strapi-plugin-oidc 1.3.2 → 1.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. package/README.md +93 -44
  2. package/dist/admin/{index-D1ypRUlq.mjs → index-8hB6LKml.mjs} +15 -2
  3. package/dist/admin/{index-CFmg9Kxl.mjs → index-BTTGSnuQ.mjs} +142 -9
  4. package/dist/admin/{index-Cse9ex24.js → index-CZDixCh4.js} +15 -2
  5. package/dist/admin/{index-BqyGGX8X.js → index-QZkv75Xp.js} +138 -5
  6. package/dist/admin/index.js +1 -1
  7. package/dist/admin/index.mjs +1 -1
  8. package/dist/server/index.js +169 -126
  9. package/dist/server/index.mjs +169 -126
  10. package/package.json +11 -4
package/dist/server/index.mjs CHANGED
@@ -500,6 +500,48 @@ async function removeEmail(ctx) {
500
500
  await whitelistService2.removeUser(id);
501
501
  ctx.body = {};
502
502
  }
503
+ async function deleteAll(ctx) {
504
+ await strapi.db.query("plugin::strapi-plugin-oidc.whitelists").deleteMany({});
505
+ ctx.body = {};
506
+ }
507
+ async function importUsers(ctx) {
508
+ const { users } = ctx.request.body;
509
+ if (!Array.isArray(users)) {
510
+ ctx.status = 400;
511
+ ctx.body = { error: "Expected { users: [{email, roles}] }" };
512
+ return;
513
+ }
514
+ const allRoles = await strapi.query("admin::role").findMany({});
515
+ const roleNameToId = new Map(allRoles.map((r) => [r.name, String(r.id)]));
516
+ const resolveRole = (nameOrId) => roleNameToId.get(nameOrId) ?? nameOrId;
517
+ const normalized = users.filter((u) => u?.email).map((u) => ({
518
+ email: String(u.email).trim().toLowerCase(),
519
+ roles: (Array.isArray(u.roles) ? u.roles : []).map(resolveRole)
520
+ }));
521
+ const seen = /* @__PURE__ */ new Set();
522
+ const deduped = normalized.filter((u) => {
523
+ if (seen.has(u.email)) return false;
524
+ seen.add(u.email);
525
+ return true;
526
+ });
527
+ const strapiUsers = await strapi.query("admin::user").findMany({
528
+ where: { email: { $in: deduped.map((u) => u.email) } },
529
+ populate: ["roles"]
530
+ });
531
+ const strapiUserMap = new Map(strapiUsers.map((u) => [u.email, u]));
532
+ const whitelistService2 = strapi.plugin("strapi-plugin-oidc").service("whitelist");
533
+ const existing = await whitelistService2.getUsers();
534
+ const existingEmails = new Set(existing.map((u) => u.email));
535
+ let importedCount = 0;
536
+ for (const user of deduped) {
537
+ if (existingEmails.has(user.email)) continue;
538
+ const strapiUser = strapiUserMap.get(user.email);
539
+ const finalRoles = strapiUser?.roles?.length ? strapiUser.roles.map((r) => String(r.id)) : user.roles;
540
+ await whitelistService2.registerUser(user.email, finalRoles);
541
+ importedCount++;
542
+ }
543
+ ctx.body = { importedCount };
544
+ }
503
545
  async function syncUsers(ctx) {
504
546
  let { users } = ctx.request.body;
505
547
  users = users.map((u) => ({ ...u, email: String(u.email).toLowerCase() }));
@@ -541,7 +583,9 @@ const whitelist = {
541
583
  publicSettings,
542
584
  register,
543
585
  removeEmail,
544
- syncUsers
586
+ deleteAll,
587
+ syncUsers,
588
+ importUsers
545
589
  };
546
590
  const controllers = {
547
591
  oidc,
@@ -565,134 +609,133 @@ const rateLimitMiddleware = async (ctx, next) => {
565
609
  rateLimitMap.set(ip, requestStamps);
566
610
  await next();
567
611
  };
568
- const routes = [
569
- {
570
- method: "GET",
571
- path: "/oidc-roles",
572
- handler: "role.find",
573
- config: {
574
- policies: [
575
- "admin::isAuthenticatedAdmin",
576
- { name: "admin::hasPermissions", config: { actions: ["plugin::strapi-plugin-oidc.read"] } }
577
- ]
578
- }
579
- },
580
- {
581
- method: "PUT",
582
- path: "/oidc-roles",
583
- handler: "role.update",
584
- config: {
585
- policies: [
586
- "admin::isAuthenticatedAdmin",
587
- {
588
- name: "admin::hasPermissions",
589
- config: { actions: ["plugin::strapi-plugin-oidc.update"] }
590
- }
591
- ]
592
- }
593
- },
594
- {
595
- method: "GET",
596
- path: "/oidc",
597
- handler: "oidc.oidcSignIn",
598
- config: {
599
- auth: false,
600
- middlewares: [rateLimitMiddleware]
601
- }
602
- },
603
- {
604
- method: "GET",
605
- path: "/oidc/callback",
606
- handler: "oidc.oidcSignInCallback",
607
- config: {
608
- auth: false,
609
- middlewares: [rateLimitMiddleware]
610
- }
611
- },
612
- {
613
- method: "GET",
614
- path: "/logout",
615
- handler: "oidc.logout",
616
- config: {
617
- auth: false
618
- }
619
- },
620
- {
621
- method: "GET",
622
- path: "/whitelist",
623
- handler: "whitelist.info",
624
- config: {
625
- policies: [
626
- "admin::isAuthenticatedAdmin",
627
- { name: "admin::hasPermissions", config: { actions: ["plugin::strapi-plugin-oidc.read"] } }
628
- ]
629
- }
630
- },
631
- {
632
- method: "PUT",
633
- path: "/whitelist/settings",
634
- handler: "whitelist.updateSettings",
635
- config: {
636
- policies: [
637
- "admin::isAuthenticatedAdmin",
638
- {
639
- name: "admin::hasPermissions",
640
- config: { actions: ["plugin::strapi-plugin-oidc.update"] }
641
- }
642
- ]
643
- }
644
- },
645
- {
646
- method: "GET",
647
- path: "/settings/public",
648
- handler: "whitelist.publicSettings",
649
- config: {
650
- auth: false
651
- }
652
- },
653
- {
654
- method: "PUT",
655
- path: "/whitelist/sync",
656
- handler: "whitelist.syncUsers",
657
- config: {
658
- policies: [
659
- "admin::isAuthenticatedAdmin",
660
- {
661
- name: "admin::hasPermissions",
662
- config: { actions: ["plugin::strapi-plugin-oidc.update"] }
663
- }
664
- ]
665
- }
666
- },
667
- {
668
- method: "POST",
669
- path: "/whitelist",
670
- handler: "whitelist.register",
671
- config: {
672
- policies: [
673
- "admin::isAuthenticatedAdmin",
674
- {
675
- name: "admin::hasPermissions",
676
- config: { actions: ["plugin::strapi-plugin-oidc.update"] }
677
- }
678
- ]
612
+ const adminPolicies = (action) => ({
613
+ policies: [
614
+ "admin::isAuthenticatedAdmin",
615
+ {
616
+ name: "admin::hasPermissions",
617
+ config: { actions: [`plugin::strapi-plugin-oidc.${action}`] }
679
618
  }
619
+ ]
620
+ });
621
+ const routes = {
622
+ admin: {
623
+ type: "admin",
624
+ routes: [
625
+ {
626
+ method: "GET",
627
+ path: "/oidc-roles",
628
+ handler: "role.find",
629
+ config: adminPolicies("read")
630
+ },
631
+ {
632
+ method: "PUT",
633
+ path: "/oidc-roles",
634
+ handler: "role.update",
635
+ config: adminPolicies("update")
636
+ },
637
+ {
638
+ method: "GET",
639
+ path: "/oidc",
640
+ handler: "oidc.oidcSignIn",
641
+ config: { auth: false, middlewares: [rateLimitMiddleware] }
642
+ },
643
+ {
644
+ method: "GET",
645
+ path: "/oidc/callback",
646
+ handler: "oidc.oidcSignInCallback",
647
+ config: { auth: false, middlewares: [rateLimitMiddleware] }
648
+ },
649
+ {
650
+ method: "GET",
651
+ path: "/logout",
652
+ handler: "oidc.logout",
653
+ config: { auth: false }
654
+ },
655
+ {
656
+ method: "GET",
657
+ path: "/whitelist",
658
+ handler: "whitelist.info",
659
+ config: adminPolicies("read")
660
+ },
661
+ {
662
+ method: "PUT",
663
+ path: "/whitelist/settings",
664
+ handler: "whitelist.updateSettings",
665
+ config: adminPolicies("update")
666
+ },
667
+ {
668
+ method: "GET",
669
+ path: "/settings/public",
670
+ handler: "whitelist.publicSettings",
671
+ config: { auth: false }
672
+ },
673
+ {
674
+ method: "PUT",
675
+ path: "/whitelist/sync",
676
+ handler: "whitelist.syncUsers",
677
+ config: adminPolicies("update")
678
+ },
679
+ {
680
+ method: "POST",
681
+ path: "/whitelist/import",
682
+ handler: "whitelist.importUsers",
683
+ config: adminPolicies("update")
684
+ },
685
+ {
686
+ method: "POST",
687
+ path: "/whitelist",
688
+ handler: "whitelist.register",
689
+ config: adminPolicies("update")
690
+ },
691
+ {
692
+ method: "DELETE",
693
+ path: "/whitelist/:id",
694
+ handler: "whitelist.removeEmail",
695
+ config: adminPolicies("update")
696
+ },
697
+ {
698
+ method: "DELETE",
699
+ path: "/whitelist",
700
+ handler: "whitelist.deleteAll",
701
+ config: adminPolicies("update")
702
+ }
703
+ ]
680
704
  },
681
- {
682
- method: "DELETE",
683
- path: "/whitelist/:id",
684
- handler: "whitelist.removeEmail",
685
- config: {
686
- policies: [
687
- "admin::isAuthenticatedAdmin",
688
- {
689
- name: "admin::hasPermissions",
690
- config: { actions: ["plugin::strapi-plugin-oidc.update"] }
691
- }
692
- ]
693
- }
705
+ // API-token-authenticated routes for programmatic whitelist management.
706
+ // Accessible at /strapi-plugin-oidc/... using a Strapi API token
707
+ // (full-access or custom) in the Authorization: Bearer <token> header.
708
+ "content-api": {
709
+ type: "content-api",
710
+ routes: [
711
+ {
712
+ method: "GET",
713
+ path: "/whitelist",
714
+ handler: "whitelist.info"
715
+ },
716
+ {
717
+ method: "POST",
718
+ path: "/whitelist",
719
+ handler: "whitelist.register"
720
+ },
721
+ {
722
+ method: "POST",
723
+ path: "/whitelist/import",
724
+ handler: "whitelist.importUsers"
725
+ },
726
+ {
727
+ method: "DELETE",
728
+ path: "/whitelist/:id",
729
+ handler: "whitelist.removeEmail"
730
+ },
731
+ {
732
+ method: "DELETE",
733
+ path: "/whitelist",
734
+ handler: "whitelist.deleteAll"
735
+ }
736
+ ]
694
737
  }
695
- ];
738
+ };
696
739
  const policies = {};
697
740
  function renderHtmlTemplate(title, content) {
698
741
  return `
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "strapi-plugin-oidc",
3
- "version": "1.3.2",
3
+ "version": "1.4.0",
4
4
  "description": "A Strapi plugin that provides OpenID Connect (OIDC) authentication functionality for the Strapi Admin Panel.",
5
5
  "strapi": {
6
6
  "displayName": "OIDC Plugin",
@@ -26,10 +26,17 @@
26
26
  },
27
27
  "keywords": [
28
28
  "strapi",
29
- "plugin",
29
+ "strapi-plugin",
30
+ "oidc",
30
31
  "oauth",
31
- "OIDC",
32
- "Zitadel"
32
+ "sso",
33
+ "authentication",
34
+ "keycloak",
35
+ "auth0",
36
+ "okta",
37
+ "azure-ad",
38
+ "authentik",
39
+ "authelia"
33
40
  ],
34
41
  "peerDependencies": {
35
42
  "@strapi/strapi": "^5.24.1",