npm - @strapi/plugin-users-permissions - Versions diffs - 0.0.0-next.e41415e8ff5f565ff959667d5c5ba4f20bee013c → 0.0.0-next.f426350b859ddae6592e9bfa99e6be94ae22e117 - Mend

@strapi/plugin-users-permissions 0.0.0-next.e41415e8ff5f565ff959667d5c5ba4f20bee013c → 0.0.0-next.f426350b859ddae6592e9bfa99e6be94ae22e117

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (49) hide show

package/server/middlewares/rateLimit.js CHANGED Viewed

@@ -1,27 +1,47 @@
 'use strict';
+const path = require('path');
+const utils = require('@strapi/utils');
+const { isString, has, toLower } = require('lodash/fp');
+const { RateLimitError } = utils.errors;
 module.exports =
   (config, { strapi }) =>
   async (ctx, next) => {
-    const ratelimit = require('koa2-ratelimit').RateLimit;
-    const message = [
-      {
-        messages: [
-          {
-            id: 'Auth.form.error.ratelimit',
-            message: 'Too many attempts, please try again in a minute.',
-          },
-        ],
-      },
-    ];
-    return ratelimit.middleware({
-      interval: 1 * 60 * 1000,
-      max: 5,
-      prefixKey: `${ctx.request.path}:${ctx.request.ip}`,
-      message,
-      ...strapi.config.get('plugin.users-permissions.ratelimit'),
-      ...config,
-    })(ctx, next);
+    let rateLimitConfig = strapi.config.get('plugin.users-permissions.ratelimit');
+    if (!rateLimitConfig) {
+      rateLimitConfig = {
+        enabled: true,
+      };
+    }
+    if (!has('enabled', rateLimitConfig)) {
+      rateLimitConfig.enabled = true;
+    }
+    if (rateLimitConfig.enabled === true) {
+      const rateLimit = require('koa2-ratelimit').RateLimit;
+      const userIdentifier = toLower(ctx.request.body.email) || 'unknownIdentifier';
+      const requestPath = isString(ctx.request.path)
+        ? toLower(path.normalize(ctx.request.path))
+        : 'invalidPath';
+      const loadConfig = {
+        interval: { min: 5 },
+        max: 5,
+        prefixKey: `${userIdentifier}:${requestPath}:${ctx.request.ip}`,
+        handler() {
+          throw new RateLimitError();
+        },
+        ...rateLimitConfig,
+        ...config,
+      };
+      return rateLimit.middleware(loadConfig)(ctx, next);
+    }
+    return next();
   };

package/server/strategies/users-permissions.js CHANGED Viewed

@@ -1,6 +1,6 @@
 'use strict';
-const { castArray, map, every, pipe, isEmpty } = require('lodash/fp');
+const { castArray, map, every, pipe } = require('lodash/fp');
 const { ForbiddenError, UnauthorizedError } = require('@strapi/utils').errors;
 const { getService } = require('../utils');
@@ -80,13 +80,6 @@ const authenticate = async (ctx) => {
 const verify = async (auth, config) => {
   const { credentials: user, ability } = auth;
-  strapi.telemetry.send('didReceiveAPIRequest', {
-    eventProperties: {
-      authenticationMethod: auth?.strategy?.name,
-      isAuthenticated: !isEmpty(user),
-    },
-  });
   if (!config.scope) {
     if (!user) {
       // A non authenticated user cannot access routes that do not have a scope

package/admin/src/hooks/usePlugins/index.js DELETED Viewed

@@ -1,67 +0,0 @@
-import { useCallback, useEffect, useReducer } from 'react';
-import { useNotification, useFetchClient } from '@strapi/helper-plugin';
-import get from 'lodash/get';
-import init from './init';
-import pluginId from '../../pluginId';
-import { cleanPermissions } from '../../utils';
-import reducer, { initialState } from './reducer';
-const usePlugins = (shouldFetchData = true) => {
-  const toggleNotification = useNotification();
-  const [{ permissions, routes, isLoading }, dispatch] = useReducer(reducer, initialState, () =>
-    init(initialState, shouldFetchData)
-  );
-  const fetchClient = useFetchClient();
-  const fetchPlugins = useCallback(async () => {
-    try {
-      dispatch({
-        type: 'GET_DATA',
-      });
-      const [{ permissions }, { routes }] = await Promise.all(
-        [`/${pluginId}/permissions`, `/${pluginId}/routes`].map(async (endpoint) => {
-          const res = await fetchClient.get(endpoint);
-          return res.data;
-        })
-      );
-      dispatch({
-        type: 'GET_DATA_SUCCEEDED',
-        permissions: cleanPermissions(permissions),
-        routes,
-      });
-    } catch (err) {
-      const message = get(err, ['response', 'payload', 'message'], 'An error occured');
-      dispatch({
-        type: 'GET_DATA_ERROR',
-      });
-      if (message !== 'Forbidden') {
-        toggleNotification({
-          type: 'warning',
-          message,
-        });
-      }
-    }
-    // eslint-disable-next-line react-hooks/exhaustive-deps
-  }, [toggleNotification]);
-  useEffect(() => {
-    if (shouldFetchData) {
-      fetchPlugins();
-    }
-  }, [fetchPlugins, shouldFetchData]);
-  return {
-    permissions,
-    routes,
-    getData: fetchPlugins,
-    isLoading,
-  };
-};
-export default usePlugins;

package/admin/src/hooks/usePlugins/init.js DELETED Viewed

@@ -1,5 +0,0 @@
-const init = (initialState, shouldFetchData) => {
-  return { ...initialState, isLoading: shouldFetchData };
-};
-export default init;

package/admin/src/hooks/usePlugins/reducer.js DELETED Viewed

@@ -1,34 +0,0 @@
-/* eslint-disable consistent-return */
-import produce from 'immer';
-export const initialState = {
-  permissions: {},
-  routes: {},
-  isLoading: true,
-};
-const reducer = (state, action) =>
-  produce(state, (draftState) => {
-    switch (action.type) {
-      case 'GET_DATA': {
-        draftState.isLoading = true;
-        draftState.permissions = {};
-        draftState.routes = {};
-        break;
-      }
-      case 'GET_DATA_SUCCEEDED': {
-        draftState.permissions = action.permissions;
-        draftState.routes = action.routes;
-        draftState.isLoading = false;
-        break;
-      }
-      case 'GET_DATA_ERROR': {
-        draftState.isLoading = false;
-        break;
-      }
-      default:
-        return draftState;
-    }
-  });
-export default reducer;

package/admin/src/pages/Roles/EditPage/utils/schema.js DELETED Viewed

@@ -1,9 +0,0 @@
-import * as yup from 'yup';
-import { translatedErrors } from '@strapi/helper-plugin';
-const schema = yup.object().shape({
-  name: yup.string().required(translatedErrors.required),
-  description: yup.string().required(translatedErrors.required),
-});
-export default schema;

package/admin/src/utils/getRequestURL.js DELETED Viewed

@@ -1,5 +0,0 @@
-import pluginId from '../pluginId';
-const getRequestURL = (endPoint) => `/${pluginId}/${endPoint}`;
-export default getRequestURL;