | null;
+}) => Promise<void>;
+export {};
+//# sourceMappingURL=api-token-utils.d.ts.map

package/dist/server/src/strategies/api-token-utils.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"api-token-utils.d.ts","sourceRoot":"","sources":["../../../../server/src/strategies/api-token-utils.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,KAAK,CAAC;AAGnC,OAAO,EAAE,MAAM,EAAE,MAAM,eAAe,CAAC;AAEvC,QAAA,MAAQ,iBAAiB,iCAAW,CAAC;AAErC,eAAO,MAAM,YAAY,QAAS,OAAO,KAAG,MAAM,GAAG,IAYpD,CAAC;AAEF,eAAO,MAAM,WAAW,aAAc;IACpC,SAAS,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAAC;CACpC,KAAG,aAAa,wBAAwB,CAAC,GAAG,IAS5C,CAAC;AAEF,eAAO,MAAM,gBAAgB,aAAoB;IAC/C,EAAE,EAAE,MAAM,GAAG,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC5B,KAAG,QAAQ,IAAI,CAiBf,CAAC"}

package/dist/server/src/strategies/{api-token.d.ts → content-api-token.d.ts} RENAMED Viewed

@@ -2,7 +2,7 @@ import type { Context } from 'koa';
 import { errors } from '@strapi/utils';
 import '@strapi/types';
 /**
- * Authenticate the validity of the token
+ * Authenticate a content-api token. Rejects tokens with kind !== 'content-api'.
  */
 export declare const authenticate: (ctx: Context) => Promise<{
     authenticated: boolean;
@@ -11,27 +11,26 @@ export declare const authenticate: (ctx: Context) => Promise<{
     credentials?: undefined;
 } | {
     authenticated: boolean;
-    error: errors.UnauthorizedError<"Token expired", unknown>;
+    error: errors.UnauthorizedError<string, unknown>;
     ability?: undefined;
     credentials?: undefined;
 } | {
     authenticated: boolean;
     ability: import("@casl/ability").Ability<import("@casl/ability").AbilityTuple, any>;
-    credentials: import("../../../shared/contracts/api-token").ApiToken;
+    credentials: import("../../../shared/contracts/content-api-token").ContentApiApiToken;
     error?: undefined;
 } | {
     authenticated: boolean;
-    credentials: import("../../../shared/contracts/api-token").ApiToken;
+    credentials: import("../../../shared/contracts/content-api-token").ContentApiApiToken;
     error?: undefined;
     ability?: undefined;
 }>;
 /**
- * Verify the token has the required abilities for the requested scope
+ * Verify the token has the required abilities for the requested scope.
  *
- *  @type {import('.').VerifyFunction}
+ * @type {import('.').VerifyFunction}
  */
 export declare const verify: (auth: any, config: any) => void;
-export declare const name = "api-token";
 declare const _default: {
     name: string;
     authenticate: (ctx: Context) => Promise<{
@@ -41,21 +40,21 @@ declare const _default: {
         credentials?: undefined;
     } | {
         authenticated: boolean;
-        error: errors.UnauthorizedError<"Token expired", unknown>;
+        error: errors.UnauthorizedError<string, unknown>;
         ability?: undefined;
         credentials?: undefined;
     } | {
         authenticated: boolean;
         ability: import("@casl/ability").Ability<import("@casl/ability").AbilityTuple, any>;
-        credentials: import("../../../shared/contracts/api-token").ApiToken;
+        credentials: import("../../../shared/contracts/content-api-token").ContentApiApiToken;
         error?: undefined;
     } | {
         authenticated: boolean;
-        credentials: import("../../../shared/contracts/api-token").ApiToken;
+        credentials: import("../../../shared/contracts/content-api-token").ContentApiApiToken;
         error?: undefined;
         ability?: undefined;
     }>;
     verify: (auth: any, config: any) => void;
 };
 export default _default;
-//# sourceMappingURL=api-token.d.ts.map
+//# sourceMappingURL=content-api-token.d.ts.map

package/dist/server/src/strategies/content-api-token.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"content-api-token.d.ts","sourceRoot":"","sources":["../../../../server/src/strategies/content-api-token.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,KAAK,CAAC;AAEnC,OAAO,EAAE,MAAM,EAAE,MAAM,eAAe,CAAC;AAIvC,OAAO,eAAe,CAAC;AAMvB;;GAEG;AACH,eAAO,MAAM,YAAY,QAAe,OAAO;;;;;;;;;;;;;;;;;;;;EAoC9C,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,MAAM,SAAU,GAAG,UAAU,GAAG,SAyC5C,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;AAEF,wBAIE"}

package/dist/server/src/strategies/index.d.ts CHANGED Viewed

@@ -14,5 +14,6 @@
  */
 export { default as admin } from './admin';
 export { default as dataTransfer } from './data-transfer';
-export { default as apiToken } from './api-token';
+export { default as contentApiToken } from './content-api-token';
+export { default as adminToken } from './admin-token';
 //# sourceMappingURL=index.d.ts.map

package/dist/server/src/strategies/index.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../server/src/strategies/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH;;;;;;GAMG;AAEH,OAAO,EAAE,OAAO,IAAI,KAAK,EAAE,MAAM,SAAS,CAAC;AAC3C,OAAO,EAAE,OAAO,IAAI,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC1D,OAAO,EAAE,OAAO,IAAI,~~QAAQ~~,EAAE,MAAM,~~aAAa~~,CAAC"}
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../server/src/strategies/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH;;;;;;GAMG;AAEH,OAAO,EAAE,OAAO,IAAI,KAAK,EAAE,MAAM,SAAS,CAAC;AAC3C,OAAO,EAAE,OAAO,IAAI,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC1D,OAAO,EAAE,OAAO,IAAI,eAAe,EAAE,MAAM,qBAAqB,CAAC;AACjE,OAAO,EAAE,OAAO,IAAI,UAAU,EAAE,MAAM,eAAe,CAAC"}

package/dist/server/src/validation/admin-tokens.d.ts ADDED Viewed

@@ -0,0 +1,75 @@
+import { yup } from '@strapi/utils';
+export declare const validateAdminTokenCreationInput: (body: unknown, errorMessage?: string | undefined) => Promise<import("yup/lib/object").AssertsShape<import("yup/lib/object").Assign<import("yup/lib/object").ObjectShape, {
+    kind: import("yup").StringSchema<string | undefined, Record<string, any>, string | undefined>;
+    name: import("yup/lib/string").RequiredStringSchema<string | undefined, Record<string, any>>;
+    description: import("yup").StringSchema<string | undefined, Record<string, any>, string | undefined>;
+    lifespan: yup.NumberSchema<number | null | undefined, Record<string, any>, number | null | undefined>;
+    adminPermissions: yup.ArraySchema<import("yup").ObjectSchema<import("yup/lib/object").Assign<import("yup/lib/object").ObjectShape, {
+        action: import("yup/lib/string").RequiredStringSchema<string | undefined, Record<string, any>>;
+        actionParameters: import("yup/lib/object").OptionalObjectSchema<import("yup/lib/object").ObjectShape, Record<string, any>, import("yup/lib/object").TypeOfShape<import("yup/lib/object").ObjectShape> | null>;
+        subject: import("yup").StringSchema<string | null | undefined, Record<string, any>, string | null | undefined>;
+        properties: import("yup/lib/object").OptionalObjectSchema<import("yup/lib/object").ObjectShape, Record<string, any>, import("yup/lib/object").TypeOfShape<import("yup/lib/object").ObjectShape>>;
+        conditions: yup.ArraySchema<import("yup").StringSchema<string | undefined, Record<string, any>, string | undefined>, import("yup/lib/types").AnyObject, (string | undefined)[] | undefined, (string | undefined)[] | undefined>;
+    }>, Record<string, any>, import("yup/lib/object").TypeOfShape<import("yup/lib/object").Assign<import("yup/lib/object").ObjectShape, {
+        action: import("yup/lib/string").RequiredStringSchema<string | undefined, Record<string, any>>;
+        actionParameters: import("yup/lib/object").OptionalObjectSchema<import("yup/lib/object").ObjectShape, Record<string, any>, import("yup/lib/object").TypeOfShape<import("yup/lib/object").ObjectShape> | null>;
+        subject: import("yup").StringSchema<string | null | undefined, Record<string, any>, string | null | undefined>;
+        properties: import("yup/lib/object").OptionalObjectSchema<import("yup/lib/object").ObjectShape, Record<string, any>, import("yup/lib/object").TypeOfShape<import("yup/lib/object").ObjectShape>>;
+        conditions: yup.ArraySchema<import("yup").StringSchema<string | undefined, Record<string, any>, string | undefined>, import("yup/lib/types").AnyObject, (string | undefined)[] | undefined, (string | undefined)[] | undefined>;
+    }>>, import("yup/lib/object").AssertsShape<import("yup/lib/object").Assign<import("yup/lib/object").ObjectShape, {
+        action: import("yup/lib/string").RequiredStringSchema<string | undefined, Record<string, any>>;
+        actionParameters: import("yup/lib/object").OptionalObjectSchema<import("yup/lib/object").ObjectShape, Record<string, any>, import("yup/lib/object").TypeOfShape<import("yup/lib/object").ObjectShape> | null>;
+        subject: import("yup").StringSchema<string | null | undefined, Record<string, any>, string | null | undefined>;
+        properties: import("yup/lib/object").OptionalObjectSchema<import("yup/lib/object").ObjectShape, Record<string, any>, import("yup/lib/object").TypeOfShape<import("yup/lib/object").ObjectShape>>;
+        conditions: yup.ArraySchema<import("yup").StringSchema<string | undefined, Record<string, any>, string | undefined>, import("yup/lib/types").AnyObject, (string | undefined)[] | undefined, (string | undefined)[] | undefined>;
+    }>>>, import("yup/lib/types").AnyObject, import("yup/lib/object").TypeOfShape<import("yup/lib/object").Assign<import("yup/lib/object").ObjectShape, {
+        action: import("yup/lib/string").RequiredStringSchema<string | undefined, Record<string, any>>;
+        actionParameters: import("yup/lib/object").OptionalObjectSchema<import("yup/lib/object").ObjectShape, Record<string, any>, import("yup/lib/object").TypeOfShape<import("yup/lib/object").ObjectShape> | null>;
+        subject: import("yup").StringSchema<string | null | undefined, Record<string, any>, string | null | undefined>;
+        properties: import("yup/lib/object").OptionalObjectSchema<import("yup/lib/object").ObjectShape, Record<string, any>, import("yup/lib/object").TypeOfShape<import("yup/lib/object").ObjectShape>>;
+        conditions: yup.ArraySchema<import("yup").StringSchema<string | undefined, Record<string, any>, string | undefined>, import("yup/lib/types").AnyObject, (string | undefined)[] | undefined, (string | undefined)[] | undefined>;
+    }>>[] | undefined, import("yup/lib/object").AssertsShape<import("yup/lib/object").Assign<import("yup/lib/object").ObjectShape, {
+        action: import("yup/lib/string").RequiredStringSchema<string | undefined, Record<string, any>>;
+        actionParameters: import("yup/lib/object").OptionalObjectSchema<import("yup/lib/object").ObjectShape, Record<string, any>, import("yup/lib/object").TypeOfShape<import("yup/lib/object").ObjectShape> | null>;
+        subject: import("yup").StringSchema<string | null | undefined, Record<string, any>, string | null | undefined>;
+        properties: import("yup/lib/object").OptionalObjectSchema<import("yup/lib/object").ObjectShape, Record<string, any>, import("yup/lib/object").TypeOfShape<import("yup/lib/object").ObjectShape>>;
+        conditions: yup.ArraySchema<import("yup").StringSchema<string | undefined, Record<string, any>, string | undefined>, import("yup/lib/types").AnyObject, (string | undefined)[] | undefined, (string | undefined)[] | undefined>;
+    }>>[] | undefined>;
+    adminUserOwner: import("yup/lib/mixed").MixedSchema<any, Record<string, any>, any>;
+}>>>;
+export declare const validateAdminTokenUpdateInput: (body: unknown, errorMessage?: string | undefined) => Promise<import("yup/lib/object").AssertsShape<import("yup/lib/object").Assign<import("yup/lib/object").ObjectShape, {
+    name: import("yup").StringSchema<string | undefined, Record<string, any>, string | undefined>;
+    description: import("yup").StringSchema<string | null | undefined, Record<string, any>, string | null | undefined>;
+    adminPermissions: yup.ArraySchema<import("yup").ObjectSchema<import("yup/lib/object").Assign<import("yup/lib/object").ObjectShape, {
+        action: import("yup/lib/string").RequiredStringSchema<string | undefined, Record<string, any>>;
+        actionParameters: import("yup/lib/object").OptionalObjectSchema<import("yup/lib/object").ObjectShape, Record<string, any>, import("yup/lib/object").TypeOfShape<import("yup/lib/object").ObjectShape> | null>;
+        subject: import("yup").StringSchema<string | null | undefined, Record<string, any>, string | null | undefined>;
+        properties: import("yup/lib/object").OptionalObjectSchema<import("yup/lib/object").ObjectShape, Record<string, any>, import("yup/lib/object").TypeOfShape<import("yup/lib/object").ObjectShape>>;
+        conditions: yup.ArraySchema<import("yup").StringSchema<string | undefined, Record<string, any>, string | undefined>, import("yup/lib/types").AnyObject, (string | undefined)[] | undefined, (string | undefined)[] | undefined>;
+    }>, Record<string, any>, import("yup/lib/object").TypeOfShape<import("yup/lib/object").Assign<import("yup/lib/object").ObjectShape, {
+        action: import("yup/lib/string").RequiredStringSchema<string | undefined, Record<string, any>>;
+        actionParameters: import("yup/lib/object").OptionalObjectSchema<import("yup/lib/object").ObjectShape, Record<string, any>, import("yup/lib/object").TypeOfShape<import("yup/lib/object").ObjectShape> | null>;
+        subject: import("yup").StringSchema<string | null | undefined, Record<string, any>, string | null | undefined>;
+        properties: import("yup/lib/object").OptionalObjectSchema<import("yup/lib/object").ObjectShape, Record<string, any>, import("yup/lib/object").TypeOfShape<import("yup/lib/object").ObjectShape>>;
+        conditions: yup.ArraySchema<import("yup").StringSchema<string | undefined, Record<string, any>, string | undefined>, import("yup/lib/types").AnyObject, (string | undefined)[] | undefined, (string | undefined)[] | undefined>;
+    }>>, import("yup/lib/object").AssertsShape<import("yup/lib/object").Assign<import("yup/lib/object").ObjectShape, {
+        action: import("yup/lib/string").RequiredStringSchema<string | undefined, Record<string, any>>;
+        actionParameters: import("yup/lib/object").OptionalObjectSchema<import("yup/lib/object").ObjectShape, Record<string, any>, import("yup/lib/object").TypeOfShape<import("yup/lib/object").ObjectShape> | null>;
+        subject: import("yup").StringSchema<string | null | undefined, Record<string, any>, string | null | undefined>;
+        properties: import("yup/lib/object").OptionalObjectSchema<import("yup/lib/object").ObjectShape, Record<string, any>, import("yup/lib/object").TypeOfShape<import("yup/lib/object").ObjectShape>>;
+        conditions: yup.ArraySchema<import("yup").StringSchema<string | undefined, Record<string, any>, string | undefined>, import("yup/lib/types").AnyObject, (string | undefined)[] | undefined, (string | undefined)[] | undefined>;
+    }>>>, import("yup/lib/types").AnyObject, import("yup/lib/object").TypeOfShape<import("yup/lib/object").Assign<import("yup/lib/object").ObjectShape, {
+        action: import("yup/lib/string").RequiredStringSchema<string | undefined, Record<string, any>>;
+        actionParameters: import("yup/lib/object").OptionalObjectSchema<import("yup/lib/object").ObjectShape, Record<string, any>, import("yup/lib/object").TypeOfShape<import("yup/lib/object").ObjectShape> | null>;
+        subject: import("yup").StringSchema<string | null | undefined, Record<string, any>, string | null | undefined>;
+        properties: import("yup/lib/object").OptionalObjectSchema<import("yup/lib/object").ObjectShape, Record<string, any>, import("yup/lib/object").TypeOfShape<import("yup/lib/object").ObjectShape>>;
+        conditions: yup.ArraySchema<import("yup").StringSchema<string | undefined, Record<string, any>, string | undefined>, import("yup/lib/types").AnyObject, (string | undefined)[] | undefined, (string | undefined)[] | undefined>;
+    }>>[] | null | undefined, import("yup/lib/object").AssertsShape<import("yup/lib/object").Assign<import("yup/lib/object").ObjectShape, {
+        action: import("yup/lib/string").RequiredStringSchema<string | undefined, Record<string, any>>;
+        actionParameters: import("yup/lib/object").OptionalObjectSchema<import("yup/lib/object").ObjectShape, Record<string, any>, import("yup/lib/object").TypeOfShape<import("yup/lib/object").ObjectShape> | null>;
+        subject: import("yup").StringSchema<string | null | undefined, Record<string, any>, string | null | undefined>;
+        properties: import("yup/lib/object").OptionalObjectSchema<import("yup/lib/object").ObjectShape, Record<string, any>, import("yup/lib/object").TypeOfShape<import("yup/lib/object").ObjectShape>>;
+        conditions: yup.ArraySchema<import("yup").StringSchema<string | undefined, Record<string, any>, string | undefined>, import("yup/lib/types").AnyObject, (string | undefined)[] | undefined, (string | undefined)[] | undefined>;
+    }>>[] | null | undefined>;
+}>>>;
+//# sourceMappingURL=admin-tokens.d.ts.map

package/dist/server/src/validation/admin-tokens.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"admin-tokens.d.ts","sourceRoot":"","sources":["../../../../server/src/validation/admin-tokens.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAqB,MAAM,eAAe,CAAC;AA4BvD,eAAO,MAAM,+BAA+B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IAA8C,CAAC;AAC3F,eAAO,MAAM,6BAA6B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IAA4C,CAAC"}