@strapi/strapi 4.0.0-next.6 → 4.0.0

package/lib/middlewares/public/index.js

@@ -1,98 +1,123 @@
 'use strict';
 
-/**
- * Module dependencies
- */
-
-// Node.js core.
 const fs = require('fs');
 const path = require('path');
 const stream = require('stream');
 const _ = require('lodash');
+const { defaultsDeep } = require('lodash/fp');
 const koaStatic = require('koa-static');
 const utils = require('../../utils');
 const serveStatic = require('./serve-static');
 
+const defaults = {
+  maxAge: 60000,
+  defaultIndex: true,
+};
+
 /**
- * Public assets hook
+ * @type {import('../').MiddlewareFactory}
  */
+module.exports = (config, { strapi }) => {
+  const { defaultIndex, maxAge } = defaultsDeep(defaults, config);
 
-module.exports = strapi => {
-  return {
-    /**
-     * Initialize the hook
-     */
-
-    async initialize() {
-      const { defaultIndex, maxAge, path: publicPath } = strapi.config.middleware.settings.public;
-      const staticDir = path.resolve(strapi.dir, publicPath || strapi.config.paths.static);
+  if (defaultIndex === true) {
+    const index = fs.readFileSync(path.join(__dirname, 'index.html'), 'utf8');
 
-      if (defaultIndex === true) {
-        const index = fs.readFileSync(path.join(__dirname, 'index.html'), 'utf8');
+    const serveIndexPage = async (ctx, next) => {
+      // defer rendering of strapi index page
+      await next();
 
-        const serveIndexPage = async (ctx, next) => {
-          // defer rendering of strapi index page
-          await next();
-          if (ctx.body != null || ctx.status !== 404) return;
+      if (ctx.body != null || ctx.status !== 404) return;
 
-          ctx.url = 'index.html';
-          const isInitialized = await utils.isInitialized(strapi);
-          const data = {
-            serverTime: new Date().toUTCString(),
-            isInitialized,
-            ..._.pick(strapi, [
-              'config.info.version',
-              'config.info.name',
-              'config.admin.url',
-              'config.server.url',
-              'config.environment',
-              'config.serveAdminPanel',
-            ]),
-          };
-          const content = _.template(index)(data);
-          const body = stream.Readable({
-            read() {
-              this.push(Buffer.from(content));
-              this.push(null);
-            },
-          });
-          // Serve static.
-          ctx.type = 'html';
-          ctx.body = body;
-        };
-
-        strapi.router.get('/', serveIndexPage);
-        strapi.router.get('/index.html', serveIndexPage);
-        strapi.router.get(
-          '/assets/images/(.*)',
-          serveStatic(path.resolve(__dirname, 'assets/images'), { maxage: maxAge, defer: true })
-        );
-      }
+      ctx.url = 'index.html';
+      const isInitialized = await utils.isInitialized(strapi);
+      const data = {
+        serverTime: new Date().toUTCString(),
+        isInitialized,
+        ..._.pick(strapi, [
+          'config.info.version',
+          'config.info.name',
+          'config.admin.url',
+          'config.server.url',
+          'config.environment',
+          'config.serveAdminPanel',
+        ]),
+      };
+      const content = _.template(index)(data);
+      const body = stream.Readable({
+        read() {
+          this.push(Buffer.from(content));
+          this.push(null);
+        },
+      });
+      // Serve static.
+      ctx.type = 'html';
+      ctx.body = body;
+    };
 
-      // serve files in public folder unless a sub router renders something else
-      strapi.router.get(
-        '/(.*)',
-        koaStatic(staticDir, {
+    strapi.server.routes([
+      {
+        method: 'GET',
+        path: '/',
+        handler: serveIndexPage,
+        config: { auth: false },
+      },
+      {
+        method: 'GET',
+        path: '/index.html',
+        handler: serveIndexPage,
+        config: { auth: false },
+      },
+      {
+        method: 'GET',
+        path: '/assets/images/(.*)',
+        handler: serveStatic(path.resolve(__dirname, 'assets/images'), {
           maxage: maxAge,
           defer: true,
-        })
-      );
+        }),
+        config: { auth: false },
+      },
+      {
+        method: 'GET',
+        path: '/(.*)',
+        handler: koaStatic(strapi.dirs.public, {
+          maxage: maxAge,
+          defer: true,
+        }),
+        config: { auth: false },
+      },
+    ]);
+  }
 
-      if (!strapi.config.serveAdminPanel) return;
+  if (!strapi.config.serveAdminPanel) return async (ctx, next) => next();
 
-      const buildDir = path.resolve(strapi.dir, 'build');
-      const serveAdmin = ctx => {
-        ctx.type = 'html';
-        ctx.body = fs.createReadStream(path.join(buildDir + '/index.html'));
-      };
+  const buildDir = path.resolve(strapi.dirs.root, 'build');
+  const serveAdmin = async (ctx, next) => {
+    await next();
 
-      strapi.router.get(
-        `${strapi.config.admin.path}/*`,
-        serveStatic(buildDir, { maxage: maxAge, defer: false, index: 'index.html' })
-      );
+    if (ctx.method !== 'HEAD' && ctx.method !== 'GET') {
+      return;
+    }
 
-      strapi.router.get(`${strapi.config.admin.path}`, serveAdmin);
-      strapi.router.get(`${strapi.config.admin.path}/*`, serveAdmin);
-    },
+    if (ctx.body != null || ctx.status !== 404) {
+      return;
+    }
+
+    ctx.type = 'html';
+    ctx.body = fs.createReadStream(path.join(buildDir + '/index.html'));
   };
+
+  strapi.server.routes([
+    {
+      method: 'GET',
+      path: `${strapi.config.admin.path}/:path*`,
+      handler: [
+        serveAdmin,
+        serveStatic(buildDir, { maxage: maxAge, defer: false, index: 'index.html' }),
+      ],
+      config: { auth: false },
+    },
+  ]);
+
+  return null;
 };

package/lib/middlewares/query.js

@@ -0,0 +1,46 @@
+'use strict';
+
+const { defaultsDeep } = require('lodash/fp');
+const qs = require('qs');
+
+const defaults = {
+  strictNullHandling: true,
+  arrayLimit: 100,
+  depth: 20,
+};
+
+/**
+ * Body parser hook
+ */
+const addQsParser = (app, settings) => {
+  Object.defineProperty(app.request, 'query', {
+    configurable: false,
+    enumerable: true,
+    /*
+     * Get parsed query-string.
+     */
+    get() {
+      const qstr = this.querystring;
+      const cache = (this._querycache = this._querycache || {});
+      return cache[qstr] || (cache[qstr] = qs.parse(qstr, settings));
+    },
+
+    /*
+     * Set query-string as an object.
+     */
+    set(obj) {
+      this.querystring = qs.stringify(obj);
+    },
+  });
+
+  return app;
+};
+
+/**
+ * @type {import('./').MiddlewareFactory}
+ */
+module.exports = (config, { strapi }) => {
+  addQsParser(strapi.server.app, defaultsDeep(defaults, config));
+
+  return null;
+};

package/lib/middlewares/response-time.js

@@ -0,0 +1,15 @@
+'use strict';
+
+/**
+ * @type {import('./').MiddlewareFactory}
+ */
+module.exports = () => {
+  return async (ctx, next) => {
+    const start = Date.now();
+
+    await next();
+
+    const delta = Math.ceil(Date.now() - start);
+    ctx.set('X-Response-Time', delta + 'ms');
+  };
+};

package/lib/middlewares/responses.js

@@ -0,0 +1,19 @@
+'use strict';
+
+const { prop, isFunction } = require('lodash/fp');
+
+/**
+ * @type {import('./').MiddlewareFactory}
+ */
+module.exports = (config = {}) => {
+  return async (ctx, next) => {
+    await next();
+
+    const status = ctx.status;
+    const handler = prop(`handlers.${status}`, config);
+
+    if (isFunction(handler)) {
+      await handler(ctx);
+    }
+  };
+};

package/lib/middlewares/security.js

@@ -0,0 +1,51 @@
+'use strict';
+
+const { defaultsDeep, merge } = require('lodash/fp');
+const helmet = require('koa-helmet');
+
+const defaults = {
+  crossOriginEmbedderPolicy: false,
+  crossOriginOpenerPolicy: false,
+  crossOriginResourcePolicy: false,
+  originAgentCluster: false,
+  contentSecurityPolicy: {
+    useDefaults: true,
+    directives: {
+      'connect-src': ["'self'", 'https:'],
+      'img-src': ["'self'", 'data:', 'blob:'],
+      'media-src': ["'self'", 'data:', 'blob:'],
+      upgradeInsecureRequests: null,
+    },
+  },
+  xssFilter: false,
+  hsts: {
+    maxAge: 31536000,
+    includeSubDomains: true,
+  },
+  frameguard: {
+    action: 'sameorigin',
+  },
+};
+
+/**
+ * @type {import('./').MiddlewareFactory}
+ */
+module.exports = config => (ctx, next) => {
+  let helmetConfig = defaultsDeep(defaults, config);
+
+  if (
+    ctx.method === 'GET' &&
+    ['/graphql', '/documentation'].some(str => ctx.path.startsWith(str))
+  ) {
+    helmetConfig = merge(helmetConfig, {
+      contentSecurityPolicy: {
+        directives: {
+          'script-src': ["'self'", "'unsafe-inline'", 'cdn.jsdelivr.net'],
+          'img-src': ["'self'", 'data:', 'cdn.jsdelivr.net', 'strapi.io'],
+        },
+      },
+    });
+  }
+
+  return helmet(helmetConfig)(ctx, next);
+};

package/lib/middlewares/session/index.js

@@ -9,7 +9,7 @@ const session = require('koa-session');
  */
 module.exports = strapi => {
   const requireStore = store => {
-    return require(path.resolve(strapi.config.appPath, 'node_modules', 'koa-' + store));
+    return require(path.resolve(strapi.dirs.root, 'node_modules', 'koa-' + store));
   };
 
   const defineStore = session => {
@@ -93,7 +93,7 @@ module.exports = strapi => {
 
   return {
     initialize() {
-      strapi.app.keys = strapi.config.get('middleware.settings.session.secretKeys');
+      strapi.server.app.keys = strapi.config.get('middleware.settings.session.secretKeys');
 
       if (
         _.has(strapi.config.middleware.settings.session, 'client') &&
@@ -112,8 +112,8 @@ module.exports = strapi => {
             strapi.config.middleware.settings.session
           );
 
-          strapi.app.use(session(options, strapi.app));
-          strapi.app.use((ctx, next) => {
+          strapi.server.use(session(options, strapi.server.app));
+          strapi.server.use((ctx, next) => {
             ctx.state = ctx.state || {};
             ctx.state.session = ctx.session || {};
 
@@ -127,8 +127,8 @@ module.exports = strapi => {
       ) {
         const options = _.assign(strapi.config.middleware.settings.session);
 
-        strapi.app.use(session(options, strapi.app));
-        strapi.app.use((ctx, next) => {
+        strapi.server.use(session(options, strapi.server.app));
+        strapi.server.use((ctx, next) => {
           ctx.state = ctx.state || {};
           ctx.state.session = ctx.session || {};
 

package/lib/migrations/draft-publish.js

@@ -0,0 +1,57 @@
+'use strict';
+
+const { hasDraftAndPublish } = require('@strapi/utils').contentTypes;
+
+const enableDraftAndPublish = async ({ oldContentTypes, contentTypes }) => {
+  if (!oldContentTypes) {
+    return;
+  }
+  // run the after content types migrations
+
+  for (const uid in contentTypes) {
+    if (!oldContentTypes[uid]) {
+      continue;
+    }
+
+    const oldContentType = oldContentTypes[uid];
+    const contentType = contentTypes[uid];
+
+    // if d&p was enabled set publishedAt to eq createdAt
+    if (!hasDraftAndPublish(oldContentType) && hasDraftAndPublish(contentType)) {
+      const qb = strapi.db.queryBuilder(uid);
+      await qb
+        .update({ published_at: qb.ref('created_at') })
+        .where({ published_at: null })
+        .execute();
+    }
+  }
+};
+
+const disableDraftAndPublish = async ({ oldContentTypes, contentTypes }) => {
+  if (!oldContentTypes) {
+    return;
+  }
+
+  for (const uid in contentTypes) {
+    if (!oldContentTypes[uid]) {
+      continue;
+    }
+
+    const oldContentType = oldContentTypes[uid];
+    const contentType = contentTypes[uid];
+
+    // if d&p was disabled remove unpublish content before sync
+    if (hasDraftAndPublish(oldContentType) && !hasDraftAndPublish(contentType)) {
+      await strapi.db
+        .queryBuilder(uid)
+        .delete()
+        .where({ published_at: null })
+        .execute();
+    }
+  }
+};
+
+module.exports = {
+  enable: enableDraftAndPublish,
+  disable: disableDraftAndPublish,
+};

package/lib/services/auth/index.js

@@ -0,0 +1,87 @@
+'use strict';
+
+const { strict: assert } = require('assert');
+const { has, prop } = require('lodash/fp');
+
+const { UnauthorizedError } = require('@strapi/utils').errors;
+
+const INVALID_STRATEGY_MSG =
+  'Invalid auth strategy. Expecting an object with properties {name: string, authenticate: function, verify: function}';
+
+const validStrategy = strategy => {
+  assert(has('authenticate', strategy), INVALID_STRATEGY_MSG);
+  assert(typeof strategy.authenticate === 'function', INVALID_STRATEGY_MSG);
+
+  if (has('verify', strategy)) {
+    assert(typeof strategy.verify === 'function', INVALID_STRATEGY_MSG);
+  }
+};
+
+const createAuthentication = () => {
+  const strategies = {};
+
+  return {
+    register(type, strategy) {
+      validStrategy(strategy);
+
+      if (!strategies[type]) {
+        strategies[type] = [];
+      }
+
+      strategies[type].push(strategy);
+
+      return this;
+    },
+    async authenticate(ctx, next) {
+      const { route } = ctx.state;
+
+      // use route strategy
+      const config = prop('config.auth', route);
+
+      if (config === false) {
+        return next();
+      }
+
+      const strategiesToUse = strategies[route.info.type];
+
+      for (const strategy of strategiesToUse) {
+        const result = await strategy.authenticate(ctx);
+
+        const { authenticated = false, error = null, credentials } = result || {};
+
+        if (error !== null) {
+          return ctx.unauthorized(error);
+        }
+
+        if (authenticated) {
+          ctx.state.isAuthenticated = true;
+          ctx.state.auth = {
+            strategy,
+            credentials,
+          };
+
+          return next();
+        }
+      }
+
+      return ctx.unauthorized('Missing or invalid credentials');
+    },
+    async verify(auth, config = {}) {
+      if (config === false) {
+        return;
+      }
+
+      if (!auth) {
+        throw new UnauthorizedError();
+      }
+
+      if (typeof auth.strategy.verify === 'function') {
+        return auth.strategy.verify(auth, config);
+      }
+
+      return;
+    },
+  };
+};
+
+module.exports = createAuthentication;

package/lib/services/core-store.js

@@ -22,21 +22,37 @@ const coreStoreModel = {
   },
 };
 
-const createCoreStore = ({ environment: defaultEnv, db }) => {
-  return (source = {}) => {
-    async function get(params = {}) {
-      const { key, environment = defaultEnv, type = 'core', name = '', tag = '' } = Object.assign(
-        {},
-        source,
-        params
-      );
+const createCoreStore = ({ db }) => {
+  const mergeParams = (defaultParams, params) => {
+    return {
+      ...defaultParams,
+      ...params,
+    };
+  };
+
+  const store = function(defaultParams = {}) {
+    return {
+      get: params => store.get(mergeParams(defaultParams, params)),
+      set: params => store.set(mergeParams(defaultParams, params)),
+      delete: params => store.delete(mergeParams(defaultParams, params)),
+    };
+  };
+
+  Object.assign(store, {
+    /**
+     * Get value from the core store
+     * @param {Object} params
+     * @returns {*}
+     */
+    async get(params = {}) {
+      const { key, type = 'core', environment, name, tag } = params;
 
       const prefix = `${type}${name ? `_${name}` : ''}`;
 
       const where = {
         key: `${prefix}_${key}`,
-        environment,
-        tag,
+        environment: environment || null,
+        tag: tag || null,
       };
 
       const data = await db.query('strapi::core-store').findOne({ where });
@@ -57,73 +73,70 @@ const createCoreStore = ({ environment: defaultEnv, db }) => {
           return new Date(data.value);
         }
       } else if (data.type === 'number') {
-        return parseFloat(data.value);
+        return Number(data.value);
       } else {
         return null;
       }
-    }
+    },
 
-    async function set(params = {}) {
-      const { key, value, environment = defaultEnv, type, name, tag = '' } = Object.assign(
-        {},
-        source,
-        params
-      );
+    /**
+     * Set value in the core store
+     * @param {Object} params
+     * @returns {*}
+     */
+    async set(params = {}) {
+      const { key, value, type, environment, name, tag } = params;
 
       const prefix = `${type}${name ? `_${name}` : ''}`;
 
       const where = {
         key: `${prefix}_${key}`,
-        environment,
-        tag,
+        environment: environment || null,
+        tag: tag || null,
       };
 
       const data = await db.query('strapi::core-store').findOne({ where });
 
       if (data) {
-        Object.assign(data, {
-          value: JSON.stringify(value) || value.toString(),
-          type: (typeof value).toString(),
+        return db.query('strapi::core-store').update({
+          where: { id: data.id },
+          data: {
+            value: JSON.stringify(value) || value.toString(),
+            type: typeof value,
+          },
         });
+      }
 
-
-
-        await db.query('strapi::core-store').update({ where: { id: data.id }, data });
-      } else {
-        const data = Object.assign({}, where, {
+      return db.query('strapi::core-store').create({
+        data: {
+          ...where,
           value: JSON.stringify(value) || value.toString(),
-          type: (typeof value).toString(),
-          tag,
-        });
-
-        await db.query('strapi::core-store').create({ data });
-      }
-    }
+          type: typeof value,
+        },
+      });
+    },
 
-    async function deleteFn(params = {}) {
-      const { key, environment = defaultEnv, type, name, tag = '' } = Object.assign(
-        {},
-        source,
-        params
-      );
+    /**
+     * Deletes a value from the core store
+     * @param {Object} params
+     * @returns {*}
+     */
+    async delete(params = {}) {
+      const { key, environment, type, name, tag } = params;
 
       const prefix = `${type}${name ? `_${name}` : ''}`;
 
       const where = {
         key: `${prefix}_${key}`,
-        environment,
-        tag,
+        environment: environment || null,
+        tag: tag || null,
       };
 
-      await db.query('strapi::core-store').delete({ where });
-    }
+      return db.query('strapi::core-store').delete({ where });
+    },
+  });
 
-    return {
-      get,
-      set,
-      delete: deleteFn,
-    };
-  };
+  return store;
 };
 
 module.exports = {