@strapi/strapi 4.0.0-beta.11 → 4.0.0-beta.15

package/lib/core-api/routes/index.js

@@ -0,0 +1,71 @@
+'use strict';
+
+const { isSingleType } = require('@strapi/utils').contentTypes;
+
+const createRoutes = ({ contentType }) => {
+  if (isSingleType(contentType)) {
+    return getSingleTypeRoutes(contentType);
+  }
+
+  return getCollectionTypeRoutes(contentType);
+};
+
+const getSingleTypeRoutes = ({ uid, info }) => {
+  return {
+    find: {
+      method: 'GET',
+      path: `/${info.singularName}`,
+      handler: `${uid}.find`,
+      config: {},
+    },
+    update: {
+      method: 'PUT',
+      path: `/${info.singularName}`,
+      handler: `${uid}.update`,
+      config: {},
+    },
+    delete: {
+      method: 'DELETE',
+      path: `/${info.singularName}`,
+      handler: `${uid}.delete`,
+      config: {},
+    },
+  };
+};
+
+const getCollectionTypeRoutes = ({ uid, info }) => {
+  return {
+    find: {
+      method: 'GET',
+      path: `/${info.pluralName}`,
+      handler: `${uid}.find`,
+      config: {},
+    },
+    findOne: {
+      method: 'GET',
+      path: `/${info.pluralName}/:id`,
+      handler: `${uid}.findOne`,
+      config: {},
+    },
+    create: {
+      method: 'POST',
+      path: `/${info.pluralName}`,
+      handler: `${uid}.create`,
+      config: {},
+    },
+    update: {
+      method: 'PUT',
+      path: `/${info.pluralName}/:id`,
+      handler: `${uid}.update`,
+      config: {},
+    },
+    delete: {
+      method: 'DELETE',
+      path: `/${info.pluralName}/:id`,
+      handler: `${uid}.delete`,
+      config: {},
+    },
+  };
+};
+
+module.exports = { createRoutes };

package/lib/core-api/service/collection-type.js

@@ -22,14 +22,12 @@ const setPublishedAt = data => {
  *
  * Returns a collection type service to handle default core-api actions
  */
-const createCollectionTypeService = ({ model, strapi, utils }) => {
-  const { uid } = model;
-
-  const { getFetchParams } = utils;
+const createCollectionTypeService = ({ contentType }) => {
+  const { uid } = contentType;
 
   return {
     async find(params = {}) {
-      const fetchParams = getFetchParams(params);
+      const fetchParams = this.getFetchParams(params);
 
       const paginationInfo = getPaginationInfo(fetchParams);
 
@@ -54,13 +52,13 @@ const createCollectionTypeService = ({ model, strapi, utils }) => {
     },
 
     findOne(entityId, params = {}) {
-      return strapi.entityService.findOne(uid, entityId, getFetchParams(params));
+      return strapi.entityService.findOne(uid, entityId, this.getFetchParams(params));
     },
 
     create(params = {}) {
       const { data } = params;
 
-      if (hasDraftAndPublish(model)) {
+      if (hasDraftAndPublish(contentType)) {
         setPublishedAt(data);
       }
 

package/lib/core-api/service/index.d.ts

@@ -0,0 +1,21 @@
+type Entity = object;
+
+interface BaseService {
+  getFetchParams(params: object): object;
+}
+
+export interface SingleTypeService extends BaseService {
+  find(params: object): Promise<Entity>;
+  createOrUpdate(params: object): Promise<Entity>;
+  delete(params: object): Promise<Entity>;
+}
+
+export interface CollectionTypeService extends BaseService {
+  find(params: object): Promise<Entity[]>;
+  findOne(params: object): Promise<Entity>;
+  create(params: object): Promise<Entity>;
+  update(params: object): Promise<Entity>;
+  delete(params: object): Promise<Entity>;
+}
+
+export type Service = SingleTypeService | CollectionTypeService;

package/lib/core-api/service/index.js

@@ -13,14 +13,18 @@ const createCollectionTypeService = require('./collection-type');
  * @param {{ model: object, strapi: object }} context
  * @returns {object}
  */
-const createService = ({ model, strapi }) => {
-  const utils = createUtils({ model });
+const createService = ({ contentType }) => {
+  const proto = { getFetchParams };
 
-  if (isSingleType(model)) {
-    return createSingleTypeService({ model, strapi, utils });
+  let service;
+
+  if (isSingleType(contentType)) {
+    service = createSingleTypeService({ contentType });
+  } else {
+    service = createCollectionTypeService({ contentType });
   }
 
-  return createCollectionTypeService({ model, strapi, utils });
+  return Object.assign(Object.create(proto), service);
 };
 
 /**
@@ -35,13 +39,6 @@ const getFetchParams = (params = {}) => {
   };
 };
 
-/**
- * Mixins
- */
-const createUtils = () => ({
-  getFetchParams,
-});
-
 module.exports = {
   createService,
   getFetchParams,

package/lib/core-api/service/single-type.js

@@ -5,10 +5,12 @@ const { ValidationError } = require('@strapi/utils').errors;
 /**
  * Returns a single type service to handle default core-api actions
  */
-const createSingleTypeService = ({ model, strapi, utils }) => {
-  const { uid } = model;
-  const { getFetchParams } = utils;
+const createSingleTypeService = ({ contentType }) => {
+  const { uid } = contentType;
 
+  /**
+   * @type {import('./').SingleTypeService}
+   */
   return {
     /**
      * Returns singleType content
@@ -16,7 +18,7 @@ const createSingleTypeService = ({ model, strapi, utils }) => {
      * @return {Promise}
      */
     find(params = {}) {
-      return strapi.entityService.findMany(uid, getFetchParams(params));
+      return strapi.entityService.findMany(uid, this.getFetchParams(params));
     },
 
     /**

package/lib/factories.d.ts

@@ -0,0 +1,48 @@
+import { Service } from './core-api/service';
+import { Controller } from './core-api/controller';
+import { Middleware } from './middlewares';
+import { Policy } from './core/registries/policies';
+
+type ControllerConfig = Controller;
+
+type ServiceConfig = Service;
+
+type HandlerConfig = {
+  auth: false | { scope: string[] };
+  policies: Array<string | Policy>;
+  middlewares: Array<string | Middleware>;
+};
+
+type SingleTypeRouterConfig = {
+  find: HandlerConfig;
+  update: HandlerConfig;
+  delete: HandlerConfig;
+};
+
+type CollectionTypeRouterConfig = {
+  find: HandlerConfig;
+  findOne: HandlerConfig;
+  create: HandlerConfig;
+  update: HandlerConfig;
+  delete: HandlerConfig;
+};
+
+type RouterConfig = {
+  prefix: string;
+  only: string[];
+  except: string[];
+  config: SingleTypeRouterConfig | CollectionTypeRouterConfig;
+};
+
+interface Route {
+  method: string;
+  path: string;
+}
+interface Router {
+  prefix: string;
+  routes: Route[];
+}
+
+export function createCoreRouter(uid: string, cfg: RouterConfig): () => Router;
+export function createCoreController(uid: string, cfg: ControllerConfig): () => Controller;
+export function createCoreService(uid: string, cfg: ServiceConfig): () => Service;

package/lib/factories.js

@@ -0,0 +1,84 @@
+'use strict';
+
+const { pipe, omit, pick } = require('lodash/fp');
+
+const { createController } = require('./core-api/controller');
+const { createService } = require('./core-api/service');
+const { createRoutes } = require('./core-api/routes');
+
+const createCoreController = (uid, cfg = {}) => {
+  return ({ strapi }) => {
+    const baseController = createController({
+      contentType: strapi.contentType(uid),
+    });
+
+    let userCtrl = typeof cfg === 'function' ? cfg({ strapi }) : cfg;
+
+    for (const methodName of Object.keys(baseController)) {
+      if (userCtrl[methodName] === undefined) {
+        userCtrl[methodName] = baseController[methodName];
+      }
+    }
+
+    Object.setPrototypeOf(userCtrl, baseController);
+    return userCtrl;
+  };
+};
+
+const createCoreService = (uid, cfg = {}) => {
+  return ({ strapi }) => {
+    const baseService = createService({
+      contentType: strapi.contentType(uid),
+    });
+
+    let userService = typeof cfg === 'function' ? cfg({ strapi }) : cfg;
+
+    for (const methodName of Object.keys(baseService)) {
+      if (userService[methodName] === undefined) {
+        userService[methodName] = baseService[methodName];
+      }
+    }
+
+    Object.setPrototypeOf(userService, baseService);
+    return userService;
+  };
+};
+
+const createCoreRouter = (uid, cfg = {}) => {
+  const { prefix, config = {}, only, except } = cfg;
+  let routes;
+
+  return {
+    get prefix() {
+      return prefix;
+    },
+    get routes() {
+      if (!routes) {
+        const contentType = strapi.contentType(uid);
+
+        const defaultRoutes = createRoutes({ contentType });
+
+        Object.keys(defaultRoutes).forEach(routeName => {
+          const defaultRoute = defaultRoutes[routeName];
+
+          Object.assign(defaultRoute.config, config[routeName] || {});
+        });
+
+        const selectedRoutes = pipe(
+          routes => (except ? omit(except, routes) : routes),
+          routes => (only ? pick(only, routes) : routes)
+        )(defaultRoutes);
+
+        routes = Object.values(selectedRoutes);
+      }
+
+      return routes;
+    },
+  };
+};
+
+module.exports = {
+  createCoreController,
+  createCoreService,
+  createCoreRouter,
+};

package/lib/index.d.ts

@@ -2,6 +2,7 @@ import { Database } from '@strapi/database';
 import { EntityService } from './services/entity-service';
 import { Strapi as StrapiClass } from './Strapi';
 
+export * as factories from './factories';
 interface StrapiInterface extends StrapiClass {
   query: Database['query'];
   entityService: EntityService;

package/lib/index.js

@@ -1,3 +1,7 @@
 'use strict';
 
-module.exports = require('./Strapi');
+const Strapi = require('./Strapi');
+
+Strapi.factories = require('./factories');
+
+module.exports = Strapi;

package/lib/middlewares/errors.js

@@ -32,7 +32,7 @@ module.exports = (/* _, { strapi } */) => {
 
       strapi.log.error(error);
 
-      const { status, body } = formatInternalError();
+      const { status, body } = formatInternalError(error);
       ctx.status = status;
       ctx.body = body;
     }

package/lib/middlewares/index.d.ts

@@ -2,3 +2,4 @@ import { Strapi } from '../';
 import { Middleware } from 'koa';
 
 export type MiddlewareFactory = (config: any, ctx: { strapi: Strapi }) => Middleware | null;
+export type Middleware = Middleware;

package/lib/middlewares/security.js

@@ -12,6 +12,8 @@ const defaults = {
     useDefaults: true,
     directives: {
       'connect-src': ["'self'", 'https:'],
+      'img-src': ["'self'", 'data:', 'blob:'],
+      'media-src': ["'self'", 'data:', 'blob:'],
     },
   },
   xssFilter: false,
@@ -30,12 +32,15 @@ const defaults = {
 module.exports = config => (ctx, next) => {
   let helmetConfig = defaultsDeep(defaults, config);
 
-  if (ctx.method === 'GET' && ['/graphql', '/documentation'].includes(ctx.path)) {
+  if (
+    ctx.method === 'GET' &&
+    ['/graphql', '/documentation'].some(str => ctx.path.startsWith(str))
+  ) {
     helmetConfig = merge(helmetConfig, {
       contentSecurityPolicy: {
         directives: {
           'script-src': ["'self'", "'unsafe-inline'", 'cdn.jsdelivr.net'],
-          'img-src': ["'self'", 'data:', 'cdn.jsdelivr.net'],
+          'img-src': ["'self'", 'data:', 'cdn.jsdelivr.net', 'strapi.io'],
         },
       },
     });

package/lib/services/entity-service/index.d.ts

@@ -35,7 +35,7 @@ type Params<T> = {
   files?: any;
 };
 
-interface EntityService {
+export interface EntityService {
   uploadFiles<K extends keyof AllTypes, T extends AllTypes[K]>(uid: K, entity, files);
   wrapParams<K extends keyof AllTypes, T extends AllTypes[K]>(
     params: Params<T>,

package/lib/services/entity-service/index.js

@@ -8,9 +8,9 @@ const {
   InvalidDateTimeError,
 } = require('@strapi/database').errors;
 const {
-  sanitize,
   webhook: webhookUtils,
   contentTypes: contentTypesUtils,
+  sanitize,
 } = require('@strapi/utils');
 const { ValidationError } = require('@strapi/utils').errors;
 const uploadFiles = require('../utils/upload-files');
@@ -92,12 +92,13 @@ const createDefaultImplementation = ({ strapi, db, eventHub, entityValidator })
     return options;
   },
 
-  emitEvent(uid, event, entity) {
+  async emitEvent(uid, event, entity) {
     const model = strapi.getModel(uid);
+    const sanitizedEntity = await sanitize.sanitizers.defaultSanitizeOutput(model, entity);
 
     eventHub.emit(event, {
       model: model.modelName,
-      entry: sanitize.eventHub(entity, model),
+      entry: sanitizedEntity,
     });
   },
 
@@ -182,7 +183,7 @@ const createDefaultImplementation = ({ strapi, db, eventHub, entityValidator })
       entity = await this.findOne(uid, entity.id, wrappedParams);
     }
 
-    this.emitEvent(uid, ENTRY_CREATE, entity);
+    await this.emitEvent(uid, ENTRY_CREATE, entity);
 
     return entity;
   },
@@ -225,7 +226,7 @@ const createDefaultImplementation = ({ strapi, db, eventHub, entityValidator })
       entity = await this.findOne(uid, entity.id, wrappedParams);
     }
 
-    this.emitEvent(uid, ENTRY_UPDATE, entity);
+    await this.emitEvent(uid, ENTRY_UPDATE, entity);
 
     return entity;
   },
@@ -248,7 +249,7 @@ const createDefaultImplementation = ({ strapi, db, eventHub, entityValidator })
     await deleteComponents(uid, entityToDelete);
     await db.query(uid).delete({ where: { id: entityToDelete.id } });
 
-    this.emitEvent(uid, ENTRY_DELETE, entityToDelete);
+    await this.emitEvent(uid, ENTRY_DELETE, entityToDelete);
 
     return entityToDelete;
   },
@@ -263,7 +264,7 @@ const createDefaultImplementation = ({ strapi, db, eventHub, entityValidator })
     return db.query(uid).deleteMany(query);
   },
 
-  load(uid, entity, field, params) {
+  load(uid, entity, field, params = {}) {
     const { attributes } = strapi.getModel(uid);
 
     const attribute = attributes[field];

package/lib/services/entity-validator/index.js

@@ -4,12 +4,13 @@
  */
 'use strict';
 
-const { has, assoc, prop } = require('lodash/fp');
+const { has, assoc, prop, isObject } = require('lodash/fp');
 const strapiUtils = require('@strapi/utils');
 const validators = require('./validators');
 
 const { yup, validateYupSchema } = strapiUtils;
 const { isMediaAttribute, isScalarAttribute, getWritableAttributes } = strapiUtils.contentTypes;
+const { ValidationError } = strapiUtils.errors;
 
 const addMinMax = (attr, validator, data) => {
   if (Number.isInteger(attr.min) && (attr.required || (Array.isArray(data) && data.length > 0))) {
@@ -173,6 +174,14 @@ const createModelValidator = createOrUpdate => (model, data, { isDraft }) => {
 };
 
 const createValidateEntity = createOrUpdate => async (model, data, { isDraft = false } = {}) => {
+  if (!isObject(data)) {
+    const { displayName } = model.info;
+
+    throw new ValidationError(
+      `Invalid payload submitted for the ${createOrUpdate} of an entity of type ${displayName}. Expected an object, but got ${typeof data}`
+    );
+  }
+
   const validator = createModelValidator(createOrUpdate)(model, data, { isDraft }).required();
   return validateYupSchema(validator, { strict: false, abortEarly: false })(data);
 };

package/lib/services/errors.js

@@ -60,9 +60,14 @@ const formatHttpError = error => {
   };
 };
 
-const formatInternalError = () => {
-  const error = createError(500);
-  return formatHttpError(error);
+const formatInternalError = error => {
+  const httpError = createError(error);
+
+  if (httpError.expose) {
+    return formatHttpError(httpError);
+  }
+
+  return formatHttpError(createError(httpError.status || 500));
 };
 
 module.exports = {

package/lib/services/server/compose-endpoint.js

@@ -82,23 +82,37 @@ module.exports = strapi => {
 
       router[method](path, routeHandler);
     } catch (error) {
-      throw new Error(`Error creating endpoint ${route.method} ${route.path}: ${error.message}`);
+      error.message = `Error creating endpoint ${route.method} ${route.path}: ${error.message}`;
+      throw error;
     }
   };
 };
 
 const getController = (name, { pluginName, apiName }, strapi) => {
+  let ctrl;
+
   if (pluginName) {
     if (pluginName === 'admin') {
-      return strapi.controller(`admin::${name}`);
+      ctrl = strapi.controller(`admin::${name}`);
+    } else {
+      ctrl = strapi.plugin(pluginName).controller(name);
     }
-
-    return strapi.plugin(pluginName).controller(name);
   } else if (apiName) {
-    return strapi.controller(`api::${apiName}.${name}`);
+    ctrl = strapi.controller(`api::${apiName}.${name}`);
+  }
+
+  if (!ctrl) {
+    return strapi.controller(name);
   }
 
-  return strapi.controller(name);
+  return ctrl;
+};
+
+const extractHandlerParts = name => {
+  const controllerName = name.slice(0, name.lastIndexOf('.'));
+  const actionName = name.slice(name.lastIndexOf('.') + 1);
+
+  return { controllerName, actionName };
 };
 
 const getAction = (route, strapi) => {
@@ -109,7 +123,7 @@ const getAction = (route, strapi) => {
     return handler;
   }
 
-  const [controllerName, actionName] = trim(handler).split('.');
+  const { controllerName, actionName } = extractHandlerParts(trim(handler));
 
   const controller = getController(controllerName, { pluginName, apiName }, strapi);
 

package/lib/services/server/policy.js

@@ -1,24 +1,20 @@
 'use strict';
 
 const { propOr } = require('lodash/fp');
-const policy = require('@strapi/utils/lib/policy');
 const { ForbiddenError } = require('@strapi/utils').errors;
+const { policy: policyUtils } = require('@strapi/utils');
 
 const getPoliciesConfig = propOr([], 'config.policies');
 
 const resolvePolicies = route => {
-  const { pluginName, apiName } = route.info || {};
   const policiesConfig = getPoliciesConfig(route);
-
-  const resolvedPolicies = policiesConfig.map(policyConfig =>
-    policy.get(policyConfig, { pluginName, apiName })
-  );
+  const resolvedPolicies = policyUtils.resolve(policiesConfig, route.info);
 
   const policiesMiddleware = async (ctx, next) => {
-    const context = policy.createPolicyContext('koa', ctx);
+    const context = policyUtils.createPolicyContext('koa', ctx);
 
-    for (const resolvedPolicy of resolvedPolicies) {
-      const result = await resolvedPolicy(context, { strapi });
+    for (const { handler, config } of resolvedPolicies) {
+      const result = await handler(context, config, { strapi });
 
       if (![true, undefined].includes(result)) {
         throw new ForbiddenError('Policies failed.');

package/lib/services/server/register-routes.js

@@ -6,12 +6,10 @@ const createRouteScopeGenerator = namespace => route => {
   const prefix = namespace.endsWith('::') ? namespace : `${namespace}.`;
 
   if (typeof route.handler === 'string') {
-    const [controller, action] = route.handler.split('.');
-
     _.defaultsDeep(route, {
       config: {
         auth: {
-          scope: [`${prefix}${controller}.${action}`],
+          scope: [`${route.handler.startsWith(prefix) ? '' : prefix}${route.handler}`],
         },
       },
     });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@strapi/strapi",
-  "version": "4.0.0-beta.11",
+  "version": "4.0.0-beta.15",
   "description": "An open source headless CMS solution to create and manage your own API. It provides a powerful dashboard and features to make your life easier. Databases supported: MySQL, MariaDB, PostgreSQL, SQLite",
   "keywords": [
     "strapi",
@@ -79,16 +79,16 @@
   "dependencies": {
     "@koa/cors": "3.1.0",
     "@koa/router": "10.1.1",
-    "@strapi/admin": "4.0.0-beta.11",
-    "@strapi/database": "4.0.0-beta.11",
-    "@strapi/generate-new": "4.0.0-beta.11",
-    "@strapi/generators": "4.0.0-beta.11",
-    "@strapi/logger": "4.0.0-beta.11",
-    "@strapi/plugin-content-manager": "4.0.0-beta.11",
-    "@strapi/plugin-content-type-builder": "4.0.0-beta.11",
-    "@strapi/plugin-email": "4.0.0-beta.11",
-    "@strapi/plugin-upload": "4.0.0-beta.11",
-    "@strapi/utils": "4.0.0-beta.11",
+    "@strapi/admin": "4.0.0-beta.15",
+    "@strapi/database": "4.0.0-beta.15",
+    "@strapi/generate-new": "4.0.0-beta.15",
+    "@strapi/generators": "4.0.0-beta.15",
+    "@strapi/logger": "4.0.0-beta.15",
+    "@strapi/plugin-content-manager": "4.0.0-beta.15",
+    "@strapi/plugin-content-type-builder": "4.0.0-beta.15",
+    "@strapi/plugin-email": "4.0.0-beta.15",
+    "@strapi/plugin-upload": "4.0.0-beta.15",
+    "@strapi/utils": "4.0.0-beta.15",
     "bcryptjs": "2.4.3",
     "boxen": "5.1.2",
     "chalk": "4.1.2",
@@ -104,7 +104,7 @@
     "fs-extra": "10.0.0",
     "glob": "7.2.0",
     "http-errors": "1.8.0",
-    "inquirer": "8.1.5",
+    "inquirer": "8.2.0",
     "is-docker": "2.2.1",
     "koa": "2.13.3",
     "koa-body": "4.2.0",
@@ -134,5 +134,5 @@
     "node": ">=12.x.x <=16.x.x",
     "npm": ">=6.0.0"
   },
-  "gitHead": "5b04fa152dc597fc3aa80afb25796217b60403f3"
+  "gitHead": "c69713bf7f437a7cee66ffdeed95227d6246a872"
 }