| 
									
										
										
										
											2021-09-16 14:36:54 +02:00
										 |  |  | 'use strict'; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-10-27 18:54:58 +02:00
										 |  |  | const { UnauthorizedError, ForbiddenError } = require('@strapi/utils').errors; | 
					
						
							| 
									
										
										
										
											2021-09-16 14:36:54 +02:00
										 |  |  | const constants = require('../services/constants'); | 
					
						
							|  |  |  | const { getService } = require('../utils'); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-10-11 09:49:35 +02:00
										 |  |  | const isReadScope = scope => scope.endsWith('find') || scope.endsWith('findOne'); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-11-15 17:54:17 +01:00
										 |  |  | const extractToken = ctx => { | 
					
						
							|  |  |  |   if (ctx.request && ctx.request.header && ctx.request.header.authorization) { | 
					
						
							|  |  |  |     const parts = ctx.request.header.authorization.split(/\s+/); | 
					
						
							| 
									
										
										
										
											2021-09-16 14:36:54 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-11-15 17:54:17 +01:00
										 |  |  |     if (parts[0].toLowerCase() !== 'bearer' || parts.length !== 2) { | 
					
						
							|  |  |  |       return null; | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     return parts[1]; | 
					
						
							|  |  |  |   } | 
					
						
							| 
									
										
										
										
											2021-09-16 14:36:54 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-11-15 17:54:17 +01:00
										 |  |  |   return null; | 
					
						
							|  |  |  | }; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /** @type {import('.').AuthenticateFunction} */ | 
					
						
							|  |  |  | const authenticate = async ctx => { | 
					
						
							|  |  |  |   const apiTokenService = getService('api-token'); | 
					
						
							|  |  |  |   const token = extractToken(ctx); | 
					
						
							| 
									
										
										
										
											2021-09-16 14:36:54 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-11-15 17:54:17 +01:00
										 |  |  |   if (!token) { | 
					
						
							| 
									
										
										
										
											2021-09-16 14:36:54 +02:00
										 |  |  |     return { authenticated: false }; | 
					
						
							|  |  |  |   } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   const apiToken = await apiTokenService.getBy({ | 
					
						
							|  |  |  |     accessKey: apiTokenService.hash(token), | 
					
						
							|  |  |  |   }); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   if (!apiToken) { | 
					
						
							|  |  |  |     return { authenticated: false }; | 
					
						
							|  |  |  |   } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   return { authenticated: true, credentials: apiToken }; | 
					
						
							|  |  |  | }; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /** @type {import('.').VerifyFunction} */ | 
					
						
							|  |  |  | const verify = (auth, config) => { | 
					
						
							|  |  |  |   const { credentials: apiToken } = auth; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   if (!apiToken) { | 
					
						
							| 
									
										
										
										
											2021-10-27 18:54:58 +02:00
										 |  |  |     throw new UnauthorizedError(); | 
					
						
							| 
									
										
										
										
											2021-09-16 14:36:54 +02:00
										 |  |  |   } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-09-17 14:07:39 +02:00
										 |  |  |   if (apiToken.type === constants.API_TOKEN_TYPE.FULL_ACCESS) { | 
					
						
							| 
									
										
										
										
											2021-09-16 14:36:54 +02:00
										 |  |  |     return; | 
					
						
							|  |  |  |   } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-09-17 14:07:39 +02:00
										 |  |  |   /** | 
					
						
							|  |  |  |    * If you don't have `full-access` you can only access `find` and `findOne` | 
					
						
							|  |  |  |    * scopes. If the route has no scope, then you can't get access to it. | 
					
						
							|  |  |  |    */ | 
					
						
							| 
									
										
										
										
											2021-10-11 09:49:35 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-12-21 22:37:43 +09:00
										 |  |  |   const scopes = Array.isArray(config.scope) ? config.scope : [config.scope]; | 
					
						
							|  |  |  |   if (config.scope && scopes.every(isReadScope)) { | 
					
						
							| 
									
										
										
										
											2021-09-16 14:36:54 +02:00
										 |  |  |     return; | 
					
						
							|  |  |  |   } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-10-27 18:54:58 +02:00
										 |  |  |   throw new ForbiddenError(); | 
					
						
							| 
									
										
										
										
											2021-09-16 14:36:54 +02:00
										 |  |  | }; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /** @type {import('.').AuthStrategy} */ | 
					
						
							|  |  |  | module.exports = { | 
					
						
							|  |  |  |   name: 'api-token', | 
					
						
							|  |  |  |   authenticate, | 
					
						
							|  |  |  |   verify, | 
					
						
							|  |  |  | }; |