yujunjun/strapi
1
0
Fork 0
mirror of https://github.com/strapi/strapi.git synced 2025-12-27 23:24:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

Move website to MkDocs

Browse Source
This commit is contained in:
loicsaintroch 2016-04-04 21:51:00 +02:00
parent a7fec849bb
commit 5a580dd6d1
80 changed files with 2166 additions and 1450 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
.gitignore vendored
View File

@ -100,3 +100,10 @@ node_modules
testApp
coverage
############################
# Builds
############################
packages/strapi-generate-new/files/public/

3
Makefile
View File

@ -9,3 +9,6 @@ lint:
test: lint
./scripts/test.sh
docs:
mkdocs build --clean

47
README.md
View File

@ -7,13 +7,11 @@
## Why Strapi ?
At [Wistity](http://wistity.co), everything we do we believe in changing the status quo of web development.
> At [Wistity](http://wistity.co), everything we do we believe in changing the status quo of web development. Our products are simple to use, user friendly and production-ready.
The way we challenge the status quo of web development is by making our products simple to use, user friendly and production-ready.
Web and mobile applications needed a powerful, simple to use and production-ready API-driven framework. That's why we created Strapi, an open-source [Node.js](https://nodejs.org/) rich framework for building applications and services.
To reach our goals, we needed to create [Strapi](http://strapi.io/), an open-source [Node.js](https://nodejs.org/) rich framework for building applications and services.
[Strapi](http://strapi.io/) enables developers to focus on writing reusable application logic instead of spending time building infrastructure. It is designed for building practical, production-ready Node.js applications in a matter of hours instead of weeks.
Strapi enables developers to focus on writing reusable application logic instead of spending time building infrastructure. It is designed for building practical, production-ready Node.js applications in a matter of hours instead of weeks.
## Features
@ -30,7 +28,7 @@ To reach our goals, we needed to create [Strapi](http://strapi.io/), an open-sou
- **Elegant SQL ORM** featuring relations, lifecycle events, etc.
- **NoSQL support** if you need to plug specific data layers.
Convinced? [Get started!](./docs/)
Convinced? [Get started!](http://strapi.io/)
## Support
@ -46,32 +44,27 @@ Also, you can follow and ping the Strapi team on [Twitter](https://twitter.com/s
### Professional support
[Wistity](http://wistity.co), the company behind Strapi, provides a full range of solutions to get better results, faster. We're always looking for the next challenge: coaching, consulting, training, certifications, customization, etc. [Drop us an email](mailto:support@wistity.co) or [schedule a meeting](https://calendly.com/wistityhq/) to see how we can help you.
[Wistity](http://wistity.co), the company behind Strapi, provides a full range of solutions to get better results, faster. We're always looking for the next challenge: coaching, consulting, training, certifications, customization, etc. [Drop us an email](mailto:support@wistity.co) to see how we can help you.
## Badge board
| Package | Version | Dependencies |
|---------|---------|--------------|
| [strapi](https://github.com/wistityhq/strapi/tree/master/packages/strapi) | [![npm version](https://img.shields.io/npm/v/strapi.svg)](https://www.npmjs.org/package/strapi) | [![npm dependencies](https://david-dm.org/wistityhq/strapi.svg)](https://david-dm.org/wistityhq/strapi) |
| [strapi-bookshelf](https://github.com/wistityhq/strapi/tree/master/packages/strapi-bookshelf) | [![npm version](https://img.shields.io/npm/v/strapi-bookshelf.svg)](https://www.npmjs.org/package/strapi-bookshelf) | [![npm dependencies](https://david-dm.org/wistityhq/strapi-bookshelf.svg)](https://david-dm.org/wistityhq/strapi-bookshelf) |
| [strapi-cli](https://github.com/wistityhq/strapi/tree/master/packages/strapi-cli) | [![npm version](https://img.shields.io/npm/v/strapi-cli.svg)](https://www.npmjs.org/package/strapi-cli) | [![npm dependencies](https://david-dm.org/wistityhq/strapi-cli.svg)](https://david-dm.org/wistityhq/strapi-cli) |
| [strapi-generate](https://github.com/wistityhq/strapi/tree/master/packages/strapi-generate) | [![npm version](https://img.shields.io/npm/v/strapi-generate.svg)](https://www.npmjs.org/package/strapi-generate) | [![npm dependencies](https://david-dm.org/wistityhq/strapi-generate.svg)](https://david-dm.org/wistityhq/strapi-generate) |
| [strapi-generate-api](https://github.com/wistityhq/strapi/tree/master/packages/strapi-generate-api) | [![npm version](https://img.shields.io/npm/v/strapi-generate-api.svg)](https://www.npmjs.org/package/strapi-generate-api) | [![npm dependencies](https://david-dm.org/wistityhq/strapi-generate-api.svg)](https://david-dm.org/wistityhq/strapi-generate-api) |
| [strapi-generate-controller](https://github.com/wistityhq/strapi/tree/master/packages/strapi-generate-controller) | [![npm version](https://img.shields.io/npm/v/strapi-generate-controller.svg)](https://www.npmjs.org/package/strapi-generate-controller) | [![npm dependencies](https://david-dm.org/wistityhq/strapi-generate-controller.svg)](https://david-dm.org/wistityhq/strapi-generate-controller) |
| [strapi-generate-generator](https://github.com/wistityhq/strapi/tree/master/packages/strapi-generate-generator) | [![npm version](https://img.shields.io/npm/v/strapi-generate-generator.svg)](https://www.npmjs.org/package/strapi-generate-generator) | [![npm dependencies](https://david-dm.org/wistityhq/strapi-generate-generator.svg)](https://david-dm.org/wistityhq/strapi-generate-generator) |
| [strapi-generate-hook](https://github.com/wistityhq/strapi/tree/master/packages/strapi-generate-hook) | [![npm version](https://img.shields.io/npm/v/strapi-generate-hook.svg)](https://www.npmjs.org/package/strapi-generate-hook) | [![npm dependencies](https://david-dm.org/wistityhq/strapi-generate-hook.svg)](https://david-dm.org/wistityhq/strapi-generate-hook) |
| [strapi-generate-migrations](https://github.com/wistityhq/strapi/tree/master/packages/strapi-generate-migrations) | [![npm version](https://img.shields.io/npm/v/strapi-generate-migrations.svg)](https://www.npmjs.org/package/strapi-generate-migrations) | [![npm dependencies](https://david-dm.org/wistityhq/strapi-generate-migrations.svg)](https://david-dm.org/wistityhq/strapi-generate-migrations) |
| [strapi-generate-model](https://github.com/wistityhq/strapi/tree/master/packages/strapi-generate-model) | [![npm version](https://img.shields.io/npm/v/strapi-generate-model.svg)](https://www.npmjs.org/package/strapi-generate-model) | [![npm dependencies](https://david-dm.org/wistityhq/strapi-generate-model.svg)](https://david-dm.org/wistityhq/strapi-generate-model) |
| [strapi-generate-new](https://github.com/wistityhq/strapi/tree/master/packages/strapi-generate-new) | [![npm version](https://img.shields.io/npm/v/strapi-generate-new.svg)](https://www.npmjs.org/package/strapi-generate-new) | [![npm dependencies](https://david-dm.org/wistityhq/strapi-generate-new.svg)](https://david-dm.org/wistityhq/strapi-generate-new) |
| [strapi-generate-policy](https://github.com/wistityhq/strapi/tree/master/packages/strapi-generate-policy) | [![npm version](https://img.shields.io/npm/v/strapi-generate-policy.svg)](https://www.npmjs.org/package/strapi-generate-policy) | [![npm dependencies](https://david-dm.org/wistityhq/strapi-generate-policy.svg)](https://david-dm.org/wistityhq/strapi-generate-policy) |
| [strapi-generate-service](https://github.com/wistityhq/strapi/tree/master/packages/strapi-generate-service) | [![npm version](https://img.shields.io/npm/v/strapi-generate-service.svg)](https://www.npmjs.org/package/strapi-generate-service) | [![npm dependencies](https://david-dm.org/wistityhq/strapi-generate-service.svg)](https://david-dm.org/wistityhq/strapi-generate-service) |
| [strapi-knex](https://github.com/wistityhq/strapi/tree/master/packages/strapi-knex) | [![npm version](https://img.shields.io/npm/v/strapi-knex.svg)](https://www.npmjs.org/package/strapi-knex) | [![npm dependencies](https://david-dm.org/wistityhq/strapi-knex.svg)](https://david-dm.org/wistityhq/strapi-knex) |
| [strapi-utils](https://github.com/wistityhq/strapi/tree/master/packages/strapi-utils) | [![npm version](https://img.shields.io/npm/v/strapi-utils.svg)](https://www.npmjs.org/package/strapi-utils) | [![npm dependencies](https://david-dm.org/wistityhq/strapi-utils.svg)](https://david-dm.org/wistityhq/strapi-utils) |
## Resources
- [Documentation](./docs)
- [Legal info](./info)
| [strapi](./packages/strapi) | [![npm version](https://img.shields.io/npm/v/strapi.svg)](https://www.npmjs.org/package/strapi) | [![npm dependencies](https://david-dm.org/wistityhq/strapi.svg)](https://david-dm.org/wistityhq/strapi) |
| [strapi-bookshelf](./packages/strapi-bookshelf) | [![npm version](https://img.shields.io/npm/v/strapi-bookshelf.svg)](https://www.npmjs.org/package/strapi-bookshelf) | [![npm dependencies](https://david-dm.org/wistityhq/strapi-bookshelf.svg)](https://david-dm.org/wistityhq/strapi-bookshelf) |
| [strapi-cli](./packages/strapi-cli) | [![npm version](https://img.shields.io/npm/v/strapi-cli.svg)](https://www.npmjs.org/package/strapi-cli) | [![npm dependencies](https://david-dm.org/wistityhq/strapi-cli.svg)](https://david-dm.org/wistityhq/strapi-cli) |
| [strapi-generate](./packages/strapi-generate) | [![npm version](https://img.shields.io/npm/v/strapi-generate.svg)](https://www.npmjs.org/package/strapi-generate) | [![npm dependencies](https://david-dm.org/wistityhq/strapi-generate.svg)](https://david-dm.org/wistityhq/strapi-generate) |
| [strapi-generate-api](./packages/strapi-generate-api) | [![npm version](https://img.shields.io/npm/v/strapi-generate-api.svg)](https://www.npmjs.org/package/strapi-generate-api) | [![npm dependencies](https://david-dm.org/wistityhq/strapi-generate-api.svg)](https://david-dm.org/wistityhq/strapi-generate-api) |
| [strapi-generate-controller](./packages/strapi-generate-controller) | [![npm version](https://img.shields.io/npm/v/strapi-generate-controller.svg)](https://www.npmjs.org/package/strapi-generate-controller) | [![npm dependencies](https://david-dm.org/wistityhq/strapi-generate-controller.svg)](https://david-dm.org/wistityhq/strapi-generate-controller) |
| [strapi-generate-generator](./packages/strapi-generate-generator) | [![npm version](https://img.shields.io/npm/v/strapi-generate-generator.svg)](https://www.npmjs.org/package/strapi-generate-generator) | [![npm dependencies](https://david-dm.org/wistityhq/strapi-generate-generator.svg)](https://david-dm.org/wistityhq/strapi-generate-generator) |
| [strapi-generate-hook](./packages/strapi-generate-hook) | [![npm version](https://img.shields.io/npm/v/strapi-generate-hook.svg)](https://www.npmjs.org/package/strapi-generate-hook) | [![npm dependencies](https://david-dm.org/wistityhq/strapi-generate-hook.svg)](https://david-dm.org/wistityhq/strapi-generate-hook) |
| [strapi-generate-migrations](./packages/strapi-generate-migrations) | [![npm version](https://img.shields.io/npm/v/strapi-generate-migrations.svg)](https://www.npmjs.org/package/strapi-generate-migrations) | [![npm dependencies](https://david-dm.org/wistityhq/strapi-generate-migrations.svg)](https://david-dm.org/wistityhq/strapi-generate-migrations) |
| [strapi-generate-model](./packages/strapi-generate-model) | [![npm version](https://img.shields.io/npm/v/strapi-generate-model.svg)](https://www.npmjs.org/package/strapi-generate-model) | [![npm dependencies](https://david-dm.org/wistityhq/strapi-generate-model.svg)](https://david-dm.org/wistityhq/strapi-generate-model) |
| [strapi-generate-new](./packages/strapi-generate-new) | [![npm version](https://img.shields.io/npm/v/strapi-generate-new.svg)](https://www.npmjs.org/package/strapi-generate-new) | [![npm dependencies](https://david-dm.org/wistityhq/strapi-generate-new.svg)](https://david-dm.org/wistityhq/strapi-generate-new) |
| [strapi-generate-policy](./packages/strapi-generate-policy) | [![npm version](https://img.shields.io/npm/v/strapi-generate-policy.svg)](https://www.npmjs.org/package/strapi-generate-policy) | [![npm dependencies](https://david-dm.org/wistityhq/strapi-generate-policy.svg)](https://david-dm.org/wistityhq/strapi-generate-policy) |
| [strapi-generate-service](./packages/strapi-generate-service) | [![npm version](https://img.shields.io/npm/v/strapi-generate-service.svg)](https://www.npmjs.org/package/strapi-generate-service) | [![npm dependencies](https://david-dm.org/wistityhq/strapi-generate-service.svg)](https://david-dm.org/wistityhq/strapi-generate-service) |
| [strapi-knex](./packages/strapi-knex) | [![npm version](https://img.shields.io/npm/v/strapi-knex.svg)](https://www.npmjs.org/package/strapi-knex) | [![npm dependencies](https://david-dm.org/wistityhq/strapi-knex.svg)](https://david-dm.org/wistityhq/strapi-knex) |
| [strapi-utils](./packages/strapi-utils) | [![npm version](https://img.shields.io/npm/v/strapi-utils.svg)](https://www.npmjs.org/package/strapi-utils) | [![npm dependencies](https://david-dm.org/wistityhq/strapi-utils.svg)](https://david-dm.org/wistityhq/strapi-utils) |
## Links

73
docs/README.md
View File

@ -1,73 +0,0 @@
# The Strapi documentation
Prepared by the Strapi team and actively maintained by the contributors, this is the Strapi bible. It is the reference for any user of the platform, who will typically want to keep it close at hand.
## Summary
### Get started
- Installation
- [Install Node.js](./start/install-nodejs.md)
- [Install Strapi](./start/install-strapi.md)
- Your first application
- [Create an application](./start/creation.md)
- [Anatomy](./start/anatomy.md)
- [Configuration](./start/configuration.md)
- [Generate an API](./start/api.md)
- [Enter the REPL](./start/repl.md)
### Documentation
- The basics
- [Router](./basics/router.md)
- [Context](./basics/context.md)
- [Request](./basics/request.md)
- [Response](./basics/response.md)
- [Databases](./basics/databases.md)
- [Views](./basics/views.md)
- Features
- [Authentication](./features/authentication.md)
- [GraphQL](./features/graphql.md)
- [JSON API](./features/jsonapi.md)
- [WebSockets](./features/websockets.md)
- [Internationalization](./features/internationalization.md)
- [Scheduled tasks](./features/cron.md)
- [Services](./features/services.md)
- [Sessions](./features/sessions.md)
- Configuration
- [Body parser](./configuration/bodyParser.md)
- [Favicon](./configuration/favicon.md)
- [Gzip](./configuration/gzip.md)
- [Logging](./configuration/logging.md)
- [Response-time](./configuration/responseTime.md)
- [Public assets](./configuration/static.md)
- Security
- [Policies](./security/policies.md)
- [CORS](./security/cors.md)
- [CSRF](./security/csrf.md)
- [CSP](./security/csp.md)
- [HSTS](./security/hsts.md)
- [P3P](./security/p3p.md)
- [X-XSS-Protection](./security/xss.md)
- [X-Frame](./security/xframe.md)
- [Proxy](./security/proxy.md)
- [IP filtering](./security/ip.md)
- [SSL](./security/ssl.md)
- SQL databases
- [Models](./sql/models.md)
- [Migrations](./sql/migrations.md)
- [Query builder](./sql/queries.md)
- [Raw](./sql/raw.md)
- [Interfaces](./sql/interfaces.md)
- [SQL ORM](./sql/orm.md)
- Advanced usage
- [Lifecycle events](./advanced/events.md)
- [Error handling](./advanced/errors.md)
- [Custom generators](./advanced/generators.md)
- [Custom hooks](./advanced/hooks.md)

44
docs/configuration/bodyParser.md
View File

@ -1,44 +0,0 @@
---
title: Body parser
---
The "body parser" extracts the entire body portion of an incoming request stream and exposes it as something easier to interface with. It will most likely do what you want and save you the trouble.
## Configuration
Configuration:
- Key: `parser`
- Environment: `development`
- Location: `./config/environments/development/server.json`
- Type: `object`
Example:
```js
{
"parser": {
"encode": "utf-8",
"formLimit": "56kb",
"jsonLimit": "1mb",
"strict": true,
"extendTypes": {
"json": [
"application/x-javascript"
]
}
}
}
```
Options:
- `encode` (string): Requested encoding.
- `formLimit` (string): Limit of the urlencoded body. If the body ends up being larger than this limit, a 413 error code is returned.
- `jsonLimit` (string): Limit of the JSON body.
- `strict` (boolean): When set to `true`, JSON parser will only accept arrays and objects.
- `extendTypes` (array): Support extend types.
Notes:
- Set to `false` to disable the body parser (not recommended).

34
docs/configuration/favicon.md
View File

@ -1,34 +0,0 @@
---
title: Favicon
---
A favicon is a file containing one small icon, most commonly 16×16 pixels, for your website.
## Configuration
Configuration:
- Key: `favicon`
- Environment: all
- Location: `./config/general.json`
- Type: `object`
Example:
```js
{
"favicon": {
"path": "favicon.ico",
"maxAge": 86400000
}
}
```
Options:
- `path` (string): Relative path for the favicon to use from the application root directory.
- `maxAge` (integer): Cache-control max-age directive. Set to pass the cache-control in ms.
Notes:
- Set to `false` to disable the favicon feature.

30
docs/configuration/gzip.md
View File

@ -1,30 +0,0 @@
---
title: Gzip
---
Compression is a simple, effective way to save bandwidth and speed up your site.
Gzip performs best on text-based assets: CSS, JavaScript, HTML. All modern browsers support Gzip compression and will automatically request it.
The best part is that enabling Gzip is one of the simplest and highest payoff optimizations to implement-- sadly, many people still forget to implement it.
## Configuration
Configuration:
- Key: `gzip`
- Environment: `development`
- Location: `./config/environments/development/server.json`
- Type: `boolean`
Example:
```js
{
"gzip": true
}
```
Notes:
- Set to `false` to disable Gzip compression.

115
docs/configuration/logging.md
View File

@ -1,115 +0,0 @@
---
title: Logging
---
Strapi comes with a simple and useful built-in logger. Its usage is purposely very similar to `console.log()`, but with a handful of extra features; namely support for multiple log levels with colorized, prefixed console output.
## Configuration
Configuration:
- Key: `logger`
- Environment: `development`
- Location: `./config/environments/development/server.json`
- Type: `boolean`
Example:
```js
{
"logger": true
}
```
Notes:
- Set to `false` to disable the lifecyle and request logs.
## Usage
The logger is accessible through the `strapi` object directly with `strapi.log`.
You can work with this logger in the same way that you work with the default logger:
```js
strapi.log.info('Logs work!');
```
### Logging with Metadata
In addition to logging string messages, the logger will also optionally log additional JSON metadata objects. Adding metadata is simple:
```js
strapi.log.info('Test log message', {
anything: 'This is metadata'
});
```
### String interpolation
The log method provides the same string interpolation methods like `util.format`.
This allows for the following log messages.
```js
strapi.log.info('test message %s', 'my string');
// => info: test message my string
```
```js
strapi.log.info('test message %d', 123);
// => info: test message 123
```
```js
strapi.log.info('test message %j', {
number: 123
}, {});
// => info: test message {"number":123}
// => meta = {}
```
```js
strapi.log.info('test message %s, %s', 'first', 'second', {
number: 123
});
// => info: test message first, second
// => meta = {number: 123}
```
```js
strapi.log.info('test message', 'first', 'second', {
number: 123
});
// => info: test message first second
// => meta = {number: 123}
```
```js
strapi.log.info('test message %s, %s', 'first', 'second', {
number: 123
}, function() {});
// => info: test message first, second
// => meta = {number: 123}
// => callback = function() {}
```
```js
strapi.log.info('test message', 'first', 'second', {
number: 123
}, function() {});
// => info: test message first second
// => meta = {number: 123}
// => callback = function() {}
```
### Logging levels
Setting the level for your logging message can be accomplished by using the level specified methods defined.
```js
strapi.log.debug('This is a debug log');
strapi.log.info('This is an info log');
strapi.log.warn('This is a warning log');
strapi.log.error('This is an error log');
```

26
docs/configuration/responseTime.md
View File

@ -1,26 +0,0 @@
---
title: Response time
---
The `X-Response-Time` header records the response time for requests in HTTP servers. The response time is defined here as the elapsed time from when a request enters the application to when the headers are written out to the client.
## Configuration
Configuration:
- Key: `responseTime`
- Environment: `development`
- Location: `./config/environments/development/server.json`
- Type: `boolean`
Example:
```js
{
"responseTime": true
}
```
Notes:
- Set to `false` to disable the response time header.

30
docs/configuration/static.md
View File

@ -1,30 +0,0 @@
---
title: Public assets
---
Strapi is compatible with any front-end strategy; whether it's Angular, Backbone, Ember, iOS, Android, Windows Phone, or something else that hasn't been invented yet.
## Configuration
Configuration:
- Key: `static`
- Environment: all
- Location: `./config/general.json`
- Type: `boolean`
Example:
```js
{
"static": true
}
```
Notes:
- Set to `false` to disable the public assets.
## Usage
Public assets refer to static files on your server that you want to make accessible to the outside world. In Strapi, these files are placed in the `./public` directory.

55
docs/security/cors.md
View File

@ -1,55 +0,0 @@
---
title: CORS
---
Cross-Origin Resource Sharing (CORS) is a mechanism that allows restricted resources (e.g. fonts, JavaScript, etc.) on a web page to be requested from another domain outside the domain from which the resource originated.
## Configuration
Configuration:
- Key: `cors`
- Environment: `development`
- Location: `./config/environments/development/security.json`
- Type: `object`
Example:
```js
{
"cors": {
"origin": true,
"expose": [
"WWW-Authenticate",
"Server-Authorization"
],
"maxAge": 31536000,
"credentials": true,
"methods": [
"GET",
"POST",
"PUT",
"DELETE",
"OPTIONS",
"HEAD"
],
"headers": [
"Content-Type",
"Authorization"
]
}
}
```
Options:
- `origin` (string|boolean): Configures the `Access-Control-Allow-Origin` CORS header. Expects a string (ex: `http://example.com`) or a boolean. Set to `true` to reflect the request origin, as defined by `req.header('Origin')`. Set to `false` to disable CORS.
- `expose` (array): Configures the `Access-Control-Expose-Headers` CORS header. Set this to pass the header, otherwise it is omitted.
- `maxAge` (integer): Configures the `Access-Control-Max-Age` CORS header. Set to an integer to pass the header, otherwise it is omitted.
- `credentials` (boolean): Configures the `Access-Control-Allow-Credentials` CORS header. Set to `true` to pass the header, otherwise it is omitted.
- `methods` (array): Configures the `Access-Control-Allow-Methods` CORS header.
- `headers` (array): Configures the `Access-Control-Allow-Headers` CORS header. If not specified, defaults to reflecting the headers specified in the request's `Access-Control-Request-Headers` header.
Notes:
- Set to `false` to disable CORS.

40
docs/security/csp.md
View File

@ -1,40 +0,0 @@
---
title: CSP headers
---
Content Security Policy (CSP) is a W3C specification for instructing the client browser as to which location and/or which type of resources are allowed to be loaded.
This spec uses "directives" to define a loading behaviors for target resource types. Directives can be specified using HTTP response headers or or HTML Meta tags.
## Configuration
Configuration:
- Key: `csp`
- Environment: `development`
- Location: `./config/environments/development/security.json`
- Type: `object`
Example:
```js
{
"csp": {
"policy": {
"default-src": "self",
"img-src": "*"
}
}
}
```
Options:
- `policy` (object): Object definition of policy.
- `reportOnly` (boolean): Enable report only mode.
- `reportUri` (string): URI where to send the report data.
Notes:
- Set to `false` to disable CSP headers.
- See the [MDN CSP usage page](https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Using_Content_Security_Policy) for more information on available policy options.

35
docs/security/csrf.md
View File

@ -1,35 +0,0 @@
---
title: CSRF
---
Cross Site Request Forgery (CSRF) is a type of attack which forces an end user to execute unwanted actions on a web application backend with which he/she is currently authenticated.
Strapi bundles optional CSRF protection out of the box.
## Configuration
Configuration:
- Key: `csrf`
- Environment: `development`
- Location: `./config/environments/development/security.json`
- Type: `object`
```js
{
"csrf": {
"key": "_csrf",
"secret": "_csrfSecret"
}
}
```
Options:
- `key` (string): The name of the CSRF token added to the model. Defaults to `_csrf`.
- `secret` (string): The key to place on the session object which maps to the server side token. Defaults to `_csrfSecret`.
Notes:
- Set to `false` to disable CSRF headers.
- If you have existing code that communicates with your Strapi backend via `POST`, `PUT`, or `DELETE` requests, you'll need to acquire a CSRF token and include it as a parameter or header in those requests.

36
docs/security/hsts.md
View File

@ -1,36 +0,0 @@
---
title: HSTS
---
Enables HTTP Strict Transport Security for the host domain.
The preload flag is required for HSTS domain submissions to Chrome's HSTS preload list.
## Configuration
Configuration:
- Key: `hsts`
- Environment: `development`
- Location: `./config/environments/development/security.json`
- Type: `object`
Example:
```js
{
"hsts": {
"maxAge": 31536000,
"includeSubDomains": true
}
}
```
Options:
- `maxAge` (integer): Number of seconds HSTS is in effect.
- `includeSubDomains` (boolean): Applies HSTS to all subdomains of the host.
Notes:
- Set to `false` to disable HSTS.

41
docs/security/ip.md
View File

@ -1,41 +0,0 @@
---
title: IP filtering
---
The IP filter configuration allows you to whitelist or blacklist specific or range IP addresses.
The blacklisted IP addresses won't have access to your web application at all.
## Configuration
Configuration:
- Key: `ip`
- Environment: `development`
- Location: `./config/environments/development/security.json`
- Type: `object`
Example:
```js
{
"ip": {
"whiteList": [
"192.168.0.*",
"8.8.8.[0-3]"
],
"blackList": [
"144.144.*"
]
}
}
```
Options:
- `whiteList` (array): IP addresses allowed.
- `blackList` (array): IP addresses forbidden.
Notes:
- Set to `false` to disable IP filter.

27
docs/security/p3p.md
View File

@ -1,27 +0,0 @@
---
title: P3P
---
Platform for Privacy Preferences (P3P) is a browser/web standard designed to facilitate better consumer web privacy control. Currently out of all the major browsers, it is only supported by Internet Explorer. It comes into play most often when dealing with legacy applications.
## Configuration
Configuration:
- Key: `p3p`
- Environment: `development`
- Location: `./config/environments/development/security.json`
- Type: `string`
Example:
```js
{
"p3p": "ABCDEF"
}
```
Notes:
- The string is the value of the compact privacy policy.
- Set to `false` to disable P3P.

29
docs/security/proxy.md
View File

@ -1,29 +0,0 @@
---
title: Proxy
---
A proxy server is a server that acts as an intermediary for requests from clients seeking resources from other servers.
Request your server, fetch the proxy URL you typed and return.
## Configuration
Configuration:
- Key: `proxy`
- Environment: `development`
- Location: `./config/environments/development/security.json`
- Type: `string`
Example:
```js
{
"proxy": "http://mycdn.com"
}
```
Notes:
- The string will fetch the host and return. For example, when you request `http://localhost:1337/users`, it will fetch `http://mycdn.com/users` and return.
- Set to `false` to disable the proxy security.

36
docs/security/ssl.md
View File

@ -1,36 +0,0 @@
---
title: SSL
---
Secure Sockets Layer (SSL), is a cryptographic protocol designed to provide communications security over a computer network.
This configuration enforce SSL for your application.
## Configuration
Configuration:
- Key: `ssl`
- Environment: `development`
- Location: `./config/environments/development/security.json`
- Type: `object`
Example:
```js
{
"ssl": {
"disabled": false,
"trustProxy": true
}
}
```
Options:
- `disabled` (boolean): If `true`, this middleware will allow all requests through.
- `trustProxy` (boolean): If `true`, trust the `X-Forwarded-Proto` header.
Notes:
- Set to `false` to disable SSL.

27
docs/security/xframe.md
View File

@ -1,27 +0,0 @@
---
title: X-Frame
---
Enables `X-Frame-Options` headers to help prevent Clickjacking.
## Configuration
Configuration:
- Key: `xframe`
- Environment: `development`
- Location: `./config/environments/development/security.json`
- Type: `string`
Example:
```js
{
"xframe": "SAMEORIGIN"
}
```
Notes:
- The string is the value for the header: `DENY`, `SAMEORIGIN` or `ALLOW-FROM`.
- Set to `false` to disable X-Frame-Options headers.

36
docs/security/xss.md
View File

@ -1,36 +0,0 @@
---
title: X-XSS
---
Cross-site scripting (XSS) is a type of attack in which a malicious agent manages to inject client-side JavaScript into your website, so that it runs in the trusted environment of your users' browsers.
Enables `X-XSS-Protection` headers to help prevent cross site scripting (XSS) attacks in older IE browsers (IE8).
## Configuration
Configuration:
- Key: `xssProtection`
- Environment: `development`
- Location: `./config/environments/development/security.json`
- Type: `object`
Example:
```js
{
"xssProtection": {
"enabled": true,
"mode": "block"
}
}
```
Options:
- `enabled` (boolean): If the header is enabled or not.
- `mode` (string): Mode to set on the header.
Notes:
- Set to `false` to disable HTTP Strict Transport Security.

78
docs/sql/raw.md
View File

@ -1,78 +0,0 @@
---
title: Raw
---
Sometimes you may need to use a raw expression in a query. Raw query object may be injected pretty much anywhere you want, and using proper bindings can ensure your values are escaped properly, preventing SQL-injection attacks.
> In this document we assume the `connection` is one of the `connections` set in your config.
```js
const connection = strapi.connections.default;
```
## Raw Parameter Binding
One can parameterize SQL given to `connection.raw(sql, bindings)`. Parameters can be positional named. One can also choose if parameter should be treated as value or as SQL identifier e.g. in case of `TableName.ColumnName` reference.
```js
connection('users')
.select(connection.raw('count(*) as user_count, status'))
.where(connection.raw(1))
.orWhere(connection.raw('status <> ?', [1]))
.groupBy('status')
```
Positional bindings `?` is interpret as value and `??` as identifier:
```js
connection('users').where(connection.raw('?? = ?', ['user.name', 1]))
```
Named bindings `:name` is interpret as value and `:name:` as identifier:
```js
connection('users')
.where(connection.raw(':name: = :thisGuy or :name: = :otherGuy', {
name: 'users.name',
thisGuy: 'Bob',
otherGuy: 'Jay'
}))
```
For simpler queries where one only has a single binding, `.raw` can accept said binding as its second parameter :
```js
connection('users')
.where(
connection.raw('LOWER("login") = ?', 'strapi')
)
.orWhere(
connection.raw('accesslevel = ?', 1)
)
.orWhere(
connection.raw('updtime = ?', new Date())
)
```
Note that due to ambiguity, arrays must be passed as arguments within a containing array :
```js
connection.raw('select * from users where id in (?)', [[1, 2, 3]])
```
To prevent replacement of `?` one can use escape sequence `\\?`.
```js
connection.select('*').from('users').where('id', '=', 1).whereRaw('?? \\? ?', ['jsonColumn', 'jsonKey'])
```
## Raw expressions
Raw expressions are created by using `connection.raw(sql, [bindings])` and passing this as a value for any value in the query chain.
```js
connection('users')
.select(connection.raw('count(*) as user_count, status'))
.where(connection.raw(1))
.orWhere(connection.raw('status <> ?', [1]))
.groupBy('status')
```

41
docs/start/anatomy.md
View File

@ -1,41 +0,0 @@
---
title: Anatomy
---
Now that you have the generated directory let's see what we have.
## APIs
The `./api` directory contains the vast majority of your app's back-end logic. It is home to the "M" and "C" in [MVC Framework](http://en.wikipedia.org/wiki/Model%E2%80%93view%E2%80%93controller).
Every API is composed of:
- Routes of the API and config that can be different for each environment.
- Controllers contain most of the back-end logic for your API.
- Models are the structures that contain data for your API.
- Policies are typically used to authenticate clients and restrict access to certain parts of your API.
- Services are similar to controller actions. They contain logic that used by your API that doesn't necessarily rely on the requests and the responses.
## Configuration
The `./config` directory is full of config that will allow you to customize and configure your application.
In `./config/locales` is where you can add translations as JSON key-value pairs. The name of the file should match the language that you are supporting, which allows for automatic language detection based on request headers.
The `./config/environments` directory contains various environment settings such as API keys or remote database passwords. The environment directory used is determined by the environment Strapi is going to be running in.
The `./config/functions` directory contains lifecycle functions for your application such as CRON tasks and bootstrap jobs.
## Data info
The `./data` directory contains all the migration files for every connection and your database index if you're using SQLite.
## Public assets
The `./public` directory houses all of the static files that your application will need to host.
## Views
The `./views` directory holds all of your custom views for template engines like EJS, Handlebars, Jade, etc.
Note that views are disabled by default and the directory doesn't exist since the philosophy of Strapi is to be API first.

55
docs/start/api.md
View File

@ -1,55 +0,0 @@
---
title: Your first API
---
## Create your first API
It's pretty simple to generate an API with the Strapi CLI:
```bash
$ strapi generate:api apiName
```
For example, you can create a `car` API with:
```bash
$ strapi generate:api car
```
## Update your database
Migrations allow you to define sets of schema changes so upgrading a database is a breeze.
### Create a new migration file
To generate a migration file run:
```bash
$ strapi migrate:make connection_name migration_name
```
For example, if you want to create a migration file named `new_car_model` for the `car` API we just generated using the `default` connection the command looks like:
```bash
$ strapi migrate:make default new_car_model
```
Be careful, migrations are automatically generated based on your current database schema and models. We strongly advise you to manually verify those information.
### Run the migrations
Once you have finished writing the migrations, you can update the database by running:
```bash
$ strapi migrate:run connection_name
```
So if you want to run the previous migration generated for the `default` connection you need to run:
```bash
$ strapi migrate:run default
```
## Consume your API
You can take a look at the routes of the generated `car` API at `./api/car/config/routes.json`.

59
docs/start/configuration.md
View File

@ -1,59 +0,0 @@
---
title: Configuration
---
While Strapi dutifully adheres to the philosophy of convention-over-configuration, it is important to understand how to customize those handy defaults from time to time. For almost every convention in Strapi, there is an accompanying set of configuration options that allow you to adjust or override things to fit your needs.
Settings specified at the root directory will be available in all environments.
If you'd like to have some settings take effect only in certain environments, you can use the special environment-specific files and folders. Any files saved under the `./config/environments/development` directory will be loaded only when Strapi is started in the `development` environment.
The built-in meaning of the settings in `strapi.config` are, in some cases, only interpreted by Strapi during the `start` process. In other words, changing some options at runtime will have no effect. To change the port your application is running on, for instance, you can't just change `strapi.config.port`. You'll need to change the setting, then restart the server.
## Host
The host name the connection was configured to.
Configuration:
- Key: `host`
- Environment: `development`
- Location: `./config/environments/development/server.json`
- Type: `string`
Example:
```js
{
"host": "localhost"
}
```
Notes:
- You don't need to specify a `host` in a `production` environment.
- Defaults to the operating system hostname when available, otherwise `localhost`.
## Port
The actual port assigned after the server has been started.
Configuration:
- Key: `port`
- Environment: `development`
- Location: `./config/environments/development/server.json`
- Type: `integer`
Example:
```js
{
"port": 1337
}
```
Notes:
- You don't need to specify a `host` in a `production` environment.
- When no port is configured or set, Strapi will look for the `process.env.PORT` value. If no port specified, the port will be `1337`.

24
docs/start/creation.md
View File

@ -1,24 +0,0 @@
---
title: Create a project
---
Before you start: make sure you've installed the Strapi node module-- it should only take a minute!
## Create a project
First, we need to create a directory to hold your application:
```bash
$ strapi new appName
```
## Start your application
To run the server, make that your working directory and simply start your application:
```bash
$ cd appName
$ strapi start
```
The default home page is accessible at [http://localhost:1337/](http://localhost:1337/).

74
docs/start/install-nodejs.md
View File

@ -1,74 +0,0 @@
---
title: Install Node.js
---
## New to Node.js ?
> Node.js® is a JavaScript runtime built on Chrome's V8 JavaScript engine. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient. Node.js' package ecosystem, npm, is the largest ecosystem of open source libraries in the world.
More simply put, Node.js allows us to quickly and efficiently run JavaScript code outside the browser, making it possible to use the same language on both the frontend and the backend.
## Install the Node.js environment
Node.js will install on most major Operating systems. Mac OS X, Windows and many flavors of Linux are supported.
### Node.js on OS X
Simply download the [OS X installer](https://nodejs.org/en/download/) directly from the official Node.js website. We highly recommend this solution if you are not familiar with package managers.
If you want to install Node.js via [Homebrew](http://brew.sh/):
```bash
$ brew install node
```
If you want to install Node.js via [MacPorts](http://www.macports.org/):
```bash
$ port install nodejs
```
If you want to install Node.js via [pkgsrc](https://pkgsrc.joyent.com/install-on-osx/):
```bash
$ pkgin -y install nodejs
```
### Node.js on Windows
Simply download the [Windows installer](https://nodejs.org/en/download/) directly from the official Node.js website. We highly recommend this solution if you are not familiar with package managers.
If you want to install Node.js via [Chocolatey](http://chocolatey.org/):
```bash
$ cinst nodejs.install
```
If you want to install Node.js via [Scoop](http://scoop.sh/):
```bash
$ scoop install nodejs
```
## Verify the installation
Before continuing, we need verify that Node.js is correctly installed with the npm package manager.
Print the Node.js version installed on your machine:
```bash
$ node -v
v5.7.0
```
Print the npm version installed on your machine:
```bash
$ npm -v
3.6.0
```
You need to make sure your machine meets the following requirements:
- Node.js >= 4.0.0
- npm >= 3.0.0

29
docs/start/repl.md
View File

@ -1,29 +0,0 @@
---
title: Enter the REPL
---
## Start the REPL
Now that the `car` API is generated and the database upgraded thanks to a migration, you are ready to access your API.
Let's start your application with an opened REPL:
```bash
$ strapi console
```
This let you start your application, and enter the [Node.js REPL](https://nodejs.org/api/repl.html). This means you can access and use all of your models, services, configuration, and much more. Useful for trying out queries, quickly managing your data, and checking out your project's runtime configuration.
## Access global objects
You can access the Strapi global object with `strapi`. Your generated `car` API is accessible at `strapi.api.car`. If you want to output the `car` API object it should look like this:
```bash
> strapi.api.car
```
If you need to take a look at your current used config, simply run:
```bash
> strapi.config
```

73
mkdocs.yml Executable file
View File

@ -0,0 +1,73 @@
theme: "readthedocs"
docs_dir: ./website
site_dir: ./packages/strapi-generate-new/files/public
theme_dir: ./website/theme
site_name: "Strapi"
site_description: "Node.js framework powering API-driven web and mobile applications."
site_author: "Wistity"
site_url: "http://strapi.io/"
repo_name: "Strapi"
repo_url: "https://github.com/wistityhq/strapi"
markdown_extensions:
- admonition
- smarty
- sane_lists
- toc:
permalink: "#"
extra:
command: "$ npm install strapi-cli -g"
baseline: "Powering API-driven web and mobile applications."
start: "Get started"
current_version: "Current version"
version: "2.0.0"
pages:
- Home: ./index.md
- Prologue:
- Introduction: ./documentation/prologue/why.md
- Install Strapi: ./documentation/prologue/installation.md
- How it works: ./documentation/prologue/start.md
- Architecture foundations:
- Configuration: ./documentation/architecture/configuration.md
- Router: ./documentation/architecture/router.md
- Context: ./documentation/architecture/context.md
- Request: ./documentation/architecture/request.md
- Response: ./documentation/architecture/response.md
- Databases: ./documentation/architecture/databases.md
- Views: ./documentation/architecture/views.md
- Concepts:
- Authentication: ./documentation/concepts/authentication.md
- GraphQL: ./documentation/concepts/graphql.md
- JSON API: ./documentation/concepts/jsonapi.md
- WebSockets: ./documentation/concepts/websockets.md
- Internationalization: ./documentation/concepts/internationalization.md
- Scheduled tasks: ./documentation/concepts/cron.md
- Services: ./documentation/concepts/services.md
- Policies: ./documentation/concepts/policies.md
- Sessions: ./documentation/concepts/sessions.md
- SQL databases:
- Models: ./documentation/sql/models.md
- Migrations: ./documentation/sql/migrations.md
- Query builder: ./documentation/sql/queries.md
- Raw: ./documentation/sql/raw.md
- Interfaces: ./documentation/sql/interfaces.md
- SQL ORM: ./documentation/sql/orm.md
- Advanced usage:
- Security: ./documentation/advanced/security.md
- Lifecycle events: ./documentation/advanced/events.md
- Error handling: ./documentation/advanced/errors.md
- Custom generators: ./documentation/advanced/generators.md
- Custom hooks: ./documentation/advanced/hooks.md
- Legal Info:
- Governance: ./info/governance.md
- Code Of Conduct: ./info/conduct.md
- Releases: ./info/releases.md
- Security: ./info/security.md
- Trademarks: ./info/trademarks.md
- Licenses: ./info/licenses.md
- Support: ./info/support.md

13
package.json
View File

@ -2,26 +2,29 @@
"private": true,
"version": "2.0.0",
"devDependencies": {
"expect.js": "~0.3.1",
"istanbul": "^0.4.2",
"assert": "~1.3.0",
"coveralls": "~2.11.9",
"istanbul": "~0.4.2",
"mocha": "~2.4.5",
"mocha-lcov-reporter": "~1.2.0",
"pre-commit": "~1.1.2",
"request": "~2.69.0",
"should": "~8.3.0",
"xo": "~0.13.0"
},
"xo": {
"space": true,
"envs": [
"mocha",
"node"
],
"globals": [
"strapi"
],
"ignore": [
"packages/**/test/**"
"packages/strapi-generate-new/files/public/**",
"website/**"
],
"rules": {
"no-implicit-coercion": 0,
"no-unused-expressions": 0,
"padded-blocks": 0,
"prefer-template": 0,

4
docs/advanced/errors.md → website/documentation/advanced/errors.md
View File

@ -1,6 +1,4 @@
---
title: Error handling
---
# Error handling
## The error event

12
docs/advanced/events.md → website/documentation/advanced/events.md
View File

@ -1,10 +1,9 @@
---
title: Lifecyle events
---
# Lifecyle events
Strapi applications inherit [Node.js `EventEmitter` interface](https://nodejs.org/api/events.html#events_class_eventemitter), meaning that they can both emit and listen for custom events.
While it is not recommended that you utilize Strapi events directly in application code (since your apps should strive to be as stateless as possible to facilitate scalability), events can be very useful when extending Strapi (via hooks or generators) and in a testing environment.
!!! note
While it is not recommended that you utilize Strapi events directly in application code (since your apps should strive to be as stateless as possible to facilitate scalability), events can be very useful when extending Strapi (via hooks or generators) and in a testing environment.
None of the events are emitted with extra information, so your function should not have any arguments.
@ -91,6 +90,5 @@ module.exports.bootstrap = function (cb) {
};
```
Notes:
- It's very important to trigger the callback method when you are finished with the bootstrap. Otherwise your server will never start, since it's waiting on the bootstrap.
!!! important
It's very important to trigger the callback method when you are finished with the bootstrap. Otherwise your server will never start, since it's waiting on the bootstrap.

6
docs/advanced/generators.md → website/documentation/advanced/generators.md
View File

@ -1,6 +1,4 @@
---
title: Custom generators
---
# Custom generators
In keeping with the Node.js philosophy, Strapi aims to keep its core as small as possible, delegating all but the most critical functions to separate modules.
@ -11,7 +9,7 @@ Generators are designed to make it easier to customize the `$ strapi new` and `$
Strapi comes with a generator for generator. Simply run:
```bash
$ strapi generate:generator <myGenerator>
$ strapi generate:generator myGenerator
```
For example you can have:

6
docs/advanced/hooks.md → website/documentation/advanced/hooks.md
View File

@ -1,6 +1,4 @@
---
title: Custom hooks
---
# Custom hooks
A hook is a Node.js module that adds functionality to the Strapi core. The hook specification defines the requirements a module must meet for Strapi to be able to import its code and make the new functionality available. Because they can be saved separately from the core, hooks allow Strapi code to be shared between applications and developers without having to modify the framework.
@ -86,7 +84,7 @@ module.exports = function (strapi) {
## Hook events and dependencies
When a hook successfully initializes, it emits an event with the following name: `hook:<hookName>:loaded`.
When a hook successfully initializes, it emits an event with the following name: `hook:hookName:loaded`.
You can use the "hook loaded" events to make one hook dependent on another. To do so, simply wrap your hook's `initialize` logic in a call to `strapi.on()`. For example, to make your hook wait for the `models` hook to load, you could make your initialize similar to the following:

339
website/documentation/advanced/security.md Executable file
View File

@ -0,0 +1,339 @@
# Security
We take security very seriously. This is why Strapi comes with several security layers that just work depending on your needs.
!!! warning
All security bugs in Strapi are taken seriously and should be reported by emailing [hack@wistity.co](mailto:hack@wistity.co)
**Please don't file a public issue.** [Learn more about reporting security issues](../../info/security/index.html).
## CORS
Cross-Origin Resource Sharing (CORS) is a mechanism that allows restricted resources (e.g. fonts, JavaScript, etc.) on a web page to be requested from another domain outside the domain from which the resource originated.
Configuration:
- Key: `cors`
- Environment: `development`
- Location: `./config/environments/development/security.json`
- Type: `object`
Example:
```js
{
"cors": {
"origin": true,
"expose": [
"WWW-Authenticate",
"Server-Authorization"
],
"maxAge": 31536000,
"credentials": true,
"methods": [
"GET",
"POST",
"PUT",
"DELETE",
"OPTIONS",
"HEAD"
],
"headers": [
"Content-Type",
"Authorization"
]
}
}
```
Options:
- `origin` (string|boolean): Configures the `Access-Control-Allow-Origin` CORS header. Expects a string (ex: `http://example.com`) or a boolean. Set to `true` to reflect the request origin, as defined by `req.header('Origin')`. Set to `false` to disable CORS.
- `expose` (array): Configures the `Access-Control-Expose-Headers` CORS header. Set this to pass the header, otherwise it is omitted.
- `maxAge` (integer): Configures the `Access-Control-Max-Age` CORS header. Set to an integer to pass the header, otherwise it is omitted.
- `credentials` (boolean): Configures the `Access-Control-Allow-Credentials` CORS header. Set to `true` to pass the header, otherwise it is omitted.
- `methods` (array): Configures the `Access-Control-Allow-Methods` CORS header.
- `headers` (array): Configures the `Access-Control-Allow-Headers` CORS header. If not specified, defaults to reflecting the headers specified in the request's `Access-Control-Request-Headers` header.
Notes:
- Set to `false` to disable CORS.
## CSRF
Cross Site Request Forgery (CSRF) is a type of attack which forces an end user to execute unwanted actions on a web application backend with which he/she is currently authenticated.
Strapi bundles optional CSRF protection out of the box.
Configuration:
- Key: `csrf`
- Environment: `development`
- Location: `./config/environments/development/security.json`
- Type: `object`
```js
{
"csrf": {
"key": "_csrf",
"secret": "_csrfSecret"
}
}
```
Options:
- `key` (string): The name of the CSRF token added to the model. Defaults to `_csrf`.
- `secret` (string): The key to place on the session object which maps to the server side token. Defaults to `_csrfSecret`.
Notes:
- Set to `false` to disable CSRF headers.
- If you have existing code that communicates with your Strapi backend via `POST`, `PUT`, or `DELETE` requests, you'll need to acquire a CSRF token and include it as a parameter or header in those requests.
## CSP headers
Content Security Policy (CSP) is a W3C specification for instructing the client browser as to which location and/or which type of resources are allowed to be loaded.
This spec uses "directives" to define a loading behaviors for target resource types. Directives can be specified using HTTP response headers or or HTML Meta tags.
Configuration:
- Key: `csp`
- Environment: `development`
- Location: `./config/environments/development/security.json`
- Type: `object`
Example:
```js
{
"csp": {
"policy": {
"default-src": "self",
"img-src": "*"
}
}
}
```
Options:
- `policy` (object): Object definition of policy.
- `reportOnly` (boolean): Enable report only mode.
- `reportUri` (string): URI where to send the report data.
Notes:
- Set to `false` to disable CSP headers.
- See the [MDN CSP usage page](https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Using_Content_Security_Policy) for more information on available policy options.
## HSTS
Enables HTTP Strict Transport Security for the host domain.
The preload flag is required for HSTS domain submissions to Chrome's HSTS preload list.
Configuration:
- Key: `hsts`
- Environment: `development`
- Location: `./config/environments/development/security.json`
- Type: `object`
Example:
```js
{
"hsts": {
"maxAge": 31536000,
"includeSubDomains": true
}
}
```
Options:
- `maxAge` (integer): Number of seconds HSTS is in effect.
- `includeSubDomains` (boolean): Applies HSTS to all subdomains of the host.
Notes:
- Set to `false` to disable HSTS.
## P3P
Platform for Privacy Preferences (P3P) is a browser/web standard designed to facilitate better consumer web privacy control. Currently out of all the major browsers, it is only supported by Internet Explorer. It comes into play most often when dealing with legacy applications.
Configuration:
- Key: `p3p`
- Environment: `development`
- Location: `./config/environments/development/security.json`
- Type: `string`
Example:
```js
{
"p3p": "ABCDEF"
}
```
Notes:
- The string is the value of the compact privacy policy.
- Set to `false` to disable P3P.
## X-Frame
Enables `X-Frame-Options` headers to help prevent Clickjacking.
Configuration:
- Key: `xframe`
- Environment: `development`
- Location: `./config/environments/development/security.json`
- Type: `string`
Example:
```js
{
"xframe": "SAMEORIGIN"
}
```
Notes:
- The string is the value for the header: `DENY`, `SAMEORIGIN` or `ALLOW-FROM`.
- Set to `false` to disable X-Frame-Options headers.
## X-XSS
Cross-site scripting (XSS) is a type of attack in which a malicious agent manages to inject client-side JavaScript into your website, so that it runs in the trusted environment of your users' browsers.
Enables `X-XSS-Protection` headers to help prevent cross site scripting (XSS) attacks in older IE browsers (IE8).
Configuration:
- Key: `xssProtection`
- Environment: `development`
- Location: `./config/environments/development/security.json`
- Type: `object`
Example:
```js
{
"xssProtection": {
"enabled": true,
"mode": "block"
}
}
```
Options:
- `enabled` (boolean): If the header is enabled or not.
- `mode` (string): Mode to set on the header.
Notes:
- Set to `false` to disable HTTP Strict Transport Security.
## IP filtering
The IP filter configuration allows you to whitelist or blacklist specific or range IP addresses.
The blacklisted IP addresses won't have access to your web application at all.
Configuration:
- Key: `ip`
- Environment: `development`
- Location: `./config/environments/development/security.json`
- Type: `object`
Example:
```js
{
"ip": {
"whiteList": [
"192.168.0.*",
"8.8.8.[0-3]"
],
"blackList": [
"144.144.*"
]
}
}
```
Options:
- `whiteList` (array): IP addresses allowed.
- `blackList` (array): IP addresses forbidden.
Notes:
- Set to `false` to disable IP filter.
## Proxy
A proxy server is a server that acts as an intermediary for requests from clients seeking resources from other servers.
Request your server, fetch the proxy URL you typed and return.
Configuration:
- Key: `proxy`
- Environment: `development`
- Location: `./config/environments/development/security.json`
- Type: `string`
Example:
```js
{
"proxy": "http://mycdn.com"
}
```
Notes:
- The string will fetch the host and return. For example, when you request `http://localhost:1337/users`, it will fetch `http://mycdn.com/users` and return.
- Set to `false` to disable the proxy security.
## SSL
Secure Sockets Layer (SSL), is a cryptographic protocol designed to provide communications security over a computer network.
This configuration enforce SSL for your application.
Configuration:
- Key: `ssl`
- Environment: `development`
- Location: `./config/environments/development/security.json`
- Type: `object`
Example:
```js
{
"ssl": {
"disabled": false,
"trustProxy": true
}
}
```
Options:
- `disabled` (boolean): If `true`, this middleware will allow all requests through.
- `trustProxy` (boolean): If `true`, trust the `X-Forwarded-Proto` header.
Notes:
- Set to `false` to disable SSL.

261
website/documentation/architecture/configuration.md Executable file
View File

@ -0,0 +1,261 @@
# Configuration
While Strapi dutifully adheres to the philosophy of convention-over-configuration, it is important to understand how to customize those handy defaults from time to time. For almost every convention in Strapi, there is an accompanying set of configuration options that allow you to adjust or override things to fit your needs.
Settings specified at the root directory will be available in all environments.
!!! note
If you'd like to have some settings take effect only in certain environments, you can use the special environment-specific files and folders. Any files saved under the `./config/environments/development` directory will be loaded only when Strapi is started in the `development` environment.
!!! warning
The built-in meaning of the settings in `strapi.config` are, in some cases, only interpreted by Strapi during the `start` process. In other words, changing some options at runtime will have no effect. To change the port your application is running on, for instance, you can't just change `strapi.config.port`. You'll need to change the setting, then restart the server.
## Host
The host name the connection was configured to.
Configuration:
- Key: `host`
- Environment: `development`
- Location: `./config/environments/development/server.json`
- Type: `string`
Example:
```js
{
"host": "localhost"
}
```
Notes:
- You don't need to specify a `host` in a `production` environment.
- Defaults to the operating system hostname when available, otherwise `localhost`.
## Port
The actual port assigned after the server has been started.
Configuration:
- Key: `port`
- Environment: `development`
- Location: `./config/environments/development/server.json`
- Type: `integer`
Example:
```js
{
"port": 1337
}
```
Notes:
- You don't need to specify a `host` in a `production` environment.
- When no port is configured or set, Strapi will look for the `process.env.PORT` value. If no port specified, the port will be `1337`.
## Public assets
Strapi is compatible with any front-end strategy; whether it's Angular, Backbone, Ember, iOS, Android, Windows Phone, or something else that hasn't been invented yet.
!!! note
Public assets refer to static files on your server that you want to make accessible to the outside world. In Strapi, these files are placed in the `./public` directory.
Configuration:
- Key: `static`
- Environment: all
- Location: `./config/general.json`
- Type: `boolean`
Example:
```js
{
"static": true
}
```
Notes:
- Set to `false` to disable the public assets.
## Body parser
The "body parser" extracts the entire body portion of an incoming request stream and exposes it as something easier to interface with. It will most likely do what you want and save you the trouble.
Configuration:
- Key: `parser`
- Environment: `development`
- Location: `./config/environments/development/server.json`
- Type: `object`
Example:
```js
{
"parser": {
"encode": "utf-8",
"formLimit": "56kb",
"jsonLimit": "1mb",
"strict": true,
"extendTypes": {
"json": [
"application/x-javascript"
]
}
}
}
```
Options:
- `encode` (string): Requested encoding.
- `formLimit` (string): Limit of the urlencoded body. If the body ends up being larger than this limit, a 413 error code is returned.
- `jsonLimit` (string): Limit of the JSON body.
- `strict` (boolean): When set to `true`, JSON parser will only accept arrays and objects.
- `extendTypes` (array): Support extend types.
Notes:
- Set to `false` to disable the body parser (not recommended).
## Favicon
A favicon is a file containing one small icon, most commonly 16×16 pixels, for your website.
Configuration:
- Key: `favicon`
- Environment: all
- Location: `./config/general.json`
- Type: `object`
Example:
```js
{
"favicon": {
"path": "favicon.ico",
"maxAge": 86400000
}
}
```
Options:
- `path` (string): Relative path for the favicon to use from the application root directory.
- `maxAge` (integer): Cache-control max-age directive. Set to pass the cache-control in ms.
Notes:
- Set to `false` to disable the favicon feature.
## Gzip
Compression is a simple, effective way to save bandwidth and speed up your site.
Gzip performs best on text-based assets: CSS, JavaScript, HTML. All modern browsers support Gzip compression and will automatically request it.
The best part is that enabling Gzip is one of the simplest and highest payoff optimizations to implement-- sadly, many people still forget to implement it.
Configuration:
- Key: `gzip`
- Environment: `development`
- Location: `./config/environments/development/server.json`
- Type: `boolean`
Example:
```js
{
"gzip": true
}
```
Notes:
- Set to `false` to disable Gzip compression.
## Response time
The `X-Response-Time` header records the response time for requests in HTTP servers. The response time is defined here as the elapsed time from when a request enters the application to when the headers are written out to the client.
Configuration:
- Key: `responseTime`
- Environment: `development`
- Location: `./config/environments/development/server.json`
- Type: `boolean`
Example:
```js
{
"responseTime": true
}
```
Notes:
- Set to `false` to disable the response time header.
## Logging
Strapi comes with a simple and useful built-in logger. Its usage is purposely very similar to `console.log()`, but with a handful of extra features; namely support for multiple log levels with colorized, prefixed console output.
Configuration:
- Key: `logger`
- Environment: `development`
- Location: `./config/environments/development/server.json`
- Type: `boolean`
Example:
```js
{
"logger": true
}
```
Notes:
- Set to `false` to disable the lifecyle and request logs.
## No-downtime
Strapi lets you herd your child processes over Node.js `cluster` for zero-downtime reloads.
Configuration:
- Key: `reload`
- Environment: `development`
- Location: `./config/environments/development/server.json`
- Type: `object`
Example:
```js
{
"reload": {
"timeout": 10000,
"workers": 3
}
}
```
Options:
- `timeout` (integer): Set the timeout in ms before killing a worker.
- `workers` (integer): Set the number of workers to spawn. If the `workers` key is not present, Strapi will use the number of CPUs (can be useful in production).
Notes:
- Set to `false` to disable the zero-downtime feature.

4
docs/basics/context.md → website/documentation/architecture/context.md
View File

@ -1,6 +1,4 @@
---
title: Context
---
# Context
A Strapi `Context` encapsulates Node's `request` and `response` objects into a single object which provides many helpful methods for writing web applications and APIs.

10
docs/basics/databases.md → website/documentation/architecture/databases.md
View File

@ -1,10 +1,10 @@
---
title: Databases
---
# Databases
The Strapi philosophy regarding databases and ORMs is very simple: a unique ORM for SQL databases and one selected ORM for each NoSQL database.
!!! note
The Strapi philosophy regarding databases and ORMs is very simple: a unique ORM for SQL databases and one selected ORM for each NoSQL database.
**We don't provide hooks for NoSQL databases yet.** *[Join us on Slack](http://slack.strapi.io) to see how we can work together if you are interested in helping us about this.*
!!! important
We unfortunately don't provide hooks for NoSQL databases yet. [Join us on Slack](http://slack.strapi.io) to see how we can work together if you are interested in helping us about this.
A connection represents a particular database configuration. This configuration object includes a `client` to use, as well as information like the `host`, `port`, `username`, `password`, and so forth.

4
docs/basics/request.md → website/documentation/architecture/request.md
View File

@ -1,6 +1,4 @@
---
title: Request
---
# Request
A Strapi `Request` object is an abstraction on top of Node's vanilla request object, providing additional functionality that is useful for every day HTTP server development.

4
docs/basics/response.md → website/documentation/architecture/response.md
View File

@ -1,6 +1,4 @@
---
title: Response
---
# Response
A Strapi `Response` object is an abstraction on top of Node's vanilla response object, providing additional functionality that is useful for every day HTTP server development.

6
docs/basics/router.md → website/documentation/architecture/router.md
View File

@ -1,12 +1,10 @@
---
title: Router
---
# Router
The most basic feature of any web application is the ability to interpret a request sent to a URL, then send back a response. In order to do this, your application has to be able to distinguish one URL from another.
Like most web frameworks, Strapi provides a router: a mechanism for mapping URLs to controllers. Routes are rules that tell Strapi what to do when faced with an incoming request.
For every API, routes can be found in `./api/<apiName>/config/routes.json`.
For every API, routes can be found in `./api/apiName/config/routes.json`.
## Route format

7
docs/basics/views.md → website/documentation/architecture/views.md
View File

@ -1,10 +1,9 @@
---
title: Views
---
# Views
In Strapi, views are markup templates that are compiled on the server into HTML pages. In most cases, views are used as the response to an incoming HTTP request.
By default, Strapi doesn't use views. The philosophy of the framework is to separate the reusable backend application logic from the front-end.
!!! important
By default, Strapi doesn't use views. The philosophy of the framework is to separate the reusable backend application logic from the front-end.
## Configuration

72
docs/features/authentication.md → website/documentation/concepts/authentication.md
View File

@ -1,6 +1,4 @@
---
title: Authentication
---
# Authentication
The Strapi OAuth hook allows you to easily connect your application to 150+ providers.
@ -34,22 +32,22 @@ Strapi requires that the redirect/callback URL specified in your OAuth applicati
3. Create a `authentication.json` in each environment (since you'll use different credentials) file containing:
```js
{
"authentication": {
"facebook": {
"key": "[CLIENT_ID]",
"secret": "[CLIENT_SECRET]",
"callback": "/handle_facebook_response"
},
"twitter": {
"key": "[CONSUMER_KEY]",
"secret": "[CONSUMER_SECRET]",
"callback": "/handle_twitter_response"
}
```js
{
"authentication": {
"facebook": {
"key": "[CLIENT_ID]",
"secret": "[CLIENT_SECRET]",
"callback": "/handle_facebook_response"
},
"twitter": {
"key": "[CONSUMER_KEY]",
"secret": "[CONSUMER_SECRET]",
"callback": "/handle_twitter_response"
}
}
```
}
```
4. Navigate to `/connect/facebook` to initiate the OAuth flow for Facebook, or navigate to `/connect/twitter` to initiate the OAuth flow for Twitter.
@ -90,29 +88,29 @@ Options (for each provider):
- `scope` (array): Array of OAuth scopes to request
- `callback` (string): Specific callback to use for this provider.
- `custom_params` (object): Some providers may employ custom authorization parameters outside of the ones specified in the configuration section. You can pass those custom parameters using the `custom_params` option:
```js
{
"authentication": {
"google": {
"custom_params": {
"access_type": "offline"
}
},
"reddit": {
"custom_params": {
"duration": "permanent"
}
},
"trello": {
"custom_params": {
"name": "my app",
"expiration": "never"
}
```js
{
"authentication": {
"google": {
"custom_params": {
"access_type": "offline"
}
},
"reddit": {
"custom_params": {
"duration": "permanent"
}
},
"trello": {
"custom_params": {
"name": "my app",
"expiration": "never"
}
}
}
```
}
```
## Usage

16
docs/features/cron.md → website/documentation/concepts/cron.md
View File

@ -1,6 +1,4 @@
---
title: Scheduled tasks
---
# Scheduled tasks
CRON tasks allow you to schedule jobs (arbitrary functions) for execution at specific dates, with optional recurrence rules. It only uses a single timer at any given time (rather than reevaluating upcoming jobs every second/minute).
@ -31,9 +29,9 @@ module.exports.cron = {
Notes:
- The cron format consists of:
1. second (0 - 59, optional)
2. minute (0 - 59)
3. hour (0 - 23)
4. day of month (1 - 31)
5. month (1 - 12)
6. day of week (0 - 7)
1. second (0 - 59, optional)
2. minute (0 - 59)
3. hour (0 - 23)
4. day of month (1 - 31)
5. month (1 - 12)
6. day of week (0 - 7)

13
docs/features/graphql.md → website/documentation/concepts/graphql.md
View File

@ -1,6 +1,4 @@
---
title: GraphQL
---
# GraphQL
Strapi build your GraphQL schema based on your model definitions. By default, you can make queries to the GraphQL server at [http://localhost:1337/graphql](http://locahost:1337/graphql).
@ -136,7 +134,8 @@ For example, this will update an existing user with the `id` `1`:
}
```
Note: Don't forget to send the ID in the body!
!!! important
Don't forget to send the ID in the body!
### Delete a record
@ -154,7 +153,8 @@ For example, this will delete the user with the `id` `1`:
}
```
Note: You have to specify field in your query. However the value will be `null`.
!!! note
You have to specify field in your query. However the value will be `null`.
## Permissions
@ -198,4 +198,5 @@ Then, you can apply one or more policies on each query and mutation.
}
```
Note: The policy doesn't need to be in the same API folder. The GraphQL permissions are based on the global `strapi.policies` variable which is an aggregate of the policies of the whole application. Also, the request is apply to the policies, in others words, this means you can handle sessions and cookies in the policy as usual.
!!! note
The policy doesn't need to be in the same API folder. The GraphQL permissions are based on the global `strapi.policies` variable which is an aggregate of the policies of the whole application. Also, the request is apply to the policies, in others words, this means you can handle sessions and cookies in the policy as usual.

7
docs/features/internationalization.md → website/documentation/concepts/internationalization.md
View File

@ -1,6 +1,4 @@
---
title: Internationalization
---
# Internationalization
If your application will touch people or systems from all over the world, internationalization and localization (`i18n`) may be an important part of your international strategy.
@ -68,7 +66,8 @@ These files contain locale-specific strings (as JSON key-value pairs) that you c
}
```
Note that the keys in your stringfiles are case sensitive and require exact matches. There are a few different schools of thought on the best approach here, and it really depends on who/how often you'll be editing the stringfiles in the future. Especially if you'll be editing the translations by hand, simpler, all-lowercase key names may be preferable for maintainability.
!!! note
The keys in your stringfiles are case sensitive and require exact matches. There are a few different schools of thought on the best approach here, and it really depends on who/how often you'll be editing the stringfiles in the future. Especially if you'll be editing the translations by hand, simpler, all-lowercase key names may be preferable for maintainability.
For example, here's another pass at `./config/locales/fr_FR.json`:

4
docs/features/jsonapi.md → website/documentation/concepts/jsonapi.md
View File

@ -1,6 +1,4 @@
---
title: JSON API
---
# JSON API
Strapi comes with a strong implementation of the JSON API specification. With its shared conventions, you can increase productivity, take advantage of generalized tooling, and focus on what matters: your application. Moreover, clients built around JSON API are able to take advantage of its features around efficiently caching responses, sometimes eliminating network requests entirely.

7
docs/security/policies.md → website/documentation/concepts/policies.md
View File

@ -1,6 +1,4 @@
---
title: Policies
---
# Policies
Policies in Strapi are versatile tools for authorization and access control-- they let you allow or deny access to your controllers down to a fine level of granularity. For example, if you were building Dropbox, before letting a user upload a file to a folder, you might check that she `isAuthenticated`, then ensure that she `canWrite` (has write permissions on the folder.) Finally, you'd want to check that the folder she's uploading into `hasEnoughSpace`.
@ -35,4 +33,5 @@ For example you can generate a policy named `isAuthenticated` for the `user` API
$ strapi generate:policy isAuthenticated user
```
Do not forget to yield `next` when you need to move on.
!!! important
Do not forget to yield `next` when you need to move on.

4
docs/features/services.md → website/documentation/concepts/services.md
View File

@ -1,6 +1,4 @@
---
title: Services
---
# Services
Services can be thought of as libraries which contain functions that you might want to use in many places of your application. For example, you might have an `sendEmail` service which wraps some default email message boilerplate code that you would want to use in many parts of your application.

7
docs/features/sessions.md → website/documentation/concepts/sessions.md
View File

@ -1,12 +1,11 @@
---
title: Sessions
---
# Sessions
Since HTTP driven applications are stateless, sessions provide a way to store information about the user across requests.
Strapi provides "guest" sessions, meaning any visitor will have a session, authenticated or not. If a session is new a `Set-Cookie` will be produced regardless of populating the session.
Strapi only supports cookie sessions, for now.
!!! warning
Strapi only supports cookie sessions, for now.
## Configuration

117
website/documentation/concepts/views.md Executable file
View File

@ -0,0 +1,117 @@
# Views
In Strapi, views are markup templates that are compiled on the server into HTML pages. In most cases, views are used as the response to an incoming HTTP request.
!!! important
By default, Strapi doesn't use views. The philosophy of the framework is to separate the reusable backend application logic from the front-end.
## Configuration
Configuration:
- Key: `views`
- Environment: all
- Location: `./config/general.json`
- Type: `object`
Example:
```js
{
"views": {
"map": {
"html": "lodash",
"hbs": "handlebars"
},
"default": "html",
"cache": false
}
}
```
Options:
- `map`: Object mapping extension names to engine names.
- `default`: Default extension name to use when missing.
- `cache`: When `true` compiled template functions will be cached in-memory, this prevents subsequent disk I/O, as well as the additional compilation step that most template engines peform. By default this is enabled when the `NODE_ENV` environment variable is anything but `development`, such as `stage` or `production`.
Notes:
- Set to `false` to disable views support.
- Views are defined in your application's `./views` directory.
- You still need to install the engines you wish to use, by adding them to your `package.json` dependencies.
## Usage
Simply use `this.render` instead of `this.body` to render a view.
You don't need to specify the view extension if you use the default one sets in config.
Using the config we wrote above with `lodash` for `.html` files and use the `html` extension by default, this example will render `./views/user.html` with Lodash as template engine.
```js
yield this.render('user', {
firstname: 'John',
lastname: 'Doe'
});
```
```html
<html>
<head>...</head>
<body>
<p>Firstname: <% firstname %><br>Lastname: <% lastname %></p>
</body>
</html>
```
Here is the same example with the `jade` extension, not used by default:
```js
yield this.render('user.jade', {
firstname: 'John',
lastname: 'Doe'
});
```
## Supported template engines
To use a view engine, you should use npm to install it in your project and set the `map` object in `strapi.config.views`.
Strapi supports all of those view engines:
- [atpl](https://github.com/soywiz/atpl.js)
- [doT.js](https://github.com/olado/doT)
- [dust (unmaintained)](https://github.com/akdubya/dustjs)
- [dustjs-linkedin (maintained fork of dust)](https://github.com/linkedin/dustjs)
- [eco](https://github.com/sstephenson/eco)
- [ect](https://github.com/baryshev/ect)
- [ejs](https://github.com/visionmedia/ejs)
- [haml](https://github.com/visionmedia/haml.js)
- [haml-coffee](https://github.com/9elements/haml-coffee)
- [hamlet](https://github.com/gregwebs/hamlet.js)
- [handlebars](https://github.com/wycats/handlebars.js/)
- [hogan](https://github.com/twitter/hogan.js)
- [htmling](https://github.com/codemix/htmling)
- [jade](https://github.com/visionmedia/jade)
- [jazz](https://github.com/shinetech/jazz)
- [jqtpl](https://github.com/kof/node-jqtpl)
- [JUST](https://github.com/baryshev/just)
- [liquor](https://github.com/chjj/liquor)
- [lodash](https://github.com/lodash/lodash)
- [mote](https://github.com/satchmorun/mote)
- [mustache](https://github.com/janl/mustache.js)
- [nunjucks](https://github.com/mozilla/nunjucks)
- [QEJS](https://github.com/jepso/QEJS)
- [ractive](https://github.com/Rich-Harris/Ractive)
- [react](https://github.com/facebook/react)
- [slm](https://github.com/slm-lang/slm)
- [swig](https://github.com/paularmstrong/swig)
- [templayed](http://archan937.github.com/templayed.js/)
- [liquid](https://github.com/leizongmin/tinyliquid)
- [toffee](https://github.com/malgorithms/toffee)
- [twig](https://github.com/justjohn/twig.js)
- [underscore](https://github.com/documentcloud/underscore)
- [vash](https://github.com/kirbysayshi/vash)
- [walrus](https://github.com/jeremyruppel/walrus)
- [whiskers](https://github.com/gsf/whiskers.js)

8
docs/features/websockets.md → website/documentation/concepts/websockets.md
View File

@ -1,6 +1,4 @@
---
title: WebSockets
---
# WebSockets
[Socket.IO](http://socket.io/) enables real-time bidirectional event-based communication. It works on every platform, browser or device, focusing equally on reliability and speed.
@ -23,11 +21,11 @@ Example:
Notes:
- Set to `false` to disable websockets with [Socket.IO](http://socket.io/).
- Set to `false` to disable websockets with Socket.IO.
## Usage
By default Strapi binds [Socket.IO](http://socket.io/) and your common websockets features are available using the `io` object.
By default Strapi binds Socket.IO and your common websockets features are available using the `io` object.
```js
io.on('connection', function (socket) {

12
docs/start/install-strapi.md → website/documentation/prologue/installation.md
View File

@ -1,6 +1,12 @@
---
title: Install Strapi
---
# Install Strapi
Before installing Strapi, make sure you have [installed Node.js](https://nodejs.org/en/download/package-manager/).
!!! important
You need to make sure your machine meets the following requirements:
- Node.js >= 4.0.0
- npm >= 3.0.0
## Installation

147
website/documentation/prologue/start.md Executable file
View File

@ -0,0 +1,147 @@
# How it works
Before you start: make sure [you've installed the Strapi node module](./installation/index.html)-- it should only take a minute!
## Create a project
First, we need to create a directory to hold your application:
```bash
$ strapi new appName
```
## Start your application
To run the server, make that your working directory and simply start your application:
```bash
$ cd appName
$ strapi start
```
!!! note
The default home page is accessible at [http://localhost:1337/](http://localhost:1337/).
## Anatomy
Now that you have the generated directory let's see what we have.
### APIs
The `./api` directory contains the vast majority of your app's back-end logic. It is home to the "M" and "C" in [MVC Framework](http://en.wikipedia.org/wiki/Model%E2%80%93view%E2%80%93controller).
Every API is composed of:
- Routes of the API and config that can be different for each environment.
- Controllers contain most of the back-end logic for your API.
- Models are the structures that contain data for your API.
- Policies are typically used to authenticate clients and restrict access to certain parts of your API.
- Services are similar to controller actions. They contain logic that used by your API that doesn't necessarily rely on the requests and the responses.
### Configuration
The `./config` directory is full of config that will allow you to customize and configure your application.
In `./config/locales` is where you can add translations as JSON key-value pairs. The name of the file should match the language that you are supporting, which allows for automatic language detection based on request headers.
The `./config/environments` directory contains various environment settings such as API keys or remote database passwords. The environment directory used is determined by the environment Strapi is going to be running in.
The `./config/functions` directory contains lifecycle functions for your application such as CRON tasks and bootstrap jobs.
### Data info
The `./data` directory contains all the migration files for every connection and your database index if you're using SQLite.
### Public assets
The `./public` directory houses all of the static files that your application will need to host.
### Views
The `./views` directory holds all of your custom views for template engines like EJS, Handlebars, Jade, etc.
!!! important
Note that views are disabled by default and the directory doesn't exist since the philosophy of Strapi is to be API first.
## Your first API
### Create your first API
It's pretty simple to generate an API with the Strapi CLI:
```bash
$ strapi generate:api apiName
```
For example, you can create a `car` API with:
```bash
$ strapi generate:api car
```
### Update your database
Migrations allow you to define sets of schema changes so upgrading a database is a breeze.
#### Create a new migration file
To generate a migration file run:
```bash
$ strapi migrate:make connection_name migration_name
```
For example, if you want to create a migration file named `new_car_model` for the `car` API we just generated using the `default` connection the command looks like:
```bash
$ strapi migrate:make default new_car_model
```
!!! warning
Be careful, migrations are automatically generated based on your current database schema and models. We strongly advise you to manually verify those information.
#### Run the migrations
Once you have finished writing the migrations, you can update the database by running:
```bash
$ strapi migrate:run connection_name
```
So if you want to run the previous migration generated for the `default` connection you need to run:
```bash
$ strapi migrate:run default
```
### Consume your API
You can take a look at the routes of the generated `car` API at `./api/car/config/routes.json`.
## Enter the REPL
### Start the REPL
Now that the `car` API is generated and the database upgraded thanks to a migration, you are ready to access your API.
Let's start your application with an opened REPL:
```bash
$ strapi console
```
This let you start your application, and enter the [Node.js REPL](https://nodejs.org/api/repl.html). This means you can access and use all of your models, services, configuration, and much more. Useful for trying out queries, quickly managing your data, and checking out your project's runtime configuration.
### Access global objects
You can access the Strapi global object with `strapi`. Your generated `car` API is accessible at `strapi.api.car`. If you want to output the `car` API object it should look like this:
```bash
> strapi.api.car
```
If you need to take a look at your current used config, simply run:
```bash
> strapi.config
```

31
website/documentation/prologue/why.md Executable file
View File

@ -0,0 +1,31 @@
## Why Strapi?
> At [Wistity](http://wistity.co), everything we do we believe in changing the status quo of web development. Our products are simple to use, user friendly and production-ready.
Web and mobile applications needed a powerful, simple to use and production-ready API-driven framework. That's why we created Strapi, an open-source [Node.js](https://nodejs.org/) rich framework for building applications and services.
Strapi enables developers to focus on writing reusable application logic instead of spending time building infrastructure. It is designed for building practical, production-ready Node.js applications in a matter of hours instead of weeks.
## Features
- **100% JavaScript**, the language you probably already are using for the front-end.
- **Rock-solid foundation** offering plenty of possibilities for web apps and APIs.
- **Useful CLI** that let you scaffold projects, APIs and migrations on the fly.
- **Front-end agnostic** and can be used with Angular, Backbone, React, Ember, Vue, iOS, Android, etc.
- **Easy authentication** with 150+ supported providers to easily manage your authentication processes.
- **Security layers** that just work and ships reusable security policies.
- **GraphQL implementation** for describing data requirements and interactions.
- **JSON API specification** to increase productivity by following shared conventions.
- **Smooth WebSockets** to handle realtime connections and events.
- **Flexible SQL dialect** with schema building for migrations, query building, transactions, and a lot more.
- **Elegant SQL ORM** featuring relations, lifecycle events, etc.
- **NoSQL support** if you need to plug specific data layers.
Convinced? [Let's get started!](./installation/index.html)
!!! note
Are you interested in helping us on Strapi? We encourage all kinds of contribution from the community.
You might take a look at our [Governance](../../info/governance/index.html), [Code of Conduct](../../info/conduct/index.html) and [Release process](../../info/releases/index.html).
!!! important
Before using Strapi in your work environment, please read our [Security](../../info/security/index.html), [Trademark](../../info/trademarks/index.html) and [License](../../info/licenses/index.html) policies. [Getting help with Strapi](../../info/support/index.html) is easy, with free community support options for individuals and small teams, up to professional support for large businesses.

89
docs/sql/interfaces.md → website/documentation/sql/interfaces.md
View File

@ -1,20 +1,14 @@
---
title: Interfaces
---
# Interfaces
The Strapi SQL dialect provides several options to deal with query output. The following methods are present on the query builder, schema builder, and the raw builder.
> In this document we assume the `connection` is one of the `connections` set in your config.
```js
const connection = strapi.connections.default;
```
## Promises
[Promises](https://github.com/petkaantonov/bluebird#what-are-promises-and-why-should-i-use-them) are the preferred way of dealing with queries in the dialect, as they allow you to return values from a fulfillment handler, which in turn become the value of the promise. The main benefit of promises are the ability to catch thrown errors without crashing the node app, making your code behave like a `.try` / `.catch` / `.finally` in synchronous code.
```js
connection.select('name').from('users')
strapi.connections.default
.select('name').from('users')
.where('id', '>', 20)
.andWhere('id', '<', 200).limit(10)
.offset(x)
@ -22,7 +16,9 @@ connection.select('name').from('users')
return _.pluck(rows, 'name');
})
.then(function (names) {
return connection.select('id').from('nicknames').whereIn('nickname', names);
return strapi.connections.default
.select('id').from('nicknames')
.whereIn('nickname', names);
})
.then(function (rows) {
console.log(rows);
@ -37,12 +33,13 @@ connection.select('name').from('users')
Coerces the current query builder chain into a promise state, accepting the resolve and reject handlers as specified by the [Promises/A+ spec](http://promises-aplus.github.com/promises-spec). As stated in the spec, more than one call to the `then` method for the current query chain will resolve with the same value, in the order they were called; the query will not be executed multiple times.
```js
connection.select('*').from('users')
strapi.connections.default
.select('*').from('users')
.where({
name: 'Tim'
})
.then(function (rows) {
return connection.insert({
return strapi.connections.default.insert({
user_id: rows[0].id,
name: 'Test'
}, 'id').into('accounts');
@ -60,14 +57,16 @@ connection.select('*').from('users')
Coerces the current query builder into a promise state, catching any error thrown by the query, the same as calling `.then(null, onRejected)`.
```js
return connection.insert({
return strapi.connections.default.insert({
id: 1, name: 'Test'
}, 'id').into('accounts')
.catch(function (error) {
console.error(error);
})
.then(function () {
return connection.select('*').from('accounts').where('id', 1);
return strapi.connections.default
.select('*').from('accounts')
.where('id', 1);
})
.then(function (rows) {
console.log(rows[0]);
@ -101,7 +100,8 @@ promise.tap(doSideEffectsHere);
A passthrough to [Bluebird's map implementation](https://github.com/petkaantonov/bluebird/blob/master/API.md#mapfunction-mapper---promise) with the result set.
```js
connection.select('name').from('users')
strapi.connections.default
.select('name').from('users')
.limit(10)
.map(function (row) {
return row.name;
@ -119,7 +119,8 @@ connection.select('name').from('users')
A passthrough to [Bluebird's reduce implementation](https://github.com/petkaantonov/bluebird/blob/master/API.md#reducefunction-reducer--dynamic-initialvalue---promise) with the result set.
```js
connection.select('name').from('users')
strapi.connections.default
.select('name').from('users')
.limit(10)
.reduce(function (memo, row) {
memo.names.push(row.name);
@ -142,7 +143,8 @@ connection.select('name').from('users')
A passthrough to [Bluebird's bind method](https://github.com/petkaantonov/bluebird/blob/master/API.md#binddynamic-thisarg---promise) which sets the context value (this) for the returned promise.
```js
connection.select('name').from('users')
strapi.connections.default
.select('name').from('users')
.limit(10)
.bind(console)
.then(console.log)
@ -156,12 +158,16 @@ Shorthand for calling `.then(function () { return value })`.
Without `return`:
```js
connection.insert(values).into('users')
strapi.connections.default
.insert(values)
.into('users')
.then(function () {
return {inserted: true};
});
connection.insert(values).into('users')
strapi.connections.default
.insert(values)
.into('users')
.return({
inserted: true
});
@ -174,7 +180,8 @@ connection.insert(values).into('users')
If you'd prefer a callback interface over promises, the `asCallback` function accepts a standard node style callback for executing the query chain. Note that as with the `then` method, subsequent calls to the same query chain will return the same result.
```js
connection.select('name').from('users')
strapi.connections.default
.select('name').from('users')
.where('id', '>', 20)
.andWhere('id', '<', 200)
.limit(10)
@ -183,7 +190,8 @@ connection.select('name').from('users')
if (err) return {
console.error(err);
}
connection.select('id').from('nicknames')
strapi.connections.default
.select('id').from('nicknames')
.whereIn('nickname', _.pluck(rows, 'name'))
.asCallback(function (err, rows) {
if (err) return {
@ -205,20 +213,29 @@ If called with a callback, the callback is passed the stream and a promise is re
Retrieve the stream:
```js
const stream = connection.select('*').from('users').stream();
const stream = strapi.connections.default
.select('*').from('users')
.stream();
stream.pipe(writableStream);
```
With options:
```js
const stream = connection.select('*').from('users').stream({highWaterMark: 5});
const stream = strapi.connections.default
.select('*').from('users')
.stream({
highWaterMark: 5
});
stream.pipe(writableStream);
```
Use as a promise:
```js
const stream = connection.select('*').from('users')
.where(connection.raw('id = ?', [1]))
const stream = strapi.connections.default
.select('*').from('users')
.where(strapi.connections.default.raw('id = ?', [1]))
.stream(function (stream) {
stream.pipe(writableStream);
})
@ -235,7 +252,9 @@ const stream = connection.select('*').from('users')
Pipe a stream for the current query to a `writableStream`.
```js
const stream = connection.select('*').from('users').pipe(writableStream);
const stream = strapi.connections.default
.select('*').from('users')
.pipe(writableStream);
```
## Events
@ -245,8 +264,8 @@ const stream = connection.select('*').from('users').pipe(writableStream);
A `query` event is fired just before a query takes place, providing data about the query, including the connection's `__cid` property and any other information about the query as described in `toSQL`. Useful for logging all queries throughout your application.
```js
connection.select('*')
.from('users')
strapi.connections.default
.select('*').from('users')
.on('query', function (data) {
app.log(data);
})
@ -260,8 +279,8 @@ connection.select('*')
A `query-error` event is fired when an error occurs when running a query, providing the error object and data about the query, including the connection's `__cid` property and any other information about the query as described in `toSQL`. Useful for logging all query errors throughout your application.
```js
connection.select(['NonExistentColumn'])
.from('users')
strapi.connections.default
.select(['NonExistentColumn']).from('users')
.on('query-error', function (error, obj) {
app.log(error);
})
@ -280,8 +299,9 @@ connection.select(['NonExistentColumn'])
Returns an array of query strings filled out with the correct values based on bindings, etc. Useful for debugging.
```js
connection.select('*').from('users')
.where(connection.raw('id = ?', [1]))
strapi.connections.default
.select('*').from('users')
.where(strapi.connections.default.raw('id = ?', [1]))
.toString()
```
@ -290,7 +310,8 @@ connection.select('*').from('users')
Returns an array of query strings filled out with the correct values based on bindings, etc. Useful for debugging.
```js
connection.select('*').from('users')
.where(connection.raw('id = ?', [1]))
strapi.connections.default
.select('*').from('users')
.where(strapi.connections.default.raw('id = ?', [1]))
.toSQL()
```

15
docs/sql/migrations.md → website/documentation/sql/migrations.md
View File

@ -1,6 +1,4 @@
---
title: Migrations
---
# Migrations
Migrations allow you to evolve your database schema over time. Rather than write schema modifications in pure SQL, migrations allow you to describe changes to your tables.
@ -11,7 +9,7 @@ You can think of each migration as being a new "version" of the database. A sche
To generate a migration file run:
```bash
$ strapi migrate:make <connection_name> <migration_name>
$ strapi migrate:make connection_name migration_name
```
For example, if you want to create a migration file named `new_car_model` for the `car` API we just generated using the `default` connection the command looks like:
@ -24,14 +22,13 @@ $ strapi migrate:make default new_car_model
Migration files for each connection can be found in `./data/migrations`.
Migration files are automatically generated from your model definitions and your current database schema.
!!! warning
Be careful, migrations are automatically generated based on your current database schema and models. We strongly advise you to manually verify those information.
The migrations use the schema builder to update your database schema.
The migrations use the [schema builder](./models/index.html) to update your database schema.
For every migration there is a `up` and a `down` logic. The `up` logic corresponds to the new updates to apply to the connection. The `down` logic is the "mirror" of the `up` logic-- it's the logic to rollback this migration.
Be careful, migrations are automatically generated based on your current database schema and models. We strongly advise you to manually verify those information.
## Transactions
Transactions are an important feature of relational databases, as they allow correct recovery from failures and keep a database consistent even in cases of system failure. All queries within a transaction are executed on the same database connection, and run the entire set of queries as a single unit of work. Any failure will mean the database will rollback any queries executed on that connection to the pre-transaction state.
@ -49,7 +46,7 @@ exports.config = {
Once you have finished writing the migrations using the schema builder, you can update the database by running:
```bash
$ strapi migrate:run <connection_name>
$ strapi migrate:run connection_name
```
So if you want to run the previous migration generated for the `default` connection you need to run:

23
docs/sql/models.md → website/documentation/sql/models.md
View File

@ -1,18 +1,12 @@
---
title: Models
---
# Models
A model represents a collection of structured data, usually corresponding to a single table or collection in a database.
> Migrations allow you to evolve your database schema over time. Rather than write schema modifications in pure SQL, migrations allow you to describe changes to your tables.
You can think of each migration as being a new "version" of the database. A schema starts off with nothing in it, and each migration modifies it to add or remove tables, columns, or entries. Strapi knows how to update your schema along this timeline, bringing it from whatever point it is in the history to the latest version.
Do not worry about how to write migrations-- Strapi does the job for you based on your model definitions. [Learn more about migrations](migrations.md).
> In this document we assume the `connection` is one of the `connections` set in your config.
```js
const connection = strapi.connections.default;
```
!!! note
Do not worry about how to write migrations-- Strapi does the job for you based on your model definitions. [Learn more about migrations](./migrations/index.html).
## Basic information
@ -32,7 +26,8 @@ In the model:
The `tableName` key sets the table name to use in your database.
**Never pluralize a table name-- it's a SQL convention.**
!!! important
Never pluralize a table name-- it's a SQL convention.
In the model:
@ -45,7 +40,7 @@ In the model:
Create a new table in a migration file:
```js
connection.schema.createTableIfNotExists('users', function (table) {
connection.schema.createTableIfNotExists('user', function (table) {
// Some schema building here...
})
```
@ -53,13 +48,13 @@ connection.schema.createTableIfNotExists('users', function (table) {
Drop an existing table in a migration file:
```js
connection.schema.dropTableIfExists('users');
connection.schema.dropTableIfExists('user');
```
Rename an existing table in a migration file:
```js
connection.schema.renameTable('users', 'old_users')
connection.schema.renameTable('user', 'old_user')
```
## Options
@ -465,7 +460,7 @@ connection.schema.table('maps', function (table) {
Note that when setting an "array" (or a value that could be an array) as the value, you should use `JSON.stringify()` to convert your value to a "string" prior to passing it to the query builder:
```js
strapi.connection.default.table('maps')
strapi.connections.default.table('maps')
.where({id: 1})
.update({
location: JSON.stringify(mightBeAnArray)

15
docs/sql/orm.md → website/documentation/sql/orm.md
View File

@ -1,19 +1,10 @@
---
title: SQL ORM
---
The Strapi philosophy regarding databases and ORMs is very simple: a unique ORM for SQL databases and one selected ORM for each NoSQL database.
# SQL ORM
The SQL ORM aims to provide a simple library for common tasks when querying databases in JavaScript, and forming relations between these objects, taking a lot of ideas from the the [Data Mapper Pattern](http://en.wikipedia.org/wiki/Data_mapper_pattern).
With a concise, literate codebase, the Strapi SQL ORM is simple to read, understand, and extend. It doesn't force you to use any specific validation scheme, provides flexible and efficient relation/nested-relation loading, and first class transaction support.
The Strapi SQL ORM doesn't force you to use any specific validation scheme, provides flexible and efficient relation/nested-relation loading, and first class transaction support.
It's a lean Object Relational Mapper, allowing you to drop down to the [raw interface](raw.md) whenever you need a custom query that doesn't quite fit with the stock conventions.
> In this document we assume the `connection` is one of the `connections` set in your config.
```js
const connection = strapi.connections.default;
```
It's a lean Object Relational Mapper, allowing you to drop down to the [raw interface](./raw/index.html) whenever you need a custom query that doesn't quite fit with the stock conventions.
## Promises

500
docs/sql/queries.md → website/documentation/sql/queries.md
View File

File diff suppressed because it is too large Load Diff

76
website/documentation/sql/raw.md Executable file
View File

@ -0,0 +1,76 @@
# Raw
Sometimes you may need to use a raw expression in a query. Raw query object may be injected pretty much anywhere you want, and using proper bindings can ensure your values are escaped properly, preventing SQL-injection attacks.
## Raw Parameter Binding
One can parameterize SQL given to `strapi.connections.default.raw(sql, bindings)`. Parameters can be positional named. One can also choose if parameter should be treated as value or as SQL identifier e.g. in case of `TableName.ColumnName` reference.
```js
strapi.connections.default('users')
.select(strapi.connections.default.raw('count(*) as user_count, status'))
.where(strapi.connections.default.raw(1))
.orWhere(strapi.connections.default.raw('status <> ?', [1]))
.groupBy('status')
```
Positional bindings `?` is interpret as value and `??` as identifier:
```js
strapi.connections.default('users')
.where(strapi.connections.default.raw('?? = ?', ['user.name', 1]))
```
Named bindings `:name` is interpret as value and `:name:` as identifier:
```js
strapi.connections.default('users')
.where(strapi.connections.default.raw(':name: = :thisGuy or :name: = :otherGuy', {
name: 'users.name',
thisGuy: 'Bob',
otherGuy: 'Jay'
}))
```
For simpler queries where one only has a single binding, `.raw` can accept said binding as its second parameter :
```js
strapi.connections.default('users')
.where(
strapi.connections.default.raw('LOWER("login") = ?', 'strapi')
)
.orWhere(
strapi.connections.default.raw('accesslevel = ?', 1)
)
.orWhere(
strapi.connections.default.raw('updtime = ?', new Date())
)
```
Note that due to ambiguity, arrays must be passed as arguments within a containing array :
```js
strapi.connections.default
.raw('select * from users where id in (?)', [[1, 2, 3]])
```
To prevent replacement of `?` one can use escape sequence `\\?`.
```js
strapi.connections.default
.select('*').from('users')
.where('id', '=', 1)
.whereRaw('?? \\? ?', ['jsonColumn', 'jsonKey'])
```
## Raw expressions
Raw expressions are created by using `strapi.connections.default.raw(sql, [bindings])` and passing this as a value for any value in the query chain.
```js
strapi.connections.default('users')
.select(strapi.connections.default.raw('count(*) as user_count, status'))
.where(strapi.connections.default.raw(1))
.orWhere(strapi.connections.default.raw('status <> ?', [1]))
.groupBy('status')
```

0
website/index.md Executable file
View File

41
website/info/conduct.md Executable file
View File

@ -0,0 +1,41 @@
# Code of Conduct
[The Wistity team](http://wistity.co) is committed to fostering a welcoming community for Strapi. If you encounter any unacceptable behavior, follow these steps to report the issue to the team. We are here to help.
## Our Pledge
In the interest of fostering an open and welcoming environment, we pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation.
## Our Standards
Examples of behavior that contributes to creating a positive environment include:
- Using welcoming and inclusive language
- Being respectful of differing viewpoints and experiences
- Gracefully accepting constructive criticism
- Focusing on what is best for the community
- Showing empathy towards other community members
Examples of unacceptable behavior by participants include:
- The use of sexualized language or imagery and unwelcome sexual attention or advances
- Trolling, insulting/derogatory comments, and personal or political attacks
- Public or private harassment
- Publishing others' private information, such as a physical or electronic address, without explicit permission
- Other conduct which could reasonably be considered inappropriate in a professional setting
## Our responsibilities
The Wistity team is responsible for clarifying the standards of acceptable behavior and is expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior.
The Wistity team has the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful.
## Scope
This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by the Wistity team.
## Enforcement
Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the support team at [support@wistity.co](mailto:support@wistity.co). All complaints will be reviewed and investigated and will result in a response that is deemed necessary and appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately.
Project maintainers and contributors who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership.

20
website/info/governance.md Executable file
View File

@ -0,0 +1,20 @@
# Governance
Strapi is an open-source project administered by [the Wistity team](http://wistity.co).
## Contributing
We welcome and encourage everyone who want to help us on Strapi.
Before contributing, ensure that your effort is aligned with the project's roadmap by talking to the maintainers, especially if you are going to spend a lot of time on it. Feel free to [join us on Slack](http://slack.strapi.io) if you are interested in helping us or [drop us an email](mailto:hack@wistity.co) if you are interested in working with us.
## Maintainers
Strapi maintainers include Wistity employees and welcome other active community members:
- Loïc Saint-Roch ([@loicsaintroch](https://github.com/loicsaintroch)) (Wistity)
- Aurélien Georget ([@aurelsicoko](https://github.com/aurelsicoko)) (Wistity)
- Jim Laurie ([@lauriejim](https://github.com/lauriejim)) (Wistity)
- Pierre Burgy ([@pierreburgy](https://github.com/pierreburgy)) (Wistity)
The Wistity team have npm publishing rights for modules and also has the final say on releasing new versions.

19
website/info/licenses.md Executable file
View File

@ -0,0 +1,19 @@
# Licenses
The Strapi ecosystem is composed by many components offered by [Wistity](http://wistity.co) under the terms of open-source licenses, including:
- [strapi](https://github.com/wistityhq/strapi/tree/master/packages/strapi) ([MIT license](https://github.com/wistityhq/strapi/blob/master/packages/strapi/LICENSE.md))
- [strapi-bookshelf](https://github.com/wistityhq/strapi/tree/master/packages/strapi-bookshelf) ([MIT license](https://github.com/wistityhq/strapi/blob/master/packages/strapi-bookshelf/LICENSE.md))
- [strapi-cli](https://github.com/wistityhq/strapi/tree/master/packages/strapi-cli) ([MIT license](https://github.com/wistityhq/strapi/blob/master/packages/strapi-cli/LICENSE.md))
- [strapi-generate](https://github.com/wistityhq/strapi/tree/master/packages/strapi-generate) ([MIT license](https://github.com/wistityhq/strapi/blob/master/packages/strapi-generate/LICENSE.md))
- [strapi-generate-api](https://github.com/wistityhq/strapi/tree/master/packages/strapi-generate-api) ([MIT license](https://github.com/wistityhq/strapi/blob/master/packages/strapi-generate-api/LICENSE.md))
- [strapi-generate-controller](https://github.com/wistityhq/strapi/tree/master/packages/strapi-generate-controller) ([MIT license](https://github.com/wistityhq/strapi/blob/master/packages/strapi-generate-controller/LICENSE.md))
- [strapi-generate-generator](https://github.com/wistityhq/strapi/tree/master/packages/strapi-generate-generator) ([MIT license](https://github.com/wistityhq/strapi/blob/master/packages/strapi-generate-generator/LICENSE.md))
- [strapi-generate-hook](https://github.com/wistityhq/strapi/tree/master/packages/strapi-generate-hook) ([MIT license](https://github.com/wistityhq/strapi/blob/master/packages/strapi-generate-hook/LICENSE.md))
- [strapi-generate-migrations](https://github.com/wistityhq/strapi/tree/master/packages/strapi-generate-migrations) ([MIT license](https://github.com/wistityhq/strapi/blob/master/packages/strapi-generate-migrations/LICENSE.md))
- [strapi-generate-model](https://github.com/wistityhq/strapi/tree/master/packages/strapi-generate-model) ([MIT license](https://github.com/wistityhq/strapi/blob/master/packages/strapi-generate-model/LICENSE.md))
- [strapi-generate-new](https://github.com/wistityhq/strapi/tree/master/packages/strapi-generate-new) ([MIT license](https://github.com/wistityhq/strapi/blob/master/packages/strapi-generate-new/LICENSE.md))
- [strapi-generate-policy](https://github.com/wistityhq/strapi/tree/master/packages/strapi-generate-policy) ([MIT license](https://github.com/wistityhq/strapi/blob/master/packages/strapi-generate-policy/LICENSE.md))
- [strapi-generate-service](https://github.com/wistityhq/strapi/tree/master/packages/strapi-generate-service) ([MIT license](https://github.com/wistityhq/strapi/blob/master/packages/strapi-generate-service/LICENSE.md))
- [strapi-knex](https://github.com/wistityhq/strapi/tree/master/packages/strapi-knex) ([MIT license](https://github.com/wistityhq/strapi/blob/master/packages/strapi-knex/LICENSE.md))
- [strapi-utils](https://github.com/wistityhq/strapi/tree/master/packages/strapi-utils) ([MIT license](https://github.com/wistityhq/strapi/blob/master/packages/strapi-utils/LICENSE.md))

56
website/info/releases.md Executable file
View File

@ -0,0 +1,56 @@
# Releases
The team defines the roadmap's scope, as informed by Strapi's community. Releases happen as often as necessary and practical, but never before work is complete. Bugs are unavoidable, but pressure to ship a release will never prevail over ensuring the software is correct. The commitment to quality software is a core tenet of the Strapi project.
## Versioning
### Patches
Patch releases:
- Include bug, performance, and security fixes.
- Do not add nor change public interfaces.
- Do not alter the expected behavior of a given interface.
- Can correct behavior if it is out-of-sync with the documentation.
- Do not introduce changes which make seamless upgrades impossible .
### Minors
Minor releases:
- Include additions and/or refinements of APIs and subsystems.
- Do not generally change APIs nor introduce backwards-incompatible breaking changes, except where unavoidable.
- Are mostly additive releases.
### Majors
Major releases:
- Usually introduce backwards-incompatible, breaking changes.
- Identify the feature Strapi intends to support for the foreseeable future.
- Require conversation, care, collaboration and appropriate scoping by the team and its users.
## Scoping Features
The team can add features into Strapi when:
- The need is clear.
- The feature has known consumers.
- The module is clean, useful, and easy-to use.
If when implementing core functionality for Strapi, the team or community may identify another lower-level module which could have utility beyond Strapi. When identified, Strapi can expose it for consumers.
Alternatively, it may be that many in the community adopt a pattern to handle common needs which Strapi does not satisfy. It may be clear that Strapi should deliver, by default, a support or a feature for all Strapi consumers. Another possibility is a commonly-used compiled asset which is difficult to deliver across environments. Given this, Strapi may incorporate those changes directly.
The core team does not take the decision lightly to add a new feature to Strapi. Strapi has a strong commitment to backwards compatibility. As such, community input and conversation must occur before the team takes action. Even if a feature is otherwise suitable for addition, the team must identify potential consumers.
## Deprecation
On occasion, the team must deprecate a feature of Strapi. Before coming to any final conclusion, the team must identify the consumers of the feature and how they use it. Some questions to ask are:
- If this feature is widely used by the community, what is the need for flagging it as deprecated?
- Do we have a replacement feature, or is there a transitionary path?
- How long does the feature remain deprecated before removal?
- Does an external module exist which its consumers can easily substitute?
The team takes the same careful consideration when deprecating a Strapi feature as they do when adding another.

19
website/info/security.md Executable file
View File

@ -0,0 +1,19 @@
# Reporting security issues
!!! warning
All security bugs in Strapi are taken seriously and should be reported by emailing [hack@wistity.co](mailto:hack@wistity.co)
**Please don't file a public issue.**
This means including features to protect application makers from common issues like CRSF, Script Injection, SQL Injection, and the like. But it also means a clear policy on how to report vulnerabilities and receive updates when patches to those are released.
## The process
When you report a vulnerability, one of the project members will respond to you within a maximum of 7 days. This response will most likely be an acknowledgement that we've received the report and will be investigating it immediately. Our target patching timeframe for serious security vulnerabilities is 7 days - however, we cannot guarantee that this is possible in all cases (more on that below).
Based upon the nature of the vulnerability, and the amount of time it would take to fix, we'll either send out a patch that disables the broken feature, provide an estimate of the time it will take to fix, and/or document best practices to follow to avoid production issues. This process can take some time, especially when coordination is required with maintainers of other projects. Every effort will be made to handle the bug in as timely a manner as possible.
When a solution is achieved we notify you and a release a patch with an explanation of it's origin and crediting you (if you have chosen to be identified).
## Is this an SLA?
No this is not. Like any open-source project, we're run by volunteers, and we can't legally guarantee any kind of Service Level Agreement (see [the licenses](./licenses/index.html) for details). However, the team cares deeply about Strapi, and all of us have at least a few different websites and APIs running on Strapi in production. We will always publish a fix for any serious security vulnerability as soon as possible-- not just out of the kindness of our hearts, but because it could affect our applications (and our customer's applications) too.

16
website/info/support.md Executable file
View File

@ -0,0 +1,16 @@
# Support
Getting help with Strapi is easy, with free community support options for individuals and small teams, up to professional support for large businesses.
## Community support
For general help using Strapi, please refer to [the official Strapi documentation](../documentation/prologue/why/index.html). For additional help, ask a question on [StackOverflow](http://stackoverflow.com/questions/tagged/strapi).
The community discussions take place [on Slack](http://slack.strapi.io). Also, you can follow and ping the Strapi team on [Twitter](https://twitter.com/strapijs) and [Facebook](https://www.facebook.com/Strapi-616063331867161).
!!! important
When opening [new issues](https://github.com/wistityhq/strapi/issues/new) or commenting on [existing issues](https://github.com/wistityhq/strapi/issues) on [GitHub](https://github.com/wistityhq/strapi), please make sure discussions are related to concrete technical issues of the Strapi framework.
## Professional support
[Wistity](http://wistity.co), the company behind Strapi, provides a full range of solutions to get better results, faster. We're always looking for the next challenge: coaching, consulting, training, certifications, customization, etc. [Drop us an email](mailto:support@wistity.co) to see how we can help you.

19
website/info/trademarks.md Executable file
View File

@ -0,0 +1,19 @@
# Trademarks policy
"Strapi", and the Strapi logo are registered trademarks of [Wistity](http://wistity.co). You may not use these trademarks in a commercial setting to infer that your product or service is endorsed or associated with Strapi without permission. You may use these marks to refer to Strapi in a way where it's clear that you're simply referring to the project, not claiming endorsement or association.
You can request permission by emailing [support@wistity.co](mailto:support@wistity.co).
Examples of use that do not need permission:
- Including the Strapi logo on product pages to say "we support Strapi".
- Use of the trademarks "Strapi" in book titles.
Examples of use that do need permission:
- Selling merchandise (stickers, t-shirts, etc).
- Use of the Strapi logo on a book cover.
Examples of use that will not get permission:
- Naming your company or product after Strapi, like "The Strapi Consultants" or "The Strapi Web Server".

31
website/theme/base.html Executable file
View File

@ -0,0 +1,31 @@
<!DOCTYPE html>
<!--[if IE 8]><html class="no-js lt-ie9" lang="en" > <![endif]-->
<!--[if gt IE 8]><!--> <html class="no-js" lang="en" > <!--<![endif]-->
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>{% if page_title %}{{ page_title }} - {% endif %}{{ site_name }}</title>
<link rel="icon" href="{{ base_url }}/img/favicon.ico" />
<link rel="icon" type="image/png" href="{{ base_url }}/img/favicon.png"/>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Lato:400,700|Roboto+Slab:400,700">
<link rel="stylesheet" href="{{ base_url }}/css/theme.css">
<link rel="stylesheet" href="{{ base_url }}/css/theme_extra.css">
<link rel="stylesheet" href="{{ base_url }}/css/highlight.css">
<link rel="stylesheet" href="{{ base_url }}/css/github.css">
<link rel="stylesheet" href="{{ base_url }}/css/strapi.css">
<script src="{{ base_url }}/js/jquery-2.1.1.min.js"></script>
<script src="{{ base_url }}/js/modernizr-2.8.3.min.js"></script>
<script src="{{ base_url }}/js/highlight.pack.js"></script>
<script src="{{ base_url }}/js/theme.js"></script>
</head>
<body class="wy-body-for-nav" role="document">
{% if current_page and current_page.is_homepage %}
{% include "landing.html" %}
{% else %}
{% include "docs.html" %}
{% endif %}
<script src="{{ base_url }}/js/messy.js"></script>
</body>
</html>

98
website/theme/css/github.css Executable file
View File

@ -0,0 +1,98 @@
/**
* GitHub theme for highlight code.
* Copyright Vasily Polovnyov.
*/
.hljs {
display: block;
overflow-x: auto;
padding: 0.5em;
color: #333;
background: #f8f8f8;
}
.hljs-comment,
.hljs-quote {
color: #998;
font-style: italic;
}
.hljs-keyword,
.hljs-selector-tag,
.hljs-subst {
color: #333;
font-weight: bold;
}
.hljs-number,
.hljs-literal,
.hljs-variable,
.hljs-template-variable,
.hljs-tag .hljs-attr {
color: #008080;
}
.hljs-string,
.hljs-doctag {
color: #d14;
}
.hljs-title,
.hljs-section,
.hljs-selector-id {
color: #900;
font-weight: bold;
}
.hljs-subst {
font-weight: normal;
}
.hljs-type,
.hljs-class .hljs-title {
color: #458;
font-weight: bold;
}
.hljs-tag,
.hljs-name,
.hljs-attribute {
color: #000080;
font-weight: normal;
}
.hljs-regexp,
.hljs-link {
color: #009926;
}
.hljs-symbol,
.hljs-bullet {
color: #990073;
}
.hljs-built_in,
.hljs-builtin-name {
color: #0086b3;
}
.hljs-meta {
color: #999;
font-weight: bold;
}
.hljs-deletion {
background: #fdd;
}
.hljs-addition {
background: #dfd;
}
.hljs-emphasis {
font-style: italic;
}
.hljs-strong {
font-weight: bold;
}

160
website/theme/css/strapi.css Executable file
View File

@ -0,0 +1,160 @@
/**
* Custom Strapi theme for MKDocs.
* This overrides the official of ReadTheDocs.
*/
/* Blockquotes */
blockquote {
font-style: italic;
}
blockquote::before {
content: '\f10d';
float: left;
margin: 0 10px 0 -24px;
font-family: 'FontAwesome';
font-size: 16px;
}
/* Lists */
ul, ol {
font-size: 16px;
}
/* Tables */
table, td, th {
font-size: 100% !important;
}
/* Code */
code, .hljs {
font-size: 14px;
line-height: 17px;
}
code {
font-family: 'Hack', 'Monaco', 'Courier', serif;
}
.hljs {
font-size: 14px;
line-height: 22px;
margin: 0 0 30px;
}
/* Customize the sidebar */
nav.stickynav {
position: inherit;
}
.wy-nav-side {
height: auto;
overflow-y: hidden;
}
.wy-nav-content {
padding-top: 40px;
}
.wy-nav-content, li.current > a.current {
background-color: #fff;
}
.wy-menu-vertical li.on a, .wy-menu-vertical li.current > a {
padding: 0.4045em 2.427em;
}
/* Hide the home and info links-- messy but we don't have the choice */
.wy-menu-vertical > ul > li:nth-child(2), .wy-menu-vertical > ul > li:nth-child(14) {
display: none;
}
/* Customize links */
a, a:hover, a:active, a:visited, a:focus {
color: #2980B9
}
a:hover, a:active, a:focus {
text-decoration: underline;
}
.btn:hover, .btn:active, .btn:focus {
text-decoration: none;
}
/* Landing page */
.logo {
width: 140px;
padding: 30px 0 20px 20px;
}
.top {
height: 100vh;
background-color: #fcfcfc;
color: #343131;
text-align: center;
-webkit-font-smoothing: antialiased;
-moz-font-smoothing: antialiased;
font-smoothing: antialiased;
}
.top .welcome {
width: 160px;
padding: 25vh 0 0;
}
.top .subtitle {
font-size: 1.1em;
}
.top code {
margin: 4vh auto -40px;
padding: 20px 0;
width: 350px;
}
.top .version {
margin-bottom: 10vh;
font-size: 90%;
}
.start, .start:visited {
font-size: 1.1em;
border-bottom: 1px solid #e1e4e5;
padding: 16px 20px;
color: #343131;
-webkit-transition: border-bottom 0.4s;
-moz-transition: border-bottom 0.4s;
transition: border-bottom 0.4s;
}
.start:hover, .start:active, .start:focus {
text-decoration: none;
border-bottom: 1px solid #343131;
}
/* Footer */
.copyright, .legal {
font-size: 90%;
}
.legal {
padding: 30px 0 4px;
border-top: 1px solid #fcfcfc;
}
.legal li {
display: inline;
padding: 0 15px 0 0;
}
.rst-footer-buttons {
margin-bottom: 40px;
}
/* Remove the background */
@media screen and (min-width: 1400px) {
.wy-nav-content-wrap {
background: none;
}
}

34
website/theme/docs.html Executable file
View File

@ -0,0 +1,34 @@
<div class="wy-grid-for-nav">
<nav data-toggle="wy-nav-shift" class="wy-nav-side stickynav">
<a href="{{ homepage_url }}/index.html"><img src="{{ base_url }}/img/logo-light.png" class="logo"></a>
<div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="main navigation">
<ul class="current">
{% for nav_item in nav %}
<li>{% include "toc.html" %}<li>
{% endfor %}
</ul>
</div>
</nav>
<section data-toggle="wy-nav-shift" class="wy-nav-content-wrap">
<nav class="wy-nav-top" role="navigation" aria-label="top navigation">
<i data-toggle="wy-nav-top" class="fa fa-bars"></i>
<a href="{{ homepage_url }}/index.html">{{ site_name }}</a>
</nav>
<div class="wy-nav-content">
<div class="rst-content">
<div role="main">
<div class="section">
{% block content %}
{{ content }}
{% endblock %}
</div>
<div class="admonition note" id="missing">
<p class="admonition-title">Is something missing?</p>
<p>If you notice something we've missed or could be improved on, feel free to help us <a href="{{ repo_url }}/blob/master/website/documentation/">improve the documentation</a>. Once we merge your improvement, the changes will be reflected on the website the next time it is deployed.</p>
</div>
</div>
{% include "footer.html" %}
</div>
</div>
</section>
</div>

22
website/theme/footer.html Executable file
View File

@ -0,0 +1,22 @@
<footer>
{% if next_page or previous_page %}
<div class="rst-footer-buttons" role="navigation" aria-label="footer navigation">
{% if next_page %}
<a href="{{ next_page.url }}index.html" class="btn btn-neutral float-right" title="{{ next_page.title }}">Next <span class="icon icon-circle-arrow-right"></span></a>
{% endif %}
{% if previous_page %}
<a href="{{ previous_page.url }}index.html" class="btn btn-neutral" title="{{ previous_page.title }}"><span class="icon icon-circle-arrow-left"></span> Previous</a>
{% endif %}
</div>
{% endif %}
<ul class="legal">
<li><a href="{{ base_url }}/info/governance/index.html">Governance</a></li>
<li><a href="{{ base_url }}/info/conduct/index.html">Code of Conduct</a></li>
<li><a href="{{ base_url }}/info/releases/index.html">Releases</a></li>
<li><a href="{{ base_url }}/info/security/index.html">Security</a></li>
<li><a href="{{ base_url }}/info/trademarks/index.html">Trademarks</a></li>
<li><a href="{{ base_url }}/info/licenses/index.html">Licenses</a></li>
<li><a href="{{ base_url }}/info/support/index.html">Support</a></li>
</ul>
<p class="copyright">Copyright &copy; 2015 - 2016 Wistity. All rights reserved.</p>
</footer>

BIN
website/theme/img/favicon.ico Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 5.3 KiB

BIN
website/theme/img/favicon.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.1 KiB

BIN
website/theme/img/logo-dark.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 11 KiB

BIN
website/theme/img/logo-light.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 15 KiB

17
website/theme/js/messy.js Executable file
View File

@ -0,0 +1,17 @@
/**
* Some messy JavaScript just to be more flexible
* with MKDocs links and navigation...
*/
var url = document.URL;
var split = url.split('/');
$('.wy-nav-content').css("min-height", $('.stickynav').height() + 36);
if (split[3] === 'documentation' && split[4] === 'prologue' && split[5] === 'why') {
$('#missing').css('display', 'none');
$('.rst-footer-buttons > a:nth-child(2)').css('display', 'none');
} else if (split[3] === 'documentation' && split[4] === 'advanced' && split[5] === 'hooks') {
$('.rst-footer-buttons > a:nth-child(1)').css('display', 'none');
} else if (split[3] === 'info') {
$('#missing').css('display', 'none');
$('.rst-footer-buttons').css('display', 'none');
}

9
website/theme/landing.html Executable file
View File

@ -0,0 +1,9 @@
<div class="top">
<h1><img src="{{ base_url }}/img/logo-dark.png" class="welcome" alt="{{ site_name }}"></h1>
<p class="subtitle">{{ config.extra.baseline }}</p>
<pre>
<code class="bash hljs bash">{{ config.extra.command }}</code>
</pre>
<p class="version">{{ config.extra.current_version }}: {{ config.extra.version }}</p>
<a href="{{ base_url }}/documentation/prologue/why/index.html" class="start">{{ config.extra.start }}</a>
</div>

12
website/theme/toc.html Executable file
View File

@ -0,0 +1,12 @@
{% if nav_item.children %}
<ul class="subnav">
<li><span>{{ nav_item.title }}</span></li>
{% for nav_item in nav_item.children %}
{% include "toc.html" %}
{% endfor %}
</ul>
{% else %}
<li class="toctree-l1 {% if nav_item.active %}current{% endif %}">
<a class="{% if nav_item.active%}current{%endif%}" href="{{ nav_item.url }}index.html">{{ nav_item.title }}</a>
</li>
{% endif %}