@webbycrown/strapi-advanced-sitemap 1.0.3

package/dist/server/src/services/service.js

@@ -0,0 +1,371 @@
+'use strict';
+
+const XML_HEADER = '<?xml version="1.0" encoding="UTF-8"?>';
+const SITEMAP_NAMESPACE = 'http://www.sitemaps.org/schemas/sitemap/0.9';
+const XHTML_NAMESPACE = 'http://www.w3.org/1999/xhtml';
+const IMAGE_NAMESPACE = 'http://www.google.com/schemas/sitemap-image/1.1';
+
+const escapeXml = (value = '') =>
+  value
+    .replace(/&/g, '&amp;')
+    .replace(/"/g, '&quot;')
+    .replace(/'/g, '&apos;')
+    .replace(/</g, '&lt;')
+    .replace(/>/g, '&gt;');
+
+const toNumberOrNull = (value) => {
+  if (typeof value === 'number' && Number.isFinite(value)) {
+    return value;
+  }
+
+  if (typeof value === 'string' && value.trim() !== '') {
+    const parsed = Number(value);
+    return Number.isFinite(parsed) ? parsed : null;
+  }
+
+  return null;
+};
+
+const clampPriority = (value) => {
+  if (value === null || value === undefined || Number.isNaN(value)) {
+    return null;
+  }
+
+  const numeric = Math.min(Math.max(Number(value), 0), 1);
+  return Number(numeric.toFixed(3));
+};
+
+const formatPriority = (priority) => {
+  if (priority === null || priority === undefined) {
+    return null;
+  }
+
+  return priority % 1 === 0 ? priority.toString() : priority.toFixed(1).replace(/0+$/, '').replace(/\.$/, '');
+};
+
+const sanitizeManualSitemap = (input = {}) => {
+  const kind = input.kind === 'index' ? 'index' : 'single';
+
+  return {
+    name: typeof input.name === 'string' ? input.name : '',
+    kind,
+    basePath: typeof input.basePath === 'string' ? trimSlashes(input.basePath) : '',
+    filename: typeof input.filename === 'string' ? input.filename : '',
+    urls: Array.isArray(input.urls)
+      ? input.urls.map((url = {}) => ({
+          loc: typeof url.loc === 'string' ? url.loc : '',
+          priority: kind === 'single' ? clampPriority(toNumberOrNull(url.priority)) : null,
+        }))
+      : [],
+  };
+};
+
+const sanitizeCollectionConfig = (strapi, input = {}) => {
+  let type = typeof input.type === 'string' ? input.type : '';
+
+  if (type && !type.includes('::')) {
+    const match = Object.values(strapi.contentTypes).find((ct) => ct.info?.singularName === type || ct.uid === type);
+    if (match) {
+      type = match.uid;
+    }
+  }
+
+  const fallbackFrequency = 'weekly';
+
+  return {
+    id: input.id,
+    type,
+    subPath: typeof input.subPath === 'string' ? trimSlashes(input.subPath) : '',
+    pattern: typeof input.pattern === 'string' ? input.pattern : '',
+    priority: clampPriority(toNumberOrNull(input.priority)),
+    frequency: typeof input.frequency === 'string' && input.frequency.trim() !== '' ? input.frequency : fallbackFrequency,
+    lastModified: typeof input.lastModified === 'string' ? input.lastModified : String(Boolean(input.lastModified)),
+    basePath: typeof input.basePath === 'string' ? trimSlashes(input.basePath) : '',
+    filename: typeof input.filename === 'string' ? trimSlashes(input.filename) : '',
+    createdAt: input.createdAt || null,
+  };
+};
+
+const ensureLeadingSlash = (value = '') => (value.startsWith('/') ? value : `/${value}`);
+const trimSlashes = (value = '') => value.replace(/^\/+/, '').replace(/\/+$/, '');
+const joinUrlSegments = (segments = []) => segments.filter(Boolean).join('/');
+
+const resolveManualSitemapPublicUrl = (baseUrl = '', sitemap = {}) => {
+  const filename = trimSlashes(sitemap?.filename || '');
+  if (!filename) {
+    return null;
+  }
+
+  if (/^https?:\/\//i.test(filename)) {
+    return filename;
+  }
+
+  const trimmedBaseUrl = baseUrl.replace(/\/+$/, '');
+  if (!trimmedBaseUrl) {
+    return null;
+  }
+
+  const basePath = trimSlashes(sitemap?.basePath || '');
+  const path = joinUrlSegments([basePath, filename]);
+  return `${trimmedBaseUrl}${ensureLeadingSlash(encodeURI(path))}`;
+};
+
+const resolveCollectionSitemapPublicUrl = (baseUrl = '', config = {}) => {
+  const filename = trimSlashes(config?.filename || '');
+  if (!filename) {
+    return null;
+  }
+
+  if (/^https?:\/\//i.test(filename)) {
+    return filename;
+  }
+
+  const trimmedBaseUrl = baseUrl.replace(/\/+$/, '');
+  if (!trimmedBaseUrl) {
+    return null;
+  }
+
+  const basePath = trimSlashes(config?.basePath || '');
+  const path = joinUrlSegments([basePath, filename]);
+  return `${trimmedBaseUrl}${ensureLeadingSlash(encodeURI(path))}`;
+};
+
+const extractTokens = (pattern = '') => {
+  const matches = pattern.match(/\[[^\]]+]/g) || [];
+  return matches.map((token) => token.slice(1, -1)).filter(Boolean);
+};
+
+const getDeepValue = (entry, path) => {
+  if (!path) {
+    return undefined;
+  }
+
+  return path.split('.').reduce((acc, key) => (acc && acc[key] !== undefined ? acc[key] : undefined), entry);
+};
+
+module.exports = ({ strapi }) => {
+  const manualSitemapsStore = () =>
+    strapi.store({
+      type: 'plugin',
+      name: 'strapi-advanced-sitemap',
+      key: 'manual-sitemaps',
+    });
+
+  const collectionConfigUid = 'plugin::strapi-advanced-sitemap.strapi-advanced-sitemap-content-type';
+  const optionUid = 'plugin::strapi-advanced-sitemap.strapi-advanced-sitemap-option';
+
+  /**
+   * @param {string} uid
+   */
+  const fetchAllEntries = async (uid) => {
+    if (!uid) {
+      return [];
+    }
+
+    const pageSize = 500;
+    let page = 1;
+    const all = [];
+
+    while (true) {
+      const schema = strapi.getModel(uid);
+      const hasDraft = schema?.options?.draftAndPublish;
+      const query = {
+        publicationState: hasDraft ? 'live' : undefined,
+        pagination: { page, pageSize },
+      };
+
+      // Always include key meta fields to compute last modified
+      query.fields = undefined;
+
+      const batch = await strapi.entityService.findMany(uid, query);
+
+      if (!Array.isArray(batch) || batch.length === 0) {
+        break;
+      }
+
+      all.push(...batch);
+
+      if (batch.length < pageSize) {
+        break;
+      }
+
+      page += 1;
+    }
+
+    return all;
+  };
+
+  const resolveBaseUrl = (configured, fallback) => {
+    if (configured && /^https?:\/\//i.test(configured)) {
+      return configured.replace(/\/+$/, '');
+    }
+    return fallback.replace(/\/+$/, '');
+  };
+
+  return {
+    async getManualSitemaps() {
+      const stored = (await manualSitemapsStore().get()) || [];
+      return stored.map(sanitizeManualSitemap);
+    },
+
+    async setManualSitemaps(sitemaps = []) {
+      const sanitized = Array.isArray(sitemaps) ? sitemaps.map(sanitizeManualSitemap) : [];
+      await manualSitemapsStore().set({ value: sanitized });
+      return sanitized;
+    },
+
+    async getCollectionConfigs() {
+      const results = await strapi.entityService.findMany(collectionConfigUid, {
+        sort: [{ createdAt: 'asc' }, { id: 'asc' }],
+      });
+
+      return Array.isArray(results) ? results.map((item) => sanitizeCollectionConfig(strapi, item)) : [];
+    },
+
+    async getConfiguredBaseUrl() {
+      const data = await strapi.entityService.findMany(optionUid);
+      const single = Array.isArray(data) ? data[0] : data;
+      const baseUrl = single?.baseUrl;
+      return typeof baseUrl === 'string' && baseUrl.trim() !== '' ? baseUrl.trim() : null;
+    },
+
+    buildManualSitemapIndex(sitemaps = [], publicBaseUrl = '') {
+      const entries = sitemaps
+        .map((sitemap) => resolveManualSitemapPublicUrl(publicBaseUrl, sitemap))
+        .filter(Boolean)
+        .map((loc) => `<sitemap><loc>${escapeXml(loc)}</loc></sitemap>`) // prettier-ignore
+        .join('');
+
+      return `${XML_HEADER}<sitemapindex xmlns="${SITEMAP_NAMESPACE}">${entries}</sitemapindex>`;
+    },
+
+    buildManualSitemapFile(sitemap = {}, baseUrl = '') {
+      const sanitized = sanitizeManualSitemap(sitemap);
+
+      if (sanitized.kind === 'index') {
+        const entries = (sanitized.urls || [])
+          .filter((url) => typeof url.loc === 'string' && url.loc.trim() !== '')
+          .map((url) => {
+            if (/^https?:\/\//i.test(url.loc)) {
+              return `<sitemap><loc>${escapeXml(url.loc)}</loc></sitemap>`;
+            }
+
+            const trimmedBase = baseUrl.replace(/\/+$/, '');
+            const slug = trimSlashes(url.loc);
+            const absoluteUrl = slug ? `${trimmedBase}${ensureLeadingSlash(slug)}` : trimmedBase;
+            return `<sitemap><loc>${escapeXml(absoluteUrl)}</loc></sitemap>`;
+          })
+          .join('');
+
+        return `${XML_HEADER}<sitemapindex xmlns="${SITEMAP_NAMESPACE}">${entries}</sitemapindex>`;
+      }
+
+      const urls = (sanitized.urls || [])
+        .filter((url) => typeof url.loc === 'string' && url.loc.trim() !== '')
+        .map((url) => {
+          if (/^https?:\/\//i.test(url.loc)) {
+            const priority = formatPriority(url.priority);
+            const priorityTag = priority ? `<priority>${escapeXml(priority)}</priority>` : '';
+            return `<url><loc>${escapeXml(url.loc)}</loc>${priorityTag}</url>`; // prettier-ignore
+          }
+
+          const trimmedBase = baseUrl.replace(/\/+$/, '');
+          const slug = trimSlashes(url.loc);
+
+          const absoluteUrl = slug ? `${trimmedBase}${ensureLeadingSlash(slug)}` : trimmedBase;
+          const priority = formatPriority(url.priority);
+          const priorityTag = priority ? `<priority>${escapeXml(priority)}</priority>` : '';
+          return `<url><loc>${escapeXml(absoluteUrl)}</loc>${priorityTag}</url>`; // prettier-ignore
+        })
+        .join('');
+
+      return `${XML_HEADER}<urlset xmlns="${SITEMAP_NAMESPACE}" xmlns:xhtml="${XHTML_NAMESPACE}" xmlns:image="${IMAGE_NAMESPACE}">${urls}</urlset>`;
+    },
+
+    buildRootSitemap(manualSitemaps = [], collectionConfigs = [], { apiBaseUrl = '', publicBaseUrl = '' } = {}) {
+      const trimmedApiBase = apiBaseUrl.replace(/\/+$/, '');
+      const manualEntries = manualSitemaps
+        .map((sitemap) => resolveManualSitemapPublicUrl(publicBaseUrl, sitemap))
+        .filter(Boolean)
+        .map((loc) => `<sitemap><loc>${escapeXml(loc)}</loc></sitemap>`);
+
+      const collectionEntries = collectionConfigs
+        .map((config) => {
+          if (config.id === undefined) {
+            return null;
+          }
+
+          const publicUrl = resolveCollectionSitemapPublicUrl(publicBaseUrl, config);
+          if (publicUrl) {
+            return `<sitemap><loc>${escapeXml(publicUrl)}</loc></sitemap>`;
+          }
+
+          return `<sitemap><loc>${escapeXml(`${trimmedApiBase}/collection-sitemaps/${encodeURIComponent(String(config.id))}.xml`)}</loc></sitemap>`;
+        })
+        .filter(Boolean);
+
+      const allEntries = [...manualEntries, ...collectionEntries].join('');
+
+      return `${XML_HEADER}<sitemapindex xmlns="${SITEMAP_NAMESPACE}">${allEntries}</sitemapindex>`;
+    },
+
+    async buildCollectionSitemapFile(config = {}, baseUrl = '') {
+      const sanitizedConfig = sanitizeCollectionConfig(strapi, config);
+
+      if (!sanitizedConfig.type || !sanitizedConfig.pattern) {
+        return `${XML_HEADER}<urlset xmlns="${SITEMAP_NAMESPACE}" xmlns:xhtml="${XHTML_NAMESPACE}" xmlns:image="${IMAGE_NAMESPACE}"></urlset>`;
+      }
+
+      const tokens = extractTokens(sanitizedConfig.pattern);
+      const entries = await fetchAllEntries(sanitizedConfig.type);
+      const trimmedBase = baseUrl.replace(/\/+$/, '');
+
+      const urls = entries
+        .map((entry) => {
+          let resolvedPath = sanitizedConfig.pattern;
+
+          for (const token of tokens) {
+            const rawValue = getDeepValue(entry, token);
+            if (rawValue === null || rawValue === undefined) {
+              return null;
+            }
+            resolvedPath = resolvedPath.replace(`[${token}]`, String(rawValue));
+          }
+
+          if (resolvedPath.includes('[')) {
+            return null;
+          }
+
+          if (!/^https?:\/\//i.test(resolvedPath)) {
+            const joined = joinUrlSegments([sanitizedConfig.subPath, trimSlashes(resolvedPath)]);
+            resolvedPath = `${trimmedBase}${ensureLeadingSlash(joined)}`;
+          }
+
+          const absoluteUrl = resolvedPath;
+
+          const priorityValue = formatPriority(sanitizedConfig.priority);
+          const priorityTag = priorityValue ? `<priority>${escapeXml(priorityValue)}</priority>` : '';
+          const changeFreqTag = sanitizedConfig.frequency ? `<changefreq>${escapeXml(sanitizedConfig.frequency)}</changefreq>` : '';
+
+          let lastModTag = '';
+          if (String(sanitizedConfig.lastModified).toLowerCase() === 'true') {
+            const lastModSource = entry.updatedAt || entry.publishedAt || entry.createdAt;
+            if (lastModSource) {
+              const iso = new Date(lastModSource).toISOString();
+              lastModTag = `<lastmod>${escapeXml(iso)}</lastmod>`;
+            }
+          }
+
+          return `<url><loc>${escapeXml(absoluteUrl)}</loc>${lastModTag}${changeFreqTag}${priorityTag}</url>`; // prettier-ignore
+        })
+        .filter(Boolean)
+        .join('');
+
+      return `${XML_HEADER}<urlset xmlns="${SITEMAP_NAMESPACE}" xmlns:xhtml="${XHTML_NAMESPACE}" xmlns:image="${IMAGE_NAMESPACE}">${urls}</urlset>`;
+    },
+
+    resolveBaseUrl,
+    resolveManualSitemapPublicUrl,
+    resolveCollectionSitemapPublicUrl,
+  };
+};

package/dist/server/src/utils/check-sitemap-permission.js

@@ -0,0 +1,139 @@
+'use strict';
+
+const ACTIONS = {
+  root: 'plugin::strapi-advanced-sitemap.controller.serveRootSitemap',
+  manualIndex: 'plugin::strapi-advanced-sitemap.controller.serveManualSitemapIndex',
+  manualFile: 'plugin::strapi-advanced-sitemap.controller.serveManualSitemapFile',
+  collectionFile: 'plugin::strapi-advanced-sitemap.controller.serveCollectionSitemapFile',
+};
+
+const SITEMAP_PERMISSION_DEFINITIONS = [
+  { controller: 'controller', action: 'serveRootSitemap', uid: ACTIONS.root },
+  { controller: 'controller', action: 'serveManualSitemapIndex', uid: ACTIONS.manualIndex },
+  { controller: 'controller', action: 'serveManualSitemapFile', uid: ACTIONS.manualFile },
+  { controller: 'controller', action: 'serveCollectionSitemapFile', uid: ACTIONS.collectionFile },
+];
+
+const PATCHED_FLAG = Symbol('strapi-advanced-sitemap-permissions-patched');
+
+const patchUsersPermissionsGetActions = (usersPermissionsService) => {
+  if (!usersPermissionsService || usersPermissionsService[PATCHED_FLAG]) {
+    return;
+  }
+
+  const originalGetActions = usersPermissionsService.getActions.bind(usersPermissionsService);
+
+  usersPermissionsService.getActions = (options = {}) => {
+    const result = originalGetActions(options) || {};
+    const defaultEnable = options?.defaultEnable ?? false;
+    const namespace = 'plugin::strapi-advanced-sitemap';
+
+    const currentControllers = result[namespace]?.controllers || {};
+    const patchedControllers = { ...currentControllers };
+
+    SITEMAP_PERMISSION_DEFINITIONS.forEach(({ controller, action }) => {
+      const controllerActions = patchedControllers[controller] ? { ...patchedControllers[controller] } : {};
+      if (!controllerActions[action]) {
+        controllerActions[action] = { enabled: defaultEnable, policy: '' };
+      }
+      patchedControllers[controller] = controllerActions;
+    });
+
+    result[namespace] = {
+      controllers: patchedControllers,
+    };
+
+    return result;
+  };
+
+  usersPermissionsService[PATCHED_FLAG] = true;
+};
+
+const registerSitemapActions = async () => {
+  const permissionsService = strapi.plugin('users-permissions')?.service('users-permissions');
+
+  if (!permissionsService || typeof permissionsService.syncPermissions !== 'function') {
+    return;
+  }
+
+  patchUsersPermissionsGetActions(permissionsService);
+
+  await permissionsService.syncPermissions();
+};
+
+const getRoleIdFromCtx = async (ctx) => {
+  if (ctx.state?.user?.role?.id) {
+    return ctx.state.user.role.id;
+  }
+
+  if (ctx.state?.auth?.credentials?.role?.id) {
+    return ctx.state.auth.credentials.role.id;
+  }
+
+  if (ctx.state?.auth?.strategy?.name === 'api-token') {
+    // API tokens are handled separately via the permissions array on the token
+    return null;
+  }
+
+  const publicRole = await strapi.db.query('plugin::users-permissions.role').findOne({
+    where: { type: 'public' },
+    select: ['id'],
+  });
+
+  return publicRole?.id || null;
+};
+
+const hasApiTokenPermission = (ctx, action) => {
+  if (ctx.state?.auth?.strategy?.name !== 'api-token') {
+    return false;
+  }
+
+  const permissions = ctx.state?.auth?.credentials?.permissions;
+  if (!Array.isArray(permissions)) {
+    return false;
+  }
+
+  return permissions.includes(action);
+};
+
+const isActionEnabledForRole = (rolePermissions, action) => {
+  if (!rolePermissions) {
+    return false;
+  }
+
+  const [namespace, controller, actionName] = action.split('.').slice(-3);
+  const controllerSet = rolePermissions?.[namespace]?.controllers?.[controller];
+  return controllerSet?.[actionName]?.enabled === true;
+};
+
+const ensureSitemapPermission = async (ctx, actionKey) => {
+  const action = ACTIONS[actionKey] || actionKey;
+
+  if (hasApiTokenPermission(ctx, action)) {
+    return true;
+  }
+
+  const roleId = await getRoleIdFromCtx(ctx);
+
+  if (!roleId) {
+    ctx.unauthorized();
+    return false;
+  }
+
+  const roleService = strapi.plugin('users-permissions').service('role');
+  const role = await roleService.findOne(roleId);
+
+  if (isActionEnabledForRole(role.permissions, action)) {
+    return true;
+  }
+
+  ctx.unauthorized();
+  return false;
+};
+
+module.exports = {
+  ACTIONS,
+  registerSitemapActions,
+  ensureSitemapPermission,
+};
+

package/package.json

@@ -0,0 +1,82 @@
+{
+  "name": "@webbycrown/strapi-advanced-sitemap",
+  "version": "1.0.3",
+  "keywords": [
+    "strapi",
+    "plugin",
+    "sitemap",
+    "xml",
+    "seo",
+    "sitemap-generator"
+  ],
+  "type": "commonjs",
+  "exports": {
+    "./package.json": "./package.json",
+    "./strapi-admin": {
+      "source": "./admin/src/index.js",
+      "import": "./dist/admin/index.mjs",
+      "require": "./dist/admin/index.js",
+      "default": "./dist/admin/index.js"
+    },
+    "./strapi-server": {
+      "source": "./server/src/index.js",
+      "import": "./dist/server/index.mjs",
+      "require": "./dist/server/index.js",
+      "default": "./dist/server/index.js"
+    }
+  },
+  "files": [
+    "dist",
+    "README.md",
+    "LICENSE"
+  ],
+  "scripts": {
+    "build": "npm run build:admin && npm run build:server",
+    "build:admin": "strapi-plugin build",
+    "build:server": "node scripts/build-server.js",
+    "watch": "strapi-plugin watch",
+    "watch:link": "strapi-plugin watch:link",
+    "verify": "strapi-plugin verify"
+  },
+  "dependencies": {
+    "@strapi/design-system": "^2.0.0-rc.21",
+    "@strapi/icons": "^2.0.0-rc.23",
+    "react-intl": "^7.1.11"
+  },
+  "devDependencies": {
+    "@strapi/sdk-plugin": "^5.3.2",
+    "@strapi/strapi": "^5.12.5",
+    "prettier": "^3.5.3",
+    "react": "^18.3.1",
+    "react-dom": "^18.3.1",
+    "styled-components": "^6.1.17"
+  },
+  "peerDependencies": {
+    "@strapi/sdk-plugin": "^5.3.2",
+    "@strapi/strapi": "^5.12.5",
+    "react": "^18.3.1",
+    "react-dom": "^18.3.1",
+    "styled-components": "^6.1.17"
+  },
+  "strapi": {
+    "kind": "plugin",
+    "name": "strapi-advanced-sitemap",
+    "displayName": "Strapi Advanced Sitemap",
+    "description": "Flexible sitemap tooling for Strapi: build manual or dynamic XML files, publish sitemap indexes, and control access per role."
+  },
+  "description": "Flexible sitemap tooling for Strapi: build manual or dynamic XML files, publish sitemap indexes, and control access per role.",
+  "license": "MIT",
+  "author": {
+    "name": "WebbyCrown",
+    "email": "info@webbycrown.com",
+    "url": "https://webbycrown.com"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/webbycrown/strapi-advanced-sitemap.git"
+  },
+  "engines": {
+    "node": ">=18.0.0",
+    "npm": ">=8.0.0"
+  }
+}