npm - @strapi/core - Versions diffs - 0.0.0-experimental.d23c1d5b0e45dd06ef09977f526c85468be05403 → 0.0.0-experimental.d3243594aea3e6fa0ef08580192bb0df29c9162d - Mend

@strapi/core 0.0.0-experimental.d23c1d5b0e45dd06ef09977f526c85468be05403 → 0.0.0-experimental.d3243594aea3e6fa0ef08580192bb0df29c9162d

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (312) hide show

package/dist/loaders/plugins/index.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.mjs","sources":["../../../src/loaders/plugins/index.ts"],"sourcesContent":["import { join } from 'path';\nimport fse from 'fs-extra';\nimport { defaultsDeep, defaults, getOr, get } from 'lodash/fp';\nimport { env } from '@strapi/utils';\nimport type { Core, Plugin, Struct } from '@strapi/types';\nimport { loadConfigFile } from '../../utils/load-config-file';\nimport { loadFiles } from '../../utils/load-files';\nimport { getEnabledPlugins } from './get-enabled-plugins';\nimport { getUserPluginsConfig } from './get-user-plugins-config';\nimport { getGlobalId } from '../../domain/content-type';\n\ninterface Plugins {\n [key: string]: Plugin.LoadedPlugin;\n}\n\nconst defaultPlugin = {\n bootstrap() {},\n destroy() {},\n register() {},\n config: {\n default: {},\n validator() {},\n },\n routes: [],\n controllers: {},\n services: {},\n policies: {},\n middlewares: {},\n contentTypes: {},\n};\n\nconst applyUserExtension = async (plugins: Plugins) => {\n const extensionsDir = strapi.dirs.dist.extensions;\n if (!(await fse.pathExists(extensionsDir))) {\n return;\n }\n\n const extendedSchemas = await loadFiles(extensionsDir, '/content-types//schema.json');\n const strapiServers = await loadFiles(extensionsDir, '**/strapi-server.js');\n\n for (const pluginName of Object.keys(plugins)) {\n const plugin = plugins[pluginName];\n // first: load json schema\n for (const ctName of Object.keys(plugin.contentTypes)) {\n const extendedSchema = get([pluginName, 'content-types', ctName, 'schema'], extendedSchemas);\n if (extendedSchema) {\n plugin.contentTypes[ctName].schema = {\n ...plugin.contentTypes[ctName].schema,\n ...extendedSchema,\n };\n }\n }\n // second: execute strapi-server extension\n const strapiServer = get([pluginName, 'strapi-server'], strapiServers);\n if (strapiServer) {\n plugins[pluginName] = await strapiServer(plugin);\n }\n }\n};\n\nconst applyUserConfig = async (plugins: Plugins) => {\n const userPluginsConfig = await getUserPluginsConfig();\n\n for (const pluginName of Object.keys(plugins)) {\n const plugin = plugins[pluginName];\n const userPluginConfig = getOr({}, `${pluginName}.config`, userPluginsConfig);\n const defaultConfig =\n typeof plugin.config.default === 'function'\n ? plugin.config.default({ env })\n : plugin.config.default;\n\n const config = defaultsDeep(defaultConfig, userPluginConfig);\n try {\n plugin.config.validator(config);\n } catch (e) {\n if (e instanceof Error) {\n throw new Error(`Error regarding ${pluginName} config: ${e.message}`);\n }\n\n throw e;\n }\n plugin.config = config;\n }\n};\n\nexport default async function loadPlugins(strapi: Core.Strapi) {\n const plugins: Plugins = {};\n\n const enabledPlugins = await getEnabledPlugins(strapi);\n\n strapi.config.set('enabledPlugins', enabledPlugins);\n\n for (const pluginName of Object.keys(enabledPlugins)) {\n const enabledPlugin = enabledPlugins[pluginName];\n\n let serverEntrypointPath;\n\n try {\n ~~serverEntrypointPath~~ = ~~join~~(enabledPlugin.~~pathToPlugin~~, 'strapi-server.js');\n } catch (e) {\n throw new Error(\n `Error loading the plugin ${pluginName} because ${pluginName} is not installed. Please either install the plugin or remove it's configuration.`\n );\n }\n\n // only load plugins with a server entrypoint\n if (!(await fse.pathExists(serverEntrypointPath))) {\n continue;\n }\n\n const pluginServer = loadConfigFile(serverEntrypointPath);\n plugins[pluginName] = {\n ...defaultPlugin,\n ...pluginServer,\n contentTypes: formatContentTypes(pluginName, pluginServer.contentTypes ?? {}),\n config: defaults(defaultPlugin.config, pluginServer.config),\n routes: pluginServer.routes ?? defaultPlugin.routes,\n };\n }\n\n // TODO: validate plugin format\n await applyUserConfig(plugins);\n await applyUserExtension(plugins);\n\n for (const pluginName of Object.keys(plugins)) {\n strapi.get('plugins').add(pluginName, plugins[pluginName]);\n }\n}\n\nconst formatContentTypes = (\n pluginName: string,\n contentTypes: Record<string, { schema: Struct.ContentTypeSchema }>\n) => {\n Object.values(contentTypes).forEach((definition) => {\n const { schema } = definition;\n\n Object.assign(schema, {\n plugin: pluginName,\n collectionName:\n schema.collectionName \|\| `${pluginName}_${schema.info.singularName}`.toLowerCase(),\n globalId: getGlobalId(schema, pluginName),\n });\n });\n\n return contentTypes;\n};\n"],"names":["strapi"],"mappings":"~~;;;;;;;;;AAeA~~,MAAM,gBAAgB;AAAA,EACpB,YAAY;AAAA,EAAC;AAAA,EACb,UAAU;AAAA,EAAC;AAAA,EACX,WAAW;AAAA,EAAC;AAAA,EACZ,QAAQ;AAAA,IACN,SAAS,CAAC;AAAA,IACV,YAAY;AAAA,IAAC;AAAA,EACf;AAAA,EACA,QAAQ,CAAC;AAAA,EACT,aAAa,CAAC;AAAA,EACd,UAAU,CAAC;AAAA,EACX,UAAU,CAAC;AAAA,EACX,aAAa,CAAC;AAAA,EACd,cAAc,CAAC;AACjB;AAEA,MAAM,qBAAqB,OAAO,YAAqB;AAC/C,QAAA,gBAAgB,OAAO,KAAK,KAAK;AACvC,MAAI,CAAE,MAAM,IAAI,WAAW,aAAa,GAAI;AAC1C;AAAA,EACF;AAEA,QAAM,kBAAkB,MAAM,UAAU,eAAe,iCAAiC;AACxF,QAAM,gBAAgB,MAAM,UAAU,eAAe,qBAAqB;AAE1E,aAAW,cAAc,OAAO,KAAK,OAAO,GAAG;AACvC,UAAA,SAAS,QAAQ,UAAU;AAEjC,eAAW,UAAU,OAAO,KAAK,OAAO,YAAY,GAAG;AAC/C,YAAA,iBAAiB,IAAI,CAAC,YAAY,iBAAiB,QAAQ,QAAQ,GAAG,eAAe;AAC3F,UAAI,gBAAgB;AACX,eAAA,aAAa,MAAM,EAAE,SAAS;AAAA,UACnC,GAAG,OAAO,aAAa,MAAM,EAAE;AAAA,UAC/B,GAAG;AAAA,QAAA;AAAA,MAEP;AAAA,IACF;AAEA,UAAM,eAAe,IAAI,CAAC,YAAY,eAAe,GAAG,aAAa;AACrE,QAAI,cAAc;AAChB,cAAQ,UAAU,IAAI,MAAM,aAAa,MAAM;AAAA,IACjD;AAAA,EACF;AACF;AAEA,MAAM,kBAAkB,OAAO,YAAqB;AAC5C,QAAA,oBAAoB,MAAM;AAEhC,aAAW,cAAc,OAAO,KAAK,OAAO,GAAG;AACvC,UAAA,SAAS,QAAQ,UAAU;AACjC,UAAM,mBAAmB,MAAM,IAAI,GAAG,UAAU,WAAW,iBAAiB;AAC5E,UAAM,gBACJ,OAAO,OAAO,OAAO,YAAY,aAC7B,OAAO,OAAO,QAAQ,EAAE,IAAK,CAAA,IAC7B,OAAO,OAAO;AAEd,UAAA,SAAS,aAAa,eAAe,gBAAgB;AACvD,QAAA;AACK,aAAA,OAAO,UAAU,MAAM;AAAA,aACvB,GAAG;AACV,UAAI,aAAa,OAAO;AACtB,cAAM,IAAI,MAAM,mBAAmB,UAAU,YAAY,EAAE,OAAO,EAAE;AAAA,MACtE;AAEM,YAAA;AAAA,IACR;AACA,WAAO,SAAS;AAAA,EAClB;AACF;AAEA,eAA8B,YAAYA,SAAqB;AAC7D,QAAM,UAAmB,CAAA;AAEnB,QAAA,iBAAiB,MAAM,kBAAkBA,OAAM;AAErDA,UAAO,OAAO,IAAI,kBAAkB,cAAc;AAElD,aAAW,cAAc,OAAO,KAAK,cAAc,GAAG;AAC9C,UAAA,gBAAgB,eAAe,UAAU;AAE3C,QAAA;~~AAEA~~,QAAA;AACqB,6BAAA,KAAK,cAAc,cAAc,~~kBAAkB~~;AAAA,~~aACnE~~,GAAG;AACV,YAAM,IAAI;AAAA,QACR,4BAA4B,UAAU,YAAY,UAAU;AAAA,MAAA;AAAA,IAEhE;AAGA,QAAI,CAAE,MAAM,IAAI,WAAW,oBAAoB,GAAI;AACjD;AAAA,IACF;AAEM,UAAA,eAAe,eAAe,oBAAoB;AACxD,YAAQ,UAAU,IAAI;AAAA,MACpB,GAAG;AAAA,MACH,GAAG;AAAA,MACH,cAAc,mBAAmB,YAAY,aAAa,gBAAgB,CAAA,CAAE;AAAA,MAC5E,QAAQ,SAAS,cAAc,QAAQ,aAAa,MAAM;AAAA,MAC1D,QAAQ,aAAa,UAAU,cAAc;AAAA,IAAA;AAAA,EAEjD;AAGA,QAAM,gBAAgB,OAAO;AAC7B,QAAM,mBAAmB,OAAO;AAEhC,aAAW,cAAc,OAAO,KAAK,OAAO,GAAG;AAC7CA,YAAO,IAAI,SAAS,EAAE,IAAI,YAAY,QAAQ,UAAU,CAAC;AAAA,EAC3D;AACF;AAEA,MAAM,qBAAqB,CACzB,YACA,iBACG;AACH,SAAO,OAAO,YAAY,EAAE,QAAQ,CAAC,eAAe;AAC5C,UAAA,EAAE,OAAW,IAAA;AAEnB,WAAO,OAAO,QAAQ;AAAA,MACpB,QAAQ;AAAA,MACR,gBACE,OAAO,kBAAkB,GAAG,UAAU,IAAI,OAAO,KAAK,YAAY,GAAG,YAAY;AAAA,MACnF,UAAU,YAAY,QAAQ,UAAU;AAAA,IAAA,CACzC;AAAA,EAAA,CACF;AAEM,SAAA;AACT;"}
1	+ {"version":3,"file":"index.mjs","sources":["../../../src/loaders/plugins/index.ts"],"sourcesContent":["import { join } from 'path';\nimport fse from 'fs-extra';\nimport { defaultsDeep, defaults, getOr, get } from 'lodash/fp';\nimport * as resolve from 'resolve.exports';\n\nimport { env } from '@strapi/utils';\nimport type { Core, Plugin, Struct } from '@strapi/types';\nimport { loadConfigFile } from '../../utils/load-config-file';\nimport { loadFiles } from '../../utils/load-files';\nimport { getEnabledPlugins } from './get-enabled-plugins';\nimport { getUserPluginsConfig } from './get-user-plugins-config';\nimport { getGlobalId } from '../../domain/content-type';\n\ninterface Plugins {\n [key: string]: Plugin.LoadedPlugin;\n}\n\nconst defaultPlugin = {\n bootstrap() {},\n destroy() {},\n register() {},\n config: {\n default: {},\n validator() {},\n },\n routes: [],\n controllers: {},\n services: {},\n policies: {},\n middlewares: {},\n contentTypes: {},\n};\n\nconst applyUserExtension = async (plugins: Plugins) => {\n const extensionsDir = strapi.dirs.dist.extensions;\n if (!(await fse.pathExists(extensionsDir))) {\n return;\n }\n\n const extendedSchemas = await loadFiles(extensionsDir, '/content-types//schema.json');\n const strapiServers = await loadFiles(extensionsDir, '**/strapi-server.js');\n\n for (const pluginName of Object.keys(plugins)) {\n const plugin = plugins[pluginName];\n // first: load json schema\n for (const ctName of Object.keys(plugin.contentTypes)) {\n const extendedSchema = get([pluginName, 'content-types', ctName, 'schema'], extendedSchemas);\n if (extendedSchema) {\n plugin.contentTypes[ctName].schema = {\n ...plugin.contentTypes[ctName].schema,\n ...extendedSchema,\n };\n }\n }\n // second: execute strapi-server extension\n const strapiServer = get([pluginName, 'strapi-server'], strapiServers);\n if (strapiServer) {\n plugins[pluginName] = await strapiServer(plugin);\n }\n }\n};\n\nconst applyUserConfig = async (plugins: Plugins) => {\n const userPluginsConfig = await getUserPluginsConfig();\n\n for (const pluginName of Object.keys(plugins)) {\n const plugin = plugins[pluginName];\n const userPluginConfig = getOr({}, `${pluginName}.config`, userPluginsConfig);\n const defaultConfig =\n typeof plugin.config.default === 'function'\n ? plugin.config.default({ env })\n : plugin.config.default;\n\n const config = defaultsDeep(defaultConfig, userPluginConfig);\n try {\n plugin.config.validator(config);\n } catch (e) {\n if (e instanceof Error) {\n throw new Error(`Error regarding ${pluginName} config: ${e.message}`);\n }\n\n throw e;\n }\n plugin.config = config;\n }\n};\n\nexport default async function loadPlugins(strapi: Core.Strapi) {\n const plugins: Plugins = {};\n\n const enabledPlugins = await getEnabledPlugins(strapi);\n\n strapi.config.set('enabledPlugins', enabledPlugins);\n\n for (const pluginName of Object.keys(enabledPlugins)) {\n const enabledPlugin = enabledPlugins[pluginName];\n\n let serverEntrypointPath;\n let resolvedExport = './strapi-server.js';\n\n try {\n resolvedExport = (\n resolve.exports(enabledPlugin.packageInfo, 'strapi-server', {\n require: true,\n }) ?? './strapi-server.js'\n ).toString();\n } catch (e) {\n // no export map or missing strapi-server export => fallback to default\n }\n\n try {\n serverEntrypointPath = join(enabledPlugin.pathToPlugin, resolvedExport);\n } catch (e) {\n throw new Error(\n `Error loading the plugin ${pluginName} because ${pluginName} is not installed. Please either install the plugin or remove it's configuration.`\n );\n }\n\n // only load plugins with a server entrypoint\n if (!(await fse.pathExists(serverEntrypointPath))) {\n continue;\n }\n\n const pluginServer = loadConfigFile(serverEntrypointPath);\n plugins[pluginName] = {\n ...defaultPlugin,\n ...pluginServer,\n contentTypes: formatContentTypes(pluginName, pluginServer.contentTypes ?? {}),\n config: defaults(defaultPlugin.config, pluginServer.config),\n routes: pluginServer.routes ?? defaultPlugin.routes,\n };\n }\n\n // TODO: validate plugin format\n await applyUserConfig(plugins);\n await applyUserExtension(plugins);\n\n for (const pluginName of Object.keys(plugins)) {\n strapi.get('plugins').add(pluginName, plugins[pluginName]);\n }\n}\n\nconst formatContentTypes = (\n pluginName: string,\n contentTypes: Record<string, { schema: Struct.ContentTypeSchema }>\n) => {\n Object.values(contentTypes).forEach((definition) => {\n const { schema } = definition;\n\n Object.assign(schema, {\n plugin: pluginName,\n collectionName:\n schema.collectionName \|\| `${pluginName}_${schema.info.singularName}`.toLowerCase(),\n globalId: getGlobalId(schema, pluginName),\n });\n });\n\n return contentTypes;\n};\n"],"names":["strapi"],"mappings":";;;;;;;;;;AAiBA,MAAM,gBAAgB;AAAA,EACpB,YAAY;AAAA,EAAC;AAAA,EACb,UAAU;AAAA,EAAC;AAAA,EACX,WAAW;AAAA,EAAC;AAAA,EACZ,QAAQ;AAAA,IACN,SAAS,CAAC;AAAA,IACV,YAAY;AAAA,IAAC;AAAA,EACf;AAAA,EACA,QAAQ,CAAC;AAAA,EACT,aAAa,CAAC;AAAA,EACd,UAAU,CAAC;AAAA,EACX,UAAU,CAAC;AAAA,EACX,aAAa,CAAC;AAAA,EACd,cAAc,CAAC;AACjB;AAEA,MAAM,qBAAqB,OAAO,YAAqB;AAC/C,QAAA,gBAAgB,OAAO,KAAK,KAAK;AACvC,MAAI,CAAE,MAAM,IAAI,WAAW,aAAa,GAAI;AAC1C;AAAA,EACF;AAEA,QAAM,kBAAkB,MAAM,UAAU,eAAe,iCAAiC;AACxF,QAAM,gBAAgB,MAAM,UAAU,eAAe,qBAAqB;AAE1E,aAAW,cAAc,OAAO,KAAK,OAAO,GAAG;AACvC,UAAA,SAAS,QAAQ,UAAU;AAEjC,eAAW,UAAU,OAAO,KAAK,OAAO,YAAY,GAAG;AAC/C,YAAA,iBAAiB,IAAI,CAAC,YAAY,iBAAiB,QAAQ,QAAQ,GAAG,eAAe;AAC3F,UAAI,gBAAgB;AACX,eAAA,aAAa,MAAM,EAAE,SAAS;AAAA,UACnC,GAAG,OAAO,aAAa,MAAM,EAAE;AAAA,UAC/B,GAAG;AAAA,QAAA;AAAA,MAEP;AAAA,IACF;AAEA,UAAM,eAAe,IAAI,CAAC,YAAY,eAAe,GAAG,aAAa;AACrE,QAAI,cAAc;AAChB,cAAQ,UAAU,IAAI,MAAM,aAAa,MAAM;AAAA,IACjD;AAAA,EACF;AACF;AAEA,MAAM,kBAAkB,OAAO,YAAqB;AAC5C,QAAA,oBAAoB,MAAM;AAEhC,aAAW,cAAc,OAAO,KAAK,OAAO,GAAG;AACvC,UAAA,SAAS,QAAQ,UAAU;AACjC,UAAM,mBAAmB,MAAM,IAAI,GAAG,UAAU,WAAW,iBAAiB;AAC5E,UAAM,gBACJ,OAAO,OAAO,OAAO,YAAY,aAC7B,OAAO,OAAO,QAAQ,EAAE,IAAK,CAAA,IAC7B,OAAO,OAAO;AAEd,UAAA,SAAS,aAAa,eAAe,gBAAgB;AACvD,QAAA;AACK,aAAA,OAAO,UAAU,MAAM;AAAA,aACvB,GAAG;AACV,UAAI,aAAa,OAAO;AACtB,cAAM,IAAI,MAAM,mBAAmB,UAAU,YAAY,EAAE,OAAO,EAAE;AAAA,MACtE;AAEM,YAAA;AAAA,IACR;AACA,WAAO,SAAS;AAAA,EAClB;AACF;AAEA,eAA8B,YAAYA,SAAqB;AAC7D,QAAM,UAAmB,CAAA;AAEnB,QAAA,iBAAiB,MAAM,kBAAkBA,OAAM;AAErDA,UAAO,OAAO,IAAI,kBAAkB,cAAc;AAElD,aAAW,cAAc,OAAO,KAAK,cAAc,GAAG;AAC9C,UAAA,gBAAgB,eAAe,UAAU;AAE3C,QAAA;AACJ,QAAI,iBAAiB;AAEjB,QAAA;AACF,wBACE,QAAQ,QAAQ,cAAc,aAAa,iBAAiB;AAAA,QAC1D,SAAS;AAAA,MAAA,CACV,KAAK,sBACN;aACK,GAAG;AAAA,IAEZ;AAEI,QAAA;AACqB,6BAAA,KAAK,cAAc,cAAc,cAAc;AAAA,aAC/D,GAAG;AACV,YAAM,IAAI;AAAA,QACR,4BAA4B,UAAU,YAAY,UAAU;AAAA,MAAA;AAAA,IAEhE;AAGA,QAAI,CAAE,MAAM,IAAI,WAAW,oBAAoB,GAAI;AACjD;AAAA,IACF;AAEM,UAAA,eAAe,eAAe,oBAAoB;AACxD,YAAQ,UAAU,IAAI;AAAA,MACpB,GAAG;AAAA,MACH,GAAG;AAAA,MACH,cAAc,mBAAmB,YAAY,aAAa,gBAAgB,CAAA,CAAE;AAAA,MAC5E,QAAQ,SAAS,cAAc,QAAQ,aAAa,MAAM;AAAA,MAC1D,QAAQ,aAAa,UAAU,cAAc;AAAA,IAAA;AAAA,EAEjD;AAGA,QAAM,gBAAgB,OAAO;AAC7B,QAAM,mBAAmB,OAAO;AAEhC,aAAW,cAAc,OAAO,KAAK,OAAO,GAAG;AAC7CA,YAAO,IAAI,SAAS,EAAE,IAAI,YAAY,QAAQ,UAAU,CAAC;AAAA,EAC3D;AACF;AAEA,MAAM,qBAAqB,CACzB,YACA,iBACG;AACH,SAAO,OAAO,YAAY,EAAE,QAAQ,CAAC,eAAe;AAC5C,UAAA,EAAE,OAAW,IAAA;AAEnB,WAAO,OAAO,QAAQ;AAAA,MACpB,QAAQ;AAAA,MACR,gBACE,OAAO,kBAAkB,GAAG,UAAU,IAAI,OAAO,KAAK,YAAY,GAAG,YAAY;AAAA,MACnF,UAAU,YAAY,QAAQ,UAAU;AAAA,IAAA,CACzC;AAAA,EAAA,CACF;AAEM,SAAA;AACT;"}

package/dist/middlewares/body.js CHANGED Viewed

@@ -1,7 +1,7 @@
 "use strict";
 Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
 const fse = require("fs-extra");
-const _ = require("lodash/fp");
+const fp = require("lodash/fp");
 const body = require("koa-body");
 const mime = require("mime-types");
 const _interopDefault = (e) => e && e.__esModule ? e : { default: e };
@@ -21,7 +21,7 @@ function getFiles(ctx) {
   return ctx?.request?.files?.files;
 }
 const bodyMiddleware = (config, { strapi }) => {
-  const bodyConfig = _.defaultsDeep(defaults, config);
+  const bodyConfig = fp.defaultsDeep(defaults, config);
   let gqlEndpoint;
   if (strapi.plugin("graphql")) {
     const { config: gqlConfig } = strapi.plugin("graphql");

package/dist/middlewares/body.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"body.js","sources":["../../src/middlewares/body.ts"],"sourcesContent":["import fse from 'fs-extra';\nimport { defaultsDeep } from 'lodash/fp';\nimport body, { KoaBodyMiddlewareOptions } from 'koa-body';\nimport mime from 'mime-types';\nimport type Koa from 'koa';\nimport type { Core } from '@strapi/types';\n\nexport type Config = KoaBodyMiddlewareOptions;\n\nconst defaults = {\n multipart: true,\n patchKoa: true,\n};\n\nfunction ensureFileMimeType(file: any): void {\n if (!file.type) {\n file.type = mime.lookup(file.name) \|\| 'application/octet-stream';\n }\n}\n\nfunction getFiles(ctx: Koa.Context) {\n return ctx?.request?.files?.files;\n}\n\nconst bodyMiddleware: Core.MiddlewareFactory<Config> = (config, { strapi }) => {\n const bodyConfig: Config = defaultsDeep(defaults, config);\n\n let gqlEndpoint: string \| undefined;\n if (strapi.plugin('graphql')) {\n const { config: gqlConfig } = strapi.plugin('graphql');\n gqlEndpoint = gqlConfig('endpoint');\n }\n\n return async (ctx, next) => {\n // TODO: find a better way later\n if (gqlEndpoint && ctx.url === gqlEndpoint) {\n await next();\n } else {\n try {\n await body(bodyConfig)(ctx, async () => {});\n\n const files = getFiles(ctx);\n\n /*\n in case the mime-type wasn't sent, Strapi tries to guess it\n * from the file extension, to avoid a corrupt database state\n */\n if (files) {\n if (Array.isArray(files)) {\n files.forEach(ensureFileMimeType);\n } else {\n ensureFileMimeType(files);\n }\n }\n\n await next();\n } catch (error) {\n if (\n error instanceof Error &&\n error.message &&\n error.message.includes('maxFileSize exceeded')\n ) {\n return ctx.payloadTooLarge('FileTooBig');\n }\n\n throw error;\n }\n }\n\n const files = getFiles(ctx);\n\n // clean any file that was uploaded\n if (files) {\n if (Array.isArray(files)) {\n // not awaiting to not slow the request\n Promise.all(files.map((file) => fse.remove(file.filepath)));\n } else if (files && files.filepath) {\n // not awaiting to not slow the request\n fse.remove(files.filepath);\n }\n delete ctx.request.files;\n }\n };\n};\n\nexport { bodyMiddleware as body };\n"],"names":["mime","defaultsDeep","body","files","fse"],"mappings":";;;;;;;;;;AASA,MAAM,WAAW;AAAA,EACf,WAAW;AAAA,EACX,UAAU;AACZ;AAEA,SAAS,mBAAmB,MAAiB;AACvC,MAAA,CAAC,KAAK,MAAM;AACd,SAAK,OAAOA,sBAAK,OAAO,KAAK,IAAI,KAAK;AAAA,EACxC;AACF;AAEA,SAAS,SAAS,KAAkB;AAC3B,SAAA,KAAK,SAAS,OAAO;AAC9B;AAEA,MAAM,iBAAiD,CAAC,QAAQ,EAAE,aAAa;AACvE,QAAA,aAAqBC,~~EAAAA~~,aAAa,UAAU,MAAM;AAEpD,MAAA;AACA,MAAA,OAAO,OAAO,SAAS,GAAG;AAC5B,UAAM,EAAE,QAAQ,UAAA,IAAc,OAAO,OAAO,SAAS;AACrD,kBAAc,UAAU,UAAU;AAAA,EACpC;AAEO,SAAA,OAAO,KAAK,SAAS;AAEtB,QAAA,eAAe,IAAI,QAAQ,aAAa;AAC1C,YAAM,KAAK;AAAA,IAAA,OACN;AACD,UAAA;AACF,cAAMC,sBAAK,UAAU,EAAE,KAAK,YAAY;AAAA,QAAA,CAAE;AAEpCC,cAAAA,SAAQ,SAAS,GAAG;AAM1B,YAAIA,QAAO;AACL,cAAA,MAAM,QAAQA,MAAK,GAAG;AACxBA,mBAAM,QAAQ,kBAAkB;AAAA,UAAA,OAC3B;AACL,+BAAmBA,MAAK;AAAA,UAC1B;AAAA,QACF;AAEA,cAAM,KAAK;AAAA,eACJ,OAAO;AAEZ,YAAA,iBAAiB,SACjB,MAAM,WACN,MAAM,QAAQ,SAAS,sBAAsB,GAC7C;AACO,iBAAA,IAAI,gBAAgB,YAAY;AAAA,QACzC;AAEM,cAAA;AAAA,MACR;AAAA,IACF;AAEM,UAAA,QAAQ,SAAS,GAAG;AAG1B,QAAI,OAAO;AACL,UAAA,MAAM,QAAQ,KAAK,GAAG;AAEhB,gBAAA,IAAI,MAAM,IAAI,CAAC,SAASC,qBAAI,OAAO,KAAK,QAAQ,CAAC,CAAC;AAAA,MAAA,WACjD,SAAS,MAAM,UAAU;AAE9BA,qBAAAA,QAAA,OAAO,MAAM,QAAQ;AAAA,MAC3B;AACA,aAAO,IAAI,QAAQ;AAAA,IACrB;AAAA,EAAA;AAEJ;;"}
1	+ {"version":3,"file":"body.js","sources":["../../src/middlewares/body.ts"],"sourcesContent":["import fse from 'fs-extra';\nimport { defaultsDeep } from 'lodash/fp';\nimport body, { KoaBodyMiddlewareOptions } from 'koa-body';\nimport mime from 'mime-types';\nimport type Koa from 'koa';\nimport type { Core } from '@strapi/types';\n\nexport type Config = KoaBodyMiddlewareOptions;\n\nconst defaults = {\n multipart: true,\n patchKoa: true,\n};\n\nfunction ensureFileMimeType(file: any): void {\n if (!file.type) {\n file.type = mime.lookup(file.name) \|\| 'application/octet-stream';\n }\n}\n\nfunction getFiles(ctx: Koa.Context) {\n return ctx?.request?.files?.files;\n}\n\nconst bodyMiddleware: Core.MiddlewareFactory<Config> = (config, { strapi }) => {\n const bodyConfig: Config = defaultsDeep(defaults, config);\n\n let gqlEndpoint: string \| undefined;\n if (strapi.plugin('graphql')) {\n const { config: gqlConfig } = strapi.plugin('graphql');\n gqlEndpoint = gqlConfig('endpoint');\n }\n\n return async (ctx, next) => {\n // TODO: find a better way later\n if (gqlEndpoint && ctx.url === gqlEndpoint) {\n await next();\n } else {\n try {\n await body(bodyConfig)(ctx, async () => {});\n\n const files = getFiles(ctx);\n\n /*\n in case the mime-type wasn't sent, Strapi tries to guess it\n * from the file extension, to avoid a corrupt database state\n */\n if (files) {\n if (Array.isArray(files)) {\n files.forEach(ensureFileMimeType);\n } else {\n ensureFileMimeType(files);\n }\n }\n\n await next();\n } catch (error) {\n if (\n error instanceof Error &&\n error.message &&\n error.message.includes('maxFileSize exceeded')\n ) {\n return ctx.payloadTooLarge('FileTooBig');\n }\n\n throw error;\n }\n }\n\n const files = getFiles(ctx);\n\n // clean any file that was uploaded\n if (files) {\n if (Array.isArray(files)) {\n // not awaiting to not slow the request\n Promise.all(files.map((file) => fse.remove(file.filepath)));\n } else if (files && files.filepath) {\n // not awaiting to not slow the request\n fse.remove(files.filepath);\n }\n delete ctx.request.files;\n }\n };\n};\n\nexport { bodyMiddleware as body };\n"],"names":["mime","defaultsDeep","body","files","fse"],"mappings":";;;;;;;;;;AASA,MAAM,WAAW;AAAA,EACf,WAAW;AAAA,EACX,UAAU;AACZ;AAEA,SAAS,mBAAmB,MAAiB;AACvC,MAAA,CAAC,KAAK,MAAM;AACd,SAAK,OAAOA,sBAAK,OAAO,KAAK,IAAI,KAAK;AAAA,EACxC;AACF;AAEA,SAAS,SAAS,KAAkB;AAC3B,SAAA,KAAK,SAAS,OAAO;AAC9B;AAEA,MAAM,iBAAiD,CAAC,QAAQ,EAAE,aAAa;AACvE,QAAA,aAAqBC,GAAAA,aAAa,UAAU,MAAM;AAEpD,MAAA;AACA,MAAA,OAAO,OAAO,SAAS,GAAG;AAC5B,UAAM,EAAE,QAAQ,UAAA,IAAc,OAAO,OAAO,SAAS;AACrD,kBAAc,UAAU,UAAU;AAAA,EACpC;AAEO,SAAA,OAAO,KAAK,SAAS;AAEtB,QAAA,eAAe,IAAI,QAAQ,aAAa;AAC1C,YAAM,KAAK;AAAA,IAAA,OACN;AACD,UAAA;AACF,cAAMC,sBAAK,UAAU,EAAE,KAAK,YAAY;AAAA,QAAA,CAAE;AAEpCC,cAAAA,SAAQ,SAAS,GAAG;AAM1B,YAAIA,QAAO;AACL,cAAA,MAAM,QAAQA,MAAK,GAAG;AACxBA,mBAAM,QAAQ,kBAAkB;AAAA,UAAA,OAC3B;AACL,+BAAmBA,MAAK;AAAA,UAC1B;AAAA,QACF;AAEA,cAAM,KAAK;AAAA,eACJ,OAAO;AAEZ,YAAA,iBAAiB,SACjB,MAAM,WACN,MAAM,QAAQ,SAAS,sBAAsB,GAC7C;AACO,iBAAA,IAAI,gBAAgB,YAAY;AAAA,QACzC;AAEM,cAAA;AAAA,MACR;AAAA,IACF;AAEM,UAAA,QAAQ,SAAS,GAAG;AAG1B,QAAI,OAAO;AACL,UAAA,MAAM,QAAQ,KAAK,GAAG;AAEhB,gBAAA,IAAI,MAAM,IAAI,CAAC,SAASC,qBAAI,OAAO,KAAK,QAAQ,CAAC,CAAC;AAAA,MAAA,WACjD,SAAS,MAAM,UAAU;AAE9BA,qBAAAA,QAAA,OAAO,MAAM,QAAQ;AAAA,MAC3B;AACA,aAAO,IAAI,QAAQ;AAAA,IACrB;AAAA,EAAA;AAEJ;;"}

package/dist/middlewares/cors.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"cors.d.ts","sourceRoot":"","sources":["../../src/middlewares/cors.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;AAE1C,MAAM,MAAM,MAAM,GAAG;IACnB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,CAAC,CAAC,GAAG,EAAE,GAAG,KAAK,MAAM,GAAG,MAAM,EAAE,CAAC,CAAC;IAC9D,MAAM,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAC3B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,OAAO,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAC5B,OAAO,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAC5B,kBAAkB,CAAC,EAAE,OAAO,CAAC;CAC9B,CAAC;AAWF,eAAO,MAAM,IAAI,EAAE,IAAI,CAAC,iBAAiB,CAAC,MAAM,~~CA2C~~/C,CAAC"}
1	+ {"version":3,"file":"cors.d.ts","sourceRoot":"","sources":["../../src/middlewares/cors.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;AAE1C,MAAM,MAAM,MAAM,GAAG;IACnB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,CAAC,CAAC,GAAG,EAAE,GAAG,KAAK,MAAM,GAAG,MAAM,EAAE,CAAC,CAAC;IAC9D,MAAM,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAC3B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,OAAO,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAC5B,OAAO,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAC5B,kBAAkB,CAAC,EAAE,OAAO,CAAC;CAC9B,CAAC;AAWF,eAAO,MAAM,IAAI,EAAE,IAAI,CAAC,iBAAiB,CAAC,MAAM,CA8C/C,CAAC"}

package/dist/middlewares/cors.js CHANGED Viewed

@@ -23,21 +23,23 @@ const cors = (config) => {
   }
   return koaCors__default.default({
     async origin(ctx) {
+      if (!ctx.get("Origin")) {
+        return "*";
+      }
       let originList;
       if (typeof origin === "function") {
         originList = await origin(ctx);
       } else {
         originList = origin;
       }
-      const whitelist = Array.isArray(originList) ? originList : originList.split(/\s*,\s*/);
-      const requestOrigin = ctx.headers.origin ?? "";
-      if (whitelist.includes("*")) {
-        return credentials ? requestOrigin : "*";
+      if (Array.isArray(originList)) {
+        return originList.includes(ctx.get("Origin")) ? ctx.get("Origin") : "";
       }
-      if (!whitelist.includes(requestOrigin)) {
-        return ctx.throw(`${requestOrigin} is not a valid origin`);
+      const parsedOrigin = originList.split(",").map((origin2) => origin2.trim());
+      if (parsedOrigin.length > 1) {
+        return parsedOrigin.includes(ctx.get("Origin")) ? ctx.get("Origin") : "";
       }
-      return requestOrigin;
+      return originList;
     },
     exposeHeaders: expose,
     maxAge,

package/dist/middlewares/cors.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"cors.js","sources":["../../src/middlewares/cors.ts"],"sourcesContent":["import koaCors from '@koa/cors';\n\nimport type { Core } from '@strapi/types';\n\nexport type Config = {\n enabled?: boolean;\n origin: string \| string[] \| ((ctx: any) => string \| string[]);\n expose?: string \| string[];\n maxAge?: number;\n credentials?: boolean;\n methods?: string \| string[];\n headers?: string \| string[];\n keepHeadersOnError?: boolean;\n};\n\nconst defaults: Config = {\n origin: '',\n maxAge: 31536000,\n credentials: true,\n methods: ['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'HEAD', 'OPTIONS'],\n headers: ['Content-Type', 'Authorization', 'Origin', 'Accept'],\n keepHeadersOnError: false,\n};\n\nexport const cors: Core.MiddlewareFactory<Config> = (config) => {\n const { origin, expose, maxAge, credentials, methods, headers, keepHeadersOnError } = {\n ...defaults,\n ...config,\n };\n\n if (config.enabled !== undefined) {\n strapi.log.warn(\n 'The strapi::cors middleware no longer supports the `enabled` option. Using it' +\n ' to conditionally enable CORS might cause an insecure default. To disable strapi::cors, remove it from' +\n ' the exported array in config/middleware.js'\n );\n }\n\n return koaCors({\n async origin(ctx) {\n let originList: string \| string[];\n\n if (typeof origin === 'function') {\n originList = await origin(ctx);\n } else {\n originList = origin;\n }\n\n ~~const~~ ~~whitelist =~~ Array.isArray(originList) ? originList : ~~originList~~.~~split~~(~~/\\s,\\s/~~);\n\n const ~~requestOrigin~~ = ~~ctx~~.~~headers~~.origin ?? '';\n if (~~whitelist~~.~~includes(''~~)) {\n return ~~credentials ? requestOrigin : '*';\n }\n\n if (!whitelist~~.includes(~~requestOrigin~~)) ~~{\n return~~ ctx.~~throw~~(~~`${requestOrigin}~~ is ~~not a valid origin`)~~;\n }\n return ~~requestOrigin~~;\n },\n exposeHeaders: expose,\n maxAge,\n credentials,\n allowMethods: methods,\n allowHeaders: headers,\n keepHeadersOnError,\n });\n};\n"],"names":["koaCors"],"mappings":";;;;;AAeA,MAAM,WAAmB;AAAA,EACvB,QAAQ;AAAA,EACR,QAAQ;AAAA,EACR,aAAa;AAAA,EACb,SAAS,CAAC,OAAO,QAAQ,OAAO,SAAS,UAAU,QAAQ,SAAS;AAAA,EACpE,SAAS,CAAC,gBAAgB,iBAAiB,UAAU,QAAQ;AAAA,EAC7D,oBAAoB;AACtB;AAEa,MAAA,OAAuC,CAAC,WAAW;AACxD,QAAA,EAAE,QAAQ,QAAQ,QAAQ,aAAa,SAAS,SAAS,uBAAuB;AAAA,IACpF,GAAG;AAAA,IACH,GAAG;AAAA,EAAA;AAGD,MAAA,OAAO,YAAY,QAAW;AAChC,WAAO,IAAI;AAAA,MACT;AAAA,IAAA;AAAA,EAIJ;AAEA,SAAOA,yBAAQ;AAAA,IACb,MAAM,OAAO,KAAK;~~AACZ~~,UAAA;AAEA,UAAA,OAAO,WAAW,YAAY;AACnB,qBAAA,MAAM,OAAO,GAAG;AAAA,MAAA,OACxB;AACQ,qBAAA;AAAA,MACf;~~AAEM~~,~~YAAA~~,~~YAAY,~~MAAM,QAAQ,UAAU,~~IAAI~~,~~aAAa~~,WAAW,~~MAAM,~~SAAS~~;AAE/E~~,~~YAAA~~,~~gBAAgB~~,IAAI,QAAQ,~~UAAU~~;~~AACxC~~,~~UAAA~~,~~UAAU~~,~~SAAS~~,~~GAAG~~,GAAG~~;AAC3B~~,~~eAAO~~,~~cAAc~~,~~gBAAgB;AAAA~~,~~MACvC;AAEA~~,~~UAAI~~,~~CAAC~~,~~UAAU~~,~~SAAS~~,aAAa,GAAG;~~AACtC~~,~~eAAO~~,IAAI,~~MAAM~~,~~GAAG~~,~~aAAa~~,~~wBAAwB~~;AAAA,~~MAC3D~~;~~AACO~~,aAAA;AAAA,IACT;AAAA,IACA,eAAe;AAAA,IACf;AAAA,IACA;AAAA,IACA,cAAc;AAAA,IACd,cAAc;AAAA,IACd;AAAA,EAAA,CACD;AACH;;"}
1	+ {"version":3,"file":"cors.js","sources":["../../src/middlewares/cors.ts"],"sourcesContent":["import koaCors from '@koa/cors';\n\nimport type { Core } from '@strapi/types';\n\nexport type Config = {\n enabled?: boolean;\n origin: string \| string[] \| ((ctx: any) => string \| string[]);\n expose?: string \| string[];\n maxAge?: number;\n credentials?: boolean;\n methods?: string \| string[];\n headers?: string \| string[];\n keepHeadersOnError?: boolean;\n};\n\nconst defaults: Config = {\n origin: '',\n maxAge: 31536000,\n credentials: true,\n methods: ['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'HEAD', 'OPTIONS'],\n headers: ['Content-Type', 'Authorization', 'Origin', 'Accept'],\n keepHeadersOnError: false,\n};\n\nexport const cors: Core.MiddlewareFactory<Config> = (config) => {\n const { origin, expose, maxAge, credentials, methods, headers, keepHeadersOnError } = {\n ...defaults,\n ...config,\n };\n\n if (config.enabled !== undefined) {\n strapi.log.warn(\n 'The strapi::cors middleware no longer supports the `enabled` option. Using it' +\n ' to conditionally enable CORS might cause an insecure default. To disable strapi::cors, remove it from' +\n ' the exported array in config/middleware.js'\n );\n }\n\n return koaCors({\n async origin(ctx) {\n if (!ctx.get('Origin')) {\n return '';\n }\n\n let originList: string \| string[];\n\n if (typeof origin === 'function') {\n originList = await origin(ctx);\n } else {\n originList = origin;\n }\n\n if (Array.isArray(originList)) {\n return originList.includes(ctx.get('Origin')) ? ctx.get('Origin') : '';\n }\n\n const parsedOrigin = originList.split(',').map((origin) => origin.trim());\n if (parsedOrigin.length > 1) {\n return parsedOrigin.includes(ctx.get('Origin')) ? ctx.get('Origin') : '';\n }\n\n return originList;\n },\n exposeHeaders: expose,\n maxAge,\n credentials,\n allowMethods: methods,\n allowHeaders: headers,\n keepHeadersOnError,\n });\n};\n"],"names":["koaCors","origin"],"mappings":";;;;;AAeA,MAAM,WAAmB;AAAA,EACvB,QAAQ;AAAA,EACR,QAAQ;AAAA,EACR,aAAa;AAAA,EACb,SAAS,CAAC,OAAO,QAAQ,OAAO,SAAS,UAAU,QAAQ,SAAS;AAAA,EACpE,SAAS,CAAC,gBAAgB,iBAAiB,UAAU,QAAQ;AAAA,EAC7D,oBAAoB;AACtB;AAEa,MAAA,OAAuC,CAAC,WAAW;AACxD,QAAA,EAAE,QAAQ,QAAQ,QAAQ,aAAa,SAAS,SAAS,uBAAuB;AAAA,IACpF,GAAG;AAAA,IACH,GAAG;AAAA,EAAA;AAGD,MAAA,OAAO,YAAY,QAAW;AAChC,WAAO,IAAI;AAAA,MACT;AAAA,IAAA;AAAA,EAIJ;AAEA,SAAOA,yBAAQ;AAAA,IACb,MAAM,OAAO,KAAK;AAChB,UAAI,CAAC,IAAI,IAAI,QAAQ,GAAG;AACf,eAAA;AAAA,MACT;AAEI,UAAA;AAEA,UAAA,OAAO,WAAW,YAAY;AACnB,qBAAA,MAAM,OAAO,GAAG;AAAA,MAAA,OACxB;AACQ,qBAAA;AAAA,MACf;AAEI,UAAA,MAAM,QAAQ,UAAU,GAAG;AACtB,eAAA,WAAW,SAAS,IAAI,IAAI,QAAQ,CAAC,IAAI,IAAI,IAAI,QAAQ,IAAI;AAAA,MACtE;AAEM,YAAA,eAAe,WAAW,MAAM,GAAG,EAAE,IAAI,CAACC,YAAWA,QAAO,KAAA,CAAM;AACpE,UAAA,aAAa,SAAS,GAAG;AACpB,eAAA,aAAa,SAAS,IAAI,IAAI,QAAQ,CAAC,IAAI,IAAI,IAAI,QAAQ,IAAI;AAAA,MACxE;AAEO,aAAA;AAAA,IACT;AAAA,IACA,eAAe;AAAA,IACf;AAAA,IACA;AAAA,IACA,cAAc;AAAA,IACd,cAAc;AAAA,IACd;AAAA,EAAA,CACD;AACH;;"}

package/dist/middlewares/cors.mjs CHANGED Viewed

@@ -19,21 +19,23 @@ const cors = (config) => {
   }
   return koaCors({
     async origin(ctx) {
+      if (!ctx.get("Origin")) {
+        return "*";
+      }
       let originList;
       if (typeof origin === "function") {
         originList = await origin(ctx);
       } else {
         originList = origin;
       }
-      const whitelist = Array.isArray(originList) ? originList : originList.split(/\s*,\s*/);
-      const requestOrigin = ctx.headers.origin ?? "";
-      if (whitelist.includes("*")) {
-        return credentials ? requestOrigin : "*";
+      if (Array.isArray(originList)) {
+        return originList.includes(ctx.get("Origin")) ? ctx.get("Origin") : "";
       }
-      if (!whitelist.includes(requestOrigin)) {
-        return ctx.throw(`${requestOrigin} is not a valid origin`);
+      const parsedOrigin = originList.split(",").map((origin2) => origin2.trim());
+      if (parsedOrigin.length > 1) {
+        return parsedOrigin.includes(ctx.get("Origin")) ? ctx.get("Origin") : "";
       }
-      return requestOrigin;
+      return originList;
     },
     exposeHeaders: expose,
     maxAge,

package/dist/middlewares/cors.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"cors.mjs","sources":["../../src/middlewares/cors.ts"],"sourcesContent":["import koaCors from '@koa/cors';\n\nimport type { Core } from '@strapi/types';\n\nexport type Config = {\n enabled?: boolean;\n origin: string \| string[] \| ((ctx: any) => string \| string[]);\n expose?: string \| string[];\n maxAge?: number;\n credentials?: boolean;\n methods?: string \| string[];\n headers?: string \| string[];\n keepHeadersOnError?: boolean;\n};\n\nconst defaults: Config = {\n origin: '',\n maxAge: 31536000,\n credentials: true,\n methods: ['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'HEAD', 'OPTIONS'],\n headers: ['Content-Type', 'Authorization', 'Origin', 'Accept'],\n keepHeadersOnError: false,\n};\n\nexport const cors: Core.MiddlewareFactory<Config> = (config) => {\n const { origin, expose, maxAge, credentials, methods, headers, keepHeadersOnError } = {\n ...defaults,\n ...config,\n };\n\n if (config.enabled !== undefined) {\n strapi.log.warn(\n 'The strapi::cors middleware no longer supports the `enabled` option. Using it' +\n ' to conditionally enable CORS might cause an insecure default. To disable strapi::cors, remove it from' +\n ' the exported array in config/middleware.js'\n );\n }\n\n return koaCors({\n async origin(ctx) {\n let originList: string \| string[];\n\n if (typeof origin === 'function') {\n originList = await origin(ctx);\n } else {\n originList = origin;\n }\n\n ~~const~~ ~~whitelist =~~ Array.isArray(originList) ? originList : ~~originList~~.~~split~~(~~/\\s,\\s/~~);\n\n const ~~requestOrigin~~ = ~~ctx~~.~~headers~~.origin ?? '';\n if (~~whitelist~~.~~includes(''~~)) {\n return ~~credentials ? requestOrigin : '*';\n }\n\n if (!whitelist~~.includes(~~requestOrigin~~)) ~~{\n return~~ ctx.~~throw~~(~~`${requestOrigin}~~ is ~~not a valid origin`)~~;\n }\n return ~~requestOrigin~~;\n },\n exposeHeaders: expose,\n maxAge,\n credentials,\n allowMethods: methods,\n allowHeaders: headers,\n keepHeadersOnError,\n });\n};\n"],"names":[],"mappings":";AAeA,MAAM,WAAmB;AAAA,EACvB,QAAQ;AAAA,EACR,QAAQ;AAAA,EACR,aAAa;AAAA,EACb,SAAS,CAAC,OAAO,QAAQ,OAAO,SAAS,UAAU,QAAQ,SAAS;AAAA,EACpE,SAAS,CAAC,gBAAgB,iBAAiB,UAAU,QAAQ;AAAA,EAC7D,oBAAoB;AACtB;AAEa,MAAA,OAAuC,CAAC,WAAW;AACxD,QAAA,EAAE,QAAQ,QAAQ,QAAQ,aAAa,SAAS,SAAS,uBAAuB;AAAA,IACpF,GAAG;AAAA,IACH,GAAG;AAAA,EAAA;AAGD,MAAA,OAAO,YAAY,QAAW;AAChC,WAAO,IAAI;AAAA,MACT;AAAA,IAAA;AAAA,EAIJ;AAEA,SAAO,QAAQ;AAAA,IACb,MAAM,OAAO,KAAK;~~AACZ~~,UAAA;AAEA,UAAA,OAAO,WAAW,YAAY;AACnB,qBAAA,MAAM,OAAO,GAAG;AAAA,MAAA,OACxB;AACQ,qBAAA;AAAA,MACf;~~AAEM~~,~~YAAA~~,~~YAAY,~~MAAM,QAAQ,UAAU,~~IAAI~~,~~aAAa~~,WAAW,~~MAAM,~~SAAS~~;AAE/E~~,~~YAAA~~,~~gBAAgB~~,IAAI,QAAQ,~~UAAU~~;~~AACxC~~,~~UAAA~~,~~UAAU~~,~~SAAS~~,~~GAAG~~,GAAG~~;AAC3B~~,~~eAAO~~,~~cAAc~~,~~gBAAgB;AAAA~~,~~MACvC;AAEA~~,~~UAAI~~,~~CAAC~~,~~UAAU~~,~~SAAS~~,aAAa,GAAG;~~AACtC~~,~~eAAO~~,IAAI,~~MAAM~~,~~GAAG~~,~~aAAa~~,~~wBAAwB~~;AAAA,~~MAC3D~~;~~AACO~~,aAAA;AAAA,IACT;AAAA,IACA,eAAe;AAAA,IACf;AAAA,IACA;AAAA,IACA,cAAc;AAAA,IACd,cAAc;AAAA,IACd;AAAA,EAAA,CACD;AACH;"}
1	+ {"version":3,"file":"cors.mjs","sources":["../../src/middlewares/cors.ts"],"sourcesContent":["import koaCors from '@koa/cors';\n\nimport type { Core } from '@strapi/types';\n\nexport type Config = {\n enabled?: boolean;\n origin: string \| string[] \| ((ctx: any) => string \| string[]);\n expose?: string \| string[];\n maxAge?: number;\n credentials?: boolean;\n methods?: string \| string[];\n headers?: string \| string[];\n keepHeadersOnError?: boolean;\n};\n\nconst defaults: Config = {\n origin: '',\n maxAge: 31536000,\n credentials: true,\n methods: ['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'HEAD', 'OPTIONS'],\n headers: ['Content-Type', 'Authorization', 'Origin', 'Accept'],\n keepHeadersOnError: false,\n};\n\nexport const cors: Core.MiddlewareFactory<Config> = (config) => {\n const { origin, expose, maxAge, credentials, methods, headers, keepHeadersOnError } = {\n ...defaults,\n ...config,\n };\n\n if (config.enabled !== undefined) {\n strapi.log.warn(\n 'The strapi::cors middleware no longer supports the `enabled` option. Using it' +\n ' to conditionally enable CORS might cause an insecure default. To disable strapi::cors, remove it from' +\n ' the exported array in config/middleware.js'\n );\n }\n\n return koaCors({\n async origin(ctx) {\n if (!ctx.get('Origin')) {\n return '';\n }\n\n let originList: string \| string[];\n\n if (typeof origin === 'function') {\n originList = await origin(ctx);\n } else {\n originList = origin;\n }\n\n if (Array.isArray(originList)) {\n return originList.includes(ctx.get('Origin')) ? ctx.get('Origin') : '';\n }\n\n const parsedOrigin = originList.split(',').map((origin) => origin.trim());\n if (parsedOrigin.length > 1) {\n return parsedOrigin.includes(ctx.get('Origin')) ? ctx.get('Origin') : '';\n }\n\n return originList;\n },\n exposeHeaders: expose,\n maxAge,\n credentials,\n allowMethods: methods,\n allowHeaders: headers,\n keepHeadersOnError,\n });\n};\n"],"names":["origin"],"mappings":";AAeA,MAAM,WAAmB;AAAA,EACvB,QAAQ;AAAA,EACR,QAAQ;AAAA,EACR,aAAa;AAAA,EACb,SAAS,CAAC,OAAO,QAAQ,OAAO,SAAS,UAAU,QAAQ,SAAS;AAAA,EACpE,SAAS,CAAC,gBAAgB,iBAAiB,UAAU,QAAQ;AAAA,EAC7D,oBAAoB;AACtB;AAEa,MAAA,OAAuC,CAAC,WAAW;AACxD,QAAA,EAAE,QAAQ,QAAQ,QAAQ,aAAa,SAAS,SAAS,uBAAuB;AAAA,IACpF,GAAG;AAAA,IACH,GAAG;AAAA,EAAA;AAGD,MAAA,OAAO,YAAY,QAAW;AAChC,WAAO,IAAI;AAAA,MACT;AAAA,IAAA;AAAA,EAIJ;AAEA,SAAO,QAAQ;AAAA,IACb,MAAM,OAAO,KAAK;AAChB,UAAI,CAAC,IAAI,IAAI,QAAQ,GAAG;AACf,eAAA;AAAA,MACT;AAEI,UAAA;AAEA,UAAA,OAAO,WAAW,YAAY;AACnB,qBAAA,MAAM,OAAO,GAAG;AAAA,MAAA,OACxB;AACQ,qBAAA;AAAA,MACf;AAEI,UAAA,MAAM,QAAQ,UAAU,GAAG;AACtB,eAAA,WAAW,SAAS,IAAI,IAAI,QAAQ,CAAC,IAAI,IAAI,IAAI,QAAQ,IAAI;AAAA,MACtE;AAEM,YAAA,eAAe,WAAW,MAAM,GAAG,EAAE,IAAI,CAACA,YAAWA,QAAO,KAAA,CAAM;AACpE,UAAA,aAAa,SAAS,GAAG;AACpB,eAAA,aAAa,SAAS,IAAI,IAAI,QAAQ,CAAC,IAAI,IAAI,IAAI,QAAQ,IAAI;AAAA,MACxE;AAEO,aAAA;AAAA,IACT;AAAA,IACA,eAAe;AAAA,IACf;AAAA,IACA;AAAA,IACA,cAAc;AAAA,IACd,cAAc;AAAA,IACd;AAAA,EAAA,CACD;AACH;"}

package/dist/middlewares/public.js CHANGED Viewed

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
-const _ = require("lodash/fp");
+const fp = require("lodash/fp");
 const koaStatic = require("koa-static");
 const _interopDefault = (e) => e && e.__esModule ? e : { default: e };
 const koaStatic__default = /* @__PURE__ */ _interopDefault(koaStatic);
@@ -8,7 +8,7 @@ const defaults = {
   maxAge: 6e4
 };
 const publicStatic = (config, { strapi }) => {
-  const { maxAge } = _.defaultsDeep(defaults, config);
+  const { maxAge } = fp.defaultsDeep(defaults, config);
   strapi.server.routes([
     {
       method: "GET",

package/dist/middlewares/public.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"public.js","sources":["../../src/middlewares/public.ts"],"sourcesContent":["import { defaultsDeep } from 'lodash/fp';\nimport koaStatic from 'koa-static';\nimport type { Core } from '@strapi/types';\n\ntype Config = koaStatic.Options;\n\nconst defaults = {\n maxAge: 60000,\n};\n\nexport const publicStatic: Core.MiddlewareFactory = (\n config: Config,\n { strapi }: { strapi: Core.Strapi }\n) => {\n const { maxAge } = defaultsDeep(defaults, config);\n\n strapi.server.routes([\n {\n method: 'GET',\n path: '/',\n handler(ctx) {\n ctx.redirect(strapi.config.get('admin.url', '/admin'));\n },\n config: { auth: false },\n },\n // All other public GET-routes except /uploads/(.*) which is handled in upload middleware\n {\n method: 'GET',\n path: '/((?!uploads/).+)',\n handler: koaStatic(strapi.dirs.static.public, {\n maxage: maxAge,\n defer: true,\n }),\n config: { auth: false },\n },\n ]);\n};\n"],"names":["defaultsDeep","koaStatic"],"mappings":";;;;;;AAMA,MAAM,WAAW;AAAA,EACf,QAAQ;AACV;AAEO,MAAM,eAAuC,CAClD,QACA,EAAE,aACC;AACH,QAAM,EAAE,OAAW,IAAAA,~~EAAA~~,aAAa,UAAU,MAAM;AAEhD,SAAO,OAAO,OAAO;AAAA,IACnB;AAAA,MACE,QAAQ;AAAA,MACR,MAAM;AAAA,MACN,QAAQ,KAAK;AACX,YAAI,SAAS,OAAO,OAAO,IAAI,aAAa,QAAQ,CAAC;AAAA,MACvD;AAAA,MACA,QAAQ,EAAE,MAAM,MAAM;AAAA,IACxB;AAAA;AAAA,IAEA;AAAA,MACE,QAAQ;AAAA,MACR,MAAM;AAAA,MACN,SAASC,mBAAAA,QAAU,OAAO,KAAK,OAAO,QAAQ;AAAA,QAC5C,QAAQ;AAAA,QACR,OAAO;AAAA,MAAA,CACR;AAAA,MACD,QAAQ,EAAE,MAAM,MAAM;AAAA,IACxB;AAAA,EAAA,CACD;AACH;;"}
1	+ {"version":3,"file":"public.js","sources":["../../src/middlewares/public.ts"],"sourcesContent":["import { defaultsDeep } from 'lodash/fp';\nimport koaStatic from 'koa-static';\nimport type { Core } from '@strapi/types';\n\ntype Config = koaStatic.Options;\n\nconst defaults = {\n maxAge: 60000,\n};\n\nexport const publicStatic: Core.MiddlewareFactory = (\n config: Config,\n { strapi }: { strapi: Core.Strapi }\n) => {\n const { maxAge } = defaultsDeep(defaults, config);\n\n strapi.server.routes([\n {\n method: 'GET',\n path: '/',\n handler(ctx) {\n ctx.redirect(strapi.config.get('admin.url', '/admin'));\n },\n config: { auth: false },\n },\n // All other public GET-routes except /uploads/(.*) which is handled in upload middleware\n {\n method: 'GET',\n path: '/((?!uploads/).+)',\n handler: koaStatic(strapi.dirs.static.public, {\n maxage: maxAge,\n defer: true,\n }),\n config: { auth: false },\n },\n ]);\n};\n"],"names":["defaultsDeep","koaStatic"],"mappings":";;;;;;AAMA,MAAM,WAAW;AAAA,EACf,QAAQ;AACV;AAEO,MAAM,eAAuC,CAClD,QACA,EAAE,aACC;AACH,QAAM,EAAE,OAAW,IAAAA,GAAA,aAAa,UAAU,MAAM;AAEhD,SAAO,OAAO,OAAO;AAAA,IACnB;AAAA,MACE,QAAQ;AAAA,MACR,MAAM;AAAA,MACN,QAAQ,KAAK;AACX,YAAI,SAAS,OAAO,OAAO,IAAI,aAAa,QAAQ,CAAC;AAAA,MACvD;AAAA,MACA,QAAQ,EAAE,MAAM,MAAM;AAAA,IACxB;AAAA;AAAA,IAEA;AAAA,MACE,QAAQ;AAAA,MACR,MAAM;AAAA,MACN,SAASC,mBAAAA,QAAU,OAAO,KAAK,OAAO,QAAQ;AAAA,QAC5C,QAAQ;AAAA,QACR,OAAO;AAAA,MAAA,CACR;AAAA,MACD,QAAQ,EAAE,MAAM,MAAM;AAAA,IACxB;AAAA,EAAA,CACD;AACH;;"}

package/dist/middlewares/query.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"query.d.ts","sourceRoot":"","sources":["../../src/middlewares/query.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;~~AA2C1C~~,eAAO,MAAM,KAAK,EAAE,IAAI,CAAC,iBAKxB,CAAC"}
1	+ {"version":3,"file":"query.d.ts","sourceRoot":"","sources":["../../src/middlewares/query.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;AA4C1C,eAAO,MAAM,KAAK,EAAE,IAAI,CAAC,iBAKxB,CAAC"}

package/dist/middlewares/query.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"query.js","sources":["../../src/middlewares/query.ts"],"sourcesContent":["import qs, ~~{ IParseOptions }~~ from 'qs';\nimport type Koa from 'koa';\nimport type { Core } from '@strapi/types';\n\ntype Config = ~~IParseOptions~~;\n\nconst defaults: Config = {\n strictNullHandling: true,\n arrayLimit: 100,\n depth: 20,\n};\n\n/*\n Body parser hook\n /\nconst addQsParser = (app: Koa, settings: Config) => {\n Object.defineProperty(app.request, 'query', {\n configurable: false,\n enumerable: true,\n /\n * Get parsed query-string.\n /\n get() {\n const qstr = this.querystring;\n this._querycache = this._querycache \|\| {};\n const cache = this._querycache;\n\n if (!cache[qstr]) {\n cache[qstr] = qs.parse(qstr, settings);\n }\n\n return cache[qstr];\n },\n\n /\n * Set query-string as an object.\n */\n set(obj) {\n this.querystring = qs.stringify(obj);\n },\n });\n\n return app;\n};\n\nexport const query: Core.MiddlewareFactory = (\n config: Partial<Config>,\n { strapi }: { strapi: Core.Strapi }\n) => {\n addQsParser(strapi.server.app, { ...defaults, ...config });\n};\n"],"names":["qs"],"mappings":";;;;;AAMA,MAAM,WAAmB;AAAA,EACvB,oBAAoB;AAAA,EACpB,YAAY;AAAA,EACZ,OAAO;AACT;AAKA,MAAM,cAAc,CAAC,KAAU,aAAqB;AAC3C,SAAA,eAAe,IAAI,SAAS,SAAS;AAAA,IAC1C,cAAc;AAAA,IACd,YAAY;AAAA;AAAA;AAAA;AAAA,IAIZ,MAAM;AACJ,YAAM,OAAO,KAAK;~~AACb~~,WAAA,cAAc,KAAK,eAAe,CAAA;AACvC,YAAM,QAAQ,KAAK;AAEf,UAAA,CAAC,MAAM,IAAI,GAAG;AAChB,cAAM,IAAI,IAAIA,YAAAA,QAAG,MAAM,MAAM,QAAQ;AAAA,MACvC;AAEA,aAAO,MAAM,IAAI;AAAA,IACnB;AAAA;AAAA;AAAA;AAAA,IAKA,IAAI,KAAK;AACF,WAAA,cAAcA,YAAAA,QAAG,UAAU,GAAG;AAAA,IACrC;AAAA,EAAA,~~CACD~~;~~AAEM~~,SAAA;AACT;AAEO,MAAM,QAAgC,CAC3C,QACA,EAAE,aACC;AACS,cAAA,OAAO,OAAO,KAAK,EAAE,GAAG,UAAU,GAAG,~~QAAQ~~;~~AAC3D~~;;"}
1	+ {"version":3,"file":"query.js","sources":["../../src/middlewares/query.ts"],"sourcesContent":["import qs from 'qs';\nimport type Koa from 'koa';\nimport type { Core } from '@strapi/types';\n\ntype Config = Parameters<typeof qs.parse>[1];\n\nconst defaults: Config = {\n strictNullHandling: true,\n arrayLimit: 100,\n depth: 20,\n};\n\n/*\n Body parser hook\n /\nconst addQsParser = (app: Koa, settings: Config) => {\n Object.defineProperty(app.request, 'query', {\n configurable: false,\n enumerable: true,\n /\n * Get parsed query-string.\n /\n get() {\n const qstr = this.querystring;\n\n this._querycache = this._querycache \|\| {};\n const cache = this._querycache;\n\n if (!cache[qstr]) {\n cache[qstr] = qs.parse(qstr, settings);\n }\n\n return cache[qstr];\n },\n\n /\n * Set query-string as an object.\n */\n set(obj) {\n this.querystring = qs.stringify(obj);\n },\n } satisfies PropertyDescriptor & ThisType<Koa.BaseRequest>);\n\n return app;\n};\n\nexport const query: Core.MiddlewareFactory = (\n config: Partial<Config>,\n { strapi }: { strapi: Core.Strapi }\n) => {\n addQsParser(strapi.server.app, { ...defaults, ...config } as Config);\n};\n"],"names":["qs"],"mappings":";;;;;AAMA,MAAM,WAAmB;AAAA,EACvB,oBAAoB;AAAA,EACpB,YAAY;AAAA,EACZ,OAAO;AACT;AAKA,MAAM,cAAc,CAAC,KAAU,aAAqB;AAC3C,SAAA,eAAe,IAAI,SAAS,SAAS;AAAA,IAC1C,cAAc;AAAA,IACd,YAAY;AAAA;AAAA;AAAA;AAAA,IAIZ,MAAM;AACJ,YAAM,OAAO,KAAK;AAEb,WAAA,cAAc,KAAK,eAAe,CAAA;AACvC,YAAM,QAAQ,KAAK;AAEf,UAAA,CAAC,MAAM,IAAI,GAAG;AAChB,cAAM,IAAI,IAAIA,YAAAA,QAAG,MAAM,MAAM,QAAQ;AAAA,MACvC;AAEA,aAAO,MAAM,IAAI;AAAA,IACnB;AAAA;AAAA;AAAA;AAAA,IAKA,IAAI,KAAK;AACF,WAAA,cAAcA,YAAAA,QAAG,UAAU,GAAG;AAAA,IACrC;AAAA,EAAA,CACwD;AAEnD,SAAA;AACT;AAEO,MAAM,QAAgC,CAC3C,QACA,EAAE,aACC;AACS,cAAA,OAAO,OAAO,KAAK,EAAE,GAAG,UAAU,GAAG,QAAkB;AACrE;;"}

package/dist/middlewares/query.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"query.mjs","sources":["../../src/middlewares/query.ts"],"sourcesContent":["import qs, ~~{ IParseOptions }~~ from 'qs';\nimport type Koa from 'koa';\nimport type { Core } from '@strapi/types';\n\ntype Config = ~~IParseOptions~~;\n\nconst defaults: Config = {\n strictNullHandling: true,\n arrayLimit: 100,\n depth: 20,\n};\n\n/*\n Body parser hook\n /\nconst addQsParser = (app: Koa, settings: Config) => {\n Object.defineProperty(app.request, 'query', {\n configurable: false,\n enumerable: true,\n /\n * Get parsed query-string.\n /\n get() {\n const qstr = this.querystring;\n this._querycache = this._querycache \|\| {};\n const cache = this._querycache;\n\n if (!cache[qstr]) {\n cache[qstr] = qs.parse(qstr, settings);\n }\n\n return cache[qstr];\n },\n\n /\n * Set query-string as an object.\n */\n set(obj) {\n this.querystring = qs.stringify(obj);\n },\n });\n\n return app;\n};\n\nexport const query: Core.MiddlewareFactory = (\n config: Partial<Config>,\n { strapi }: { strapi: Core.Strapi }\n) => {\n addQsParser(strapi.server.app, { ...defaults, ...config });\n};\n"],"names":[],"mappings":";AAMA,MAAM,WAAmB;AAAA,EACvB,oBAAoB;AAAA,EACpB,YAAY;AAAA,EACZ,OAAO;AACT;AAKA,MAAM,cAAc,CAAC,KAAU,aAAqB;AAC3C,SAAA,eAAe,IAAI,SAAS,SAAS;AAAA,IAC1C,cAAc;AAAA,IACd,YAAY;AAAA;AAAA;AAAA;AAAA,IAIZ,MAAM;AACJ,YAAM,OAAO,KAAK;~~AACb~~,WAAA,cAAc,KAAK,eAAe,CAAA;AACvC,YAAM,QAAQ,KAAK;AAEf,UAAA,CAAC,MAAM,IAAI,GAAG;AAChB,cAAM,IAAI,IAAI,GAAG,MAAM,MAAM,QAAQ;AAAA,MACvC;AAEA,aAAO,MAAM,IAAI;AAAA,IACnB;AAAA;AAAA;AAAA;AAAA,IAKA,IAAI,KAAK;AACF,WAAA,cAAc,GAAG,UAAU,GAAG;AAAA,IACrC;AAAA,EAAA,~~CACD~~;~~AAEM~~,SAAA;AACT;AAEO,MAAM,QAAgC,CAC3C,QACA,EAAE,aACC;AACS,cAAA,OAAO,OAAO,KAAK,EAAE,GAAG,UAAU,GAAG,~~QAAQ~~;~~AAC3D~~;"}
1	+ {"version":3,"file":"query.mjs","sources":["../../src/middlewares/query.ts"],"sourcesContent":["import qs from 'qs';\nimport type Koa from 'koa';\nimport type { Core } from '@strapi/types';\n\ntype Config = Parameters<typeof qs.parse>[1];\n\nconst defaults: Config = {\n strictNullHandling: true,\n arrayLimit: 100,\n depth: 20,\n};\n\n/*\n Body parser hook\n /\nconst addQsParser = (app: Koa, settings: Config) => {\n Object.defineProperty(app.request, 'query', {\n configurable: false,\n enumerable: true,\n /\n * Get parsed query-string.\n /\n get() {\n const qstr = this.querystring;\n\n this._querycache = this._querycache \|\| {};\n const cache = this._querycache;\n\n if (!cache[qstr]) {\n cache[qstr] = qs.parse(qstr, settings);\n }\n\n return cache[qstr];\n },\n\n /\n * Set query-string as an object.\n */\n set(obj) {\n this.querystring = qs.stringify(obj);\n },\n } satisfies PropertyDescriptor & ThisType<Koa.BaseRequest>);\n\n return app;\n};\n\nexport const query: Core.MiddlewareFactory = (\n config: Partial<Config>,\n { strapi }: { strapi: Core.Strapi }\n) => {\n addQsParser(strapi.server.app, { ...defaults, ...config } as Config);\n};\n"],"names":[],"mappings":";AAMA,MAAM,WAAmB;AAAA,EACvB,oBAAoB;AAAA,EACpB,YAAY;AAAA,EACZ,OAAO;AACT;AAKA,MAAM,cAAc,CAAC,KAAU,aAAqB;AAC3C,SAAA,eAAe,IAAI,SAAS,SAAS;AAAA,IAC1C,cAAc;AAAA,IACd,YAAY;AAAA;AAAA;AAAA;AAAA,IAIZ,MAAM;AACJ,YAAM,OAAO,KAAK;AAEb,WAAA,cAAc,KAAK,eAAe,CAAA;AACvC,YAAM,QAAQ,KAAK;AAEf,UAAA,CAAC,MAAM,IAAI,GAAG;AAChB,cAAM,IAAI,IAAI,GAAG,MAAM,MAAM,QAAQ;AAAA,MACvC;AAEA,aAAO,MAAM,IAAI;AAAA,IACnB;AAAA;AAAA;AAAA;AAAA,IAKA,IAAI,KAAK;AACF,WAAA,cAAc,GAAG,UAAU,GAAG;AAAA,IACrC;AAAA,EAAA,CACwD;AAEnD,SAAA;AACT;AAEO,MAAM,QAAgC,CAC3C,QACA,EAAE,aACC;AACS,cAAA,OAAO,OAAO,KAAK,EAAE,GAAG,UAAU,GAAG,QAAkB;AACrE;"}

package/dist/middlewares/responses.js CHANGED Viewed

@@ -1,12 +1,12 @@
 "use strict";
 Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
-const _ = require("lodash/fp");
+const fp = require("lodash/fp");
 const responses = (config = {}) => {
   return async (ctx, next) => {
     await next();
     const { status } = ctx;
     const handler = config?.handlers?.[status];
-    if (_.isFunction(handler)) {
+    if (fp.isFunction(handler)) {
       await handler(ctx, next);
     }
   };

package/dist/middlewares/responses.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"responses.js","sources":["../../src/middlewares/responses.ts"],"sourcesContent":["import { isFunction } from 'lodash/fp';\nimport type { Core } from '@strapi/types';\n\nexport interface Config {\n handlers?: Record<number, Core.MiddlewareHandler>;\n}\n\nexport const responses: Core.MiddlewareFactory<Config> = (config = {}) => {\n return async (ctx, next) => {\n await next();\n\n const { status } = ctx;\n const handler = config?.handlers?.[status];\n\n if (isFunction(handler)) {\n await handler(ctx, next);\n }\n };\n};\n"],"names":["isFunction"],"mappings":";;;AAOO,MAAM,YAA4C,CAAC,SAAS,OAAO;AACjE,SAAA,OAAO,KAAK,SAAS;AAC1B,UAAM,KAAK;AAEL,UAAA,EAAE,OAAW,IAAA;AACb,UAAA,UAAU,QAAQ,WAAW,MAAM;AAErC,QAAAA,~~EAAAA~~,WAAW,OAAO,GAAG;AACjB,YAAA,QAAQ,KAAK,IAAI;AAAA,IACzB;AAAA,EAAA;AAEJ;;"}
1	+ {"version":3,"file":"responses.js","sources":["../../src/middlewares/responses.ts"],"sourcesContent":["import { isFunction } from 'lodash/fp';\nimport type { Core } from '@strapi/types';\n\nexport interface Config {\n handlers?: Record<number, Core.MiddlewareHandler>;\n}\n\nexport const responses: Core.MiddlewareFactory<Config> = (config = {}) => {\n return async (ctx, next) => {\n await next();\n\n const { status } = ctx;\n const handler = config?.handlers?.[status];\n\n if (isFunction(handler)) {\n await handler(ctx, next);\n }\n };\n};\n"],"names":["isFunction"],"mappings":";;;AAOO,MAAM,YAA4C,CAAC,SAAS,OAAO;AACjE,SAAA,OAAO,KAAK,SAAS;AAC1B,UAAM,KAAK;AAEL,UAAA,EAAE,OAAW,IAAA;AACb,UAAA,UAAU,QAAQ,WAAW,MAAM;AAErC,QAAAA,GAAAA,WAAW,OAAO,GAAG;AACjB,YAAA,QAAQ,KAAK,IAAI;AAAA,IACzB;AAAA,EAAA;AAEJ;;"}

package/dist/middlewares/security.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"security.d.ts","sourceRoot":"","sources":["../../src/middlewares/security.ts"],"names":[],"mappings":"AACA,OAAe,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAE/C,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;AAE1C,MAAM,MAAM,MAAM,GAAG,WAAW,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;~~AA0B3D~~,eAAO,MAAM,QAAQ,EAAE,IAAI,CAAC,iBAAiB,CAAC,MAAM,~~CAkEjD~~,CAAC"}
1	+ {"version":3,"file":"security.d.ts","sourceRoot":"","sources":["../../src/middlewares/security.ts"],"names":[],"mappings":"AACA,OAAe,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAE/C,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;AAE1C,MAAM,MAAM,MAAM,GAAG,WAAW,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AAkC3D,eAAO,MAAM,QAAQ,EAAE,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAmEjD,CAAC"}

package/dist/middlewares/security.js CHANGED Viewed

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
-const _ = require("lodash/fp");
+const fp = require("lodash/fp");
 const helmet = require("koa-helmet");
 const _interopDefault = (e) => e && e.__esModule ? e : { default: e };
 const helmet__default = /* @__PURE__ */ _interopDefault(helmet);
@@ -27,8 +27,15 @@ const defaults = {
     action: "sameorigin"
   }
 };
+const mergeConfig = (existingConfig, newConfig) => {
+  return fp.mergeWith(
+    (obj, src) => Array.isArray(obj) && Array.isArray(src) ? obj.concat(src) : void 0,
+    existingConfig,
+    newConfig
+  );
+};
 const security = (config, { strapi }) => (ctx, next) => {
-  let helmetConfig = _.defaultsDeep(defaults, config);
+  let helmetConfig = fp.defaultsDeep(defaults, config);
   const specialPaths = ["/documentation"];
   const directives = {
     "script-src": ["'self'", "'unsafe-inline'", "cdn.jsdelivr.net"],
@@ -47,7 +54,7 @@ const security = (config, { strapi }) => (ctx, next) => {
     directives["frame-src"].push("sandbox.embed.apollographql.com");
   }
   if (ctx.method === "GET" && specialPaths.some((str) => ctx.path.startsWith(str))) {
-    helmetConfig = _.merge(helmetConfig, {
+    helmetConfig = mergeConfig(helmetConfig, {
       crossOriginEmbedderPolicy: false,
       // TODO: only use this for graphql playground
       contentSecurityPolicy: {
@@ -55,8 +62,8 @@ const security = (config, { strapi }) => (ctx, next) => {
       }
     });
   }
-  if (process.env.NODE_ENV === "development" && ctx.method === "GET" && ["/admin"].some((str) => ctx.path.startsWith(str))) {
-    helmetConfig = _.merge(helmetConfig, {
+  if (["development", "test"].includes(process.env.NODE_ENV ?? "") && ctx.method === "GET" && ctx.path.startsWith(strapi.config.get("admin.path"))) {
+    helmetConfig = mergeConfig(helmetConfig, {
       contentSecurityPolicy: {
         directives: {
           "script-src": ["'self'", "'unsafe-inline'"],

package/dist/middlewares/security.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"security.js","sources":["../../src/middlewares/security.ts"],"sourcesContent":["import { defaultsDeep, ~~merge~~ } from 'lodash/fp';\nimport helmet, { KoaHelmet } from 'koa-helmet';\n\nimport type { Core } from '@strapi/types';\n\nexport type Config = NonNullable<Parameters<KoaHelmet>[0]>;\n\nconst defaults: Config = {\n crossOriginEmbedderPolicy: false,\n crossOriginOpenerPolicy: false,\n crossOriginResourcePolicy: false,\n originAgentCluster: false,\n contentSecurityPolicy: {\n useDefaults: true,\n directives: {\n 'connect-src': [\"'self'\", 'https:'],\n 'img-src': [\"'self'\", 'data:', 'blob:', 'https://market-assets.strapi.io'],\n 'media-src': [\"'self'\", 'data:', 'blob:'],\n upgradeInsecureRequests: null,\n },\n },\n xssFilter: false,\n hsts: {\n maxAge: 31536000,\n includeSubDomains: true,\n },\n frameguard: {\n action: 'sameorigin',\n },\n};\n\nexport const security: Core.MiddlewareFactory<Config> =\n (config, { strapi }) =>\n (ctx, next) => {\n let helmetConfig: Config = defaultsDeep(defaults, config);\n\n const specialPaths = ['/documentation'];\n\n const directives: {\n 'script-src': string[];\n 'img-src': string[];\n 'manifest-src': string[];\n 'frame-src': string[];\n } = {\n 'script-src': [\"'self'\", \"'unsafe-inline'\", 'cdn.jsdelivr.net'],\n 'img-src': [\"'self'\", 'data:', 'cdn.jsdelivr.net', 'strapi.io'],\n 'manifest-src': [],\n 'frame-src': [],\n };\n\n // if apollo graphql playground is enabled, add exceptions for it\n if (strapi.plugin('graphql')?.service('utils').playground.isEnabled()) {\n const { config: gqlConfig } = strapi.plugin('graphql');\n specialPaths.push(gqlConfig('endpoint'));\n\n directives['script-src'].push(`https: 'unsafe-inline'`);\n directives['img-src'].push(`'apollo-server-landing-page.cdn.apollographql.com'`);\n directives['manifest-src'].push(`'self'`);\n directives['manifest-src'].push('apollo-server-landing-page.cdn.apollographql.com');\n directives['frame-src'].push(`'self'`);\n directives['frame-src'].push('sandbox.embed.apollographql.com');\n }\n\n // TODO: we shouldn't combine playground exceptions with documentation for all routes, we should first check the path and then return exceptions specific to that\n if (ctx.method === 'GET' && specialPaths.some((str) => ctx.path.startsWith(str))) {\n helmetConfig = ~~merge~~(helmetConfig, {\n crossOriginEmbedderPolicy: false, // TODO: only use this for graphql playground\n contentSecurityPolicy: {\n directives,\n },\n });\n }\n\n /*\n These are for vite's watch mode so it can accurately\n * connect to the HMR websocket & reconnect on failure\n * or when the server restarts.\n \n It only applies in development, and only on GET requests\n * that are part of the admin route.\n */\n if (\n process.env.NODE_ENV ~~===~~ '~~development~~' &&\n ctx.method === 'GET' &&\n ~~['/admin'].some((str) =>~~ ctx.path.startsWith(~~str~~))\n ) {\n helmetConfig = ~~merge~~(helmetConfig, {\n contentSecurityPolicy: {\n directives: {\n 'script-src': [\"'self'\", \"'unsafe-inline'\"],\n 'connect-src': [\"'self'\", 'http:', 'https:', 'ws:'],\n },\n },\n });\n }\n\n return helmet(helmetConfig)(ctx, next);\n };\n"],"names":["~~defaultsDeep~~","~~merge~~","helmet"],"mappings":";;;;;;AAOA,MAAM,WAAmB;AAAA,EACvB,2BAA2B;AAAA,EAC3B,yBAAyB;AAAA,EACzB,2BAA2B;AAAA,EAC3B,oBAAoB;AAAA,EACpB,uBAAuB;AAAA,IACrB,aAAa;AAAA,IACb,YAAY;AAAA,MACV,eAAe,CAAC,UAAU,QAAQ;AAAA,MAClC,WAAW,CAAC,UAAU,SAAS,SAAS,iCAAiC;AAAA,MACzE,aAAa,CAAC,UAAU,SAAS,OAAO;AAAA,MACxC,yBAAyB;AAAA,IAC3B;AAAA,EACF;AAAA,EACA,WAAW;AAAA,EACX,MAAM;AAAA,IACJ,QAAQ;AAAA,IACR,mBAAmB;AAAA,EACrB;AAAA,EACA,YAAY;AAAA,IACV,QAAQ;AAAA,EACV;AACF;AAEa,MAAA,WACX,CAAC,QAAQ,EAAE,aACX,CAAC,KAAK,SAAS;AACT,MAAA,~~eAAuBA~~,~~EAAAA~~,aAAa,UAAU,MAAM;AAElD,QAAA,eAAe,CAAC,gBAAgB;AAEtC,QAAM,aAKF;AAAA,IACF,cAAc,CAAC,UAAU,mBAAmB,kBAAkB;AAAA,IAC9D,WAAW,CAAC,UAAU,SAAS,oBAAoB,WAAW;AAAA,IAC9D,gBAAgB,CAAC;AAAA,IACjB,aAAa,CAAC;AAAA,EAAA;AAIZ,MAAA,OAAO,OAAO,SAAS,GAAG,QAAQ,OAAO,EAAE,WAAW,aAAa;AACrE,UAAM,EAAE,QAAQ,UAAA,IAAc,OAAO,OAAO,SAAS;AACxC,iBAAA,KAAK,UAAU,UAAU,CAAC;AAE5B,eAAA,YAAY,EAAE,KAAK,wBAAwB;AAC3C,eAAA,SAAS,EAAE,KAAK,oDAAoD;AACpE,eAAA,cAAc,EAAE,KAAK,QAAQ;AAC7B,eAAA,cAAc,EAAE,KAAK,kDAAkD;AACvE,eAAA,WAAW,EAAE,KAAK,QAAQ;AAC1B,eAAA,WAAW,EAAE,KAAK,iCAAiC;AAAA,EAChE;AAGA,MAAI,IAAI,WAAW,SAAS,aAAa,KAAK,CAAC,QAAQ,IAAI,KAAK,WAAW,GAAG,CAAC,GAAG;AAChF,~~mBAAeC~~,~~QAAM~~,cAAc;AAAA,~~MACjC~~,2BAA2B;AAAA;AAAA,MAC3B,uBAAuB;AAAA,QACrB;AAAA,MACF;AAAA,IAAA,CACD;AAAA,EACH;~~AAUA~~,~~MACE~~,QAAQ,IAAI,~~aAAa~~,~~iBACzB~~,IAAI,WAAW,SACf,~~CAAC~~,~~QAAQ~~,~~EAAE~~,~~KAAK~~,~~CAAC~~,~~QAAQ,~~IAAI,~~KAAK~~,~~WAAW,GAAG,~~CAAC,~~GACjD~~;AACA,~~mBAAeA~~,~~QAAM~~,cAAc;AAAA,~~MACjC~~,uBAAuB;AAAA,QACrB,YAAY;AAAA,UACV,cAAc,CAAC,UAAU,iBAAiB;AAAA,UAC1C,eAAe,CAAC,UAAU,SAAS,UAAU,KAAK;AAAA,QACpD;AAAA,MACF;AAAA,IAAA,CACD;AAAA,EACH;AAEA,SAAOC,gBAAO,QAAA,YAAY,EAAE,KAAK,IAAI;AACvC;;"}
1	+ {"version":3,"file":"security.js","sources":["../../src/middlewares/security.ts"],"sourcesContent":["import { defaultsDeep, mergeWith } from 'lodash/fp';\nimport helmet, { KoaHelmet } from 'koa-helmet';\n\nimport type { Core } from '@strapi/types';\n\nexport type Config = NonNullable<Parameters<KoaHelmet>[0]>;\n\nconst defaults: Config = {\n crossOriginEmbedderPolicy: false,\n crossOriginOpenerPolicy: false,\n crossOriginResourcePolicy: false,\n originAgentCluster: false,\n contentSecurityPolicy: {\n useDefaults: true,\n directives: {\n 'connect-src': [\"'self'\", 'https:'],\n 'img-src': [\"'self'\", 'data:', 'blob:', 'https://market-assets.strapi.io'],\n 'media-src': [\"'self'\", 'data:', 'blob:'],\n upgradeInsecureRequests: null,\n },\n },\n xssFilter: false,\n hsts: {\n maxAge: 31536000,\n includeSubDomains: true,\n },\n frameguard: {\n action: 'sameorigin',\n },\n};\n\nconst mergeConfig = (existingConfig: Config, newConfig: Config) => {\n return mergeWith(\n (obj, src) => (Array.isArray(obj) && Array.isArray(src) ? obj.concat(src) : undefined),\n existingConfig,\n newConfig\n );\n};\n\nexport const security: Core.MiddlewareFactory<Config> =\n (config, { strapi }) =>\n (ctx, next) => {\n let helmetConfig: Config = defaultsDeep(defaults, config);\n\n const specialPaths = ['/documentation'];\n\n const directives: {\n 'script-src': string[];\n 'img-src': string[];\n 'manifest-src': string[];\n 'frame-src': string[];\n } = {\n 'script-src': [\"'self'\", \"'unsafe-inline'\", 'cdn.jsdelivr.net'],\n 'img-src': [\"'self'\", 'data:', 'cdn.jsdelivr.net', 'strapi.io'],\n 'manifest-src': [],\n 'frame-src': [],\n };\n\n // if apollo graphql playground is enabled, add exceptions for it\n if (strapi.plugin('graphql')?.service('utils').playground.isEnabled()) {\n const { config: gqlConfig } = strapi.plugin('graphql');\n specialPaths.push(gqlConfig('endpoint'));\n\n directives['script-src'].push(`https: 'unsafe-inline'`);\n directives['img-src'].push(`'apollo-server-landing-page.cdn.apollographql.com'`);\n directives['manifest-src'].push(`'self'`);\n directives['manifest-src'].push('apollo-server-landing-page.cdn.apollographql.com');\n directives['frame-src'].push(`'self'`);\n directives['frame-src'].push('sandbox.embed.apollographql.com');\n }\n\n // TODO: we shouldn't combine playground exceptions with documentation for all routes, we should first check the path and then return exceptions specific to that\n if (ctx.method === 'GET' && specialPaths.some((str) => ctx.path.startsWith(str))) {\n helmetConfig = mergeConfig(helmetConfig, {\n crossOriginEmbedderPolicy: false, // TODO: only use this for graphql playground\n contentSecurityPolicy: {\n directives,\n },\n });\n }\n\n /*\n These are for vite's watch mode so it can accurately\n * connect to the HMR websocket & reconnect on failure\n * or when the server restarts.\n \n It only applies in development, and only on GET requests\n * that are part of the admin route.\n */\n\n if (\n ['development', 'test'].includes(process.env.NODE_ENV ?? '') &&\n ctx.method === 'GET' &&\n ctx.path.startsWith(strapi.config.get('admin.path'))\n ) {\n helmetConfig = mergeConfig(helmetConfig, {\n contentSecurityPolicy: {\n directives: {\n 'script-src': [\"'self'\", \"'unsafe-inline'\"],\n 'connect-src': [\"'self'\", 'http:', 'https:', 'ws:'],\n },\n },\n });\n }\n\n return helmet(helmetConfig)(ctx, next);\n };\n"],"names":["mergeWith","defaultsDeep","helmet"],"mappings":";;;;;;AAOA,MAAM,WAAmB;AAAA,EACvB,2BAA2B;AAAA,EAC3B,yBAAyB;AAAA,EACzB,2BAA2B;AAAA,EAC3B,oBAAoB;AAAA,EACpB,uBAAuB;AAAA,IACrB,aAAa;AAAA,IACb,YAAY;AAAA,MACV,eAAe,CAAC,UAAU,QAAQ;AAAA,MAClC,WAAW,CAAC,UAAU,SAAS,SAAS,iCAAiC;AAAA,MACzE,aAAa,CAAC,UAAU,SAAS,OAAO;AAAA,MACxC,yBAAyB;AAAA,IAC3B;AAAA,EACF;AAAA,EACA,WAAW;AAAA,EACX,MAAM;AAAA,IACJ,QAAQ;AAAA,IACR,mBAAmB;AAAA,EACrB;AAAA,EACA,YAAY;AAAA,IACV,QAAQ;AAAA,EACV;AACF;AAEA,MAAM,cAAc,CAAC,gBAAwB,cAAsB;AAC1D,SAAAA,GAAA;AAAA,IACL,CAAC,KAAK,QAAS,MAAM,QAAQ,GAAG,KAAK,MAAM,QAAQ,GAAG,IAAI,IAAI,OAAO,GAAG,IAAI;AAAA,IAC5E;AAAA,IACA;AAAA,EAAA;AAEJ;AAEa,MAAA,WACX,CAAC,QAAQ,EAAE,aACX,CAAC,KAAK,SAAS;AACT,MAAA,eAAuBC,GAAAA,aAAa,UAAU,MAAM;AAElD,QAAA,eAAe,CAAC,gBAAgB;AAEtC,QAAM,aAKF;AAAA,IACF,cAAc,CAAC,UAAU,mBAAmB,kBAAkB;AAAA,IAC9D,WAAW,CAAC,UAAU,SAAS,oBAAoB,WAAW;AAAA,IAC9D,gBAAgB,CAAC;AAAA,IACjB,aAAa,CAAC;AAAA,EAAA;AAIZ,MAAA,OAAO,OAAO,SAAS,GAAG,QAAQ,OAAO,EAAE,WAAW,aAAa;AACrE,UAAM,EAAE,QAAQ,UAAA,IAAc,OAAO,OAAO,SAAS;AACxC,iBAAA,KAAK,UAAU,UAAU,CAAC;AAE5B,eAAA,YAAY,EAAE,KAAK,wBAAwB;AAC3C,eAAA,SAAS,EAAE,KAAK,oDAAoD;AACpE,eAAA,cAAc,EAAE,KAAK,QAAQ;AAC7B,eAAA,cAAc,EAAE,KAAK,kDAAkD;AACvE,eAAA,WAAW,EAAE,KAAK,QAAQ;AAC1B,eAAA,WAAW,EAAE,KAAK,iCAAiC;AAAA,EAChE;AAGA,MAAI,IAAI,WAAW,SAAS,aAAa,KAAK,CAAC,QAAQ,IAAI,KAAK,WAAW,GAAG,CAAC,GAAG;AAChF,mBAAe,YAAY,cAAc;AAAA,MACvC,2BAA2B;AAAA;AAAA,MAC3B,uBAAuB;AAAA,QACrB;AAAA,MACF;AAAA,IAAA,CACD;AAAA,EACH;AAYE,MAAA,CAAC,eAAe,MAAM,EAAE,SAAS,QAAQ,IAAI,YAAY,EAAE,KAC3D,IAAI,WAAW,SACf,IAAI,KAAK,WAAW,OAAO,OAAO,IAAI,YAAY,CAAC,GACnD;AACA,mBAAe,YAAY,cAAc;AAAA,MACvC,uBAAuB;AAAA,QACrB,YAAY;AAAA,UACV,cAAc,CAAC,UAAU,iBAAiB;AAAA,UAC1C,eAAe,CAAC,UAAU,SAAS,UAAU,KAAK;AAAA,QACpD;AAAA,MACF;AAAA,IAAA,CACD;AAAA,EACH;AAEA,SAAOC,gBAAO,QAAA,YAAY,EAAE,KAAK,IAAI;AACvC;;"}

package/dist/middlewares/security.mjs CHANGED Viewed

@@ -1,4 +1,4 @@
-import { defaultsDeep, merge } from "lodash/fp";
+import { defaultsDeep, mergeWith } from "lodash/fp";
 import helmet from "koa-helmet";
 const defaults = {
   crossOriginEmbedderPolicy: false,
@@ -23,6 +23,13 @@ const defaults = {
     action: "sameorigin"
   }
 };
+const mergeConfig = (existingConfig, newConfig) => {
+  return mergeWith(
+    (obj, src) => Array.isArray(obj) && Array.isArray(src) ? obj.concat(src) : void 0,
+    existingConfig,
+    newConfig
+  );
+};
 const security = (config, { strapi }) => (ctx, next) => {
   let helmetConfig = defaultsDeep(defaults, config);
   const specialPaths = ["/documentation"];
@@ -43,7 +50,7 @@ const security = (config, { strapi }) => (ctx, next) => {
     directives["frame-src"].push("sandbox.embed.apollographql.com");
   }
   if (ctx.method === "GET" && specialPaths.some((str) => ctx.path.startsWith(str))) {
-    helmetConfig = merge(helmetConfig, {
+    helmetConfig = mergeConfig(helmetConfig, {
       crossOriginEmbedderPolicy: false,
       // TODO: only use this for graphql playground
       contentSecurityPolicy: {
@@ -51,8 +58,8 @@ const security = (config, { strapi }) => (ctx, next) => {
       }
     });
   }
-  if (process.env.NODE_ENV === "development" && ctx.method === "GET" && ["/admin"].some((str) => ctx.path.startsWith(str))) {
-    helmetConfig = merge(helmetConfig, {
+  if (["development", "test"].includes(process.env.NODE_ENV ?? "") && ctx.method === "GET" && ctx.path.startsWith(strapi.config.get("admin.path"))) {
+    helmetConfig = mergeConfig(helmetConfig, {
       contentSecurityPolicy: {
         directives: {
           "script-src": ["'self'", "'unsafe-inline'"],

package/dist/middlewares/security.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"security.mjs","sources":["../../src/middlewares/security.ts"],"sourcesContent":["import { defaultsDeep, ~~merge~~ } from 'lodash/fp';\nimport helmet, { KoaHelmet } from 'koa-helmet';\n\nimport type { Core } from '@strapi/types';\n\nexport type Config = NonNullable<Parameters<KoaHelmet>[0]>;\n\nconst defaults: Config = {\n crossOriginEmbedderPolicy: false,\n crossOriginOpenerPolicy: false,\n crossOriginResourcePolicy: false,\n originAgentCluster: false,\n contentSecurityPolicy: {\n useDefaults: true,\n directives: {\n 'connect-src': [\"'self'\", 'https:'],\n 'img-src': [\"'self'\", 'data:', 'blob:', 'https://market-assets.strapi.io'],\n 'media-src': [\"'self'\", 'data:', 'blob:'],\n upgradeInsecureRequests: null,\n },\n },\n xssFilter: false,\n hsts: {\n maxAge: 31536000,\n includeSubDomains: true,\n },\n frameguard: {\n action: 'sameorigin',\n },\n};\n\nexport const security: Core.MiddlewareFactory<Config> =\n (config, { strapi }) =>\n (ctx, next) => {\n let helmetConfig: Config = defaultsDeep(defaults, config);\n\n const specialPaths = ['/documentation'];\n\n const directives: {\n 'script-src': string[];\n 'img-src': string[];\n 'manifest-src': string[];\n 'frame-src': string[];\n } = {\n 'script-src': [\"'self'\", \"'unsafe-inline'\", 'cdn.jsdelivr.net'],\n 'img-src': [\"'self'\", 'data:', 'cdn.jsdelivr.net', 'strapi.io'],\n 'manifest-src': [],\n 'frame-src': [],\n };\n\n // if apollo graphql playground is enabled, add exceptions for it\n if (strapi.plugin('graphql')?.service('utils').playground.isEnabled()) {\n const { config: gqlConfig } = strapi.plugin('graphql');\n specialPaths.push(gqlConfig('endpoint'));\n\n directives['script-src'].push(`https: 'unsafe-inline'`);\n directives['img-src'].push(`'apollo-server-landing-page.cdn.apollographql.com'`);\n directives['manifest-src'].push(`'self'`);\n directives['manifest-src'].push('apollo-server-landing-page.cdn.apollographql.com');\n directives['frame-src'].push(`'self'`);\n directives['frame-src'].push('sandbox.embed.apollographql.com');\n }\n\n // TODO: we shouldn't combine playground exceptions with documentation for all routes, we should first check the path and then return exceptions specific to that\n if (ctx.method === 'GET' && specialPaths.some((str) => ctx.path.startsWith(str))) {\n helmetConfig = ~~merge~~(helmetConfig, {\n crossOriginEmbedderPolicy: false, // TODO: only use this for graphql playground\n contentSecurityPolicy: {\n directives,\n },\n });\n }\n\n /*\n These are for vite's watch mode so it can accurately\n * connect to the HMR websocket & reconnect on failure\n * or when the server restarts.\n \n It only applies in development, and only on GET requests\n * that are part of the admin route.\n */\n if (\n process.env.NODE_ENV ~~===~~ '~~development~~' &&\n ctx.method === 'GET' &&\n ~~['/admin'].some((str) =>~~ ctx.path.startsWith(~~str~~))\n ) {\n helmetConfig = ~~merge~~(helmetConfig, {\n contentSecurityPolicy: {\n directives: {\n 'script-src': [\"'self'\", \"'unsafe-inline'\"],\n 'connect-src': [\"'self'\", 'http:', 'https:', 'ws:'],\n },\n },\n });\n }\n\n return helmet(helmetConfig)(ctx, next);\n };\n"],"names":[],"mappings":";;AAOA,MAAM,WAAmB;AAAA,EACvB,2BAA2B;AAAA,EAC3B,yBAAyB;AAAA,EACzB,2BAA2B;AAAA,EAC3B,oBAAoB;AAAA,EACpB,uBAAuB;AAAA,IACrB,aAAa;AAAA,IACb,YAAY;AAAA,MACV,eAAe,CAAC,UAAU,QAAQ;AAAA,MAClC,WAAW,CAAC,UAAU,SAAS,SAAS,iCAAiC;AAAA,MACzE,aAAa,CAAC,UAAU,SAAS,OAAO;AAAA,MACxC,yBAAyB;AAAA,IAC3B;AAAA,EACF;AAAA,EACA,WAAW;AAAA,EACX,MAAM;AAAA,IACJ,QAAQ;AAAA,IACR,mBAAmB;AAAA,EACrB;AAAA,EACA,YAAY;AAAA,IACV,QAAQ;AAAA,EACV;AACF;AAEa,MAAA,WACX,CAAC,QAAQ,EAAE,aACX,CAAC,KAAK,SAAS;AACT,MAAA,eAAuB,aAAa,UAAU,MAAM;AAElD,QAAA,eAAe,CAAC,gBAAgB;AAEtC,QAAM,aAKF;AAAA,IACF,cAAc,CAAC,UAAU,mBAAmB,kBAAkB;AAAA,IAC9D,WAAW,CAAC,UAAU,SAAS,oBAAoB,WAAW;AAAA,IAC9D,gBAAgB,CAAC;AAAA,IACjB,aAAa,CAAC;AAAA,EAAA;AAIZ,MAAA,OAAO,OAAO,SAAS,GAAG,QAAQ,OAAO,EAAE,WAAW,aAAa;AACrE,UAAM,EAAE,QAAQ,UAAA,IAAc,OAAO,OAAO,SAAS;AACxC,iBAAA,KAAK,UAAU,UAAU,CAAC;AAE5B,eAAA,YAAY,EAAE,KAAK,wBAAwB;AAC3C,eAAA,SAAS,EAAE,KAAK,oDAAoD;AACpE,eAAA,cAAc,EAAE,KAAK,QAAQ;AAC7B,eAAA,cAAc,EAAE,KAAK,kDAAkD;AACvE,eAAA,WAAW,EAAE,KAAK,QAAQ;AAC1B,eAAA,WAAW,EAAE,KAAK,iCAAiC;AAAA,EAChE;AAGA,MAAI,IAAI,WAAW,SAAS,aAAa,KAAK,CAAC,QAAQ,IAAI,KAAK,WAAW,GAAG,CAAC,GAAG;AAChF,mBAAe,~~MAAM~~,cAAc;AAAA,~~MACjC~~,2BAA2B;AAAA;AAAA,MAC3B,uBAAuB;AAAA,QACrB;AAAA,MACF;AAAA,IAAA,CACD;AAAA,EACH;~~AAUA~~,~~MACE~~,QAAQ,IAAI,~~aAAa~~,~~iBACzB~~,IAAI,WAAW,SACf,~~CAAC~~,~~QAAQ~~,~~EAAE~~,~~KAAK~~,~~CAAC~~,~~QAAQ,~~IAAI,~~KAAK~~,~~WAAW,GAAG,~~CAAC,~~GACjD~~;AACA,mBAAe,~~MAAM~~,cAAc;AAAA,~~MACjC~~,uBAAuB;AAAA,QACrB,YAAY;AAAA,UACV,cAAc,CAAC,UAAU,iBAAiB;AAAA,UAC1C,eAAe,CAAC,UAAU,SAAS,UAAU,KAAK;AAAA,QACpD;AAAA,MACF;AAAA,IAAA,CACD;AAAA,EACH;AAEA,SAAO,OAAO,YAAY,EAAE,KAAK,IAAI;AACvC;"}
1	+ {"version":3,"file":"security.mjs","sources":["../../src/middlewares/security.ts"],"sourcesContent":["import { defaultsDeep, mergeWith } from 'lodash/fp';\nimport helmet, { KoaHelmet } from 'koa-helmet';\n\nimport type { Core } from '@strapi/types';\n\nexport type Config = NonNullable<Parameters<KoaHelmet>[0]>;\n\nconst defaults: Config = {\n crossOriginEmbedderPolicy: false,\n crossOriginOpenerPolicy: false,\n crossOriginResourcePolicy: false,\n originAgentCluster: false,\n contentSecurityPolicy: {\n useDefaults: true,\n directives: {\n 'connect-src': [\"'self'\", 'https:'],\n 'img-src': [\"'self'\", 'data:', 'blob:', 'https://market-assets.strapi.io'],\n 'media-src': [\"'self'\", 'data:', 'blob:'],\n upgradeInsecureRequests: null,\n },\n },\n xssFilter: false,\n hsts: {\n maxAge: 31536000,\n includeSubDomains: true,\n },\n frameguard: {\n action: 'sameorigin',\n },\n};\n\nconst mergeConfig = (existingConfig: Config, newConfig: Config) => {\n return mergeWith(\n (obj, src) => (Array.isArray(obj) && Array.isArray(src) ? obj.concat(src) : undefined),\n existingConfig,\n newConfig\n );\n};\n\nexport const security: Core.MiddlewareFactory<Config> =\n (config, { strapi }) =>\n (ctx, next) => {\n let helmetConfig: Config = defaultsDeep(defaults, config);\n\n const specialPaths = ['/documentation'];\n\n const directives: {\n 'script-src': string[];\n 'img-src': string[];\n 'manifest-src': string[];\n 'frame-src': string[];\n } = {\n 'script-src': [\"'self'\", \"'unsafe-inline'\", 'cdn.jsdelivr.net'],\n 'img-src': [\"'self'\", 'data:', 'cdn.jsdelivr.net', 'strapi.io'],\n 'manifest-src': [],\n 'frame-src': [],\n };\n\n // if apollo graphql playground is enabled, add exceptions for it\n if (strapi.plugin('graphql')?.service('utils').playground.isEnabled()) {\n const { config: gqlConfig } = strapi.plugin('graphql');\n specialPaths.push(gqlConfig('endpoint'));\n\n directives['script-src'].push(`https: 'unsafe-inline'`);\n directives['img-src'].push(`'apollo-server-landing-page.cdn.apollographql.com'`);\n directives['manifest-src'].push(`'self'`);\n directives['manifest-src'].push('apollo-server-landing-page.cdn.apollographql.com');\n directives['frame-src'].push(`'self'`);\n directives['frame-src'].push('sandbox.embed.apollographql.com');\n }\n\n // TODO: we shouldn't combine playground exceptions with documentation for all routes, we should first check the path and then return exceptions specific to that\n if (ctx.method === 'GET' && specialPaths.some((str) => ctx.path.startsWith(str))) {\n helmetConfig = mergeConfig(helmetConfig, {\n crossOriginEmbedderPolicy: false, // TODO: only use this for graphql playground\n contentSecurityPolicy: {\n directives,\n },\n });\n }\n\n /*\n These are for vite's watch mode so it can accurately\n * connect to the HMR websocket & reconnect on failure\n * or when the server restarts.\n \n It only applies in development, and only on GET requests\n * that are part of the admin route.\n */\n\n if (\n ['development', 'test'].includes(process.env.NODE_ENV ?? '') &&\n ctx.method === 'GET' &&\n ctx.path.startsWith(strapi.config.get('admin.path'))\n ) {\n helmetConfig = mergeConfig(helmetConfig, {\n contentSecurityPolicy: {\n directives: {\n 'script-src': [\"'self'\", \"'unsafe-inline'\"],\n 'connect-src': [\"'self'\", 'http:', 'https:', 'ws:'],\n },\n },\n });\n }\n\n return helmet(helmetConfig)(ctx, next);\n };\n"],"names":[],"mappings":";;AAOA,MAAM,WAAmB;AAAA,EACvB,2BAA2B;AAAA,EAC3B,yBAAyB;AAAA,EACzB,2BAA2B;AAAA,EAC3B,oBAAoB;AAAA,EACpB,uBAAuB;AAAA,IACrB,aAAa;AAAA,IACb,YAAY;AAAA,MACV,eAAe,CAAC,UAAU,QAAQ;AAAA,MAClC,WAAW,CAAC,UAAU,SAAS,SAAS,iCAAiC;AAAA,MACzE,aAAa,CAAC,UAAU,SAAS,OAAO;AAAA,MACxC,yBAAyB;AAAA,IAC3B;AAAA,EACF;AAAA,EACA,WAAW;AAAA,EACX,MAAM;AAAA,IACJ,QAAQ;AAAA,IACR,mBAAmB;AAAA,EACrB;AAAA,EACA,YAAY;AAAA,IACV,QAAQ;AAAA,EACV;AACF;AAEA,MAAM,cAAc,CAAC,gBAAwB,cAAsB;AAC1D,SAAA;AAAA,IACL,CAAC,KAAK,QAAS,MAAM,QAAQ,GAAG,KAAK,MAAM,QAAQ,GAAG,IAAI,IAAI,OAAO,GAAG,IAAI;AAAA,IAC5E;AAAA,IACA;AAAA,EAAA;AAEJ;AAEa,MAAA,WACX,CAAC,QAAQ,EAAE,aACX,CAAC,KAAK,SAAS;AACT,MAAA,eAAuB,aAAa,UAAU,MAAM;AAElD,QAAA,eAAe,CAAC,gBAAgB;AAEtC,QAAM,aAKF;AAAA,IACF,cAAc,CAAC,UAAU,mBAAmB,kBAAkB;AAAA,IAC9D,WAAW,CAAC,UAAU,SAAS,oBAAoB,WAAW;AAAA,IAC9D,gBAAgB,CAAC;AAAA,IACjB,aAAa,CAAC;AAAA,EAAA;AAIZ,MAAA,OAAO,OAAO,SAAS,GAAG,QAAQ,OAAO,EAAE,WAAW,aAAa;AACrE,UAAM,EAAE,QAAQ,UAAA,IAAc,OAAO,OAAO,SAAS;AACxC,iBAAA,KAAK,UAAU,UAAU,CAAC;AAE5B,eAAA,YAAY,EAAE,KAAK,wBAAwB;AAC3C,eAAA,SAAS,EAAE,KAAK,oDAAoD;AACpE,eAAA,cAAc,EAAE,KAAK,QAAQ;AAC7B,eAAA,cAAc,EAAE,KAAK,kDAAkD;AACvE,eAAA,WAAW,EAAE,KAAK,QAAQ;AAC1B,eAAA,WAAW,EAAE,KAAK,iCAAiC;AAAA,EAChE;AAGA,MAAI,IAAI,WAAW,SAAS,aAAa,KAAK,CAAC,QAAQ,IAAI,KAAK,WAAW,GAAG,CAAC,GAAG;AAChF,mBAAe,YAAY,cAAc;AAAA,MACvC,2BAA2B;AAAA;AAAA,MAC3B,uBAAuB;AAAA,QACrB;AAAA,MACF;AAAA,IAAA,CACD;AAAA,EACH;AAYE,MAAA,CAAC,eAAe,MAAM,EAAE,SAAS,QAAQ,IAAI,YAAY,EAAE,KAC3D,IAAI,WAAW,SACf,IAAI,KAAK,WAAW,OAAO,OAAO,IAAI,YAAY,CAAC,GACnD;AACA,mBAAe,YAAY,cAAc;AAAA,MACvC,uBAAuB;AAAA,QACrB,YAAY;AAAA,UACV,cAAc,CAAC,UAAU,iBAAiB;AAAA,UAC1C,eAAe,CAAC,UAAU,SAAS,UAAU,KAAK;AAAA,QACpD;AAAA,MACF;AAAA,IAAA,CACD;AAAA,EACH;AAEA,SAAO,OAAO,YAAY,EAAE,KAAK,IAAI;AACvC;"}

package/dist/middlewares/session.js CHANGED Viewed

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
-const _ = require("lodash/fp");
+const fp = require("lodash/fp");
 const koaSession = require("koa-session");
 const _interopDefault = (e) => e && e.__esModule ? e : { default: e };
 const koaSession__default = /* @__PURE__ */ _interopDefault(koaSession);
@@ -18,7 +18,7 @@ const defaultConfig = {
 };
 const session = (userConfig, { strapi }) => {
   const { keys } = strapi.server.app;
-  if (!_.isArray(keys) || _.isEmpty(keys) || keys.some(_.isEmpty)) {
+  if (!fp.isArray(keys) || fp.isEmpty(keys) || keys.some(fp.isEmpty)) {
     throw new Error(
       `App keys are required. Please set app.keys in config/server.js (ex: keys: ['myKeyA', 'myKeyB'])`
     );

package/dist/middlewares/session.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"session.js","sources":["../../src/middlewares/session.ts"],"sourcesContent":["import { isEmpty, isArray } from 'lodash/fp';\nimport koaSession from 'koa-session';\nimport type { Core } from '@strapi/types';\n\nconst defaultConfig = {\n key: 'koa.sess',\n maxAge: 86400000,\n autoCommit: true,\n overwrite: true,\n httpOnly: true,\n signed: true,\n rolling: false,\n renew: false,\n secure: process.env.NODE_ENV === 'production',\n sameSite: undefined,\n};\n\nexport const session: Core.MiddlewareFactory<Partial<koaSession.opts>> = (\n userConfig,\n { strapi }\n) => {\n const { keys } = strapi.server.app;\n if (!isArray(keys) \|\| isEmpty(keys) \|\| keys.some(isEmpty)) {\n throw new Error(\n `App keys are required. Please set app.keys in config/server.js (ex: keys: ['myKeyA', 'myKeyB'])`\n );\n }\n\n const config: Partial<koaSession.opts> = { ...defaultConfig, ...userConfig };\n\n strapi.server.use(koaSession(config, strapi.server.app));\n};\n"],"names":["isArray","isEmpty","koaSession"],"mappings":";;;;;;AAIA,MAAM,gBAAgB;AAAA,EACpB,KAAK;AAAA,EACL,QAAQ;AAAA,EACR,YAAY;AAAA,EACZ,WAAW;AAAA,EACX,UAAU;AAAA,EACV,QAAQ;AAAA,EACR,SAAS;AAAA,EACT,OAAO;AAAA,EACP,QAAQ,QAAQ,IAAI,aAAa;AAAA,EACjC,UAAU;AACZ;AAEO,MAAM,UAA4D,CACvE,YACA,EAAE,aACC;AACH,QAAM,EAAE,KAAS,IAAA,OAAO,OAAO;AAC3B,MAAA,CAACA,~~EAAAA~~,QAAQ,IAAI,KAAKC,~~EAAA~~,QAAQ,IAAI,KAAK,KAAK,KAAKA,~~EAAAA~~,OAAO,GAAG;AACzD,UAAM,IAAI;AAAA,MACR;AAAA,IAAA;AAAA,EAEJ;AAEA,QAAM,SAAmC,EAAE,GAAG,eAAe,GAAG,WAAW;AAE3E,SAAO,OAAO,IAAIC,oBAAA,QAAW,QAAQ,OAAO,OAAO,GAAG,CAAC;AACzD;;"}
1	+ {"version":3,"file":"session.js","sources":["../../src/middlewares/session.ts"],"sourcesContent":["import { isEmpty, isArray } from 'lodash/fp';\nimport koaSession from 'koa-session';\nimport type { Core } from '@strapi/types';\n\nconst defaultConfig = {\n key: 'koa.sess',\n maxAge: 86400000,\n autoCommit: true,\n overwrite: true,\n httpOnly: true,\n signed: true,\n rolling: false,\n renew: false,\n secure: process.env.NODE_ENV === 'production',\n sameSite: undefined,\n};\n\nexport const session: Core.MiddlewareFactory<Partial<koaSession.opts>> = (\n userConfig,\n { strapi }\n) => {\n const { keys } = strapi.server.app;\n if (!isArray(keys) \|\| isEmpty(keys) \|\| keys.some(isEmpty)) {\n throw new Error(\n `App keys are required. Please set app.keys in config/server.js (ex: keys: ['myKeyA', 'myKeyB'])`\n );\n }\n\n const config: Partial<koaSession.opts> = { ...defaultConfig, ...userConfig };\n\n strapi.server.use(koaSession(config, strapi.server.app));\n};\n"],"names":["isArray","isEmpty","koaSession"],"mappings":";;;;;;AAIA,MAAM,gBAAgB;AAAA,EACpB,KAAK;AAAA,EACL,QAAQ;AAAA,EACR,YAAY;AAAA,EACZ,WAAW;AAAA,EACX,UAAU;AAAA,EACV,QAAQ;AAAA,EACR,SAAS;AAAA,EACT,OAAO;AAAA,EACP,QAAQ,QAAQ,IAAI,aAAa;AAAA,EACjC,UAAU;AACZ;AAEO,MAAM,UAA4D,CACvE,YACA,EAAE,aACC;AACH,QAAM,EAAE,KAAS,IAAA,OAAO,OAAO;AAC3B,MAAA,CAACA,GAAAA,QAAQ,IAAI,KAAKC,GAAA,QAAQ,IAAI,KAAK,KAAK,KAAKA,GAAAA,OAAO,GAAG;AACzD,UAAM,IAAI;AAAA,MACR;AAAA,IAAA;AAAA,EAEJ;AAEA,QAAM,SAAmC,EAAE,GAAG,eAAe,GAAG,WAAW;AAE3E,SAAO,OAAO,IAAIC,oBAAA,QAAW,QAAQ,OAAO,OAAO,GAAG,CAAC;AACzD;;"}

package/dist/migrations/database/5.0.0-discard-drafts.d.ts ADDED Viewed

@@ -0,0 +1,33 @@
+/**
+ * This migration is responsible for creating the draft counterpart for all the entries that were in a published state.
+ *
+ * In v4, entries could either be in a draft or published state, but not both at the same time.
+ * In v5, we introduced the concept of document, and an entry can be in a draft or published state.
+ *
+ * This means the migration needs to create the draft counterpart if an entry was published.
+ *
+ * This migration performs the following steps:
+ * 1. Creates draft entries for all published entries, without it's components, dynamic zones or relations.
+ * 2. Using the document service, discard those same drafts to copy its relations.
+ */
+import type { Database, Migration } from '@strapi/database';
+type DocumentVersion = {
+    documentId: string;
+    locale: string;
+};
+type Knex = Parameters<Migration['up']>[0];
+/**
+ * Load a batch of versions to discard.
+ *
+ * Versions with only a draft version will be ignored.
+ * Only versions with a published version (which always have a draft version) will be discarded.
+ */
+export declare function getBatchToDiscard({ db, trx, uid, batchSize, }: {
+    db: Database;
+    trx: Knex;
+    uid: string;
+    batchSize?: number;
+}): AsyncGenerator<DocumentVersion[], void, unknown>;
+export declare const discardDocumentDrafts: Migration;
+export {};
+//# sourceMappingURL=5.0.0-discard-drafts.d.ts.map

package/dist/migrations/database/5.0.0-discard-drafts.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"5.0.0-discard-drafts.d.ts","sourceRoot":"","sources":["../../../src/migrations/database/5.0.0-discard-drafts.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAIH,OAAO,KAAK,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAG5D,KAAK,eAAe,GAAG;IAAE,UAAU,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAAC;AAC9D,KAAK,IAAI,GAAG,UAAU,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AAqF3C;;;;;GAKG;AACH,wBAAuB,iBAAiB,CAAC,EACvC,EAAE,EACF,GAAG,EACH,GAAG,EACH,SAAgB,GACjB,EAAE;IACD,EAAE,EAAE,QAAQ,CAAC;IACb,GAAG,EAAE,IAAI,CAAC;IACV,GAAG,EAAE,MAAM,CAAC;IACZ,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,oDAuBA;AAwCD,eAAO,MAAM,qBAAqB,EAAE,SAQnC,CAAC"}

package/dist/migrations/database/5.0.0-discard-drafts.js ADDED Viewed

@@ -0,0 +1,94 @@
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+const strapiUtils = require("@strapi/utils");
+const hasDraftAndPublish = async (trx, meta) => {
+  const hasTable = await trx.schema.hasTable(meta.tableName);
+  if (!hasTable) {
+    return false;
+  }
+  const uid = meta.uid;
+  const model = strapi.getModel(uid);
+  const hasDP = strapiUtils.contentTypes.hasDraftAndPublish(model);
+  if (!hasDP) {
+    return false;
+  }
+  return true;
+};
+async function copyPublishedEntriesToDraft({
+  db,
+  trx,
+  uid
+}) {
+  const meta = db.metadata.get(uid);
+  const scalarAttributes = Object.values(meta.attributes).reduce((acc, attribute) => {
+    if (["id"].includes(attribute.columnName)) {
+      return acc;
+    }
+    if (strapiUtils.contentTypes.isScalarAttribute(attribute)) {
+      acc.push(attribute.columnName);
+    }
+    return acc;
+  }, []);
+  await trx.into(
+    trx.raw(`?? (${scalarAttributes.map(() => `??`).join(", ")})`, [
+      meta.tableName,
+      ...scalarAttributes
+    ])
+  ).insert((subQb) => {
+    subQb.select(
+      ...scalarAttributes.map((att) => {
+        if (att === "published_at") {
+          return trx.raw("NULL as ??", "published_at");
+        }
+        return att;
+      })
+    ).from(meta.tableName).whereNotNull("published_at");
+  });
+}
+async function* getBatchToDiscard({
+  db,
+  trx,
+  uid,
+  batchSize = 1e3
+}) {
+  let offset = 0;
+  let hasMore = true;
+  while (hasMore) {
+    const batch = await db.queryBuilder(uid).select(["id", "documentId", "locale"]).where({ publishedAt: { $ne: null } }).limit(batchSize).offset(offset).orderBy("id").transacting(trx).execute();
+    if (batch.length < batchSize) {
+      hasMore = false;
+    }
+    offset += batchSize;
+    yield batch;
+  }
+}
+const migrateUp = async (trx, db) => {
+  const dpModels = [];
+  for (const meta of db.metadata.values()) {
+    const hasDP = await hasDraftAndPublish(trx, meta);
+    if (hasDP) {
+      dpModels.push(meta);
+    }
+  }
+  for (const model of dpModels) {
+    await copyPublishedEntriesToDraft({ db, trx, uid: model.uid });
+  }
+  for (const model of dpModels) {
+    const discardDraft = async (entry) => strapi.documents(model.uid).discardDraft({ documentId: entry.documentId, locale: entry.locale });
+    for await (const batch of getBatchToDiscard({ db, trx, uid: model.uid })) {
+      await strapiUtils.async.map(batch, discardDraft, { concurrency: 10 });
+    }
+  }
+};
+const discardDocumentDrafts = {
+  name: "core::5.0.0-discard-drafts",
+  async up(trx, db) {
+    await migrateUp(trx, db);
+  },
+  async down() {
+    throw new Error("not implemented");
+  }
+};
+exports.discardDocumentDrafts = discardDocumentDrafts;
+exports.getBatchToDiscard = getBatchToDiscard;
+//# sourceMappingURL=5.0.0-discard-drafts.js.map