@strapi/strapi 4.0.0-beta.12 → 4.0.0-beta.16

package/lib/Strapi.js

@@ -366,7 +366,7 @@ class Strapi {
     this.telemetry.bootstrap();
 
     let oldContentTypes;
-    if (await this.db.connection.schema.hasTable(coreStoreModel.collectionName)) {
+    if (await this.db.getSchemaConnection().hasTable(coreStoreModel.collectionName)) {
       oldContentTypes = await this.store.get({
         type: 'strapi',
         name: 'content_types',
@@ -463,13 +463,13 @@ class Strapi {
     await this.container.get('modules')[lifecycleName]();
 
     // user
-    const userLifecycleFunction = this.app[lifecycleName];
+    const userLifecycleFunction = this.app && this.app[lifecycleName];
     if (isFunction(userLifecycleFunction)) {
       await userLifecycleFunction({ strapi: this });
     }
 
     // admin
-    const adminLifecycleFunction = this.admin[lifecycleName];
+    const adminLifecycleFunction = this.admin && this.admin[lifecycleName];
     if (isFunction(adminLifecycleFunction)) {
       await adminLifecycleFunction({ strapi: this });
     }

package/lib/commands/new.js

@@ -1,5 +1,7 @@
 'use strict';
 
+const { generateNewApp } = require('@strapi/generate-new');
+
 /**
  * `$ strapi new`
  *
@@ -7,5 +9,5 @@
  */
 
 module.exports = function(...args) {
-  return require('@strapi/generate-new')(...args);
+  return generateNewApp(...args);
 };

package/lib/core/domain/module/index.js

@@ -61,7 +61,9 @@ const createModule = (namespace, rawModule, strapi) => {
       strapi.container.get('controllers').add(namespace, rawModule.controllers);
       strapi.container.get('config').set(uidToPath(namespace), rawModule.config);
     },
-    routes: rawModule.routes,
+    get routes() {
+      return rawModule.routes;
+    },
     config(path, defaultValue) {
       return strapi.container.get('config').get(`${uidToPath(namespace)}.${path}`, defaultValue);
     },

package/lib/core/domain/module/validation.js

@@ -1,6 +1,5 @@
 'use strict';
 
-const _ = require('lodash');
 const { yup } = require('@strapi/utils');
 
 const strapiServerSchema = yup
@@ -14,9 +13,7 @@ const strapiServerSchema = yup
       if (Array.isArray(value)) {
         return yup.array();
       } else {
-        const shape = _.mapValues(value, () => yup.object({ routes: yup.array().required() }));
-
-        return yup.object(shape);
+        return yup.object();
       }
     }),
     controllers: yup.object(),

package/lib/core/loaders/plugins/get-enabled-plugins.js

@@ -51,10 +51,10 @@ const getEnabledPlugins = async strapi => {
     const packageInfo = require(packagePath);
 
     validatePluginName(packageInfo.strapi.name);
-    internalPlugins[packageInfo.strapi.name] = toDetailedDeclaration({
-      enabled: true,
-      resolve: packagePath,
-    });
+    internalPlugins[packageInfo.strapi.name] = {
+      ...toDetailedDeclaration({ enabled: true, resolve: packagePath }),
+      info: packageInfo.strapi,
+    };
   }
 
   const installedPlugins = {};
@@ -64,10 +64,10 @@ const getEnabledPlugins = async strapi => {
 
     if (isStrapiPlugin(packageInfo)) {
       validatePluginName(packageInfo.strapi.name);
-      installedPlugins[packageInfo.strapi.name] = toDetailedDeclaration({
-        enabled: true,
-        resolve: packagePath,
-      });
+      installedPlugins[packageInfo.strapi.name] = {
+        ...toDetailedDeclaration({ enabled: true, resolve: packagePath }),
+        info: packageInfo.strapi,
+      };
     }
   }
 
@@ -79,7 +79,23 @@ const getEnabledPlugins = async strapi => {
 
   _.forEach(userPluginsConfig, (declaration, pluginName) => {
     validatePluginName(pluginName);
-    declaredPlugins[pluginName] = toDetailedDeclaration(declaration);
+
+    declaredPlugins[pluginName] = {
+      ...toDetailedDeclaration(declaration),
+      info: {},
+    };
+
+    const { pathToPlugin } = declaredPlugins[pluginName];
+
+    // for manually resolved plugins
+    if (pathToPlugin) {
+      const packagePath = join(pathToPlugin, 'package.json');
+      const packageInfo = require(packagePath);
+
+      if (isStrapiPlugin(packageInfo)) {
+        declaredPlugins[pluginName].info = packageInfo.strapi || {};
+      }
+    }
   });
 
   const declaredPluginsResolves = map(prop('pathToPlugin'), declaredPlugins);

package/lib/core/loaders/plugins/index.js

@@ -1,7 +1,7 @@
 'use strict';
 
 const { join } = require('path');
-const { existsSync } = require('fs');
+const fse = require('fs-extra');
 const { defaultsDeep, getOr, get } = require('lodash/fp');
 const { env } = require('@strapi/utils');
 const loadConfigFile = require('../../app-configuration/load-config-file');
@@ -26,7 +26,7 @@ const defaultPlugin = {
 
 const applyUserExtension = async plugins => {
   const extensionsDir = strapi.dirs.extensions;
-  if (!existsSync(extensionsDir)) {
+  if (!(await fse.pathExists(extensionsDir))) {
     return;
   }
 
@@ -61,9 +61,9 @@ const formatContentTypes = plugins => {
   }
 };
 
-const applyUserConfig = plugins => {
+const applyUserConfig = async plugins => {
   const userPluginConfigPath = join(strapi.dirs.config, 'plugins.js');
-  const userPluginsConfig = existsSync(userPluginConfigPath)
+  const userPluginsConfig = (await fse.pathExists(userPluginConfigPath))
     ? loadConfigFile(userPluginConfigPath)
     : {};
 
@@ -90,14 +90,24 @@ const loadPlugins = async strapi => {
 
   const enabledPlugins = await getEnabledPlugins(strapi);
 
+  strapi.config.set('enabledPlugins', enabledPlugins);
+
   for (const pluginName in enabledPlugins) {
     const enabledPlugin = enabledPlugins[pluginName];
-    const pluginServer = loadConfigFile(join(enabledPlugin.pathToPlugin, 'strapi-server.js'));
+
+    const serverEntrypointPath = join(enabledPlugin.pathToPlugin, 'strapi-server.js');
+
+    // only load plugins with a server entrypoint
+    if (!(await fse.pathExists(serverEntrypointPath))) {
+      continue;
+    }
+
+    const pluginServer = loadConfigFile(serverEntrypointPath);
     plugins[pluginName] = defaultsDeep(defaultPlugin, pluginServer);
   }
 
   // TODO: validate plugin format
-  applyUserConfig(plugins);
+  await applyUserConfig(plugins);
   await applyUserExtension(plugins);
   formatContentTypes(plugins);
 

package/lib/core/registries/apis.js

@@ -1,7 +1,6 @@
 'use strict';
 
 const { has } = require('lodash/fp');
-const { createCoreApi } = require('../../core-api');
 
 const apisRegistry = strapi => {
   const apis = {};
@@ -18,22 +17,9 @@ const apisRegistry = strapi => {
         throw new Error(`API ${apiName} has already been registered.`);
       }
 
-      const apiInstance = strapi.container.get('modules').add(`api::${apiName}`, apiConfig);
+      const api = strapi.container.get('modules').add(`api::${apiName}`, apiConfig);
 
-      for (const ctName in apiInstance.contentTypes || {}) {
-        const contentType = apiInstance.contentTypes[ctName];
-
-        const { service, controller } = createCoreApi({
-          model: contentType,
-          api: apiInstance,
-          strapi,
-        });
-
-        strapi.container.get('services').set(`api::${apiName}.${ctName}`, service);
-        strapi.container.get('controllers').set(`api::${apiName}.${ctName}`, controller);
-      }
-
-      apis[apiName] = apiInstance;
+      apis[apiName] = api;
 
       return apis[apiName];
     },

package/lib/core/registries/controllers.d.ts

@@ -0,0 +1,7 @@
+import { Strapi } from '../../';
+
+export type Controller = {
+  [key: string]: (...args: any) => any;
+};
+
+export type ControllerFactory = ({ strapi: Strapi }) => Controller;

package/lib/core/registries/controllers.js

@@ -3,20 +3,80 @@
 const { pickBy, has } = require('lodash/fp');
 const { addNamespace, hasNamespace } = require('../utils');
 
+/**
+ * @typedef {import('./controllers').Controller} Controller
+ * @typedef {import('./controllers').ControllerFactory} ControllerFactory
+ */
+
 const controllersRegistry = () => {
   const controllers = {};
+  const instances = {};
 
   return {
+    /**
+     * Returns this list of registered controllers uids
+     * @returns {string[]}
+     */
+    keys() {
+      return Object.keys(controllers);
+    },
+
+    /**
+     * Returns the instance of a controller. Instantiate the controller if not already done
+     * @param {string} uid
+     * @returns {Controller}
+     */
     get(uid) {
-      return controllers[uid];
+      if (instances[uid]) {
+        return instances[uid];
+      }
+
+      const controller = controllers[uid];
+
+      if (controller) {
+        instances[uid] = typeof controller === 'function' ? controller({ strapi }) : controller;
+        return instances[uid];
+      }
     },
+
+    /**
+     * Returns a map with all the controller in a namespace
+     * @param {string} namespace
+     * @returns {{ [key: string]: Controller }}
+     */
     getAll(namespace) {
-      return pickBy((_, uid) => hasNamespace(uid, namespace))(controllers);
+      const filteredControllers = pickBy((_, uid) => hasNamespace(uid, namespace))(controllers);
+
+      const map = {};
+      for (const uid in filteredControllers) {
+        Object.defineProperty(map, uid, {
+          enumerable: true,
+          get: () => {
+            return this.get(uid);
+          },
+        });
+      }
+
+      return map;
     },
+
+    /**
+     * Registers a controller
+     * @param {string} uid
+     * @param {Controller} controller
+     */
     set(uid, value) {
       controllers[uid] = value;
+      delete instances[uid];
       return this;
     },
+
+    /**
+     * Registers a map of controllers for a specific namespace
+     * @param {string} namespace
+     * @param {{ [key: string]: Controller|ControllerFactory }} newControllers
+     * @returns
+     */
     add(namespace, newControllers) {
       for (const controllerName in newControllers) {
         const controller = newControllers[controllerName];
@@ -27,15 +87,26 @@ const controllersRegistry = () => {
         }
         controllers[uid] = controller;
       }
+
       return this;
     },
+
+    /**
+     * Wraps a controller to extend it
+     * @param {string} uid
+     * @param {(controller: Controller) => Controller} extendFn
+     */
     extend(controllerUID, extendFn) {
       const currentController = this.get(controllerUID);
+
       if (!currentController) {
         throw new Error(`Controller ${controllerUID} doesn't exist`);
       }
+
       const newController = extendFn(currentController);
-      controllers[controllerUID] = newController;
+      instances[controllerUID] = newController;
+
+      return this;
     },
   };
 };

package/lib/core/registries/services.js

@@ -1,6 +1,5 @@
 'use strict';
 
-const _ = require('lodash');
 const { pickBy, has } = require('lodash/fp');
 const { addNamespace, hasNamespace } = require('../utils');
 
@@ -37,8 +36,6 @@ const servicesRegistry = strapi => {
         instantiatedServices[uid] = typeof service === 'function' ? service({ strapi }) : service;
         return instantiatedServices[uid];
       }
-
-      return undefined;
     },
 
     /**
@@ -49,16 +46,28 @@ const servicesRegistry = strapi => {
     getAll(namespace) {
       const filteredServices = pickBy((_, uid) => hasNamespace(uid, namespace))(services);
 
-      return _.mapValues(filteredServices, (service, serviceUID) => this.get(serviceUID));
+      // create lazy accessor to avoid instantiating the services;
+      const map = {};
+      for (const uid in filteredServices) {
+        Object.defineProperty(map, uid, {
+          enumerable: true,
+          get: () => {
+            return this.get(uid);
+          },
+        });
+      }
+
+      return map;
     },
 
     /**
      * Registers a service
      * @param {string} uid
-     * @param {Service|ServiceFactory} service
+     * @param {Service} service
      */
     set(uid, service) {
-      instantiatedServices[uid] = service;
+      services[uid] = service;
+      delete instantiatedServices[uid];
       return this;
     },
 

package/lib/core-api/controller/collection-type.js

@@ -1,17 +1,17 @@
 'use strict';
 
+const { isObject } = require('lodash/fp');
+const { ValidationError } = require('@strapi/utils').errors;
+
 const { parseBody } = require('./transform');
 
 /**
  *
  * Returns a collection type controller to handle default core-api actions
  */
-const createCollectionTypeController = ({
-  service,
-  sanitizeInput,
-  sanitizeOutput,
-  transformResponse,
-}) => {
+const createCollectionTypeController = ({ contentType }) => {
+  const { uid } = contentType;
+
   return {
     /**
      * Retrieve records.
@@ -21,10 +21,10 @@ const createCollectionTypeController = ({
     async find(ctx) {
       const { query } = ctx;
 
-      const { results, pagination } = await service.find(query);
-      const sanitizedResults = await sanitizeOutput(results, ctx);
+      const { results, pagination } = await strapi.service(uid).find(query);
+      const sanitizedResults = await this.sanitizeOutput(results, ctx);
 
-      return transformResponse(sanitizedResults, { pagination });
+      return this.transformResponse(sanitizedResults, { pagination });
     },
 
     /**
@@ -36,10 +36,10 @@ const createCollectionTypeController = ({
       const { id } = ctx.params;
       const { query } = ctx;
 
-      const entity = await service.findOne(id, query);
-      const sanitizedEntity = await sanitizeOutput(entity, ctx);
+      const entity = await strapi.service(uid).findOne(id, query);
+      const sanitizedEntity = await this.sanitizeOutput(entity, ctx);
 
-      return transformResponse(sanitizedEntity);
+      return this.transformResponse(sanitizedEntity);
     },
 
     /**
@@ -51,12 +51,19 @@ const createCollectionTypeController = ({
       const { query } = ctx.request;
 
       const { data, files } = parseBody(ctx);
-      const sanitizedInputData = await sanitizeInput(data, ctx);
 
-      const entity = await service.create({ ...query, data: sanitizedInputData, files });
-      const sanitizedEntity = await sanitizeOutput(entity, ctx);
+      if (!isObject(data)) {
+        throw new ValidationError('Missing "data" payload in the request body');
+      }
+
+      const sanitizedInputData = await this.sanitizeInput(data, ctx);
 
-      return transformResponse(sanitizedEntity);
+      const entity = await strapi
+        .service(uid)
+        .create({ ...query, data: sanitizedInputData, files });
+      const sanitizedEntity = await this.sanitizeOutput(entity, ctx);
+
+      return this.transformResponse(sanitizedEntity);
     },
 
     /**
@@ -69,12 +76,19 @@ const createCollectionTypeController = ({
       const { query } = ctx.request;
 
       const { data, files } = parseBody(ctx);
-      const sanitizedInputData = await sanitizeInput(data, ctx);
 
-      const entity = await service.update(id, { ...query, data: sanitizedInputData, files });
-      const sanitizedEntity = await sanitizeOutput(entity, ctx);
+      if (!isObject(data)) {
+        throw new ValidationError('Missing "data" payload in the request body');
+      }
+
+      const sanitizedInputData = await this.sanitizeInput(data, ctx);
+
+      const entity = await strapi
+        .service(uid)
+        .update(id, { ...query, data: sanitizedInputData, files });
+      const sanitizedEntity = await this.sanitizeOutput(entity, ctx);
 
-      return transformResponse(sanitizedEntity);
+      return this.transformResponse(sanitizedEntity);
     },
 
     /**
@@ -86,10 +100,10 @@ const createCollectionTypeController = ({
       const { id } = ctx.params;
       const { query } = ctx;
 
-      const entity = await service.delete(id, query);
-      const sanitizedEntity = await sanitizeOutput(entity, ctx);
+      const entity = await strapi.service(uid).delete(id, query);
+      const sanitizedEntity = await this.sanitizeOutput(entity, ctx);
 
-      return transformResponse(sanitizedEntity);
+      return this.transformResponse(sanitizedEntity);
     },
   };
 };

package/lib/core-api/controller/index.d.ts

@@ -0,0 +1,25 @@
+import { Context } from 'koa';
+
+type Response = object;
+
+interface BaseController {
+  transformResponse(data: object, meta: object): object;
+  sanitizeOutput(data: object, ctx: Context): Promise<object>;
+  sanitizeInput(data: object, ctx: Context): Promise<object>;
+}
+
+export interface SingleTypeController extends BaseController {
+  find(ctx: Context): Promise<Response>;
+  update(ctx: Context): Promise<Response>;
+  delete(ctx: Context): Promise<Response>;
+}
+
+export interface CollectionTypeController extends BaseController {
+  find(ctx: Context): Promise<Response>;
+  findOne(ctx: Context): Promise<Response>;
+  create(ctx: Context): Promise<Response>;
+  update(ctx: Context): Promise<Response>;
+  delete(ctx: Context): Promise<Response>;
+}
+
+export type Controller = SingleTypeController | CollectionTypeController;

package/lib/core-api/controller/index.js

@@ -10,31 +10,36 @@ const createCollectionTypeController = require('./collection-type');
 
 const getAuthFromKoaContext = getOr({}, 'state.auth');
 
-module.exports = ({ service, model }) => {
-  const ctx = {
-    model,
-    service,
+const createController = ({ contentType }) => {
+  const ctx = { contentType };
 
+  const proto = {
     transformResponse(data, meta) {
-      return transformResponse(data, meta, { contentType: model });
+      return transformResponse(data, meta, { contentType });
     },
 
     sanitizeOutput(data, ctx) {
       const auth = getAuthFromKoaContext(ctx);
 
-      return sanitize.contentAPI.output(data, strapi.getModel(model.uid), { auth });
+      return sanitize.contentAPI.output(data, contentType, { auth });
     },
 
     sanitizeInput(data, ctx) {
       const auth = getAuthFromKoaContext(ctx);
 
-      return sanitize.contentAPI.input(data, strapi.getModel(model.uid), { auth });
+      return sanitize.contentAPI.input(data, contentType, { auth });
     },
   };
 
-  if (contentTypes.isSingleType(model)) {
-    return createSingleTypeController(ctx);
+  let ctrl;
+
+  if (contentTypes.isSingleType(contentType)) {
+    ctrl = createSingleTypeController(ctx);
+  } else {
+    ctrl = createCollectionTypeController(ctx);
   }
 
-  return createCollectionTypeController(ctx);
+  return Object.assign(Object.create(proto), ctrl);
 };
+
+module.exports = { createController };

package/lib/core-api/controller/single-type.js

@@ -1,16 +1,16 @@
 'use strict';
 
+const { isObject } = require('lodash/fp');
+const { ValidationError } = require('@strapi/utils').errors;
+
 const { parseBody } = require('./transform');
 
 /**
  * Returns a single type controller to handle default core-api actions
  */
-const createSingleTypeController = ({
-  service,
-  sanitizeInput,
-  sanitizeOutput,
-  transformResponse,
-}) => {
+const createSingleTypeController = ({ contentType }) => {
+  const { uid } = contentType;
+
   return {
     /**
      * Retrieve single type content
@@ -20,10 +20,10 @@ const createSingleTypeController = ({
     async find(ctx) {
       const { query } = ctx;
 
-      const entity = await service.find(query);
-      const sanitizedEntity = await sanitizeOutput(entity, ctx);
+      const entity = await strapi.service(uid).find(query);
+      const sanitizedEntity = await this.sanitizeOutput(entity, ctx);
 
-      return transformResponse(sanitizedEntity);
+      return this.transformResponse(sanitizedEntity);
     },
 
     /**
@@ -34,21 +34,28 @@ const createSingleTypeController = ({
     async update(ctx) {
       const { query } = ctx.request;
       const { data, files } = parseBody(ctx);
-      const sanitizedInputData = await sanitizeInput(data, ctx);
 
-      const entity = await service.createOrUpdate({ ...query, data: sanitizedInputData, files });
-      const sanitizedEntity = await sanitizeOutput(entity, ctx);
+      if (!isObject(data)) {
+        throw new ValidationError('Missing "data" payload in the request body');
+      }
+
+      const sanitizedInputData = await this.sanitizeInput(data, ctx);
+
+      const entity = await strapi
+        .service(uid)
+        .createOrUpdate({ ...query, data: sanitizedInputData, files });
+      const sanitizedEntity = await this.sanitizeOutput(entity, ctx);
 
-      return transformResponse(sanitizedEntity);
+      return this.transformResponse(sanitizedEntity);
     },
 
     async delete(ctx) {
       const { query } = ctx;
 
-      const entity = await service.delete(query);
-      const sanitizedEntity = await sanitizeOutput(entity, ctx);
+      const entity = await strapi.service(uid).delete(query);
+      const sanitizedEntity = await this.sanitizeOutput(entity, ctx);
 
-      return transformResponse(sanitizedEntity);
+      return this.transformResponse(sanitizedEntity);
     },
   };
 };

package/lib/core-api/routes/index.js

@@ -0,0 +1,71 @@
+'use strict';
+
+const { isSingleType } = require('@strapi/utils').contentTypes;
+
+const createRoutes = ({ contentType }) => {
+  if (isSingleType(contentType)) {
+    return getSingleTypeRoutes(contentType);
+  }
+
+  return getCollectionTypeRoutes(contentType);
+};
+
+const getSingleTypeRoutes = ({ uid, info }) => {
+  return {
+    find: {
+      method: 'GET',
+      path: `/${info.singularName}`,
+      handler: `${uid}.find`,
+      config: {},
+    },
+    update: {
+      method: 'PUT',
+      path: `/${info.singularName}`,
+      handler: `${uid}.update`,
+      config: {},
+    },
+    delete: {
+      method: 'DELETE',
+      path: `/${info.singularName}`,
+      handler: `${uid}.delete`,
+      config: {},
+    },
+  };
+};
+
+const getCollectionTypeRoutes = ({ uid, info }) => {
+  return {
+    find: {
+      method: 'GET',
+      path: `/${info.pluralName}`,
+      handler: `${uid}.find`,
+      config: {},
+    },
+    findOne: {
+      method: 'GET',
+      path: `/${info.pluralName}/:id`,
+      handler: `${uid}.findOne`,
+      config: {},
+    },
+    create: {
+      method: 'POST',
+      path: `/${info.pluralName}`,
+      handler: `${uid}.create`,
+      config: {},
+    },
+    update: {
+      method: 'PUT',
+      path: `/${info.pluralName}/:id`,
+      handler: `${uid}.update`,
+      config: {},
+    },
+    delete: {
+      method: 'DELETE',
+      path: `/${info.pluralName}/:id`,
+      handler: `${uid}.delete`,
+      config: {},
+    },
+  };
+};
+
+module.exports = { createRoutes };

package/lib/core-api/service/collection-type.js

@@ -22,14 +22,12 @@ const setPublishedAt = data => {
  *
  * Returns a collection type service to handle default core-api actions
  */
-const createCollectionTypeService = ({ model, strapi, utils }) => {
-  const { uid } = model;
-
-  const { getFetchParams } = utils;
+const createCollectionTypeService = ({ contentType }) => {
+  const { uid } = contentType;
 
   return {
     async find(params = {}) {
-      const fetchParams = getFetchParams(params);
+      const fetchParams = this.getFetchParams(params);
 
       const paginationInfo = getPaginationInfo(fetchParams);
 
@@ -54,13 +52,13 @@ const createCollectionTypeService = ({ model, strapi, utils }) => {
     },
 
     findOne(entityId, params = {}) {
-      return strapi.entityService.findOne(uid, entityId, getFetchParams(params));
+      return strapi.entityService.findOne(uid, entityId, this.getFetchParams(params));
     },
 
     create(params = {}) {
       const { data } = params;
 
-      if (hasDraftAndPublish(model)) {
+      if (hasDraftAndPublish(contentType)) {
         setPublishedAt(data);
       }
 

package/lib/core-api/service/index.d.ts

@@ -0,0 +1,21 @@
+type Entity = object;
+
+interface BaseService {
+  getFetchParams(params: object): object;
+}
+
+export interface SingleTypeService extends BaseService {
+  find(params: object): Promise<Entity>;
+  createOrUpdate(params: object): Promise<Entity>;
+  delete(params: object): Promise<Entity>;
+}
+
+export interface CollectionTypeService extends BaseService {
+  find(params: object): Promise<Entity[]>;
+  findOne(params: object): Promise<Entity>;
+  create(params: object): Promise<Entity>;
+  update(params: object): Promise<Entity>;
+  delete(params: object): Promise<Entity>;
+}
+
+export type Service = SingleTypeService | CollectionTypeService;

package/lib/core-api/service/index.js

@@ -13,14 +13,18 @@ const createCollectionTypeService = require('./collection-type');
  * @param {{ model: object, strapi: object }} context
  * @returns {object}
  */
-const createService = ({ model, strapi }) => {
-  const utils = createUtils({ model });
+const createService = ({ contentType }) => {
+  const proto = { getFetchParams };
 
-  if (isSingleType(model)) {
-    return createSingleTypeService({ model, strapi, utils });
+  let service;
+
+  if (isSingleType(contentType)) {
+    service = createSingleTypeService({ contentType });
+  } else {
+    service = createCollectionTypeService({ contentType });
   }
 
-  return createCollectionTypeService({ model, strapi, utils });
+  return Object.assign(Object.create(proto), service);
 };
 
 /**
@@ -35,13 +39,6 @@ const getFetchParams = (params = {}) => {
   };
 };
 
-/**
- * Mixins
- */
-const createUtils = () => ({
-  getFetchParams,
-});
-
 module.exports = {
   createService,
   getFetchParams,

package/lib/core-api/service/single-type.js

@@ -5,10 +5,12 @@ const { ValidationError } = require('@strapi/utils').errors;
 /**
  * Returns a single type service to handle default core-api actions
  */
-const createSingleTypeService = ({ model, strapi, utils }) => {
-  const { uid } = model;
-  const { getFetchParams } = utils;
+const createSingleTypeService = ({ contentType }) => {
+  const { uid } = contentType;
 
+  /**
+   * @type {import('./').SingleTypeService}
+   */
   return {
     /**
      * Returns singleType content
@@ -16,7 +18,7 @@ const createSingleTypeService = ({ model, strapi, utils }) => {
      * @return {Promise}
      */
     find(params = {}) {
-      return strapi.entityService.findMany(uid, getFetchParams(params));
+      return strapi.entityService.findMany(uid, this.getFetchParams(params));
     },
 
     /**

package/lib/factories.d.ts

@@ -0,0 +1,48 @@
+import { Service } from './core-api/service';
+import { Controller } from './core-api/controller';
+import { Middleware } from './middlewares';
+import { Policy } from './core/registries/policies';
+
+type ControllerConfig = Controller;
+
+type ServiceConfig = Service;
+
+type HandlerConfig = {
+  auth: false | { scope: string[] };
+  policies: Array<string | Policy>;
+  middlewares: Array<string | Middleware>;
+};
+
+type SingleTypeRouterConfig = {
+  find: HandlerConfig;
+  update: HandlerConfig;
+  delete: HandlerConfig;
+};
+
+type CollectionTypeRouterConfig = {
+  find: HandlerConfig;
+  findOne: HandlerConfig;
+  create: HandlerConfig;
+  update: HandlerConfig;
+  delete: HandlerConfig;
+};
+
+type RouterConfig = {
+  prefix: string;
+  only: string[];
+  except: string[];
+  config: SingleTypeRouterConfig | CollectionTypeRouterConfig;
+};
+
+interface Route {
+  method: string;
+  path: string;
+}
+interface Router {
+  prefix: string;
+  routes: Route[];
+}
+
+export function createCoreRouter(uid: string, cfg: RouterConfig): () => Router;
+export function createCoreController(uid: string, cfg: ControllerConfig): () => Controller;
+export function createCoreService(uid: string, cfg: ServiceConfig): () => Service;

package/lib/factories.js

@@ -0,0 +1,84 @@
+'use strict';
+
+const { pipe, omit, pick } = require('lodash/fp');
+
+const { createController } = require('./core-api/controller');
+const { createService } = require('./core-api/service');
+const { createRoutes } = require('./core-api/routes');
+
+const createCoreController = (uid, cfg = {}) => {
+  return ({ strapi }) => {
+    const baseController = createController({
+      contentType: strapi.contentType(uid),
+    });
+
+    let userCtrl = typeof cfg === 'function' ? cfg({ strapi }) : cfg;
+
+    for (const methodName of Object.keys(baseController)) {
+      if (userCtrl[methodName] === undefined) {
+        userCtrl[methodName] = baseController[methodName];
+      }
+    }
+
+    Object.setPrototypeOf(userCtrl, baseController);
+    return userCtrl;
+  };
+};
+
+const createCoreService = (uid, cfg = {}) => {
+  return ({ strapi }) => {
+    const baseService = createService({
+      contentType: strapi.contentType(uid),
+    });
+
+    let userService = typeof cfg === 'function' ? cfg({ strapi }) : cfg;
+
+    for (const methodName of Object.keys(baseService)) {
+      if (userService[methodName] === undefined) {
+        userService[methodName] = baseService[methodName];
+      }
+    }
+
+    Object.setPrototypeOf(userService, baseService);
+    return userService;
+  };
+};
+
+const createCoreRouter = (uid, cfg = {}) => {
+  const { prefix, config = {}, only, except } = cfg;
+  let routes;
+
+  return {
+    get prefix() {
+      return prefix;
+    },
+    get routes() {
+      if (!routes) {
+        const contentType = strapi.contentType(uid);
+
+        const defaultRoutes = createRoutes({ contentType });
+
+        Object.keys(defaultRoutes).forEach(routeName => {
+          const defaultRoute = defaultRoutes[routeName];
+
+          Object.assign(defaultRoute.config, config[routeName] || {});
+        });
+
+        const selectedRoutes = pipe(
+          routes => (except ? omit(except, routes) : routes),
+          routes => (only ? pick(only, routes) : routes)
+        )(defaultRoutes);
+
+        routes = Object.values(selectedRoutes);
+      }
+
+      return routes;
+    },
+  };
+};
+
+module.exports = {
+  createCoreController,
+  createCoreService,
+  createCoreRouter,
+};

package/lib/index.d.ts

@@ -2,6 +2,7 @@ import { Database } from '@strapi/database';
 import { EntityService } from './services/entity-service';
 import { Strapi as StrapiClass } from './Strapi';
 
+export * as factories from './factories';
 interface StrapiInterface extends StrapiClass {
   query: Database['query'];
   entityService: EntityService;

package/lib/index.js

@@ -1,3 +1,7 @@
 'use strict';
 
-module.exports = require('./Strapi');
+const Strapi = require('./Strapi');
+
+Strapi.factories = require('./factories');
+
+module.exports = Strapi;

package/lib/middlewares/errors.js

@@ -32,7 +32,7 @@ module.exports = (/* _, { strapi } */) => {
 
       strapi.log.error(error);
 
-      const { status, body } = formatInternalError();
+      const { status, body } = formatInternalError(error);
       ctx.status = status;
       ctx.body = body;
     }

package/lib/middlewares/index.d.ts

@@ -2,3 +2,4 @@ import { Strapi } from '../';
 import { Middleware } from 'koa';
 
 export type MiddlewareFactory = (config: any, ctx: { strapi: Strapi }) => Middleware | null;
+export type Middleware = Middleware;

package/lib/middlewares/security.js

@@ -12,6 +12,8 @@ const defaults = {
     useDefaults: true,
     directives: {
       'connect-src': ["'self'", 'https:'],
+      'img-src': ["'self'", 'data:', 'blob:'],
+      'media-src': ["'self'", 'data:', 'blob:'],
     },
   },
   xssFilter: false,
@@ -30,12 +32,15 @@ const defaults = {
 module.exports = config => (ctx, next) => {
   let helmetConfig = defaultsDeep(defaults, config);
 
-  if (ctx.method === 'GET' && ['/graphql', '/documentation'].includes(ctx.path)) {
+  if (
+    ctx.method === 'GET' &&
+    ['/graphql', '/documentation'].some(str => ctx.path.startsWith(str))
+  ) {
     helmetConfig = merge(helmetConfig, {
       contentSecurityPolicy: {
         directives: {
           'script-src': ["'self'", "'unsafe-inline'", 'cdn.jsdelivr.net'],
-          'img-src': ["'self'", 'data:', 'cdn.jsdelivr.net'],
+          'img-src': ["'self'", 'data:', 'cdn.jsdelivr.net', 'strapi.io'],
         },
       },
     });

package/lib/services/entity-service/index.d.ts

@@ -35,7 +35,7 @@ type Params<T> = {
   files?: any;
 };
 
-interface EntityService {
+export interface EntityService {
   uploadFiles<K extends keyof AllTypes, T extends AllTypes[K]>(uid: K, entity, files);
   wrapParams<K extends keyof AllTypes, T extends AllTypes[K]>(
     params: Params<T>,

package/lib/services/entity-service/index.js

@@ -8,9 +8,9 @@ const {
   InvalidDateTimeError,
 } = require('@strapi/database').errors;
 const {
-  sanitize,
   webhook: webhookUtils,
   contentTypes: contentTypesUtils,
+  sanitize,
 } = require('@strapi/utils');
 const { ValidationError } = require('@strapi/utils').errors;
 const uploadFiles = require('../utils/upload-files');
@@ -92,12 +92,13 @@ const createDefaultImplementation = ({ strapi, db, eventHub, entityValidator })
     return options;
   },
 
-  emitEvent(uid, event, entity) {
+  async emitEvent(uid, event, entity) {
     const model = strapi.getModel(uid);
+    const sanitizedEntity = await sanitize.sanitizers.defaultSanitizeOutput(model, entity);
 
     eventHub.emit(event, {
       model: model.modelName,
-      entry: sanitize.eventHub(entity, model),
+      entry: sanitizedEntity,
     });
   },
 
@@ -182,7 +183,7 @@ const createDefaultImplementation = ({ strapi, db, eventHub, entityValidator })
       entity = await this.findOne(uid, entity.id, wrappedParams);
     }
 
-    this.emitEvent(uid, ENTRY_CREATE, entity);
+    await this.emitEvent(uid, ENTRY_CREATE, entity);
 
     return entity;
   },
@@ -225,7 +226,7 @@ const createDefaultImplementation = ({ strapi, db, eventHub, entityValidator })
       entity = await this.findOne(uid, entity.id, wrappedParams);
     }
 
-    this.emitEvent(uid, ENTRY_UPDATE, entity);
+    await this.emitEvent(uid, ENTRY_UPDATE, entity);
 
     return entity;
   },
@@ -248,7 +249,7 @@ const createDefaultImplementation = ({ strapi, db, eventHub, entityValidator })
     await deleteComponents(uid, entityToDelete);
     await db.query(uid).delete({ where: { id: entityToDelete.id } });
 
-    this.emitEvent(uid, ENTRY_DELETE, entityToDelete);
+    await this.emitEvent(uid, ENTRY_DELETE, entityToDelete);
 
     return entityToDelete;
   },
@@ -263,7 +264,7 @@ const createDefaultImplementation = ({ strapi, db, eventHub, entityValidator })
     return db.query(uid).deleteMany(query);
   },
 
-  load(uid, entity, field, params) {
+  load(uid, entity, field, params = {}) {
     const { attributes } = strapi.getModel(uid);
 
     const attribute = attributes[field];

package/lib/services/entity-validator/index.js

@@ -4,12 +4,13 @@
  */
 'use strict';
 
-const { has, assoc, prop } = require('lodash/fp');
+const { has, assoc, prop, isObject } = require('lodash/fp');
 const strapiUtils = require('@strapi/utils');
 const validators = require('./validators');
 
 const { yup, validateYupSchema } = strapiUtils;
 const { isMediaAttribute, isScalarAttribute, getWritableAttributes } = strapiUtils.contentTypes;
+const { ValidationError } = strapiUtils.errors;
 
 const addMinMax = (attr, validator, data) => {
   if (Number.isInteger(attr.min) && (attr.required || (Array.isArray(data) && data.length > 0))) {
@@ -173,6 +174,14 @@ const createModelValidator = createOrUpdate => (model, data, { isDraft }) => {
 };
 
 const createValidateEntity = createOrUpdate => async (model, data, { isDraft = false } = {}) => {
+  if (!isObject(data)) {
+    const { displayName } = model.info;
+
+    throw new ValidationError(
+      `Invalid payload submitted for the ${createOrUpdate} of an entity of type ${displayName}. Expected an object, but got ${typeof data}`
+    );
+  }
+
   const validator = createModelValidator(createOrUpdate)(model, data, { isDraft }).required();
   return validateYupSchema(validator, { strict: false, abortEarly: false })(data);
 };

package/lib/services/errors.js

@@ -60,9 +60,14 @@ const formatHttpError = error => {
   };
 };
 
-const formatInternalError = () => {
-  const error = createError(500);
-  return formatHttpError(error);
+const formatInternalError = error => {
+  const httpError = createError(error);
+
+  if (httpError.expose) {
+    return formatHttpError(httpError);
+  }
+
+  return formatHttpError(createError(httpError.status || 500));
 };
 
 module.exports = {

package/lib/services/server/compose-endpoint.js

@@ -89,17 +89,30 @@ module.exports = strapi => {
 };
 
 const getController = (name, { pluginName, apiName }, strapi) => {
+  let ctrl;
+
   if (pluginName) {
     if (pluginName === 'admin') {
-      return strapi.controller(`admin::${name}`);
+      ctrl = strapi.controller(`admin::${name}`);
+    } else {
+      ctrl = strapi.plugin(pluginName).controller(name);
     }
-
-    return strapi.plugin(pluginName).controller(name);
   } else if (apiName) {
-    return strapi.controller(`api::${apiName}.${name}`);
+    ctrl = strapi.controller(`api::${apiName}.${name}`);
+  }
+
+  if (!ctrl) {
+    return strapi.controller(name);
   }
 
-  return strapi.controller(name);
+  return ctrl;
+};
+
+const extractHandlerParts = name => {
+  const controllerName = name.slice(0, name.lastIndexOf('.'));
+  const actionName = name.slice(name.lastIndexOf('.') + 1);
+
+  return { controllerName, actionName };
 };
 
 const getAction = (route, strapi) => {
@@ -110,7 +123,7 @@ const getAction = (route, strapi) => {
     return handler;
   }
 
-  const [controllerName, actionName] = trim(handler).split('.');
+  const { controllerName, actionName } = extractHandlerParts(trim(handler));
 
   const controller = getController(controllerName, { pluginName, apiName }, strapi);
 

package/lib/services/server/register-routes.js

@@ -6,12 +6,10 @@ const createRouteScopeGenerator = namespace => route => {
   const prefix = namespace.endsWith('::') ? namespace : `${namespace}.`;
 
   if (typeof route.handler === 'string') {
-    const [controller, action] = route.handler.split('.');
-
     _.defaultsDeep(route, {
       config: {
         auth: {
-          scope: [`${prefix}${controller}.${action}`],
+          scope: [`${route.handler.startsWith(prefix) ? '' : prefix}${route.handler}`],
         },
       },
     });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@strapi/strapi",
-  "version": "4.0.0-beta.12",
+  "version": "4.0.0-beta.16",
   "description": "An open source headless CMS solution to create and manage your own API. It provides a powerful dashboard and features to make your life easier. Databases supported: MySQL, MariaDB, PostgreSQL, SQLite",
   "keywords": [
     "strapi",
@@ -79,16 +79,16 @@
   "dependencies": {
     "@koa/cors": "3.1.0",
     "@koa/router": "10.1.1",
-    "@strapi/admin": "4.0.0-beta.12",
-    "@strapi/database": "4.0.0-beta.12",
-    "@strapi/generate-new": "4.0.0-beta.12",
-    "@strapi/generators": "4.0.0-beta.12",
-    "@strapi/logger": "4.0.0-beta.12",
-    "@strapi/plugin-content-manager": "4.0.0-beta.12",
-    "@strapi/plugin-content-type-builder": "4.0.0-beta.12",
-    "@strapi/plugin-email": "4.0.0-beta.12",
-    "@strapi/plugin-upload": "4.0.0-beta.12",
-    "@strapi/utils": "4.0.0-beta.12",
+    "@strapi/admin": "4.0.0-beta.16",
+    "@strapi/database": "4.0.0-beta.16",
+    "@strapi/generate-new": "4.0.0-beta.16",
+    "@strapi/generators": "4.0.0-beta.16",
+    "@strapi/logger": "4.0.0-beta.16",
+    "@strapi/plugin-content-manager": "4.0.0-beta.16",
+    "@strapi/plugin-content-type-builder": "4.0.0-beta.16",
+    "@strapi/plugin-email": "4.0.0-beta.16",
+    "@strapi/plugin-upload": "4.0.0-beta.16",
+    "@strapi/utils": "4.0.0-beta.16",
     "bcryptjs": "2.4.3",
     "boxen": "5.1.2",
     "chalk": "4.1.2",
@@ -134,5 +134,5 @@
     "node": ">=12.x.x <=16.x.x",
     "npm": ">=6.0.0"
   },
-  "gitHead": "67fee6f3d59df974e8770bb123549f972edda905"
+  "gitHead": "71bdfa34637832e8e78a6cf1b57c8c6dbadf133d"
 }

package/lib/core-api/index.js

@@ -1,39 +0,0 @@
-/**
- * Core API
- */
-'use strict';
-
-const _ = require('lodash');
-
-const createController = require('./controller');
-const { createService } = require('./service');
-
-/**
- * Returns a service and a controller built based on the content type passed
- *
- * @param {object} opts options
- * @param {object} opts.api api
- * @param {object} opts.model model
- * @param {object} opts.strapi strapi
- * @returns {object} controller & service
- */
-function createCoreApi({ api, model, strapi }) {
-  const { modelName } = model;
-
-  // find corresponding service and controller
-  const userService = _.get(api, ['services', modelName], {});
-  const userController = _.get(api, ['controllers', modelName], {});
-
-  const service = Object.assign(createService({ model, strapi }), userService);
-
-  const controller = Object.assign(createController({ service, model }), userController);
-
-  return {
-    service,
-    controller,
-  };
-}
-
-module.exports = {
-  createCoreApi,
-};