npm - @strapi/plugin-users-permissions - Versions diffs - 0.0.0-next.e9bb5ccdc459f4c6b6717a2d5d86359b7a47d47d → 0.0.0-next.f7babb775ed9a7e18d8351cb7f74c63e016323c4 - Mend

@strapi/plugin-users-permissions 0.0.0-next.e9bb5ccdc459f4c6b6717a2d5d86359b7a47d47d → 0.0.0-next.f7babb775ed9a7e18d8351cb7f74c63e016323c4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (48) hide show

package/server/middlewares/rateLimit.js CHANGED Viewed

@@ -1,27 +1,47 @@
 'use strict';
+const utils = require('@strapi/utils');
+const { isString, has, toLower } = require('lodash/fp');
+const path = require('path');
+const { RateLimitError } = utils.errors;
 module.exports =
   (config, { strapi }) =>
   async (ctx, next) => {
-    const ratelimit = require('koa2-ratelimit').RateLimit;
-    const message = [
-      {
-        messages: [
-          {
-            id: 'Auth.form.error.ratelimit',
-            message: 'Too many attempts, please try again in a minute.',
-          },
-        ],
-      },
-    ];
-    return ratelimit.middleware({
-      interval: 1 * 60 * 1000,
-      max: 5,
-      prefixKey: `${ctx.request.path}:${ctx.request.ip}`,
-      message,
-      ...strapi.config.get('plugin.users-permissions.ratelimit'),
-      ...config,
-    })(ctx, next);
+    let rateLimitConfig = strapi.config.get('plugin.users-permissions.ratelimit');
+    if (!rateLimitConfig) {
+      rateLimitConfig = {
+        enabled: true,
+      };
+    }
+    if (!has('enabled', rateLimitConfig)) {
+      rateLimitConfig.enabled = true;
+    }
+    if (rateLimitConfig.enabled === true) {
+      const rateLimit = require('koa2-ratelimit').RateLimit;
+      const userIdentifier = toLower(ctx.request.body.email) || 'unknownIdentifier';
+      const requestPath = isString(ctx.request.path)
+        ? toLower(path.normalize(ctx.request.path))
+        : 'invalidPath';
+      const loadConfig = {
+        interval: { min: 5 },
+        max: 5,
+        prefixKey: `${userIdentifier}:${requestPath}:${ctx.request.ip}`,
+        handler() {
+          throw new RateLimitError();
+        },
+        ...rateLimitConfig,
+        ...config,
+      };
+      return rateLimit.middleware(loadConfig)(ctx, next);
+    }
+    return next();
   };

package/server/strategies/users-permissions.js CHANGED Viewed

@@ -1,6 +1,6 @@
 'use strict';
-const { castArray, map, every, pipe, isEmpty } = require('lodash/fp');
+const { castArray, map, every, pipe } = require('lodash/fp');
 const { ForbiddenError, UnauthorizedError } = require('@strapi/utils').errors;
 const { getService } = require('../utils');
@@ -80,13 +80,6 @@ const authenticate = async (ctx) => {
 const verify = async (auth, config) => {
   const { credentials: user, ability } = auth;
-  strapi.telemetry.send('didReceiveAPIRequest', {
-    eventProperties: {
-      authenticationMethod: auth?.strategy?.name,
-      isAuthenticated: !isEmpty(user),
-    },
-  });
   if (!config.scope) {
     if (!user) {
       // A non authenticated user cannot access routes that do not have a scope

package/admin/src/hooks/usePlugins/index.js DELETED Viewed

@@ -1,67 +0,0 @@
-import { useCallback, useEffect, useReducer } from 'react';
-import { useNotification, useFetchClient } from '@strapi/helper-plugin';
-import get from 'lodash/get';
-import init from './init';
-import pluginId from '../../pluginId';
-import { cleanPermissions } from '../../utils';
-import reducer, { initialState } from './reducer';
-const usePlugins = (shouldFetchData = true) => {
-  const toggleNotification = useNotification();
-  const [{ permissions, routes, isLoading }, dispatch] = useReducer(reducer, initialState, () =>
-    init(initialState, shouldFetchData)
-  );
-  const fetchClient = useFetchClient();
-  const fetchPlugins = useCallback(async () => {
-    try {
-      dispatch({
-        type: 'GET_DATA',
-      });
-      const [{ permissions }, { routes }] = await Promise.all(
-        [`/${pluginId}/permissions`, `/${pluginId}/routes`].map(async (endpoint) => {
-          const res = await fetchClient.get(endpoint);
-          return res.data;
-        })
-      );
-      dispatch({
-        type: 'GET_DATA_SUCCEEDED',
-        permissions: cleanPermissions(permissions),
-        routes,
-      });
-    } catch (err) {
-      const message = get(err, ['response', 'payload', 'message'], 'An error occured');
-      dispatch({
-        type: 'GET_DATA_ERROR',
-      });
-      if (message !== 'Forbidden') {
-        toggleNotification({
-          type: 'warning',
-          message,
-        });
-      }
-    }
-    // eslint-disable-next-line react-hooks/exhaustive-deps
-  }, [toggleNotification]);
-  useEffect(() => {
-    if (shouldFetchData) {
-      fetchPlugins();
-    }
-  }, [fetchPlugins, shouldFetchData]);
-  return {
-    permissions,
-    routes,
-    getData: fetchPlugins,
-    isLoading,
-  };
-};
-export default usePlugins;

package/admin/src/hooks/usePlugins/init.js DELETED Viewed

@@ -1,5 +0,0 @@
-const init = (initialState, shouldFetchData) => {
-  return { ...initialState, isLoading: shouldFetchData };
-};
-export default init;

package/admin/src/hooks/usePlugins/reducer.js DELETED Viewed

@@ -1,34 +0,0 @@
-/* eslint-disable consistent-return */
-import produce from 'immer';
-export const initialState = {
-  permissions: {},
-  routes: {},
-  isLoading: true,
-};
-const reducer = (state, action) =>
-  produce(state, (draftState) => {
-    switch (action.type) {
-      case 'GET_DATA': {
-        draftState.isLoading = true;
-        draftState.permissions = {};
-        draftState.routes = {};
-        break;
-      }
-      case 'GET_DATA_SUCCEEDED': {
-        draftState.permissions = action.permissions;
-        draftState.routes = action.routes;
-        draftState.isLoading = false;
-        break;
-      }
-      case 'GET_DATA_ERROR': {
-        draftState.isLoading = false;
-        break;
-      }
-      default:
-        return draftState;
-    }
-  });
-export default reducer;

package/admin/src/pages/Roles/EditPage/utils/schema.js DELETED Viewed

@@ -1,9 +0,0 @@
-import * as yup from 'yup';
-import { translatedErrors } from '@strapi/helper-plugin';
-const schema = yup.object().shape({
-  name: yup.string().required(translatedErrors.required),
-  description: yup.string().required(translatedErrors.required),
-});
-export default schema;

package/admin/src/utils/getRequestURL.js DELETED Viewed

@@ -1,5 +0,0 @@
-import pluginId from '../pluginId';
-const getRequestURL = (endPoint) => `/${pluginId}/${endPoint}`;
-export default getRequestURL;