UNPKG

@digicms/cms

Version:

An open source headless CMS solution to create and manage your own API. It provides a powerful dashboard and features to make your life easier. Databases supported: MySQL, MariaDB, PostgreSQL, SQLite

strapi.io

strapi/strapi

142 lines (107 loc) 3.65 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
'use strict'; const { has, toLower, castArray, trim, prop, isNil } = require('lodash/fp'); const { UnauthorizedError, ForbiddenError } = require('@strapi/utils').errors; const compose = require('koa-compose'); const { resolveRouteMiddlewares } = require('./middleware'); const { resolvePolicies } = require('./policy'); const getMethod = (route) => trim(toLower(route.method)); const getPath = (route) => trim(route.path); const createRouteInfoMiddleware = (routeInfo) => (ctx, next) => { const route = { ...routeInfo, config: routeInfo.config || {}, }; ctx.state.route = route; return next(); }; const getAuthConfig = prop('config.auth'); const createAuthorizeMiddleware = (strapi) => async (ctx, next) => { const { auth, route } = ctx.state; const authService = strapi.container.get('auth'); try { await authService.verify(auth, getAuthConfig(route)); return next(); } catch (error) { if (error instanceof UnauthorizedError) { return ctx.unauthorized(); } if (error instanceof ForbiddenError) { return ctx.forbidden(); } throw error; } }; const createAuthenticateMiddleware = (strapi) => async (ctx, next) => { return strapi.container.get('auth').authenticate(ctx, next); }; const returnBodyMiddleware = async (ctx, next) => { const values = await next(); if (isNil(ctx.body) && !isNil(values)) { ctx.body = values; } }; module.exports = (strapi) => { const authenticate = createAuthenticateMiddleware(strapi); const authorize = createAuthorizeMiddleware(strapi); return (route, { router }) => { try { const method = getMethod(route); const path = getPath(route); const middlewares = resolveRouteMiddlewares(route, strapi); const policies = resolvePolicies(route); const action = getAction(route, strapi); const routeHandler = compose([ createRouteInfoMiddleware(route), authenticate, authorize, ...policies, ...middlewares, returnBodyMiddleware, ...castArray(action), ]); router[method](path, routeHandler); } catch (error) { error.message = `Error creating endpoint ${route.method} ${route.path}: ${error.message}`; throw error; } }; }; const getController = (name, { pluginName, apiName }, strapi) => { let ctrl; if (pluginName) { if (pluginName === 'admin') { ctrl = strapi.controller(`admin::${name}`); } else { ctrl = strapi.plugin(pluginName).controller(name); } } else if (apiName) { ctrl = strapi.controller(`api::${apiName}.${name}`); } if (!ctrl) { return strapi.controller(name); } return ctrl; }; const extractHandlerParts = (name) => { const controllerName = name.slice(0, name.lastIndexOf('.')); const actionName = name.slice(name.lastIndexOf('.') + 1); return { controllerName, actionName }; }; const getAction = (route, strapi) => { const { handler, info = {} } = route; const { pluginName, apiName, type } = info; if (Array.isArray(handler) || typeof handler === 'function') { return handler; } const { controllerName, actionName } = extractHandlerParts(trim(handler)); const controller = getController(controllerName, { pluginName, apiName }, strapi); if (typeof controller[actionName] !== 'function') { throw new Error(`Handler not found "${handler}"`); } if (has(Symbol.for('__type__'), controller[actionName])) { controller[actionName][Symbol.for('__type__')].push(type); } else { controller[actionName][Symbol.for('__type__')] = [type]; } return controller[actionName].bind(controller); };