strapi/packages/plugins/users-permissions/server/config.js

'use strict';

module.exports = {
  default: ({ env }) => ({
    jwtSecret: env('JWT_SECRET'),
    jwt: {
      expiresIn: '30d',
    },
    ratelimit: {
      interval: 60000,
      max: 10,
    },
    layout: {
      user: {
        actions: {
          create: 'contentManagerUser.create', // Use the User plugin's controller.
          update: 'contentManagerUser.update',
        },
      },
    },
    callback: {
      validate(callback, provider) {
        let uCallback;
        let uProviderCallback;

        try {
          uCallback = new URL(callback);
          uProviderCallback = new URL(provider.callback);
        } catch {
          throw new Error('The callback is not a valid URL');
        }

        // Make sure the different origin matches
        if (uCallback.origin !== uProviderCallback.origin) {
          throw new Error(
            `Forbidden callback provided: origins don't match. Please verify your config.`
          );
        }

        // Make sure the different pathname matches
        if (uCallback.pathname !== uProviderCallback.pathname) {
          throw new Error(
            `Forbidden callback provided: pathname don't match. Please verify your config.`
          );
        }

        // NOTE: We're not checking the search parameters on purpose to allow passing different states
      },
    },
  }),
  validator() {},
};
WIP 2021-07-08 11:20:13 +02:00			`'use strict';`

			`module.exports = {`
add extension system for content-types 2021-08-13 15:35:19 +02:00			`default: ({ env }) => ({`
			`jwtSecret: env('JWT_SECRET'),`
			`jwt: {`
			`expiresIn: '30d',`
			`},`
			`ratelimit: {`
			`interval: 60000,`
			`max: 10,`
			`},`
migrate plugin structures to V4 2021-08-19 16:49:33 +02:00			`layout: {`
			`user: {`
			`actions: {`
Fix users-permissions user controllers permissions 2021-11-04 15:18:09 +01:00			`create: 'contentManagerUser.create', // Use the User plugin's controller.`
			`update: 'contentManagerUser.update',`
migrate plugin structures to V4 2021-08-19 16:49:33 +02:00			`},`
			`},`
			`},`
enhancement: add validation for custom U&P OAuth callbacks 2024-04-05 09:12:04 +02:00			`callback: {`
fix: update validation for custom U&P OAuth callbacks 2024-04-08 14:58:51 +02:00			`validate(callback, provider) {`
enhancement: improve callback URL validation 2024-04-17 16:24:18 +02:00			`let uCallback;`
			`let uProviderCallback;`

			`try {`
			`uCallback = new URL(callback);`
			`uProviderCallback = new URL(provider.callback);`
			`} catch {`
fix(cm): back button on ListSettingsView doesn't work (#20263) 2024-05-08 20:33:47 +08:00			`throw new Error('The callback is not a valid URL');`
enhancement: improve callback URL validation 2024-04-17 16:24:18 +02:00			`}`

fix: update validation for custom U&P OAuth callbacks 2024-04-08 14:58:51 +02:00			`// Make sure the different origin matches`
fix(cm): back button on ListSettingsView doesn't work (#20263) 2024-05-08 20:33:47 +08:00			`if (uCallback.origin !== uProviderCallback.origin) {`
enhancement: add validation for custom U&P OAuth callbacks 2024-04-05 09:12:04 +02:00			`throw new Error(`
fix: remove actual values from the validate callback errors 2024-04-11 14:39:28 +02:00			`Forbidden callback provided: origins don't match. Please verify your config.`
enhancement: add validation for custom U&P OAuth callbacks 2024-04-05 09:12:04 +02:00			`);`
			`}`
fix: update validation for custom U&P OAuth callbacks 2024-04-08 14:58:51 +02:00
			`// Make sure the different pathname matches`
fix(cm): back button on ListSettingsView doesn't work (#20263) 2024-05-08 20:33:47 +08:00			`if (uCallback.pathname !== uProviderCallback.pathname) {`
fix: update validation for custom U&P OAuth callbacks 2024-04-08 14:58:51 +02:00			`throw new Error(`
fix: remove actual values from the validate callback errors 2024-04-11 14:39:28 +02:00			`Forbidden callback provided: pathname don't match. Please verify your config.`
fix: update validation for custom U&P OAuth callbacks 2024-04-08 14:58:51 +02:00			`);`
			`}`

			`// NOTE: We're not checking the search parameters on purpose to allow passing different states`
fix(cm): back button on ListSettingsView doesn't work (#20263) 2024-05-08 20:33:47 +08:00			`},`
enhancement: add validation for custom U&P OAuth callbacks 2024-04-05 09:12:04 +02:00			`},`
add extension system for content-types 2021-08-13 15:35:19 +02:00			`}),`
Init migration v4 - Hooks registry - D&P CT migrations - i18N CT migrations - Umzug with js / sql migrations - Eslint updates 2021-09-13 12:03:12 +02:00			`validator() {},`
WIP 2021-07-08 11:20:13 +02:00			`};`