@strapi/admin 5.46.1 → 5.47.1

package/dist/server/server/src/strategies/admin-token.js

@@ -11,11 +11,6 @@ const { UnauthorizedError } = utils.errors;
 /**
  * Authenticate an admin token. Rejects tokens with kind !== 'admin'.
  */ const authenticate = async (ctx)=>{
-    if (strapi.features.future.isEnabled('adminTokens') !== true) {
-        return {
-            authenticated: false
-        };
-    }
     const apiTokenService = index.getService('api-token-admin');
     const token = apiTokenUtils.extractToken(ctx);
     if (token === null) {
@@ -23,65 +18,12 @@ const { UnauthorizedError } = utils.errors;
             authenticated: false
         };
     }
-    const apiToken = await apiTokenService.getByAccessKey(apiTokenService.hash(token));
-    if (apiToken === null || apiToken === undefined) {
-        return {
-            authenticated: false
-        };
-    }
-    // Defensive kind check — only handle admin tokens
-    if (apiToken.kind !== 'admin') {
-        return {
-            authenticated: false
-        };
-    }
-    const expiryError = apiTokenUtils.checkExpiry(apiToken);
-    if (expiryError !== null) {
-        return {
-            authenticated: false,
-            error: expiryError
-        };
-    }
-    await apiTokenUtils.updateLastUsedAt(apiToken);
-    const owner = apiToken.adminUserOwner;
-    const ownerId = // eslint-disable-next-line no-nested-ternary
-    owner === null || owner === undefined ? null : typeof owner === 'object' ? owner.id : owner;
-    if (ownerId === null) {
-        return {
-            authenticated: false,
-            error: new UnauthorizedError('Token owner not found')
-        };
-    }
-    // Token populate does not load `roles`; reload the user like session auth (`admin` strategy)
-    // so `isSuperAdmin` and permission ceiling logic see the full admin user.
-    const user = await strapi.db.query('admin::user').findOne({
-        where: {
-            id: ownerId
-        },
-        populate: [
-            'roles'
-        ]
-    });
-    if (user === null || user === undefined) {
-        return {
-            authenticated: false,
-            error: new UnauthorizedError('Token owner not found')
-        };
-    }
-    if (user.isActive !== true || user.blocked === true) {
-        return {
-            authenticated: false,
-            error: new UnauthorizedError('Token owner is deactivated')
-        };
+    const authResult = await apiTokenService.authenticateAdminToken(token);
+    if (authResult.authenticated === true) {
+        ctx.state.userAbility = authResult.ability;
+        ctx.state.user = authResult.user;
     }
-    const ability = await index.getService('permission').engine.generateTokenAbility(apiToken.adminPermissions ?? [], user);
-    ctx.state.userAbility = ability;
-    ctx.state.user = user;
-    return {
-        authenticated: true,
-        credentials: apiToken,
-        ability
-    };
+    return authResult;
 };
 /**
  * Re-check presence and expiry at verify time.

package/dist/server/server/src/strategies/admin-token.js.map

@@ -1 +1 @@
-{"version":3,"file":"admin-token.js","sources":["../../../../../server/src/strategies/admin-token.ts"],"sourcesContent":["import type { Context } from 'koa';\nimport { errors } from '@strapi/utils';\nimport { getService } from '../utils';\nimport { extractToken, checkExpiry, updateLastUsedAt } from './api-token-utils';\nimport '@strapi/types';\n\nconst { UnauthorizedError } = errors;\n\n/**\n * Authenticate an admin token. Rejects tokens with kind !== 'admin'.\n */\nexport const authenticate = async (ctx: Context) => {\n  if (strapi.features.future.isEnabled('adminTokens') !== true) {\n    return { authenticated: false };\n  }\n\n  const apiTokenService = getService('api-token-admin');\n  const token = extractToken(ctx);\n\n  if (token === null) {\n    return { authenticated: false };\n  }\n\n  const apiToken = await apiTokenService.getByAccessKey(apiTokenService.hash(token));\n\n  if (apiToken === null || apiToken === undefined) {\n    return { authenticated: false };\n  }\n\n  // Defensive kind check — only handle admin tokens\n  if (apiToken.kind !== 'admin') {\n    return { authenticated: false };\n  }\n\n  const expiryError = checkExpiry(apiToken);\n  if (expiryError !== null) {\n    return { authenticated: false, error: expiryError };\n  }\n\n  await updateLastUsedAt(apiToken);\n\n  const owner = apiToken.adminUserOwner;\n  const ownerId =\n    // eslint-disable-next-line no-nested-ternary\n    owner === null || owner === undefined ? null : typeof owner === 'object' ? owner.id : owner;\n\n  if (ownerId === null) {\n    return { authenticated: false, error: new UnauthorizedError('Token owner not found') };\n  }\n\n  // Token populate does not load `roles`; reload the user like session auth (`admin` strategy)\n  // so `isSuperAdmin` and permission ceiling logic see the full admin user.\n  const user = await strapi.db\n    .query('admin::user')\n    .findOne({ where: { id: ownerId }, populate: ['roles'] });\n\n  if (user === null || user === undefined) {\n    return { authenticated: false, error: new UnauthorizedError('Token owner not found') };\n  }\n\n  if (user.isActive !== true || user.blocked === true) {\n    return { authenticated: false, error: new UnauthorizedError('Token owner is deactivated') };\n  }\n\n  const ability = await getService('permission').engine.generateTokenAbility(\n    apiToken.adminPermissions ?? [],\n    user\n  );\n\n  ctx.state.userAbility = ability;\n  ctx.state.user = user;\n\n  return { authenticated: true, credentials: apiToken, ability };\n};\n\n/**\n * Re-check presence and expiry at verify time.\n * Authorization is handled by isAuthenticatedAdmin + hasPermissions policies.\n *\n * @type {import('.').VerifyFunction}\n */\nexport const verify = (auth: any): void => {\n  const { credentials: apiToken } = auth;\n\n  if (apiToken === null || apiToken === undefined) {\n    throw new UnauthorizedError('Token not found');\n  }\n\n  const expiryError = checkExpiry(apiToken);\n  if (expiryError !== null) {\n    throw expiryError;\n  }\n};\n\nexport default {\n  name: 'admin-token',\n  authenticate,\n  verify,\n};\n"],"names":["UnauthorizedError","errors","authenticate","ctx","strapi","features","future","isEnabled","authenticated","apiTokenService","getService","token","extractToken","apiToken","getByAccessKey","hash","undefined","kind","expiryError","checkExpiry","error","updateLastUsedAt","owner","adminUserOwner","ownerId","id","user","db","query","findOne","where","populate","isActive","blocked","ability","engine","generateTokenAbility","adminPermissions","state","userAbility","credentials","verify","auth","name"],"mappings":";;;;;;;;;AAMA,MAAM,EAAEA,iBAAiB,EAAE,GAAGC,YAAAA;AAE9B;;IAGO,MAAMC,YAAAA,GAAe,OAAOC,GAAAA,GAAAA;IACjC,IAAIC,MAAAA,CAAOC,QAAQ,CAACC,MAAM,CAACC,SAAS,CAAC,mBAAmB,IAAA,EAAM;QAC5D,OAAO;YAAEC,aAAAA,EAAe;AAAM,SAAA;AAChC,IAAA;AAEA,IAAA,MAAMC,kBAAkBC,gBAAAA,CAAW,iBAAA,CAAA;AACnC,IAAA,MAAMC,QAAQC,0BAAAA,CAAaT,GAAAA,CAAAA;AAE3B,IAAA,IAAIQ,UAAU,IAAA,EAAM;QAClB,OAAO;YAAEH,aAAAA,EAAe;AAAM,SAAA;AAChC,IAAA;AAEA,IAAA,MAAMK,WAAW,MAAMJ,eAAAA,CAAgBK,cAAc,CAACL,eAAAA,CAAgBM,IAAI,CAACJ,KAAAA,CAAAA,CAAAA;IAE3E,IAAIE,QAAAA,KAAa,IAAA,IAAQA,QAAAA,KAAaG,SAAAA,EAAW;QAC/C,OAAO;YAAER,aAAAA,EAAe;AAAM,SAAA;AAChC,IAAA;;IAGA,IAAIK,QAAAA,CAASI,IAAI,KAAK,OAAA,EAAS;QAC7B,OAAO;YAAET,aAAAA,EAAe;AAAM,SAAA;AAChC,IAAA;AAEA,IAAA,MAAMU,cAAcC,yBAAAA,CAAYN,QAAAA,CAAAA;AAChC,IAAA,IAAIK,gBAAgB,IAAA,EAAM;QACxB,OAAO;YAAEV,aAAAA,EAAe,KAAA;YAAOY,KAAAA,EAAOF;AAAY,SAAA;AACpD,IAAA;AAEA,IAAA,MAAMG,8BAAAA,CAAiBR,QAAAA,CAAAA;IAEvB,MAAMS,KAAAA,GAAQT,SAASU,cAAc;AACrC,IAAA,MAAMC;IAEJF,KAAAA,KAAU,IAAA,IAAQA,UAAUN,SAAAA,GAAY,IAAA,GAAO,OAAOM,KAAAA,KAAU,QAAA,GAAWA,KAAAA,CAAMG,EAAE,GAAGH,KAAAA;AAExF,IAAA,IAAIE,YAAY,IAAA,EAAM;QACpB,OAAO;YAAEhB,aAAAA,EAAe,KAAA;AAAOY,YAAAA,KAAAA,EAAO,IAAIpB,iBAAAA,CAAkB,uBAAA;AAAyB,SAAA;AACvF,IAAA;;;IAIA,MAAM0B,IAAAA,GAAO,MAAMtB,MAAAA,CAAOuB,EAAE,CACzBC,KAAK,CAAC,aAAA,CAAA,CACNC,OAAO,CAAC;QAAEC,KAAAA,EAAO;YAAEL,EAAAA,EAAID;AAAQ,SAAA;QAAGO,QAAAA,EAAU;AAAC,YAAA;AAAQ;AAAC,KAAA,CAAA;IAEzD,IAAIL,IAAAA,KAAS,IAAA,IAAQA,IAAAA,KAASV,SAAAA,EAAW;QACvC,OAAO;YAAER,aAAAA,EAAe,KAAA;AAAOY,YAAAA,KAAAA,EAAO,IAAIpB,iBAAAA,CAAkB,uBAAA;AAAyB,SAAA;AACvF,IAAA;AAEA,IAAA,IAAI0B,KAAKM,QAAQ,KAAK,QAAQN,IAAAA,CAAKO,OAAO,KAAK,IAAA,EAAM;QACnD,OAAO;YAAEzB,aAAAA,EAAe,KAAA;AAAOY,YAAAA,KAAAA,EAAO,IAAIpB,iBAAAA,CAAkB,4BAAA;AAA8B,SAAA;AAC5F,IAAA;AAEA,IAAA,MAAMkC,OAAAA,GAAU,MAAMxB,gBAAAA,CAAW,YAAA,CAAA,CAAcyB,MAAM,CAACC,oBAAoB,CACxEvB,QAAAA,CAASwB,gBAAgB,IAAI,EAAE,EAC/BX,IAAAA,CAAAA;IAGFvB,GAAAA,CAAImC,KAAK,CAACC,WAAW,GAAGL,OAAAA;IACxB/B,GAAAA,CAAImC,KAAK,CAACZ,IAAI,GAAGA,IAAAA;IAEjB,OAAO;QAAElB,aAAAA,EAAe,IAAA;QAAMgC,WAAAA,EAAa3B,QAAAA;AAAUqB,QAAAA;AAAQ,KAAA;AAC/D;AAEA;;;;;IAMO,MAAMO,MAAAA,GAAS,CAACC,IAAAA,GAAAA;AACrB,IAAA,MAAM,EAAEF,WAAAA,EAAa3B,QAAQ,EAAE,GAAG6B,IAAAA;IAElC,IAAI7B,QAAAA,KAAa,IAAA,IAAQA,QAAAA,KAAaG,SAAAA,EAAW;AAC/C,QAAA,MAAM,IAAIhB,iBAAAA,CAAkB,iBAAA,CAAA;AAC9B,IAAA;AAEA,IAAA,MAAMkB,cAAcC,yBAAAA,CAAYN,QAAAA,CAAAA;AAChC,IAAA,IAAIK,gBAAgB,IAAA,EAAM;QACxB,MAAMA,WAAAA;AACR,IAAA;AACF;AAEA,6BAAe;IACbyB,IAAAA,EAAM,aAAA;AACNzC,IAAAA,YAAAA;AACAuC,IAAAA;AACF,CAAA;;;;;;"}
+{"version":3,"file":"admin-token.js","sources":["../../../../../server/src/strategies/admin-token.ts"],"sourcesContent":["import type { Context } from 'koa';\nimport { errors } from '@strapi/utils';\nimport { getService } from '../utils';\nimport { extractToken, checkExpiry } from './api-token-utils';\nimport '@strapi/types';\n\nconst { UnauthorizedError } = errors;\n\n/**\n * Authenticate an admin token. Rejects tokens with kind !== 'admin'.\n */\nexport const authenticate = async (ctx: Context) => {\n  const apiTokenService = getService('api-token-admin');\n  const token = extractToken(ctx);\n\n  if (token === null) {\n    return { authenticated: false };\n  }\n\n  const authResult = await apiTokenService.authenticateAdminToken(token);\n\n  if (authResult.authenticated === true) {\n    ctx.state.userAbility = authResult.ability;\n    ctx.state.user = authResult.user;\n  }\n\n  return authResult;\n};\n\n/**\n * Re-check presence and expiry at verify time.\n * Authorization is handled by isAuthenticatedAdmin + hasPermissions policies.\n *\n * @type {import('.').VerifyFunction}\n */\nexport const verify = (auth: any): void => {\n  const { credentials: apiToken } = auth;\n\n  if (apiToken === null || apiToken === undefined) {\n    throw new UnauthorizedError('Token not found');\n  }\n\n  const expiryError = checkExpiry(apiToken);\n  if (expiryError !== null) {\n    throw expiryError;\n  }\n};\n\nexport default {\n  name: 'admin-token',\n  authenticate,\n  verify,\n};\n"],"names":["UnauthorizedError","errors","authenticate","ctx","apiTokenService","getService","token","extractToken","authenticated","authResult","authenticateAdminToken","state","userAbility","ability","user","verify","auth","credentials","apiToken","undefined","expiryError","checkExpiry","name"],"mappings":";;;;;;;;;AAMA,MAAM,EAAEA,iBAAiB,EAAE,GAAGC,YAAAA;AAE9B;;IAGO,MAAMC,YAAAA,GAAe,OAAOC,GAAAA,GAAAA;AACjC,IAAA,MAAMC,kBAAkBC,gBAAAA,CAAW,iBAAA,CAAA;AACnC,IAAA,MAAMC,QAAQC,0BAAAA,CAAaJ,GAAAA,CAAAA;AAE3B,IAAA,IAAIG,UAAU,IAAA,EAAM;QAClB,OAAO;YAAEE,aAAAA,EAAe;AAAM,SAAA;AAChC,IAAA;AAEA,IAAA,MAAMC,UAAAA,GAAa,MAAML,eAAAA,CAAgBM,sBAAsB,CAACJ,KAAAA,CAAAA;IAEhE,IAAIG,UAAAA,CAAWD,aAAa,KAAK,IAAA,EAAM;AACrCL,QAAAA,GAAAA,CAAIQ,KAAK,CAACC,WAAW,GAAGH,WAAWI,OAAO;AAC1CV,QAAAA,GAAAA,CAAIQ,KAAK,CAACG,IAAI,GAAGL,WAAWK,IAAI;AAClC,IAAA;IAEA,OAAOL,UAAAA;AACT;AAEA;;;;;IAMO,MAAMM,MAAAA,GAAS,CAACC,IAAAA,GAAAA;AACrB,IAAA,MAAM,EAAEC,WAAAA,EAAaC,QAAQ,EAAE,GAAGF,IAAAA;IAElC,IAAIE,QAAAA,KAAa,IAAA,IAAQA,QAAAA,KAAaC,SAAAA,EAAW;AAC/C,QAAA,MAAM,IAAInB,iBAAAA,CAAkB,iBAAA,CAAA;AAC9B,IAAA;AAEA,IAAA,MAAMoB,cAAcC,yBAAAA,CAAYH,QAAAA,CAAAA;AAChC,IAAA,IAAIE,gBAAgB,IAAA,EAAM;QACxB,MAAMA,WAAAA;AACR,IAAA;AACF;AAEA,6BAAe;IACbE,IAAAA,EAAM,aAAA;AACNpB,IAAAA,YAAAA;AACAa,IAAAA;AACF,CAAA;;;;;;"}

package/dist/server/server/src/strategies/admin-token.mjs

@@ -1,17 +1,12 @@
 import { errors } from '@strapi/utils';
 import { getService } from '../utils/index.mjs';
-import { checkExpiry, extractToken, updateLastUsedAt } from './api-token-utils.mjs';
+import { checkExpiry, extractToken } from './api-token-utils.mjs';
 import '@strapi/types';
 
 const { UnauthorizedError } = errors;
 /**
  * Authenticate an admin token. Rejects tokens with kind !== 'admin'.
  */ const authenticate = async (ctx)=>{
-    if (strapi.features.future.isEnabled('adminTokens') !== true) {
-        return {
-            authenticated: false
-        };
-    }
     const apiTokenService = getService('api-token-admin');
     const token = extractToken(ctx);
     if (token === null) {
@@ -19,65 +14,12 @@ const { UnauthorizedError } = errors;
             authenticated: false
         };
     }
-    const apiToken = await apiTokenService.getByAccessKey(apiTokenService.hash(token));
-    if (apiToken === null || apiToken === undefined) {
-        return {
-            authenticated: false
-        };
-    }
-    // Defensive kind check — only handle admin tokens
-    if (apiToken.kind !== 'admin') {
-        return {
-            authenticated: false
-        };
-    }
-    const expiryError = checkExpiry(apiToken);
-    if (expiryError !== null) {
-        return {
-            authenticated: false,
-            error: expiryError
-        };
-    }
-    await updateLastUsedAt(apiToken);
-    const owner = apiToken.adminUserOwner;
-    const ownerId = // eslint-disable-next-line no-nested-ternary
-    owner === null || owner === undefined ? null : typeof owner === 'object' ? owner.id : owner;
-    if (ownerId === null) {
-        return {
-            authenticated: false,
-            error: new UnauthorizedError('Token owner not found')
-        };
-    }
-    // Token populate does not load `roles`; reload the user like session auth (`admin` strategy)
-    // so `isSuperAdmin` and permission ceiling logic see the full admin user.
-    const user = await strapi.db.query('admin::user').findOne({
-        where: {
-            id: ownerId
-        },
-        populate: [
-            'roles'
-        ]
-    });
-    if (user === null || user === undefined) {
-        return {
-            authenticated: false,
-            error: new UnauthorizedError('Token owner not found')
-        };
-    }
-    if (user.isActive !== true || user.blocked === true) {
-        return {
-            authenticated: false,
-            error: new UnauthorizedError('Token owner is deactivated')
-        };
+    const authResult = await apiTokenService.authenticateAdminToken(token);
+    if (authResult.authenticated === true) {
+        ctx.state.userAbility = authResult.ability;
+        ctx.state.user = authResult.user;
     }
-    const ability = await getService('permission').engine.generateTokenAbility(apiToken.adminPermissions ?? [], user);
-    ctx.state.userAbility = ability;
-    ctx.state.user = user;
-    return {
-        authenticated: true,
-        credentials: apiToken,
-        ability
-    };
+    return authResult;
 };
 /**
  * Re-check presence and expiry at verify time.

package/dist/server/server/src/strategies/admin-token.mjs.map

@@ -1 +1 @@
-{"version":3,"file":"admin-token.mjs","sources":["../../../../../server/src/strategies/admin-token.ts"],"sourcesContent":["import type { Context } from 'koa';\nimport { errors } from '@strapi/utils';\nimport { getService } from '../utils';\nimport { extractToken, checkExpiry, updateLastUsedAt } from './api-token-utils';\nimport '@strapi/types';\n\nconst { UnauthorizedError } = errors;\n\n/**\n * Authenticate an admin token. Rejects tokens with kind !== 'admin'.\n */\nexport const authenticate = async (ctx: Context) => {\n  if (strapi.features.future.isEnabled('adminTokens') !== true) {\n    return { authenticated: false };\n  }\n\n  const apiTokenService = getService('api-token-admin');\n  const token = extractToken(ctx);\n\n  if (token === null) {\n    return { authenticated: false };\n  }\n\n  const apiToken = await apiTokenService.getByAccessKey(apiTokenService.hash(token));\n\n  if (apiToken === null || apiToken === undefined) {\n    return { authenticated: false };\n  }\n\n  // Defensive kind check — only handle admin tokens\n  if (apiToken.kind !== 'admin') {\n    return { authenticated: false };\n  }\n\n  const expiryError = checkExpiry(apiToken);\n  if (expiryError !== null) {\n    return { authenticated: false, error: expiryError };\n  }\n\n  await updateLastUsedAt(apiToken);\n\n  const owner = apiToken.adminUserOwner;\n  const ownerId =\n    // eslint-disable-next-line no-nested-ternary\n    owner === null || owner === undefined ? null : typeof owner === 'object' ? owner.id : owner;\n\n  if (ownerId === null) {\n    return { authenticated: false, error: new UnauthorizedError('Token owner not found') };\n  }\n\n  // Token populate does not load `roles`; reload the user like session auth (`admin` strategy)\n  // so `isSuperAdmin` and permission ceiling logic see the full admin user.\n  const user = await strapi.db\n    .query('admin::user')\n    .findOne({ where: { id: ownerId }, populate: ['roles'] });\n\n  if (user === null || user === undefined) {\n    return { authenticated: false, error: new UnauthorizedError('Token owner not found') };\n  }\n\n  if (user.isActive !== true || user.blocked === true) {\n    return { authenticated: false, error: new UnauthorizedError('Token owner is deactivated') };\n  }\n\n  const ability = await getService('permission').engine.generateTokenAbility(\n    apiToken.adminPermissions ?? [],\n    user\n  );\n\n  ctx.state.userAbility = ability;\n  ctx.state.user = user;\n\n  return { authenticated: true, credentials: apiToken, ability };\n};\n\n/**\n * Re-check presence and expiry at verify time.\n * Authorization is handled by isAuthenticatedAdmin + hasPermissions policies.\n *\n * @type {import('.').VerifyFunction}\n */\nexport const verify = (auth: any): void => {\n  const { credentials: apiToken } = auth;\n\n  if (apiToken === null || apiToken === undefined) {\n    throw new UnauthorizedError('Token not found');\n  }\n\n  const expiryError = checkExpiry(apiToken);\n  if (expiryError !== null) {\n    throw expiryError;\n  }\n};\n\nexport default {\n  name: 'admin-token',\n  authenticate,\n  verify,\n};\n"],"names":["UnauthorizedError","errors","authenticate","ctx","strapi","features","future","isEnabled","authenticated","apiTokenService","getService","token","extractToken","apiToken","getByAccessKey","hash","undefined","kind","expiryError","checkExpiry","error","updateLastUsedAt","owner","adminUserOwner","ownerId","id","user","db","query","findOne","where","populate","isActive","blocked","ability","engine","generateTokenAbility","adminPermissions","state","userAbility","credentials","verify","auth","name"],"mappings":";;;;;AAMA,MAAM,EAAEA,iBAAiB,EAAE,GAAGC,MAAAA;AAE9B;;IAGO,MAAMC,YAAAA,GAAe,OAAOC,GAAAA,GAAAA;IACjC,IAAIC,MAAAA,CAAOC,QAAQ,CAACC,MAAM,CAACC,SAAS,CAAC,mBAAmB,IAAA,EAAM;QAC5D,OAAO;YAAEC,aAAAA,EAAe;AAAM,SAAA;AAChC,IAAA;AAEA,IAAA,MAAMC,kBAAkBC,UAAAA,CAAW,iBAAA,CAAA;AACnC,IAAA,MAAMC,QAAQC,YAAAA,CAAaT,GAAAA,CAAAA;AAE3B,IAAA,IAAIQ,UAAU,IAAA,EAAM;QAClB,OAAO;YAAEH,aAAAA,EAAe;AAAM,SAAA;AAChC,IAAA;AAEA,IAAA,MAAMK,WAAW,MAAMJ,eAAAA,CAAgBK,cAAc,CAACL,eAAAA,CAAgBM,IAAI,CAACJ,KAAAA,CAAAA,CAAAA;IAE3E,IAAIE,QAAAA,KAAa,IAAA,IAAQA,QAAAA,KAAaG,SAAAA,EAAW;QAC/C,OAAO;YAAER,aAAAA,EAAe;AAAM,SAAA;AAChC,IAAA;;IAGA,IAAIK,QAAAA,CAASI,IAAI,KAAK,OAAA,EAAS;QAC7B,OAAO;YAAET,aAAAA,EAAe;AAAM,SAAA;AAChC,IAAA;AAEA,IAAA,MAAMU,cAAcC,WAAAA,CAAYN,QAAAA,CAAAA;AAChC,IAAA,IAAIK,gBAAgB,IAAA,EAAM;QACxB,OAAO;YAAEV,aAAAA,EAAe,KAAA;YAAOY,KAAAA,EAAOF;AAAY,SAAA;AACpD,IAAA;AAEA,IAAA,MAAMG,gBAAAA,CAAiBR,QAAAA,CAAAA;IAEvB,MAAMS,KAAAA,GAAQT,SAASU,cAAc;AACrC,IAAA,MAAMC;IAEJF,KAAAA,KAAU,IAAA,IAAQA,UAAUN,SAAAA,GAAY,IAAA,GAAO,OAAOM,KAAAA,KAAU,QAAA,GAAWA,KAAAA,CAAMG,EAAE,GAAGH,KAAAA;AAExF,IAAA,IAAIE,YAAY,IAAA,EAAM;QACpB,OAAO;YAAEhB,aAAAA,EAAe,KAAA;AAAOY,YAAAA,KAAAA,EAAO,IAAIpB,iBAAAA,CAAkB,uBAAA;AAAyB,SAAA;AACvF,IAAA;;;IAIA,MAAM0B,IAAAA,GAAO,MAAMtB,MAAAA,CAAOuB,EAAE,CACzBC,KAAK,CAAC,aAAA,CAAA,CACNC,OAAO,CAAC;QAAEC,KAAAA,EAAO;YAAEL,EAAAA,EAAID;AAAQ,SAAA;QAAGO,QAAAA,EAAU;AAAC,YAAA;AAAQ;AAAC,KAAA,CAAA;IAEzD,IAAIL,IAAAA,KAAS,IAAA,IAAQA,IAAAA,KAASV,SAAAA,EAAW;QACvC,OAAO;YAAER,aAAAA,EAAe,KAAA;AAAOY,YAAAA,KAAAA,EAAO,IAAIpB,iBAAAA,CAAkB,uBAAA;AAAyB,SAAA;AACvF,IAAA;AAEA,IAAA,IAAI0B,KAAKM,QAAQ,KAAK,QAAQN,IAAAA,CAAKO,OAAO,KAAK,IAAA,EAAM;QACnD,OAAO;YAAEzB,aAAAA,EAAe,KAAA;AAAOY,YAAAA,KAAAA,EAAO,IAAIpB,iBAAAA,CAAkB,4BAAA;AAA8B,SAAA;AAC5F,IAAA;AAEA,IAAA,MAAMkC,OAAAA,GAAU,MAAMxB,UAAAA,CAAW,YAAA,CAAA,CAAcyB,MAAM,CAACC,oBAAoB,CACxEvB,QAAAA,CAASwB,gBAAgB,IAAI,EAAE,EAC/BX,IAAAA,CAAAA;IAGFvB,GAAAA,CAAImC,KAAK,CAACC,WAAW,GAAGL,OAAAA;IACxB/B,GAAAA,CAAImC,KAAK,CAACZ,IAAI,GAAGA,IAAAA;IAEjB,OAAO;QAAElB,aAAAA,EAAe,IAAA;QAAMgC,WAAAA,EAAa3B,QAAAA;AAAUqB,QAAAA;AAAQ,KAAA;AAC/D;AAEA;;;;;IAMO,MAAMO,MAAAA,GAAS,CAACC,IAAAA,GAAAA;AACrB,IAAA,MAAM,EAAEF,WAAAA,EAAa3B,QAAQ,EAAE,GAAG6B,IAAAA;IAElC,IAAI7B,QAAAA,KAAa,IAAA,IAAQA,QAAAA,KAAaG,SAAAA,EAAW;AAC/C,QAAA,MAAM,IAAIhB,iBAAAA,CAAkB,iBAAA,CAAA;AAC9B,IAAA;AAEA,IAAA,MAAMkB,cAAcC,WAAAA,CAAYN,QAAAA,CAAAA;AAChC,IAAA,IAAIK,gBAAgB,IAAA,EAAM;QACxB,MAAMA,WAAAA;AACR,IAAA;AACF;AAEA,6BAAe;IACbyB,IAAAA,EAAM,aAAA;AACNzC,IAAAA,YAAAA;AACAuC,IAAAA;AACF,CAAA;;;;"}
+{"version":3,"file":"admin-token.mjs","sources":["../../../../../server/src/strategies/admin-token.ts"],"sourcesContent":["import type { Context } from 'koa';\nimport { errors } from '@strapi/utils';\nimport { getService } from '../utils';\nimport { extractToken, checkExpiry } from './api-token-utils';\nimport '@strapi/types';\n\nconst { UnauthorizedError } = errors;\n\n/**\n * Authenticate an admin token. Rejects tokens with kind !== 'admin'.\n */\nexport const authenticate = async (ctx: Context) => {\n  const apiTokenService = getService('api-token-admin');\n  const token = extractToken(ctx);\n\n  if (token === null) {\n    return { authenticated: false };\n  }\n\n  const authResult = await apiTokenService.authenticateAdminToken(token);\n\n  if (authResult.authenticated === true) {\n    ctx.state.userAbility = authResult.ability;\n    ctx.state.user = authResult.user;\n  }\n\n  return authResult;\n};\n\n/**\n * Re-check presence and expiry at verify time.\n * Authorization is handled by isAuthenticatedAdmin + hasPermissions policies.\n *\n * @type {import('.').VerifyFunction}\n */\nexport const verify = (auth: any): void => {\n  const { credentials: apiToken } = auth;\n\n  if (apiToken === null || apiToken === undefined) {\n    throw new UnauthorizedError('Token not found');\n  }\n\n  const expiryError = checkExpiry(apiToken);\n  if (expiryError !== null) {\n    throw expiryError;\n  }\n};\n\nexport default {\n  name: 'admin-token',\n  authenticate,\n  verify,\n};\n"],"names":["UnauthorizedError","errors","authenticate","ctx","apiTokenService","getService","token","extractToken","authenticated","authResult","authenticateAdminToken","state","userAbility","ability","user","verify","auth","credentials","apiToken","undefined","expiryError","checkExpiry","name"],"mappings":";;;;;AAMA,MAAM,EAAEA,iBAAiB,EAAE,GAAGC,MAAAA;AAE9B;;IAGO,MAAMC,YAAAA,GAAe,OAAOC,GAAAA,GAAAA;AACjC,IAAA,MAAMC,kBAAkBC,UAAAA,CAAW,iBAAA,CAAA;AACnC,IAAA,MAAMC,QAAQC,YAAAA,CAAaJ,GAAAA,CAAAA;AAE3B,IAAA,IAAIG,UAAU,IAAA,EAAM;QAClB,OAAO;YAAEE,aAAAA,EAAe;AAAM,SAAA;AAChC,IAAA;AAEA,IAAA,MAAMC,UAAAA,GAAa,MAAML,eAAAA,CAAgBM,sBAAsB,CAACJ,KAAAA,CAAAA;IAEhE,IAAIG,UAAAA,CAAWD,aAAa,KAAK,IAAA,EAAM;AACrCL,QAAAA,GAAAA,CAAIQ,KAAK,CAACC,WAAW,GAAGH,WAAWI,OAAO;AAC1CV,QAAAA,GAAAA,CAAIQ,KAAK,CAACG,IAAI,GAAGL,WAAWK,IAAI;AAClC,IAAA;IAEA,OAAOL,UAAAA;AACT;AAEA;;;;;IAMO,MAAMM,MAAAA,GAAS,CAACC,IAAAA,GAAAA;AACrB,IAAA,MAAM,EAAEC,WAAAA,EAAaC,QAAQ,EAAE,GAAGF,IAAAA;IAElC,IAAIE,QAAAA,KAAa,IAAA,IAAQA,QAAAA,KAAaC,SAAAA,EAAW;AAC/C,QAAA,MAAM,IAAInB,iBAAAA,CAAkB,iBAAA,CAAA;AAC9B,IAAA;AAEA,IAAA,MAAMoB,cAAcC,WAAAA,CAAYH,QAAAA,CAAAA;AAChC,IAAA,IAAIE,gBAAgB,IAAA,EAAM;QACxB,MAAMA,WAAAA;AACR,IAAA;AACF;AAEA,6BAAe;IACbE,IAAAA,EAAM,aAAA;AACNpB,IAAAA,YAAAA;AACAa,IAAAA;AACF,CAAA;;;;"}

package/dist/server/src/bootstrap.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"bootstrap.d.ts","sourceRoot":"","sources":["../../../server/src/bootstrap.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;qCAgIR;IAAE,MAAM,EAAE,KAAK,MAAM,CAAA;CAAE;AAAzD,wBAiFE"}
+{"version":3,"file":"bootstrap.d.ts","sourceRoot":"","sources":["../../../server/src/bootstrap.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;qCAoIR;IAAE,MAAM,EAAE,KAAK,MAAM,CAAA;CAAE;AAAzD,wBAoFE"}

package/dist/server/src/controllers/admin.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"admin.d.ts","sourceRoot":"","sources":["../../../../server/src/controllers/admin.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,KAAK,CAAC;AAgBnC,OAAO,KAAK,EAEV,kBAAkB,EAMnB,MAAM,iCAAiC,CAAC;AAIzC;;GAEG;;;;;;;;;;;;;;;;;;;;;+BA2CgC,OAAO;6BAmBT,OAAO;;;;;;;;;;;;;;;;;;;;;;iBA6DnB,OAAO;;;;2BAmCG,OAAO;;;;;;;AA7JtC,wBAuKE"}
+{"version":3,"file":"admin.d.ts","sourceRoot":"","sources":["../../../../server/src/controllers/admin.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,KAAK,CAAC;AAenC,OAAO,KAAK,EAEV,kBAAkB,EAMnB,MAAM,iCAAiC,CAAC;AAezC;;GAEG;;;;;;;;;;;;;;;;;;;;;+BA2CgC,OAAO;6BAmBT,OAAO;;;;;;;;;;;;;;;;;;;;;;iBA6DnB,OAAO;;;;2BAmCG,OAAO;;;;;;;AA7JtC,wBAuKE"}

package/dist/server/src/controllers/webhooks.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"webhooks.d.ts","sourceRoot":"","sources":["../../../../server/src/controllers/webhooks.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,KAAK,CAAC;;sBAmET,OAAO;oBAKT,OAAO;uBAWJ,OAAO;uBAYP,OAAO;uBA0BP,OAAO;wBAeN,OAAO;wBAmBP,OAAO;;AAzFnC,wBAoGE"}
+{"version":3,"file":"webhooks.d.ts","sourceRoot":"","sources":["../../../../server/src/controllers/webhooks.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,KAAK,CAAC;;sBAmET,OAAO;oBAKT,OAAO;uBAWJ,OAAO;uBAYP,OAAO;uBA0BP,OAAO;wBAeN,OAAO;wBAmBP,OAAO;;AAzFnC,wBAoGE"}

package/dist/server/src/index.d.ts

@@ -23,11 +23,6 @@ declare let admin: {
             validator: (config: unknown) => void;
             handler: (...args: any[]) => any;
         };
-        isAdminTokensEnabled: {
-            name: string;
-            validator: (config: unknown) => void;
-            handler: (...args: any[]) => any;
-        };
         isTelemetryEnabled: {
             name: string;
             validator: (config: unknown) => void;

package/dist/server/src/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../server/src/index.ts"],"names":[],"mappings":";AAeA,QAAA,IAAI,KAAK;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAWR,CAAC;AAUF,eAAe,KAAK,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../server/src/index.ts"],"names":[],"mappings":";AAeA,QAAA,IAAI,KAAK;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAWR,CAAC;AAUF,eAAe,KAAK,CAAC"}

package/dist/server/src/migrations/database/migrate-prefered-language-dk-to-da.d.ts

@@ -0,0 +1,22 @@
+type MigrationTransaction = {
+    schema: {
+        hasTable(tableName: string): Promise<boolean>;
+        hasColumn(tableName: string, columnName: string): Promise<boolean>;
+    };
+    (tableName: string): {
+        where(columnName: string, value: string): {
+            update(values: Record<string, string>): Promise<unknown>;
+        };
+    };
+};
+type Migration = {
+    name: string;
+    up(trx: MigrationTransaction): Promise<void>;
+    down(): Promise<void>;
+};
+/**
+ * Migrates persisted admin UI language from the legacy Danish code `dk` to ISO 639-1 `da`.
+ */
+export declare const migrateAdminPreferedLanguageDkToDa: Migration;
+export {};
+//# sourceMappingURL=migrate-prefered-language-dk-to-da.d.ts.map

package/dist/server/src/migrations/database/migrate-prefered-language-dk-to-da.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"migrate-prefered-language-dk-to-da.d.ts","sourceRoot":"","sources":["../../../../../server/src/migrations/database/migrate-prefered-language-dk-to-da.ts"],"names":[],"mappings":"AAGA,KAAK,oBAAoB,GAAG;IAC1B,MAAM,EAAE;QACN,QAAQ,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;QAC9C,SAAS,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;KACpE,CAAC;IACF,CAAC,SAAS,EAAE,MAAM,GAAG;QACnB,KAAK,CACH,UAAU,EAAE,MAAM,EAClB,KAAK,EAAE,MAAM,GACZ;YACD,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;SAC1D,CAAC;KACH,CAAC;CACH,CAAC;AAEF,KAAK,SAAS,GAAG;IACf,IAAI,EAAE,MAAM,CAAC;IACb,EAAE,CAAC,GAAG,EAAE,oBAAoB,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC7C,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;CACvB,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,kCAAkC,EAAE,SAsBhD,CAAC"}

package/dist/server/src/policies/index.d.ts

@@ -5,11 +5,6 @@ declare const _default: {
         validator: (config: unknown) => void;
         handler: (...args: any[]) => any;
     };
-    isAdminTokensEnabled: {
-        name: string;
-        validator: (config: unknown) => void;
-        handler: (...args: any[]) => any;
-    };
     isTelemetryEnabled: {
         name: string;
         validator: (config: unknown) => void;

package/dist/server/src/policies/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../server/src/policies/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;AAKA,wBAAkG"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../server/src/policies/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;AAIA,wBAA4E"}

package/dist/server/src/register.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"register.d.ts","sourceRoot":"","sources":["../../../server/src/register.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;qCAOd;IAAE,MAAM,EAAE,KAAK,MAAM,CAAA;CAAE;AAAnD,wBAeE"}
+{"version":3,"file":"register.d.ts","sourceRoot":"","sources":["../../../server/src/register.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;qCAQd;IAAE,MAAM,EAAE,KAAK,MAAM,CAAA;CAAE;AAAnD,wBAiBE"}

package/dist/server/src/routes/admin-tokens.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"admin-tokens.d.ts","sourceRoot":"","sources":["../../../../server/src/routes/admin-tokens.ts"],"names":[],"mappings":";;;;;;;;;;;;;AAAA,wBAqFE"}
+{"version":3,"file":"admin-tokens.d.ts","sourceRoot":"","sources":["../../../../server/src/routes/admin-tokens.ts"],"names":[],"mappings":";;;;;;;;;;;;;AAAA,wBA8EE"}

package/dist/server/src/routes/serve-admin-panel.d.ts

@@ -1,6 +1,8 @@
+import type { Context, Next } from 'koa';
 import type { Core } from '@strapi/types';
 declare const registerAdminPanelRoute: ({ strapi }: {
     strapi: Core.Strapi;
 }) => void;
+export declare const serveStatic: (filesDir: any, koaStaticOptions?: {}) => (ctx: Context, next: Next) => Promise<void>;
 export default registerAdminPanelRoute;
 //# sourceMappingURL=serve-admin-panel.d.ts.map

package/dist/server/src/routes/serve-admin-panel.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"serve-admin-panel.d.ts","sourceRoot":"","sources":["../../../../server/src/routes/serve-admin-panel.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;AAE1C,QAAA,MAAM,uBAAuB,eAAgB;IAAE,MAAM,EAAE,KAAK,MAAM,CAAA;CAAE,SA4CnE,CAAC;AAoBF,eAAe,uBAAuB,CAAC"}
+{"version":3,"file":"serve-admin-panel.d.ts","sourceRoot":"","sources":["../../../../server/src/routes/serve-admin-panel.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,KAAK,CAAC;AAIzC,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;AAE1C,QAAA,MAAM,uBAAuB,eAAgB;IAAE,MAAM,EAAE,KAAK,MAAM,CAAA;CAAE,SA4CnE,CAAC;AAGF,eAAO,MAAM,WAAW,aAAc,GAAG,kCAGpB,OAAO,QAAQ,IAAI,kBAiBvC,CAAC;AAEF,eAAe,uBAAuB,CAAC"}

package/dist/server/src/services/api-token.d.ts

@@ -1,9 +1,21 @@
 /// <reference types="node" />
 import type { Data } from '@strapi/types';
+import { errors } from '@strapi/utils';
+import type { Ability } from '@casl/ability';
 import type { Update, ContentApiApiToken, ContentApiApiTokenBody } from '../../../shared/contracts/api-token';
 import type { AdminApiToken, AdminTokenBody } from '../../../shared/contracts/admin-token';
 import type { AdminUser, Permission } from '../../../shared/contracts/shared';
 type AnyApiToken = ContentApiApiToken | AdminApiToken;
+declare const UnauthorizedError: typeof errors.UnauthorizedError;
+export type AdminTokenAuthenticationResult = {
+    authenticated: false;
+    error?: InstanceType<typeof UnauthorizedError>;
+} | {
+    authenticated: true;
+    credentials: AdminApiToken;
+    user: AdminUser;
+    ability: Ability;
+};
 /** API/body shape: permission without ids/timestamps and without actionParameters (defaulted by domain when creating). */
 type PermissionInput = Omit<Permission, 'id' | 'createdAt' | 'updatedAt' | 'actionParameters'>;
 /**
@@ -87,6 +99,7 @@ declare const exists: (whereParams?: WhereParams) => Promise<boolean>;
  * Return a secure sha512 hash of an accessKey
  */
 declare const hash: (accessKey: string) => string;
+declare const authenticateAdminToken: (accessToken: string) => Promise<AdminTokenAuthenticationResult>;
 /**
  * Create a token and its permissions
  */
@@ -153,6 +166,7 @@ export interface ContentApiTokenService extends SharedTokenMethods {
     count(where?: object): Promise<number>;
 }
 export interface AdminTokenService extends SharedTokenMethods {
+    authenticateAdminToken(accessToken: string): Promise<AdminTokenAuthenticationResult>;
     create(attributes: AdminTokenBody, callingUser: AdminUser): Promise<AdminApiToken>;
     list(callingUser: AdminUser): Promise<AdminApiToken[]>;
     getById(id: string | number, options?: GetByOptions): Promise<AdminApiToken | null>;
@@ -170,5 +184,5 @@ export interface AdminTokenService extends SharedTokenMethods {
 declare function createTokenService(kind: 'content-api'): ContentApiTokenService;
 declare function createTokenService(kind: 'admin'): AdminTokenService;
 export type { GetByOptions };
-export { createTokenService, create, count, regenerate, exists, checkSaltIsDefined, hash, list, revoke, getById, update, getByName, getBy, assignAdminPermissionsToToken, enforceAdminPermissionsCeiling, reconcileTokenPermissionsToUserCeiling, syncApiTokenPermissionsForUser, syncApiTokenPermissionsForRole, deleteAdminTokensForUser, };
+export { createTokenService, create, count, regenerate, exists, checkSaltIsDefined, hash, list, revoke, getById, update, getByName, getBy, authenticateAdminToken, assignAdminPermissionsToToken, enforceAdminPermissionsCeiling, reconcileTokenPermissionsToUserCeiling, syncApiTokenPermissionsForUser, syncApiTokenPermissionsForRole, deleteAdminTokensForUser, };
 //# sourceMappingURL=api-token.d.ts.map

package/dist/server/src/services/api-token.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"api-token.d.ts","sourceRoot":"","sources":["../../../../server/src/services/api-token.ts"],"names":[],"mappings":";AAeA,OAAO,KAAK,EAAQ,IAAI,EAAE,MAAM,eAAe,CAAC;AAEhD,OAAO,KAAK,EACV,MAAM,EACN,kBAAkB,EAClB,sBAAsB,EACvB,MAAM,qCAAqC,CAAC;AAC7C,OAAO,KAAK,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,uCAAuC,CAAC;AAC3F,OAAO,KAAK,EAAmB,SAAS,EAAE,UAAU,EAAE,MAAM,kCAAkC,CAAC;AAM/F,KAAK,WAAW,GAAG,kBAAkB,GAAG,aAAa,CAAC;AAqItD,0HAA0H;AAC1H,KAAK,eAAe,GAAG,IAAI,CAAC,UAAU,EAAE,IAAI,GAAG,WAAW,GAAG,WAAW,GAAG,kBAAkB,CAAC,CAAC;AAmD/F;;;;;;;;;;;;;;;;;;;GAmBG;AACH,QAAA,MAAM,8BAA8B,SAC5B,SAAS,GAAG,SAAS,GAAG,IAAI,yBACX,eAAe,EAAE,KACvC,QAAQ,eAAe,EAAE,CAoG3B,CAAC;AA6CF;;;;GAIG;AACH,QAAA,MAAM,6BAA6B,YACxB,KAAK,EAAE,eACH,eAAe,EAAE,eACjB,SAAS,KACrB,QAAQ,UAAU,EAAE,CA0CtB,CAAC;AAEF;;;;;;;;GAQG;AACH,QAAA,MAAM,sCAAsC,oBACzB,UAAU,EAAE,oBACX,UAAU,EAAE,KAC7B;IAAE,QAAQ,EAAE,UAAU,EAAE,CAAC;IAAC,QAAQ,EAAE;QAAE,EAAE,EAAE,KAAK,EAAE,CAAC;QAAC,UAAU,EAAE,MAAM,EAAE,CAAA;KAAE,EAAE,CAAA;CA2D7E,CAAC;AAEF;;;;;;GAMG;AACH,QAAA,MAAM,8BAA8B,WAAkB,KAAK,EAAE,KAAG,QAAQ,IAAI,CAuC3E,CAAC;AAEF;;;GAGG;AACH,QAAA,MAAM,8BAA8B,WAAkB,KAAK,EAAE,KAAG,QAAQ,IAAI,CAO3E,CAAC;AASF,KAAK,WAAW,GAAG;IACjB,EAAE,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,IAAI,CAAC,EAAE,aAAa,GAAG,OAAO,CAAC;CAChC,CAAC;AAEF,KAAK,YAAY,GAAG;IAClB,mBAAmB,CAAC,EAAE,OAAO,CAAC;CAC/B,CAAC;AAEF;;;;GAIG;AACH,QAAA,MAAM,KAAK,iBACI,WAAW,YACf,YAAY,KACpB,QAAQ,WAAW,GAAG,IAAI,CA8C5B,CAAC;AAEF;;GAEG;AACH,QAAA,MAAM,MAAM,iBAAuB,WAAW,KAAQ,QAAQ,OAAO,CAIpE,CAAC;AAEF;;GAEG;AACH,QAAA,MAAM,IAAI,cAAe,MAAM,WAK9B,CAAC;AAeF;;GAEG;AACH,QAAA,MAAM,MAAM,kDACE;IAAE,IAAI,EAAE,CAAC,CAAA;CAAE,GAAG,CAAC,sBAAsB,GAAG,cAAc,CAAC,gBACrD,SAAS,KACtB,QACD,CAAC,SAAS,aAAa,GAAG,kBAAkB,GAAG,CAAC,SAAS,OAAO,GAAG,aAAa,GAAG,WAAW,CAgH/F,CAAC;AAEF,QAAA,MAAM,UAAU,OAAc,MAAM,GAAG,MAAM,KAAG,QAAQ,kBAAkB,GAAG,aAAa,CAuBzF,CAAC;AAEF,QAAA,MAAM,kBAAkB,YAgBvB,CAAC;AAEF;;;GAGG;AACH,QAAA,MAAM,IAAI,mDACK,SAAS,eACV;IAAE,MAAM,CAAC,EAAE;QAAE,IAAI,CAAC,EAAE,CAAC,CAAA;KAAE,CAAA;CAAE,KACpC,QACD,MACE,CAAC,SAAS,aAAa,GAAG,kBAAkB,GAAG,CAAC,SAAS,OAAO,GAAG,aAAa,GAAG,WAAW,CAC/F,CA2CF,CAAC;AAEF;;GAEG;AACH,QAAA,MAAM,MAAM,OAAc,MAAM,GAAG,MAAM,KAAG,QAAQ,WAAW,CAsC9D,CAAC;AAEF;;GAEG;AACH,QAAA,MAAM,OAAO,OAAc,MAAM,GAAG,MAAM,YAAY,YAAY,gCAEjE,CAAC;AAEF;;GAEG;AACH,QAAA,MAAM,SAAS,SAAgB,MAAM,YAAY,YAAY,gCAE5D,CAAC;AAEF;;GAEG;AACH,QAAA,MAAM,MAAM,OACN,MAAM,GAAG,MAAM,cACP,cAAc,CAAC,MAAM,CAAC,KACjC,QAAQ,WAAW,CAoKrB,CAAC;AAEF,QAAA,MAAM,KAAK,kBAAuB,QAAQ,MAAM,CAE/C,CAAC;AAEF;;;GAGG;AACH,QAAA,MAAM,wBAAwB,WAAkB,KAAK,EAAE,KAAG,QAAQ,IAAI,CAkBrE,CAAC;AAMF,UAAU,kBAAkB;IAC1B,IAAI,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,CAAC;IAChC,kBAAkB,IAAI,IAAI,CAAC;IAC3B,6EAA6E;IAC7E,cAAc,CAAC,aAAa,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,YAAY,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,CAAC;IAC3F,oCAAoC;IACpC,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAC1C,sCAAsC,CACpC,eAAe,EAAE,UAAU,EAAE,EAC7B,gBAAgB,EAAE,UAAU,EAAE,GAC7B;QAAE,QAAQ,EAAE,UAAU,EAAE,CAAC;QAAC,QAAQ,EAAE;YAAE,EAAE,EAAE,IAAI,CAAC,EAAE,CAAC;YAAC,UAAU,EAAE,MAAM,EAAE,CAAA;SAAE,EAAE,CAAA;KAAE,CAAC;CAClF;AAED,MAAM,WAAW,sBAAuB,SAAQ,kBAAkB;IAChE,MAAM,CAAC,UAAU,EAAE,sBAAsB,EAAE,WAAW,CAAC,EAAE,SAAS,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;IACjG,IAAI,CAAC,WAAW,EAAE,SAAS,GAAG,OAAO,CAAC,kBAAkB,EAAE,CAAC,CAAC;IAC5D,OAAO,CAAC,EAAE,EAAE,MAAM,GAAG,MAAM,EAAE,OAAO,CAAC,EAAE,YAAY,GAAG,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC,CAAC;IACzF,SAAS,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,YAAY,GAAG,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC,CAAC;IACpF,MAAM,CACJ,EAAE,EAAE,MAAM,GAAG,MAAM,EACnB,UAAU,EAAE,OAAO,CAAC,sBAAsB,CAAC,GAC1C,OAAO,CAAC,kBAAkB,CAAC,CAAC;IAC/B,MAAM,CAAC,EAAE,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;IACzD,UAAU,CAAC,EAAE,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;IAC7D,MAAM,CAAC,KAAK,EAAE,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAC7C,KAAK,CAAC,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;CACxC;AAED,MAAM,WAAW,iBAAkB,SAAQ,kBAAkB;IAC3D,MAAM,CAAC,UAAU,EAAE,cAAc,EAAE,WAAW,EAAE,SAAS,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC;IACnF,IAAI,CAAC,WAAW,EAAE,SAAS,GAAG,OAAO,CAAC,aAAa,EAAE,CAAC,CAAC;IACvD,OAAO,CAAC,EAAE,EAAE,MAAM,GAAG,MAAM,EAAE,OAAO,CAAC,EAAE,YAAY,GAAG,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC,CAAC;IACpF,SAAS,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,YAAY,GAAG,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC,CAAC;IAC/E,MAAM,CAAC,EAAE,EAAE,MAAM,GAAG,MAAM,EAAE,UAAU,EAAE,OAAO,CAAC,cAAc,CAAC,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC;IACzF,MAAM,CAAC,EAAE,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC;IACpD,UAAU,CAAC,EAAE,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC;IACxD,MAAM,CAAC,KAAK,EAAE,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAC7C,KAAK,CAAC,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IACvC,6BAA6B,CAC3B,OAAO,EAAE,IAAI,CAAC,EAAE,EAChB,WAAW,EAAE,eAAe,EAAE,EAC9B,WAAW,EAAE,SAAS,GACrB,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC;IACzB,sBAAsB,CAAC,MAAM,EAAE,IAAI,CAAC,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACvD,sBAAsB,CAAC,MAAM,EAAE,IAAI,CAAC,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACvD,mBAAmB,CAAC,MAAM,EAAE,IAAI,CAAC,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACrD;AAMD,iBAAS,kBAAkB,CAAC,IAAI,EAAE,aAAa,GAAG,sBAAsB,CAAC;AACzE,iBAAS,kBAAkB,CAAC,IAAI,EAAE,OAAO,GAAG,iBAAiB,CAAC;AAmE9D,YAAY,EAAE,YAAY,EAAE,CAAC;AAE7B,OAAO,EACL,kBAAkB,EAClB,MAAM,EACN,KAAK,EACL,UAAU,EACV,MAAM,EACN,kBAAkB,EAClB,IAAI,EACJ,IAAI,EACJ,MAAM,EACN,OAAO,EACP,MAAM,EACN,SAAS,EACT,KAAK,EACL,6BAA6B,EAC7B,8BAA8B,EAC9B,sCAAsC,EACtC,8BAA8B,EAC9B,8BAA8B,EAC9B,wBAAwB,GACzB,CAAC"}
+{"version":3,"file":"api-token.d.ts","sourceRoot":"","sources":["../../../../server/src/services/api-token.ts"],"names":[],"mappings":";AAeA,OAAO,KAAK,EAAQ,IAAI,EAAE,MAAM,eAAe,CAAC;AAChD,OAAO,EAAE,MAAM,EAAE,MAAM,eAAe,CAAC;AACvC,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AAC7C,OAAO,KAAK,EACV,MAAM,EACN,kBAAkB,EAClB,sBAAsB,EACvB,MAAM,qCAAqC,CAAC;AAC7C,OAAO,KAAK,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,uCAAuC,CAAC;AAC3F,OAAO,KAAK,EAAmB,SAAS,EAAE,UAAU,EAAE,MAAM,kCAAkC,CAAC;AAO/F,KAAK,WAAW,GAAG,kBAAkB,GAAG,aAAa,CAAC;AAItD,QAAA,MAAwC,iBAAiB,iCAAW,CAAC;AAErE,MAAM,MAAM,8BAA8B,GACtC;IAAE,aAAa,EAAE,KAAK,CAAC;IAAC,KAAK,CAAC,EAAE,YAAY,CAAC,OAAO,iBAAiB,CAAC,CAAA;CAAE,GACxE;IAAE,aAAa,EAAE,IAAI,CAAC;IAAC,WAAW,EAAE,aAAa,CAAC;IAAC,IAAI,EAAE,SAAS,CAAC;IAAC,OAAO,EAAE,OAAO,CAAA;CAAE,CAAC;AA+I3F,0HAA0H;AAC1H,KAAK,eAAe,GAAG,IAAI,CAAC,UAAU,EAAE,IAAI,GAAG,WAAW,GAAG,WAAW,GAAG,kBAAkB,CAAC,CAAC;AAmD/F;;;;;;;;;;;;;;;;;;;GAmBG;AACH,QAAA,MAAM,8BAA8B,SAC5B,SAAS,GAAG,SAAS,GAAG,IAAI,yBACX,eAAe,EAAE,KACvC,QAAQ,eAAe,EAAE,CAoG3B,CAAC;AA6CF;;;;GAIG;AACH,QAAA,MAAM,6BAA6B,YACxB,KAAK,EAAE,eACH,eAAe,EAAE,eACjB,SAAS,KACrB,QAAQ,UAAU,EAAE,CA0CtB,CAAC;AAEF;;;;;;;;GAQG;AACH,QAAA,MAAM,sCAAsC,oBACzB,UAAU,EAAE,oBACX,UAAU,EAAE,KAC7B;IAAE,QAAQ,EAAE,UAAU,EAAE,CAAC;IAAC,QAAQ,EAAE;QAAE,EAAE,EAAE,KAAK,EAAE,CAAC;QAAC,UAAU,EAAE,MAAM,EAAE,CAAA;KAAE,EAAE,CAAA;CA2D7E,CAAC;AAEF;;;;;;GAMG;AACH,QAAA,MAAM,8BAA8B,WAAkB,KAAK,EAAE,KAAG,QAAQ,IAAI,CAuC3E,CAAC;AAEF;;;GAGG;AACH,QAAA,MAAM,8BAA8B,WAAkB,KAAK,EAAE,KAAG,QAAQ,IAAI,CAO3E,CAAC;AASF,KAAK,WAAW,GAAG;IACjB,EAAE,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,IAAI,CAAC,EAAE,aAAa,GAAG,OAAO,CAAC;CAChC,CAAC;AAEF,KAAK,YAAY,GAAG;IAClB,mBAAmB,CAAC,EAAE,OAAO,CAAC;CAC/B,CAAC;AAEF;;;;GAIG;AACH,QAAA,MAAM,KAAK,iBACI,WAAW,YACf,YAAY,KACpB,QAAQ,WAAW,GAAG,IAAI,CA8C5B,CAAC;AAEF;;GAEG;AACH,QAAA,MAAM,MAAM,iBAAuB,WAAW,KAAQ,QAAQ,OAAO,CAIpE,CAAC;AAEF;;GAEG;AACH,QAAA,MAAM,IAAI,cAAe,MAAM,WAK9B,CAAC;AAEF,QAAA,MAAM,sBAAsB,gBACb,MAAM,KAClB,QAAQ,8BAA8B,CAyCxC,CAAC;AAeF;;GAEG;AACH,QAAA,MAAM,MAAM,kDACE;IAAE,IAAI,EAAE,CAAC,CAAA;CAAE,GAAG,CAAC,sBAAsB,GAAG,cAAc,CAAC,gBACrD,SAAS,KACtB,QACD,CAAC,SAAS,aAAa,GAAG,kBAAkB,GAAG,CAAC,SAAS,OAAO,GAAG,aAAa,GAAG,WAAW,CAgH/F,CAAC;AAEF,QAAA,MAAM,UAAU,OAAc,MAAM,GAAG,MAAM,KAAG,QAAQ,kBAAkB,GAAG,aAAa,CAuBzF,CAAC;AAEF,QAAA,MAAM,kBAAkB,YAgBvB,CAAC;AAEF;;;GAGG;AACH,QAAA,MAAM,IAAI,mDACK,SAAS,eACV;IAAE,MAAM,CAAC,EAAE;QAAE,IAAI,CAAC,EAAE,CAAC,CAAA;KAAE,CAAA;CAAE,KACpC,QACD,MACE,CAAC,SAAS,aAAa,GAAG,kBAAkB,GAAG,CAAC,SAAS,OAAO,GAAG,aAAa,GAAG,WAAW,CAC/F,CA2CF,CAAC;AAEF;;GAEG;AACH,QAAA,MAAM,MAAM,OAAc,MAAM,GAAG,MAAM,KAAG,QAAQ,WAAW,CAsC9D,CAAC;AAEF;;GAEG;AACH,QAAA,MAAM,OAAO,OAAc,MAAM,GAAG,MAAM,YAAY,YAAY,gCAEjE,CAAC;AAEF;;GAEG;AACH,QAAA,MAAM,SAAS,SAAgB,MAAM,YAAY,YAAY,gCAE5D,CAAC;AAEF;;GAEG;AACH,QAAA,MAAM,MAAM,OACN,MAAM,GAAG,MAAM,cACP,cAAc,CAAC,MAAM,CAAC,KACjC,QAAQ,WAAW,CAoKrB,CAAC;AAEF,QAAA,MAAM,KAAK,kBAAuB,QAAQ,MAAM,CAE/C,CAAC;AAEF;;;GAGG;AACH,QAAA,MAAM,wBAAwB,WAAkB,KAAK,EAAE,KAAG,QAAQ,IAAI,CAkBrE,CAAC;AAMF,UAAU,kBAAkB;IAC1B,IAAI,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,CAAC;IAChC,kBAAkB,IAAI,IAAI,CAAC;IAC3B,6EAA6E;IAC7E,cAAc,CAAC,aAAa,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,YAAY,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,CAAC;IAC3F,oCAAoC;IACpC,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAC1C,sCAAsC,CACpC,eAAe,EAAE,UAAU,EAAE,EAC7B,gBAAgB,EAAE,UAAU,EAAE,GAC7B;QAAE,QAAQ,EAAE,UAAU,EAAE,CAAC;QAAC,QAAQ,EAAE;YAAE,EAAE,EAAE,IAAI,CAAC,EAAE,CAAC;YAAC,UAAU,EAAE,MAAM,EAAE,CAAA;SAAE,EAAE,CAAA;KAAE,CAAC;CAClF;AAED,MAAM,WAAW,sBAAuB,SAAQ,kBAAkB;IAChE,MAAM,CAAC,UAAU,EAAE,sBAAsB,EAAE,WAAW,CAAC,EAAE,SAAS,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;IACjG,IAAI,CAAC,WAAW,EAAE,SAAS,GAAG,OAAO,CAAC,kBAAkB,EAAE,CAAC,CAAC;IAC5D,OAAO,CAAC,EAAE,EAAE,MAAM,GAAG,MAAM,EAAE,OAAO,CAAC,EAAE,YAAY,GAAG,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC,CAAC;IACzF,SAAS,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,YAAY,GAAG,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC,CAAC;IACpF,MAAM,CACJ,EAAE,EAAE,MAAM,GAAG,MAAM,EACnB,UAAU,EAAE,OAAO,CAAC,sBAAsB,CAAC,GAC1C,OAAO,CAAC,kBAAkB,CAAC,CAAC;IAC/B,MAAM,CAAC,EAAE,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;IACzD,UAAU,CAAC,EAAE,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;IAC7D,MAAM,CAAC,KAAK,EAAE,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAC7C,KAAK,CAAC,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;CACxC;AAED,MAAM,WAAW,iBAAkB,SAAQ,kBAAkB;IAC3D,sBAAsB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,8BAA8B,CAAC,CAAC;IACrF,MAAM,CAAC,UAAU,EAAE,cAAc,EAAE,WAAW,EAAE,SAAS,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC;IACnF,IAAI,CAAC,WAAW,EAAE,SAAS,GAAG,OAAO,CAAC,aAAa,EAAE,CAAC,CAAC;IACvD,OAAO,CAAC,EAAE,EAAE,MAAM,GAAG,MAAM,EAAE,OAAO,CAAC,EAAE,YAAY,GAAG,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC,CAAC;IACpF,SAAS,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,YAAY,GAAG,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC,CAAC;IAC/E,MAAM,CAAC,EAAE,EAAE,MAAM,GAAG,MAAM,EAAE,UAAU,EAAE,OAAO,CAAC,cAAc,CAAC,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC;IACzF,MAAM,CAAC,EAAE,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC;IACpD,UAAU,CAAC,EAAE,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC;IACxD,MAAM,CAAC,KAAK,EAAE,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAC7C,KAAK,CAAC,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IACvC,6BAA6B,CAC3B,OAAO,EAAE,IAAI,CAAC,EAAE,EAChB,WAAW,EAAE,eAAe,EAAE,EAC9B,WAAW,EAAE,SAAS,GACrB,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC;IACzB,sBAAsB,CAAC,MAAM,EAAE,IAAI,CAAC,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACvD,sBAAsB,CAAC,MAAM,EAAE,IAAI,CAAC,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACvD,mBAAmB,CAAC,MAAM,EAAE,IAAI,CAAC,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACrD;AAMD,iBAAS,kBAAkB,CAAC,IAAI,EAAE,aAAa,GAAG,sBAAsB,CAAC;AACzE,iBAAS,kBAAkB,CAAC,IAAI,EAAE,OAAO,GAAG,iBAAiB,CAAC;AAoE9D,YAAY,EAAE,YAAY,EAAE,CAAC;AAE7B,OAAO,EACL,kBAAkB,EAClB,MAAM,EACN,KAAK,EACL,UAAU,EACV,MAAM,EACN,kBAAkB,EAClB,IAAI,EACJ,IAAI,EACJ,MAAM,EACN,OAAO,EACP,MAAM,EACN,SAAS,EACT,KAAK,EACL,sBAAsB,EACtB,6BAA6B,EAC7B,8BAA8B,EAC9B,sCAAsC,EACtC,8BAA8B,EAC9B,8BAA8B,EAC9B,wBAAwB,GACzB,CAAC"}

package/dist/server/src/services/token.d.ts

@@ -7,12 +7,18 @@ declare const getTokenOptions: () => {
         expiresIn?: string | number | undefined;
     };
 };
+/**
+ * True when the project set `admin.auth.options.expiresIn`.
+ * Do not use merged options from {@link getTokenOptions}: defaults always inject `expiresIn: '30d'`,
+ * which would make every install look like a legacy config (see GitHub #25989).
+ */
+declare const hasUserConfiguredAuthOptionsExpiresIn: (adminAuthOptions: unknown) => boolean;
 /**
  * Create a random token
  */
 declare const createToken: () => string;
 declare const checkSecretIsDefined: () => void;
-export { createToken, getTokenOptions, checkSecretIsDefined };
+export { createToken, getTokenOptions, checkSecretIsDefined, hasUserConfiguredAuthOptionsExpiresIn, };
 /**
  * Convert an expiresIn value (string or number) into seconds.
  * Supported formats:

package/dist/server/src/services/token.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"token.d.ts","sourceRoot":"","sources":["../../../../server/src/services/token.ts"],"names":[],"mappings":"AAMA,QAAA,MAAM,eAAe;;;;;;;;CAgBpB,CAAC;AAEF;;GAEG;AACH,QAAA,MAAM,WAAW,QAAO,MAEvB,CAAC;AAEF,QAAA,MAAM,oBAAoB,YAOzB,CAAC;AAEF,OAAO,EAAE,WAAW,EAAE,eAAe,EAAE,oBAAoB,EAAE,CAAC;AAE9D;;;;;;;GAOG;AACH,eAAO,MAAM,kBAAkB,cAAe,OAAO,KAAG,MAAM,GAAG,SA0ChE,CAAC"}
+{"version":3,"file":"token.d.ts","sourceRoot":"","sources":["../../../../server/src/services/token.ts"],"names":[],"mappings":"AAMA,QAAA,MAAM,eAAe;;;;;;;;CAgBpB,CAAC;AAEF;;;;GAIG;AACH,QAAA,MAAM,qCAAqC,qBAAsB,OAAO,KAAG,OAK1E,CAAC;AAEF;;GAEG;AACH,QAAA,MAAM,WAAW,QAAO,MAEvB,CAAC;AAEF,QAAA,MAAM,oBAAoB,YAOzB,CAAC;AAEF,OAAO,EACL,WAAW,EACX,eAAe,EACf,oBAAoB,EACpB,qCAAqC,GACtC,CAAC;AAEF;;;;;;;GAOG;AACH,eAAO,MAAM,kBAAkB,cAAe,OAAO,KAAG,MAAM,GAAG,SA0ChE,CAAC"}

package/dist/server/src/strategies/admin-token.d.ts

@@ -5,20 +5,15 @@ import '@strapi/types';
  * Authenticate an admin token. Rejects tokens with kind !== 'admin'.
  */
 export declare const authenticate: (ctx: Context) => Promise<{
-    authenticated: boolean;
-    error?: undefined;
-    credentials?: undefined;
-    ability?: undefined;
-} | {
-    authenticated: boolean;
-    error: errors.UnauthorizedError<string, unknown>;
-    credentials?: undefined;
-    ability?: undefined;
+    authenticated: false;
+    error?: errors.UnauthorizedError<string, unknown> | undefined;
 } | {
-    authenticated: boolean;
+    authenticated: true;
     credentials: import("../../../shared/contracts/admin-token").AdminApiToken;
+    user: import("../../../shared/contracts/shared").AdminUser;
     ability: import("@casl/ability").Ability<import("@casl/ability").AbilityTuple, any>;
-    error?: undefined;
+} | {
+    authenticated: boolean;
 }>;
 /**
  * Re-check presence and expiry at verify time.
@@ -30,20 +25,15 @@ export declare const verify: (auth: any) => void;
 declare const _default: {
     name: string;
     authenticate: (ctx: Context) => Promise<{
-        authenticated: boolean;
-        error?: undefined;
-        credentials?: undefined;
-        ability?: undefined;
-    } | {
-        authenticated: boolean;
-        error: errors.UnauthorizedError<string, unknown>;
-        credentials?: undefined;
-        ability?: undefined;
+        authenticated: false;
+        error?: errors.UnauthorizedError<string, unknown> | undefined;
     } | {
-        authenticated: boolean;
+        authenticated: true;
         credentials: import("../../../shared/contracts/admin-token").AdminApiToken;
+        user: import("../../../shared/contracts/shared").AdminUser;
         ability: import("@casl/ability").Ability<import("@casl/ability").AbilityTuple, any>;
-        error?: undefined;
+    } | {
+        authenticated: boolean;
     }>;
     verify: (auth: any) => void;
 };

package/dist/server/src/strategies/admin-token.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"admin-token.d.ts","sourceRoot":"","sources":["../../../../server/src/strategies/admin-token.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,KAAK,CAAC;AACnC,OAAO,EAAE,MAAM,EAAE,MAAM,eAAe,CAAC;AAGvC,OAAO,eAAe,CAAC;AAIvB;;GAEG;AACH,eAAO,MAAM,YAAY,QAAe,OAAO;;;;;;;;;;;;;;;EA8D9C,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,MAAM,SAAU,GAAG,KAAG,IAWlC,CAAC;;;;;;;;;;;;;;;;;;;;;AAEF,wBAIE"}
+{"version":3,"file":"admin-token.d.ts","sourceRoot":"","sources":["../../../../server/src/strategies/admin-token.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,KAAK,CAAC;AACnC,OAAO,EAAE,MAAM,EAAE,MAAM,eAAe,CAAC;AAGvC,OAAO,eAAe,CAAC;AAIvB;;GAEG;AACH,eAAO,MAAM,YAAY,QAAe,OAAO;;;;;;;;;;EAgB9C,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,MAAM,SAAU,GAAG,KAAG,IAWlC,CAAC;;;;;;;;;;;;;;;;AAEF,wBAIE"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@strapi/admin",
-  "version": "5.46.1",
+  "version": "5.47.1",
   "description": "Strapi Admin",
   "homepage": "https://strapi.io",
   "bugs": {
@@ -91,14 +91,14 @@
     "@reduxjs/toolkit": "1.9.7",
     "@strapi/design-system": "2.2.0",
     "@strapi/icons": "2.2.0",
-    "@strapi/permissions": "5.46.1",
-    "@strapi/types": "5.46.1",
-    "@strapi/typescript-utils": "5.46.1",
-    "@strapi/utils": "5.46.1",
+    "@strapi/permissions": "5.47.1",
+    "@strapi/types": "5.47.1",
+    "@strapi/typescript-utils": "5.47.1",
+    "@strapi/utils": "5.47.1",
     "@testing-library/dom": "10.4.1",
     "@testing-library/react": "16.3.0",
     "@testing-library/user-event": "14.6.1",
-    "axios": "1.16.0",
+    "axios": "1.16.1",
     "bcryptjs": "2.4.3",
     "boxen": "5.1.2",
     "chalk": "^4.1.2",
@@ -128,8 +128,7 @@
     "p-map": "4.0.0",
     "passport-local": "1.0.0",
     "pluralize": "8.0.0",
-    "punycode": "2.3.1",
-    "qs": "6.15.0",
+    "qs": "6.15.2",
     "react-dnd": "16.0.1",
     "react-dnd-html5-backend": "16.0.1",
     "react-intl": "6.6.2",
@@ -139,7 +138,7 @@
     "react-select": "5.8.0",
     "react-window": "1.8.10",
     "rimraf": "6.1.3",
-    "sanitize-html": "2.13.0",
+    "sanitize-html": "2.17.4",
     "scheduler": "0.23.0",
     "semver": "7.7.4",
     "sift": "16.0.1",
@@ -150,8 +149,8 @@
     "zod": "3.25.67"
   },
   "devDependencies": {
-    "@strapi/admin-test-utils": "5.46.1",
-    "@strapi/data-transfer": "5.46.1",
+    "@strapi/admin-test-utils": "5.47.1",
+    "@strapi/data-transfer": "5.47.1",
     "@types/codemirror5": "npm:@types/codemirror@^5.60.15",
     "@types/fs-extra": "11.0.4",
     "@types/invariant": "2.2.36",
@@ -165,7 +164,6 @@
     "@types/markdown-it-footnote": "3.0.3",
     "@types/passport-local": "1.0.36",
     "@types/pluralize": "0.0.32",
-    "@types/punycode": "2.1.4",
     "@types/react-window": "1.8.8",
     "@types/sanitize-html": "2.13.0",
     "@vitejs/plugin-react-swc": "3.6.0",

package/dist/server/server/src/policies/isAdminTokensEnabled.js

@@ -1,16 +0,0 @@
-'use strict';
-
-var utils = require('@strapi/utils');
-
-const { createPolicy } = utils.policy;
-var isAdminTokensEnabled = createPolicy({
-    name: 'admin::isAdminTokensEnabled',
-    handler (ctx, _config, { strapi }) {
-        if (strapi.features.future.isEnabled('adminTokens') !== true) {
-            throw new utils.errors.NotFoundError();
-        }
-    }
-});
-
-module.exports = isAdminTokensEnabled;
-//# sourceMappingURL=isAdminTokensEnabled.js.map

package/dist/server/server/src/policies/isAdminTokensEnabled.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"isAdminTokensEnabled.js","sources":["../../../../../server/src/policies/isAdminTokensEnabled.ts"],"sourcesContent":["import { policy, errors } from '@strapi/utils';\n\nconst { createPolicy } = policy;\n\nexport default createPolicy({\n  name: 'admin::isAdminTokensEnabled',\n  handler(ctx, _config, { strapi }) {\n    if (strapi.features.future.isEnabled('adminTokens') !== true) {\n      throw new errors.NotFoundError();\n    }\n  },\n});\n"],"names":["createPolicy","policy","name","handler","ctx","_config","strapi","features","future","isEnabled","errors","NotFoundError"],"mappings":";;;;AAEA,MAAM,EAAEA,YAAY,EAAE,GAAGC,YAAAA;AAEzB,2BAAeD,YAAAA,CAAa;IAC1BE,IAAAA,EAAM,6BAAA;AACNC,IAAAA,OAAAA,CAAAA,CAAQC,GAAG,EAAEC,OAAO,EAAE,EAAEC,MAAM,EAAE,EAAA;QAC9B,IAAIA,MAAAA,CAAOC,QAAQ,CAACC,MAAM,CAACC,SAAS,CAAC,mBAAmB,IAAA,EAAM;YAC5D,MAAM,IAAIC,aAAOC,aAAa,EAAA;AAChC,QAAA;AACF,IAAA;AACF,CAAA,CAAA;;;;"}

package/dist/server/server/src/policies/isAdminTokensEnabled.mjs

@@ -1,14 +0,0 @@
-import { policy, errors } from '@strapi/utils';
-
-const { createPolicy } = policy;
-var isAdminTokensEnabled = createPolicy({
-    name: 'admin::isAdminTokensEnabled',
-    handler (ctx, _config, { strapi }) {
-        if (strapi.features.future.isEnabled('adminTokens') !== true) {
-            throw new errors.NotFoundError();
-        }
-    }
-});
-
-export { isAdminTokensEnabled as default };
-//# sourceMappingURL=isAdminTokensEnabled.mjs.map

package/dist/server/server/src/policies/isAdminTokensEnabled.mjs.map

@@ -1 +0,0 @@
-{"version":3,"file":"isAdminTokensEnabled.mjs","sources":["../../../../../server/src/policies/isAdminTokensEnabled.ts"],"sourcesContent":["import { policy, errors } from '@strapi/utils';\n\nconst { createPolicy } = policy;\n\nexport default createPolicy({\n  name: 'admin::isAdminTokensEnabled',\n  handler(ctx, _config, { strapi }) {\n    if (strapi.features.future.isEnabled('adminTokens') !== true) {\n      throw new errors.NotFoundError();\n    }\n  },\n});\n"],"names":["createPolicy","policy","name","handler","ctx","_config","strapi","features","future","isEnabled","errors","NotFoundError"],"mappings":";;AAEA,MAAM,EAAEA,YAAY,EAAE,GAAGC,MAAAA;AAEzB,2BAAeD,YAAAA,CAAa;IAC1BE,IAAAA,EAAM,6BAAA;AACNC,IAAAA,OAAAA,CAAAA,CAAQC,GAAG,EAAEC,OAAO,EAAE,EAAEC,MAAM,EAAE,EAAA;QAC9B,IAAIA,MAAAA,CAAOC,QAAQ,CAACC,MAAM,CAACC,SAAS,CAAC,mBAAmB,IAAA,EAAM;YAC5D,MAAM,IAAIC,OAAOC,aAAa,EAAA;AAChC,QAAA;AACF,IAAA;AACF,CAAA,CAAA;;;;"}

package/dist/server/src/policies/isAdminTokensEnabled.d.ts

@@ -1,7 +0,0 @@
-declare const _default: {
-    name: string;
-    validator: (config: unknown) => void;
-    handler: (...args: any[]) => any;
-};
-export default _default;
-//# sourceMappingURL=isAdminTokensEnabled.d.ts.map

package/dist/server/src/policies/isAdminTokensEnabled.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"isAdminTokensEnabled.d.ts","sourceRoot":"","sources":["../../../../server/src/policies/isAdminTokensEnabled.ts"],"names":[],"mappings":";;;;;AAIA,wBAOG"}