@strapi/plugin-users-permissions 5.23.5 → 5.24.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (41) hide show
  1. package/dist/server/bootstrap/index.js +26 -7
  2. package/dist/server/bootstrap/index.js.map +1 -1
  3. package/dist/server/bootstrap/index.mjs +26 -7
  4. package/dist/server/bootstrap/index.mjs.map +1 -1
  5. package/dist/server/config.js +16 -0
  6. package/dist/server/config.js.map +1 -1
  7. package/dist/server/config.mjs +16 -0
  8. package/dist/server/config.mjs.map +1 -1
  9. package/dist/server/controllers/auth.js +198 -3
  10. package/dist/server/controllers/auth.js.map +1 -1
  11. package/dist/server/controllers/auth.mjs +198 -3
  12. package/dist/server/controllers/auth.mjs.map +1 -1
  13. package/dist/server/routes/content-api/auth.js +16 -0
  14. package/dist/server/routes/content-api/auth.js.map +1 -1
  15. package/dist/server/routes/content-api/auth.mjs +16 -0
  16. package/dist/server/routes/content-api/auth.mjs.map +1 -1
  17. package/dist/server/routes/content-api/validation.js +1 -0
  18. package/dist/server/routes/content-api/validation.js.map +1 -1
  19. package/dist/server/routes/content-api/validation.mjs +1 -0
  20. package/dist/server/routes/content-api/validation.mjs.map +1 -1
  21. package/dist/server/services/constants.js +19 -0
  22. package/dist/server/services/constants.js.map +1 -0
  23. package/dist/server/services/constants.mjs +17 -0
  24. package/dist/server/services/constants.mjs.map +1 -0
  25. package/dist/server/services/jwt.js +45 -2
  26. package/dist/server/services/jwt.js.map +1 -1
  27. package/dist/server/services/jwt.mjs +45 -2
  28. package/dist/server/services/jwt.mjs.map +1 -1
  29. package/dist/server/services/user.js +29 -20
  30. package/dist/server/services/user.js.map +1 -1
  31. package/dist/server/services/user.mjs +29 -20
  32. package/dist/server/services/user.mjs.map +1 -1
  33. package/package.json +3 -3
  34. package/server/bootstrap/index.js +29 -0
  35. package/server/config.js +22 -0
  36. package/server/controllers/auth.js +232 -8
  37. package/server/routes/content-api/auth.js +12 -0
  38. package/server/routes/content-api/validation.js +1 -0
  39. package/server/services/constants.js +9 -0
  40. package/server/services/jwt.js +50 -2
  41. package/server/services/user.js +11 -0
package/dist/server/bootstrap/index.js CHANGED
@@ -4,6 +4,7 @@ var require$$0 = require('crypto');
4
4
  var require$$0$1 = require('lodash');
5
5
  var index = require('../utils/index.js');
6
6
  var usersPermissionsActions = require('./users-permissions-actions.js');
7
+ var constants = require('../services/constants.js');
7
8
 
8
9
  var bootstrap;
9
10
  var hasRequiredBootstrap;
@@ -20,6 +21,11 @@ function requireBootstrap() {
20
21
  const _ = require$$0$1;
21
22
  const { getService } = index.__require();
22
23
  const usersPermissionsActions$1 = usersPermissionsActions.__require();
24
+ const { DEFAULT_ACCESS_TOKEN_LIFESPAN, DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN, DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN, DEFAULT_MAX_SESSION_LIFESPAN, DEFAULT_IDLE_SESSION_LIFESPAN } = constants.__require();
25
+ const getSessionManager = ()=>{
26
+ const manager = strapi.sessionManager;
27
+ return manager ?? null;
28
+ };
23
29
  const initGrant = async (pluginStore)=>{
24
30
  const allProviders = getService('providers-registry').getAll();
25
31
  const grantConfig = Object.entries(allProviders).reduce((acc, [name, provider])=>{
@@ -114,27 +120,40 @@ function requireBootstrap() {
114
120
  });
115
121
  }
116
122
  };
117
- bootstrap = async ({ strapi })=>{
118
- const pluginStore = strapi.store({
123
+ bootstrap = async ({ strapi: strapi1 })=>{
124
+ const pluginStore = strapi1.store({
119
125
  type: 'plugin',
120
126
  name: 'users-permissions'
121
127
  });
122
128
  await initGrant(pluginStore);
123
129
  await initEmails(pluginStore);
124
130
  await initAdvancedOptions(pluginStore);
125
- await strapi.service('admin::permission').actionProvider.registerMany(usersPermissionsActions$1.actions);
131
+ await strapi1.service('admin::permission').actionProvider.registerMany(usersPermissionsActions$1.actions);
126
132
  await getService('users-permissions').initialize();
127
- if (!strapi.config.get('plugin::users-permissions.jwtSecret')) {
133
+ // Define users-permissions origin configuration for sessionManager
134
+ const upConfig = strapi1.config.get('plugin::users-permissions');
135
+ const sessionManager = getSessionManager();
136
+ if (sessionManager) {
137
+ sessionManager.defineOrigin('users-permissions', {
138
+ jwtSecret: upConfig.jwtSecret || strapi1.config.get('admin.auth.secret'),
139
+ accessTokenLifespan: upConfig.sessions?.accessTokenLifespan || DEFAULT_ACCESS_TOKEN_LIFESPAN,
140
+ maxRefreshTokenLifespan: upConfig.sessions?.maxRefreshTokenLifespan || DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN,
141
+ idleRefreshTokenLifespan: upConfig.sessions?.idleRefreshTokenLifespan || DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN,
142
+ maxSessionLifespan: upConfig.sessions?.maxSessionLifespan || DEFAULT_MAX_SESSION_LIFESPAN,
143
+ idleSessionLifespan: upConfig.sessions?.idleSessionLifespan || DEFAULT_IDLE_SESSION_LIFESPAN
144
+ });
145
+ }
146
+ if (!strapi1.config.get('plugin::users-permissions.jwtSecret')) {
128
147
  if (process.env.NODE_ENV !== 'development') {
129
148
  throw new Error(`Missing jwtSecret. Please, set configuration variable "jwtSecret" for the users-permissions plugin in config/plugins.js (ex: you can generate one using Node with \`crypto.randomBytes(16).toString('base64')\`).
130
149
  For security reasons, prefer storing the secret in an environment variable and read it in config/plugins.js. See https://docs.strapi.io/developer-docs/latest/setup-deployment-guides/configurations/optional/environment.html#configuration-using-environment-variables.`);
131
150
  }
132
151
  const jwtSecret = crypto.randomBytes(16).toString('base64');
133
- strapi.config.set('plugin::users-permissions.jwtSecret', jwtSecret);
152
+ strapi1.config.set('plugin::users-permissions.jwtSecret', jwtSecret);
134
153
  if (!process.env.JWT_SECRET) {
135
154
  const envPath = process.env.ENV_PATH || '.env';
136
- strapi.fs.appendFile(envPath, `JWT_SECRET=${jwtSecret}\n`);
137
- strapi.log.info(`The Users & Permissions plugin automatically generated a jwt secret and stored it in ${envPath} under the name JWT_SECRET.`);
155
+ strapi1.fs.appendFile(envPath, `JWT_SECRET=${jwtSecret}\n`);
156
+ strapi1.log.info(`The Users & Permissions plugin automatically generated a jwt secret and stored it in ${envPath} under the name JWT_SECRET.`);
138
157
  }
139
158
  }
140
159
  };
package/dist/server/bootstrap/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sources":["../../../server/bootstrap/index.js"],"sourcesContent":["'use strict';\n\n/**\n * An asynchronous bootstrap function that runs before\n * your application gets started.\n *\n * This gives you an opportunity to set up your data model,\n * run jobs, or perform some special logic.\n */\nconst crypto = require('crypto');\nconst _ = require('lodash');\nconst { getService } = require('../utils');\nconst usersPermissionsActions = require('./users-permissions-actions');\n\nconst initGrant = async (pluginStore) => {\n const allProviders = getService('providers-registry').getAll();\n\n const grantConfig = Object.entries(allProviders).reduce((acc, [name, provider]) => {\n const { icon, enabled, grantConfig } = provider;\n\n acc[name] = {\n icon,\n enabled,\n ...grantConfig,\n };\n return acc;\n }, {});\n\n const prevGrantConfig = (await pluginStore.get({ key: 'grant' })) || {};\n\n if (!prevGrantConfig || !_.isEqual(prevGrantConfig, grantConfig)) {\n // merge with the previous provider config.\n _.keys(grantConfig).forEach((key) => {\n if (key in prevGrantConfig) {\n grantConfig[key] = _.merge(grantConfig[key], prevGrantConfig[key]);\n }\n });\n await pluginStore.set({ key: 'grant', value: grantConfig });\n }\n};\n\nconst initEmails = async (pluginStore) => {\n if (!(await pluginStore.get({ key: 'email' }))) {\n const value = {\n reset_password: {\n display: 'Email.template.reset_password',\n icon: 'sync',\n options: {\n from: {\n name: 'Administration Panel',\n email: 'no-reply@strapi.io',\n },\n response_email: '',\n object: 'Reset password',\n message: `<p>We heard that you lost your password. Sorry about that!</p>\n\n<p>But don’t worry! You can use the following link to reset your password:</p>\n<p><%= URL %>?code=<%= TOKEN %></p>\n\n<p>Thanks.</p>`,\n },\n },\n email_confirmation: {\n display: 'Email.template.email_confirmation',\n icon: 'check-square',\n options: {\n from: {\n name: 'Administration Panel',\n email: 'no-reply@strapi.io',\n },\n response_email: '',\n object: 'Account confirmation',\n message: `<p>Thank you for registering!</p>\n\n<p>You have to confirm your email address. Please click on the link below.</p>\n\n<p><%= URL %>?confirmation=<%= CODE %></p>\n\n<p>Thanks.</p>`,\n },\n },\n };\n\n await pluginStore.set({ key: 'email', value });\n }\n};\n\nconst initAdvancedOptions = async (pluginStore) => {\n if (!(await pluginStore.get({ key: 'advanced' }))) {\n const value = {\n unique_email: true,\n allow_register: true,\n email_confirmation: false,\n email_reset_password: null,\n email_confirmation_redirection: null,\n default_role: 'authenticated',\n };\n\n await pluginStore.set({ key: 'advanced', value });\n }\n};\n\nmodule.exports = async ({ strapi }) => {\n const pluginStore = strapi.store({ type: 'plugin', name: 'users-permissions' });\n\n await initGrant(pluginStore);\n await initEmails(pluginStore);\n await initAdvancedOptions(pluginStore);\n\n await strapi\n .service('admin::permission')\n .actionProvider.registerMany(usersPermissionsActions.actions);\n\n await getService('users-permissions').initialize();\n\n if (!strapi.config.get('plugin::users-permissions.jwtSecret')) {\n if (process.env.NODE_ENV !== 'development') {\n throw new Error(\n `Missing jwtSecret. Please, set configuration variable \"jwtSecret\" for the users-permissions plugin in config/plugins.js (ex: you can generate one using Node with \\`crypto.randomBytes(16).toString('base64')\\`).\nFor security reasons, prefer storing the secret in an environment variable and read it in config/plugins.js. See https://docs.strapi.io/developer-docs/latest/setup-deployment-guides/configurations/optional/environment.html#configuration-using-environment-variables.`\n );\n }\n\n const jwtSecret = crypto.randomBytes(16).toString('base64');\n\n strapi.config.set('plugin::users-permissions.jwtSecret', jwtSecret);\n\n if (!process.env.JWT_SECRET) {\n const envPath = process.env.ENV_PATH || '.env';\n strapi.fs.appendFile(envPath, `JWT_SECRET=${jwtSecret}\\n`);\n strapi.log.info(\n `The Users & Permissions plugin automatically generated a jwt secret and stored it in ${envPath} under the name JWT_SECRET.`\n );\n }\n }\n};\n"],"names":["crypto","require$$0","_","require$$1","getService","require$$2","usersPermissionsActions","require$$3","initGrant","pluginStore","allProviders","getAll","grantConfig","Object","entries","reduce","acc","name","provider","icon","enabled","prevGrantConfig","get","key","isEqual","keys","forEach","merge","set","value","initEmails","reset_password","display","options","from","email","response_email","object","message","email_confirmation","initAdvancedOptions","unique_email","allow_register","email_reset_password","email_confirmation_redirection","default_role","bootstrap","strapi","store","type","service","actionProvider","registerMany","actions","initialize","config","process","env","NODE_ENV","Error","jwtSecret","randomBytes","toString","JWT_SECRET","envPath","ENV_PATH","fs","appendFile","log","info"],"mappings":";;;;;;;;;;;;AAEA;;;;;;AAMA,KACA,MAAMA,MAASC,GAAAA,UAAAA;AACf,IAAA,MAAMC,CAAIC,GAAAA,YAAAA;IACV,MAAM,EAAEC,UAAU,EAAE,GAAGC,eAAAA,EAAAA;AACvB,IAAA,MAAMC,yBAA0BC,GAAAA,iCAAAA,EAAAA;AAEhC,IAAA,MAAMC,YAAY,OAAOC,WAAAA,GAAAA;QACvB,MAAMC,YAAAA,GAAeN,UAAW,CAAA,oBAAA,CAAA,CAAsBO,MAAM,EAAA;QAE5D,MAAMC,WAAAA,GAAcC,MAAOC,CAAAA,OAAO,CAACJ,YAAAA,CAAAA,CAAcK,MAAM,CAAC,CAACC,GAAAA,EAAK,CAACC,IAAAA,EAAMC,QAAS,CAAA,GAAA;AAC5E,YAAA,MAAM,EAAEC,IAAI,EAAEC,OAAO,EAAER,WAAW,EAAE,GAAGM,QAAAA;YAEvCF,GAAG,CAACC,KAAK,GAAG;AACVE,gBAAAA,IAAAA;AACAC,gBAAAA,OAAAA;AACA,gBAAA,GAAGR;AACT,aAAA;YACI,OAAOI,GAAAA;AACR,SAAA,EAAE,EAAE,CAAA;AAEL,QAAA,MAAMK,eAAkB,GAAC,MAAMZ,WAAAA,CAAYa,GAAG,CAAC;YAAEC,GAAK,EAAA;cAAe;AAErE,QAAA,IAAI,CAACF,eAAmB,IAAA,CAACnB,EAAEsB,OAAO,CAACH,iBAAiBT,WAAc,CAAA,EAAA;;AAEhEV,YAAAA,CAAAA,CAAEuB,IAAI,CAACb,WAAac,CAAAA,CAAAA,OAAO,CAAC,CAACH,GAAAA,GAAAA;AAC3B,gBAAA,IAAIA,OAAOF,eAAiB,EAAA;AAC1BT,oBAAAA,WAAW,CAACW,GAAAA,CAAI,GAAGrB,CAAAA,CAAEyB,KAAK,CAACf,WAAW,CAACW,GAAI,CAAA,EAAEF,eAAe,CAACE,GAAI,CAAA,CAAA;AAClE;AACP,aAAA,CAAA;YACI,MAAMd,WAAAA,CAAYmB,GAAG,CAAC;gBAAEL,GAAK,EAAA,OAAA;gBAASM,KAAOjB,EAAAA;AAAW,aAAA,CAAA;AACzD;AACH,KAAA;AAEA,IAAA,MAAMkB,aAAa,OAAOrB,WAAAA,GAAAA;AACxB,QAAA,IAAI,CAAE,MAAMA,WAAYa,CAAAA,GAAG,CAAC;YAAEC,GAAK,EAAA;SAAa,CAAA,EAAA;AAC9C,YAAA,MAAMM,KAAQ,GAAA;gBACZE,cAAgB,EAAA;oBACdC,OAAS,EAAA,+BAAA;oBACTb,IAAM,EAAA,MAAA;oBACNc,OAAS,EAAA;wBACPC,IAAM,EAAA;4BACJjB,IAAM,EAAA,sBAAA;4BACNkB,KAAO,EAAA;AACR,yBAAA;wBACDC,cAAgB,EAAA,EAAA;wBAChBC,MAAQ,EAAA,gBAAA;AACRC,wBAAAA,OAAAA,EAAS,CAAC;;;;;cAKN;AACL;AACF,iBAAA;gBACDC,kBAAoB,EAAA;oBAClBP,OAAS,EAAA,mCAAA;oBACTb,IAAM,EAAA,cAAA;oBACNc,OAAS,EAAA;wBACPC,IAAM,EAAA;4BACJjB,IAAM,EAAA,sBAAA;4BACNkB,KAAO,EAAA;AACR,yBAAA;wBACDC,cAAgB,EAAA,EAAA;wBAChBC,MAAQ,EAAA,sBAAA;AACRC,wBAAAA,OAAAA,EAAS,CAAC;;;;;;cAMN;AACL;AACF;AACP,aAAA;YAEI,MAAM7B,WAAAA,CAAYmB,GAAG,CAAC;gBAAEL,GAAK,EAAA,OAAA;AAASM,gBAAAA;AAAK,aAAA,CAAA;AAC5C;AACH,KAAA;AAEA,IAAA,MAAMW,sBAAsB,OAAO/B,WAAAA,GAAAA;AACjC,QAAA,IAAI,CAAE,MAAMA,WAAYa,CAAAA,GAAG,CAAC;YAAEC,GAAK,EAAA;SAAgB,CAAA,EAAA;AACjD,YAAA,MAAMM,KAAQ,GAAA;gBACZY,YAAc,EAAA,IAAA;gBACdC,cAAgB,EAAA,IAAA;gBAChBH,kBAAoB,EAAA,KAAA;gBACpBI,oBAAsB,EAAA,IAAA;gBACtBC,8BAAgC,EAAA,IAAA;gBAChCC,YAAc,EAAA;AACpB,aAAA;YAEI,MAAMpC,WAAAA,CAAYmB,GAAG,CAAC;gBAAEL,GAAK,EAAA,UAAA;AAAYM,gBAAAA;AAAK,aAAA,CAAA;AAC/C;AACH,KAAA;IAEAiB,SAAiB,GAAA,OAAO,EAAEC,MAAM,EAAE,GAAA;QAChC,MAAMtC,WAAAA,GAAcsC,MAAOC,CAAAA,KAAK,CAAC;YAAEC,IAAM,EAAA,QAAA;YAAUhC,IAAM,EAAA;AAAmB,SAAA,CAAA;AAE5E,QAAA,MAAMT,SAAUC,CAAAA,WAAAA,CAAAA;AAChB,QAAA,MAAMqB,UAAWrB,CAAAA,WAAAA,CAAAA;AACjB,QAAA,MAAM+B,mBAAoB/B,CAAAA,WAAAA,CAAAA;QAE1B,MAAMsC,MAAAA,CACHG,OAAO,CAAC,mBAAA,CAAA,CACRC,cAAc,CAACC,YAAY,CAAC9C,yBAAAA,CAAwB+C,OAAO,CAAA;QAE9D,MAAMjD,UAAAA,CAAW,qBAAqBkD,UAAU,EAAA;AAEhD,QAAA,IAAI,CAACP,MAAOQ,CAAAA,MAAM,CAACjC,GAAG,CAAC,qCAAwC,CAAA,EAAA;AAC7D,YAAA,IAAIkC,OAAQC,CAAAA,GAAG,CAACC,QAAQ,KAAK,aAAe,EAAA;gBAC1C,MAAM,IAAIC,MACR,CAAC;yQACgQ,CAAC,CAAA;AAErQ;AAED,YAAA,MAAMC,YAAY5D,MAAO6D,CAAAA,WAAW,CAAC,EAAA,CAAA,CAAIC,QAAQ,CAAC,QAAA,CAAA;AAElDf,YAAAA,MAAAA,CAAOQ,MAAM,CAAC3B,GAAG,CAAC,qCAAuCgC,EAAAA,SAAAA,CAAAA;AAEzD,YAAA,IAAI,CAACJ,OAAAA,CAAQC,GAAG,CAACM,UAAU,EAAE;AAC3B,gBAAA,MAAMC,OAAUR,GAAAA,OAAAA,CAAQC,GAAG,CAACQ,QAAQ,IAAI,MAAA;gBACxClB,MAAOmB,CAAAA,EAAE,CAACC,UAAU,CAACH,OAAAA,EAAS,CAAC,WAAW,EAAEJ,SAAU,CAAA,EAAE,CAAC,CAAA;gBACzDb,MAAOqB,CAAAA,GAAG,CAACC,IAAI,CACb,CAAC,qFAAqF,EAAEL,OAAQ,CAAA,2BAA2B,CAAC,CAAA;AAE/H;AACF;AACH,KAAA;;;;;;"}
1
+ {"version":3,"file":"index.js","sources":["../../../server/bootstrap/index.js"],"sourcesContent":["'use strict';\n\n/**\n * An asynchronous bootstrap function that runs before\n * your application gets started.\n *\n * This gives you an opportunity to set up your data model,\n * run jobs, or perform some special logic.\n */\nconst crypto = require('crypto');\nconst _ = require('lodash');\nconst { getService } = require('../utils');\nconst usersPermissionsActions = require('./users-permissions-actions');\nconst {\n DEFAULT_ACCESS_TOKEN_LIFESPAN,\n DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN,\n DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN,\n DEFAULT_MAX_SESSION_LIFESPAN,\n DEFAULT_IDLE_SESSION_LIFESPAN,\n} = require('../services/constants');\n\nconst getSessionManager = () => {\n const manager = strapi.sessionManager;\n return manager ?? null;\n};\n\nconst initGrant = async (pluginStore) => {\n const allProviders = getService('providers-registry').getAll();\n\n const grantConfig = Object.entries(allProviders).reduce((acc, [name, provider]) => {\n const { icon, enabled, grantConfig } = provider;\n\n acc[name] = {\n icon,\n enabled,\n ...grantConfig,\n };\n return acc;\n }, {});\n\n const prevGrantConfig = (await pluginStore.get({ key: 'grant' })) || {};\n\n if (!prevGrantConfig || !_.isEqual(prevGrantConfig, grantConfig)) {\n // merge with the previous provider config.\n _.keys(grantConfig).forEach((key) => {\n if (key in prevGrantConfig) {\n grantConfig[key] = _.merge(grantConfig[key], prevGrantConfig[key]);\n }\n });\n await pluginStore.set({ key: 'grant', value: grantConfig });\n }\n};\n\nconst initEmails = async (pluginStore) => {\n if (!(await pluginStore.get({ key: 'email' }))) {\n const value = {\n reset_password: {\n display: 'Email.template.reset_password',\n icon: 'sync',\n options: {\n from: {\n name: 'Administration Panel',\n email: 'no-reply@strapi.io',\n },\n response_email: '',\n object: 'Reset password',\n message: `<p>We heard that you lost your password. Sorry about that!</p>\n\n<p>But don’t worry! You can use the following link to reset your password:</p>\n<p><%= URL %>?code=<%= TOKEN %></p>\n\n<p>Thanks.</p>`,\n },\n },\n email_confirmation: {\n display: 'Email.template.email_confirmation',\n icon: 'check-square',\n options: {\n from: {\n name: 'Administration Panel',\n email: 'no-reply@strapi.io',\n },\n response_email: '',\n object: 'Account confirmation',\n message: `<p>Thank you for registering!</p>\n\n<p>You have to confirm your email address. Please click on the link below.</p>\n\n<p><%= URL %>?confirmation=<%= CODE %></p>\n\n<p>Thanks.</p>`,\n },\n },\n };\n\n await pluginStore.set({ key: 'email', value });\n }\n};\n\nconst initAdvancedOptions = async (pluginStore) => {\n if (!(await pluginStore.get({ key: 'advanced' }))) {\n const value = {\n unique_email: true,\n allow_register: true,\n email_confirmation: false,\n email_reset_password: null,\n email_confirmation_redirection: null,\n default_role: 'authenticated',\n };\n\n await pluginStore.set({ key: 'advanced', value });\n }\n};\n\nmodule.exports = async ({ strapi }) => {\n const pluginStore = strapi.store({ type: 'plugin', name: 'users-permissions' });\n\n await initGrant(pluginStore);\n await initEmails(pluginStore);\n await initAdvancedOptions(pluginStore);\n\n await strapi\n .service('admin::permission')\n .actionProvider.registerMany(usersPermissionsActions.actions);\n\n await getService('users-permissions').initialize();\n\n // Define users-permissions origin configuration for sessionManager\n const upConfig = strapi.config.get('plugin::users-permissions');\n const sessionManager = getSessionManager();\n\n if (sessionManager) {\n sessionManager.defineOrigin('users-permissions', {\n jwtSecret: upConfig.jwtSecret || strapi.config.get('admin.auth.secret'),\n accessTokenLifespan: upConfig.sessions?.accessTokenLifespan || DEFAULT_ACCESS_TOKEN_LIFESPAN,\n maxRefreshTokenLifespan:\n upConfig.sessions?.maxRefreshTokenLifespan || DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN,\n idleRefreshTokenLifespan:\n upConfig.sessions?.idleRefreshTokenLifespan || DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN,\n maxSessionLifespan: upConfig.sessions?.maxSessionLifespan || DEFAULT_MAX_SESSION_LIFESPAN,\n idleSessionLifespan: upConfig.sessions?.idleSessionLifespan || DEFAULT_IDLE_SESSION_LIFESPAN,\n });\n }\n\n if (!strapi.config.get('plugin::users-permissions.jwtSecret')) {\n if (process.env.NODE_ENV !== 'development') {\n throw new Error(\n `Missing jwtSecret. Please, set configuration variable \"jwtSecret\" for the users-permissions plugin in config/plugins.js (ex: you can generate one using Node with \\`crypto.randomBytes(16).toString('base64')\\`).\nFor security reasons, prefer storing the secret in an environment variable and read it in config/plugins.js. See https://docs.strapi.io/developer-docs/latest/setup-deployment-guides/configurations/optional/environment.html#configuration-using-environment-variables.`\n );\n }\n\n const jwtSecret = crypto.randomBytes(16).toString('base64');\n\n strapi.config.set('plugin::users-permissions.jwtSecret', jwtSecret);\n\n if (!process.env.JWT_SECRET) {\n const envPath = process.env.ENV_PATH || '.env';\n strapi.fs.appendFile(envPath, `JWT_SECRET=${jwtSecret}\\n`);\n strapi.log.info(\n `The Users & Permissions plugin automatically generated a jwt secret and stored it in ${envPath} under the name JWT_SECRET.`\n );\n }\n }\n};\n"],"names":["crypto","require$$0","_","require$$1","getService","require$$2","usersPermissionsActions","require$$3","DEFAULT_ACCESS_TOKEN_LIFESPAN","DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN","DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN","DEFAULT_MAX_SESSION_LIFESPAN","DEFAULT_IDLE_SESSION_LIFESPAN","require$$4","getSessionManager","manager","strapi","sessionManager","initGrant","pluginStore","allProviders","getAll","grantConfig","Object","entries","reduce","acc","name","provider","icon","enabled","prevGrantConfig","get","key","isEqual","keys","forEach","merge","set","value","initEmails","reset_password","display","options","from","email","response_email","object","message","email_confirmation","initAdvancedOptions","unique_email","allow_register","email_reset_password","email_confirmation_redirection","default_role","bootstrap","store","type","service","actionProvider","registerMany","actions","initialize","upConfig","config","defineOrigin","jwtSecret","accessTokenLifespan","sessions","maxRefreshTokenLifespan","idleRefreshTokenLifespan","maxSessionLifespan","idleSessionLifespan","process","env","NODE_ENV","Error","randomBytes","toString","JWT_SECRET","envPath","ENV_PATH","fs","appendFile","log","info"],"mappings":";;;;;;;;;;;;;AAEA;;;;;;AAMA,KACA,MAAMA,MAASC,GAAAA,UAAAA;AACf,IAAA,MAAMC,CAAIC,GAAAA,YAAAA;IACV,MAAM,EAAEC,UAAU,EAAE,GAAGC,eAAAA,EAAAA;AACvB,IAAA,MAAMC,yBAA0BC,GAAAA,iCAAAA,EAAAA;IAChC,MAAM,EACJC,6BAA6B,EAC7BC,kCAAkC,EAClCC,mCAAmC,EACnCC,4BAA4B,EAC5BC,6BAA6B,EAC9B,GAAGC,mBAAAA,EAAAA;AAEJ,IAAA,MAAMC,iBAAoB,GAAA,IAAA;QACxB,MAAMC,OAAAA,GAAUC,OAAOC,cAAc;AACrC,QAAA,OAAOF,OAAW,IAAA,IAAA;AACpB,KAAA;AAEA,IAAA,MAAMG,YAAY,OAAOC,WAAAA,GAAAA;QACvB,MAAMC,YAAAA,GAAehB,UAAW,CAAA,oBAAA,CAAA,CAAsBiB,MAAM,EAAA;QAE5D,MAAMC,WAAAA,GAAcC,MAAOC,CAAAA,OAAO,CAACJ,YAAAA,CAAAA,CAAcK,MAAM,CAAC,CAACC,GAAAA,EAAK,CAACC,IAAAA,EAAMC,QAAS,CAAA,GAAA;AAC5E,YAAA,MAAM,EAAEC,IAAI,EAAEC,OAAO,EAAER,WAAW,EAAE,GAAGM,QAAAA;YAEvCF,GAAG,CAACC,KAAK,GAAG;AACVE,gBAAAA,IAAAA;AACAC,gBAAAA,OAAAA;AACA,gBAAA,GAAGR;AACT,aAAA;YACI,OAAOI,GAAAA;AACR,SAAA,EAAE,EAAE,CAAA;AAEL,QAAA,MAAMK,eAAkB,GAAC,MAAMZ,WAAAA,CAAYa,GAAG,CAAC;YAAEC,GAAK,EAAA;cAAe;AAErE,QAAA,IAAI,CAACF,eAAmB,IAAA,CAAC7B,EAAEgC,OAAO,CAACH,iBAAiBT,WAAc,CAAA,EAAA;;AAEhEpB,YAAAA,CAAAA,CAAEiC,IAAI,CAACb,WAAac,CAAAA,CAAAA,OAAO,CAAC,CAACH,GAAAA,GAAAA;AAC3B,gBAAA,IAAIA,OAAOF,eAAiB,EAAA;AAC1BT,oBAAAA,WAAW,CAACW,GAAAA,CAAI,GAAG/B,CAAAA,CAAEmC,KAAK,CAACf,WAAW,CAACW,GAAI,CAAA,EAAEF,eAAe,CAACE,GAAI,CAAA,CAAA;AAClE;AACP,aAAA,CAAA;YACI,MAAMd,WAAAA,CAAYmB,GAAG,CAAC;gBAAEL,GAAK,EAAA,OAAA;gBAASM,KAAOjB,EAAAA;AAAW,aAAA,CAAA;AACzD;AACH,KAAA;AAEA,IAAA,MAAMkB,aAAa,OAAOrB,WAAAA,GAAAA;AACxB,QAAA,IAAI,CAAE,MAAMA,WAAYa,CAAAA,GAAG,CAAC;YAAEC,GAAK,EAAA;SAAa,CAAA,EAAA;AAC9C,YAAA,MAAMM,KAAQ,GAAA;gBACZE,cAAgB,EAAA;oBACdC,OAAS,EAAA,+BAAA;oBACTb,IAAM,EAAA,MAAA;oBACNc,OAAS,EAAA;wBACPC,IAAM,EAAA;4BACJjB,IAAM,EAAA,sBAAA;4BACNkB,KAAO,EAAA;AACR,yBAAA;wBACDC,cAAgB,EAAA,EAAA;wBAChBC,MAAQ,EAAA,gBAAA;AACRC,wBAAAA,OAAAA,EAAS,CAAC;;;;;cAKN;AACL;AACF,iBAAA;gBACDC,kBAAoB,EAAA;oBAClBP,OAAS,EAAA,mCAAA;oBACTb,IAAM,EAAA,cAAA;oBACNc,OAAS,EAAA;wBACPC,IAAM,EAAA;4BACJjB,IAAM,EAAA,sBAAA;4BACNkB,KAAO,EAAA;AACR,yBAAA;wBACDC,cAAgB,EAAA,EAAA;wBAChBC,MAAQ,EAAA,sBAAA;AACRC,wBAAAA,OAAAA,EAAS,CAAC;;;;;;cAMN;AACL;AACF;AACP,aAAA;YAEI,MAAM7B,WAAAA,CAAYmB,GAAG,CAAC;gBAAEL,GAAK,EAAA,OAAA;AAASM,gBAAAA;AAAK,aAAA,CAAA;AAC5C;AACH,KAAA;AAEA,IAAA,MAAMW,sBAAsB,OAAO/B,WAAAA,GAAAA;AACjC,QAAA,IAAI,CAAE,MAAMA,WAAYa,CAAAA,GAAG,CAAC;YAAEC,GAAK,EAAA;SAAgB,CAAA,EAAA;AACjD,YAAA,MAAMM,KAAQ,GAAA;gBACZY,YAAc,EAAA,IAAA;gBACdC,cAAgB,EAAA,IAAA;gBAChBH,kBAAoB,EAAA,KAAA;gBACpBI,oBAAsB,EAAA,IAAA;gBACtBC,8BAAgC,EAAA,IAAA;gBAChCC,YAAc,EAAA;AACpB,aAAA;YAEI,MAAMpC,WAAAA,CAAYmB,GAAG,CAAC;gBAAEL,GAAK,EAAA,UAAA;AAAYM,gBAAAA;AAAK,aAAA,CAAA;AAC/C;AACH,KAAA;AAEAiB,IAAAA,SAAAA,GAAiB,OAAO,EAAExC,MAAAA,EAAAA,OAAM,EAAE,GAAA;QAChC,MAAMG,WAAAA,GAAcH,OAAOyC,CAAAA,KAAK,CAAC;YAAEC,IAAM,EAAA,QAAA;YAAU/B,IAAM,EAAA;AAAmB,SAAA,CAAA;AAE5E,QAAA,MAAMT,SAAUC,CAAAA,WAAAA,CAAAA;AAChB,QAAA,MAAMqB,UAAWrB,CAAAA,WAAAA,CAAAA;AACjB,QAAA,MAAM+B,mBAAoB/B,CAAAA,WAAAA,CAAAA;QAE1B,MAAMH,OAAAA,CACH2C,OAAO,CAAC,mBAAA,CAAA,CACRC,cAAc,CAACC,YAAY,CAACvD,yBAAAA,CAAwBwD,OAAO,CAAA;QAE9D,MAAM1D,UAAAA,CAAW,qBAAqB2D,UAAU,EAAA;;AAGhD,QAAA,MAAMC,QAAWhD,GAAAA,OAAAA,CAAOiD,MAAM,CAACjC,GAAG,CAAC,2BAAA,CAAA;AACnC,QAAA,MAAMf,cAAiBH,GAAAA,iBAAAA,EAAAA;AAEvB,QAAA,IAAIG,cAAgB,EAAA;YAClBA,cAAeiD,CAAAA,YAAY,CAAC,mBAAqB,EAAA;AAC/CC,gBAAAA,SAAAA,EAAWH,SAASG,SAAS,IAAInD,QAAOiD,MAAM,CAACjC,GAAG,CAAC,mBAAA,CAAA;gBACnDoC,mBAAqBJ,EAAAA,QAAAA,CAASK,QAAQ,EAAED,mBAAuB5D,IAAAA,6BAAAA;gBAC/D8D,uBACEN,EAAAA,QAAAA,CAASK,QAAQ,EAAEC,uBAA2B7D,IAAAA,kCAAAA;gBAChD8D,wBACEP,EAAAA,QAAAA,CAASK,QAAQ,EAAEE,wBAA4B7D,IAAAA,mCAAAA;gBACjD8D,kBAAoBR,EAAAA,QAAAA,CAASK,QAAQ,EAAEG,kBAAsB7D,IAAAA,4BAAAA;gBAC7D8D,mBAAqBT,EAAAA,QAAAA,CAASK,QAAQ,EAAEI,mBAAuB7D,IAAAA;AACrE,aAAA,CAAA;AACG;AAED,QAAA,IAAI,CAACI,OAAOiD,CAAAA,MAAM,CAACjC,GAAG,CAAC,qCAAwC,CAAA,EAAA;AAC7D,YAAA,IAAI0C,OAAQC,CAAAA,GAAG,CAACC,QAAQ,KAAK,aAAe,EAAA;gBAC1C,MAAM,IAAIC,MACR,CAAC;yQACgQ,CAAC,CAAA;AAErQ;AAED,YAAA,MAAMV,YAAYnE,MAAO8E,CAAAA,WAAW,CAAC,EAAA,CAAA,CAAIC,QAAQ,CAAC,QAAA,CAAA;AAElD/D,YAAAA,OAAAA,CAAOiD,MAAM,CAAC3B,GAAG,CAAC,qCAAuC6B,EAAAA,SAAAA,CAAAA;AAEzD,YAAA,IAAI,CAACO,OAAAA,CAAQC,GAAG,CAACK,UAAU,EAAE;AAC3B,gBAAA,MAAMC,OAAUP,GAAAA,OAAAA,CAAQC,GAAG,CAACO,QAAQ,IAAI,MAAA;gBACxClE,OAAOmE,CAAAA,EAAE,CAACC,UAAU,CAACH,OAAAA,EAAS,CAAC,WAAW,EAAEd,SAAU,CAAA,EAAE,CAAC,CAAA;gBACzDnD,OAAOqE,CAAAA,GAAG,CAACC,IAAI,CACb,CAAC,qFAAqF,EAAEL,OAAQ,CAAA,2BAA2B,CAAC,CAAA;AAE/H;AACF;AACH,KAAA;;;;;;"}
package/dist/server/bootstrap/index.mjs CHANGED
@@ -2,6 +2,7 @@ import require$$0 from 'crypto';
2
2
  import require$$0$1 from 'lodash';
3
3
  import { __require as requireUtils } from '../utils/index.mjs';
4
4
  import { __require as requireUsersPermissionsActions } from './users-permissions-actions.mjs';
5
+ import { __require as requireConstants } from '../services/constants.mjs';
5
6
 
6
7
  var bootstrap;
7
8
  var hasRequiredBootstrap;
@@ -18,6 +19,11 @@ function requireBootstrap() {
18
19
  const _ = require$$0$1;
19
20
  const { getService } = requireUtils();
20
21
  const usersPermissionsActions = requireUsersPermissionsActions();
22
+ const { DEFAULT_ACCESS_TOKEN_LIFESPAN, DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN, DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN, DEFAULT_MAX_SESSION_LIFESPAN, DEFAULT_IDLE_SESSION_LIFESPAN } = requireConstants();
23
+ const getSessionManager = ()=>{
24
+ const manager = strapi.sessionManager;
25
+ return manager ?? null;
26
+ };
21
27
  const initGrant = async (pluginStore)=>{
22
28
  const allProviders = getService('providers-registry').getAll();
23
29
  const grantConfig = Object.entries(allProviders).reduce((acc, [name, provider])=>{
@@ -112,27 +118,40 @@ function requireBootstrap() {
112
118
  });
113
119
  }
114
120
  };
115
- bootstrap = async ({ strapi })=>{
116
- const pluginStore = strapi.store({
121
+ bootstrap = async ({ strapi: strapi1 })=>{
122
+ const pluginStore = strapi1.store({
117
123
  type: 'plugin',
118
124
  name: 'users-permissions'
119
125
  });
120
126
  await initGrant(pluginStore);
121
127
  await initEmails(pluginStore);
122
128
  await initAdvancedOptions(pluginStore);
123
- await strapi.service('admin::permission').actionProvider.registerMany(usersPermissionsActions.actions);
129
+ await strapi1.service('admin::permission').actionProvider.registerMany(usersPermissionsActions.actions);
124
130
  await getService('users-permissions').initialize();
125
- if (!strapi.config.get('plugin::users-permissions.jwtSecret')) {
131
+ // Define users-permissions origin configuration for sessionManager
132
+ const upConfig = strapi1.config.get('plugin::users-permissions');
133
+ const sessionManager = getSessionManager();
134
+ if (sessionManager) {
135
+ sessionManager.defineOrigin('users-permissions', {
136
+ jwtSecret: upConfig.jwtSecret || strapi1.config.get('admin.auth.secret'),
137
+ accessTokenLifespan: upConfig.sessions?.accessTokenLifespan || DEFAULT_ACCESS_TOKEN_LIFESPAN,
138
+ maxRefreshTokenLifespan: upConfig.sessions?.maxRefreshTokenLifespan || DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN,
139
+ idleRefreshTokenLifespan: upConfig.sessions?.idleRefreshTokenLifespan || DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN,
140
+ maxSessionLifespan: upConfig.sessions?.maxSessionLifespan || DEFAULT_MAX_SESSION_LIFESPAN,
141
+ idleSessionLifespan: upConfig.sessions?.idleSessionLifespan || DEFAULT_IDLE_SESSION_LIFESPAN
142
+ });
143
+ }
144
+ if (!strapi1.config.get('plugin::users-permissions.jwtSecret')) {
126
145
  if (process.env.NODE_ENV !== 'development') {
127
146
  throw new Error(`Missing jwtSecret. Please, set configuration variable "jwtSecret" for the users-permissions plugin in config/plugins.js (ex: you can generate one using Node with \`crypto.randomBytes(16).toString('base64')\`).
128
147
  For security reasons, prefer storing the secret in an environment variable and read it in config/plugins.js. See https://docs.strapi.io/developer-docs/latest/setup-deployment-guides/configurations/optional/environment.html#configuration-using-environment-variables.`);
129
148
  }
130
149
  const jwtSecret = crypto.randomBytes(16).toString('base64');
131
- strapi.config.set('plugin::users-permissions.jwtSecret', jwtSecret);
150
+ strapi1.config.set('plugin::users-permissions.jwtSecret', jwtSecret);
132
151
  if (!process.env.JWT_SECRET) {
133
152
  const envPath = process.env.ENV_PATH || '.env';
134
- strapi.fs.appendFile(envPath, `JWT_SECRET=${jwtSecret}\n`);
135
- strapi.log.info(`The Users & Permissions plugin automatically generated a jwt secret and stored it in ${envPath} under the name JWT_SECRET.`);
153
+ strapi1.fs.appendFile(envPath, `JWT_SECRET=${jwtSecret}\n`);
154
+ strapi1.log.info(`The Users & Permissions plugin automatically generated a jwt secret and stored it in ${envPath} under the name JWT_SECRET.`);
136
155
  }
137
156
  }
138
157
  };
package/dist/server/bootstrap/index.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.mjs","sources":["../../../server/bootstrap/index.js"],"sourcesContent":["'use strict';\n\n/**\n * An asynchronous bootstrap function that runs before\n * your application gets started.\n *\n * This gives you an opportunity to set up your data model,\n * run jobs, or perform some special logic.\n */\nconst crypto = require('crypto');\nconst _ = require('lodash');\nconst { getService } = require('../utils');\nconst usersPermissionsActions = require('./users-permissions-actions');\n\nconst initGrant = async (pluginStore) => {\n const allProviders = getService('providers-registry').getAll();\n\n const grantConfig = Object.entries(allProviders).reduce((acc, [name, provider]) => {\n const { icon, enabled, grantConfig } = provider;\n\n acc[name] = {\n icon,\n enabled,\n ...grantConfig,\n };\n return acc;\n }, {});\n\n const prevGrantConfig = (await pluginStore.get({ key: 'grant' })) || {};\n\n if (!prevGrantConfig || !_.isEqual(prevGrantConfig, grantConfig)) {\n // merge with the previous provider config.\n _.keys(grantConfig).forEach((key) => {\n if (key in prevGrantConfig) {\n grantConfig[key] = _.merge(grantConfig[key], prevGrantConfig[key]);\n }\n });\n await pluginStore.set({ key: 'grant', value: grantConfig });\n }\n};\n\nconst initEmails = async (pluginStore) => {\n if (!(await pluginStore.get({ key: 'email' }))) {\n const value = {\n reset_password: {\n display: 'Email.template.reset_password',\n icon: 'sync',\n options: {\n from: {\n name: 'Administration Panel',\n email: 'no-reply@strapi.io',\n },\n response_email: '',\n object: 'Reset password',\n message: `<p>We heard that you lost your password. Sorry about that!</p>\n\n<p>But don’t worry! You can use the following link to reset your password:</p>\n<p><%= URL %>?code=<%= TOKEN %></p>\n\n<p>Thanks.</p>`,\n },\n },\n email_confirmation: {\n display: 'Email.template.email_confirmation',\n icon: 'check-square',\n options: {\n from: {\n name: 'Administration Panel',\n email: 'no-reply@strapi.io',\n },\n response_email: '',\n object: 'Account confirmation',\n message: `<p>Thank you for registering!</p>\n\n<p>You have to confirm your email address. Please click on the link below.</p>\n\n<p><%= URL %>?confirmation=<%= CODE %></p>\n\n<p>Thanks.</p>`,\n },\n },\n };\n\n await pluginStore.set({ key: 'email', value });\n }\n};\n\nconst initAdvancedOptions = async (pluginStore) => {\n if (!(await pluginStore.get({ key: 'advanced' }))) {\n const value = {\n unique_email: true,\n allow_register: true,\n email_confirmation: false,\n email_reset_password: null,\n email_confirmation_redirection: null,\n default_role: 'authenticated',\n };\n\n await pluginStore.set({ key: 'advanced', value });\n }\n};\n\nmodule.exports = async ({ strapi }) => {\n const pluginStore = strapi.store({ type: 'plugin', name: 'users-permissions' });\n\n await initGrant(pluginStore);\n await initEmails(pluginStore);\n await initAdvancedOptions(pluginStore);\n\n await strapi\n .service('admin::permission')\n .actionProvider.registerMany(usersPermissionsActions.actions);\n\n await getService('users-permissions').initialize();\n\n if (!strapi.config.get('plugin::users-permissions.jwtSecret')) {\n if (process.env.NODE_ENV !== 'development') {\n throw new Error(\n `Missing jwtSecret. Please, set configuration variable \"jwtSecret\" for the users-permissions plugin in config/plugins.js (ex: you can generate one using Node with \\`crypto.randomBytes(16).toString('base64')\\`).\nFor security reasons, prefer storing the secret in an environment variable and read it in config/plugins.js. See https://docs.strapi.io/developer-docs/latest/setup-deployment-guides/configurations/optional/environment.html#configuration-using-environment-variables.`\n );\n }\n\n const jwtSecret = crypto.randomBytes(16).toString('base64');\n\n strapi.config.set('plugin::users-permissions.jwtSecret', jwtSecret);\n\n if (!process.env.JWT_SECRET) {\n const envPath = process.env.ENV_PATH || '.env';\n strapi.fs.appendFile(envPath, `JWT_SECRET=${jwtSecret}\\n`);\n strapi.log.info(\n `The Users & Permissions plugin automatically generated a jwt secret and stored it in ${envPath} under the name JWT_SECRET.`\n );\n }\n }\n};\n"],"names":["crypto","require$$0","_","require$$1","getService","require$$2","usersPermissionsActions","require$$3","initGrant","pluginStore","allProviders","getAll","grantConfig","Object","entries","reduce","acc","name","provider","icon","enabled","prevGrantConfig","get","key","isEqual","keys","forEach","merge","set","value","initEmails","reset_password","display","options","from","email","response_email","object","message","email_confirmation","initAdvancedOptions","unique_email","allow_register","email_reset_password","email_confirmation_redirection","default_role","bootstrap","strapi","store","type","service","actionProvider","registerMany","actions","initialize","config","process","env","NODE_ENV","Error","jwtSecret","randomBytes","toString","JWT_SECRET","envPath","ENV_PATH","fs","appendFile","log","info"],"mappings":";;;;;;;;;;AAEA;;;;;;AAMA,KACA,MAAMA,MAASC,GAAAA,UAAAA;AACf,IAAA,MAAMC,CAAIC,GAAAA,YAAAA;IACV,MAAM,EAAEC,UAAU,EAAE,GAAGC,YAAAA,EAAAA;AACvB,IAAA,MAAMC,uBAA0BC,GAAAA,8BAAAA,EAAAA;AAEhC,IAAA,MAAMC,YAAY,OAAOC,WAAAA,GAAAA;QACvB,MAAMC,YAAAA,GAAeN,UAAW,CAAA,oBAAA,CAAA,CAAsBO,MAAM,EAAA;QAE5D,MAAMC,WAAAA,GAAcC,MAAOC,CAAAA,OAAO,CAACJ,YAAAA,CAAAA,CAAcK,MAAM,CAAC,CAACC,GAAAA,EAAK,CAACC,IAAAA,EAAMC,QAAS,CAAA,GAAA;AAC5E,YAAA,MAAM,EAAEC,IAAI,EAAEC,OAAO,EAAER,WAAW,EAAE,GAAGM,QAAAA;YAEvCF,GAAG,CAACC,KAAK,GAAG;AACVE,gBAAAA,IAAAA;AACAC,gBAAAA,OAAAA;AACA,gBAAA,GAAGR;AACT,aAAA;YACI,OAAOI,GAAAA;AACR,SAAA,EAAE,EAAE,CAAA;AAEL,QAAA,MAAMK,eAAkB,GAAC,MAAMZ,WAAAA,CAAYa,GAAG,CAAC;YAAEC,GAAK,EAAA;cAAe;AAErE,QAAA,IAAI,CAACF,eAAmB,IAAA,CAACnB,EAAEsB,OAAO,CAACH,iBAAiBT,WAAc,CAAA,EAAA;;AAEhEV,YAAAA,CAAAA,CAAEuB,IAAI,CAACb,WAAac,CAAAA,CAAAA,OAAO,CAAC,CAACH,GAAAA,GAAAA;AAC3B,gBAAA,IAAIA,OAAOF,eAAiB,EAAA;AAC1BT,oBAAAA,WAAW,CAACW,GAAAA,CAAI,GAAGrB,CAAAA,CAAEyB,KAAK,CAACf,WAAW,CAACW,GAAI,CAAA,EAAEF,eAAe,CAACE,GAAI,CAAA,CAAA;AAClE;AACP,aAAA,CAAA;YACI,MAAMd,WAAAA,CAAYmB,GAAG,CAAC;gBAAEL,GAAK,EAAA,OAAA;gBAASM,KAAOjB,EAAAA;AAAW,aAAA,CAAA;AACzD;AACH,KAAA;AAEA,IAAA,MAAMkB,aAAa,OAAOrB,WAAAA,GAAAA;AACxB,QAAA,IAAI,CAAE,MAAMA,WAAYa,CAAAA,GAAG,CAAC;YAAEC,GAAK,EAAA;SAAa,CAAA,EAAA;AAC9C,YAAA,MAAMM,KAAQ,GAAA;gBACZE,cAAgB,EAAA;oBACdC,OAAS,EAAA,+BAAA;oBACTb,IAAM,EAAA,MAAA;oBACNc,OAAS,EAAA;wBACPC,IAAM,EAAA;4BACJjB,IAAM,EAAA,sBAAA;4BACNkB,KAAO,EAAA;AACR,yBAAA;wBACDC,cAAgB,EAAA,EAAA;wBAChBC,MAAQ,EAAA,gBAAA;AACRC,wBAAAA,OAAAA,EAAS,CAAC;;;;;cAKN;AACL;AACF,iBAAA;gBACDC,kBAAoB,EAAA;oBAClBP,OAAS,EAAA,mCAAA;oBACTb,IAAM,EAAA,cAAA;oBACNc,OAAS,EAAA;wBACPC,IAAM,EAAA;4BACJjB,IAAM,EAAA,sBAAA;4BACNkB,KAAO,EAAA;AACR,yBAAA;wBACDC,cAAgB,EAAA,EAAA;wBAChBC,MAAQ,EAAA,sBAAA;AACRC,wBAAAA,OAAAA,EAAS,CAAC;;;;;;cAMN;AACL;AACF;AACP,aAAA;YAEI,MAAM7B,WAAAA,CAAYmB,GAAG,CAAC;gBAAEL,GAAK,EAAA,OAAA;AAASM,gBAAAA;AAAK,aAAA,CAAA;AAC5C;AACH,KAAA;AAEA,IAAA,MAAMW,sBAAsB,OAAO/B,WAAAA,GAAAA;AACjC,QAAA,IAAI,CAAE,MAAMA,WAAYa,CAAAA,GAAG,CAAC;YAAEC,GAAK,EAAA;SAAgB,CAAA,EAAA;AACjD,YAAA,MAAMM,KAAQ,GAAA;gBACZY,YAAc,EAAA,IAAA;gBACdC,cAAgB,EAAA,IAAA;gBAChBH,kBAAoB,EAAA,KAAA;gBACpBI,oBAAsB,EAAA,IAAA;gBACtBC,8BAAgC,EAAA,IAAA;gBAChCC,YAAc,EAAA;AACpB,aAAA;YAEI,MAAMpC,WAAAA,CAAYmB,GAAG,CAAC;gBAAEL,GAAK,EAAA,UAAA;AAAYM,gBAAAA;AAAK,aAAA,CAAA;AAC/C;AACH,KAAA;IAEAiB,SAAiB,GAAA,OAAO,EAAEC,MAAM,EAAE,GAAA;QAChC,MAAMtC,WAAAA,GAAcsC,MAAOC,CAAAA,KAAK,CAAC;YAAEC,IAAM,EAAA,QAAA;YAAUhC,IAAM,EAAA;AAAmB,SAAA,CAAA;AAE5E,QAAA,MAAMT,SAAUC,CAAAA,WAAAA,CAAAA;AAChB,QAAA,MAAMqB,UAAWrB,CAAAA,WAAAA,CAAAA;AACjB,QAAA,MAAM+B,mBAAoB/B,CAAAA,WAAAA,CAAAA;QAE1B,MAAMsC,MAAAA,CACHG,OAAO,CAAC,mBAAA,CAAA,CACRC,cAAc,CAACC,YAAY,CAAC9C,uBAAAA,CAAwB+C,OAAO,CAAA;QAE9D,MAAMjD,UAAAA,CAAW,qBAAqBkD,UAAU,EAAA;AAEhD,QAAA,IAAI,CAACP,MAAOQ,CAAAA,MAAM,CAACjC,GAAG,CAAC,qCAAwC,CAAA,EAAA;AAC7D,YAAA,IAAIkC,OAAQC,CAAAA,GAAG,CAACC,QAAQ,KAAK,aAAe,EAAA;gBAC1C,MAAM,IAAIC,MACR,CAAC;yQACgQ,CAAC,CAAA;AAErQ;AAED,YAAA,MAAMC,YAAY5D,MAAO6D,CAAAA,WAAW,CAAC,EAAA,CAAA,CAAIC,QAAQ,CAAC,QAAA,CAAA;AAElDf,YAAAA,MAAAA,CAAOQ,MAAM,CAAC3B,GAAG,CAAC,qCAAuCgC,EAAAA,SAAAA,CAAAA;AAEzD,YAAA,IAAI,CAACJ,OAAAA,CAAQC,GAAG,CAACM,UAAU,EAAE;AAC3B,gBAAA,MAAMC,OAAUR,GAAAA,OAAAA,CAAQC,GAAG,CAACQ,QAAQ,IAAI,MAAA;gBACxClB,MAAOmB,CAAAA,EAAE,CAACC,UAAU,CAACH,OAAAA,EAAS,CAAC,WAAW,EAAEJ,SAAU,CAAA,EAAE,CAAC,CAAA;gBACzDb,MAAOqB,CAAAA,GAAG,CAACC,IAAI,CACb,CAAC,qFAAqF,EAAEL,OAAQ,CAAA,2BAA2B,CAAC,CAAA;AAE/H;AACF;AACH,KAAA;;;;;;"}
1
+ {"version":3,"file":"index.mjs","sources":["../../../server/bootstrap/index.js"],"sourcesContent":["'use strict';\n\n/**\n * An asynchronous bootstrap function that runs before\n * your application gets started.\n *\n * This gives you an opportunity to set up your data model,\n * run jobs, or perform some special logic.\n */\nconst crypto = require('crypto');\nconst _ = require('lodash');\nconst { getService } = require('../utils');\nconst usersPermissionsActions = require('./users-permissions-actions');\nconst {\n DEFAULT_ACCESS_TOKEN_LIFESPAN,\n DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN,\n DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN,\n DEFAULT_MAX_SESSION_LIFESPAN,\n DEFAULT_IDLE_SESSION_LIFESPAN,\n} = require('../services/constants');\n\nconst getSessionManager = () => {\n const manager = strapi.sessionManager;\n return manager ?? null;\n};\n\nconst initGrant = async (pluginStore) => {\n const allProviders = getService('providers-registry').getAll();\n\n const grantConfig = Object.entries(allProviders).reduce((acc, [name, provider]) => {\n const { icon, enabled, grantConfig } = provider;\n\n acc[name] = {\n icon,\n enabled,\n ...grantConfig,\n };\n return acc;\n }, {});\n\n const prevGrantConfig = (await pluginStore.get({ key: 'grant' })) || {};\n\n if (!prevGrantConfig || !_.isEqual(prevGrantConfig, grantConfig)) {\n // merge with the previous provider config.\n _.keys(grantConfig).forEach((key) => {\n if (key in prevGrantConfig) {\n grantConfig[key] = _.merge(grantConfig[key], prevGrantConfig[key]);\n }\n });\n await pluginStore.set({ key: 'grant', value: grantConfig });\n }\n};\n\nconst initEmails = async (pluginStore) => {\n if (!(await pluginStore.get({ key: 'email' }))) {\n const value = {\n reset_password: {\n display: 'Email.template.reset_password',\n icon: 'sync',\n options: {\n from: {\n name: 'Administration Panel',\n email: 'no-reply@strapi.io',\n },\n response_email: '',\n object: 'Reset password',\n message: `<p>We heard that you lost your password. Sorry about that!</p>\n\n<p>But don’t worry! You can use the following link to reset your password:</p>\n<p><%= URL %>?code=<%= TOKEN %></p>\n\n<p>Thanks.</p>`,\n },\n },\n email_confirmation: {\n display: 'Email.template.email_confirmation',\n icon: 'check-square',\n options: {\n from: {\n name: 'Administration Panel',\n email: 'no-reply@strapi.io',\n },\n response_email: '',\n object: 'Account confirmation',\n message: `<p>Thank you for registering!</p>\n\n<p>You have to confirm your email address. Please click on the link below.</p>\n\n<p><%= URL %>?confirmation=<%= CODE %></p>\n\n<p>Thanks.</p>`,\n },\n },\n };\n\n await pluginStore.set({ key: 'email', value });\n }\n};\n\nconst initAdvancedOptions = async (pluginStore) => {\n if (!(await pluginStore.get({ key: 'advanced' }))) {\n const value = {\n unique_email: true,\n allow_register: true,\n email_confirmation: false,\n email_reset_password: null,\n email_confirmation_redirection: null,\n default_role: 'authenticated',\n };\n\n await pluginStore.set({ key: 'advanced', value });\n }\n};\n\nmodule.exports = async ({ strapi }) => {\n const pluginStore = strapi.store({ type: 'plugin', name: 'users-permissions' });\n\n await initGrant(pluginStore);\n await initEmails(pluginStore);\n await initAdvancedOptions(pluginStore);\n\n await strapi\n .service('admin::permission')\n .actionProvider.registerMany(usersPermissionsActions.actions);\n\n await getService('users-permissions').initialize();\n\n // Define users-permissions origin configuration for sessionManager\n const upConfig = strapi.config.get('plugin::users-permissions');\n const sessionManager = getSessionManager();\n\n if (sessionManager) {\n sessionManager.defineOrigin('users-permissions', {\n jwtSecret: upConfig.jwtSecret || strapi.config.get('admin.auth.secret'),\n accessTokenLifespan: upConfig.sessions?.accessTokenLifespan || DEFAULT_ACCESS_TOKEN_LIFESPAN,\n maxRefreshTokenLifespan:\n upConfig.sessions?.maxRefreshTokenLifespan || DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN,\n idleRefreshTokenLifespan:\n upConfig.sessions?.idleRefreshTokenLifespan || DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN,\n maxSessionLifespan: upConfig.sessions?.maxSessionLifespan || DEFAULT_MAX_SESSION_LIFESPAN,\n idleSessionLifespan: upConfig.sessions?.idleSessionLifespan || DEFAULT_IDLE_SESSION_LIFESPAN,\n });\n }\n\n if (!strapi.config.get('plugin::users-permissions.jwtSecret')) {\n if (process.env.NODE_ENV !== 'development') {\n throw new Error(\n `Missing jwtSecret. Please, set configuration variable \"jwtSecret\" for the users-permissions plugin in config/plugins.js (ex: you can generate one using Node with \\`crypto.randomBytes(16).toString('base64')\\`).\nFor security reasons, prefer storing the secret in an environment variable and read it in config/plugins.js. See https://docs.strapi.io/developer-docs/latest/setup-deployment-guides/configurations/optional/environment.html#configuration-using-environment-variables.`\n );\n }\n\n const jwtSecret = crypto.randomBytes(16).toString('base64');\n\n strapi.config.set('plugin::users-permissions.jwtSecret', jwtSecret);\n\n if (!process.env.JWT_SECRET) {\n const envPath = process.env.ENV_PATH || '.env';\n strapi.fs.appendFile(envPath, `JWT_SECRET=${jwtSecret}\\n`);\n strapi.log.info(\n `The Users & Permissions plugin automatically generated a jwt secret and stored it in ${envPath} under the name JWT_SECRET.`\n );\n }\n }\n};\n"],"names":["crypto","require$$0","_","require$$1","getService","require$$2","usersPermissionsActions","require$$3","DEFAULT_ACCESS_TOKEN_LIFESPAN","DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN","DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN","DEFAULT_MAX_SESSION_LIFESPAN","DEFAULT_IDLE_SESSION_LIFESPAN","require$$4","getSessionManager","manager","strapi","sessionManager","initGrant","pluginStore","allProviders","getAll","grantConfig","Object","entries","reduce","acc","name","provider","icon","enabled","prevGrantConfig","get","key","isEqual","keys","forEach","merge","set","value","initEmails","reset_password","display","options","from","email","response_email","object","message","email_confirmation","initAdvancedOptions","unique_email","allow_register","email_reset_password","email_confirmation_redirection","default_role","bootstrap","store","type","service","actionProvider","registerMany","actions","initialize","upConfig","config","defineOrigin","jwtSecret","accessTokenLifespan","sessions","maxRefreshTokenLifespan","idleRefreshTokenLifespan","maxSessionLifespan","idleSessionLifespan","process","env","NODE_ENV","Error","randomBytes","toString","JWT_SECRET","envPath","ENV_PATH","fs","appendFile","log","info"],"mappings":";;;;;;;;;;;AAEA;;;;;;AAMA,KACA,MAAMA,MAASC,GAAAA,UAAAA;AACf,IAAA,MAAMC,CAAIC,GAAAA,YAAAA;IACV,MAAM,EAAEC,UAAU,EAAE,GAAGC,YAAAA,EAAAA;AACvB,IAAA,MAAMC,uBAA0BC,GAAAA,8BAAAA,EAAAA;IAChC,MAAM,EACJC,6BAA6B,EAC7BC,kCAAkC,EAClCC,mCAAmC,EACnCC,4BAA4B,EAC5BC,6BAA6B,EAC9B,GAAGC,gBAAAA,EAAAA;AAEJ,IAAA,MAAMC,iBAAoB,GAAA,IAAA;QACxB,MAAMC,OAAAA,GAAUC,OAAOC,cAAc;AACrC,QAAA,OAAOF,OAAW,IAAA,IAAA;AACpB,KAAA;AAEA,IAAA,MAAMG,YAAY,OAAOC,WAAAA,GAAAA;QACvB,MAAMC,YAAAA,GAAehB,UAAW,CAAA,oBAAA,CAAA,CAAsBiB,MAAM,EAAA;QAE5D,MAAMC,WAAAA,GAAcC,MAAOC,CAAAA,OAAO,CAACJ,YAAAA,CAAAA,CAAcK,MAAM,CAAC,CAACC,GAAAA,EAAK,CAACC,IAAAA,EAAMC,QAAS,CAAA,GAAA;AAC5E,YAAA,MAAM,EAAEC,IAAI,EAAEC,OAAO,EAAER,WAAW,EAAE,GAAGM,QAAAA;YAEvCF,GAAG,CAACC,KAAK,GAAG;AACVE,gBAAAA,IAAAA;AACAC,gBAAAA,OAAAA;AACA,gBAAA,GAAGR;AACT,aAAA;YACI,OAAOI,GAAAA;AACR,SAAA,EAAE,EAAE,CAAA;AAEL,QAAA,MAAMK,eAAkB,GAAC,MAAMZ,WAAAA,CAAYa,GAAG,CAAC;YAAEC,GAAK,EAAA;cAAe;AAErE,QAAA,IAAI,CAACF,eAAmB,IAAA,CAAC7B,EAAEgC,OAAO,CAACH,iBAAiBT,WAAc,CAAA,EAAA;;AAEhEpB,YAAAA,CAAAA,CAAEiC,IAAI,CAACb,WAAac,CAAAA,CAAAA,OAAO,CAAC,CAACH,GAAAA,GAAAA;AAC3B,gBAAA,IAAIA,OAAOF,eAAiB,EAAA;AAC1BT,oBAAAA,WAAW,CAACW,GAAAA,CAAI,GAAG/B,CAAAA,CAAEmC,KAAK,CAACf,WAAW,CAACW,GAAI,CAAA,EAAEF,eAAe,CAACE,GAAI,CAAA,CAAA;AAClE;AACP,aAAA,CAAA;YACI,MAAMd,WAAAA,CAAYmB,GAAG,CAAC;gBAAEL,GAAK,EAAA,OAAA;gBAASM,KAAOjB,EAAAA;AAAW,aAAA,CAAA;AACzD;AACH,KAAA;AAEA,IAAA,MAAMkB,aAAa,OAAOrB,WAAAA,GAAAA;AACxB,QAAA,IAAI,CAAE,MAAMA,WAAYa,CAAAA,GAAG,CAAC;YAAEC,GAAK,EAAA;SAAa,CAAA,EAAA;AAC9C,YAAA,MAAMM,KAAQ,GAAA;gBACZE,cAAgB,EAAA;oBACdC,OAAS,EAAA,+BAAA;oBACTb,IAAM,EAAA,MAAA;oBACNc,OAAS,EAAA;wBACPC,IAAM,EAAA;4BACJjB,IAAM,EAAA,sBAAA;4BACNkB,KAAO,EAAA;AACR,yBAAA;wBACDC,cAAgB,EAAA,EAAA;wBAChBC,MAAQ,EAAA,gBAAA;AACRC,wBAAAA,OAAAA,EAAS,CAAC;;;;;cAKN;AACL;AACF,iBAAA;gBACDC,kBAAoB,EAAA;oBAClBP,OAAS,EAAA,mCAAA;oBACTb,IAAM,EAAA,cAAA;oBACNc,OAAS,EAAA;wBACPC,IAAM,EAAA;4BACJjB,IAAM,EAAA,sBAAA;4BACNkB,KAAO,EAAA;AACR,yBAAA;wBACDC,cAAgB,EAAA,EAAA;wBAChBC,MAAQ,EAAA,sBAAA;AACRC,wBAAAA,OAAAA,EAAS,CAAC;;;;;;cAMN;AACL;AACF;AACP,aAAA;YAEI,MAAM7B,WAAAA,CAAYmB,GAAG,CAAC;gBAAEL,GAAK,EAAA,OAAA;AAASM,gBAAAA;AAAK,aAAA,CAAA;AAC5C;AACH,KAAA;AAEA,IAAA,MAAMW,sBAAsB,OAAO/B,WAAAA,GAAAA;AACjC,QAAA,IAAI,CAAE,MAAMA,WAAYa,CAAAA,GAAG,CAAC;YAAEC,GAAK,EAAA;SAAgB,CAAA,EAAA;AACjD,YAAA,MAAMM,KAAQ,GAAA;gBACZY,YAAc,EAAA,IAAA;gBACdC,cAAgB,EAAA,IAAA;gBAChBH,kBAAoB,EAAA,KAAA;gBACpBI,oBAAsB,EAAA,IAAA;gBACtBC,8BAAgC,EAAA,IAAA;gBAChCC,YAAc,EAAA;AACpB,aAAA;YAEI,MAAMpC,WAAAA,CAAYmB,GAAG,CAAC;gBAAEL,GAAK,EAAA,UAAA;AAAYM,gBAAAA;AAAK,aAAA,CAAA;AAC/C;AACH,KAAA;AAEAiB,IAAAA,SAAAA,GAAiB,OAAO,EAAExC,MAAAA,EAAAA,OAAM,EAAE,GAAA;QAChC,MAAMG,WAAAA,GAAcH,OAAOyC,CAAAA,KAAK,CAAC;YAAEC,IAAM,EAAA,QAAA;YAAU/B,IAAM,EAAA;AAAmB,SAAA,CAAA;AAE5E,QAAA,MAAMT,SAAUC,CAAAA,WAAAA,CAAAA;AAChB,QAAA,MAAMqB,UAAWrB,CAAAA,WAAAA,CAAAA;AACjB,QAAA,MAAM+B,mBAAoB/B,CAAAA,WAAAA,CAAAA;QAE1B,MAAMH,OAAAA,CACH2C,OAAO,CAAC,mBAAA,CAAA,CACRC,cAAc,CAACC,YAAY,CAACvD,uBAAAA,CAAwBwD,OAAO,CAAA;QAE9D,MAAM1D,UAAAA,CAAW,qBAAqB2D,UAAU,EAAA;;AAGhD,QAAA,MAAMC,QAAWhD,GAAAA,OAAAA,CAAOiD,MAAM,CAACjC,GAAG,CAAC,2BAAA,CAAA;AACnC,QAAA,MAAMf,cAAiBH,GAAAA,iBAAAA,EAAAA;AAEvB,QAAA,IAAIG,cAAgB,EAAA;YAClBA,cAAeiD,CAAAA,YAAY,CAAC,mBAAqB,EAAA;AAC/CC,gBAAAA,SAAAA,EAAWH,SAASG,SAAS,IAAInD,QAAOiD,MAAM,CAACjC,GAAG,CAAC,mBAAA,CAAA;gBACnDoC,mBAAqBJ,EAAAA,QAAAA,CAASK,QAAQ,EAAED,mBAAuB5D,IAAAA,6BAAAA;gBAC/D8D,uBACEN,EAAAA,QAAAA,CAASK,QAAQ,EAAEC,uBAA2B7D,IAAAA,kCAAAA;gBAChD8D,wBACEP,EAAAA,QAAAA,CAASK,QAAQ,EAAEE,wBAA4B7D,IAAAA,mCAAAA;gBACjD8D,kBAAoBR,EAAAA,QAAAA,CAASK,QAAQ,EAAEG,kBAAsB7D,IAAAA,4BAAAA;gBAC7D8D,mBAAqBT,EAAAA,QAAAA,CAASK,QAAQ,EAAEI,mBAAuB7D,IAAAA;AACrE,aAAA,CAAA;AACG;AAED,QAAA,IAAI,CAACI,OAAOiD,CAAAA,MAAM,CAACjC,GAAG,CAAC,qCAAwC,CAAA,EAAA;AAC7D,YAAA,IAAI0C,OAAQC,CAAAA,GAAG,CAACC,QAAQ,KAAK,aAAe,EAAA;gBAC1C,MAAM,IAAIC,MACR,CAAC;yQACgQ,CAAC,CAAA;AAErQ;AAED,YAAA,MAAMV,YAAYnE,MAAO8E,CAAAA,WAAW,CAAC,EAAA,CAAA,CAAIC,QAAQ,CAAC,QAAA,CAAA;AAElD/D,YAAAA,OAAAA,CAAOiD,MAAM,CAAC3B,GAAG,CAAC,qCAAuC6B,EAAAA,SAAAA,CAAAA;AAEzD,YAAA,IAAI,CAACO,OAAAA,CAAQC,GAAG,CAACK,UAAU,EAAE;AAC3B,gBAAA,MAAMC,OAAUP,GAAAA,OAAAA,CAAQC,GAAG,CAACO,QAAQ,IAAI,MAAA;gBACxClE,OAAOmE,CAAAA,EAAE,CAACC,UAAU,CAACH,OAAAA,EAAS,CAAC,WAAW,EAAEd,SAAU,CAAA,EAAE,CAAC,CAAA;gBACzDnD,OAAOqE,CAAAA,GAAG,CAACC,IAAI,CACb,CAAC,qFAAqF,EAAEL,OAAQ,CAAA,2BAA2B,CAAC,CAAA;AAE/H;AACF;AACH,KAAA;;;;;;"}
package/dist/server/config.js CHANGED
@@ -1,16 +1,32 @@
1
1
  'use strict';
2
2
 
3
+ var constants = require('./services/constants.js');
4
+
3
5
  var config;
4
6
  var hasRequiredConfig;
5
7
  function requireConfig() {
6
8
  if (hasRequiredConfig) return config;
7
9
  hasRequiredConfig = 1;
10
+ const { DEFAULT_ACCESS_TOKEN_LIFESPAN, DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN, DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN, DEFAULT_MAX_SESSION_LIFESPAN, DEFAULT_IDLE_SESSION_LIFESPAN } = constants.__require();
8
11
  config = {
9
12
  default: ({ env })=>({
10
13
  jwtSecret: env('JWT_SECRET'),
11
14
  jwt: {
12
15
  expiresIn: '30d'
13
16
  },
17
+ /**
18
+ * JWT management mode for the Content API authentication
19
+ * - "legacy-support": use plugin JWTs (backward compatible)
20
+ * - "refresh": use SessionManager (access/refresh tokens)
21
+ */ jwtManagement: 'legacy-support',
22
+ sessions: {
23
+ accessTokenLifespan: DEFAULT_ACCESS_TOKEN_LIFESPAN,
24
+ maxRefreshTokenLifespan: DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN,
25
+ idleRefreshTokenLifespan: DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN,
26
+ maxSessionLifespan: DEFAULT_MAX_SESSION_LIFESPAN,
27
+ idleSessionLifespan: DEFAULT_IDLE_SESSION_LIFESPAN,
28
+ httpOnly: false
29
+ },
14
30
  ratelimit: {
15
31
  interval: 60000,
16
32
  max: 10
package/dist/server/config.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"config.js","sources":["../../server/config.js"],"sourcesContent":["'use strict';\n\nmodule.exports = {\n default: ({ env }) => ({\n jwtSecret: env('JWT_SECRET'),\n jwt: {\n expiresIn: '30d',\n },\n ratelimit: {\n interval: 60000,\n max: 10,\n },\n layout: {\n user: {\n actions: {\n create: 'contentManagerUser.create', // Use the User plugin's controller.\n update: 'contentManagerUser.update',\n },\n },\n },\n callback: {\n validate(callback, provider) {\n let uCallback;\n let uProviderCallback;\n\n try {\n uCallback = new URL(callback);\n uProviderCallback = new URL(provider.callback);\n } catch {\n throw new Error('The callback is not a valid URL');\n }\n\n // Make sure the different origin matches\n if (uCallback.origin !== uProviderCallback.origin) {\n throw new Error(\n `Forbidden callback provided: origins don't match. Please verify your config.`\n );\n }\n\n // Make sure the different pathname matches\n if (uCallback.pathname !== uProviderCallback.pathname) {\n throw new Error(\n `Forbidden callback provided: pathname don't match. Please verify your config.`\n );\n }\n\n // NOTE: We're not checking the search parameters on purpose to allow passing different states\n },\n },\n }),\n validator() {},\n};\n"],"names":["config","default","env","jwtSecret","jwt","expiresIn","ratelimit","interval","max","layout","user","actions","create","update","callback","validate","provider","uCallback","uProviderCallback","URL","Error","origin","pathname","validator"],"mappings":";;;;;;;IAEAA,MAAiB,GAAA;AACfC,QAAAA,OAAAA,EAAS,CAAC,EAAEC,GAAG,EAAE,IAAM;AACrBC,gBAAAA,SAAAA,EAAWD,GAAI,CAAA,YAAA,CAAA;gBACfE,GAAK,EAAA;oBACHC,SAAW,EAAA;AACZ,iBAAA;gBACDC,SAAW,EAAA;oBACTC,QAAU,EAAA,KAAA;oBACVC,GAAK,EAAA;AACN,iBAAA;gBACDC,MAAQ,EAAA;oBACNC,IAAM,EAAA;wBACJC,OAAS,EAAA;4BACPC,MAAQ,EAAA,2BAAA;4BACRC,MAAQ,EAAA;AACT;AACF;AACF,iBAAA;gBACDC,QAAU,EAAA;oBACRC,QAASD,CAAAA,CAAAA,QAAQ,EAAEE,QAAQ,EAAA;wBACzB,IAAIC,SAAAA;wBACJ,IAAIC,iBAAAA;wBAEJ,IAAI;AACFD,4BAAAA,SAAAA,GAAY,IAAIE,GAAIL,CAAAA,QAAAA,CAAAA;4BACpBI,iBAAoB,GAAA,IAAIC,GAAIH,CAAAA,QAAAA,CAASF,QAAQ,CAAA;AACvD,yBAAA,CAAU,OAAM;AACN,4BAAA,MAAM,IAAIM,KAAM,CAAA,iCAAA,CAAA;AACjB;;AAGD,wBAAA,IAAIH,SAAUI,CAAAA,MAAM,KAAKH,iBAAAA,CAAkBG,MAAM,EAAE;AACjD,4BAAA,MAAM,IAAID,KAAAA,CACR,CAAC,4EAA4E,CAAC,CAAA;AAEjF;;AAGD,wBAAA,IAAIH,SAAUK,CAAAA,QAAQ,KAAKJ,iBAAAA,CAAkBI,QAAQ,EAAE;AACrD,4BAAA,MAAM,IAAIF,KAAAA,CACR,CAAC,6EAA6E,CAAC,CAAA;AAElF;;AAGF;AACF;aACL,CAAA;QACEG,SAAc,CAAA,GAAA;AAChB,KAAA;;;;;;"}
1
+ {"version":3,"file":"config.js","sources":["../../server/config.js"],"sourcesContent":["'use strict';\n\nconst {\n DEFAULT_ACCESS_TOKEN_LIFESPAN,\n DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN,\n DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN,\n DEFAULT_MAX_SESSION_LIFESPAN,\n DEFAULT_IDLE_SESSION_LIFESPAN,\n} = require('./services/constants');\n\nmodule.exports = {\n default: ({ env }) => ({\n jwtSecret: env('JWT_SECRET'),\n jwt: {\n expiresIn: '30d',\n },\n /**\n * JWT management mode for the Content API authentication\n * - \"legacy-support\": use plugin JWTs (backward compatible)\n * - \"refresh\": use SessionManager (access/refresh tokens)\n */\n jwtManagement: 'legacy-support',\n sessions: {\n accessTokenLifespan: DEFAULT_ACCESS_TOKEN_LIFESPAN,\n maxRefreshTokenLifespan: DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN,\n idleRefreshTokenLifespan: DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN,\n maxSessionLifespan: DEFAULT_MAX_SESSION_LIFESPAN,\n idleSessionLifespan: DEFAULT_IDLE_SESSION_LIFESPAN,\n httpOnly: false,\n },\n ratelimit: {\n interval: 60000,\n max: 10,\n },\n layout: {\n user: {\n actions: {\n create: 'contentManagerUser.create', // Use the User plugin's controller.\n update: 'contentManagerUser.update',\n },\n },\n },\n callback: {\n validate(callback, provider) {\n let uCallback;\n let uProviderCallback;\n\n try {\n uCallback = new URL(callback);\n uProviderCallback = new URL(provider.callback);\n } catch {\n throw new Error('The callback is not a valid URL');\n }\n\n // Make sure the different origin matches\n if (uCallback.origin !== uProviderCallback.origin) {\n throw new Error(\n `Forbidden callback provided: origins don't match. Please verify your config.`\n );\n }\n\n // Make sure the different pathname matches\n if (uCallback.pathname !== uProviderCallback.pathname) {\n throw new Error(\n `Forbidden callback provided: pathname don't match. Please verify your config.`\n );\n }\n\n // NOTE: We're not checking the search parameters on purpose to allow passing different states\n },\n },\n }),\n validator() {},\n};\n"],"names":["DEFAULT_ACCESS_TOKEN_LIFESPAN","DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN","DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN","DEFAULT_MAX_SESSION_LIFESPAN","DEFAULT_IDLE_SESSION_LIFESPAN","require$$0","config","default","env","jwtSecret","jwt","expiresIn","jwtManagement","sessions","accessTokenLifespan","maxRefreshTokenLifespan","idleRefreshTokenLifespan","maxSessionLifespan","idleSessionLifespan","httpOnly","ratelimit","interval","max","layout","user","actions","create","update","callback","validate","provider","uCallback","uProviderCallback","URL","Error","origin","pathname","validator"],"mappings":";;;;;;;;;IAEA,MAAM,EACJA,6BAA6B,EAC7BC,kCAAkC,EAClCC,mCAAmC,EACnCC,4BAA4B,EAC5BC,6BAA6B,EAC9B,GAAGC,mBAAAA,EAAAA;IAEJC,MAAiB,GAAA;AACfC,QAAAA,OAAAA,EAAS,CAAC,EAAEC,GAAG,EAAE,IAAM;AACrBC,gBAAAA,SAAAA,EAAWD,GAAI,CAAA,YAAA,CAAA;gBACfE,GAAK,EAAA;oBACHC,SAAW,EAAA;AACZ,iBAAA;AACL;;;;AAIA,SACIC,aAAe,EAAA,gBAAA;gBACfC,QAAU,EAAA;oBACRC,mBAAqBd,EAAAA,6BAAAA;oBACrBe,uBAAyBd,EAAAA,kCAAAA;oBACzBe,wBAA0Bd,EAAAA,mCAAAA;oBAC1Be,kBAAoBd,EAAAA,4BAAAA;oBACpBe,mBAAqBd,EAAAA,6BAAAA;oBACrBe,QAAU,EAAA;AACX,iBAAA;gBACDC,SAAW,EAAA;oBACTC,QAAU,EAAA,KAAA;oBACVC,GAAK,EAAA;AACN,iBAAA;gBACDC,MAAQ,EAAA;oBACNC,IAAM,EAAA;wBACJC,OAAS,EAAA;4BACPC,MAAQ,EAAA,2BAAA;4BACRC,MAAQ,EAAA;AACT;AACF;AACF,iBAAA;gBACDC,QAAU,EAAA;oBACRC,QAASD,CAAAA,CAAAA,QAAQ,EAAEE,QAAQ,EAAA;wBACzB,IAAIC,SAAAA;wBACJ,IAAIC,iBAAAA;wBAEJ,IAAI;AACFD,4BAAAA,SAAAA,GAAY,IAAIE,GAAIL,CAAAA,QAAAA,CAAAA;4BACpBI,iBAAoB,GAAA,IAAIC,GAAIH,CAAAA,QAAAA,CAASF,QAAQ,CAAA;AACvD,yBAAA,CAAU,OAAM;AACN,4BAAA,MAAM,IAAIM,KAAM,CAAA,iCAAA,CAAA;AACjB;;AAGD,wBAAA,IAAIH,SAAUI,CAAAA,MAAM,KAAKH,iBAAAA,CAAkBG,MAAM,EAAE;AACjD,4BAAA,MAAM,IAAID,KAAAA,CACR,CAAC,4EAA4E,CAAC,CAAA;AAEjF;;AAGD,wBAAA,IAAIH,SAAUK,CAAAA,QAAQ,KAAKJ,iBAAAA,CAAkBI,QAAQ,EAAE;AACrD,4BAAA,MAAM,IAAIF,KAAAA,CACR,CAAC,6EAA6E,CAAC,CAAA;AAElF;;AAGF;AACF;aACL,CAAA;QACEG,SAAc,CAAA,GAAA;AAChB,KAAA;;;;;;"}
package/dist/server/config.mjs CHANGED
@@ -1,14 +1,30 @@
1
+ import { __require as requireConstants } from './services/constants.mjs';
2
+
1
3
  var config;
2
4
  var hasRequiredConfig;
3
5
  function requireConfig() {
4
6
  if (hasRequiredConfig) return config;
5
7
  hasRequiredConfig = 1;
8
+ const { DEFAULT_ACCESS_TOKEN_LIFESPAN, DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN, DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN, DEFAULT_MAX_SESSION_LIFESPAN, DEFAULT_IDLE_SESSION_LIFESPAN } = requireConstants();
6
9
  config = {
7
10
  default: ({ env })=>({
8
11
  jwtSecret: env('JWT_SECRET'),
9
12
  jwt: {
10
13
  expiresIn: '30d'
11
14
  },
15
+ /**
16
+ * JWT management mode for the Content API authentication
17
+ * - "legacy-support": use plugin JWTs (backward compatible)
18
+ * - "refresh": use SessionManager (access/refresh tokens)
19
+ */ jwtManagement: 'legacy-support',
20
+ sessions: {
21
+ accessTokenLifespan: DEFAULT_ACCESS_TOKEN_LIFESPAN,
22
+ maxRefreshTokenLifespan: DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN,
23
+ idleRefreshTokenLifespan: DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN,
24
+ maxSessionLifespan: DEFAULT_MAX_SESSION_LIFESPAN,
25
+ idleSessionLifespan: DEFAULT_IDLE_SESSION_LIFESPAN,
26
+ httpOnly: false
27
+ },
12
28
  ratelimit: {
13
29
  interval: 60000,
14
30
  max: 10
package/dist/server/config.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"config.mjs","sources":["../../server/config.js"],"sourcesContent":["'use strict';\n\nmodule.exports = {\n default: ({ env }) => ({\n jwtSecret: env('JWT_SECRET'),\n jwt: {\n expiresIn: '30d',\n },\n ratelimit: {\n interval: 60000,\n max: 10,\n },\n layout: {\n user: {\n actions: {\n create: 'contentManagerUser.create', // Use the User plugin's controller.\n update: 'contentManagerUser.update',\n },\n },\n },\n callback: {\n validate(callback, provider) {\n let uCallback;\n let uProviderCallback;\n\n try {\n uCallback = new URL(callback);\n uProviderCallback = new URL(provider.callback);\n } catch {\n throw new Error('The callback is not a valid URL');\n }\n\n // Make sure the different origin matches\n if (uCallback.origin !== uProviderCallback.origin) {\n throw new Error(\n `Forbidden callback provided: origins don't match. Please verify your config.`\n );\n }\n\n // Make sure the different pathname matches\n if (uCallback.pathname !== uProviderCallback.pathname) {\n throw new Error(\n `Forbidden callback provided: pathname don't match. Please verify your config.`\n );\n }\n\n // NOTE: We're not checking the search parameters on purpose to allow passing different states\n },\n },\n }),\n validator() {},\n};\n"],"names":["config","default","env","jwtSecret","jwt","expiresIn","ratelimit","interval","max","layout","user","actions","create","update","callback","validate","provider","uCallback","uProviderCallback","URL","Error","origin","pathname","validator"],"mappings":";;;;;IAEAA,MAAiB,GAAA;AACfC,QAAAA,OAAAA,EAAS,CAAC,EAAEC,GAAG,EAAE,IAAM;AACrBC,gBAAAA,SAAAA,EAAWD,GAAI,CAAA,YAAA,CAAA;gBACfE,GAAK,EAAA;oBACHC,SAAW,EAAA;AACZ,iBAAA;gBACDC,SAAW,EAAA;oBACTC,QAAU,EAAA,KAAA;oBACVC,GAAK,EAAA;AACN,iBAAA;gBACDC,MAAQ,EAAA;oBACNC,IAAM,EAAA;wBACJC,OAAS,EAAA;4BACPC,MAAQ,EAAA,2BAAA;4BACRC,MAAQ,EAAA;AACT;AACF;AACF,iBAAA;gBACDC,QAAU,EAAA;oBACRC,QAASD,CAAAA,CAAAA,QAAQ,EAAEE,QAAQ,EAAA;wBACzB,IAAIC,SAAAA;wBACJ,IAAIC,iBAAAA;wBAEJ,IAAI;AACFD,4BAAAA,SAAAA,GAAY,IAAIE,GAAIL,CAAAA,QAAAA,CAAAA;4BACpBI,iBAAoB,GAAA,IAAIC,GAAIH,CAAAA,QAAAA,CAASF,QAAQ,CAAA;AACvD,yBAAA,CAAU,OAAM;AACN,4BAAA,MAAM,IAAIM,KAAM,CAAA,iCAAA,CAAA;AACjB;;AAGD,wBAAA,IAAIH,SAAUI,CAAAA,MAAM,KAAKH,iBAAAA,CAAkBG,MAAM,EAAE;AACjD,4BAAA,MAAM,IAAID,KAAAA,CACR,CAAC,4EAA4E,CAAC,CAAA;AAEjF;;AAGD,wBAAA,IAAIH,SAAUK,CAAAA,QAAQ,KAAKJ,iBAAAA,CAAkBI,QAAQ,EAAE;AACrD,4BAAA,MAAM,IAAIF,KAAAA,CACR,CAAC,6EAA6E,CAAC,CAAA;AAElF;;AAGF;AACF;aACL,CAAA;QACEG,SAAc,CAAA,GAAA;AAChB,KAAA;;;;;;"}
1
+ {"version":3,"file":"config.mjs","sources":["../../server/config.js"],"sourcesContent":["'use strict';\n\nconst {\n DEFAULT_ACCESS_TOKEN_LIFESPAN,\n DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN,\n DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN,\n DEFAULT_MAX_SESSION_LIFESPAN,\n DEFAULT_IDLE_SESSION_LIFESPAN,\n} = require('./services/constants');\n\nmodule.exports = {\n default: ({ env }) => ({\n jwtSecret: env('JWT_SECRET'),\n jwt: {\n expiresIn: '30d',\n },\n /**\n * JWT management mode for the Content API authentication\n * - \"legacy-support\": use plugin JWTs (backward compatible)\n * - \"refresh\": use SessionManager (access/refresh tokens)\n */\n jwtManagement: 'legacy-support',\n sessions: {\n accessTokenLifespan: DEFAULT_ACCESS_TOKEN_LIFESPAN,\n maxRefreshTokenLifespan: DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN,\n idleRefreshTokenLifespan: DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN,\n maxSessionLifespan: DEFAULT_MAX_SESSION_LIFESPAN,\n idleSessionLifespan: DEFAULT_IDLE_SESSION_LIFESPAN,\n httpOnly: false,\n },\n ratelimit: {\n interval: 60000,\n max: 10,\n },\n layout: {\n user: {\n actions: {\n create: 'contentManagerUser.create', // Use the User plugin's controller.\n update: 'contentManagerUser.update',\n },\n },\n },\n callback: {\n validate(callback, provider) {\n let uCallback;\n let uProviderCallback;\n\n try {\n uCallback = new URL(callback);\n uProviderCallback = new URL(provider.callback);\n } catch {\n throw new Error('The callback is not a valid URL');\n }\n\n // Make sure the different origin matches\n if (uCallback.origin !== uProviderCallback.origin) {\n throw new Error(\n `Forbidden callback provided: origins don't match. Please verify your config.`\n );\n }\n\n // Make sure the different pathname matches\n if (uCallback.pathname !== uProviderCallback.pathname) {\n throw new Error(\n `Forbidden callback provided: pathname don't match. Please verify your config.`\n );\n }\n\n // NOTE: We're not checking the search parameters on purpose to allow passing different states\n },\n },\n }),\n validator() {},\n};\n"],"names":["DEFAULT_ACCESS_TOKEN_LIFESPAN","DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN","DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN","DEFAULT_MAX_SESSION_LIFESPAN","DEFAULT_IDLE_SESSION_LIFESPAN","require$$0","config","default","env","jwtSecret","jwt","expiresIn","jwtManagement","sessions","accessTokenLifespan","maxRefreshTokenLifespan","idleRefreshTokenLifespan","maxSessionLifespan","idleSessionLifespan","httpOnly","ratelimit","interval","max","layout","user","actions","create","update","callback","validate","provider","uCallback","uProviderCallback","URL","Error","origin","pathname","validator"],"mappings":";;;;;;;IAEA,MAAM,EACJA,6BAA6B,EAC7BC,kCAAkC,EAClCC,mCAAmC,EACnCC,4BAA4B,EAC5BC,6BAA6B,EAC9B,GAAGC,gBAAAA,EAAAA;IAEJC,MAAiB,GAAA;AACfC,QAAAA,OAAAA,EAAS,CAAC,EAAEC,GAAG,EAAE,IAAM;AACrBC,gBAAAA,SAAAA,EAAWD,GAAI,CAAA,YAAA,CAAA;gBACfE,GAAK,EAAA;oBACHC,SAAW,EAAA;AACZ,iBAAA;AACL;;;;AAIA,SACIC,aAAe,EAAA,gBAAA;gBACfC,QAAU,EAAA;oBACRC,mBAAqBd,EAAAA,6BAAAA;oBACrBe,uBAAyBd,EAAAA,kCAAAA;oBACzBe,wBAA0Bd,EAAAA,mCAAAA;oBAC1Be,kBAAoBd,EAAAA,4BAAAA;oBACpBe,mBAAqBd,EAAAA,6BAAAA;oBACrBe,QAAU,EAAA;AACX,iBAAA;gBACDC,SAAW,EAAA;oBACTC,QAAU,EAAA,KAAA;oBACVC,GAAK,EAAA;AACN,iBAAA;gBACDC,MAAQ,EAAA;oBACNC,IAAM,EAAA;wBACJC,OAAS,EAAA;4BACPC,MAAQ,EAAA,2BAAA;4BACRC,MAAQ,EAAA;AACT;AACF;AACF,iBAAA;gBACDC,QAAU,EAAA;oBACRC,QAASD,CAAAA,CAAAA,QAAQ,EAAEE,QAAQ,EAAA;wBACzB,IAAIC,SAAAA;wBACJ,IAAIC,iBAAAA;wBAEJ,IAAI;AACFD,4BAAAA,SAAAA,GAAY,IAAIE,GAAIL,CAAAA,QAAAA,CAAAA;4BACpBI,iBAAoB,GAAA,IAAIC,GAAIH,CAAAA,QAAAA,CAASF,QAAQ,CAAA;AACvD,yBAAA,CAAU,OAAM;AACN,4BAAA,MAAM,IAAIM,KAAM,CAAA,iCAAA,CAAA;AACjB;;AAGD,wBAAA,IAAIH,SAAUI,CAAAA,MAAM,KAAKH,iBAAAA,CAAkBG,MAAM,EAAE;AACjD,4BAAA,MAAM,IAAID,KAAAA,CACR,CAAC,4EAA4E,CAAC,CAAA;AAEjF;;AAGD,wBAAA,IAAIH,SAAUK,CAAAA,QAAQ,KAAKJ,iBAAAA,CAAkBI,QAAQ,EAAE;AACrD,4BAAA,MAAM,IAAIF,KAAAA,CACR,CAAC,6EAA6E,CAAC,CAAA;AAElF;;AAGF;AACF;aACL,CAAA;QACEG,SAAc,CAAA,GAAA;AAChB,KAAA;;;;;;"}
package/dist/server/controllers/auth.js CHANGED
@@ -31,6 +31,10 @@ function requireAuth() {
31
31
  auth
32
32
  });
33
33
  };
34
+ const extractDeviceId = (requestBody)=>{
35
+ const { deviceId } = requestBody || {};
36
+ return typeof deviceId === 'string' && deviceId.length > 0 ? deviceId : undefined;
37
+ };
34
38
  auth = ({ strapi: strapi1 })=>({
35
39
  async callback (ctx) {
36
40
  const provider = ctx.params.provider || 'local';
@@ -86,6 +90,40 @@ function requireAuth() {
86
90
  if (user.blocked === true) {
87
91
  throw new ApplicationError('Your account has been blocked by an administrator');
88
92
  }
93
+ const mode = strapi1.config.get('plugin::users-permissions.jwtManagement', 'legacy-support');
94
+ if (mode === 'refresh') {
95
+ const deviceId = extractDeviceId(ctx.request.body);
96
+ const refresh = await strapi1.sessionManager('users-permissions').generateRefreshToken(String(user.id), deviceId, {
97
+ type: 'refresh'
98
+ });
99
+ const access = await strapi1.sessionManager('users-permissions').generateAccessToken(refresh.token);
100
+ if ('error' in access) {
101
+ throw new ApplicationError('Invalid credentials');
102
+ }
103
+ const upSessions = strapi1.config.get('plugin::users-permissions.sessions');
104
+ const requestHttpOnly = ctx.request.header['x-strapi-refresh-cookie'] === 'httpOnly';
105
+ if (upSessions?.httpOnly || requestHttpOnly) {
106
+ const cookieName = upSessions.cookie?.name || 'strapi_up_refresh';
107
+ const cookieOptions = {
108
+ httpOnly: true,
109
+ secure: Boolean(upSessions.cookie?.secure),
110
+ sameSite: upSessions.cookie?.sameSite ?? 'lax',
111
+ path: upSessions.cookie?.path ?? '/',
112
+ domain: upSessions.cookie?.domain,
113
+ overwrite: true
114
+ };
115
+ ctx.cookies.set(cookieName, refresh.token, cookieOptions);
116
+ return ctx.send({
117
+ jwt: access.token,
118
+ user: await sanitizeUser(user, ctx)
119
+ });
120
+ }
121
+ return ctx.send({
122
+ jwt: access.token,
123
+ refreshToken: refresh.token,
124
+ user: await sanitizeUser(user, ctx)
125
+ });
126
+ }
89
127
  return ctx.send({
90
128
  jwt: getService('jwt').issue({
91
129
  id: user.id
@@ -99,6 +137,40 @@ function requireAuth() {
99
137
  if (user.blocked) {
100
138
  throw new ForbiddenError('Your account has been blocked by an administrator');
101
139
  }
140
+ const mode = strapi1.config.get('plugin::users-permissions.jwtManagement', 'legacy-support');
141
+ if (mode === 'refresh') {
142
+ const deviceId = extractDeviceId(ctx.request.body);
143
+ const refresh = await strapi1.sessionManager('users-permissions').generateRefreshToken(String(user.id), deviceId, {
144
+ type: 'refresh'
145
+ });
146
+ const access = await strapi1.sessionManager('users-permissions').generateAccessToken(refresh.token);
147
+ if ('error' in access) {
148
+ throw new ApplicationError('Invalid credentials');
149
+ }
150
+ const upSessions = strapi1.config.get('plugin::users-permissions.sessions');
151
+ const requestHttpOnly = ctx.request.header['x-strapi-refresh-cookie'] === 'httpOnly';
152
+ if (upSessions?.httpOnly || requestHttpOnly) {
153
+ const cookieName = upSessions.cookie?.name || 'strapi_up_refresh';
154
+ const cookieOptions = {
155
+ httpOnly: true,
156
+ secure: Boolean(upSessions.cookie?.secure),
157
+ sameSite: upSessions.cookie?.sameSite ?? 'lax',
158
+ path: upSessions.cookie?.path ?? '/',
159
+ domain: upSessions.cookie?.domain,
160
+ overwrite: true
161
+ };
162
+ ctx.cookies.set(cookieName, refresh.token, cookieOptions);
163
+ return ctx.send({
164
+ jwt: access.token,
165
+ user: await sanitizeUser(user, ctx)
166
+ });
167
+ }
168
+ return ctx.send({
169
+ jwt: access.token,
170
+ refreshToken: refresh.token,
171
+ user: await sanitizeUser(user, ctx)
172
+ });
173
+ }
102
174
  return ctx.send({
103
175
  jwt: getService('jwt').issue({
104
176
  id: user.id
@@ -130,7 +202,28 @@ function requireAuth() {
130
202
  await getService('user').edit(user.id, {
131
203
  password
132
204
  });
133
- ctx.send({
205
+ const mode = strapi1.config.get('plugin::users-permissions.jwtManagement', 'legacy-support');
206
+ if (mode === 'refresh') {
207
+ const deviceId = extractDeviceId(ctx.request.body);
208
+ if (deviceId) {
209
+ // Invalidate sessions: specific device if deviceId provided
210
+ await strapi1.sessionManager('users-permissions').invalidateRefreshToken(String(user.id), deviceId);
211
+ }
212
+ const newDeviceId = deviceId || crypto.randomUUID();
213
+ const refresh = await strapi1.sessionManager('users-permissions').generateRefreshToken(String(user.id), newDeviceId, {
214
+ type: 'refresh'
215
+ });
216
+ const access = await strapi1.sessionManager('users-permissions').generateAccessToken(refresh.token);
217
+ if ('error' in access) {
218
+ throw new ApplicationError('Invalid credentials');
219
+ }
220
+ return ctx.send({
221
+ jwt: access.token,
222
+ refreshToken: refresh.token,
223
+ user: await sanitizeUser(user, ctx)
224
+ });
225
+ }
226
+ return ctx.send({
134
227
  jwt: getService('jwt').issue({
135
228
  id: user.id
136
229
  }),
@@ -155,14 +248,100 @@ function requireAuth() {
155
248
  resetPasswordToken: null,
156
249
  password
157
250
  });
158
- // Update the user.
159
- ctx.send({
251
+ const mode = strapi1.config.get('plugin::users-permissions.jwtManagement', 'legacy-support');
252
+ if (mode === 'refresh') {
253
+ const deviceId = extractDeviceId(ctx.request.body);
254
+ if (deviceId) {
255
+ // Invalidate sessions: specific device if deviceId provided
256
+ await strapi1.sessionManager('users-permissions').invalidateRefreshToken(String(user.id), deviceId);
257
+ }
258
+ const newDeviceId = deviceId || crypto.randomUUID();
259
+ const refresh = await strapi1.sessionManager('users-permissions').generateRefreshToken(String(user.id), newDeviceId, {
260
+ type: 'refresh'
261
+ });
262
+ const access = await strapi1.sessionManager('users-permissions').generateAccessToken(refresh.token);
263
+ if ('error' in access) {
264
+ throw new ApplicationError('Invalid credentials');
265
+ }
266
+ return ctx.send({
267
+ jwt: access.token,
268
+ refreshToken: refresh.token,
269
+ user: await sanitizeUser(user, ctx)
270
+ });
271
+ }
272
+ return ctx.send({
160
273
  jwt: getService('jwt').issue({
161
274
  id: user.id
162
275
  }),
163
276
  user: await sanitizeUser(user, ctx)
164
277
  });
165
278
  },
279
+ async refresh (ctx) {
280
+ const mode = strapi1.config.get('plugin::users-permissions.jwtManagement', 'legacy-support');
281
+ if (mode !== 'refresh') {
282
+ return ctx.notFound();
283
+ }
284
+ const { refreshToken } = ctx.request.body || {};
285
+ if (!refreshToken || typeof refreshToken !== 'string') {
286
+ return ctx.badRequest('Missing refresh token');
287
+ }
288
+ const rotation = await strapi1.sessionManager('users-permissions').rotateRefreshToken(refreshToken);
289
+ if ('error' in rotation) {
290
+ return ctx.unauthorized('Invalid refresh token');
291
+ }
292
+ const result = await strapi1.sessionManager('users-permissions').generateAccessToken(rotation.token);
293
+ if ('error' in result) {
294
+ return ctx.unauthorized('Invalid refresh token');
295
+ }
296
+ const upSessions = strapi1.config.get('plugin::users-permissions.sessions');
297
+ const requestHttpOnly = ctx.request.header['x-strapi-refresh-cookie'] === 'httpOnly';
298
+ if (upSessions?.httpOnly || requestHttpOnly) {
299
+ const cookieName = upSessions.cookie?.name || 'strapi_up_refresh';
300
+ const cookieOptions = {
301
+ httpOnly: true,
302
+ secure: Boolean(upSessions.cookie?.secure),
303
+ sameSite: upSessions.cookie?.sameSite ?? 'lax',
304
+ path: upSessions.cookie?.path ?? '/',
305
+ domain: upSessions.cookie?.domain,
306
+ overwrite: true
307
+ };
308
+ ctx.cookies.set(cookieName, rotation.token, cookieOptions);
309
+ return ctx.send({
310
+ jwt: result.token
311
+ });
312
+ }
313
+ return ctx.send({
314
+ jwt: result.token,
315
+ refreshToken: rotation.token
316
+ });
317
+ },
318
+ async logout (ctx) {
319
+ const mode = strapi1.config.get('plugin::users-permissions.jwtManagement', 'legacy-support');
320
+ if (mode !== 'refresh') {
321
+ return ctx.notFound();
322
+ }
323
+ // Invalidate all sessions for the authenticated user, or by deviceId if provided
324
+ if (!ctx.state.user) {
325
+ return ctx.unauthorized('Missing authentication');
326
+ }
327
+ const deviceId = extractDeviceId(ctx.request.body);
328
+ try {
329
+ await strapi1.sessionManager('users-permissions').invalidateRefreshToken(String(ctx.state.user.id), deviceId);
330
+ } catch (err) {
331
+ strapi1.log.error('UP logout failed', err);
332
+ }
333
+ const upSessions = strapi1.config.get('plugin::users-permissions.sessions');
334
+ const requestHttpOnly = ctx.request.header['x-strapi-refresh-cookie'] === 'httpOnly';
335
+ if (upSessions?.httpOnly || requestHttpOnly) {
336
+ const cookieName = upSessions.cookie?.name || 'strapi_up_refresh';
337
+ ctx.cookies.set(cookieName, '', {
338
+ expires: new Date(0)
339
+ });
340
+ }
341
+ return ctx.send({
342
+ ok: true
343
+ });
344
+ },
166
345
  async connect (ctx, next) {
167
346
  const grant = require$$6.koa();
168
347
  const providers = await strapi1.store({
@@ -356,6 +535,22 @@ function requireAuth() {
356
535
  user: sanitizedUser
357
536
  });
358
537
  }
538
+ const mode = strapi1.config.get('plugin::users-permissions.jwtManagement', 'legacy-support');
539
+ if (mode === 'refresh') {
540
+ const deviceId = extractDeviceId(ctx.request.body) || crypto.randomUUID();
541
+ const refresh = await strapi1.sessionManager('users-permissions').generateRefreshToken(String(user.id), deviceId, {
542
+ type: 'refresh'
543
+ });
544
+ const access = await strapi1.sessionManager('users-permissions').generateAccessToken(refresh.token);
545
+ if ('error' in access) {
546
+ throw new ApplicationError('Invalid credentials');
547
+ }
548
+ return ctx.send({
549
+ jwt: access.token,
550
+ refreshToken: refresh.token,
551
+ user: sanitizedUser
552
+ });
553
+ }
359
554
  const jwt = getService('jwt').issue(_.pick(user, [
360
555
  'id'
361
556
  ]));