@strapi/strapi 4.1.10-beta.0 → 4.1.12

package/lib/Strapi.js

@@ -37,6 +37,7 @@ const apisRegistry = require('./core/registries/apis');
 const bootstrap = require('./core/bootstrap');
 const loaders = require('./core/loaders');
 const { destroyOnSignal } = require('./utils/signals');
+const sanitizersRegistry = require('./core/registries/sanitizers');
 
 // TODO: move somewhere else
 const draftAndPublishSync = require('./migrations/draft-publish');
@@ -64,6 +65,7 @@ class Strapi {
     this.container.register('plugins', pluginsRegistry(this));
     this.container.register('apis', apisRegistry(this));
     this.container.register('auth', createAuth(this));
+    this.container.register('sanitizers', sanitizersRegistry(this));
 
     this.dirs = utils.getDirs(rootDir, { strapi: this });
 
@@ -157,6 +159,10 @@ class Strapi {
     return this.container.get('auth');
   }
 
+  get sanitizers() {
+    return this.container.get('sanitizers');
+  }
+
   async start() {
     try {
       if (!this.isLoaded) {
@@ -304,6 +310,10 @@ class Strapi {
     this.app = await loaders.loadSrcIndex(this);
   }
 
+  async loadSanitizers() {
+    await loaders.loadSanitizers(this);
+  }
+
   registerInternalHooks() {
     this.container.get('hooks').set('strapi::content-types.beforeSync', createAsyncParallelHook());
     this.container.get('hooks').set('strapi::content-types.afterSync', createAsyncParallelHook());
@@ -315,6 +325,7 @@ class Strapi {
   async register() {
     await Promise.all([
       this.loadApp(),
+      this.loadSanitizers(),
       this.loadPlugins(),
       this.loadAdmin(),
       this.loadAPIs(),

package/lib/core/loaders/apis.js

@@ -6,31 +6,35 @@ const _ = require('lodash');
 const fse = require('fs-extra');
 const { isKebabCase } = require('@strapi/utils');
 
-// to handle names with numbers in it we first check if it is already in kebabCase
-const normalizeName = name => (isKebabCase(name) ? name : _.kebabCase(name));
-
 const DEFAULT_CONTENT_TYPE = {
   schema: {},
   actions: {},
   lifecycles: {},
 };
 
+// to handle names with numbers in it we first check if it is already in kebabCase
+const normalizeName = name => (isKebabCase(name) ? name : _.kebabCase(name));
+
+const isDirectory = fd => fd.isDirectory();
+const isDotFile = fd => fd.name.startsWith('.');
+
 module.exports = async strapi => {
   if (!existsSync(strapi.dirs.api)) {
     throw new Error('Missing api folder. Please create one at `./src/api`');
   }
 
-  const apisFDs = await fse.readdir(strapi.dirs.api, { withFileTypes: true });
+  const apisFDs = await (await fse.readdir(strapi.dirs.api, { withFileTypes: true }))
+    .filter(isDirectory)
+    .filter(_.negate(isDotFile));
+
   const apis = {};
 
   // only load folders
   for (const apiFD of apisFDs) {
-    if (apiFD.isDirectory()) {
-      const apiName = normalizeName(apiFD.name);
-      const api = await loadAPI(join(strapi.dirs.api, apiFD.name));
+    const apiName = normalizeName(apiFD.name);
+    const api = await loadAPI(join(strapi.dirs.api, apiFD.name));
 
-      apis[apiName] = api;
-    }
+    apis[apiName] = api;
   }
 
   validateContentTypesUnicity(apis);

package/lib/core/loaders/index.js

@@ -8,4 +8,5 @@ module.exports = {
   loadPolicies: require('./policies'),
   loadPlugins: require('./plugins'),
   loadAdmin: require('./admin'),
+  loadSanitizers: require('./sanitizers'),
 };

package/lib/core/loaders/sanitizers.js

@@ -0,0 +1,5 @@
+'use strict';
+
+module.exports = strapi => {
+  strapi.container.get('sanitizers').set('content-api', { input: [], output: [] });
+};

package/lib/core/registries/sanitizers.js

@@ -0,0 +1,26 @@
+'use strict';
+
+const _ = require('lodash');
+
+const sanitizersRegistry = () => {
+  const sanitizers = {};
+
+  return {
+    get(path) {
+      return _.get(sanitizers, path, []);
+    },
+    add(path, sanitizer) {
+      this.get(path).push(sanitizer);
+      return this;
+    },
+    set(path, value = []) {
+      _.set(sanitizers, path, value);
+      return this;
+    },
+    has(path) {
+      return _.has(sanitizers, path);
+    },
+  };
+};
+
+module.exports = sanitizersRegistry;

package/lib/middlewares/body.js

@@ -3,12 +3,23 @@
 const fse = require('fs-extra');
 const { defaultsDeep, get } = require('lodash/fp');
 const body = require('koa-body');
+const mime = require('mime-types');
 
 const defaults = {
   multipart: true,
   patchKoa: true,
 };
 
+function ensureFileMimeType(file) {
+  if (!file.type) {
+    file.type = mime.lookup(file.name) || 'application/octet-stream';
+  }
+}
+
+function getFiles(ctx) {
+  return get('request.files.files', ctx);
+}
+
 /**
  * @type {import('./').MiddlewareFactory}
  */
@@ -18,21 +29,38 @@ module.exports = config => {
   return async (ctx, next) => {
     // TODO: find a better way later
     if (ctx.url === '/graphql') {
-      return next();
-    }
+      await next();
+    } else {
+      try {
+        await body({ patchKoa: true, ...bodyConfig })(ctx, () => {});
 
-    try {
-      await body({ patchKoa: true, ...bodyConfig })(ctx, next);
-    } catch (e) {
-      if ((e || {}).message && e.message.includes('maxFileSize exceeded')) {
-        return ctx.payloadTooLarge('FileTooBig');
-      }
+        const files = getFiles(ctx);
 
-      throw e;
+        /**
+         * in case the mime-type wasn't sent, Strapi tries to guess it
+         * from the file extension, to avoid a corrupt database state
+         */
+        if (files) {
+          if (Array.isArray(files)) {
+            files.forEach(ensureFileMimeType);
+          } else {
+            ensureFileMimeType(files);
+          }
+        }
+
+        await next();
+      } catch (e) {
+        if ((e || {}).message && e.message.includes('maxFileSize exceeded')) {
+          return ctx.payloadTooLarge('FileTooBig');
+        }
+
+        throw e;
+      }
     }
 
+    const files = getFiles(ctx);
+
     // clean any file that was uploaded
-    const files = get('request.files.files', ctx);
     if (files) {
       if (Array.isArray(files)) {
         // not awaiting to not slow the request

package/lib/services/entity-validator/validators.js

@@ -166,7 +166,9 @@ const stringValidator = composeValidators(
   addUniqueValidator
 );
 
-const emailValidator = composeValidators(stringValidator, validator => validator.email());
+const emailValidator = composeValidators(stringValidator, validator =>
+  validator.email().min(1, '${path} cannot be empty')
+);
 
 const uidValidator = composeValidators(stringValidator, validator =>
   validator.matches(new RegExp('^[A-Za-z0-9-_.~]*$'))

package/lib/utils/update-notifier/index.js

@@ -20,7 +20,7 @@ const boxenOptions = {
   borderStyle: 'round',
 };
 
-const geUpdatetMessage = (newVersion, currentVersion) => {
+const getUpdateMessage = (newVersion, currentVersion) => {
   const currentVersionLog = chalk.dim(currentVersion);
   const newVersionLog = chalk.green(newVersion);
   const releaseLink = chalk.bold('https://github.com/strapi/strapi/releases');
@@ -78,7 +78,7 @@ const createUpdateNotifier = strapi => {
       return;
     }
 
-    const message = boxen(geUpdatetMessage(latestVersion, pkg.version), boxenOptions);
+    const message = boxen(getUpdateMessage(latestVersion, pkg.version), boxenOptions);
     config.set('lastNotification', now);
     console.log(message);
   };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@strapi/strapi",
-  "version": "4.1.10-beta.0",
+  "version": "4.1.12",
   "description": "An open source headless CMS solution to create and manage your own API. It provides a powerful dashboard and features to make your life easier. Databases supported: MySQL, MariaDB, PostgreSQL, SQLite",
   "keywords": [
     "strapi",
@@ -80,16 +80,16 @@
   "dependencies": {
     "@koa/cors": "3.1.0",
     "@koa/router": "10.1.1",
-    "@strapi/admin": "4.1.10-beta.0",
-    "@strapi/database": "4.1.10-beta.0",
-    "@strapi/generate-new": "4.1.10-beta.0",
-    "@strapi/generators": "4.1.10-beta.0",
-    "@strapi/logger": "4.1.10-beta.0",
-    "@strapi/plugin-content-manager": "4.1.10-beta.0",
-    "@strapi/plugin-content-type-builder": "4.1.10-beta.0",
-    "@strapi/plugin-email": "4.1.10-beta.0",
-    "@strapi/plugin-upload": "4.1.10-beta.0",
-    "@strapi/utils": "4.1.10-beta.0",
+    "@strapi/admin": "4.1.12",
+    "@strapi/database": "4.1.12",
+    "@strapi/generate-new": "4.1.12",
+    "@strapi/generators": "4.1.12",
+    "@strapi/logger": "4.1.12",
+    "@strapi/plugin-content-manager": "4.1.12",
+    "@strapi/plugin-content-type-builder": "4.1.12",
+    "@strapi/plugin-email": "4.1.12",
+    "@strapi/plugin-upload": "4.1.12",
+    "@strapi/utils": "4.1.12",
     "bcryptjs": "2.4.3",
     "boxen": "5.1.2",
     "chalk": "4.1.2",
@@ -117,6 +117,7 @@
     "koa-session": "6.2.0",
     "koa-static": "5.0.0",
     "lodash": "4.17.21",
+    "mime-types": "2.1.35",
     "node-fetch": "2.6.7",
     "node-machine-id": "1.1.12",
     "node-schedule": "2.0.0",
@@ -136,5 +137,5 @@
     "node": ">=12.22.0 <=16.x.x",
     "npm": ">=6.0.0"
   },
-  "gitHead": "a9082d9a3b26bf0abeb8e45d4507d5329e9ae733"
+  "gitHead": "ab698015cfc4f43fa0ce2ae94ec59e00a67e4cda"
 }