@strapi/admin 5.49.0 → 5.50.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (369) hide show
  1. package/dist/admin/admin/src/components/ErrorElement.js +97 -2
  2. package/dist/admin/admin/src/components/ErrorElement.js.map +1 -1
  3. package/dist/admin/admin/src/components/ErrorElement.mjs +99 -4
  4. package/dist/admin/admin/src/components/ErrorElement.mjs.map +1 -1
  5. package/dist/admin/admin/src/components/FormInputs/Boolean.js +3 -2
  6. package/dist/admin/admin/src/components/FormInputs/Boolean.js.map +1 -1
  7. package/dist/admin/admin/src/components/FormInputs/Boolean.mjs +3 -2
  8. package/dist/admin/admin/src/components/FormInputs/Boolean.mjs.map +1 -1
  9. package/dist/admin/admin/src/components/LazyOutlet.js +57 -0
  10. package/dist/admin/admin/src/components/LazyOutlet.js.map +1 -0
  11. package/dist/admin/admin/src/components/LazyOutlet.mjs +35 -0
  12. package/dist/admin/admin/src/components/LazyOutlet.mjs.map +1 -0
  13. package/dist/admin/admin/src/components/MainNav/NavUser.js +10 -0
  14. package/dist/admin/admin/src/components/MainNav/NavUser.js.map +1 -1
  15. package/dist/admin/admin/src/components/MainNav/NavUser.mjs +10 -0
  16. package/dist/admin/admin/src/components/MainNav/NavUser.mjs.map +1 -1
  17. package/dist/admin/admin/src/components/RelativeTime.js +3 -2
  18. package/dist/admin/admin/src/components/RelativeTime.js.map +1 -1
  19. package/dist/admin/admin/src/components/RelativeTime.mjs +3 -2
  20. package/dist/admin/admin/src/components/RelativeTime.mjs.map +1 -1
  21. package/dist/admin/admin/src/core/apis/router.js +19 -17
  22. package/dist/admin/admin/src/core/apis/router.js.map +1 -1
  23. package/dist/admin/admin/src/core/apis/router.mjs +19 -17
  24. package/dist/admin/admin/src/core/apis/router.mjs.map +1 -1
  25. package/dist/admin/admin/src/hooks/useQueryParams.js +0 -1
  26. package/dist/admin/admin/src/hooks/useQueryParams.js.map +1 -1
  27. package/dist/admin/admin/src/hooks/useQueryParams.mjs +0 -1
  28. package/dist/admin/admin/src/hooks/useQueryParams.mjs.map +1 -1
  29. package/dist/admin/admin/src/layouts/AuthenticatedLayout.js +4 -2
  30. package/dist/admin/admin/src/layouts/AuthenticatedLayout.js.map +1 -1
  31. package/dist/admin/admin/src/layouts/AuthenticatedLayout.mjs +4 -2
  32. package/dist/admin/admin/src/layouts/AuthenticatedLayout.mjs.map +1 -1
  33. package/dist/admin/admin/src/pages/Auth/AuthPage.js +3 -2
  34. package/dist/admin/admin/src/pages/Auth/AuthPage.js.map +1 -1
  35. package/dist/admin/admin/src/pages/Auth/AuthPage.mjs +3 -2
  36. package/dist/admin/admin/src/pages/Auth/AuthPage.mjs.map +1 -1
  37. package/dist/admin/admin/src/pages/SessionsPage.js +318 -0
  38. package/dist/admin/admin/src/pages/SessionsPage.js.map +1 -0
  39. package/dist/admin/admin/src/pages/SessionsPage.mjs +296 -0
  40. package/dist/admin/admin/src/pages/SessionsPage.mjs.map +1 -0
  41. package/dist/admin/admin/src/pages/Settings/Layout.js +4 -1
  42. package/dist/admin/admin/src/pages/Settings/Layout.js.map +1 -1
  43. package/dist/admin/admin/src/pages/Settings/Layout.mjs +5 -2
  44. package/dist/admin/admin/src/pages/Settings/Layout.mjs.map +1 -1
  45. package/dist/admin/admin/src/pages/Settings/pages/ApplicationInfo/ApplicationInfoPage.js +1 -0
  46. package/dist/admin/admin/src/pages/Settings/pages/ApplicationInfo/ApplicationInfoPage.js.map +1 -1
  47. package/dist/admin/admin/src/pages/Settings/pages/ApplicationInfo/ApplicationInfoPage.mjs +1 -0
  48. package/dist/admin/admin/src/pages/Settings/pages/ApplicationInfo/ApplicationInfoPage.mjs.map +1 -1
  49. package/dist/admin/admin/src/pages/Settings/pages/Roles/CreatePage.js +7 -0
  50. package/dist/admin/admin/src/pages/Settings/pages/Roles/CreatePage.js.map +1 -1
  51. package/dist/admin/admin/src/pages/Settings/pages/Roles/CreatePage.mjs +7 -0
  52. package/dist/admin/admin/src/pages/Settings/pages/Roles/CreatePage.mjs.map +1 -1
  53. package/dist/admin/admin/src/pages/Settings/pages/Roles/EditPage.js +7 -1
  54. package/dist/admin/admin/src/pages/Settings/pages/Roles/EditPage.js.map +1 -1
  55. package/dist/admin/admin/src/pages/Settings/pages/Roles/EditPage.mjs +7 -1
  56. package/dist/admin/admin/src/pages/Settings/pages/Roles/EditPage.mjs.map +1 -1
  57. package/dist/admin/admin/src/pages/Settings/pages/Roles/components/CollapsePropertyMatrix.js +34 -0
  58. package/dist/admin/admin/src/pages/Settings/pages/Roles/components/CollapsePropertyMatrix.js.map +1 -1
  59. package/dist/admin/admin/src/pages/Settings/pages/Roles/components/CollapsePropertyMatrix.mjs +34 -0
  60. package/dist/admin/admin/src/pages/Settings/pages/Roles/components/CollapsePropertyMatrix.mjs.map +1 -1
  61. package/dist/admin/admin/src/pages/Settings/pages/Roles/components/Permissions.js +38 -2
  62. package/dist/admin/admin/src/pages/Settings/pages/Roles/components/Permissions.js.map +1 -1
  63. package/dist/admin/admin/src/pages/Settings/pages/Roles/components/Permissions.mjs +38 -2
  64. package/dist/admin/admin/src/pages/Settings/pages/Roles/components/Permissions.mjs.map +1 -1
  65. package/dist/admin/admin/src/pages/Settings/pages/Roles/utils/forms.js +18 -1
  66. package/dist/admin/admin/src/pages/Settings/pages/Roles/utils/forms.js.map +1 -1
  67. package/dist/admin/admin/src/pages/Settings/pages/Roles/utils/forms.mjs +18 -1
  68. package/dist/admin/admin/src/pages/Settings/pages/Roles/utils/forms.mjs.map +1 -1
  69. package/dist/admin/admin/src/pages/Settings/pages/Roles/utils/localePermissionValidation.js +59 -0
  70. package/dist/admin/admin/src/pages/Settings/pages/Roles/utils/localePermissionValidation.js.map +1 -0
  71. package/dist/admin/admin/src/pages/Settings/pages/Roles/utils/localePermissionValidation.mjs +52 -0
  72. package/dist/admin/admin/src/pages/Settings/pages/Roles/utils/localePermissionValidation.mjs.map +1 -0
  73. package/dist/admin/admin/src/router.js +9 -0
  74. package/dist/admin/admin/src/router.js.map +1 -1
  75. package/dist/admin/admin/src/router.mjs +9 -0
  76. package/dist/admin/admin/src/router.mjs.map +1 -1
  77. package/dist/admin/admin/src/services/auth.js +43 -2
  78. package/dist/admin/admin/src/services/auth.js.map +1 -1
  79. package/dist/admin/admin/src/services/auth.mjs +41 -3
  80. package/dist/admin/admin/src/services/auth.mjs.map +1 -1
  81. package/dist/admin/admin/src/translations/en.json.js +22 -0
  82. package/dist/admin/admin/src/translations/en.json.js.map +1 -1
  83. package/dist/admin/admin/src/translations/en.json.mjs +22 -0
  84. package/dist/admin/admin/src/translations/en.json.mjs.map +1 -1
  85. package/dist/admin/admin/src/translations/ja.json.js +748 -265
  86. package/dist/admin/admin/src/translations/ja.json.js.map +1 -1
  87. package/dist/admin/admin/src/translations/ja.json.mjs +745 -266
  88. package/dist/admin/admin/src/translations/ja.json.mjs.map +1 -1
  89. package/dist/admin/admin/src/translations/languageNativeNames.js +1 -0
  90. package/dist/admin/admin/src/translations/languageNativeNames.js.map +1 -1
  91. package/dist/admin/admin/src/translations/languageNativeNames.mjs +1 -0
  92. package/dist/admin/admin/src/translations/languageNativeNames.mjs.map +1 -1
  93. package/dist/admin/admin/src/utils/retryDynamicImport.js +85 -0
  94. package/dist/admin/admin/src/utils/retryDynamicImport.js.map +1 -0
  95. package/dist/admin/admin/src/utils/retryDynamicImport.mjs +80 -0
  96. package/dist/admin/admin/src/utils/retryDynamicImport.mjs.map +1 -0
  97. package/dist/admin/admin/tests/server.js +25 -0
  98. package/dist/admin/admin/tests/server.js.map +1 -1
  99. package/dist/admin/admin/tests/server.mjs +25 -0
  100. package/dist/admin/admin/tests/server.mjs.map +1 -1
  101. package/dist/admin/index.js +2 -0
  102. package/dist/admin/index.js.map +1 -1
  103. package/dist/admin/index.mjs +1 -0
  104. package/dist/admin/index.mjs.map +1 -1
  105. package/dist/admin/src/StrapiApp.d.ts +5 -5
  106. package/dist/admin/src/components/FormInputs/Boolean.d.ts +0 -1
  107. package/dist/admin/src/components/FormInputs/Checkbox.d.ts +0 -1
  108. package/dist/admin/src/components/FormInputs/DateTime.d.ts +0 -1
  109. package/dist/admin/src/components/FormInputs/Email.d.ts +0 -1
  110. package/dist/admin/src/components/FormInputs/Enumeration.d.ts +0 -1
  111. package/dist/admin/src/components/FormInputs/Number.d.ts +0 -1
  112. package/dist/admin/src/components/FormInputs/Password.d.ts +0 -1
  113. package/dist/admin/src/components/FormInputs/Renderer.d.ts +0 -1
  114. package/dist/admin/src/components/FormInputs/String.d.ts +0 -1
  115. package/dist/admin/src/components/FormInputs/Textarea.d.ts +0 -1
  116. package/dist/admin/src/components/FormInputs/Time.d.ts +0 -1
  117. package/dist/admin/src/components/GuidedTour/GuidedTourProvider.d.ts +0 -1
  118. package/dist/admin/src/components/LazyOutlet.d.ts +20 -0
  119. package/dist/admin/src/components/MainNav/MainNav.d.ts +1 -1
  120. package/dist/admin/src/components/MainNav/NavUser.d.ts +0 -1
  121. package/dist/admin/src/components/SubNav.d.ts +5 -6
  122. package/dist/admin/src/core/apis/Plugin.d.ts +1 -1
  123. package/dist/admin/src/core/apis/Widgets.d.ts +0 -1
  124. package/dist/admin/src/core/apis/router.d.ts +1 -1
  125. package/dist/admin/src/core/store/configure.d.ts +2 -2
  126. package/dist/admin/src/core/utils/createHook.d.ts +4 -4
  127. package/dist/admin/src/features/AppInfo.d.ts +1 -2
  128. package/dist/admin/src/features/StrapiApp.d.ts +1 -2
  129. package/dist/admin/src/hooks/useAPIErrorHandler.d.ts +1 -1
  130. package/dist/admin/src/hooks/useAdminRoles.d.ts +2 -2
  131. package/dist/admin/src/hooks/useFetchClient.d.ts +1 -1
  132. package/dist/admin/src/hooks/usePersistentState.d.ts +0 -1
  133. package/dist/admin/src/hooks/useQueryParams.d.ts +1 -1
  134. package/dist/admin/src/hooks/useThrottledCallback.d.ts +0 -1
  135. package/dist/admin/src/index.d.ts +1 -0
  136. package/dist/admin/src/layouts/UnauthenticatedLayout.d.ts +2 -2
  137. package/dist/admin/src/pages/SessionsPage.d.ts +2 -0
  138. package/dist/admin/src/pages/Settings/pages/Roles/components/CollapseLabel.d.ts +2 -3
  139. package/dist/admin/src/pages/Settings/pages/Roles/components/ConditionsButton.d.ts +2 -2
  140. package/dist/admin/src/pages/Settings/pages/Roles/components/HiddenAction.d.ts +0 -1
  141. package/dist/admin/src/pages/Settings/pages/Roles/components/Permissions.d.ts +2 -0
  142. package/dist/admin/src/pages/Settings/pages/Roles/utils/forms.d.ts +1 -1
  143. package/dist/admin/src/pages/Settings/pages/Roles/utils/localePermissionValidation.d.ts +5 -0
  144. package/dist/admin/src/pages/Settings/pages/Roles/utils/permissions.d.ts +3 -1
  145. package/dist/admin/src/pages/Settings/pages/Webhooks/hooks/useWebhooks.d.ts +8 -8
  146. package/dist/admin/src/reducer.d.ts +1 -1
  147. package/dist/admin/src/services/admin.d.ts +2 -2
  148. package/dist/admin/src/services/api.d.ts +1 -1
  149. package/dist/admin/src/services/apiTokens.d.ts +1 -1
  150. package/dist/admin/src/services/auth.d.ts +29 -27
  151. package/dist/admin/src/services/contentApi.d.ts +1 -1
  152. package/dist/admin/src/services/users.d.ts +7 -7
  153. package/dist/admin/src/services/webhooks.d.ts +2 -2
  154. package/dist/admin/src/translations/languageNativeNames.d.ts +1 -0
  155. package/dist/admin/src/utils/locales.d.ts +0 -1
  156. package/dist/admin/src/utils/retryDynamicImport.d.ts +19 -0
  157. package/dist/admin/src/utils/shims.d.ts +1 -1
  158. package/dist/admin/tests/store.d.ts +4 -4
  159. package/dist/admin/tests/utils.d.ts +5 -5
  160. package/dist/ee/admin/src/pages/SettingsPage/pages/AuditLogs/utils/getDisplayedFilters.d.ts +1 -1
  161. package/dist/ee/admin/src/services/ai.d.ts +2 -2
  162. package/dist/ee/server/src/audit-logs/services/audit-logs.d.ts +1 -1
  163. package/dist/ee/server/src/audit-logs/services/audit-logs.d.ts.map +1 -1
  164. package/dist/ee/server/src/audit-logs/services/lifecycles.d.ts +3 -3
  165. package/dist/ee/server/src/audit-logs/services/lifecycles.d.ts.map +1 -1
  166. package/dist/ee/server/src/audit-logs/validation/audit-logs.d.ts +2 -2
  167. package/dist/ee/server/src/audit-logs/validation/audit-logs.d.ts.map +1 -1
  168. package/dist/ee/server/src/bootstrap.d.ts.map +1 -1
  169. package/dist/ee/server/src/controllers/authentication-utils/utils.d.ts +30 -31
  170. package/dist/ee/server/src/controllers/authentication-utils/utils.d.ts.map +1 -1
  171. package/dist/ee/server/src/controllers/index.d.ts +1 -2
  172. package/dist/ee/server/src/controllers/index.d.ts.map +1 -1
  173. package/dist/ee/server/src/controllers/user.d.ts +1 -1
  174. package/dist/ee/server/src/destroy.d.ts.map +1 -1
  175. package/dist/ee/server/src/index.d.ts +2 -3
  176. package/dist/ee/server/src/index.d.ts.map +1 -1
  177. package/dist/ee/server/src/register.d.ts.map +1 -1
  178. package/dist/ee/server/src/routes/utils.d.ts.map +1 -1
  179. package/dist/ee/server/src/services/auth.d.ts.map +1 -1
  180. package/dist/ee/server/src/services/index.d.ts +1 -1
  181. package/dist/ee/server/src/services/metrics.d.ts.map +1 -1
  182. package/dist/ee/server/src/services/passport/sso.d.ts.map +1 -1
  183. package/dist/ee/server/src/services/persist-tables.d.ts +1 -1
  184. package/dist/ee/server/src/services/persist-tables.d.ts.map +1 -1
  185. package/dist/ee/server/src/services/role.d.ts.map +1 -1
  186. package/dist/ee/server/src/services/user.d.ts.map +1 -1
  187. package/dist/ee/server/src/utils/index.d.ts.map +1 -1
  188. package/dist/ee/server/src/utils/sso-lock.d.ts.map +1 -1
  189. package/dist/ee/server/src/validation/authentication.d.ts +2 -2
  190. package/dist/ee/server/src/validation/role.d.ts +6 -6
  191. package/dist/ee/server/src/validation/role.d.ts.map +1 -1
  192. package/dist/ee/server/src/validation/user.d.ts.map +1 -1
  193. package/dist/server/server/src/content-types/session.js +6 -0
  194. package/dist/server/server/src/content-types/session.js.map +1 -1
  195. package/dist/server/server/src/content-types/session.mjs +6 -0
  196. package/dist/server/server/src/content-types/session.mjs.map +1 -1
  197. package/dist/server/server/src/controllers/admin.js.map +1 -1
  198. package/dist/server/server/src/controllers/admin.mjs.map +1 -1
  199. package/dist/server/server/src/controllers/authenticated-session.js +61 -0
  200. package/dist/server/server/src/controllers/authenticated-session.js.map +1 -0
  201. package/dist/server/server/src/controllers/authenticated-session.mjs +59 -0
  202. package/dist/server/server/src/controllers/authenticated-session.mjs.map +1 -0
  203. package/dist/server/server/src/controllers/authentication.js +11 -4
  204. package/dist/server/server/src/controllers/authentication.js.map +1 -1
  205. package/dist/server/server/src/controllers/authentication.mjs +12 -5
  206. package/dist/server/server/src/controllers/authentication.mjs.map +1 -1
  207. package/dist/server/server/src/controllers/index.js +2 -0
  208. package/dist/server/server/src/controllers/index.js.map +1 -1
  209. package/dist/server/server/src/controllers/index.mjs +2 -0
  210. package/dist/server/server/src/controllers/index.mjs.map +1 -1
  211. package/dist/server/server/src/controllers/role.js +2 -4
  212. package/dist/server/server/src/controllers/role.js.map +1 -1
  213. package/dist/server/server/src/controllers/role.mjs +2 -4
  214. package/dist/server/server/src/controllers/role.mjs.map +1 -1
  215. package/dist/server/server/src/routes/serve-admin-panel.js +1 -1
  216. package/dist/server/server/src/routes/serve-admin-panel.js.map +1 -1
  217. package/dist/server/server/src/routes/serve-admin-panel.mjs +1 -1
  218. package/dist/server/server/src/routes/serve-admin-panel.mjs.map +1 -1
  219. package/dist/server/server/src/routes/users.js +12 -26
  220. package/dist/server/server/src/routes/users.js.map +1 -1
  221. package/dist/server/server/src/routes/users.mjs +12 -26
  222. package/dist/server/server/src/routes/users.mjs.map +1 -1
  223. package/dist/server/server/src/services/permission/permissions-manager/sanitize.js +0 -2
  224. package/dist/server/server/src/services/permission/permissions-manager/sanitize.js.map +1 -1
  225. package/dist/server/server/src/services/permission/permissions-manager/sanitize.mjs +0 -2
  226. package/dist/server/server/src/services/permission/permissions-manager/sanitize.mjs.map +1 -1
  227. package/dist/server/server/src/services/role.js +2 -1
  228. package/dist/server/server/src/services/role.js.map +1 -1
  229. package/dist/server/server/src/services/role.mjs +2 -1
  230. package/dist/server/server/src/services/role.mjs.map +1 -1
  231. package/dist/server/server/src/strategies/admin.js +4 -0
  232. package/dist/server/server/src/strategies/admin.js.map +1 -1
  233. package/dist/server/server/src/strategies/admin.mjs +4 -0
  234. package/dist/server/server/src/strategies/admin.mjs.map +1 -1
  235. package/dist/server/src/ai/controllers/ai.d.ts +3 -3
  236. package/dist/server/src/ai/services/ai.d.ts.map +1 -1
  237. package/dist/server/src/bootstrap.d.ts.map +1 -1
  238. package/dist/server/src/config/admin-conditions.d.ts +2 -2
  239. package/dist/server/src/config/admin-conditions.d.ts.map +1 -1
  240. package/dist/server/src/content-types/index.d.ts +6 -0
  241. package/dist/server/src/content-types/index.d.ts.map +1 -1
  242. package/dist/server/src/content-types/session.d.ts +6 -0
  243. package/dist/server/src/content-types/session.d.ts.map +1 -1
  244. package/dist/server/src/controllers/admin-token.d.ts +5 -5
  245. package/dist/server/src/controllers/api-token.d.ts +1 -1
  246. package/dist/server/src/controllers/authenticated-session.d.ts +8 -0
  247. package/dist/server/src/controllers/authenticated-session.d.ts.map +1 -0
  248. package/dist/server/src/controllers/authenticated-user.d.ts +1 -1
  249. package/dist/server/src/controllers/authentication.d.ts +4 -4
  250. package/dist/server/src/controllers/authentication.d.ts.map +1 -1
  251. package/dist/server/src/controllers/formatters/conditions.d.ts +0 -1
  252. package/dist/server/src/controllers/formatters/conditions.d.ts.map +1 -1
  253. package/dist/server/src/controllers/formatters/format-actions-by-sections.d.ts.map +1 -1
  254. package/dist/server/src/controllers/homepage.d.ts +2 -2
  255. package/dist/server/src/controllers/homepage.d.ts.map +1 -1
  256. package/dist/server/src/controllers/index.d.ts +33 -43
  257. package/dist/server/src/controllers/index.d.ts.map +1 -1
  258. package/dist/server/src/controllers/role.d.ts +4 -4
  259. package/dist/server/src/controllers/transfer/runner.d.ts +4 -4
  260. package/dist/server/src/controllers/transfer/runner.d.ts.map +1 -1
  261. package/dist/server/src/controllers/transfer/token.d.ts +1 -1
  262. package/dist/server/src/controllers/user.d.ts +2 -2
  263. package/dist/server/src/controllers/webhooks.d.ts +4 -4
  264. package/dist/server/src/domain/action/index.d.ts +4 -65
  265. package/dist/server/src/domain/action/index.d.ts.map +1 -1
  266. package/dist/server/src/domain/action/provider.d.ts +30 -3
  267. package/dist/server/src/domain/action/provider.d.ts.map +1 -1
  268. package/dist/server/src/domain/condition/index.d.ts.map +1 -1
  269. package/dist/server/src/domain/condition/provider.d.ts +19 -2
  270. package/dist/server/src/domain/condition/provider.d.ts.map +1 -1
  271. package/dist/server/src/domain/permission/index.d.ts +0 -1
  272. package/dist/server/src/domain/permission/index.d.ts.map +1 -1
  273. package/dist/server/src/domain/user.d.ts.map +1 -1
  274. package/dist/server/src/index.d.ts +51 -63
  275. package/dist/server/src/index.d.ts.map +1 -1
  276. package/dist/server/src/middlewares/data-transfer.d.ts.map +1 -1
  277. package/dist/server/src/middlewares/index.d.ts +0 -1
  278. package/dist/server/src/middlewares/index.d.ts.map +1 -1
  279. package/dist/server/src/middlewares/rateLimit.d.ts.map +1 -1
  280. package/dist/server/src/policies/hasPermissions.d.ts.map +1 -1
  281. package/dist/server/src/policies/index.d.ts.map +1 -1
  282. package/dist/server/src/policies/isAuthenticatedAdmin.d.ts.map +1 -1
  283. package/dist/server/src/policies/isTelemetryEnabled.d.ts.map +1 -1
  284. package/dist/server/src/register.d.ts.map +1 -1
  285. package/dist/server/src/routes/index.d.ts +0 -1
  286. package/dist/server/src/routes/index.d.ts.map +1 -1
  287. package/dist/server/src/routes/serve-admin-panel.d.ts.map +1 -1
  288. package/dist/server/src/routes/transfer.d.ts +0 -1
  289. package/dist/server/src/routes/transfer.d.ts.map +1 -1
  290. package/dist/server/src/routes/users.d.ts.map +1 -1
  291. package/dist/server/src/services/action.d.ts.map +1 -1
  292. package/dist/server/src/services/api-token.d.ts +5 -6
  293. package/dist/server/src/services/api-token.d.ts.map +1 -1
  294. package/dist/server/src/services/auth.d.ts.map +1 -1
  295. package/dist/server/src/services/condition.d.ts.map +1 -1
  296. package/dist/server/src/services/content-type.d.ts.map +1 -1
  297. package/dist/server/src/services/encryption.d.ts.map +1 -1
  298. package/dist/server/src/services/homepage.d.ts.map +1 -1
  299. package/dist/server/src/services/index.d.ts +12 -21
  300. package/dist/server/src/services/index.d.ts.map +1 -1
  301. package/dist/server/src/services/metrics.d.ts.map +1 -1
  302. package/dist/server/src/services/passport/local-strategy.d.ts.map +1 -1
  303. package/dist/server/src/services/passport.d.ts +0 -1
  304. package/dist/server/src/services/passport.d.ts.map +1 -1
  305. package/dist/server/src/services/permission/engine.d.ts +1 -2
  306. package/dist/server/src/services/permission/engine.d.ts.map +1 -1
  307. package/dist/server/src/services/permission/permissions-manager/index.d.ts +5 -5
  308. package/dist/server/src/services/permission/permissions-manager/index.d.ts.map +1 -1
  309. package/dist/server/src/services/permission/permissions-manager/permission-fields.d.ts.map +1 -1
  310. package/dist/server/src/services/permission/permissions-manager/query-builders.d.ts.map +1 -1
  311. package/dist/server/src/services/permission/permissions-manager/sanitize.d.ts +3 -3
  312. package/dist/server/src/services/permission/permissions-manager/sanitize.d.ts.map +1 -1
  313. package/dist/server/src/services/permission/permissions-manager/validate.d.ts.map +1 -1
  314. package/dist/server/src/services/permission/queries.d.ts.map +1 -1
  315. package/dist/server/src/services/permission/sections-builder/builder.d.ts +4 -4
  316. package/dist/server/src/services/permission/sections-builder/builder.d.ts.map +1 -1
  317. package/dist/server/src/services/permission/sections-builder/handlers.d.ts.map +1 -1
  318. package/dist/server/src/services/permission/sections-builder/index.d.ts +4 -4
  319. package/dist/server/src/services/permission/sections-builder/section.d.ts.map +1 -1
  320. package/dist/server/src/services/permission/sections-builder/utils.d.ts +0 -1
  321. package/dist/server/src/services/permission/sections-builder/utils.d.ts.map +1 -1
  322. package/dist/server/src/services/permission.d.ts +13 -38
  323. package/dist/server/src/services/permission.d.ts.map +1 -1
  324. package/dist/server/src/services/project-settings.d.ts +2 -4
  325. package/dist/server/src/services/project-settings.d.ts.map +1 -1
  326. package/dist/server/src/services/role.d.ts +7 -1
  327. package/dist/server/src/services/role.d.ts.map +1 -1
  328. package/dist/server/src/services/token.d.ts +1 -1
  329. package/dist/server/src/services/token.d.ts.map +1 -1
  330. package/dist/server/src/services/transfer/token.d.ts +11 -11
  331. package/dist/server/src/services/transfer/token.d.ts.map +1 -1
  332. package/dist/server/src/services/user.d.ts +3 -3
  333. package/dist/server/src/services/user.d.ts.map +1 -1
  334. package/dist/server/src/strategies/admin-token.d.ts +4 -4
  335. package/dist/server/src/strategies/admin-token.d.ts.map +1 -1
  336. package/dist/server/src/strategies/admin.d.ts.map +1 -1
  337. package/dist/server/src/strategies/api-token-utils.d.ts.map +1 -1
  338. package/dist/server/src/strategies/content-api-token.d.ts.map +1 -1
  339. package/dist/server/src/strategies/data-transfer.d.ts.map +1 -1
  340. package/dist/server/src/utils/normalize-email.d.ts.map +1 -1
  341. package/dist/server/src/validation/action-provider.d.ts +2 -2
  342. package/dist/server/src/validation/action-provider.d.ts.map +1 -1
  343. package/dist/server/src/validation/admin-tokens.d.ts +2 -2
  344. package/dist/server/src/validation/api-tokens.d.ts +4 -4
  345. package/dist/server/src/validation/authentication/forgot-password.d.ts +1 -1
  346. package/dist/server/src/validation/authentication/login.d.ts +1 -1
  347. package/dist/server/src/validation/authentication/register.d.ts +6 -6
  348. package/dist/server/src/validation/authentication/register.d.ts.map +1 -1
  349. package/dist/server/src/validation/authentication/reset-password.d.ts +1 -1
  350. package/dist/server/src/validation/common-functions/check-fields-are-correctly-nested.d.ts.map +1 -1
  351. package/dist/server/src/validation/common-functions/check-fields-dont-have-duplicates.d.ts.map +1 -1
  352. package/dist/server/src/validation/common-validators.d.ts.map +1 -1
  353. package/dist/server/src/validation/permission.d.ts +6 -6
  354. package/dist/server/src/validation/permission.d.ts.map +1 -1
  355. package/dist/server/src/validation/policies/hasPermissions.d.ts +2 -2
  356. package/dist/server/src/validation/project-settings.d.ts +6 -6
  357. package/dist/server/src/validation/role.d.ts +8 -8
  358. package/dist/server/src/validation/role.d.ts.map +1 -1
  359. package/dist/server/src/validation/transfer/token.d.ts +4 -4
  360. package/dist/server/src/validation/user.d.ts +8 -8
  361. package/dist/shared/contracts/permissions.d.ts +1 -0
  362. package/dist/shared/contracts/permissions.d.ts.map +1 -1
  363. package/dist/shared/contracts/sessions.d.ts +62 -0
  364. package/dist/shared/contracts/sessions.d.ts.map +1 -0
  365. package/dist/shared/contracts/shared.d.ts +1 -1
  366. package/dist/shared/contracts/shared.d.ts.map +1 -1
  367. package/dist/shared/utils/session-auth.d.ts +1 -1
  368. package/dist/shared/utils/session-auth.d.ts.map +1 -1
  369. package/package.json +11 -11
@@ -0,0 +1,59 @@
1
+ import { sortSessionsForDisplay, sanitizeSessionEntry } from '@strapi/utils';
2
+ import { getSessionManager } from '../../../shared/utils/session-auth.mjs';
3
+
4
+ const ORIGIN = 'admin';
5
+ const getCurrentSessionId = (ctx)=>{
6
+ const session = ctx.state.session;
7
+ return typeof session?.id === 'string' ? session.id : undefined;
8
+ };
9
+ var authenticatedSession = {
10
+ async list (ctx) {
11
+ const sessionManager = getSessionManager();
12
+ if (!sessionManager) {
13
+ return ctx.internalServerError();
14
+ }
15
+ const userId = String(ctx.state.user.id);
16
+ const currentSessionId = getCurrentSessionId(ctx);
17
+ const sessions = await sessionManager(ORIGIN).listSessions(userId);
18
+ const data = sortSessionsForDisplay(sessions.map((session)=>sanitizeSessionEntry(session, currentSessionId)));
19
+ ctx.body = {
20
+ data
21
+ };
22
+ },
23
+ async revoke (ctx) {
24
+ const sessionManager = getSessionManager();
25
+ if (!sessionManager) {
26
+ return ctx.internalServerError();
27
+ }
28
+ const userId = String(ctx.state.user.id);
29
+ const { sessionId } = ctx.params;
30
+ const revoked = await sessionManager(ORIGIN).revokeSessionById(userId, sessionId);
31
+ if (!revoked) {
32
+ return ctx.notFound('Session not found');
33
+ }
34
+ ctx.body = {
35
+ data: {}
36
+ };
37
+ },
38
+ async revokeAll (ctx) {
39
+ const sessionManager = getSessionManager();
40
+ if (!sessionManager) {
41
+ return ctx.internalServerError();
42
+ }
43
+ const userId = String(ctx.state.user.id);
44
+ const keepCurrent = ctx.query.keepCurrent === 'true' || ctx.query.keepCurrent === '1';
45
+ if (keepCurrent) {
46
+ const currentSessionId = getCurrentSessionId(ctx);
47
+ const sessions = await sessionManager(ORIGIN).listSessions(userId);
48
+ await Promise.all(sessions.filter((session)=>session.sessionId !== currentSessionId).map((session)=>sessionManager(ORIGIN).revokeSessionById(userId, session.sessionId)));
49
+ } else {
50
+ await sessionManager(ORIGIN).invalidateRefreshToken(userId);
51
+ }
52
+ ctx.body = {
53
+ data: {}
54
+ };
55
+ }
56
+ };
57
+
58
+ export { authenticatedSession as default };
59
+ //# sourceMappingURL=authenticated-session.mjs.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"authenticated-session.mjs","sources":["../../../../../server/src/controllers/authenticated-session.ts"],"sourcesContent":["import type { Context } from 'koa';\nimport { sanitizeSessionEntry, sortSessionsForDisplay } from '@strapi/utils';\n\nimport { getSessionManager } from '../../../shared/utils/session-auth';\nimport type {\n GetSessions,\n DeleteSession,\n DeleteAllSessions,\n} from '../../../shared/contracts/sessions';\n\nconst ORIGIN = 'admin';\n\nconst getCurrentSessionId = (ctx: Context): string | undefined => {\n const session = ctx.state.session as { id?: string } | undefined;\n return typeof session?.id === 'string' ? session.id : undefined;\n};\n\nexport default {\n async list(ctx: Context) {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n\n const userId = String(ctx.state.user.id);\n const currentSessionId = getCurrentSessionId(ctx);\n const sessions = await sessionManager(ORIGIN).listSessions(userId);\n\n const data = sortSessionsForDisplay(\n sessions.map((session) => sanitizeSessionEntry(session, currentSessionId))\n );\n\n ctx.body = { data } satisfies GetSessions.Response;\n },\n\n async revoke(ctx: Context) {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n\n const userId = String(ctx.state.user.id);\n const { sessionId } = ctx.params;\n\n const revoked = await sessionManager(ORIGIN).revokeSessionById(userId, sessionId);\n if (!revoked) {\n return ctx.notFound('Session not found');\n }\n\n ctx.body = { data: {} } satisfies DeleteSession.Response;\n },\n\n async revokeAll(ctx: Context) {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n\n const userId = String(ctx.state.user.id);\n const keepCurrent = ctx.query.keepCurrent === 'true' || ctx.query.keepCurrent === '1';\n\n if (keepCurrent) {\n const currentSessionId = getCurrentSessionId(ctx);\n const sessions = await sessionManager(ORIGIN).listSessions(userId);\n\n await Promise.all(\n sessions\n .filter((session) => session.sessionId !== currentSessionId)\n .map((session) => sessionManager(ORIGIN).revokeSessionById(userId, session.sessionId))\n );\n } else {\n await sessionManager(ORIGIN).invalidateRefreshToken(userId);\n }\n\n ctx.body = { data: {} } satisfies DeleteAllSessions.Response;\n },\n};\n"],"names":["ORIGIN","getCurrentSessionId","ctx","session","state","id","undefined","list","sessionManager","getSessionManager","internalServerError","userId","String","user","currentSessionId","sessions","listSessions","data","sortSessionsForDisplay","map","sanitizeSessionEntry","body","revoke","sessionId","params","revoked","revokeSessionById","notFound","revokeAll","keepCurrent","query","Promise","all","filter","invalidateRefreshToken"],"mappings":";;;AAUA,MAAMA,MAAAA,GAAS,OAAA;AAEf,MAAMC,sBAAsB,CAACC,GAAAA,GAAAA;AAC3B,IAAA,MAAMC,OAAAA,GAAUD,GAAAA,CAAIE,KAAK,CAACD,OAAO;AACjC,IAAA,OAAO,OAAOA,OAAAA,EAASE,EAAAA,KAAO,QAAA,GAAWF,OAAAA,CAAQE,EAAE,GAAGC,SAAAA;AACxD,CAAA;AAEA,2BAAe;AACb,IAAA,MAAMC,MAAKL,GAAY,EAAA;AACrB,QAAA,MAAMM,cAAAA,GAAiBC,iBAAAA,EAAAA;AACvB,QAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,YAAA,OAAON,IAAIQ,mBAAmB,EAAA;AAChC,QAAA;AAEA,QAAA,MAAMC,SAASC,MAAAA,CAAOV,GAAAA,CAAIE,KAAK,CAACS,IAAI,CAACR,EAAE,CAAA;AACvC,QAAA,MAAMS,mBAAmBb,mBAAAA,CAAoBC,GAAAA,CAAAA;AAC7C,QAAA,MAAMa,QAAAA,GAAW,MAAMP,cAAAA,CAAeR,MAAAA,CAAAA,CAAQgB,YAAY,CAACL,MAAAA,CAAAA;QAE3D,MAAMM,IAAAA,GAAOC,uBACXH,QAAAA,CAASI,GAAG,CAAC,CAAChB,OAAAA,GAAYiB,qBAAqBjB,OAAAA,EAASW,gBAAAA,CAAAA,CAAAA,CAAAA;AAG1DZ,QAAAA,GAAAA,CAAImB,IAAI,GAAG;AAAEJ,YAAAA;AAAK,SAAA;AACpB,IAAA,CAAA;AAEA,IAAA,MAAMK,QAAOpB,GAAY,EAAA;AACvB,QAAA,MAAMM,cAAAA,GAAiBC,iBAAAA,EAAAA;AACvB,QAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,YAAA,OAAON,IAAIQ,mBAAmB,EAAA;AAChC,QAAA;AAEA,QAAA,MAAMC,SAASC,MAAAA,CAAOV,GAAAA,CAAIE,KAAK,CAACS,IAAI,CAACR,EAAE,CAAA;AACvC,QAAA,MAAM,EAAEkB,SAAS,EAAE,GAAGrB,IAAIsB,MAAM;AAEhC,QAAA,MAAMC,UAAU,MAAMjB,cAAAA,CAAeR,MAAAA,CAAAA,CAAQ0B,iBAAiB,CAACf,MAAAA,EAAQY,SAAAA,CAAAA;AACvE,QAAA,IAAI,CAACE,OAAAA,EAAS;YACZ,OAAOvB,GAAAA,CAAIyB,QAAQ,CAAC,mBAAA,CAAA;AACtB,QAAA;AAEAzB,QAAAA,GAAAA,CAAImB,IAAI,GAAG;AAAEJ,YAAAA,IAAAA,EAAM;AAAG,SAAA;AACxB,IAAA,CAAA;AAEA,IAAA,MAAMW,WAAU1B,GAAY,EAAA;AAC1B,QAAA,MAAMM,cAAAA,GAAiBC,iBAAAA,EAAAA;AACvB,QAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,YAAA,OAAON,IAAIQ,mBAAmB,EAAA;AAChC,QAAA;AAEA,QAAA,MAAMC,SAASC,MAAAA,CAAOV,GAAAA,CAAIE,KAAK,CAACS,IAAI,CAACR,EAAE,CAAA;QACvC,MAAMwB,WAAAA,GAAc3B,GAAAA,CAAI4B,KAAK,CAACD,WAAW,KAAK,MAAA,IAAU3B,GAAAA,CAAI4B,KAAK,CAACD,WAAW,KAAK,GAAA;AAElF,QAAA,IAAIA,WAAAA,EAAa;AACf,YAAA,MAAMf,mBAAmBb,mBAAAA,CAAoBC,GAAAA,CAAAA;AAC7C,YAAA,MAAMa,QAAAA,GAAW,MAAMP,cAAAA,CAAeR,MAAAA,CAAAA,CAAQgB,YAAY,CAACL,MAAAA,CAAAA;YAE3D,MAAMoB,OAAAA,CAAQC,GAAG,CACfjB,QAAAA,CACGkB,MAAM,CAAC,CAAC9B,OAAAA,GAAYA,OAAAA,CAAQoB,SAAS,KAAKT,kBAC1CK,GAAG,CAAC,CAAChB,OAAAA,GAAYK,cAAAA,CAAeR,QAAQ0B,iBAAiB,CAACf,MAAAA,EAAQR,OAAAA,CAAQoB,SAAS,CAAA,CAAA,CAAA;QAE1F,CAAA,MAAO;YACL,MAAMf,cAAAA,CAAeR,MAAAA,CAAAA,CAAQkC,sBAAsB,CAACvB,MAAAA,CAAAA;AACtD,QAAA;AAEAT,QAAAA,GAAAA,CAAImB,IAAI,GAAG;AAAEJ,YAAAA,IAAAA,EAAM;AAAG,SAAA;AACxB,IAAA;AACF,CAAA;;;;"}
@@ -16,6 +16,9 @@ function _interopDefault (e) { return e && e.__esModule ? e : { default: e }; }
16
16
  var passport__default = /*#__PURE__*/_interopDefault(passport);
17
17
  var compose__default = /*#__PURE__*/_interopDefault(compose);
18
18
 
19
+ const buildSessionMetadataFromContext = (ctx)=>utils.buildSessionMetadata({
20
+ userAgent: ctx.request.headers['user-agent']
21
+ });
19
22
  const { ApplicationError, ValidationError } = utils.errors;
20
23
  var authentication = {
21
24
  login: compose__default.default([
@@ -66,7 +69,8 @@ var authentication = {
66
69
  const userId = String(user.id);
67
70
  const { deviceId, rememberMe } = sessionAuth.extractDeviceParams(ctx.request.body);
68
71
  const { token: refreshToken, absoluteExpiresAt } = await sessionManager('admin').generateRefreshToken(userId, deviceId, {
69
- type: rememberMe ? 'refresh' : 'session'
72
+ type: rememberMe ? 'refresh' : 'session',
73
+ metadata: buildSessionMetadataFromContext(ctx)
70
74
  });
71
75
  const cookieOptions = sessionAuth.buildCookieOptionsWithExpiry(rememberMe ? 'refresh' : 'session', absoluteExpiresAt, ctx.request.secure);
72
76
  ctx.cookies.set(sessionAuth.REFRESH_COOKIE_NAME, refreshToken, cookieOptions);
@@ -111,7 +115,8 @@ var authentication = {
111
115
  const userId = String(user.id);
112
116
  const { deviceId, rememberMe } = sessionAuth.extractDeviceParams(ctx.request.body);
113
117
  const { token: refreshToken, absoluteExpiresAt } = await sessionManager('admin').generateRefreshToken(userId, deviceId, {
114
- type: rememberMe ? 'refresh' : 'session'
118
+ type: rememberMe ? 'refresh' : 'session',
119
+ metadata: buildSessionMetadataFromContext(ctx)
115
120
  });
116
121
  const cookieOptions = sessionAuth.buildCookieOptionsWithExpiry(rememberMe ? 'refresh' : 'session', absoluteExpiresAt, ctx.request.secure);
117
122
  ctx.cookies.set(sessionAuth.REFRESH_COOKIE_NAME, refreshToken, cookieOptions);
@@ -145,7 +150,8 @@ var authentication = {
145
150
  const userId = String(user.id);
146
151
  const { deviceId, rememberMe } = sessionAuth.extractDeviceParams(ctx.request.body);
147
152
  const { token: refreshToken, absoluteExpiresAt } = await sessionManager('admin').generateRefreshToken(userId, deviceId, {
148
- type: rememberMe ? 'refresh' : 'session'
153
+ type: rememberMe ? 'refresh' : 'session',
154
+ metadata: buildSessionMetadataFromContext(ctx)
149
155
  });
150
156
  const cookieOptions = sessionAuth.buildCookieOptionsWithExpiry(rememberMe ? 'refresh' : 'session', absoluteExpiresAt, ctx.request.secure);
151
157
  ctx.cookies.set(sessionAuth.REFRESH_COOKIE_NAME, refreshToken, cookieOptions);
@@ -187,7 +193,8 @@ var authentication = {
187
193
  // Invalidate all existing sessions before creating a new one
188
194
  await sessionManager('admin').invalidateRefreshToken(userId);
189
195
  const { token: refreshToken, absoluteExpiresAt } = await sessionManager('admin').generateRefreshToken(userId, deviceId, {
190
- type: 'session'
196
+ type: 'session',
197
+ metadata: buildSessionMetadataFromContext(ctx)
191
198
  });
192
199
  // No rememberMe flow here; expire with session by default (session cookie)
193
200
  const cookieOptions = sessionAuth.buildCookieOptionsWithExpiry('session', absoluteExpiresAt, ctx.request.secure);
@@ -1 +1 @@
1
- {"version":3,"file":"authentication.js","sources":["../../../../../server/src/controllers/authentication.ts"],"sourcesContent":["import type { Context, Next } from 'koa';\nimport passport from 'koa-passport';\nimport compose from 'koa-compose';\nimport '@strapi/types';\nimport { errors } from '@strapi/utils';\nimport { getService } from '../utils';\nimport {\n REFRESH_COOKIE_NAME,\n buildCookieOptionsWithExpiry,\n getSessionManager,\n extractDeviceParams,\n generateDeviceId,\n getRefreshCookieOptions,\n} from '../../../shared/utils/session-auth';\n\nimport {\n validateRegistrationInput,\n validateAdminRegistrationInput,\n validateRegistrationInfoQuery,\n validateForgotPasswordInput,\n validateResetPasswordInput,\n validateLoginSessionInput,\n} from '../validation/authentication';\n\nimport type {\n ForgotPassword,\n Login,\n Register,\n RegisterAdmin,\n RegistrationInfo,\n ResetPassword,\n} from '../../../shared/contracts/authentication';\nimport { AdminUser } from '../../../shared/contracts/shared';\n\nconst { ApplicationError, ValidationError } = errors;\n\nexport default {\n login: compose([\n async (ctx: Context, next: Next) => {\n await validateLoginSessionInput(ctx.request.body ?? {});\n return next();\n },\n (ctx: Context, next: Next) => {\n return passport.authenticate('local', { session: false }, (err, user, info) => {\n if (err) {\n strapi.eventHub.emit('admin.auth.error', { error: err, provider: 'local' });\n // if this is a recognized error, allow it to bubble up to user\n if (err.details?.code === 'LOGIN_NOT_ALLOWED') {\n throw err;\n }\n\n // for all other errors throw a generic error to prevent leaking info\n return ctx.notImplemented();\n }\n\n if (!user) {\n strapi.eventHub.emit('admin.auth.error', {\n error: new Error(info.message),\n provider: 'local',\n });\n throw new ApplicationError(info.message);\n }\n\n const query = ctx.state as Login.Request['query'];\n query.user = user;\n\n const sanitizedUser = getService('user').sanitizeUser(user);\n strapi.eventHub.emit('admin.auth.success', { user: sanitizedUser, provider: 'local' });\n\n return next();\n })(ctx, next);\n },\n async (ctx: Context) => {\n const { user } = ctx.state as { user: AdminUser };\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n const userId = String(user.id);\n const { deviceId, rememberMe } = extractDeviceParams(ctx.request.body);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, {\n type: rememberMe ? 'refresh' : 'session',\n });\n\n const cookieOptions = buildCookieOptionsWithExpiry(\n rememberMe ? 'refresh' : 'session',\n absoluteExpiresAt,\n ctx.request.secure\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token: accessToken } = accessResult;\n\n ctx.body = {\n data: {\n token: accessToken,\n accessToken,\n user: getService('user').sanitizeUser(ctx.state.user),\n },\n } satisfies Login.Response;\n } catch (error) {\n strapi.log.error('Failed to create admin refresh session', error);\n return ctx.internalServerError();\n }\n },\n ]),\n\n async registrationInfo(ctx: Context) {\n await validateRegistrationInfoQuery(ctx.request.query);\n\n const { registrationToken } = ctx.request.query as RegistrationInfo.Request['query'];\n\n const registrationInfo = await getService('user').findRegistrationInfo(registrationToken);\n\n if (!registrationInfo) {\n throw new ValidationError('Invalid registrationToken');\n }\n\n ctx.body = { data: registrationInfo } satisfies RegistrationInfo.Response;\n },\n\n async register(ctx: Context) {\n const input = ctx.request.body as Register.Request['body'];\n\n await validateRegistrationInput(input);\n\n const user = await getService('user').register(input);\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n const userId = String(user.id);\n const { deviceId, rememberMe } = extractDeviceParams(ctx.request.body);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, { type: rememberMe ? 'refresh' : 'session' });\n\n const cookieOptions = buildCookieOptionsWithExpiry(\n rememberMe ? 'refresh' : 'session',\n absoluteExpiresAt,\n ctx.request.secure\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token: accessToken } = accessResult;\n\n ctx.body = {\n data: {\n token: accessToken,\n accessToken,\n user: getService('user').sanitizeUser(user),\n },\n } satisfies Register.Response;\n } catch (error) {\n strapi.log.error('Failed to create admin refresh session during register', error);\n return ctx.internalServerError();\n }\n },\n\n async registerAdmin(ctx: Context) {\n const input = ctx.request.body as RegisterAdmin.Request['body'];\n\n await validateAdminRegistrationInput(input);\n\n const user = await getService('user').createFirstAdmin(input);\n\n strapi.telemetry.send('didCreateFirstAdmin');\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n const userId = String(user.id);\n const { deviceId, rememberMe } = extractDeviceParams(ctx.request.body);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, { type: rememberMe ? 'refresh' : 'session' });\n\n const cookieOptions = buildCookieOptionsWithExpiry(\n rememberMe ? 'refresh' : 'session',\n absoluteExpiresAt,\n ctx.request.secure\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token: accessToken } = accessResult;\n\n ctx.body = {\n data: {\n token: accessToken,\n accessToken,\n user: getService('user').sanitizeUser(user),\n },\n } satisfies RegisterAdmin.Response;\n } catch (error) {\n strapi.log.error('Failed to create admin refresh session during register-admin', error);\n return ctx.internalServerError();\n }\n },\n\n async forgotPassword(ctx: Context) {\n const input = ctx.request.body as ForgotPassword.Request['body'];\n\n await validateForgotPasswordInput(input);\n\n getService('auth').forgotPassword(input);\n\n ctx.status = 204;\n },\n\n async resetPassword(ctx: Context) {\n const input = ctx.request.body as ResetPassword.Request['body'];\n\n await validateResetPasswordInput(input);\n\n const user = await getService('auth').resetPassword(input);\n\n // Issue a new admin refresh session and access token after password reset.\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n\n const userId = String(user.id);\n const deviceId = generateDeviceId();\n\n // Invalidate all existing sessions before creating a new one\n await sessionManager('admin').invalidateRefreshToken(userId);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, { type: 'session' });\n\n // No rememberMe flow here; expire with session by default (session cookie)\n const cookieOptions = buildCookieOptionsWithExpiry(\n 'session',\n absoluteExpiresAt,\n ctx.request.secure\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token } = accessResult;\n\n ctx.body = {\n data: {\n token,\n user: getService('user').sanitizeUser(user),\n },\n } satisfies ResetPassword.Response;\n } catch (err) {\n strapi.log.error('Failed to create admin refresh session during reset-password', err as any);\n return ctx.internalServerError();\n }\n },\n\n async accessToken(ctx: Context) {\n const refreshToken = ctx.cookies.get(REFRESH_COOKIE_NAME);\n\n if (!refreshToken) {\n return ctx.unauthorized('Missing refresh token');\n }\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n\n // Single-use renewal: rotate on access exchange, then create access token\n // from the new refresh token\n const rotation = await sessionManager('admin').rotateRefreshToken(refreshToken);\n if ('error' in rotation) {\n return ctx.unauthorized('Invalid refresh token');\n }\n\n const result = await sessionManager('admin').generateAccessToken(rotation.token);\n if ('error' in result) {\n return ctx.unauthorized('Invalid refresh token');\n }\n\n const { token } = result;\n // Preserve session-vs-remember mode using rotation.type and rotation.absoluteExpiresAt\n const opts = buildCookieOptionsWithExpiry(\n rotation.type,\n rotation.absoluteExpiresAt,\n ctx.request.secure\n );\n\n ctx.cookies.set(REFRESH_COOKIE_NAME, rotation.token, opts);\n ctx.body = { data: { token } };\n } catch (err) {\n strapi.log.error('Failed to generate access token from refresh token', err as any);\n return ctx.internalServerError();\n }\n },\n\n async logout(ctx: Context) {\n const sanitizedUser = getService('user').sanitizeUser(ctx.state.user);\n strapi.eventHub.emit('admin.logout', { user: sanitizedUser });\n\n const bodyDeviceId = ctx.request.body?.deviceId as string | undefined;\n const deviceId = typeof bodyDeviceId === 'string' ? bodyDeviceId : undefined;\n\n // Clear cookie regardless of token validity\n ctx.cookies.set(REFRESH_COOKIE_NAME, '', {\n ...getRefreshCookieOptions(ctx.request.secure),\n expires: new Date(0),\n });\n\n try {\n const sessionManager = getSessionManager();\n if (sessionManager) {\n const userId = String(ctx.state.user.id);\n await sessionManager('admin').invalidateRefreshToken(userId, deviceId);\n }\n } catch (err) {\n strapi.log.error('Failed to revoke admin sessions during logout', err as any);\n }\n\n ctx.body = { data: {} };\n },\n};\n"],"names":["ApplicationError","ValidationError","errors","login","compose","ctx","next","validateLoginSessionInput","request","body","passport","authenticate","session","err","user","info","strapi","eventHub","emit","error","provider","details","code","notImplemented","Error","message","query","state","sanitizedUser","getService","sanitizeUser","sessionManager","getSessionManager","internalServerError","userId","String","id","deviceId","rememberMe","extractDeviceParams","token","refreshToken","absoluteExpiresAt","generateRefreshToken","type","cookieOptions","buildCookieOptionsWithExpiry","secure","cookies","set","REFRESH_COOKIE_NAME","accessResult","generateAccessToken","accessToken","data","log","registrationInfo","validateRegistrationInfoQuery","registrationToken","findRegistrationInfo","register","input","validateRegistrationInput","registerAdmin","validateAdminRegistrationInput","createFirstAdmin","telemetry","send","forgotPassword","validateForgotPasswordInput","status","resetPassword","validateResetPasswordInput","generateDeviceId","invalidateRefreshToken","get","unauthorized","rotation","rotateRefreshToken","result","opts","logout","bodyDeviceId","undefined","getRefreshCookieOptions","expires","Date"],"mappings":";;;;;;;;;;;;;;;;;;AAkCA,MAAM,EAAEA,gBAAgB,EAAEC,eAAe,EAAE,GAAGC,YAAAA;AAE9C,qBAAe;AACbC,IAAAA,KAAAA,EAAOC,wBAAAA,CAAQ;AACb,QAAA,OAAOC,GAAAA,EAAcC,IAAAA,GAAAA;AACnB,YAAA,MAAMC,MAA0BF,GAAAA,CAAIG,OAAO,CAACC,IAAI,IAAI,EAAC,CAAA;YACrD,OAAOH,IAAAA,EAAAA;AACT,QAAA,CAAA;AACA,QAAA,CAACD,GAAAA,EAAcC,IAAAA,GAAAA;YACb,OAAOI,yBAAAA,CAASC,YAAY,CAAC,OAAA,EAAS;gBAAEC,OAAAA,EAAS;aAAM,EAAG,CAACC,KAAKC,IAAAA,EAAMC,IAAAA,GAAAA;AACpE,gBAAA,IAAIF,GAAAA,EAAK;AACPG,oBAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,kBAAA,EAAoB;wBAAEC,KAAAA,EAAON,GAAAA;wBAAKO,QAAAA,EAAU;AAAQ,qBAAA,CAAA;;AAEzE,oBAAA,IAAIP,GAAAA,CAAIQ,OAAO,EAAEC,IAAAA,KAAS,mBAAA,EAAqB;wBAC7C,MAAMT,GAAAA;AACR,oBAAA;;AAGA,oBAAA,OAAOR,IAAIkB,cAAc,EAAA;AAC3B,gBAAA;AAEA,gBAAA,IAAI,CAACT,IAAAA,EAAM;AACTE,oBAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,kBAAA,EAAoB;wBACvCC,KAAAA,EAAO,IAAIK,KAAAA,CAAMT,IAAAA,CAAKU,OAAO,CAAA;wBAC7BL,QAAAA,EAAU;AACZ,qBAAA,CAAA;oBACA,MAAM,IAAIpB,gBAAAA,CAAiBe,IAAAA,CAAKU,OAAO,CAAA;AACzC,gBAAA;gBAEA,MAAMC,KAAAA,GAAQrB,IAAIsB,KAAK;AACvBD,gBAAAA,KAAAA,CAAMZ,IAAI,GAAGA,IAAAA;AAEb,gBAAA,MAAMc,aAAAA,GAAgBC,gBAAAA,CAAW,MAAA,CAAA,CAAQC,YAAY,CAAChB,IAAAA,CAAAA;AACtDE,gBAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,oBAAA,EAAsB;oBAAEJ,IAAAA,EAAMc,aAAAA;oBAAeR,QAAAA,EAAU;AAAQ,iBAAA,CAAA;gBAEpF,OAAOd,IAAAA,EAAAA;AACT,YAAA,CAAA,CAAA,CAAGD,GAAAA,EAAKC,IAAAA,CAAAA;AACV,QAAA,CAAA;QACA,OAAOD,GAAAA,GAAAA;AACL,YAAA,MAAM,EAAES,IAAI,EAAE,GAAGT,IAAIsB,KAAK;YAE1B,IAAI;AACF,gBAAA,MAAMI,cAAAA,GAAiBC,6BAAAA,EAAAA;AACvB,gBAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,oBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC,gBAAA;gBACA,MAAMC,MAAAA,GAASC,MAAAA,CAAOrB,IAAAA,CAAKsB,EAAE,CAAA;gBAC7B,MAAM,EAAEC,QAAQ,EAAEC,UAAU,EAAE,GAAGC,+BAAAA,CAAoBlC,GAAAA,CAAIG,OAAO,CAACC,IAAI,CAAA;AAErE,gBAAA,MAAM,EAAE+B,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cAAAA,CACvD,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAAA,EAAU;AACvCO,oBAAAA,IAAAA,EAAMN,aAAa,SAAA,GAAY;AACjC,iBAAA,CAAA;gBAEA,MAAMO,aAAAA,GAAgBC,yCACpBR,UAAAA,GAAa,SAAA,GAAY,WACzBI,iBAAAA,EACArC,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAA;AAEpB1C,gBAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,iCAAqBT,YAAAA,EAAcI,aAAAA,CAAAA;AAEnD,gBAAA,MAAMM,YAAAA,GAAe,MAAMpB,cAAAA,CAAe,OAAA,CAAA,CAASqB,mBAAmB,CAACX,YAAAA,CAAAA;AACvE,gBAAA,IAAI,WAAWU,YAAAA,EAAc;AAC3B,oBAAA,OAAO9C,IAAI4B,mBAAmB,EAAA;AAChC,gBAAA;AAEA,gBAAA,MAAM,EAAEO,KAAAA,EAAOa,WAAW,EAAE,GAAGF,YAAAA;AAE/B9C,gBAAAA,GAAAA,CAAII,IAAI,GAAG;oBACT6C,IAAAA,EAAM;wBACJd,KAAAA,EAAOa,WAAAA;AACPA,wBAAAA,WAAAA;AACAvC,wBAAAA,IAAAA,EAAMe,iBAAW,MAAA,CAAA,CAAQC,YAAY,CAACzB,GAAAA,CAAIsB,KAAK,CAACb,IAAI;AACtD;AACF,iBAAA;AACF,YAAA,CAAA,CAAE,OAAOK,KAAAA,EAAO;AACdH,gBAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,wCAAA,EAA0CA,KAAAA,CAAAA;AAC3D,gBAAA,OAAOd,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;AACF,QAAA;AACD,KAAA,CAAA;AAED,IAAA,MAAMuB,kBAAiBnD,GAAY,EAAA;AACjC,QAAA,MAAMoD,sCAAAA,CAA8BpD,GAAAA,CAAIG,OAAO,CAACkB,KAAK,CAAA;AAErD,QAAA,MAAM,EAAEgC,iBAAiB,EAAE,GAAGrD,GAAAA,CAAIG,OAAO,CAACkB,KAAK;AAE/C,QAAA,MAAM8B,gBAAAA,GAAmB,MAAM3B,gBAAAA,CAAW,MAAA,CAAA,CAAQ8B,oBAAoB,CAACD,iBAAAA,CAAAA;AAEvE,QAAA,IAAI,CAACF,gBAAAA,EAAkB;AACrB,YAAA,MAAM,IAAIvD,eAAAA,CAAgB,2BAAA,CAAA;AAC5B,QAAA;AAEAI,QAAAA,GAAAA,CAAII,IAAI,GAAG;YAAE6C,IAAAA,EAAME;AAAiB,SAAA;AACtC,IAAA,CAAA;AAEA,IAAA,MAAMI,UAASvD,GAAY,EAAA;AACzB,QAAA,MAAMwD,KAAAA,GAAQxD,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAMqD,kCAAAA,CAA0BD,KAAAA,CAAAA;AAEhC,QAAA,MAAM/C,IAAAA,GAAO,MAAMe,gBAAAA,CAAW,MAAA,CAAA,CAAQ+B,QAAQ,CAACC,KAAAA,CAAAA;QAE/C,IAAI;AACF,YAAA,MAAM9B,cAAAA,GAAiBC,6BAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;YACA,MAAMC,MAAAA,GAASC,MAAAA,CAAOrB,IAAAA,CAAKsB,EAAE,CAAA;YAC7B,MAAM,EAAEC,QAAQ,EAAEC,UAAU,EAAE,GAAGC,+BAAAA,CAAoBlC,GAAAA,CAAIG,OAAO,CAACC,IAAI,CAAA;AAErE,YAAA,MAAM,EAAE+B,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cAAAA,CACvD,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAAA,EAAU;AAAEO,gBAAAA,IAAAA,EAAMN,aAAa,SAAA,GAAY;AAAU,aAAA,CAAA;YAEpF,MAAMO,aAAAA,GAAgBC,yCACpBR,UAAAA,GAAa,SAAA,GAAY,WACzBI,iBAAAA,EACArC,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAA;AAEpB1C,YAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,iCAAqBT,YAAAA,EAAcI,aAAAA,CAAAA;AAEnD,YAAA,MAAMM,YAAAA,GAAe,MAAMpB,cAAAA,CAAe,OAAA,CAAA,CAASqB,mBAAmB,CAACX,YAAAA,CAAAA;AACvE,YAAA,IAAI,WAAWU,YAAAA,EAAc;AAC3B,gBAAA,OAAO9C,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;AAEA,YAAA,MAAM,EAAEO,KAAAA,EAAOa,WAAW,EAAE,GAAGF,YAAAA;AAE/B9C,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBACT6C,IAAAA,EAAM;oBACJd,KAAAA,EAAOa,WAAAA;AACPA,oBAAAA,WAAAA;oBACAvC,IAAAA,EAAMe,gBAAAA,CAAW,MAAA,CAAA,CAAQC,YAAY,CAAChB,IAAAA;AACxC;AACF,aAAA;AACF,QAAA,CAAA,CAAE,OAAOK,KAAAA,EAAO;AACdH,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,wDAAA,EAA0DA,KAAAA,CAAAA;AAC3E,YAAA,OAAOd,IAAI4B,mBAAmB,EAAA;AAChC,QAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAM8B,eAAc1D,GAAY,EAAA;AAC9B,QAAA,MAAMwD,KAAAA,GAAQxD,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAMuD,uCAAAA,CAA+BH,KAAAA,CAAAA;AAErC,QAAA,MAAM/C,IAAAA,GAAO,MAAMe,gBAAAA,CAAW,MAAA,CAAA,CAAQoC,gBAAgB,CAACJ,KAAAA,CAAAA;QAEvD7C,MAAAA,CAAOkD,SAAS,CAACC,IAAI,CAAC,qBAAA,CAAA;QAEtB,IAAI;AACF,YAAA,MAAMpC,cAAAA,GAAiBC,6BAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;YACA,MAAMC,MAAAA,GAASC,MAAAA,CAAOrB,IAAAA,CAAKsB,EAAE,CAAA;YAC7B,MAAM,EAAEC,QAAQ,EAAEC,UAAU,EAAE,GAAGC,+BAAAA,CAAoBlC,GAAAA,CAAIG,OAAO,CAACC,IAAI,CAAA;AAErE,YAAA,MAAM,EAAE+B,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cAAAA,CACvD,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAAA,EAAU;AAAEO,gBAAAA,IAAAA,EAAMN,aAAa,SAAA,GAAY;AAAU,aAAA,CAAA;YAEpF,MAAMO,aAAAA,GAAgBC,yCACpBR,UAAAA,GAAa,SAAA,GAAY,WACzBI,iBAAAA,EACArC,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAA;AAEpB1C,YAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,iCAAqBT,YAAAA,EAAcI,aAAAA,CAAAA;AAEnD,YAAA,MAAMM,YAAAA,GAAe,MAAMpB,cAAAA,CAAe,OAAA,CAAA,CAASqB,mBAAmB,CAACX,YAAAA,CAAAA;AACvE,YAAA,IAAI,WAAWU,YAAAA,EAAc;AAC3B,gBAAA,OAAO9C,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;AAEA,YAAA,MAAM,EAAEO,KAAAA,EAAOa,WAAW,EAAE,GAAGF,YAAAA;AAE/B9C,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBACT6C,IAAAA,EAAM;oBACJd,KAAAA,EAAOa,WAAAA;AACPA,oBAAAA,WAAAA;oBACAvC,IAAAA,EAAMe,gBAAAA,CAAW,MAAA,CAAA,CAAQC,YAAY,CAAChB,IAAAA;AACxC;AACF,aAAA;AACF,QAAA,CAAA,CAAE,OAAOK,KAAAA,EAAO;AACdH,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,8DAAA,EAAgEA,KAAAA,CAAAA;AACjF,YAAA,OAAOd,IAAI4B,mBAAmB,EAAA;AAChC,QAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAMmC,gBAAe/D,GAAY,EAAA;AAC/B,QAAA,MAAMwD,KAAAA,GAAQxD,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAM4D,cAAAA,CAA4BR,KAAAA,CAAAA;QAElChC,gBAAAA,CAAW,MAAA,CAAA,CAAQuC,cAAc,CAACP,KAAAA,CAAAA;AAElCxD,QAAAA,GAAAA,CAAIiE,MAAM,GAAG,GAAA;AACf,IAAA,CAAA;AAEA,IAAA,MAAMC,eAAclE,GAAY,EAAA;AAC9B,QAAA,MAAMwD,KAAAA,GAAQxD,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAM+D,aAAAA,CAA2BX,KAAAA,CAAAA;AAEjC,QAAA,MAAM/C,IAAAA,GAAO,MAAMe,gBAAAA,CAAW,MAAA,CAAA,CAAQ0C,aAAa,CAACV,KAAAA,CAAAA;;QAGpD,IAAI;AACF,YAAA,MAAM9B,cAAAA,GAAiBC,6BAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;YAEA,MAAMC,MAAAA,GAASC,MAAAA,CAAOrB,IAAAA,CAAKsB,EAAE,CAAA;AAC7B,YAAA,MAAMC,QAAAA,GAAWoC,4BAAAA,EAAAA;;YAGjB,MAAM1C,cAAAA,CAAe,OAAA,CAAA,CAAS2C,sBAAsB,CAACxC,MAAAA,CAAAA;AAErD,YAAA,MAAM,EAAEM,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cAAAA,CACvD,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAAA,EAAU;gBAAEO,IAAAA,EAAM;AAAU,aAAA,CAAA;;AAG3D,YAAA,MAAMC,gBAAgBC,wCAAAA,CACpB,SAAA,EACAJ,mBACArC,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAA;AAEpB1C,YAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,iCAAqBT,YAAAA,EAAcI,aAAAA,CAAAA;AAEnD,YAAA,MAAMM,YAAAA,GAAe,MAAMpB,cAAAA,CAAe,OAAA,CAAA,CAASqB,mBAAmB,CAACX,YAAAA,CAAAA;AACvE,YAAA,IAAI,WAAWU,YAAAA,EAAc;AAC3B,gBAAA,OAAO9C,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;YAEA,MAAM,EAAEO,KAAK,EAAE,GAAGW,YAAAA;AAElB9C,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBACT6C,IAAAA,EAAM;AACJd,oBAAAA,KAAAA;oBACA1B,IAAAA,EAAMe,gBAAAA,CAAW,MAAA,CAAA,CAAQC,YAAY,CAAChB,IAAAA;AACxC;AACF,aAAA;AACF,QAAA,CAAA,CAAE,OAAOD,GAAAA,EAAK;AACZG,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,8DAAA,EAAgEN,GAAAA,CAAAA;AACjF,YAAA,OAAOR,IAAI4B,mBAAmB,EAAA;AAChC,QAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAMoB,aAAYhD,GAAY,EAAA;AAC5B,QAAA,MAAMoC,YAAAA,GAAepC,GAAAA,CAAI2C,OAAO,CAAC2B,GAAG,CAACzB,+BAAAA,CAAAA;AAErC,QAAA,IAAI,CAACT,YAAAA,EAAc;YACjB,OAAOpC,GAAAA,CAAIuE,YAAY,CAAC,uBAAA,CAAA;AAC1B,QAAA;QAEA,IAAI;AACF,YAAA,MAAM7C,cAAAA,GAAiBC,6BAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;;;AAIA,YAAA,MAAM4C,QAAAA,GAAW,MAAM9C,cAAAA,CAAe,OAAA,CAAA,CAAS+C,kBAAkB,CAACrC,YAAAA,CAAAA;AAClE,YAAA,IAAI,WAAWoC,QAAAA,EAAU;gBACvB,OAAOxE,GAAAA,CAAIuE,YAAY,CAAC,uBAAA,CAAA;AAC1B,YAAA;AAEA,YAAA,MAAMG,SAAS,MAAMhD,cAAAA,CAAe,SAASqB,mBAAmB,CAACyB,SAASrC,KAAK,CAAA;AAC/E,YAAA,IAAI,WAAWuC,MAAAA,EAAQ;gBACrB,OAAO1E,GAAAA,CAAIuE,YAAY,CAAC,uBAAA,CAAA;AAC1B,YAAA;YAEA,MAAM,EAAEpC,KAAK,EAAE,GAAGuC,MAAAA;;YAElB,MAAMC,IAAAA,GAAOlC,wCAAAA,CACX+B,QAAAA,CAASjC,IAAI,EACbiC,QAAAA,CAASnC,iBAAiB,EAC1BrC,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAA;AAGpB1C,YAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,+BAAAA,EAAqB2B,QAAAA,CAASrC,KAAK,EAAEwC,IAAAA,CAAAA;AACrD3E,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBAAE6C,IAAAA,EAAM;AAAEd,oBAAAA;AAAM;AAAE,aAAA;AAC/B,QAAA,CAAA,CAAE,OAAO3B,GAAAA,EAAK;AACZG,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,oDAAA,EAAsDN,GAAAA,CAAAA;AACvE,YAAA,OAAOR,IAAI4B,mBAAmB,EAAA;AAChC,QAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAMgD,QAAO5E,GAAY,EAAA;QACvB,MAAMuB,aAAAA,GAAgBC,iBAAW,MAAA,CAAA,CAAQC,YAAY,CAACzB,GAAAA,CAAIsB,KAAK,CAACb,IAAI,CAAA;AACpEE,QAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,cAAA,EAAgB;YAAEJ,IAAAA,EAAMc;AAAc,SAAA,CAAA;AAE3D,QAAA,MAAMsD,YAAAA,GAAe7E,GAAAA,CAAIG,OAAO,CAACC,IAAI,EAAE4B,QAAAA;AACvC,QAAA,MAAMA,QAAAA,GAAW,OAAO6C,YAAAA,KAAiB,QAAA,GAAWA,YAAAA,GAAeC,SAAAA;;AAGnE9E,QAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,iCAAqB,EAAA,EAAI;AACvC,YAAA,GAAGkC,mCAAAA,CAAwB/E,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAC;AAC9CsC,YAAAA,OAAAA,EAAS,IAAIC,IAAAA,CAAK,CAAA;AACpB,SAAA,CAAA;QAEA,IAAI;AACF,YAAA,MAAMvD,cAAAA,GAAiBC,6BAAAA,EAAAA;AACvB,YAAA,IAAID,cAAAA,EAAgB;AAClB,gBAAA,MAAMG,SAASC,MAAAA,CAAO9B,GAAAA,CAAIsB,KAAK,CAACb,IAAI,CAACsB,EAAE,CAAA;AACvC,gBAAA,MAAML,cAAAA,CAAe,OAAA,CAAA,CAAS2C,sBAAsB,CAACxC,MAAAA,EAAQG,QAAAA,CAAAA;AAC/D,YAAA;AACF,QAAA,CAAA,CAAE,OAAOxB,GAAAA,EAAK;AACZG,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,+CAAA,EAAiDN,GAAAA,CAAAA;AACpE,QAAA;AAEAR,QAAAA,GAAAA,CAAII,IAAI,GAAG;AAAE6C,YAAAA,IAAAA,EAAM;AAAG,SAAA;AACxB,IAAA;AACF,CAAA;;;;"}
1
+ {"version":3,"file":"authentication.js","sources":["../../../../../server/src/controllers/authentication.ts"],"sourcesContent":["import type { Context, Next } from 'koa';\nimport passport from 'koa-passport';\nimport compose from 'koa-compose';\nimport '@strapi/types';\nimport { errors, buildSessionMetadata } from '@strapi/utils';\nimport { getService } from '../utils';\nimport {\n REFRESH_COOKIE_NAME,\n buildCookieOptionsWithExpiry,\n getSessionManager,\n extractDeviceParams,\n generateDeviceId,\n getRefreshCookieOptions,\n} from '../../../shared/utils/session-auth';\n\nimport {\n validateRegistrationInput,\n validateAdminRegistrationInput,\n validateRegistrationInfoQuery,\n validateForgotPasswordInput,\n validateResetPasswordInput,\n validateLoginSessionInput,\n} from '../validation/authentication';\n\nimport type {\n ForgotPassword,\n Login,\n Register,\n RegisterAdmin,\n RegistrationInfo,\n ResetPassword,\n} from '../../../shared/contracts/authentication';\nimport { AdminUser } from '../../../shared/contracts/shared';\n\nconst buildSessionMetadataFromContext = (ctx: Context) =>\n buildSessionMetadata({\n userAgent: ctx.request.headers['user-agent'],\n });\n\nconst { ApplicationError, ValidationError } = errors;\n\nexport default {\n login: compose([\n async (ctx: Context, next: Next) => {\n await validateLoginSessionInput(ctx.request.body ?? {});\n return next();\n },\n (ctx: Context, next: Next) => {\n return passport.authenticate('local', { session: false }, (err, user, info) => {\n if (err) {\n strapi.eventHub.emit('admin.auth.error', { error: err, provider: 'local' });\n // if this is a recognized error, allow it to bubble up to user\n if (err.details?.code === 'LOGIN_NOT_ALLOWED') {\n throw err;\n }\n\n // for all other errors throw a generic error to prevent leaking info\n return ctx.notImplemented();\n }\n\n if (!user) {\n strapi.eventHub.emit('admin.auth.error', {\n error: new Error(info.message),\n provider: 'local',\n });\n throw new ApplicationError(info.message);\n }\n\n const query = ctx.state as Login.Request['query'];\n query.user = user;\n\n const sanitizedUser = getService('user').sanitizeUser(user);\n strapi.eventHub.emit('admin.auth.success', { user: sanitizedUser, provider: 'local' });\n\n return next();\n })(ctx, next);\n },\n async (ctx: Context) => {\n const { user } = ctx.state as { user: AdminUser };\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n const userId = String(user.id);\n const { deviceId, rememberMe } = extractDeviceParams(ctx.request.body);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, {\n type: rememberMe ? 'refresh' : 'session',\n metadata: buildSessionMetadataFromContext(ctx),\n });\n\n const cookieOptions = buildCookieOptionsWithExpiry(\n rememberMe ? 'refresh' : 'session',\n absoluteExpiresAt,\n ctx.request.secure\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token: accessToken } = accessResult;\n\n ctx.body = {\n data: {\n token: accessToken,\n accessToken,\n user: getService('user').sanitizeUser(ctx.state.user),\n },\n } satisfies Login.Response;\n } catch (error) {\n strapi.log.error('Failed to create admin refresh session', error);\n return ctx.internalServerError();\n }\n },\n ]),\n\n async registrationInfo(ctx: Context) {\n await validateRegistrationInfoQuery(ctx.request.query);\n\n const { registrationToken } = ctx.request.query as RegistrationInfo.Request['query'];\n\n const registrationInfo = await getService('user').findRegistrationInfo(registrationToken);\n\n if (!registrationInfo) {\n throw new ValidationError('Invalid registrationToken');\n }\n\n ctx.body = { data: registrationInfo } satisfies RegistrationInfo.Response;\n },\n\n async register(ctx: Context) {\n const input = ctx.request.body as Register.Request['body'];\n\n await validateRegistrationInput(input);\n\n const user = await getService('user').register(input);\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n const userId = String(user.id);\n const { deviceId, rememberMe } = extractDeviceParams(ctx.request.body);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, {\n type: rememberMe ? 'refresh' : 'session',\n metadata: buildSessionMetadataFromContext(ctx),\n });\n\n const cookieOptions = buildCookieOptionsWithExpiry(\n rememberMe ? 'refresh' : 'session',\n absoluteExpiresAt,\n ctx.request.secure\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token: accessToken } = accessResult;\n\n ctx.body = {\n data: {\n token: accessToken,\n accessToken,\n user: getService('user').sanitizeUser(user),\n },\n } satisfies Register.Response;\n } catch (error) {\n strapi.log.error('Failed to create admin refresh session during register', error);\n return ctx.internalServerError();\n }\n },\n\n async registerAdmin(ctx: Context) {\n const input = ctx.request.body as RegisterAdmin.Request['body'];\n\n await validateAdminRegistrationInput(input);\n\n const user = await getService('user').createFirstAdmin(input);\n\n strapi.telemetry.send('didCreateFirstAdmin');\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n const userId = String(user.id);\n const { deviceId, rememberMe } = extractDeviceParams(ctx.request.body);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, {\n type: rememberMe ? 'refresh' : 'session',\n metadata: buildSessionMetadataFromContext(ctx),\n });\n\n const cookieOptions = buildCookieOptionsWithExpiry(\n rememberMe ? 'refresh' : 'session',\n absoluteExpiresAt,\n ctx.request.secure\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token: accessToken } = accessResult;\n\n ctx.body = {\n data: {\n token: accessToken,\n accessToken,\n user: getService('user').sanitizeUser(user),\n },\n } satisfies RegisterAdmin.Response;\n } catch (error) {\n strapi.log.error('Failed to create admin refresh session during register-admin', error);\n return ctx.internalServerError();\n }\n },\n\n async forgotPassword(ctx: Context) {\n const input = ctx.request.body as ForgotPassword.Request['body'];\n\n await validateForgotPasswordInput(input);\n\n getService('auth').forgotPassword(input);\n\n ctx.status = 204;\n },\n\n async resetPassword(ctx: Context) {\n const input = ctx.request.body as ResetPassword.Request['body'];\n\n await validateResetPasswordInput(input);\n\n const user = await getService('auth').resetPassword(input);\n\n // Issue a new admin refresh session and access token after password reset.\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n\n const userId = String(user.id);\n const deviceId = generateDeviceId();\n\n // Invalidate all existing sessions before creating a new one\n await sessionManager('admin').invalidateRefreshToken(userId);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, {\n type: 'session',\n metadata: buildSessionMetadataFromContext(ctx),\n });\n\n // No rememberMe flow here; expire with session by default (session cookie)\n const cookieOptions = buildCookieOptionsWithExpiry(\n 'session',\n absoluteExpiresAt,\n ctx.request.secure\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token } = accessResult;\n\n ctx.body = {\n data: {\n token,\n user: getService('user').sanitizeUser(user),\n },\n } satisfies ResetPassword.Response;\n } catch (err) {\n strapi.log.error('Failed to create admin refresh session during reset-password', err as any);\n return ctx.internalServerError();\n }\n },\n\n async accessToken(ctx: Context) {\n const refreshToken = ctx.cookies.get(REFRESH_COOKIE_NAME);\n\n if (!refreshToken) {\n return ctx.unauthorized('Missing refresh token');\n }\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n\n // Single-use renewal: rotate on access exchange, then create access token\n // from the new refresh token\n const rotation = await sessionManager('admin').rotateRefreshToken(refreshToken);\n if ('error' in rotation) {\n return ctx.unauthorized('Invalid refresh token');\n }\n\n const result = await sessionManager('admin').generateAccessToken(rotation.token);\n if ('error' in result) {\n return ctx.unauthorized('Invalid refresh token');\n }\n\n const { token } = result;\n // Preserve session-vs-remember mode using rotation.type and rotation.absoluteExpiresAt\n const opts = buildCookieOptionsWithExpiry(\n rotation.type,\n rotation.absoluteExpiresAt,\n ctx.request.secure\n );\n\n ctx.cookies.set(REFRESH_COOKIE_NAME, rotation.token, opts);\n ctx.body = { data: { token } };\n } catch (err) {\n strapi.log.error('Failed to generate access token from refresh token', err as any);\n return ctx.internalServerError();\n }\n },\n\n async logout(ctx: Context) {\n const sanitizedUser = getService('user').sanitizeUser(ctx.state.user);\n strapi.eventHub.emit('admin.logout', { user: sanitizedUser });\n\n const bodyDeviceId = ctx.request.body?.deviceId as string | undefined;\n const deviceId = typeof bodyDeviceId === 'string' ? bodyDeviceId : undefined;\n\n // Clear cookie regardless of token validity\n ctx.cookies.set(REFRESH_COOKIE_NAME, '', {\n ...getRefreshCookieOptions(ctx.request.secure),\n expires: new Date(0),\n });\n\n try {\n const sessionManager = getSessionManager();\n if (sessionManager) {\n const userId = String(ctx.state.user.id);\n await sessionManager('admin').invalidateRefreshToken(userId, deviceId);\n }\n } catch (err) {\n strapi.log.error('Failed to revoke admin sessions during logout', err as any);\n }\n\n ctx.body = { data: {} };\n },\n};\n"],"names":["buildSessionMetadataFromContext","ctx","buildSessionMetadata","userAgent","request","headers","ApplicationError","ValidationError","errors","login","compose","next","validateLoginSessionInput","body","passport","authenticate","session","err","user","info","strapi","eventHub","emit","error","provider","details","code","notImplemented","Error","message","query","state","sanitizedUser","getService","sanitizeUser","sessionManager","getSessionManager","internalServerError","userId","String","id","deviceId","rememberMe","extractDeviceParams","token","refreshToken","absoluteExpiresAt","generateRefreshToken","type","metadata","cookieOptions","buildCookieOptionsWithExpiry","secure","cookies","set","REFRESH_COOKIE_NAME","accessResult","generateAccessToken","accessToken","data","log","registrationInfo","validateRegistrationInfoQuery","registrationToken","findRegistrationInfo","register","input","validateRegistrationInput","registerAdmin","validateAdminRegistrationInput","createFirstAdmin","telemetry","send","forgotPassword","validateForgotPasswordInput","status","resetPassword","validateResetPasswordInput","generateDeviceId","invalidateRefreshToken","get","unauthorized","rotation","rotateRefreshToken","result","opts","logout","bodyDeviceId","undefined","getRefreshCookieOptions","expires","Date"],"mappings":";;;;;;;;;;;;;;;;;;AAkCA,MAAMA,+BAAAA,GAAkC,CAACC,GAAAA,GACvCC,0BAAAA,CAAqB;AACnBC,QAAAA,SAAAA,EAAWF,GAAAA,CAAIG,OAAO,CAACC,OAAO,CAAC,YAAA;AACjC,KAAA,CAAA;AAEF,MAAM,EAAEC,gBAAgB,EAAEC,eAAe,EAAE,GAAGC,YAAAA;AAE9C,qBAAe;AACbC,IAAAA,KAAAA,EAAOC,wBAAAA,CAAQ;AACb,QAAA,OAAOT,GAAAA,EAAcU,IAAAA,GAAAA;AACnB,YAAA,MAAMC,MAA0BX,GAAAA,CAAIG,OAAO,CAACS,IAAI,IAAI,EAAC,CAAA;YACrD,OAAOF,IAAAA,EAAAA;AACT,QAAA,CAAA;AACA,QAAA,CAACV,GAAAA,EAAcU,IAAAA,GAAAA;YACb,OAAOG,yBAAAA,CAASC,YAAY,CAAC,OAAA,EAAS;gBAAEC,OAAAA,EAAS;aAAM,EAAG,CAACC,KAAKC,IAAAA,EAAMC,IAAAA,GAAAA;AACpE,gBAAA,IAAIF,GAAAA,EAAK;AACPG,oBAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,kBAAA,EAAoB;wBAAEC,KAAAA,EAAON,GAAAA;wBAAKO,QAAAA,EAAU;AAAQ,qBAAA,CAAA;;AAEzE,oBAAA,IAAIP,GAAAA,CAAIQ,OAAO,EAAEC,IAAAA,KAAS,mBAAA,EAAqB;wBAC7C,MAAMT,GAAAA;AACR,oBAAA;;AAGA,oBAAA,OAAOhB,IAAI0B,cAAc,EAAA;AAC3B,gBAAA;AAEA,gBAAA,IAAI,CAACT,IAAAA,EAAM;AACTE,oBAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,kBAAA,EAAoB;wBACvCC,KAAAA,EAAO,IAAIK,KAAAA,CAAMT,IAAAA,CAAKU,OAAO,CAAA;wBAC7BL,QAAAA,EAAU;AACZ,qBAAA,CAAA;oBACA,MAAM,IAAIlB,gBAAAA,CAAiBa,IAAAA,CAAKU,OAAO,CAAA;AACzC,gBAAA;gBAEA,MAAMC,KAAAA,GAAQ7B,IAAI8B,KAAK;AACvBD,gBAAAA,KAAAA,CAAMZ,IAAI,GAAGA,IAAAA;AAEb,gBAAA,MAAMc,aAAAA,GAAgBC,gBAAAA,CAAW,MAAA,CAAA,CAAQC,YAAY,CAAChB,IAAAA,CAAAA;AACtDE,gBAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,oBAAA,EAAsB;oBAAEJ,IAAAA,EAAMc,aAAAA;oBAAeR,QAAAA,EAAU;AAAQ,iBAAA,CAAA;gBAEpF,OAAOb,IAAAA,EAAAA;AACT,YAAA,CAAA,CAAA,CAAGV,GAAAA,EAAKU,IAAAA,CAAAA;AACV,QAAA,CAAA;QACA,OAAOV,GAAAA,GAAAA;AACL,YAAA,MAAM,EAAEiB,IAAI,EAAE,GAAGjB,IAAI8B,KAAK;YAE1B,IAAI;AACF,gBAAA,MAAMI,cAAAA,GAAiBC,6BAAAA,EAAAA;AACvB,gBAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,oBAAA,OAAOlC,IAAIoC,mBAAmB,EAAA;AAChC,gBAAA;gBACA,MAAMC,MAAAA,GAASC,MAAAA,CAAOrB,IAAAA,CAAKsB,EAAE,CAAA;gBAC7B,MAAM,EAAEC,QAAQ,EAAEC,UAAU,EAAE,GAAGC,+BAAAA,CAAoB1C,GAAAA,CAAIG,OAAO,CAACS,IAAI,CAAA;AAErE,gBAAA,MAAM,EAAE+B,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cAAAA,CACvD,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAAA,EAAU;AACvCO,oBAAAA,IAAAA,EAAMN,aAAa,SAAA,GAAY,SAAA;AAC/BO,oBAAAA,QAAAA,EAAUjD,+BAAAA,CAAgCC,GAAAA;AAC5C,iBAAA,CAAA;gBAEA,MAAMiD,aAAAA,GAAgBC,yCACpBT,UAAAA,GAAa,SAAA,GAAY,WACzBI,iBAAAA,EACA7C,GAAAA,CAAIG,OAAO,CAACgD,MAAM,CAAA;AAEpBnD,gBAAAA,GAAAA,CAAIoD,OAAO,CAACC,GAAG,CAACC,iCAAqBV,YAAAA,EAAcK,aAAAA,CAAAA;AAEnD,gBAAA,MAAMM,YAAAA,GAAe,MAAMrB,cAAAA,CAAe,OAAA,CAAA,CAASsB,mBAAmB,CAACZ,YAAAA,CAAAA;AACvE,gBAAA,IAAI,WAAWW,YAAAA,EAAc;AAC3B,oBAAA,OAAOvD,IAAIoC,mBAAmB,EAAA;AAChC,gBAAA;AAEA,gBAAA,MAAM,EAAEO,KAAAA,EAAOc,WAAW,EAAE,GAAGF,YAAAA;AAE/BvD,gBAAAA,GAAAA,CAAIY,IAAI,GAAG;oBACT8C,IAAAA,EAAM;wBACJf,KAAAA,EAAOc,WAAAA;AACPA,wBAAAA,WAAAA;AACAxC,wBAAAA,IAAAA,EAAMe,iBAAW,MAAA,CAAA,CAAQC,YAAY,CAACjC,GAAAA,CAAI8B,KAAK,CAACb,IAAI;AACtD;AACF,iBAAA;AACF,YAAA,CAAA,CAAE,OAAOK,KAAAA,EAAO;AACdH,gBAAAA,MAAAA,CAAOwC,GAAG,CAACrC,KAAK,CAAC,wCAAA,EAA0CA,KAAAA,CAAAA;AAC3D,gBAAA,OAAOtB,IAAIoC,mBAAmB,EAAA;AAChC,YAAA;AACF,QAAA;AACD,KAAA,CAAA;AAED,IAAA,MAAMwB,kBAAiB5D,GAAY,EAAA;AACjC,QAAA,MAAM6D,sCAAAA,CAA8B7D,GAAAA,CAAIG,OAAO,CAAC0B,KAAK,CAAA;AAErD,QAAA,MAAM,EAAEiC,iBAAiB,EAAE,GAAG9D,GAAAA,CAAIG,OAAO,CAAC0B,KAAK;AAE/C,QAAA,MAAM+B,gBAAAA,GAAmB,MAAM5B,gBAAAA,CAAW,MAAA,CAAA,CAAQ+B,oBAAoB,CAACD,iBAAAA,CAAAA;AAEvE,QAAA,IAAI,CAACF,gBAAAA,EAAkB;AACrB,YAAA,MAAM,IAAItD,eAAAA,CAAgB,2BAAA,CAAA;AAC5B,QAAA;AAEAN,QAAAA,GAAAA,CAAIY,IAAI,GAAG;YAAE8C,IAAAA,EAAME;AAAiB,SAAA;AACtC,IAAA,CAAA;AAEA,IAAA,MAAMI,UAAShE,GAAY,EAAA;AACzB,QAAA,MAAMiE,KAAAA,GAAQjE,GAAAA,CAAIG,OAAO,CAACS,IAAI;AAE9B,QAAA,MAAMsD,kCAAAA,CAA0BD,KAAAA,CAAAA;AAEhC,QAAA,MAAMhD,IAAAA,GAAO,MAAMe,gBAAAA,CAAW,MAAA,CAAA,CAAQgC,QAAQ,CAACC,KAAAA,CAAAA;QAE/C,IAAI;AACF,YAAA,MAAM/B,cAAAA,GAAiBC,6BAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,gBAAA,OAAOlC,IAAIoC,mBAAmB,EAAA;AAChC,YAAA;YACA,MAAMC,MAAAA,GAASC,MAAAA,CAAOrB,IAAAA,CAAKsB,EAAE,CAAA;YAC7B,MAAM,EAAEC,QAAQ,EAAEC,UAAU,EAAE,GAAGC,+BAAAA,CAAoB1C,GAAAA,CAAIG,OAAO,CAACS,IAAI,CAAA;AAErE,YAAA,MAAM,EAAE+B,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cAAAA,CACvD,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAAA,EAAU;AACvCO,gBAAAA,IAAAA,EAAMN,aAAa,SAAA,GAAY,SAAA;AAC/BO,gBAAAA,QAAAA,EAAUjD,+BAAAA,CAAgCC,GAAAA;AAC5C,aAAA,CAAA;YAEA,MAAMiD,aAAAA,GAAgBC,yCACpBT,UAAAA,GAAa,SAAA,GAAY,WACzBI,iBAAAA,EACA7C,GAAAA,CAAIG,OAAO,CAACgD,MAAM,CAAA;AAEpBnD,YAAAA,GAAAA,CAAIoD,OAAO,CAACC,GAAG,CAACC,iCAAqBV,YAAAA,EAAcK,aAAAA,CAAAA;AAEnD,YAAA,MAAMM,YAAAA,GAAe,MAAMrB,cAAAA,CAAe,OAAA,CAAA,CAASsB,mBAAmB,CAACZ,YAAAA,CAAAA;AACvE,YAAA,IAAI,WAAWW,YAAAA,EAAc;AAC3B,gBAAA,OAAOvD,IAAIoC,mBAAmB,EAAA;AAChC,YAAA;AAEA,YAAA,MAAM,EAAEO,KAAAA,EAAOc,WAAW,EAAE,GAAGF,YAAAA;AAE/BvD,YAAAA,GAAAA,CAAIY,IAAI,GAAG;gBACT8C,IAAAA,EAAM;oBACJf,KAAAA,EAAOc,WAAAA;AACPA,oBAAAA,WAAAA;oBACAxC,IAAAA,EAAMe,gBAAAA,CAAW,MAAA,CAAA,CAAQC,YAAY,CAAChB,IAAAA;AACxC;AACF,aAAA;AACF,QAAA,CAAA,CAAE,OAAOK,KAAAA,EAAO;AACdH,YAAAA,MAAAA,CAAOwC,GAAG,CAACrC,KAAK,CAAC,wDAAA,EAA0DA,KAAAA,CAAAA;AAC3E,YAAA,OAAOtB,IAAIoC,mBAAmB,EAAA;AAChC,QAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAM+B,eAAcnE,GAAY,EAAA;AAC9B,QAAA,MAAMiE,KAAAA,GAAQjE,GAAAA,CAAIG,OAAO,CAACS,IAAI;AAE9B,QAAA,MAAMwD,uCAAAA,CAA+BH,KAAAA,CAAAA;AAErC,QAAA,MAAMhD,IAAAA,GAAO,MAAMe,gBAAAA,CAAW,MAAA,CAAA,CAAQqC,gBAAgB,CAACJ,KAAAA,CAAAA;QAEvD9C,MAAAA,CAAOmD,SAAS,CAACC,IAAI,CAAC,qBAAA,CAAA;QAEtB,IAAI;AACF,YAAA,MAAMrC,cAAAA,GAAiBC,6BAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,gBAAA,OAAOlC,IAAIoC,mBAAmB,EAAA;AAChC,YAAA;YACA,MAAMC,MAAAA,GAASC,MAAAA,CAAOrB,IAAAA,CAAKsB,EAAE,CAAA;YAC7B,MAAM,EAAEC,QAAQ,EAAEC,UAAU,EAAE,GAAGC,+BAAAA,CAAoB1C,GAAAA,CAAIG,OAAO,CAACS,IAAI,CAAA;AAErE,YAAA,MAAM,EAAE+B,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cAAAA,CACvD,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAAA,EAAU;AACvCO,gBAAAA,IAAAA,EAAMN,aAAa,SAAA,GAAY,SAAA;AAC/BO,gBAAAA,QAAAA,EAAUjD,+BAAAA,CAAgCC,GAAAA;AAC5C,aAAA,CAAA;YAEA,MAAMiD,aAAAA,GAAgBC,yCACpBT,UAAAA,GAAa,SAAA,GAAY,WACzBI,iBAAAA,EACA7C,GAAAA,CAAIG,OAAO,CAACgD,MAAM,CAAA;AAEpBnD,YAAAA,GAAAA,CAAIoD,OAAO,CAACC,GAAG,CAACC,iCAAqBV,YAAAA,EAAcK,aAAAA,CAAAA;AAEnD,YAAA,MAAMM,YAAAA,GAAe,MAAMrB,cAAAA,CAAe,OAAA,CAAA,CAASsB,mBAAmB,CAACZ,YAAAA,CAAAA;AACvE,YAAA,IAAI,WAAWW,YAAAA,EAAc;AAC3B,gBAAA,OAAOvD,IAAIoC,mBAAmB,EAAA;AAChC,YAAA;AAEA,YAAA,MAAM,EAAEO,KAAAA,EAAOc,WAAW,EAAE,GAAGF,YAAAA;AAE/BvD,YAAAA,GAAAA,CAAIY,IAAI,GAAG;gBACT8C,IAAAA,EAAM;oBACJf,KAAAA,EAAOc,WAAAA;AACPA,oBAAAA,WAAAA;oBACAxC,IAAAA,EAAMe,gBAAAA,CAAW,MAAA,CAAA,CAAQC,YAAY,CAAChB,IAAAA;AACxC;AACF,aAAA;AACF,QAAA,CAAA,CAAE,OAAOK,KAAAA,EAAO;AACdH,YAAAA,MAAAA,CAAOwC,GAAG,CAACrC,KAAK,CAAC,8DAAA,EAAgEA,KAAAA,CAAAA;AACjF,YAAA,OAAOtB,IAAIoC,mBAAmB,EAAA;AAChC,QAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAMoC,gBAAexE,GAAY,EAAA;AAC/B,QAAA,MAAMiE,KAAAA,GAAQjE,GAAAA,CAAIG,OAAO,CAACS,IAAI;AAE9B,QAAA,MAAM6D,cAAAA,CAA4BR,KAAAA,CAAAA;QAElCjC,gBAAAA,CAAW,MAAA,CAAA,CAAQwC,cAAc,CAACP,KAAAA,CAAAA;AAElCjE,QAAAA,GAAAA,CAAI0E,MAAM,GAAG,GAAA;AACf,IAAA,CAAA;AAEA,IAAA,MAAMC,eAAc3E,GAAY,EAAA;AAC9B,QAAA,MAAMiE,KAAAA,GAAQjE,GAAAA,CAAIG,OAAO,CAACS,IAAI;AAE9B,QAAA,MAAMgE,aAAAA,CAA2BX,KAAAA,CAAAA;AAEjC,QAAA,MAAMhD,IAAAA,GAAO,MAAMe,gBAAAA,CAAW,MAAA,CAAA,CAAQ2C,aAAa,CAACV,KAAAA,CAAAA;;QAGpD,IAAI;AACF,YAAA,MAAM/B,cAAAA,GAAiBC,6BAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,gBAAA,OAAOlC,IAAIoC,mBAAmB,EAAA;AAChC,YAAA;YAEA,MAAMC,MAAAA,GAASC,MAAAA,CAAOrB,IAAAA,CAAKsB,EAAE,CAAA;AAC7B,YAAA,MAAMC,QAAAA,GAAWqC,4BAAAA,EAAAA;;YAGjB,MAAM3C,cAAAA,CAAe,OAAA,CAAA,CAAS4C,sBAAsB,CAACzC,MAAAA,CAAAA;AAErD,YAAA,MAAM,EAAEM,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cAAAA,CACvD,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAAA,EAAU;gBACvCO,IAAAA,EAAM,SAAA;AACNC,gBAAAA,QAAAA,EAAUjD,+BAAAA,CAAgCC,GAAAA;AAC5C,aAAA,CAAA;;AAGA,YAAA,MAAMiD,gBAAgBC,wCAAAA,CACpB,SAAA,EACAL,mBACA7C,GAAAA,CAAIG,OAAO,CAACgD,MAAM,CAAA;AAEpBnD,YAAAA,GAAAA,CAAIoD,OAAO,CAACC,GAAG,CAACC,iCAAqBV,YAAAA,EAAcK,aAAAA,CAAAA;AAEnD,YAAA,MAAMM,YAAAA,GAAe,MAAMrB,cAAAA,CAAe,OAAA,CAAA,CAASsB,mBAAmB,CAACZ,YAAAA,CAAAA;AACvE,YAAA,IAAI,WAAWW,YAAAA,EAAc;AAC3B,gBAAA,OAAOvD,IAAIoC,mBAAmB,EAAA;AAChC,YAAA;YAEA,MAAM,EAAEO,KAAK,EAAE,GAAGY,YAAAA;AAElBvD,YAAAA,GAAAA,CAAIY,IAAI,GAAG;gBACT8C,IAAAA,EAAM;AACJf,oBAAAA,KAAAA;oBACA1B,IAAAA,EAAMe,gBAAAA,CAAW,MAAA,CAAA,CAAQC,YAAY,CAAChB,IAAAA;AACxC;AACF,aAAA;AACF,QAAA,CAAA,CAAE,OAAOD,GAAAA,EAAK;AACZG,YAAAA,MAAAA,CAAOwC,GAAG,CAACrC,KAAK,CAAC,8DAAA,EAAgEN,GAAAA,CAAAA;AACjF,YAAA,OAAOhB,IAAIoC,mBAAmB,EAAA;AAChC,QAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAMqB,aAAYzD,GAAY,EAAA;AAC5B,QAAA,MAAM4C,YAAAA,GAAe5C,GAAAA,CAAIoD,OAAO,CAAC2B,GAAG,CAACzB,+BAAAA,CAAAA;AAErC,QAAA,IAAI,CAACV,YAAAA,EAAc;YACjB,OAAO5C,GAAAA,CAAIgF,YAAY,CAAC,uBAAA,CAAA;AAC1B,QAAA;QAEA,IAAI;AACF,YAAA,MAAM9C,cAAAA,GAAiBC,6BAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,gBAAA,OAAOlC,IAAIoC,mBAAmB,EAAA;AAChC,YAAA;;;AAIA,YAAA,MAAM6C,QAAAA,GAAW,MAAM/C,cAAAA,CAAe,OAAA,CAAA,CAASgD,kBAAkB,CAACtC,YAAAA,CAAAA;AAClE,YAAA,IAAI,WAAWqC,QAAAA,EAAU;gBACvB,OAAOjF,GAAAA,CAAIgF,YAAY,CAAC,uBAAA,CAAA;AAC1B,YAAA;AAEA,YAAA,MAAMG,SAAS,MAAMjD,cAAAA,CAAe,SAASsB,mBAAmB,CAACyB,SAAStC,KAAK,CAAA;AAC/E,YAAA,IAAI,WAAWwC,MAAAA,EAAQ;gBACrB,OAAOnF,GAAAA,CAAIgF,YAAY,CAAC,uBAAA,CAAA;AAC1B,YAAA;YAEA,MAAM,EAAErC,KAAK,EAAE,GAAGwC,MAAAA;;YAElB,MAAMC,IAAAA,GAAOlC,wCAAAA,CACX+B,QAAAA,CAASlC,IAAI,EACbkC,QAAAA,CAASpC,iBAAiB,EAC1B7C,GAAAA,CAAIG,OAAO,CAACgD,MAAM,CAAA;AAGpBnD,YAAAA,GAAAA,CAAIoD,OAAO,CAACC,GAAG,CAACC,+BAAAA,EAAqB2B,QAAAA,CAAStC,KAAK,EAAEyC,IAAAA,CAAAA;AACrDpF,YAAAA,GAAAA,CAAIY,IAAI,GAAG;gBAAE8C,IAAAA,EAAM;AAAEf,oBAAAA;AAAM;AAAE,aAAA;AAC/B,QAAA,CAAA,CAAE,OAAO3B,GAAAA,EAAK;AACZG,YAAAA,MAAAA,CAAOwC,GAAG,CAACrC,KAAK,CAAC,oDAAA,EAAsDN,GAAAA,CAAAA;AACvE,YAAA,OAAOhB,IAAIoC,mBAAmB,EAAA;AAChC,QAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAMiD,QAAOrF,GAAY,EAAA;QACvB,MAAM+B,aAAAA,GAAgBC,iBAAW,MAAA,CAAA,CAAQC,YAAY,CAACjC,GAAAA,CAAI8B,KAAK,CAACb,IAAI,CAAA;AACpEE,QAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,cAAA,EAAgB;YAAEJ,IAAAA,EAAMc;AAAc,SAAA,CAAA;AAE3D,QAAA,MAAMuD,YAAAA,GAAetF,GAAAA,CAAIG,OAAO,CAACS,IAAI,EAAE4B,QAAAA;AACvC,QAAA,MAAMA,QAAAA,GAAW,OAAO8C,YAAAA,KAAiB,QAAA,GAAWA,YAAAA,GAAeC,SAAAA;;AAGnEvF,QAAAA,GAAAA,CAAIoD,OAAO,CAACC,GAAG,CAACC,iCAAqB,EAAA,EAAI;AACvC,YAAA,GAAGkC,mCAAAA,CAAwBxF,GAAAA,CAAIG,OAAO,CAACgD,MAAM,CAAC;AAC9CsC,YAAAA,OAAAA,EAAS,IAAIC,IAAAA,CAAK,CAAA;AACpB,SAAA,CAAA;QAEA,IAAI;AACF,YAAA,MAAMxD,cAAAA,GAAiBC,6BAAAA,EAAAA;AACvB,YAAA,IAAID,cAAAA,EAAgB;AAClB,gBAAA,MAAMG,SAASC,MAAAA,CAAOtC,GAAAA,CAAI8B,KAAK,CAACb,IAAI,CAACsB,EAAE,CAAA;AACvC,gBAAA,MAAML,cAAAA,CAAe,OAAA,CAAA,CAAS4C,sBAAsB,CAACzC,MAAAA,EAAQG,QAAAA,CAAAA;AAC/D,YAAA;AACF,QAAA,CAAA,CAAE,OAAOxB,GAAAA,EAAK;AACZG,YAAAA,MAAAA,CAAOwC,GAAG,CAACrC,KAAK,CAAC,+CAAA,EAAiDN,GAAAA,CAAAA;AACpE,QAAA;AAEAhB,QAAAA,GAAAA,CAAIY,IAAI,GAAG;AAAE8C,YAAAA,IAAAA,EAAM;AAAG,SAAA;AACxB,IAAA;AACF,CAAA;;;;"}
@@ -1,7 +1,7 @@
1
1
  import passport from 'koa-passport';
2
2
  import compose from 'koa-compose';
3
3
  import '@strapi/types';
4
- import { errors } from '@strapi/utils';
4
+ import { errors, buildSessionMetadata } from '@strapi/utils';
5
5
  import { getService } from '../utils/index.mjs';
6
6
  import { getSessionManager, extractDeviceParams, buildCookieOptionsWithExpiry, REFRESH_COOKIE_NAME, getRefreshCookieOptions, generateDeviceId } from '../../../shared/utils/session-auth.mjs';
7
7
  import { validateAdminRegistrationInput, validateRegistrationInput, validateRegistrationInfoQuery } from '../validation/authentication/register.mjs';
@@ -9,6 +9,9 @@ import validateForgotPasswordInput from '../validation/authentication/forgot-pas
9
9
  import validateResetPasswordInput from '../validation/authentication/reset-password.mjs';
10
10
  import validateLoginSessionInput from '../validation/authentication/login.mjs';
11
11
 
12
+ const buildSessionMetadataFromContext = (ctx)=>buildSessionMetadata({
13
+ userAgent: ctx.request.headers['user-agent']
14
+ });
12
15
  const { ApplicationError, ValidationError } = errors;
13
16
  var authentication = {
14
17
  login: compose([
@@ -59,7 +62,8 @@ var authentication = {
59
62
  const userId = String(user.id);
60
63
  const { deviceId, rememberMe } = extractDeviceParams(ctx.request.body);
61
64
  const { token: refreshToken, absoluteExpiresAt } = await sessionManager('admin').generateRefreshToken(userId, deviceId, {
62
- type: rememberMe ? 'refresh' : 'session'
65
+ type: rememberMe ? 'refresh' : 'session',
66
+ metadata: buildSessionMetadataFromContext(ctx)
63
67
  });
64
68
  const cookieOptions = buildCookieOptionsWithExpiry(rememberMe ? 'refresh' : 'session', absoluteExpiresAt, ctx.request.secure);
65
69
  ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);
@@ -104,7 +108,8 @@ var authentication = {
104
108
  const userId = String(user.id);
105
109
  const { deviceId, rememberMe } = extractDeviceParams(ctx.request.body);
106
110
  const { token: refreshToken, absoluteExpiresAt } = await sessionManager('admin').generateRefreshToken(userId, deviceId, {
107
- type: rememberMe ? 'refresh' : 'session'
111
+ type: rememberMe ? 'refresh' : 'session',
112
+ metadata: buildSessionMetadataFromContext(ctx)
108
113
  });
109
114
  const cookieOptions = buildCookieOptionsWithExpiry(rememberMe ? 'refresh' : 'session', absoluteExpiresAt, ctx.request.secure);
110
115
  ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);
@@ -138,7 +143,8 @@ var authentication = {
138
143
  const userId = String(user.id);
139
144
  const { deviceId, rememberMe } = extractDeviceParams(ctx.request.body);
140
145
  const { token: refreshToken, absoluteExpiresAt } = await sessionManager('admin').generateRefreshToken(userId, deviceId, {
141
- type: rememberMe ? 'refresh' : 'session'
146
+ type: rememberMe ? 'refresh' : 'session',
147
+ metadata: buildSessionMetadataFromContext(ctx)
142
148
  });
143
149
  const cookieOptions = buildCookieOptionsWithExpiry(rememberMe ? 'refresh' : 'session', absoluteExpiresAt, ctx.request.secure);
144
150
  ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);
@@ -180,7 +186,8 @@ var authentication = {
180
186
  // Invalidate all existing sessions before creating a new one
181
187
  await sessionManager('admin').invalidateRefreshToken(userId);
182
188
  const { token: refreshToken, absoluteExpiresAt } = await sessionManager('admin').generateRefreshToken(userId, deviceId, {
183
- type: 'session'
189
+ type: 'session',
190
+ metadata: buildSessionMetadataFromContext(ctx)
184
191
  });
185
192
  // No rememberMe flow here; expire with session by default (session cookie)
186
193
  const cookieOptions = buildCookieOptionsWithExpiry('session', absoluteExpiresAt, ctx.request.secure);
@@ -1 +1 @@
1
- {"version":3,"file":"authentication.mjs","sources":["../../../../../server/src/controllers/authentication.ts"],"sourcesContent":["import type { Context, Next } from 'koa';\nimport passport from 'koa-passport';\nimport compose from 'koa-compose';\nimport '@strapi/types';\nimport { errors } from '@strapi/utils';\nimport { getService } from '../utils';\nimport {\n REFRESH_COOKIE_NAME,\n buildCookieOptionsWithExpiry,\n getSessionManager,\n extractDeviceParams,\n generateDeviceId,\n getRefreshCookieOptions,\n} from '../../../shared/utils/session-auth';\n\nimport {\n validateRegistrationInput,\n validateAdminRegistrationInput,\n validateRegistrationInfoQuery,\n validateForgotPasswordInput,\n validateResetPasswordInput,\n validateLoginSessionInput,\n} from '../validation/authentication';\n\nimport type {\n ForgotPassword,\n Login,\n Register,\n RegisterAdmin,\n RegistrationInfo,\n ResetPassword,\n} from '../../../shared/contracts/authentication';\nimport { AdminUser } from '../../../shared/contracts/shared';\n\nconst { ApplicationError, ValidationError } = errors;\n\nexport default {\n login: compose([\n async (ctx: Context, next: Next) => {\n await validateLoginSessionInput(ctx.request.body ?? {});\n return next();\n },\n (ctx: Context, next: Next) => {\n return passport.authenticate('local', { session: false }, (err, user, info) => {\n if (err) {\n strapi.eventHub.emit('admin.auth.error', { error: err, provider: 'local' });\n // if this is a recognized error, allow it to bubble up to user\n if (err.details?.code === 'LOGIN_NOT_ALLOWED') {\n throw err;\n }\n\n // for all other errors throw a generic error to prevent leaking info\n return ctx.notImplemented();\n }\n\n if (!user) {\n strapi.eventHub.emit('admin.auth.error', {\n error: new Error(info.message),\n provider: 'local',\n });\n throw new ApplicationError(info.message);\n }\n\n const query = ctx.state as Login.Request['query'];\n query.user = user;\n\n const sanitizedUser = getService('user').sanitizeUser(user);\n strapi.eventHub.emit('admin.auth.success', { user: sanitizedUser, provider: 'local' });\n\n return next();\n })(ctx, next);\n },\n async (ctx: Context) => {\n const { user } = ctx.state as { user: AdminUser };\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n const userId = String(user.id);\n const { deviceId, rememberMe } = extractDeviceParams(ctx.request.body);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, {\n type: rememberMe ? 'refresh' : 'session',\n });\n\n const cookieOptions = buildCookieOptionsWithExpiry(\n rememberMe ? 'refresh' : 'session',\n absoluteExpiresAt,\n ctx.request.secure\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token: accessToken } = accessResult;\n\n ctx.body = {\n data: {\n token: accessToken,\n accessToken,\n user: getService('user').sanitizeUser(ctx.state.user),\n },\n } satisfies Login.Response;\n } catch (error) {\n strapi.log.error('Failed to create admin refresh session', error);\n return ctx.internalServerError();\n }\n },\n ]),\n\n async registrationInfo(ctx: Context) {\n await validateRegistrationInfoQuery(ctx.request.query);\n\n const { registrationToken } = ctx.request.query as RegistrationInfo.Request['query'];\n\n const registrationInfo = await getService('user').findRegistrationInfo(registrationToken);\n\n if (!registrationInfo) {\n throw new ValidationError('Invalid registrationToken');\n }\n\n ctx.body = { data: registrationInfo } satisfies RegistrationInfo.Response;\n },\n\n async register(ctx: Context) {\n const input = ctx.request.body as Register.Request['body'];\n\n await validateRegistrationInput(input);\n\n const user = await getService('user').register(input);\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n const userId = String(user.id);\n const { deviceId, rememberMe } = extractDeviceParams(ctx.request.body);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, { type: rememberMe ? 'refresh' : 'session' });\n\n const cookieOptions = buildCookieOptionsWithExpiry(\n rememberMe ? 'refresh' : 'session',\n absoluteExpiresAt,\n ctx.request.secure\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token: accessToken } = accessResult;\n\n ctx.body = {\n data: {\n token: accessToken,\n accessToken,\n user: getService('user').sanitizeUser(user),\n },\n } satisfies Register.Response;\n } catch (error) {\n strapi.log.error('Failed to create admin refresh session during register', error);\n return ctx.internalServerError();\n }\n },\n\n async registerAdmin(ctx: Context) {\n const input = ctx.request.body as RegisterAdmin.Request['body'];\n\n await validateAdminRegistrationInput(input);\n\n const user = await getService('user').createFirstAdmin(input);\n\n strapi.telemetry.send('didCreateFirstAdmin');\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n const userId = String(user.id);\n const { deviceId, rememberMe } = extractDeviceParams(ctx.request.body);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, { type: rememberMe ? 'refresh' : 'session' });\n\n const cookieOptions = buildCookieOptionsWithExpiry(\n rememberMe ? 'refresh' : 'session',\n absoluteExpiresAt,\n ctx.request.secure\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token: accessToken } = accessResult;\n\n ctx.body = {\n data: {\n token: accessToken,\n accessToken,\n user: getService('user').sanitizeUser(user),\n },\n } satisfies RegisterAdmin.Response;\n } catch (error) {\n strapi.log.error('Failed to create admin refresh session during register-admin', error);\n return ctx.internalServerError();\n }\n },\n\n async forgotPassword(ctx: Context) {\n const input = ctx.request.body as ForgotPassword.Request['body'];\n\n await validateForgotPasswordInput(input);\n\n getService('auth').forgotPassword(input);\n\n ctx.status = 204;\n },\n\n async resetPassword(ctx: Context) {\n const input = ctx.request.body as ResetPassword.Request['body'];\n\n await validateResetPasswordInput(input);\n\n const user = await getService('auth').resetPassword(input);\n\n // Issue a new admin refresh session and access token after password reset.\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n\n const userId = String(user.id);\n const deviceId = generateDeviceId();\n\n // Invalidate all existing sessions before creating a new one\n await sessionManager('admin').invalidateRefreshToken(userId);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, { type: 'session' });\n\n // No rememberMe flow here; expire with session by default (session cookie)\n const cookieOptions = buildCookieOptionsWithExpiry(\n 'session',\n absoluteExpiresAt,\n ctx.request.secure\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token } = accessResult;\n\n ctx.body = {\n data: {\n token,\n user: getService('user').sanitizeUser(user),\n },\n } satisfies ResetPassword.Response;\n } catch (err) {\n strapi.log.error('Failed to create admin refresh session during reset-password', err as any);\n return ctx.internalServerError();\n }\n },\n\n async accessToken(ctx: Context) {\n const refreshToken = ctx.cookies.get(REFRESH_COOKIE_NAME);\n\n if (!refreshToken) {\n return ctx.unauthorized('Missing refresh token');\n }\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n\n // Single-use renewal: rotate on access exchange, then create access token\n // from the new refresh token\n const rotation = await sessionManager('admin').rotateRefreshToken(refreshToken);\n if ('error' in rotation) {\n return ctx.unauthorized('Invalid refresh token');\n }\n\n const result = await sessionManager('admin').generateAccessToken(rotation.token);\n if ('error' in result) {\n return ctx.unauthorized('Invalid refresh token');\n }\n\n const { token } = result;\n // Preserve session-vs-remember mode using rotation.type and rotation.absoluteExpiresAt\n const opts = buildCookieOptionsWithExpiry(\n rotation.type,\n rotation.absoluteExpiresAt,\n ctx.request.secure\n );\n\n ctx.cookies.set(REFRESH_COOKIE_NAME, rotation.token, opts);\n ctx.body = { data: { token } };\n } catch (err) {\n strapi.log.error('Failed to generate access token from refresh token', err as any);\n return ctx.internalServerError();\n }\n },\n\n async logout(ctx: Context) {\n const sanitizedUser = getService('user').sanitizeUser(ctx.state.user);\n strapi.eventHub.emit('admin.logout', { user: sanitizedUser });\n\n const bodyDeviceId = ctx.request.body?.deviceId as string | undefined;\n const deviceId = typeof bodyDeviceId === 'string' ? bodyDeviceId : undefined;\n\n // Clear cookie regardless of token validity\n ctx.cookies.set(REFRESH_COOKIE_NAME, '', {\n ...getRefreshCookieOptions(ctx.request.secure),\n expires: new Date(0),\n });\n\n try {\n const sessionManager = getSessionManager();\n if (sessionManager) {\n const userId = String(ctx.state.user.id);\n await sessionManager('admin').invalidateRefreshToken(userId, deviceId);\n }\n } catch (err) {\n strapi.log.error('Failed to revoke admin sessions during logout', err as any);\n }\n\n ctx.body = { data: {} };\n },\n};\n"],"names":["ApplicationError","ValidationError","errors","login","compose","ctx","next","validateLoginSessionInput","request","body","passport","authenticate","session","err","user","info","strapi","eventHub","emit","error","provider","details","code","notImplemented","Error","message","query","state","sanitizedUser","getService","sanitizeUser","sessionManager","getSessionManager","internalServerError","userId","String","id","deviceId","rememberMe","extractDeviceParams","token","refreshToken","absoluteExpiresAt","generateRefreshToken","type","cookieOptions","buildCookieOptionsWithExpiry","secure","cookies","set","REFRESH_COOKIE_NAME","accessResult","generateAccessToken","accessToken","data","log","registrationInfo","validateRegistrationInfoQuery","registrationToken","findRegistrationInfo","register","input","validateRegistrationInput","registerAdmin","validateAdminRegistrationInput","createFirstAdmin","telemetry","send","forgotPassword","validateForgotPasswordInput","status","resetPassword","validateResetPasswordInput","generateDeviceId","invalidateRefreshToken","get","unauthorized","rotation","rotateRefreshToken","result","opts","logout","bodyDeviceId","undefined","getRefreshCookieOptions","expires","Date"],"mappings":";;;;;;;;;;;AAkCA,MAAM,EAAEA,gBAAgB,EAAEC,eAAe,EAAE,GAAGC,MAAAA;AAE9C,qBAAe;AACbC,IAAAA,KAAAA,EAAOC,OAAAA,CAAQ;AACb,QAAA,OAAOC,GAAAA,EAAcC,IAAAA,GAAAA;AACnB,YAAA,MAAMC,0BAA0BF,GAAAA,CAAIG,OAAO,CAACC,IAAI,IAAI,EAAC,CAAA;YACrD,OAAOH,IAAAA,EAAAA;AACT,QAAA,CAAA;AACA,QAAA,CAACD,GAAAA,EAAcC,IAAAA,GAAAA;YACb,OAAOI,QAAAA,CAASC,YAAY,CAAC,OAAA,EAAS;gBAAEC,OAAAA,EAAS;aAAM,EAAG,CAACC,KAAKC,IAAAA,EAAMC,IAAAA,GAAAA;AACpE,gBAAA,IAAIF,GAAAA,EAAK;AACPG,oBAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,kBAAA,EAAoB;wBAAEC,KAAAA,EAAON,GAAAA;wBAAKO,QAAAA,EAAU;AAAQ,qBAAA,CAAA;;AAEzE,oBAAA,IAAIP,GAAAA,CAAIQ,OAAO,EAAEC,IAAAA,KAAS,mBAAA,EAAqB;wBAC7C,MAAMT,GAAAA;AACR,oBAAA;;AAGA,oBAAA,OAAOR,IAAIkB,cAAc,EAAA;AAC3B,gBAAA;AAEA,gBAAA,IAAI,CAACT,IAAAA,EAAM;AACTE,oBAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,kBAAA,EAAoB;wBACvCC,KAAAA,EAAO,IAAIK,KAAAA,CAAMT,IAAAA,CAAKU,OAAO,CAAA;wBAC7BL,QAAAA,EAAU;AACZ,qBAAA,CAAA;oBACA,MAAM,IAAIpB,gBAAAA,CAAiBe,IAAAA,CAAKU,OAAO,CAAA;AACzC,gBAAA;gBAEA,MAAMC,KAAAA,GAAQrB,IAAIsB,KAAK;AACvBD,gBAAAA,KAAAA,CAAMZ,IAAI,GAAGA,IAAAA;AAEb,gBAAA,MAAMc,aAAAA,GAAgBC,UAAAA,CAAW,MAAA,CAAA,CAAQC,YAAY,CAAChB,IAAAA,CAAAA;AACtDE,gBAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,oBAAA,EAAsB;oBAAEJ,IAAAA,EAAMc,aAAAA;oBAAeR,QAAAA,EAAU;AAAQ,iBAAA,CAAA;gBAEpF,OAAOd,IAAAA,EAAAA;AACT,YAAA,CAAA,CAAA,CAAGD,GAAAA,EAAKC,IAAAA,CAAAA;AACV,QAAA,CAAA;QACA,OAAOD,GAAAA,GAAAA;AACL,YAAA,MAAM,EAAES,IAAI,EAAE,GAAGT,IAAIsB,KAAK;YAE1B,IAAI;AACF,gBAAA,MAAMI,cAAAA,GAAiBC,iBAAAA,EAAAA;AACvB,gBAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,oBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC,gBAAA;gBACA,MAAMC,MAAAA,GAASC,MAAAA,CAAOrB,IAAAA,CAAKsB,EAAE,CAAA;gBAC7B,MAAM,EAAEC,QAAQ,EAAEC,UAAU,EAAE,GAAGC,mBAAAA,CAAoBlC,GAAAA,CAAIG,OAAO,CAACC,IAAI,CAAA;AAErE,gBAAA,MAAM,EAAE+B,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cAAAA,CACvD,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAAA,EAAU;AACvCO,oBAAAA,IAAAA,EAAMN,aAAa,SAAA,GAAY;AACjC,iBAAA,CAAA;gBAEA,MAAMO,aAAAA,GAAgBC,6BACpBR,UAAAA,GAAa,SAAA,GAAY,WACzBI,iBAAAA,EACArC,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAA;AAEpB1C,gBAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,qBAAqBT,YAAAA,EAAcI,aAAAA,CAAAA;AAEnD,gBAAA,MAAMM,YAAAA,GAAe,MAAMpB,cAAAA,CAAe,OAAA,CAAA,CAASqB,mBAAmB,CAACX,YAAAA,CAAAA;AACvE,gBAAA,IAAI,WAAWU,YAAAA,EAAc;AAC3B,oBAAA,OAAO9C,IAAI4B,mBAAmB,EAAA;AAChC,gBAAA;AAEA,gBAAA,MAAM,EAAEO,KAAAA,EAAOa,WAAW,EAAE,GAAGF,YAAAA;AAE/B9C,gBAAAA,GAAAA,CAAII,IAAI,GAAG;oBACT6C,IAAAA,EAAM;wBACJd,KAAAA,EAAOa,WAAAA;AACPA,wBAAAA,WAAAA;AACAvC,wBAAAA,IAAAA,EAAMe,WAAW,MAAA,CAAA,CAAQC,YAAY,CAACzB,GAAAA,CAAIsB,KAAK,CAACb,IAAI;AACtD;AACF,iBAAA;AACF,YAAA,CAAA,CAAE,OAAOK,KAAAA,EAAO;AACdH,gBAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,wCAAA,EAA0CA,KAAAA,CAAAA;AAC3D,gBAAA,OAAOd,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;AACF,QAAA;AACD,KAAA,CAAA;AAED,IAAA,MAAMuB,kBAAiBnD,GAAY,EAAA;AACjC,QAAA,MAAMoD,6BAAAA,CAA8BpD,GAAAA,CAAIG,OAAO,CAACkB,KAAK,CAAA;AAErD,QAAA,MAAM,EAAEgC,iBAAiB,EAAE,GAAGrD,GAAAA,CAAIG,OAAO,CAACkB,KAAK;AAE/C,QAAA,MAAM8B,gBAAAA,GAAmB,MAAM3B,UAAAA,CAAW,MAAA,CAAA,CAAQ8B,oBAAoB,CAACD,iBAAAA,CAAAA;AAEvE,QAAA,IAAI,CAACF,gBAAAA,EAAkB;AACrB,YAAA,MAAM,IAAIvD,eAAAA,CAAgB,2BAAA,CAAA;AAC5B,QAAA;AAEAI,QAAAA,GAAAA,CAAII,IAAI,GAAG;YAAE6C,IAAAA,EAAME;AAAiB,SAAA;AACtC,IAAA,CAAA;AAEA,IAAA,MAAMI,UAASvD,GAAY,EAAA;AACzB,QAAA,MAAMwD,KAAAA,GAAQxD,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAMqD,yBAAAA,CAA0BD,KAAAA,CAAAA;AAEhC,QAAA,MAAM/C,IAAAA,GAAO,MAAMe,UAAAA,CAAW,MAAA,CAAA,CAAQ+B,QAAQ,CAACC,KAAAA,CAAAA;QAE/C,IAAI;AACF,YAAA,MAAM9B,cAAAA,GAAiBC,iBAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;YACA,MAAMC,MAAAA,GAASC,MAAAA,CAAOrB,IAAAA,CAAKsB,EAAE,CAAA;YAC7B,MAAM,EAAEC,QAAQ,EAAEC,UAAU,EAAE,GAAGC,mBAAAA,CAAoBlC,GAAAA,CAAIG,OAAO,CAACC,IAAI,CAAA;AAErE,YAAA,MAAM,EAAE+B,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cAAAA,CACvD,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAAA,EAAU;AAAEO,gBAAAA,IAAAA,EAAMN,aAAa,SAAA,GAAY;AAAU,aAAA,CAAA;YAEpF,MAAMO,aAAAA,GAAgBC,6BACpBR,UAAAA,GAAa,SAAA,GAAY,WACzBI,iBAAAA,EACArC,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAA;AAEpB1C,YAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,qBAAqBT,YAAAA,EAAcI,aAAAA,CAAAA;AAEnD,YAAA,MAAMM,YAAAA,GAAe,MAAMpB,cAAAA,CAAe,OAAA,CAAA,CAASqB,mBAAmB,CAACX,YAAAA,CAAAA;AACvE,YAAA,IAAI,WAAWU,YAAAA,EAAc;AAC3B,gBAAA,OAAO9C,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;AAEA,YAAA,MAAM,EAAEO,KAAAA,EAAOa,WAAW,EAAE,GAAGF,YAAAA;AAE/B9C,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBACT6C,IAAAA,EAAM;oBACJd,KAAAA,EAAOa,WAAAA;AACPA,oBAAAA,WAAAA;oBACAvC,IAAAA,EAAMe,UAAAA,CAAW,MAAA,CAAA,CAAQC,YAAY,CAAChB,IAAAA;AACxC;AACF,aAAA;AACF,QAAA,CAAA,CAAE,OAAOK,KAAAA,EAAO;AACdH,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,wDAAA,EAA0DA,KAAAA,CAAAA;AAC3E,YAAA,OAAOd,IAAI4B,mBAAmB,EAAA;AAChC,QAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAM8B,eAAc1D,GAAY,EAAA;AAC9B,QAAA,MAAMwD,KAAAA,GAAQxD,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAMuD,8BAAAA,CAA+BH,KAAAA,CAAAA;AAErC,QAAA,MAAM/C,IAAAA,GAAO,MAAMe,UAAAA,CAAW,MAAA,CAAA,CAAQoC,gBAAgB,CAACJ,KAAAA,CAAAA;QAEvD7C,MAAAA,CAAOkD,SAAS,CAACC,IAAI,CAAC,qBAAA,CAAA;QAEtB,IAAI;AACF,YAAA,MAAMpC,cAAAA,GAAiBC,iBAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;YACA,MAAMC,MAAAA,GAASC,MAAAA,CAAOrB,IAAAA,CAAKsB,EAAE,CAAA;YAC7B,MAAM,EAAEC,QAAQ,EAAEC,UAAU,EAAE,GAAGC,mBAAAA,CAAoBlC,GAAAA,CAAIG,OAAO,CAACC,IAAI,CAAA;AAErE,YAAA,MAAM,EAAE+B,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cAAAA,CACvD,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAAA,EAAU;AAAEO,gBAAAA,IAAAA,EAAMN,aAAa,SAAA,GAAY;AAAU,aAAA,CAAA;YAEpF,MAAMO,aAAAA,GAAgBC,6BACpBR,UAAAA,GAAa,SAAA,GAAY,WACzBI,iBAAAA,EACArC,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAA;AAEpB1C,YAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,qBAAqBT,YAAAA,EAAcI,aAAAA,CAAAA;AAEnD,YAAA,MAAMM,YAAAA,GAAe,MAAMpB,cAAAA,CAAe,OAAA,CAAA,CAASqB,mBAAmB,CAACX,YAAAA,CAAAA;AACvE,YAAA,IAAI,WAAWU,YAAAA,EAAc;AAC3B,gBAAA,OAAO9C,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;AAEA,YAAA,MAAM,EAAEO,KAAAA,EAAOa,WAAW,EAAE,GAAGF,YAAAA;AAE/B9C,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBACT6C,IAAAA,EAAM;oBACJd,KAAAA,EAAOa,WAAAA;AACPA,oBAAAA,WAAAA;oBACAvC,IAAAA,EAAMe,UAAAA,CAAW,MAAA,CAAA,CAAQC,YAAY,CAAChB,IAAAA;AACxC;AACF,aAAA;AACF,QAAA,CAAA,CAAE,OAAOK,KAAAA,EAAO;AACdH,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,8DAAA,EAAgEA,KAAAA,CAAAA;AACjF,YAAA,OAAOd,IAAI4B,mBAAmB,EAAA;AAChC,QAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAMmC,gBAAe/D,GAAY,EAAA;AAC/B,QAAA,MAAMwD,KAAAA,GAAQxD,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAM4D,2BAAAA,CAA4BR,KAAAA,CAAAA;QAElChC,UAAAA,CAAW,MAAA,CAAA,CAAQuC,cAAc,CAACP,KAAAA,CAAAA;AAElCxD,QAAAA,GAAAA,CAAIiE,MAAM,GAAG,GAAA;AACf,IAAA,CAAA;AAEA,IAAA,MAAMC,eAAclE,GAAY,EAAA;AAC9B,QAAA,MAAMwD,KAAAA,GAAQxD,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAM+D,0BAAAA,CAA2BX,KAAAA,CAAAA;AAEjC,QAAA,MAAM/C,IAAAA,GAAO,MAAMe,UAAAA,CAAW,MAAA,CAAA,CAAQ0C,aAAa,CAACV,KAAAA,CAAAA;;QAGpD,IAAI;AACF,YAAA,MAAM9B,cAAAA,GAAiBC,iBAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;YAEA,MAAMC,MAAAA,GAASC,MAAAA,CAAOrB,IAAAA,CAAKsB,EAAE,CAAA;AAC7B,YAAA,MAAMC,QAAAA,GAAWoC,gBAAAA,EAAAA;;YAGjB,MAAM1C,cAAAA,CAAe,OAAA,CAAA,CAAS2C,sBAAsB,CAACxC,MAAAA,CAAAA;AAErD,YAAA,MAAM,EAAEM,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cAAAA,CACvD,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAAA,EAAU;gBAAEO,IAAAA,EAAM;AAAU,aAAA,CAAA;;AAG3D,YAAA,MAAMC,gBAAgBC,4BAAAA,CACpB,SAAA,EACAJ,mBACArC,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAA;AAEpB1C,YAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,qBAAqBT,YAAAA,EAAcI,aAAAA,CAAAA;AAEnD,YAAA,MAAMM,YAAAA,GAAe,MAAMpB,cAAAA,CAAe,OAAA,CAAA,CAASqB,mBAAmB,CAACX,YAAAA,CAAAA;AACvE,YAAA,IAAI,WAAWU,YAAAA,EAAc;AAC3B,gBAAA,OAAO9C,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;YAEA,MAAM,EAAEO,KAAK,EAAE,GAAGW,YAAAA;AAElB9C,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBACT6C,IAAAA,EAAM;AACJd,oBAAAA,KAAAA;oBACA1B,IAAAA,EAAMe,UAAAA,CAAW,MAAA,CAAA,CAAQC,YAAY,CAAChB,IAAAA;AACxC;AACF,aAAA;AACF,QAAA,CAAA,CAAE,OAAOD,GAAAA,EAAK;AACZG,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,8DAAA,EAAgEN,GAAAA,CAAAA;AACjF,YAAA,OAAOR,IAAI4B,mBAAmB,EAAA;AAChC,QAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAMoB,aAAYhD,GAAY,EAAA;AAC5B,QAAA,MAAMoC,YAAAA,GAAepC,GAAAA,CAAI2C,OAAO,CAAC2B,GAAG,CAACzB,mBAAAA,CAAAA;AAErC,QAAA,IAAI,CAACT,YAAAA,EAAc;YACjB,OAAOpC,GAAAA,CAAIuE,YAAY,CAAC,uBAAA,CAAA;AAC1B,QAAA;QAEA,IAAI;AACF,YAAA,MAAM7C,cAAAA,GAAiBC,iBAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;;;AAIA,YAAA,MAAM4C,QAAAA,GAAW,MAAM9C,cAAAA,CAAe,OAAA,CAAA,CAAS+C,kBAAkB,CAACrC,YAAAA,CAAAA;AAClE,YAAA,IAAI,WAAWoC,QAAAA,EAAU;gBACvB,OAAOxE,GAAAA,CAAIuE,YAAY,CAAC,uBAAA,CAAA;AAC1B,YAAA;AAEA,YAAA,MAAMG,SAAS,MAAMhD,cAAAA,CAAe,SAASqB,mBAAmB,CAACyB,SAASrC,KAAK,CAAA;AAC/E,YAAA,IAAI,WAAWuC,MAAAA,EAAQ;gBACrB,OAAO1E,GAAAA,CAAIuE,YAAY,CAAC,uBAAA,CAAA;AAC1B,YAAA;YAEA,MAAM,EAAEpC,KAAK,EAAE,GAAGuC,MAAAA;;YAElB,MAAMC,IAAAA,GAAOlC,4BAAAA,CACX+B,QAAAA,CAASjC,IAAI,EACbiC,QAAAA,CAASnC,iBAAiB,EAC1BrC,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAA;AAGpB1C,YAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,mBAAAA,EAAqB2B,QAAAA,CAASrC,KAAK,EAAEwC,IAAAA,CAAAA;AACrD3E,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBAAE6C,IAAAA,EAAM;AAAEd,oBAAAA;AAAM;AAAE,aAAA;AAC/B,QAAA,CAAA,CAAE,OAAO3B,GAAAA,EAAK;AACZG,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,oDAAA,EAAsDN,GAAAA,CAAAA;AACvE,YAAA,OAAOR,IAAI4B,mBAAmB,EAAA;AAChC,QAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAMgD,QAAO5E,GAAY,EAAA;QACvB,MAAMuB,aAAAA,GAAgBC,WAAW,MAAA,CAAA,CAAQC,YAAY,CAACzB,GAAAA,CAAIsB,KAAK,CAACb,IAAI,CAAA;AACpEE,QAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,cAAA,EAAgB;YAAEJ,IAAAA,EAAMc;AAAc,SAAA,CAAA;AAE3D,QAAA,MAAMsD,YAAAA,GAAe7E,GAAAA,CAAIG,OAAO,CAACC,IAAI,EAAE4B,QAAAA;AACvC,QAAA,MAAMA,QAAAA,GAAW,OAAO6C,YAAAA,KAAiB,QAAA,GAAWA,YAAAA,GAAeC,SAAAA;;AAGnE9E,QAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,qBAAqB,EAAA,EAAI;AACvC,YAAA,GAAGkC,uBAAAA,CAAwB/E,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAC;AAC9CsC,YAAAA,OAAAA,EAAS,IAAIC,IAAAA,CAAK,CAAA;AACpB,SAAA,CAAA;QAEA,IAAI;AACF,YAAA,MAAMvD,cAAAA,GAAiBC,iBAAAA,EAAAA;AACvB,YAAA,IAAID,cAAAA,EAAgB;AAClB,gBAAA,MAAMG,SAASC,MAAAA,CAAO9B,GAAAA,CAAIsB,KAAK,CAACb,IAAI,CAACsB,EAAE,CAAA;AACvC,gBAAA,MAAML,cAAAA,CAAe,OAAA,CAAA,CAAS2C,sBAAsB,CAACxC,MAAAA,EAAQG,QAAAA,CAAAA;AAC/D,YAAA;AACF,QAAA,CAAA,CAAE,OAAOxB,GAAAA,EAAK;AACZG,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,+CAAA,EAAiDN,GAAAA,CAAAA;AACpE,QAAA;AAEAR,QAAAA,GAAAA,CAAII,IAAI,GAAG;AAAE6C,YAAAA,IAAAA,EAAM;AAAG,SAAA;AACxB,IAAA;AACF,CAAA;;;;"}
1
+ {"version":3,"file":"authentication.mjs","sources":["../../../../../server/src/controllers/authentication.ts"],"sourcesContent":["import type { Context, Next } from 'koa';\nimport passport from 'koa-passport';\nimport compose from 'koa-compose';\nimport '@strapi/types';\nimport { errors, buildSessionMetadata } from '@strapi/utils';\nimport { getService } from '../utils';\nimport {\n REFRESH_COOKIE_NAME,\n buildCookieOptionsWithExpiry,\n getSessionManager,\n extractDeviceParams,\n generateDeviceId,\n getRefreshCookieOptions,\n} from '../../../shared/utils/session-auth';\n\nimport {\n validateRegistrationInput,\n validateAdminRegistrationInput,\n validateRegistrationInfoQuery,\n validateForgotPasswordInput,\n validateResetPasswordInput,\n validateLoginSessionInput,\n} from '../validation/authentication';\n\nimport type {\n ForgotPassword,\n Login,\n Register,\n RegisterAdmin,\n RegistrationInfo,\n ResetPassword,\n} from '../../../shared/contracts/authentication';\nimport { AdminUser } from '../../../shared/contracts/shared';\n\nconst buildSessionMetadataFromContext = (ctx: Context) =>\n buildSessionMetadata({\n userAgent: ctx.request.headers['user-agent'],\n });\n\nconst { ApplicationError, ValidationError } = errors;\n\nexport default {\n login: compose([\n async (ctx: Context, next: Next) => {\n await validateLoginSessionInput(ctx.request.body ?? {});\n return next();\n },\n (ctx: Context, next: Next) => {\n return passport.authenticate('local', { session: false }, (err, user, info) => {\n if (err) {\n strapi.eventHub.emit('admin.auth.error', { error: err, provider: 'local' });\n // if this is a recognized error, allow it to bubble up to user\n if (err.details?.code === 'LOGIN_NOT_ALLOWED') {\n throw err;\n }\n\n // for all other errors throw a generic error to prevent leaking info\n return ctx.notImplemented();\n }\n\n if (!user) {\n strapi.eventHub.emit('admin.auth.error', {\n error: new Error(info.message),\n provider: 'local',\n });\n throw new ApplicationError(info.message);\n }\n\n const query = ctx.state as Login.Request['query'];\n query.user = user;\n\n const sanitizedUser = getService('user').sanitizeUser(user);\n strapi.eventHub.emit('admin.auth.success', { user: sanitizedUser, provider: 'local' });\n\n return next();\n })(ctx, next);\n },\n async (ctx: Context) => {\n const { user } = ctx.state as { user: AdminUser };\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n const userId = String(user.id);\n const { deviceId, rememberMe } = extractDeviceParams(ctx.request.body);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, {\n type: rememberMe ? 'refresh' : 'session',\n metadata: buildSessionMetadataFromContext(ctx),\n });\n\n const cookieOptions = buildCookieOptionsWithExpiry(\n rememberMe ? 'refresh' : 'session',\n absoluteExpiresAt,\n ctx.request.secure\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token: accessToken } = accessResult;\n\n ctx.body = {\n data: {\n token: accessToken,\n accessToken,\n user: getService('user').sanitizeUser(ctx.state.user),\n },\n } satisfies Login.Response;\n } catch (error) {\n strapi.log.error('Failed to create admin refresh session', error);\n return ctx.internalServerError();\n }\n },\n ]),\n\n async registrationInfo(ctx: Context) {\n await validateRegistrationInfoQuery(ctx.request.query);\n\n const { registrationToken } = ctx.request.query as RegistrationInfo.Request['query'];\n\n const registrationInfo = await getService('user').findRegistrationInfo(registrationToken);\n\n if (!registrationInfo) {\n throw new ValidationError('Invalid registrationToken');\n }\n\n ctx.body = { data: registrationInfo } satisfies RegistrationInfo.Response;\n },\n\n async register(ctx: Context) {\n const input = ctx.request.body as Register.Request['body'];\n\n await validateRegistrationInput(input);\n\n const user = await getService('user').register(input);\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n const userId = String(user.id);\n const { deviceId, rememberMe } = extractDeviceParams(ctx.request.body);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, {\n type: rememberMe ? 'refresh' : 'session',\n metadata: buildSessionMetadataFromContext(ctx),\n });\n\n const cookieOptions = buildCookieOptionsWithExpiry(\n rememberMe ? 'refresh' : 'session',\n absoluteExpiresAt,\n ctx.request.secure\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token: accessToken } = accessResult;\n\n ctx.body = {\n data: {\n token: accessToken,\n accessToken,\n user: getService('user').sanitizeUser(user),\n },\n } satisfies Register.Response;\n } catch (error) {\n strapi.log.error('Failed to create admin refresh session during register', error);\n return ctx.internalServerError();\n }\n },\n\n async registerAdmin(ctx: Context) {\n const input = ctx.request.body as RegisterAdmin.Request['body'];\n\n await validateAdminRegistrationInput(input);\n\n const user = await getService('user').createFirstAdmin(input);\n\n strapi.telemetry.send('didCreateFirstAdmin');\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n const userId = String(user.id);\n const { deviceId, rememberMe } = extractDeviceParams(ctx.request.body);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, {\n type: rememberMe ? 'refresh' : 'session',\n metadata: buildSessionMetadataFromContext(ctx),\n });\n\n const cookieOptions = buildCookieOptionsWithExpiry(\n rememberMe ? 'refresh' : 'session',\n absoluteExpiresAt,\n ctx.request.secure\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token: accessToken } = accessResult;\n\n ctx.body = {\n data: {\n token: accessToken,\n accessToken,\n user: getService('user').sanitizeUser(user),\n },\n } satisfies RegisterAdmin.Response;\n } catch (error) {\n strapi.log.error('Failed to create admin refresh session during register-admin', error);\n return ctx.internalServerError();\n }\n },\n\n async forgotPassword(ctx: Context) {\n const input = ctx.request.body as ForgotPassword.Request['body'];\n\n await validateForgotPasswordInput(input);\n\n getService('auth').forgotPassword(input);\n\n ctx.status = 204;\n },\n\n async resetPassword(ctx: Context) {\n const input = ctx.request.body as ResetPassword.Request['body'];\n\n await validateResetPasswordInput(input);\n\n const user = await getService('auth').resetPassword(input);\n\n // Issue a new admin refresh session and access token after password reset.\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n\n const userId = String(user.id);\n const deviceId = generateDeviceId();\n\n // Invalidate all existing sessions before creating a new one\n await sessionManager('admin').invalidateRefreshToken(userId);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, {\n type: 'session',\n metadata: buildSessionMetadataFromContext(ctx),\n });\n\n // No rememberMe flow here; expire with session by default (session cookie)\n const cookieOptions = buildCookieOptionsWithExpiry(\n 'session',\n absoluteExpiresAt,\n ctx.request.secure\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token } = accessResult;\n\n ctx.body = {\n data: {\n token,\n user: getService('user').sanitizeUser(user),\n },\n } satisfies ResetPassword.Response;\n } catch (err) {\n strapi.log.error('Failed to create admin refresh session during reset-password', err as any);\n return ctx.internalServerError();\n }\n },\n\n async accessToken(ctx: Context) {\n const refreshToken = ctx.cookies.get(REFRESH_COOKIE_NAME);\n\n if (!refreshToken) {\n return ctx.unauthorized('Missing refresh token');\n }\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n\n // Single-use renewal: rotate on access exchange, then create access token\n // from the new refresh token\n const rotation = await sessionManager('admin').rotateRefreshToken(refreshToken);\n if ('error' in rotation) {\n return ctx.unauthorized('Invalid refresh token');\n }\n\n const result = await sessionManager('admin').generateAccessToken(rotation.token);\n if ('error' in result) {\n return ctx.unauthorized('Invalid refresh token');\n }\n\n const { token } = result;\n // Preserve session-vs-remember mode using rotation.type and rotation.absoluteExpiresAt\n const opts = buildCookieOptionsWithExpiry(\n rotation.type,\n rotation.absoluteExpiresAt,\n ctx.request.secure\n );\n\n ctx.cookies.set(REFRESH_COOKIE_NAME, rotation.token, opts);\n ctx.body = { data: { token } };\n } catch (err) {\n strapi.log.error('Failed to generate access token from refresh token', err as any);\n return ctx.internalServerError();\n }\n },\n\n async logout(ctx: Context) {\n const sanitizedUser = getService('user').sanitizeUser(ctx.state.user);\n strapi.eventHub.emit('admin.logout', { user: sanitizedUser });\n\n const bodyDeviceId = ctx.request.body?.deviceId as string | undefined;\n const deviceId = typeof bodyDeviceId === 'string' ? bodyDeviceId : undefined;\n\n // Clear cookie regardless of token validity\n ctx.cookies.set(REFRESH_COOKIE_NAME, '', {\n ...getRefreshCookieOptions(ctx.request.secure),\n expires: new Date(0),\n });\n\n try {\n const sessionManager = getSessionManager();\n if (sessionManager) {\n const userId = String(ctx.state.user.id);\n await sessionManager('admin').invalidateRefreshToken(userId, deviceId);\n }\n } catch (err) {\n strapi.log.error('Failed to revoke admin sessions during logout', err as any);\n }\n\n ctx.body = { data: {} };\n },\n};\n"],"names":["buildSessionMetadataFromContext","ctx","buildSessionMetadata","userAgent","request","headers","ApplicationError","ValidationError","errors","login","compose","next","validateLoginSessionInput","body","passport","authenticate","session","err","user","info","strapi","eventHub","emit","error","provider","details","code","notImplemented","Error","message","query","state","sanitizedUser","getService","sanitizeUser","sessionManager","getSessionManager","internalServerError","userId","String","id","deviceId","rememberMe","extractDeviceParams","token","refreshToken","absoluteExpiresAt","generateRefreshToken","type","metadata","cookieOptions","buildCookieOptionsWithExpiry","secure","cookies","set","REFRESH_COOKIE_NAME","accessResult","generateAccessToken","accessToken","data","log","registrationInfo","validateRegistrationInfoQuery","registrationToken","findRegistrationInfo","register","input","validateRegistrationInput","registerAdmin","validateAdminRegistrationInput","createFirstAdmin","telemetry","send","forgotPassword","validateForgotPasswordInput","status","resetPassword","validateResetPasswordInput","generateDeviceId","invalidateRefreshToken","get","unauthorized","rotation","rotateRefreshToken","result","opts","logout","bodyDeviceId","undefined","getRefreshCookieOptions","expires","Date"],"mappings":";;;;;;;;;;;AAkCA,MAAMA,+BAAAA,GAAkC,CAACC,GAAAA,GACvCC,oBAAAA,CAAqB;AACnBC,QAAAA,SAAAA,EAAWF,GAAAA,CAAIG,OAAO,CAACC,OAAO,CAAC,YAAA;AACjC,KAAA,CAAA;AAEF,MAAM,EAAEC,gBAAgB,EAAEC,eAAe,EAAE,GAAGC,MAAAA;AAE9C,qBAAe;AACbC,IAAAA,KAAAA,EAAOC,OAAAA,CAAQ;AACb,QAAA,OAAOT,GAAAA,EAAcU,IAAAA,GAAAA;AACnB,YAAA,MAAMC,0BAA0BX,GAAAA,CAAIG,OAAO,CAACS,IAAI,IAAI,EAAC,CAAA;YACrD,OAAOF,IAAAA,EAAAA;AACT,QAAA,CAAA;AACA,QAAA,CAACV,GAAAA,EAAcU,IAAAA,GAAAA;YACb,OAAOG,QAAAA,CAASC,YAAY,CAAC,OAAA,EAAS;gBAAEC,OAAAA,EAAS;aAAM,EAAG,CAACC,KAAKC,IAAAA,EAAMC,IAAAA,GAAAA;AACpE,gBAAA,IAAIF,GAAAA,EAAK;AACPG,oBAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,kBAAA,EAAoB;wBAAEC,KAAAA,EAAON,GAAAA;wBAAKO,QAAAA,EAAU;AAAQ,qBAAA,CAAA;;AAEzE,oBAAA,IAAIP,GAAAA,CAAIQ,OAAO,EAAEC,IAAAA,KAAS,mBAAA,EAAqB;wBAC7C,MAAMT,GAAAA;AACR,oBAAA;;AAGA,oBAAA,OAAOhB,IAAI0B,cAAc,EAAA;AAC3B,gBAAA;AAEA,gBAAA,IAAI,CAACT,IAAAA,EAAM;AACTE,oBAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,kBAAA,EAAoB;wBACvCC,KAAAA,EAAO,IAAIK,KAAAA,CAAMT,IAAAA,CAAKU,OAAO,CAAA;wBAC7BL,QAAAA,EAAU;AACZ,qBAAA,CAAA;oBACA,MAAM,IAAIlB,gBAAAA,CAAiBa,IAAAA,CAAKU,OAAO,CAAA;AACzC,gBAAA;gBAEA,MAAMC,KAAAA,GAAQ7B,IAAI8B,KAAK;AACvBD,gBAAAA,KAAAA,CAAMZ,IAAI,GAAGA,IAAAA;AAEb,gBAAA,MAAMc,aAAAA,GAAgBC,UAAAA,CAAW,MAAA,CAAA,CAAQC,YAAY,CAAChB,IAAAA,CAAAA;AACtDE,gBAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,oBAAA,EAAsB;oBAAEJ,IAAAA,EAAMc,aAAAA;oBAAeR,QAAAA,EAAU;AAAQ,iBAAA,CAAA;gBAEpF,OAAOb,IAAAA,EAAAA;AACT,YAAA,CAAA,CAAA,CAAGV,GAAAA,EAAKU,IAAAA,CAAAA;AACV,QAAA,CAAA;QACA,OAAOV,GAAAA,GAAAA;AACL,YAAA,MAAM,EAAEiB,IAAI,EAAE,GAAGjB,IAAI8B,KAAK;YAE1B,IAAI;AACF,gBAAA,MAAMI,cAAAA,GAAiBC,iBAAAA,EAAAA;AACvB,gBAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,oBAAA,OAAOlC,IAAIoC,mBAAmB,EAAA;AAChC,gBAAA;gBACA,MAAMC,MAAAA,GAASC,MAAAA,CAAOrB,IAAAA,CAAKsB,EAAE,CAAA;gBAC7B,MAAM,EAAEC,QAAQ,EAAEC,UAAU,EAAE,GAAGC,mBAAAA,CAAoB1C,GAAAA,CAAIG,OAAO,CAACS,IAAI,CAAA;AAErE,gBAAA,MAAM,EAAE+B,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cAAAA,CACvD,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAAA,EAAU;AACvCO,oBAAAA,IAAAA,EAAMN,aAAa,SAAA,GAAY,SAAA;AAC/BO,oBAAAA,QAAAA,EAAUjD,+BAAAA,CAAgCC,GAAAA;AAC5C,iBAAA,CAAA;gBAEA,MAAMiD,aAAAA,GAAgBC,6BACpBT,UAAAA,GAAa,SAAA,GAAY,WACzBI,iBAAAA,EACA7C,GAAAA,CAAIG,OAAO,CAACgD,MAAM,CAAA;AAEpBnD,gBAAAA,GAAAA,CAAIoD,OAAO,CAACC,GAAG,CAACC,qBAAqBV,YAAAA,EAAcK,aAAAA,CAAAA;AAEnD,gBAAA,MAAMM,YAAAA,GAAe,MAAMrB,cAAAA,CAAe,OAAA,CAAA,CAASsB,mBAAmB,CAACZ,YAAAA,CAAAA;AACvE,gBAAA,IAAI,WAAWW,YAAAA,EAAc;AAC3B,oBAAA,OAAOvD,IAAIoC,mBAAmB,EAAA;AAChC,gBAAA;AAEA,gBAAA,MAAM,EAAEO,KAAAA,EAAOc,WAAW,EAAE,GAAGF,YAAAA;AAE/BvD,gBAAAA,GAAAA,CAAIY,IAAI,GAAG;oBACT8C,IAAAA,EAAM;wBACJf,KAAAA,EAAOc,WAAAA;AACPA,wBAAAA,WAAAA;AACAxC,wBAAAA,IAAAA,EAAMe,WAAW,MAAA,CAAA,CAAQC,YAAY,CAACjC,GAAAA,CAAI8B,KAAK,CAACb,IAAI;AACtD;AACF,iBAAA;AACF,YAAA,CAAA,CAAE,OAAOK,KAAAA,EAAO;AACdH,gBAAAA,MAAAA,CAAOwC,GAAG,CAACrC,KAAK,CAAC,wCAAA,EAA0CA,KAAAA,CAAAA;AAC3D,gBAAA,OAAOtB,IAAIoC,mBAAmB,EAAA;AAChC,YAAA;AACF,QAAA;AACD,KAAA,CAAA;AAED,IAAA,MAAMwB,kBAAiB5D,GAAY,EAAA;AACjC,QAAA,MAAM6D,6BAAAA,CAA8B7D,GAAAA,CAAIG,OAAO,CAAC0B,KAAK,CAAA;AAErD,QAAA,MAAM,EAAEiC,iBAAiB,EAAE,GAAG9D,GAAAA,CAAIG,OAAO,CAAC0B,KAAK;AAE/C,QAAA,MAAM+B,gBAAAA,GAAmB,MAAM5B,UAAAA,CAAW,MAAA,CAAA,CAAQ+B,oBAAoB,CAACD,iBAAAA,CAAAA;AAEvE,QAAA,IAAI,CAACF,gBAAAA,EAAkB;AACrB,YAAA,MAAM,IAAItD,eAAAA,CAAgB,2BAAA,CAAA;AAC5B,QAAA;AAEAN,QAAAA,GAAAA,CAAIY,IAAI,GAAG;YAAE8C,IAAAA,EAAME;AAAiB,SAAA;AACtC,IAAA,CAAA;AAEA,IAAA,MAAMI,UAAShE,GAAY,EAAA;AACzB,QAAA,MAAMiE,KAAAA,GAAQjE,GAAAA,CAAIG,OAAO,CAACS,IAAI;AAE9B,QAAA,MAAMsD,yBAAAA,CAA0BD,KAAAA,CAAAA;AAEhC,QAAA,MAAMhD,IAAAA,GAAO,MAAMe,UAAAA,CAAW,MAAA,CAAA,CAAQgC,QAAQ,CAACC,KAAAA,CAAAA;QAE/C,IAAI;AACF,YAAA,MAAM/B,cAAAA,GAAiBC,iBAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,gBAAA,OAAOlC,IAAIoC,mBAAmB,EAAA;AAChC,YAAA;YACA,MAAMC,MAAAA,GAASC,MAAAA,CAAOrB,IAAAA,CAAKsB,EAAE,CAAA;YAC7B,MAAM,EAAEC,QAAQ,EAAEC,UAAU,EAAE,GAAGC,mBAAAA,CAAoB1C,GAAAA,CAAIG,OAAO,CAACS,IAAI,CAAA;AAErE,YAAA,MAAM,EAAE+B,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cAAAA,CACvD,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAAA,EAAU;AACvCO,gBAAAA,IAAAA,EAAMN,aAAa,SAAA,GAAY,SAAA;AAC/BO,gBAAAA,QAAAA,EAAUjD,+BAAAA,CAAgCC,GAAAA;AAC5C,aAAA,CAAA;YAEA,MAAMiD,aAAAA,GAAgBC,6BACpBT,UAAAA,GAAa,SAAA,GAAY,WACzBI,iBAAAA,EACA7C,GAAAA,CAAIG,OAAO,CAACgD,MAAM,CAAA;AAEpBnD,YAAAA,GAAAA,CAAIoD,OAAO,CAACC,GAAG,CAACC,qBAAqBV,YAAAA,EAAcK,aAAAA,CAAAA;AAEnD,YAAA,MAAMM,YAAAA,GAAe,MAAMrB,cAAAA,CAAe,OAAA,CAAA,CAASsB,mBAAmB,CAACZ,YAAAA,CAAAA;AACvE,YAAA,IAAI,WAAWW,YAAAA,EAAc;AAC3B,gBAAA,OAAOvD,IAAIoC,mBAAmB,EAAA;AAChC,YAAA;AAEA,YAAA,MAAM,EAAEO,KAAAA,EAAOc,WAAW,EAAE,GAAGF,YAAAA;AAE/BvD,YAAAA,GAAAA,CAAIY,IAAI,GAAG;gBACT8C,IAAAA,EAAM;oBACJf,KAAAA,EAAOc,WAAAA;AACPA,oBAAAA,WAAAA;oBACAxC,IAAAA,EAAMe,UAAAA,CAAW,MAAA,CAAA,CAAQC,YAAY,CAAChB,IAAAA;AACxC;AACF,aAAA;AACF,QAAA,CAAA,CAAE,OAAOK,KAAAA,EAAO;AACdH,YAAAA,MAAAA,CAAOwC,GAAG,CAACrC,KAAK,CAAC,wDAAA,EAA0DA,KAAAA,CAAAA;AAC3E,YAAA,OAAOtB,IAAIoC,mBAAmB,EAAA;AAChC,QAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAM+B,eAAcnE,GAAY,EAAA;AAC9B,QAAA,MAAMiE,KAAAA,GAAQjE,GAAAA,CAAIG,OAAO,CAACS,IAAI;AAE9B,QAAA,MAAMwD,8BAAAA,CAA+BH,KAAAA,CAAAA;AAErC,QAAA,MAAMhD,IAAAA,GAAO,MAAMe,UAAAA,CAAW,MAAA,CAAA,CAAQqC,gBAAgB,CAACJ,KAAAA,CAAAA;QAEvD9C,MAAAA,CAAOmD,SAAS,CAACC,IAAI,CAAC,qBAAA,CAAA;QAEtB,IAAI;AACF,YAAA,MAAMrC,cAAAA,GAAiBC,iBAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,gBAAA,OAAOlC,IAAIoC,mBAAmB,EAAA;AAChC,YAAA;YACA,MAAMC,MAAAA,GAASC,MAAAA,CAAOrB,IAAAA,CAAKsB,EAAE,CAAA;YAC7B,MAAM,EAAEC,QAAQ,EAAEC,UAAU,EAAE,GAAGC,mBAAAA,CAAoB1C,GAAAA,CAAIG,OAAO,CAACS,IAAI,CAAA;AAErE,YAAA,MAAM,EAAE+B,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cAAAA,CACvD,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAAA,EAAU;AACvCO,gBAAAA,IAAAA,EAAMN,aAAa,SAAA,GAAY,SAAA;AAC/BO,gBAAAA,QAAAA,EAAUjD,+BAAAA,CAAgCC,GAAAA;AAC5C,aAAA,CAAA;YAEA,MAAMiD,aAAAA,GAAgBC,6BACpBT,UAAAA,GAAa,SAAA,GAAY,WACzBI,iBAAAA,EACA7C,GAAAA,CAAIG,OAAO,CAACgD,MAAM,CAAA;AAEpBnD,YAAAA,GAAAA,CAAIoD,OAAO,CAACC,GAAG,CAACC,qBAAqBV,YAAAA,EAAcK,aAAAA,CAAAA;AAEnD,YAAA,MAAMM,YAAAA,GAAe,MAAMrB,cAAAA,CAAe,OAAA,CAAA,CAASsB,mBAAmB,CAACZ,YAAAA,CAAAA;AACvE,YAAA,IAAI,WAAWW,YAAAA,EAAc;AAC3B,gBAAA,OAAOvD,IAAIoC,mBAAmB,EAAA;AAChC,YAAA;AAEA,YAAA,MAAM,EAAEO,KAAAA,EAAOc,WAAW,EAAE,GAAGF,YAAAA;AAE/BvD,YAAAA,GAAAA,CAAIY,IAAI,GAAG;gBACT8C,IAAAA,EAAM;oBACJf,KAAAA,EAAOc,WAAAA;AACPA,oBAAAA,WAAAA;oBACAxC,IAAAA,EAAMe,UAAAA,CAAW,MAAA,CAAA,CAAQC,YAAY,CAAChB,IAAAA;AACxC;AACF,aAAA;AACF,QAAA,CAAA,CAAE,OAAOK,KAAAA,EAAO;AACdH,YAAAA,MAAAA,CAAOwC,GAAG,CAACrC,KAAK,CAAC,8DAAA,EAAgEA,KAAAA,CAAAA;AACjF,YAAA,OAAOtB,IAAIoC,mBAAmB,EAAA;AAChC,QAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAMoC,gBAAexE,GAAY,EAAA;AAC/B,QAAA,MAAMiE,KAAAA,GAAQjE,GAAAA,CAAIG,OAAO,CAACS,IAAI;AAE9B,QAAA,MAAM6D,2BAAAA,CAA4BR,KAAAA,CAAAA;QAElCjC,UAAAA,CAAW,MAAA,CAAA,CAAQwC,cAAc,CAACP,KAAAA,CAAAA;AAElCjE,QAAAA,GAAAA,CAAI0E,MAAM,GAAG,GAAA;AACf,IAAA,CAAA;AAEA,IAAA,MAAMC,eAAc3E,GAAY,EAAA;AAC9B,QAAA,MAAMiE,KAAAA,GAAQjE,GAAAA,CAAIG,OAAO,CAACS,IAAI;AAE9B,QAAA,MAAMgE,0BAAAA,CAA2BX,KAAAA,CAAAA;AAEjC,QAAA,MAAMhD,IAAAA,GAAO,MAAMe,UAAAA,CAAW,MAAA,CAAA,CAAQ2C,aAAa,CAACV,KAAAA,CAAAA;;QAGpD,IAAI;AACF,YAAA,MAAM/B,cAAAA,GAAiBC,iBAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,gBAAA,OAAOlC,IAAIoC,mBAAmB,EAAA;AAChC,YAAA;YAEA,MAAMC,MAAAA,GAASC,MAAAA,CAAOrB,IAAAA,CAAKsB,EAAE,CAAA;AAC7B,YAAA,MAAMC,QAAAA,GAAWqC,gBAAAA,EAAAA;;YAGjB,MAAM3C,cAAAA,CAAe,OAAA,CAAA,CAAS4C,sBAAsB,CAACzC,MAAAA,CAAAA;AAErD,YAAA,MAAM,EAAEM,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cAAAA,CACvD,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAAA,EAAU;gBACvCO,IAAAA,EAAM,SAAA;AACNC,gBAAAA,QAAAA,EAAUjD,+BAAAA,CAAgCC,GAAAA;AAC5C,aAAA,CAAA;;AAGA,YAAA,MAAMiD,gBAAgBC,4BAAAA,CACpB,SAAA,EACAL,mBACA7C,GAAAA,CAAIG,OAAO,CAACgD,MAAM,CAAA;AAEpBnD,YAAAA,GAAAA,CAAIoD,OAAO,CAACC,GAAG,CAACC,qBAAqBV,YAAAA,EAAcK,aAAAA,CAAAA;AAEnD,YAAA,MAAMM,YAAAA,GAAe,MAAMrB,cAAAA,CAAe,OAAA,CAAA,CAASsB,mBAAmB,CAACZ,YAAAA,CAAAA;AACvE,YAAA,IAAI,WAAWW,YAAAA,EAAc;AAC3B,gBAAA,OAAOvD,IAAIoC,mBAAmB,EAAA;AAChC,YAAA;YAEA,MAAM,EAAEO,KAAK,EAAE,GAAGY,YAAAA;AAElBvD,YAAAA,GAAAA,CAAIY,IAAI,GAAG;gBACT8C,IAAAA,EAAM;AACJf,oBAAAA,KAAAA;oBACA1B,IAAAA,EAAMe,UAAAA,CAAW,MAAA,CAAA,CAAQC,YAAY,CAAChB,IAAAA;AACxC;AACF,aAAA;AACF,QAAA,CAAA,CAAE,OAAOD,GAAAA,EAAK;AACZG,YAAAA,MAAAA,CAAOwC,GAAG,CAACrC,KAAK,CAAC,8DAAA,EAAgEN,GAAAA,CAAAA;AACjF,YAAA,OAAOhB,IAAIoC,mBAAmB,EAAA;AAChC,QAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAMqB,aAAYzD,GAAY,EAAA;AAC5B,QAAA,MAAM4C,YAAAA,GAAe5C,GAAAA,CAAIoD,OAAO,CAAC2B,GAAG,CAACzB,mBAAAA,CAAAA;AAErC,QAAA,IAAI,CAACV,YAAAA,EAAc;YACjB,OAAO5C,GAAAA,CAAIgF,YAAY,CAAC,uBAAA,CAAA;AAC1B,QAAA;QAEA,IAAI;AACF,YAAA,MAAM9C,cAAAA,GAAiBC,iBAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,gBAAA,OAAOlC,IAAIoC,mBAAmB,EAAA;AAChC,YAAA;;;AAIA,YAAA,MAAM6C,QAAAA,GAAW,MAAM/C,cAAAA,CAAe,OAAA,CAAA,CAASgD,kBAAkB,CAACtC,YAAAA,CAAAA;AAClE,YAAA,IAAI,WAAWqC,QAAAA,EAAU;gBACvB,OAAOjF,GAAAA,CAAIgF,YAAY,CAAC,uBAAA,CAAA;AAC1B,YAAA;AAEA,YAAA,MAAMG,SAAS,MAAMjD,cAAAA,CAAe,SAASsB,mBAAmB,CAACyB,SAAStC,KAAK,CAAA;AAC/E,YAAA,IAAI,WAAWwC,MAAAA,EAAQ;gBACrB,OAAOnF,GAAAA,CAAIgF,YAAY,CAAC,uBAAA,CAAA;AAC1B,YAAA;YAEA,MAAM,EAAErC,KAAK,EAAE,GAAGwC,MAAAA;;YAElB,MAAMC,IAAAA,GAAOlC,4BAAAA,CACX+B,QAAAA,CAASlC,IAAI,EACbkC,QAAAA,CAASpC,iBAAiB,EAC1B7C,GAAAA,CAAIG,OAAO,CAACgD,MAAM,CAAA;AAGpBnD,YAAAA,GAAAA,CAAIoD,OAAO,CAACC,GAAG,CAACC,mBAAAA,EAAqB2B,QAAAA,CAAStC,KAAK,EAAEyC,IAAAA,CAAAA;AACrDpF,YAAAA,GAAAA,CAAIY,IAAI,GAAG;gBAAE8C,IAAAA,EAAM;AAAEf,oBAAAA;AAAM;AAAE,aAAA;AAC/B,QAAA,CAAA,CAAE,OAAO3B,GAAAA,EAAK;AACZG,YAAAA,MAAAA,CAAOwC,GAAG,CAACrC,KAAK,CAAC,oDAAA,EAAsDN,GAAAA,CAAAA;AACvE,YAAA,OAAOhB,IAAIoC,mBAAmB,EAAA;AAChC,QAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAMiD,QAAOrF,GAAY,EAAA;QACvB,MAAM+B,aAAAA,GAAgBC,WAAW,MAAA,CAAA,CAAQC,YAAY,CAACjC,GAAAA,CAAI8B,KAAK,CAACb,IAAI,CAAA;AACpEE,QAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,cAAA,EAAgB;YAAEJ,IAAAA,EAAMc;AAAc,SAAA,CAAA;AAE3D,QAAA,MAAMuD,YAAAA,GAAetF,GAAAA,CAAIG,OAAO,CAACS,IAAI,EAAE4B,QAAAA;AACvC,QAAA,MAAMA,QAAAA,GAAW,OAAO8C,YAAAA,KAAiB,QAAA,GAAWA,YAAAA,GAAeC,SAAAA;;AAGnEvF,QAAAA,GAAAA,CAAIoD,OAAO,CAACC,GAAG,CAACC,qBAAqB,EAAA,EAAI;AACvC,YAAA,GAAGkC,uBAAAA,CAAwBxF,GAAAA,CAAIG,OAAO,CAACgD,MAAM,CAAC;AAC9CsC,YAAAA,OAAAA,EAAS,IAAIC,IAAAA,CAAK,CAAA;AACpB,SAAA,CAAA;QAEA,IAAI;AACF,YAAA,MAAMxD,cAAAA,GAAiBC,iBAAAA,EAAAA;AACvB,YAAA,IAAID,cAAAA,EAAgB;AAClB,gBAAA,MAAMG,SAASC,MAAAA,CAAOtC,GAAAA,CAAI8B,KAAK,CAACb,IAAI,CAACsB,EAAE,CAAA;AACvC,gBAAA,MAAML,cAAAA,CAAe,OAAA,CAAA,CAAS4C,sBAAsB,CAACzC,MAAAA,EAAQG,QAAAA,CAAAA;AAC/D,YAAA;AACF,QAAA,CAAA,CAAE,OAAOxB,GAAAA,EAAK;AACZG,YAAAA,MAAAA,CAAOwC,GAAG,CAACrC,KAAK,CAAC,+CAAA,EAAiDN,GAAAA,CAAAA;AACpE,QAAA;AAEAhB,QAAAA,GAAAA,CAAIY,IAAI,GAAG;AAAE8C,YAAAA,IAAAA,EAAM;AAAG,SAAA;AACxB,IAAA;AACF,CAAA;;;;"}
@@ -4,6 +4,7 @@ var admin = require('./admin.js');
4
4
  var apiToken = require('./api-token.js');
5
5
  var adminToken = require('./admin-token.js');
6
6
  var authenticatedUser = require('./authenticated-user.js');
7
+ var authenticatedSession = require('./authenticated-session.js');
7
8
  var authentication = require('./authentication.js');
8
9
  var permission = require('./permission.js');
9
10
  var role = require('./role.js');
@@ -19,6 +20,7 @@ var controllers = {
19
20
  'api-token': apiToken,
20
21
  'admin-token': adminToken,
21
22
  'authenticated-user': authenticatedUser,
23
+ 'authenticated-session': authenticatedSession,
22
24
  authentication,
23
25
  permission,
24
26
  role,
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sources":["../../../../../server/src/controllers/index.ts"],"sourcesContent":["import type {} from 'koa-body';\n\nimport admin from './admin';\nimport apiToken from './api-token';\nimport adminToken from './admin-token';\nimport authenticatedUser from './authenticated-user';\nimport authentication from './authentication';\nimport permission from './permission';\nimport role from './role';\nimport transfer from './transfer';\nimport user from './user';\nimport webhooks from './webhooks';\nimport contentApi from './content-api';\nimport homepage from './homepage';\nimport ai from '../ai/controllers/ai';\n\nexport default {\n admin,\n 'api-token': apiToken,\n 'admin-token': adminToken,\n 'authenticated-user': authenticatedUser,\n authentication,\n permission,\n role,\n transfer,\n user,\n webhooks,\n 'content-api': contentApi,\n homepage,\n ai,\n};\n"],"names":["admin","apiToken","adminToken","authenticatedUser","authentication","permission","role","transfer","user","webhooks","contentApi","homepage","ai"],"mappings":";;;;;;;;;;;;;;;;AAgBA,kBAAe;AACbA,IAAAA,KAAAA;IACA,WAAA,EAAaC,QAAAA;IACb,aAAA,EAAeC,UAAAA;IACf,oBAAA,EAAsBC,iBAAAA;AACtBC,IAAAA,cAAAA;AACAC,IAAAA,UAAAA;AACAC,IAAAA,IAAAA;AACAC,cAAAA,KAAAA;AACAC,IAAAA,IAAAA;AACAC,IAAAA,QAAAA;IACA,aAAA,EAAeC,UAAAA;AACfC,IAAAA,QAAAA;AACAC,IAAAA;AACF,CAAA;;;;"}
1
+ {"version":3,"file":"index.js","sources":["../../../../../server/src/controllers/index.ts"],"sourcesContent":["import type {} from 'koa-body';\n\nimport admin from './admin';\nimport apiToken from './api-token';\nimport adminToken from './admin-token';\nimport authenticatedUser from './authenticated-user';\nimport authenticatedSession from './authenticated-session';\nimport authentication from './authentication';\nimport permission from './permission';\nimport role from './role';\nimport transfer from './transfer';\nimport user from './user';\nimport webhooks from './webhooks';\nimport contentApi from './content-api';\nimport homepage from './homepage';\nimport ai from '../ai/controllers/ai';\n\nexport default {\n admin,\n 'api-token': apiToken,\n 'admin-token': adminToken,\n 'authenticated-user': authenticatedUser,\n 'authenticated-session': authenticatedSession,\n authentication,\n permission,\n role,\n transfer,\n user,\n webhooks,\n 'content-api': contentApi,\n homepage,\n ai,\n};\n"],"names":["admin","apiToken","adminToken","authenticatedUser","authenticatedSession","authentication","permission","role","transfer","user","webhooks","contentApi","homepage","ai"],"mappings":";;;;;;;;;;;;;;;;;AAiBA,kBAAe;AACbA,IAAAA,KAAAA;IACA,WAAA,EAAaC,QAAAA;IACb,aAAA,EAAeC,UAAAA;IACf,oBAAA,EAAsBC,iBAAAA;IACtB,uBAAA,EAAyBC,oBAAAA;AACzBC,IAAAA,cAAAA;AACAC,IAAAA,UAAAA;AACAC,IAAAA,IAAAA;AACAC,cAAAA,KAAAA;AACAC,IAAAA,IAAAA;AACAC,IAAAA,QAAAA;IACA,aAAA,EAAeC,UAAAA;AACfC,IAAAA,QAAAA;AACAC,IAAAA;AACF,CAAA;;;;"}
@@ -2,6 +2,7 @@ import admin from './admin.mjs';
2
2
  import apiToken from './api-token.mjs';
3
3
  import adminToken from './admin-token.mjs';
4
4
  import authenticatedUser from './authenticated-user.mjs';
5
+ import authenticatedSession from './authenticated-session.mjs';
5
6
  import authentication from './authentication.mjs';
6
7
  import permission from './permission.mjs';
7
8
  import role from './role.mjs';
@@ -17,6 +18,7 @@ var controllers = {
17
18
  'api-token': apiToken,
18
19
  'admin-token': adminToken,
19
20
  'authenticated-user': authenticatedUser,
21
+ 'authenticated-session': authenticatedSession,
20
22
  authentication,
21
23
  permission,
22
24
  role,
@@ -1 +1 @@
1
- {"version":3,"file":"index.mjs","sources":["../../../../../server/src/controllers/index.ts"],"sourcesContent":["import type {} from 'koa-body';\n\nimport admin from './admin';\nimport apiToken from './api-token';\nimport adminToken from './admin-token';\nimport authenticatedUser from './authenticated-user';\nimport authentication from './authentication';\nimport permission from './permission';\nimport role from './role';\nimport transfer from './transfer';\nimport user from './user';\nimport webhooks from './webhooks';\nimport contentApi from './content-api';\nimport homepage from './homepage';\nimport ai from '../ai/controllers/ai';\n\nexport default {\n admin,\n 'api-token': apiToken,\n 'admin-token': adminToken,\n 'authenticated-user': authenticatedUser,\n authentication,\n permission,\n role,\n transfer,\n user,\n webhooks,\n 'content-api': contentApi,\n homepage,\n ai,\n};\n"],"names":["admin","apiToken","adminToken","authenticatedUser","authentication","permission","role","transfer","user","webhooks","contentApi","homepage","ai"],"mappings":";;;;;;;;;;;;;;AAgBA,kBAAe;AACbA,IAAAA,KAAAA;IACA,WAAA,EAAaC,QAAAA;IACb,aAAA,EAAeC,UAAAA;IACf,oBAAA,EAAsBC,iBAAAA;AACtBC,IAAAA,cAAAA;AACAC,IAAAA,UAAAA;AACAC,IAAAA,IAAAA;AACAC,IAAAA,QAAAA;AACAC,IAAAA,IAAAA;AACAC,IAAAA,QAAAA;IACA,aAAA,EAAeC,UAAAA;AACfC,IAAAA,QAAAA;AACAC,IAAAA;AACF,CAAA;;;;"}
1
+ {"version":3,"file":"index.mjs","sources":["../../../../../server/src/controllers/index.ts"],"sourcesContent":["import type {} from 'koa-body';\n\nimport admin from './admin';\nimport apiToken from './api-token';\nimport adminToken from './admin-token';\nimport authenticatedUser from './authenticated-user';\nimport authenticatedSession from './authenticated-session';\nimport authentication from './authentication';\nimport permission from './permission';\nimport role from './role';\nimport transfer from './transfer';\nimport user from './user';\nimport webhooks from './webhooks';\nimport contentApi from './content-api';\nimport homepage from './homepage';\nimport ai from '../ai/controllers/ai';\n\nexport default {\n admin,\n 'api-token': apiToken,\n 'admin-token': adminToken,\n 'authenticated-user': authenticatedUser,\n 'authenticated-session': authenticatedSession,\n authentication,\n permission,\n role,\n transfer,\n user,\n webhooks,\n 'content-api': contentApi,\n homepage,\n ai,\n};\n"],"names":["admin","apiToken","adminToken","authenticatedUser","authenticatedSession","authentication","permission","role","transfer","user","webhooks","contentApi","homepage","ai"],"mappings":";;;;;;;;;;;;;;;AAiBA,kBAAe;AACbA,IAAAA,KAAAA;IACA,WAAA,EAAaC,QAAAA;IACb,aAAA,EAAeC,UAAAA;IACf,oBAAA,EAAsBC,iBAAAA;IACtB,uBAAA,EAAyBC,oBAAAA;AACzBC,IAAAA,cAAAA;AACAC,IAAAA,UAAAA;AACAC,IAAAA,IAAAA;AACAC,IAAAA,QAAAA;AACAC,IAAAA,IAAAA;AACAC,IAAAA,QAAAA;IACA,aAAA,EAAeC,UAAAA;AACfC,IAAAA,QAAAA;AACAC,IAAAA;AACF,CAAA;;;;"}
@@ -122,10 +122,8 @@ var role = {
122
122
  throw new ApplicationError("Super admin permissions can't be edited.");
123
123
  }
124
124
  await permission.validatedUpdatePermissionsInput(input);
125
- if (!role) {
126
- return ctx.notFound('role.notFound');
127
- }
128
- const permissions = await roleService.assignPermissions(role.id, input.permissions);
125
+ const normalizedPermissions = await roleService.hooks.willValidateUpdatePermissions.call(input.permissions);
126
+ const permissions = await roleService.assignPermissions(role.id, normalizedPermissions);
129
127
  const sanitizedPermissions = permissions.map(permissionService.sanitizePermission);
130
128
  ctx.body = {
131
129
  data: sanitizedPermissions
@@ -1 +1 @@
1
- {"version":3,"file":"role.js","sources":["../../../../../server/src/controllers/role.ts"],"sourcesContent":["import type { Context } from 'koa';\nimport { errors } from '@strapi/utils';\nimport {\n validateRoleUpdateInput,\n validateRoleCreateInput,\n validateRoleDeleteInput,\n validateRolesDeleteInput,\n} from '../validation/role';\nimport { validatedUpdatePermissionsInput } from '../validation/permission';\nimport constants from '../services/constants';\nimport { getService } from '../utils';\nimport type {\n Create,\n FindRoles,\n FindRole,\n Update,\n GetPermissions,\n UpdatePermissions,\n Delete,\n BatchDelete,\n} from '../../../shared/contracts/roles';\nimport { AdminRole } from '../../../shared/contracts/shared';\n\nconst { ApplicationError } = errors;\nconst { SUPER_ADMIN_CODE } = constants;\n\nexport default {\n /**\n * Create a new role\n * @param {KoaContext} ctx - koa context\n */\n async create(ctx: Context) {\n const { body } = ctx.request as Create.Request;\n await validateRoleCreateInput(body);\n\n const roleService = getService('role');\n\n const role = await roleService.create(body);\n const sanitizedRole = roleService.sanitizeRole(role) as Omit<AdminRole, 'users' | 'permission'>;\n\n ctx.created({ data: sanitizedRole } satisfies Create.Response);\n },\n\n /**\n * Returns on role by id\n * @param {KoaContext} ctx - koa context\n */\n async findOne(ctx: Context) {\n const { id } = ctx.params as FindRole.Request['params'];\n const role = await getService('role').findOneWithUsersCount({ id });\n\n if (!role) {\n return ctx.notFound('role.notFound');\n }\n\n ctx.body = {\n data: role,\n } satisfies FindRole.Response;\n },\n\n /**\n * Returns every roles\n * @param {KoaContext} ctx - koa context\n */\n async findAll(ctx: Context) {\n const { query } = ctx.request as FindRoles.Request;\n\n const permissionsManager = getService('permission').createPermissionsManager({\n ability: ctx.state.userAbility,\n model: 'admin::role',\n });\n\n await permissionsManager.validateQuery(query);\n const sanitizedQuery = await permissionsManager.sanitizeQuery(query);\n\n const roles = await getService('role').findAllWithUsersCount(sanitizedQuery);\n\n ctx.body = {\n data: roles,\n } satisfies FindRoles.Response;\n },\n\n /**\n * Updates a role by id\n * @param {KoaContext} ctx - koa context\n */\n async update(ctx: Context) {\n const { id } = ctx.params as Update.Request['params'];\n const { body } = ctx.request as Omit<Update.Request, 'params'>;\n\n const roleService = getService('role');\n\n await validateRoleUpdateInput(body);\n\n const role = await roleService.findOne({ id });\n\n if (!role) {\n return ctx.notFound('role.notFound');\n }\n\n if (role.code === SUPER_ADMIN_CODE) {\n throw new ApplicationError(\"Super admin can't be edited.\");\n }\n\n const updatedRole = await roleService.update({ id }, body);\n const sanitizedRole = roleService.sanitizeRole(updatedRole) as Omit<\n AdminRole,\n 'users' | 'permission'\n >;\n\n ctx.body = {\n data: sanitizedRole,\n } satisfies Update.Response;\n },\n\n /**\n * Returns the permissions assigned to a role\n * @param {KoaContext} ctx - koa context\n */\n async getPermissions(ctx: Context) {\n const { id } = ctx.params as GetPermissions.Request['params'];\n\n const roleService = getService('role');\n const permissionService = getService('permission');\n\n const role = await roleService.findOne({ id });\n\n if (!role) {\n return ctx.notFound('role.notFound');\n }\n\n const permissions = await permissionService.findMany({ where: { role: { id: role.id } } });\n\n const sanitizedPermissions = permissions.map(permissionService.sanitizePermission);\n\n ctx.body = {\n // @ts-expect-error - transform response type to sanitized permission\n data: sanitizedPermissions,\n } satisfies GetPermissions.Response;\n },\n\n /**\n * Updates the permissions assigned to a role\n * @param {KoaContext} ctx - koa context\n */\n async updatePermissions(ctx: Context) {\n const { id } = ctx.params as UpdatePermissions.Request['params'];\n const { body: input } = ctx.request as Omit<UpdatePermissions.Request, 'params'>;\n\n const roleService = getService('role');\n const permissionService = getService('permission');\n\n const role = await roleService.findOne({ id });\n\n if (!role) {\n return ctx.notFound('role.notFound');\n }\n\n if (role.code === SUPER_ADMIN_CODE) {\n throw new ApplicationError(\"Super admin permissions can't be edited.\");\n }\n\n await validatedUpdatePermissionsInput(input);\n\n if (!role) {\n return ctx.notFound('role.notFound');\n }\n\n const permissions = await roleService.assignPermissions(role.id, input.permissions);\n\n const sanitizedPermissions = permissions.map(permissionService.sanitizePermission);\n\n ctx.body = {\n data: sanitizedPermissions,\n } satisfies UpdatePermissions.Response;\n },\n\n /**\n * Delete a role\n * @param {KoaContext} ctx - koa context\n */\n async deleteOne(ctx: Context) {\n const { id } = ctx.params as Delete.Request['params'];\n\n await validateRoleDeleteInput(id);\n\n const roleService = getService('role');\n\n const roles = await roleService.deleteByIds([id]);\n\n const sanitizedRole = roles.map((role) => roleService.sanitizeRole(role))[0] || null;\n\n return ctx.deleted({\n data: sanitizedRole,\n } satisfies Delete.Response);\n },\n\n /**\n * delete several roles\n * @param {KoaContext} ctx - koa context\n */\n async deleteMany(ctx: Context) {\n const { body } = ctx.request as BatchDelete.Request;\n\n await validateRolesDeleteInput(body);\n\n const roleService = getService('role');\n\n const roles = await roleService.deleteByIds(body.ids);\n const sanitizedRoles = roles.map(roleService.sanitizeRole);\n\n return ctx.deleted({\n data: sanitizedRoles,\n } satisfies BatchDelete.Response);\n },\n};\n"],"names":["ApplicationError","errors","SUPER_ADMIN_CODE","constants","create","ctx","body","request","validateRoleCreateInput","roleService","getService","role","sanitizedRole","sanitizeRole","created","data","findOne","id","params","findOneWithUsersCount","notFound","findAll","query","permissionsManager","createPermissionsManager","ability","state","userAbility","model","validateQuery","sanitizedQuery","sanitizeQuery","roles","findAllWithUsersCount","update","validateRoleUpdateInput","code","updatedRole","getPermissions","permissionService","permissions","findMany","where","sanitizedPermissions","map","sanitizePermission","updatePermissions","input","validatedUpdatePermissionsInput","assignPermissions","deleteOne","validateRoleDeleteInput","deleteByIds","deleted","deleteMany","validateRolesDeleteInput","ids","sanitizedRoles"],"mappings":";;;;;;;;AAuBA,MAAM,EAAEA,gBAAgB,EAAE,GAAGC,YAAAA;AAC7B,MAAM,EAAEC,gBAAgB,EAAE,GAAGC,SAAAA;AAE7B,WAAe;AACb;;;MAIA,MAAMC,QAAOC,GAAY,EAAA;AACvB,QAAA,MAAM,EAAEC,IAAI,EAAE,GAAGD,IAAIE,OAAO;AAC5B,QAAA,MAAMC,8BAAAA,CAAwBF,IAAAA,CAAAA;AAE9B,QAAA,MAAMG,cAAcC,gBAAAA,CAAW,MAAA,CAAA;AAE/B,QAAA,MAAMC,IAAAA,GAAO,MAAMF,WAAAA,CAAYL,MAAM,CAACE,IAAAA,CAAAA;QACtC,MAAMM,aAAAA,GAAgBH,WAAAA,CAAYI,YAAY,CAACF,IAAAA,CAAAA;AAE/CN,QAAAA,GAAAA,CAAIS,OAAO,CAAC;YAAEC,IAAAA,EAAMH;AAAc,SAAA,CAAA;AACpC,IAAA,CAAA;AAEA;;;MAIA,MAAMI,SAAQX,GAAY,EAAA;AACxB,QAAA,MAAM,EAAEY,EAAE,EAAE,GAAGZ,IAAIa,MAAM;AACzB,QAAA,MAAMP,IAAAA,GAAO,MAAMD,gBAAAA,CAAW,MAAA,CAAA,CAAQS,qBAAqB,CAAC;AAAEF,YAAAA;AAAG,SAAA,CAAA;AAEjE,QAAA,IAAI,CAACN,IAAAA,EAAM;YACT,OAAON,GAAAA,CAAIe,QAAQ,CAAC,eAAA,CAAA;AACtB,QAAA;AAEAf,QAAAA,GAAAA,CAAIC,IAAI,GAAG;YACTS,IAAAA,EAAMJ;AACR,SAAA;AACF,IAAA,CAAA;AAEA;;;MAIA,MAAMU,SAAQhB,GAAY,EAAA;AACxB,QAAA,MAAM,EAAEiB,KAAK,EAAE,GAAGjB,IAAIE,OAAO;AAE7B,QAAA,MAAMgB,kBAAAA,GAAqBb,gBAAAA,CAAW,YAAA,CAAA,CAAcc,wBAAwB,CAAC;YAC3EC,OAAAA,EAASpB,GAAAA,CAAIqB,KAAK,CAACC,WAAW;YAC9BC,KAAAA,EAAO;AACT,SAAA,CAAA;QAEA,MAAML,kBAAAA,CAAmBM,aAAa,CAACP,KAAAA,CAAAA;AACvC,QAAA,MAAMQ,cAAAA,GAAiB,MAAMP,kBAAAA,CAAmBQ,aAAa,CAACT,KAAAA,CAAAA;AAE9D,QAAA,MAAMU,KAAAA,GAAQ,MAAMtB,gBAAAA,CAAW,MAAA,CAAA,CAAQuB,qBAAqB,CAACH,cAAAA,CAAAA;AAE7DzB,QAAAA,GAAAA,CAAIC,IAAI,GAAG;YACTS,IAAAA,EAAMiB;AACR,SAAA;AACF,IAAA,CAAA;AAEA;;;MAIA,MAAME,QAAO7B,GAAY,EAAA;AACvB,QAAA,MAAM,EAAEY,EAAE,EAAE,GAAGZ,IAAIa,MAAM;AACzB,QAAA,MAAM,EAAEZ,IAAI,EAAE,GAAGD,IAAIE,OAAO;AAE5B,QAAA,MAAME,cAAcC,gBAAAA,CAAW,MAAA,CAAA;AAE/B,QAAA,MAAMyB,8BAAAA,CAAwB7B,IAAAA,CAAAA;AAE9B,QAAA,MAAMK,IAAAA,GAAO,MAAMF,WAAAA,CAAYO,OAAO,CAAC;AAAEC,YAAAA;AAAG,SAAA,CAAA;AAE5C,QAAA,IAAI,CAACN,IAAAA,EAAM;YACT,OAAON,GAAAA,CAAIe,QAAQ,CAAC,eAAA,CAAA;AACtB,QAAA;QAEA,IAAIT,IAAAA,CAAKyB,IAAI,KAAKlC,gBAAAA,EAAkB;AAClC,YAAA,MAAM,IAAIF,gBAAAA,CAAiB,8BAAA,CAAA;AAC7B,QAAA;AAEA,QAAA,MAAMqC,WAAAA,GAAc,MAAM5B,WAAAA,CAAYyB,MAAM,CAAC;AAAEjB,YAAAA;SAAG,EAAGX,IAAAA,CAAAA;QACrD,MAAMM,aAAAA,GAAgBH,WAAAA,CAAYI,YAAY,CAACwB,WAAAA,CAAAA;AAK/ChC,QAAAA,GAAAA,CAAIC,IAAI,GAAG;YACTS,IAAAA,EAAMH;AACR,SAAA;AACF,IAAA,CAAA;AAEA;;;MAIA,MAAM0B,gBAAejC,GAAY,EAAA;AAC/B,QAAA,MAAM,EAAEY,EAAE,EAAE,GAAGZ,IAAIa,MAAM;AAEzB,QAAA,MAAMT,cAAcC,gBAAAA,CAAW,MAAA,CAAA;AAC/B,QAAA,MAAM6B,oBAAoB7B,gBAAAA,CAAW,YAAA,CAAA;AAErC,QAAA,MAAMC,IAAAA,GAAO,MAAMF,WAAAA,CAAYO,OAAO,CAAC;AAAEC,YAAAA;AAAG,SAAA,CAAA;AAE5C,QAAA,IAAI,CAACN,IAAAA,EAAM;YACT,OAAON,GAAAA,CAAIe,QAAQ,CAAC,eAAA,CAAA;AACtB,QAAA;AAEA,QAAA,MAAMoB,WAAAA,GAAc,MAAMD,iBAAAA,CAAkBE,QAAQ,CAAC;YAAEC,KAAAA,EAAO;gBAAE/B,IAAAA,EAAM;AAAEM,oBAAAA,EAAAA,EAAIN,KAAKM;AAAG;AAAE;AAAE,SAAA,CAAA;AAExF,QAAA,MAAM0B,oBAAAA,GAAuBH,WAAAA,CAAYI,GAAG,CAACL,kBAAkBM,kBAAkB,CAAA;AAEjFxC,QAAAA,GAAAA,CAAIC,IAAI,GAAG;;YAETS,IAAAA,EAAM4B;AACR,SAAA;AACF,IAAA,CAAA;AAEA;;;MAIA,MAAMG,mBAAkBzC,GAAY,EAAA;AAClC,QAAA,MAAM,EAAEY,EAAE,EAAE,GAAGZ,IAAIa,MAAM;AACzB,QAAA,MAAM,EAAEZ,IAAAA,EAAMyC,KAAK,EAAE,GAAG1C,IAAIE,OAAO;AAEnC,QAAA,MAAME,cAAcC,gBAAAA,CAAW,MAAA,CAAA;AAC/B,QAAA,MAAM6B,oBAAoB7B,gBAAAA,CAAW,YAAA,CAAA;AAErC,QAAA,MAAMC,IAAAA,GAAO,MAAMF,WAAAA,CAAYO,OAAO,CAAC;AAAEC,YAAAA;AAAG,SAAA,CAAA;AAE5C,QAAA,IAAI,CAACN,IAAAA,EAAM;YACT,OAAON,GAAAA,CAAIe,QAAQ,CAAC,eAAA,CAAA;AACtB,QAAA;QAEA,IAAIT,IAAAA,CAAKyB,IAAI,KAAKlC,gBAAAA,EAAkB;AAClC,YAAA,MAAM,IAAIF,gBAAAA,CAAiB,0CAAA,CAAA;AAC7B,QAAA;AAEA,QAAA,MAAMgD,0CAAAA,CAAgCD,KAAAA,CAAAA;AAEtC,QAAA,IAAI,CAACpC,IAAAA,EAAM;YACT,OAAON,GAAAA,CAAIe,QAAQ,CAAC,eAAA,CAAA;AACtB,QAAA;QAEA,MAAMoB,WAAAA,GAAc,MAAM/B,WAAAA,CAAYwC,iBAAiB,CAACtC,IAAAA,CAAKM,EAAE,EAAE8B,KAAAA,CAAMP,WAAW,CAAA;AAElF,QAAA,MAAMG,oBAAAA,GAAuBH,WAAAA,CAAYI,GAAG,CAACL,kBAAkBM,kBAAkB,CAAA;AAEjFxC,QAAAA,GAAAA,CAAIC,IAAI,GAAG;YACTS,IAAAA,EAAM4B;AACR,SAAA;AACF,IAAA,CAAA;AAEA;;;MAIA,MAAMO,WAAU7C,GAAY,EAAA;AAC1B,QAAA,MAAM,EAAEY,EAAE,EAAE,GAAGZ,IAAIa,MAAM;AAEzB,QAAA,MAAMiC,8BAAAA,CAAwBlC,EAAAA,CAAAA;AAE9B,QAAA,MAAMR,cAAcC,gBAAAA,CAAW,MAAA,CAAA;AAE/B,QAAA,MAAMsB,KAAAA,GAAQ,MAAMvB,WAAAA,CAAY2C,WAAW,CAAC;AAACnC,YAAAA;AAAG,SAAA,CAAA;AAEhD,QAAA,MAAML,aAAAA,GAAgBoB,KAAAA,CAAMY,GAAG,CAAC,CAACjC,IAAAA,GAASF,WAAAA,CAAYI,YAAY,CAACF,IAAAA,CAAAA,CAAM,CAAC,CAAA,CAAE,IAAI,IAAA;QAEhF,OAAON,GAAAA,CAAIgD,OAAO,CAAC;YACjBtC,IAAAA,EAAMH;AACR,SAAA,CAAA;AACF,IAAA,CAAA;AAEA;;;MAIA,MAAM0C,YAAWjD,GAAY,EAAA;AAC3B,QAAA,MAAM,EAAEC,IAAI,EAAE,GAAGD,IAAIE,OAAO;AAE5B,QAAA,MAAMgD,+BAAAA,CAAyBjD,IAAAA,CAAAA;AAE/B,QAAA,MAAMG,cAAcC,gBAAAA,CAAW,MAAA,CAAA;AAE/B,QAAA,MAAMsB,QAAQ,MAAMvB,WAAAA,CAAY2C,WAAW,CAAC9C,KAAKkD,GAAG,CAAA;AACpD,QAAA,MAAMC,cAAAA,GAAiBzB,KAAAA,CAAMY,GAAG,CAACnC,YAAYI,YAAY,CAAA;QAEzD,OAAOR,GAAAA,CAAIgD,OAAO,CAAC;YACjBtC,IAAAA,EAAM0C;AACR,SAAA,CAAA;AACF,IAAA;AACF,CAAA;;;;"}
1
+ {"version":3,"file":"role.js","sources":["../../../../../server/src/controllers/role.ts"],"sourcesContent":["import type { Context } from 'koa';\nimport { errors } from '@strapi/utils';\nimport {\n validateRoleUpdateInput,\n validateRoleCreateInput,\n validateRoleDeleteInput,\n validateRolesDeleteInput,\n} from '../validation/role';\nimport { validatedUpdatePermissionsInput } from '../validation/permission';\nimport constants from '../services/constants';\nimport { getService } from '../utils';\nimport type {\n Create,\n FindRoles,\n FindRole,\n Update,\n GetPermissions,\n UpdatePermissions,\n Delete,\n BatchDelete,\n} from '../../../shared/contracts/roles';\nimport { AdminRole } from '../../../shared/contracts/shared';\n\nconst { ApplicationError } = errors;\nconst { SUPER_ADMIN_CODE } = constants;\n\nexport default {\n /**\n * Create a new role\n * @param {KoaContext} ctx - koa context\n */\n async create(ctx: Context) {\n const { body } = ctx.request as Create.Request;\n await validateRoleCreateInput(body);\n\n const roleService = getService('role');\n\n const role = await roleService.create(body);\n const sanitizedRole = roleService.sanitizeRole(role) as Omit<AdminRole, 'users' | 'permission'>;\n\n ctx.created({ data: sanitizedRole } satisfies Create.Response);\n },\n\n /**\n * Returns on role by id\n * @param {KoaContext} ctx - koa context\n */\n async findOne(ctx: Context) {\n const { id } = ctx.params as FindRole.Request['params'];\n const role = await getService('role').findOneWithUsersCount({ id });\n\n if (!role) {\n return ctx.notFound('role.notFound');\n }\n\n ctx.body = {\n data: role,\n } satisfies FindRole.Response;\n },\n\n /**\n * Returns every roles\n * @param {KoaContext} ctx - koa context\n */\n async findAll(ctx: Context) {\n const { query } = ctx.request as FindRoles.Request;\n\n const permissionsManager = getService('permission').createPermissionsManager({\n ability: ctx.state.userAbility,\n model: 'admin::role',\n });\n\n await permissionsManager.validateQuery(query);\n const sanitizedQuery = await permissionsManager.sanitizeQuery(query);\n\n const roles = await getService('role').findAllWithUsersCount(sanitizedQuery);\n\n ctx.body = {\n data: roles,\n } satisfies FindRoles.Response;\n },\n\n /**\n * Updates a role by id\n * @param {KoaContext} ctx - koa context\n */\n async update(ctx: Context) {\n const { id } = ctx.params as Update.Request['params'];\n const { body } = ctx.request as Omit<Update.Request, 'params'>;\n\n const roleService = getService('role');\n\n await validateRoleUpdateInput(body);\n\n const role = await roleService.findOne({ id });\n\n if (!role) {\n return ctx.notFound('role.notFound');\n }\n\n if (role.code === SUPER_ADMIN_CODE) {\n throw new ApplicationError(\"Super admin can't be edited.\");\n }\n\n const updatedRole = await roleService.update({ id }, body);\n const sanitizedRole = roleService.sanitizeRole(updatedRole) as Omit<\n AdminRole,\n 'users' | 'permission'\n >;\n\n ctx.body = {\n data: sanitizedRole,\n } satisfies Update.Response;\n },\n\n /**\n * Returns the permissions assigned to a role\n * @param {KoaContext} ctx - koa context\n */\n async getPermissions(ctx: Context) {\n const { id } = ctx.params as GetPermissions.Request['params'];\n\n const roleService = getService('role');\n const permissionService = getService('permission');\n\n const role = await roleService.findOne({ id });\n\n if (!role) {\n return ctx.notFound('role.notFound');\n }\n\n const permissions = await permissionService.findMany({ where: { role: { id: role.id } } });\n\n const sanitizedPermissions = permissions.map(permissionService.sanitizePermission);\n\n ctx.body = {\n // @ts-expect-error - transform response type to sanitized permission\n data: sanitizedPermissions,\n } satisfies GetPermissions.Response;\n },\n\n /**\n * Updates the permissions assigned to a role\n * @param {KoaContext} ctx - koa context\n */\n async updatePermissions(ctx: Context) {\n const { id } = ctx.params as UpdatePermissions.Request['params'];\n const { body: input } = ctx.request as Omit<UpdatePermissions.Request, 'params'>;\n\n const roleService = getService('role');\n const permissionService = getService('permission');\n\n const role = await roleService.findOne({ id });\n\n if (!role) {\n return ctx.notFound('role.notFound');\n }\n\n if (role.code === SUPER_ADMIN_CODE) {\n throw new ApplicationError(\"Super admin permissions can't be edited.\");\n }\n\n await validatedUpdatePermissionsInput(input);\n\n const normalizedPermissions = (await roleService.hooks.willValidateUpdatePermissions.call(\n input.permissions\n )) as typeof input.permissions;\n\n const permissions = await roleService.assignPermissions(role.id, normalizedPermissions);\n\n const sanitizedPermissions = permissions.map(permissionService.sanitizePermission);\n\n ctx.body = {\n data: sanitizedPermissions,\n } satisfies UpdatePermissions.Response;\n },\n\n /**\n * Delete a role\n * @param {KoaContext} ctx - koa context\n */\n async deleteOne(ctx: Context) {\n const { id } = ctx.params as Delete.Request['params'];\n\n await validateRoleDeleteInput(id);\n\n const roleService = getService('role');\n\n const roles = await roleService.deleteByIds([id]);\n\n const sanitizedRole = roles.map((role) => roleService.sanitizeRole(role))[0] || null;\n\n return ctx.deleted({\n data: sanitizedRole,\n } satisfies Delete.Response);\n },\n\n /**\n * delete several roles\n * @param {KoaContext} ctx - koa context\n */\n async deleteMany(ctx: Context) {\n const { body } = ctx.request as BatchDelete.Request;\n\n await validateRolesDeleteInput(body);\n\n const roleService = getService('role');\n\n const roles = await roleService.deleteByIds(body.ids);\n const sanitizedRoles = roles.map(roleService.sanitizeRole);\n\n return ctx.deleted({\n data: sanitizedRoles,\n } satisfies BatchDelete.Response);\n },\n};\n"],"names":["ApplicationError","errors","SUPER_ADMIN_CODE","constants","create","ctx","body","request","validateRoleCreateInput","roleService","getService","role","sanitizedRole","sanitizeRole","created","data","findOne","id","params","findOneWithUsersCount","notFound","findAll","query","permissionsManager","createPermissionsManager","ability","state","userAbility","model","validateQuery","sanitizedQuery","sanitizeQuery","roles","findAllWithUsersCount","update","validateRoleUpdateInput","code","updatedRole","getPermissions","permissionService","permissions","findMany","where","sanitizedPermissions","map","sanitizePermission","updatePermissions","input","validatedUpdatePermissionsInput","normalizedPermissions","hooks","willValidateUpdatePermissions","call","assignPermissions","deleteOne","validateRoleDeleteInput","deleteByIds","deleted","deleteMany","validateRolesDeleteInput","ids","sanitizedRoles"],"mappings":";;;;;;;;AAuBA,MAAM,EAAEA,gBAAgB,EAAE,GAAGC,YAAAA;AAC7B,MAAM,EAAEC,gBAAgB,EAAE,GAAGC,SAAAA;AAE7B,WAAe;AACb;;;MAIA,MAAMC,QAAOC,GAAY,EAAA;AACvB,QAAA,MAAM,EAAEC,IAAI,EAAE,GAAGD,IAAIE,OAAO;AAC5B,QAAA,MAAMC,8BAAAA,CAAwBF,IAAAA,CAAAA;AAE9B,QAAA,MAAMG,cAAcC,gBAAAA,CAAW,MAAA,CAAA;AAE/B,QAAA,MAAMC,IAAAA,GAAO,MAAMF,WAAAA,CAAYL,MAAM,CAACE,IAAAA,CAAAA;QACtC,MAAMM,aAAAA,GAAgBH,WAAAA,CAAYI,YAAY,CAACF,IAAAA,CAAAA;AAE/CN,QAAAA,GAAAA,CAAIS,OAAO,CAAC;YAAEC,IAAAA,EAAMH;AAAc,SAAA,CAAA;AACpC,IAAA,CAAA;AAEA;;;MAIA,MAAMI,SAAQX,GAAY,EAAA;AACxB,QAAA,MAAM,EAAEY,EAAE,EAAE,GAAGZ,IAAIa,MAAM;AACzB,QAAA,MAAMP,IAAAA,GAAO,MAAMD,gBAAAA,CAAW,MAAA,CAAA,CAAQS,qBAAqB,CAAC;AAAEF,YAAAA;AAAG,SAAA,CAAA;AAEjE,QAAA,IAAI,CAACN,IAAAA,EAAM;YACT,OAAON,GAAAA,CAAIe,QAAQ,CAAC,eAAA,CAAA;AACtB,QAAA;AAEAf,QAAAA,GAAAA,CAAIC,IAAI,GAAG;YACTS,IAAAA,EAAMJ;AACR,SAAA;AACF,IAAA,CAAA;AAEA;;;MAIA,MAAMU,SAAQhB,GAAY,EAAA;AACxB,QAAA,MAAM,EAAEiB,KAAK,EAAE,GAAGjB,IAAIE,OAAO;AAE7B,QAAA,MAAMgB,kBAAAA,GAAqBb,gBAAAA,CAAW,YAAA,CAAA,CAAcc,wBAAwB,CAAC;YAC3EC,OAAAA,EAASpB,GAAAA,CAAIqB,KAAK,CAACC,WAAW;YAC9BC,KAAAA,EAAO;AACT,SAAA,CAAA;QAEA,MAAML,kBAAAA,CAAmBM,aAAa,CAACP,KAAAA,CAAAA;AACvC,QAAA,MAAMQ,cAAAA,GAAiB,MAAMP,kBAAAA,CAAmBQ,aAAa,CAACT,KAAAA,CAAAA;AAE9D,QAAA,MAAMU,KAAAA,GAAQ,MAAMtB,gBAAAA,CAAW,MAAA,CAAA,CAAQuB,qBAAqB,CAACH,cAAAA,CAAAA;AAE7DzB,QAAAA,GAAAA,CAAIC,IAAI,GAAG;YACTS,IAAAA,EAAMiB;AACR,SAAA;AACF,IAAA,CAAA;AAEA;;;MAIA,MAAME,QAAO7B,GAAY,EAAA;AACvB,QAAA,MAAM,EAAEY,EAAE,EAAE,GAAGZ,IAAIa,MAAM;AACzB,QAAA,MAAM,EAAEZ,IAAI,EAAE,GAAGD,IAAIE,OAAO;AAE5B,QAAA,MAAME,cAAcC,gBAAAA,CAAW,MAAA,CAAA;AAE/B,QAAA,MAAMyB,8BAAAA,CAAwB7B,IAAAA,CAAAA;AAE9B,QAAA,MAAMK,IAAAA,GAAO,MAAMF,WAAAA,CAAYO,OAAO,CAAC;AAAEC,YAAAA;AAAG,SAAA,CAAA;AAE5C,QAAA,IAAI,CAACN,IAAAA,EAAM;YACT,OAAON,GAAAA,CAAIe,QAAQ,CAAC,eAAA,CAAA;AACtB,QAAA;QAEA,IAAIT,IAAAA,CAAKyB,IAAI,KAAKlC,gBAAAA,EAAkB;AAClC,YAAA,MAAM,IAAIF,gBAAAA,CAAiB,8BAAA,CAAA;AAC7B,QAAA;AAEA,QAAA,MAAMqC,WAAAA,GAAc,MAAM5B,WAAAA,CAAYyB,MAAM,CAAC;AAAEjB,YAAAA;SAAG,EAAGX,IAAAA,CAAAA;QACrD,MAAMM,aAAAA,GAAgBH,WAAAA,CAAYI,YAAY,CAACwB,WAAAA,CAAAA;AAK/ChC,QAAAA,GAAAA,CAAIC,IAAI,GAAG;YACTS,IAAAA,EAAMH;AACR,SAAA;AACF,IAAA,CAAA;AAEA;;;MAIA,MAAM0B,gBAAejC,GAAY,EAAA;AAC/B,QAAA,MAAM,EAAEY,EAAE,EAAE,GAAGZ,IAAIa,MAAM;AAEzB,QAAA,MAAMT,cAAcC,gBAAAA,CAAW,MAAA,CAAA;AAC/B,QAAA,MAAM6B,oBAAoB7B,gBAAAA,CAAW,YAAA,CAAA;AAErC,QAAA,MAAMC,IAAAA,GAAO,MAAMF,WAAAA,CAAYO,OAAO,CAAC;AAAEC,YAAAA;AAAG,SAAA,CAAA;AAE5C,QAAA,IAAI,CAACN,IAAAA,EAAM;YACT,OAAON,GAAAA,CAAIe,QAAQ,CAAC,eAAA,CAAA;AACtB,QAAA;AAEA,QAAA,MAAMoB,WAAAA,GAAc,MAAMD,iBAAAA,CAAkBE,QAAQ,CAAC;YAAEC,KAAAA,EAAO;gBAAE/B,IAAAA,EAAM;AAAEM,oBAAAA,EAAAA,EAAIN,KAAKM;AAAG;AAAE;AAAE,SAAA,CAAA;AAExF,QAAA,MAAM0B,oBAAAA,GAAuBH,WAAAA,CAAYI,GAAG,CAACL,kBAAkBM,kBAAkB,CAAA;AAEjFxC,QAAAA,GAAAA,CAAIC,IAAI,GAAG;;YAETS,IAAAA,EAAM4B;AACR,SAAA;AACF,IAAA,CAAA;AAEA;;;MAIA,MAAMG,mBAAkBzC,GAAY,EAAA;AAClC,QAAA,MAAM,EAAEY,EAAE,EAAE,GAAGZ,IAAIa,MAAM;AACzB,QAAA,MAAM,EAAEZ,IAAAA,EAAMyC,KAAK,EAAE,GAAG1C,IAAIE,OAAO;AAEnC,QAAA,MAAME,cAAcC,gBAAAA,CAAW,MAAA,CAAA;AAC/B,QAAA,MAAM6B,oBAAoB7B,gBAAAA,CAAW,YAAA,CAAA;AAErC,QAAA,MAAMC,IAAAA,GAAO,MAAMF,WAAAA,CAAYO,OAAO,CAAC;AAAEC,YAAAA;AAAG,SAAA,CAAA;AAE5C,QAAA,IAAI,CAACN,IAAAA,EAAM;YACT,OAAON,GAAAA,CAAIe,QAAQ,CAAC,eAAA,CAAA;AACtB,QAAA;QAEA,IAAIT,IAAAA,CAAKyB,IAAI,KAAKlC,gBAAAA,EAAkB;AAClC,YAAA,MAAM,IAAIF,gBAAAA,CAAiB,0CAAA,CAAA;AAC7B,QAAA;AAEA,QAAA,MAAMgD,0CAAAA,CAAgCD,KAAAA,CAAAA;QAEtC,MAAME,qBAAAA,GAAyB,MAAMxC,WAAAA,CAAYyC,KAAK,CAACC,6BAA6B,CAACC,IAAI,CACvFL,KAAAA,CAAMP,WAAW,CAAA;AAGnB,QAAA,MAAMA,cAAc,MAAM/B,WAAAA,CAAY4C,iBAAiB,CAAC1C,IAAAA,CAAKM,EAAE,EAAEgC,qBAAAA,CAAAA;AAEjE,QAAA,MAAMN,oBAAAA,GAAuBH,WAAAA,CAAYI,GAAG,CAACL,kBAAkBM,kBAAkB,CAAA;AAEjFxC,QAAAA,GAAAA,CAAIC,IAAI,GAAG;YACTS,IAAAA,EAAM4B;AACR,SAAA;AACF,IAAA,CAAA;AAEA;;;MAIA,MAAMW,WAAUjD,GAAY,EAAA;AAC1B,QAAA,MAAM,EAAEY,EAAE,EAAE,GAAGZ,IAAIa,MAAM;AAEzB,QAAA,MAAMqC,8BAAAA,CAAwBtC,EAAAA,CAAAA;AAE9B,QAAA,MAAMR,cAAcC,gBAAAA,CAAW,MAAA,CAAA;AAE/B,QAAA,MAAMsB,KAAAA,GAAQ,MAAMvB,WAAAA,CAAY+C,WAAW,CAAC;AAACvC,YAAAA;AAAG,SAAA,CAAA;AAEhD,QAAA,MAAML,aAAAA,GAAgBoB,KAAAA,CAAMY,GAAG,CAAC,CAACjC,IAAAA,GAASF,WAAAA,CAAYI,YAAY,CAACF,IAAAA,CAAAA,CAAM,CAAC,CAAA,CAAE,IAAI,IAAA;QAEhF,OAAON,GAAAA,CAAIoD,OAAO,CAAC;YACjB1C,IAAAA,EAAMH;AACR,SAAA,CAAA;AACF,IAAA,CAAA;AAEA;;;MAIA,MAAM8C,YAAWrD,GAAY,EAAA;AAC3B,QAAA,MAAM,EAAEC,IAAI,EAAE,GAAGD,IAAIE,OAAO;AAE5B,QAAA,MAAMoD,+BAAAA,CAAyBrD,IAAAA,CAAAA;AAE/B,QAAA,MAAMG,cAAcC,gBAAAA,CAAW,MAAA,CAAA;AAE/B,QAAA,MAAMsB,QAAQ,MAAMvB,WAAAA,CAAY+C,WAAW,CAAClD,KAAKsD,GAAG,CAAA;AACpD,QAAA,MAAMC,cAAAA,GAAiB7B,KAAAA,CAAMY,GAAG,CAACnC,YAAYI,YAAY,CAAA;QAEzD,OAAOR,GAAAA,CAAIoD,OAAO,CAAC;YACjB1C,IAAAA,EAAM8C;AACR,SAAA,CAAA;AACF,IAAA;AACF,CAAA;;;;"}
@@ -120,10 +120,8 @@ var role = {
120
120
  throw new ApplicationError("Super admin permissions can't be edited.");
121
121
  }
122
122
  await validatedUpdatePermissionsInput(input);
123
- if (!role) {
124
- return ctx.notFound('role.notFound');
125
- }
126
- const permissions = await roleService.assignPermissions(role.id, input.permissions);
123
+ const normalizedPermissions = await roleService.hooks.willValidateUpdatePermissions.call(input.permissions);
124
+ const permissions = await roleService.assignPermissions(role.id, normalizedPermissions);
127
125
  const sanitizedPermissions = permissions.map(permissionService.sanitizePermission);
128
126
  ctx.body = {
129
127
  data: sanitizedPermissions