@strapi/strapi 4.0.0-beta.2 → 4.0.0-beta.20

package/lib/services/entity-validator/validators.js

@@ -4,72 +4,155 @@ const _ = require('lodash');
 
 const { yup } = require('@strapi/utils');
 
+/**
+ * @type {import('yup').StringSchema} StringSchema
+ * @type {import('yup').NumberSchema} NumberSchema
+ * @type {import('yup').AnySchema} AnySchema
+ */
+
 /**
  * Utility function to compose validators
  */
-const composeValidators = (...fns) => (attr, { isDraft }) => {
-  return fns.reduce((validator, fn) => {
-    return fn(attr, validator, { isDraft });
-  }, yup.mixed());
+const composeValidators = (...fns) => (...args) => {
+  let validator = yup.mixed();
+
+  // if we receive a schema then use it as base schema for nested composition
+  if (yup.isSchema(args[0])) {
+    validator = args[0];
+    args = args.slice(1);
+  }
+
+  return fns.reduce((validator, fn) => fn(validator, ...args), validator);
 };
 
 /* Validator utils */
 
 /**
  * Adds minLength validator
- * @param {Object} attribute model attribute
- * @param {Object} validator yup validator
+ * @param {StringSchema} validator yup validator
+ * @param {Object} metas
+ * @param {{ minLength: Number }} metas.attr model attribute
+ * @param {Object} options
+ * @param {boolean} options.isDraft
+ *
+ * @returns {StringSchema}
  */
-const addMinLengthValidator = ({ minLength }, validator, { isDraft }) =>
-  _.isInteger(minLength) && !isDraft ? validator.min(minLength) : validator;
+const addMinLengthValidator = (validator, { attr }, { isDraft }) =>
+  _.isInteger(attr.minLength) && !isDraft ? validator.min(attr.minLength) : validator;
 
 /**
  * Adds maxLength validator
- * @param {Object} attribute model attribute
- * @param {Object} validator yup validator
+ * @param {StringSchema} validator yup validator
+ * @param {Object} metas
+ * @param {{ maxLength: Number }} metas.attr model attribute
+ *
+ * @returns {StringSchema}
  */
-const addMaxLengthValidator = ({ maxLength }, validator) =>
-  _.isInteger(maxLength) ? validator.max(maxLength) : validator;
+const addMaxLengthValidator = (validator, { attr }) =>
+  _.isInteger(attr.maxLength) ? validator.max(attr.maxLength) : validator;
 
 /**
  * Adds min integer validator
- * @param {Object} attribute model attribute
- * @param {Object} validator yup validator
+ * @param {NumberSchema} validator yup validator
+ * @param {Object} metas
+ * @param {{ min: Number }} metas.attr model attribute
+ *
+ * @returns {NumberSchema}
  */
-const addMinIntegerValidator = ({ min }, validator) =>
-  _.isNumber(min) ? validator.min(_.toInteger(min)) : validator;
+const addMinIntegerValidator = (validator, { attr }) =>
+  _.isNumber(attr.min) ? validator.min(_.toInteger(attr.min)) : validator;
 
 /**
  * Adds max integer validator
- * @param {Object} attribute model attribute
- * @param {Object} validator yup validator
+ * @param {NumberSchema} validator yup validator
+ * @param {Object} metas
+ * @param {{ max: Number }} metas.attr model attribute
+ *
+ * @returns {NumberSchema}
  */
-const addMaxIntegerValidator = ({ max }, validator) =>
-  _.isNumber(max) ? validator.max(_.toInteger(max)) : validator;
+const addMaxIntegerValidator = (validator, { attr }) =>
+  _.isNumber(attr.max) ? validator.max(_.toInteger(attr.max)) : validator;
 
 /**
  * Adds min float/decimal validator
- * @param {Object} attribute model attribute
- * @param {Object} validator yup validator
+ * @param {NumberSchema} validator yup validator
+ * @param {Object} metas
+ * @param {{ min: Number }} metas.attr model attribute
+ *
+ * @returns {NumberSchema}
  */
-const addMinFloatValidator = ({ min }, validator) =>
-  _.isNumber(min) ? validator.min(min) : validator;
+const addMinFloatValidator = (validator, { attr }) =>
+  _.isNumber(attr.min) ? validator.min(attr.min) : validator;
 
 /**
  * Adds max float/decimal validator
- * @param {Object} attribute model attribute
- * @param {Object} validator yup validator
+ * @param {NumberSchema} validator yup validator
+ * @param {Object} metas model attribute
+ * @param {{ max: Number }} metas.attr
+ *
+ * @returns {NumberSchema}
  */
-const addMaxFloatValidator = ({ max }, validator) =>
-  _.isNumber(max) ? validator.max(max) : validator;
+const addMaxFloatValidator = (validator, { attr }) =>
+  _.isNumber(attr.max) ? validator.max(attr.max) : validator;
 
 /**
  * Adds regex validator
- * @param {Object} attribute model attribute
- * @param {Object} validator yup validator
+ * @param {StringSchema} validator yup validator
+ * @param {Object} metas model attribute
+ * @param {{ regex: RegExp }} metas.attr
+ *
+ * @returns {StringSchema}
  */
-const addStringRegexValidator = ({ regex }, validator) =>
-  _.isUndefined(regex) ? validator : validator.matches(new RegExp(regex));
+const addStringRegexValidator = (validator, { attr }) =>
+  _.isUndefined(attr.regex) ? validator : validator.matches(new RegExp(attr.regex));
+
+/**
+ *
+ * @param {AnySchema} validator
+ * @param {Object} metas
+ * @param {{ unique: Boolean, type: String }} metas.attr
+ * @param {{ uid: String }} metas.model
+ * @param {{ name: String, value: any }} metas.updatedAttribute
+ * @param {Object} metas.entity
+ *
+ * @returns {AnySchema}
+ */
+const addUniqueValidator = (validator, { attr, model, updatedAttribute, entity }) => {
+  if (!attr.unique && attr.type !== 'uid') {
+    return validator;
+  }
+
+  return validator.test('unique', 'This attribute must be unique', async value => {
+    /**
+     * If the attribute value is `null` we want to skip the unique validation.
+     * Otherwise it'll only accept a single `null` entry in the database.
+     */
+    if (updatedAttribute.value === null) {
+      return true;
+    }
+
+    /**
+     * If the attribute is unchanged we skip the unique verification. This will
+     * prevent the validator to be triggered in case the user activated the
+     * unique constraint after already creating multiple entries with
+     * the same attribute value for that field.
+     */
+    if (entity && updatedAttribute.value === entity[updatedAttribute.name]) {
+      return true;
+    }
+
+    let whereParams = entity
+      ? { $and: [{ [updatedAttribute.name]: value }, { $not: { id: entity.id } }] }
+      : { [updatedAttribute.name]: value };
+
+    const record = await strapi.db.query(model.uid).findOne({
+      select: ['id'],
+      where: whereParams,
+    });
+
+    return !record;
+  });
+};
 
 /* Type validators */
 
@@ -77,29 +160,32 @@ const stringValidator = composeValidators(
   () => yup.string().transform((val, originalVal) => originalVal),
   addMinLengthValidator,
   addMaxLengthValidator,
-  addStringRegexValidator
+  addStringRegexValidator,
+  addUniqueValidator
 );
 
-const emailValidator = composeValidators(stringValidator, (attr, validator) => validator.email());
+const emailValidator = composeValidators(stringValidator, validator => validator.email());
 
-const uidValidator = composeValidators(stringValidator, (attr, validator) =>
+const uidValidator = composeValidators(stringValidator, validator =>
   validator.matches(new RegExp('^[A-Za-z0-9-_.~]*$'))
 );
 
-const enumerationValidator = attr => {
+const enumerationValidator = ({ attr }) => {
   return yup.string().oneOf((Array.isArray(attr.enum) ? attr.enum : [attr.enum]).concat(null));
 };
 
 const integerValidator = composeValidators(
   () => yup.number().integer(),
   addMinIntegerValidator,
-  addMaxIntegerValidator
+  addMaxIntegerValidator,
+  addUniqueValidator
 );
 
 const floatValidator = composeValidators(
   () => yup.number(),
   addMinFloatValidator,
-  addMaxFloatValidator
+  addMaxFloatValidator,
+  addUniqueValidator
 );
 
 module.exports = {
@@ -113,11 +199,11 @@ module.exports = {
   uid: uidValidator,
   json: () => yup.mixed(),
   integer: integerValidator,
-  biginteger: () => yup.mixed(),
+  biginteger: composeValidators(addUniqueValidator),
   float: floatValidator,
   decimal: floatValidator,
-  date: () => yup.mixed(),
-  time: () => yup.mixed(),
-  datetime: () => yup.mixed(),
-  timestamp: () => yup.mixed(),
+  date: composeValidators(addUniqueValidator),
+  time: composeValidators(addUniqueValidator),
+  datetime: composeValidators(addUniqueValidator),
+  timestamp: composeValidators(addUniqueValidator),
 };

package/lib/services/errors.js

@@ -0,0 +1,77 @@
+'use strict';
+
+const createError = require('http-errors');
+const {
+  NotFoundError,
+  UnauthorizedError,
+  ForbiddenError,
+  PayloadTooLargeError,
+} = require('@strapi/utils').errors;
+
+const mapErrorsAndStatus = [
+  {
+    classError: UnauthorizedError,
+    status: 401,
+  },
+  {
+    classError: ForbiddenError,
+    status: 403,
+  },
+  {
+    classError: NotFoundError,
+    status: 404,
+  },
+  {
+    classError: PayloadTooLargeError,
+    status: 413,
+  },
+];
+
+const formatApplicationError = error => {
+  const errorAndStatus = mapErrorsAndStatus.find(pair => error instanceof pair.classError);
+  const status = errorAndStatus ? errorAndStatus.status : 400;
+
+  return {
+    status,
+    body: {
+      data: null,
+      error: {
+        status,
+        name: error.name,
+        message: error.message,
+        details: error.details,
+      },
+    },
+  };
+};
+
+const formatHttpError = error => {
+  return {
+    status: error.status,
+    body: {
+      data: null,
+      error: {
+        status: error.status,
+        name: error.name,
+        message: error.message,
+        details: error.details,
+      },
+    },
+  };
+};
+
+const formatInternalError = error => {
+  const httpError = createError(error);
+
+  if (httpError.expose) {
+    return formatHttpError(httpError);
+  }
+
+  return formatHttpError(createError(httpError.status || 500));
+};
+
+module.exports = {
+  formatApplicationError,
+  formatHttpError,
+  formatInternalError,
+};

package/lib/services/metrics/index.js

@@ -1,7 +1,7 @@
 'use strict';
 /**
  * Strapi telemetry package.
- * You can learn more at https://strapi.io/documentation/developer-docs/latest/getting-started/usage-information.html
+ * You can learn more at https://docs.strapi.io/developer-docs/latest/getting-started/usage-information.html
  */
 
 const crypto = require('crypto');
@@ -30,42 +30,44 @@ const createTelemetryInstance = strapi => {
   const sender = createSender(strapi);
   const sendEvent = wrapWithRateLimit(sender, { limitedEvents: LIMITED_EVENTS });
 
-  if (!isDisabled) {
-    const pingCron = scheduleJob('0 0 12 * * *', () => sendEvent('ping'));
-    crons.push(pingCron);
-
-    strapi.server.use(createMiddleware({ sendEvent }));
-  }
+  return {
+    register() {
+      if (!isDisabled) {
+        const pingCron = scheduleJob('0 0 12 * * *', () => sendEvent('ping'));
+        crons.push(pingCron);
 
-  if (strapi.EE === true && ee.isEE === true) {
-    const pingDisabled =
-      isTruthy(process.env.STRAPI_LICENSE_PING_DISABLED) && ee.licenseInfo.type === 'gold';
-
-    const sendLicenseCheck = () => {
-      return sendEvent(
-        'didCheckLicense',
-        {
-          licenseInfo: {
-            ...ee.licenseInfo,
-            projectHash: hashProject(strapi),
-            dependencyHash: hashDep(strapi),
-          },
-        },
-        {
-          headers: { 'x-strapi-project': 'enterprise' },
+        strapi.server.use(createMiddleware({ sendEvent }));
+      }
+    },
+    bootstrap() {
+      if (strapi.EE === true && ee.isEE === true) {
+        const pingDisabled =
+          isTruthy(process.env.STRAPI_LICENSE_PING_DISABLED) && ee.licenseInfo.type === 'gold';
+
+        const sendLicenseCheck = () => {
+          return sendEvent(
+            'didCheckLicense',
+            {
+              licenseInfo: {
+                ...ee.licenseInfo,
+                projectHash: hashProject(strapi),
+                dependencyHash: hashDep(strapi),
+              },
+            },
+            {
+              headers: { 'x-strapi-project': 'enterprise' },
+            }
+          );
+        };
+
+        if (!pingDisabled) {
+          const licenseCron = scheduleJob('0 0 0 * * 7', () => sendLicenseCheck());
+          crons.push(licenseCron);
+
+          sendLicenseCheck();
         }
-      );
-    };
-
-    if (!pingDisabled) {
-      const licenseCron = scheduleJob('0 0 0 * * 7', () => sendLicenseCheck());
-      crons.push(licenseCron);
-
-      sendLicenseCheck();
-    }
-  }
-
-  return {
+      }
+    },
     destroy() {
       // clear open handles
       crons.forEach(cron => cron.cancel());

package/lib/services/server/compose-endpoint.js

@@ -1,6 +1,7 @@
 'use strict';
 
-const { toLower, castArray, trim, prop } = require('lodash/fp');
+const { has, toLower, castArray, trim, prop, isNil } = require('lodash/fp');
+const { UnauthorizedError, ForbiddenError } = require('@strapi/utils').errors;
 
 const compose = require('koa-compose');
 const { resolveRouteMiddlewares } = require('./middleware');
@@ -31,8 +32,6 @@ const createAuthorizeMiddleware = strapi => async (ctx, next) => {
 
     return next();
   } catch (error) {
-    const { UnauthorizedError, ForbiddenError } = authService.errors;
-
     if (error instanceof UnauthorizedError) {
       return ctx.unauthorized();
     }
@@ -49,6 +48,14 @@ const createAuthenticateMiddleware = strapi => async (ctx, next) => {
   return strapi.container.get('auth').authenticate(ctx, next);
 };
 
+const returnBodyMiddleware = async (ctx, next) => {
+  const values = await next();
+
+  if (isNil(ctx.body) && !isNil(values)) {
+    ctx.body = values;
+  }
+};
+
 module.exports = strapi => {
   const authenticate = createAuthenticateMiddleware(strapi);
   const authorize = createAuthorizeMiddleware(strapi);
@@ -69,39 +76,54 @@ module.exports = strapi => {
         authorize,
         ...policies,
         ...middlewares,
+        returnBodyMiddleware,
         ...castArray(action),
       ]);
 
       router[method](path, routeHandler);
     } catch (error) {
-      throw new Error(`Error creating endpoint ${route.method} ${route.path}: ${error.message}`);
+      error.message = `Error creating endpoint ${route.method} ${route.path}: ${error.message}`;
+      throw error;
     }
   };
 };
 
 const getController = (name, { pluginName, apiName }, strapi) => {
+  let ctrl;
+
   if (pluginName) {
     if (pluginName === 'admin') {
-      return strapi.controller(`admin::${name}`);
+      ctrl = strapi.controller(`admin::${name}`);
+    } else {
+      ctrl = strapi.plugin(pluginName).controller(name);
     }
-
-    return strapi.plugin(pluginName).controller(name);
   } else if (apiName) {
-    return strapi.controller(`api::${apiName}.${name}`);
+    ctrl = strapi.controller(`api::${apiName}.${name}`);
   }
 
-  return strapi.controller(name);
+  if (!ctrl) {
+    return strapi.controller(name);
+  }
+
+  return ctrl;
+};
+
+const extractHandlerParts = name => {
+  const controllerName = name.slice(0, name.lastIndexOf('.'));
+  const actionName = name.slice(name.lastIndexOf('.') + 1);
+
+  return { controllerName, actionName };
 };
 
 const getAction = (route, strapi) => {
   const { handler, info = {} } = route;
-  const { pluginName, apiName } = info;
+  const { pluginName, apiName, type } = info;
 
   if (Array.isArray(handler) || typeof handler === 'function') {
     return handler;
   }
 
-  const [controllerName, actionName] = trim(handler).split('.');
+  const { controllerName, actionName } = extractHandlerParts(trim(handler));
 
   const controller = getController(controllerName, { pluginName, apiName }, strapi);
 
@@ -109,5 +131,11 @@ const getAction = (route, strapi) => {
     throw new Error(`Handler not found "${handler}"`);
   }
 
+  if (has(Symbol.for('__type__'), controller[actionName])) {
+    controller[actionName][Symbol.for('__type__')].push(type);
+  } else {
+    controller[actionName][Symbol.for('__type__')] = [type];
+  }
+
   return controller[actionName].bind(controller);
 };

package/lib/services/server/content-api.js

@@ -4,7 +4,7 @@ const { createAPI } = require('./api');
 
 const createContentAPI = strapi => {
   const opts = {
-    prefix: strapi.config.get('api.prefix', '/api'),
+    prefix: strapi.config.get('api.rest.prefix', '/api'),
     type: 'content-api',
   };
 

package/lib/services/server/index.js

@@ -1,6 +1,5 @@
 'use strict';
 
-const Koa = require('koa');
 const Router = require('@koa/router');
 
 const { createHTTPServer } = require('./http-server');
@@ -9,6 +8,7 @@ const { createAdminAPI } = require('./admin-api');
 const { createContentAPI } = require('./content-api');
 const registerAllRoutes = require('./register-routes');
 const registerApplicationMiddlewares = require('./register-middlewares');
+const createKoaApp = require('./koa');
 
 const healthCheck = async ctx => {
   ctx.set('strapi', 'You are so French!');
@@ -28,14 +28,9 @@ const healthCheck = async ctx => {
  * @returns {Server}
  */
 const createServer = strapi => {
-  const app = new Koa({
-    proxy: strapi.config.get('server.proxy'),
-  });
-
-  const router = new Router({
-    // FIXME: this prefix can break the admin if not specified in the admin url
-    prefix: strapi.config.get('middleware.settings.router.prefix', ''),
-  });
+  const app = createKoaApp({ proxy: strapi.config.get('server.proxy') });
+
+  const router = new Router();
 
   const routeManager = createRouteManager(strapi);
 

package/lib/services/server/koa.js

@@ -0,0 +1,64 @@
+'use strict';
+
+const { isNil, camelCase } = require('lodash/fp');
+const Koa = require('koa');
+const createError = require('http-errors');
+const delegate = require('delegates');
+var statuses = require('statuses');
+const { formatHttpError } = require('../errors');
+
+const addCustomMethods = app => {
+  const delegator = delegate(app.context, 'response');
+
+  /* errors */
+  statuses.codes
+    .filter(code => code >= 400 && code < 600)
+    .forEach(code => {
+      const name = statuses(code);
+      const camelCasedName = camelCase(name);
+      app.response[camelCasedName] = function(message, details = {}) {
+        const httpError = createError(code, message, { details });
+        const { status, body } = formatHttpError(httpError);
+        this.status = status;
+        this.body = body;
+      };
+      delegator.method(camelCasedName);
+    });
+
+  /* send, created, deleted */
+  app.response.send = function(data, status = 200) {
+    this.status = status;
+    this.body = data;
+  };
+
+  app.response.created = function(data) {
+    this.status = 201;
+    this.body = data;
+  };
+
+  app.response.deleted = function(data) {
+    if (isNil(data)) {
+      this.status = 204;
+    } else {
+      this.status = 200;
+      this.body = data;
+    }
+  };
+
+  delegator
+    .method('send')
+    .method('created')
+    .method('deleted');
+
+  return app;
+};
+
+const createKoaApp = ({ proxy }) => {
+  const app = new Koa({ proxy });
+
+  addCustomMethods(app);
+
+  return app;
+};
+
+module.exports = createKoaApp;

package/lib/services/server/middleware.js

@@ -1,7 +1,7 @@
 'use strict';
 
 const path = require('path');
-const { propOr, isArray } = require('lodash/fp');
+const { propOr, isArray, isNil } = require('lodash/fp');
 
 const getMiddlewareConfig = propOr([], 'config.middlewares');
 
@@ -81,6 +81,13 @@ const resolveMiddlewares = (config, strapi) => {
     );
   }
 
+  middlewares.forEach(middleware => {
+    // NOTE: we replace null middlewares by a dumb one to avoid having to filter later on
+    if (isNil(middleware.handler)) {
+      middleware.handler = (_, next) => next();
+    }
+  });
+
   return middlewares;
 };
 

package/lib/services/server/policy.js

@@ -1,32 +1,30 @@
 'use strict';
 
 const { propOr } = require('lodash/fp');
-const policy = require('@strapi/utils/lib/policy');
-
-const { bodyPolicy } = policy;
+const { ForbiddenError } = require('@strapi/utils').errors;
+const { policy: policyUtils } = require('@strapi/utils');
 
 const getPoliciesConfig = propOr([], 'config.policies');
 
 const resolvePolicies = route => {
-  const { pluginName, apiName } = route.info || {};
   const policiesConfig = getPoliciesConfig(route);
+  const resolvedPolicies = policyUtils.resolve(policiesConfig, route.info);
 
   const policiesMiddleware = async (ctx, next) => {
-    const context = policy.createPolicyContext('koa', ctx);
+    const context = policyUtils.createPolicyContext('koa', ctx);
 
-    for (const policyName of policiesConfig) {
-      const resolvedPolicy = await policy.get(policyName, { pluginName, apiName });
-      const result = await resolvedPolicy({ ctx: context, strapi });
+    for (const { handler, config } of resolvedPolicies) {
+      const result = await handler(context, config, { strapi });
 
       if (![true, undefined].includes(result)) {
-        throw new Error('Policies failed.');
+        throw new ForbiddenError('Policies failed.');
       }
     }
 
     await next();
   };
 
-  return [policiesMiddleware, bodyPolicy];
+  return [policiesMiddleware];
 };
 
 module.exports = {