@strapi/admin 5.46.1 → 5.47.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/admin/admin/src/components/Layouts/HeaderLayout.js +51 -8
- package/dist/admin/admin/src/components/Layouts/HeaderLayout.js.map +1 -1
- package/dist/admin/admin/src/components/Layouts/HeaderLayout.mjs +52 -9
- package/dist/admin/admin/src/components/Layouts/HeaderLayout.mjs.map +1 -1
- package/dist/admin/admin/src/components/Layouts/utils/getMatchingDocLink.js +167 -0
- package/dist/admin/admin/src/components/Layouts/utils/getMatchingDocLink.js.map +1 -0
- package/dist/admin/admin/src/components/Layouts/utils/getMatchingDocLink.mjs +165 -0
- package/dist/admin/admin/src/components/Layouts/utils/getMatchingDocLink.mjs.map +1 -0
- package/dist/admin/admin/src/constants.js +8 -11
- package/dist/admin/admin/src/constants.js.map +1 -1
- package/dist/admin/admin/src/constants.mjs +8 -11
- package/dist/admin/admin/src/constants.mjs.map +1 -1
- package/dist/admin/admin/src/features/Auth.js +25 -0
- package/dist/admin/admin/src/features/Auth.js.map +1 -1
- package/dist/admin/admin/src/features/Auth.mjs +26 -1
- package/dist/admin/admin/src/features/Auth.mjs.map +1 -1
- package/dist/admin/admin/src/features/Tracking.js.map +1 -1
- package/dist/admin/admin/src/features/Tracking.mjs.map +1 -1
- package/dist/admin/admin/src/hooks/useIdleSessionLogout.js +62 -0
- package/dist/admin/admin/src/hooks/useIdleSessionLogout.js.map +1 -0
- package/dist/admin/admin/src/hooks/useIdleSessionLogout.mjs +40 -0
- package/dist/admin/admin/src/hooks/useIdleSessionLogout.mjs.map +1 -0
- package/dist/admin/admin/src/pages/Settings/constants.js +1 -2
- package/dist/admin/admin/src/pages/Settings/constants.js.map +1 -1
- package/dist/admin/admin/src/pages/Settings/constants.mjs +1 -2
- package/dist/admin/admin/src/pages/Settings/constants.mjs.map +1 -1
- package/dist/admin/admin/src/render.js +2 -1
- package/dist/admin/admin/src/render.js.map +1 -1
- package/dist/admin/admin/src/render.mjs +2 -1
- package/dist/admin/admin/src/render.mjs.map +1 -1
- package/dist/admin/admin/src/translations/en.json.js +1 -0
- package/dist/admin/admin/src/translations/en.json.js.map +1 -1
- package/dist/admin/admin/src/translations/en.json.mjs +1 -0
- package/dist/admin/admin/src/translations/en.json.mjs.map +1 -1
- package/dist/admin/admin/src/translations/sk.json.js +446 -42
- package/dist/admin/admin/src/translations/sk.json.js.map +1 -1
- package/dist/admin/admin/src/translations/sk.json.mjs +445 -43
- package/dist/admin/admin/src/translations/sk.json.mjs.map +1 -1
- package/dist/admin/admin/src/utils/baseQuery.js +5 -0
- package/dist/admin/admin/src/utils/baseQuery.js.map +1 -1
- package/dist/admin/admin/src/utils/baseQuery.mjs +6 -1
- package/dist/admin/admin/src/utils/baseQuery.mjs.map +1 -1
- package/dist/admin/admin/src/utils/getFetchClient.js +24 -0
- package/dist/admin/admin/src/utils/getFetchClient.js.map +1 -1
- package/dist/admin/admin/src/utils/getFetchClient.mjs +23 -1
- package/dist/admin/admin/src/utils/getFetchClient.mjs.map +1 -1
- package/dist/admin/admin/src/utils/jwt.js +37 -0
- package/dist/admin/admin/src/utils/jwt.js.map +1 -0
- package/dist/admin/admin/src/utils/jwt.mjs +35 -0
- package/dist/admin/admin/src/utils/jwt.mjs.map +1 -0
- package/dist/admin/index.js +2 -0
- package/dist/admin/index.js.map +1 -1
- package/dist/admin/index.mjs +1 -1
- package/dist/admin/src/components/Layouts/HeaderLayout.d.ts +2 -0
- package/dist/admin/src/components/Layouts/utils/getMatchingDocLink.d.ts +6 -0
- package/dist/admin/src/features/Tracking.d.ts +8 -1
- package/dist/admin/src/hooks/useAdminRoles.d.ts +1 -1
- package/dist/admin/src/hooks/useIdleSessionLogout.d.ts +33 -0
- package/dist/admin/src/services/admin.d.ts +6 -6
- package/dist/admin/src/services/contentApi.d.ts +1 -1
- package/dist/admin/src/services/users.d.ts +8 -8
- package/dist/admin/src/utils/getFetchClient.d.ts +15 -1
- package/dist/admin/src/utils/jwt.d.ts +15 -0
- package/dist/server/server/src/bootstrap.js +3 -2
- package/dist/server/server/src/bootstrap.js.map +1 -1
- package/dist/server/server/src/bootstrap.mjs +4 -3
- package/dist/server/server/src/bootstrap.mjs.map +1 -1
- package/dist/server/server/src/policies/index.js +0 -2
- package/dist/server/server/src/policies/index.js.map +1 -1
- package/dist/server/server/src/policies/index.mjs +0 -2
- package/dist/server/server/src/policies/index.mjs.map +1 -1
- package/dist/server/server/src/register.js +1 -1
- package/dist/server/server/src/register.js.map +1 -1
- package/dist/server/server/src/routes/admin-tokens.js +0 -7
- package/dist/server/server/src/routes/admin-tokens.js.map +1 -1
- package/dist/server/server/src/routes/admin-tokens.mjs +0 -7
- package/dist/server/server/src/routes/admin-tokens.mjs.map +1 -1
- package/dist/server/server/src/routes/serve-admin-panel.js +8 -1
- package/dist/server/server/src/routes/serve-admin-panel.js.map +1 -1
- package/dist/server/server/src/routes/serve-admin-panel.mjs +6 -2
- package/dist/server/server/src/routes/serve-admin-panel.mjs.map +1 -1
- package/dist/server/server/src/services/api-token.js +71 -1
- package/dist/server/server/src/services/api-token.js.map +1 -1
- package/dist/server/server/src/services/api-token.mjs +71 -2
- package/dist/server/server/src/services/api-token.mjs.map +1 -1
- package/dist/server/server/src/services/token.js +11 -0
- package/dist/server/server/src/services/token.js.map +1 -1
- package/dist/server/server/src/services/token.mjs +11 -1
- package/dist/server/server/src/services/token.mjs.map +1 -1
- package/dist/server/server/src/strategies/admin-token.js +5 -63
- package/dist/server/server/src/strategies/admin-token.js.map +1 -1
- package/dist/server/server/src/strategies/admin-token.mjs +6 -64
- package/dist/server/server/src/strategies/admin-token.mjs.map +1 -1
- package/dist/server/src/bootstrap.d.ts.map +1 -1
- package/dist/server/src/index.d.ts +0 -5
- package/dist/server/src/index.d.ts.map +1 -1
- package/dist/server/src/policies/index.d.ts +0 -5
- package/dist/server/src/policies/index.d.ts.map +1 -1
- package/dist/server/src/routes/admin-tokens.d.ts.map +1 -1
- package/dist/server/src/routes/serve-admin-panel.d.ts +2 -0
- package/dist/server/src/routes/serve-admin-panel.d.ts.map +1 -1
- package/dist/server/src/services/api-token.d.ts +15 -1
- package/dist/server/src/services/api-token.d.ts.map +1 -1
- package/dist/server/src/services/token.d.ts +7 -1
- package/dist/server/src/services/token.d.ts.map +1 -1
- package/dist/server/src/strategies/admin-token.d.ts +12 -22
- package/dist/server/src/strategies/admin-token.d.ts.map +1 -1
- package/package.json +8 -8
- package/dist/server/server/src/policies/isAdminTokensEnabled.js +0 -16
- package/dist/server/server/src/policies/isAdminTokensEnabled.js.map +0 -1
- package/dist/server/server/src/policies/isAdminTokensEnabled.mjs +0 -14
- package/dist/server/server/src/policies/isAdminTokensEnabled.mjs.map +0 -1
- package/dist/server/src/policies/isAdminTokensEnabled.d.ts +0 -7
- package/dist/server/src/policies/isAdminTokensEnabled.d.ts.map +0 -1
package/dist/admin/index.mjs
CHANGED
|
@@ -38,7 +38,7 @@ export { usePersistentState, usePersistentStateScope, useScopedPersistentState }
|
|
|
38
38
|
export { useAdminUsers } from './admin/src/services/users.mjs';
|
|
39
39
|
export { useGetCountDocumentsQuery } from './admin/src/services/homepage.mjs';
|
|
40
40
|
export { translatedErrors } from './admin/src/utils/translatedErrors.mjs';
|
|
41
|
-
export { FetchError, attemptTokenRefresh, getFetchClient, isFetchError, setOnTokenUpdate, storeToken } from './admin/src/utils/getFetchClient.mjs';
|
|
41
|
+
export { FetchError, attemptTokenRefresh, getFetchClient, isFetchError, setOnSessionExpired, setOnTokenUpdate, storeToken, triggerSessionExpired } from './admin/src/utils/getFetchClient.mjs';
|
|
42
42
|
export { fetchBaseQuery, isBaseQueryError } from './admin/src/utils/baseQuery.mjs';
|
|
43
43
|
export { ConditionSchema, createRulesEngine } from './admin/src/utils/rulesEngine.mjs';
|
|
44
44
|
export { getDisplayName, getInitials, hashAdminUserEmail } from './admin/src/utils/users.mjs';
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
import * as React from 'react';
|
|
2
2
|
import { TypographyProps } from '@strapi/design-system';
|
|
3
|
+
import { type DocLink } from './utils/getMatchingDocLink';
|
|
3
4
|
interface BaseHeaderLayoutProps extends Omit<TypographyProps<'div'>, 'tag'> {
|
|
4
5
|
navigationAction?: React.ReactNode;
|
|
5
6
|
primaryAction?: React.ReactNode;
|
|
@@ -7,6 +8,7 @@ interface BaseHeaderLayoutProps extends Omit<TypographyProps<'div'>, 'tag'> {
|
|
|
7
8
|
subtitle?: React.ReactNode;
|
|
8
9
|
sticky?: boolean;
|
|
9
10
|
width?: number;
|
|
11
|
+
docLink?: DocLink | null;
|
|
10
12
|
}
|
|
11
13
|
declare const BaseHeaderLayout: React.ForwardRefExoticComponent<BaseHeaderLayoutProps & React.RefAttributes<HTMLDivElement>>;
|
|
12
14
|
interface HeaderLayoutProps extends BaseHeaderLayoutProps {
|
|
@@ -97,6 +97,13 @@ interface WillNavigateEvent {
|
|
|
97
97
|
to: string;
|
|
98
98
|
};
|
|
99
99
|
}
|
|
100
|
+
interface DidClickOnDocLink {
|
|
101
|
+
name: 'didClickOnDocLink';
|
|
102
|
+
properties: {
|
|
103
|
+
from: string;
|
|
104
|
+
to: string;
|
|
105
|
+
};
|
|
106
|
+
}
|
|
100
107
|
interface DidAccessTokenListEvent {
|
|
101
108
|
name: 'didAccessTokenList';
|
|
102
109
|
properties: {
|
|
@@ -243,7 +250,7 @@ interface DidOpenKeyStatisticsWidgetLink {
|
|
|
243
250
|
itemKey: string;
|
|
244
251
|
};
|
|
245
252
|
}
|
|
246
|
-
type EventsWithProperties = CreateEntryEvents | PublishEntryEvents | DidAccessAuthenticatedAdministrationEvent | DidAccessTokenListEvent | DidChangeModeEvent | DidCropFileEvent | DeleteEntryEvents | DidEditMediaLibraryElementsEvent | DidFilterMediaLibraryElementsEvent | DidFilterEntriesEvent | DidSelectContentTypeFieldTypeEvent | DidSelectFile | DidSortMediaLibraryElementsEvent | DidSubmitWithErrorsFirstAdminEvent | DidUsePresetPromptEvent | DidAnswerMessageEvent | DidVoteAnswerEvent | LogoEvent | TokenEvents | UpdateEntryEvents | WillModifyTokenEvent | WillNavigateEvent | DidPublishRelease | MediaEvents | DidUpdateCTBSchema | DidSkipGuidedTour | DidCompleteGuidedTour | DidStartGuidedTour | DidOpenHomeWidgetLink | DidOpenKeyStatisticsWidgetLink | WillEditEntryFromHome;
|
|
253
|
+
type EventsWithProperties = CreateEntryEvents | PublishEntryEvents | DidAccessAuthenticatedAdministrationEvent | DidAccessTokenListEvent | DidChangeModeEvent | DidCropFileEvent | DeleteEntryEvents | DidEditMediaLibraryElementsEvent | DidFilterMediaLibraryElementsEvent | DidFilterEntriesEvent | DidSelectContentTypeFieldTypeEvent | DidSelectFile | DidSortMediaLibraryElementsEvent | DidSubmitWithErrorsFirstAdminEvent | DidUsePresetPromptEvent | DidAnswerMessageEvent | DidVoteAnswerEvent | LogoEvent | TokenEvents | UpdateEntryEvents | WillModifyTokenEvent | WillNavigateEvent | DidClickOnDocLink | DidPublishRelease | MediaEvents | DidUpdateCTBSchema | DidSkipGuidedTour | DidCompleteGuidedTour | DidStartGuidedTour | DidOpenHomeWidgetLink | DidOpenKeyStatisticsWidgetLink | WillEditEntryFromHome;
|
|
247
254
|
export type TrackingEvent = EventWithoutProperties | EventsWithProperties;
|
|
248
255
|
export interface UseTrackingReturn {
|
|
249
256
|
/**
|
|
@@ -8,7 +8,7 @@ export declare const useAdminRoles: (params?: GetRolesParams, queryOptions?: Par
|
|
|
8
8
|
error: any;
|
|
9
9
|
isError: any;
|
|
10
10
|
isLoading: any;
|
|
11
|
-
refetch: () => import("@reduxjs/toolkit/query").QueryActionCreatorResult<import("@reduxjs/toolkit/query").QueryDefinition<void | GetRolesParams, import("@reduxjs/toolkit/query").BaseQueryFn<string | import("..").QueryArguments, unknown, import("..").BaseQueryError>, "GuidedTourMeta" | "HomepageKeyStatistics" | "AiUsage" | "AiFeatureConfig" | "
|
|
11
|
+
refetch: () => import("@reduxjs/toolkit/query").QueryActionCreatorResult<import("@reduxjs/toolkit/query").QueryDefinition<void | GetRolesParams, import("@reduxjs/toolkit/query").BaseQueryFn<string | import("..").QueryArguments, unknown, import("..").BaseQueryError>, "GuidedTourMeta" | "HomepageKeyStatistics" | "AiUsage" | "AiFeatureConfig" | "LicenseLimits" | "User" | "Role" | "RolePermissions", (import("..").SanitizedAdminRole & {
|
|
12
12
|
usersCount?: number | undefined;
|
|
13
13
|
})[], "adminApi">>;
|
|
14
14
|
};
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
declare const SESSION_EXPIRY_BUFFER_MS = 1000;
|
|
2
|
+
interface UseIdleSessionLogoutOptions {
|
|
3
|
+
/**
|
|
4
|
+
* The current admin access JWT (from Redux), or `null` when logged out.
|
|
5
|
+
*/
|
|
6
|
+
token: string | null;
|
|
7
|
+
/**
|
|
8
|
+
* Called when the timer fires. Typically clears local auth state and
|
|
9
|
+
* navigates to /auth/login.
|
|
10
|
+
*/
|
|
11
|
+
onExpired: () => void;
|
|
12
|
+
/**
|
|
13
|
+
* Escape hatch for tests / dev environments where we don't want the
|
|
14
|
+
* automatic logout behavior. Mirrors the existing `_disableRenewToken`
|
|
15
|
+
* prop on `<AuthProvider>`.
|
|
16
|
+
*/
|
|
17
|
+
disabled?: boolean;
|
|
18
|
+
}
|
|
19
|
+
/**
|
|
20
|
+
* Schedule a one-shot logout when the access token's `exp` elapses.
|
|
21
|
+
*
|
|
22
|
+
* The hook re-runs whenever `token` changes. While the user is active, every
|
|
23
|
+
* API call that hits a 401 transparently refreshes the access token (see
|
|
24
|
+
* `withTokenRefresh` in `getFetchClient.ts`), which dispatches `setToken` and
|
|
25
|
+
* causes this effect to re-arm with the new, later `exp`.
|
|
26
|
+
*
|
|
27
|
+
* If the JWT can't be decoded (malformed, missing `exp`), the timer is
|
|
28
|
+
* skipped silently — the active-tab redirect on 401 still covers the
|
|
29
|
+
* symptom on the next user-initiated request.
|
|
30
|
+
*/
|
|
31
|
+
declare const useIdleSessionLogout: ({ token, onExpired, disabled, }: UseIdleSessionLogoutOptions) => void;
|
|
32
|
+
export { useIdleSessionLogout, SESSION_EXPIRY_BUFFER_MS };
|
|
33
|
+
export type { UseIdleSessionLogoutOptions };
|
|
@@ -6,19 +6,19 @@ interface ConfigurationLogo {
|
|
|
6
6
|
};
|
|
7
7
|
default: string;
|
|
8
8
|
}
|
|
9
|
-
declare const useInitQuery: import("@reduxjs/toolkit/dist/query/react/buildHooks").UseQuery<import("@reduxjs/toolkit/query").QueryDefinition<void, import("@reduxjs/toolkit/query").BaseQueryFn<string | import("..").QueryArguments, unknown, import("..").BaseQueryError>, "GuidedTourMeta" | "HomepageKeyStatistics" | "AiUsage" | "AiFeatureConfig" | "
|
|
9
|
+
declare const useInitQuery: import("@reduxjs/toolkit/dist/query/react/buildHooks").UseQuery<import("@reduxjs/toolkit/query").QueryDefinition<void, import("@reduxjs/toolkit/query").BaseQueryFn<string | import("..").QueryArguments, unknown, import("..").BaseQueryError>, "GuidedTourMeta" | "HomepageKeyStatistics" | "AiUsage" | "AiFeatureConfig" | "ProjectSettings" | "LicenseLimits" | "LicenseTrialTimeLeft", {
|
|
10
10
|
uuid: string | false;
|
|
11
11
|
hasAdmin: boolean;
|
|
12
12
|
menuLogo: string | null;
|
|
13
13
|
authLogo: string | null;
|
|
14
|
-
}, "adminApi">>, useTelemetryPropertiesQuery: import("@reduxjs/toolkit/dist/query/react/buildHooks").UseQuery<import("@reduxjs/toolkit/query").QueryDefinition<void, import("@reduxjs/toolkit/query").BaseQueryFn<string | import("..").QueryArguments, unknown, import("..").BaseQueryError>, "GuidedTourMeta" | "HomepageKeyStatistics" | "AiUsage" | "AiFeatureConfig" | "
|
|
14
|
+
}, "adminApi">>, useTelemetryPropertiesQuery: import("@reduxjs/toolkit/dist/query/react/buildHooks").UseQuery<import("@reduxjs/toolkit/query").QueryDefinition<void, import("@reduxjs/toolkit/query").BaseQueryFn<string | import("..").QueryArguments, unknown, import("..").BaseQueryError>, "GuidedTourMeta" | "HomepageKeyStatistics" | "AiUsage" | "AiFeatureConfig" | "ProjectSettings" | "LicenseLimits" | "LicenseTrialTimeLeft", {
|
|
15
15
|
useTypescriptOnServer: boolean;
|
|
16
16
|
useTypescriptOnAdmin: boolean;
|
|
17
17
|
isHostedOnStrapiCloud: boolean;
|
|
18
18
|
numberOfAllContentTypes: number;
|
|
19
19
|
numberOfComponents: number;
|
|
20
20
|
numberOfDynamicZones: number;
|
|
21
|
-
}, "adminApi">>, useInformationQuery: import("@reduxjs/toolkit/dist/query/react/buildHooks").UseQuery<import("@reduxjs/toolkit/query").QueryDefinition<void, import("@reduxjs/toolkit/query").BaseQueryFn<string | import("..").QueryArguments, unknown, import("..").BaseQueryError>, "GuidedTourMeta" | "HomepageKeyStatistics" | "AiUsage" | "AiFeatureConfig" | "
|
|
21
|
+
}, "adminApi">>, useInformationQuery: import("@reduxjs/toolkit/dist/query/react/buildHooks").UseQuery<import("@reduxjs/toolkit/query").QueryDefinition<void, import("@reduxjs/toolkit/query").BaseQueryFn<string | import("..").QueryArguments, unknown, import("..").BaseQueryError>, "GuidedTourMeta" | "HomepageKeyStatistics" | "AiUsage" | "AiFeatureConfig" | "ProjectSettings" | "LicenseLimits" | "LicenseTrialTimeLeft", {
|
|
22
22
|
currentEnvironment: string;
|
|
23
23
|
autoReload: boolean;
|
|
24
24
|
strapiVersion: string | null;
|
|
@@ -27,11 +27,11 @@ declare const useInitQuery: import("@reduxjs/toolkit/dist/query/react/buildHooks
|
|
|
27
27
|
nodeVersion: string;
|
|
28
28
|
communityEdition: boolean;
|
|
29
29
|
useYarn: boolean;
|
|
30
|
-
}, "adminApi">>, useProjectSettingsQuery: import("@reduxjs/toolkit/dist/query/react/buildHooks").UseQuery<import("@reduxjs/toolkit/query").QueryDefinition<void, import("@reduxjs/toolkit/query").BaseQueryFn<string | import("..").QueryArguments, unknown, import("..").BaseQueryError>, "GuidedTourMeta" | "HomepageKeyStatistics" | "AiUsage" | "AiFeatureConfig" | "
|
|
30
|
+
}, "adminApi">>, useProjectSettingsQuery: import("@reduxjs/toolkit/dist/query/react/buildHooks").UseQuery<import("@reduxjs/toolkit/query").QueryDefinition<void, import("@reduxjs/toolkit/query").BaseQueryFn<string | import("..").QueryArguments, unknown, import("..").BaseQueryError>, "GuidedTourMeta" | "HomepageKeyStatistics" | "AiUsage" | "AiFeatureConfig" | "ProjectSettings" | "LicenseLimits" | "LicenseTrialTimeLeft", {
|
|
31
31
|
authLogo?: ConfigurationLogo['custom'];
|
|
32
32
|
menuLogo?: ConfigurationLogo['custom'];
|
|
33
|
-
}, "adminApi">>, useUpdateProjectSettingsMutation: import("@reduxjs/toolkit/dist/query/react/buildHooks").UseMutation<import("@reduxjs/toolkit/query").MutationDefinition<FormData, import("@reduxjs/toolkit/query").BaseQueryFn<string | import("..").QueryArguments, unknown, import("..").BaseQueryError>, "GuidedTourMeta" | "HomepageKeyStatistics" | "AiUsage" | "AiFeatureConfig" | "
|
|
33
|
+
}, "adminApi">>, useUpdateProjectSettingsMutation: import("@reduxjs/toolkit/dist/query/react/buildHooks").UseMutation<import("@reduxjs/toolkit/query").MutationDefinition<FormData, import("@reduxjs/toolkit/query").BaseQueryFn<string | import("..").QueryArguments, unknown, import("..").BaseQueryError>, "GuidedTourMeta" | "HomepageKeyStatistics" | "AiUsage" | "AiFeatureConfig" | "ProjectSettings" | "LicenseLimits" | "LicenseTrialTimeLeft", UpdateProjectSettings.Response, "adminApi">>, useGetPluginsQuery: import("@reduxjs/toolkit/dist/query/react/buildHooks").UseQuery<import("@reduxjs/toolkit/query").QueryDefinition<void, import("@reduxjs/toolkit/query").BaseQueryFn<string | import("..").QueryArguments, unknown, import("..").BaseQueryError>, "GuidedTourMeta" | "HomepageKeyStatistics" | "AiUsage" | "AiFeatureConfig" | "ProjectSettings" | "LicenseLimits" | "LicenseTrialTimeLeft", Plugins.Response, "adminApi">>, useGetLicenseLimitsQuery: import("@reduxjs/toolkit/dist/query/react/buildHooks").UseQuery<import("@reduxjs/toolkit/query").QueryDefinition<void, import("@reduxjs/toolkit/query").BaseQueryFn<string | import("..").QueryArguments, unknown, import("..").BaseQueryError>, "GuidedTourMeta" | "HomepageKeyStatistics" | "AiUsage" | "AiFeatureConfig" | "ProjectSettings" | "LicenseLimits" | "LicenseTrialTimeLeft", GetLicenseLimitInformation.Response, "adminApi">>, useGetLicenseTrialTimeLeftQuery: import("@reduxjs/toolkit/dist/query/react/buildHooks").UseQuery<import("@reduxjs/toolkit/query").QueryDefinition<void, import("@reduxjs/toolkit/query").BaseQueryFn<string | import("..").QueryArguments, unknown, import("..").BaseQueryError>, "GuidedTourMeta" | "HomepageKeyStatistics" | "AiUsage" | "AiFeatureConfig" | "ProjectSettings" | "LicenseLimits" | "LicenseTrialTimeLeft", {
|
|
34
34
|
trialEndsAt: string;
|
|
35
|
-
}, "adminApi">>, useGetGuidedTourMetaQuery: import("@reduxjs/toolkit/dist/query/react/buildHooks").UseQuery<import("@reduxjs/toolkit/query").QueryDefinition<void, import("@reduxjs/toolkit/query").BaseQueryFn<string | import("..").QueryArguments, unknown, import("..").BaseQueryError>, "GuidedTourMeta" | "HomepageKeyStatistics" | "AiUsage" | "AiFeatureConfig" | "
|
|
35
|
+
}, "adminApi">>, useGetGuidedTourMetaQuery: import("@reduxjs/toolkit/dist/query/react/buildHooks").UseQuery<import("@reduxjs/toolkit/query").QueryDefinition<void, import("@reduxjs/toolkit/query").BaseQueryFn<string | import("..").QueryArguments, unknown, import("..").BaseQueryError>, "GuidedTourMeta" | "HomepageKeyStatistics" | "AiUsage" | "AiFeatureConfig" | "ProjectSettings" | "LicenseLimits" | "LicenseTrialTimeLeft", GetGuidedTourMeta.Response, "adminApi">>;
|
|
36
36
|
export { useInitQuery, useTelemetryPropertiesQuery, useInformationQuery, useProjectSettingsQuery, useUpdateProjectSettingsMutation, useGetPluginsQuery, useGetLicenseLimitsQuery, useGetLicenseTrialTimeLeftQuery, useGetGuidedTourMetaQuery, };
|
|
37
37
|
export type { ConfigurationLogo };
|
|
@@ -10,7 +10,7 @@ declare const useGetPermissionsQuery: import("@reduxjs/toolkit/dist/query/react/
|
|
|
10
10
|
apiName: string;
|
|
11
11
|
type: string;
|
|
12
12
|
};
|
|
13
|
-
method: "
|
|
13
|
+
method: "GET" | "POST" | "DELETE" | "PUT";
|
|
14
14
|
path: string;
|
|
15
15
|
}[];
|
|
16
16
|
}, "adminApi">>;
|
|
@@ -11,23 +11,23 @@ type GetRolesParams = Roles.FindRole.Request['params'] | (Roles.FindRoles.Reques
|
|
|
11
11
|
interface GetRolePermissionsParams {
|
|
12
12
|
id: Data.ID;
|
|
13
13
|
}
|
|
14
|
-
declare const useCreateUserMutation: import("@reduxjs/toolkit/dist/query/react/buildHooks").UseMutation<import("@reduxjs/toolkit/query").MutationDefinition<import("../../../shared/contracts/shared").AdminUserCreationPayload, import("@reduxjs/toolkit/query").BaseQueryFn<string | import("..").QueryArguments, unknown, import("..").BaseQueryError>, "GuidedTourMeta" | "HomepageKeyStatistics" | "AiUsage" | "AiFeatureConfig" | "
|
|
14
|
+
declare const useCreateUserMutation: import("@reduxjs/toolkit/dist/query/react/buildHooks").UseMutation<import("@reduxjs/toolkit/query").MutationDefinition<import("../../../shared/contracts/shared").AdminUserCreationPayload, import("@reduxjs/toolkit/query").BaseQueryFn<string | import("..").QueryArguments, unknown, import("..").BaseQueryError>, "GuidedTourMeta" | "HomepageKeyStatistics" | "AiUsage" | "AiFeatureConfig" | "LicenseLimits" | "User" | "Role" | "RolePermissions", import("..").SanitizedAdminUser, "adminApi">>, useUpdateUserMutation: import("@reduxjs/toolkit/dist/query/react/buildHooks").UseMutation<import("@reduxjs/toolkit/query").MutationDefinition<Omit<Omit<import("..").AdminUser, keyof import("..").Entity | "roles"> & {
|
|
15
15
|
roles: Data.ID[];
|
|
16
|
-
} & Users.Update.Params, "blocked">, import("@reduxjs/toolkit/query").BaseQueryFn<string | import("..").QueryArguments, unknown, import("..").BaseQueryError>, "GuidedTourMeta" | "HomepageKeyStatistics" | "AiUsage" | "AiFeatureConfig" | "
|
|
16
|
+
} & Users.Update.Params, "blocked">, import("@reduxjs/toolkit/query").BaseQueryFn<string | import("..").QueryArguments, unknown, import("..").BaseQueryError>, "GuidedTourMeta" | "HomepageKeyStatistics" | "AiUsage" | "AiFeatureConfig" | "LicenseLimits" | "User" | "Role" | "RolePermissions", import("..").SanitizedAdminUser, "adminApi">>, useDeleteManyUsersMutation: import("@reduxjs/toolkit/dist/query/react/buildHooks").UseMutation<import("@reduxjs/toolkit/query").MutationDefinition<{
|
|
17
17
|
ids: Data.ID[];
|
|
18
|
-
}, import("@reduxjs/toolkit/query").BaseQueryFn<string | import("..").QueryArguments, unknown, import("..").BaseQueryError>, "GuidedTourMeta" | "HomepageKeyStatistics" | "AiUsage" | "AiFeatureConfig" | "
|
|
18
|
+
}, import("@reduxjs/toolkit/query").BaseQueryFn<string | import("..").QueryArguments, unknown, import("..").BaseQueryError>, "GuidedTourMeta" | "HomepageKeyStatistics" | "AiUsage" | "AiFeatureConfig" | "LicenseLimits" | "User" | "Role" | "RolePermissions", import("..").SanitizedAdminUser[], "adminApi">>, useGetRolesQuery: import("@reduxjs/toolkit/dist/query/react/buildHooks").UseQuery<import("@reduxjs/toolkit/query").QueryDefinition<void | GetRolesParams, import("@reduxjs/toolkit/query").BaseQueryFn<string | import("..").QueryArguments, unknown, import("..").BaseQueryError>, "GuidedTourMeta" | "HomepageKeyStatistics" | "AiUsage" | "AiFeatureConfig" | "LicenseLimits" | "User" | "Role" | "RolePermissions", (import("..").SanitizedAdminRole & {
|
|
19
19
|
usersCount?: number | undefined;
|
|
20
20
|
})[], "adminApi">>, useCreateRoleMutation: import("@reduxjs/toolkit/dist/query/react/buildHooks").UseMutation<import("@reduxjs/toolkit/query").MutationDefinition<{
|
|
21
21
|
name: string;
|
|
22
22
|
description?: string | undefined;
|
|
23
|
-
}, import("@reduxjs/toolkit/query").BaseQueryFn<string | import("..").QueryArguments, unknown, import("..").BaseQueryError>, "GuidedTourMeta" | "HomepageKeyStatistics" | "AiUsage" | "AiFeatureConfig" | "
|
|
23
|
+
}, import("@reduxjs/toolkit/query").BaseQueryFn<string | import("..").QueryArguments, unknown, import("..").BaseQueryError>, "GuidedTourMeta" | "HomepageKeyStatistics" | "AiUsage" | "AiFeatureConfig" | "LicenseLimits" | "User" | "Role" | "RolePermissions", import("..").SanitizedAdminRole, "adminApi">>, useUpdateRoleMutation: import("@reduxjs/toolkit/dist/query/react/buildHooks").UseMutation<import("@reduxjs/toolkit/query").MutationDefinition<{
|
|
24
24
|
name?: string | undefined;
|
|
25
25
|
description?: string | undefined;
|
|
26
26
|
} & {
|
|
27
27
|
id: string;
|
|
28
|
-
}, import("@reduxjs/toolkit/query").BaseQueryFn<string | import("..").QueryArguments, unknown, import("..").BaseQueryError>, "GuidedTourMeta" | "HomepageKeyStatistics" | "AiUsage" | "AiFeatureConfig" | "
|
|
28
|
+
}, import("@reduxjs/toolkit/query").BaseQueryFn<string | import("..").QueryArguments, unknown, import("..").BaseQueryError>, "GuidedTourMeta" | "HomepageKeyStatistics" | "AiUsage" | "AiFeatureConfig" | "LicenseLimits" | "User" | "Role" | "RolePermissions", import("..").SanitizedAdminRole, "adminApi">>, useGetRolePermissionsQuery: import("@reduxjs/toolkit/dist/query/react/buildHooks").UseQuery<import("@reduxjs/toolkit/query").QueryDefinition<GetRolePermissionsParams, import("@reduxjs/toolkit/query").BaseQueryFn<string | import("..").QueryArguments, unknown, import("..").BaseQueryError>, "GuidedTourMeta" | "HomepageKeyStatistics" | "AiUsage" | "AiFeatureConfig" | "LicenseLimits" | "User" | "Role" | "RolePermissions", import("../../../shared/contracts/shared").Permission[], "adminApi">>, useGetRolePermissionLayoutQuery: import("@reduxjs/toolkit/dist/query/react/buildHooks").UseQuery<import("@reduxjs/toolkit/query").QueryDefinition<{
|
|
29
29
|
role: Data.ID;
|
|
30
|
-
}, import("@reduxjs/toolkit/query").BaseQueryFn<string | import("..").QueryArguments, unknown, import("..").BaseQueryError>, "GuidedTourMeta" | "HomepageKeyStatistics" | "AiUsage" | "AiFeatureConfig" | "
|
|
30
|
+
}, import("@reduxjs/toolkit/query").BaseQueryFn<string | import("..").QueryArguments, unknown, import("..").BaseQueryError>, "GuidedTourMeta" | "HomepageKeyStatistics" | "AiUsage" | "AiFeatureConfig" | "LicenseLimits" | "User" | "Role" | "RolePermissions", {
|
|
31
31
|
conditions: Permissions.Condition[];
|
|
32
32
|
sections: {
|
|
33
33
|
collectionTypes: Permissions.ContentPermission;
|
|
@@ -39,8 +39,8 @@ declare const useCreateUserMutation: import("@reduxjs/toolkit/dist/query/react/b
|
|
|
39
39
|
permissions: Omit<import("../../../shared/contracts/shared").Permission, "id" | "createdAt" | "updatedAt" | "actionParameters">[];
|
|
40
40
|
} & {
|
|
41
41
|
id: Data.ID;
|
|
42
|
-
}, import("@reduxjs/toolkit/query").BaseQueryFn<string | import("..").QueryArguments, unknown, import("..").BaseQueryError>, "GuidedTourMeta" | "HomepageKeyStatistics" | "AiUsage" | "AiFeatureConfig" | "
|
|
43
|
-
declare const useAdminUsers: import("@reduxjs/toolkit/dist/query/react/buildHooks").UseQuery<import("@reduxjs/toolkit/query").QueryDefinition<GetUsersParams, import("@reduxjs/toolkit/query").BaseQueryFn<string | import("..").QueryArguments, unknown, import("..").BaseQueryError>, "GuidedTourMeta" | "HomepageKeyStatistics" | "AiUsage" | "AiFeatureConfig" | "
|
|
42
|
+
}, import("@reduxjs/toolkit/query").BaseQueryFn<string | import("..").QueryArguments, unknown, import("..").BaseQueryError>, "GuidedTourMeta" | "HomepageKeyStatistics" | "AiUsage" | "AiFeatureConfig" | "LicenseLimits" | "User" | "Role" | "RolePermissions", Roles.SanitizedPermission[], "adminApi">>;
|
|
43
|
+
declare const useAdminUsers: import("@reduxjs/toolkit/dist/query/react/buildHooks").UseQuery<import("@reduxjs/toolkit/query").QueryDefinition<GetUsersParams, import("@reduxjs/toolkit/query").BaseQueryFn<string | import("..").QueryArguments, unknown, import("..").BaseQueryError>, "GuidedTourMeta" | "HomepageKeyStatistics" | "AiUsage" | "AiFeatureConfig" | "LicenseLimits" | "User" | "Role" | "RolePermissions", {
|
|
44
44
|
users: Users.FindAll.Response['data']['results'];
|
|
45
45
|
pagination: Users.FindAll.Response['data']['pagination'] | null;
|
|
46
46
|
}, "adminApi">>;
|
|
@@ -13,6 +13,20 @@ export type ApiError = errors.ApplicationError | errors.ForbiddenError | errors.
|
|
|
13
13
|
* }, [dispatch]);
|
|
14
14
|
*/
|
|
15
15
|
declare const setOnTokenUpdate: (callback: ((token: string) => void) | null) => void;
|
|
16
|
+
/**
|
|
17
|
+
* Set the callback that will be called when the active session is no longer
|
|
18
|
+
* valid (refresh token rejected by the server, or detected idle on the
|
|
19
|
+
* client). This lets the active tab redirect to /auth/login without waiting
|
|
20
|
+
* for the next user-initiated request to fail.
|
|
21
|
+
*
|
|
22
|
+
* @param callback - Function to call when the session ends, or null to clear
|
|
23
|
+
*/
|
|
24
|
+
declare const setOnSessionExpired: (callback: (() => void) | null) => void;
|
|
25
|
+
/**
|
|
26
|
+
* Trigger the registered session-expired callback, if any. Safe to call from
|
|
27
|
+
* non-React code (e.g., the RTK Query baseQuery 401 handler).
|
|
28
|
+
*/
|
|
29
|
+
declare const triggerSessionExpired: () => void;
|
|
16
30
|
/**
|
|
17
31
|
* Store the new token in the appropriate storage (localStorage or cookie)
|
|
18
32
|
* and notify the app to update its state.
|
|
@@ -103,5 +117,5 @@ type FetchClient = {
|
|
|
103
117
|
* ```
|
|
104
118
|
*/
|
|
105
119
|
declare const getFetchClient: (defaultOptions?: FetchConfig) => FetchClient;
|
|
106
|
-
export { getFetchClient, isFetchError, FetchError, attemptTokenRefresh, storeToken, setOnTokenUpdate, };
|
|
120
|
+
export { getFetchClient, isFetchError, FetchError, attemptTokenRefresh, storeToken, setOnTokenUpdate, setOnSessionExpired, triggerSessionExpired, };
|
|
107
121
|
export type { FetchOptions, FetchResponse, FetchConfig, FetchClient, ErrorResponse };
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Decode the `exp` claim of an admin access JWT and return it as milliseconds
|
|
3
|
+
* since the epoch. Returns `null` if the token can't be parsed or has no
|
|
4
|
+
* numeric `exp`.
|
|
5
|
+
*
|
|
6
|
+
* The signature is intentionally not verified — the server is the source of
|
|
7
|
+
* truth for token validity. This is purely so the client can schedule a
|
|
8
|
+
* one-shot timer to react to access-token expiry without polling.
|
|
9
|
+
*
|
|
10
|
+
* Handles `base64url` payloads (RFC 7515) by mapping the URL-safe alphabet
|
|
11
|
+
* back to standard base64 and re-adding the `=` padding that `base64url`
|
|
12
|
+
* strips. Some browsers' `atob` implementations reject unpadded input.
|
|
13
|
+
*/
|
|
14
|
+
declare const decodeAccessTokenExpiry: (token: string) => number | null;
|
|
15
|
+
export { decodeAccessTokenExpiry };
|
|
@@ -129,8 +129,9 @@ var bootstrap = (async ({ strapi: strapi1 })=>{
|
|
|
129
129
|
const { options } = token.getTokenOptions();
|
|
130
130
|
const legacyMaxRefreshFallback = token.expiresInToSeconds(options?.expiresIn) ?? sessionAuth.DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN;
|
|
131
131
|
const legacyMaxSessionFallback = token.expiresInToSeconds(options?.expiresIn) ?? sessionAuth.DEFAULT_MAX_SESSION_LIFESPAN;
|
|
132
|
-
// Warn
|
|
133
|
-
|
|
132
|
+
// Warn only when the user set legacy admin.auth.options.expiresIn. Merged JWT options always
|
|
133
|
+
// include the default expiresIn ('30d'), so reading merged options alone is a false positive.
|
|
134
|
+
const hasLegacyExpires = token.hasUserConfiguredAuthOptionsExpiresIn(strapi1.config.get('admin.auth.options'));
|
|
134
135
|
const hasNewMaxRefresh = strapi1.config.get('admin.auth.sessions.maxRefreshTokenLifespan') != null;
|
|
135
136
|
const hasNewMaxSession = strapi1.config.get('admin.auth.sessions.maxSessionLifespan') != null;
|
|
136
137
|
if (hasLegacyExpires && (!hasNewMaxRefresh || !hasNewMaxSession)) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"bootstrap.js","sources":["../../../../server/src/bootstrap.ts"],"sourcesContent":["import { merge, map, difference, uniq } from 'lodash/fp';\nimport type { Core } from '@strapi/types';\nimport { async } from '@strapi/utils';\nimport { getService } from './utils';\nimport { getTokenOptions, expiresInToSeconds } from './services/token';\nimport adminActions from './config/admin-actions';\nimport adminConditions from './config/admin-conditions';\nimport constants from './services/constants';\nimport {\n DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN,\n DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN,\n DEFAULT_MAX_SESSION_LIFESPAN,\n DEFAULT_IDLE_SESSION_LIFESPAN,\n} from '../../shared/utils/session-auth';\n\nconst defaultAdminAuthSettings = {\n providers: {\n autoRegister: false,\n defaultRole: null,\n ssoLockedRoles: null,\n },\n};\n\nconst registerPermissionActions = async () => {\n await getService('permission').actionProvider.registerMany(adminActions.actions);\n};\n\nconst registerAdminConditions = async () => {\n await getService('permission').conditionProvider.registerMany(adminConditions.conditions);\n};\n\nconst registerModelHooks = () => {\n const { sendDidChangeInterfaceLanguage } = getService('metrics');\n\n strapi.db.lifecycles.subscribe({\n models: ['admin::user'],\n afterCreate: sendDidChangeInterfaceLanguage,\n afterDelete: sendDidChangeInterfaceLanguage,\n async beforeDelete(event) {\n // Delete all admin API tokens owned by this user before the user row is removed\n await getService('api-token-admin').deleteTokensForUser(event.params.where.id);\n },\n async afterUpdate(event) {\n if (event.params.data?.preferedLanguage) {\n sendDidChangeInterfaceLanguage();\n }\n if (event.params.data?.roles !== undefined) {\n // We re-sync token permissions for all owner users with their role when the user is updated\n await getService('api-token-admin').syncPermissionsForUser(event.result.id);\n }\n },\n });\n\n strapi.db.lifecycles.subscribe({\n models: ['admin::role'],\n // We re-sync token permissions for all owner users with this role when the role is deleted\n async beforeDelete(event) {\n const users = await strapi.db.query('admin::user').findMany({\n where: { roles: { id: event.params.where.id } },\n select: ['id'],\n });\n event.state.affectedUserIds = users.map((u: { id: unknown }) => u.id);\n },\n async afterDelete(event) {\n for (const userId of (event.state.affectedUserIds as unknown[]) ?? []) {\n await getService('api-token-admin').syncPermissionsForUser(userId as string | number);\n }\n },\n });\n};\n\nconst syncAuthSettings = async () => {\n const adminStore = await strapi.store({ type: 'core', name: 'admin' });\n const adminAuthSettings = await adminStore.get({ key: 'auth' });\n const newAuthSettings = merge(defaultAdminAuthSettings, adminAuthSettings);\n\n const roleExists = await getService('role').exists({\n id: newAuthSettings.providers.defaultRole,\n });\n\n // Reset the default SSO role if it has been deleted manually\n if (!roleExists) {\n newAuthSettings.providers.defaultRole = null;\n }\n\n await adminStore.set({ key: 'auth', value: newAuthSettings });\n};\n\nconst syncAPITokensPermissions = async () => {\n const validPermissions = strapi.contentAPI.permissions.providers.action.keys();\n const permissionsInDB = await async.pipe(\n strapi.db.query('admin::api-token-permission').findMany,\n map('action')\n )();\n\n const unknownPermissions = uniq(difference(permissionsInDB, validPermissions));\n\n if (unknownPermissions.length > 0) {\n await strapi.db\n .query('admin::api-token-permission')\n .deleteMany({ where: { action: { $in: unknownPermissions } } });\n }\n};\n\n/**\n * Ensures the creation of default API tokens during the app creation.\n *\n * Checks the database for existing users and API tokens:\n * - If there are no users and no API tokens, it creates two default API tokens:\n * 1. A \"Read Only\" API token with permissions for accessing resources.\n * 2. A \"Full Access\" API token with permissions for accessing and modifying resources.\n *\n * @sideEffects Creates new API tokens in the database if conditions are met.\n */\n\nconst createDefaultAPITokensIfNeeded = async () => {\n const userService = getService('user');\n const apiTokenService = getService('api-token-content-api');\n\n const usersCount = await userService.count();\n const apiTokenCount = await apiTokenService.countAll();\n\n if (usersCount === 0 && apiTokenCount === 0) {\n for (const token of constants.DEFAULT_API_TOKENS) {\n await apiTokenService.create(token);\n }\n }\n};\n\nexport default async ({ strapi }: { strapi: Core.Strapi }) => {\n // Get the merged token options (includes defaults merged with user config)\n const { options } = getTokenOptions();\n const legacyMaxRefreshFallback =\n expiresInToSeconds(options?.expiresIn) ?? DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN;\n const legacyMaxSessionFallback =\n expiresInToSeconds(options?.expiresIn) ?? DEFAULT_MAX_SESSION_LIFESPAN;\n\n // Warn if using deprecated legacy expiresIn for new session settings\n const hasLegacyExpires = options?.expiresIn != null;\n const hasNewMaxRefresh = strapi.config.get('admin.auth.sessions.maxRefreshTokenLifespan') != null;\n const hasNewMaxSession = strapi.config.get('admin.auth.sessions.maxSessionLifespan') != null;\n\n if (hasLegacyExpires && (!hasNewMaxRefresh || !hasNewMaxSession)) {\n strapi.log.warn(\n 'admin.auth.options.expiresIn is deprecated and will be removed in Strapi 6. Please configure admin.auth.sessions.maxRefreshTokenLifespan and admin.auth.sessions.maxSessionLifespan.'\n );\n }\n\n strapi.sessionManager.defineOrigin('admin', {\n jwtSecret: strapi.config.get('admin.auth.secret'),\n accessTokenLifespan: strapi.config.get('admin.auth.sessions.accessTokenLifespan', 30 * 60),\n maxRefreshTokenLifespan: strapi.config.get(\n 'admin.auth.sessions.maxRefreshTokenLifespan',\n legacyMaxRefreshFallback\n ),\n idleRefreshTokenLifespan: strapi.config.get(\n 'admin.auth.sessions.idleRefreshTokenLifespan',\n DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN\n ),\n maxSessionLifespan: strapi.config.get(\n 'admin.auth.sessions.maxSessionLifespan',\n legacyMaxSessionFallback\n ),\n idleSessionLifespan: strapi.config.get(\n 'admin.auth.sessions.idleSessionLifespan',\n DEFAULT_IDLE_SESSION_LIFESPAN\n ),\n algorithm: options?.algorithm,\n // Pass through all JWT options (includes privateKey, publicKey, and any other options)\n jwtOptions: options,\n });\n\n const isProduction = process.env.NODE_ENV === 'production';\n const adminCookieSecure = strapi.config.get('admin.auth.cookie.secure');\n if (isProduction && adminCookieSecure === false) {\n strapi.log.warn(\n 'Server is in production mode, but admin.auth.cookie.secure has been set to false. This is not recommended and will allow cookies to be sent over insecure connections.'\n );\n }\n\n await registerAdminConditions();\n await registerPermissionActions();\n registerModelHooks();\n\n const permissionService = getService('permission');\n const userService = getService('user');\n const roleService = getService('role');\n const apiTokenService = getService('api-token-content-api');\n const transferService = getService('transfer');\n const tokenService = getService('token');\n\n await roleService.createRolesIfNoneExist();\n await roleService.resetSuperAdminPermissions();\n await roleService.displayWarningIfNoSuperAdmin();\n\n await permissionService.cleanPermissionsInDatabase();\n\n await userService.displayWarningIfUsersDontHaveRole();\n\n await syncAuthSettings();\n await syncAPITokensPermissions();\n\n await getService('metrics').sendUpdateProjectInformation(strapi);\n getService('metrics').startCron(strapi);\n\n apiTokenService.checkSaltIsDefined();\n transferService.token.checkSaltIsDefined();\n tokenService.checkSecretIsDefined();\n\n await createDefaultAPITokensIfNeeded();\n};\n"],"names":["defaultAdminAuthSettings","providers","autoRegister","defaultRole","ssoLockedRoles","registerPermissionActions","getService","actionProvider","registerMany","adminActions","actions","registerAdminConditions","conditionProvider","adminConditions","conditions","registerModelHooks","sendDidChangeInterfaceLanguage","strapi","db","lifecycles","subscribe","models","afterCreate","afterDelete","beforeDelete","event","deleteTokensForUser","params","where","id","afterUpdate","data","preferedLanguage","roles","undefined","syncPermissionsForUser","result","users","query","findMany","select","state","affectedUserIds","map","u","userId","syncAuthSettings","adminStore","store","type","name","adminAuthSettings","get","key","newAuthSettings","merge","roleExists","exists","set","value","syncAPITokensPermissions","validPermissions","contentAPI","permissions","action","keys","permissionsInDB","async","pipe","unknownPermissions","uniq","difference","length","deleteMany","$in","createDefaultAPITokensIfNeeded","userService","apiTokenService","usersCount","count","apiTokenCount","countAll","token","constants","DEFAULT_API_TOKENS","create","options","getTokenOptions","legacyMaxRefreshFallback","expiresInToSeconds","expiresIn","DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN","legacyMaxSessionFallback","DEFAULT_MAX_SESSION_LIFESPAN","hasLegacyExpires","hasNewMaxRefresh","config","hasNewMaxSession","log","warn","sessionManager","defineOrigin","jwtSecret","accessTokenLifespan","maxRefreshTokenLifespan","idleRefreshTokenLifespan","DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN","maxSessionLifespan","idleSessionLifespan","DEFAULT_IDLE_SESSION_LIFESPAN","algorithm","jwtOptions","isProduction","process","env","NODE_ENV","adminCookieSecure","permissionService","roleService","transferService","tokenService","createRolesIfNoneExist","resetSuperAdminPermissions","displayWarningIfNoSuperAdmin","cleanPermissionsInDatabase","displayWarningIfUsersDontHaveRole","sendUpdateProjectInformation","startCron","checkSaltIsDefined","checkSecretIsDefined"],"mappings":";;;;;;;;;;;AAeA,MAAMA,wBAAAA,GAA2B;IAC/BC,SAAAA,EAAW;QACTC,YAAAA,EAAc,KAAA;QACdC,WAAAA,EAAa,IAAA;QACbC,cAAAA,EAAgB;AAClB;AACF,CAAA;AAEA,MAAMC,yBAAAA,GAA4B,UAAA;AAChC,IAAA,MAAMC,iBAAW,YAAA,CAAA,CAAcC,cAAc,CAACC,YAAY,CAACC,qBAAaC,OAAO,CAAA;AACjF,CAAA;AAEA,MAAMC,uBAAAA,GAA0B,UAAA;AAC9B,IAAA,MAAML,iBAAW,YAAA,CAAA,CAAcM,iBAAiB,CAACJ,YAAY,CAACK,wBAAgBC,UAAU,CAAA;AAC1F,CAAA;AAEA,MAAMC,kBAAAA,GAAqB,IAAA;AACzB,IAAA,MAAM,EAAEC,8BAA8B,EAAE,GAAGV,gBAAAA,CAAW,SAAA,CAAA;AAEtDW,IAAAA,MAAAA,CAAOC,EAAE,CAACC,UAAU,CAACC,SAAS,CAAC;QAC7BC,MAAAA,EAAQ;AAAC,YAAA;AAAc,SAAA;QACvBC,WAAAA,EAAaN,8BAAAA;QACbO,WAAAA,EAAaP,8BAAAA;AACb,QAAA,MAAMQ,cAAaC,KAAK,EAAA;;YAEtB,MAAMnB,gBAAAA,CAAW,mBAAmBoB,mBAAmB,CAACD,MAAME,MAAM,CAACC,KAAK,CAACC,EAAE,CAAA;AAC/E,QAAA,CAAA;AACA,QAAA,MAAMC,aAAYL,KAAK,EAAA;AACrB,YAAA,IAAIA,KAAAA,CAAME,MAAM,CAACI,IAAI,EAAEC,gBAAAA,EAAkB;AACvChB,gBAAAA,8BAAAA,EAAAA;AACF,YAAA;AACA,YAAA,IAAIS,MAAME,MAAM,CAACI,IAAI,EAAEE,UAAUC,SAAAA,EAAW;;AAE1C,gBAAA,MAAM5B,iBAAW,iBAAA,CAAA,CAAmB6B,sBAAsB,CAACV,KAAAA,CAAMW,MAAM,CAACP,EAAE,CAAA;AAC5E,YAAA;AACF,QAAA;AACF,KAAA,CAAA;AAEAZ,IAAAA,MAAAA,CAAOC,EAAE,CAACC,UAAU,CAACC,SAAS,CAAC;QAC7BC,MAAAA,EAAQ;AAAC,YAAA;AAAc,SAAA;;AAEvB,QAAA,MAAMG,cAAaC,KAAK,EAAA;YACtB,MAAMY,KAAAA,GAAQ,MAAMpB,MAAAA,CAAOC,EAAE,CAACoB,KAAK,CAAC,aAAA,CAAA,CAAeC,QAAQ,CAAC;gBAC1DX,KAAAA,EAAO;oBAAEK,KAAAA,EAAO;AAAEJ,wBAAAA,EAAAA,EAAIJ,KAAAA,CAAME,MAAM,CAACC,KAAK,CAACC;AAAG;AAAE,iBAAA;gBAC9CW,MAAAA,EAAQ;AAAC,oBAAA;AAAK;AAChB,aAAA,CAAA;YACAf,KAAAA,CAAMgB,KAAK,CAACC,eAAe,GAAGL,KAAAA,CAAMM,GAAG,CAAC,CAACC,CAAAA,GAAuBA,CAAAA,CAAEf,EAAE,CAAA;AACtE,QAAA,CAAA;AACA,QAAA,MAAMN,aAAYE,KAAK,EAAA;YACrB,KAAK,MAAMoB,UAAU,KAACpB,CAAMgB,KAAK,CAACC,eAAe,IAAkB,EAAE,CAAE;gBACrE,MAAMpC,gBAAAA,CAAW,iBAAA,CAAA,CAAmB6B,sBAAsB,CAACU,MAAAA,CAAAA;AAC7D,YAAA;AACF,QAAA;AACF,KAAA,CAAA;AACF,CAAA;AAEA,MAAMC,gBAAAA,GAAmB,UAAA;AACvB,IAAA,MAAMC,UAAAA,GAAa,MAAM9B,MAAAA,CAAO+B,KAAK,CAAC;QAAEC,IAAAA,EAAM,MAAA;QAAQC,IAAAA,EAAM;AAAQ,KAAA,CAAA;AACpE,IAAA,MAAMC,iBAAAA,GAAoB,MAAMJ,UAAAA,CAAWK,GAAG,CAAC;QAAEC,GAAAA,EAAK;AAAO,KAAA,CAAA;IAC7D,MAAMC,eAAAA,GAAkBC,SAAMvD,wBAAAA,EAA0BmD,iBAAAA,CAAAA;AAExD,IAAA,MAAMK,UAAAA,GAAa,MAAMlD,gBAAAA,CAAW,MAAA,CAAA,CAAQmD,MAAM,CAAC;QACjD5B,EAAAA,EAAIyB,eAAAA,CAAgBrD,SAAS,CAACE;AAChC,KAAA,CAAA;;AAGA,IAAA,IAAI,CAACqD,UAAAA,EAAY;QACfF,eAAAA,CAAgBrD,SAAS,CAACE,WAAW,GAAG,IAAA;AAC1C,IAAA;IAEA,MAAM4C,UAAAA,CAAWW,GAAG,CAAC;QAAEL,GAAAA,EAAK,MAAA;QAAQM,KAAAA,EAAOL;AAAgB,KAAA,CAAA;AAC7D,CAAA;AAEA,MAAMM,wBAAAA,GAA2B,UAAA;IAC/B,MAAMC,gBAAAA,GAAmB5C,MAAAA,CAAO6C,UAAU,CAACC,WAAW,CAAC9D,SAAS,CAAC+D,MAAM,CAACC,IAAI,EAAA;AAC5E,IAAA,MAAMC,eAAAA,GAAkB,MAAMC,WAAAA,CAAMC,IAAI,CACtCnD,MAAAA,CAAOC,EAAE,CAACoB,KAAK,CAAC,6BAAA,CAAA,CAA+BC,QAAQ,EACvDI,MAAAA,CAAI,QAAA,CAAA,CAAA,EAAA;IAGN,MAAM0B,kBAAAA,GAAqBC,OAAAA,CAAKC,aAAAA,CAAWL,eAAAA,EAAiBL,gBAAAA,CAAAA,CAAAA;IAE5D,IAAIQ,kBAAAA,CAAmBG,MAAM,GAAG,CAAA,EAAG;AACjC,QAAA,MAAMvD,OAAOC,EAAE,CACZoB,KAAK,CAAC,6BAAA,CAAA,CACNmC,UAAU,CAAC;YAAE7C,KAAAA,EAAO;gBAAEoC,MAAAA,EAAQ;oBAAEU,GAAAA,EAAKL;AAAmB;AAAE;AAAE,SAAA,CAAA;AACjE,IAAA;AACF,CAAA;AAEA;;;;;;;;;AASC,IAED,MAAMM,8BAAAA,GAAiC,UAAA;AACrC,IAAA,MAAMC,cAActE,gBAAAA,CAAW,MAAA,CAAA;AAC/B,IAAA,MAAMuE,kBAAkBvE,gBAAAA,CAAW,uBAAA,CAAA;IAEnC,MAAMwE,UAAAA,GAAa,MAAMF,WAAAA,CAAYG,KAAK,EAAA;IAC1C,MAAMC,aAAAA,GAAgB,MAAMH,eAAAA,CAAgBI,QAAQ,EAAA;IAEpD,IAAIH,UAAAA,KAAe,CAAA,IAAKE,aAAAA,KAAkB,CAAA,EAAG;AAC3C,QAAA,KAAK,MAAME,KAAAA,IAASC,SAAAA,CAAUC,kBAAkB,CAAE;YAChD,MAAMP,eAAAA,CAAgBQ,MAAM,CAACH,KAAAA,CAAAA;AAC/B,QAAA;AACF,IAAA;AACF,CAAA;AAEA,gBAAe,CAAA,OAAO,EAAEjE,MAAAA,EAAAA,OAAM,EAA2B,GAAA;;IAEvD,MAAM,EAAEqE,OAAO,EAAE,GAAGC,qBAAAA,EAAAA;IACpB,MAAMC,wBAAAA,GACJC,wBAAAA,CAAmBH,OAAAA,EAASI,SAAAA,CAAAA,IAAcC,8CAAAA;IAC5C,MAAMC,wBAAAA,GACJH,wBAAAA,CAAmBH,OAAAA,EAASI,SAAAA,CAAAA,IAAcG,wCAAAA;;IAG5C,MAAMC,gBAAAA,GAAmBR,SAASI,SAAAA,IAAa,IAAA;AAC/C,IAAA,MAAMK,mBAAmB9E,OAAAA,CAAO+E,MAAM,CAAC5C,GAAG,CAAC,6CAAA,CAAA,IAAkD,IAAA;AAC7F,IAAA,MAAM6C,mBAAmBhF,OAAAA,CAAO+E,MAAM,CAAC5C,GAAG,CAAC,wCAAA,CAAA,IAA6C,IAAA;AAExF,IAAA,IAAI0C,qBAAqB,CAACC,gBAAAA,IAAoB,CAACE,gBAAe,CAAA,EAAI;QAChEhF,OAAAA,CAAOiF,GAAG,CAACC,IAAI,CACb,sLAAA,CAAA;AAEJ,IAAA;AAEAlF,IAAAA,OAAAA,CAAOmF,cAAc,CAACC,YAAY,CAAC,OAAA,EAAS;AAC1CC,QAAAA,SAAAA,EAAWrF,OAAAA,CAAO+E,MAAM,CAAC5C,GAAG,CAAC,mBAAA,CAAA;AAC7BmD,QAAAA,mBAAAA,EAAqBtF,QAAO+E,MAAM,CAAC5C,GAAG,CAAC,2CAA2C,EAAA,GAAK,EAAA,CAAA;AACvFoD,QAAAA,uBAAAA,EAAyBvF,OAAAA,CAAO+E,MAAM,CAAC5C,GAAG,CACxC,6CAAA,EACAoC,wBAAAA,CAAAA;AAEFiB,QAAAA,wBAAAA,EAA0BxF,OAAAA,CAAO+E,MAAM,CAAC5C,GAAG,CACzC,8CAAA,EACAsD,+CAAAA,CAAAA;AAEFC,QAAAA,kBAAAA,EAAoB1F,OAAAA,CAAO+E,MAAM,CAAC5C,GAAG,CACnC,wCAAA,EACAwC,wBAAAA,CAAAA;AAEFgB,QAAAA,mBAAAA,EAAqB3F,OAAAA,CAAO+E,MAAM,CAAC5C,GAAG,CACpC,yCAAA,EACAyD,yCAAAA,CAAAA;AAEFC,QAAAA,SAAAA,EAAWxB,OAAAA,EAASwB,SAAAA;;QAEpBC,UAAAA,EAAYzB;AACd,KAAA,CAAA;AAEA,IAAA,MAAM0B,YAAAA,GAAeC,OAAAA,CAAQC,GAAG,CAACC,QAAQ,KAAK,YAAA;AAC9C,IAAA,MAAMC,iBAAAA,GAAoBnG,OAAAA,CAAO+E,MAAM,CAAC5C,GAAG,CAAC,0BAAA,CAAA;IAC5C,IAAI4D,YAAAA,IAAgBI,sBAAsB,KAAA,EAAO;QAC/CnG,OAAAA,CAAOiF,GAAG,CAACC,IAAI,CACb,wKAAA,CAAA;AAEJ,IAAA;IAEA,MAAMxF,uBAAAA,EAAAA;IACN,MAAMN,yBAAAA,EAAAA;AACNU,IAAAA,kBAAAA,EAAAA;AAEA,IAAA,MAAMsG,oBAAoB/G,gBAAAA,CAAW,YAAA,CAAA;AACrC,IAAA,MAAMsE,cAActE,gBAAAA,CAAW,MAAA,CAAA;AAC/B,IAAA,MAAMgH,cAAchH,gBAAAA,CAAW,MAAA,CAAA;AAC/B,IAAA,MAAMuE,kBAAkBvE,gBAAAA,CAAW,uBAAA,CAAA;AACnC,IAAA,MAAMiH,kBAAkBjH,gBAAAA,CAAW,UAAA,CAAA;AACnC,IAAA,MAAMkH,eAAelH,gBAAAA,CAAW,OAAA,CAAA;AAEhC,IAAA,MAAMgH,YAAYG,sBAAsB,EAAA;AACxC,IAAA,MAAMH,YAAYI,0BAA0B,EAAA;AAC5C,IAAA,MAAMJ,YAAYK,4BAA4B,EAAA;AAE9C,IAAA,MAAMN,kBAAkBO,0BAA0B,EAAA;AAElD,IAAA,MAAMhD,YAAYiD,iCAAiC,EAAA;IAEnD,MAAM/E,gBAAAA,EAAAA;IACN,MAAMc,wBAAAA,EAAAA;IAEN,MAAMtD,gBAAAA,CAAW,SAAA,CAAA,CAAWwH,4BAA4B,CAAC7G,OAAAA,CAAAA;IACzDX,gBAAAA,CAAW,SAAA,CAAA,CAAWyH,SAAS,CAAC9G,OAAAA,CAAAA;AAEhC4D,IAAAA,eAAAA,CAAgBmD,kBAAkB,EAAA;IAClCT,eAAAA,CAAgBrC,KAAK,CAAC8C,kBAAkB,EAAA;AACxCR,IAAAA,YAAAA,CAAaS,oBAAoB,EAAA;IAEjC,MAAMtD,8BAAAA,EAAAA;AACR,CAAA;;;;"}
|
|
1
|
+
{"version":3,"file":"bootstrap.js","sources":["../../../../server/src/bootstrap.ts"],"sourcesContent":["import { merge, map, difference, uniq } from 'lodash/fp';\nimport type { Core } from '@strapi/types';\nimport { async } from '@strapi/utils';\nimport { getService } from './utils';\nimport {\n getTokenOptions,\n expiresInToSeconds,\n hasUserConfiguredAuthOptionsExpiresIn,\n} from './services/token';\nimport adminActions from './config/admin-actions';\nimport adminConditions from './config/admin-conditions';\nimport constants from './services/constants';\nimport {\n DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN,\n DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN,\n DEFAULT_MAX_SESSION_LIFESPAN,\n DEFAULT_IDLE_SESSION_LIFESPAN,\n} from '../../shared/utils/session-auth';\n\nconst defaultAdminAuthSettings = {\n providers: {\n autoRegister: false,\n defaultRole: null,\n ssoLockedRoles: null,\n },\n};\n\nconst registerPermissionActions = async () => {\n await getService('permission').actionProvider.registerMany(adminActions.actions);\n};\n\nconst registerAdminConditions = async () => {\n await getService('permission').conditionProvider.registerMany(adminConditions.conditions);\n};\n\nconst registerModelHooks = () => {\n const { sendDidChangeInterfaceLanguage } = getService('metrics');\n\n strapi.db.lifecycles.subscribe({\n models: ['admin::user'],\n afterCreate: sendDidChangeInterfaceLanguage,\n afterDelete: sendDidChangeInterfaceLanguage,\n async beforeDelete(event) {\n // Delete all admin API tokens owned by this user before the user row is removed\n await getService('api-token-admin').deleteTokensForUser(event.params.where.id);\n },\n async afterUpdate(event) {\n if (event.params.data?.preferedLanguage) {\n sendDidChangeInterfaceLanguage();\n }\n if (event.params.data?.roles !== undefined) {\n // We re-sync token permissions for all owner users with their role when the user is updated\n await getService('api-token-admin').syncPermissionsForUser(event.result.id);\n }\n },\n });\n\n strapi.db.lifecycles.subscribe({\n models: ['admin::role'],\n // We re-sync token permissions for all owner users with this role when the role is deleted\n async beforeDelete(event) {\n const users = await strapi.db.query('admin::user').findMany({\n where: { roles: { id: event.params.where.id } },\n select: ['id'],\n });\n event.state.affectedUserIds = users.map((u: { id: unknown }) => u.id);\n },\n async afterDelete(event) {\n for (const userId of (event.state.affectedUserIds as unknown[]) ?? []) {\n await getService('api-token-admin').syncPermissionsForUser(userId as string | number);\n }\n },\n });\n};\n\nconst syncAuthSettings = async () => {\n const adminStore = await strapi.store({ type: 'core', name: 'admin' });\n const adminAuthSettings = await adminStore.get({ key: 'auth' });\n const newAuthSettings = merge(defaultAdminAuthSettings, adminAuthSettings);\n\n const roleExists = await getService('role').exists({\n id: newAuthSettings.providers.defaultRole,\n });\n\n // Reset the default SSO role if it has been deleted manually\n if (!roleExists) {\n newAuthSettings.providers.defaultRole = null;\n }\n\n await adminStore.set({ key: 'auth', value: newAuthSettings });\n};\n\nconst syncAPITokensPermissions = async () => {\n const validPermissions = strapi.contentAPI.permissions.providers.action.keys();\n const permissionsInDB = await async.pipe(\n strapi.db.query('admin::api-token-permission').findMany,\n map('action')\n )();\n\n const unknownPermissions = uniq(difference(permissionsInDB, validPermissions));\n\n if (unknownPermissions.length > 0) {\n await strapi.db\n .query('admin::api-token-permission')\n .deleteMany({ where: { action: { $in: unknownPermissions } } });\n }\n};\n\n/**\n * Ensures the creation of default API tokens during the app creation.\n *\n * Checks the database for existing users and API tokens:\n * - If there are no users and no API tokens, it creates two default API tokens:\n * 1. A \"Read Only\" API token with permissions for accessing resources.\n * 2. A \"Full Access\" API token with permissions for accessing and modifying resources.\n *\n * @sideEffects Creates new API tokens in the database if conditions are met.\n */\n\nconst createDefaultAPITokensIfNeeded = async () => {\n const userService = getService('user');\n const apiTokenService = getService('api-token-content-api');\n\n const usersCount = await userService.count();\n const apiTokenCount = await apiTokenService.countAll();\n\n if (usersCount === 0 && apiTokenCount === 0) {\n for (const token of constants.DEFAULT_API_TOKENS) {\n await apiTokenService.create(token);\n }\n }\n};\n\nexport default async ({ strapi }: { strapi: Core.Strapi }) => {\n // Get the merged token options (includes defaults merged with user config)\n const { options } = getTokenOptions();\n const legacyMaxRefreshFallback =\n expiresInToSeconds(options?.expiresIn) ?? DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN;\n const legacyMaxSessionFallback =\n expiresInToSeconds(options?.expiresIn) ?? DEFAULT_MAX_SESSION_LIFESPAN;\n\n // Warn only when the user set legacy admin.auth.options.expiresIn. Merged JWT options always\n // include the default expiresIn ('30d'), so reading merged options alone is a false positive.\n const hasLegacyExpires = hasUserConfiguredAuthOptionsExpiresIn(\n strapi.config.get('admin.auth.options')\n );\n const hasNewMaxRefresh = strapi.config.get('admin.auth.sessions.maxRefreshTokenLifespan') != null;\n const hasNewMaxSession = strapi.config.get('admin.auth.sessions.maxSessionLifespan') != null;\n\n if (hasLegacyExpires && (!hasNewMaxRefresh || !hasNewMaxSession)) {\n strapi.log.warn(\n 'admin.auth.options.expiresIn is deprecated and will be removed in Strapi 6. Please configure admin.auth.sessions.maxRefreshTokenLifespan and admin.auth.sessions.maxSessionLifespan.'\n );\n }\n\n strapi.sessionManager.defineOrigin('admin', {\n jwtSecret: strapi.config.get('admin.auth.secret'),\n accessTokenLifespan: strapi.config.get('admin.auth.sessions.accessTokenLifespan', 30 * 60),\n maxRefreshTokenLifespan: strapi.config.get(\n 'admin.auth.sessions.maxRefreshTokenLifespan',\n legacyMaxRefreshFallback\n ),\n idleRefreshTokenLifespan: strapi.config.get(\n 'admin.auth.sessions.idleRefreshTokenLifespan',\n DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN\n ),\n maxSessionLifespan: strapi.config.get(\n 'admin.auth.sessions.maxSessionLifespan',\n legacyMaxSessionFallback\n ),\n idleSessionLifespan: strapi.config.get(\n 'admin.auth.sessions.idleSessionLifespan',\n DEFAULT_IDLE_SESSION_LIFESPAN\n ),\n algorithm: options?.algorithm,\n // Pass through all JWT options (includes privateKey, publicKey, and any other options)\n jwtOptions: options,\n });\n\n const isProduction = process.env.NODE_ENV === 'production';\n const adminCookieSecure = strapi.config.get('admin.auth.cookie.secure');\n if (isProduction && adminCookieSecure === false) {\n strapi.log.warn(\n 'Server is in production mode, but admin.auth.cookie.secure has been set to false. This is not recommended and will allow cookies to be sent over insecure connections.'\n );\n }\n\n await registerAdminConditions();\n await registerPermissionActions();\n registerModelHooks();\n\n const permissionService = getService('permission');\n const userService = getService('user');\n const roleService = getService('role');\n const apiTokenService = getService('api-token-content-api');\n const transferService = getService('transfer');\n const tokenService = getService('token');\n\n await roleService.createRolesIfNoneExist();\n await roleService.resetSuperAdminPermissions();\n await roleService.displayWarningIfNoSuperAdmin();\n\n await permissionService.cleanPermissionsInDatabase();\n\n await userService.displayWarningIfUsersDontHaveRole();\n\n await syncAuthSettings();\n await syncAPITokensPermissions();\n\n await getService('metrics').sendUpdateProjectInformation(strapi);\n getService('metrics').startCron(strapi);\n\n apiTokenService.checkSaltIsDefined();\n transferService.token.checkSaltIsDefined();\n tokenService.checkSecretIsDefined();\n\n await createDefaultAPITokensIfNeeded();\n};\n"],"names":["defaultAdminAuthSettings","providers","autoRegister","defaultRole","ssoLockedRoles","registerPermissionActions","getService","actionProvider","registerMany","adminActions","actions","registerAdminConditions","conditionProvider","adminConditions","conditions","registerModelHooks","sendDidChangeInterfaceLanguage","strapi","db","lifecycles","subscribe","models","afterCreate","afterDelete","beforeDelete","event","deleteTokensForUser","params","where","id","afterUpdate","data","preferedLanguage","roles","undefined","syncPermissionsForUser","result","users","query","findMany","select","state","affectedUserIds","map","u","userId","syncAuthSettings","adminStore","store","type","name","adminAuthSettings","get","key","newAuthSettings","merge","roleExists","exists","set","value","syncAPITokensPermissions","validPermissions","contentAPI","permissions","action","keys","permissionsInDB","async","pipe","unknownPermissions","uniq","difference","length","deleteMany","$in","createDefaultAPITokensIfNeeded","userService","apiTokenService","usersCount","count","apiTokenCount","countAll","token","constants","DEFAULT_API_TOKENS","create","options","getTokenOptions","legacyMaxRefreshFallback","expiresInToSeconds","expiresIn","DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN","legacyMaxSessionFallback","DEFAULT_MAX_SESSION_LIFESPAN","hasLegacyExpires","hasUserConfiguredAuthOptionsExpiresIn","config","hasNewMaxRefresh","hasNewMaxSession","log","warn","sessionManager","defineOrigin","jwtSecret","accessTokenLifespan","maxRefreshTokenLifespan","idleRefreshTokenLifespan","DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN","maxSessionLifespan","idleSessionLifespan","DEFAULT_IDLE_SESSION_LIFESPAN","algorithm","jwtOptions","isProduction","process","env","NODE_ENV","adminCookieSecure","permissionService","roleService","transferService","tokenService","createRolesIfNoneExist","resetSuperAdminPermissions","displayWarningIfNoSuperAdmin","cleanPermissionsInDatabase","displayWarningIfUsersDontHaveRole","sendUpdateProjectInformation","startCron","checkSaltIsDefined","checkSecretIsDefined"],"mappings":";;;;;;;;;;;AAmBA,MAAMA,wBAAAA,GAA2B;IAC/BC,SAAAA,EAAW;QACTC,YAAAA,EAAc,KAAA;QACdC,WAAAA,EAAa,IAAA;QACbC,cAAAA,EAAgB;AAClB;AACF,CAAA;AAEA,MAAMC,yBAAAA,GAA4B,UAAA;AAChC,IAAA,MAAMC,iBAAW,YAAA,CAAA,CAAcC,cAAc,CAACC,YAAY,CAACC,qBAAaC,OAAO,CAAA;AACjF,CAAA;AAEA,MAAMC,uBAAAA,GAA0B,UAAA;AAC9B,IAAA,MAAML,iBAAW,YAAA,CAAA,CAAcM,iBAAiB,CAACJ,YAAY,CAACK,wBAAgBC,UAAU,CAAA;AAC1F,CAAA;AAEA,MAAMC,kBAAAA,GAAqB,IAAA;AACzB,IAAA,MAAM,EAAEC,8BAA8B,EAAE,GAAGV,gBAAAA,CAAW,SAAA,CAAA;AAEtDW,IAAAA,MAAAA,CAAOC,EAAE,CAACC,UAAU,CAACC,SAAS,CAAC;QAC7BC,MAAAA,EAAQ;AAAC,YAAA;AAAc,SAAA;QACvBC,WAAAA,EAAaN,8BAAAA;QACbO,WAAAA,EAAaP,8BAAAA;AACb,QAAA,MAAMQ,cAAaC,KAAK,EAAA;;YAEtB,MAAMnB,gBAAAA,CAAW,mBAAmBoB,mBAAmB,CAACD,MAAME,MAAM,CAACC,KAAK,CAACC,EAAE,CAAA;AAC/E,QAAA,CAAA;AACA,QAAA,MAAMC,aAAYL,KAAK,EAAA;AACrB,YAAA,IAAIA,KAAAA,CAAME,MAAM,CAACI,IAAI,EAAEC,gBAAAA,EAAkB;AACvChB,gBAAAA,8BAAAA,EAAAA;AACF,YAAA;AACA,YAAA,IAAIS,MAAME,MAAM,CAACI,IAAI,EAAEE,UAAUC,SAAAA,EAAW;;AAE1C,gBAAA,MAAM5B,iBAAW,iBAAA,CAAA,CAAmB6B,sBAAsB,CAACV,KAAAA,CAAMW,MAAM,CAACP,EAAE,CAAA;AAC5E,YAAA;AACF,QAAA;AACF,KAAA,CAAA;AAEAZ,IAAAA,MAAAA,CAAOC,EAAE,CAACC,UAAU,CAACC,SAAS,CAAC;QAC7BC,MAAAA,EAAQ;AAAC,YAAA;AAAc,SAAA;;AAEvB,QAAA,MAAMG,cAAaC,KAAK,EAAA;YACtB,MAAMY,KAAAA,GAAQ,MAAMpB,MAAAA,CAAOC,EAAE,CAACoB,KAAK,CAAC,aAAA,CAAA,CAAeC,QAAQ,CAAC;gBAC1DX,KAAAA,EAAO;oBAAEK,KAAAA,EAAO;AAAEJ,wBAAAA,EAAAA,EAAIJ,KAAAA,CAAME,MAAM,CAACC,KAAK,CAACC;AAAG;AAAE,iBAAA;gBAC9CW,MAAAA,EAAQ;AAAC,oBAAA;AAAK;AAChB,aAAA,CAAA;YACAf,KAAAA,CAAMgB,KAAK,CAACC,eAAe,GAAGL,KAAAA,CAAMM,GAAG,CAAC,CAACC,CAAAA,GAAuBA,CAAAA,CAAEf,EAAE,CAAA;AACtE,QAAA,CAAA;AACA,QAAA,MAAMN,aAAYE,KAAK,EAAA;YACrB,KAAK,MAAMoB,UAAU,KAACpB,CAAMgB,KAAK,CAACC,eAAe,IAAkB,EAAE,CAAE;gBACrE,MAAMpC,gBAAAA,CAAW,iBAAA,CAAA,CAAmB6B,sBAAsB,CAACU,MAAAA,CAAAA;AAC7D,YAAA;AACF,QAAA;AACF,KAAA,CAAA;AACF,CAAA;AAEA,MAAMC,gBAAAA,GAAmB,UAAA;AACvB,IAAA,MAAMC,UAAAA,GAAa,MAAM9B,MAAAA,CAAO+B,KAAK,CAAC;QAAEC,IAAAA,EAAM,MAAA;QAAQC,IAAAA,EAAM;AAAQ,KAAA,CAAA;AACpE,IAAA,MAAMC,iBAAAA,GAAoB,MAAMJ,UAAAA,CAAWK,GAAG,CAAC;QAAEC,GAAAA,EAAK;AAAO,KAAA,CAAA;IAC7D,MAAMC,eAAAA,GAAkBC,SAAMvD,wBAAAA,EAA0BmD,iBAAAA,CAAAA;AAExD,IAAA,MAAMK,UAAAA,GAAa,MAAMlD,gBAAAA,CAAW,MAAA,CAAA,CAAQmD,MAAM,CAAC;QACjD5B,EAAAA,EAAIyB,eAAAA,CAAgBrD,SAAS,CAACE;AAChC,KAAA,CAAA;;AAGA,IAAA,IAAI,CAACqD,UAAAA,EAAY;QACfF,eAAAA,CAAgBrD,SAAS,CAACE,WAAW,GAAG,IAAA;AAC1C,IAAA;IAEA,MAAM4C,UAAAA,CAAWW,GAAG,CAAC;QAAEL,GAAAA,EAAK,MAAA;QAAQM,KAAAA,EAAOL;AAAgB,KAAA,CAAA;AAC7D,CAAA;AAEA,MAAMM,wBAAAA,GAA2B,UAAA;IAC/B,MAAMC,gBAAAA,GAAmB5C,MAAAA,CAAO6C,UAAU,CAACC,WAAW,CAAC9D,SAAS,CAAC+D,MAAM,CAACC,IAAI,EAAA;AAC5E,IAAA,MAAMC,eAAAA,GAAkB,MAAMC,WAAAA,CAAMC,IAAI,CACtCnD,MAAAA,CAAOC,EAAE,CAACoB,KAAK,CAAC,6BAAA,CAAA,CAA+BC,QAAQ,EACvDI,MAAAA,CAAI,QAAA,CAAA,CAAA,EAAA;IAGN,MAAM0B,kBAAAA,GAAqBC,OAAAA,CAAKC,aAAAA,CAAWL,eAAAA,EAAiBL,gBAAAA,CAAAA,CAAAA;IAE5D,IAAIQ,kBAAAA,CAAmBG,MAAM,GAAG,CAAA,EAAG;AACjC,QAAA,MAAMvD,OAAOC,EAAE,CACZoB,KAAK,CAAC,6BAAA,CAAA,CACNmC,UAAU,CAAC;YAAE7C,KAAAA,EAAO;gBAAEoC,MAAAA,EAAQ;oBAAEU,GAAAA,EAAKL;AAAmB;AAAE;AAAE,SAAA,CAAA;AACjE,IAAA;AACF,CAAA;AAEA;;;;;;;;;AASC,IAED,MAAMM,8BAAAA,GAAiC,UAAA;AACrC,IAAA,MAAMC,cAActE,gBAAAA,CAAW,MAAA,CAAA;AAC/B,IAAA,MAAMuE,kBAAkBvE,gBAAAA,CAAW,uBAAA,CAAA;IAEnC,MAAMwE,UAAAA,GAAa,MAAMF,WAAAA,CAAYG,KAAK,EAAA;IAC1C,MAAMC,aAAAA,GAAgB,MAAMH,eAAAA,CAAgBI,QAAQ,EAAA;IAEpD,IAAIH,UAAAA,KAAe,CAAA,IAAKE,aAAAA,KAAkB,CAAA,EAAG;AAC3C,QAAA,KAAK,MAAME,KAAAA,IAASC,SAAAA,CAAUC,kBAAkB,CAAE;YAChD,MAAMP,eAAAA,CAAgBQ,MAAM,CAACH,KAAAA,CAAAA;AAC/B,QAAA;AACF,IAAA;AACF,CAAA;AAEA,gBAAe,CAAA,OAAO,EAAEjE,MAAAA,EAAAA,OAAM,EAA2B,GAAA;;IAEvD,MAAM,EAAEqE,OAAO,EAAE,GAAGC,qBAAAA,EAAAA;IACpB,MAAMC,wBAAAA,GACJC,wBAAAA,CAAmBH,OAAAA,EAASI,SAAAA,CAAAA,IAAcC,8CAAAA;IAC5C,MAAMC,wBAAAA,GACJH,wBAAAA,CAAmBH,OAAAA,EAASI,SAAAA,CAAAA,IAAcG,wCAAAA;;;AAI5C,IAAA,MAAMC,mBAAmBC,2CAAAA,CACvB9E,OAAAA,CAAO+E,MAAM,CAAC5C,GAAG,CAAC,oBAAA,CAAA,CAAA;AAEpB,IAAA,MAAM6C,mBAAmBhF,OAAAA,CAAO+E,MAAM,CAAC5C,GAAG,CAAC,6CAAA,CAAA,IAAkD,IAAA;AAC7F,IAAA,MAAM8C,mBAAmBjF,OAAAA,CAAO+E,MAAM,CAAC5C,GAAG,CAAC,wCAAA,CAAA,IAA6C,IAAA;AAExF,IAAA,IAAI0C,qBAAqB,CAACG,gBAAAA,IAAoB,CAACC,gBAAe,CAAA,EAAI;QAChEjF,OAAAA,CAAOkF,GAAG,CAACC,IAAI,CACb,sLAAA,CAAA;AAEJ,IAAA;AAEAnF,IAAAA,OAAAA,CAAOoF,cAAc,CAACC,YAAY,CAAC,OAAA,EAAS;AAC1CC,QAAAA,SAAAA,EAAWtF,OAAAA,CAAO+E,MAAM,CAAC5C,GAAG,CAAC,mBAAA,CAAA;AAC7BoD,QAAAA,mBAAAA,EAAqBvF,QAAO+E,MAAM,CAAC5C,GAAG,CAAC,2CAA2C,EAAA,GAAK,EAAA,CAAA;AACvFqD,QAAAA,uBAAAA,EAAyBxF,OAAAA,CAAO+E,MAAM,CAAC5C,GAAG,CACxC,6CAAA,EACAoC,wBAAAA,CAAAA;AAEFkB,QAAAA,wBAAAA,EAA0BzF,OAAAA,CAAO+E,MAAM,CAAC5C,GAAG,CACzC,8CAAA,EACAuD,+CAAAA,CAAAA;AAEFC,QAAAA,kBAAAA,EAAoB3F,OAAAA,CAAO+E,MAAM,CAAC5C,GAAG,CACnC,wCAAA,EACAwC,wBAAAA,CAAAA;AAEFiB,QAAAA,mBAAAA,EAAqB5F,OAAAA,CAAO+E,MAAM,CAAC5C,GAAG,CACpC,yCAAA,EACA0D,yCAAAA,CAAAA;AAEFC,QAAAA,SAAAA,EAAWzB,OAAAA,EAASyB,SAAAA;;QAEpBC,UAAAA,EAAY1B;AACd,KAAA,CAAA;AAEA,IAAA,MAAM2B,YAAAA,GAAeC,OAAAA,CAAQC,GAAG,CAACC,QAAQ,KAAK,YAAA;AAC9C,IAAA,MAAMC,iBAAAA,GAAoBpG,OAAAA,CAAO+E,MAAM,CAAC5C,GAAG,CAAC,0BAAA,CAAA;IAC5C,IAAI6D,YAAAA,IAAgBI,sBAAsB,KAAA,EAAO;QAC/CpG,OAAAA,CAAOkF,GAAG,CAACC,IAAI,CACb,wKAAA,CAAA;AAEJ,IAAA;IAEA,MAAMzF,uBAAAA,EAAAA;IACN,MAAMN,yBAAAA,EAAAA;AACNU,IAAAA,kBAAAA,EAAAA;AAEA,IAAA,MAAMuG,oBAAoBhH,gBAAAA,CAAW,YAAA,CAAA;AACrC,IAAA,MAAMsE,cAActE,gBAAAA,CAAW,MAAA,CAAA;AAC/B,IAAA,MAAMiH,cAAcjH,gBAAAA,CAAW,MAAA,CAAA;AAC/B,IAAA,MAAMuE,kBAAkBvE,gBAAAA,CAAW,uBAAA,CAAA;AACnC,IAAA,MAAMkH,kBAAkBlH,gBAAAA,CAAW,UAAA,CAAA;AACnC,IAAA,MAAMmH,eAAenH,gBAAAA,CAAW,OAAA,CAAA;AAEhC,IAAA,MAAMiH,YAAYG,sBAAsB,EAAA;AACxC,IAAA,MAAMH,YAAYI,0BAA0B,EAAA;AAC5C,IAAA,MAAMJ,YAAYK,4BAA4B,EAAA;AAE9C,IAAA,MAAMN,kBAAkBO,0BAA0B,EAAA;AAElD,IAAA,MAAMjD,YAAYkD,iCAAiC,EAAA;IAEnD,MAAMhF,gBAAAA,EAAAA;IACN,MAAMc,wBAAAA,EAAAA;IAEN,MAAMtD,gBAAAA,CAAW,SAAA,CAAA,CAAWyH,4BAA4B,CAAC9G,OAAAA,CAAAA;IACzDX,gBAAAA,CAAW,SAAA,CAAA,CAAW0H,SAAS,CAAC/G,OAAAA,CAAAA;AAEhC4D,IAAAA,eAAAA,CAAgBoD,kBAAkB,EAAA;IAClCT,eAAAA,CAAgBtC,KAAK,CAAC+C,kBAAkB,EAAA;AACxCR,IAAAA,YAAAA,CAAaS,oBAAoB,EAAA;IAEjC,MAAMvD,8BAAAA,EAAAA;AACR,CAAA;;;;"}
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import { merge, map, uniq, difference } from 'lodash/fp';
|
|
2
2
|
import { async } from '@strapi/utils';
|
|
3
3
|
import { getService } from './utils/index.mjs';
|
|
4
|
-
import { getTokenOptions, expiresInToSeconds } from './services/token.mjs';
|
|
4
|
+
import { getTokenOptions, expiresInToSeconds, hasUserConfiguredAuthOptionsExpiresIn } from './services/token.mjs';
|
|
5
5
|
import adminActions from './config/admin-actions.mjs';
|
|
6
6
|
import adminConditions from './config/admin-conditions.mjs';
|
|
7
7
|
import constants from './services/constants.mjs';
|
|
@@ -127,8 +127,9 @@ var bootstrap = (async ({ strapi: strapi1 })=>{
|
|
|
127
127
|
const { options } = getTokenOptions();
|
|
128
128
|
const legacyMaxRefreshFallback = expiresInToSeconds(options?.expiresIn) ?? DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN;
|
|
129
129
|
const legacyMaxSessionFallback = expiresInToSeconds(options?.expiresIn) ?? DEFAULT_MAX_SESSION_LIFESPAN;
|
|
130
|
-
// Warn
|
|
131
|
-
|
|
130
|
+
// Warn only when the user set legacy admin.auth.options.expiresIn. Merged JWT options always
|
|
131
|
+
// include the default expiresIn ('30d'), so reading merged options alone is a false positive.
|
|
132
|
+
const hasLegacyExpires = hasUserConfiguredAuthOptionsExpiresIn(strapi1.config.get('admin.auth.options'));
|
|
132
133
|
const hasNewMaxRefresh = strapi1.config.get('admin.auth.sessions.maxRefreshTokenLifespan') != null;
|
|
133
134
|
const hasNewMaxSession = strapi1.config.get('admin.auth.sessions.maxSessionLifespan') != null;
|
|
134
135
|
if (hasLegacyExpires && (!hasNewMaxRefresh || !hasNewMaxSession)) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"bootstrap.mjs","sources":["../../../../server/src/bootstrap.ts"],"sourcesContent":["import { merge, map, difference, uniq } from 'lodash/fp';\nimport type { Core } from '@strapi/types';\nimport { async } from '@strapi/utils';\nimport { getService } from './utils';\nimport { getTokenOptions, expiresInToSeconds } from './services/token';\nimport adminActions from './config/admin-actions';\nimport adminConditions from './config/admin-conditions';\nimport constants from './services/constants';\nimport {\n DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN,\n DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN,\n DEFAULT_MAX_SESSION_LIFESPAN,\n DEFAULT_IDLE_SESSION_LIFESPAN,\n} from '../../shared/utils/session-auth';\n\nconst defaultAdminAuthSettings = {\n providers: {\n autoRegister: false,\n defaultRole: null,\n ssoLockedRoles: null,\n },\n};\n\nconst registerPermissionActions = async () => {\n await getService('permission').actionProvider.registerMany(adminActions.actions);\n};\n\nconst registerAdminConditions = async () => {\n await getService('permission').conditionProvider.registerMany(adminConditions.conditions);\n};\n\nconst registerModelHooks = () => {\n const { sendDidChangeInterfaceLanguage } = getService('metrics');\n\n strapi.db.lifecycles.subscribe({\n models: ['admin::user'],\n afterCreate: sendDidChangeInterfaceLanguage,\n afterDelete: sendDidChangeInterfaceLanguage,\n async beforeDelete(event) {\n // Delete all admin API tokens owned by this user before the user row is removed\n await getService('api-token-admin').deleteTokensForUser(event.params.where.id);\n },\n async afterUpdate(event) {\n if (event.params.data?.preferedLanguage) {\n sendDidChangeInterfaceLanguage();\n }\n if (event.params.data?.roles !== undefined) {\n // We re-sync token permissions for all owner users with their role when the user is updated\n await getService('api-token-admin').syncPermissionsForUser(event.result.id);\n }\n },\n });\n\n strapi.db.lifecycles.subscribe({\n models: ['admin::role'],\n // We re-sync token permissions for all owner users with this role when the role is deleted\n async beforeDelete(event) {\n const users = await strapi.db.query('admin::user').findMany({\n where: { roles: { id: event.params.where.id } },\n select: ['id'],\n });\n event.state.affectedUserIds = users.map((u: { id: unknown }) => u.id);\n },\n async afterDelete(event) {\n for (const userId of (event.state.affectedUserIds as unknown[]) ?? []) {\n await getService('api-token-admin').syncPermissionsForUser(userId as string | number);\n }\n },\n });\n};\n\nconst syncAuthSettings = async () => {\n const adminStore = await strapi.store({ type: 'core', name: 'admin' });\n const adminAuthSettings = await adminStore.get({ key: 'auth' });\n const newAuthSettings = merge(defaultAdminAuthSettings, adminAuthSettings);\n\n const roleExists = await getService('role').exists({\n id: newAuthSettings.providers.defaultRole,\n });\n\n // Reset the default SSO role if it has been deleted manually\n if (!roleExists) {\n newAuthSettings.providers.defaultRole = null;\n }\n\n await adminStore.set({ key: 'auth', value: newAuthSettings });\n};\n\nconst syncAPITokensPermissions = async () => {\n const validPermissions = strapi.contentAPI.permissions.providers.action.keys();\n const permissionsInDB = await async.pipe(\n strapi.db.query('admin::api-token-permission').findMany,\n map('action')\n )();\n\n const unknownPermissions = uniq(difference(permissionsInDB, validPermissions));\n\n if (unknownPermissions.length > 0) {\n await strapi.db\n .query('admin::api-token-permission')\n .deleteMany({ where: { action: { $in: unknownPermissions } } });\n }\n};\n\n/**\n * Ensures the creation of default API tokens during the app creation.\n *\n * Checks the database for existing users and API tokens:\n * - If there are no users and no API tokens, it creates two default API tokens:\n * 1. A \"Read Only\" API token with permissions for accessing resources.\n * 2. A \"Full Access\" API token with permissions for accessing and modifying resources.\n *\n * @sideEffects Creates new API tokens in the database if conditions are met.\n */\n\nconst createDefaultAPITokensIfNeeded = async () => {\n const userService = getService('user');\n const apiTokenService = getService('api-token-content-api');\n\n const usersCount = await userService.count();\n const apiTokenCount = await apiTokenService.countAll();\n\n if (usersCount === 0 && apiTokenCount === 0) {\n for (const token of constants.DEFAULT_API_TOKENS) {\n await apiTokenService.create(token);\n }\n }\n};\n\nexport default async ({ strapi }: { strapi: Core.Strapi }) => {\n // Get the merged token options (includes defaults merged with user config)\n const { options } = getTokenOptions();\n const legacyMaxRefreshFallback =\n expiresInToSeconds(options?.expiresIn) ?? DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN;\n const legacyMaxSessionFallback =\n expiresInToSeconds(options?.expiresIn) ?? DEFAULT_MAX_SESSION_LIFESPAN;\n\n // Warn if using deprecated legacy expiresIn for new session settings\n const hasLegacyExpires = options?.expiresIn != null;\n const hasNewMaxRefresh = strapi.config.get('admin.auth.sessions.maxRefreshTokenLifespan') != null;\n const hasNewMaxSession = strapi.config.get('admin.auth.sessions.maxSessionLifespan') != null;\n\n if (hasLegacyExpires && (!hasNewMaxRefresh || !hasNewMaxSession)) {\n strapi.log.warn(\n 'admin.auth.options.expiresIn is deprecated and will be removed in Strapi 6. Please configure admin.auth.sessions.maxRefreshTokenLifespan and admin.auth.sessions.maxSessionLifespan.'\n );\n }\n\n strapi.sessionManager.defineOrigin('admin', {\n jwtSecret: strapi.config.get('admin.auth.secret'),\n accessTokenLifespan: strapi.config.get('admin.auth.sessions.accessTokenLifespan', 30 * 60),\n maxRefreshTokenLifespan: strapi.config.get(\n 'admin.auth.sessions.maxRefreshTokenLifespan',\n legacyMaxRefreshFallback\n ),\n idleRefreshTokenLifespan: strapi.config.get(\n 'admin.auth.sessions.idleRefreshTokenLifespan',\n DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN\n ),\n maxSessionLifespan: strapi.config.get(\n 'admin.auth.sessions.maxSessionLifespan',\n legacyMaxSessionFallback\n ),\n idleSessionLifespan: strapi.config.get(\n 'admin.auth.sessions.idleSessionLifespan',\n DEFAULT_IDLE_SESSION_LIFESPAN\n ),\n algorithm: options?.algorithm,\n // Pass through all JWT options (includes privateKey, publicKey, and any other options)\n jwtOptions: options,\n });\n\n const isProduction = process.env.NODE_ENV === 'production';\n const adminCookieSecure = strapi.config.get('admin.auth.cookie.secure');\n if (isProduction && adminCookieSecure === false) {\n strapi.log.warn(\n 'Server is in production mode, but admin.auth.cookie.secure has been set to false. This is not recommended and will allow cookies to be sent over insecure connections.'\n );\n }\n\n await registerAdminConditions();\n await registerPermissionActions();\n registerModelHooks();\n\n const permissionService = getService('permission');\n const userService = getService('user');\n const roleService = getService('role');\n const apiTokenService = getService('api-token-content-api');\n const transferService = getService('transfer');\n const tokenService = getService('token');\n\n await roleService.createRolesIfNoneExist();\n await roleService.resetSuperAdminPermissions();\n await roleService.displayWarningIfNoSuperAdmin();\n\n await permissionService.cleanPermissionsInDatabase();\n\n await userService.displayWarningIfUsersDontHaveRole();\n\n await syncAuthSettings();\n await syncAPITokensPermissions();\n\n await getService('metrics').sendUpdateProjectInformation(strapi);\n getService('metrics').startCron(strapi);\n\n apiTokenService.checkSaltIsDefined();\n transferService.token.checkSaltIsDefined();\n tokenService.checkSecretIsDefined();\n\n await createDefaultAPITokensIfNeeded();\n};\n"],"names":["defaultAdminAuthSettings","providers","autoRegister","defaultRole","ssoLockedRoles","registerPermissionActions","getService","actionProvider","registerMany","adminActions","actions","registerAdminConditions","conditionProvider","adminConditions","conditions","registerModelHooks","sendDidChangeInterfaceLanguage","strapi","db","lifecycles","subscribe","models","afterCreate","afterDelete","beforeDelete","event","deleteTokensForUser","params","where","id","afterUpdate","data","preferedLanguage","roles","undefined","syncPermissionsForUser","result","users","query","findMany","select","state","affectedUserIds","map","u","userId","syncAuthSettings","adminStore","store","type","name","adminAuthSettings","get","key","newAuthSettings","merge","roleExists","exists","set","value","syncAPITokensPermissions","validPermissions","contentAPI","permissions","action","keys","permissionsInDB","async","pipe","unknownPermissions","uniq","difference","length","deleteMany","$in","createDefaultAPITokensIfNeeded","userService","apiTokenService","usersCount","count","apiTokenCount","countAll","token","constants","DEFAULT_API_TOKENS","create","options","getTokenOptions","legacyMaxRefreshFallback","expiresInToSeconds","expiresIn","DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN","legacyMaxSessionFallback","DEFAULT_MAX_SESSION_LIFESPAN","hasLegacyExpires","hasNewMaxRefresh","config","hasNewMaxSession","log","warn","sessionManager","defineOrigin","jwtSecret","accessTokenLifespan","maxRefreshTokenLifespan","idleRefreshTokenLifespan","DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN","maxSessionLifespan","idleSessionLifespan","DEFAULT_IDLE_SESSION_LIFESPAN","algorithm","jwtOptions","isProduction","process","env","NODE_ENV","adminCookieSecure","permissionService","roleService","transferService","tokenService","createRolesIfNoneExist","resetSuperAdminPermissions","displayWarningIfNoSuperAdmin","cleanPermissionsInDatabase","displayWarningIfUsersDontHaveRole","sendUpdateProjectInformation","startCron","checkSaltIsDefined","checkSecretIsDefined"],"mappings":";;;;;;;;;AAeA,MAAMA,wBAAAA,GAA2B;IAC/BC,SAAAA,EAAW;QACTC,YAAAA,EAAc,KAAA;QACdC,WAAAA,EAAa,IAAA;QACbC,cAAAA,EAAgB;AAClB;AACF,CAAA;AAEA,MAAMC,yBAAAA,GAA4B,UAAA;AAChC,IAAA,MAAMC,WAAW,YAAA,CAAA,CAAcC,cAAc,CAACC,YAAY,CAACC,aAAaC,OAAO,CAAA;AACjF,CAAA;AAEA,MAAMC,uBAAAA,GAA0B,UAAA;AAC9B,IAAA,MAAML,WAAW,YAAA,CAAA,CAAcM,iBAAiB,CAACJ,YAAY,CAACK,gBAAgBC,UAAU,CAAA;AAC1F,CAAA;AAEA,MAAMC,kBAAAA,GAAqB,IAAA;AACzB,IAAA,MAAM,EAAEC,8BAA8B,EAAE,GAAGV,UAAAA,CAAW,SAAA,CAAA;AAEtDW,IAAAA,MAAAA,CAAOC,EAAE,CAACC,UAAU,CAACC,SAAS,CAAC;QAC7BC,MAAAA,EAAQ;AAAC,YAAA;AAAc,SAAA;QACvBC,WAAAA,EAAaN,8BAAAA;QACbO,WAAAA,EAAaP,8BAAAA;AACb,QAAA,MAAMQ,cAAaC,KAAK,EAAA;;YAEtB,MAAMnB,UAAAA,CAAW,mBAAmBoB,mBAAmB,CAACD,MAAME,MAAM,CAACC,KAAK,CAACC,EAAE,CAAA;AAC/E,QAAA,CAAA;AACA,QAAA,MAAMC,aAAYL,KAAK,EAAA;AACrB,YAAA,IAAIA,KAAAA,CAAME,MAAM,CAACI,IAAI,EAAEC,gBAAAA,EAAkB;AACvChB,gBAAAA,8BAAAA,EAAAA;AACF,YAAA;AACA,YAAA,IAAIS,MAAME,MAAM,CAACI,IAAI,EAAEE,UAAUC,SAAAA,EAAW;;AAE1C,gBAAA,MAAM5B,WAAW,iBAAA,CAAA,CAAmB6B,sBAAsB,CAACV,KAAAA,CAAMW,MAAM,CAACP,EAAE,CAAA;AAC5E,YAAA;AACF,QAAA;AACF,KAAA,CAAA;AAEAZ,IAAAA,MAAAA,CAAOC,EAAE,CAACC,UAAU,CAACC,SAAS,CAAC;QAC7BC,MAAAA,EAAQ;AAAC,YAAA;AAAc,SAAA;;AAEvB,QAAA,MAAMG,cAAaC,KAAK,EAAA;YACtB,MAAMY,KAAAA,GAAQ,MAAMpB,MAAAA,CAAOC,EAAE,CAACoB,KAAK,CAAC,aAAA,CAAA,CAAeC,QAAQ,CAAC;gBAC1DX,KAAAA,EAAO;oBAAEK,KAAAA,EAAO;AAAEJ,wBAAAA,EAAAA,EAAIJ,KAAAA,CAAME,MAAM,CAACC,KAAK,CAACC;AAAG;AAAE,iBAAA;gBAC9CW,MAAAA,EAAQ;AAAC,oBAAA;AAAK;AAChB,aAAA,CAAA;YACAf,KAAAA,CAAMgB,KAAK,CAACC,eAAe,GAAGL,KAAAA,CAAMM,GAAG,CAAC,CAACC,CAAAA,GAAuBA,CAAAA,CAAEf,EAAE,CAAA;AACtE,QAAA,CAAA;AACA,QAAA,MAAMN,aAAYE,KAAK,EAAA;YACrB,KAAK,MAAMoB,UAAU,KAACpB,CAAMgB,KAAK,CAACC,eAAe,IAAkB,EAAE,CAAE;gBACrE,MAAMpC,UAAAA,CAAW,iBAAA,CAAA,CAAmB6B,sBAAsB,CAACU,MAAAA,CAAAA;AAC7D,YAAA;AACF,QAAA;AACF,KAAA,CAAA;AACF,CAAA;AAEA,MAAMC,gBAAAA,GAAmB,UAAA;AACvB,IAAA,MAAMC,UAAAA,GAAa,MAAM9B,MAAAA,CAAO+B,KAAK,CAAC;QAAEC,IAAAA,EAAM,MAAA;QAAQC,IAAAA,EAAM;AAAQ,KAAA,CAAA;AACpE,IAAA,MAAMC,iBAAAA,GAAoB,MAAMJ,UAAAA,CAAWK,GAAG,CAAC;QAAEC,GAAAA,EAAK;AAAO,KAAA,CAAA;IAC7D,MAAMC,eAAAA,GAAkBC,MAAMvD,wBAAAA,EAA0BmD,iBAAAA,CAAAA;AAExD,IAAA,MAAMK,UAAAA,GAAa,MAAMlD,UAAAA,CAAW,MAAA,CAAA,CAAQmD,MAAM,CAAC;QACjD5B,EAAAA,EAAIyB,eAAAA,CAAgBrD,SAAS,CAACE;AAChC,KAAA,CAAA;;AAGA,IAAA,IAAI,CAACqD,UAAAA,EAAY;QACfF,eAAAA,CAAgBrD,SAAS,CAACE,WAAW,GAAG,IAAA;AAC1C,IAAA;IAEA,MAAM4C,UAAAA,CAAWW,GAAG,CAAC;QAAEL,GAAAA,EAAK,MAAA;QAAQM,KAAAA,EAAOL;AAAgB,KAAA,CAAA;AAC7D,CAAA;AAEA,MAAMM,wBAAAA,GAA2B,UAAA;IAC/B,MAAMC,gBAAAA,GAAmB5C,MAAAA,CAAO6C,UAAU,CAACC,WAAW,CAAC9D,SAAS,CAAC+D,MAAM,CAACC,IAAI,EAAA;AAC5E,IAAA,MAAMC,eAAAA,GAAkB,MAAMC,KAAAA,CAAMC,IAAI,CACtCnD,MAAAA,CAAOC,EAAE,CAACoB,KAAK,CAAC,6BAAA,CAAA,CAA+BC,QAAQ,EACvDI,GAAAA,CAAI,QAAA,CAAA,CAAA,EAAA;IAGN,MAAM0B,kBAAAA,GAAqBC,IAAAA,CAAKC,UAAAA,CAAWL,eAAAA,EAAiBL,gBAAAA,CAAAA,CAAAA;IAE5D,IAAIQ,kBAAAA,CAAmBG,MAAM,GAAG,CAAA,EAAG;AACjC,QAAA,MAAMvD,OAAOC,EAAE,CACZoB,KAAK,CAAC,6BAAA,CAAA,CACNmC,UAAU,CAAC;YAAE7C,KAAAA,EAAO;gBAAEoC,MAAAA,EAAQ;oBAAEU,GAAAA,EAAKL;AAAmB;AAAE;AAAE,SAAA,CAAA;AACjE,IAAA;AACF,CAAA;AAEA;;;;;;;;;AASC,IAED,MAAMM,8BAAAA,GAAiC,UAAA;AACrC,IAAA,MAAMC,cAActE,UAAAA,CAAW,MAAA,CAAA;AAC/B,IAAA,MAAMuE,kBAAkBvE,UAAAA,CAAW,uBAAA,CAAA;IAEnC,MAAMwE,UAAAA,GAAa,MAAMF,WAAAA,CAAYG,KAAK,EAAA;IAC1C,MAAMC,aAAAA,GAAgB,MAAMH,eAAAA,CAAgBI,QAAQ,EAAA;IAEpD,IAAIH,UAAAA,KAAe,CAAA,IAAKE,aAAAA,KAAkB,CAAA,EAAG;AAC3C,QAAA,KAAK,MAAME,KAAAA,IAASC,SAAAA,CAAUC,kBAAkB,CAAE;YAChD,MAAMP,eAAAA,CAAgBQ,MAAM,CAACH,KAAAA,CAAAA;AAC/B,QAAA;AACF,IAAA;AACF,CAAA;AAEA,gBAAe,CAAA,OAAO,EAAEjE,MAAAA,EAAAA,OAAM,EAA2B,GAAA;;IAEvD,MAAM,EAAEqE,OAAO,EAAE,GAAGC,eAAAA,EAAAA;IACpB,MAAMC,wBAAAA,GACJC,kBAAAA,CAAmBH,OAAAA,EAASI,SAAAA,CAAAA,IAAcC,kCAAAA;IAC5C,MAAMC,wBAAAA,GACJH,kBAAAA,CAAmBH,OAAAA,EAASI,SAAAA,CAAAA,IAAcG,4BAAAA;;IAG5C,MAAMC,gBAAAA,GAAmBR,SAASI,SAAAA,IAAa,IAAA;AAC/C,IAAA,MAAMK,mBAAmB9E,OAAAA,CAAO+E,MAAM,CAAC5C,GAAG,CAAC,6CAAA,CAAA,IAAkD,IAAA;AAC7F,IAAA,MAAM6C,mBAAmBhF,OAAAA,CAAO+E,MAAM,CAAC5C,GAAG,CAAC,wCAAA,CAAA,IAA6C,IAAA;AAExF,IAAA,IAAI0C,qBAAqB,CAACC,gBAAAA,IAAoB,CAACE,gBAAe,CAAA,EAAI;QAChEhF,OAAAA,CAAOiF,GAAG,CAACC,IAAI,CACb,sLAAA,CAAA;AAEJ,IAAA;AAEAlF,IAAAA,OAAAA,CAAOmF,cAAc,CAACC,YAAY,CAAC,OAAA,EAAS;AAC1CC,QAAAA,SAAAA,EAAWrF,OAAAA,CAAO+E,MAAM,CAAC5C,GAAG,CAAC,mBAAA,CAAA;AAC7BmD,QAAAA,mBAAAA,EAAqBtF,QAAO+E,MAAM,CAAC5C,GAAG,CAAC,2CAA2C,EAAA,GAAK,EAAA,CAAA;AACvFoD,QAAAA,uBAAAA,EAAyBvF,OAAAA,CAAO+E,MAAM,CAAC5C,GAAG,CACxC,6CAAA,EACAoC,wBAAAA,CAAAA;AAEFiB,QAAAA,wBAAAA,EAA0BxF,OAAAA,CAAO+E,MAAM,CAAC5C,GAAG,CACzC,8CAAA,EACAsD,mCAAAA,CAAAA;AAEFC,QAAAA,kBAAAA,EAAoB1F,OAAAA,CAAO+E,MAAM,CAAC5C,GAAG,CACnC,wCAAA,EACAwC,wBAAAA,CAAAA;AAEFgB,QAAAA,mBAAAA,EAAqB3F,OAAAA,CAAO+E,MAAM,CAAC5C,GAAG,CACpC,yCAAA,EACAyD,6BAAAA,CAAAA;AAEFC,QAAAA,SAAAA,EAAWxB,OAAAA,EAASwB,SAAAA;;QAEpBC,UAAAA,EAAYzB;AACd,KAAA,CAAA;AAEA,IAAA,MAAM0B,YAAAA,GAAeC,OAAAA,CAAQC,GAAG,CAACC,QAAQ,KAAK,YAAA;AAC9C,IAAA,MAAMC,iBAAAA,GAAoBnG,OAAAA,CAAO+E,MAAM,CAAC5C,GAAG,CAAC,0BAAA,CAAA;IAC5C,IAAI4D,YAAAA,IAAgBI,sBAAsB,KAAA,EAAO;QAC/CnG,OAAAA,CAAOiF,GAAG,CAACC,IAAI,CACb,wKAAA,CAAA;AAEJ,IAAA;IAEA,MAAMxF,uBAAAA,EAAAA;IACN,MAAMN,yBAAAA,EAAAA;AACNU,IAAAA,kBAAAA,EAAAA;AAEA,IAAA,MAAMsG,oBAAoB/G,UAAAA,CAAW,YAAA,CAAA;AACrC,IAAA,MAAMsE,cAActE,UAAAA,CAAW,MAAA,CAAA;AAC/B,IAAA,MAAMgH,cAAchH,UAAAA,CAAW,MAAA,CAAA;AAC/B,IAAA,MAAMuE,kBAAkBvE,UAAAA,CAAW,uBAAA,CAAA;AACnC,IAAA,MAAMiH,kBAAkBjH,UAAAA,CAAW,UAAA,CAAA;AACnC,IAAA,MAAMkH,eAAelH,UAAAA,CAAW,OAAA,CAAA;AAEhC,IAAA,MAAMgH,YAAYG,sBAAsB,EAAA;AACxC,IAAA,MAAMH,YAAYI,0BAA0B,EAAA;AAC5C,IAAA,MAAMJ,YAAYK,4BAA4B,EAAA;AAE9C,IAAA,MAAMN,kBAAkBO,0BAA0B,EAAA;AAElD,IAAA,MAAMhD,YAAYiD,iCAAiC,EAAA;IAEnD,MAAM/E,gBAAAA,EAAAA;IACN,MAAMc,wBAAAA,EAAAA;IAEN,MAAMtD,UAAAA,CAAW,SAAA,CAAA,CAAWwH,4BAA4B,CAAC7G,OAAAA,CAAAA;IACzDX,UAAAA,CAAW,SAAA,CAAA,CAAWyH,SAAS,CAAC9G,OAAAA,CAAAA;AAEhC4D,IAAAA,eAAAA,CAAgBmD,kBAAkB,EAAA;IAClCT,eAAAA,CAAgBrC,KAAK,CAAC8C,kBAAkB,EAAA;AACxCR,IAAAA,YAAAA,CAAaS,oBAAoB,EAAA;IAEjC,MAAMtD,8BAAAA,EAAAA;AACR,CAAA;;;;"}
|
|
1
|
+
{"version":3,"file":"bootstrap.mjs","sources":["../../../../server/src/bootstrap.ts"],"sourcesContent":["import { merge, map, difference, uniq } from 'lodash/fp';\nimport type { Core } from '@strapi/types';\nimport { async } from '@strapi/utils';\nimport { getService } from './utils';\nimport {\n getTokenOptions,\n expiresInToSeconds,\n hasUserConfiguredAuthOptionsExpiresIn,\n} from './services/token';\nimport adminActions from './config/admin-actions';\nimport adminConditions from './config/admin-conditions';\nimport constants from './services/constants';\nimport {\n DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN,\n DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN,\n DEFAULT_MAX_SESSION_LIFESPAN,\n DEFAULT_IDLE_SESSION_LIFESPAN,\n} from '../../shared/utils/session-auth';\n\nconst defaultAdminAuthSettings = {\n providers: {\n autoRegister: false,\n defaultRole: null,\n ssoLockedRoles: null,\n },\n};\n\nconst registerPermissionActions = async () => {\n await getService('permission').actionProvider.registerMany(adminActions.actions);\n};\n\nconst registerAdminConditions = async () => {\n await getService('permission').conditionProvider.registerMany(adminConditions.conditions);\n};\n\nconst registerModelHooks = () => {\n const { sendDidChangeInterfaceLanguage } = getService('metrics');\n\n strapi.db.lifecycles.subscribe({\n models: ['admin::user'],\n afterCreate: sendDidChangeInterfaceLanguage,\n afterDelete: sendDidChangeInterfaceLanguage,\n async beforeDelete(event) {\n // Delete all admin API tokens owned by this user before the user row is removed\n await getService('api-token-admin').deleteTokensForUser(event.params.where.id);\n },\n async afterUpdate(event) {\n if (event.params.data?.preferedLanguage) {\n sendDidChangeInterfaceLanguage();\n }\n if (event.params.data?.roles !== undefined) {\n // We re-sync token permissions for all owner users with their role when the user is updated\n await getService('api-token-admin').syncPermissionsForUser(event.result.id);\n }\n },\n });\n\n strapi.db.lifecycles.subscribe({\n models: ['admin::role'],\n // We re-sync token permissions for all owner users with this role when the role is deleted\n async beforeDelete(event) {\n const users = await strapi.db.query('admin::user').findMany({\n where: { roles: { id: event.params.where.id } },\n select: ['id'],\n });\n event.state.affectedUserIds = users.map((u: { id: unknown }) => u.id);\n },\n async afterDelete(event) {\n for (const userId of (event.state.affectedUserIds as unknown[]) ?? []) {\n await getService('api-token-admin').syncPermissionsForUser(userId as string | number);\n }\n },\n });\n};\n\nconst syncAuthSettings = async () => {\n const adminStore = await strapi.store({ type: 'core', name: 'admin' });\n const adminAuthSettings = await adminStore.get({ key: 'auth' });\n const newAuthSettings = merge(defaultAdminAuthSettings, adminAuthSettings);\n\n const roleExists = await getService('role').exists({\n id: newAuthSettings.providers.defaultRole,\n });\n\n // Reset the default SSO role if it has been deleted manually\n if (!roleExists) {\n newAuthSettings.providers.defaultRole = null;\n }\n\n await adminStore.set({ key: 'auth', value: newAuthSettings });\n};\n\nconst syncAPITokensPermissions = async () => {\n const validPermissions = strapi.contentAPI.permissions.providers.action.keys();\n const permissionsInDB = await async.pipe(\n strapi.db.query('admin::api-token-permission').findMany,\n map('action')\n )();\n\n const unknownPermissions = uniq(difference(permissionsInDB, validPermissions));\n\n if (unknownPermissions.length > 0) {\n await strapi.db\n .query('admin::api-token-permission')\n .deleteMany({ where: { action: { $in: unknownPermissions } } });\n }\n};\n\n/**\n * Ensures the creation of default API tokens during the app creation.\n *\n * Checks the database for existing users and API tokens:\n * - If there are no users and no API tokens, it creates two default API tokens:\n * 1. A \"Read Only\" API token with permissions for accessing resources.\n * 2. A \"Full Access\" API token with permissions for accessing and modifying resources.\n *\n * @sideEffects Creates new API tokens in the database if conditions are met.\n */\n\nconst createDefaultAPITokensIfNeeded = async () => {\n const userService = getService('user');\n const apiTokenService = getService('api-token-content-api');\n\n const usersCount = await userService.count();\n const apiTokenCount = await apiTokenService.countAll();\n\n if (usersCount === 0 && apiTokenCount === 0) {\n for (const token of constants.DEFAULT_API_TOKENS) {\n await apiTokenService.create(token);\n }\n }\n};\n\nexport default async ({ strapi }: { strapi: Core.Strapi }) => {\n // Get the merged token options (includes defaults merged with user config)\n const { options } = getTokenOptions();\n const legacyMaxRefreshFallback =\n expiresInToSeconds(options?.expiresIn) ?? DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN;\n const legacyMaxSessionFallback =\n expiresInToSeconds(options?.expiresIn) ?? DEFAULT_MAX_SESSION_LIFESPAN;\n\n // Warn only when the user set legacy admin.auth.options.expiresIn. Merged JWT options always\n // include the default expiresIn ('30d'), so reading merged options alone is a false positive.\n const hasLegacyExpires = hasUserConfiguredAuthOptionsExpiresIn(\n strapi.config.get('admin.auth.options')\n );\n const hasNewMaxRefresh = strapi.config.get('admin.auth.sessions.maxRefreshTokenLifespan') != null;\n const hasNewMaxSession = strapi.config.get('admin.auth.sessions.maxSessionLifespan') != null;\n\n if (hasLegacyExpires && (!hasNewMaxRefresh || !hasNewMaxSession)) {\n strapi.log.warn(\n 'admin.auth.options.expiresIn is deprecated and will be removed in Strapi 6. Please configure admin.auth.sessions.maxRefreshTokenLifespan and admin.auth.sessions.maxSessionLifespan.'\n );\n }\n\n strapi.sessionManager.defineOrigin('admin', {\n jwtSecret: strapi.config.get('admin.auth.secret'),\n accessTokenLifespan: strapi.config.get('admin.auth.sessions.accessTokenLifespan', 30 * 60),\n maxRefreshTokenLifespan: strapi.config.get(\n 'admin.auth.sessions.maxRefreshTokenLifespan',\n legacyMaxRefreshFallback\n ),\n idleRefreshTokenLifespan: strapi.config.get(\n 'admin.auth.sessions.idleRefreshTokenLifespan',\n DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN\n ),\n maxSessionLifespan: strapi.config.get(\n 'admin.auth.sessions.maxSessionLifespan',\n legacyMaxSessionFallback\n ),\n idleSessionLifespan: strapi.config.get(\n 'admin.auth.sessions.idleSessionLifespan',\n DEFAULT_IDLE_SESSION_LIFESPAN\n ),\n algorithm: options?.algorithm,\n // Pass through all JWT options (includes privateKey, publicKey, and any other options)\n jwtOptions: options,\n });\n\n const isProduction = process.env.NODE_ENV === 'production';\n const adminCookieSecure = strapi.config.get('admin.auth.cookie.secure');\n if (isProduction && adminCookieSecure === false) {\n strapi.log.warn(\n 'Server is in production mode, but admin.auth.cookie.secure has been set to false. This is not recommended and will allow cookies to be sent over insecure connections.'\n );\n }\n\n await registerAdminConditions();\n await registerPermissionActions();\n registerModelHooks();\n\n const permissionService = getService('permission');\n const userService = getService('user');\n const roleService = getService('role');\n const apiTokenService = getService('api-token-content-api');\n const transferService = getService('transfer');\n const tokenService = getService('token');\n\n await roleService.createRolesIfNoneExist();\n await roleService.resetSuperAdminPermissions();\n await roleService.displayWarningIfNoSuperAdmin();\n\n await permissionService.cleanPermissionsInDatabase();\n\n await userService.displayWarningIfUsersDontHaveRole();\n\n await syncAuthSettings();\n await syncAPITokensPermissions();\n\n await getService('metrics').sendUpdateProjectInformation(strapi);\n getService('metrics').startCron(strapi);\n\n apiTokenService.checkSaltIsDefined();\n transferService.token.checkSaltIsDefined();\n tokenService.checkSecretIsDefined();\n\n await createDefaultAPITokensIfNeeded();\n};\n"],"names":["defaultAdminAuthSettings","providers","autoRegister","defaultRole","ssoLockedRoles","registerPermissionActions","getService","actionProvider","registerMany","adminActions","actions","registerAdminConditions","conditionProvider","adminConditions","conditions","registerModelHooks","sendDidChangeInterfaceLanguage","strapi","db","lifecycles","subscribe","models","afterCreate","afterDelete","beforeDelete","event","deleteTokensForUser","params","where","id","afterUpdate","data","preferedLanguage","roles","undefined","syncPermissionsForUser","result","users","query","findMany","select","state","affectedUserIds","map","u","userId","syncAuthSettings","adminStore","store","type","name","adminAuthSettings","get","key","newAuthSettings","merge","roleExists","exists","set","value","syncAPITokensPermissions","validPermissions","contentAPI","permissions","action","keys","permissionsInDB","async","pipe","unknownPermissions","uniq","difference","length","deleteMany","$in","createDefaultAPITokensIfNeeded","userService","apiTokenService","usersCount","count","apiTokenCount","countAll","token","constants","DEFAULT_API_TOKENS","create","options","getTokenOptions","legacyMaxRefreshFallback","expiresInToSeconds","expiresIn","DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN","legacyMaxSessionFallback","DEFAULT_MAX_SESSION_LIFESPAN","hasLegacyExpires","hasUserConfiguredAuthOptionsExpiresIn","config","hasNewMaxRefresh","hasNewMaxSession","log","warn","sessionManager","defineOrigin","jwtSecret","accessTokenLifespan","maxRefreshTokenLifespan","idleRefreshTokenLifespan","DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN","maxSessionLifespan","idleSessionLifespan","DEFAULT_IDLE_SESSION_LIFESPAN","algorithm","jwtOptions","isProduction","process","env","NODE_ENV","adminCookieSecure","permissionService","roleService","transferService","tokenService","createRolesIfNoneExist","resetSuperAdminPermissions","displayWarningIfNoSuperAdmin","cleanPermissionsInDatabase","displayWarningIfUsersDontHaveRole","sendUpdateProjectInformation","startCron","checkSaltIsDefined","checkSecretIsDefined"],"mappings":";;;;;;;;;AAmBA,MAAMA,wBAAAA,GAA2B;IAC/BC,SAAAA,EAAW;QACTC,YAAAA,EAAc,KAAA;QACdC,WAAAA,EAAa,IAAA;QACbC,cAAAA,EAAgB;AAClB;AACF,CAAA;AAEA,MAAMC,yBAAAA,GAA4B,UAAA;AAChC,IAAA,MAAMC,WAAW,YAAA,CAAA,CAAcC,cAAc,CAACC,YAAY,CAACC,aAAaC,OAAO,CAAA;AACjF,CAAA;AAEA,MAAMC,uBAAAA,GAA0B,UAAA;AAC9B,IAAA,MAAML,WAAW,YAAA,CAAA,CAAcM,iBAAiB,CAACJ,YAAY,CAACK,gBAAgBC,UAAU,CAAA;AAC1F,CAAA;AAEA,MAAMC,kBAAAA,GAAqB,IAAA;AACzB,IAAA,MAAM,EAAEC,8BAA8B,EAAE,GAAGV,UAAAA,CAAW,SAAA,CAAA;AAEtDW,IAAAA,MAAAA,CAAOC,EAAE,CAACC,UAAU,CAACC,SAAS,CAAC;QAC7BC,MAAAA,EAAQ;AAAC,YAAA;AAAc,SAAA;QACvBC,WAAAA,EAAaN,8BAAAA;QACbO,WAAAA,EAAaP,8BAAAA;AACb,QAAA,MAAMQ,cAAaC,KAAK,EAAA;;YAEtB,MAAMnB,UAAAA,CAAW,mBAAmBoB,mBAAmB,CAACD,MAAME,MAAM,CAACC,KAAK,CAACC,EAAE,CAAA;AAC/E,QAAA,CAAA;AACA,QAAA,MAAMC,aAAYL,KAAK,EAAA;AACrB,YAAA,IAAIA,KAAAA,CAAME,MAAM,CAACI,IAAI,EAAEC,gBAAAA,EAAkB;AACvChB,gBAAAA,8BAAAA,EAAAA;AACF,YAAA;AACA,YAAA,IAAIS,MAAME,MAAM,CAACI,IAAI,EAAEE,UAAUC,SAAAA,EAAW;;AAE1C,gBAAA,MAAM5B,WAAW,iBAAA,CAAA,CAAmB6B,sBAAsB,CAACV,KAAAA,CAAMW,MAAM,CAACP,EAAE,CAAA;AAC5E,YAAA;AACF,QAAA;AACF,KAAA,CAAA;AAEAZ,IAAAA,MAAAA,CAAOC,EAAE,CAACC,UAAU,CAACC,SAAS,CAAC;QAC7BC,MAAAA,EAAQ;AAAC,YAAA;AAAc,SAAA;;AAEvB,QAAA,MAAMG,cAAaC,KAAK,EAAA;YACtB,MAAMY,KAAAA,GAAQ,MAAMpB,MAAAA,CAAOC,EAAE,CAACoB,KAAK,CAAC,aAAA,CAAA,CAAeC,QAAQ,CAAC;gBAC1DX,KAAAA,EAAO;oBAAEK,KAAAA,EAAO;AAAEJ,wBAAAA,EAAAA,EAAIJ,KAAAA,CAAME,MAAM,CAACC,KAAK,CAACC;AAAG;AAAE,iBAAA;gBAC9CW,MAAAA,EAAQ;AAAC,oBAAA;AAAK;AAChB,aAAA,CAAA;YACAf,KAAAA,CAAMgB,KAAK,CAACC,eAAe,GAAGL,KAAAA,CAAMM,GAAG,CAAC,CAACC,CAAAA,GAAuBA,CAAAA,CAAEf,EAAE,CAAA;AACtE,QAAA,CAAA;AACA,QAAA,MAAMN,aAAYE,KAAK,EAAA;YACrB,KAAK,MAAMoB,UAAU,KAACpB,CAAMgB,KAAK,CAACC,eAAe,IAAkB,EAAE,CAAE;gBACrE,MAAMpC,UAAAA,CAAW,iBAAA,CAAA,CAAmB6B,sBAAsB,CAACU,MAAAA,CAAAA;AAC7D,YAAA;AACF,QAAA;AACF,KAAA,CAAA;AACF,CAAA;AAEA,MAAMC,gBAAAA,GAAmB,UAAA;AACvB,IAAA,MAAMC,UAAAA,GAAa,MAAM9B,MAAAA,CAAO+B,KAAK,CAAC;QAAEC,IAAAA,EAAM,MAAA;QAAQC,IAAAA,EAAM;AAAQ,KAAA,CAAA;AACpE,IAAA,MAAMC,iBAAAA,GAAoB,MAAMJ,UAAAA,CAAWK,GAAG,CAAC;QAAEC,GAAAA,EAAK;AAAO,KAAA,CAAA;IAC7D,MAAMC,eAAAA,GAAkBC,MAAMvD,wBAAAA,EAA0BmD,iBAAAA,CAAAA;AAExD,IAAA,MAAMK,UAAAA,GAAa,MAAMlD,UAAAA,CAAW,MAAA,CAAA,CAAQmD,MAAM,CAAC;QACjD5B,EAAAA,EAAIyB,eAAAA,CAAgBrD,SAAS,CAACE;AAChC,KAAA,CAAA;;AAGA,IAAA,IAAI,CAACqD,UAAAA,EAAY;QACfF,eAAAA,CAAgBrD,SAAS,CAACE,WAAW,GAAG,IAAA;AAC1C,IAAA;IAEA,MAAM4C,UAAAA,CAAWW,GAAG,CAAC;QAAEL,GAAAA,EAAK,MAAA;QAAQM,KAAAA,EAAOL;AAAgB,KAAA,CAAA;AAC7D,CAAA;AAEA,MAAMM,wBAAAA,GAA2B,UAAA;IAC/B,MAAMC,gBAAAA,GAAmB5C,MAAAA,CAAO6C,UAAU,CAACC,WAAW,CAAC9D,SAAS,CAAC+D,MAAM,CAACC,IAAI,EAAA;AAC5E,IAAA,MAAMC,eAAAA,GAAkB,MAAMC,KAAAA,CAAMC,IAAI,CACtCnD,MAAAA,CAAOC,EAAE,CAACoB,KAAK,CAAC,6BAAA,CAAA,CAA+BC,QAAQ,EACvDI,GAAAA,CAAI,QAAA,CAAA,CAAA,EAAA;IAGN,MAAM0B,kBAAAA,GAAqBC,IAAAA,CAAKC,UAAAA,CAAWL,eAAAA,EAAiBL,gBAAAA,CAAAA,CAAAA;IAE5D,IAAIQ,kBAAAA,CAAmBG,MAAM,GAAG,CAAA,EAAG;AACjC,QAAA,MAAMvD,OAAOC,EAAE,CACZoB,KAAK,CAAC,6BAAA,CAAA,CACNmC,UAAU,CAAC;YAAE7C,KAAAA,EAAO;gBAAEoC,MAAAA,EAAQ;oBAAEU,GAAAA,EAAKL;AAAmB;AAAE;AAAE,SAAA,CAAA;AACjE,IAAA;AACF,CAAA;AAEA;;;;;;;;;AASC,IAED,MAAMM,8BAAAA,GAAiC,UAAA;AACrC,IAAA,MAAMC,cAActE,UAAAA,CAAW,MAAA,CAAA;AAC/B,IAAA,MAAMuE,kBAAkBvE,UAAAA,CAAW,uBAAA,CAAA;IAEnC,MAAMwE,UAAAA,GAAa,MAAMF,WAAAA,CAAYG,KAAK,EAAA;IAC1C,MAAMC,aAAAA,GAAgB,MAAMH,eAAAA,CAAgBI,QAAQ,EAAA;IAEpD,IAAIH,UAAAA,KAAe,CAAA,IAAKE,aAAAA,KAAkB,CAAA,EAAG;AAC3C,QAAA,KAAK,MAAME,KAAAA,IAASC,SAAAA,CAAUC,kBAAkB,CAAE;YAChD,MAAMP,eAAAA,CAAgBQ,MAAM,CAACH,KAAAA,CAAAA;AAC/B,QAAA;AACF,IAAA;AACF,CAAA;AAEA,gBAAe,CAAA,OAAO,EAAEjE,MAAAA,EAAAA,OAAM,EAA2B,GAAA;;IAEvD,MAAM,EAAEqE,OAAO,EAAE,GAAGC,eAAAA,EAAAA;IACpB,MAAMC,wBAAAA,GACJC,kBAAAA,CAAmBH,OAAAA,EAASI,SAAAA,CAAAA,IAAcC,kCAAAA;IAC5C,MAAMC,wBAAAA,GACJH,kBAAAA,CAAmBH,OAAAA,EAASI,SAAAA,CAAAA,IAAcG,4BAAAA;;;AAI5C,IAAA,MAAMC,mBAAmBC,qCAAAA,CACvB9E,OAAAA,CAAO+E,MAAM,CAAC5C,GAAG,CAAC,oBAAA,CAAA,CAAA;AAEpB,IAAA,MAAM6C,mBAAmBhF,OAAAA,CAAO+E,MAAM,CAAC5C,GAAG,CAAC,6CAAA,CAAA,IAAkD,IAAA;AAC7F,IAAA,MAAM8C,mBAAmBjF,OAAAA,CAAO+E,MAAM,CAAC5C,GAAG,CAAC,wCAAA,CAAA,IAA6C,IAAA;AAExF,IAAA,IAAI0C,qBAAqB,CAACG,gBAAAA,IAAoB,CAACC,gBAAe,CAAA,EAAI;QAChEjF,OAAAA,CAAOkF,GAAG,CAACC,IAAI,CACb,sLAAA,CAAA;AAEJ,IAAA;AAEAnF,IAAAA,OAAAA,CAAOoF,cAAc,CAACC,YAAY,CAAC,OAAA,EAAS;AAC1CC,QAAAA,SAAAA,EAAWtF,OAAAA,CAAO+E,MAAM,CAAC5C,GAAG,CAAC,mBAAA,CAAA;AAC7BoD,QAAAA,mBAAAA,EAAqBvF,QAAO+E,MAAM,CAAC5C,GAAG,CAAC,2CAA2C,EAAA,GAAK,EAAA,CAAA;AACvFqD,QAAAA,uBAAAA,EAAyBxF,OAAAA,CAAO+E,MAAM,CAAC5C,GAAG,CACxC,6CAAA,EACAoC,wBAAAA,CAAAA;AAEFkB,QAAAA,wBAAAA,EAA0BzF,OAAAA,CAAO+E,MAAM,CAAC5C,GAAG,CACzC,8CAAA,EACAuD,mCAAAA,CAAAA;AAEFC,QAAAA,kBAAAA,EAAoB3F,OAAAA,CAAO+E,MAAM,CAAC5C,GAAG,CACnC,wCAAA,EACAwC,wBAAAA,CAAAA;AAEFiB,QAAAA,mBAAAA,EAAqB5F,OAAAA,CAAO+E,MAAM,CAAC5C,GAAG,CACpC,yCAAA,EACA0D,6BAAAA,CAAAA;AAEFC,QAAAA,SAAAA,EAAWzB,OAAAA,EAASyB,SAAAA;;QAEpBC,UAAAA,EAAY1B;AACd,KAAA,CAAA;AAEA,IAAA,MAAM2B,YAAAA,GAAeC,OAAAA,CAAQC,GAAG,CAACC,QAAQ,KAAK,YAAA;AAC9C,IAAA,MAAMC,iBAAAA,GAAoBpG,OAAAA,CAAO+E,MAAM,CAAC5C,GAAG,CAAC,0BAAA,CAAA;IAC5C,IAAI6D,YAAAA,IAAgBI,sBAAsB,KAAA,EAAO;QAC/CpG,OAAAA,CAAOkF,GAAG,CAACC,IAAI,CACb,wKAAA,CAAA;AAEJ,IAAA;IAEA,MAAMzF,uBAAAA,EAAAA;IACN,MAAMN,yBAAAA,EAAAA;AACNU,IAAAA,kBAAAA,EAAAA;AAEA,IAAA,MAAMuG,oBAAoBhH,UAAAA,CAAW,YAAA,CAAA;AACrC,IAAA,MAAMsE,cAActE,UAAAA,CAAW,MAAA,CAAA;AAC/B,IAAA,MAAMiH,cAAcjH,UAAAA,CAAW,MAAA,CAAA;AAC/B,IAAA,MAAMuE,kBAAkBvE,UAAAA,CAAW,uBAAA,CAAA;AACnC,IAAA,MAAMkH,kBAAkBlH,UAAAA,CAAW,UAAA,CAAA;AACnC,IAAA,MAAMmH,eAAenH,UAAAA,CAAW,OAAA,CAAA;AAEhC,IAAA,MAAMiH,YAAYG,sBAAsB,EAAA;AACxC,IAAA,MAAMH,YAAYI,0BAA0B,EAAA;AAC5C,IAAA,MAAMJ,YAAYK,4BAA4B,EAAA;AAE9C,IAAA,MAAMN,kBAAkBO,0BAA0B,EAAA;AAElD,IAAA,MAAMjD,YAAYkD,iCAAiC,EAAA;IAEnD,MAAMhF,gBAAAA,EAAAA;IACN,MAAMc,wBAAAA,EAAAA;IAEN,MAAMtD,UAAAA,CAAW,SAAA,CAAA,CAAWyH,4BAA4B,CAAC9G,OAAAA,CAAAA;IACzDX,UAAAA,CAAW,SAAA,CAAA,CAAW0H,SAAS,CAAC/G,OAAAA,CAAAA;AAEhC4D,IAAAA,eAAAA,CAAgBoD,kBAAkB,EAAA;IAClCT,eAAAA,CAAgBtC,KAAK,CAAC+C,kBAAkB,EAAA;AACxCR,IAAAA,YAAAA,CAAaS,oBAAoB,EAAA;IAEjC,MAAMvD,8BAAAA,EAAAA;AACR,CAAA;;;;"}
|
|
@@ -2,13 +2,11 @@
|
|
|
2
2
|
|
|
3
3
|
var isAuthenticatedAdmin = require('./isAuthenticatedAdmin.js');
|
|
4
4
|
var hasPermissions = require('./hasPermissions.js');
|
|
5
|
-
var isAdminTokensEnabled = require('./isAdminTokensEnabled.js');
|
|
6
5
|
var isTelemetryEnabled = require('./isTelemetryEnabled.js');
|
|
7
6
|
|
|
8
7
|
var policies = {
|
|
9
8
|
isAuthenticatedAdmin,
|
|
10
9
|
hasPermissions,
|
|
11
|
-
isAdminTokensEnabled,
|
|
12
10
|
isTelemetryEnabled
|
|
13
11
|
};
|
|
14
12
|
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sources":["../../../../../server/src/policies/index.ts"],"sourcesContent":["import isAuthenticatedAdmin from './isAuthenticatedAdmin';\nimport hasPermissions from './hasPermissions';\nimport
|
|
1
|
+
{"version":3,"file":"index.js","sources":["../../../../../server/src/policies/index.ts"],"sourcesContent":["import isAuthenticatedAdmin from './isAuthenticatedAdmin';\nimport hasPermissions from './hasPermissions';\nimport isTelemetryEnabled from './isTelemetryEnabled';\n\nexport default { isAuthenticatedAdmin, hasPermissions, isTelemetryEnabled };\n"],"names":["isAuthenticatedAdmin","hasPermissions","isTelemetryEnabled"],"mappings":";;;;;;AAIA,eAAe;AAAEA,IAAAA,oBAAAA;AAAsBC,IAAAA,cAAAA;AAAgBC,IAAAA;AAAmB,CAAA;;;;"}
|
|
@@ -1,12 +1,10 @@
|
|
|
1
1
|
import isAuthenticatedAdmin from './isAuthenticatedAdmin.mjs';
|
|
2
2
|
import hasPermissions from './hasPermissions.mjs';
|
|
3
|
-
import isAdminTokensEnabled from './isAdminTokensEnabled.mjs';
|
|
4
3
|
import isTelemetryEnabled from './isTelemetryEnabled.mjs';
|
|
5
4
|
|
|
6
5
|
var policies = {
|
|
7
6
|
isAuthenticatedAdmin,
|
|
8
7
|
hasPermissions,
|
|
9
|
-
isAdminTokensEnabled,
|
|
10
8
|
isTelemetryEnabled
|
|
11
9
|
};
|
|
12
10
|
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.mjs","sources":["../../../../../server/src/policies/index.ts"],"sourcesContent":["import isAuthenticatedAdmin from './isAuthenticatedAdmin';\nimport hasPermissions from './hasPermissions';\nimport
|
|
1
|
+
{"version":3,"file":"index.mjs","sources":["../../../../../server/src/policies/index.ts"],"sourcesContent":["import isAuthenticatedAdmin from './isAuthenticatedAdmin';\nimport hasPermissions from './hasPermissions';\nimport isTelemetryEnabled from './isTelemetryEnabled';\n\nexport default { isAuthenticatedAdmin, hasPermissions, isTelemetryEnabled };\n"],"names":["isAuthenticatedAdmin","hasPermissions","isTelemetryEnabled"],"mappings":";;;;AAIA,eAAe;AAAEA,IAAAA,oBAAAA;AAAsBC,IAAAA,cAAAA;AAAgBC,IAAAA;AAAmB,CAAA;;;;"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"register.js","sources":["../../../../server/src/register.ts"],"sourcesContent":["import type { Core } from '@strapi/types';\nimport registerAdminPanelRoute from './routes/serve-admin-panel';\nimport adminAuthStrategy from './strategies/admin';\nimport { createAiAdminService } from './ai/services/ai';\nimport contentApiTokenAuthStrategy from './strategies/content-api-token';\nimport adminTokenAuthStrategy from './strategies/admin-token';\n\nexport default ({ strapi }: { strapi: Core.Strapi }) => {\n const passportMiddleware = strapi.service('admin::passport').init();\n\n strapi.server.api('admin').use(passportMiddleware);\n strapi.get('auth').register('admin', adminAuthStrategy);\n strapi.get('auth').register('admin', adminTokenAuthStrategy);\n strapi.get('auth').register('content-api', contentApiTokenAuthStrategy);\n\n strapi.add('ai.admin', () => createAiAdminService({ strapi }));\n\n const shouldServeAdminPanel = strapi.config.get('admin.serveAdminPanel');\n\n if (shouldServeAdminPanel) {\n registerAdminPanelRoute({ strapi });\n }\n};\n"],"names":["strapi","passportMiddleware","service","init","server","api","use","get","register","adminAuthStrategy","adminTokenAuthStrategy","contentApiTokenAuthStrategy","add","createAiAdminService","shouldServeAdminPanel","config","registerAdminPanelRoute"],"mappings":";;;;;;;;AAOA,eAAe,CAAA,CAAC,EAAEA,MAAM,EAA2B,GAAA;AACjD,IAAA,MAAMC,kBAAAA,GAAqBD,MAAAA,CAAOE,OAAO,CAAC,mBAAmBC,IAAI,EAAA;AAEjEH,IAAAA,MAAAA,CAAOI,MAAM,CAACC,GAAG,CAAC,OAAA,CAAA,CAASC,GAAG,CAACL,kBAAAA,CAAAA;AAC/BD,IAAAA,MAAAA,CAAOO,GAAG,CAAC,MAAA,CAAA,CAAQC,QAAQ,CAAC,OAAA,EAASC,aAAAA,CAAAA;AACrCT,IAAAA,MAAAA,CAAOO,GAAG,CAAC,MAAA,CAAA,CAAQC,QAAQ,CAAC,OAAA,EAASE,kBAAAA,CAAAA;AACrCV,IAAAA,MAAAA,CAAOO,GAAG,CAAC,MAAA,CAAA,CAAQC,QAAQ,CAAC,aAAA,EAAeG,uBAAAA,CAAAA;AAE3CX,IAAAA,MAAAA,CAAOY,GAAG,CAAC,UAAA,EAAY,IAAMC,uBAAAA,CAAqB;AAAEb,YAAAA;AAAO,SAAA,CAAA,CAAA;AAE3D,IAAA,MAAMc,qBAAAA,GAAwBd,MAAAA,CAAOe,MAAM,CAACR,GAAG,CAAC,uBAAA,CAAA;AAEhD,IAAA,IAAIO,qBAAAA,EAAuB;QACzBE,
|
|
1
|
+
{"version":3,"file":"register.js","sources":["../../../../server/src/register.ts"],"sourcesContent":["import type { Core } from '@strapi/types';\nimport registerAdminPanelRoute from './routes/serve-admin-panel';\nimport adminAuthStrategy from './strategies/admin';\nimport { createAiAdminService } from './ai/services/ai';\nimport contentApiTokenAuthStrategy from './strategies/content-api-token';\nimport adminTokenAuthStrategy from './strategies/admin-token';\n\nexport default ({ strapi }: { strapi: Core.Strapi }) => {\n const passportMiddleware = strapi.service('admin::passport').init();\n\n strapi.server.api('admin').use(passportMiddleware);\n strapi.get('auth').register('admin', adminAuthStrategy);\n strapi.get('auth').register('admin', adminTokenAuthStrategy);\n strapi.get('auth').register('content-api', contentApiTokenAuthStrategy);\n\n strapi.add('ai.admin', () => createAiAdminService({ strapi }));\n\n const shouldServeAdminPanel = strapi.config.get('admin.serveAdminPanel');\n\n if (shouldServeAdminPanel) {\n registerAdminPanelRoute({ strapi });\n }\n};\n"],"names":["strapi","passportMiddleware","service","init","server","api","use","get","register","adminAuthStrategy","adminTokenAuthStrategy","contentApiTokenAuthStrategy","add","createAiAdminService","shouldServeAdminPanel","config","registerAdminPanelRoute"],"mappings":";;;;;;;;AAOA,eAAe,CAAA,CAAC,EAAEA,MAAM,EAA2B,GAAA;AACjD,IAAA,MAAMC,kBAAAA,GAAqBD,MAAAA,CAAOE,OAAO,CAAC,mBAAmBC,IAAI,EAAA;AAEjEH,IAAAA,MAAAA,CAAOI,MAAM,CAACC,GAAG,CAAC,OAAA,CAAA,CAASC,GAAG,CAACL,kBAAAA,CAAAA;AAC/BD,IAAAA,MAAAA,CAAOO,GAAG,CAAC,MAAA,CAAA,CAAQC,QAAQ,CAAC,OAAA,EAASC,aAAAA,CAAAA;AACrCT,IAAAA,MAAAA,CAAOO,GAAG,CAAC,MAAA,CAAA,CAAQC,QAAQ,CAAC,OAAA,EAASE,kBAAAA,CAAAA;AACrCV,IAAAA,MAAAA,CAAOO,GAAG,CAAC,MAAA,CAAA,CAAQC,QAAQ,CAAC,aAAA,EAAeG,uBAAAA,CAAAA;AAE3CX,IAAAA,MAAAA,CAAOY,GAAG,CAAC,UAAA,EAAY,IAAMC,uBAAAA,CAAqB;AAAEb,YAAAA;AAAO,SAAA,CAAA,CAAA;AAE3D,IAAA,MAAMc,qBAAAA,GAAwBd,MAAAA,CAAOe,MAAM,CAACR,GAAG,CAAC,uBAAA,CAAA;AAEhD,IAAA,IAAIO,qBAAAA,EAAuB;QACzBE,uBAAAA,CAAwB;AAAEhB,YAAAA;AAAO,SAAA,CAAA;AACnC,IAAA;AACF,CAAA;;;;"}
|