strapi/lib/configuration/hooks/dashboard/policies/dashboardToken.js

'use strict';

/**
 * Policy used to check if the `dashboardToken` field is valid.
 *
 * @param next
 */

module.exports = function * (next) {
  // Format dashboardToken variables.
  const dashboardTokenParam = this.header.dashboardtoken;
  const dashboardTokenConfig = strapi.config.dashboard && strapi.config.dashboard.token;

  // Check dashboardToken for security purposes.
  if (!dashboardTokenParam || !dashboardTokenConfig || dashboardTokenParam !== dashboardTokenConfig) {
    this.status = 401;
    this.body = {
      message: 'dashboardToken parameter is invalid.'
    };
  } else {
    // Delete `dashboardToken` field.
    delete this.request.query.dashboardToken;
    delete this.request.body.dashboardToken;

    yield next;
  }
};
Dashboard token and config 2015-10-30 14:36:19 +01:00			`'use strict';`

			`/**`
			* Policy used to check if the `dashboardToken` field is valid.
			`*`
			`* @param next`
			`*/`

			`module.exports = function * (next) {`
			`// Format dashboardToken variables.`
DashboardToken used in headers 2015-11-03 18:46:30 +01:00			`const dashboardTokenParam = this.header.dashboardtoken;`
Dashboard token and config 2015-10-30 14:36:19 +01:00			`const dashboardTokenConfig = strapi.config.dashboard && strapi.config.dashboard.token;`

			`// Check dashboardToken for security purposes.`
			`if (!dashboardTokenParam \|\| !dashboardTokenConfig \|\| dashboardTokenParam !== dashboardTokenConfig) {`
			`this.status = 401;`
			`this.body = {`
			`message: 'dashboardToken parameter is invalid.'`
			`};`
			`} else {`
Delete dashboardToken field 2015-10-30 16:21:53 +01:00			// Delete `dashboardToken` field.
			`delete this.request.query.dashboardToken;`
			`delete this.request.body.dashboardToken;`

Dashboard token and config 2015-10-30 14:36:19 +01:00			`yield next;`
			`}`
			`};`