@strapi/core 0.0.0-experimental.bffd3c1819cd08304e7d270e88b4973e9fcbc183 → 0.0.0-experimental.c23f51fc41b3ef5de081f427d07e87af93cdcb2c

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (690) hide show
  1. package/dist/Strapi.js +426 -408
  2. package/dist/Strapi.js.map +1 -1
  3. package/dist/Strapi.mjs +426 -408
  4. package/dist/Strapi.mjs.map +1 -1
  5. package/dist/compile.js +23 -14
  6. package/dist/compile.js.map +1 -1
  7. package/dist/compile.mjs +22 -14
  8. package/dist/compile.mjs.map +1 -1
  9. package/dist/configuration/config-loader.js +110 -96
  10. package/dist/configuration/config-loader.js.map +1 -1
  11. package/dist/configuration/config-loader.mjs +109 -95
  12. package/dist/configuration/config-loader.mjs.map +1 -1
  13. package/dist/configuration/get-dirs.js +31 -29
  14. package/dist/configuration/get-dirs.js.map +1 -1
  15. package/dist/configuration/get-dirs.mjs +30 -30
  16. package/dist/configuration/get-dirs.mjs.map +1 -1
  17. package/dist/configuration/index.d.ts.map +1 -1
  18. package/dist/configuration/index.js +84 -78
  19. package/dist/configuration/index.js.map +1 -1
  20. package/dist/configuration/index.mjs +83 -74
  21. package/dist/configuration/index.mjs.map +1 -1
  22. package/dist/configuration/urls.js +65 -61
  23. package/dist/configuration/urls.js.map +1 -1
  24. package/dist/configuration/urls.mjs +64 -62
  25. package/dist/configuration/urls.mjs.map +1 -1
  26. package/dist/container.js +27 -23
  27. package/dist/container.js.map +1 -1
  28. package/dist/container.mjs +26 -24
  29. package/dist/container.mjs.map +1 -1
  30. package/dist/core-api/controller/collection-type.js +77 -76
  31. package/dist/core-api/controller/collection-type.js.map +1 -1
  32. package/dist/core-api/controller/collection-type.mjs +76 -77
  33. package/dist/core-api/controller/collection-type.mjs.map +1 -1
  34. package/dist/core-api/controller/index.js +63 -48
  35. package/dist/core-api/controller/index.js.map +1 -1
  36. package/dist/core-api/controller/index.mjs +62 -49
  37. package/dist/core-api/controller/index.mjs.map +1 -1
  38. package/dist/core-api/controller/single-type.js +41 -40
  39. package/dist/core-api/controller/single-type.js.map +1 -1
  40. package/dist/core-api/controller/single-type.mjs +40 -41
  41. package/dist/core-api/controller/single-type.mjs.map +1 -1
  42. package/dist/core-api/controller/transform.js +72 -63
  43. package/dist/core-api/controller/transform.js.map +1 -1
  44. package/dist/core-api/controller/transform.mjs +71 -64
  45. package/dist/core-api/controller/transform.mjs.map +1 -1
  46. package/dist/core-api/routes/index.js +64 -62
  47. package/dist/core-api/routes/index.js.map +1 -1
  48. package/dist/core-api/routes/index.mjs +62 -62
  49. package/dist/core-api/routes/index.mjs.map +1 -1
  50. package/dist/core-api/service/collection-type.js +73 -60
  51. package/dist/core-api/service/collection-type.js.map +1 -1
  52. package/dist/core-api/service/collection-type.mjs +72 -62
  53. package/dist/core-api/service/collection-type.mjs.map +1 -1
  54. package/dist/core-api/service/core-service.js +9 -8
  55. package/dist/core-api/service/core-service.js.map +1 -1
  56. package/dist/core-api/service/core-service.mjs +8 -9
  57. package/dist/core-api/service/core-service.mjs.map +1 -1
  58. package/dist/core-api/service/index.js +13 -13
  59. package/dist/core-api/service/index.js.map +1 -1
  60. package/dist/core-api/service/index.mjs +12 -14
  61. package/dist/core-api/service/index.mjs.map +1 -1
  62. package/dist/core-api/service/pagination.js +69 -43
  63. package/dist/core-api/service/pagination.js.map +1 -1
  64. package/dist/core-api/service/pagination.mjs +68 -47
  65. package/dist/core-api/service/pagination.mjs.map +1 -1
  66. package/dist/core-api/service/single-type.js +43 -38
  67. package/dist/core-api/service/single-type.js.map +1 -1
  68. package/dist/core-api/service/single-type.mjs +42 -40
  69. package/dist/core-api/service/single-type.mjs.map +1 -1
  70. package/dist/domain/content-type/index.js +95 -100
  71. package/dist/domain/content-type/index.js.map +1 -1
  72. package/dist/domain/content-type/index.mjs +94 -100
  73. package/dist/domain/content-type/index.mjs.map +1 -1
  74. package/dist/domain/content-type/validator.js +84 -69
  75. package/dist/domain/content-type/validator.js.map +1 -1
  76. package/dist/domain/content-type/validator.mjs +83 -68
  77. package/dist/domain/content-type/validator.mjs.map +1 -1
  78. package/dist/domain/module/index.js +109 -100
  79. package/dist/domain/module/index.js.map +1 -1
  80. package/dist/domain/module/index.mjs +108 -99
  81. package/dist/domain/module/index.mjs.map +1 -1
  82. package/dist/domain/module/validation.js +25 -20
  83. package/dist/domain/module/validation.js.map +1 -1
  84. package/dist/domain/module/validation.mjs +24 -21
  85. package/dist/domain/module/validation.mjs.map +1 -1
  86. package/dist/ee/index.js +168 -137
  87. package/dist/ee/index.js.map +1 -1
  88. package/dist/ee/index.mjs +167 -139
  89. package/dist/ee/index.mjs.map +1 -1
  90. package/dist/ee/license.js +96 -75
  91. package/dist/ee/license.js.map +1 -1
  92. package/dist/ee/license.mjs +95 -76
  93. package/dist/ee/license.mjs.map +1 -1
  94. package/dist/factories.js +72 -67
  95. package/dist/factories.js.map +1 -1
  96. package/dist/factories.mjs +71 -71
  97. package/dist/factories.mjs.map +1 -1
  98. package/dist/index.js +29 -26
  99. package/dist/index.js.map +1 -1
  100. package/dist/index.mjs +29 -29
  101. package/dist/index.mjs.map +1 -1
  102. package/dist/loaders/admin.d.ts.map +1 -1
  103. package/dist/loaders/admin.js +21 -20
  104. package/dist/loaders/admin.js.map +1 -1
  105. package/dist/loaders/admin.mjs +20 -20
  106. package/dist/loaders/admin.mjs.map +1 -1
  107. package/dist/loaders/apis.js +143 -120
  108. package/dist/loaders/apis.js.map +1 -1
  109. package/dist/loaders/apis.mjs +142 -119
  110. package/dist/loaders/apis.mjs.map +1 -1
  111. package/dist/loaders/components.js +33 -34
  112. package/dist/loaders/components.js.map +1 -1
  113. package/dist/loaders/components.mjs +32 -34
  114. package/dist/loaders/components.mjs.map +1 -1
  115. package/dist/loaders/index.js +22 -20
  116. package/dist/loaders/index.js.map +1 -1
  117. package/dist/loaders/index.mjs +21 -21
  118. package/dist/loaders/index.mjs.map +1 -1
  119. package/dist/loaders/middlewares.js +29 -25
  120. package/dist/loaders/middlewares.js.map +1 -1
  121. package/dist/loaders/middlewares.mjs +28 -25
  122. package/dist/loaders/middlewares.mjs.map +1 -1
  123. package/dist/loaders/plugins/get-enabled-plugins.js +126 -131
  124. package/dist/loaders/plugins/get-enabled-plugins.js.map +1 -1
  125. package/dist/loaders/plugins/get-enabled-plugins.mjs +125 -108
  126. package/dist/loaders/plugins/get-enabled-plugins.mjs.map +1 -1
  127. package/dist/loaders/plugins/get-user-plugins-config.js +25 -24
  128. package/dist/loaders/plugins/get-user-plugins-config.js.map +1 -1
  129. package/dist/loaders/plugins/get-user-plugins-config.mjs +24 -23
  130. package/dist/loaders/plugins/get-user-plugins-config.mjs.map +1 -1
  131. package/dist/loaders/plugins/index.js +132 -121
  132. package/dist/loaders/plugins/index.js.map +1 -1
  133. package/dist/loaders/plugins/index.mjs +121 -112
  134. package/dist/loaders/plugins/index.mjs.map +1 -1
  135. package/dist/loaders/policies.js +24 -20
  136. package/dist/loaders/policies.js.map +1 -1
  137. package/dist/loaders/policies.mjs +23 -20
  138. package/dist/loaders/policies.mjs.map +1 -1
  139. package/dist/loaders/sanitizers.js +10 -4
  140. package/dist/loaders/sanitizers.js.map +1 -1
  141. package/dist/loaders/sanitizers.mjs +9 -6
  142. package/dist/loaders/sanitizers.mjs.map +1 -1
  143. package/dist/loaders/src-index.js +35 -27
  144. package/dist/loaders/src-index.js.map +1 -1
  145. package/dist/loaders/src-index.mjs +34 -29
  146. package/dist/loaders/src-index.mjs.map +1 -1
  147. package/dist/loaders/validators.js +9 -4
  148. package/dist/loaders/validators.js.map +1 -1
  149. package/dist/loaders/validators.mjs +8 -6
  150. package/dist/loaders/validators.mjs.map +1 -1
  151. package/dist/middlewares/body.d.ts.map +1 -1
  152. package/dist/middlewares/body.js +58 -54
  153. package/dist/middlewares/body.js.map +1 -1
  154. package/dist/middlewares/body.mjs +57 -51
  155. package/dist/middlewares/body.mjs.map +1 -1
  156. package/dist/middlewares/compression.js +6 -6
  157. package/dist/middlewares/compression.js.map +1 -1
  158. package/dist/middlewares/compression.mjs +5 -5
  159. package/dist/middlewares/compression.mjs.map +1 -1
  160. package/dist/middlewares/cors.js +59 -48
  161. package/dist/middlewares/cors.js.map +1 -1
  162. package/dist/middlewares/cors.mjs +58 -47
  163. package/dist/middlewares/cors.mjs.map +1 -1
  164. package/dist/middlewares/errors.js +32 -30
  165. package/dist/middlewares/errors.js.map +1 -1
  166. package/dist/middlewares/errors.mjs +31 -31
  167. package/dist/middlewares/errors.mjs.map +1 -1
  168. package/dist/middlewares/favicon.js +27 -17
  169. package/dist/middlewares/favicon.js.map +1 -1
  170. package/dist/middlewares/favicon.mjs +26 -16
  171. package/dist/middlewares/favicon.mjs.map +1 -1
  172. package/dist/middlewares/index.js +32 -30
  173. package/dist/middlewares/index.js.map +1 -1
  174. package/dist/middlewares/index.mjs +31 -31
  175. package/dist/middlewares/index.mjs.map +1 -1
  176. package/dist/middlewares/ip.js +6 -6
  177. package/dist/middlewares/ip.js.map +1 -1
  178. package/dist/middlewares/ip.mjs +5 -5
  179. package/dist/middlewares/ip.mjs.map +1 -1
  180. package/dist/middlewares/logger.js +10 -9
  181. package/dist/middlewares/logger.js.map +1 -1
  182. package/dist/middlewares/logger.mjs +9 -10
  183. package/dist/middlewares/logger.mjs.map +1 -1
  184. package/dist/middlewares/powered-by.js +13 -9
  185. package/dist/middlewares/powered-by.js.map +1 -1
  186. package/dist/middlewares/powered-by.mjs +12 -10
  187. package/dist/middlewares/powered-by.mjs.map +1 -1
  188. package/dist/middlewares/public.js +33 -29
  189. package/dist/middlewares/public.js.map +1 -1
  190. package/dist/middlewares/public.mjs +32 -28
  191. package/dist/middlewares/public.mjs.map +1 -1
  192. package/dist/middlewares/query.js +35 -32
  193. package/dist/middlewares/query.js.map +1 -1
  194. package/dist/middlewares/query.mjs +34 -31
  195. package/dist/middlewares/query.mjs.map +1 -1
  196. package/dist/middlewares/response-time.js +10 -9
  197. package/dist/middlewares/response-time.js.map +1 -1
  198. package/dist/middlewares/response-time.mjs +9 -10
  199. package/dist/middlewares/response-time.mjs.map +1 -1
  200. package/dist/middlewares/responses.js +14 -12
  201. package/dist/middlewares/responses.js.map +1 -1
  202. package/dist/middlewares/responses.mjs +13 -13
  203. package/dist/middlewares/responses.mjs.map +1 -1
  204. package/dist/middlewares/security.js +109 -71
  205. package/dist/middlewares/security.js.map +1 -1
  206. package/dist/middlewares/security.mjs +108 -70
  207. package/dist/middlewares/security.mjs.map +1 -1
  208. package/dist/middlewares/session.js +26 -25
  209. package/dist/middlewares/session.js.map +1 -1
  210. package/dist/middlewares/session.mjs +25 -24
  211. package/dist/middlewares/session.mjs.map +1 -1
  212. package/dist/migrations/database/5.0.0-discard-drafts.js +152 -93
  213. package/dist/migrations/database/5.0.0-discard-drafts.js.map +1 -1
  214. package/dist/migrations/database/5.0.0-discard-drafts.mjs +151 -95
  215. package/dist/migrations/database/5.0.0-discard-drafts.mjs.map +1 -1
  216. package/dist/migrations/draft-publish.d.ts +1 -1
  217. package/dist/migrations/draft-publish.d.ts.map +1 -1
  218. package/dist/migrations/draft-publish.js +61 -34
  219. package/dist/migrations/draft-publish.js.map +1 -1
  220. package/dist/migrations/draft-publish.mjs +60 -36
  221. package/dist/migrations/draft-publish.mjs.map +1 -1
  222. package/dist/migrations/i18n.js +62 -45
  223. package/dist/migrations/i18n.js.map +1 -1
  224. package/dist/migrations/i18n.mjs +61 -47
  225. package/dist/migrations/i18n.mjs.map +1 -1
  226. package/dist/migrations/index.js +24 -10
  227. package/dist/migrations/index.js.map +1 -1
  228. package/dist/migrations/index.mjs +23 -12
  229. package/dist/migrations/index.mjs.map +1 -1
  230. package/dist/package.json.js +182 -0
  231. package/dist/package.json.js.map +1 -0
  232. package/dist/package.json.mjs +159 -0
  233. package/dist/package.json.mjs.map +1 -0
  234. package/dist/providers/admin.js +27 -17
  235. package/dist/providers/admin.js.map +1 -1
  236. package/dist/providers/admin.mjs +26 -19
  237. package/dist/providers/admin.mjs.map +1 -1
  238. package/dist/providers/coreStore.js +13 -8
  239. package/dist/providers/coreStore.js.map +1 -1
  240. package/dist/providers/coreStore.mjs +12 -10
  241. package/dist/providers/coreStore.mjs.map +1 -1
  242. package/dist/providers/cron.js +19 -16
  243. package/dist/providers/cron.js.map +1 -1
  244. package/dist/providers/cron.mjs +18 -18
  245. package/dist/providers/cron.mjs.map +1 -1
  246. package/dist/providers/index.js +18 -9
  247. package/dist/providers/index.js.map +1 -1
  248. package/dist/providers/index.mjs +17 -10
  249. package/dist/providers/index.mjs.map +1 -1
  250. package/dist/providers/provider.js +4 -3
  251. package/dist/providers/provider.js.map +1 -1
  252. package/dist/providers/provider.mjs +3 -4
  253. package/dist/providers/provider.mjs.map +1 -1
  254. package/dist/providers/registries.js +37 -32
  255. package/dist/providers/registries.js.map +1 -1
  256. package/dist/providers/registries.mjs +36 -34
  257. package/dist/providers/registries.mjs.map +1 -1
  258. package/dist/providers/telemetry.js +19 -16
  259. package/dist/providers/telemetry.js.map +1 -1
  260. package/dist/providers/telemetry.mjs +18 -18
  261. package/dist/providers/telemetry.mjs.map +1 -1
  262. package/dist/providers/webhooks.js +28 -26
  263. package/dist/providers/webhooks.js.map +1 -1
  264. package/dist/providers/webhooks.mjs +27 -28
  265. package/dist/providers/webhooks.mjs.map +1 -1
  266. package/dist/registries/apis.js +23 -20
  267. package/dist/registries/apis.js.map +1 -1
  268. package/dist/registries/apis.mjs +22 -22
  269. package/dist/registries/apis.mjs.map +1 -1
  270. package/dist/registries/components.js +35 -37
  271. package/dist/registries/components.js.map +1 -1
  272. package/dist/registries/components.mjs +34 -39
  273. package/dist/registries/components.mjs.map +1 -1
  274. package/dist/registries/content-types.js +54 -59
  275. package/dist/registries/content-types.js.map +1 -1
  276. package/dist/registries/content-types.mjs +53 -61
  277. package/dist/registries/content-types.mjs.map +1 -1
  278. package/dist/registries/controllers.js +70 -71
  279. package/dist/registries/controllers.js.map +1 -1
  280. package/dist/registries/controllers.mjs +69 -73
  281. package/dist/registries/controllers.mjs.map +1 -1
  282. package/dist/registries/custom-fields.js +75 -65
  283. package/dist/registries/custom-fields.js.map +1 -1
  284. package/dist/registries/custom-fields.mjs +74 -67
  285. package/dist/registries/custom-fields.mjs.map +1 -1
  286. package/dist/registries/hooks.js +46 -49
  287. package/dist/registries/hooks.js.map +1 -1
  288. package/dist/registries/hooks.mjs +45 -51
  289. package/dist/registries/hooks.mjs.map +1 -1
  290. package/dist/registries/middlewares.js +49 -51
  291. package/dist/registries/middlewares.js.map +1 -1
  292. package/dist/registries/middlewares.mjs +48 -53
  293. package/dist/registries/middlewares.mjs.map +1 -1
  294. package/dist/registries/models.js +14 -13
  295. package/dist/registries/models.js.map +1 -1
  296. package/dist/registries/models.mjs +13 -14
  297. package/dist/registries/models.mjs.map +1 -1
  298. package/dist/registries/modules.js +39 -36
  299. package/dist/registries/modules.js.map +1 -1
  300. package/dist/registries/modules.mjs +38 -38
  301. package/dist/registries/modules.mjs.map +1 -1
  302. package/dist/registries/namespace.js +21 -20
  303. package/dist/registries/namespace.js.map +1 -1
  304. package/dist/registries/namespace.mjs +20 -23
  305. package/dist/registries/namespace.mjs.map +1 -1
  306. package/dist/registries/plugins.js +23 -20
  307. package/dist/registries/plugins.js.map +1 -1
  308. package/dist/registries/plugins.mjs +22 -22
  309. package/dist/registries/plugins.mjs.map +1 -1
  310. package/dist/registries/policies.js +103 -96
  311. package/dist/registries/policies.js.map +1 -1
  312. package/dist/registries/policies.mjs +102 -98
  313. package/dist/registries/policies.mjs.map +1 -1
  314. package/dist/registries/sanitizers.js +23 -22
  315. package/dist/registries/sanitizers.js.map +1 -1
  316. package/dist/registries/sanitizers.mjs +22 -22
  317. package/dist/registries/sanitizers.mjs.map +1 -1
  318. package/dist/registries/services.js +71 -71
  319. package/dist/registries/services.js.map +1 -1
  320. package/dist/registries/services.mjs +70 -73
  321. package/dist/registries/services.mjs.map +1 -1
  322. package/dist/registries/validators.js +23 -22
  323. package/dist/registries/validators.js.map +1 -1
  324. package/dist/registries/validators.mjs +22 -22
  325. package/dist/registries/validators.mjs.map +1 -1
  326. package/dist/services/auth/index.js +74 -74
  327. package/dist/services/auth/index.js.map +1 -1
  328. package/dist/services/auth/index.mjs +73 -74
  329. package/dist/services/auth/index.mjs.map +1 -1
  330. package/dist/services/config.js +47 -43
  331. package/dist/services/config.js.map +1 -1
  332. package/dist/services/config.mjs +46 -44
  333. package/dist/services/config.mjs.map +1 -1
  334. package/dist/services/content-api/index.js +80 -79
  335. package/dist/services/content-api/index.js.map +1 -1
  336. package/dist/services/content-api/index.mjs +79 -79
  337. package/dist/services/content-api/index.mjs.map +1 -1
  338. package/dist/services/content-api/permissions/engine.js +8 -5
  339. package/dist/services/content-api/permissions/engine.js.map +1 -1
  340. package/dist/services/content-api/permissions/engine.mjs +7 -5
  341. package/dist/services/content-api/permissions/engine.mjs.map +1 -1
  342. package/dist/services/content-api/permissions/index.js +101 -81
  343. package/dist/services/content-api/permissions/index.js.map +1 -1
  344. package/dist/services/content-api/permissions/index.mjs +100 -81
  345. package/dist/services/content-api/permissions/index.mjs.map +1 -1
  346. package/dist/services/content-api/permissions/providers/action.js +17 -14
  347. package/dist/services/content-api/permissions/providers/action.js.map +1 -1
  348. package/dist/services/content-api/permissions/providers/action.mjs +16 -16
  349. package/dist/services/content-api/permissions/providers/action.mjs.map +1 -1
  350. package/dist/services/content-api/permissions/providers/condition.js +17 -14
  351. package/dist/services/content-api/permissions/providers/condition.js.map +1 -1
  352. package/dist/services/content-api/permissions/providers/condition.mjs +16 -16
  353. package/dist/services/content-api/permissions/providers/condition.mjs.map +1 -1
  354. package/dist/services/core-store.js +115 -95
  355. package/dist/services/core-store.js.map +1 -1
  356. package/dist/services/core-store.mjs +114 -97
  357. package/dist/services/core-store.mjs.map +1 -1
  358. package/dist/services/cron.js +74 -64
  359. package/dist/services/cron.js.map +1 -1
  360. package/dist/services/cron.mjs +73 -66
  361. package/dist/services/cron.mjs.map +1 -1
  362. package/dist/services/custom-fields.js +9 -7
  363. package/dist/services/custom-fields.js.map +1 -1
  364. package/dist/services/custom-fields.mjs +8 -9
  365. package/dist/services/custom-fields.mjs.map +1 -1
  366. package/dist/services/document-service/attributes/index.js +23 -18
  367. package/dist/services/document-service/attributes/index.js.map +1 -1
  368. package/dist/services/document-service/attributes/index.mjs +22 -19
  369. package/dist/services/document-service/attributes/index.mjs.map +1 -1
  370. package/dist/services/document-service/attributes/transforms.js +16 -15
  371. package/dist/services/document-service/attributes/transforms.js.map +1 -1
  372. package/dist/services/document-service/attributes/transforms.mjs +15 -15
  373. package/dist/services/document-service/attributes/transforms.mjs.map +1 -1
  374. package/dist/services/document-service/common.js +5 -4
  375. package/dist/services/document-service/common.js.map +1 -1
  376. package/dist/services/document-service/common.mjs +4 -5
  377. package/dist/services/document-service/common.mjs.map +1 -1
  378. package/dist/services/document-service/components.js +255 -257
  379. package/dist/services/document-service/components.js.map +1 -1
  380. package/dist/services/document-service/components.mjs +254 -262
  381. package/dist/services/document-service/components.mjs.map +1 -1
  382. package/dist/services/document-service/draft-and-publish.d.ts +1 -1
  383. package/dist/services/document-service/draft-and-publish.d.ts.map +1 -1
  384. package/dist/services/document-service/draft-and-publish.js +88 -48
  385. package/dist/services/document-service/draft-and-publish.js.map +1 -1
  386. package/dist/services/document-service/draft-and-publish.mjs +87 -54
  387. package/dist/services/document-service/draft-and-publish.mjs.map +1 -1
  388. package/dist/services/document-service/entries.js +109 -91
  389. package/dist/services/document-service/entries.js.map +1 -1
  390. package/dist/services/document-service/entries.mjs +108 -92
  391. package/dist/services/document-service/entries.mjs.map +1 -1
  392. package/dist/services/document-service/events.d.ts +1 -1
  393. package/dist/services/document-service/events.d.ts.map +1 -1
  394. package/dist/services/document-service/events.js +52 -40
  395. package/dist/services/document-service/events.js.map +1 -1
  396. package/dist/services/document-service/events.mjs +51 -41
  397. package/dist/services/document-service/events.mjs.map +1 -1
  398. package/dist/services/document-service/index.js +53 -33
  399. package/dist/services/document-service/index.js.map +1 -1
  400. package/dist/services/document-service/index.mjs +52 -34
  401. package/dist/services/document-service/index.mjs.map +1 -1
  402. package/dist/services/document-service/internationalization.js +62 -46
  403. package/dist/services/document-service/internationalization.js.map +1 -1
  404. package/dist/services/document-service/internationalization.mjs +61 -50
  405. package/dist/services/document-service/internationalization.mjs.map +1 -1
  406. package/dist/services/document-service/middlewares/errors.js +23 -19
  407. package/dist/services/document-service/middlewares/errors.js.map +1 -1
  408. package/dist/services/document-service/middlewares/errors.mjs +22 -20
  409. package/dist/services/document-service/middlewares/errors.mjs.map +1 -1
  410. package/dist/services/document-service/middlewares/middleware-manager.js +46 -44
  411. package/dist/services/document-service/middlewares/middleware-manager.js.map +1 -1
  412. package/dist/services/document-service/middlewares/middleware-manager.mjs +45 -45
  413. package/dist/services/document-service/middlewares/middleware-manager.mjs.map +1 -1
  414. package/dist/services/document-service/params.js +11 -5
  415. package/dist/services/document-service/params.js.map +1 -1
  416. package/dist/services/document-service/params.mjs +10 -6
  417. package/dist/services/document-service/params.mjs.map +1 -1
  418. package/dist/services/document-service/repository.d.ts.map +1 -1
  419. package/dist/services/document-service/repository.js +353 -321
  420. package/dist/services/document-service/repository.js.map +1 -1
  421. package/dist/services/document-service/repository.mjs +352 -322
  422. package/dist/services/document-service/repository.mjs.map +1 -1
  423. package/dist/services/document-service/transform/data.js +22 -12
  424. package/dist/services/document-service/transform/data.js.map +1 -1
  425. package/dist/services/document-service/transform/data.mjs +21 -13
  426. package/dist/services/document-service/transform/data.mjs.map +1 -1
  427. package/dist/services/document-service/transform/fields.js +26 -17
  428. package/dist/services/document-service/transform/fields.js.map +1 -1
  429. package/dist/services/document-service/transform/fields.mjs +25 -18
  430. package/dist/services/document-service/transform/fields.mjs.map +1 -1
  431. package/dist/services/document-service/transform/id-map.d.ts +1 -1
  432. package/dist/services/document-service/transform/id-map.d.ts.map +1 -1
  433. package/dist/services/document-service/transform/id-map.js +115 -75
  434. package/dist/services/document-service/transform/id-map.js.map +1 -1
  435. package/dist/services/document-service/transform/id-map.mjs +114 -76
  436. package/dist/services/document-service/transform/id-map.mjs.map +1 -1
  437. package/dist/services/document-service/transform/id-transform.d.ts +1 -1
  438. package/dist/services/document-service/transform/id-transform.d.ts.map +1 -1
  439. package/dist/services/document-service/transform/id-transform.js +37 -29
  440. package/dist/services/document-service/transform/id-transform.js.map +1 -1
  441. package/dist/services/document-service/transform/id-transform.mjs +36 -30
  442. package/dist/services/document-service/transform/id-transform.mjs.map +1 -1
  443. package/dist/services/document-service/transform/populate.js +23 -18
  444. package/dist/services/document-service/transform/populate.js.map +1 -1
  445. package/dist/services/document-service/transform/populate.mjs +22 -19
  446. package/dist/services/document-service/transform/populate.mjs.map +1 -1
  447. package/dist/services/document-service/transform/query.js +11 -6
  448. package/dist/services/document-service/transform/query.js.map +1 -1
  449. package/dist/services/document-service/transform/query.mjs +10 -7
  450. package/dist/services/document-service/transform/query.mjs.map +1 -1
  451. package/dist/services/document-service/transform/relations/extract/data-ids.d.ts +1 -1
  452. package/dist/services/document-service/transform/relations/extract/data-ids.d.ts.map +1 -1
  453. package/dist/services/document-service/transform/relations/extract/data-ids.js +70 -54
  454. package/dist/services/document-service/transform/relations/extract/data-ids.js.map +1 -1
  455. package/dist/services/document-service/transform/relations/extract/data-ids.mjs +69 -55
  456. package/dist/services/document-service/transform/relations/extract/data-ids.mjs.map +1 -1
  457. package/dist/services/document-service/transform/relations/transform/data-ids.js +96 -71
  458. package/dist/services/document-service/transform/relations/transform/data-ids.js.map +1 -1
  459. package/dist/services/document-service/transform/relations/transform/data-ids.mjs +95 -72
  460. package/dist/services/document-service/transform/relations/transform/data-ids.mjs.map +1 -1
  461. package/dist/services/document-service/transform/relations/transform/default-locale.js +47 -29
  462. package/dist/services/document-service/transform/relations/transform/default-locale.js.map +1 -1
  463. package/dist/services/document-service/transform/relations/transform/default-locale.mjs +46 -30
  464. package/dist/services/document-service/transform/relations/transform/default-locale.mjs.map +1 -1
  465. package/dist/services/document-service/transform/relations/utils/dp.d.ts +1 -1
  466. package/dist/services/document-service/transform/relations/utils/dp.d.ts.map +1 -1
  467. package/dist/services/document-service/transform/relations/utils/dp.js +52 -26
  468. package/dist/services/document-service/transform/relations/utils/dp.js.map +1 -1
  469. package/dist/services/document-service/transform/relations/utils/dp.mjs +51 -27
  470. package/dist/services/document-service/transform/relations/utils/dp.mjs.map +1 -1
  471. package/dist/services/document-service/transform/relations/utils/i18n.d.ts +1 -1
  472. package/dist/services/document-service/transform/relations/utils/i18n.d.ts.map +1 -1
  473. package/dist/services/document-service/transform/relations/utils/i18n.js +20 -18
  474. package/dist/services/document-service/transform/relations/utils/i18n.js.map +1 -1
  475. package/dist/services/document-service/transform/relations/utils/i18n.mjs +19 -21
  476. package/dist/services/document-service/transform/relations/utils/i18n.mjs.map +1 -1
  477. package/dist/services/document-service/transform/relations/utils/map-relation.js +116 -70
  478. package/dist/services/document-service/transform/relations/utils/map-relation.js.map +1 -1
  479. package/dist/services/document-service/transform/relations/utils/map-relation.mjs +115 -72
  480. package/dist/services/document-service/transform/relations/utils/map-relation.mjs.map +1 -1
  481. package/dist/services/document-service/utils/bidirectional-relations.d.ts +95 -0
  482. package/dist/services/document-service/utils/bidirectional-relations.d.ts.map +1 -0
  483. package/dist/services/document-service/utils/bidirectional-relations.js +148 -0
  484. package/dist/services/document-service/utils/bidirectional-relations.js.map +1 -0
  485. package/dist/services/document-service/utils/bidirectional-relations.mjs +145 -0
  486. package/dist/services/document-service/utils/bidirectional-relations.mjs.map +1 -0
  487. package/dist/services/document-service/utils/populate.d.ts +1 -1
  488. package/dist/services/document-service/utils/populate.d.ts.map +1 -1
  489. package/dist/services/document-service/utils/populate.js +66 -42
  490. package/dist/services/document-service/utils/populate.js.map +1 -1
  491. package/dist/services/document-service/utils/populate.mjs +65 -43
  492. package/dist/services/document-service/utils/populate.mjs.map +1 -1
  493. package/dist/services/document-service/utils/unidirectional-relations.d.ts +1 -1
  494. package/dist/services/document-service/utils/unidirectional-relations.d.ts.map +1 -1
  495. package/dist/services/document-service/utils/unidirectional-relations.js +110 -62
  496. package/dist/services/document-service/utils/unidirectional-relations.js.map +1 -1
  497. package/dist/services/document-service/utils/unidirectional-relations.mjs +109 -64
  498. package/dist/services/document-service/utils/unidirectional-relations.mjs.map +1 -1
  499. package/dist/services/entity-service/index.js +230 -161
  500. package/dist/services/entity-service/index.js.map +1 -1
  501. package/dist/services/entity-service/index.mjs +229 -160
  502. package/dist/services/entity-service/index.mjs.map +1 -1
  503. package/dist/services/entity-validator/blocks-validator.js +135 -103
  504. package/dist/services/entity-validator/blocks-validator.js.map +1 -1
  505. package/dist/services/entity-validator/blocks-validator.mjs +134 -104
  506. package/dist/services/entity-validator/blocks-validator.mjs.map +1 -1
  507. package/dist/services/entity-validator/index.d.ts +1 -1
  508. package/dist/services/entity-validator/index.d.ts.map +1 -1
  509. package/dist/services/entity-validator/index.js +362 -367
  510. package/dist/services/entity-validator/index.js.map +1 -1
  511. package/dist/services/entity-validator/index.mjs +358 -364
  512. package/dist/services/entity-validator/index.mjs.map +1 -1
  513. package/dist/services/entity-validator/validators.js +268 -210
  514. package/dist/services/entity-validator/validators.js.map +1 -1
  515. package/dist/services/entity-validator/validators.mjs +267 -216
  516. package/dist/services/entity-validator/validators.mjs.map +1 -1
  517. package/dist/services/errors.js +65 -65
  518. package/dist/services/errors.js.map +1 -1
  519. package/dist/services/errors.mjs +64 -66
  520. package/dist/services/errors.mjs.map +1 -1
  521. package/dist/services/event-hub.js +82 -69
  522. package/dist/services/event-hub.js.map +1 -1
  523. package/dist/services/event-hub.mjs +81 -71
  524. package/dist/services/event-hub.mjs.map +1 -1
  525. package/dist/services/features.js +19 -14
  526. package/dist/services/features.js.map +1 -1
  527. package/dist/services/features.mjs +18 -15
  528. package/dist/services/features.mjs.map +1 -1
  529. package/dist/services/fs.js +41 -40
  530. package/dist/services/fs.js.map +1 -1
  531. package/dist/services/fs.mjs +40 -39
  532. package/dist/services/fs.mjs.map +1 -1
  533. package/dist/services/metrics/admin-user-hash.js +13 -11
  534. package/dist/services/metrics/admin-user-hash.js.map +1 -1
  535. package/dist/services/metrics/admin-user-hash.mjs +12 -10
  536. package/dist/services/metrics/admin-user-hash.mjs.map +1 -1
  537. package/dist/services/metrics/index.js +46 -39
  538. package/dist/services/metrics/index.js.map +1 -1
  539. package/dist/services/metrics/index.mjs +45 -41
  540. package/dist/services/metrics/index.mjs.map +1 -1
  541. package/dist/services/metrics/is-truthy.js +13 -6
  542. package/dist/services/metrics/is-truthy.js.map +1 -1
  543. package/dist/services/metrics/is-truthy.mjs +12 -6
  544. package/dist/services/metrics/is-truthy.mjs.map +1 -1
  545. package/dist/services/metrics/middleware.js +35 -22
  546. package/dist/services/metrics/middleware.js.map +1 -1
  547. package/dist/services/metrics/middleware.mjs +34 -24
  548. package/dist/services/metrics/middleware.mjs.map +1 -1
  549. package/dist/services/metrics/rate-limiter.js +22 -20
  550. package/dist/services/metrics/rate-limiter.js.map +1 -1
  551. package/dist/services/metrics/rate-limiter.mjs +21 -22
  552. package/dist/services/metrics/rate-limiter.mjs.map +1 -1
  553. package/dist/services/metrics/sender.js +78 -69
  554. package/dist/services/metrics/sender.js.map +1 -1
  555. package/dist/services/metrics/sender.mjs +77 -64
  556. package/dist/services/metrics/sender.mjs.map +1 -1
  557. package/dist/services/query-params.js +13 -10
  558. package/dist/services/query-params.js.map +1 -1
  559. package/dist/services/query-params.mjs +12 -12
  560. package/dist/services/query-params.mjs.map +1 -1
  561. package/dist/services/reloader.js +35 -32
  562. package/dist/services/reloader.js.map +1 -1
  563. package/dist/services/reloader.mjs +34 -33
  564. package/dist/services/reloader.mjs.map +1 -1
  565. package/dist/services/request-context.js +11 -8
  566. package/dist/services/request-context.js.map +1 -1
  567. package/dist/services/request-context.mjs +10 -10
  568. package/dist/services/request-context.mjs.map +1 -1
  569. package/dist/services/server/admin-api.js +11 -10
  570. package/dist/services/server/admin-api.js.map +1 -1
  571. package/dist/services/server/admin-api.mjs +10 -11
  572. package/dist/services/server/admin-api.mjs.map +1 -1
  573. package/dist/services/server/api.js +33 -27
  574. package/dist/services/server/api.js.map +1 -1
  575. package/dist/services/server/api.mjs +32 -26
  576. package/dist/services/server/api.mjs.map +1 -1
  577. package/dist/services/server/compose-endpoint.js +116 -105
  578. package/dist/services/server/compose-endpoint.js.map +1 -1
  579. package/dist/services/server/compose-endpoint.mjs +115 -105
  580. package/dist/services/server/compose-endpoint.mjs.map +1 -1
  581. package/dist/services/server/content-api.js +11 -9
  582. package/dist/services/server/content-api.js.map +1 -1
  583. package/dist/services/server/content-api.mjs +10 -10
  584. package/dist/services/server/content-api.mjs.map +1 -1
  585. package/dist/services/server/http-server.js +48 -44
  586. package/dist/services/server/http-server.js.map +1 -1
  587. package/dist/services/server/http-server.mjs +47 -43
  588. package/dist/services/server/http-server.mjs.map +1 -1
  589. package/dist/services/server/index.js +85 -82
  590. package/dist/services/server/index.js.map +1 -1
  591. package/dist/services/server/index.mjs +84 -81
  592. package/dist/services/server/index.mjs.map +1 -1
  593. package/dist/services/server/koa.js +49 -47
  594. package/dist/services/server/koa.js.map +1 -1
  595. package/dist/services/server/koa.mjs +48 -44
  596. package/dist/services/server/koa.mjs.map +1 -1
  597. package/dist/services/server/middleware.js +86 -82
  598. package/dist/services/server/middleware.js.map +1 -1
  599. package/dist/services/server/middleware.mjs +85 -82
  600. package/dist/services/server/middleware.mjs.map +1 -1
  601. package/dist/services/server/policy.js +24 -17
  602. package/dist/services/server/policy.js.map +1 -1
  603. package/dist/services/server/policy.mjs +23 -18
  604. package/dist/services/server/policy.mjs.map +1 -1
  605. package/dist/services/server/register-middlewares.js +68 -61
  606. package/dist/services/server/register-middlewares.js.map +1 -1
  607. package/dist/services/server/register-middlewares.mjs +67 -63
  608. package/dist/services/server/register-middlewares.mjs.map +1 -1
  609. package/dist/services/server/register-routes.js +90 -67
  610. package/dist/services/server/register-routes.js.map +1 -1
  611. package/dist/services/server/register-routes.mjs +89 -67
  612. package/dist/services/server/register-routes.mjs.map +1 -1
  613. package/dist/services/server/routing.js +94 -81
  614. package/dist/services/server/routing.js.map +1 -1
  615. package/dist/services/server/routing.mjs +93 -81
  616. package/dist/services/server/routing.mjs.map +1 -1
  617. package/dist/services/utils/dynamic-zones.js +13 -14
  618. package/dist/services/utils/dynamic-zones.js.map +1 -1
  619. package/dist/services/utils/dynamic-zones.mjs +12 -16
  620. package/dist/services/utils/dynamic-zones.mjs.map +1 -1
  621. package/dist/services/webhook-runner.js +124 -122
  622. package/dist/services/webhook-runner.js.map +1 -1
  623. package/dist/services/webhook-runner.mjs +123 -121
  624. package/dist/services/webhook-runner.mjs.map +1 -1
  625. package/dist/services/webhook-store.js +132 -99
  626. package/dist/services/webhook-store.js.map +1 -1
  627. package/dist/services/webhook-store.mjs +131 -101
  628. package/dist/services/webhook-store.mjs.map +1 -1
  629. package/dist/services/worker-queue.js +44 -49
  630. package/dist/services/worker-queue.js.map +1 -1
  631. package/dist/services/worker-queue.mjs +43 -49
  632. package/dist/services/worker-queue.mjs.map +1 -1
  633. package/dist/utils/convert-custom-field-type.js +17 -20
  634. package/dist/utils/convert-custom-field-type.js.map +1 -1
  635. package/dist/utils/convert-custom-field-type.mjs +16 -21
  636. package/dist/utils/convert-custom-field-type.mjs.map +1 -1
  637. package/dist/utils/cron.js +64 -30
  638. package/dist/utils/cron.js.map +1 -1
  639. package/dist/utils/cron.mjs +63 -31
  640. package/dist/utils/cron.mjs.map +1 -1
  641. package/dist/utils/fetch.js +24 -18
  642. package/dist/utils/fetch.js.map +1 -1
  643. package/dist/utils/fetch.mjs +23 -19
  644. package/dist/utils/fetch.mjs.map +1 -1
  645. package/dist/utils/filepath-to-prop-path.js +20 -28
  646. package/dist/utils/filepath-to-prop-path.js.map +1 -1
  647. package/dist/utils/filepath-to-prop-path.mjs +19 -26
  648. package/dist/utils/filepath-to-prop-path.mjs.map +1 -1
  649. package/dist/utils/is-initialized.js +21 -12
  650. package/dist/utils/is-initialized.js.map +1 -1
  651. package/dist/utils/is-initialized.mjs +20 -13
  652. package/dist/utils/is-initialized.mjs.map +1 -1
  653. package/dist/utils/lifecycles.js +6 -5
  654. package/dist/utils/lifecycles.js.map +1 -1
  655. package/dist/utils/lifecycles.mjs +5 -6
  656. package/dist/utils/lifecycles.mjs.map +1 -1
  657. package/dist/utils/load-config-file.js +40 -38
  658. package/dist/utils/load-config-file.js.map +1 -1
  659. package/dist/utils/load-config-file.mjs +39 -36
  660. package/dist/utils/load-config-file.mjs.map +1 -1
  661. package/dist/utils/load-files.js +40 -34
  662. package/dist/utils/load-files.js.map +1 -1
  663. package/dist/utils/load-files.mjs +39 -31
  664. package/dist/utils/load-files.mjs.map +1 -1
  665. package/dist/utils/open-browser.js +8 -8
  666. package/dist/utils/open-browser.js.map +1 -1
  667. package/dist/utils/open-browser.mjs +7 -7
  668. package/dist/utils/open-browser.mjs.map +1 -1
  669. package/dist/utils/resolve-working-dirs.js +23 -10
  670. package/dist/utils/resolve-working-dirs.js.map +1 -1
  671. package/dist/utils/resolve-working-dirs.mjs +22 -9
  672. package/dist/utils/resolve-working-dirs.mjs.map +1 -1
  673. package/dist/utils/signals.js +20 -14
  674. package/dist/utils/signals.js.map +1 -1
  675. package/dist/utils/signals.mjs +19 -15
  676. package/dist/utils/signals.mjs.map +1 -1
  677. package/dist/utils/startup-logger.js +107 -83
  678. package/dist/utils/startup-logger.js.map +1 -1
  679. package/dist/utils/startup-logger.mjs +106 -80
  680. package/dist/utils/startup-logger.mjs.map +1 -1
  681. package/dist/utils/transform-content-types-to-models.js +350 -261
  682. package/dist/utils/transform-content-types-to-models.js.map +1 -1
  683. package/dist/utils/transform-content-types-to-models.mjs +349 -269
  684. package/dist/utils/transform-content-types-to-models.mjs.map +1 -1
  685. package/dist/utils/update-notifier/index.d.ts.map +1 -1
  686. package/dist/utils/update-notifier/index.js +68 -73
  687. package/dist/utils/update-notifier/index.js.map +1 -1
  688. package/dist/utils/update-notifier/index.mjs +67 -67
  689. package/dist/utils/update-notifier/index.mjs.map +1 -1
  690. package/package.json +24 -24
package/dist/middlewares/security.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"security.js","sources":["../../src/middlewares/security.ts"],"sourcesContent":["import { defaultsDeep, mergeWith } from 'lodash/fp';\nimport helmet, { KoaHelmet } from 'koa-helmet';\n\nimport type { Core } from '@strapi/types';\n\nexport type Config = NonNullable<Parameters<KoaHelmet>[0]>;\n\nconst defaults: Config = {\n crossOriginEmbedderPolicy: false,\n crossOriginOpenerPolicy: false,\n crossOriginResourcePolicy: false,\n originAgentCluster: false,\n contentSecurityPolicy: {\n useDefaults: true,\n directives: {\n 'connect-src': [\"'self'\", 'https:'],\n 'img-src': [\"'self'\", 'data:', 'blob:', 'https://market-assets.strapi.io'],\n 'media-src': [\"'self'\", 'data:', 'blob:'],\n upgradeInsecureRequests: null,\n },\n },\n xssFilter: false,\n hsts: {\n maxAge: 31536000,\n includeSubDomains: true,\n },\n frameguard: {\n action: 'sameorigin',\n },\n};\n\nconst mergeConfig = (existingConfig: Config, newConfig: Config) => {\n return mergeWith(\n (obj, src) => (Array.isArray(obj) && Array.isArray(src) ? obj.concat(src) : undefined),\n existingConfig,\n newConfig\n );\n};\n\nexport const security: Core.MiddlewareFactory<Config> =\n (config, { strapi }) =>\n (ctx, next) => {\n let helmetConfig: Config = defaultsDeep(defaults, config);\n\n const specialPaths = ['/documentation'];\n\n const directives: {\n 'script-src': string[];\n 'img-src': string[];\n 'manifest-src': string[];\n 'frame-src': string[];\n } = {\n 'script-src': [\"'self'\", \"'unsafe-inline'\", 'cdn.jsdelivr.net'],\n 'img-src': [\"'self'\", 'data:', 'cdn.jsdelivr.net', 'strapi.io'],\n 'manifest-src': [],\n 'frame-src': [],\n };\n\n // if apollo graphql playground is enabled, add exceptions for it\n if (strapi.plugin('graphql')?.service('utils').playground.isEnabled()) {\n const { config: gqlConfig } = strapi.plugin('graphql');\n specialPaths.push(gqlConfig('endpoint'));\n\n directives['script-src'].push(`https: 'unsafe-inline'`);\n directives['img-src'].push(`'apollo-server-landing-page.cdn.apollographql.com'`);\n directives['manifest-src'].push(`'self'`);\n directives['manifest-src'].push('apollo-server-landing-page.cdn.apollographql.com');\n directives['frame-src'].push(`'self'`);\n directives['frame-src'].push('sandbox.embed.apollographql.com');\n }\n\n // TODO: we shouldn't combine playground exceptions with documentation for all routes, we should first check the path and then return exceptions specific to that\n if (ctx.method === 'GET' && specialPaths.some((str) => ctx.path.startsWith(str))) {\n helmetConfig = mergeConfig(helmetConfig, {\n crossOriginEmbedderPolicy: false, // TODO: only use this for graphql playground\n contentSecurityPolicy: {\n directives,\n },\n });\n }\n\n /**\n * These are for vite's watch mode so it can accurately\n * connect to the HMR websocket & reconnect on failure\n * or when the server restarts.\n *\n * It only applies in development, and only on GET requests\n * that are part of the admin route.\n */\n\n if (\n ['development', 'test'].includes(process.env.NODE_ENV ?? '') &&\n ctx.method === 'GET' &&\n ctx.path.startsWith(strapi.config.get('admin.path'))\n ) {\n helmetConfig = mergeConfig(helmetConfig, {\n contentSecurityPolicy: {\n directives: {\n 'script-src': [\"'self'\", \"'unsafe-inline'\"],\n 'connect-src': [\"'self'\", 'http:', 'https:', 'ws:'],\n },\n },\n });\n }\n\n return helmet(helmetConfig)(ctx, next);\n };\n"],"names":["mergeWith","defaultsDeep","helmet"],"mappings":";;;;;;AAOA,MAAM,WAAmB;AAAA,EACvB,2BAA2B;AAAA,EAC3B,yBAAyB;AAAA,EACzB,2BAA2B;AAAA,EAC3B,oBAAoB;AAAA,EACpB,uBAAuB;AAAA,IACrB,aAAa;AAAA,IACb,YAAY;AAAA,MACV,eAAe,CAAC,UAAU,QAAQ;AAAA,MAClC,WAAW,CAAC,UAAU,SAAS,SAAS,iCAAiC;AAAA,MACzE,aAAa,CAAC,UAAU,SAAS,OAAO;AAAA,MACxC,yBAAyB;AAAA,IAAA;AAAA,EAE7B;AAAA,EACA,WAAW;AAAA,EACX,MAAM;AAAA,IACJ,QAAQ;AAAA,IACR,mBAAmB;AAAA,EACrB;AAAA,EACA,YAAY;AAAA,IACV,QAAQ;AAAA,EAAA;AAEZ;AAEA,MAAM,cAAc,CAAC,gBAAwB,cAAsB;AAC1D,SAAAA,GAAA;AAAA,IACL,CAAC,KAAK,QAAS,MAAM,QAAQ,GAAG,KAAK,MAAM,QAAQ,GAAG,IAAI,IAAI,OAAO,GAAG,IAAI;AAAA,IAC5E;AAAA,IACA;AAAA,EACF;AACF;AAEa,MAAA,WACX,CAAC,QAAQ,EAAE,aACX,CAAC,KAAK,SAAS;AACT,MAAA,eAAuBC,GAAAA,aAAa,UAAU,MAAM;AAElD,QAAA,eAAe,CAAC,gBAAgB;AAEtC,QAAM,aAKF;AAAA,IACF,cAAc,CAAC,UAAU,mBAAmB,kBAAkB;AAAA,IAC9D,WAAW,CAAC,UAAU,SAAS,oBAAoB,WAAW;AAAA,IAC9D,gBAAgB,CAAC;AAAA,IACjB,aAAa,CAAA;AAAA,EACf;AAGI,MAAA,OAAO,OAAO,SAAS,GAAG,QAAQ,OAAO,EAAE,WAAW,aAAa;AACrE,UAAM,EAAE,QAAQ,UAAA,IAAc,OAAO,OAAO,SAAS;AACxC,iBAAA,KAAK,UAAU,UAAU,CAAC;AAE5B,eAAA,YAAY,EAAE,KAAK,wBAAwB;AAC3C,eAAA,SAAS,EAAE,KAAK,oDAAoD;AACpE,eAAA,cAAc,EAAE,KAAK,QAAQ;AAC7B,eAAA,cAAc,EAAE,KAAK,kDAAkD;AACvE,eAAA,WAAW,EAAE,KAAK,QAAQ;AAC1B,eAAA,WAAW,EAAE,KAAK,iCAAiC;AAAA,EAAA;AAIhE,MAAI,IAAI,WAAW,SAAS,aAAa,KAAK,CAAC,QAAQ,IAAI,KAAK,WAAW,GAAG,CAAC,GAAG;AAChF,mBAAe,YAAY,cAAc;AAAA,MACvC,2BAA2B;AAAA;AAAA,MAC3B,uBAAuB;AAAA,QACrB;AAAA,MAAA;AAAA,IACF,CACD;AAAA,EAAA;AAaD,MAAA,CAAC,eAAe,MAAM,EAAE,SAAS,QAAQ,IAAI,YAAY,EAAE,KAC3D,IAAI,WAAW,SACf,IAAI,KAAK,WAAW,OAAO,OAAO,IAAI,YAAY,CAAC,GACnD;AACA,mBAAe,YAAY,cAAc;AAAA,MACvC,uBAAuB;AAAA,QACrB,YAAY;AAAA,UACV,cAAc,CAAC,UAAU,iBAAiB;AAAA,UAC1C,eAAe,CAAC,UAAU,SAAS,UAAU,KAAK;AAAA,QAAA;AAAA,MACpD;AAAA,IACF,CACD;AAAA,EAAA;AAGH,SAAOC,wBAAO,YAAY,EAAE,KAAK,IAAI;AACvC;;"}
1
+ {"version":3,"file":"security.js","sources":["../../src/middlewares/security.ts"],"sourcesContent":["import { defaultsDeep, mergeWith } from 'lodash/fp';\nimport helmet, { KoaHelmet } from 'koa-helmet';\n\nimport type { Core } from '@strapi/types';\n\nexport type Config = NonNullable<Parameters<KoaHelmet>[0]>;\n\nconst defaults: Config = {\n crossOriginEmbedderPolicy: false,\n crossOriginOpenerPolicy: false,\n crossOriginResourcePolicy: false,\n originAgentCluster: false,\n contentSecurityPolicy: {\n useDefaults: true,\n directives: {\n 'connect-src': [\"'self'\", 'https:'],\n 'img-src': [\"'self'\", 'data:', 'blob:', 'https://market-assets.strapi.io'],\n 'media-src': [\"'self'\", 'data:', 'blob:'],\n upgradeInsecureRequests: null,\n },\n },\n xssFilter: false,\n hsts: {\n maxAge: 31536000,\n includeSubDomains: true,\n },\n frameguard: {\n action: 'sameorigin',\n },\n};\n\nconst mergeConfig = (existingConfig: Config, newConfig: Config) => {\n return mergeWith(\n (obj, src) => (Array.isArray(obj) && Array.isArray(src) ? obj.concat(src) : undefined),\n existingConfig,\n newConfig\n );\n};\n\nexport const security: Core.MiddlewareFactory<Config> =\n (config, { strapi }) =>\n (ctx, next) => {\n let helmetConfig: Config = defaultsDeep(defaults, config);\n\n const specialPaths = ['/documentation'];\n\n const directives: {\n 'script-src': string[];\n 'img-src': string[];\n 'manifest-src': string[];\n 'frame-src': string[];\n } = {\n 'script-src': [\"'self'\", \"'unsafe-inline'\", 'cdn.jsdelivr.net'],\n 'img-src': [\"'self'\", 'data:', 'cdn.jsdelivr.net', 'strapi.io'],\n 'manifest-src': [],\n 'frame-src': [],\n };\n\n // if apollo graphql playground is enabled, add exceptions for it\n if (strapi.plugin('graphql')?.service('utils').playground.isEnabled()) {\n const { config: gqlConfig } = strapi.plugin('graphql');\n specialPaths.push(gqlConfig('endpoint'));\n\n directives['script-src'].push(`https: 'unsafe-inline'`);\n directives['img-src'].push(`'apollo-server-landing-page.cdn.apollographql.com'`);\n directives['manifest-src'].push(`'self'`);\n directives['manifest-src'].push('apollo-server-landing-page.cdn.apollographql.com');\n directives['frame-src'].push(`'self'`);\n directives['frame-src'].push('sandbox.embed.apollographql.com');\n }\n\n // TODO: we shouldn't combine playground exceptions with documentation for all routes, we should first check the path and then return exceptions specific to that\n if (ctx.method === 'GET' && specialPaths.some((str) => ctx.path.startsWith(str))) {\n helmetConfig = mergeConfig(helmetConfig, {\n crossOriginEmbedderPolicy: false, // TODO: only use this for graphql playground\n contentSecurityPolicy: {\n directives,\n },\n });\n }\n\n /**\n * These are for vite's watch mode so it can accurately\n * connect to the HMR websocket & reconnect on failure\n * or when the server restarts.\n *\n * It only applies in development, and only on GET requests\n * that are part of the admin route.\n */\n\n if (\n ['development', 'test'].includes(process.env.NODE_ENV ?? '') &&\n ctx.method === 'GET' &&\n ctx.path.startsWith(strapi.config.get('admin.path'))\n ) {\n helmetConfig = mergeConfig(helmetConfig, {\n contentSecurityPolicy: {\n directives: {\n 'script-src': [\"'self'\", \"'unsafe-inline'\"],\n 'connect-src': [\"'self'\", 'http:', 'https:', 'ws:'],\n },\n },\n });\n }\n\n return helmet(helmetConfig)(ctx, next);\n };\n"],"names":["defaults","crossOriginEmbedderPolicy","crossOriginOpenerPolicy","crossOriginResourcePolicy","originAgentCluster","contentSecurityPolicy","useDefaults","directives","upgradeInsecureRequests","xssFilter","hsts","maxAge","includeSubDomains","frameguard","action","mergeConfig","existingConfig","newConfig","mergeWith","obj","src","Array","isArray","concat","undefined","security","config","strapi","ctx","next","helmetConfig","defaultsDeep","specialPaths","plugin","service","playground","isEnabled","gqlConfig","push","method","some","str","path","startsWith","includes","process","env","NODE_ENV","get","helmet"],"mappings":";;;;;AAOA,MAAMA,QAAmB,GAAA;IACvBC,yBAA2B,EAAA,KAAA;IAC3BC,uBAAyB,EAAA,KAAA;IACzBC,yBAA2B,EAAA,KAAA;IAC3BC,kBAAoB,EAAA,KAAA;IACpBC,qBAAuB,EAAA;QACrBC,WAAa,EAAA,IAAA;QACbC,UAAY,EAAA;YACV,aAAe,EAAA;AAAC,gBAAA,QAAA;AAAU,gBAAA;AAAS,aAAA;YACnC,SAAW,EAAA;AAAC,gBAAA,QAAA;AAAU,gBAAA,OAAA;AAAS,gBAAA,OAAA;AAAS,gBAAA;AAAkC,aAAA;YAC1E,WAAa,EAAA;AAAC,gBAAA,QAAA;AAAU,gBAAA,OAAA;AAAS,gBAAA;AAAQ,aAAA;YACzCC,uBAAyB,EAAA;AAC3B;AACF,KAAA;IACAC,SAAW,EAAA,KAAA;IACXC,IAAM,EAAA;QACJC,MAAQ,EAAA,QAAA;QACRC,iBAAmB,EAAA;AACrB,KAAA;IACAC,UAAY,EAAA;QACVC,MAAQ,EAAA;AACV;AACF,CAAA;AAEA,MAAMC,WAAAA,GAAc,CAACC,cAAwBC,EAAAA,SAAAA,GAAAA;AAC3C,IAAA,OAAOC,aACL,CAACC,GAAAA,EAAKC,GAASC,GAAAA,KAAAA,CAAMC,OAAO,CAACH,GAAAA,CAAAA,IAAQE,KAAMC,CAAAA,OAAO,CAACF,GAAOD,CAAAA,GAAAA,GAAAA,CAAII,MAAM,CAACH,GAAAA,CAAAA,GAAOI,WAC5ER,cACAC,EAAAA,SAAAA,CAAAA;AAEJ,CAAA;AAEO,MAAMQ,WACX,CAACC,MAAAA,EAAQ,EAAEC,MAAM,EAAE,GACnB,CAACC,GAAKC,EAAAA,IAAAA,GAAAA;QACJ,IAAIC,YAAAA,GAAuBC,gBAAa/B,QAAU0B,EAAAA,MAAAA,CAAAA;AAElD,QAAA,MAAMM,YAAe,GAAA;AAAC,YAAA;AAAiB,SAAA;AAEvC,QAAA,MAAMzB,UAKF,GAAA;YACF,YAAc,EAAA;AAAC,gBAAA,QAAA;AAAU,gBAAA,iBAAA;AAAmB,gBAAA;AAAmB,aAAA;YAC/D,SAAW,EAAA;AAAC,gBAAA,QAAA;AAAU,gBAAA,OAAA;AAAS,gBAAA,kBAAA;AAAoB,gBAAA;AAAY,aAAA;AAC/D,YAAA,cAAA,EAAgB,EAAE;AAClB,YAAA,WAAA,EAAa;AACf,SAAA;;AAGA,QAAA,IAAIoB,OAAOM,MAAM,CAAC,YAAYC,OAAQ,CAAA,OAAA,CAAA,CAASC,WAAWC,SAAa,EAAA,EAAA;AACrE,YAAA,MAAM,EAAEV,MAAQW,EAAAA,SAAS,EAAE,GAAGV,MAAAA,CAAOM,MAAM,CAAC,SAAA,CAAA;YAC5CD,YAAaM,CAAAA,IAAI,CAACD,SAAU,CAAA,UAAA,CAAA,CAAA;AAE5B9B,YAAAA,UAAU,CAAC,YAAa,CAAA,CAAC+B,IAAI,CAAC,CAAC,sBAAsB,CAAC,CAAA;AACtD/B,YAAAA,UAAU,CAAC,SAAU,CAAA,CAAC+B,IAAI,CAAC,CAAC,kDAAkD,CAAC,CAAA;AAC/E/B,YAAAA,UAAU,CAAC,cAAe,CAAA,CAAC+B,IAAI,CAAC,CAAC,MAAM,CAAC,CAAA;AACxC/B,YAAAA,UAAU,CAAC,cAAA,CAAe,CAAC+B,IAAI,CAAC,kDAAA,CAAA;AAChC/B,YAAAA,UAAU,CAAC,WAAY,CAAA,CAAC+B,IAAI,CAAC,CAAC,MAAM,CAAC,CAAA;AACrC/B,YAAAA,UAAU,CAAC,WAAA,CAAY,CAAC+B,IAAI,CAAC,iCAAA,CAAA;AAC/B;;AAGA,QAAA,IAAIV,GAAIW,CAAAA,MAAM,KAAK,KAAA,IAASP,aAAaQ,IAAI,CAAC,CAACC,GAAAA,GAAQb,GAAIc,CAAAA,IAAI,CAACC,UAAU,CAACF,GAAO,CAAA,CAAA,EAAA;AAChFX,YAAAA,YAAAA,GAAef,YAAYe,YAAc,EAAA;gBACvC7B,yBAA2B,EAAA,KAAA;gBAC3BI,qBAAuB,EAAA;AACrBE,oBAAAA;AACF;AACF,aAAA,CAAA;AACF;AAEA;;;;;;;AAOC,QAED,IACE;AAAC,YAAA,aAAA;AAAe,YAAA;SAAO,CAACqC,QAAQ,CAACC,OAAQC,CAAAA,GAAG,CAACC,QAAQ,IAAI,EACzDnB,CAAAA,IAAAA,GAAAA,CAAIW,MAAM,KAAK,SACfX,GAAIc,CAAAA,IAAI,CAACC,UAAU,CAAChB,OAAOD,MAAM,CAACsB,GAAG,CAAC,YACtC,CAAA,CAAA,EAAA;AACAlB,YAAAA,YAAAA,GAAef,YAAYe,YAAc,EAAA;gBACvCzB,qBAAuB,EAAA;oBACrBE,UAAY,EAAA;wBACV,YAAc,EAAA;AAAC,4BAAA,QAAA;AAAU,4BAAA;AAAkB,yBAAA;wBAC3C,aAAe,EAAA;AAAC,4BAAA,QAAA;AAAU,4BAAA,OAAA;AAAS,4BAAA,QAAA;AAAU,4BAAA;AAAM;AACrD;AACF;AACF,aAAA,CAAA;AACF;QAEA,OAAO0C,MAAAA,CAAOnB,cAAcF,GAAKC,EAAAA,IAAAA,CAAAA;;;;;"}
package/dist/middlewares/security.mjs CHANGED
@@ -1,76 +1,114 @@
1
- import { defaultsDeep, mergeWith } from "lodash/fp";
2
- import helmet from "koa-helmet";
1
+ import { defaultsDeep, mergeWith } from 'lodash/fp';
2
+ import helmet from 'koa-helmet';
3
+
3
4
  const defaults = {
4
- crossOriginEmbedderPolicy: false,
5
- crossOriginOpenerPolicy: false,
6
- crossOriginResourcePolicy: false,
7
- originAgentCluster: false,
8
- contentSecurityPolicy: {
9
- useDefaults: true,
10
- directives: {
11
- "connect-src": ["'self'", "https:"],
12
- "img-src": ["'self'", "data:", "blob:", "https://market-assets.strapi.io"],
13
- "media-src": ["'self'", "data:", "blob:"],
14
- upgradeInsecureRequests: null
15
- }
16
- },
17
- xssFilter: false,
18
- hsts: {
19
- maxAge: 31536e3,
20
- includeSubDomains: true
21
- },
22
- frameguard: {
23
- action: "sameorigin"
24
- }
25
- };
26
- const mergeConfig = (existingConfig, newConfig) => {
27
- return mergeWith(
28
- (obj, src) => Array.isArray(obj) && Array.isArray(src) ? obj.concat(src) : void 0,
29
- existingConfig,
30
- newConfig
31
- );
32
- };
33
- const security = (config, { strapi }) => (ctx, next) => {
34
- let helmetConfig = defaultsDeep(defaults, config);
35
- const specialPaths = ["/documentation"];
36
- const directives = {
37
- "script-src": ["'self'", "'unsafe-inline'", "cdn.jsdelivr.net"],
38
- "img-src": ["'self'", "data:", "cdn.jsdelivr.net", "strapi.io"],
39
- "manifest-src": [],
40
- "frame-src": []
41
- };
42
- if (strapi.plugin("graphql")?.service("utils").playground.isEnabled()) {
43
- const { config: gqlConfig } = strapi.plugin("graphql");
44
- specialPaths.push(gqlConfig("endpoint"));
45
- directives["script-src"].push(`https: 'unsafe-inline'`);
46
- directives["img-src"].push(`'apollo-server-landing-page.cdn.apollographql.com'`);
47
- directives["manifest-src"].push(`'self'`);
48
- directives["manifest-src"].push("apollo-server-landing-page.cdn.apollographql.com");
49
- directives["frame-src"].push(`'self'`);
50
- directives["frame-src"].push("sandbox.embed.apollographql.com");
51
- }
52
- if (ctx.method === "GET" && specialPaths.some((str) => ctx.path.startsWith(str))) {
53
- helmetConfig = mergeConfig(helmetConfig, {
54
- crossOriginEmbedderPolicy: false,
55
- // TODO: only use this for graphql playground
56
- contentSecurityPolicy: {
57
- directives
58
- }
59
- });
60
- }
61
- if (["development", "test"].includes(process.env.NODE_ENV ?? "") && ctx.method === "GET" && ctx.path.startsWith(strapi.config.get("admin.path"))) {
62
- helmetConfig = mergeConfig(helmetConfig, {
63
- contentSecurityPolicy: {
5
+ crossOriginEmbedderPolicy: false,
6
+ crossOriginOpenerPolicy: false,
7
+ crossOriginResourcePolicy: false,
8
+ originAgentCluster: false,
9
+ contentSecurityPolicy: {
10
+ useDefaults: true,
64
11
  directives: {
65
- "script-src": ["'self'", "'unsafe-inline'"],
66
- "connect-src": ["'self'", "http:", "https:", "ws:"]
12
+ 'connect-src': [
13
+ "'self'",
14
+ 'https:'
15
+ ],
16
+ 'img-src': [
17
+ "'self'",
18
+ 'data:',
19
+ 'blob:',
20
+ 'https://market-assets.strapi.io'
21
+ ],
22
+ 'media-src': [
23
+ "'self'",
24
+ 'data:',
25
+ 'blob:'
26
+ ],
27
+ upgradeInsecureRequests: null
67
28
  }
68
- }
69
- });
70
- }
71
- return helmet(helmetConfig)(ctx, next);
29
+ },
30
+ xssFilter: false,
31
+ hsts: {
32
+ maxAge: 31536000,
33
+ includeSubDomains: true
34
+ },
35
+ frameguard: {
36
+ action: 'sameorigin'
37
+ }
72
38
  };
73
- export {
74
- security
39
+ const mergeConfig = (existingConfig, newConfig)=>{
40
+ return mergeWith((obj, src)=>Array.isArray(obj) && Array.isArray(src) ? obj.concat(src) : undefined, existingConfig, newConfig);
75
41
  };
42
+ const security = (config, { strapi })=>(ctx, next)=>{
43
+ let helmetConfig = defaultsDeep(defaults, config);
44
+ const specialPaths = [
45
+ '/documentation'
46
+ ];
47
+ const directives = {
48
+ 'script-src': [
49
+ "'self'",
50
+ "'unsafe-inline'",
51
+ 'cdn.jsdelivr.net'
52
+ ],
53
+ 'img-src': [
54
+ "'self'",
55
+ 'data:',
56
+ 'cdn.jsdelivr.net',
57
+ 'strapi.io'
58
+ ],
59
+ 'manifest-src': [],
60
+ 'frame-src': []
61
+ };
62
+ // if apollo graphql playground is enabled, add exceptions for it
63
+ if (strapi.plugin('graphql')?.service('utils').playground.isEnabled()) {
64
+ const { config: gqlConfig } = strapi.plugin('graphql');
65
+ specialPaths.push(gqlConfig('endpoint'));
66
+ directives['script-src'].push(`https: 'unsafe-inline'`);
67
+ directives['img-src'].push(`'apollo-server-landing-page.cdn.apollographql.com'`);
68
+ directives['manifest-src'].push(`'self'`);
69
+ directives['manifest-src'].push('apollo-server-landing-page.cdn.apollographql.com');
70
+ directives['frame-src'].push(`'self'`);
71
+ directives['frame-src'].push('sandbox.embed.apollographql.com');
72
+ }
73
+ // TODO: we shouldn't combine playground exceptions with documentation for all routes, we should first check the path and then return exceptions specific to that
74
+ if (ctx.method === 'GET' && specialPaths.some((str)=>ctx.path.startsWith(str))) {
75
+ helmetConfig = mergeConfig(helmetConfig, {
76
+ crossOriginEmbedderPolicy: false,
77
+ contentSecurityPolicy: {
78
+ directives
79
+ }
80
+ });
81
+ }
82
+ /**
83
+ * These are for vite's watch mode so it can accurately
84
+ * connect to the HMR websocket & reconnect on failure
85
+ * or when the server restarts.
86
+ *
87
+ * It only applies in development, and only on GET requests
88
+ * that are part of the admin route.
89
+ */ if ([
90
+ 'development',
91
+ 'test'
92
+ ].includes(process.env.NODE_ENV ?? '') && ctx.method === 'GET' && ctx.path.startsWith(strapi.config.get('admin.path'))) {
93
+ helmetConfig = mergeConfig(helmetConfig, {
94
+ contentSecurityPolicy: {
95
+ directives: {
96
+ 'script-src': [
97
+ "'self'",
98
+ "'unsafe-inline'"
99
+ ],
100
+ 'connect-src': [
101
+ "'self'",
102
+ 'http:',
103
+ 'https:',
104
+ 'ws:'
105
+ ]
106
+ }
107
+ }
108
+ });
109
+ }
110
+ return helmet(helmetConfig)(ctx, next);
111
+ };
112
+
113
+ export { security };
76
114
  //# sourceMappingURL=security.mjs.map
package/dist/middlewares/security.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"security.mjs","sources":["../../src/middlewares/security.ts"],"sourcesContent":["import { defaultsDeep, mergeWith } from 'lodash/fp';\nimport helmet, { KoaHelmet } from 'koa-helmet';\n\nimport type { Core } from '@strapi/types';\n\nexport type Config = NonNullable<Parameters<KoaHelmet>[0]>;\n\nconst defaults: Config = {\n crossOriginEmbedderPolicy: false,\n crossOriginOpenerPolicy: false,\n crossOriginResourcePolicy: false,\n originAgentCluster: false,\n contentSecurityPolicy: {\n useDefaults: true,\n directives: {\n 'connect-src': [\"'self'\", 'https:'],\n 'img-src': [\"'self'\", 'data:', 'blob:', 'https://market-assets.strapi.io'],\n 'media-src': [\"'self'\", 'data:', 'blob:'],\n upgradeInsecureRequests: null,\n },\n },\n xssFilter: false,\n hsts: {\n maxAge: 31536000,\n includeSubDomains: true,\n },\n frameguard: {\n action: 'sameorigin',\n },\n};\n\nconst mergeConfig = (existingConfig: Config, newConfig: Config) => {\n return mergeWith(\n (obj, src) => (Array.isArray(obj) && Array.isArray(src) ? obj.concat(src) : undefined),\n existingConfig,\n newConfig\n );\n};\n\nexport const security: Core.MiddlewareFactory<Config> =\n (config, { strapi }) =>\n (ctx, next) => {\n let helmetConfig: Config = defaultsDeep(defaults, config);\n\n const specialPaths = ['/documentation'];\n\n const directives: {\n 'script-src': string[];\n 'img-src': string[];\n 'manifest-src': string[];\n 'frame-src': string[];\n } = {\n 'script-src': [\"'self'\", \"'unsafe-inline'\", 'cdn.jsdelivr.net'],\n 'img-src': [\"'self'\", 'data:', 'cdn.jsdelivr.net', 'strapi.io'],\n 'manifest-src': [],\n 'frame-src': [],\n };\n\n // if apollo graphql playground is enabled, add exceptions for it\n if (strapi.plugin('graphql')?.service('utils').playground.isEnabled()) {\n const { config: gqlConfig } = strapi.plugin('graphql');\n specialPaths.push(gqlConfig('endpoint'));\n\n directives['script-src'].push(`https: 'unsafe-inline'`);\n directives['img-src'].push(`'apollo-server-landing-page.cdn.apollographql.com'`);\n directives['manifest-src'].push(`'self'`);\n directives['manifest-src'].push('apollo-server-landing-page.cdn.apollographql.com');\n directives['frame-src'].push(`'self'`);\n directives['frame-src'].push('sandbox.embed.apollographql.com');\n }\n\n // TODO: we shouldn't combine playground exceptions with documentation for all routes, we should first check the path and then return exceptions specific to that\n if (ctx.method === 'GET' && specialPaths.some((str) => ctx.path.startsWith(str))) {\n helmetConfig = mergeConfig(helmetConfig, {\n crossOriginEmbedderPolicy: false, // TODO: only use this for graphql playground\n contentSecurityPolicy: {\n directives,\n },\n });\n }\n\n /**\n * These are for vite's watch mode so it can accurately\n * connect to the HMR websocket & reconnect on failure\n * or when the server restarts.\n *\n * It only applies in development, and only on GET requests\n * that are part of the admin route.\n */\n\n if (\n ['development', 'test'].includes(process.env.NODE_ENV ?? '') &&\n ctx.method === 'GET' &&\n ctx.path.startsWith(strapi.config.get('admin.path'))\n ) {\n helmetConfig = mergeConfig(helmetConfig, {\n contentSecurityPolicy: {\n directives: {\n 'script-src': [\"'self'\", \"'unsafe-inline'\"],\n 'connect-src': [\"'self'\", 'http:', 'https:', 'ws:'],\n },\n },\n });\n }\n\n return helmet(helmetConfig)(ctx, next);\n };\n"],"names":[],"mappings":";;AAOA,MAAM,WAAmB;AAAA,EACvB,2BAA2B;AAAA,EAC3B,yBAAyB;AAAA,EACzB,2BAA2B;AAAA,EAC3B,oBAAoB;AAAA,EACpB,uBAAuB;AAAA,IACrB,aAAa;AAAA,IACb,YAAY;AAAA,MACV,eAAe,CAAC,UAAU,QAAQ;AAAA,MAClC,WAAW,CAAC,UAAU,SAAS,SAAS,iCAAiC;AAAA,MACzE,aAAa,CAAC,UAAU,SAAS,OAAO;AAAA,MACxC,yBAAyB;AAAA,IAAA;AAAA,EAE7B;AAAA,EACA,WAAW;AAAA,EACX,MAAM;AAAA,IACJ,QAAQ;AAAA,IACR,mBAAmB;AAAA,EACrB;AAAA,EACA,YAAY;AAAA,IACV,QAAQ;AAAA,EAAA;AAEZ;AAEA,MAAM,cAAc,CAAC,gBAAwB,cAAsB;AAC1D,SAAA;AAAA,IACL,CAAC,KAAK,QAAS,MAAM,QAAQ,GAAG,KAAK,MAAM,QAAQ,GAAG,IAAI,IAAI,OAAO,GAAG,IAAI;AAAA,IAC5E;AAAA,IACA;AAAA,EACF;AACF;AAEa,MAAA,WACX,CAAC,QAAQ,EAAE,aACX,CAAC,KAAK,SAAS;AACT,MAAA,eAAuB,aAAa,UAAU,MAAM;AAElD,QAAA,eAAe,CAAC,gBAAgB;AAEtC,QAAM,aAKF;AAAA,IACF,cAAc,CAAC,UAAU,mBAAmB,kBAAkB;AAAA,IAC9D,WAAW,CAAC,UAAU,SAAS,oBAAoB,WAAW;AAAA,IAC9D,gBAAgB,CAAC;AAAA,IACjB,aAAa,CAAA;AAAA,EACf;AAGI,MAAA,OAAO,OAAO,SAAS,GAAG,QAAQ,OAAO,EAAE,WAAW,aAAa;AACrE,UAAM,EAAE,QAAQ,UAAA,IAAc,OAAO,OAAO,SAAS;AACxC,iBAAA,KAAK,UAAU,UAAU,CAAC;AAE5B,eAAA,YAAY,EAAE,KAAK,wBAAwB;AAC3C,eAAA,SAAS,EAAE,KAAK,oDAAoD;AACpE,eAAA,cAAc,EAAE,KAAK,QAAQ;AAC7B,eAAA,cAAc,EAAE,KAAK,kDAAkD;AACvE,eAAA,WAAW,EAAE,KAAK,QAAQ;AAC1B,eAAA,WAAW,EAAE,KAAK,iCAAiC;AAAA,EAAA;AAIhE,MAAI,IAAI,WAAW,SAAS,aAAa,KAAK,CAAC,QAAQ,IAAI,KAAK,WAAW,GAAG,CAAC,GAAG;AAChF,mBAAe,YAAY,cAAc;AAAA,MACvC,2BAA2B;AAAA;AAAA,MAC3B,uBAAuB;AAAA,QACrB;AAAA,MAAA;AAAA,IACF,CACD;AAAA,EAAA;AAaD,MAAA,CAAC,eAAe,MAAM,EAAE,SAAS,QAAQ,IAAI,YAAY,EAAE,KAC3D,IAAI,WAAW,SACf,IAAI,KAAK,WAAW,OAAO,OAAO,IAAI,YAAY,CAAC,GACnD;AACA,mBAAe,YAAY,cAAc;AAAA,MACvC,uBAAuB;AAAA,QACrB,YAAY;AAAA,UACV,cAAc,CAAC,UAAU,iBAAiB;AAAA,UAC1C,eAAe,CAAC,UAAU,SAAS,UAAU,KAAK;AAAA,QAAA;AAAA,MACpD;AAAA,IACF,CACD;AAAA,EAAA;AAGH,SAAO,OAAO,YAAY,EAAE,KAAK,IAAI;AACvC;"}
1
+ {"version":3,"file":"security.mjs","sources":["../../src/middlewares/security.ts"],"sourcesContent":["import { defaultsDeep, mergeWith } from 'lodash/fp';\nimport helmet, { KoaHelmet } from 'koa-helmet';\n\nimport type { Core } from '@strapi/types';\n\nexport type Config = NonNullable<Parameters<KoaHelmet>[0]>;\n\nconst defaults: Config = {\n crossOriginEmbedderPolicy: false,\n crossOriginOpenerPolicy: false,\n crossOriginResourcePolicy: false,\n originAgentCluster: false,\n contentSecurityPolicy: {\n useDefaults: true,\n directives: {\n 'connect-src': [\"'self'\", 'https:'],\n 'img-src': [\"'self'\", 'data:', 'blob:', 'https://market-assets.strapi.io'],\n 'media-src': [\"'self'\", 'data:', 'blob:'],\n upgradeInsecureRequests: null,\n },\n },\n xssFilter: false,\n hsts: {\n maxAge: 31536000,\n includeSubDomains: true,\n },\n frameguard: {\n action: 'sameorigin',\n },\n};\n\nconst mergeConfig = (existingConfig: Config, newConfig: Config) => {\n return mergeWith(\n (obj, src) => (Array.isArray(obj) && Array.isArray(src) ? obj.concat(src) : undefined),\n existingConfig,\n newConfig\n );\n};\n\nexport const security: Core.MiddlewareFactory<Config> =\n (config, { strapi }) =>\n (ctx, next) => {\n let helmetConfig: Config = defaultsDeep(defaults, config);\n\n const specialPaths = ['/documentation'];\n\n const directives: {\n 'script-src': string[];\n 'img-src': string[];\n 'manifest-src': string[];\n 'frame-src': string[];\n } = {\n 'script-src': [\"'self'\", \"'unsafe-inline'\", 'cdn.jsdelivr.net'],\n 'img-src': [\"'self'\", 'data:', 'cdn.jsdelivr.net', 'strapi.io'],\n 'manifest-src': [],\n 'frame-src': [],\n };\n\n // if apollo graphql playground is enabled, add exceptions for it\n if (strapi.plugin('graphql')?.service('utils').playground.isEnabled()) {\n const { config: gqlConfig } = strapi.plugin('graphql');\n specialPaths.push(gqlConfig('endpoint'));\n\n directives['script-src'].push(`https: 'unsafe-inline'`);\n directives['img-src'].push(`'apollo-server-landing-page.cdn.apollographql.com'`);\n directives['manifest-src'].push(`'self'`);\n directives['manifest-src'].push('apollo-server-landing-page.cdn.apollographql.com');\n directives['frame-src'].push(`'self'`);\n directives['frame-src'].push('sandbox.embed.apollographql.com');\n }\n\n // TODO: we shouldn't combine playground exceptions with documentation for all routes, we should first check the path and then return exceptions specific to that\n if (ctx.method === 'GET' && specialPaths.some((str) => ctx.path.startsWith(str))) {\n helmetConfig = mergeConfig(helmetConfig, {\n crossOriginEmbedderPolicy: false, // TODO: only use this for graphql playground\n contentSecurityPolicy: {\n directives,\n },\n });\n }\n\n /**\n * These are for vite's watch mode so it can accurately\n * connect to the HMR websocket & reconnect on failure\n * or when the server restarts.\n *\n * It only applies in development, and only on GET requests\n * that are part of the admin route.\n */\n\n if (\n ['development', 'test'].includes(process.env.NODE_ENV ?? '') &&\n ctx.method === 'GET' &&\n ctx.path.startsWith(strapi.config.get('admin.path'))\n ) {\n helmetConfig = mergeConfig(helmetConfig, {\n contentSecurityPolicy: {\n directives: {\n 'script-src': [\"'self'\", \"'unsafe-inline'\"],\n 'connect-src': [\"'self'\", 'http:', 'https:', 'ws:'],\n },\n },\n });\n }\n\n return helmet(helmetConfig)(ctx, next);\n };\n"],"names":["defaults","crossOriginEmbedderPolicy","crossOriginOpenerPolicy","crossOriginResourcePolicy","originAgentCluster","contentSecurityPolicy","useDefaults","directives","upgradeInsecureRequests","xssFilter","hsts","maxAge","includeSubDomains","frameguard","action","mergeConfig","existingConfig","newConfig","mergeWith","obj","src","Array","isArray","concat","undefined","security","config","strapi","ctx","next","helmetConfig","defaultsDeep","specialPaths","plugin","service","playground","isEnabled","gqlConfig","push","method","some","str","path","startsWith","includes","process","env","NODE_ENV","get","helmet"],"mappings":";;;AAOA,MAAMA,QAAmB,GAAA;IACvBC,yBAA2B,EAAA,KAAA;IAC3BC,uBAAyB,EAAA,KAAA;IACzBC,yBAA2B,EAAA,KAAA;IAC3BC,kBAAoB,EAAA,KAAA;IACpBC,qBAAuB,EAAA;QACrBC,WAAa,EAAA,IAAA;QACbC,UAAY,EAAA;YACV,aAAe,EAAA;AAAC,gBAAA,QAAA;AAAU,gBAAA;AAAS,aAAA;YACnC,SAAW,EAAA;AAAC,gBAAA,QAAA;AAAU,gBAAA,OAAA;AAAS,gBAAA,OAAA;AAAS,gBAAA;AAAkC,aAAA;YAC1E,WAAa,EAAA;AAAC,gBAAA,QAAA;AAAU,gBAAA,OAAA;AAAS,gBAAA;AAAQ,aAAA;YACzCC,uBAAyB,EAAA;AAC3B;AACF,KAAA;IACAC,SAAW,EAAA,KAAA;IACXC,IAAM,EAAA;QACJC,MAAQ,EAAA,QAAA;QACRC,iBAAmB,EAAA;AACrB,KAAA;IACAC,UAAY,EAAA;QACVC,MAAQ,EAAA;AACV;AACF,CAAA;AAEA,MAAMC,WAAAA,GAAc,CAACC,cAAwBC,EAAAA,SAAAA,GAAAA;AAC3C,IAAA,OAAOC,UACL,CAACC,GAAAA,EAAKC,GAASC,GAAAA,KAAAA,CAAMC,OAAO,CAACH,GAAAA,CAAAA,IAAQE,KAAMC,CAAAA,OAAO,CAACF,GAAOD,CAAAA,GAAAA,GAAAA,CAAII,MAAM,CAACH,GAAAA,CAAAA,GAAOI,WAC5ER,cACAC,EAAAA,SAAAA,CAAAA;AAEJ,CAAA;AAEO,MAAMQ,WACX,CAACC,MAAAA,EAAQ,EAAEC,MAAM,EAAE,GACnB,CAACC,GAAKC,EAAAA,IAAAA,GAAAA;QACJ,IAAIC,YAAAA,GAAuBC,aAAa/B,QAAU0B,EAAAA,MAAAA,CAAAA;AAElD,QAAA,MAAMM,YAAe,GAAA;AAAC,YAAA;AAAiB,SAAA;AAEvC,QAAA,MAAMzB,UAKF,GAAA;YACF,YAAc,EAAA;AAAC,gBAAA,QAAA;AAAU,gBAAA,iBAAA;AAAmB,gBAAA;AAAmB,aAAA;YAC/D,SAAW,EAAA;AAAC,gBAAA,QAAA;AAAU,gBAAA,OAAA;AAAS,gBAAA,kBAAA;AAAoB,gBAAA;AAAY,aAAA;AAC/D,YAAA,cAAA,EAAgB,EAAE;AAClB,YAAA,WAAA,EAAa;AACf,SAAA;;AAGA,QAAA,IAAIoB,OAAOM,MAAM,CAAC,YAAYC,OAAQ,CAAA,OAAA,CAAA,CAASC,WAAWC,SAAa,EAAA,EAAA;AACrE,YAAA,MAAM,EAAEV,MAAQW,EAAAA,SAAS,EAAE,GAAGV,MAAAA,CAAOM,MAAM,CAAC,SAAA,CAAA;YAC5CD,YAAaM,CAAAA,IAAI,CAACD,SAAU,CAAA,UAAA,CAAA,CAAA;AAE5B9B,YAAAA,UAAU,CAAC,YAAa,CAAA,CAAC+B,IAAI,CAAC,CAAC,sBAAsB,CAAC,CAAA;AACtD/B,YAAAA,UAAU,CAAC,SAAU,CAAA,CAAC+B,IAAI,CAAC,CAAC,kDAAkD,CAAC,CAAA;AAC/E/B,YAAAA,UAAU,CAAC,cAAe,CAAA,CAAC+B,IAAI,CAAC,CAAC,MAAM,CAAC,CAAA;AACxC/B,YAAAA,UAAU,CAAC,cAAA,CAAe,CAAC+B,IAAI,CAAC,kDAAA,CAAA;AAChC/B,YAAAA,UAAU,CAAC,WAAY,CAAA,CAAC+B,IAAI,CAAC,CAAC,MAAM,CAAC,CAAA;AACrC/B,YAAAA,UAAU,CAAC,WAAA,CAAY,CAAC+B,IAAI,CAAC,iCAAA,CAAA;AAC/B;;AAGA,QAAA,IAAIV,GAAIW,CAAAA,MAAM,KAAK,KAAA,IAASP,aAAaQ,IAAI,CAAC,CAACC,GAAAA,GAAQb,GAAIc,CAAAA,IAAI,CAACC,UAAU,CAACF,GAAO,CAAA,CAAA,EAAA;AAChFX,YAAAA,YAAAA,GAAef,YAAYe,YAAc,EAAA;gBACvC7B,yBAA2B,EAAA,KAAA;gBAC3BI,qBAAuB,EAAA;AACrBE,oBAAAA;AACF;AACF,aAAA,CAAA;AACF;AAEA;;;;;;;AAOC,QAED,IACE;AAAC,YAAA,aAAA;AAAe,YAAA;SAAO,CAACqC,QAAQ,CAACC,OAAQC,CAAAA,GAAG,CAACC,QAAQ,IAAI,EACzDnB,CAAAA,IAAAA,GAAAA,CAAIW,MAAM,KAAK,SACfX,GAAIc,CAAAA,IAAI,CAACC,UAAU,CAAChB,OAAOD,MAAM,CAACsB,GAAG,CAAC,YACtC,CAAA,CAAA,EAAA;AACAlB,YAAAA,YAAAA,GAAef,YAAYe,YAAc,EAAA;gBACvCzB,qBAAuB,EAAA;oBACrBE,UAAY,EAAA;wBACV,YAAc,EAAA;AAAC,4BAAA,QAAA;AAAU,4BAAA;AAAkB,yBAAA;wBAC3C,aAAe,EAAA;AAAC,4BAAA,QAAA;AAAU,4BAAA,OAAA;AAAS,4BAAA,QAAA;AAAU,4BAAA;AAAM;AACrD;AACF;AACF,aAAA,CAAA;AACF;QAEA,OAAO0C,MAAAA,CAAOnB,cAAcF,GAAKC,EAAAA,IAAAA,CAAAA;;;;;"}
package/dist/middlewares/session.js CHANGED
@@ -1,30 +1,31 @@
1
- "use strict";
2
- Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
3
- const fp = require("lodash/fp");
4
- const koaSession = require("koa-session");
5
- const _interopDefault = (e) => e && e.__esModule ? e : { default: e };
6
- const koaSession__default = /* @__PURE__ */ _interopDefault(koaSession);
1
+ 'use strict';
2
+
3
+ var fp = require('lodash/fp');
4
+ var koaSession = require('koa-session');
5
+
7
6
  const defaultConfig = {
8
- key: "koa.sess",
9
- maxAge: 864e5,
10
- autoCommit: true,
11
- overwrite: true,
12
- httpOnly: true,
13
- signed: true,
14
- rolling: false,
15
- renew: false,
16
- secure: process.env.NODE_ENV === "production",
17
- sameSite: void 0
7
+ key: 'koa.sess',
8
+ maxAge: 86400000,
9
+ autoCommit: true,
10
+ overwrite: true,
11
+ httpOnly: true,
12
+ signed: true,
13
+ rolling: false,
14
+ renew: false,
15
+ secure: process.env.NODE_ENV === 'production',
16
+ sameSite: undefined
18
17
  };
19
- const session = (userConfig, { strapi }) => {
20
- const { keys } = strapi.server.app;
21
- if (!fp.isArray(keys) || fp.isEmpty(keys) || keys.some(fp.isEmpty)) {
22
- throw new Error(
23
- `App keys are required. Please set app.keys in config/server.js (ex: keys: ['myKeyA', 'myKeyB'])`
24
- );
25
- }
26
- const config = { ...defaultConfig, ...userConfig };
27
- strapi.server.use(koaSession__default.default(config, strapi.server.app));
18
+ const session = (userConfig, { strapi })=>{
19
+ const { keys } = strapi.server.app;
20
+ if (!fp.isArray(keys) || fp.isEmpty(keys) || keys.some(fp.isEmpty)) {
21
+ throw new Error(`App keys are required. Please set app.keys in config/server.js (ex: keys: ['myKeyA', 'myKeyB'])`);
22
+ }
23
+ const config = {
24
+ ...defaultConfig,
25
+ ...userConfig
26
+ };
27
+ strapi.server.use(koaSession(config, strapi.server.app));
28
28
  };
29
+
29
30
  exports.session = session;
30
31
  //# sourceMappingURL=session.js.map
package/dist/middlewares/session.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"session.js","sources":["../../src/middlewares/session.ts"],"sourcesContent":["import { isEmpty, isArray } from 'lodash/fp';\nimport koaSession from 'koa-session';\nimport type { Core } from '@strapi/types';\n\nconst defaultConfig = {\n key: 'koa.sess',\n maxAge: 86400000,\n autoCommit: true,\n overwrite: true,\n httpOnly: true,\n signed: true,\n rolling: false,\n renew: false,\n secure: process.env.NODE_ENV === 'production',\n sameSite: undefined,\n};\n\nexport const session: Core.MiddlewareFactory<Partial<koaSession.opts>> = (\n userConfig,\n { strapi }\n) => {\n const { keys } = strapi.server.app;\n if (!isArray(keys) || isEmpty(keys) || keys.some(isEmpty)) {\n throw new Error(\n `App keys are required. Please set app.keys in config/server.js (ex: keys: ['myKeyA', 'myKeyB'])`\n );\n }\n\n const config: Partial<koaSession.opts> = { ...defaultConfig, ...userConfig };\n\n strapi.server.use(koaSession(config, strapi.server.app));\n};\n"],"names":["isArray","isEmpty","koaSession"],"mappings":";;;;;;AAIA,MAAM,gBAAgB;AAAA,EACpB,KAAK;AAAA,EACL,QAAQ;AAAA,EACR,YAAY;AAAA,EACZ,WAAW;AAAA,EACX,UAAU;AAAA,EACV,QAAQ;AAAA,EACR,SAAS;AAAA,EACT,OAAO;AAAA,EACP,QAAQ,QAAQ,IAAI,aAAa;AAAA,EACjC,UAAU;AACZ;AAEO,MAAM,UAA4D,CACvE,YACA,EAAE,aACC;AACH,QAAM,EAAE,KAAA,IAAS,OAAO,OAAO;AAC3B,MAAA,CAACA,GAAAA,QAAQ,IAAI,KAAKC,GAAA,QAAQ,IAAI,KAAK,KAAK,KAAKA,GAAAA,OAAO,GAAG;AACzD,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EAAA;AAGF,QAAM,SAAmC,EAAE,GAAG,eAAe,GAAG,WAAW;AAE3E,SAAO,OAAO,IAAIC,oBAAA,QAAW,QAAQ,OAAO,OAAO,GAAG,CAAC;AACzD;;"}
1
+ {"version":3,"file":"session.js","sources":["../../src/middlewares/session.ts"],"sourcesContent":["import { isEmpty, isArray } from 'lodash/fp';\nimport koaSession from 'koa-session';\nimport type { Core } from '@strapi/types';\n\nconst defaultConfig = {\n key: 'koa.sess',\n maxAge: 86400000,\n autoCommit: true,\n overwrite: true,\n httpOnly: true,\n signed: true,\n rolling: false,\n renew: false,\n secure: process.env.NODE_ENV === 'production',\n sameSite: undefined,\n};\n\nexport const session: Core.MiddlewareFactory<Partial<koaSession.opts>> = (\n userConfig,\n { strapi }\n) => {\n const { keys } = strapi.server.app;\n if (!isArray(keys) || isEmpty(keys) || keys.some(isEmpty)) {\n throw new Error(\n `App keys are required. Please set app.keys in config/server.js (ex: keys: ['myKeyA', 'myKeyB'])`\n );\n }\n\n const config: Partial<koaSession.opts> = { ...defaultConfig, ...userConfig };\n\n strapi.server.use(koaSession(config, strapi.server.app));\n};\n"],"names":["defaultConfig","key","maxAge","autoCommit","overwrite","httpOnly","signed","rolling","renew","secure","process","env","NODE_ENV","sameSite","undefined","session","userConfig","strapi","keys","server","app","isArray","isEmpty","some","Error","config","use","koaSession"],"mappings":";;;;;AAIA,MAAMA,aAAgB,GAAA;IACpBC,GAAK,EAAA,UAAA;IACLC,MAAQ,EAAA,QAAA;IACRC,UAAY,EAAA,IAAA;IACZC,SAAW,EAAA,IAAA;IACXC,QAAU,EAAA,IAAA;IACVC,MAAQ,EAAA,IAAA;IACRC,OAAS,EAAA,KAAA;IACTC,KAAO,EAAA,KAAA;AACPC,IAAAA,MAAAA,EAAQC,OAAQC,CAAAA,GAAG,CAACC,QAAQ,KAAK,YAAA;IACjCC,QAAUC,EAAAA;AACZ,CAAA;MAEaC,OAA4D,GAAA,CACvEC,UACA,EAAA,EAAEC,MAAM,EAAE,GAAA;AAEV,IAAA,MAAM,EAAEC,IAAI,EAAE,GAAGD,MAAOE,CAAAA,MAAM,CAACC,GAAG;IAClC,IAAI,CAACC,WAAQH,IAASI,CAAAA,IAAAA,UAAAA,CAAQJ,SAASA,IAAKK,CAAAA,IAAI,CAACD,UAAU,CAAA,EAAA;AACzD,QAAA,MAAM,IAAIE,KAAAA,CACR,CAAC,+FAA+F,CAAC,CAAA;AAErG;AAEA,IAAA,MAAMC,MAAmC,GAAA;AAAE,QAAA,GAAGzB,aAAa;AAAE,QAAA,GAAGgB;AAAW,KAAA;IAE3EC,MAAOE,CAAAA,MAAM,CAACO,GAAG,CAACC,WAAWF,MAAQR,EAAAA,MAAAA,CAAOE,MAAM,CAACC,GAAG,CAAA,CAAA;AACxD;;;;"}
package/dist/middlewares/session.mjs CHANGED
@@ -1,28 +1,29 @@
1
- import { isArray, isEmpty } from "lodash/fp";
2
- import koaSession from "koa-session";
1
+ import { isArray, isEmpty } from 'lodash/fp';
2
+ import koaSession from 'koa-session';
3
+
3
4
  const defaultConfig = {
4
- key: "koa.sess",
5
- maxAge: 864e5,
6
- autoCommit: true,
7
- overwrite: true,
8
- httpOnly: true,
9
- signed: true,
10
- rolling: false,
11
- renew: false,
12
- secure: process.env.NODE_ENV === "production",
13
- sameSite: void 0
5
+ key: 'koa.sess',
6
+ maxAge: 86400000,
7
+ autoCommit: true,
8
+ overwrite: true,
9
+ httpOnly: true,
10
+ signed: true,
11
+ rolling: false,
12
+ renew: false,
13
+ secure: process.env.NODE_ENV === 'production',
14
+ sameSite: undefined
14
15
  };
15
- const session = (userConfig, { strapi }) => {
16
- const { keys } = strapi.server.app;
17
- if (!isArray(keys) || isEmpty(keys) || keys.some(isEmpty)) {
18
- throw new Error(
19
- `App keys are required. Please set app.keys in config/server.js (ex: keys: ['myKeyA', 'myKeyB'])`
20
- );
21
- }
22
- const config = { ...defaultConfig, ...userConfig };
23
- strapi.server.use(koaSession(config, strapi.server.app));
24
- };
25
- export {
26
- session
16
+ const session = (userConfig, { strapi })=>{
17
+ const { keys } = strapi.server.app;
18
+ if (!isArray(keys) || isEmpty(keys) || keys.some(isEmpty)) {
19
+ throw new Error(`App keys are required. Please set app.keys in config/server.js (ex: keys: ['myKeyA', 'myKeyB'])`);
20
+ }
21
+ const config = {
22
+ ...defaultConfig,
23
+ ...userConfig
24
+ };
25
+ strapi.server.use(koaSession(config, strapi.server.app));
27
26
  };
27
+
28
+ export { session };
28
29
  //# sourceMappingURL=session.mjs.map
package/dist/middlewares/session.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"session.mjs","sources":["../../src/middlewares/session.ts"],"sourcesContent":["import { isEmpty, isArray } from 'lodash/fp';\nimport koaSession from 'koa-session';\nimport type { Core } from '@strapi/types';\n\nconst defaultConfig = {\n key: 'koa.sess',\n maxAge: 86400000,\n autoCommit: true,\n overwrite: true,\n httpOnly: true,\n signed: true,\n rolling: false,\n renew: false,\n secure: process.env.NODE_ENV === 'production',\n sameSite: undefined,\n};\n\nexport const session: Core.MiddlewareFactory<Partial<koaSession.opts>> = (\n userConfig,\n { strapi }\n) => {\n const { keys } = strapi.server.app;\n if (!isArray(keys) || isEmpty(keys) || keys.some(isEmpty)) {\n throw new Error(\n `App keys are required. Please set app.keys in config/server.js (ex: keys: ['myKeyA', 'myKeyB'])`\n );\n }\n\n const config: Partial<koaSession.opts> = { ...defaultConfig, ...userConfig };\n\n strapi.server.use(koaSession(config, strapi.server.app));\n};\n"],"names":[],"mappings":";;AAIA,MAAM,gBAAgB;AAAA,EACpB,KAAK;AAAA,EACL,QAAQ;AAAA,EACR,YAAY;AAAA,EACZ,WAAW;AAAA,EACX,UAAU;AAAA,EACV,QAAQ;AAAA,EACR,SAAS;AAAA,EACT,OAAO;AAAA,EACP,QAAQ,QAAQ,IAAI,aAAa;AAAA,EACjC,UAAU;AACZ;AAEO,MAAM,UAA4D,CACvE,YACA,EAAE,aACC;AACH,QAAM,EAAE,KAAA,IAAS,OAAO,OAAO;AAC3B,MAAA,CAAC,QAAQ,IAAI,KAAK,QAAQ,IAAI,KAAK,KAAK,KAAK,OAAO,GAAG;AACzD,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EAAA;AAGF,QAAM,SAAmC,EAAE,GAAG,eAAe,GAAG,WAAW;AAE3E,SAAO,OAAO,IAAI,WAAW,QAAQ,OAAO,OAAO,GAAG,CAAC;AACzD;"}
1
+ {"version":3,"file":"session.mjs","sources":["../../src/middlewares/session.ts"],"sourcesContent":["import { isEmpty, isArray } from 'lodash/fp';\nimport koaSession from 'koa-session';\nimport type { Core } from '@strapi/types';\n\nconst defaultConfig = {\n key: 'koa.sess',\n maxAge: 86400000,\n autoCommit: true,\n overwrite: true,\n httpOnly: true,\n signed: true,\n rolling: false,\n renew: false,\n secure: process.env.NODE_ENV === 'production',\n sameSite: undefined,\n};\n\nexport const session: Core.MiddlewareFactory<Partial<koaSession.opts>> = (\n userConfig,\n { strapi }\n) => {\n const { keys } = strapi.server.app;\n if (!isArray(keys) || isEmpty(keys) || keys.some(isEmpty)) {\n throw new Error(\n `App keys are required. Please set app.keys in config/server.js (ex: keys: ['myKeyA', 'myKeyB'])`\n );\n }\n\n const config: Partial<koaSession.opts> = { ...defaultConfig, ...userConfig };\n\n strapi.server.use(koaSession(config, strapi.server.app));\n};\n"],"names":["defaultConfig","key","maxAge","autoCommit","overwrite","httpOnly","signed","rolling","renew","secure","process","env","NODE_ENV","sameSite","undefined","session","userConfig","strapi","keys","server","app","isArray","isEmpty","some","Error","config","use","koaSession"],"mappings":";;;AAIA,MAAMA,aAAgB,GAAA;IACpBC,GAAK,EAAA,UAAA;IACLC,MAAQ,EAAA,QAAA;IACRC,UAAY,EAAA,IAAA;IACZC,SAAW,EAAA,IAAA;IACXC,QAAU,EAAA,IAAA;IACVC,MAAQ,EAAA,IAAA;IACRC,OAAS,EAAA,KAAA;IACTC,KAAO,EAAA,KAAA;AACPC,IAAAA,MAAAA,EAAQC,OAAQC,CAAAA,GAAG,CAACC,QAAQ,KAAK,YAAA;IACjCC,QAAUC,EAAAA;AACZ,CAAA;MAEaC,OAA4D,GAAA,CACvEC,UACA,EAAA,EAAEC,MAAM,EAAE,GAAA;AAEV,IAAA,MAAM,EAAEC,IAAI,EAAE,GAAGD,MAAOE,CAAAA,MAAM,CAACC,GAAG;IAClC,IAAI,CAACC,QAAQH,IAASI,CAAAA,IAAAA,OAAAA,CAAQJ,SAASA,IAAKK,CAAAA,IAAI,CAACD,OAAU,CAAA,EAAA;AACzD,QAAA,MAAM,IAAIE,KAAAA,CACR,CAAC,+FAA+F,CAAC,CAAA;AAErG;AAEA,IAAA,MAAMC,MAAmC,GAAA;AAAE,QAAA,GAAGzB,aAAa;AAAE,QAAA,GAAGgB;AAAW,KAAA;IAE3EC,MAAOE,CAAAA,MAAM,CAACO,GAAG,CAACC,WAAWF,MAAQR,EAAAA,MAAAA,CAAOE,MAAM,CAACC,GAAG,CAAA,CAAA;AACxD;;;;"}