@strapi/plugin-users-permissions 5.8.1 → 5.10.0

package/dist/server/index.mjs

@@ -0,0 +1,4737 @@
+import require$$0$1 from 'fs';
+import require$$1$1 from 'path';
+import require$$0 from 'lodash/fp';
+import require$$1 from '@strapi/utils';
+import require$$0$2 from 'crypto';
+import require$$0$3 from 'lodash';
+import require$$3 from 'koa2-ratelimit';
+import require$$1$2 from 'jsonwebtoken';
+import require$$2 from 'url-join';
+import require$$1$3 from 'bcryptjs';
+import require$$0$4 from 'assert';
+import require$$3$1 from 'jwk-to-pem';
+import require$$4 from 'purest';
+import require$$6 from 'grant';
+
+function getDefaultExportFromCjs (x) {
+	return x && x.__esModule && Object.prototype.hasOwnProperty.call(x, 'default') ? x['default'] : x;
+}
+
+var removeUserRelationFromRoleEntities;
+var hasRequiredRemoveUserRelationFromRoleEntities;
+function requireRemoveUserRelationFromRoleEntities() {
+    if (hasRequiredRemoveUserRelationFromRoleEntities) return removeUserRelationFromRoleEntities;
+    hasRequiredRemoveUserRelationFromRoleEntities = 1;
+    removeUserRelationFromRoleEntities = ({ schema, key, attribute }, { remove })=>{
+        if (attribute?.type === 'relation' && attribute?.target === 'plugin::users-permissions.user' && schema.uid === 'plugin::users-permissions.role') {
+            remove(key);
+        }
+    };
+    return removeUserRelationFromRoleEntities;
+}
+
+var visitors;
+var hasRequiredVisitors;
+function requireVisitors() {
+    if (hasRequiredVisitors) return visitors;
+    hasRequiredVisitors = 1;
+    visitors = {
+        removeUserRelationFromRoleEntities: requireRemoveUserRelationFromRoleEntities()
+    };
+    return visitors;
+}
+
+var sanitizers;
+var hasRequiredSanitizers;
+function requireSanitizers() {
+    if (hasRequiredSanitizers) return sanitizers;
+    hasRequiredSanitizers = 1;
+    const { curry } = require$$0;
+    const { traverseEntity, async } = require$$1;
+    const { removeUserRelationFromRoleEntities } = requireVisitors();
+    const sanitizeUserRelationFromRoleEntities = curry((schema, entity)=>{
+        return traverseEntity(removeUserRelationFromRoleEntities, {
+            schema,
+            getModel: strapi.getModel.bind(strapi)
+        }, entity);
+    });
+    const defaultSanitizeOutput = curry((schema, entity)=>{
+        return async.pipe(sanitizeUserRelationFromRoleEntities(schema))(entity);
+    });
+    sanitizers = {
+        sanitizeUserRelationFromRoleEntities,
+        defaultSanitizeOutput
+    };
+    return sanitizers;
+}
+
+var sanitize;
+var hasRequiredSanitize;
+function requireSanitize() {
+    if (hasRequiredSanitize) return sanitize;
+    hasRequiredSanitize = 1;
+    const visitors = requireVisitors();
+    const sanitizers = requireSanitizers();
+    sanitize = {
+        sanitizers,
+        visitors
+    };
+    return sanitize;
+}
+
+var utils$1;
+var hasRequiredUtils$1;
+function requireUtils$1() {
+    if (hasRequiredUtils$1) return utils$1;
+    hasRequiredUtils$1 = 1;
+    const sanitize = requireSanitize();
+    const getService = (name)=>{
+        return strapi.plugin('users-permissions').service(name);
+    };
+    utils$1 = {
+        getService,
+        sanitize
+    };
+    return utils$1;
+}
+
+var usersPermissions$1;
+var hasRequiredUsersPermissions$1;
+function requireUsersPermissions$1() {
+    if (hasRequiredUsersPermissions$1) return usersPermissions$1;
+    hasRequiredUsersPermissions$1 = 1;
+    const { castArray, map, every, pipe } = require$$0;
+    const { ForbiddenError, UnauthorizedError } = require$$1.errors;
+    const { getService } = requireUtils$1();
+    const getAdvancedSettings = ()=>{
+        return strapi.store({
+            type: 'plugin',
+            name: 'users-permissions'
+        }).get({
+            key: 'advanced'
+        });
+    };
+    const authenticate = async (ctx)=>{
+        try {
+            const token = await getService('jwt').getToken(ctx);
+            if (token) {
+                const { id } = token;
+                // Invalid token
+                if (id === undefined) {
+                    return {
+                        authenticated: false
+                    };
+                }
+                const user = await getService('user').fetchAuthenticatedUser(id);
+                // No user associated to the token
+                if (!user) {
+                    return {
+                        error: 'Invalid credentials'
+                    };
+                }
+                const advancedSettings = await getAdvancedSettings();
+                // User not confirmed
+                if (advancedSettings.email_confirmation && !user.confirmed) {
+                    return {
+                        error: 'Invalid credentials'
+                    };
+                }
+                // User blocked
+                if (user.blocked) {
+                    return {
+                        error: 'Invalid credentials'
+                    };
+                }
+                // Fetch user's permissions
+                const permissions = await Promise.resolve(user.role.id).then(getService('permission').findRolePermissions).then(map(getService('permission').toContentAPIPermission));
+                // Generate an ability (content API engine) based on the given permissions
+                const ability = await strapi.contentAPI.permissions.engine.generateAbility(permissions);
+                ctx.state.user = user;
+                return {
+                    authenticated: true,
+                    credentials: user,
+                    ability
+                };
+            }
+            const publicPermissions = await getService('permission').findPublicPermissions().then(map(getService('permission').toContentAPIPermission));
+            if (publicPermissions.length === 0) {
+                return {
+                    authenticated: false
+                };
+            }
+            const ability = await strapi.contentAPI.permissions.engine.generateAbility(publicPermissions);
+            return {
+                authenticated: true,
+                credentials: null,
+                ability
+            };
+        } catch (err) {
+            return {
+                authenticated: false
+            };
+        }
+    };
+    const verify = async (auth, config)=>{
+        const { credentials: user, ability } = auth;
+        if (!config.scope) {
+            if (!user) {
+                // A non authenticated user cannot access routes that do not have a scope
+                throw new UnauthorizedError();
+            } else {
+                // An authenticated user can access non scoped routes
+                return;
+            }
+        }
+        // If no ability have been generated, then consider auth is missing
+        if (!ability) {
+            throw new UnauthorizedError();
+        }
+        const isAllowed = pipe(// Make sure we're dealing with an array
+        castArray, // Transform the scope array into an action array
+        every((scope)=>ability.can(scope)))(config.scope);
+        if (!isAllowed) {
+            throw new ForbiddenError();
+        }
+    };
+    usersPermissions$1 = {
+        name: 'users-permissions',
+        authenticate,
+        verify
+    };
+    return usersPermissions$1;
+}
+
+var me$1;
+var hasRequiredMe$1;
+function requireMe$1() {
+    if (hasRequiredMe$1) return me$1;
+    hasRequiredMe$1 = 1;
+    me$1 = ({ nexus })=>{
+        return nexus.objectType({
+            name: 'UsersPermissionsMe',
+            definition (t) {
+                t.nonNull.id('id');
+                t.nonNull.id('documentId');
+                t.nonNull.string('username');
+                t.string('email');
+                t.boolean('confirmed');
+                t.boolean('blocked');
+                t.field('role', {
+                    type: 'UsersPermissionsMeRole'
+                });
+            }
+        });
+    };
+    return me$1;
+}
+
+var meRole;
+var hasRequiredMeRole;
+function requireMeRole() {
+    if (hasRequiredMeRole) return meRole;
+    hasRequiredMeRole = 1;
+    meRole = ({ nexus })=>{
+        return nexus.objectType({
+            name: 'UsersPermissionsMeRole',
+            definition (t) {
+                t.nonNull.id('id');
+                t.nonNull.string('name');
+                t.string('description');
+                t.string('type');
+            }
+        });
+    };
+    return meRole;
+}
+
+var registerInput;
+var hasRequiredRegisterInput;
+function requireRegisterInput() {
+    if (hasRequiredRegisterInput) return registerInput;
+    hasRequiredRegisterInput = 1;
+    registerInput = ({ nexus })=>{
+        return nexus.inputObjectType({
+            name: 'UsersPermissionsRegisterInput',
+            definition (t) {
+                t.nonNull.string('username');
+                t.nonNull.string('email');
+                t.nonNull.string('password');
+            }
+        });
+    };
+    return registerInput;
+}
+
+var loginInput;
+var hasRequiredLoginInput;
+function requireLoginInput() {
+    if (hasRequiredLoginInput) return loginInput;
+    hasRequiredLoginInput = 1;
+    loginInput = ({ nexus })=>{
+        return nexus.inputObjectType({
+            name: 'UsersPermissionsLoginInput',
+            definition (t) {
+                t.nonNull.string('identifier');
+                t.nonNull.string('password');
+                t.nonNull.string('provider', {
+                    default: 'local'
+                });
+            }
+        });
+    };
+    return loginInput;
+}
+
+var passwordPayload;
+var hasRequiredPasswordPayload;
+function requirePasswordPayload() {
+    if (hasRequiredPasswordPayload) return passwordPayload;
+    hasRequiredPasswordPayload = 1;
+    passwordPayload = ({ nexus })=>{
+        return nexus.objectType({
+            name: 'UsersPermissionsPasswordPayload',
+            definition (t) {
+                t.nonNull.boolean('ok');
+            }
+        });
+    };
+    return passwordPayload;
+}
+
+var loginPayload;
+var hasRequiredLoginPayload;
+function requireLoginPayload() {
+    if (hasRequiredLoginPayload) return loginPayload;
+    hasRequiredLoginPayload = 1;
+    loginPayload = ({ nexus })=>{
+        return nexus.objectType({
+            name: 'UsersPermissionsLoginPayload',
+            definition (t) {
+                t.string('jwt');
+                t.nonNull.field('user', {
+                    type: 'UsersPermissionsMe'
+                });
+            }
+        });
+    };
+    return loginPayload;
+}
+
+var createRolePayload;
+var hasRequiredCreateRolePayload;
+function requireCreateRolePayload() {
+    if (hasRequiredCreateRolePayload) return createRolePayload;
+    hasRequiredCreateRolePayload = 1;
+    createRolePayload = ({ nexus })=>{
+        return nexus.objectType({
+            name: 'UsersPermissionsCreateRolePayload',
+            definition (t) {
+                t.nonNull.boolean('ok');
+            }
+        });
+    };
+    return createRolePayload;
+}
+
+var updateRolePayload;
+var hasRequiredUpdateRolePayload;
+function requireUpdateRolePayload() {
+    if (hasRequiredUpdateRolePayload) return updateRolePayload;
+    hasRequiredUpdateRolePayload = 1;
+    updateRolePayload = ({ nexus })=>{
+        return nexus.objectType({
+            name: 'UsersPermissionsUpdateRolePayload',
+            definition (t) {
+                t.nonNull.boolean('ok');
+            }
+        });
+    };
+    return updateRolePayload;
+}
+
+var deleteRolePayload;
+var hasRequiredDeleteRolePayload;
+function requireDeleteRolePayload() {
+    if (hasRequiredDeleteRolePayload) return deleteRolePayload;
+    hasRequiredDeleteRolePayload = 1;
+    deleteRolePayload = ({ nexus })=>{
+        return nexus.objectType({
+            name: 'UsersPermissionsDeleteRolePayload',
+            definition (t) {
+                t.nonNull.boolean('ok');
+            }
+        });
+    };
+    return deleteRolePayload;
+}
+
+var userInput;
+var hasRequiredUserInput;
+function requireUserInput() {
+    if (hasRequiredUserInput) return userInput;
+    hasRequiredUserInput = 1;
+    const usersPermissionsUserUID = 'plugin::users-permissions.user';
+    userInput = ({ nexus, strapi })=>{
+        const { getContentTypeInputName } = strapi.plugin('graphql').service('utils').naming;
+        const userContentType = strapi.getModel(usersPermissionsUserUID);
+        const userInputName = getContentTypeInputName(userContentType);
+        return nexus.extendInputType({
+            type: userInputName,
+            definition (t) {
+                // Manually add the private password field back to the data
+                // input type as it is used for CRUD operations on users
+                t.string('password');
+            }
+        });
+    };
+    return userInput;
+}
+
+var types;
+var hasRequiredTypes;
+function requireTypes() {
+    if (hasRequiredTypes) return types;
+    hasRequiredTypes = 1;
+    const typesFactories = [
+        requireMe$1(),
+        requireMeRole(),
+        requireRegisterInput(),
+        requireLoginInput(),
+        requirePasswordPayload(),
+        requireLoginPayload(),
+        requireCreateRolePayload(),
+        requireUpdateRolePayload(),
+        requireDeleteRolePayload(),
+        requireUserInput()
+    ];
+    /**
+	 * @param {object} context
+	 * @param {object} context.nexus
+	 * @param {object} context.strapi
+	 * @return {any[]}
+	 */ types = (context)=>typesFactories.map((factory)=>factory(context));
+    return types;
+}
+
+var me;
+var hasRequiredMe;
+function requireMe() {
+    if (hasRequiredMe) return me;
+    hasRequiredMe = 1;
+    me = ()=>({
+            type: 'UsersPermissionsMe',
+            args: {},
+            resolve (parent, args, context) {
+                const { user } = context.state;
+                if (!user) {
+                    throw new Error('Authentication requested');
+                }
+                return user;
+            }
+        });
+    return me;
+}
+
+var queries;
+var hasRequiredQueries;
+function requireQueries() {
+    if (hasRequiredQueries) return queries;
+    hasRequiredQueries = 1;
+    const me = requireMe();
+    queries = ({ nexus })=>{
+        return nexus.extendType({
+            type: 'Query',
+            definition (t) {
+                t.field('me', me({
+                    nexus
+                }));
+            }
+        });
+    };
+    return queries;
+}
+
+var createRole;
+var hasRequiredCreateRole;
+function requireCreateRole() {
+    if (hasRequiredCreateRole) return createRole;
+    hasRequiredCreateRole = 1;
+    const { toPlainObject } = require$$0;
+    const usersPermissionsRoleUID = 'plugin::users-permissions.role';
+    createRole = ({ nexus, strapi })=>{
+        const { getContentTypeInputName } = strapi.plugin('graphql').service('utils').naming;
+        const { nonNull } = nexus;
+        const roleContentType = strapi.getModel(usersPermissionsRoleUID);
+        const roleInputName = getContentTypeInputName(roleContentType);
+        return {
+            type: 'UsersPermissionsCreateRolePayload',
+            args: {
+                data: nonNull(roleInputName)
+            },
+            description: 'Create a new role',
+            async resolve (parent, args, context) {
+                const { koaContext } = context;
+                koaContext.request.body = toPlainObject(args.data);
+                await strapi.plugin('users-permissions').controller('role').createRole(koaContext);
+                return {
+                    ok: true
+                };
+            }
+        };
+    };
+    return createRole;
+}
+
+var updateRole;
+var hasRequiredUpdateRole;
+function requireUpdateRole() {
+    if (hasRequiredUpdateRole) return updateRole;
+    hasRequiredUpdateRole = 1;
+    const usersPermissionsRoleUID = 'plugin::users-permissions.role';
+    updateRole = ({ nexus, strapi })=>{
+        const { getContentTypeInputName } = strapi.plugin('graphql').service('utils').naming;
+        const { nonNull } = nexus;
+        const roleContentType = strapi.getModel(usersPermissionsRoleUID);
+        const roleInputName = getContentTypeInputName(roleContentType);
+        return {
+            type: 'UsersPermissionsUpdateRolePayload',
+            args: {
+                id: nonNull('ID'),
+                data: nonNull(roleInputName)
+            },
+            description: 'Update an existing role',
+            async resolve (parent, args, context) {
+                const { koaContext } = context;
+                koaContext.params = {
+                    role: args.id
+                };
+                koaContext.request.body = args.data;
+                koaContext.request.body.role = args.id;
+                await strapi.plugin('users-permissions').controller('role').updateRole(koaContext);
+                return {
+                    ok: true
+                };
+            }
+        };
+    };
+    return updateRole;
+}
+
+var deleteRole;
+var hasRequiredDeleteRole;
+function requireDeleteRole() {
+    if (hasRequiredDeleteRole) return deleteRole;
+    hasRequiredDeleteRole = 1;
+    deleteRole = ({ nexus, strapi })=>{
+        const { nonNull } = nexus;
+        return {
+            type: 'UsersPermissionsDeleteRolePayload',
+            args: {
+                id: nonNull('ID')
+            },
+            description: 'Delete an existing role',
+            async resolve (parent, args, context) {
+                const { koaContext } = context;
+                koaContext.params = {
+                    role: args.id
+                };
+                await strapi.plugin('users-permissions').controller('role').deleteRole(koaContext);
+                return {
+                    ok: true
+                };
+            }
+        };
+    };
+    return deleteRole;
+}
+
+var utils;
+var hasRequiredUtils;
+function requireUtils() {
+    if (hasRequiredUtils) return utils;
+    hasRequiredUtils = 1;
+    const { getOr } = require$$0;
+    /**
+	 * Throws an ApolloError if context body contains a bad request
+	 * @param contextBody - body of the context object given to the resolver
+	 * @throws ApolloError if the body is a bad request
+	 */ function checkBadRequest(contextBody) {
+        const statusCode = getOr(200, 'statusCode', contextBody);
+        if (statusCode !== 200) {
+            const errorMessage = getOr('Bad Request', 'error', contextBody);
+            const exception = new Error(errorMessage);
+            exception.code = statusCode || 400;
+            exception.data = contextBody;
+            throw exception;
+        }
+    }
+    utils = {
+        checkBadRequest
+    };
+    return utils;
+}
+
+var createUser;
+var hasRequiredCreateUser;
+function requireCreateUser() {
+    if (hasRequiredCreateUser) return createUser;
+    hasRequiredCreateUser = 1;
+    const { toPlainObject } = require$$0;
+    const { checkBadRequest } = requireUtils();
+    const usersPermissionsUserUID = 'plugin::users-permissions.user';
+    createUser = ({ nexus, strapi })=>{
+        const { nonNull } = nexus;
+        const { getContentTypeInputName, getEntityResponseName } = strapi.plugin('graphql').service('utils').naming;
+        const userContentType = strapi.getModel(usersPermissionsUserUID);
+        const userInputName = getContentTypeInputName(userContentType);
+        const responseName = getEntityResponseName(userContentType);
+        return {
+            type: nonNull(responseName),
+            args: {
+                data: nonNull(userInputName)
+            },
+            description: 'Create a new user',
+            async resolve (parent, args, context) {
+                const { koaContext } = context;
+                koaContext.params = {};
+                koaContext.request.body = toPlainObject(args.data);
+                await strapi.plugin('users-permissions').controller('user').create(koaContext);
+                checkBadRequest(koaContext.body);
+                return {
+                    value: koaContext.body,
+                    info: {
+                        args,
+                        resourceUID: 'plugin::users-permissions.user'
+                    }
+                };
+            }
+        };
+    };
+    return createUser;
+}
+
+var updateUser;
+var hasRequiredUpdateUser;
+function requireUpdateUser() {
+    if (hasRequiredUpdateUser) return updateUser;
+    hasRequiredUpdateUser = 1;
+    const { toPlainObject } = require$$0;
+    const { checkBadRequest } = requireUtils();
+    const usersPermissionsUserUID = 'plugin::users-permissions.user';
+    updateUser = ({ nexus, strapi })=>{
+        const { nonNull } = nexus;
+        const { getContentTypeInputName, getEntityResponseName } = strapi.plugin('graphql').service('utils').naming;
+        const userContentType = strapi.getModel(usersPermissionsUserUID);
+        const userInputName = getContentTypeInputName(userContentType);
+        const responseName = getEntityResponseName(userContentType);
+        return {
+            type: nonNull(responseName),
+            args: {
+                id: nonNull('ID'),
+                data: nonNull(userInputName)
+            },
+            description: 'Update an existing user',
+            async resolve (parent, args, context) {
+                const { koaContext } = context;
+                koaContext.params = {
+                    id: args.id
+                };
+                koaContext.request.body = toPlainObject(args.data);
+                await strapi.plugin('users-permissions').controller('user').update(koaContext);
+                checkBadRequest(koaContext.body);
+                return {
+                    value: koaContext.body,
+                    info: {
+                        args,
+                        resourceUID: 'plugin::users-permissions.user'
+                    }
+                };
+            }
+        };
+    };
+    return updateUser;
+}
+
+var deleteUser;
+var hasRequiredDeleteUser;
+function requireDeleteUser() {
+    if (hasRequiredDeleteUser) return deleteUser;
+    hasRequiredDeleteUser = 1;
+    const { checkBadRequest } = requireUtils();
+    const usersPermissionsUserUID = 'plugin::users-permissions.user';
+    deleteUser = ({ nexus, strapi })=>{
+        const { nonNull } = nexus;
+        const { getEntityResponseName } = strapi.plugin('graphql').service('utils').naming;
+        const userContentType = strapi.getModel(usersPermissionsUserUID);
+        const responseName = getEntityResponseName(userContentType);
+        return {
+            type: nonNull(responseName),
+            args: {
+                id: nonNull('ID')
+            },
+            description: 'Delete an existing user',
+            async resolve (parent, args, context) {
+                const { koaContext } = context;
+                koaContext.params = {
+                    id: args.id
+                };
+                await strapi.plugin('users-permissions').controller('user').destroy(koaContext);
+                checkBadRequest(koaContext.body);
+                return {
+                    value: koaContext.body,
+                    info: {
+                        args,
+                        resourceUID: 'plugin::users-permissions.user'
+                    }
+                };
+            }
+        };
+    };
+    return deleteUser;
+}
+
+var login;
+var hasRequiredLogin;
+function requireLogin() {
+    if (hasRequiredLogin) return login;
+    hasRequiredLogin = 1;
+    const { toPlainObject } = require$$0;
+    const { checkBadRequest } = requireUtils();
+    login = ({ nexus, strapi })=>{
+        const { nonNull } = nexus;
+        return {
+            type: nonNull('UsersPermissionsLoginPayload'),
+            args: {
+                input: nonNull('UsersPermissionsLoginInput')
+            },
+            async resolve (parent, args, context) {
+                const { koaContext } = context;
+                koaContext.params = {
+                    provider: args.input.provider
+                };
+                koaContext.request.body = toPlainObject(args.input);
+                await strapi.plugin('users-permissions').controller('auth').callback(koaContext);
+                const output = koaContext.body;
+                checkBadRequest(output);
+                return {
+                    user: output.user || output,
+                    jwt: output.jwt
+                };
+            }
+        };
+    };
+    return login;
+}
+
+var register$1;
+var hasRequiredRegister$1;
+function requireRegister$1() {
+    if (hasRequiredRegister$1) return register$1;
+    hasRequiredRegister$1 = 1;
+    const { toPlainObject } = require$$0;
+    const { checkBadRequest } = requireUtils();
+    register$1 = ({ nexus, strapi })=>{
+        const { nonNull } = nexus;
+        return {
+            type: nonNull('UsersPermissionsLoginPayload'),
+            args: {
+                input: nonNull('UsersPermissionsRegisterInput')
+            },
+            description: 'Register a user',
+            async resolve (parent, args, context) {
+                const { koaContext } = context;
+                koaContext.request.body = toPlainObject(args.input);
+                await strapi.plugin('users-permissions').controller('auth').register(koaContext);
+                const output = koaContext.body;
+                checkBadRequest(output);
+                return {
+                    user: output.user || output,
+                    jwt: output.jwt
+                };
+            }
+        };
+    };
+    return register$1;
+}
+
+var forgotPassword;
+var hasRequiredForgotPassword;
+function requireForgotPassword() {
+    if (hasRequiredForgotPassword) return forgotPassword;
+    hasRequiredForgotPassword = 1;
+    const { toPlainObject } = require$$0;
+    const { checkBadRequest } = requireUtils();
+    forgotPassword = ({ nexus, strapi })=>{
+        const { nonNull } = nexus;
+        return {
+            type: 'UsersPermissionsPasswordPayload',
+            args: {
+                email: nonNull('String')
+            },
+            description: 'Request a reset password token',
+            async resolve (parent, args, context) {
+                const { koaContext } = context;
+                koaContext.request.body = toPlainObject(args);
+                await strapi.plugin('users-permissions').controller('auth').forgotPassword(koaContext);
+                const output = koaContext.body;
+                checkBadRequest(output);
+                return {
+                    ok: output.ok || output
+                };
+            }
+        };
+    };
+    return forgotPassword;
+}
+
+var resetPassword;
+var hasRequiredResetPassword;
+function requireResetPassword() {
+    if (hasRequiredResetPassword) return resetPassword;
+    hasRequiredResetPassword = 1;
+    const { toPlainObject } = require$$0;
+    const { checkBadRequest } = requireUtils();
+    resetPassword = ({ nexus, strapi })=>{
+        const { nonNull } = nexus;
+        return {
+            type: 'UsersPermissionsLoginPayload',
+            args: {
+                password: nonNull('String'),
+                passwordConfirmation: nonNull('String'),
+                code: nonNull('String')
+            },
+            description: 'Reset user password. Confirm with a code (resetToken from forgotPassword)',
+            async resolve (parent, args, context) {
+                const { koaContext } = context;
+                koaContext.request.body = toPlainObject(args);
+                await strapi.plugin('users-permissions').controller('auth').resetPassword(koaContext);
+                const output = koaContext.body;
+                checkBadRequest(output);
+                return {
+                    user: output.user || output,
+                    jwt: output.jwt
+                };
+            }
+        };
+    };
+    return resetPassword;
+}
+
+var changePassword;
+var hasRequiredChangePassword;
+function requireChangePassword() {
+    if (hasRequiredChangePassword) return changePassword;
+    hasRequiredChangePassword = 1;
+    const { toPlainObject } = require$$0;
+    const { checkBadRequest } = requireUtils();
+    changePassword = ({ nexus, strapi })=>{
+        const { nonNull } = nexus;
+        return {
+            type: 'UsersPermissionsLoginPayload',
+            args: {
+                currentPassword: nonNull('String'),
+                password: nonNull('String'),
+                passwordConfirmation: nonNull('String')
+            },
+            description: 'Change user password. Confirm with the current password.',
+            async resolve (parent, args, context) {
+                const { koaContext } = context;
+                koaContext.request.body = toPlainObject(args);
+                await strapi.plugin('users-permissions').controller('auth').changePassword(koaContext);
+                const output = koaContext.body;
+                checkBadRequest(output);
+                return {
+                    user: output.user || output,
+                    jwt: output.jwt
+                };
+            }
+        };
+    };
+    return changePassword;
+}
+
+var emailConfirmation;
+var hasRequiredEmailConfirmation;
+function requireEmailConfirmation() {
+    if (hasRequiredEmailConfirmation) return emailConfirmation;
+    hasRequiredEmailConfirmation = 1;
+    const { toPlainObject } = require$$0;
+    const { checkBadRequest } = requireUtils();
+    emailConfirmation = ({ nexus, strapi })=>{
+        const { nonNull } = nexus;
+        return {
+            type: 'UsersPermissionsLoginPayload',
+            args: {
+                confirmation: nonNull('String')
+            },
+            description: 'Confirm an email users email address',
+            async resolve (parent, args, context) {
+                const { koaContext } = context;
+                koaContext.query = toPlainObject(args);
+                await strapi.plugin('users-permissions').controller('auth').emailConfirmation(koaContext, null, true);
+                const output = koaContext.body;
+                checkBadRequest(output);
+                return {
+                    user: output.user || output,
+                    jwt: output.jwt
+                };
+            }
+        };
+    };
+    return emailConfirmation;
+}
+
+var mutations;
+var hasRequiredMutations;
+function requireMutations() {
+    if (hasRequiredMutations) return mutations;
+    hasRequiredMutations = 1;
+    const userUID = 'plugin::users-permissions.user';
+    const roleUID = 'plugin::users-permissions.role';
+    mutations = (context)=>{
+        const { nexus, strapi } = context;
+        const { naming } = strapi.plugin('graphql').service('utils');
+        const user = strapi.getModel(userUID);
+        const role = strapi.getModel(roleUID);
+        const mutations = {
+            // CRUD (user & role)
+            [naming.getCreateMutationTypeName(role)]: requireCreateRole(),
+            [naming.getUpdateMutationTypeName(role)]: requireUpdateRole(),
+            [naming.getDeleteMutationTypeName(role)]: requireDeleteRole(),
+            [naming.getCreateMutationTypeName(user)]: requireCreateUser(),
+            [naming.getUpdateMutationTypeName(user)]: requireUpdateUser(),
+            [naming.getDeleteMutationTypeName(user)]: requireDeleteUser(),
+            // Other mutations
+            login: requireLogin(),
+            register: requireRegister$1(),
+            forgotPassword: requireForgotPassword(),
+            resetPassword: requireResetPassword(),
+            changePassword: requireChangePassword(),
+            emailConfirmation: requireEmailConfirmation()
+        };
+        return nexus.extendType({
+            type: 'Mutation',
+            definition (t) {
+                for (const [name, getConfig] of Object.entries(mutations)){
+                    const config = getConfig(context);
+                    t.field(name, config);
+                }
+            }
+        });
+    };
+    return mutations;
+}
+
+var resolversConfigs;
+var hasRequiredResolversConfigs;
+function requireResolversConfigs() {
+    if (hasRequiredResolversConfigs) return resolversConfigs;
+    hasRequiredResolversConfigs = 1;
+    const userUID = 'plugin::users-permissions.user';
+    const roleUID = 'plugin::users-permissions.role';
+    resolversConfigs = ({ strapi })=>{
+        const { naming } = strapi.plugin('graphql').service('utils');
+        const user = strapi.getModel(userUID);
+        const role = strapi.getModel(roleUID);
+        const createRole = naming.getCreateMutationTypeName(role);
+        const updateRole = naming.getUpdateMutationTypeName(role);
+        const deleteRole = naming.getDeleteMutationTypeName(role);
+        const createUser = naming.getCreateMutationTypeName(user);
+        const updateUser = naming.getUpdateMutationTypeName(user);
+        const deleteUser = naming.getDeleteMutationTypeName(user);
+        return {
+            // Disabled auth for some operations
+            'Mutation.login': {
+                auth: false
+            },
+            'Mutation.register': {
+                auth: false
+            },
+            'Mutation.forgotPassword': {
+                auth: false
+            },
+            'Mutation.resetPassword': {
+                auth: false
+            },
+            'Mutation.emailConfirmation': {
+                auth: false
+            },
+            'Mutation.changePassword': {
+                auth: {
+                    scope: 'plugin::users-permissions.auth.changePassword'
+                }
+            },
+            // Scoped auth for replaced CRUD operations
+            // Role
+            [`Mutation.${createRole}`]: {
+                auth: {
+                    scope: [
+                        `${roleUID}.createRole`
+                    ]
+                }
+            },
+            [`Mutation.${updateRole}`]: {
+                auth: {
+                    scope: [
+                        `${roleUID}.updateRole`
+                    ]
+                }
+            },
+            [`Mutation.${deleteRole}`]: {
+                auth: {
+                    scope: [
+                        `${roleUID}.deleteRole`
+                    ]
+                }
+            },
+            // User
+            [`Mutation.${createUser}`]: {
+                auth: {
+                    scope: [
+                        `${userUID}.create`
+                    ]
+                }
+            },
+            [`Mutation.${updateUser}`]: {
+                auth: {
+                    scope: [
+                        `${userUID}.update`
+                    ]
+                }
+            },
+            [`Mutation.${deleteUser}`]: {
+                auth: {
+                    scope: [
+                        `${userUID}.destroy`
+                    ]
+                }
+            }
+        };
+    };
+    return resolversConfigs;
+}
+
+var graphql;
+var hasRequiredGraphql;
+function requireGraphql() {
+    if (hasRequiredGraphql) return graphql;
+    hasRequiredGraphql = 1;
+    const getTypes = requireTypes();
+    const getQueries = requireQueries();
+    const getMutations = requireMutations();
+    const getResolversConfig = requireResolversConfigs();
+    graphql = ({ strapi })=>{
+        const { config: graphQLConfig } = strapi.plugin('graphql');
+        const extensionService = strapi.plugin('graphql').service('extension');
+        const isShadowCRUDEnabled = graphQLConfig('shadowCRUD', true);
+        if (!isShadowCRUDEnabled) {
+            return;
+        }
+        // Disable Permissions queries & mutations but allow the
+        // type to be used/selected in filters or nested resolvers
+        extensionService.shadowCRUD('plugin::users-permissions.permission').disableQueries().disableMutations();
+        // Disable User & Role's Create/Update/Delete actions so they can be replaced
+        const actionsToDisable = [
+            'create',
+            'update',
+            'delete'
+        ];
+        extensionService.shadowCRUD('plugin::users-permissions.user').disableActions(actionsToDisable);
+        extensionService.shadowCRUD('plugin::users-permissions.role').disableActions(actionsToDisable);
+        // Register new types & resolvers config
+        extensionService.use(({ nexus })=>{
+            const types = getTypes({
+                strapi,
+                nexus
+            });
+            const queries = getQueries({
+                strapi,
+                nexus
+            });
+            const mutations = getMutations({
+                strapi,
+                nexus
+            });
+            const resolversConfig = getResolversConfig({
+                strapi
+            });
+            return {
+                types: [
+                    types,
+                    queries,
+                    mutations
+                ],
+                resolversConfig
+            };
+        });
+    };
+    return graphql;
+}
+
+var register;
+var hasRequiredRegister;
+function requireRegister() {
+    if (hasRequiredRegister) return register;
+    hasRequiredRegister = 1;
+    const fs = require$$0$1;
+    const path = require$$1$1;
+    const authStrategy = requireUsersPermissions$1();
+    const sanitizers = requireSanitizers();
+    register = ({ strapi })=>{
+        strapi.get('auth').register('content-api', authStrategy);
+        strapi.sanitizers.add('content-api.output', sanitizers.defaultSanitizeOutput);
+        if (strapi.plugin('graphql')) {
+            requireGraphql()({
+                strapi
+            });
+        }
+        if (strapi.plugin('documentation')) {
+            const specPath = path.join(__dirname, '../../documentation/content-api.yaml');
+            const spec = fs.readFileSync(specPath, 'utf8');
+            strapi.plugin('documentation').service('override').registerOverride(spec, {
+                pluginOrigin: 'users-permissions',
+                excludeFromGeneration: [
+                    'users-permissions'
+                ]
+            });
+        }
+    };
+    return register;
+}
+
+var usersPermissionsActions;
+var hasRequiredUsersPermissionsActions;
+function requireUsersPermissionsActions() {
+    if (hasRequiredUsersPermissionsActions) return usersPermissionsActions;
+    hasRequiredUsersPermissionsActions = 1;
+    usersPermissionsActions = {
+        actions: [
+            {
+                // Roles
+                section: 'plugins',
+                displayName: 'Create',
+                uid: 'roles.create',
+                subCategory: 'roles',
+                pluginName: 'users-permissions'
+            },
+            {
+                section: 'plugins',
+                displayName: 'Read',
+                uid: 'roles.read',
+                subCategory: 'roles',
+                pluginName: 'users-permissions',
+                aliases: [
+                    {
+                        actionId: 'plugin::content-manager.explorer.read',
+                        subjects: [
+                            'plugin::users-permissions.role'
+                        ]
+                    }
+                ]
+            },
+            {
+                section: 'plugins',
+                displayName: 'Update',
+                uid: 'roles.update',
+                subCategory: 'roles',
+                pluginName: 'users-permissions'
+            },
+            {
+                section: 'plugins',
+                displayName: 'Delete',
+                uid: 'roles.delete',
+                subCategory: 'roles',
+                pluginName: 'users-permissions'
+            },
+            {
+                // providers
+                section: 'plugins',
+                displayName: 'Read',
+                uid: 'providers.read',
+                subCategory: 'providers',
+                pluginName: 'users-permissions'
+            },
+            {
+                section: 'plugins',
+                displayName: 'Edit',
+                uid: 'providers.update',
+                subCategory: 'providers',
+                pluginName: 'users-permissions'
+            },
+            {
+                // emailTemplates
+                section: 'plugins',
+                displayName: 'Read',
+                uid: 'email-templates.read',
+                subCategory: 'emailTemplates',
+                pluginName: 'users-permissions'
+            },
+            {
+                section: 'plugins',
+                displayName: 'Edit',
+                uid: 'email-templates.update',
+                subCategory: 'emailTemplates',
+                pluginName: 'users-permissions'
+            },
+            {
+                // advancedSettings
+                section: 'plugins',
+                displayName: 'Read',
+                uid: 'advanced-settings.read',
+                subCategory: 'advancedSettings',
+                pluginName: 'users-permissions'
+            },
+            {
+                section: 'plugins',
+                displayName: 'Edit',
+                uid: 'advanced-settings.update',
+                subCategory: 'advancedSettings',
+                pluginName: 'users-permissions'
+            }
+        ]
+    };
+    return usersPermissionsActions;
+}
+
+var bootstrap;
+var hasRequiredBootstrap;
+function requireBootstrap() {
+    if (hasRequiredBootstrap) return bootstrap;
+    hasRequiredBootstrap = 1;
+    /**
+	 * An asynchronous bootstrap function that runs before
+	 * your application gets started.
+	 *
+	 * This gives you an opportunity to set up your data model,
+	 * run jobs, or perform some special logic.
+	 */ const crypto = require$$0$2;
+    const _ = require$$0$3;
+    const { getService } = requireUtils$1();
+    const usersPermissionsActions = requireUsersPermissionsActions();
+    const initGrant = async (pluginStore)=>{
+        const allProviders = getService('providers-registry').getAll();
+        const grantConfig = Object.entries(allProviders).reduce((acc, [name, provider])=>{
+            const { icon, enabled, grantConfig } = provider;
+            acc[name] = {
+                icon,
+                enabled,
+                ...grantConfig
+            };
+            return acc;
+        }, {});
+        const prevGrantConfig = await pluginStore.get({
+            key: 'grant'
+        }) || {};
+        if (!prevGrantConfig || !_.isEqual(prevGrantConfig, grantConfig)) {
+            // merge with the previous provider config.
+            _.keys(grantConfig).forEach((key)=>{
+                if (key in prevGrantConfig) {
+                    grantConfig[key] = _.merge(grantConfig[key], prevGrantConfig[key]);
+                }
+            });
+            await pluginStore.set({
+                key: 'grant',
+                value: grantConfig
+            });
+        }
+    };
+    const initEmails = async (pluginStore)=>{
+        if (!await pluginStore.get({
+            key: 'email'
+        })) {
+            const value = {
+                reset_password: {
+                    display: 'Email.template.reset_password',
+                    icon: 'sync',
+                    options: {
+                        from: {
+                            name: 'Administration Panel',
+                            email: 'no-reply@strapi.io'
+                        },
+                        response_email: '',
+                        object: 'Reset password',
+                        message: `<p>We heard that you lost your password. Sorry about that!</p>
+
+<p>But don’t worry! You can use the following link to reset your password:</p>
+<p><%= URL %>?code=<%= TOKEN %></p>
+
+<p>Thanks.</p>`
+                    }
+                },
+                email_confirmation: {
+                    display: 'Email.template.email_confirmation',
+                    icon: 'check-square',
+                    options: {
+                        from: {
+                            name: 'Administration Panel',
+                            email: 'no-reply@strapi.io'
+                        },
+                        response_email: '',
+                        object: 'Account confirmation',
+                        message: `<p>Thank you for registering!</p>
+
+<p>You have to confirm your email address. Please click on the link below.</p>
+
+<p><%= URL %>?confirmation=<%= CODE %></p>
+
+<p>Thanks.</p>`
+                    }
+                }
+            };
+            await pluginStore.set({
+                key: 'email',
+                value
+            });
+        }
+    };
+    const initAdvancedOptions = async (pluginStore)=>{
+        if (!await pluginStore.get({
+            key: 'advanced'
+        })) {
+            const value = {
+                unique_email: true,
+                allow_register: true,
+                email_confirmation: false,
+                email_reset_password: null,
+                email_confirmation_redirection: null,
+                default_role: 'authenticated'
+            };
+            await pluginStore.set({
+                key: 'advanced',
+                value
+            });
+        }
+    };
+    bootstrap = async ({ strapi })=>{
+        const pluginStore = strapi.store({
+            type: 'plugin',
+            name: 'users-permissions'
+        });
+        await initGrant(pluginStore);
+        await initEmails(pluginStore);
+        await initAdvancedOptions(pluginStore);
+        await strapi.service('admin::permission').actionProvider.registerMany(usersPermissionsActions.actions);
+        await getService('users-permissions').initialize();
+        if (!strapi.config.get('plugin::users-permissions.jwtSecret')) {
+            if (process.env.NODE_ENV !== 'development') {
+                throw new Error(`Missing jwtSecret. Please, set configuration variable "jwtSecret" for the users-permissions plugin in config/plugins.js (ex: you can generate one using Node with \`crypto.randomBytes(16).toString('base64')\`).
+For security reasons, prefer storing the secret in an environment variable and read it in config/plugins.js. See https://docs.strapi.io/developer-docs/latest/setup-deployment-guides/configurations/optional/environment.html#configuration-using-environment-variables.`);
+            }
+            const jwtSecret = crypto.randomBytes(16).toString('base64');
+            strapi.config.set('plugin::users-permissions.jwtSecret', jwtSecret);
+            if (!process.env.JWT_SECRET) {
+                const envPath = process.env.ENV_PATH || '.env';
+                strapi.fs.appendFile(envPath, `JWT_SECRET=${jwtSecret}\n`);
+                strapi.log.info(`The Users & Permissions plugin automatically generated a jwt secret and stored it in ${envPath} under the name JWT_SECRET.`);
+            }
+        }
+    };
+    return bootstrap;
+}
+
+var permission$1;
+var hasRequiredPermission$1;
+function requirePermission$1() {
+    if (hasRequiredPermission$1) return permission$1;
+    hasRequiredPermission$1 = 1;
+    permission$1 = {
+        collectionName: 'up_permissions',
+        info: {
+            name: 'permission',
+            description: '',
+            singularName: 'permission',
+            pluralName: 'permissions',
+            displayName: 'Permission'
+        },
+        pluginOptions: {
+            'content-manager': {
+                visible: false
+            },
+            'content-type-builder': {
+                visible: false
+            }
+        },
+        attributes: {
+            action: {
+                type: 'string',
+                required: true,
+                configurable: false
+            },
+            role: {
+                type: 'relation',
+                relation: 'manyToOne',
+                target: 'plugin::users-permissions.role',
+                inversedBy: 'permissions',
+                configurable: false
+            }
+        }
+    };
+    return permission$1;
+}
+
+var role$4;
+var hasRequiredRole$4;
+function requireRole$4() {
+    if (hasRequiredRole$4) return role$4;
+    hasRequiredRole$4 = 1;
+    role$4 = {
+        collectionName: 'up_roles',
+        info: {
+            name: 'role',
+            description: '',
+            singularName: 'role',
+            pluralName: 'roles',
+            displayName: 'Role'
+        },
+        pluginOptions: {
+            'content-manager': {
+                visible: false
+            },
+            'content-type-builder': {
+                visible: false
+            }
+        },
+        attributes: {
+            name: {
+                type: 'string',
+                minLength: 3,
+                required: true,
+                configurable: false
+            },
+            description: {
+                type: 'string',
+                configurable: false
+            },
+            type: {
+                type: 'string',
+                unique: true,
+                configurable: false
+            },
+            permissions: {
+                type: 'relation',
+                relation: 'oneToMany',
+                target: 'plugin::users-permissions.permission',
+                mappedBy: 'role',
+                configurable: false
+            },
+            users: {
+                type: 'relation',
+                relation: 'oneToMany',
+                target: 'plugin::users-permissions.user',
+                mappedBy: 'role',
+                configurable: false
+            }
+        }
+    };
+    return role$4;
+}
+
+var schemaConfig;
+var hasRequiredSchemaConfig;
+function requireSchemaConfig() {
+    if (hasRequiredSchemaConfig) return schemaConfig;
+    hasRequiredSchemaConfig = 1;
+    schemaConfig = {
+        attributes: {
+            resetPasswordToken: {
+                hidden: true
+            },
+            confirmationToken: {
+                hidden: true
+            },
+            provider: {
+                hidden: true
+            }
+        }
+    };
+    return schemaConfig;
+}
+
+var user$4;
+var hasRequiredUser$4;
+function requireUser$4() {
+    if (hasRequiredUser$4) return user$4;
+    hasRequiredUser$4 = 1;
+    const schemaConfig = requireSchemaConfig();
+    user$4 = {
+        collectionName: 'up_users',
+        info: {
+            name: 'user',
+            description: '',
+            singularName: 'user',
+            pluralName: 'users',
+            displayName: 'User'
+        },
+        options: {
+            timestamps: true
+        },
+        attributes: {
+            username: {
+                type: 'string',
+                minLength: 3,
+                unique: true,
+                configurable: false,
+                required: true
+            },
+            email: {
+                type: 'email',
+                minLength: 6,
+                configurable: false,
+                required: true
+            },
+            provider: {
+                type: 'string',
+                configurable: false
+            },
+            password: {
+                type: 'password',
+                minLength: 6,
+                configurable: false,
+                private: true,
+                searchable: false
+            },
+            resetPasswordToken: {
+                type: 'string',
+                configurable: false,
+                private: true,
+                searchable: false
+            },
+            confirmationToken: {
+                type: 'string',
+                configurable: false,
+                private: true,
+                searchable: false
+            },
+            confirmed: {
+                type: 'boolean',
+                default: false,
+                configurable: false
+            },
+            blocked: {
+                type: 'boolean',
+                default: false,
+                configurable: false
+            },
+            role: {
+                type: 'relation',
+                relation: 'manyToOne',
+                target: 'plugin::users-permissions.role',
+                inversedBy: 'users',
+                configurable: false
+            }
+        },
+        config: schemaConfig
+    };
+    return user$4;
+}
+
+var contentTypes;
+var hasRequiredContentTypes;
+function requireContentTypes() {
+    if (hasRequiredContentTypes) return contentTypes;
+    hasRequiredContentTypes = 1;
+    const permission = requirePermission$1();
+    const role = requireRole$4();
+    const user = requireUser$4();
+    contentTypes = {
+        permission: {
+            schema: permission
+        },
+        role: {
+            schema: role
+        },
+        user: {
+            schema: user
+        }
+    };
+    return contentTypes;
+}
+
+var rateLimit;
+var hasRequiredRateLimit;
+function requireRateLimit() {
+    if (hasRequiredRateLimit) return rateLimit;
+    hasRequiredRateLimit = 1;
+    const path = require$$1$1;
+    const utils = require$$1;
+    const { isString, has, toLower } = require$$0;
+    const { RateLimitError } = utils.errors;
+    rateLimit = (config, { strapi })=>async (ctx, next)=>{
+            let rateLimitConfig = strapi.config.get('plugin::users-permissions.ratelimit');
+            if (!rateLimitConfig) {
+                rateLimitConfig = {
+                    enabled: true
+                };
+            }
+            if (!has('enabled', rateLimitConfig)) {
+                rateLimitConfig.enabled = true;
+            }
+            if (rateLimitConfig.enabled === true) {
+                const rateLimit = require$$3.RateLimit;
+                const userIdentifier = toLower(ctx.request.body.email) || 'unknownIdentifier';
+                const requestPath = isString(ctx.request.path) ? toLower(path.normalize(ctx.request.path)) : 'invalidPath';
+                const loadConfig = {
+                    interval: {
+                        min: 5
+                    },
+                    max: 5,
+                    prefixKey: `${userIdentifier}:${requestPath}:${ctx.request.ip}`,
+                    handler () {
+                        throw new RateLimitError();
+                    },
+                    ...rateLimitConfig,
+                    ...config
+                };
+                return rateLimit.middleware(loadConfig)(ctx, next);
+            }
+            return next();
+        };
+    return rateLimit;
+}
+
+var middlewares;
+var hasRequiredMiddlewares;
+function requireMiddlewares() {
+    if (hasRequiredMiddlewares) return middlewares;
+    hasRequiredMiddlewares = 1;
+    const rateLimit = requireRateLimit();
+    middlewares = {
+        rateLimit
+    };
+    return middlewares;
+}
+
+var jwt_1;
+var hasRequiredJwt;
+function requireJwt() {
+    if (hasRequiredJwt) return jwt_1;
+    hasRequiredJwt = 1;
+    /**
+	 * Jwt.js service
+	 *
+	 * @description: A set of functions similar to controller's actions to avoid code duplication.
+	 */ const _ = require$$0$3;
+    const jwt = require$$1$2;
+    jwt_1 = ({ strapi })=>({
+            getToken (ctx) {
+                let token;
+                if (ctx.request && ctx.request.header && ctx.request.header.authorization) {
+                    const parts = ctx.request.header.authorization.split(/\s+/);
+                    if (parts[0].toLowerCase() !== 'bearer' || parts.length !== 2) {
+                        return null;
+                    }
+                    token = parts[1];
+                } else {
+                    return null;
+                }
+                return this.verify(token);
+            },
+            issue (payload, jwtOptions = {}) {
+                _.defaults(jwtOptions, strapi.config.get('plugin::users-permissions.jwt'));
+                return jwt.sign(_.clone(payload.toJSON ? payload.toJSON() : payload), strapi.config.get('plugin::users-permissions.jwtSecret'), jwtOptions);
+            },
+            verify (token) {
+                return new Promise((resolve, reject)=>{
+                    jwt.verify(token, strapi.config.get('plugin::users-permissions.jwtSecret'), {}, (err, tokenPayload = {})=>{
+                        if (err) {
+                            return reject(new Error('Invalid token.'));
+                        }
+                        resolve(tokenPayload);
+                    });
+                });
+            }
+        });
+    return jwt_1;
+}
+
+var providers;
+var hasRequiredProviders;
+function requireProviders() {
+    if (hasRequiredProviders) return providers;
+    hasRequiredProviders = 1;
+    /**
+	 * Module dependencies
+	 */ // Public node modules.
+    const _ = require$$0$3;
+    const urlJoin = require$$2;
+    const { getService } = requireUtils$1();
+    providers = ({ strapi })=>{
+        /**
+	   * Helper to get profiles
+	   *
+	   * @param {String}   provider
+	   */ const getProfile = async (provider, query)=>{
+            const accessToken = query.access_token || query.code || query.oauth_token;
+            const providers = await strapi.store({
+                type: 'plugin',
+                name: 'users-permissions',
+                key: 'grant'
+            }).get();
+            return getService('providers-registry').run({
+                provider,
+                query,
+                accessToken,
+                providers
+            });
+        };
+        /**
+	   * Connect thanks to a third-party provider.
+	   *
+	   *
+	   * @param {String}    provider
+	   * @param {String}    accessToken
+	   *
+	   * @return  {*}
+	   */ const connect = async (provider, query)=>{
+            const accessToken = query.access_token || query.code || query.oauth_token;
+            if (!accessToken) {
+                throw new Error('No access_token.');
+            }
+            // Get the profile.
+            const profile = await getProfile(provider, query);
+            const email = _.toLower(profile.email);
+            // We need at least the mail.
+            if (!email) {
+                throw new Error('Email was not available.');
+            }
+            const users = await strapi.db.query('plugin::users-permissions.user').findMany({
+                where: {
+                    email
+                }
+            });
+            const advancedSettings = await strapi.store({
+                type: 'plugin',
+                name: 'users-permissions',
+                key: 'advanced'
+            }).get();
+            const user = _.find(users, {
+                provider
+            });
+            if (_.isEmpty(user) && !advancedSettings.allow_register) {
+                throw new Error('Register action is actually not available.');
+            }
+            if (!_.isEmpty(user)) {
+                return user;
+            }
+            if (users.length && advancedSettings.unique_email) {
+                throw new Error('Email is already taken.');
+            }
+            // Retrieve default role.
+            const defaultRole = await strapi.db.query('plugin::users-permissions.role').findOne({
+                where: {
+                    type: advancedSettings.default_role
+                }
+            });
+            // Create the new user.
+            const newUser = {
+                ...profile,
+                email,
+                provider,
+                role: defaultRole.id,
+                confirmed: true
+            };
+            const createdUser = await strapi.db.query('plugin::users-permissions.user').create({
+                data: newUser
+            });
+            return createdUser;
+        };
+        const buildRedirectUri = (provider = '')=>{
+            const apiPrefix = strapi.config.get('api.rest.prefix');
+            return urlJoin(strapi.config.get('server.absoluteUrl'), apiPrefix, 'connect', provider, 'callback');
+        };
+        return {
+            connect,
+            buildRedirectUri
+        };
+    };
+    return providers;
+}
+
+var user$3;
+var hasRequiredUser$3;
+function requireUser$3() {
+    if (hasRequiredUser$3) return user$3;
+    hasRequiredUser$3 = 1;
+    /**
+	 * User.js service
+	 *
+	 * @description: A set of functions similar to controller's actions to avoid code duplication.
+	 */ const crypto = require$$0$2;
+    const bcrypt = require$$1$3;
+    const urlJoin = require$$2;
+    const { sanitize } = require$$1;
+    const { toNumber, getOr } = require$$0;
+    const { getService } = requireUtils$1();
+    const USER_MODEL_UID = 'plugin::users-permissions.user';
+    user$3 = ({ strapi })=>({
+            /**
+	   * Promise to count users
+	   *
+	   * @return {Promise}
+	   */ count (params) {
+                return strapi.db.query(USER_MODEL_UID).count({
+                    where: params
+                });
+            },
+            /**
+	   * Hashes password fields in the provided values object if they are present.
+	   * It checks each key in the values object against the model's attributes and
+	   * hashes it if the attribute type is 'password',
+	   *
+	   * @param {object} values - The object containing the fields to be hashed.
+	   * @return {object} The values object with hashed password fields if they were present.
+	   */ async ensureHashedPasswords (values) {
+                const attributes = strapi.getModel(USER_MODEL_UID).attributes;
+                for(const key in values){
+                    if (attributes[key] && attributes[key].type === 'password') {
+                        // Check if a custom encryption.rounds has been set on the password attribute
+                        const rounds = toNumber(getOr(10, 'encryption.rounds', attributes[key]));
+                        values[key] = await bcrypt.hash(values[key], rounds);
+                    }
+                }
+                return values;
+            },
+            /**
+	   * Promise to add a/an user.
+	   * @return {Promise}
+	   */ async add (values) {
+                return strapi.db.query(USER_MODEL_UID).create({
+                    data: await this.ensureHashedPasswords(values),
+                    populate: [
+                        'role'
+                    ]
+                });
+            },
+            /**
+	   * Promise to edit a/an user.
+	   * @param {string} userId
+	   * @param {object} params
+	   * @return {Promise}
+	   */ async edit (userId, params = {}) {
+                return strapi.db.query(USER_MODEL_UID).update({
+                    where: {
+                        id: userId
+                    },
+                    data: await this.ensureHashedPasswords(params),
+                    populate: [
+                        'role'
+                    ]
+                });
+            },
+            /**
+	   * Promise to fetch a/an user.
+	   * @return {Promise}
+	   */ fetch (id, params) {
+                const query = strapi.get('query-params').transform(USER_MODEL_UID, params ?? {});
+                return strapi.db.query(USER_MODEL_UID).findOne({
+                    ...query,
+                    where: {
+                        $and: [
+                            {
+                                id
+                            },
+                            query.where || {}
+                        ]
+                    }
+                });
+            },
+            /**
+	   * Promise to fetch authenticated user.
+	   * @return {Promise}
+	   */ fetchAuthenticatedUser (id) {
+                return strapi.db.query(USER_MODEL_UID).findOne({
+                    where: {
+                        id
+                    },
+                    populate: [
+                        'role'
+                    ]
+                });
+            },
+            /**
+	   * Promise to fetch all users.
+	   * @return {Promise}
+	   */ fetchAll (params) {
+                const query = strapi.get('query-params').transform(USER_MODEL_UID, params ?? {});
+                return strapi.db.query(USER_MODEL_UID).findMany(query);
+            },
+            /**
+	   * Promise to remove a/an user.
+	   * @return {Promise}
+	   */ async remove (params) {
+                return strapi.db.query(USER_MODEL_UID).delete({
+                    where: params
+                });
+            },
+            validatePassword (password, hash) {
+                return bcrypt.compare(password, hash);
+            },
+            async sendConfirmationEmail (user) {
+                const userPermissionService = getService('users-permissions');
+                const pluginStore = await strapi.store({
+                    type: 'plugin',
+                    name: 'users-permissions'
+                });
+                const userSchema = strapi.getModel(USER_MODEL_UID);
+                const settings = await pluginStore.get({
+                    key: 'email'
+                }).then((storeEmail)=>storeEmail.email_confirmation.options);
+                // Sanitize the template's user information
+                const sanitizedUserInfo = await sanitize.sanitizers.defaultSanitizeOutput({
+                    schema: userSchema,
+                    getModel: strapi.getModel.bind(strapi)
+                }, user);
+                const confirmationToken = crypto.randomBytes(20).toString('hex');
+                await this.edit(user.id, {
+                    confirmationToken
+                });
+                const apiPrefix = strapi.config.get('api.rest.prefix');
+                try {
+                    settings.message = await userPermissionService.template(settings.message, {
+                        URL: urlJoin(strapi.config.get('server.absoluteUrl'), apiPrefix, '/auth/email-confirmation'),
+                        SERVER_URL: strapi.config.get('server.absoluteUrl'),
+                        ADMIN_URL: strapi.config.get('admin.absoluteUrl'),
+                        USER: sanitizedUserInfo,
+                        CODE: confirmationToken
+                    });
+                    settings.object = await userPermissionService.template(settings.object, {
+                        USER: sanitizedUserInfo
+                    });
+                } catch  {
+                    strapi.log.error('[plugin::users-permissions.sendConfirmationEmail]: Failed to generate a template for "user confirmation email". Please make sure your email template is valid and does not contain invalid characters or patterns');
+                    return;
+                }
+                // Send an email to the user.
+                await strapi.plugin('email').service('email').send({
+                    to: user.email,
+                    from: settings.from.email && settings.from.name ? `${settings.from.name} <${settings.from.email}>` : undefined,
+                    replyTo: settings.response_email,
+                    subject: settings.object,
+                    text: settings.message,
+                    html: settings.message
+                });
+            }
+        });
+    return user$3;
+}
+
+var role$3;
+var hasRequiredRole$3;
+function requireRole$3() {
+    if (hasRequiredRole$3) return role$3;
+    hasRequiredRole$3 = 1;
+    const _ = require$$0$3;
+    const { NotFoundError } = require$$1.errors;
+    const { getService } = requireUtils$1();
+    role$3 = ({ strapi })=>({
+            async createRole (params) {
+                if (!params.type) {
+                    params.type = _.snakeCase(_.deburr(_.toLower(params.name)));
+                }
+                const role = await strapi.db.query('plugin::users-permissions.role').create({
+                    data: _.omit(params, [
+                        'users',
+                        'permissions'
+                    ])
+                });
+                const createPromises = _.flatMap(params.permissions, (type, typeName)=>{
+                    return _.flatMap(type.controllers, (controller, controllerName)=>{
+                        return _.reduce(controller, (acc, action, actionName)=>{
+                            const { enabled/* policy */  } = action;
+                            if (enabled) {
+                                const actionID = `${typeName}.${controllerName}.${actionName}`;
+                                acc.push(strapi.db.query('plugin::users-permissions.permission').create({
+                                    data: {
+                                        action: actionID,
+                                        role: role.id
+                                    }
+                                }));
+                            }
+                            return acc;
+                        }, []);
+                    });
+                });
+                await Promise.all(createPromises);
+            },
+            async findOne (roleID) {
+                const role = await strapi.db.query('plugin::users-permissions.role').findOne({
+                    where: {
+                        id: roleID
+                    },
+                    populate: [
+                        'permissions'
+                    ]
+                });
+                if (!role) {
+                    throw new NotFoundError('Role not found');
+                }
+                const allActions = getService('users-permissions').getActions();
+                // Group by `type`.
+                role.permissions.forEach((permission)=>{
+                    const [type, controller, action] = permission.action.split('.');
+                    _.set(allActions, `${type}.controllers.${controller}.${action}`, {
+                        enabled: true,
+                        policy: ''
+                    });
+                });
+                return {
+                    ...role,
+                    permissions: allActions
+                };
+            },
+            async find () {
+                const roles = await strapi.db.query('plugin::users-permissions.role').findMany({
+                    sort: [
+                        'name'
+                    ]
+                });
+                for (const role of roles){
+                    role.nb_users = await strapi.db.query('plugin::users-permissions.user').count({
+                        where: {
+                            role: {
+                                id: role.id
+                            }
+                        }
+                    });
+                }
+                return roles;
+            },
+            async updateRole (roleID, data) {
+                const role = await strapi.db.query('plugin::users-permissions.role').findOne({
+                    where: {
+                        id: roleID
+                    },
+                    populate: [
+                        'permissions'
+                    ]
+                });
+                if (!role) {
+                    throw new NotFoundError('Role not found');
+                }
+                await strapi.db.query('plugin::users-permissions.role').update({
+                    where: {
+                        id: roleID
+                    },
+                    data: _.pick(data, [
+                        'name',
+                        'description'
+                    ])
+                });
+                const { permissions } = data;
+                const newActions = _.flatMap(permissions, (type, typeName)=>{
+                    return _.flatMap(type.controllers, (controller, controllerName)=>{
+                        return _.reduce(controller, (acc, action, actionName)=>{
+                            const { enabled/* policy */  } = action;
+                            if (enabled) {
+                                acc.push(`${typeName}.${controllerName}.${actionName}`);
+                            }
+                            return acc;
+                        }, []);
+                    });
+                });
+                const oldActions = role.permissions.map(({ action })=>action);
+                const toDelete = role.permissions.reduce((acc, permission)=>{
+                    if (!newActions.includes(permission.action)) {
+                        acc.push(permission);
+                    }
+                    return acc;
+                }, []);
+                const toCreate = newActions.filter((action)=>!oldActions.includes(action)).map((action)=>({
+                        action,
+                        role: role.id
+                    }));
+                await Promise.all(toDelete.map((permission)=>strapi.db.query('plugin::users-permissions.permission').delete({
+                        where: {
+                            id: permission.id
+                        }
+                    })));
+                await Promise.all(toCreate.map((permissionInfo)=>strapi.db.query('plugin::users-permissions.permission').create({
+                        data: permissionInfo
+                    })));
+            },
+            async deleteRole (roleID, publicRoleID) {
+                const role = await strapi.db.query('plugin::users-permissions.role').findOne({
+                    where: {
+                        id: roleID
+                    },
+                    populate: [
+                        'users',
+                        'permissions'
+                    ]
+                });
+                if (!role) {
+                    throw new NotFoundError('Role not found');
+                }
+                // Move users to guest role.
+                await Promise.all(role.users.map((user)=>{
+                    return strapi.db.query('plugin::users-permissions.user').update({
+                        where: {
+                            id: user.id
+                        },
+                        data: {
+                            role: publicRoleID
+                        }
+                    });
+                }));
+                // Remove permissions related to this role.
+                // TODO: use delete many
+                await Promise.all(role.permissions.map((permission)=>{
+                    return strapi.db.query('plugin::users-permissions.permission').delete({
+                        where: {
+                            id: permission.id
+                        }
+                    });
+                }));
+                // Delete the role.
+                await strapi.db.query('plugin::users-permissions.role').delete({
+                    where: {
+                        id: roleID
+                    }
+                });
+            }
+        });
+    return role$3;
+}
+
+var usersPermissions;
+var hasRequiredUsersPermissions;
+function requireUsersPermissions() {
+    if (hasRequiredUsersPermissions) return usersPermissions;
+    hasRequiredUsersPermissions = 1;
+    const _ = require$$0$3;
+    const { filter, map, pipe, prop } = require$$0;
+    const urlJoin = require$$2;
+    const { template: { createStrictInterpolationRegExp }, errors, objects } = require$$1;
+    const { getService } = requireUtils$1();
+    const DEFAULT_PERMISSIONS = [
+        {
+            action: 'plugin::users-permissions.auth.callback',
+            roleType: 'public'
+        },
+        {
+            action: 'plugin::users-permissions.auth.connect',
+            roleType: 'public'
+        },
+        {
+            action: 'plugin::users-permissions.auth.forgotPassword',
+            roleType: 'public'
+        },
+        {
+            action: 'plugin::users-permissions.auth.resetPassword',
+            roleType: 'public'
+        },
+        {
+            action: 'plugin::users-permissions.auth.register',
+            roleType: 'public'
+        },
+        {
+            action: 'plugin::users-permissions.auth.emailConfirmation',
+            roleType: 'public'
+        },
+        {
+            action: 'plugin::users-permissions.auth.sendEmailConfirmation',
+            roleType: 'public'
+        },
+        {
+            action: 'plugin::users-permissions.user.me',
+            roleType: 'authenticated'
+        },
+        {
+            action: 'plugin::users-permissions.auth.changePassword',
+            roleType: 'authenticated'
+        }
+    ];
+    const transformRoutePrefixFor = (pluginName)=>(route)=>{
+            const prefix = route.config && route.config.prefix;
+            const path = prefix !== undefined ? `${prefix}${route.path}` : `/${pluginName}${route.path}`;
+            return {
+                ...route,
+                path
+            };
+        };
+    usersPermissions = ({ strapi })=>({
+            getActions ({ defaultEnable = false } = {}) {
+                const actionMap = {};
+                const isContentApi = (action)=>{
+                    if (!_.has(action, Symbol.for('__type__'))) {
+                        return false;
+                    }
+                    return action[Symbol.for('__type__')].includes('content-api');
+                };
+                _.forEach(strapi.apis, (api, apiName)=>{
+                    const controllers = _.reduce(api.controllers, (acc, controller, controllerName)=>{
+                        const contentApiActions = _.pickBy(controller, isContentApi);
+                        if (_.isEmpty(contentApiActions)) {
+                            return acc;
+                        }
+                        acc[controllerName] = _.mapValues(contentApiActions, ()=>{
+                            return {
+                                enabled: defaultEnable,
+                                policy: ''
+                            };
+                        });
+                        return acc;
+                    }, {});
+                    if (!_.isEmpty(controllers)) {
+                        actionMap[`api::${apiName}`] = {
+                            controllers
+                        };
+                    }
+                });
+                _.forEach(strapi.plugins, (plugin, pluginName)=>{
+                    const controllers = _.reduce(plugin.controllers, (acc, controller, controllerName)=>{
+                        const contentApiActions = _.pickBy(controller, isContentApi);
+                        if (_.isEmpty(contentApiActions)) {
+                            return acc;
+                        }
+                        acc[controllerName] = _.mapValues(contentApiActions, ()=>{
+                            return {
+                                enabled: defaultEnable,
+                                policy: ''
+                            };
+                        });
+                        return acc;
+                    }, {});
+                    if (!_.isEmpty(controllers)) {
+                        actionMap[`plugin::${pluginName}`] = {
+                            controllers
+                        };
+                    }
+                });
+                return actionMap;
+            },
+            async getRoutes () {
+                const routesMap = {};
+                _.forEach(strapi.apis, (api, apiName)=>{
+                    const routes = _.flatMap(api.routes, (route)=>{
+                        if (_.has(route, 'routes')) {
+                            return route.routes;
+                        }
+                        return route;
+                    }).filter((route)=>route.info.type === 'content-api');
+                    if (routes.length === 0) {
+                        return;
+                    }
+                    const apiPrefix = strapi.config.get('api.rest.prefix');
+                    routesMap[`api::${apiName}`] = routes.map((route)=>({
+                            ...route,
+                            path: urlJoin(apiPrefix, route.path)
+                        }));
+                });
+                _.forEach(strapi.plugins, (plugin, pluginName)=>{
+                    const transformPrefix = transformRoutePrefixFor(pluginName);
+                    const routes = _.flatMap(plugin.routes, (route)=>{
+                        if (_.has(route, 'routes')) {
+                            return route.routes.map(transformPrefix);
+                        }
+                        return transformPrefix(route);
+                    }).filter((route)=>route.info.type === 'content-api');
+                    if (routes.length === 0) {
+                        return;
+                    }
+                    const apiPrefix = strapi.config.get('api.rest.prefix');
+                    routesMap[`plugin::${pluginName}`] = routes.map((route)=>({
+                            ...route,
+                            path: urlJoin(apiPrefix, route.path)
+                        }));
+                });
+                return routesMap;
+            },
+            async syncPermissions () {
+                const roles = await strapi.db.query('plugin::users-permissions.role').findMany();
+                const dbPermissions = await strapi.db.query('plugin::users-permissions.permission').findMany();
+                const permissionsFoundInDB = _.uniq(_.map(dbPermissions, 'action'));
+                const appActions = _.flatMap(strapi.apis, (api, apiName)=>{
+                    return _.flatMap(api.controllers, (controller, controllerName)=>{
+                        return _.keys(controller).map((actionName)=>{
+                            return `api::${apiName}.${controllerName}.${actionName}`;
+                        });
+                    });
+                });
+                const pluginsActions = _.flatMap(strapi.plugins, (plugin, pluginName)=>{
+                    return _.flatMap(plugin.controllers, (controller, controllerName)=>{
+                        return _.keys(controller).map((actionName)=>{
+                            return `plugin::${pluginName}.${controllerName}.${actionName}`;
+                        });
+                    });
+                });
+                const allActions = [
+                    ...appActions,
+                    ...pluginsActions
+                ];
+                const toDelete = _.difference(permissionsFoundInDB, allActions);
+                await Promise.all(toDelete.map((action)=>{
+                    return strapi.db.query('plugin::users-permissions.permission').delete({
+                        where: {
+                            action
+                        }
+                    });
+                }));
+                if (permissionsFoundInDB.length === 0) {
+                    // create default permissions
+                    for (const role of roles){
+                        const toCreate = pipe(filter(({ roleType })=>roleType === role.type || roleType === null), map(prop('action')))(DEFAULT_PERMISSIONS);
+                        await Promise.all(toCreate.map((action)=>{
+                            return strapi.db.query('plugin::users-permissions.permission').create({
+                                data: {
+                                    action,
+                                    role: role.id
+                                }
+                            });
+                        }));
+                    }
+                }
+            },
+            async initialize () {
+                const roleCount = await strapi.db.query('plugin::users-permissions.role').count();
+                if (roleCount === 0) {
+                    await strapi.db.query('plugin::users-permissions.role').create({
+                        data: {
+                            name: 'Authenticated',
+                            description: 'Default role given to authenticated user.',
+                            type: 'authenticated'
+                        }
+                    });
+                    await strapi.db.query('plugin::users-permissions.role').create({
+                        data: {
+                            name: 'Public',
+                            description: 'Default role given to unauthenticated user.',
+                            type: 'public'
+                        }
+                    });
+                }
+                return getService('users-permissions').syncPermissions();
+            },
+            async updateUserRole (user, role) {
+                return strapi.db.query('plugin::users-permissions.user').update({
+                    where: {
+                        id: user.id
+                    },
+                    data: {
+                        role
+                    }
+                });
+            },
+            template (layout, data) {
+                const allowedTemplateVariables = objects.keysDeep(data);
+                // Create a strict interpolation RegExp based on possible variable names
+                const interpolate = createStrictInterpolationRegExp(allowedTemplateVariables, 'g');
+                try {
+                    return _.template(layout, {
+                        interpolate,
+                        evaluate: false,
+                        escape: false
+                    })(data);
+                } catch (e) {
+                    throw new errors.ApplicationError('Invalid email template');
+                }
+            }
+        });
+    return usersPermissions;
+}
+
+var providersRegistry;
+var hasRequiredProvidersRegistry;
+function requireProvidersRegistry() {
+    if (hasRequiredProvidersRegistry) return providersRegistry;
+    hasRequiredProvidersRegistry = 1;
+    const { strict: assert } = require$$0$4;
+    const jwt = require$$1$2;
+    const urljoin = require$$2;
+    const jwkToPem = require$$3$1;
+    const getCognitoPayload = async ({ idToken, jwksUrl, purest })=>{
+        const { header: { kid }, payload } = jwt.decode(idToken, {
+            complete: true
+        });
+        if (!payload || !kid) {
+            throw new Error('The provided token is not valid');
+        }
+        const config = {
+            cognito: {
+                discovery: {
+                    origin: jwksUrl.origin,
+                    path: jwksUrl.pathname
+                }
+            }
+        };
+        try {
+            const cognito = purest({
+                provider: 'cognito',
+                config
+            });
+            // get the JSON Web Key (JWK) for the user pool
+            const { body: jwk } = await cognito('discovery').request();
+            // Get the key with the same Key ID as the provided token
+            const key = jwk.keys.find(({ kid: jwkKid })=>jwkKid === kid);
+            const pem = jwkToPem(key);
+            // https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-verifying-a-jwt.html
+            const decodedToken = await new Promise((resolve, reject)=>{
+                jwt.verify(idToken, pem, {
+                    algorithms: [
+                        'RS256'
+                    ]
+                }, (err, decodedToken)=>{
+                    if (err) {
+                        reject();
+                    }
+                    resolve(decodedToken);
+                });
+            });
+            return decodedToken;
+        } catch (err) {
+            throw new Error('There was an error verifying the token');
+        }
+    };
+    const initProviders = ({ baseURL, purest })=>({
+            email: {
+                enabled: true,
+                icon: 'envelope',
+                grantConfig: {}
+            },
+            discord: {
+                enabled: false,
+                icon: 'discord',
+                grantConfig: {
+                    key: '',
+                    secret: '',
+                    callbackUrl: `${baseURL}/discord/callback`,
+                    scope: [
+                        'identify',
+                        'email'
+                    ]
+                },
+                async authCallback ({ accessToken }) {
+                    const discord = purest({
+                        provider: 'discord'
+                    });
+                    return discord.get('users/@me').auth(accessToken).request().then(({ body })=>{
+                        // Combine username and discriminator (if discriminator exists and not equal to 0)
+                        const username = body.discriminator && body.discriminator !== '0' ? `${body.username}#${body.discriminator}` : body.username;
+                        return {
+                            username,
+                            email: body.email
+                        };
+                    });
+                }
+            },
+            facebook: {
+                enabled: false,
+                icon: 'facebook-square',
+                grantConfig: {
+                    key: '',
+                    secret: '',
+                    callbackUrl: `${baseURL}/facebook/callback`,
+                    scope: [
+                        'email'
+                    ]
+                },
+                async authCallback ({ accessToken }) {
+                    const facebook = purest({
+                        provider: 'facebook'
+                    });
+                    return facebook.get('me').auth(accessToken).qs({
+                        fields: 'name,email'
+                    }).request().then(({ body })=>({
+                            username: body.name,
+                            email: body.email
+                        }));
+                }
+            },
+            google: {
+                enabled: false,
+                icon: 'google',
+                grantConfig: {
+                    key: '',
+                    secret: '',
+                    callbackUrl: `${baseURL}/google/callback`,
+                    scope: [
+                        'email'
+                    ]
+                },
+                async authCallback ({ accessToken }) {
+                    const google = purest({
+                        provider: 'google'
+                    });
+                    return google.query('oauth').get('tokeninfo').qs({
+                        accessToken
+                    }).request().then(({ body })=>({
+                            username: body.email.split('@')[0],
+                            email: body.email
+                        }));
+                }
+            },
+            github: {
+                enabled: false,
+                icon: 'github',
+                grantConfig: {
+                    key: '',
+                    secret: '',
+                    callbackUrl: `${baseURL}/github/callback`,
+                    scope: [
+                        'user',
+                        'user:email'
+                    ]
+                },
+                async authCallback ({ accessToken }) {
+                    const github = purest({
+                        provider: 'github',
+                        defaults: {
+                            headers: {
+                                'user-agent': 'strapi'
+                            }
+                        }
+                    });
+                    const { body: userBody } = await github.get('user').auth(accessToken).request();
+                    // This is the public email on the github profile
+                    if (userBody.email) {
+                        return {
+                            username: userBody.login,
+                            email: userBody.email
+                        };
+                    }
+                    // Get the email with Github's user/emails API
+                    const { body: emailBody } = await github.get('user/emails').auth(accessToken).request();
+                    return {
+                        username: userBody.login,
+                        email: Array.isArray(emailBody) ? emailBody.find((email)=>email.primary === true).email : null
+                    };
+                }
+            },
+            microsoft: {
+                enabled: false,
+                icon: 'windows',
+                grantConfig: {
+                    key: '',
+                    secret: '',
+                    callbackUrl: `${baseURL}/microsoft/callback`,
+                    scope: [
+                        'user.read'
+                    ]
+                },
+                async authCallback ({ accessToken }) {
+                    const microsoft = purest({
+                        provider: 'microsoft'
+                    });
+                    return microsoft.get('me').auth(accessToken).request().then(({ body })=>({
+                            username: body.userPrincipalName,
+                            email: body.userPrincipalName
+                        }));
+                }
+            },
+            twitter: {
+                enabled: false,
+                icon: 'twitter',
+                grantConfig: {
+                    key: '',
+                    secret: '',
+                    callbackUrl: `${baseURL}/twitter/callback`
+                },
+                async authCallback ({ accessToken, query, providers }) {
+                    const twitter = purest({
+                        provider: 'twitter',
+                        defaults: {
+                            oauth: {
+                                consumer_key: providers.twitter.key,
+                                consumer_secret: providers.twitter.secret
+                            }
+                        }
+                    });
+                    return twitter.get('account/verify_credentials').auth(accessToken, query.access_secret).qs({
+                        screen_name: query['raw[screen_name]'],
+                        include_email: 'true'
+                    }).request().then(({ body })=>({
+                            username: body.screen_name,
+                            email: body.email
+                        }));
+                }
+            },
+            instagram: {
+                enabled: false,
+                icon: 'instagram',
+                grantConfig: {
+                    key: '',
+                    secret: '',
+                    callbackUrl: `${baseURL}/instagram/callback`,
+                    scope: [
+                        'user_profile'
+                    ]
+                },
+                async authCallback ({ accessToken }) {
+                    const instagram = purest({
+                        provider: 'instagram'
+                    });
+                    return instagram.get('me').auth(accessToken).qs({
+                        fields: 'id,username'
+                    }).request().then(({ body })=>({
+                            username: body.username,
+                            email: `${body.username}@strapi.io`
+                        }));
+                }
+            },
+            vk: {
+                enabled: false,
+                icon: 'vk',
+                grantConfig: {
+                    key: '',
+                    secret: '',
+                    callbackUrl: `${baseURL}/vk/callback`,
+                    scope: [
+                        'email'
+                    ]
+                },
+                async authCallback ({ accessToken, query }) {
+                    const vk = purest({
+                        provider: 'vk'
+                    });
+                    return vk.get('users').auth(accessToken).qs({
+                        id: query.raw.user_id,
+                        v: '5.122'
+                    }).request().then(({ body })=>({
+                            username: `${body.response[0].last_name} ${body.response[0].first_name}`,
+                            email: query.raw.email
+                        }));
+                }
+            },
+            twitch: {
+                enabled: false,
+                icon: 'twitch',
+                grantConfig: {
+                    key: '',
+                    secret: '',
+                    callbackUrl: `${baseURL}/twitch/callback`,
+                    scope: [
+                        'user:read:email'
+                    ]
+                },
+                async authCallback ({ accessToken, providers }) {
+                    const twitch = purest({
+                        provider: 'twitch',
+                        config: {
+                            twitch: {
+                                default: {
+                                    origin: 'https://api.twitch.tv',
+                                    path: 'helix/{path}',
+                                    headers: {
+                                        Authorization: 'Bearer {auth}',
+                                        'Client-Id': '{auth}'
+                                    }
+                                }
+                            }
+                        }
+                    });
+                    return twitch.get('users').auth(accessToken, providers.twitch.key).request().then(({ body })=>({
+                            username: body.data[0].login,
+                            email: body.data[0].email
+                        }));
+                }
+            },
+            linkedin: {
+                enabled: false,
+                icon: 'linkedin',
+                grantConfig: {
+                    key: '',
+                    secret: '',
+                    callbackUrl: `${baseURL}/linkedin/callback`,
+                    scope: [
+                        'r_liteprofile',
+                        'r_emailaddress'
+                    ]
+                },
+                async authCallback ({ accessToken }) {
+                    const linkedIn = purest({
+                        provider: 'linkedin'
+                    });
+                    const { body: { localizedFirstName } } = await linkedIn.get('me').auth(accessToken).request();
+                    const { body: { elements } } = await linkedIn.get('emailAddress?q=members&projection=(elements*(handle~))').auth(accessToken).request();
+                    const email = elements[0]['handle~'];
+                    return {
+                        username: localizedFirstName,
+                        email: email.emailAddress
+                    };
+                }
+            },
+            cognito: {
+                enabled: false,
+                icon: 'aws',
+                grantConfig: {
+                    key: '',
+                    secret: '',
+                    subdomain: 'my.subdomain.com',
+                    callback: `${baseURL}/cognito/callback`,
+                    scope: [
+                        'email',
+                        'openid',
+                        'profile'
+                    ]
+                },
+                async authCallback ({ query, providers }) {
+                    const jwksUrl = new URL(providers.cognito.jwksurl);
+                    const idToken = query.id_token;
+                    const tokenPayload = await getCognitoPayload({
+                        idToken,
+                        jwksUrl,
+                        purest
+                    });
+                    return {
+                        username: tokenPayload['cognito:username'],
+                        email: tokenPayload.email
+                    };
+                }
+            },
+            reddit: {
+                enabled: false,
+                icon: 'reddit',
+                grantConfig: {
+                    key: '',
+                    secret: '',
+                    callback: `${baseURL}/reddit/callback`,
+                    scope: [
+                        'identity'
+                    ]
+                },
+                async authCallback ({ accessToken }) {
+                    const reddit = purest({
+                        provider: 'reddit',
+                        config: {
+                            reddit: {
+                                default: {
+                                    origin: 'https://oauth.reddit.com',
+                                    path: 'api/{version}/{path}',
+                                    version: 'v1',
+                                    headers: {
+                                        Authorization: 'Bearer {auth}',
+                                        'user-agent': 'strapi'
+                                    }
+                                }
+                            }
+                        }
+                    });
+                    return reddit.get('me').auth(accessToken).request().then(({ body })=>({
+                            username: body.name,
+                            email: `${body.name}@strapi.io`
+                        }));
+                }
+            },
+            auth0: {
+                enabled: false,
+                icon: '',
+                grantConfig: {
+                    key: '',
+                    secret: '',
+                    subdomain: 'my-tenant.eu',
+                    callback: `${baseURL}/auth0/callback`,
+                    scope: [
+                        'openid',
+                        'email',
+                        'profile'
+                    ]
+                },
+                async authCallback ({ accessToken, providers }) {
+                    const auth0 = purest({
+                        provider: 'auth0'
+                    });
+                    return auth0.get('userinfo').subdomain(providers.auth0.subdomain).auth(accessToken).request().then(({ body })=>{
+                        const username = body.username || body.nickname || body.name || body.email.split('@')[0];
+                        const email = body.email || `${username.replace(/\s+/g, '.')}@strapi.io`;
+                        return {
+                            username,
+                            email
+                        };
+                    });
+                }
+            },
+            cas: {
+                enabled: false,
+                icon: 'book',
+                grantConfig: {
+                    key: '',
+                    secret: '',
+                    callback: `${baseURL}/cas/callback`,
+                    scope: [
+                        'openid email'
+                    ],
+                    subdomain: 'my.subdomain.com/cas'
+                },
+                async authCallback ({ accessToken, providers }) {
+                    const cas = purest({
+                        provider: 'cas'
+                    });
+                    return cas.get('oidc/profile').subdomain(providers.cas.subdomain).auth(accessToken).request().then(({ body })=>{
+                        // CAS attribute may be in body.attributes or "FLAT", depending on CAS config
+                        const username = body.attributes ? body.attributes.strapiusername || body.id || body.sub : body.strapiusername || body.id || body.sub;
+                        const email = body.attributes ? body.attributes.strapiemail || body.attributes.email : body.strapiemail || body.email;
+                        if (!username || !email) {
+                            strapi.log.warn(`CAS Response Body did not contain required attributes: ${JSON.stringify(body)}`);
+                        }
+                        return {
+                            username,
+                            email
+                        };
+                    });
+                }
+            },
+            patreon: {
+                enabled: false,
+                icon: '',
+                grantConfig: {
+                    key: '',
+                    secret: '',
+                    callback: `${baseURL}/patreon/callback`,
+                    scope: [
+                        'identity',
+                        'identity[email]'
+                    ]
+                },
+                async authCallback ({ accessToken }) {
+                    const patreon = purest({
+                        provider: 'patreon',
+                        config: {
+                            patreon: {
+                                default: {
+                                    origin: 'https://www.patreon.com',
+                                    path: 'api/oauth2/{path}',
+                                    headers: {
+                                        authorization: 'Bearer {auth}'
+                                    }
+                                }
+                            }
+                        }
+                    });
+                    return patreon.get('v2/identity').auth(accessToken).qs(new URLSearchParams({
+                        'fields[user]': 'full_name,email'
+                    }).toString()).request().then(({ body })=>{
+                        const patreonData = body.data.attributes;
+                        return {
+                            username: patreonData.full_name,
+                            email: patreonData.email
+                        };
+                    });
+                }
+            },
+            keycloak: {
+                enabled: false,
+                icon: '',
+                grantConfig: {
+                    key: '',
+                    secret: '',
+                    subdomain: 'myKeycloakProvider.com/realms/myrealm',
+                    callback: `${baseURL}/keycloak/callback`,
+                    scope: [
+                        'openid',
+                        'email',
+                        'profile'
+                    ]
+                },
+                async authCallback ({ accessToken, providers }) {
+                    const keycloak = purest({
+                        provider: 'keycloak'
+                    });
+                    return keycloak.subdomain(providers.keycloak.subdomain).get('protocol/openid-connect/userinfo').auth(accessToken).request().then(({ body })=>{
+                        return {
+                            username: body.preferred_username,
+                            email: body.email
+                        };
+                    });
+                }
+            }
+        });
+    providersRegistry = ()=>{
+        const purest = require$$4;
+        const apiPrefix = strapi.config.get('api.rest.prefix');
+        const baseURL = urljoin(strapi.config.server.url, apiPrefix, 'auth');
+        const authProviders = initProviders({
+            baseURL,
+            purest
+        });
+        /**
+	   * @public
+	   */ return {
+            getAll () {
+                return authProviders;
+            },
+            get (name) {
+                return authProviders[name];
+            },
+            add (name, config) {
+                authProviders[name] = config;
+            },
+            remove (name) {
+                delete authProviders[name];
+            },
+            /**
+	     * @internal
+	     */ async run ({ provider, accessToken, query, providers }) {
+                const authProvider = authProviders[provider];
+                assert(authProvider, 'Unknown auth provider');
+                return authProvider.authCallback({
+                    accessToken,
+                    query,
+                    providers,
+                    purest
+                });
+            }
+        };
+    };
+    return providersRegistry;
+}
+
+var permission;
+var hasRequiredPermission;
+function requirePermission() {
+    if (hasRequiredPermission) return permission;
+    hasRequiredPermission = 1;
+    const PUBLIC_ROLE_FILTER = {
+        role: {
+            type: 'public'
+        }
+    };
+    permission = ({ strapi })=>({
+            /**
+	   * Find permissions associated to a specific role ID
+	   *
+	   * @param {number} roleID
+	   *
+	   * @return {object[]}
+	   */ async findRolePermissions (roleID) {
+                return strapi.db.query('plugin::users-permissions.role').load({
+                    id: roleID
+                }, 'permissions');
+            },
+            /**
+	   * Find permissions for the public role
+	   *
+	   * @return {object[]}
+	   */ async findPublicPermissions () {
+                return strapi.db.query('plugin::users-permissions.permission').findMany({
+                    where: PUBLIC_ROLE_FILTER
+                });
+            },
+            /**
+	   * Transform a Users-Permissions' action into a content API one
+	   *
+	   * @param {object} permission
+	   * @param {string} permission.action
+	   *
+	   * @return {{ action: string }}
+	   */ toContentAPIPermission (permission) {
+                const { action } = permission;
+                return {
+                    action
+                };
+            }
+        });
+    return permission;
+}
+
+var services;
+var hasRequiredServices;
+function requireServices() {
+    if (hasRequiredServices) return services;
+    hasRequiredServices = 1;
+    const jwt = requireJwt();
+    const providers = requireProviders();
+    const user = requireUser$3();
+    const role = requireRole$3();
+    const usersPermissions = requireUsersPermissions();
+    const providersRegistry = requireProvidersRegistry();
+    const permission = requirePermission();
+    services = {
+        jwt,
+        providers,
+        'providers-registry': providersRegistry,
+        role,
+        user,
+        'users-permissions': usersPermissions,
+        permission
+    };
+    return services;
+}
+
+var permissions$2;
+var hasRequiredPermissions$2;
+function requirePermissions$2() {
+    if (hasRequiredPermissions$2) return permissions$2;
+    hasRequiredPermissions$2 = 1;
+    permissions$2 = [
+        {
+            method: 'GET',
+            path: '/permissions',
+            handler: 'permissions.getPermissions'
+        },
+        {
+            method: 'GET',
+            path: '/policies',
+            handler: 'permissions.getPolicies'
+        },
+        {
+            method: 'GET',
+            path: '/routes',
+            handler: 'permissions.getRoutes'
+        }
+    ];
+    return permissions$2;
+}
+
+var settings$1;
+var hasRequiredSettings$1;
+function requireSettings$1() {
+    if (hasRequiredSettings$1) return settings$1;
+    hasRequiredSettings$1 = 1;
+    settings$1 = [
+        {
+            method: 'GET',
+            path: '/email-templates',
+            handler: 'settings.getEmailTemplate',
+            config: {
+                policies: [
+                    {
+                        name: 'admin::hasPermissions',
+                        config: {
+                            actions: [
+                                'plugin::users-permissions.email-templates.read'
+                            ]
+                        }
+                    }
+                ]
+            }
+        },
+        {
+            method: 'PUT',
+            path: '/email-templates',
+            handler: 'settings.updateEmailTemplate',
+            config: {
+                policies: [
+                    {
+                        name: 'admin::hasPermissions',
+                        config: {
+                            actions: [
+                                'plugin::users-permissions.email-templates.update'
+                            ]
+                        }
+                    }
+                ]
+            }
+        },
+        {
+            method: 'GET',
+            path: '/advanced',
+            handler: 'settings.getAdvancedSettings',
+            config: {
+                policies: [
+                    {
+                        name: 'admin::hasPermissions',
+                        config: {
+                            actions: [
+                                'plugin::users-permissions.advanced-settings.read'
+                            ]
+                        }
+                    }
+                ]
+            }
+        },
+        {
+            method: 'PUT',
+            path: '/advanced',
+            handler: 'settings.updateAdvancedSettings',
+            config: {
+                policies: [
+                    {
+                        name: 'admin::hasPermissions',
+                        config: {
+                            actions: [
+                                'plugin::users-permissions.advanced-settings.update'
+                            ]
+                        }
+                    }
+                ]
+            }
+        },
+        {
+            method: 'GET',
+            path: '/providers',
+            handler: 'settings.getProviders',
+            config: {
+                policies: [
+                    {
+                        name: 'admin::hasPermissions',
+                        config: {
+                            actions: [
+                                'plugin::users-permissions.providers.read'
+                            ]
+                        }
+                    }
+                ]
+            }
+        },
+        {
+            method: 'PUT',
+            path: '/providers',
+            handler: 'settings.updateProviders',
+            config: {
+                policies: [
+                    {
+                        name: 'admin::hasPermissions',
+                        config: {
+                            actions: [
+                                'plugin::users-permissions.providers.update'
+                            ]
+                        }
+                    }
+                ]
+            }
+        }
+    ];
+    return settings$1;
+}
+
+var role$2;
+var hasRequiredRole$2;
+function requireRole$2() {
+    if (hasRequiredRole$2) return role$2;
+    hasRequiredRole$2 = 1;
+    role$2 = [
+        {
+            method: 'GET',
+            path: '/roles/:id',
+            handler: 'role.findOne',
+            config: {
+                policies: [
+                    {
+                        name: 'admin::hasPermissions',
+                        config: {
+                            actions: [
+                                'plugin::users-permissions.roles.read'
+                            ]
+                        }
+                    }
+                ]
+            }
+        },
+        {
+            method: 'GET',
+            path: '/roles',
+            handler: 'role.find',
+            config: {
+                policies: [
+                    {
+                        name: 'admin::hasPermissions',
+                        config: {
+                            actions: [
+                                'plugin::users-permissions.roles.read'
+                            ]
+                        }
+                    }
+                ]
+            }
+        },
+        {
+            method: 'POST',
+            path: '/roles',
+            handler: 'role.createRole',
+            config: {
+                policies: [
+                    {
+                        name: 'admin::hasPermissions',
+                        config: {
+                            actions: [
+                                'plugin::users-permissions.roles.create'
+                            ]
+                        }
+                    }
+                ]
+            }
+        },
+        {
+            method: 'PUT',
+            path: '/roles/:role',
+            handler: 'role.updateRole',
+            config: {
+                policies: [
+                    {
+                        name: 'admin::hasPermissions',
+                        config: {
+                            actions: [
+                                'plugin::users-permissions.roles.update'
+                            ]
+                        }
+                    }
+                ]
+            }
+        },
+        {
+            method: 'DELETE',
+            path: '/roles/:role',
+            handler: 'role.deleteRole',
+            config: {
+                policies: [
+                    {
+                        name: 'admin::hasPermissions',
+                        config: {
+                            actions: [
+                                'plugin::users-permissions.roles.delete'
+                            ]
+                        }
+                    }
+                ]
+            }
+        }
+    ];
+    return role$2;
+}
+
+var admin;
+var hasRequiredAdmin;
+function requireAdmin() {
+    if (hasRequiredAdmin) return admin;
+    hasRequiredAdmin = 1;
+    const permissionsRoutes = requirePermissions$2();
+    const settingsRoutes = requireSettings$1();
+    const roleRoutes = requireRole$2();
+    admin = {
+        type: 'admin',
+        routes: [
+            ...roleRoutes,
+            ...settingsRoutes,
+            ...permissionsRoutes
+        ]
+    };
+    return admin;
+}
+
+var auth$2;
+var hasRequiredAuth$2;
+function requireAuth$2() {
+    if (hasRequiredAuth$2) return auth$2;
+    hasRequiredAuth$2 = 1;
+    auth$2 = [
+        {
+            method: 'GET',
+            path: '/connect/(.*)',
+            handler: 'auth.connect',
+            config: {
+                middlewares: [
+                    'plugin::users-permissions.rateLimit'
+                ],
+                prefix: ''
+            }
+        },
+        {
+            method: 'POST',
+            path: '/auth/local',
+            handler: 'auth.callback',
+            config: {
+                middlewares: [
+                    'plugin::users-permissions.rateLimit'
+                ],
+                prefix: ''
+            }
+        },
+        {
+            method: 'POST',
+            path: '/auth/local/register',
+            handler: 'auth.register',
+            config: {
+                middlewares: [
+                    'plugin::users-permissions.rateLimit'
+                ],
+                prefix: ''
+            }
+        },
+        {
+            method: 'GET',
+            path: '/auth/:provider/callback',
+            handler: 'auth.callback',
+            config: {
+                prefix: ''
+            }
+        },
+        {
+            method: 'POST',
+            path: '/auth/forgot-password',
+            handler: 'auth.forgotPassword',
+            config: {
+                middlewares: [
+                    'plugin::users-permissions.rateLimit'
+                ],
+                prefix: ''
+            }
+        },
+        {
+            method: 'POST',
+            path: '/auth/reset-password',
+            handler: 'auth.resetPassword',
+            config: {
+                middlewares: [
+                    'plugin::users-permissions.rateLimit'
+                ],
+                prefix: ''
+            }
+        },
+        {
+            method: 'GET',
+            path: '/auth/email-confirmation',
+            handler: 'auth.emailConfirmation',
+            config: {
+                prefix: ''
+            }
+        },
+        {
+            method: 'POST',
+            path: '/auth/send-email-confirmation',
+            handler: 'auth.sendEmailConfirmation',
+            config: {
+                prefix: ''
+            }
+        },
+        {
+            method: 'POST',
+            path: '/auth/change-password',
+            handler: 'auth.changePassword',
+            config: {
+                middlewares: [
+                    'plugin::users-permissions.rateLimit'
+                ],
+                prefix: ''
+            }
+        }
+    ];
+    return auth$2;
+}
+
+var user$2;
+var hasRequiredUser$2;
+function requireUser$2() {
+    if (hasRequiredUser$2) return user$2;
+    hasRequiredUser$2 = 1;
+    user$2 = [
+        {
+            method: 'GET',
+            path: '/users/count',
+            handler: 'user.count',
+            config: {
+                prefix: ''
+            }
+        },
+        {
+            method: 'GET',
+            path: '/users',
+            handler: 'user.find',
+            config: {
+                prefix: ''
+            }
+        },
+        {
+            method: 'GET',
+            path: '/users/me',
+            handler: 'user.me',
+            config: {
+                prefix: ''
+            }
+        },
+        {
+            method: 'GET',
+            path: '/users/:id',
+            handler: 'user.findOne',
+            config: {
+                prefix: ''
+            }
+        },
+        {
+            method: 'POST',
+            path: '/users',
+            handler: 'user.create',
+            config: {
+                prefix: ''
+            }
+        },
+        {
+            method: 'PUT',
+            path: '/users/:id',
+            handler: 'user.update',
+            config: {
+                prefix: ''
+            }
+        },
+        {
+            method: 'DELETE',
+            path: '/users/:id',
+            handler: 'user.destroy',
+            config: {
+                prefix: ''
+            }
+        }
+    ];
+    return user$2;
+}
+
+var role$1;
+var hasRequiredRole$1;
+function requireRole$1() {
+    if (hasRequiredRole$1) return role$1;
+    hasRequiredRole$1 = 1;
+    role$1 = [
+        {
+            method: 'GET',
+            path: '/roles/:id',
+            handler: 'role.findOne'
+        },
+        {
+            method: 'GET',
+            path: '/roles',
+            handler: 'role.find'
+        },
+        {
+            method: 'POST',
+            path: '/roles',
+            handler: 'role.createRole'
+        },
+        {
+            method: 'PUT',
+            path: '/roles/:role',
+            handler: 'role.updateRole'
+        },
+        {
+            method: 'DELETE',
+            path: '/roles/:role',
+            handler: 'role.deleteRole'
+        }
+    ];
+    return role$1;
+}
+
+var permissions$1;
+var hasRequiredPermissions$1;
+function requirePermissions$1() {
+    if (hasRequiredPermissions$1) return permissions$1;
+    hasRequiredPermissions$1 = 1;
+    permissions$1 = [
+        {
+            method: 'GET',
+            path: '/permissions',
+            handler: 'permissions.getPermissions'
+        }
+    ];
+    return permissions$1;
+}
+
+var contentApi;
+var hasRequiredContentApi;
+function requireContentApi() {
+    if (hasRequiredContentApi) return contentApi;
+    hasRequiredContentApi = 1;
+    const authRoutes = requireAuth$2();
+    const userRoutes = requireUser$2();
+    const roleRoutes = requireRole$1();
+    const permissionsRoutes = requirePermissions$1();
+    contentApi = {
+        type: 'content-api',
+        routes: [
+            ...authRoutes,
+            ...userRoutes,
+            ...roleRoutes,
+            ...permissionsRoutes
+        ]
+    };
+    return contentApi;
+}
+
+var routes;
+var hasRequiredRoutes;
+function requireRoutes() {
+    if (hasRequiredRoutes) return routes;
+    hasRequiredRoutes = 1;
+    routes = {
+        admin: requireAdmin(),
+        'content-api': requireContentApi()
+    };
+    return routes;
+}
+
+var auth$1;
+var hasRequiredAuth$1;
+function requireAuth$1() {
+    if (hasRequiredAuth$1) return auth$1;
+    hasRequiredAuth$1 = 1;
+    const { yup, validateYupSchema } = require$$1;
+    const callbackSchema = yup.object({
+        identifier: yup.string().required(),
+        password: yup.string().required()
+    });
+    const createRegisterSchema = (config)=>yup.object({
+            email: yup.string().email().required(),
+            username: yup.string().required(),
+            password: yup.string().required().test(async function(value) {
+                if (typeof config?.validatePassword === 'function') {
+                    try {
+                        const isValid = await config.validatePassword(value);
+                        if (!isValid) {
+                            return this.createError({
+                                message: 'Password validation failed.'
+                            });
+                        }
+                    } catch (error) {
+                        return this.createError({
+                            message: error.message || 'An error occurred.'
+                        });
+                    }
+                }
+                return true;
+            })
+        });
+    const sendEmailConfirmationSchema = yup.object({
+        email: yup.string().email().required()
+    });
+    const validateEmailConfirmationSchema = yup.object({
+        confirmation: yup.string().required()
+    });
+    const forgotPasswordSchema = yup.object({
+        email: yup.string().email().required()
+    }).noUnknown();
+    const createResetPasswordSchema = (config)=>yup.object({
+            password: yup.string().required().test(async function(value) {
+                if (typeof config?.validatePassword === 'function') {
+                    try {
+                        const isValid = await config.validatePassword(value);
+                        if (!isValid) {
+                            return this.createError({
+                                message: 'Password validation failed.'
+                            });
+                        }
+                    } catch (error) {
+                        return this.createError({
+                            message: error.message || 'An error occurred.'
+                        });
+                    }
+                }
+                return true;
+            }),
+            passwordConfirmation: yup.string().required().oneOf([
+                yup.ref('password')
+            ], 'Passwords do not match'),
+            code: yup.string().required()
+        }).noUnknown();
+    const createChangePasswordSchema = (config)=>yup.object({
+            password: yup.string().required().test(async function(value) {
+                if (typeof config?.validatePassword === 'function') {
+                    try {
+                        const isValid = await config.validatePassword(value);
+                        if (!isValid) {
+                            return this.createError({
+                                message: 'Password validation failed.'
+                            });
+                        }
+                    } catch (error) {
+                        return this.createError({
+                            message: error.message || 'An error occurred.'
+                        });
+                    }
+                }
+                return true;
+            }),
+            passwordConfirmation: yup.string().required().oneOf([
+                yup.ref('password')
+            ], 'Passwords do not match'),
+            currentPassword: yup.string().required()
+        }).noUnknown();
+    auth$1 = {
+        validateCallbackBody: validateYupSchema(callbackSchema),
+        validateRegisterBody: (payload, config)=>validateYupSchema(createRegisterSchema(config))(payload),
+        validateSendEmailConfirmationBody: validateYupSchema(sendEmailConfirmationSchema),
+        validateEmailConfirmationBody: validateYupSchema(validateEmailConfirmationSchema),
+        validateForgotPasswordBody: validateYupSchema(forgotPasswordSchema),
+        validateResetPasswordBody: (payload, config)=>validateYupSchema(createResetPasswordSchema(config))(payload),
+        validateChangePasswordBody: (payload, config)=>validateYupSchema(createChangePasswordSchema(config))(payload)
+    };
+    return auth$1;
+}
+
+var auth;
+var hasRequiredAuth;
+function requireAuth() {
+    if (hasRequiredAuth) return auth;
+    hasRequiredAuth = 1;
+    /**
+	 * Auth.js controller
+	 *
+	 * @description: A set of functions called "actions" for managing `Auth`.
+	 */ /* eslint-disable no-useless-escape */ const crypto = require$$0$2;
+    const _ = require$$0$3;
+    const { concat, compact, isArray } = require$$0;
+    const utils = require$$1;
+    const { getService } = requireUtils$1();
+    const { validateCallbackBody, validateRegisterBody, validateSendEmailConfirmationBody, validateForgotPasswordBody, validateResetPasswordBody, validateEmailConfirmationBody, validateChangePasswordBody } = requireAuth$1();
+    const { ApplicationError, ValidationError, ForbiddenError } = utils.errors;
+    const sanitizeUser = (user, ctx)=>{
+        const { auth } = ctx.state;
+        const userSchema = strapi.getModel('plugin::users-permissions.user');
+        return strapi.contentAPI.sanitize.output(user, userSchema, {
+            auth
+        });
+    };
+    auth = ({ strapi: strapi1 })=>({
+            async callback (ctx) {
+                const provider = ctx.params.provider || 'local';
+                const params = ctx.request.body;
+                const store = strapi1.store({
+                    type: 'plugin',
+                    name: 'users-permissions'
+                });
+                const grantSettings = await store.get({
+                    key: 'grant'
+                });
+                const grantProvider = provider === 'local' ? 'email' : provider;
+                if (!_.get(grantSettings, [
+                    grantProvider,
+                    'enabled'
+                ])) {
+                    throw new ApplicationError('This provider is disabled');
+                }
+                if (provider === 'local') {
+                    await validateCallbackBody(params);
+                    const { identifier } = params;
+                    // Check if the user exists.
+                    const user = await strapi1.db.query('plugin::users-permissions.user').findOne({
+                        where: {
+                            provider,
+                            $or: [
+                                {
+                                    email: identifier.toLowerCase()
+                                },
+                                {
+                                    username: identifier
+                                }
+                            ]
+                        }
+                    });
+                    if (!user) {
+                        throw new ValidationError('Invalid identifier or password');
+                    }
+                    if (!user.password) {
+                        throw new ValidationError('Invalid identifier or password');
+                    }
+                    const validPassword = await getService('user').validatePassword(params.password, user.password);
+                    if (!validPassword) {
+                        throw new ValidationError('Invalid identifier or password');
+                    }
+                    const advancedSettings = await store.get({
+                        key: 'advanced'
+                    });
+                    const requiresConfirmation = _.get(advancedSettings, 'email_confirmation');
+                    if (requiresConfirmation && user.confirmed !== true) {
+                        throw new ApplicationError('Your account email is not confirmed');
+                    }
+                    if (user.blocked === true) {
+                        throw new ApplicationError('Your account has been blocked by an administrator');
+                    }
+                    return ctx.send({
+                        jwt: getService('jwt').issue({
+                            id: user.id
+                        }),
+                        user: await sanitizeUser(user, ctx)
+                    });
+                }
+                // Connect the user with the third-party provider.
+                try {
+                    const user = await getService('providers').connect(provider, ctx.query);
+                    if (user.blocked) {
+                        throw new ForbiddenError('Your account has been blocked by an administrator');
+                    }
+                    return ctx.send({
+                        jwt: getService('jwt').issue({
+                            id: user.id
+                        }),
+                        user: await sanitizeUser(user, ctx)
+                    });
+                } catch (error) {
+                    throw new ApplicationError(error.message);
+                }
+            },
+            async changePassword (ctx) {
+                if (!ctx.state.user) {
+                    throw new ApplicationError('You must be authenticated to reset your password');
+                }
+                const validations = strapi1.config.get('plugin::users-permissions.validationRules');
+                const { currentPassword, password } = await validateChangePasswordBody(ctx.request.body, validations);
+                const user = await strapi1.db.query('plugin::users-permissions.user').findOne({
+                    where: {
+                        id: ctx.state.user.id
+                    }
+                });
+                const validPassword = await getService('user').validatePassword(currentPassword, user.password);
+                if (!validPassword) {
+                    throw new ValidationError('The provided current password is invalid');
+                }
+                if (currentPassword === password) {
+                    throw new ValidationError('Your new password must be different than your current password');
+                }
+                await getService('user').edit(user.id, {
+                    password
+                });
+                ctx.send({
+                    jwt: getService('jwt').issue({
+                        id: user.id
+                    }),
+                    user: await sanitizeUser(user, ctx)
+                });
+            },
+            async resetPassword (ctx) {
+                const validations = strapi1.config.get('plugin::users-permissions.validationRules');
+                const { password, passwordConfirmation, code } = await validateResetPasswordBody(ctx.request.body, validations);
+                if (password !== passwordConfirmation) {
+                    throw new ValidationError('Passwords do not match');
+                }
+                const user = await strapi1.db.query('plugin::users-permissions.user').findOne({
+                    where: {
+                        resetPasswordToken: code
+                    }
+                });
+                if (!user) {
+                    throw new ValidationError('Incorrect code provided');
+                }
+                await getService('user').edit(user.id, {
+                    resetPasswordToken: null,
+                    password
+                });
+                // Update the user.
+                ctx.send({
+                    jwt: getService('jwt').issue({
+                        id: user.id
+                    }),
+                    user: await sanitizeUser(user, ctx)
+                });
+            },
+            async connect (ctx, next) {
+                const grant = require$$6.koa();
+                const providers = await strapi1.store({
+                    type: 'plugin',
+                    name: 'users-permissions',
+                    key: 'grant'
+                }).get();
+                const apiPrefix = strapi1.config.get('api.rest.prefix');
+                const grantConfig = {
+                    defaults: {
+                        prefix: `${apiPrefix}/connect`
+                    },
+                    ...providers
+                };
+                const [requestPath] = ctx.request.url.split('?');
+                const provider = requestPath.split('/connect/')[1].split('/')[0];
+                if (!_.get(grantConfig[provider], 'enabled')) {
+                    throw new ApplicationError('This provider is disabled');
+                }
+                if (!strapi1.config.server.url.startsWith('http')) {
+                    strapi1.log.warn('You are using a third party provider for login. Make sure to set an absolute url in config/server.js. More info here: https://docs.strapi.io/developer-docs/latest/plugins/users-permissions.html#setting-up-the-server-url');
+                }
+                // Ability to pass OAuth callback dynamically
+                const queryCustomCallback = _.get(ctx, 'query.callback');
+                const dynamicSessionCallback = _.get(ctx, 'session.grant.dynamic.callback');
+                const customCallback = queryCustomCallback ?? dynamicSessionCallback;
+                // The custom callback is validated to make sure it's not redirecting to an unwanted actor.
+                if (customCallback !== undefined) {
+                    try {
+                        // We're extracting the callback validator from the plugin config since it can be user-customized
+                        const { validate: validateCallback } = strapi1.plugin('users-permissions').config('callback');
+                        await validateCallback(customCallback, grantConfig[provider]);
+                        grantConfig[provider].callback = customCallback;
+                    } catch (e) {
+                        throw new ValidationError('Invalid callback URL provided', {
+                            callback: customCallback
+                        });
+                    }
+                }
+                // Build a valid redirect URI for the current provider
+                grantConfig[provider].redirect_uri = getService('providers').buildRedirectUri(provider);
+                return grant(grantConfig)(ctx, next);
+            },
+            async forgotPassword (ctx) {
+                const { email } = await validateForgotPasswordBody(ctx.request.body);
+                const pluginStore = await strapi1.store({
+                    type: 'plugin',
+                    name: 'users-permissions'
+                });
+                const emailSettings = await pluginStore.get({
+                    key: 'email'
+                });
+                const advancedSettings = await pluginStore.get({
+                    key: 'advanced'
+                });
+                // Find the user by email.
+                const user = await strapi1.db.query('plugin::users-permissions.user').findOne({
+                    where: {
+                        email: email.toLowerCase()
+                    }
+                });
+                if (!user || user.blocked) {
+                    return ctx.send({
+                        ok: true
+                    });
+                }
+                // Generate random token.
+                const userInfo = await sanitizeUser(user, ctx);
+                const resetPasswordToken = crypto.randomBytes(64).toString('hex');
+                const resetPasswordSettings = _.get(emailSettings, 'reset_password.options', {});
+                const emailBody = await getService('users-permissions').template(resetPasswordSettings.message, {
+                    URL: advancedSettings.email_reset_password,
+                    SERVER_URL: strapi1.config.get('server.absoluteUrl'),
+                    ADMIN_URL: strapi1.config.get('admin.absoluteUrl'),
+                    USER: userInfo,
+                    TOKEN: resetPasswordToken
+                });
+                const emailObject = await getService('users-permissions').template(resetPasswordSettings.object, {
+                    USER: userInfo
+                });
+                const emailToSend = {
+                    to: user.email,
+                    from: resetPasswordSettings.from.email || resetPasswordSettings.from.name ? `${resetPasswordSettings.from.name} <${resetPasswordSettings.from.email}>` : undefined,
+                    replyTo: resetPasswordSettings.response_email,
+                    subject: emailObject,
+                    text: emailBody,
+                    html: emailBody
+                };
+                // NOTE: Update the user before sending the email so an Admin can generate the link if the email fails
+                await getService('user').edit(user.id, {
+                    resetPasswordToken
+                });
+                // Send an email to the user.
+                await strapi1.plugin('email').service('email').send(emailToSend);
+                ctx.send({
+                    ok: true
+                });
+            },
+            async register (ctx) {
+                const pluginStore = await strapi1.store({
+                    type: 'plugin',
+                    name: 'users-permissions'
+                });
+                const settings = await pluginStore.get({
+                    key: 'advanced'
+                });
+                if (!settings.allow_register) {
+                    throw new ApplicationError('Register action is currently disabled');
+                }
+                const { register } = strapi1.config.get('plugin::users-permissions');
+                const alwaysAllowedKeys = [
+                    'username',
+                    'password',
+                    'email'
+                ];
+                // Note that we intentionally do not filter allowedFields to allow a project to explicitly accept private or other Strapi field on registration
+                const allowedKeys = compact(concat(alwaysAllowedKeys, isArray(register?.allowedFields) ? register.allowedFields : []));
+                // Check if there are any keys in requestBody that are not in allowedKeys
+                const invalidKeys = Object.keys(ctx.request.body).filter((key)=>!allowedKeys.includes(key));
+                if (invalidKeys.length > 0) {
+                    // If there are invalid keys, throw an error
+                    throw new ValidationError(`Invalid parameters: ${invalidKeys.join(', ')}`);
+                }
+                const params = {
+                    ..._.pick(ctx.request.body, allowedKeys),
+                    provider: 'local'
+                };
+                const validations = strapi1.config.get('plugin::users-permissions.validationRules');
+                await validateRegisterBody(params, validations);
+                const role = await strapi1.db.query('plugin::users-permissions.role').findOne({
+                    where: {
+                        type: settings.default_role
+                    }
+                });
+                if (!role) {
+                    throw new ApplicationError('Impossible to find the default role');
+                }
+                const { email, username, provider } = params;
+                const identifierFilter = {
+                    $or: [
+                        {
+                            email: email.toLowerCase()
+                        },
+                        {
+                            username: email.toLowerCase()
+                        },
+                        {
+                            username
+                        },
+                        {
+                            email: username
+                        }
+                    ]
+                };
+                const conflictingUserCount = await strapi1.db.query('plugin::users-permissions.user').count({
+                    where: {
+                        ...identifierFilter,
+                        provider
+                    }
+                });
+                if (conflictingUserCount > 0) {
+                    throw new ApplicationError('Email or Username are already taken');
+                }
+                if (settings.unique_email) {
+                    const conflictingUserCount = await strapi1.db.query('plugin::users-permissions.user').count({
+                        where: {
+                            ...identifierFilter
+                        }
+                    });
+                    if (conflictingUserCount > 0) {
+                        throw new ApplicationError('Email or Username are already taken');
+                    }
+                }
+                const newUser = {
+                    ...params,
+                    role: role.id,
+                    email: email.toLowerCase(),
+                    username,
+                    confirmed: !settings.email_confirmation
+                };
+                const user = await getService('user').add(newUser);
+                const sanitizedUser = await sanitizeUser(user, ctx);
+                if (settings.email_confirmation) {
+                    try {
+                        await getService('user').sendConfirmationEmail(sanitizedUser);
+                    } catch (err) {
+                        strapi1.log.error(err);
+                        throw new ApplicationError('Error sending confirmation email');
+                    }
+                    return ctx.send({
+                        user: sanitizedUser
+                    });
+                }
+                const jwt = getService('jwt').issue(_.pick(user, [
+                    'id'
+                ]));
+                return ctx.send({
+                    jwt,
+                    user: sanitizedUser
+                });
+            },
+            async emailConfirmation (ctx, next, returnUser) {
+                const { confirmation: confirmationToken } = await validateEmailConfirmationBody(ctx.query);
+                const userService = getService('user');
+                const jwtService = getService('jwt');
+                const [user] = await userService.fetchAll({
+                    filters: {
+                        confirmationToken
+                    }
+                });
+                if (!user) {
+                    throw new ValidationError('Invalid token');
+                }
+                await userService.edit(user.id, {
+                    confirmed: true,
+                    confirmationToken: null
+                });
+                if (returnUser) {
+                    ctx.send({
+                        jwt: jwtService.issue({
+                            id: user.id
+                        }),
+                        user: await sanitizeUser(user, ctx)
+                    });
+                } else {
+                    const settings = await strapi1.store({
+                        type: 'plugin',
+                        name: 'users-permissions',
+                        key: 'advanced'
+                    }).get();
+                    ctx.redirect(settings.email_confirmation_redirection || '/');
+                }
+            },
+            async sendEmailConfirmation (ctx) {
+                const { email } = await validateSendEmailConfirmationBody(ctx.request.body);
+                const user = await strapi1.db.query('plugin::users-permissions.user').findOne({
+                    where: {
+                        email: email.toLowerCase()
+                    }
+                });
+                if (!user) {
+                    return ctx.send({
+                        email,
+                        sent: true
+                    });
+                }
+                if (user.confirmed) {
+                    throw new ApplicationError('Already confirmed');
+                }
+                if (user.blocked) {
+                    throw new ApplicationError('User blocked');
+                }
+                await getService('user').sendConfirmationEmail(user);
+                ctx.send({
+                    email: user.email,
+                    sent: true
+                });
+            }
+        });
+    return auth;
+}
+
+var user$1;
+var hasRequiredUser$1;
+function requireUser$1() {
+    if (hasRequiredUser$1) return user$1;
+    hasRequiredUser$1 = 1;
+    const { yup, validateYupSchema } = require$$1;
+    const deleteRoleSchema = yup.object().shape({
+        role: yup.strapiID().required()
+    });
+    const createUserBodySchema = yup.object().shape({
+        email: yup.string().email().required(),
+        username: yup.string().min(1).required(),
+        password: yup.string().min(1).required(),
+        role: yup.lazy((value)=>typeof value === 'object' ? yup.object().shape({
+                connect: yup.array().of(yup.object().shape({
+                    id: yup.strapiID().required()
+                })).min(1, 'Users must have a role').required()
+            }).required() : yup.strapiID().required())
+    });
+    const updateUserBodySchema = yup.object().shape({
+        email: yup.string().email().min(1),
+        username: yup.string().min(1),
+        password: yup.string().min(1),
+        role: yup.lazy((value)=>typeof value === 'object' ? yup.object().shape({
+                connect: yup.array().of(yup.object().shape({
+                    id: yup.strapiID().required()
+                })).required(),
+                disconnect: yup.array().test('CheckDisconnect', 'Cannot remove role', function test(disconnectValue) {
+                    if (value.connect.length === 0 && disconnectValue.length > 0) {
+                        return false;
+                    }
+                    return true;
+                }).required()
+            }) : yup.strapiID())
+    });
+    user$1 = {
+        validateCreateUserBody: validateYupSchema(createUserBodySchema),
+        validateUpdateUserBody: validateYupSchema(updateUserBodySchema),
+        validateDeleteRoleBody: validateYupSchema(deleteRoleSchema)
+    };
+    return user$1;
+}
+
+var user;
+var hasRequiredUser;
+function requireUser() {
+    if (hasRequiredUser) return user;
+    hasRequiredUser = 1;
+    /**
+	 * User.js controller
+	 *
+	 * @description: A set of functions called "actions" for managing `User`.
+	 */ const _ = require$$0$3;
+    const utils = require$$1;
+    const { getService } = requireUtils$1();
+    const { validateCreateUserBody, validateUpdateUserBody } = requireUser$1();
+    const { ApplicationError, ValidationError, NotFoundError } = utils.errors;
+    const sanitizeOutput = async (user, ctx)=>{
+        const schema = strapi.getModel('plugin::users-permissions.user');
+        const { auth } = ctx.state;
+        return strapi.contentAPI.sanitize.output(user, schema, {
+            auth
+        });
+    };
+    const validateQuery = async (query, ctx)=>{
+        const schema = strapi.getModel('plugin::users-permissions.user');
+        const { auth } = ctx.state;
+        return strapi.contentAPI.validate.query(query, schema, {
+            auth
+        });
+    };
+    const sanitizeQuery = async (query, ctx)=>{
+        const schema = strapi.getModel('plugin::users-permissions.user');
+        const { auth } = ctx.state;
+        return strapi.contentAPI.sanitize.query(query, schema, {
+            auth
+        });
+    };
+    user = {
+        /**
+	   * Create a/an user record.
+	   * @return {Object}
+	   */ async create (ctx) {
+            const advanced = await strapi.store({
+                type: 'plugin',
+                name: 'users-permissions',
+                key: 'advanced'
+            }).get();
+            await validateCreateUserBody(ctx.request.body);
+            const { email, username, role } = ctx.request.body;
+            const userWithSameUsername = await strapi.db.query('plugin::users-permissions.user').findOne({
+                where: {
+                    username
+                }
+            });
+            if (userWithSameUsername) {
+                if (!email) throw new ApplicationError('Username already taken');
+            }
+            if (advanced.unique_email) {
+                const userWithSameEmail = await strapi.db.query('plugin::users-permissions.user').findOne({
+                    where: {
+                        email: email.toLowerCase()
+                    }
+                });
+                if (userWithSameEmail) {
+                    throw new ApplicationError('Email already taken');
+                }
+            }
+            const user = {
+                ...ctx.request.body,
+                email: email.toLowerCase(),
+                provider: 'local'
+            };
+            if (!role) {
+                const defaultRole = await strapi.db.query('plugin::users-permissions.role').findOne({
+                    where: {
+                        type: advanced.default_role
+                    }
+                });
+                user.role = defaultRole.id;
+            }
+            try {
+                const data = await getService('user').add(user);
+                const sanitizedData = await sanitizeOutput(data, ctx);
+                ctx.created(sanitizedData);
+            } catch (error) {
+                throw new ApplicationError(error.message);
+            }
+        },
+        /**
+	   * Update a/an user record.
+	   * @return {Object}
+	   */ async update (ctx) {
+            const advancedConfigs = await strapi.store({
+                type: 'plugin',
+                name: 'users-permissions',
+                key: 'advanced'
+            }).get();
+            const { id } = ctx.params;
+            const { email, username, password } = ctx.request.body;
+            const user = await getService('user').fetch(id);
+            if (!user) {
+                throw new NotFoundError(`User not found`);
+            }
+            await validateUpdateUserBody(ctx.request.body);
+            if (user.provider === 'local' && _.has(ctx.request.body, 'password') && !password) {
+                throw new ValidationError('password.notNull');
+            }
+            if (_.has(ctx.request.body, 'username')) {
+                const userWithSameUsername = await strapi.db.query('plugin::users-permissions.user').findOne({
+                    where: {
+                        username
+                    }
+                });
+                if (userWithSameUsername && _.toString(userWithSameUsername.id) !== _.toString(id)) {
+                    throw new ApplicationError('Username already taken');
+                }
+            }
+            if (_.has(ctx.request.body, 'email') && advancedConfigs.unique_email) {
+                const userWithSameEmail = await strapi.db.query('plugin::users-permissions.user').findOne({
+                    where: {
+                        email: email.toLowerCase()
+                    }
+                });
+                if (userWithSameEmail && _.toString(userWithSameEmail.id) !== _.toString(id)) {
+                    throw new ApplicationError('Email already taken');
+                }
+                ctx.request.body.email = ctx.request.body.email.toLowerCase();
+            }
+            const updateData = {
+                ...ctx.request.body
+            };
+            const data = await getService('user').edit(user.id, updateData);
+            const sanitizedData = await sanitizeOutput(data, ctx);
+            ctx.send(sanitizedData);
+        },
+        /**
+	   * Retrieve user records.
+	   * @return {Object|Array}
+	   */ async find (ctx) {
+            await validateQuery(ctx.query, ctx);
+            const sanitizedQuery = await sanitizeQuery(ctx.query, ctx);
+            const users = await getService('user').fetchAll(sanitizedQuery);
+            ctx.body = await Promise.all(users.map((user)=>sanitizeOutput(user, ctx)));
+        },
+        /**
+	   * Retrieve a user record.
+	   * @return {Object}
+	   */ async findOne (ctx) {
+            const { id } = ctx.params;
+            await validateQuery(ctx.query, ctx);
+            const sanitizedQuery = await sanitizeQuery(ctx.query, ctx);
+            let data = await getService('user').fetch(id, sanitizedQuery);
+            if (data) {
+                data = await sanitizeOutput(data, ctx);
+            }
+            ctx.body = data;
+        },
+        /**
+	   * Retrieve user count.
+	   * @return {Number}
+	   */ async count (ctx) {
+            await validateQuery(ctx.query, ctx);
+            const sanitizedQuery = await sanitizeQuery(ctx.query, ctx);
+            ctx.body = await getService('user').count(sanitizedQuery);
+        },
+        /**
+	   * Destroy a/an user record.
+	   * @return {Object}
+	   */ async destroy (ctx) {
+            const { id } = ctx.params;
+            const data = await getService('user').remove({
+                id
+            });
+            const sanitizedUser = await sanitizeOutput(data, ctx);
+            ctx.send(sanitizedUser);
+        },
+        /**
+	   * Retrieve authenticated user.
+	   * @return {Object|Array}
+	   */ async me (ctx) {
+            const authUser = ctx.state.user;
+            const { query } = ctx;
+            if (!authUser) {
+                return ctx.unauthorized();
+            }
+            await validateQuery(query, ctx);
+            const sanitizedQuery = await sanitizeQuery(query, ctx);
+            const user = await getService('user').fetch(authUser.id, sanitizedQuery);
+            ctx.body = await sanitizeOutput(user, ctx);
+        }
+    };
+    return user;
+}
+
+var role;
+var hasRequiredRole;
+function requireRole() {
+    if (hasRequiredRole) return role;
+    hasRequiredRole = 1;
+    const _ = require$$0$3;
+    const { async, errors } = require$$1;
+    const { getService } = requireUtils$1();
+    const { validateDeleteRoleBody } = requireUser$1();
+    const { ApplicationError, ValidationError } = errors;
+    const sanitizeOutput = async (role)=>{
+        const { sanitizeLocalizationFields } = strapi.plugin('i18n').service('sanitize');
+        const schema = strapi.getModel('plugin::users-permissions.role');
+        return async.pipe(sanitizeLocalizationFields(schema))(role);
+    };
+    role = {
+        /**
+	   * Default action.
+	   *
+	   * @return {Object}
+	   */ async createRole (ctx) {
+            if (_.isEmpty(ctx.request.body)) {
+                throw new ValidationError('Request body cannot be empty');
+            }
+            await getService('role').createRole(ctx.request.body);
+            ctx.send({
+                ok: true
+            });
+        },
+        async findOne (ctx) {
+            const { id } = ctx.params;
+            const role = await getService('role').findOne(id);
+            if (!role) {
+                return ctx.notFound();
+            }
+            const safeRole = await sanitizeOutput(role);
+            ctx.send({
+                role: safeRole
+            });
+        },
+        async find (ctx) {
+            const roles = await getService('role').find();
+            const safeRoles = await Promise.all(roles.map(sanitizeOutput));
+            ctx.send({
+                roles: safeRoles
+            });
+        },
+        async updateRole (ctx) {
+            const roleID = ctx.params.role;
+            if (_.isEmpty(ctx.request.body)) {
+                throw new ValidationError('Request body cannot be empty');
+            }
+            await getService('role').updateRole(roleID, ctx.request.body);
+            ctx.send({
+                ok: true
+            });
+        },
+        async deleteRole (ctx) {
+            const roleID = ctx.params.role;
+            if (!roleID) {
+                await validateDeleteRoleBody(ctx.params);
+            }
+            // Fetch public role.
+            const publicRole = await strapi.db.query('plugin::users-permissions.role').findOne({
+                where: {
+                    type: 'public'
+                }
+            });
+            const publicRoleID = publicRole.id;
+            // Prevent from removing the public role.
+            if (roleID.toString() === publicRoleID.toString()) {
+                throw new ApplicationError('Cannot delete public role');
+            }
+            await getService('role').deleteRole(roleID, publicRoleID);
+            ctx.send({
+                ok: true
+            });
+        }
+    };
+    return role;
+}
+
+var permissions;
+var hasRequiredPermissions;
+function requirePermissions() {
+    if (hasRequiredPermissions) return permissions;
+    hasRequiredPermissions = 1;
+    const _ = require$$0$3;
+    const { getService } = requireUtils$1();
+    permissions = {
+        async getPermissions (ctx) {
+            const permissions = await getService('users-permissions').getActions();
+            ctx.send({
+                permissions
+            });
+        },
+        async getPolicies (ctx) {
+            const policies = _.keys(strapi.plugin('users-permissions').policies);
+            ctx.send({
+                policies: _.without(policies, 'permissions')
+            });
+        },
+        async getRoutes (ctx) {
+            const routes = await getService('users-permissions').getRoutes();
+            ctx.send({
+                routes
+            });
+        }
+    };
+    return permissions;
+}
+
+var emailTemplate;
+var hasRequiredEmailTemplate;
+function requireEmailTemplate() {
+    if (hasRequiredEmailTemplate) return emailTemplate;
+    hasRequiredEmailTemplate = 1;
+    const { trim } = require$$0;
+    const { template: { createLooseInterpolationRegExp, createStrictInterpolationRegExp } } = require$$1;
+    const invalidPatternsRegexes = [
+        // Ignore "evaluation" patterns: <% ... %>
+        /<%[^=]([\s\S]*?)%>/m,
+        // Ignore basic string interpolations
+        /\${([^{}]*)}/m
+    ];
+    const authorizedKeys = [
+        'URL',
+        'ADMIN_URL',
+        'SERVER_URL',
+        'CODE',
+        'USER',
+        'USER.email',
+        'USER.username',
+        'TOKEN'
+    ];
+    const matchAll = (pattern, src)=>{
+        const matches = [];
+        let match;
+        const regexPatternWithGlobal = RegExp(pattern, 'g');
+        // eslint-disable-next-line no-cond-assign
+        while(match = regexPatternWithGlobal.exec(src)){
+            const [, group] = match;
+            matches.push(trim(group));
+        }
+        return matches;
+    };
+    const isValidEmailTemplate = (template)=>{
+        // Check for known invalid patterns
+        for (const reg of invalidPatternsRegexes){
+            if (reg.test(template)) {
+                return false;
+            }
+        }
+        const interpolation = {
+            // Strict interpolation pattern to match only valid groups
+            strict: createStrictInterpolationRegExp(authorizedKeys),
+            // Weak interpolation pattern to match as many group as possible.
+            loose: createLooseInterpolationRegExp()
+        };
+        // Compute both strict & loose matches
+        const strictMatches = matchAll(interpolation.strict, template);
+        const looseMatches = matchAll(interpolation.loose, template);
+        // If we have more matches with the loose RegExp than with the strict one,
+        // then it means that at least one of the interpolation group is invalid
+        // Note: In the future, if we wanted to give more details for error formatting
+        // purposes, we could return the difference between the two arrays
+        if (looseMatches.length > strictMatches.length) {
+            return false;
+        }
+        return true;
+    };
+    emailTemplate = {
+        isValidEmailTemplate
+    };
+    return emailTemplate;
+}
+
+var settings;
+var hasRequiredSettings;
+function requireSettings() {
+    if (hasRequiredSettings) return settings;
+    hasRequiredSettings = 1;
+    const _ = require$$0$3;
+    const { ValidationError } = require$$1.errors;
+    const { getService } = requireUtils$1();
+    const { isValidEmailTemplate } = requireEmailTemplate();
+    settings = {
+        async getEmailTemplate (ctx) {
+            ctx.send(await strapi.store({
+                type: 'plugin',
+                name: 'users-permissions',
+                key: 'email'
+            }).get());
+        },
+        async updateEmailTemplate (ctx) {
+            if (_.isEmpty(ctx.request.body)) {
+                throw new ValidationError('Request body cannot be empty');
+            }
+            const emailTemplates = ctx.request.body['email-templates'];
+            for (const key of Object.keys(emailTemplates)){
+                const template = emailTemplates[key].options.message;
+                if (!isValidEmailTemplate(template)) {
+                    throw new ValidationError('Invalid template');
+                }
+            }
+            await strapi.store({
+                type: 'plugin',
+                name: 'users-permissions',
+                key: 'email'
+            }).set({
+                value: emailTemplates
+            });
+            ctx.send({
+                ok: true
+            });
+        },
+        async getAdvancedSettings (ctx) {
+            const settings = await strapi.store({
+                type: 'plugin',
+                name: 'users-permissions',
+                key: 'advanced'
+            }).get();
+            const roles = await getService('role').find();
+            ctx.send({
+                settings,
+                roles
+            });
+        },
+        async updateAdvancedSettings (ctx) {
+            if (_.isEmpty(ctx.request.body)) {
+                throw new ValidationError('Request body cannot be empty');
+            }
+            await strapi.store({
+                type: 'plugin',
+                name: 'users-permissions',
+                key: 'advanced'
+            }).set({
+                value: ctx.request.body
+            });
+            ctx.send({
+                ok: true
+            });
+        },
+        async getProviders (ctx) {
+            const providers = await strapi.store({
+                type: 'plugin',
+                name: 'users-permissions',
+                key: 'grant'
+            }).get();
+            for(const provider in providers){
+                if (provider !== 'email') {
+                    providers[provider].redirectUri = strapi.plugin('users-permissions').service('providers').buildRedirectUri(provider);
+                }
+            }
+            ctx.send(providers);
+        },
+        async updateProviders (ctx) {
+            if (_.isEmpty(ctx.request.body)) {
+                throw new ValidationError('Request body cannot be empty');
+            }
+            await strapi.store({
+                type: 'plugin',
+                name: 'users-permissions',
+                key: 'grant'
+            }).set({
+                value: ctx.request.body.providers
+            });
+            ctx.send({
+                ok: true
+            });
+        }
+    };
+    return settings;
+}
+
+var contentManagerUser;
+var hasRequiredContentManagerUser;
+function requireContentManagerUser() {
+    if (hasRequiredContentManagerUser) return contentManagerUser;
+    hasRequiredContentManagerUser = 1;
+    const _ = require$$0$3;
+    const { contentTypes: contentTypesUtils } = require$$1;
+    const { ApplicationError, ValidationError, NotFoundError, ForbiddenError } = require$$1.errors;
+    const { validateCreateUserBody, validateUpdateUserBody } = requireUser$1();
+    const { UPDATED_BY_ATTRIBUTE, CREATED_BY_ATTRIBUTE } = contentTypesUtils.constants;
+    const userModel = 'plugin::users-permissions.user';
+    const ACTIONS = {
+        read: 'plugin::content-manager.explorer.read',
+        create: 'plugin::content-manager.explorer.create',
+        edit: 'plugin::content-manager.explorer.update',
+        delete: 'plugin::content-manager.explorer.delete'
+    };
+    const findEntityAndCheckPermissions = async (ability, action, model, id)=>{
+        const doc = await strapi.service('plugin::content-manager.document-manager').findOne(id, model, {
+            populate: [
+                `${CREATED_BY_ATTRIBUTE}.roles`
+            ]
+        });
+        if (_.isNil(doc)) {
+            throw new NotFoundError();
+        }
+        const pm = strapi.service('admin::permission').createPermissionsManager({
+            ability,
+            action,
+            model
+        });
+        if (pm.ability.cannot(pm.action, pm.toSubject(doc))) {
+            throw new ForbiddenError();
+        }
+        const docWithoutCreatorRoles = _.omit(doc, `${CREATED_BY_ATTRIBUTE}.roles`);
+        return {
+            pm,
+            doc: docWithoutCreatorRoles
+        };
+    };
+    contentManagerUser = {
+        /**
+	   * Create a/an user record.
+	   * @return {Object}
+	   */ async create (ctx) {
+            const { body } = ctx.request;
+            const { user: admin, userAbility } = ctx.state;
+            const { email, username } = body;
+            const pm = strapi.service('admin::permission').createPermissionsManager({
+                ability: userAbility,
+                action: ACTIONS.create,
+                model: userModel
+            });
+            if (!pm.isAllowed) {
+                return ctx.forbidden();
+            }
+            const sanitizedBody = await pm.pickPermittedFieldsOf(body, {
+                subject: userModel
+            });
+            const advanced = await strapi.store({
+                type: 'plugin',
+                name: 'users-permissions',
+                key: 'advanced'
+            }).get();
+            await validateCreateUserBody(ctx.request.body);
+            const userWithSameUsername = await strapi.db.query('plugin::users-permissions.user').findOne({
+                where: {
+                    username
+                }
+            });
+            if (userWithSameUsername) {
+                throw new ApplicationError('Username already taken');
+            }
+            if (advanced.unique_email) {
+                const userWithSameEmail = await strapi.db.query('plugin::users-permissions.user').findOne({
+                    where: {
+                        email: email.toLowerCase()
+                    }
+                });
+                if (userWithSameEmail) {
+                    throw new ApplicationError('Email already taken');
+                }
+            }
+            const user = {
+                ...sanitizedBody,
+                provider: 'local',
+                [CREATED_BY_ATTRIBUTE]: admin.id,
+                [UPDATED_BY_ATTRIBUTE]: admin.id
+            };
+            user.email = _.toLower(user.email);
+            try {
+                const data = await strapi.service('plugin::content-manager.document-manager').create(userModel, {
+                    data: user
+                });
+                const sanitizedData = await pm.sanitizeOutput(data, {
+                    action: ACTIONS.read
+                });
+                ctx.created(sanitizedData);
+            } catch (error) {
+                throw new ApplicationError(error.message);
+            }
+        },
+        /**
+	   * Update a/an user record.
+	   * @return {Object}
+	   */ async update (ctx) {
+            const { id: documentId } = ctx.params;
+            const { body } = ctx.request;
+            const { user: admin, userAbility } = ctx.state;
+            const advancedConfigs = await strapi.store({
+                type: 'plugin',
+                name: 'users-permissions',
+                key: 'advanced'
+            }).get();
+            const { email, username, password } = body;
+            const { pm, doc } = await findEntityAndCheckPermissions(userAbility, ACTIONS.edit, userModel, documentId);
+            const user = doc;
+            await validateUpdateUserBody(ctx.request.body);
+            if (_.has(body, 'password') && !password && user.provider === 'local') {
+                throw new ValidationError('password.notNull');
+            }
+            if (_.has(body, 'username')) {
+                const userWithSameUsername = await strapi.db.query('plugin::users-permissions.user').findOne({
+                    where: {
+                        username
+                    }
+                });
+                if (userWithSameUsername && _.toString(userWithSameUsername.id) !== _.toString(user.id)) {
+                    throw new ApplicationError('Username already taken');
+                }
+            }
+            if (_.has(body, 'email') && advancedConfigs.unique_email) {
+                const userWithSameEmail = await strapi.db.query('plugin::users-permissions.user').findOne({
+                    where: {
+                        email: _.toLower(email)
+                    }
+                });
+                if (userWithSameEmail && _.toString(userWithSameEmail.id) !== _.toString(user.id)) {
+                    throw new ApplicationError('Email already taken');
+                }
+                body.email = _.toLower(body.email);
+            }
+            const sanitizedData = await pm.pickPermittedFieldsOf(body, {
+                subject: pm.toSubject(user)
+            });
+            const updateData = _.omit({
+                ...sanitizedData,
+                updatedBy: admin.id
+            }, 'createdBy');
+            const data = await strapi.service('plugin::content-manager.document-manager').update(documentId, userModel, {
+                data: updateData
+            });
+            ctx.body = await pm.sanitizeOutput(data, {
+                action: ACTIONS.read
+            });
+        }
+    };
+    return contentManagerUser;
+}
+
+var controllers;
+var hasRequiredControllers;
+function requireControllers() {
+    if (hasRequiredControllers) return controllers;
+    hasRequiredControllers = 1;
+    const auth = requireAuth();
+    const user = requireUser();
+    const role = requireRole();
+    const permissions = requirePermissions();
+    const settings = requireSettings();
+    const contentmanageruser = requireContentManagerUser();
+    controllers = {
+        auth,
+        user,
+        role,
+        permissions,
+        settings,
+        contentmanageruser
+    };
+    return controllers;
+}
+
+var config;
+var hasRequiredConfig;
+function requireConfig() {
+    if (hasRequiredConfig) return config;
+    hasRequiredConfig = 1;
+    config = {
+        default: ({ env })=>({
+                jwtSecret: env('JWT_SECRET'),
+                jwt: {
+                    expiresIn: '30d'
+                },
+                ratelimit: {
+                    interval: 60000,
+                    max: 10
+                },
+                layout: {
+                    user: {
+                        actions: {
+                            create: 'contentManagerUser.create',
+                            update: 'contentManagerUser.update'
+                        }
+                    }
+                },
+                callback: {
+                    validate (callback, provider) {
+                        let uCallback;
+                        let uProviderCallback;
+                        try {
+                            uCallback = new URL(callback);
+                            uProviderCallback = new URL(provider.callback);
+                        } catch  {
+                            throw new Error('The callback is not a valid URL');
+                        }
+                        // Make sure the different origin matches
+                        if (uCallback.origin !== uProviderCallback.origin) {
+                            throw new Error(`Forbidden callback provided: origins don't match. Please verify your config.`);
+                        }
+                        // Make sure the different pathname matches
+                        if (uCallback.pathname !== uProviderCallback.pathname) {
+                            throw new Error(`Forbidden callback provided: pathname don't match. Please verify your config.`);
+                        }
+                    // NOTE: We're not checking the search parameters on purpose to allow passing different states
+                    }
+                }
+            }),
+        validator () {}
+    };
+    return config;
+}
+
+var server;
+var hasRequiredServer;
+function requireServer() {
+    if (hasRequiredServer) return server;
+    hasRequiredServer = 1;
+    const register = requireRegister();
+    const bootstrap = requireBootstrap();
+    const contentTypes = requireContentTypes();
+    const middlewares = requireMiddlewares();
+    const services = requireServices();
+    const routes = requireRoutes();
+    const controllers = requireControllers();
+    const config = requireConfig();
+    server = ()=>({
+            register,
+            bootstrap,
+            config,
+            routes,
+            controllers,
+            contentTypes,
+            middlewares,
+            services
+        });
+    return server;
+}
+
+var serverExports = requireServer();
+var index = /*@__PURE__*/ getDefaultExportFromCjs(serverExports);
+
+export { index as default };
+//# sourceMappingURL=index.mjs.map