@strapi/admin 5.48.1 → 5.49.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/admin/admin/src/StrapiApp.js +33 -20
- package/dist/admin/admin/src/StrapiApp.js.map +1 -1
- package/dist/admin/admin/src/StrapiApp.mjs +6 -1
- package/dist/admin/admin/src/StrapiApp.mjs.map +1 -1
- package/dist/admin/admin/src/components/ConfirmDialog.js +3 -2
- package/dist/admin/admin/src/components/ConfirmDialog.js.map +1 -1
- package/dist/admin/admin/src/components/Context.js +4 -3
- package/dist/admin/admin/src/components/Context.js.map +1 -1
- package/dist/admin/admin/src/components/DescriptionComponentRenderer.js +8 -4
- package/dist/admin/admin/src/components/DescriptionComponentRenderer.js.map +1 -1
- package/dist/admin/admin/src/components/Filters.js +3 -2
- package/dist/admin/admin/src/components/Filters.js.map +1 -1
- package/dist/admin/admin/src/components/Form.js +9 -5
- package/dist/admin/admin/src/components/Form.js.map +1 -1
- package/dist/admin/admin/src/components/FormInputs/Date.js +3 -2
- package/dist/admin/admin/src/components/FormInputs/Date.js.map +1 -1
- package/dist/admin/admin/src/components/FormInputs/Json.js +3 -2
- package/dist/admin/admin/src/components/FormInputs/Json.js.map +1 -1
- package/dist/admin/admin/src/components/GapDropZone.js +3 -2
- package/dist/admin/admin/src/components/GapDropZone.js.map +1 -1
- package/dist/admin/admin/src/components/GuidedTour/Context.js +3 -2
- package/dist/admin/admin/src/components/GuidedTour/Context.js.map +1 -1
- package/dist/admin/admin/src/components/GuidedTour/Steps/Step.js +3 -2
- package/dist/admin/admin/src/components/GuidedTour/Steps/Step.js.map +1 -1
- package/dist/admin/admin/src/components/GuidedTour/Tours.js +9 -3
- package/dist/admin/admin/src/components/GuidedTour/Tours.js.map +1 -1
- package/dist/admin/admin/src/components/GuidedTour/Tours.mjs +6 -1
- package/dist/admin/admin/src/components/GuidedTour/Tours.mjs.map +1 -1
- package/dist/admin/admin/src/components/LanguageProvider.js +5 -1
- package/dist/admin/admin/src/components/LanguageProvider.js.map +1 -1
- package/dist/admin/admin/src/components/Layouts/HeaderLayout.js +3 -2
- package/dist/admin/admin/src/components/Layouts/HeaderLayout.js.map +1 -1
- package/dist/admin/admin/src/components/LeftMenu.js +3 -2
- package/dist/admin/admin/src/components/LeftMenu.js.map +1 -1
- package/dist/admin/admin/src/components/NpsSurvey.js +4 -3
- package/dist/admin/admin/src/components/NpsSurvey.js.map +1 -1
- package/dist/admin/admin/src/components/PageHelpers.js +3 -2
- package/dist/admin/admin/src/components/PageHelpers.js.map +1 -1
- package/dist/admin/admin/src/components/Pagination.js +3 -2
- package/dist/admin/admin/src/components/Pagination.js.map +1 -1
- package/dist/admin/admin/src/components/PluginsInitializer.js +3 -2
- package/dist/admin/admin/src/components/PluginsInitializer.js.map +1 -1
- package/dist/admin/admin/src/components/RelativeTime.js +3 -2
- package/dist/admin/admin/src/components/RelativeTime.js.map +1 -1
- package/dist/admin/admin/src/components/ResizeIndicator.js +3 -2
- package/dist/admin/admin/src/components/ResizeIndicator.js.map +1 -1
- package/dist/admin/admin/src/components/SearchInput.js +3 -2
- package/dist/admin/admin/src/components/SearchInput.js.map +1 -1
- package/dist/admin/admin/src/components/Table.js +3 -2
- package/dist/admin/admin/src/components/Table.js.map +1 -1
- package/dist/admin/admin/src/components/Theme.js +3 -2
- package/dist/admin/admin/src/components/Theme.js.map +1 -1
- package/dist/admin/admin/src/components/WidgetRoot.js +9 -5
- package/dist/admin/admin/src/components/WidgetRoot.js.map +1 -1
- package/dist/admin/admin/src/core/apis/CustomFields.js +14 -10
- package/dist/admin/admin/src/core/apis/CustomFields.js.map +1 -1
- package/dist/admin/admin/src/core/apis/Widgets.js +8 -4
- package/dist/admin/admin/src/core/apis/Widgets.js.map +1 -1
- package/dist/admin/admin/src/core/apis/router.js +20 -16
- package/dist/admin/admin/src/core/apis/router.js.map +1 -1
- package/dist/admin/admin/src/core/apis/router.mjs.map +1 -1
- package/dist/admin/admin/src/features/Auth.js +78 -6
- package/dist/admin/admin/src/features/Auth.js.map +1 -1
- package/dist/admin/admin/src/features/Auth.mjs +77 -6
- package/dist/admin/admin/src/features/Auth.mjs.map +1 -1
- package/dist/admin/admin/src/features/BackButton.js +3 -2
- package/dist/admin/admin/src/features/BackButton.js.map +1 -1
- package/dist/admin/admin/src/features/Configuration.js +3 -2
- package/dist/admin/admin/src/features/Configuration.js.map +1 -1
- package/dist/admin/admin/src/features/Notifications.js +3 -2
- package/dist/admin/admin/src/features/Notifications.js.map +1 -1
- package/dist/admin/admin/src/features/Tracking.js +7 -3
- package/dist/admin/admin/src/features/Tracking.js.map +1 -1
- package/dist/admin/admin/src/features/Widgets.js +3 -2
- package/dist/admin/admin/src/features/Widgets.js.map +1 -1
- package/dist/admin/admin/src/hooks/useAPIErrorHandler.js +3 -2
- package/dist/admin/admin/src/hooks/useAPIErrorHandler.js.map +1 -1
- package/dist/admin/admin/src/hooks/useAdminRoles.js +3 -2
- package/dist/admin/admin/src/hooks/useAdminRoles.js.map +1 -1
- package/dist/admin/admin/src/hooks/useControllableState.js +3 -2
- package/dist/admin/admin/src/hooks/useControllableState.js.map +1 -1
- package/dist/admin/admin/src/hooks/useDebounce.js +3 -2
- package/dist/admin/admin/src/hooks/useDebounce.js.map +1 -1
- package/dist/admin/admin/src/hooks/useDeviceType.js +3 -2
- package/dist/admin/admin/src/hooks/useDeviceType.js.map +1 -1
- package/dist/admin/admin/src/hooks/useElementOnScreen.js +3 -2
- package/dist/admin/admin/src/hooks/useElementOnScreen.js.map +1 -1
- package/dist/admin/admin/src/hooks/useEnterprise.js +3 -2
- package/dist/admin/admin/src/hooks/useEnterprise.js.map +1 -1
- package/dist/admin/admin/src/hooks/useFetchClient.js +3 -2
- package/dist/admin/admin/src/hooks/useFetchClient.js.map +1 -1
- package/dist/admin/admin/src/hooks/useForceUpdate.js +3 -2
- package/dist/admin/admin/src/hooks/useForceUpdate.js.map +1 -1
- package/dist/admin/admin/src/hooks/useIdleSessionLogout.js +85 -15
- package/dist/admin/admin/src/hooks/useIdleSessionLogout.js.map +1 -1
- package/dist/admin/admin/src/hooks/useIdleSessionLogout.mjs +82 -14
- package/dist/admin/admin/src/hooks/useIdleSessionLogout.mjs.map +1 -1
- package/dist/admin/admin/src/hooks/useIsMounted.js +3 -2
- package/dist/admin/admin/src/hooks/useIsMounted.js.map +1 -1
- package/dist/admin/admin/src/hooks/useMediaQuery.js +3 -2
- package/dist/admin/admin/src/hooks/useMediaQuery.js.map +1 -1
- package/dist/admin/admin/src/hooks/useMenu.js +7 -3
- package/dist/admin/admin/src/hooks/useMenu.js.map +1 -1
- package/dist/admin/admin/src/hooks/useOnce.js +3 -2
- package/dist/admin/admin/src/hooks/useOnce.js.map +1 -1
- package/dist/admin/admin/src/hooks/useRBAC.js +7 -3
- package/dist/admin/admin/src/hooks/useRBAC.js.map +1 -1
- package/dist/admin/admin/src/hooks/useSettingsMenu.js +7 -3
- package/dist/admin/admin/src/hooks/useSettingsMenu.js.map +1 -1
- package/dist/admin/admin/src/hooks/useThrottledCallback.js +5 -1
- package/dist/admin/admin/src/hooks/useThrottledCallback.js.map +1 -1
- package/dist/admin/admin/src/layouts/AuthenticatedLayout.js +11 -5
- package/dist/admin/admin/src/layouts/AuthenticatedLayout.js.map +1 -1
- package/dist/admin/admin/src/pages/Auth/components/ForgotPassword.js +3 -2
- package/dist/admin/admin/src/pages/Auth/components/ForgotPassword.js.map +1 -1
- package/dist/admin/admin/src/pages/Auth/components/Login.js +8 -4
- package/dist/admin/admin/src/pages/Auth/components/Login.js.map +1 -1
- package/dist/admin/admin/src/pages/Auth/components/Oops.js +3 -2
- package/dist/admin/admin/src/pages/Auth/components/Oops.js.map +1 -1
- package/dist/admin/admin/src/pages/Auth/components/Register.js +9 -5
- package/dist/admin/admin/src/pages/Auth/components/Register.js.map +1 -1
- package/dist/admin/admin/src/pages/Auth/components/ResetPassword.js +4 -3
- package/dist/admin/admin/src/pages/Auth/components/ResetPassword.js.map +1 -1
- package/dist/admin/admin/src/pages/Home/HomePage.js +3 -2
- package/dist/admin/admin/src/pages/Home/HomePage.js.map +1 -1
- package/dist/admin/admin/src/pages/Home/components/AddWidgetModal.js +8 -4
- package/dist/admin/admin/src/pages/Home/components/AddWidgetModal.js.map +1 -1
- package/dist/admin/admin/src/pages/Home/components/FreeTrialEndedModal.js +7 -3
- package/dist/admin/admin/src/pages/Home/components/FreeTrialEndedModal.js.map +1 -1
- package/dist/admin/admin/src/pages/Home/components/FreeTrialWelcomeModal.js +7 -3
- package/dist/admin/admin/src/pages/Home/components/FreeTrialWelcomeModal.js.map +1 -1
- package/dist/admin/admin/src/pages/ProfilePage.js +8 -4
- package/dist/admin/admin/src/pages/ProfilePage.js.map +1 -1
- package/dist/admin/admin/src/pages/Settings/components/Tokens/FormHead.js +3 -2
- package/dist/admin/admin/src/pages/Settings/components/Tokens/FormHead.js.map +1 -1
- package/dist/admin/admin/src/pages/Settings/components/Tokens/Table.js +3 -2
- package/dist/admin/admin/src/pages/Settings/components/Tokens/Table.js.map +1 -1
- package/dist/admin/admin/src/pages/Settings/components/Tokens/constants.js +3 -2
- package/dist/admin/admin/src/pages/Settings/components/Tokens/constants.js.map +1 -1
- package/dist/admin/admin/src/pages/Settings/components/Tokens/utils/getDateOfExpiration.js +3 -2
- package/dist/admin/admin/src/pages/Settings/components/Tokens/utils/getDateOfExpiration.js.map +1 -1
- package/dist/admin/admin/src/pages/Settings/pages/AdminTokens/EditView/EditViewPage.js +3 -2
- package/dist/admin/admin/src/pages/Settings/pages/AdminTokens/EditView/EditViewPage.js.map +1 -1
- package/dist/admin/admin/src/pages/Settings/pages/AdminTokens/EditView/components/AdminPermissions.js +3 -2
- package/dist/admin/admin/src/pages/Settings/pages/AdminTokens/EditView/components/AdminPermissions.js.map +1 -1
- package/dist/admin/admin/src/pages/Settings/pages/AdminTokens/ListView.js +4 -3
- package/dist/admin/admin/src/pages/Settings/pages/AdminTokens/ListView.js.map +1 -1
- package/dist/admin/admin/src/pages/Settings/pages/ApiTokens/EditView/EditViewPage.js +3 -2
- package/dist/admin/admin/src/pages/Settings/pages/ApiTokens/EditView/EditViewPage.js.map +1 -1
- package/dist/admin/admin/src/pages/Settings/pages/ApiTokens/EditView/components/BoundRoute.js +7 -2
- package/dist/admin/admin/src/pages/Settings/pages/ApiTokens/EditView/components/BoundRoute.js.map +1 -1
- package/dist/admin/admin/src/pages/Settings/pages/ApiTokens/EditView/components/CollapsableContentType.js +5 -1
- package/dist/admin/admin/src/pages/Settings/pages/ApiTokens/EditView/components/CollapsableContentType.js.map +1 -1
- package/dist/admin/admin/src/pages/Settings/pages/ApiTokens/EditView/reducer.js +6 -2
- package/dist/admin/admin/src/pages/Settings/pages/ApiTokens/EditView/reducer.js.map +1 -1
- package/dist/admin/admin/src/pages/Settings/pages/ApiTokens/ListView.js +4 -3
- package/dist/admin/admin/src/pages/Settings/pages/ApiTokens/ListView.js.map +1 -1
- package/dist/admin/admin/src/pages/Settings/pages/ApplicationInfo/ApplicationInfoPage.js +3 -2
- package/dist/admin/admin/src/pages/Settings/pages/ApplicationInfo/ApplicationInfoPage.js.map +1 -1
- package/dist/admin/admin/src/pages/Settings/pages/ApplicationInfo/components/LogoInput.js +7 -3
- package/dist/admin/admin/src/pages/Settings/pages/ApplicationInfo/components/LogoInput.js.map +1 -1
- package/dist/admin/admin/src/pages/Settings/pages/InstalledPlugins.js +3 -2
- package/dist/admin/admin/src/pages/Settings/pages/InstalledPlugins.js.map +1 -1
- package/dist/admin/admin/src/pages/Settings/pages/Roles/CreatePage.js +4 -3
- package/dist/admin/admin/src/pages/Settings/pages/Roles/CreatePage.js.map +1 -1
- package/dist/admin/admin/src/pages/Settings/pages/Roles/EditPage.js +4 -3
- package/dist/admin/admin/src/pages/Settings/pages/Roles/EditPage.js.map +1 -1
- package/dist/admin/admin/src/pages/Settings/pages/Roles/ListPage.js +3 -2
- package/dist/admin/admin/src/pages/Settings/pages/Roles/ListPage.js.map +1 -1
- package/dist/admin/admin/src/pages/Settings/pages/Roles/components/CollapsePropertyMatrix.js +10 -6
- package/dist/admin/admin/src/pages/Settings/pages/Roles/components/CollapsePropertyMatrix.js.map +1 -1
- package/dist/admin/admin/src/pages/Settings/pages/Roles/components/ConditionsButton.js +3 -2
- package/dist/admin/admin/src/pages/Settings/pages/Roles/components/ConditionsButton.js.map +1 -1
- package/dist/admin/admin/src/pages/Settings/pages/Roles/components/ConditionsModal.js +13 -7
- package/dist/admin/admin/src/pages/Settings/pages/Roles/components/ConditionsModal.js.map +1 -1
- package/dist/admin/admin/src/pages/Settings/pages/Roles/components/ContentTypeCollapses.js +15 -9
- package/dist/admin/admin/src/pages/Settings/pages/Roles/components/ContentTypeCollapses.js.map +1 -1
- package/dist/admin/admin/src/pages/Settings/pages/Roles/components/GlobalActions.js +9 -5
- package/dist/admin/admin/src/pages/Settings/pages/Roles/components/GlobalActions.js.map +1 -1
- package/dist/admin/admin/src/pages/Settings/pages/Roles/components/Permissions.js +33 -25
- package/dist/admin/admin/src/pages/Settings/pages/Roles/components/Permissions.js.map +1 -1
- package/dist/admin/admin/src/pages/Settings/pages/Roles/components/PluginsAndSettings.js +10 -6
- package/dist/admin/admin/src/pages/Settings/pages/Roles/components/PluginsAndSettings.js.map +1 -1
- package/dist/admin/admin/src/pages/Settings/pages/Roles/hooks/usePermissionsDataManager.js +3 -2
- package/dist/admin/admin/src/pages/Settings/pages/Roles/hooks/usePermissionsDataManager.js.map +1 -1
- package/dist/admin/admin/src/pages/Settings/pages/Roles/utils/difference.js +9 -3
- package/dist/admin/admin/src/pages/Settings/pages/Roles/utils/difference.js.map +1 -1
- package/dist/admin/admin/src/pages/Settings/pages/Roles/utils/forms.js +8 -3
- package/dist/admin/admin/src/pages/Settings/pages/Roles/utils/forms.js.map +1 -1
- package/dist/admin/admin/src/pages/Settings/pages/Roles/utils/layouts.js +6 -2
- package/dist/admin/admin/src/pages/Settings/pages/Roles/utils/layouts.js.map +1 -1
- package/dist/admin/admin/src/pages/Settings/pages/Roles/utils/updateConditionsToFalse.js +8 -3
- package/dist/admin/admin/src/pages/Settings/pages/Roles/utils/updateConditionsToFalse.js.map +1 -1
- package/dist/admin/admin/src/pages/Settings/pages/TransferTokens/EditView.js +4 -3
- package/dist/admin/admin/src/pages/Settings/pages/TransferTokens/EditView.js.map +1 -1
- package/dist/admin/admin/src/pages/Settings/pages/TransferTokens/ListView.js +4 -3
- package/dist/admin/admin/src/pages/Settings/pages/TransferTokens/ListView.js.map +1 -1
- package/dist/admin/admin/src/pages/Settings/pages/Users/EditPage.js +9 -5
- package/dist/admin/admin/src/pages/Settings/pages/Users/EditPage.js.map +1 -1
- package/dist/admin/admin/src/pages/Settings/pages/Users/ListPage.js +4 -3
- package/dist/admin/admin/src/pages/Settings/pages/Users/ListPage.js.map +1 -1
- package/dist/admin/admin/src/pages/Settings/pages/Users/components/CreateActionCE.js +3 -2
- package/dist/admin/admin/src/pages/Settings/pages/Users/components/CreateActionCE.js.map +1 -1
- package/dist/admin/admin/src/pages/Settings/pages/Users/components/NewUserForm.js +4 -3
- package/dist/admin/admin/src/pages/Settings/pages/Users/components/NewUserForm.js.map +1 -1
- package/dist/admin/admin/src/pages/Settings/pages/Users/utils/validation.js +3 -2
- package/dist/admin/admin/src/pages/Settings/pages/Users/utils/validation.js.map +1 -1
- package/dist/admin/admin/src/pages/Settings/pages/Webhooks/EditPage.js +3 -2
- package/dist/admin/admin/src/pages/Settings/pages/Webhooks/EditPage.js.map +1 -1
- package/dist/admin/admin/src/pages/Settings/pages/Webhooks/ListPage.js +3 -2
- package/dist/admin/admin/src/pages/Settings/pages/Webhooks/ListPage.js.map +1 -1
- package/dist/admin/admin/src/pages/Settings/pages/Webhooks/components/HeadersInput.js +3 -2
- package/dist/admin/admin/src/pages/Settings/pages/Webhooks/components/HeadersInput.js.map +1 -1
- package/dist/admin/admin/src/pages/Settings/pages/Webhooks/components/WebhookForm.js +4 -3
- package/dist/admin/admin/src/pages/Settings/pages/Webhooks/components/WebhookForm.js.map +1 -1
- package/dist/admin/admin/src/pages/UseCasePage.js +3 -2
- package/dist/admin/admin/src/pages/UseCasePage.js.map +1 -1
- package/dist/admin/admin/src/utils/getFetchClient.js +7 -2
- package/dist/admin/admin/src/utils/getFetchClient.js.map +1 -1
- package/dist/admin/admin/src/utils/locales.js +3 -2
- package/dist/admin/admin/src/utils/locales.js.map +1 -1
- package/dist/admin/admin/src/utils/objects.js +9 -4
- package/dist/admin/admin/src/utils/objects.js.map +1 -1
- package/dist/admin/admin/src/utils/rulesEngine.js +5 -1
- package/dist/admin/admin/src/utils/rulesEngine.js.map +1 -1
- package/dist/admin/admin/src/utils/urls.js +5 -1
- package/dist/admin/admin/src/utils/urls.js.map +1 -1
- package/dist/admin/admin/tests/utils.js +3 -2
- package/dist/admin/admin/tests/utils.js.map +1 -1
- package/dist/admin/ee/admin/src/hooks/useLicenseLimitNotification.js +7 -3
- package/dist/admin/ee/admin/src/hooks/useLicenseLimitNotification.js.map +1 -1
- package/dist/admin/ee/admin/src/hooks/useLicenseLimits.js +3 -2
- package/dist/admin/ee/admin/src/hooks/useLicenseLimits.js.map +1 -1
- package/dist/admin/ee/admin/src/pages/AuthResponse.js +3 -2
- package/dist/admin/ee/admin/src/pages/AuthResponse.js.map +1 -1
- package/dist/admin/ee/admin/src/pages/SettingsPage/pages/AuditLogs/components/Modal.js +3 -2
- package/dist/admin/ee/admin/src/pages/SettingsPage/pages/AuditLogs/components/Modal.js.map +1 -1
- package/dist/admin/ee/admin/src/pages/SettingsPage/pages/AuditLogs/hooks/useAuditLogsData.js +3 -2
- package/dist/admin/ee/admin/src/pages/SettingsPage/pages/AuditLogs/hooks/useAuditLogsData.js.map +1 -1
- package/dist/admin/ee/admin/src/pages/SettingsPage/pages/AuditLogs/hooks/useFormatTimeStamp.js +5 -1
- package/dist/admin/ee/admin/src/pages/SettingsPage/pages/AuditLogs/hooks/useFormatTimeStamp.js.map +1 -1
- package/dist/admin/ee/admin/src/pages/SettingsPage/pages/SingleSignOnPage.js +3 -2
- package/dist/admin/ee/admin/src/pages/SettingsPage/pages/SingleSignOnPage.js.map +1 -1
- package/dist/admin/ee/admin/src/pages/SettingsPage/pages/Users/components/CreateActionEE.js +7 -3
- package/dist/admin/ee/admin/src/pages/SettingsPage/pages/Users/components/CreateActionEE.js.map +1 -1
- package/dist/admin/src/StrapiApp.d.ts +7 -1
- package/dist/admin/src/core/apis/router.d.ts +1 -2
- package/dist/admin/src/hooks/useIdleSessionLogout.d.ts +66 -12
- package/dist/server/ee/server/src/controllers/authentication-utils/middlewares.js +5 -1
- package/dist/server/ee/server/src/controllers/authentication-utils/middlewares.js.map +1 -1
- package/dist/server/ee/server/src/controllers/authentication.js +5 -1
- package/dist/server/ee/server/src/controllers/authentication.js.map +1 -1
- package/dist/server/ee/server/src/controllers/user.js +6 -2
- package/dist/server/ee/server/src/controllers/user.js.map +1 -1
- package/dist/server/ee/server/src/services/auth.js +5 -1
- package/dist/server/ee/server/src/services/auth.js.map +1 -1
- package/dist/server/ee/server/src/services/user.js +8 -4
- package/dist/server/ee/server/src/services/user.js.map +1 -1
- package/dist/server/index.js +6 -2
- package/dist/server/index.js.map +1 -1
- package/dist/server/server/src/ai/services/ai.js +10 -4
- package/dist/server/server/src/ai/services/ai.js.map +1 -1
- package/dist/server/server/src/controllers/admin.js +9 -4
- package/dist/server/server/src/controllers/admin.js.map +1 -1
- package/dist/server/server/src/controllers/authentication.js +7 -2
- package/dist/server/server/src/controllers/authentication.js.map +1 -1
- package/dist/server/server/src/controllers/user.js +3 -2
- package/dist/server/server/src/controllers/user.js.map +1 -1
- package/dist/server/server/src/controllers/webhooks.js +7 -2
- package/dist/server/server/src/controllers/webhooks.js.map +1 -1
- package/dist/server/server/src/middlewares/rateLimit.js +7 -2
- package/dist/server/server/src/middlewares/rateLimit.js.map +1 -1
- package/dist/server/server/src/policies/hasPermissions.js +7 -3
- package/dist/server/server/src/policies/hasPermissions.js.map +1 -1
- package/dist/server/server/src/routes/serve-admin-panel.js +8 -3
- package/dist/server/server/src/routes/serve-admin-panel.js.map +1 -1
- package/dist/server/server/src/services/api-token.js +7 -3
- package/dist/server/server/src/services/api-token.js.map +1 -1
- package/dist/server/server/src/services/auth.js +8 -3
- package/dist/server/server/src/services/auth.js.map +1 -1
- package/dist/server/server/src/services/content-type.js +6 -2
- package/dist/server/server/src/services/content-type.js.map +1 -1
- package/dist/server/server/src/services/encryption.js +8 -4
- package/dist/server/server/src/services/encryption.js.map +1 -1
- package/dist/server/server/src/services/passport.js +6 -2
- package/dist/server/server/src/services/passport.js.map +1 -1
- package/dist/server/server/src/services/permission/engine.js +5 -1
- package/dist/server/server/src/services/permission/engine.js.map +1 -1
- package/dist/server/server/src/services/permission/permissions-manager/index.js +5 -1
- package/dist/server/server/src/services/permission/permissions-manager/index.js.map +1 -1
- package/dist/server/server/src/services/permission/permissions-manager/query-builders.js +14 -10
- package/dist/server/server/src/services/permission/permissions-manager/query-builders.js.map +1 -1
- package/dist/server/server/src/services/permission/queries.js +5 -1
- package/dist/server/server/src/services/permission/queries.js.map +1 -1
- package/dist/server/server/src/services/project-settings.js +6 -2
- package/dist/server/server/src/services/project-settings.js.map +1 -1
- package/dist/server/server/src/services/role.js +8 -4
- package/dist/server/server/src/services/role.js.map +1 -1
- package/dist/server/server/src/services/token.js +7 -2
- package/dist/server/server/src/services/token.js.map +1 -1
- package/dist/server/server/src/services/transfer/permission.js +5 -1
- package/dist/server/server/src/services/transfer/permission.js.map +1 -1
- package/dist/server/server/src/services/transfer/token.js +10 -5
- package/dist/server/server/src/services/transfer/token.js.map +1 -1
- package/dist/server/server/src/services/user.js +10 -6
- package/dist/server/server/src/services/user.js.map +1 -1
- package/dist/server/server/src/validation/common-functions/check-fields-are-correctly-nested.js +5 -1
- package/dist/server/server/src/validation/common-functions/check-fields-are-correctly-nested.js.map +1 -1
- package/dist/server/server/src/validation/common-functions/check-fields-dont-have-duplicates.js +6 -2
- package/dist/server/server/src/validation/common-functions/check-fields-dont-have-duplicates.js.map +1 -1
- package/dist/server/server/src/validation/common-validators.js +6 -2
- package/dist/server/server/src/validation/common-validators.js.map +1 -1
- package/dist/server/server/src/validation/policies/hasPermissions.js +6 -2
- package/dist/server/server/src/validation/policies/hasPermissions.js.map +1 -1
- package/dist/server/shared/utils/session-auth.js +5 -1
- package/dist/server/shared/utils/session-auth.js.map +1 -1
- package/package.json +7 -7
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authentication.js","sources":["../../../../../server/src/controllers/authentication.ts"],"sourcesContent":["import type { Context, Next } from 'koa';\nimport passport from 'koa-passport';\nimport compose from 'koa-compose';\nimport '@strapi/types';\nimport { errors } from '@strapi/utils';\nimport { getService } from '../utils';\nimport {\n REFRESH_COOKIE_NAME,\n buildCookieOptionsWithExpiry,\n getSessionManager,\n extractDeviceParams,\n generateDeviceId,\n getRefreshCookieOptions,\n} from '../../../shared/utils/session-auth';\n\nimport {\n validateRegistrationInput,\n validateAdminRegistrationInput,\n validateRegistrationInfoQuery,\n validateForgotPasswordInput,\n validateResetPasswordInput,\n validateLoginSessionInput,\n} from '../validation/authentication';\n\nimport type {\n ForgotPassword,\n Login,\n Register,\n RegisterAdmin,\n RegistrationInfo,\n ResetPassword,\n} from '../../../shared/contracts/authentication';\nimport { AdminUser } from '../../../shared/contracts/shared';\n\nconst { ApplicationError, ValidationError } = errors;\n\nexport default {\n login: compose([\n async (ctx: Context, next: Next) => {\n await validateLoginSessionInput(ctx.request.body ?? {});\n return next();\n },\n (ctx: Context, next: Next) => {\n return passport.authenticate('local', { session: false }, (err, user, info) => {\n if (err) {\n strapi.eventHub.emit('admin.auth.error', { error: err, provider: 'local' });\n // if this is a recognized error, allow it to bubble up to user\n if (err.details?.code === 'LOGIN_NOT_ALLOWED') {\n throw err;\n }\n\n // for all other errors throw a generic error to prevent leaking info\n return ctx.notImplemented();\n }\n\n if (!user) {\n strapi.eventHub.emit('admin.auth.error', {\n error: new Error(info.message),\n provider: 'local',\n });\n throw new ApplicationError(info.message);\n }\n\n const query = ctx.state as Login.Request['query'];\n query.user = user;\n\n const sanitizedUser = getService('user').sanitizeUser(user);\n strapi.eventHub.emit('admin.auth.success', { user: sanitizedUser, provider: 'local' });\n\n return next();\n })(ctx, next);\n },\n async (ctx: Context) => {\n const { user } = ctx.state as { user: AdminUser };\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n const userId = String(user.id);\n const { deviceId, rememberMe } = extractDeviceParams(ctx.request.body);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, {\n type: rememberMe ? 'refresh' : 'session',\n });\n\n const cookieOptions = buildCookieOptionsWithExpiry(\n rememberMe ? 'refresh' : 'session',\n absoluteExpiresAt,\n ctx.request.secure\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token: accessToken } = accessResult;\n\n ctx.body = {\n data: {\n token: accessToken,\n accessToken,\n user: getService('user').sanitizeUser(ctx.state.user),\n },\n } satisfies Login.Response;\n } catch (error) {\n strapi.log.error('Failed to create admin refresh session', error);\n return ctx.internalServerError();\n }\n },\n ]),\n\n async registrationInfo(ctx: Context) {\n await validateRegistrationInfoQuery(ctx.request.query);\n\n const { registrationToken } = ctx.request.query as RegistrationInfo.Request['query'];\n\n const registrationInfo = await getService('user').findRegistrationInfo(registrationToken);\n\n if (!registrationInfo) {\n throw new ValidationError('Invalid registrationToken');\n }\n\n ctx.body = { data: registrationInfo } satisfies RegistrationInfo.Response;\n },\n\n async register(ctx: Context) {\n const input = ctx.request.body as Register.Request['body'];\n\n await validateRegistrationInput(input);\n\n const user = await getService('user').register(input);\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n const userId = String(user.id);\n const { deviceId, rememberMe } = extractDeviceParams(ctx.request.body);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, { type: rememberMe ? 'refresh' : 'session' });\n\n const cookieOptions = buildCookieOptionsWithExpiry(\n rememberMe ? 'refresh' : 'session',\n absoluteExpiresAt,\n ctx.request.secure\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token: accessToken } = accessResult;\n\n ctx.body = {\n data: {\n token: accessToken,\n accessToken,\n user: getService('user').sanitizeUser(user),\n },\n } satisfies Register.Response;\n } catch (error) {\n strapi.log.error('Failed to create admin refresh session during register', error);\n return ctx.internalServerError();\n }\n },\n\n async registerAdmin(ctx: Context) {\n const input = ctx.request.body as RegisterAdmin.Request['body'];\n\n await validateAdminRegistrationInput(input);\n\n const user = await getService('user').createFirstAdmin(input);\n\n strapi.telemetry.send('didCreateFirstAdmin');\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n const userId = String(user.id);\n const { deviceId, rememberMe } = extractDeviceParams(ctx.request.body);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, { type: rememberMe ? 'refresh' : 'session' });\n\n const cookieOptions = buildCookieOptionsWithExpiry(\n rememberMe ? 'refresh' : 'session',\n absoluteExpiresAt,\n ctx.request.secure\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token: accessToken } = accessResult;\n\n ctx.body = {\n data: {\n token: accessToken,\n accessToken,\n user: getService('user').sanitizeUser(user),\n },\n } satisfies RegisterAdmin.Response;\n } catch (error) {\n strapi.log.error('Failed to create admin refresh session during register-admin', error);\n return ctx.internalServerError();\n }\n },\n\n async forgotPassword(ctx: Context) {\n const input = ctx.request.body as ForgotPassword.Request['body'];\n\n await validateForgotPasswordInput(input);\n\n getService('auth').forgotPassword(input);\n\n ctx.status = 204;\n },\n\n async resetPassword(ctx: Context) {\n const input = ctx.request.body as ResetPassword.Request['body'];\n\n await validateResetPasswordInput(input);\n\n const user = await getService('auth').resetPassword(input);\n\n // Issue a new admin refresh session and access token after password reset.\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n\n const userId = String(user.id);\n const deviceId = generateDeviceId();\n\n // Invalidate all existing sessions before creating a new one\n await sessionManager('admin').invalidateRefreshToken(userId);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, { type: 'session' });\n\n // No rememberMe flow here; expire with session by default (session cookie)\n const cookieOptions = buildCookieOptionsWithExpiry(\n 'session',\n absoluteExpiresAt,\n ctx.request.secure\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token } = accessResult;\n\n ctx.body = {\n data: {\n token,\n user: getService('user').sanitizeUser(user),\n },\n } satisfies ResetPassword.Response;\n } catch (err) {\n strapi.log.error('Failed to create admin refresh session during reset-password', err as any);\n return ctx.internalServerError();\n }\n },\n\n async accessToken(ctx: Context) {\n const refreshToken = ctx.cookies.get(REFRESH_COOKIE_NAME);\n\n if (!refreshToken) {\n return ctx.unauthorized('Missing refresh token');\n }\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n\n // Single-use renewal: rotate on access exchange, then create access token\n // from the new refresh token\n const rotation = await sessionManager('admin').rotateRefreshToken(refreshToken);\n if ('error' in rotation) {\n return ctx.unauthorized('Invalid refresh token');\n }\n\n const result = await sessionManager('admin').generateAccessToken(rotation.token);\n if ('error' in result) {\n return ctx.unauthorized('Invalid refresh token');\n }\n\n const { token } = result;\n // Preserve session-vs-remember mode using rotation.type and rotation.absoluteExpiresAt\n const opts = buildCookieOptionsWithExpiry(\n rotation.type,\n rotation.absoluteExpiresAt,\n ctx.request.secure\n );\n\n ctx.cookies.set(REFRESH_COOKIE_NAME, rotation.token, opts);\n ctx.body = { data: { token } };\n } catch (err) {\n strapi.log.error('Failed to generate access token from refresh token', err as any);\n return ctx.internalServerError();\n }\n },\n\n async logout(ctx: Context) {\n const sanitizedUser = getService('user').sanitizeUser(ctx.state.user);\n strapi.eventHub.emit('admin.logout', { user: sanitizedUser });\n\n const bodyDeviceId = ctx.request.body?.deviceId as string | undefined;\n const deviceId = typeof bodyDeviceId === 'string' ? bodyDeviceId : undefined;\n\n // Clear cookie regardless of token validity\n ctx.cookies.set(REFRESH_COOKIE_NAME, '', {\n ...getRefreshCookieOptions(ctx.request.secure),\n expires: new Date(0),\n });\n\n try {\n const sessionManager = getSessionManager();\n if (sessionManager) {\n const userId = String(ctx.state.user.id);\n await sessionManager('admin').invalidateRefreshToken(userId, deviceId);\n }\n } catch (err) {\n strapi.log.error('Failed to revoke admin sessions during logout', err as any);\n }\n\n ctx.body = { data: {} };\n },\n};\n"],"names":["ApplicationError","ValidationError","errors","login","compose","ctx","next","validateLoginSessionInput","request","body","passport","authenticate","session","err","user","info","strapi","eventHub","emit","error","provider","details","code","notImplemented","Error","message","query","state","sanitizedUser","getService","sanitizeUser","sessionManager","getSessionManager","internalServerError","userId","String","id","deviceId","rememberMe","extractDeviceParams","token","refreshToken","absoluteExpiresAt","generateRefreshToken","type","cookieOptions","buildCookieOptionsWithExpiry","secure","cookies","set","REFRESH_COOKIE_NAME","accessResult","generateAccessToken","accessToken","data","log","registrationInfo","validateRegistrationInfoQuery","registrationToken","findRegistrationInfo","register","input","validateRegistrationInput","registerAdmin","validateAdminRegistrationInput","createFirstAdmin","telemetry","send","forgotPassword","validateForgotPasswordInput","status","resetPassword","validateResetPasswordInput","generateDeviceId","invalidateRefreshToken","get","unauthorized","rotation","rotateRefreshToken","result","opts","logout","bodyDeviceId","undefined","getRefreshCookieOptions","expires","Date"],"mappings":";;;;;;;;;;;;;AAkCA,MAAM,EAAEA,gBAAgB,EAAEC,eAAe,EAAE,GAAGC,YAAAA;AAE9C,qBAAe;AACbC,IAAAA,KAAAA,EAAOC,OAAAA,CAAQ;AACb,QAAA,OAAOC,GAAAA,EAAcC,IAAAA,GAAAA;AACnB,YAAA,MAAMC,MAA0BF,GAAAA,CAAIG,OAAO,CAACC,IAAI,IAAI,EAAC,CAAA;YACrD,OAAOH,IAAAA,EAAAA;AACT,QAAA,CAAA;AACA,QAAA,CAACD,GAAAA,EAAcC,IAAAA,GAAAA;YACb,OAAOI,QAAAA,CAASC,YAAY,CAAC,OAAA,EAAS;gBAAEC,OAAAA,EAAS;aAAM,EAAG,CAACC,KAAKC,IAAAA,EAAMC,IAAAA,GAAAA;AACpE,gBAAA,IAAIF,GAAAA,EAAK;AACPG,oBAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,kBAAA,EAAoB;wBAAEC,KAAAA,EAAON,GAAAA;wBAAKO,QAAAA,EAAU;AAAQ,qBAAA,CAAA;;AAEzE,oBAAA,IAAIP,GAAAA,CAAIQ,OAAO,EAAEC,IAAAA,KAAS,mBAAA,EAAqB;wBAC7C,MAAMT,GAAAA;AACR,oBAAA;;AAGA,oBAAA,OAAOR,IAAIkB,cAAc,EAAA;AAC3B,gBAAA;AAEA,gBAAA,IAAI,CAACT,IAAAA,EAAM;AACTE,oBAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,kBAAA,EAAoB;wBACvCC,KAAAA,EAAO,IAAIK,KAAAA,CAAMT,IAAAA,CAAKU,OAAO,CAAA;wBAC7BL,QAAAA,EAAU;AACZ,qBAAA,CAAA;oBACA,MAAM,IAAIpB,gBAAAA,CAAiBe,IAAAA,CAAKU,OAAO,CAAA;AACzC,gBAAA;gBAEA,MAAMC,KAAAA,GAAQrB,IAAIsB,KAAK;AACvBD,gBAAAA,KAAAA,CAAMZ,IAAI,GAAGA,IAAAA;AAEb,gBAAA,MAAMc,aAAAA,GAAgBC,gBAAAA,CAAW,MAAA,CAAA,CAAQC,YAAY,CAAChB,IAAAA,CAAAA;AACtDE,gBAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,oBAAA,EAAsB;oBAAEJ,IAAAA,EAAMc,aAAAA;oBAAeR,QAAAA,EAAU;AAAQ,iBAAA,CAAA;gBAEpF,OAAOd,IAAAA,EAAAA;AACT,YAAA,CAAA,CAAA,CAAGD,GAAAA,EAAKC,IAAAA,CAAAA;AACV,QAAA,CAAA;QACA,OAAOD,GAAAA,GAAAA;AACL,YAAA,MAAM,EAAES,IAAI,EAAE,GAAGT,IAAIsB,KAAK;YAE1B,IAAI;AACF,gBAAA,MAAMI,cAAAA,GAAiBC,6BAAAA,EAAAA;AACvB,gBAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,oBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC,gBAAA;gBACA,MAAMC,MAAAA,GAASC,MAAAA,CAAOrB,IAAAA,CAAKsB,EAAE,CAAA;gBAC7B,MAAM,EAAEC,QAAQ,EAAEC,UAAU,EAAE,GAAGC,+BAAAA,CAAoBlC,GAAAA,CAAIG,OAAO,CAACC,IAAI,CAAA;AAErE,gBAAA,MAAM,EAAE+B,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cAAAA,CACvD,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAAA,EAAU;AACvCO,oBAAAA,IAAAA,EAAMN,aAAa,SAAA,GAAY;AACjC,iBAAA,CAAA;gBAEA,MAAMO,aAAAA,GAAgBC,yCACpBR,UAAAA,GAAa,SAAA,GAAY,WACzBI,iBAAAA,EACArC,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAA;AAEpB1C,gBAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,iCAAqBT,YAAAA,EAAcI,aAAAA,CAAAA;AAEnD,gBAAA,MAAMM,YAAAA,GAAe,MAAMpB,cAAAA,CAAe,OAAA,CAAA,CAASqB,mBAAmB,CAACX,YAAAA,CAAAA;AACvE,gBAAA,IAAI,WAAWU,YAAAA,EAAc;AAC3B,oBAAA,OAAO9C,IAAI4B,mBAAmB,EAAA;AAChC,gBAAA;AAEA,gBAAA,MAAM,EAAEO,KAAAA,EAAOa,WAAW,EAAE,GAAGF,YAAAA;AAE/B9C,gBAAAA,GAAAA,CAAII,IAAI,GAAG;oBACT6C,IAAAA,EAAM;wBACJd,KAAAA,EAAOa,WAAAA;AACPA,wBAAAA,WAAAA;AACAvC,wBAAAA,IAAAA,EAAMe,iBAAW,MAAA,CAAA,CAAQC,YAAY,CAACzB,GAAAA,CAAIsB,KAAK,CAACb,IAAI;AACtD;AACF,iBAAA;AACF,YAAA,CAAA,CAAE,OAAOK,KAAAA,EAAO;AACdH,gBAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,wCAAA,EAA0CA,KAAAA,CAAAA;AAC3D,gBAAA,OAAOd,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;AACF,QAAA;AACD,KAAA,CAAA;AAED,IAAA,MAAMuB,kBAAiBnD,GAAY,EAAA;AACjC,QAAA,MAAMoD,sCAAAA,CAA8BpD,GAAAA,CAAIG,OAAO,CAACkB,KAAK,CAAA;AAErD,QAAA,MAAM,EAAEgC,iBAAiB,EAAE,GAAGrD,GAAAA,CAAIG,OAAO,CAACkB,KAAK;AAE/C,QAAA,MAAM8B,gBAAAA,GAAmB,MAAM3B,gBAAAA,CAAW,MAAA,CAAA,CAAQ8B,oBAAoB,CAACD,iBAAAA,CAAAA;AAEvE,QAAA,IAAI,CAACF,gBAAAA,EAAkB;AACrB,YAAA,MAAM,IAAIvD,eAAAA,CAAgB,2BAAA,CAAA;AAC5B,QAAA;AAEAI,QAAAA,GAAAA,CAAII,IAAI,GAAG;YAAE6C,IAAAA,EAAME;AAAiB,SAAA;AACtC,IAAA,CAAA;AAEA,IAAA,MAAMI,UAASvD,GAAY,EAAA;AACzB,QAAA,MAAMwD,KAAAA,GAAQxD,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAMqD,kCAAAA,CAA0BD,KAAAA,CAAAA;AAEhC,QAAA,MAAM/C,IAAAA,GAAO,MAAMe,gBAAAA,CAAW,MAAA,CAAA,CAAQ+B,QAAQ,CAACC,KAAAA,CAAAA;QAE/C,IAAI;AACF,YAAA,MAAM9B,cAAAA,GAAiBC,6BAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;YACA,MAAMC,MAAAA,GAASC,MAAAA,CAAOrB,IAAAA,CAAKsB,EAAE,CAAA;YAC7B,MAAM,EAAEC,QAAQ,EAAEC,UAAU,EAAE,GAAGC,+BAAAA,CAAoBlC,GAAAA,CAAIG,OAAO,CAACC,IAAI,CAAA;AAErE,YAAA,MAAM,EAAE+B,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cAAAA,CACvD,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAAA,EAAU;AAAEO,gBAAAA,IAAAA,EAAMN,aAAa,SAAA,GAAY;AAAU,aAAA,CAAA;YAEpF,MAAMO,aAAAA,GAAgBC,yCACpBR,UAAAA,GAAa,SAAA,GAAY,WACzBI,iBAAAA,EACArC,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAA;AAEpB1C,YAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,iCAAqBT,YAAAA,EAAcI,aAAAA,CAAAA;AAEnD,YAAA,MAAMM,YAAAA,GAAe,MAAMpB,cAAAA,CAAe,OAAA,CAAA,CAASqB,mBAAmB,CAACX,YAAAA,CAAAA;AACvE,YAAA,IAAI,WAAWU,YAAAA,EAAc;AAC3B,gBAAA,OAAO9C,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;AAEA,YAAA,MAAM,EAAEO,KAAAA,EAAOa,WAAW,EAAE,GAAGF,YAAAA;AAE/B9C,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBACT6C,IAAAA,EAAM;oBACJd,KAAAA,EAAOa,WAAAA;AACPA,oBAAAA,WAAAA;oBACAvC,IAAAA,EAAMe,gBAAAA,CAAW,MAAA,CAAA,CAAQC,YAAY,CAAChB,IAAAA;AACxC;AACF,aAAA;AACF,QAAA,CAAA,CAAE,OAAOK,KAAAA,EAAO;AACdH,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,wDAAA,EAA0DA,KAAAA,CAAAA;AAC3E,YAAA,OAAOd,IAAI4B,mBAAmB,EAAA;AAChC,QAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAM8B,eAAc1D,GAAY,EAAA;AAC9B,QAAA,MAAMwD,KAAAA,GAAQxD,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAMuD,uCAAAA,CAA+BH,KAAAA,CAAAA;AAErC,QAAA,MAAM/C,IAAAA,GAAO,MAAMe,gBAAAA,CAAW,MAAA,CAAA,CAAQoC,gBAAgB,CAACJ,KAAAA,CAAAA;QAEvD7C,MAAAA,CAAOkD,SAAS,CAACC,IAAI,CAAC,qBAAA,CAAA;QAEtB,IAAI;AACF,YAAA,MAAMpC,cAAAA,GAAiBC,6BAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;YACA,MAAMC,MAAAA,GAASC,MAAAA,CAAOrB,IAAAA,CAAKsB,EAAE,CAAA;YAC7B,MAAM,EAAEC,QAAQ,EAAEC,UAAU,EAAE,GAAGC,+BAAAA,CAAoBlC,GAAAA,CAAIG,OAAO,CAACC,IAAI,CAAA;AAErE,YAAA,MAAM,EAAE+B,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cAAAA,CACvD,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAAA,EAAU;AAAEO,gBAAAA,IAAAA,EAAMN,aAAa,SAAA,GAAY;AAAU,aAAA,CAAA;YAEpF,MAAMO,aAAAA,GAAgBC,yCACpBR,UAAAA,GAAa,SAAA,GAAY,WACzBI,iBAAAA,EACArC,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAA;AAEpB1C,YAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,iCAAqBT,YAAAA,EAAcI,aAAAA,CAAAA;AAEnD,YAAA,MAAMM,YAAAA,GAAe,MAAMpB,cAAAA,CAAe,OAAA,CAAA,CAASqB,mBAAmB,CAACX,YAAAA,CAAAA;AACvE,YAAA,IAAI,WAAWU,YAAAA,EAAc;AAC3B,gBAAA,OAAO9C,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;AAEA,YAAA,MAAM,EAAEO,KAAAA,EAAOa,WAAW,EAAE,GAAGF,YAAAA;AAE/B9C,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBACT6C,IAAAA,EAAM;oBACJd,KAAAA,EAAOa,WAAAA;AACPA,oBAAAA,WAAAA;oBACAvC,IAAAA,EAAMe,gBAAAA,CAAW,MAAA,CAAA,CAAQC,YAAY,CAAChB,IAAAA;AACxC;AACF,aAAA;AACF,QAAA,CAAA,CAAE,OAAOK,KAAAA,EAAO;AACdH,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,8DAAA,EAAgEA,KAAAA,CAAAA;AACjF,YAAA,OAAOd,IAAI4B,mBAAmB,EAAA;AAChC,QAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAMmC,gBAAe/D,GAAY,EAAA;AAC/B,QAAA,MAAMwD,KAAAA,GAAQxD,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAM4D,cAAAA,CAA4BR,KAAAA,CAAAA;QAElChC,gBAAAA,CAAW,MAAA,CAAA,CAAQuC,cAAc,CAACP,KAAAA,CAAAA;AAElCxD,QAAAA,GAAAA,CAAIiE,MAAM,GAAG,GAAA;AACf,IAAA,CAAA;AAEA,IAAA,MAAMC,eAAclE,GAAY,EAAA;AAC9B,QAAA,MAAMwD,KAAAA,GAAQxD,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAM+D,aAAAA,CAA2BX,KAAAA,CAAAA;AAEjC,QAAA,MAAM/C,IAAAA,GAAO,MAAMe,gBAAAA,CAAW,MAAA,CAAA,CAAQ0C,aAAa,CAACV,KAAAA,CAAAA;;QAGpD,IAAI;AACF,YAAA,MAAM9B,cAAAA,GAAiBC,6BAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;YAEA,MAAMC,MAAAA,GAASC,MAAAA,CAAOrB,IAAAA,CAAKsB,EAAE,CAAA;AAC7B,YAAA,MAAMC,QAAAA,GAAWoC,4BAAAA,EAAAA;;YAGjB,MAAM1C,cAAAA,CAAe,OAAA,CAAA,CAAS2C,sBAAsB,CAACxC,MAAAA,CAAAA;AAErD,YAAA,MAAM,EAAEM,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cAAAA,CACvD,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAAA,EAAU;gBAAEO,IAAAA,EAAM;AAAU,aAAA,CAAA;;AAG3D,YAAA,MAAMC,gBAAgBC,wCAAAA,CACpB,SAAA,EACAJ,mBACArC,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAA;AAEpB1C,YAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,iCAAqBT,YAAAA,EAAcI,aAAAA,CAAAA;AAEnD,YAAA,MAAMM,YAAAA,GAAe,MAAMpB,cAAAA,CAAe,OAAA,CAAA,CAASqB,mBAAmB,CAACX,YAAAA,CAAAA;AACvE,YAAA,IAAI,WAAWU,YAAAA,EAAc;AAC3B,gBAAA,OAAO9C,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;YAEA,MAAM,EAAEO,KAAK,EAAE,GAAGW,YAAAA;AAElB9C,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBACT6C,IAAAA,EAAM;AACJd,oBAAAA,KAAAA;oBACA1B,IAAAA,EAAMe,gBAAAA,CAAW,MAAA,CAAA,CAAQC,YAAY,CAAChB,IAAAA;AACxC;AACF,aAAA;AACF,QAAA,CAAA,CAAE,OAAOD,GAAAA,EAAK;AACZG,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,8DAAA,EAAgEN,GAAAA,CAAAA;AACjF,YAAA,OAAOR,IAAI4B,mBAAmB,EAAA;AAChC,QAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAMoB,aAAYhD,GAAY,EAAA;AAC5B,QAAA,MAAMoC,YAAAA,GAAepC,GAAAA,CAAI2C,OAAO,CAAC2B,GAAG,CAACzB,+BAAAA,CAAAA;AAErC,QAAA,IAAI,CAACT,YAAAA,EAAc;YACjB,OAAOpC,GAAAA,CAAIuE,YAAY,CAAC,uBAAA,CAAA;AAC1B,QAAA;QAEA,IAAI;AACF,YAAA,MAAM7C,cAAAA,GAAiBC,6BAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;;;AAIA,YAAA,MAAM4C,QAAAA,GAAW,MAAM9C,cAAAA,CAAe,OAAA,CAAA,CAAS+C,kBAAkB,CAACrC,YAAAA,CAAAA;AAClE,YAAA,IAAI,WAAWoC,QAAAA,EAAU;gBACvB,OAAOxE,GAAAA,CAAIuE,YAAY,CAAC,uBAAA,CAAA;AAC1B,YAAA;AAEA,YAAA,MAAMG,SAAS,MAAMhD,cAAAA,CAAe,SAASqB,mBAAmB,CAACyB,SAASrC,KAAK,CAAA;AAC/E,YAAA,IAAI,WAAWuC,MAAAA,EAAQ;gBACrB,OAAO1E,GAAAA,CAAIuE,YAAY,CAAC,uBAAA,CAAA;AAC1B,YAAA;YAEA,MAAM,EAAEpC,KAAK,EAAE,GAAGuC,MAAAA;;YAElB,MAAMC,IAAAA,GAAOlC,wCAAAA,CACX+B,QAAAA,CAASjC,IAAI,EACbiC,QAAAA,CAASnC,iBAAiB,EAC1BrC,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAA;AAGpB1C,YAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,+BAAAA,EAAqB2B,QAAAA,CAASrC,KAAK,EAAEwC,IAAAA,CAAAA;AACrD3E,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBAAE6C,IAAAA,EAAM;AAAEd,oBAAAA;AAAM;AAAE,aAAA;AAC/B,QAAA,CAAA,CAAE,OAAO3B,GAAAA,EAAK;AACZG,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,oDAAA,EAAsDN,GAAAA,CAAAA;AACvE,YAAA,OAAOR,IAAI4B,mBAAmB,EAAA;AAChC,QAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAMgD,QAAO5E,GAAY,EAAA;QACvB,MAAMuB,aAAAA,GAAgBC,iBAAW,MAAA,CAAA,CAAQC,YAAY,CAACzB,GAAAA,CAAIsB,KAAK,CAACb,IAAI,CAAA;AACpEE,QAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,cAAA,EAAgB;YAAEJ,IAAAA,EAAMc;AAAc,SAAA,CAAA;AAE3D,QAAA,MAAMsD,YAAAA,GAAe7E,GAAAA,CAAIG,OAAO,CAACC,IAAI,EAAE4B,QAAAA;AACvC,QAAA,MAAMA,QAAAA,GAAW,OAAO6C,YAAAA,KAAiB,QAAA,GAAWA,YAAAA,GAAeC,SAAAA;;AAGnE9E,QAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,iCAAqB,EAAA,EAAI;AACvC,YAAA,GAAGkC,mCAAAA,CAAwB/E,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAC;AAC9CsC,YAAAA,OAAAA,EAAS,IAAIC,IAAAA,CAAK,CAAA;AACpB,SAAA,CAAA;QAEA,IAAI;AACF,YAAA,MAAMvD,cAAAA,GAAiBC,6BAAAA,EAAAA;AACvB,YAAA,IAAID,cAAAA,EAAgB;AAClB,gBAAA,MAAMG,SAASC,MAAAA,CAAO9B,GAAAA,CAAIsB,KAAK,CAACb,IAAI,CAACsB,EAAE,CAAA;AACvC,gBAAA,MAAML,cAAAA,CAAe,OAAA,CAAA,CAAS2C,sBAAsB,CAACxC,MAAAA,EAAQG,QAAAA,CAAAA;AAC/D,YAAA;AACF,QAAA,CAAA,CAAE,OAAOxB,GAAAA,EAAK;AACZG,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,+CAAA,EAAiDN,GAAAA,CAAAA;AACpE,QAAA;AAEAR,QAAAA,GAAAA,CAAII,IAAI,GAAG;AAAE6C,YAAAA,IAAAA,EAAM;AAAG,SAAA;AACxB,IAAA;AACF,CAAA;;;;"}
|
|
1
|
+
{"version":3,"file":"authentication.js","sources":["../../../../../server/src/controllers/authentication.ts"],"sourcesContent":["import type { Context, Next } from 'koa';\nimport passport from 'koa-passport';\nimport compose from 'koa-compose';\nimport '@strapi/types';\nimport { errors } from '@strapi/utils';\nimport { getService } from '../utils';\nimport {\n REFRESH_COOKIE_NAME,\n buildCookieOptionsWithExpiry,\n getSessionManager,\n extractDeviceParams,\n generateDeviceId,\n getRefreshCookieOptions,\n} from '../../../shared/utils/session-auth';\n\nimport {\n validateRegistrationInput,\n validateAdminRegistrationInput,\n validateRegistrationInfoQuery,\n validateForgotPasswordInput,\n validateResetPasswordInput,\n validateLoginSessionInput,\n} from '../validation/authentication';\n\nimport type {\n ForgotPassword,\n Login,\n Register,\n RegisterAdmin,\n RegistrationInfo,\n ResetPassword,\n} from '../../../shared/contracts/authentication';\nimport { AdminUser } from '../../../shared/contracts/shared';\n\nconst { ApplicationError, ValidationError } = errors;\n\nexport default {\n login: compose([\n async (ctx: Context, next: Next) => {\n await validateLoginSessionInput(ctx.request.body ?? {});\n return next();\n },\n (ctx: Context, next: Next) => {\n return passport.authenticate('local', { session: false }, (err, user, info) => {\n if (err) {\n strapi.eventHub.emit('admin.auth.error', { error: err, provider: 'local' });\n // if this is a recognized error, allow it to bubble up to user\n if (err.details?.code === 'LOGIN_NOT_ALLOWED') {\n throw err;\n }\n\n // for all other errors throw a generic error to prevent leaking info\n return ctx.notImplemented();\n }\n\n if (!user) {\n strapi.eventHub.emit('admin.auth.error', {\n error: new Error(info.message),\n provider: 'local',\n });\n throw new ApplicationError(info.message);\n }\n\n const query = ctx.state as Login.Request['query'];\n query.user = user;\n\n const sanitizedUser = getService('user').sanitizeUser(user);\n strapi.eventHub.emit('admin.auth.success', { user: sanitizedUser, provider: 'local' });\n\n return next();\n })(ctx, next);\n },\n async (ctx: Context) => {\n const { user } = ctx.state as { user: AdminUser };\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n const userId = String(user.id);\n const { deviceId, rememberMe } = extractDeviceParams(ctx.request.body);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, {\n type: rememberMe ? 'refresh' : 'session',\n });\n\n const cookieOptions = buildCookieOptionsWithExpiry(\n rememberMe ? 'refresh' : 'session',\n absoluteExpiresAt,\n ctx.request.secure\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token: accessToken } = accessResult;\n\n ctx.body = {\n data: {\n token: accessToken,\n accessToken,\n user: getService('user').sanitizeUser(ctx.state.user),\n },\n } satisfies Login.Response;\n } catch (error) {\n strapi.log.error('Failed to create admin refresh session', error);\n return ctx.internalServerError();\n }\n },\n ]),\n\n async registrationInfo(ctx: Context) {\n await validateRegistrationInfoQuery(ctx.request.query);\n\n const { registrationToken } = ctx.request.query as RegistrationInfo.Request['query'];\n\n const registrationInfo = await getService('user').findRegistrationInfo(registrationToken);\n\n if (!registrationInfo) {\n throw new ValidationError('Invalid registrationToken');\n }\n\n ctx.body = { data: registrationInfo } satisfies RegistrationInfo.Response;\n },\n\n async register(ctx: Context) {\n const input = ctx.request.body as Register.Request['body'];\n\n await validateRegistrationInput(input);\n\n const user = await getService('user').register(input);\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n const userId = String(user.id);\n const { deviceId, rememberMe } = extractDeviceParams(ctx.request.body);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, { type: rememberMe ? 'refresh' : 'session' });\n\n const cookieOptions = buildCookieOptionsWithExpiry(\n rememberMe ? 'refresh' : 'session',\n absoluteExpiresAt,\n ctx.request.secure\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token: accessToken } = accessResult;\n\n ctx.body = {\n data: {\n token: accessToken,\n accessToken,\n user: getService('user').sanitizeUser(user),\n },\n } satisfies Register.Response;\n } catch (error) {\n strapi.log.error('Failed to create admin refresh session during register', error);\n return ctx.internalServerError();\n }\n },\n\n async registerAdmin(ctx: Context) {\n const input = ctx.request.body as RegisterAdmin.Request['body'];\n\n await validateAdminRegistrationInput(input);\n\n const user = await getService('user').createFirstAdmin(input);\n\n strapi.telemetry.send('didCreateFirstAdmin');\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n const userId = String(user.id);\n const { deviceId, rememberMe } = extractDeviceParams(ctx.request.body);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, { type: rememberMe ? 'refresh' : 'session' });\n\n const cookieOptions = buildCookieOptionsWithExpiry(\n rememberMe ? 'refresh' : 'session',\n absoluteExpiresAt,\n ctx.request.secure\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token: accessToken } = accessResult;\n\n ctx.body = {\n data: {\n token: accessToken,\n accessToken,\n user: getService('user').sanitizeUser(user),\n },\n } satisfies RegisterAdmin.Response;\n } catch (error) {\n strapi.log.error('Failed to create admin refresh session during register-admin', error);\n return ctx.internalServerError();\n }\n },\n\n async forgotPassword(ctx: Context) {\n const input = ctx.request.body as ForgotPassword.Request['body'];\n\n await validateForgotPasswordInput(input);\n\n getService('auth').forgotPassword(input);\n\n ctx.status = 204;\n },\n\n async resetPassword(ctx: Context) {\n const input = ctx.request.body as ResetPassword.Request['body'];\n\n await validateResetPasswordInput(input);\n\n const user = await getService('auth').resetPassword(input);\n\n // Issue a new admin refresh session and access token after password reset.\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n\n const userId = String(user.id);\n const deviceId = generateDeviceId();\n\n // Invalidate all existing sessions before creating a new one\n await sessionManager('admin').invalidateRefreshToken(userId);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, { type: 'session' });\n\n // No rememberMe flow here; expire with session by default (session cookie)\n const cookieOptions = buildCookieOptionsWithExpiry(\n 'session',\n absoluteExpiresAt,\n ctx.request.secure\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token } = accessResult;\n\n ctx.body = {\n data: {\n token,\n user: getService('user').sanitizeUser(user),\n },\n } satisfies ResetPassword.Response;\n } catch (err) {\n strapi.log.error('Failed to create admin refresh session during reset-password', err as any);\n return ctx.internalServerError();\n }\n },\n\n async accessToken(ctx: Context) {\n const refreshToken = ctx.cookies.get(REFRESH_COOKIE_NAME);\n\n if (!refreshToken) {\n return ctx.unauthorized('Missing refresh token');\n }\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n\n // Single-use renewal: rotate on access exchange, then create access token\n // from the new refresh token\n const rotation = await sessionManager('admin').rotateRefreshToken(refreshToken);\n if ('error' in rotation) {\n return ctx.unauthorized('Invalid refresh token');\n }\n\n const result = await sessionManager('admin').generateAccessToken(rotation.token);\n if ('error' in result) {\n return ctx.unauthorized('Invalid refresh token');\n }\n\n const { token } = result;\n // Preserve session-vs-remember mode using rotation.type and rotation.absoluteExpiresAt\n const opts = buildCookieOptionsWithExpiry(\n rotation.type,\n rotation.absoluteExpiresAt,\n ctx.request.secure\n );\n\n ctx.cookies.set(REFRESH_COOKIE_NAME, rotation.token, opts);\n ctx.body = { data: { token } };\n } catch (err) {\n strapi.log.error('Failed to generate access token from refresh token', err as any);\n return ctx.internalServerError();\n }\n },\n\n async logout(ctx: Context) {\n const sanitizedUser = getService('user').sanitizeUser(ctx.state.user);\n strapi.eventHub.emit('admin.logout', { user: sanitizedUser });\n\n const bodyDeviceId = ctx.request.body?.deviceId as string | undefined;\n const deviceId = typeof bodyDeviceId === 'string' ? bodyDeviceId : undefined;\n\n // Clear cookie regardless of token validity\n ctx.cookies.set(REFRESH_COOKIE_NAME, '', {\n ...getRefreshCookieOptions(ctx.request.secure),\n expires: new Date(0),\n });\n\n try {\n const sessionManager = getSessionManager();\n if (sessionManager) {\n const userId = String(ctx.state.user.id);\n await sessionManager('admin').invalidateRefreshToken(userId, deviceId);\n }\n } catch (err) {\n strapi.log.error('Failed to revoke admin sessions during logout', err as any);\n }\n\n ctx.body = { data: {} };\n },\n};\n"],"names":["ApplicationError","ValidationError","errors","login","compose","ctx","next","validateLoginSessionInput","request","body","passport","authenticate","session","err","user","info","strapi","eventHub","emit","error","provider","details","code","notImplemented","Error","message","query","state","sanitizedUser","getService","sanitizeUser","sessionManager","getSessionManager","internalServerError","userId","String","id","deviceId","rememberMe","extractDeviceParams","token","refreshToken","absoluteExpiresAt","generateRefreshToken","type","cookieOptions","buildCookieOptionsWithExpiry","secure","cookies","set","REFRESH_COOKIE_NAME","accessResult","generateAccessToken","accessToken","data","log","registrationInfo","validateRegistrationInfoQuery","registrationToken","findRegistrationInfo","register","input","validateRegistrationInput","registerAdmin","validateAdminRegistrationInput","createFirstAdmin","telemetry","send","forgotPassword","validateForgotPasswordInput","status","resetPassword","validateResetPasswordInput","generateDeviceId","invalidateRefreshToken","get","unauthorized","rotation","rotateRefreshToken","result","opts","logout","bodyDeviceId","undefined","getRefreshCookieOptions","expires","Date"],"mappings":";;;;;;;;;;;;;;;;;;AAkCA,MAAM,EAAEA,gBAAgB,EAAEC,eAAe,EAAE,GAAGC,YAAAA;AAE9C,qBAAe;AACbC,IAAAA,KAAAA,EAAOC,wBAAAA,CAAQ;AACb,QAAA,OAAOC,GAAAA,EAAcC,IAAAA,GAAAA;AACnB,YAAA,MAAMC,MAA0BF,GAAAA,CAAIG,OAAO,CAACC,IAAI,IAAI,EAAC,CAAA;YACrD,OAAOH,IAAAA,EAAAA;AACT,QAAA,CAAA;AACA,QAAA,CAACD,GAAAA,EAAcC,IAAAA,GAAAA;YACb,OAAOI,yBAAAA,CAASC,YAAY,CAAC,OAAA,EAAS;gBAAEC,OAAAA,EAAS;aAAM,EAAG,CAACC,KAAKC,IAAAA,EAAMC,IAAAA,GAAAA;AACpE,gBAAA,IAAIF,GAAAA,EAAK;AACPG,oBAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,kBAAA,EAAoB;wBAAEC,KAAAA,EAAON,GAAAA;wBAAKO,QAAAA,EAAU;AAAQ,qBAAA,CAAA;;AAEzE,oBAAA,IAAIP,GAAAA,CAAIQ,OAAO,EAAEC,IAAAA,KAAS,mBAAA,EAAqB;wBAC7C,MAAMT,GAAAA;AACR,oBAAA;;AAGA,oBAAA,OAAOR,IAAIkB,cAAc,EAAA;AAC3B,gBAAA;AAEA,gBAAA,IAAI,CAACT,IAAAA,EAAM;AACTE,oBAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,kBAAA,EAAoB;wBACvCC,KAAAA,EAAO,IAAIK,KAAAA,CAAMT,IAAAA,CAAKU,OAAO,CAAA;wBAC7BL,QAAAA,EAAU;AACZ,qBAAA,CAAA;oBACA,MAAM,IAAIpB,gBAAAA,CAAiBe,IAAAA,CAAKU,OAAO,CAAA;AACzC,gBAAA;gBAEA,MAAMC,KAAAA,GAAQrB,IAAIsB,KAAK;AACvBD,gBAAAA,KAAAA,CAAMZ,IAAI,GAAGA,IAAAA;AAEb,gBAAA,MAAMc,aAAAA,GAAgBC,gBAAAA,CAAW,MAAA,CAAA,CAAQC,YAAY,CAAChB,IAAAA,CAAAA;AACtDE,gBAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,oBAAA,EAAsB;oBAAEJ,IAAAA,EAAMc,aAAAA;oBAAeR,QAAAA,EAAU;AAAQ,iBAAA,CAAA;gBAEpF,OAAOd,IAAAA,EAAAA;AACT,YAAA,CAAA,CAAA,CAAGD,GAAAA,EAAKC,IAAAA,CAAAA;AACV,QAAA,CAAA;QACA,OAAOD,GAAAA,GAAAA;AACL,YAAA,MAAM,EAAES,IAAI,EAAE,GAAGT,IAAIsB,KAAK;YAE1B,IAAI;AACF,gBAAA,MAAMI,cAAAA,GAAiBC,6BAAAA,EAAAA;AACvB,gBAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,oBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC,gBAAA;gBACA,MAAMC,MAAAA,GAASC,MAAAA,CAAOrB,IAAAA,CAAKsB,EAAE,CAAA;gBAC7B,MAAM,EAAEC,QAAQ,EAAEC,UAAU,EAAE,GAAGC,+BAAAA,CAAoBlC,GAAAA,CAAIG,OAAO,CAACC,IAAI,CAAA;AAErE,gBAAA,MAAM,EAAE+B,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cAAAA,CACvD,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAAA,EAAU;AACvCO,oBAAAA,IAAAA,EAAMN,aAAa,SAAA,GAAY;AACjC,iBAAA,CAAA;gBAEA,MAAMO,aAAAA,GAAgBC,yCACpBR,UAAAA,GAAa,SAAA,GAAY,WACzBI,iBAAAA,EACArC,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAA;AAEpB1C,gBAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,iCAAqBT,YAAAA,EAAcI,aAAAA,CAAAA;AAEnD,gBAAA,MAAMM,YAAAA,GAAe,MAAMpB,cAAAA,CAAe,OAAA,CAAA,CAASqB,mBAAmB,CAACX,YAAAA,CAAAA;AACvE,gBAAA,IAAI,WAAWU,YAAAA,EAAc;AAC3B,oBAAA,OAAO9C,IAAI4B,mBAAmB,EAAA;AAChC,gBAAA;AAEA,gBAAA,MAAM,EAAEO,KAAAA,EAAOa,WAAW,EAAE,GAAGF,YAAAA;AAE/B9C,gBAAAA,GAAAA,CAAII,IAAI,GAAG;oBACT6C,IAAAA,EAAM;wBACJd,KAAAA,EAAOa,WAAAA;AACPA,wBAAAA,WAAAA;AACAvC,wBAAAA,IAAAA,EAAMe,iBAAW,MAAA,CAAA,CAAQC,YAAY,CAACzB,GAAAA,CAAIsB,KAAK,CAACb,IAAI;AACtD;AACF,iBAAA;AACF,YAAA,CAAA,CAAE,OAAOK,KAAAA,EAAO;AACdH,gBAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,wCAAA,EAA0CA,KAAAA,CAAAA;AAC3D,gBAAA,OAAOd,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;AACF,QAAA;AACD,KAAA,CAAA;AAED,IAAA,MAAMuB,kBAAiBnD,GAAY,EAAA;AACjC,QAAA,MAAMoD,sCAAAA,CAA8BpD,GAAAA,CAAIG,OAAO,CAACkB,KAAK,CAAA;AAErD,QAAA,MAAM,EAAEgC,iBAAiB,EAAE,GAAGrD,GAAAA,CAAIG,OAAO,CAACkB,KAAK;AAE/C,QAAA,MAAM8B,gBAAAA,GAAmB,MAAM3B,gBAAAA,CAAW,MAAA,CAAA,CAAQ8B,oBAAoB,CAACD,iBAAAA,CAAAA;AAEvE,QAAA,IAAI,CAACF,gBAAAA,EAAkB;AACrB,YAAA,MAAM,IAAIvD,eAAAA,CAAgB,2BAAA,CAAA;AAC5B,QAAA;AAEAI,QAAAA,GAAAA,CAAII,IAAI,GAAG;YAAE6C,IAAAA,EAAME;AAAiB,SAAA;AACtC,IAAA,CAAA;AAEA,IAAA,MAAMI,UAASvD,GAAY,EAAA;AACzB,QAAA,MAAMwD,KAAAA,GAAQxD,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAMqD,kCAAAA,CAA0BD,KAAAA,CAAAA;AAEhC,QAAA,MAAM/C,IAAAA,GAAO,MAAMe,gBAAAA,CAAW,MAAA,CAAA,CAAQ+B,QAAQ,CAACC,KAAAA,CAAAA;QAE/C,IAAI;AACF,YAAA,MAAM9B,cAAAA,GAAiBC,6BAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;YACA,MAAMC,MAAAA,GAASC,MAAAA,CAAOrB,IAAAA,CAAKsB,EAAE,CAAA;YAC7B,MAAM,EAAEC,QAAQ,EAAEC,UAAU,EAAE,GAAGC,+BAAAA,CAAoBlC,GAAAA,CAAIG,OAAO,CAACC,IAAI,CAAA;AAErE,YAAA,MAAM,EAAE+B,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cAAAA,CACvD,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAAA,EAAU;AAAEO,gBAAAA,IAAAA,EAAMN,aAAa,SAAA,GAAY;AAAU,aAAA,CAAA;YAEpF,MAAMO,aAAAA,GAAgBC,yCACpBR,UAAAA,GAAa,SAAA,GAAY,WACzBI,iBAAAA,EACArC,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAA;AAEpB1C,YAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,iCAAqBT,YAAAA,EAAcI,aAAAA,CAAAA;AAEnD,YAAA,MAAMM,YAAAA,GAAe,MAAMpB,cAAAA,CAAe,OAAA,CAAA,CAASqB,mBAAmB,CAACX,YAAAA,CAAAA;AACvE,YAAA,IAAI,WAAWU,YAAAA,EAAc;AAC3B,gBAAA,OAAO9C,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;AAEA,YAAA,MAAM,EAAEO,KAAAA,EAAOa,WAAW,EAAE,GAAGF,YAAAA;AAE/B9C,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBACT6C,IAAAA,EAAM;oBACJd,KAAAA,EAAOa,WAAAA;AACPA,oBAAAA,WAAAA;oBACAvC,IAAAA,EAAMe,gBAAAA,CAAW,MAAA,CAAA,CAAQC,YAAY,CAAChB,IAAAA;AACxC;AACF,aAAA;AACF,QAAA,CAAA,CAAE,OAAOK,KAAAA,EAAO;AACdH,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,wDAAA,EAA0DA,KAAAA,CAAAA;AAC3E,YAAA,OAAOd,IAAI4B,mBAAmB,EAAA;AAChC,QAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAM8B,eAAc1D,GAAY,EAAA;AAC9B,QAAA,MAAMwD,KAAAA,GAAQxD,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAMuD,uCAAAA,CAA+BH,KAAAA,CAAAA;AAErC,QAAA,MAAM/C,IAAAA,GAAO,MAAMe,gBAAAA,CAAW,MAAA,CAAA,CAAQoC,gBAAgB,CAACJ,KAAAA,CAAAA;QAEvD7C,MAAAA,CAAOkD,SAAS,CAACC,IAAI,CAAC,qBAAA,CAAA;QAEtB,IAAI;AACF,YAAA,MAAMpC,cAAAA,GAAiBC,6BAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;YACA,MAAMC,MAAAA,GAASC,MAAAA,CAAOrB,IAAAA,CAAKsB,EAAE,CAAA;YAC7B,MAAM,EAAEC,QAAQ,EAAEC,UAAU,EAAE,GAAGC,+BAAAA,CAAoBlC,GAAAA,CAAIG,OAAO,CAACC,IAAI,CAAA;AAErE,YAAA,MAAM,EAAE+B,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cAAAA,CACvD,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAAA,EAAU;AAAEO,gBAAAA,IAAAA,EAAMN,aAAa,SAAA,GAAY;AAAU,aAAA,CAAA;YAEpF,MAAMO,aAAAA,GAAgBC,yCACpBR,UAAAA,GAAa,SAAA,GAAY,WACzBI,iBAAAA,EACArC,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAA;AAEpB1C,YAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,iCAAqBT,YAAAA,EAAcI,aAAAA,CAAAA;AAEnD,YAAA,MAAMM,YAAAA,GAAe,MAAMpB,cAAAA,CAAe,OAAA,CAAA,CAASqB,mBAAmB,CAACX,YAAAA,CAAAA;AACvE,YAAA,IAAI,WAAWU,YAAAA,EAAc;AAC3B,gBAAA,OAAO9C,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;AAEA,YAAA,MAAM,EAAEO,KAAAA,EAAOa,WAAW,EAAE,GAAGF,YAAAA;AAE/B9C,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBACT6C,IAAAA,EAAM;oBACJd,KAAAA,EAAOa,WAAAA;AACPA,oBAAAA,WAAAA;oBACAvC,IAAAA,EAAMe,gBAAAA,CAAW,MAAA,CAAA,CAAQC,YAAY,CAAChB,IAAAA;AACxC;AACF,aAAA;AACF,QAAA,CAAA,CAAE,OAAOK,KAAAA,EAAO;AACdH,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,8DAAA,EAAgEA,KAAAA,CAAAA;AACjF,YAAA,OAAOd,IAAI4B,mBAAmB,EAAA;AAChC,QAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAMmC,gBAAe/D,GAAY,EAAA;AAC/B,QAAA,MAAMwD,KAAAA,GAAQxD,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAM4D,cAAAA,CAA4BR,KAAAA,CAAAA;QAElChC,gBAAAA,CAAW,MAAA,CAAA,CAAQuC,cAAc,CAACP,KAAAA,CAAAA;AAElCxD,QAAAA,GAAAA,CAAIiE,MAAM,GAAG,GAAA;AACf,IAAA,CAAA;AAEA,IAAA,MAAMC,eAAclE,GAAY,EAAA;AAC9B,QAAA,MAAMwD,KAAAA,GAAQxD,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAM+D,aAAAA,CAA2BX,KAAAA,CAAAA;AAEjC,QAAA,MAAM/C,IAAAA,GAAO,MAAMe,gBAAAA,CAAW,MAAA,CAAA,CAAQ0C,aAAa,CAACV,KAAAA,CAAAA;;QAGpD,IAAI;AACF,YAAA,MAAM9B,cAAAA,GAAiBC,6BAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;YAEA,MAAMC,MAAAA,GAASC,MAAAA,CAAOrB,IAAAA,CAAKsB,EAAE,CAAA;AAC7B,YAAA,MAAMC,QAAAA,GAAWoC,4BAAAA,EAAAA;;YAGjB,MAAM1C,cAAAA,CAAe,OAAA,CAAA,CAAS2C,sBAAsB,CAACxC,MAAAA,CAAAA;AAErD,YAAA,MAAM,EAAEM,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cAAAA,CACvD,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAAA,EAAU;gBAAEO,IAAAA,EAAM;AAAU,aAAA,CAAA;;AAG3D,YAAA,MAAMC,gBAAgBC,wCAAAA,CACpB,SAAA,EACAJ,mBACArC,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAA;AAEpB1C,YAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,iCAAqBT,YAAAA,EAAcI,aAAAA,CAAAA;AAEnD,YAAA,MAAMM,YAAAA,GAAe,MAAMpB,cAAAA,CAAe,OAAA,CAAA,CAASqB,mBAAmB,CAACX,YAAAA,CAAAA;AACvE,YAAA,IAAI,WAAWU,YAAAA,EAAc;AAC3B,gBAAA,OAAO9C,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;YAEA,MAAM,EAAEO,KAAK,EAAE,GAAGW,YAAAA;AAElB9C,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBACT6C,IAAAA,EAAM;AACJd,oBAAAA,KAAAA;oBACA1B,IAAAA,EAAMe,gBAAAA,CAAW,MAAA,CAAA,CAAQC,YAAY,CAAChB,IAAAA;AACxC;AACF,aAAA;AACF,QAAA,CAAA,CAAE,OAAOD,GAAAA,EAAK;AACZG,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,8DAAA,EAAgEN,GAAAA,CAAAA;AACjF,YAAA,OAAOR,IAAI4B,mBAAmB,EAAA;AAChC,QAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAMoB,aAAYhD,GAAY,EAAA;AAC5B,QAAA,MAAMoC,YAAAA,GAAepC,GAAAA,CAAI2C,OAAO,CAAC2B,GAAG,CAACzB,+BAAAA,CAAAA;AAErC,QAAA,IAAI,CAACT,YAAAA,EAAc;YACjB,OAAOpC,GAAAA,CAAIuE,YAAY,CAAC,uBAAA,CAAA;AAC1B,QAAA;QAEA,IAAI;AACF,YAAA,MAAM7C,cAAAA,GAAiBC,6BAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;;;AAIA,YAAA,MAAM4C,QAAAA,GAAW,MAAM9C,cAAAA,CAAe,OAAA,CAAA,CAAS+C,kBAAkB,CAACrC,YAAAA,CAAAA;AAClE,YAAA,IAAI,WAAWoC,QAAAA,EAAU;gBACvB,OAAOxE,GAAAA,CAAIuE,YAAY,CAAC,uBAAA,CAAA;AAC1B,YAAA;AAEA,YAAA,MAAMG,SAAS,MAAMhD,cAAAA,CAAe,SAASqB,mBAAmB,CAACyB,SAASrC,KAAK,CAAA;AAC/E,YAAA,IAAI,WAAWuC,MAAAA,EAAQ;gBACrB,OAAO1E,GAAAA,CAAIuE,YAAY,CAAC,uBAAA,CAAA;AAC1B,YAAA;YAEA,MAAM,EAAEpC,KAAK,EAAE,GAAGuC,MAAAA;;YAElB,MAAMC,IAAAA,GAAOlC,wCAAAA,CACX+B,QAAAA,CAASjC,IAAI,EACbiC,QAAAA,CAASnC,iBAAiB,EAC1BrC,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAA;AAGpB1C,YAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,+BAAAA,EAAqB2B,QAAAA,CAASrC,KAAK,EAAEwC,IAAAA,CAAAA;AACrD3E,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBAAE6C,IAAAA,EAAM;AAAEd,oBAAAA;AAAM;AAAE,aAAA;AAC/B,QAAA,CAAA,CAAE,OAAO3B,GAAAA,EAAK;AACZG,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,oDAAA,EAAsDN,GAAAA,CAAAA;AACvE,YAAA,OAAOR,IAAI4B,mBAAmB,EAAA;AAChC,QAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAMgD,QAAO5E,GAAY,EAAA;QACvB,MAAMuB,aAAAA,GAAgBC,iBAAW,MAAA,CAAA,CAAQC,YAAY,CAACzB,GAAAA,CAAIsB,KAAK,CAACb,IAAI,CAAA;AACpEE,QAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,cAAA,EAAgB;YAAEJ,IAAAA,EAAMc;AAAc,SAAA,CAAA;AAE3D,QAAA,MAAMsD,YAAAA,GAAe7E,GAAAA,CAAIG,OAAO,CAACC,IAAI,EAAE4B,QAAAA;AACvC,QAAA,MAAMA,QAAAA,GAAW,OAAO6C,YAAAA,KAAiB,QAAA,GAAWA,YAAAA,GAAeC,SAAAA;;AAGnE9E,QAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,iCAAqB,EAAA,EAAI;AACvC,YAAA,GAAGkC,mCAAAA,CAAwB/E,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAC;AAC9CsC,YAAAA,OAAAA,EAAS,IAAIC,IAAAA,CAAK,CAAA;AACpB,SAAA,CAAA;QAEA,IAAI;AACF,YAAA,MAAMvD,cAAAA,GAAiBC,6BAAAA,EAAAA;AACvB,YAAA,IAAID,cAAAA,EAAgB;AAClB,gBAAA,MAAMG,SAASC,MAAAA,CAAO9B,GAAAA,CAAIsB,KAAK,CAACb,IAAI,CAACsB,EAAE,CAAA;AACvC,gBAAA,MAAML,cAAAA,CAAe,OAAA,CAAA,CAAS2C,sBAAsB,CAACxC,MAAAA,EAAQG,QAAAA,CAAAA;AAC/D,YAAA;AACF,QAAA,CAAA,CAAE,OAAOxB,GAAAA,EAAK;AACZG,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,+CAAA,EAAiDN,GAAAA,CAAAA;AACpE,QAAA;AAEAR,QAAAA,GAAAA,CAAII,IAAI,GAAG;AAAE6C,YAAAA,IAAAA,EAAM;AAAG,SAAA;AACxB,IAAA;AACF,CAAA;;;;"}
|
|
@@ -6,7 +6,8 @@ var user$1 = require('../validation/user.js');
|
|
|
6
6
|
var index = require('../utils/index.js');
|
|
7
7
|
var normalizeEmail = require('../utils/normalize-email.js');
|
|
8
8
|
|
|
9
|
-
function
|
|
9
|
+
function _interopNamespace(e) {
|
|
10
|
+
if (e && e.__esModule) return e;
|
|
10
11
|
var n = Object.create(null);
|
|
11
12
|
if (e) {
|
|
12
13
|
Object.keys(e).forEach(function (k) {
|
|
@@ -23,7 +24,7 @@ function _interopNamespaceDefault(e) {
|
|
|
23
24
|
return Object.freeze(n);
|
|
24
25
|
}
|
|
25
26
|
|
|
26
|
-
var ___namespace = /*#__PURE__*/
|
|
27
|
+
var ___namespace = /*#__PURE__*/_interopNamespace(_);
|
|
27
28
|
|
|
28
29
|
const { ApplicationError } = utils.errors;
|
|
29
30
|
var user = {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"user.js","sources":["../../../../../server/src/controllers/user.ts"],"sourcesContent":["import type { Context } from 'koa';\n\nimport * as _ from 'lodash';\nimport { errors } from '@strapi/utils';\nimport {\n validateUserCreationInput,\n validateUserUpdateInput,\n validateUsersDeleteInput,\n} from '../validation/user';\nimport { getService } from '../utils';\nimport { normalizeEmail } from '../utils/normalize-email';\nimport {\n Create,\n DeleteMany,\n DeleteOne,\n FindAll,\n FindOne,\n Update,\n} from '../../../shared/contracts/user';\nimport { AdminUser } from '../../../shared/contracts/shared';\n\nconst { ApplicationError } = errors;\n\nexport default {\n async create(ctx: Context) {\n const { body } = ctx.request as Create.Request;\n const cleanData = { ...body, email: _.get(body, `email`, ``).toLowerCase() };\n\n await validateUserCreationInput(cleanData);\n\n const attributes = _.pick(cleanData, [\n 'firstname',\n 'lastname',\n 'email',\n 'roles',\n 'preferedLanguage',\n ]);\n\n const userAlreadyExists = await getService('user').exists({\n email: attributes.email,\n });\n\n if (userAlreadyExists) {\n throw new ApplicationError('Email already taken');\n }\n\n const createdUser = await getService('user').create(attributes);\n\n const userInfo = getService('user').sanitizeUser(createdUser);\n\n // Note: We need to assign manually the registrationToken to the\n // final user payload so that it's not removed in the sanitation process.\n Object.assign(userInfo, { registrationToken: createdUser.registrationToken });\n\n // Send 201 created\n ctx.created({ data: userInfo } satisfies Create.Response);\n },\n\n async find(ctx: Context) {\n const userService = getService('user');\n\n const permissionsManager = strapi.service('admin::permission').createPermissionsManager({\n ability: ctx.state.userAbility,\n model: 'admin::user',\n });\n\n await permissionsManager.validateQuery(ctx.query);\n const sanitizedQuery = await permissionsManager.sanitizeQuery(ctx.query);\n\n // @ts-expect-error update the service type\n const { results, pagination } = await userService.findPage(sanitizedQuery);\n\n ctx.body = {\n data: {\n results: results.map((user: AdminUser) => userService.sanitizeUser(user)),\n pagination,\n },\n } satisfies FindAll.Response;\n },\n\n async findOne(ctx: Context) {\n const { id } = ctx.params as FindOne.Params;\n\n const user = await getService('user').findOne(id);\n\n if (!user) {\n return ctx.notFound('User does not exist');\n }\n\n ctx.body = {\n data: getService('user').sanitizeUser(user as AdminUser),\n } as FindOne.Response;\n },\n\n async update(ctx: Context) {\n const { id } = ctx.params as Update.Params;\n const data = normalizeEmail((ctx.request as Update.Request).body);\n\n await validateUserUpdateInput(data);\n\n if (_.has(data, 'email')) {\n const uniqueEmailCheck = await getService('user').exists({\n id: { $ne: id },\n email: data.email,\n });\n\n if (uniqueEmailCheck) {\n throw new ApplicationError('A user with this email address already exists');\n }\n }\n\n const updatedUser = await getService('user').updateById(id, data);\n\n if (!updatedUser) {\n return ctx.notFound('User does not exist');\n }\n\n ctx.body = {\n data: getService('user').sanitizeUser(updatedUser),\n } satisfies Update.Response;\n },\n\n async deleteOne(ctx: Context) {\n const { id } = ctx.params as DeleteOne.Params;\n const user = ctx.state.user as AdminUser | undefined;\n\n if (user && user.id === id) {\n throw new ApplicationError('You cannot delete your own user');\n }\n\n const deletedUser = await getService('user').deleteById(id);\n\n if (!deletedUser) {\n return ctx.notFound('User not found');\n }\n\n return ctx.deleted({\n data: getService('user').sanitizeUser(deletedUser),\n } satisfies DeleteOne.Response);\n },\n\n /**\n * Delete several users\n * @param ctx - koa context\n */\n async deleteMany(ctx: Context) {\n const { body } = ctx.request as DeleteMany.Request;\n const user = ctx.state.user as AdminUser | undefined;\n await validateUsersDeleteInput(body);\n const idsSet = new Set(body.ids);\n\n // Prevent self-deletion\n if (user && idsSet.has(user.id)) {\n throw new ApplicationError('You cannot delete your own user');\n }\n const users = await getService('user').deleteByIds(body.ids);\n\n const sanitizedUsers = users.map(getService('user').sanitizeUser);\n\n return ctx.deleted({\n data: sanitizedUsers,\n } satisfies DeleteMany.Response);\n },\n};\n"],"names":["ApplicationError","errors","create","ctx","body","request","cleanData","email","_","get","toLowerCase","validateUserCreationInput","attributes","pick","userAlreadyExists","getService","exists","createdUser","userInfo","sanitizeUser","Object","assign","registrationToken","created","data","find","userService","permissionsManager","strapi","service","createPermissionsManager","ability","state","userAbility","model","validateQuery","query","sanitizedQuery","sanitizeQuery","results","pagination","findPage","map","user","findOne","id","params","notFound","update","normalizeEmail","validateUserUpdateInput","has","uniqueEmailCheck","$ne","updatedUser","updateById","deleteOne","deletedUser","deleteById","deleted","deleteMany","validateUsersDeleteInput","idsSet","Set","ids","users","deleteByIds","sanitizedUsers"],"mappings":"
|
|
1
|
+
{"version":3,"file":"user.js","sources":["../../../../../server/src/controllers/user.ts"],"sourcesContent":["import type { Context } from 'koa';\n\nimport * as _ from 'lodash';\nimport { errors } from '@strapi/utils';\nimport {\n validateUserCreationInput,\n validateUserUpdateInput,\n validateUsersDeleteInput,\n} from '../validation/user';\nimport { getService } from '../utils';\nimport { normalizeEmail } from '../utils/normalize-email';\nimport {\n Create,\n DeleteMany,\n DeleteOne,\n FindAll,\n FindOne,\n Update,\n} from '../../../shared/contracts/user';\nimport { AdminUser } from '../../../shared/contracts/shared';\n\nconst { ApplicationError } = errors;\n\nexport default {\n async create(ctx: Context) {\n const { body } = ctx.request as Create.Request;\n const cleanData = { ...body, email: _.get(body, `email`, ``).toLowerCase() };\n\n await validateUserCreationInput(cleanData);\n\n const attributes = _.pick(cleanData, [\n 'firstname',\n 'lastname',\n 'email',\n 'roles',\n 'preferedLanguage',\n ]);\n\n const userAlreadyExists = await getService('user').exists({\n email: attributes.email,\n });\n\n if (userAlreadyExists) {\n throw new ApplicationError('Email already taken');\n }\n\n const createdUser = await getService('user').create(attributes);\n\n const userInfo = getService('user').sanitizeUser(createdUser);\n\n // Note: We need to assign manually the registrationToken to the\n // final user payload so that it's not removed in the sanitation process.\n Object.assign(userInfo, { registrationToken: createdUser.registrationToken });\n\n // Send 201 created\n ctx.created({ data: userInfo } satisfies Create.Response);\n },\n\n async find(ctx: Context) {\n const userService = getService('user');\n\n const permissionsManager = strapi.service('admin::permission').createPermissionsManager({\n ability: ctx.state.userAbility,\n model: 'admin::user',\n });\n\n await permissionsManager.validateQuery(ctx.query);\n const sanitizedQuery = await permissionsManager.sanitizeQuery(ctx.query);\n\n // @ts-expect-error update the service type\n const { results, pagination } = await userService.findPage(sanitizedQuery);\n\n ctx.body = {\n data: {\n results: results.map((user: AdminUser) => userService.sanitizeUser(user)),\n pagination,\n },\n } satisfies FindAll.Response;\n },\n\n async findOne(ctx: Context) {\n const { id } = ctx.params as FindOne.Params;\n\n const user = await getService('user').findOne(id);\n\n if (!user) {\n return ctx.notFound('User does not exist');\n }\n\n ctx.body = {\n data: getService('user').sanitizeUser(user as AdminUser),\n } as FindOne.Response;\n },\n\n async update(ctx: Context) {\n const { id } = ctx.params as Update.Params;\n const data = normalizeEmail((ctx.request as Update.Request).body);\n\n await validateUserUpdateInput(data);\n\n if (_.has(data, 'email')) {\n const uniqueEmailCheck = await getService('user').exists({\n id: { $ne: id },\n email: data.email,\n });\n\n if (uniqueEmailCheck) {\n throw new ApplicationError('A user with this email address already exists');\n }\n }\n\n const updatedUser = await getService('user').updateById(id, data);\n\n if (!updatedUser) {\n return ctx.notFound('User does not exist');\n }\n\n ctx.body = {\n data: getService('user').sanitizeUser(updatedUser),\n } satisfies Update.Response;\n },\n\n async deleteOne(ctx: Context) {\n const { id } = ctx.params as DeleteOne.Params;\n const user = ctx.state.user as AdminUser | undefined;\n\n if (user && user.id === id) {\n throw new ApplicationError('You cannot delete your own user');\n }\n\n const deletedUser = await getService('user').deleteById(id);\n\n if (!deletedUser) {\n return ctx.notFound('User not found');\n }\n\n return ctx.deleted({\n data: getService('user').sanitizeUser(deletedUser),\n } satisfies DeleteOne.Response);\n },\n\n /**\n * Delete several users\n * @param ctx - koa context\n */\n async deleteMany(ctx: Context) {\n const { body } = ctx.request as DeleteMany.Request;\n const user = ctx.state.user as AdminUser | undefined;\n await validateUsersDeleteInput(body);\n const idsSet = new Set(body.ids);\n\n // Prevent self-deletion\n if (user && idsSet.has(user.id)) {\n throw new ApplicationError('You cannot delete your own user');\n }\n const users = await getService('user').deleteByIds(body.ids);\n\n const sanitizedUsers = users.map(getService('user').sanitizeUser);\n\n return ctx.deleted({\n data: sanitizedUsers,\n } satisfies DeleteMany.Response);\n },\n};\n"],"names":["ApplicationError","errors","create","ctx","body","request","cleanData","email","_","get","toLowerCase","validateUserCreationInput","attributes","pick","userAlreadyExists","getService","exists","createdUser","userInfo","sanitizeUser","Object","assign","registrationToken","created","data","find","userService","permissionsManager","strapi","service","createPermissionsManager","ability","state","userAbility","model","validateQuery","query","sanitizedQuery","sanitizeQuery","results","pagination","findPage","map","user","findOne","id","params","notFound","update","normalizeEmail","validateUserUpdateInput","has","uniqueEmailCheck","$ne","updatedUser","updateById","deleteOne","deletedUser","deleteById","deleted","deleteMany","validateUsersDeleteInput","idsSet","Set","ids","users","deleteByIds","sanitizedUsers"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAqBA,MAAM,EAAEA,gBAAgB,EAAE,GAAGC,YAAAA;AAE7B,WAAe;AACb,IAAA,MAAMC,QAAOC,GAAY,EAAA;AACvB,QAAA,MAAM,EAAEC,IAAI,EAAE,GAAGD,IAAIE,OAAO;AAC5B,QAAA,MAAMC,SAAAA,GAAY;AAAE,YAAA,GAAGF,IAAI;YAAEG,KAAAA,EAAOC,YAAAA,CAAEC,GAAG,CAACL,IAAAA,EAAM,CAAC,KAAK,CAAC,EAAE,CAAA,CAAE,CAAA,CAAEM,WAAW;AAAG,SAAA;AAE3E,QAAA,MAAMC,gCAAAA,CAA0BL,SAAAA,CAAAA;AAEhC,QAAA,MAAMM,UAAAA,GAAaJ,YAAAA,CAAEK,IAAI,CAACP,SAAAA,EAAW;AACnC,YAAA,WAAA;AACA,YAAA,UAAA;AACA,YAAA,OAAA;AACA,YAAA,OAAA;AACA,YAAA;AACD,SAAA,CAAA;AAED,QAAA,MAAMQ,iBAAAA,GAAoB,MAAMC,gBAAAA,CAAW,MAAA,CAAA,CAAQC,MAAM,CAAC;AACxDT,YAAAA,KAAAA,EAAOK,WAAWL;AACpB,SAAA,CAAA;AAEA,QAAA,IAAIO,iBAAAA,EAAmB;AACrB,YAAA,MAAM,IAAId,gBAAAA,CAAiB,qBAAA,CAAA;AAC7B,QAAA;AAEA,QAAA,MAAMiB,WAAAA,GAAc,MAAMF,gBAAAA,CAAW,MAAA,CAAA,CAAQb,MAAM,CAACU,UAAAA,CAAAA;AAEpD,QAAA,MAAMM,QAAAA,GAAWH,gBAAAA,CAAW,MAAA,CAAA,CAAQI,YAAY,CAACF,WAAAA,CAAAA;;;QAIjDG,MAAAA,CAAOC,MAAM,CAACH,QAAAA,EAAU;AAAEI,YAAAA,iBAAAA,EAAmBL,YAAYK;AAAkB,SAAA,CAAA;;AAG3EnB,QAAAA,GAAAA,CAAIoB,OAAO,CAAC;YAAEC,IAAAA,EAAMN;AAAS,SAAA,CAAA;AAC/B,IAAA,CAAA;AAEA,IAAA,MAAMO,MAAKtB,GAAY,EAAA;AACrB,QAAA,MAAMuB,cAAcX,gBAAAA,CAAW,MAAA,CAAA;AAE/B,QAAA,MAAMY,qBAAqBC,MAAAA,CAAOC,OAAO,CAAC,mBAAA,CAAA,CAAqBC,wBAAwB,CAAC;YACtFC,OAAAA,EAAS5B,GAAAA,CAAI6B,KAAK,CAACC,WAAW;YAC9BC,KAAAA,EAAO;AACT,SAAA,CAAA;AAEA,QAAA,MAAMP,kBAAAA,CAAmBQ,aAAa,CAAChC,GAAAA,CAAIiC,KAAK,CAAA;AAChD,QAAA,MAAMC,iBAAiB,MAAMV,kBAAAA,CAAmBW,aAAa,CAACnC,IAAIiC,KAAK,CAAA;;QAGvE,MAAM,EAAEG,OAAO,EAAEC,UAAU,EAAE,GAAG,MAAMd,WAAAA,CAAYe,QAAQ,CAACJ,cAAAA,CAAAA;AAE3DlC,QAAAA,GAAAA,CAAIC,IAAI,GAAG;YACToB,IAAAA,EAAM;AACJe,gBAAAA,OAAAA,EAASA,QAAQG,GAAG,CAAC,CAACC,IAAAA,GAAoBjB,WAAAA,CAAYP,YAAY,CAACwB,IAAAA,CAAAA,CAAAA;AACnEH,gBAAAA;AACF;AACF,SAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAMI,SAAQzC,GAAY,EAAA;AACxB,QAAA,MAAM,EAAE0C,EAAE,EAAE,GAAG1C,IAAI2C,MAAM;AAEzB,QAAA,MAAMH,IAAAA,GAAO,MAAM5B,gBAAAA,CAAW,MAAA,CAAA,CAAQ6B,OAAO,CAACC,EAAAA,CAAAA;AAE9C,QAAA,IAAI,CAACF,IAAAA,EAAM;YACT,OAAOxC,GAAAA,CAAI4C,QAAQ,CAAC,qBAAA,CAAA;AACtB,QAAA;AAEA5C,QAAAA,GAAAA,CAAIC,IAAI,GAAG;YACToB,IAAAA,EAAMT,gBAAAA,CAAW,MAAA,CAAA,CAAQI,YAAY,CAACwB,IAAAA;AACxC,SAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAMK,QAAO7C,GAAY,EAAA;AACvB,QAAA,MAAM,EAAE0C,EAAE,EAAE,GAAG1C,IAAI2C,MAAM;AACzB,QAAA,MAAMtB,OAAOyB,6BAAAA,CAAgB9C,GAAAA,CAAIE,OAAO,CAAoBD,IAAI,CAAA;AAEhE,QAAA,MAAM8C,8BAAAA,CAAwB1B,IAAAA,CAAAA;AAE9B,QAAA,IAAIhB,YAAAA,CAAE2C,GAAG,CAAC3B,IAAAA,EAAM,OAAA,CAAA,EAAU;AACxB,YAAA,MAAM4B,gBAAAA,GAAmB,MAAMrC,gBAAAA,CAAW,MAAA,CAAA,CAAQC,MAAM,CAAC;gBACvD6B,EAAAA,EAAI;oBAAEQ,GAAAA,EAAKR;AAAG,iBAAA;AACdtC,gBAAAA,KAAAA,EAAOiB,KAAKjB;AACd,aAAA,CAAA;AAEA,YAAA,IAAI6C,gBAAAA,EAAkB;AACpB,gBAAA,MAAM,IAAIpD,gBAAAA,CAAiB,+CAAA,CAAA;AAC7B,YAAA;AACF,QAAA;AAEA,QAAA,MAAMsD,cAAc,MAAMvC,gBAAAA,CAAW,MAAA,CAAA,CAAQwC,UAAU,CAACV,EAAAA,EAAIrB,IAAAA,CAAAA;AAE5D,QAAA,IAAI,CAAC8B,WAAAA,EAAa;YAChB,OAAOnD,GAAAA,CAAI4C,QAAQ,CAAC,qBAAA,CAAA;AACtB,QAAA;AAEA5C,QAAAA,GAAAA,CAAIC,IAAI,GAAG;YACToB,IAAAA,EAAMT,gBAAAA,CAAW,MAAA,CAAA,CAAQI,YAAY,CAACmC,WAAAA;AACxC,SAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAME,WAAUrD,GAAY,EAAA;AAC1B,QAAA,MAAM,EAAE0C,EAAE,EAAE,GAAG1C,IAAI2C,MAAM;AACzB,QAAA,MAAMH,IAAAA,GAAOxC,GAAAA,CAAI6B,KAAK,CAACW,IAAI;AAE3B,QAAA,IAAIA,IAAAA,IAAQA,IAAAA,CAAKE,EAAE,KAAKA,EAAAA,EAAI;AAC1B,YAAA,MAAM,IAAI7C,gBAAAA,CAAiB,iCAAA,CAAA;AAC7B,QAAA;AAEA,QAAA,MAAMyD,WAAAA,GAAc,MAAM1C,gBAAAA,CAAW,MAAA,CAAA,CAAQ2C,UAAU,CAACb,EAAAA,CAAAA;AAExD,QAAA,IAAI,CAACY,WAAAA,EAAa;YAChB,OAAOtD,GAAAA,CAAI4C,QAAQ,CAAC,gBAAA,CAAA;AACtB,QAAA;QAEA,OAAO5C,GAAAA,CAAIwD,OAAO,CAAC;YACjBnC,IAAAA,EAAMT,gBAAAA,CAAW,MAAA,CAAA,CAAQI,YAAY,CAACsC,WAAAA;AACxC,SAAA,CAAA;AACF,IAAA,CAAA;AAEA;;;MAIA,MAAMG,YAAWzD,GAAY,EAAA;AAC3B,QAAA,MAAM,EAAEC,IAAI,EAAE,GAAGD,IAAIE,OAAO;AAC5B,QAAA,MAAMsC,IAAAA,GAAOxC,GAAAA,CAAI6B,KAAK,CAACW,IAAI;AAC3B,QAAA,MAAMkB,+BAAAA,CAAyBzD,IAAAA,CAAAA;AAC/B,QAAA,MAAM0D,MAAAA,GAAS,IAAIC,GAAAA,CAAI3D,IAAAA,CAAK4D,GAAG,CAAA;;AAG/B,QAAA,IAAIrB,QAAQmB,MAAAA,CAAOX,GAAG,CAACR,IAAAA,CAAKE,EAAE,CAAA,EAAG;AAC/B,YAAA,MAAM,IAAI7C,gBAAAA,CAAiB,iCAAA,CAAA;AAC7B,QAAA;AACA,QAAA,MAAMiE,QAAQ,MAAMlD,gBAAAA,CAAW,QAAQmD,WAAW,CAAC9D,KAAK4D,GAAG,CAAA;AAE3D,QAAA,MAAMG,iBAAiBF,KAAAA,CAAMvB,GAAG,CAAC3B,gBAAAA,CAAW,QAAQI,YAAY,CAAA;QAEhE,OAAOhB,GAAAA,CAAIwD,OAAO,CAAC;YACjBnC,IAAAA,EAAM2C;AACR,SAAA,CAAA;AACF,IAAA;AACF,CAAA;;;;"}
|
|
@@ -4,6 +4,11 @@ var isLocalhostIp = require('is-localhost-ip');
|
|
|
4
4
|
var _ = require('lodash');
|
|
5
5
|
var utils = require('@strapi/utils');
|
|
6
6
|
|
|
7
|
+
function _interopDefault (e) { return e && e.__esModule ? e : { default: e }; }
|
|
8
|
+
|
|
9
|
+
var isLocalhostIp__default = /*#__PURE__*/_interopDefault(isLocalhostIp);
|
|
10
|
+
var ___default = /*#__PURE__*/_interopDefault(_);
|
|
11
|
+
|
|
7
12
|
const urlRegex = /^(?:([a-z0-9+.-]+):\/\/)(?:\S+(?::\S*)?@)?(?:(?:[1-9]\d?|1\d\d|2[01]\d|22[0-3])(?:\.(?:1?\d{1,2}|2[0-4]\d|25[0-5])){2}(?:\.(?:[1-9]\d?|1\d\d|2[0-4]\d|25[0-4]))|(?:(?:[a-z\u00a1-\uffff0-9_]-*)*[a-z\u00a1-\uffff0-9_]+)(?:\.(?:[a-z\u00a1-\uffff0-9_]-*)*[a-z\u00a1-\uffff0-9_]+)*\.?)(?::\d{2,5})?(?:[/?#]\S*)?$/;
|
|
8
13
|
const webhookValidator = utils.yup.object({
|
|
9
14
|
name: utils.yup.string().required(),
|
|
@@ -13,7 +18,7 @@ const webhookValidator = utils.yup.object({
|
|
|
13
18
|
}
|
|
14
19
|
try {
|
|
15
20
|
const parsedUrl = new URL(url);
|
|
16
|
-
const isLocalUrl = await
|
|
21
|
+
const isLocalUrl = await isLocalhostIp__default.default(parsedUrl.hostname);
|
|
17
22
|
return !isLocalUrl;
|
|
18
23
|
} catch {
|
|
19
24
|
return false;
|
|
@@ -24,7 +29,7 @@ const webhookValidator = utils.yup.object({
|
|
|
24
29
|
return utils.yup.object().required();
|
|
25
30
|
}
|
|
26
31
|
return utils.yup.object(// @ts-expect-error lodash types
|
|
27
|
-
|
|
32
|
+
___default.default.mapValues(data, ()=>{
|
|
28
33
|
utils.yup.string().min(1).required();
|
|
29
34
|
})).required();
|
|
30
35
|
}),
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"webhooks.js","sources":["../../../../../server/src/controllers/webhooks.ts"],"sourcesContent":["import isLocalhostIp from 'is-localhost-ip';\nimport type { Context } from 'koa';\nimport _ from 'lodash';\n\nimport { yup, validateYupSchema } from '@strapi/utils';\n\nimport type { Modules } from '@strapi/types';\n\nimport {\n CreateWebhook,\n DeleteWebhook,\n DeleteWebhooks,\n GetWebhook,\n UpdateWebhook,\n TriggerWebhook,\n GetWebhooks,\n} from '../../../shared/contracts/webhooks';\n\nconst urlRegex =\n /^(?:([a-z0-9+.-]+):\\/\\/)(?:\\S+(?::\\S*)?@)?(?:(?:[1-9]\\d?|1\\d\\d|2[01]\\d|22[0-3])(?:\\.(?:1?\\d{1,2}|2[0-4]\\d|25[0-5])){2}(?:\\.(?:[1-9]\\d?|1\\d\\d|2[0-4]\\d|25[0-4]))|(?:(?:[a-z\\u00a1-\\uffff0-9_]-*)*[a-z\\u00a1-\\uffff0-9_]+)(?:\\.(?:[a-z\\u00a1-\\uffff0-9_]-*)*[a-z\\u00a1-\\uffff0-9_]+)*\\.?)(?::\\d{2,5})?(?:[/?#]\\S*)?$/;\n\nconst webhookValidator = yup\n .object({\n name: yup.string().required(),\n url: yup\n .string()\n .matches(urlRegex, 'url must be a valid URL')\n .required()\n .test(\n 'is-public-url',\n \"Url is not supported because it isn't reachable over the public internet\",\n async (url) => {\n if (process.env.NODE_ENV !== 'production') {\n return true;\n }\n\n try {\n const parsedUrl = new URL(url!);\n const isLocalUrl = await isLocalhostIp(parsedUrl.hostname);\n return !isLocalUrl;\n } catch {\n return false;\n }\n }\n ),\n headers: yup.lazy((data) => {\n if (typeof data !== 'object') {\n return yup.object().required();\n }\n\n return yup\n .object(\n // @ts-expect-error lodash types\n _.mapValues(data, () => {\n yup.string().min(1).required();\n })\n )\n .required();\n }),\n events: yup.array().of(yup.string()).required(),\n })\n .noUnknown();\n\nconst updateWebhookValidator = webhookValidator.shape({\n isEnabled: yup.boolean(),\n});\n\nexport default {\n async listWebhooks(ctx: Context) {\n const webhooks = await strapi.get('webhookStore').findWebhooks();\n ctx.send({ data: webhooks } satisfies GetWebhooks.Response);\n },\n\n async getWebhook(ctx: Context) {\n const { id } = ctx.params;\n const webhook = await strapi.get('webhookStore').findWebhook(id);\n\n if (!webhook) {\n return ctx.notFound('webhook.notFound');\n }\n\n ctx.send({ data: webhook } satisfies GetWebhook.Response);\n },\n\n async createWebhook(ctx: Context) {\n const { body } = ctx.request as CreateWebhook.Request;\n\n await validateYupSchema(webhookValidator)(body);\n\n const webhook = await strapi.get('webhookStore').createWebhook(body);\n\n strapi.get('webhookRunner').add(webhook);\n\n ctx.created({ data: webhook } satisfies CreateWebhook.Response);\n },\n\n async updateWebhook(ctx: Context) {\n const { id } = ctx.params as UpdateWebhook.Params;\n const { body } = ctx.request as UpdateWebhook.Request;\n\n await validateYupSchema(updateWebhookValidator)(body);\n\n const webhook = await strapi.get('webhookStore').findWebhook(id);\n\n if (!webhook) {\n return ctx.notFound('webhook.notFound');\n }\n\n const updatedWebhook = await strapi.get('webhookStore').updateWebhook(id, {\n ...webhook,\n ...body,\n });\n\n if (!updatedWebhook) {\n return ctx.notFound('webhook.notFound');\n }\n\n strapi.get('webhookRunner').update(updatedWebhook);\n\n ctx.send({ data: updatedWebhook } satisfies UpdateWebhook.Response);\n },\n\n async deleteWebhook(ctx: Context) {\n const { id } = ctx.params;\n const webhook = await strapi.get('webhookStore').findWebhook(id);\n\n if (!webhook) {\n return ctx.notFound('webhook.notFound');\n }\n\n await strapi.get('webhookStore').deleteWebhook(id);\n\n strapi.get('webhookRunner').remove(webhook);\n\n ctx.body = { data: webhook } satisfies DeleteWebhook.Response;\n },\n\n async deleteWebhooks(ctx: Context) {\n const { ids } = ctx.request.body as DeleteWebhooks.Request['body'];\n\n if (!Array.isArray(ids) || ids.length === 0) {\n return ctx.badRequest('ids must be an array of id');\n }\n\n for (const id of ids) {\n const webhook = await strapi.get('webhookStore').findWebhook(id);\n\n if (webhook) {\n await strapi.get('webhookStore').deleteWebhook(id);\n strapi.get('webhookRunner').remove(webhook);\n }\n }\n\n ctx.send({ data: ids } satisfies DeleteWebhooks.Response);\n },\n\n async triggerWebhook(ctx: Context) {\n const { id } = ctx.params;\n\n const webhook = await strapi.get('webhookStore').findWebhook(id);\n\n const response = await strapi\n .get('webhookRunner')\n .run(webhook as Modules.WebhookStore.Webhook, 'trigger-test', {});\n\n ctx.body = { data: response } satisfies TriggerWebhook.Response;\n },\n};\n"],"names":["urlRegex","webhookValidator","yup","object","name","string","required","url","matches","test","process","env","NODE_ENV","parsedUrl","URL","isLocalUrl","isLocalhostIp","hostname","headers","lazy","data","_","mapValues","min","events","array","of","noUnknown","updateWebhookValidator","shape","isEnabled","boolean","listWebhooks","ctx","webhooks","strapi","get","findWebhooks","send","getWebhook","id","params","webhook","findWebhook","notFound","createWebhook","body","request","validateYupSchema","add","created","updateWebhook","updatedWebhook","update","deleteWebhook","remove","deleteWebhooks","ids","Array","isArray","length","badRequest","triggerWebhook","response","run"],"mappings":";;;;;;AAkBA,MAAMA,QAAAA,GACJ,oTAAA;AAEF,MAAMC,gBAAAA,GAAmBC,SAAAA,CACtBC,MAAM,CAAC;IACNC,IAAAA,EAAMF,SAAAA,CAAIG,MAAM,EAAA,CAAGC,QAAQ,EAAA;AAC3BC,IAAAA,GAAAA,EAAKL,SAAAA,CACFG,MAAM,EAAA,CACNG,OAAO,CAACR,QAAAA,EAAU,yBAAA,CAAA,CAClBM,QAAQ,EAAA,CACRG,IAAI,CACH,eAAA,EACA,4EACA,OAAOF,GAAAA,GAAAA;AACL,QAAA,IAAIG,OAAAA,CAAQC,GAAG,CAACC,QAAQ,KAAK,YAAA,EAAc;YACzC,OAAO,IAAA;AACT,QAAA;QAEA,IAAI;YACF,MAAMC,SAAAA,GAAY,IAAIC,GAAAA,CAAIP,GAAAA,CAAAA;AAC1B,YAAA,MAAMQ,UAAAA,GAAa,MAAMC,aAAAA,CAAcH,SAAAA,CAAUI,QAAQ,CAAA;AACzD,YAAA,OAAO,CAACF,UAAAA;AACV,QAAA,CAAA,CAAE,OAAM;YACN,OAAO,KAAA;AACT,QAAA;AACF,IAAA,CAAA,CAAA;IAEJG,OAAAA,EAAShB,SAAAA,CAAIiB,IAAI,CAAC,CAACC,IAAAA,GAAAA;QACjB,IAAI,OAAOA,SAAS,QAAA,EAAU;YAC5B,OAAOlB,SAAAA,CAAIC,MAAM,EAAA,CAAGG,QAAQ,EAAA;AAC9B,QAAA;QAEA,OAAOJ,SAAAA,CACJC,MAAM;QAELkB,CAAAA,CAAEC,SAAS,CAACF,IAAAA,EAAM,IAAA;AAChBlB,YAAAA,SAAAA,CAAIG,MAAM,EAAA,CAAGkB,GAAG,CAAC,GAAGjB,QAAQ,EAAA;AAC9B,QAAA,CAAA,CAAA,CAAA,CAEDA,QAAQ,EAAA;AACb,IAAA,CAAA,CAAA;IACAkB,MAAAA,EAAQtB,SAAAA,CAAIuB,KAAK,EAAA,CAAGC,EAAE,CAACxB,SAAAA,CAAIG,MAAM,IAAIC,QAAQ;AAC/C,CAAA,CAAA,CACCqB,SAAS,EAAA;AAEZ,MAAMC,sBAAAA,GAAyB3B,gBAAAA,CAAiB4B,KAAK,CAAC;AACpDC,IAAAA,SAAAA,EAAW5B,UAAI6B,OAAO;AACxB,CAAA,CAAA;AAEA,eAAe;AACb,IAAA,MAAMC,cAAaC,GAAY,EAAA;AAC7B,QAAA,MAAMC,WAAW,MAAMC,MAAAA,CAAOC,GAAG,CAAC,gBAAgBC,YAAY,EAAA;AAC9DJ,QAAAA,GAAAA,CAAIK,IAAI,CAAC;YAAElB,IAAAA,EAAMc;AAAS,SAAA,CAAA;AAC5B,IAAA,CAAA;AAEA,IAAA,MAAMK,YAAWN,GAAY,EAAA;AAC3B,QAAA,MAAM,EAAEO,EAAE,EAAE,GAAGP,IAAIQ,MAAM;AACzB,QAAA,MAAMC,UAAU,MAAMP,MAAAA,CAAOC,GAAG,CAAC,cAAA,CAAA,CAAgBO,WAAW,CAACH,EAAAA,CAAAA;AAE7D,QAAA,IAAI,CAACE,OAAAA,EAAS;YACZ,OAAOT,GAAAA,CAAIW,QAAQ,CAAC,kBAAA,CAAA;AACtB,QAAA;AAEAX,QAAAA,GAAAA,CAAIK,IAAI,CAAC;YAAElB,IAAAA,EAAMsB;AAAQ,SAAA,CAAA;AAC3B,IAAA,CAAA;AAEA,IAAA,MAAMG,eAAcZ,GAAY,EAAA;AAC9B,QAAA,MAAM,EAAEa,IAAI,EAAE,GAAGb,IAAIc,OAAO;AAE5B,QAAA,MAAMC,wBAAkB/C,gBAAAA,CAAAA,CAAkB6C,IAAAA,CAAAA;AAE1C,QAAA,MAAMJ,UAAU,MAAMP,MAAAA,CAAOC,GAAG,CAAC,cAAA,CAAA,CAAgBS,aAAa,CAACC,IAAAA,CAAAA;AAE/DX,QAAAA,MAAAA,CAAOC,GAAG,CAAC,eAAA,CAAA,CAAiBa,GAAG,CAACP,OAAAA,CAAAA;AAEhCT,QAAAA,GAAAA,CAAIiB,OAAO,CAAC;YAAE9B,IAAAA,EAAMsB;AAAQ,SAAA,CAAA;AAC9B,IAAA,CAAA;AAEA,IAAA,MAAMS,eAAclB,GAAY,EAAA;AAC9B,QAAA,MAAM,EAAEO,EAAE,EAAE,GAAGP,IAAIQ,MAAM;AACzB,QAAA,MAAM,EAAEK,IAAI,EAAE,GAAGb,IAAIc,OAAO;AAE5B,QAAA,MAAMC,wBAAkBpB,sBAAAA,CAAAA,CAAwBkB,IAAAA,CAAAA;AAEhD,QAAA,MAAMJ,UAAU,MAAMP,MAAAA,CAAOC,GAAG,CAAC,cAAA,CAAA,CAAgBO,WAAW,CAACH,EAAAA,CAAAA;AAE7D,QAAA,IAAI,CAACE,OAAAA,EAAS;YACZ,OAAOT,GAAAA,CAAIW,QAAQ,CAAC,kBAAA,CAAA;AACtB,QAAA;QAEA,MAAMQ,cAAAA,GAAiB,MAAMjB,MAAAA,CAAOC,GAAG,CAAC,cAAA,CAAA,CAAgBe,aAAa,CAACX,EAAAA,EAAI;AACxE,YAAA,GAAGE,OAAO;AACV,YAAA,GAAGI;AACL,SAAA,CAAA;AAEA,QAAA,IAAI,CAACM,cAAAA,EAAgB;YACnB,OAAOnB,GAAAA,CAAIW,QAAQ,CAAC,kBAAA,CAAA;AACtB,QAAA;AAEAT,QAAAA,MAAAA,CAAOC,GAAG,CAAC,eAAA,CAAA,CAAiBiB,MAAM,CAACD,cAAAA,CAAAA;AAEnCnB,QAAAA,GAAAA,CAAIK,IAAI,CAAC;YAAElB,IAAAA,EAAMgC;AAAe,SAAA,CAAA;AAClC,IAAA,CAAA;AAEA,IAAA,MAAME,eAAcrB,GAAY,EAAA;AAC9B,QAAA,MAAM,EAAEO,EAAE,EAAE,GAAGP,IAAIQ,MAAM;AACzB,QAAA,MAAMC,UAAU,MAAMP,MAAAA,CAAOC,GAAG,CAAC,cAAA,CAAA,CAAgBO,WAAW,CAACH,EAAAA,CAAAA;AAE7D,QAAA,IAAI,CAACE,OAAAA,EAAS;YACZ,OAAOT,GAAAA,CAAIW,QAAQ,CAAC,kBAAA,CAAA;AACtB,QAAA;AAEA,QAAA,MAAMT,MAAAA,CAAOC,GAAG,CAAC,cAAA,CAAA,CAAgBkB,aAAa,CAACd,EAAAA,CAAAA;AAE/CL,QAAAA,MAAAA,CAAOC,GAAG,CAAC,eAAA,CAAA,CAAiBmB,MAAM,CAACb,OAAAA,CAAAA;AAEnCT,QAAAA,GAAAA,CAAIa,IAAI,GAAG;YAAE1B,IAAAA,EAAMsB;AAAQ,SAAA;AAC7B,IAAA,CAAA;AAEA,IAAA,MAAMc,gBAAevB,GAAY,EAAA;AAC/B,QAAA,MAAM,EAAEwB,GAAG,EAAE,GAAGxB,GAAAA,CAAIc,OAAO,CAACD,IAAI;QAEhC,IAAI,CAACY,MAAMC,OAAO,CAACF,QAAQA,GAAAA,CAAIG,MAAM,KAAK,CAAA,EAAG;YAC3C,OAAO3B,GAAAA,CAAI4B,UAAU,CAAC,4BAAA,CAAA;AACxB,QAAA;QAEA,KAAK,MAAMrB,MAAMiB,GAAAA,CAAK;AACpB,YAAA,MAAMf,UAAU,MAAMP,MAAAA,CAAOC,GAAG,CAAC,cAAA,CAAA,CAAgBO,WAAW,CAACH,EAAAA,CAAAA;AAE7D,YAAA,IAAIE,OAAAA,EAAS;AACX,gBAAA,MAAMP,MAAAA,CAAOC,GAAG,CAAC,cAAA,CAAA,CAAgBkB,aAAa,CAACd,EAAAA,CAAAA;AAC/CL,gBAAAA,MAAAA,CAAOC,GAAG,CAAC,eAAA,CAAA,CAAiBmB,MAAM,CAACb,OAAAA,CAAAA;AACrC,YAAA;AACF,QAAA;AAEAT,QAAAA,GAAAA,CAAIK,IAAI,CAAC;YAAElB,IAAAA,EAAMqC;AAAI,SAAA,CAAA;AACvB,IAAA,CAAA;AAEA,IAAA,MAAMK,gBAAe7B,GAAY,EAAA;AAC/B,QAAA,MAAM,EAAEO,EAAE,EAAE,GAAGP,IAAIQ,MAAM;AAEzB,QAAA,MAAMC,UAAU,MAAMP,MAAAA,CAAOC,GAAG,CAAC,cAAA,CAAA,CAAgBO,WAAW,CAACH,EAAAA,CAAAA;QAE7D,MAAMuB,QAAAA,GAAW,MAAM5B,MAAAA,CACpBC,GAAG,CAAC,iBACJ4B,GAAG,CAACtB,OAAAA,EAAyC,cAAA,EAAgB,EAAC,CAAA;AAEjET,QAAAA,GAAAA,CAAIa,IAAI,GAAG;YAAE1B,IAAAA,EAAM2C;AAAS,SAAA;AAC9B,IAAA;AACF,CAAA;;;;"}
|
|
1
|
+
{"version":3,"file":"webhooks.js","sources":["../../../../../server/src/controllers/webhooks.ts"],"sourcesContent":["import isLocalhostIp from 'is-localhost-ip';\nimport type { Context } from 'koa';\nimport _ from 'lodash';\n\nimport { yup, validateYupSchema } from '@strapi/utils';\n\nimport type { Modules } from '@strapi/types';\n\nimport {\n CreateWebhook,\n DeleteWebhook,\n DeleteWebhooks,\n GetWebhook,\n UpdateWebhook,\n TriggerWebhook,\n GetWebhooks,\n} from '../../../shared/contracts/webhooks';\n\nconst urlRegex =\n /^(?:([a-z0-9+.-]+):\\/\\/)(?:\\S+(?::\\S*)?@)?(?:(?:[1-9]\\d?|1\\d\\d|2[01]\\d|22[0-3])(?:\\.(?:1?\\d{1,2}|2[0-4]\\d|25[0-5])){2}(?:\\.(?:[1-9]\\d?|1\\d\\d|2[0-4]\\d|25[0-4]))|(?:(?:[a-z\\u00a1-\\uffff0-9_]-*)*[a-z\\u00a1-\\uffff0-9_]+)(?:\\.(?:[a-z\\u00a1-\\uffff0-9_]-*)*[a-z\\u00a1-\\uffff0-9_]+)*\\.?)(?::\\d{2,5})?(?:[/?#]\\S*)?$/;\n\nconst webhookValidator = yup\n .object({\n name: yup.string().required(),\n url: yup\n .string()\n .matches(urlRegex, 'url must be a valid URL')\n .required()\n .test(\n 'is-public-url',\n \"Url is not supported because it isn't reachable over the public internet\",\n async (url) => {\n if (process.env.NODE_ENV !== 'production') {\n return true;\n }\n\n try {\n const parsedUrl = new URL(url!);\n const isLocalUrl = await isLocalhostIp(parsedUrl.hostname);\n return !isLocalUrl;\n } catch {\n return false;\n }\n }\n ),\n headers: yup.lazy((data) => {\n if (typeof data !== 'object') {\n return yup.object().required();\n }\n\n return yup\n .object(\n // @ts-expect-error lodash types\n _.mapValues(data, () => {\n yup.string().min(1).required();\n })\n )\n .required();\n }),\n events: yup.array().of(yup.string()).required(),\n })\n .noUnknown();\n\nconst updateWebhookValidator = webhookValidator.shape({\n isEnabled: yup.boolean(),\n});\n\nexport default {\n async listWebhooks(ctx: Context) {\n const webhooks = await strapi.get('webhookStore').findWebhooks();\n ctx.send({ data: webhooks } satisfies GetWebhooks.Response);\n },\n\n async getWebhook(ctx: Context) {\n const { id } = ctx.params;\n const webhook = await strapi.get('webhookStore').findWebhook(id);\n\n if (!webhook) {\n return ctx.notFound('webhook.notFound');\n }\n\n ctx.send({ data: webhook } satisfies GetWebhook.Response);\n },\n\n async createWebhook(ctx: Context) {\n const { body } = ctx.request as CreateWebhook.Request;\n\n await validateYupSchema(webhookValidator)(body);\n\n const webhook = await strapi.get('webhookStore').createWebhook(body);\n\n strapi.get('webhookRunner').add(webhook);\n\n ctx.created({ data: webhook } satisfies CreateWebhook.Response);\n },\n\n async updateWebhook(ctx: Context) {\n const { id } = ctx.params as UpdateWebhook.Params;\n const { body } = ctx.request as UpdateWebhook.Request;\n\n await validateYupSchema(updateWebhookValidator)(body);\n\n const webhook = await strapi.get('webhookStore').findWebhook(id);\n\n if (!webhook) {\n return ctx.notFound('webhook.notFound');\n }\n\n const updatedWebhook = await strapi.get('webhookStore').updateWebhook(id, {\n ...webhook,\n ...body,\n });\n\n if (!updatedWebhook) {\n return ctx.notFound('webhook.notFound');\n }\n\n strapi.get('webhookRunner').update(updatedWebhook);\n\n ctx.send({ data: updatedWebhook } satisfies UpdateWebhook.Response);\n },\n\n async deleteWebhook(ctx: Context) {\n const { id } = ctx.params;\n const webhook = await strapi.get('webhookStore').findWebhook(id);\n\n if (!webhook) {\n return ctx.notFound('webhook.notFound');\n }\n\n await strapi.get('webhookStore').deleteWebhook(id);\n\n strapi.get('webhookRunner').remove(webhook);\n\n ctx.body = { data: webhook } satisfies DeleteWebhook.Response;\n },\n\n async deleteWebhooks(ctx: Context) {\n const { ids } = ctx.request.body as DeleteWebhooks.Request['body'];\n\n if (!Array.isArray(ids) || ids.length === 0) {\n return ctx.badRequest('ids must be an array of id');\n }\n\n for (const id of ids) {\n const webhook = await strapi.get('webhookStore').findWebhook(id);\n\n if (webhook) {\n await strapi.get('webhookStore').deleteWebhook(id);\n strapi.get('webhookRunner').remove(webhook);\n }\n }\n\n ctx.send({ data: ids } satisfies DeleteWebhooks.Response);\n },\n\n async triggerWebhook(ctx: Context) {\n const { id } = ctx.params;\n\n const webhook = await strapi.get('webhookStore').findWebhook(id);\n\n const response = await strapi\n .get('webhookRunner')\n .run(webhook as Modules.WebhookStore.Webhook, 'trigger-test', {});\n\n ctx.body = { data: response } satisfies TriggerWebhook.Response;\n },\n};\n"],"names":["urlRegex","webhookValidator","yup","object","name","string","required","url","matches","test","process","env","NODE_ENV","parsedUrl","URL","isLocalUrl","isLocalhostIp","hostname","headers","lazy","data","_","mapValues","min","events","array","of","noUnknown","updateWebhookValidator","shape","isEnabled","boolean","listWebhooks","ctx","webhooks","strapi","get","findWebhooks","send","getWebhook","id","params","webhook","findWebhook","notFound","createWebhook","body","request","validateYupSchema","add","created","updateWebhook","updatedWebhook","update","deleteWebhook","remove","deleteWebhooks","ids","Array","isArray","length","badRequest","triggerWebhook","response","run"],"mappings":";;;;;;;;;;;AAkBA,MAAMA,QAAAA,GACJ,oTAAA;AAEF,MAAMC,gBAAAA,GAAmBC,SAAAA,CACtBC,MAAM,CAAC;IACNC,IAAAA,EAAMF,SAAAA,CAAIG,MAAM,EAAA,CAAGC,QAAQ,EAAA;AAC3BC,IAAAA,GAAAA,EAAKL,SAAAA,CACFG,MAAM,EAAA,CACNG,OAAO,CAACR,QAAAA,EAAU,yBAAA,CAAA,CAClBM,QAAQ,EAAA,CACRG,IAAI,CACH,eAAA,EACA,4EACA,OAAOF,GAAAA,GAAAA;AACL,QAAA,IAAIG,OAAAA,CAAQC,GAAG,CAACC,QAAQ,KAAK,YAAA,EAAc;YACzC,OAAO,IAAA;AACT,QAAA;QAEA,IAAI;YACF,MAAMC,SAAAA,GAAY,IAAIC,GAAAA,CAAIP,GAAAA,CAAAA;AAC1B,YAAA,MAAMQ,UAAAA,GAAa,MAAMC,8BAAAA,CAAcH,SAAAA,CAAUI,QAAQ,CAAA;AACzD,YAAA,OAAO,CAACF,UAAAA;AACV,QAAA,CAAA,CAAE,OAAM;YACN,OAAO,KAAA;AACT,QAAA;AACF,IAAA,CAAA,CAAA;IAEJG,OAAAA,EAAShB,SAAAA,CAAIiB,IAAI,CAAC,CAACC,IAAAA,GAAAA;QACjB,IAAI,OAAOA,SAAS,QAAA,EAAU;YAC5B,OAAOlB,SAAAA,CAAIC,MAAM,EAAA,CAAGG,QAAQ,EAAA;AAC9B,QAAA;QAEA,OAAOJ,SAAAA,CACJC,MAAM;QAELkB,kBAAAA,CAAEC,SAAS,CAACF,IAAAA,EAAM,IAAA;AAChBlB,YAAAA,SAAAA,CAAIG,MAAM,EAAA,CAAGkB,GAAG,CAAC,GAAGjB,QAAQ,EAAA;AAC9B,QAAA,CAAA,CAAA,CAAA,CAEDA,QAAQ,EAAA;AACb,IAAA,CAAA,CAAA;IACAkB,MAAAA,EAAQtB,SAAAA,CAAIuB,KAAK,EAAA,CAAGC,EAAE,CAACxB,SAAAA,CAAIG,MAAM,IAAIC,QAAQ;AAC/C,CAAA,CAAA,CACCqB,SAAS,EAAA;AAEZ,MAAMC,sBAAAA,GAAyB3B,gBAAAA,CAAiB4B,KAAK,CAAC;AACpDC,IAAAA,SAAAA,EAAW5B,UAAI6B,OAAO;AACxB,CAAA,CAAA;AAEA,eAAe;AACb,IAAA,MAAMC,cAAaC,GAAY,EAAA;AAC7B,QAAA,MAAMC,WAAW,MAAMC,MAAAA,CAAOC,GAAG,CAAC,gBAAgBC,YAAY,EAAA;AAC9DJ,QAAAA,GAAAA,CAAIK,IAAI,CAAC;YAAElB,IAAAA,EAAMc;AAAS,SAAA,CAAA;AAC5B,IAAA,CAAA;AAEA,IAAA,MAAMK,YAAWN,GAAY,EAAA;AAC3B,QAAA,MAAM,EAAEO,EAAE,EAAE,GAAGP,IAAIQ,MAAM;AACzB,QAAA,MAAMC,UAAU,MAAMP,MAAAA,CAAOC,GAAG,CAAC,cAAA,CAAA,CAAgBO,WAAW,CAACH,EAAAA,CAAAA;AAE7D,QAAA,IAAI,CAACE,OAAAA,EAAS;YACZ,OAAOT,GAAAA,CAAIW,QAAQ,CAAC,kBAAA,CAAA;AACtB,QAAA;AAEAX,QAAAA,GAAAA,CAAIK,IAAI,CAAC;YAAElB,IAAAA,EAAMsB;AAAQ,SAAA,CAAA;AAC3B,IAAA,CAAA;AAEA,IAAA,MAAMG,eAAcZ,GAAY,EAAA;AAC9B,QAAA,MAAM,EAAEa,IAAI,EAAE,GAAGb,IAAIc,OAAO;AAE5B,QAAA,MAAMC,wBAAkB/C,gBAAAA,CAAAA,CAAkB6C,IAAAA,CAAAA;AAE1C,QAAA,MAAMJ,UAAU,MAAMP,MAAAA,CAAOC,GAAG,CAAC,cAAA,CAAA,CAAgBS,aAAa,CAACC,IAAAA,CAAAA;AAE/DX,QAAAA,MAAAA,CAAOC,GAAG,CAAC,eAAA,CAAA,CAAiBa,GAAG,CAACP,OAAAA,CAAAA;AAEhCT,QAAAA,GAAAA,CAAIiB,OAAO,CAAC;YAAE9B,IAAAA,EAAMsB;AAAQ,SAAA,CAAA;AAC9B,IAAA,CAAA;AAEA,IAAA,MAAMS,eAAclB,GAAY,EAAA;AAC9B,QAAA,MAAM,EAAEO,EAAE,EAAE,GAAGP,IAAIQ,MAAM;AACzB,QAAA,MAAM,EAAEK,IAAI,EAAE,GAAGb,IAAIc,OAAO;AAE5B,QAAA,MAAMC,wBAAkBpB,sBAAAA,CAAAA,CAAwBkB,IAAAA,CAAAA;AAEhD,QAAA,MAAMJ,UAAU,MAAMP,MAAAA,CAAOC,GAAG,CAAC,cAAA,CAAA,CAAgBO,WAAW,CAACH,EAAAA,CAAAA;AAE7D,QAAA,IAAI,CAACE,OAAAA,EAAS;YACZ,OAAOT,GAAAA,CAAIW,QAAQ,CAAC,kBAAA,CAAA;AACtB,QAAA;QAEA,MAAMQ,cAAAA,GAAiB,MAAMjB,MAAAA,CAAOC,GAAG,CAAC,cAAA,CAAA,CAAgBe,aAAa,CAACX,EAAAA,EAAI;AACxE,YAAA,GAAGE,OAAO;AACV,YAAA,GAAGI;AACL,SAAA,CAAA;AAEA,QAAA,IAAI,CAACM,cAAAA,EAAgB;YACnB,OAAOnB,GAAAA,CAAIW,QAAQ,CAAC,kBAAA,CAAA;AACtB,QAAA;AAEAT,QAAAA,MAAAA,CAAOC,GAAG,CAAC,eAAA,CAAA,CAAiBiB,MAAM,CAACD,cAAAA,CAAAA;AAEnCnB,QAAAA,GAAAA,CAAIK,IAAI,CAAC;YAAElB,IAAAA,EAAMgC;AAAe,SAAA,CAAA;AAClC,IAAA,CAAA;AAEA,IAAA,MAAME,eAAcrB,GAAY,EAAA;AAC9B,QAAA,MAAM,EAAEO,EAAE,EAAE,GAAGP,IAAIQ,MAAM;AACzB,QAAA,MAAMC,UAAU,MAAMP,MAAAA,CAAOC,GAAG,CAAC,cAAA,CAAA,CAAgBO,WAAW,CAACH,EAAAA,CAAAA;AAE7D,QAAA,IAAI,CAACE,OAAAA,EAAS;YACZ,OAAOT,GAAAA,CAAIW,QAAQ,CAAC,kBAAA,CAAA;AACtB,QAAA;AAEA,QAAA,MAAMT,MAAAA,CAAOC,GAAG,CAAC,cAAA,CAAA,CAAgBkB,aAAa,CAACd,EAAAA,CAAAA;AAE/CL,QAAAA,MAAAA,CAAOC,GAAG,CAAC,eAAA,CAAA,CAAiBmB,MAAM,CAACb,OAAAA,CAAAA;AAEnCT,QAAAA,GAAAA,CAAIa,IAAI,GAAG;YAAE1B,IAAAA,EAAMsB;AAAQ,SAAA;AAC7B,IAAA,CAAA;AAEA,IAAA,MAAMc,gBAAevB,GAAY,EAAA;AAC/B,QAAA,MAAM,EAAEwB,GAAG,EAAE,GAAGxB,GAAAA,CAAIc,OAAO,CAACD,IAAI;QAEhC,IAAI,CAACY,MAAMC,OAAO,CAACF,QAAQA,GAAAA,CAAIG,MAAM,KAAK,CAAA,EAAG;YAC3C,OAAO3B,GAAAA,CAAI4B,UAAU,CAAC,4BAAA,CAAA;AACxB,QAAA;QAEA,KAAK,MAAMrB,MAAMiB,GAAAA,CAAK;AACpB,YAAA,MAAMf,UAAU,MAAMP,MAAAA,CAAOC,GAAG,CAAC,cAAA,CAAA,CAAgBO,WAAW,CAACH,EAAAA,CAAAA;AAE7D,YAAA,IAAIE,OAAAA,EAAS;AACX,gBAAA,MAAMP,MAAAA,CAAOC,GAAG,CAAC,cAAA,CAAA,CAAgBkB,aAAa,CAACd,EAAAA,CAAAA;AAC/CL,gBAAAA,MAAAA,CAAOC,GAAG,CAAC,eAAA,CAAA,CAAiBmB,MAAM,CAACb,OAAAA,CAAAA;AACrC,YAAA;AACF,QAAA;AAEAT,QAAAA,GAAAA,CAAIK,IAAI,CAAC;YAAElB,IAAAA,EAAMqC;AAAI,SAAA,CAAA;AACvB,IAAA,CAAA;AAEA,IAAA,MAAMK,gBAAe7B,GAAY,EAAA;AAC/B,QAAA,MAAM,EAAEO,EAAE,EAAE,GAAGP,IAAIQ,MAAM;AAEzB,QAAA,MAAMC,UAAU,MAAMP,MAAAA,CAAOC,GAAG,CAAC,cAAA,CAAA,CAAgBO,WAAW,CAACH,EAAAA,CAAAA;QAE7D,MAAMuB,QAAAA,GAAW,MAAM5B,MAAAA,CACpBC,GAAG,CAAC,iBACJ4B,GAAG,CAACtB,OAAAA,EAAyC,cAAA,EAAgB,EAAC,CAAA;AAEjET,QAAAA,GAAAA,CAAIa,IAAI,GAAG;YAAE1B,IAAAA,EAAM2C;AAAS,SAAA;AAC9B,IAAA;AACF,CAAA;;;;"}
|
|
@@ -4,7 +4,12 @@ var path = require('path');
|
|
|
4
4
|
var utils = require('@strapi/utils');
|
|
5
5
|
var fp = require('lodash/fp');
|
|
6
6
|
|
|
7
|
-
|
|
7
|
+
function _interopDefault (e) { return e && e.__esModule ? e : { default: e }; }
|
|
8
|
+
|
|
9
|
+
var path__default = /*#__PURE__*/_interopDefault(path);
|
|
10
|
+
var utils__default = /*#__PURE__*/_interopDefault(utils);
|
|
11
|
+
|
|
12
|
+
const { RateLimitError } = utils__default.default.errors;
|
|
8
13
|
var rateLimit = ((config, { strapi })=>async (ctx, next)=>{
|
|
9
14
|
let rateLimitConfig = strapi.config.get('admin.rateLimit');
|
|
10
15
|
if (!rateLimitConfig) {
|
|
@@ -21,7 +26,7 @@ var rateLimit = ((config, { strapi })=>async (ctx, next)=>{
|
|
|
21
26
|
const rateLimit = require('koa2-ratelimit').RateLimit;
|
|
22
27
|
const requestEmail = fp.get('request.body.email')(ctx);
|
|
23
28
|
const userEmail = fp.isString(requestEmail) ? requestEmail.toLowerCase() : 'unknownEmail';
|
|
24
|
-
const requestPath = fp.isString(ctx.request.path) ? fp.toLower(
|
|
29
|
+
const requestPath = fp.isString(ctx.request.path) ? fp.toLower(path__default.default.normalize(ctx.request.path)).replace(/\/$/, '') : 'invalidPath';
|
|
25
30
|
const loadConfig = {
|
|
26
31
|
interval: {
|
|
27
32
|
min: 5
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"rateLimit.js","sources":["../../../../../server/src/middlewares/rateLimit.ts"],"sourcesContent":["import type { Context, Next } from 'koa';\nimport path from 'path';\nimport utils from '@strapi/utils';\nimport { isString, has, toLower, get } from 'lodash/fp';\nimport type { Core } from '@strapi/types';\n\nconst { RateLimitError } = utils.errors;\n\nexport default (config: any, { strapi }: { strapi: Core.Strapi }) =>\n async (ctx: Context, next: Next) => {\n let rateLimitConfig = strapi.config.get('admin.rateLimit') as any;\n\n if (!rateLimitConfig) {\n rateLimitConfig = {\n enabled: true,\n };\n }\n\n if (!has('enabled', rateLimitConfig)) {\n rateLimitConfig.enabled = true;\n }\n\n if (rateLimitConfig.enabled === true) {\n // TODO: TS - Do the dynamic import\n // eslint-disable-next-line @typescript-eslint/no-var-requires\n const rateLimit = require('koa2-ratelimit').RateLimit;\n\n const requestEmail = get('request.body.email')(ctx);\n const userEmail = isString(requestEmail) ? requestEmail.toLowerCase() : 'unknownEmail';\n\n const requestPath = isString(ctx.request.path)\n ? toLower(path.normalize(ctx.request.path)).replace(/\\/$/, '')\n : 'invalidPath';\n\n const loadConfig = {\n interval: { min: 5 },\n max: 5,\n prefixKey: `${userEmail}:${requestPath}:${ctx.request.ip}`,\n handler() {\n throw new RateLimitError();\n },\n ...rateLimitConfig,\n ...config,\n };\n\n return rateLimit.middleware(loadConfig)(ctx, next);\n }\n\n return next();\n };\n"],"names":["RateLimitError","utils","errors","config","strapi","ctx","next","rateLimitConfig","get","enabled","has","rateLimit","require","RateLimit","requestEmail","userEmail","isString","toLowerCase","requestPath","request","path","toLower","normalize","replace","loadConfig","interval","min","max","prefixKey","ip","handler","middleware"],"mappings":"
|
|
1
|
+
{"version":3,"file":"rateLimit.js","sources":["../../../../../server/src/middlewares/rateLimit.ts"],"sourcesContent":["import type { Context, Next } from 'koa';\nimport path from 'path';\nimport utils from '@strapi/utils';\nimport { isString, has, toLower, get } from 'lodash/fp';\nimport type { Core } from '@strapi/types';\n\nconst { RateLimitError } = utils.errors;\n\nexport default (config: any, { strapi }: { strapi: Core.Strapi }) =>\n async (ctx: Context, next: Next) => {\n let rateLimitConfig = strapi.config.get('admin.rateLimit') as any;\n\n if (!rateLimitConfig) {\n rateLimitConfig = {\n enabled: true,\n };\n }\n\n if (!has('enabled', rateLimitConfig)) {\n rateLimitConfig.enabled = true;\n }\n\n if (rateLimitConfig.enabled === true) {\n // TODO: TS - Do the dynamic import\n // eslint-disable-next-line @typescript-eslint/no-var-requires\n const rateLimit = require('koa2-ratelimit').RateLimit;\n\n const requestEmail = get('request.body.email')(ctx);\n const userEmail = isString(requestEmail) ? requestEmail.toLowerCase() : 'unknownEmail';\n\n const requestPath = isString(ctx.request.path)\n ? toLower(path.normalize(ctx.request.path)).replace(/\\/$/, '')\n : 'invalidPath';\n\n const loadConfig = {\n interval: { min: 5 },\n max: 5,\n prefixKey: `${userEmail}:${requestPath}:${ctx.request.ip}`,\n handler() {\n throw new RateLimitError();\n },\n ...rateLimitConfig,\n ...config,\n };\n\n return rateLimit.middleware(loadConfig)(ctx, next);\n }\n\n return next();\n };\n"],"names":["RateLimitError","utils","errors","config","strapi","ctx","next","rateLimitConfig","get","enabled","has","rateLimit","require","RateLimit","requestEmail","userEmail","isString","toLowerCase","requestPath","request","path","toLower","normalize","replace","loadConfig","interval","min","max","prefixKey","ip","handler","middleware"],"mappings":";;;;;;;;;;;AAMA,MAAM,EAAEA,cAAc,EAAE,GAAGC,uBAAMC,MAAM;AAEvC,gBAAe,CAAA,CAACC,MAAAA,EAAa,EAAEC,MAAM,EAA2B,GAC9D,OAAOC,GAAAA,EAAcC,IAAAA,GAAAA;AACnB,QAAA,IAAIC,eAAAA,GAAkBH,MAAAA,CAAOD,MAAM,CAACK,GAAG,CAAC,iBAAA,CAAA;AAExC,QAAA,IAAI,CAACD,eAAAA,EAAiB;YACpBA,eAAAA,GAAkB;gBAChBE,OAAAA,EAAS;AACX,aAAA;AACF,QAAA;QAEA,IAAI,CAACC,MAAAA,CAAI,SAAA,EAAWH,eAAAA,CAAAA,EAAkB;AACpCA,YAAAA,eAAAA,CAAgBE,OAAO,GAAG,IAAA;AAC5B,QAAA;QAEA,IAAIF,eAAAA,CAAgBE,OAAO,KAAK,IAAA,EAAM;;;YAGpC,MAAME,SAAAA,GAAYC,OAAAA,CAAQ,gBAAA,CAAA,CAAkBC,SAAS;YAErD,MAAMC,YAAAA,GAAeN,OAAI,oBAAA,CAAA,CAAsBH,GAAAA,CAAAA;AAC/C,YAAA,MAAMU,SAAAA,GAAYC,WAAAA,CAASF,YAAAA,CAAAA,GAAgBA,YAAAA,CAAaG,WAAW,EAAA,GAAK,cAAA;AAExE,YAAA,MAAMC,cAAcF,WAAAA,CAASX,GAAAA,CAAIc,OAAO,CAACC,IAAI,IACzCC,UAAAA,CAAQD,qBAAAA,CAAKE,SAAS,CAACjB,GAAAA,CAAIc,OAAO,CAACC,IAAI,GAAGG,OAAO,CAAC,OAAO,EAAA,CAAA,GACzD,aAAA;AAEJ,YAAA,MAAMC,UAAAA,GAAa;gBACjBC,QAAAA,EAAU;oBAAEC,GAAAA,EAAK;AAAE,iBAAA;gBACnBC,GAAAA,EAAK,CAAA;gBACLC,SAAAA,EAAW,CAAA,EAAGb,SAAAA,CAAU,CAAC,EAAEG,WAAAA,CAAY,CAAC,EAAEb,GAAAA,CAAIc,OAAO,CAACU,EAAE,CAAA,CAAE;AAC1DC,gBAAAA,OAAAA,CAAAA,GAAAA;AACE,oBAAA,MAAM,IAAI9B,cAAAA,EAAAA;AACZ,gBAAA,CAAA;AACA,gBAAA,GAAGO,eAAe;AAClB,gBAAA,GAAGJ;AACL,aAAA;AAEA,YAAA,OAAOQ,SAAAA,CAAUoB,UAAU,CAACP,UAAAA,CAAAA,CAAYnB,GAAAA,EAAKC,IAAAA,CAAAA;AAC/C,QAAA;QAEA,OAAOA,IAAAA,EAAAA;AACT,IAAA,CAAA;;;;"}
|
|
@@ -4,16 +4,20 @@ var _ = require('lodash');
|
|
|
4
4
|
var utils = require('@strapi/utils');
|
|
5
5
|
var hasPermissions$1 = require('../validation/policies/hasPermissions.js');
|
|
6
6
|
|
|
7
|
+
function _interopDefault (e) { return e && e.__esModule ? e : { default: e }; }
|
|
8
|
+
|
|
9
|
+
var ___default = /*#__PURE__*/_interopDefault(_);
|
|
10
|
+
|
|
7
11
|
const { createPolicy } = utils.policy;
|
|
8
12
|
const inputModifiers = [
|
|
9
13
|
{
|
|
10
|
-
check:
|
|
14
|
+
check: ___default.default.isString,
|
|
11
15
|
transform: (action)=>({
|
|
12
16
|
action
|
|
13
17
|
})
|
|
14
18
|
},
|
|
15
19
|
{
|
|
16
|
-
check:
|
|
20
|
+
check: ___default.default.isArray,
|
|
17
21
|
transform: (arr)=>({
|
|
18
22
|
action: arr[0],
|
|
19
23
|
subject: arr[1]
|
|
@@ -21,7 +25,7 @@ const inputModifiers = [
|
|
|
21
25
|
},
|
|
22
26
|
{
|
|
23
27
|
// Has to be after the isArray check since _.isObject also matches arrays
|
|
24
|
-
check:
|
|
28
|
+
check: ___default.default.isObject,
|
|
25
29
|
transform: (perm)=>perm
|
|
26
30
|
}
|
|
27
31
|
];
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"hasPermissions.js","sources":["../../../../../server/src/policies/hasPermissions.ts"],"sourcesContent":["import _ from 'lodash';\nimport { policy } from '@strapi/utils';\nimport { validateHasPermissionsInput } from '../validation/policies/hasPermissions';\n\nconst { createPolicy } = policy;\n\nconst inputModifiers = [\n {\n check: _.isString,\n transform: (action: any) => ({ action }),\n },\n {\n check: _.isArray,\n transform: (arr: any) => ({ action: arr[0], subject: arr[1] }),\n },\n {\n // Has to be after the isArray check since _.isObject also matches arrays\n check: _.isObject,\n transform: (perm: any) => perm,\n },\n];\n\nexport default createPolicy({\n name: 'admin::hasPermissions',\n validator: validateHasPermissionsInput,\n handler(ctx, config) {\n const { actions } = config;\n const { userAbility: ability } = ctx.state;\n\n const permissions = actions.map((action: any) =>\n inputModifiers.find((modifier) => modifier.check(action))?.transform(action)\n );\n\n const isAuthorized = permissions.every(({ action, subject }: any) =>\n ability.can(action, subject)\n );\n\n return isAuthorized;\n },\n});\n"],"names":["createPolicy","policy","inputModifiers","check","_","isString","transform","action","isArray","arr","subject","isObject","perm","name","validator","validateHasPermissionsInput","handler","ctx","config","actions","userAbility","ability","state","permissions","map","find","modifier","isAuthorized","every","can"],"mappings":"
|
|
1
|
+
{"version":3,"file":"hasPermissions.js","sources":["../../../../../server/src/policies/hasPermissions.ts"],"sourcesContent":["import _ from 'lodash';\nimport { policy } from '@strapi/utils';\nimport { validateHasPermissionsInput } from '../validation/policies/hasPermissions';\n\nconst { createPolicy } = policy;\n\nconst inputModifiers = [\n {\n check: _.isString,\n transform: (action: any) => ({ action }),\n },\n {\n check: _.isArray,\n transform: (arr: any) => ({ action: arr[0], subject: arr[1] }),\n },\n {\n // Has to be after the isArray check since _.isObject also matches arrays\n check: _.isObject,\n transform: (perm: any) => perm,\n },\n];\n\nexport default createPolicy({\n name: 'admin::hasPermissions',\n validator: validateHasPermissionsInput,\n handler(ctx, config) {\n const { actions } = config;\n const { userAbility: ability } = ctx.state;\n\n const permissions = actions.map((action: any) =>\n inputModifiers.find((modifier) => modifier.check(action))?.transform(action)\n );\n\n const isAuthorized = permissions.every(({ action, subject }: any) =>\n ability.can(action, subject)\n );\n\n return isAuthorized;\n },\n});\n"],"names":["createPolicy","policy","inputModifiers","check","_","isString","transform","action","isArray","arr","subject","isObject","perm","name","validator","validateHasPermissionsInput","handler","ctx","config","actions","userAbility","ability","state","permissions","map","find","modifier","isAuthorized","every","can"],"mappings":";;;;;;;;;;AAIA,MAAM,EAAEA,YAAY,EAAE,GAAGC,YAAAA;AAEzB,MAAMC,cAAAA,GAAiB;AACrB,IAAA;AACEC,QAAAA,KAAAA,EAAOC,mBAAEC,QAAQ;QACjBC,SAAAA,EAAW,CAACC,UAAiB;AAAEA,gBAAAA;aAAO;AACxC,KAAA;AACA,IAAA;AACEJ,QAAAA,KAAAA,EAAOC,mBAAEI,OAAO;QAChBF,SAAAA,EAAW,CAACG,OAAc;gBAAEF,MAAAA,EAAQE,GAAG,CAAC,CAAA,CAAE;gBAAEC,OAAAA,EAASD,GAAG,CAAC,CAAA;aAAG;AAC9D,KAAA;AACA,IAAA;;AAEEN,QAAAA,KAAAA,EAAOC,mBAAEO,QAAQ;AACjBL,QAAAA,SAAAA,EAAW,CAACM,IAAAA,GAAcA;AAC5B;AACD,CAAA;AAED,qBAAeZ,YAAAA,CAAa;IAC1Ba,IAAAA,EAAM,uBAAA;IACNC,SAAAA,EAAWC,4CAAAA;IACXC,OAAAA,CAAAA,CAAQC,GAAG,EAAEC,MAAM,EAAA;QACjB,MAAM,EAAEC,OAAO,EAAE,GAAGD,MAAAA;AACpB,QAAA,MAAM,EAAEE,WAAAA,EAAaC,OAAO,EAAE,GAAGJ,IAAIK,KAAK;AAE1C,QAAA,MAAMC,WAAAA,GAAcJ,OAAAA,CAAQK,GAAG,CAAC,CAACjB,MAAAA,GAC/BL,cAAAA,CAAeuB,IAAI,CAAC,CAACC,QAAAA,GAAaA,QAAAA,CAASvB,KAAK,CAACI,UAAUD,SAAAA,CAAUC,MAAAA,CAAAA,CAAAA;AAGvE,QAAA,MAAMoB,YAAAA,GAAeJ,WAAAA,CAAYK,KAAK,CAAC,CAAC,EAAErB,MAAM,EAAEG,OAAO,EAAO,GAC9DW,OAAAA,CAAQQ,GAAG,CAACtB,MAAAA,EAAQG,OAAAA,CAAAA,CAAAA;QAGtB,OAAOiB,YAAAA;AACT,IAAA;AACF,CAAA,CAAA;;;;"}
|
|
@@ -6,9 +6,14 @@ var path = require('path');
|
|
|
6
6
|
var fse = require('fs-extra');
|
|
7
7
|
var koaStatic = require('koa-static');
|
|
8
8
|
|
|
9
|
+
function _interopDefault (e) { return e && e.__esModule ? e : { default: e }; }
|
|
10
|
+
|
|
11
|
+
var fse__default = /*#__PURE__*/_interopDefault(fse);
|
|
12
|
+
var koaStatic__default = /*#__PURE__*/_interopDefault(koaStatic);
|
|
13
|
+
|
|
9
14
|
const registerAdminPanelRoute = ({ strapi })=>{
|
|
10
15
|
let buildDir = path.resolve(strapi.dirs.dist.root, 'build');
|
|
11
|
-
if (!
|
|
16
|
+
if (!fse__default.default.pathExistsSync(buildDir)) {
|
|
12
17
|
buildDir = path.resolve(__dirname, '../../build');
|
|
13
18
|
}
|
|
14
19
|
const serveAdminMiddleware = async (ctx, next)=>{
|
|
@@ -20,7 +25,7 @@ const registerAdminPanelRoute = ({ strapi })=>{
|
|
|
20
25
|
return;
|
|
21
26
|
}
|
|
22
27
|
ctx.type = 'html';
|
|
23
|
-
ctx.body =
|
|
28
|
+
ctx.body = fse__default.default.createReadStream(path.join(buildDir, 'index.html'));
|
|
24
29
|
};
|
|
25
30
|
strapi.server.routes([
|
|
26
31
|
{
|
|
@@ -49,7 +54,7 @@ const registerAdminPanelRoute = ({ strapi })=>{
|
|
|
49
54
|
};
|
|
50
55
|
// serveStatic is not supposed to be used to serve a folder that have sub-folders
|
|
51
56
|
const serveStatic = (filesDir, koaStaticOptions = {})=>{
|
|
52
|
-
const serve =
|
|
57
|
+
const serve = koaStatic__default.default(filesDir, koaStaticOptions);
|
|
53
58
|
return async (ctx, next)=>{
|
|
54
59
|
if (!path.extname(ctx.path)) {
|
|
55
60
|
await next();
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"serve-admin-panel.js","sources":["../../../../../server/src/routes/serve-admin-panel.ts"],"sourcesContent":["import type { Context, Next } from 'koa';\nimport { resolve, join, extname, basename } from 'path';\nimport fse from 'fs-extra';\nimport koaStatic from 'koa-static';\nimport type { Core } from '@strapi/types';\n\nconst registerAdminPanelRoute = ({ strapi }: { strapi: Core.Strapi }) => {\n let buildDir = resolve(strapi.dirs.dist.root, 'build');\n\n if (!fse.pathExistsSync(buildDir)) {\n buildDir = resolve(__dirname, '../../build');\n }\n\n const serveAdminMiddleware = async (ctx: Context, next: Next) => {\n await next();\n\n if (ctx.method !== 'HEAD' && ctx.method !== 'GET') {\n return;\n }\n\n if (ctx.body != null || ctx.status !== 404) {\n return;\n }\n\n ctx.type = 'html';\n ctx.body = fse.createReadStream(join(buildDir, 'index.html'));\n };\n\n strapi.server.routes([\n {\n method: 'GET',\n path: `${strapi.config.admin.path}/:path*`,\n handler: [\n serveAdminMiddleware,\n serveStatic(buildDir, {\n maxage: 31536000,\n defer: false,\n index: 'index.html',\n setHeaders(res: any, path: any) {\n const ext = extname(path);\n // publicly cache static files to avoid unnecessary network & disk access\n if (ext !== '.html') {\n res.setHeader('cache-control', 'public, max-age=31536000, immutable');\n }\n },\n }),\n ],\n config: { auth: false },\n },\n ]);\n};\n\n// serveStatic is not supposed to be used to serve a folder that have sub-folders\nexport const serveStatic = (filesDir: any, koaStaticOptions = {}) => {\n const serve = koaStatic(filesDir, koaStaticOptions);\n\n return async (ctx: Context, next: Next) => {\n if (!extname(ctx.path)) {\n await next();\n return;\n }\n\n const prev = ctx.path;\n const newPath = basename(ctx.path);\n\n ctx.path = newPath;\n await serve(ctx, async () => {\n ctx.path = prev;\n await next();\n ctx.path = newPath;\n });\n ctx.path = prev;\n };\n};\n\nexport default registerAdminPanelRoute;\n"],"names":["registerAdminPanelRoute","strapi","buildDir","resolve","dirs","dist","root","fse","pathExistsSync","__dirname","serveAdminMiddleware","ctx","next","method","body","status","type","createReadStream","join","server","routes","path","config","admin","handler","serveStatic","maxage","defer","index","setHeaders","res","ext","extname","setHeader","auth","filesDir","koaStaticOptions","serve","koaStatic","prev","newPath","basename"],"mappings":"
|
|
1
|
+
{"version":3,"file":"serve-admin-panel.js","sources":["../../../../../server/src/routes/serve-admin-panel.ts"],"sourcesContent":["import type { Context, Next } from 'koa';\nimport { resolve, join, extname, basename } from 'path';\nimport fse from 'fs-extra';\nimport koaStatic from 'koa-static';\nimport type { Core } from '@strapi/types';\n\nconst registerAdminPanelRoute = ({ strapi }: { strapi: Core.Strapi }) => {\n let buildDir = resolve(strapi.dirs.dist.root, 'build');\n\n if (!fse.pathExistsSync(buildDir)) {\n buildDir = resolve(__dirname, '../../build');\n }\n\n const serveAdminMiddleware = async (ctx: Context, next: Next) => {\n await next();\n\n if (ctx.method !== 'HEAD' && ctx.method !== 'GET') {\n return;\n }\n\n if (ctx.body != null || ctx.status !== 404) {\n return;\n }\n\n ctx.type = 'html';\n ctx.body = fse.createReadStream(join(buildDir, 'index.html'));\n };\n\n strapi.server.routes([\n {\n method: 'GET',\n path: `${strapi.config.admin.path}/:path*`,\n handler: [\n serveAdminMiddleware,\n serveStatic(buildDir, {\n maxage: 31536000,\n defer: false,\n index: 'index.html',\n setHeaders(res: any, path: any) {\n const ext = extname(path);\n // publicly cache static files to avoid unnecessary network & disk access\n if (ext !== '.html') {\n res.setHeader('cache-control', 'public, max-age=31536000, immutable');\n }\n },\n }),\n ],\n config: { auth: false },\n },\n ]);\n};\n\n// serveStatic is not supposed to be used to serve a folder that have sub-folders\nexport const serveStatic = (filesDir: any, koaStaticOptions = {}) => {\n const serve = koaStatic(filesDir, koaStaticOptions);\n\n return async (ctx: Context, next: Next) => {\n if (!extname(ctx.path)) {\n await next();\n return;\n }\n\n const prev = ctx.path;\n const newPath = basename(ctx.path);\n\n ctx.path = newPath;\n await serve(ctx, async () => {\n ctx.path = prev;\n await next();\n ctx.path = newPath;\n });\n ctx.path = prev;\n };\n};\n\nexport default registerAdminPanelRoute;\n"],"names":["registerAdminPanelRoute","strapi","buildDir","resolve","dirs","dist","root","fse","pathExistsSync","__dirname","serveAdminMiddleware","ctx","next","method","body","status","type","createReadStream","join","server","routes","path","config","admin","handler","serveStatic","maxage","defer","index","setHeaders","res","ext","extname","setHeader","auth","filesDir","koaStaticOptions","serve","koaStatic","prev","newPath","basename"],"mappings":";;;;;;;;;;;;;AAMA,MAAMA,uBAAAA,GAA0B,CAAC,EAAEC,MAAM,EAA2B,GAAA;IAClE,IAAIC,QAAAA,GAAWC,aAAQF,MAAAA,CAAOG,IAAI,CAACC,IAAI,CAACC,IAAI,EAAE,OAAA,CAAA;AAE9C,IAAA,IAAI,CAACC,oBAAAA,CAAIC,cAAc,CAACN,QAAAA,CAAAA,EAAW;AACjCA,QAAAA,QAAAA,GAAWC,aAAQM,SAAAA,EAAW,aAAA,CAAA;AAChC,IAAA;IAEA,MAAMC,oBAAAA,GAAuB,OAAOC,GAAAA,EAAcC,IAAAA,GAAAA;QAChD,MAAMA,IAAAA,EAAAA;AAEN,QAAA,IAAID,IAAIE,MAAM,KAAK,UAAUF,GAAAA,CAAIE,MAAM,KAAK,KAAA,EAAO;AACjD,YAAA;AACF,QAAA;AAEA,QAAA,IAAIF,IAAIG,IAAI,IAAI,QAAQH,GAAAA,CAAII,MAAM,KAAK,GAAA,EAAK;AAC1C,YAAA;AACF,QAAA;AAEAJ,QAAAA,GAAAA,CAAIK,IAAI,GAAG,MAAA;AACXL,QAAAA,GAAAA,CAAIG,IAAI,GAAGP,oBAAAA,CAAIU,gBAAgB,CAACC,UAAKhB,QAAAA,EAAU,YAAA,CAAA,CAAA;AACjD,IAAA,CAAA;IAEAD,MAAAA,CAAOkB,MAAM,CAACC,MAAM,CAAC;AACnB,QAAA;YACEP,MAAAA,EAAQ,KAAA;YACRQ,IAAAA,EAAM,CAAA,EAAGpB,OAAOqB,MAAM,CAACC,KAAK,CAACF,IAAI,CAAC,OAAO,CAAC;YAC1CG,OAAAA,EAAS;AACPd,gBAAAA,oBAAAA;AACAe,gBAAAA,WAAAA,CAAYvB,QAAAA,EAAU;oBACpBwB,MAAAA,EAAQ,QAAA;oBACRC,KAAAA,EAAO,KAAA;oBACPC,KAAAA,EAAO,YAAA;oBACPC,UAAAA,CAAAA,CAAWC,GAAQ,EAAET,MAAS,EAAA;AAC5B,wBAAA,MAAMU,MAAMC,YAAAA,CAAQX,MAAAA,CAAAA;;AAEpB,wBAAA,IAAIU,QAAQ,OAAA,EAAS;4BACnBD,GAAAA,CAAIG,SAAS,CAAC,eAAA,EAAiB,qCAAA,CAAA;AACjC,wBAAA;AACF,oBAAA;AACF,iBAAA;AACD,aAAA;YACDX,MAAAA,EAAQ;gBAAEY,IAAAA,EAAM;AAAM;AACxB;AACD,KAAA,CAAA;AACH;AAEA;MACaT,WAAAA,GAAc,CAACU,QAAAA,EAAeC,gBAAAA,GAAmB,EAAE,GAAA;IAC9D,MAAMC,KAAAA,GAAQC,2BAAUH,QAAAA,EAAUC,gBAAAA,CAAAA;AAElC,IAAA,OAAO,OAAOzB,GAAAA,EAAcC,IAAAA,GAAAA;AAC1B,QAAA,IAAI,CAACoB,YAAAA,CAAQrB,GAAAA,CAAIU,IAAI,CAAA,EAAG;YACtB,MAAMT,IAAAA,EAAAA;AACN,YAAA;AACF,QAAA;QAEA,MAAM2B,IAAAA,GAAO5B,IAAIU,IAAI;QACrB,MAAMmB,OAAAA,GAAUC,aAAAA,CAAS9B,GAAAA,CAAIU,IAAI,CAAA;AAEjCV,QAAAA,GAAAA,CAAIU,IAAI,GAAGmB,OAAAA;AACX,QAAA,MAAMH,MAAM1B,GAAAA,EAAK,UAAA;AACfA,YAAAA,GAAAA,CAAIU,IAAI,GAAGkB,IAAAA;YACX,MAAM3B,IAAAA,EAAAA;AACND,YAAAA,GAAAA,CAAIU,IAAI,GAAGmB,OAAAA;AACb,QAAA,CAAA,CAAA;AACA7B,QAAAA,GAAAA,CAAIU,IAAI,GAAGkB,IAAAA;AACb,IAAA,CAAA;AACF;;;;;"}
|
|
@@ -9,6 +9,10 @@ var index$1 = require('../domain/permission/index.js');
|
|
|
9
9
|
var permission = require('../validation/permission.js');
|
|
10
10
|
var apiTokenUtils = require('../strategies/api-token-utils.js');
|
|
11
11
|
|
|
12
|
+
function _interopDefault (e) { return e && e.__esModule ? e : { default: e }; }
|
|
13
|
+
|
|
14
|
+
var crypto__default = /*#__PURE__*/_interopDefault(crypto);
|
|
15
|
+
|
|
12
16
|
const { SUPER_ADMIN_CODE } = constants;
|
|
13
17
|
const { ValidationError, NotFoundError, UnauthorizedError } = utils.errors;
|
|
14
18
|
const assertOwnerMatchesCallingUser = async (adminUserOwner, callingUser)=>{
|
|
@@ -513,7 +517,7 @@ const pickComparableFields = fp.pick(COMPARABLE_FIELDS);
|
|
|
513
517
|
*/ const hash = (accessKey)=>{
|
|
514
518
|
const apiTokenCfg = strapi.config.get('admin.apiToken');
|
|
515
519
|
const salt = apiTokenCfg.salt;
|
|
516
|
-
return
|
|
520
|
+
return crypto__default.default.createHmac('sha512', salt).update(accessKey).digest('hex');
|
|
517
521
|
};
|
|
518
522
|
const authenticateAdminToken = async (accessToken)=>{
|
|
519
523
|
const apiToken = await getBy({
|
|
@@ -587,7 +591,7 @@ const getExpirationFields = (lifespan)=>{
|
|
|
587
591
|
* Create a token and its permissions
|
|
588
592
|
*/ const create = async (attributes, callingUser)=>{
|
|
589
593
|
const encryptionService = index.getService('encryption');
|
|
590
|
-
const accessKey =
|
|
594
|
+
const accessKey = crypto__default.default.randomBytes(128).toString('hex');
|
|
591
595
|
const encryptedKey = encryptionService.encrypt(accessKey);
|
|
592
596
|
assertValidLifespan(attributes.lifespan);
|
|
593
597
|
if (attributes.kind === 'content-api') {
|
|
@@ -691,7 +695,7 @@ const getExpirationFields = (lifespan)=>{
|
|
|
691
695
|
};
|
|
692
696
|
};
|
|
693
697
|
const regenerate = async (id)=>{
|
|
694
|
-
const accessKey =
|
|
698
|
+
const accessKey = crypto__default.default.randomBytes(128).toString('hex');
|
|
695
699
|
const encryptionService = index.getService('encryption');
|
|
696
700
|
const encryptedKey = encryptionService.encrypt(accessKey);
|
|
697
701
|
const apiToken = await strapi.db.query('admin::api-token').update({
|