Dashboard token and config

2025-10-16 18:44:18 +00:00 · 2015-10-30 14:36:19 +01:00 · 2015-10-30 14:36:19 +01:00 · a13ad7cf22
commit a13ad7cf22
parent 67de1b791f
13 changed files with 125 additions and 8 deletions
--- a/lib/configuration/hooks/dashboard/config/config.js
+++ b/lib/configuration/hooks/dashboard/config/config.js
@ -0,0 +1,56 @@
+'use strict';
+
+/**
+ * Returns the config for the dashboard.
+ */
+
+module.exports = function * () {
+
+  try {
+    // Init output object.
+    const output = {};
+
+    // Set the config.
+    output.settings = {
+      url: strapi.config.url,
+      i18n: strapi.config.i18n
+    };
+
+    // Set the models.
+    output.models = strapi.models;
+
+    // Format `config.api` for multi templates models.
+    _.forEach(strapi.api, function (api, key) {
+      if (api.templates) {
+        output.models[key].templates = {};
+      }
+
+      // Assign the template attributes with the model attributes.
+      _.forEach(api.templates, function (template, templateName) {
+        output.models[key].templates[templateName] = {};
+        output.models[key].templates[templateName].attributes = {};
+        _.forEach(template.attributes, function (value, attributeKey) {
+          output.models[key].templates[templateName].attributes[attributeKey] = _.cloneDeep(output.models[key].attributes[attributeKey]);
+        });
+        output.models[key].templates[templateName].displayedAttribute = template.displayedAttribute;
+      });
+    });
+
+    // User count.
+    const promises = [];
+    promises.push(strapi.orm.collections.user.count());
+
+    // Execute promises.
+    const response = yield promises;
+
+    // Define if the app is considered as new.
+    const userCount = response[0];
+    output.settings.isNewApp = !userCount;
+
+    // Finally send the result in the callback.
+    this.body = output;
+  } catch (err) {
+    this.status = 500;
+    this.body = err;
+  }
+};
--- a/lib/configuration/hooks/dashboard/config/index.js
+++ b/lib/configuration/hooks/dashboard/config/index.js
@ -0,0 +1,9 @@
+'use strict';
+
+/**
+ * Index of the explorer hook config actions.
+ */
+
+module.exports = {
+  config: require('./config')
+};
--- a/lib/configuration/hooks/dashboard/explorer/count.js
+++ b/lib/configuration/hooks/dashboard/explorer/count.js
@ -1,3 +1,5 @@
+'use strict';
+
 /**
 * Count entries of a model.
 */
--- a/lib/configuration/hooks/dashboard/explorer/create.js
+++ b/lib/configuration/hooks/dashboard/explorer/create.js
@ -1,3 +1,5 @@
+'use strict';
+
 /**
 * Create a new entry.
 */
--- a/lib/configuration/hooks/dashboard/explorer/destroy.js
+++ b/lib/configuration/hooks/dashboard/explorer/destroy.js
@ -1,3 +1,5 @@
+'use strict';
+
 /**
 * Destroy a specific entry.
 */
--- a/lib/configuration/hooks/dashboard/explorer/find.js
+++ b/lib/configuration/hooks/dashboard/explorer/find.js
@ -1,3 +1,5 @@
+'use strict';
+
 /**
 * List every entries of a model.
 */
--- a/lib/configuration/hooks/dashboard/explorer/findOne.js
+++ b/lib/configuration/hooks/dashboard/explorer/findOne.js
@ -1,3 +1,5 @@
+'use strict';
+
 /**
 * Show a specific entry.
 */
--- a/lib/configuration/hooks/dashboard/explorer/index.js
+++ b/lib/configuration/hooks/dashboard/explorer/index.js
@ -1,3 +1,5 @@
+'use strict';
+
 /**
 * Index of the explorer hook explorer actions.
 */
--- a/lib/configuration/hooks/dashboard/explorer/update.js
+++ b/lib/configuration/hooks/dashboard/explorer/update.js
@ -1,3 +1,5 @@
+'use strict';
+
 /**
 * Update a specific entry.
 */
--- a/lib/configuration/hooks/dashboard/index.js
+++ b/lib/configuration/hooks/dashboard/index.js
@ -7,6 +7,7 @@
 // Local dependencies.
 const explorerActions = require('./explorer/index');
 const routesActions = require('./routes/index');
+const configActions = require('./config/index');

 /**
 * Public explorer hook
@ -24,38 +25,44 @@ module.exports = function (strapi) {
        // Data explorer routes.
        'GET /dashboard/explorer/:model/count': {
          controller: explorerActions.count,
-          policies: ['isAuthorized']
+          policies: ['dashboardToken', 'isAuthorized']
        },
        'POST /dashboard/explorer/:model': {
          controller: explorerActions.create,
-          policies: ['isAuthorized']
+          policies: ['dashboardToken', 'isAuthorized']
        },
        'DELETE /dashboard/explorer/:model/:id': {
          controller: explorerActions.destroy,
-          policies: ['isAuthorized']
+          policies: ['dashboardToken', 'isAuthorized']
        },
        'GET /dashboard/explorer/:model': {
          controller: explorerActions.find,
-          policies: ['isAuthorized']
+          policies: ['dashboardToken', 'isAuthorized']
        },
        'GET /dashboard/explorer/:model/:id': {
          controller: explorerActions.findOne,
-          policies: ['isAuthorized']
+          policies: ['dashboardToken', 'isAuthorized']
        },
        'PUT /dashboard/explorer/:model': {
          controller: explorerActions.update,
-          policies: ['isAuthorized']
+          policies: ['dashboardToken', 'isAuthorized']
        },
        // Routes and permissions routes.
        'GET /dashboard/routes': {
          controller: routesActions.find,
          action: 'find',
-          policies: ['isAuthorized']
+          policies: ['dashboardToken', 'isAuthorized']
        },
        'PUT /dashboard/routes': {
          controller: routesActions.update,
          action: 'update',
-          policies: ['isAuthorized']
+          policies: ['dashboardToken', 'isAuthorized']
+        },
+        // Config routes
+        'GET /dashboard/config': {
+          controller: configActions.config,
+          action: 'index',
+          policies: ['dashboardToken']
        }
      }
    },
--- a/lib/configuration/hooks/dashboard/policies/dashboardToken.js
+++ b/lib/configuration/hooks/dashboard/policies/dashboardToken.js
@ -0,0 +1,23 @@
+'use strict';
+
+/**
+ * Policy used to check if the `dashboardToken` field is valid.
+ *
+ * @param next
+ */
+
+module.exports = function * (next) {
+  // Format dashboardToken variables.
+  const dashboardTokenParam = this.request.query.dashboardToken || this.request.body.dashboardToken;
+  const dashboardTokenConfig = strapi.config.dashboard && strapi.config.dashboard.token;
+
+  // Check dashboardToken for security purposes.
+  if (!dashboardTokenParam || !dashboardTokenConfig || dashboardTokenParam !== dashboardTokenConfig) {
+    this.status = 401;
+    this.body = {
+      message: 'dashboardToken parameter is invalid.'
+    };
+  } else {
+    yield next;
+  }
+};
--- a/lib/configuration/hooks/dashboard/routes/index.js
+++ b/lib/configuration/hooks/dashboard/routes/index.js
@ -1,3 +1,5 @@
+'use strict';
+
 /**
 * Index of the explorer hook routes actions.
 */
--- a/lib/configuration/hooks/router/index.js
+++ b/lib/configuration/hooks/router/index.js
@ -9,6 +9,7 @@ const _ = require('lodash');

 // Local utilities.
 const regex = require('../../../../util/regex');
+const dashboardTokenPolicy = require('../dashboard/policies/dashboardToken');

 /**
 * Router hook
@ -61,6 +62,11 @@ module.exports = function (strapi) {
        };
      }

+      // Add the `dashboardPolicy` to the list of policies.
+      if (strapi.config.dashboard.enabled) {
+        strapi.policies.dashboardToken = dashboardTokenPolicy;
+      }
+
      // Parse each route from the user config, load policies if any
      // and match the controller and action to the desired endpoint.
      _.forEach(strapi.config.routes, function (value, endpoint) {