@strapi/strapi 4.6.0-beta.1 → 4.6.0

package/README.md

@@ -80,25 +80,29 @@ Complete installation requirements can be found in the documentation under <a hr
 - CentOS/RHEL 8
 - macOS Mojave
 - Windows 10
-- Docker - [Docker-Repo](https://github.com/strapi/strapi-docker)
+- Docker
 
 (Please note that Strapi may work on other operating systems, but these are not tested nor officially supported at this time.)
 
 **Node:**
 
-- NodeJS >= 14 <= 18
-- NPM >= 6.x
+Strapi only supports maintenance and LTS versions of Node.js. Please refer to the <a href="https://nodejs.org/en/about/releases/">Node.js release schedule</a> for more information. NPM versions installed by default with Node.js are supported. Generally it's recommended to use yarn over npm where possible.
+
+| Strapi Version | Recommended | Minimum |
+| -------------- | ----------- | ------- |
+| 4.3.9 and up   | 18.x        | 14.x    |
+| 4.0.x to 4.3.8 | 16.x        | 14.x    |
 
 **Database:**
 
-| Database   | Minimum | Recommended |
-| ---------- | ------- | ----------- |
-| MySQL      | 5.7.8   | 8.0         |
-| MariaDB    | 10.3    | 10.6        |
-| PostgreSQL | 11.0    | 14.0        |
-| SQLite     | 3       | 3           |
+| Database   | Recommended | Minimum |
+| ---------- | ----------- | ------- |
+| MySQL      | 8.0         | 5.7.8   |
+| MariaDB    | 10.6        | 10.3    |
+| PostgreSQL | 14.0        | 11.0    |
+| SQLite     | 3           | 3       |
 
-**We recommend always using the latest version of Strapi to start your new projects**.
+**We recommend always using the latest version of Strapi stable to start your new projects**.
 
 ## Features
 

package/bin/strapi.js

@@ -14,7 +14,21 @@ const inquirer = require('inquirer');
 const program = new Command();
 
 const packageJSON = require('../package.json');
-const { promptEncryptionKey, confirmMessage } = require('../lib/commands/utils/commander');
+const {
+  promptEncryptionKey,
+  confirmMessage,
+  forceOption,
+} = require('../lib/commands/utils/commander');
+const { exitWith } = require('../lib/commands/utils/helpers');
+const {
+  excludeOption,
+  onlyOption,
+  validateExcludeOnly,
+} = require('../lib/commands/transfer/utils');
+
+process.on('SIGINT', () => {
+  process.exit();
+});
 
 const checkCwdIsStrapiApp = (name) => {
   const logErrorAndExit = () => {
@@ -258,10 +272,65 @@ program
   .option('-s, --silent', `Run the generation silently, without any output`, false)
   .action(getLocalScript('ts/generate-types'));
 
+// if (process.env.STRAPI_EXPERIMENTAL === 'true') {
+//   // `$ strapi transfer`
+//   program
+//     .command('transfer')
+//     .description('Transfer data from one source to another')
+//     .allowExcessArguments(false)
+//     .addOption(
+//       new Option(
+//         '--from <sourceURL>',
+//         `URL of the remote Strapi instance to get data from`
+//       ).argParser(parseURL)
+//     )
+//     .addOption(
+//       new Option(
+//         '--to <destinationURL>',
+//         `URL of the remote Strapi instance to send data to`
+//       ).argParser(parseURL)
+//     )
+//     .addOption(forceOption)
+//     // Validate URLs
+//     .hook(
+//       'preAction',
+//       ifOptions(
+//         (opts) => opts.from,
+//         (thisCommand) => assertUrlHasProtocol(thisCommand.opts().from, ['https:', 'http:'])
+//       )
+//     )
+//     .hook(
+//       'preAction',
+//       ifOptions(
+//         (opts) => opts.to,
+//         (thisCommand) => assertUrlHasProtocol(thisCommand.opts().to, ['https:', 'http:'])
+//       )
+//     )
+//     .hook(
+//       'preAction',
+//       ifOptions(
+//         (opts) => !opts.from && !opts.to,
+//         () => exitWith(1, 'At least one source (from) or destination (to) option must be provided')
+//       )
+//     )
+//     .addOption(forceOption)
+//     .addOption(excludeOption)
+//     .addOption(onlyOption)
+//     .hook('preAction', validateExcludeOnly)
+//     .hook(
+//       'preAction',
+//       confirmMessage(
+//         'The import will delete all data in the remote database. Are you sure you want to proceed?'
+//       )
+//     )
+//     .action(getLocalScript('transfer/transfer'));
+// }
+
 // `$ strapi export`
 program
   .command('export')
   .description('Export data from Strapi to file')
+  .allowExcessArguments(false)
   .addOption(
     new Option('--no-encrypt', `Disables 'aes-128-ecb' encryption of the output file`).default(true)
   )
@@ -273,7 +342,9 @@ program
     )
   )
   .addOption(new Option('-f, --file <file>', 'name to use for exported file (without extensions)'))
-  .allowExcessArguments(false)
+  .addOption(excludeOption)
+  .addOption(onlyOption)
+  .hook('preAction', validateExcludeOnly)
   .hook('preAction', promptEncryptionKey)
   .action(getLocalScript('transfer/export'));
 
@@ -281,6 +352,7 @@ program
 program
   .command('import')
   .description('Import data from file to Strapi')
+  .allowExcessArguments(false)
   .requiredOption(
     '-f, --file <file>',
     'path and filename for the Strapi export file you want to import'
@@ -291,7 +363,10 @@ program
       'Provide encryption key in command instead of using the prompt'
     )
   )
-  .allowExcessArguments(false)
+  .addOption(forceOption)
+  .addOption(excludeOption)
+  .addOption(onlyOption)
+  .hook('preAction', validateExcludeOnly)
   .hook('preAction', async (thisCommand) => {
     const opts = thisCommand.opts();
     const ext = path.extname(String(opts.file));
@@ -307,13 +382,34 @@ program
           },
         ]);
         if (!answers.key?.length) {
-          console.log('No key entered, aborting import.');
-          process.exit(0);
+          exitWith(0, 'No key entered, aborting import.');
         }
         opts.key = answers.key;
       }
     }
   })
+  // set decrypt and decompress options based on filename
+  .hook('preAction', (thisCommand) => {
+    const opts = thisCommand.opts();
+
+    const { extname, parse } = path;
+
+    let file = opts.file;
+
+    if (extname(file) === '.enc') {
+      file = parse(file).name; // trim the .enc extension
+      thisCommand.opts().decrypt = true;
+    } else {
+      thisCommand.opts().decrypt = false;
+    }
+
+    if (extname(file) === '.gz') {
+      file = parse(file).name; // trim the .gz extension
+      thisCommand.opts().decompress = true;
+    } else {
+      thisCommand.opts().decompress = false;
+    }
+  })
   .hook(
     'preAction',
     confirmMessage(

package/ee/ee-store.js

@@ -0,0 +1,18 @@
+'use strict';
+
+const eeStoreModel = {
+  uid: 'strapi::ee-store',
+  collectionName: 'strapi_ee_store_settings',
+  attributes: {
+    key: {
+      type: 'string',
+    },
+    value: {
+      type: 'text',
+    },
+  },
+};
+
+module.exports = {
+  eeStoreModel,
+};

package/ee/index.js

@@ -0,0 +1,173 @@
+'use strict';
+
+const { pick } = require('lodash/fp');
+
+const { readLicense, verifyLicense, fetchLicense, LicenseCheckError } = require('./license');
+const { eeStoreModel } = require('./ee-store');
+const { shiftCronExpression } = require('../lib/utils/cron');
+
+const ONE_MINUTE = 1000 * 60;
+
+const ee = {
+  enabled: false,
+  licenseInfo: {},
+};
+
+const disable = (message) => {
+  ee.logger?.warn(`${message} Switching to CE.`);
+  // Only keep the license key for potential re-enabling during a later check
+  ee.licenseInfo = pick('licenseKey', ee.licenseInfo);
+  ee.enabled = false;
+};
+
+let initialized = false;
+
+/**
+ * Optimistically enable EE if the format of the license is valid, only run once.
+ */
+const init = (licenseDir, logger) => {
+  if (initialized) {
+    return;
+  }
+
+  initialized = true;
+  ee.logger = logger;
+
+  if (process.env.STRAPI_DISABLE_EE?.toLowerCase() === 'true') {
+    return;
+  }
+
+  try {
+    const license = process.env.STRAPI_LICENSE || readLicense(licenseDir);
+
+    if (license) {
+      ee.licenseInfo = verifyLicense(license);
+      ee.enabled = true;
+    }
+  } catch (error) {
+    disable(error.message);
+  }
+};
+
+/**
+ * Contact the license registry to update the license to its latest state.
+ *
+ * Store the result in database to avoid unecessary requests, and will fallback to that in case of a network failure.
+ */
+const onlineUpdate = async ({ strapi }) => {
+  const { get, commit, rollback } = await strapi.db.transaction();
+  const transaction = get();
+
+  try {
+    const storedInfo = await strapi.db
+      .queryBuilder(eeStoreModel.uid)
+      .where({ key: 'ee_information' })
+      .select('value')
+      .first()
+      .transacting(transaction)
+      .forUpdate()
+      .execute()
+      .then((result) => (result ? JSON.parse(result.value) : result));
+
+    const shouldContactRegistry = (storedInfo?.lastCheckAt ?? 0) < Date.now() - ONE_MINUTE;
+    const result = { lastCheckAt: Date.now() };
+
+    const fallback = (error) => {
+      if (error instanceof LicenseCheckError && error.shouldFallback && storedInfo?.license) {
+        ee.logger?.warn(
+          `${error.message} The last stored one will be used as a potential fallback.`
+        );
+        return storedInfo.license;
+      }
+
+      result.error = error.message;
+      disable(error.message);
+    };
+
+    const license = shouldContactRegistry
+      ? await fetchLicense(ee.licenseInfo.licenseKey, strapi.config.get('uuid')).catch(fallback)
+      : storedInfo.license;
+
+    if (license) {
+      try {
+        ee.licenseInfo = verifyLicense(license);
+        validateInfo();
+      } catch (error) {
+        disable(error.message);
+      }
+    } else if (!shouldContactRegistry) {
+      disable(storedInfo.error);
+    }
+
+    if (shouldContactRegistry) {
+      result.license = license ?? null;
+      const query = strapi.db.queryBuilder(eeStoreModel.uid).transacting(transaction);
+
+      if (!storedInfo) {
+        query.insert({ key: 'ee_information', value: JSON.stringify(result) });
+      } else {
+        query.update({ value: JSON.stringify(result) }).where({ key: 'ee_information' });
+      }
+
+      await query.execute();
+    }
+
+    await commit();
+  } catch (error) {
+    // Example of errors: SQLite does not support FOR UPDATE
+    await rollback();
+  }
+};
+
+const validateInfo = () => {
+  const expirationTime = new Date(ee.licenseInfo.expireAt).getTime();
+
+  if (expirationTime < new Date().getTime()) {
+    return disable('License expired.');
+  }
+
+  ee.enabled = true;
+};
+
+const checkLicense = async ({ strapi }) => {
+  const shouldStayOffline =
+    ee.licenseInfo.type === 'gold' &&
+    // This env variable support is temporarily used to ease the migration between online vs offline
+    process.env.STRAPI_DISABLE_LICENSE_PING?.toLowerCase() === 'true';
+
+  if (!shouldStayOffline) {
+    await onlineUpdate({ strapi });
+    strapi.cron.add({ [shiftCronExpression('0 0 */12 * * *')]: onlineUpdate });
+  } else {
+    if (!ee.licenseInfo.expireAt) {
+      return disable('Your license does not have offline support.');
+    }
+
+    validateInfo();
+  }
+};
+
+const list = () => {
+  return (
+    ee.licenseInfo.features?.map((feature) =>
+      typeof feature === 'object' ? feature : { name: feature }
+    ) || []
+  );
+};
+
+const get = (featureName) => list().find((feature) => feature.name === featureName);
+
+module.exports = Object.freeze({
+  init,
+  checkLicense,
+
+  get isEE() {
+    return ee.enabled;
+  },
+
+  features: Object.freeze({
+    list,
+    get,
+    isEnabled: (featureName) => get(featureName) !== undefined,
+  }),
+});

package/ee/license.js

@@ -0,0 +1,102 @@
+'use strict';
+
+const fs = require('fs');
+const { join } = require('path');
+const crypto = require('crypto');
+const fetch = require('node-fetch');
+
+const machineId = require('../lib/utils/machine-id');
+
+const DEFAULT_FEATURES = {
+  bronze: [],
+  silver: [],
+  gold: ['sso', { name: 'audit-logs', options: { retentionDays: 90 } }],
+};
+
+const publicKey = fs.readFileSync(join(__dirname, 'resources/key.pub'));
+
+class LicenseCheckError extends Error {
+  constructor(message, shouldFallback = false) {
+    super(message);
+
+    this.shouldFallback = shouldFallback;
+  }
+}
+
+const readLicense = (directory) => {
+  try {
+    const path = join(directory, 'license.txt');
+    return fs.readFileSync(path).toString();
+  } catch (error) {
+    if (error.code !== 'ENOENT') {
+      throw Error('License file not readable, review its format and access rules.');
+    }
+  }
+};
+
+const verifyLicense = (license) => {
+  const [signature, base64Content] = Buffer.from(license, 'base64').toString().split('\n');
+
+  if (!signature || !base64Content) {
+    throw new Error('Invalid license.');
+  }
+
+  const stringifiedContent = Buffer.from(base64Content, 'base64').toString();
+
+  const verify = crypto.createVerify('RSA-SHA256');
+  verify.update(stringifiedContent);
+  verify.end();
+
+  const verified = verify.verify(publicKey, signature, 'base64');
+
+  if (!verified) {
+    throw new Error('Invalid license.');
+  }
+
+  const licenseInfo = JSON.parse(stringifiedContent);
+
+  if (!licenseInfo.features) {
+    licenseInfo.features = DEFAULT_FEATURES[licenseInfo.type];
+  }
+
+  Object.freeze(licenseInfo.features);
+  return licenseInfo;
+};
+
+const throwError = () => {
+  throw new LicenseCheckError('Could not proceed to the online validation of your license.', true);
+};
+
+const fetchLicense = async (key, projectId) => {
+  const response = await fetch(`https://license.strapi.io/api/licenses/validate`, {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify({ key, projectId, deviceId: machineId() }),
+  }).catch(throwError);
+
+  const contentType = response.headers.get('Content-Type');
+
+  if (contentType.includes('application/json')) {
+    const { data, error } = await response.json();
+
+    switch (response.status) {
+      case 200:
+        return data.license;
+      case 400:
+        throw new LicenseCheckError(error.message);
+      case 404:
+        throw new LicenseCheckError('The license used does not exists.');
+      default:
+        throwError();
+    }
+  } else {
+    throwError();
+  }
+};
+
+module.exports = Object.freeze({
+  readLicense,
+  verifyLicense,
+  fetchLicense,
+  LicenseCheckError,
+});

package/lib/Strapi.js

@@ -17,6 +17,7 @@ const { createServer } = require('./services/server');
 const createWebhookRunner = require('./services/webhook-runner');
 const { webhookModel, createWebhookStore } = require('./services/webhook-store');
 const { createCoreStore, coreStoreModel } = require('./services/core-store');
+const { eeStoreModel } = require('../ee/ee-store');
 const createEntityService = require('./services/entity-service');
 const createCronService = require('./services/cron');
 const entityValidator = require('./services/entity-validator');
@@ -120,16 +121,20 @@ class Strapi {
     this.customFields = createCustomFields(this);
 
     createUpdateNotifier(this).notify();
+
+    Object.defineProperty(this, 'EE', {
+      get: () => {
+        ee.init(this.dirs.app.root, this.log);
+        return ee.isEE;
+      },
+      configurable: false,
+    });
   }
 
   get config() {
     return this.container.get('config');
   }
 
-  get EE() {
-    return ee({ dir: this.dirs.app.root, logger: this.log });
-  }
-
   get services() {
     return this.container.get('services').getAll();
   }
@@ -225,7 +230,7 @@ class Strapi {
 
     await this.runLifecyclesFunctions(LIFECYCLES.DESTROY);
 
-    this.eventHub.removeAllListeners();
+    this.eventHub.destroy();
 
     if (_.has(this, 'db')) {
       await this.db.destroy();
@@ -404,6 +409,7 @@ class Strapi {
     const contentTypes = [
       coreStoreModel,
       webhookModel,
+      eeStoreModel,
       ...Object.values(strapi.contentTypes),
       ...Object.values(strapi.components),
     ];
@@ -447,6 +453,10 @@ class Strapi {
 
     await this.db.schema.sync();
 
+    if (this.EE) {
+      await ee.checkLicense({ strapi: this });
+    }
+
     await this.hook('strapi::content-types.afterSync').call({
       oldContentTypes,
       contentTypes: strapi.contentTypes,

package/lib/commands/builders/admin.js

@@ -30,7 +30,7 @@ module.exports = async ({ buildDestDir, forceBuild = true, optimization, srcDir
   // Always remove the .cache and build folders
   await strapiAdmin.clean({ appDir: srcDir, buildDestDir });
 
-  ee({ dir: srcDir });
+  ee.init(srcDir);
 
   return strapiAdmin
     .build({