npm - @strapi/admin - Versions diffs - 5.44.0 → 5.45.0 - Mend

@strapi/admin 5.44.0 → 5.45.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (334) hide show

package/dist/admin/src/pages/Settings/pages/ApiTokens/EditView/constants.d.ts DELETED Viewed

@@ -1,17 +0,0 @@
-import * as yup from 'yup';
-export declare const schema: yup.default<import("yup/lib/object").Assign<import("yup/lib/object").ObjectShape, {
-    name: import("yup/lib/string").RequiredStringSchema<string | undefined, Record<string, any>>;
-    type: import("yup/lib/string").RequiredStringSchema<string | undefined, Record<string, any>>;
-    description: yup.default<string | null | undefined, Record<string, any>, string | null | undefined>;
-    lifespan: import("yup/lib/number").DefinedNumberSchema<number | null | undefined, Record<string, any>>;
-}>, Record<string, any>, import("yup/lib/object").TypeOfShape<import("yup/lib/object").Assign<import("yup/lib/object").ObjectShape, {
-    name: import("yup/lib/string").RequiredStringSchema<string | undefined, Record<string, any>>;
-    type: import("yup/lib/string").RequiredStringSchema<string | undefined, Record<string, any>>;
-    description: yup.default<string | null | undefined, Record<string, any>, string | null | undefined>;
-    lifespan: import("yup/lib/number").DefinedNumberSchema<number | null | undefined, Record<string, any>>;
-}>>, import("yup/lib/object").AssertsShape<import("yup/lib/object").Assign<import("yup/lib/object").ObjectShape, {
-    name: import("yup/lib/string").RequiredStringSchema<string | undefined, Record<string, any>>;
-    type: import("yup/lib/string").RequiredStringSchema<string | undefined, Record<string, any>>;
-    description: yup.default<string | null | undefined, Record<string, any>, string | null | undefined>;
-    lifespan: import("yup/lib/number").DefinedNumberSchema<number | null | undefined, Record<string, any>>;
-}>>>;

package/dist/server/server/src/strategies/api-token.js DELETED Viewed

@@ -1,144 +0,0 @@
-'use strict';
-Object.defineProperty(exports, '__esModule', { value: true });
-var fp = require('lodash/fp');
-var dateFns = require('date-fns');
-var utils = require('@strapi/utils');
-var constants = require('../services/constants.js');
-var index = require('../utils/index.js');
-require('@strapi/types');
-const { UnauthorizedError, ForbiddenError } = utils.errors;
-const isReadScope = (scope)=>scope.endsWith('find') || scope.endsWith('findOne');
-const extractToken = (ctx)=>{
-    if (ctx.request && ctx.request.header && ctx.request.header.authorization) {
-        const parts = ctx.request.header.authorization.split(/\s+/);
-        if (parts[0].toLowerCase() !== 'bearer' || parts.length !== 2) {
-            return null;
-        }
-        return parts[1];
-    }
-    return null;
-};
-/**
- * Authenticate the validity of the token
- */ const authenticate = async (ctx)=>{
-    const apiTokenService = index.getService('api-token');
-    const token = extractToken(ctx);
-    if (!token) {
-        return {
-            authenticated: false
-        };
-    }
-    const apiToken = await apiTokenService.getBy({
-        accessKey: apiTokenService.hash(token)
-    });
-    // token not found
-    if (!apiToken) {
-        return {
-            authenticated: false
-        };
-    }
-    const currentDate = new Date();
-    if (!fp.isNil(apiToken.expiresAt)) {
-        const expirationDate = new Date(apiToken.expiresAt);
-        // token has expired
-        if (expirationDate < currentDate) {
-            return {
-                authenticated: false,
-                error: new UnauthorizedError('Token expired')
-            };
-        }
-    }
-    if (!fp.isNil(apiToken.lastUsedAt)) {
-        // update lastUsedAt if the token has not been used in the last hour
-        const hoursSinceLastUsed = dateFns.differenceInHours(currentDate, dateFns.parseISO(apiToken.lastUsedAt));
-        if (hoursSinceLastUsed >= 1) {
-            await strapi.db.query('admin::api-token').update({
-                where: {
-                    id: apiToken.id
-                },
-                data: {
-                    lastUsedAt: currentDate
-                }
-            });
-        }
-    } else {
-        // If lastUsedAt is not set, initialize it to the current date
-        await strapi.db.query('admin::api-token').update({
-            where: {
-                id: apiToken.id
-            },
-            data: {
-                lastUsedAt: currentDate
-            }
-        });
-    }
-    if (apiToken.type === constants.API_TOKEN_TYPE.CUSTOM) {
-        const ability = await strapi.contentAPI.permissions.engine.generateAbility(apiToken.permissions.map((action)=>({
-                action
-            })));
-        return {
-            authenticated: true,
-            ability,
-            credentials: apiToken
-        };
-    }
-    return {
-        authenticated: true,
-        credentials: apiToken
-    };
-};
-/**
- * Verify the token has the required abilities for the requested scope
- *
- *  @type {import('.').VerifyFunction}
- */ const verify = (auth, config)=>{
-    const { credentials: apiToken, ability } = auth;
-    if (!apiToken) {
-        throw new UnauthorizedError('Token not found');
-    }
-    const currentDate = new Date();
-    if (!fp.isNil(apiToken.expiresAt)) {
-        const expirationDate = new Date(apiToken.expiresAt);
-        // token has expired
-        if (expirationDate < currentDate) {
-            throw new UnauthorizedError('Token expired');
-        }
-    }
-    // Full access
-    if (apiToken.type === constants.API_TOKEN_TYPE.FULL_ACCESS) {
-        return;
-    }
-    // Read only
-    if (apiToken.type === constants.API_TOKEN_TYPE.READ_ONLY) {
-        /**
-     * If you don't have `full-access` you can only access `find` and `findOne`
-     * scopes. If the route has no scope, then you can't get access to it.
-     */ const scopes = fp.castArray(config.scope);
-        if (config.scope && scopes.every(isReadScope)) {
-            return;
-        }
-    } else if (apiToken.type === constants.API_TOKEN_TYPE.CUSTOM) {
-        if (!ability) {
-            throw new ForbiddenError();
-        }
-        const scopes = fp.castArray(config.scope);
-        const isAllowed = scopes.every((scope)=>ability.can(scope));
-        if (isAllowed) {
-            return;
-        }
-    }
-    throw new ForbiddenError();
-};
-var apiTokenAuthStrategy = {
-    name: 'api-token',
-    authenticate,
-    verify
-};
-exports.authenticate = authenticate;
-exports.default = apiTokenAuthStrategy;
-exports.verify = verify;
-//# sourceMappingURL=api-token.js.map

package/dist/server/server/src/strategies/api-token.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"api-token.js","sources":["../../../../../server/src/strategies/api-token.ts"],"sourcesContent":["import type { Context } from 'koa';\nimport { castArray, isNil } from 'lodash/fp';\nimport { differenceInHours, parseISO } from 'date-fns';\nimport { errors } from '@strapi/utils';\nimport constants from '../services/constants';\nimport { getService } from '../utils';\nimport '@strapi/types';\n\nconst { UnauthorizedError, ForbiddenError } = errors;\n\nconst isReadScope = (scope: any) => scope.endsWith('find') || scope.endsWith('findOne');\n\nconst extractToken = (ctx: Context) => {\n if (ctx.request && ctx.request.header && ctx.request.header.authorization) {\n const parts = ctx.request.header.authorization.split(/\\s+/);\n\n if (parts[0].toLowerCase() !== 'bearer' || parts.length !== 2) {\n return null;\n }\n\n return parts[1];\n }\n\n return null;\n};\n\n/**\n * Authenticate the validity of the token\n */\nexport const authenticate = async (ctx: Context) => {\n const apiTokenService = getService('api-token');\n const token = extractToken(ctx);\n\n if (!token) {\n return { authenticated: false };\n }\n\n const apiToken = await apiTokenService.getBy({\n accessKey: apiTokenService.hash(token),\n });\n\n // token not found\n if (!apiToken) {\n return { authenticated: false };\n }\n\n const currentDate = new Date();\n\n if (!isNil(apiToken.expiresAt)) {\n const expirationDate = new Date(apiToken.expiresAt);\n // token has expired\n if (expirationDate < currentDate) {\n return { authenticated: false, error: new UnauthorizedError('Token expired') };\n }\n }\n\n if (!isNil(apiToken.lastUsedAt)) {\n // update lastUsedAt if the token has not been used in the last hour\n const hoursSinceLastUsed = differenceInHours(currentDate, parseISO(apiToken.lastUsedAt));\n if (hoursSinceLastUsed >= 1) {\n await strapi.db.query('admin::api-token').update({\n where: { id: apiToken.id },\n data: { lastUsedAt: currentDate },\n });\n }\n } else {\n // If lastUsedAt is not set, initialize it to the current date\n await strapi.db.query('admin::api-token').update({\n where: { id: apiToken.id },\n data: { lastUsedAt: currentDate },\n });\n }\n\n if (apiToken.type === constants.API_TOKEN_TYPE.CUSTOM) {\n const ability = await strapi.contentAPI.permissions.engine.generateAbility(\n apiToken.permissions.map((action: any) => ({ action }))\n );\n\n return { authenticated: true, ability, credentials: apiToken };\n }\n\n return { authenticated: true, credentials: apiToken };\n};\n\n/**\n * Verify the token has the required abilities for the requested scope\n *\n * @type {import('.').VerifyFunction}\n */\nexport const verify = (auth: any, config: any) => {\n const { credentials: apiToken, ability } = auth;\n\n if (!apiToken) {\n throw new UnauthorizedError('Token not found');\n }\n\n const currentDate = new Date();\n\n if (!isNil(apiToken.expiresAt)) {\n const expirationDate = new Date(apiToken.expiresAt);\n // token has expired\n if (expirationDate < currentDate) {\n throw new UnauthorizedError('Token expired');\n }\n }\n\n // Full access\n if (apiToken.type === constants.API_TOKEN_TYPE.FULL_ACCESS) {\n return;\n }\n\n // Read only\n if (apiToken.type === constants.API_TOKEN_TYPE.READ_ONLY) {\n /**\n * If you don't have `full-access` you can only access `find` and `findOne`\n * scopes. If the route has no scope, then you can't get access to it.\n */\n const scopes = castArray(config.scope);\n\n if (config.scope && scopes.every(isReadScope)) {\n return;\n }\n }\n\n // Custom\n else if (apiToken.type === constants.API_TOKEN_TYPE.CUSTOM) {\n if (!ability) {\n throw new ForbiddenError();\n }\n\n const scopes = castArray(config.scope);\n\n const isAllowed = scopes.every((scope) => ability.can(scope));\n\n if (isAllowed) {\n return;\n }\n }\n\n throw new ForbiddenError();\n};\n\nexport const name = 'api-token';\n\nexport default {\n name: 'api-token',\n authenticate,\n verify,\n};\n"],"names":["UnauthorizedError","ForbiddenError","errors","isReadScope","scope","endsWith","extractToken","ctx","request","header","authorization","parts","split","toLowerCase","length","authenticate","apiTokenService","getService","token","authenticated","apiToken","getBy","accessKey","hash","currentDate","Date","isNil","expiresAt","expirationDate","error","lastUsedAt","hoursSinceLastUsed","differenceInHours","parseISO","strapi","db","query","update","where","id","data","type","constants","API_TOKEN_TYPE","CUSTOM","ability","contentAPI","permissions","engine","generateAbility","map","action","credentials","verify","auth","config","FULL_ACCESS","READ_ONLY","scopes","castArray","every","isAllowed","can","name"],"mappings":";;;;;;;;;;;AAQA,MAAM,EAAEA,iBAAiB,EAAEC,cAAc,EAAE,GAAGC,YAAAA;AAE9C,MAAMC,WAAAA,GAAc,CAACC,KAAAA,GAAeA,KAAAA,CAAMC,QAAQ,CAAC,MAAA,CAAA,IAAWD,KAAAA,CAAMC,QAAQ,CAAC,SAAA,CAAA;AAE7E,MAAMC,eAAe,CAACC,GAAAA,GAAAA;AACpB,IAAA,IAAIA,GAAAA,CAAIC,OAAO,IAAID,GAAAA,CAAIC,OAAO,CAACC,MAAM,IAAIF,GAAAA,CAAIC,OAAO,CAACC,MAAM,CAACC,aAAa,EAAE;QACzE,MAAMC,KAAAA,GAAQJ,IAAIC,OAAO,CAACC,MAAM,CAACC,aAAa,CAACE,KAAK,CAAC,KAAA,CAAA;QAErD,IAAID,KAAK,CAAC,CAAA,CAAE,CAACE,WAAW,OAAO,QAAA,IAAYF,KAAAA,CAAMG,MAAM,KAAK,CAAA,EAAG;YAC7D,OAAO,IAAA;AACT,QAAA;QAEA,OAAOH,KAAK,CAAC,CAAA,CAAE;AACjB,IAAA;IAEA,OAAO,IAAA;AACT,CAAA;AAEA;;IAGO,MAAMI,YAAAA,GAAe,OAAOR,GAAAA,GAAAA;AACjC,IAAA,MAAMS,kBAAkBC,gBAAAA,CAAW,WAAA,CAAA;AACnC,IAAA,MAAMC,QAAQZ,YAAAA,CAAaC,GAAAA,CAAAA;AAE3B,IAAA,IAAI,CAACW,KAAAA,EAAO;QACV,OAAO;YAAEC,aAAAA,EAAe;AAAM,SAAA;AAChC,IAAA;AAEA,IAAA,MAAMC,QAAAA,GAAW,MAAMJ,eAAAA,CAAgBK,KAAK,CAAC;QAC3CC,SAAAA,EAAWN,eAAAA,CAAgBO,IAAI,CAACL,KAAAA;AAClC,KAAA,CAAA;;AAGA,IAAA,IAAI,CAACE,QAAAA,EAAU;QACb,OAAO;YAAED,aAAAA,EAAe;AAAM,SAAA;AAChC,IAAA;AAEA,IAAA,MAAMK,cAAc,IAAIC,IAAAA,EAAAA;AAExB,IAAA,IAAI,CAACC,QAAAA,CAAMN,QAAAA,CAASO,SAAS,CAAA,EAAG;AAC9B,QAAA,MAAMC,cAAAA,GAAiB,IAAIH,IAAAA,CAAKL,QAAAA,CAASO,SAAS,CAAA;;AAElD,QAAA,IAAIC,iBAAiBJ,WAAAA,EAAa;YAChC,OAAO;gBAAEL,aAAAA,EAAe,KAAA;AAAOU,gBAAAA,KAAAA,EAAO,IAAI7B,iBAAAA,CAAkB,eAAA;AAAiB,aAAA;AAC/E,QAAA;AACF,IAAA;AAEA,IAAA,IAAI,CAAC0B,QAAAA,CAAMN,QAAAA,CAASU,UAAU,CAAA,EAAG;;AAE/B,QAAA,MAAMC,kBAAAA,GAAqBC,yBAAAA,CAAkBR,WAAAA,EAAaS,gBAAAA,CAASb,SAASU,UAAU,CAAA,CAAA;AACtF,QAAA,IAAIC,sBAAsB,CAAA,EAAG;AAC3B,YAAA,MAAMG,OAAOC,EAAE,CAACC,KAAK,CAAC,kBAAA,CAAA,CAAoBC,MAAM,CAAC;gBAC/CC,KAAAA,EAAO;AAAEC,oBAAAA,EAAAA,EAAInB,SAASmB;AAAG,iBAAA;gBACzBC,IAAAA,EAAM;oBAAEV,UAAAA,EAAYN;AAAY;AAClC,aAAA,CAAA;AACF,QAAA;IACF,CAAA,MAAO;;AAEL,QAAA,MAAMU,OAAOC,EAAE,CAACC,KAAK,CAAC,kBAAA,CAAA,CAAoBC,MAAM,CAAC;YAC/CC,KAAAA,EAAO;AAAEC,gBAAAA,EAAAA,EAAInB,SAASmB;AAAG,aAAA;YACzBC,IAAAA,EAAM;gBAAEV,UAAAA,EAAYN;AAAY;AAClC,SAAA,CAAA;AACF,IAAA;AAEA,IAAA,IAAIJ,SAASqB,IAAI,KAAKC,UAAUC,cAAc,CAACC,MAAM,EAAE;AACrD,QAAA,MAAMC,UAAU,MAAMX,MAAAA,CAAOY,UAAU,CAACC,WAAW,CAACC,MAAM,CAACC,eAAe,CACxE7B,SAAS2B,WAAW,CAACG,GAAG,CAAC,CAACC,UAAiB;AAAEA,gBAAAA;aAAO,CAAA,CAAA,CAAA;QAGtD,OAAO;YAAEhC,aAAAA,EAAe,IAAA;AAAM0B,YAAAA,OAAAA;YAASO,WAAAA,EAAahC;AAAS,SAAA;AAC/D,IAAA;IAEA,OAAO;QAAED,aAAAA,EAAe,IAAA;QAAMiC,WAAAA,EAAahC;AAAS,KAAA;AACtD;AAEA;;;;AAIC,IACM,MAAMiC,MAAAA,GAAS,CAACC,IAAAA,EAAWC,MAAAA,GAAAA;AAChC,IAAA,MAAM,EAAEH,WAAAA,EAAahC,QAAQ,EAAEyB,OAAO,EAAE,GAAGS,IAAAA;AAE3C,IAAA,IAAI,CAAClC,QAAAA,EAAU;AACb,QAAA,MAAM,IAAIpB,iBAAAA,CAAkB,iBAAA,CAAA;AAC9B,IAAA;AAEA,IAAA,MAAMwB,cAAc,IAAIC,IAAAA,EAAAA;AAExB,IAAA,IAAI,CAACC,QAAAA,CAAMN,QAAAA,CAASO,SAAS,CAAA,EAAG;AAC9B,QAAA,MAAMC,cAAAA,GAAiB,IAAIH,IAAAA,CAAKL,QAAAA,CAASO,SAAS,CAAA;;AAElD,QAAA,IAAIC,iBAAiBJ,WAAAA,EAAa;AAChC,YAAA,MAAM,IAAIxB,iBAAAA,CAAkB,eAAA,CAAA;AAC9B,QAAA;AACF,IAAA;;AAGA,IAAA,IAAIoB,SAASqB,IAAI,KAAKC,UAAUC,cAAc,CAACa,WAAW,EAAE;AAC1D,QAAA;AACF,IAAA;;AAGA,IAAA,IAAIpC,SAASqB,IAAI,KAAKC,UAAUC,cAAc,CAACc,SAAS,EAAE;AACxD;;;AAGC,QACD,MAAMC,MAAAA,GAASC,YAAAA,CAAUJ,MAAAA,CAAOnD,KAAK,CAAA;AAErC,QAAA,IAAImD,OAAOnD,KAAK,IAAIsD,MAAAA,CAAOE,KAAK,CAACzD,WAAAA,CAAAA,EAAc;AAC7C,YAAA;AACF,QAAA;IACF,CAAA,MAGK,IAAIiB,SAASqB,IAAI,KAAKC,UAAUC,cAAc,CAACC,MAAM,EAAE;AAC1D,QAAA,IAAI,CAACC,OAAAA,EAAS;AACZ,YAAA,MAAM,IAAI5C,cAAAA,EAAAA;AACZ,QAAA;QAEA,MAAMyD,MAAAA,GAASC,YAAAA,CAAUJ,MAAAA,CAAOnD,KAAK,CAAA;QAErC,MAAMyD,SAAAA,GAAYH,OAAOE,KAAK,CAAC,CAACxD,KAAAA,GAAUyC,OAAAA,CAAQiB,GAAG,CAAC1D,KAAAA,CAAAA,CAAAA;AAEtD,QAAA,IAAIyD,SAAAA,EAAW;AACb,YAAA;AACF,QAAA;AACF,IAAA;AAEA,IAAA,MAAM,IAAI5D,cAAAA,EAAAA;AACZ;AAIA,2BAAe;IACb8D,IAAAA,EAAM,WAAA;AACNhD,IAAAA,YAAAA;AACAsC,IAAAA;AACF,CAAA;;;;;;"}

package/dist/server/server/src/strategies/api-token.mjs DELETED Viewed

@@ -1,138 +0,0 @@
-import { isNil, castArray } from 'lodash/fp';
-import { differenceInHours, parseISO } from 'date-fns';
-import { errors } from '@strapi/utils';
-import constants from '../services/constants.mjs';
-import { getService } from '../utils/index.mjs';
-import '@strapi/types';
-const { UnauthorizedError, ForbiddenError } = errors;
-const isReadScope = (scope)=>scope.endsWith('find') || scope.endsWith('findOne');
-const extractToken = (ctx)=>{
-    if (ctx.request && ctx.request.header && ctx.request.header.authorization) {
-        const parts = ctx.request.header.authorization.split(/\s+/);
-        if (parts[0].toLowerCase() !== 'bearer' || parts.length !== 2) {
-            return null;
-        }
-        return parts[1];
-    }
-    return null;
-};
-/**
- * Authenticate the validity of the token
- */ const authenticate = async (ctx)=>{
-    const apiTokenService = getService('api-token');
-    const token = extractToken(ctx);
-    if (!token) {
-        return {
-            authenticated: false
-        };
-    }
-    const apiToken = await apiTokenService.getBy({
-        accessKey: apiTokenService.hash(token)
-    });
-    // token not found
-    if (!apiToken) {
-        return {
-            authenticated: false
-        };
-    }
-    const currentDate = new Date();
-    if (!isNil(apiToken.expiresAt)) {
-        const expirationDate = new Date(apiToken.expiresAt);
-        // token has expired
-        if (expirationDate < currentDate) {
-            return {
-                authenticated: false,
-                error: new UnauthorizedError('Token expired')
-            };
-        }
-    }
-    if (!isNil(apiToken.lastUsedAt)) {
-        // update lastUsedAt if the token has not been used in the last hour
-        const hoursSinceLastUsed = differenceInHours(currentDate, parseISO(apiToken.lastUsedAt));
-        if (hoursSinceLastUsed >= 1) {
-            await strapi.db.query('admin::api-token').update({
-                where: {
-                    id: apiToken.id
-                },
-                data: {
-                    lastUsedAt: currentDate
-                }
-            });
-        }
-    } else {
-        // If lastUsedAt is not set, initialize it to the current date
-        await strapi.db.query('admin::api-token').update({
-            where: {
-                id: apiToken.id
-            },
-            data: {
-                lastUsedAt: currentDate
-            }
-        });
-    }
-    if (apiToken.type === constants.API_TOKEN_TYPE.CUSTOM) {
-        const ability = await strapi.contentAPI.permissions.engine.generateAbility(apiToken.permissions.map((action)=>({
-                action
-            })));
-        return {
-            authenticated: true,
-            ability,
-            credentials: apiToken
-        };
-    }
-    return {
-        authenticated: true,
-        credentials: apiToken
-    };
-};
-/**
- * Verify the token has the required abilities for the requested scope
- *
- *  @type {import('.').VerifyFunction}
- */ const verify = (auth, config)=>{
-    const { credentials: apiToken, ability } = auth;
-    if (!apiToken) {
-        throw new UnauthorizedError('Token not found');
-    }
-    const currentDate = new Date();
-    if (!isNil(apiToken.expiresAt)) {
-        const expirationDate = new Date(apiToken.expiresAt);
-        // token has expired
-        if (expirationDate < currentDate) {
-            throw new UnauthorizedError('Token expired');
-        }
-    }
-    // Full access
-    if (apiToken.type === constants.API_TOKEN_TYPE.FULL_ACCESS) {
-        return;
-    }
-    // Read only
-    if (apiToken.type === constants.API_TOKEN_TYPE.READ_ONLY) {
-        /**
-     * If you don't have `full-access` you can only access `find` and `findOne`
-     * scopes. If the route has no scope, then you can't get access to it.
-     */ const scopes = castArray(config.scope);
-        if (config.scope && scopes.every(isReadScope)) {
-            return;
-        }
-    } else if (apiToken.type === constants.API_TOKEN_TYPE.CUSTOM) {
-        if (!ability) {
-            throw new ForbiddenError();
-        }
-        const scopes = castArray(config.scope);
-        const isAllowed = scopes.every((scope)=>ability.can(scope));
-        if (isAllowed) {
-            return;
-        }
-    }
-    throw new ForbiddenError();
-};
-var apiTokenAuthStrategy = {
-    name: 'api-token',
-    authenticate,
-    verify
-};
-export { authenticate, apiTokenAuthStrategy as default, verify };
-//# sourceMappingURL=api-token.mjs.map

package/dist/server/server/src/strategies/api-token.mjs.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"api-token.mjs","sources":["../../../../../server/src/strategies/api-token.ts"],"sourcesContent":["import type { Context } from 'koa';\nimport { castArray, isNil } from 'lodash/fp';\nimport { differenceInHours, parseISO } from 'date-fns';\nimport { errors } from '@strapi/utils';\nimport constants from '../services/constants';\nimport { getService } from '../utils';\nimport '@strapi/types';\n\nconst { UnauthorizedError, ForbiddenError } = errors;\n\nconst isReadScope = (scope: any) => scope.endsWith('find') || scope.endsWith('findOne');\n\nconst extractToken = (ctx: Context) => {\n if (ctx.request && ctx.request.header && ctx.request.header.authorization) {\n const parts = ctx.request.header.authorization.split(/\\s+/);\n\n if (parts[0].toLowerCase() !== 'bearer' || parts.length !== 2) {\n return null;\n }\n\n return parts[1];\n }\n\n return null;\n};\n\n/**\n * Authenticate the validity of the token\n */\nexport const authenticate = async (ctx: Context) => {\n const apiTokenService = getService('api-token');\n const token = extractToken(ctx);\n\n if (!token) {\n return { authenticated: false };\n }\n\n const apiToken = await apiTokenService.getBy({\n accessKey: apiTokenService.hash(token),\n });\n\n // token not found\n if (!apiToken) {\n return { authenticated: false };\n }\n\n const currentDate = new Date();\n\n if (!isNil(apiToken.expiresAt)) {\n const expirationDate = new Date(apiToken.expiresAt);\n // token has expired\n if (expirationDate < currentDate) {\n return { authenticated: false, error: new UnauthorizedError('Token expired') };\n }\n }\n\n if (!isNil(apiToken.lastUsedAt)) {\n // update lastUsedAt if the token has not been used in the last hour\n const hoursSinceLastUsed = differenceInHours(currentDate, parseISO(apiToken.lastUsedAt));\n if (hoursSinceLastUsed >= 1) {\n await strapi.db.query('admin::api-token').update({\n where: { id: apiToken.id },\n data: { lastUsedAt: currentDate },\n });\n }\n } else {\n // If lastUsedAt is not set, initialize it to the current date\n await strapi.db.query('admin::api-token').update({\n where: { id: apiToken.id },\n data: { lastUsedAt: currentDate },\n });\n }\n\n if (apiToken.type === constants.API_TOKEN_TYPE.CUSTOM) {\n const ability = await strapi.contentAPI.permissions.engine.generateAbility(\n apiToken.permissions.map((action: any) => ({ action }))\n );\n\n return { authenticated: true, ability, credentials: apiToken };\n }\n\n return { authenticated: true, credentials: apiToken };\n};\n\n/**\n * Verify the token has the required abilities for the requested scope\n *\n * @type {import('.').VerifyFunction}\n */\nexport const verify = (auth: any, config: any) => {\n const { credentials: apiToken, ability } = auth;\n\n if (!apiToken) {\n throw new UnauthorizedError('Token not found');\n }\n\n const currentDate = new Date();\n\n if (!isNil(apiToken.expiresAt)) {\n const expirationDate = new Date(apiToken.expiresAt);\n // token has expired\n if (expirationDate < currentDate) {\n throw new UnauthorizedError('Token expired');\n }\n }\n\n // Full access\n if (apiToken.type === constants.API_TOKEN_TYPE.FULL_ACCESS) {\n return;\n }\n\n // Read only\n if (apiToken.type === constants.API_TOKEN_TYPE.READ_ONLY) {\n /**\n * If you don't have `full-access` you can only access `find` and `findOne`\n * scopes. If the route has no scope, then you can't get access to it.\n */\n const scopes = castArray(config.scope);\n\n if (config.scope && scopes.every(isReadScope)) {\n return;\n }\n }\n\n // Custom\n else if (apiToken.type === constants.API_TOKEN_TYPE.CUSTOM) {\n if (!ability) {\n throw new ForbiddenError();\n }\n\n const scopes = castArray(config.scope);\n\n const isAllowed = scopes.every((scope) => ability.can(scope));\n\n if (isAllowed) {\n return;\n }\n }\n\n throw new ForbiddenError();\n};\n\nexport const name = 'api-token';\n\nexport default {\n name: 'api-token',\n authenticate,\n verify,\n};\n"],"names":["UnauthorizedError","ForbiddenError","errors","isReadScope","scope","endsWith","extractToken","ctx","request","header","authorization","parts","split","toLowerCase","length","authenticate","apiTokenService","getService","token","authenticated","apiToken","getBy","accessKey","hash","currentDate","Date","isNil","expiresAt","expirationDate","error","lastUsedAt","hoursSinceLastUsed","differenceInHours","parseISO","strapi","db","query","update","where","id","data","type","constants","API_TOKEN_TYPE","CUSTOM","ability","contentAPI","permissions","engine","generateAbility","map","action","credentials","verify","auth","config","FULL_ACCESS","READ_ONLY","scopes","castArray","every","isAllowed","can","name"],"mappings":";;;;;;;AAQA,MAAM,EAAEA,iBAAiB,EAAEC,cAAc,EAAE,GAAGC,MAAAA;AAE9C,MAAMC,WAAAA,GAAc,CAACC,KAAAA,GAAeA,KAAAA,CAAMC,QAAQ,CAAC,MAAA,CAAA,IAAWD,KAAAA,CAAMC,QAAQ,CAAC,SAAA,CAAA;AAE7E,MAAMC,eAAe,CAACC,GAAAA,GAAAA;AACpB,IAAA,IAAIA,GAAAA,CAAIC,OAAO,IAAID,GAAAA,CAAIC,OAAO,CAACC,MAAM,IAAIF,GAAAA,CAAIC,OAAO,CAACC,MAAM,CAACC,aAAa,EAAE;QACzE,MAAMC,KAAAA,GAAQJ,IAAIC,OAAO,CAACC,MAAM,CAACC,aAAa,CAACE,KAAK,CAAC,KAAA,CAAA;QAErD,IAAID,KAAK,CAAC,CAAA,CAAE,CAACE,WAAW,OAAO,QAAA,IAAYF,KAAAA,CAAMG,MAAM,KAAK,CAAA,EAAG;YAC7D,OAAO,IAAA;AACT,QAAA;QAEA,OAAOH,KAAK,CAAC,CAAA,CAAE;AACjB,IAAA;IAEA,OAAO,IAAA;AACT,CAAA;AAEA;;IAGO,MAAMI,YAAAA,GAAe,OAAOR,GAAAA,GAAAA;AACjC,IAAA,MAAMS,kBAAkBC,UAAAA,CAAW,WAAA,CAAA;AACnC,IAAA,MAAMC,QAAQZ,YAAAA,CAAaC,GAAAA,CAAAA;AAE3B,IAAA,IAAI,CAACW,KAAAA,EAAO;QACV,OAAO;YAAEC,aAAAA,EAAe;AAAM,SAAA;AAChC,IAAA;AAEA,IAAA,MAAMC,QAAAA,GAAW,MAAMJ,eAAAA,CAAgBK,KAAK,CAAC;QAC3CC,SAAAA,EAAWN,eAAAA,CAAgBO,IAAI,CAACL,KAAAA;AAClC,KAAA,CAAA;;AAGA,IAAA,IAAI,CAACE,QAAAA,EAAU;QACb,OAAO;YAAED,aAAAA,EAAe;AAAM,SAAA;AAChC,IAAA;AAEA,IAAA,MAAMK,cAAc,IAAIC,IAAAA,EAAAA;AAExB,IAAA,IAAI,CAACC,KAAAA,CAAMN,QAAAA,CAASO,SAAS,CAAA,EAAG;AAC9B,QAAA,MAAMC,cAAAA,GAAiB,IAAIH,IAAAA,CAAKL,QAAAA,CAASO,SAAS,CAAA;;AAElD,QAAA,IAAIC,iBAAiBJ,WAAAA,EAAa;YAChC,OAAO;gBAAEL,aAAAA,EAAe,KAAA;AAAOU,gBAAAA,KAAAA,EAAO,IAAI7B,iBAAAA,CAAkB,eAAA;AAAiB,aAAA;AAC/E,QAAA;AACF,IAAA;AAEA,IAAA,IAAI,CAAC0B,KAAAA,CAAMN,QAAAA,CAASU,UAAU,CAAA,EAAG;;AAE/B,QAAA,MAAMC,kBAAAA,GAAqBC,iBAAAA,CAAkBR,WAAAA,EAAaS,QAAAA,CAASb,SAASU,UAAU,CAAA,CAAA;AACtF,QAAA,IAAIC,sBAAsB,CAAA,EAAG;AAC3B,YAAA,MAAMG,OAAOC,EAAE,CAACC,KAAK,CAAC,kBAAA,CAAA,CAAoBC,MAAM,CAAC;gBAC/CC,KAAAA,EAAO;AAAEC,oBAAAA,EAAAA,EAAInB,SAASmB;AAAG,iBAAA;gBACzBC,IAAAA,EAAM;oBAAEV,UAAAA,EAAYN;AAAY;AAClC,aAAA,CAAA;AACF,QAAA;IACF,CAAA,MAAO;;AAEL,QAAA,MAAMU,OAAOC,EAAE,CAACC,KAAK,CAAC,kBAAA,CAAA,CAAoBC,MAAM,CAAC;YAC/CC,KAAAA,EAAO;AAAEC,gBAAAA,EAAAA,EAAInB,SAASmB;AAAG,aAAA;YACzBC,IAAAA,EAAM;gBAAEV,UAAAA,EAAYN;AAAY;AAClC,SAAA,CAAA;AACF,IAAA;AAEA,IAAA,IAAIJ,SAASqB,IAAI,KAAKC,UAAUC,cAAc,CAACC,MAAM,EAAE;AACrD,QAAA,MAAMC,UAAU,MAAMX,MAAAA,CAAOY,UAAU,CAACC,WAAW,CAACC,MAAM,CAACC,eAAe,CACxE7B,SAAS2B,WAAW,CAACG,GAAG,CAAC,CAACC,UAAiB;AAAEA,gBAAAA;aAAO,CAAA,CAAA,CAAA;QAGtD,OAAO;YAAEhC,aAAAA,EAAe,IAAA;AAAM0B,YAAAA,OAAAA;YAASO,WAAAA,EAAahC;AAAS,SAAA;AAC/D,IAAA;IAEA,OAAO;QAAED,aAAAA,EAAe,IAAA;QAAMiC,WAAAA,EAAahC;AAAS,KAAA;AACtD;AAEA;;;;AAIC,IACM,MAAMiC,MAAAA,GAAS,CAACC,IAAAA,EAAWC,MAAAA,GAAAA;AAChC,IAAA,MAAM,EAAEH,WAAAA,EAAahC,QAAQ,EAAEyB,OAAO,EAAE,GAAGS,IAAAA;AAE3C,IAAA,IAAI,CAAClC,QAAAA,EAAU;AACb,QAAA,MAAM,IAAIpB,iBAAAA,CAAkB,iBAAA,CAAA;AAC9B,IAAA;AAEA,IAAA,MAAMwB,cAAc,IAAIC,IAAAA,EAAAA;AAExB,IAAA,IAAI,CAACC,KAAAA,CAAMN,QAAAA,CAASO,SAAS,CAAA,EAAG;AAC9B,QAAA,MAAMC,cAAAA,GAAiB,IAAIH,IAAAA,CAAKL,QAAAA,CAASO,SAAS,CAAA;;AAElD,QAAA,IAAIC,iBAAiBJ,WAAAA,EAAa;AAChC,YAAA,MAAM,IAAIxB,iBAAAA,CAAkB,eAAA,CAAA;AAC9B,QAAA;AACF,IAAA;;AAGA,IAAA,IAAIoB,SAASqB,IAAI,KAAKC,UAAUC,cAAc,CAACa,WAAW,EAAE;AAC1D,QAAA;AACF,IAAA;;AAGA,IAAA,IAAIpC,SAASqB,IAAI,KAAKC,UAAUC,cAAc,CAACc,SAAS,EAAE;AACxD;;;AAGC,QACD,MAAMC,MAAAA,GAASC,SAAAA,CAAUJ,MAAAA,CAAOnD,KAAK,CAAA;AAErC,QAAA,IAAImD,OAAOnD,KAAK,IAAIsD,MAAAA,CAAOE,KAAK,CAACzD,WAAAA,CAAAA,EAAc;AAC7C,YAAA;AACF,QAAA;IACF,CAAA,MAGK,IAAIiB,SAASqB,IAAI,KAAKC,UAAUC,cAAc,CAACC,MAAM,EAAE;AAC1D,QAAA,IAAI,CAACC,OAAAA,EAAS;AACZ,YAAA,MAAM,IAAI5C,cAAAA,EAAAA;AACZ,QAAA;QAEA,MAAMyD,MAAAA,GAASC,SAAAA,CAAUJ,MAAAA,CAAOnD,KAAK,CAAA;QAErC,MAAMyD,SAAAA,GAAYH,OAAOE,KAAK,CAAC,CAACxD,KAAAA,GAAUyC,OAAAA,CAAQiB,GAAG,CAAC1D,KAAAA,CAAAA,CAAAA;AAEtD,QAAA,IAAIyD,SAAAA,EAAW;AACb,YAAA;AACF,QAAA;AACF,IAAA;AAEA,IAAA,MAAM,IAAI5D,cAAAA,EAAAA;AACZ;AAIA,2BAAe;IACb8D,IAAAA,EAAM,WAAA;AACNhD,IAAAA,YAAAA;AACAsC,IAAAA;AACF,CAAA;;;;"}

package/dist/server/src/strategies/api-token.d.ts.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"api-token.d.ts","sourceRoot":"","sources":["../../../../server/src/strategies/api-token.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,KAAK,CAAC;AAGnC,OAAO,EAAE,MAAM,EAAE,MAAM,eAAe,CAAC;AAGvC,OAAO,eAAe,CAAC;AAoBvB;;GAEG;AACH,eAAO,MAAM,YAAY,QAAe,OAAO;;;;;;;;;;;;;;;;;;;;EAqD9C,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,MAAM,SAAU,GAAG,UAAU,GAAG,SAmD5C,CAAC;AAEF,eAAO,MAAM,IAAI,cAAc,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;AAEhC,wBAIE"}

/package/dist/admin/src/pages/Settings/{pages/ApiTokens/EditView → components/Tokens}/utils/getDateOfExpiration.d.ts RENAMED Viewed

File without changes