yujunjun/strapi
1
0
Fork 0
mirror of https://github.com/strapi/strapi.git synced 2025-09-06 23:28:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update docuemntation

Browse Source 
Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com>
This commit is contained in:
Alexandre Bodin 2020-04-10 15:47:47 +02:00
parent cbdc83d6d7
commit a877a00934
15 changed files with 999 additions and 632 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

927
docs/3.0.0-alpha.x/guides/deployment.md
View File

File diff suppressed because it is too large Load Diff

96
docs/3.0.0-beta.x/admin-panel/customization.md
View File

@ -10,19 +10,19 @@ To apply your changes you need to [rebuild](#build) your admin panel
By default, the administration panel is exposed via [http://localhost:1337/admin](http://localhost:1337/admin). However, for security reasons, you can easily update this path.
**Path —** `./config/environment/**/server.json`.
**Path —** `./config/server.js`.
```json
{
"host": "localhost",
"port": 1337,
"cron": {
"enabled": false
```js
module.exports = {
host: 'localhost',
port: 1337,
cron: {
enabled: false,
},
"admin": {
"path": "/dashboard"
}
}
admin: {
path: '/dashboard',
},
};
```
The panel will be available through [http://localhost:1337/dashboard](http://localhost:1337/dashboard) with the configurations above.
@ -31,19 +31,19 @@ The panel will be available through [http://localhost:1337/dashboard](http://loc
By default, the administration panel client host name is `localhost`. However, you can change this setting by updating the `admin` configuration:
**Path —** `./config/environment/**/server.json`.
**Path —** `./config/server.js`.
```json
{
"host": "localhost",
"port": 1337,
"cron": {
"enabled": false
```js
module.exports = {
host: 'localhost',
port: 1337,
cron: {
enabled: false,
},
"admin": {
"host": "my-host"
}
}
admin: {
host: 'my-host',
},
};
```
## Development mode
@ -158,19 +158,19 @@ export const SETTINGS_BASE_URL = '/settings';
By default, the front-development server runs on the `8000` port. However, you can change this setting by updating the following configuration:
**Path —** `./config/environment/**/server.json`.
**Path —** `./config/server.js`.
```json
{
"host": "localhost",
"port": 1337,
"cron": {
"enabled": false
```js
module.exports = {
host: 'localhost',
port: 1337,
cron: {
enabled: false,
},
"admin": {
"port": 3000
}
}
admin: {
port: 3000,
},
};
```
## Build
@ -205,34 +205,4 @@ strapi build
::::
you can build your admin panel with a specific configuration (located in the `./config/environments/**/server.json`) config by specifying a NODE_ENV as follows:
:::: tabs
::: tab yarn
```
NODE_ENV=production yarn build
```
:::
::: tab npm
```
NODE_ENV=production npm run build
```
:::
::: tab strapi
```
NODE_ENV=production strapi build
```
:::
::::
This will replace the folder's content located at `./build`. Visit [http://localhost:1337/admin](http://localhost:1337/admin) to make sure your updates have been taken into account.

74
docs/3.0.0-beta.x/admin-panel/deploy.md
View File

@ -13,19 +13,19 @@ You don't need to touch anything in your configuration file. This is the default
You might want to change the path to access to the administration panel. Here the required configurations to change the path:
**Path —** `./config/environment/**/server.json`.
**Path —** `./config/server.js`.
```js
{
"host": "localhost",
"port": 1337,
"cron": {
"enabled": false
module.exports = {
host: 'localhost',
port: 1337,
cron: {
enabled: false,
},
"admin": {
"path": "/dashboard" // We change the path to access to the admin (highly recommended for security reasons).
}
}
admin: {
path: '/dashboard', // We change the path to access to the admin (highly recommended for security reasons).
},
};
```
**You have to rebuild the administration panel to make this work.** [Build instructions](./customization.md#build).
@ -34,23 +34,23 @@ You might want to change the path to access to the administration panel. Here th
It's very common to deploy the front-end and the back-end on different servers. Here are the required configurations to handle this case:
**Path —** `./config/environment/**/server.json`.
**Path —** `./config/server.js`.
```js
{
"host": "localhost",
"port": 1337,
"cron": {
"enabled": false
module.exports = {
host: 'localhost',
port: 1337,
cron: {
enabled: false,
},
"admin": {
"path": "/", // Note: The administration will be accessible from the root of the domain (ex: http//yourfrontend.com/)
"serveAdminPanel": false, // http://yourbackend.com will not serve any static admin files
"build": {
"backend": "http://yourbackend.com"
}
}
}
admin: {
path: '/', // Note: The administration will be accessible from the root of the domain (ex: http//yourfrontend.com/)
serveAdminPanel: false, // http://yourbackend.com will not serve any static admin files
build: {
backend: 'http://yourbackend.com',
},
},
};
```
The administration URL will be `http://yourfrontend.com` and every request from the panel will hit the backend at `http://yourbackend.com`.
@ -59,22 +59,22 @@ The administration URL will be `http://yourfrontend.com` and every request from
In this case, we suppose that you decided to put your administration panel on a different server than the API.
**Path —** `./config/environment/**/server.json`.
**Path —** `./config/server.js`.
```js
{
"host": "localhost",
"port": 1337,
"cron": {
"enabled": false
module.exports = {
host: 'localhost',
port: 1337,
cron: {
enabled: false,
},
"admin": {
"path": "/dashboard",
"build": {
"backend": "http://yourbackend.com"
}
}
}
admin: {
path: '/dashboard',
build: {
backend: 'http://yourbackend.com',
},
},
};
```
The administration URL will be `http://yourfrontend.com/dashboard` and every request from the panel will hit the backend at `http://yourbackend.com`.

10
docs/3.0.0-beta.x/cli/CLI.md
View File

@ -61,11 +61,6 @@ Start a Strapi application with autoReload disabled.
This commands is there to run a Strapi application without restarts and file writes (aimed at production usage).
Certain features are disabled in the `strapi start` mode because they require application restarts.
::: tip
You can specify a NODE_ENV to use the configurations in the `./config/environments/[development|staging|production]` folder.
By default the `development` environment will be used.
:::
## strapi build
Builds your admin panel.
@ -83,11 +78,6 @@ options: [--no-optimization]
- **strapi build --no-optimization**<br/>
Builds the administration panel without minimizing the assets. The build duration is faster.
::: tip
You can specify a NODE_ENV to use the configurations in the `./config/environments/[development|staging|production]` folder.
By default the `development` environment will be used.
:::
## strapi generate:api
Scaffold a complete API with its configurations, controller, model and service.

256
docs/3.0.0-beta.x/concepts/configurations.md
View File

@ -187,6 +187,134 @@ module.exports = ({ env }) => ({
| `admin.build` | Admin panel build configuration | | |
| `admin.build.backend` | URL that the admin panel and plugins will request | string | |
## Functions
The `./config/functions/` folder contains a set of JavaScript files in order to add dynamic and logic based configurations.
All functions that are exposed in this folder are accessible via `strapi.config.functions['fileName']();`
### Bootstrap
**Path —** `./config/functions/bootstrap.js`.
The `bootstrap` function is called at every server start. You can use it to add a specific logic at this moment of your server's lifecycle.
Here are some use cases:
- Create an admin user if there isn't one.
- Fill the database with some necessary data.
- Check that the database is up-and-running.
- Load some environment variables.
The bootstrap function can be synchronous or asynchronous.
**Synchronous**
```js
module.exports = () => {
// some sync code
};
```
**Return a promise**
```js
module.exports = () => {
return new Promise(/* some code */);
};
```
**Asynchronous**
```js
module.exports = async () => {
await someSetup();
};
```
### CRON tasks
CRON tasks allow you to schedule jobs (arbitrary functions) for execution at specific dates, with optional recurrence rules. It only uses a single timer at any given time (rather than reevaluating upcoming jobs every second/minute).
This feature is powered by [`node-schedule`](https://www.npmjs.com/package/node-schedule) node modules. Check it for more information.
::: warning
Make sure the `enabled` cron config is set to `true` in `./config/server.js` file.
:::
The cron format consists of:
```
* * * * * *
┬ ┬ ┬ ┬ ┬ ┬
│ │ │ │ │ |
│ │ │ │ │ └ day of week (0 - 7) (0 or 7 is Sun)
│ │ │ │ └───── month (1 - 12)
│ │ │ └────────── day of month (1 - 31)
│ │ └─────────────── hour (0 - 23)
│ └──────────────────── minute (0 - 59)
└───────────────────────── second (0 - 59, OPTIONAL)
```
To define a CRON job, add your logic like below:
**Path —** `./config/functions/cron.js`.
```js
module.exports = {
/**
* Simple example.
* Every monday at 1am.
*/
'0 0 1 * * 1': () => {
// Add your own logic here (e.g. send a queue of email, create a database backup, etc.).
},
};
```
### Database ORM customization
When present, they are loaded to let you customize your database connection instance, for example for adding some plugin, customizing parameters, etc.
:::: tabs
::: tab Mongoose
As an example, for using the `mongoose-simple-random` plugin for MongoDB, you can register it like this:
**Path —** `./config/functions/mongoose.js`.
```js
'use strict';
const random = require('mongoose-simple-random');
module.exports = (mongoose, connection) => {
mongoose.plugin(random);
};
```
:::
::: tab Bookshelf
Another example would be using the `bookshelf-uuid` plugin for MySQL, you can register it like this:
**Path —** `./config/functions/bookshelf.js`.
```js
'use strict';
module.exports = (bookshelf, connection) => {
bookshelf.plugin(require('bookshelf-uuid'));
};
```
:::
::::
## Database
This file lets you define database connections that will be used to store your application content.
@ -363,134 +491,6 @@ module.exports = ({ env }) => ({
Take a look at the [database's guide](../guides/databases.md) for more details.
:::
## Functions
The `./config/functions/` folder contains a set of JavaScript files in order to add dynamic and logic based configurations.
All functions that are exposed in this folder are accessible via `strapi.config.functions['fileName']();`
### Bootstrap
**Path —** `./config/functions/bootstrap.js`.
The `bootstrap` function is called at every server start. You can use it to add a specific logic at this moment of your server's lifecycle.
Here are some use cases:
- Create an admin user if there isn't one.
- Fill the database with some necessary data.
- Check that the database is up-and-running.
- Load some environment variables.
The bootstrap function can be synchronous or asynchronous.
**Synchronous**
```js
module.exports = () => {
// some sync code
};
```
**Return a promise**
```js
module.exports = () => {
return new Promise(/* some code */);
};
```
**Asynchronous**
```js
module.exports = async () => {
await someSetup();
};
```
### CRON tasks
CRON tasks allow you to schedule jobs (arbitrary functions) for execution at specific dates, with optional recurrence rules. It only uses a single timer at any given time (rather than reevaluating upcoming jobs every second/minute).
This feature is powered by [`node-schedule`](https://www.npmjs.com/package/node-schedule) node modules. Check it for more information.
::: warning
Make sure the `enabled` cron config is set to `true` in `./config/environments/**/server.json` file.
:::
The cron format consists of:
```
* * * * * *
┬ ┬ ┬ ┬ ┬ ┬
│ │ │ │ │ |
│ │ │ │ │ └ day of week (0 - 7) (0 or 7 is Sun)
│ │ │ │ └───── month (1 - 12)
│ │ │ └────────── day of month (1 - 31)
│ │ └─────────────── hour (0 - 23)
│ └──────────────────── minute (0 - 59)
└───────────────────────── second (0 - 59, OPTIONAL)
```
To define a CRON job, add your logic like below:
**Path —** `./config/functions/cron.js`.
```js
module.exports = {
/**
* Simple example.
* Every monday at 1am.
*/
'0 0 1 * * 1': () => {
// Add your own logic here (e.g. send a queue of email, create a database backup, etc.).
},
};
```
### Database ORM customization
When present, they are loaded to let you customize your database connection instance, for example for adding some plugin, customizing parameters, etc.
:::: tabs
::: tab Mongoose
As an example, for using the `mongoose-simple-random` plugin for MongoDB, you can register it like this:
**Path —** `./config/functions/mongoose.js`.
```js
'use strict';
const random = require('mongoose-simple-random');
module.exports = (mongoose, connection) => {
mongoose.plugin(random);
};
```
:::
::: tab Bookshelf
Another example would be using the `bookshelf-uuid` plugin for MySQL, you can register it like this:
**Path —** `./config/functions/bookshelf.js`.
```js
'use strict';
module.exports = (bookshelf, connection) => {
bookshelf.plugin(require('bookshelf-uuid'));
};
```
:::
::::
## Configuration in database
Configuration files are not multi server friendly. So we created a data store for config you will want to update in production.

18
docs/3.0.0-beta.x/concepts/hooks.md
View File

@ -77,14 +77,14 @@ The framework allows to load hooks from the project directly without having to i
## Configuration and activation
To activate and configure your hook with custom options, you need to edit your `./config/environments/**/hook.json` file in your Strapi app.
To activate and configure your hook with custom options, you need to edit your `./config/hook.js` file in your Strapi app.
```javascript
{
...
"hook-name": {
"enabled": true,
...
}
}
```js
module.exports = {
settings: {
'hook-name': {
enabled: true,
},
},
};
```

8
docs/3.0.0-beta.x/concepts/middlewares.md
View File

@ -119,8 +119,6 @@ The following middlewares cannot be disabled: responses, router, logger and boom
### Request middlewares
**Path —** `./config/environments/**/request.json`.
- `session`
- `enabled` (boolean): Enable or disable sessions. Default value: `false`.
- `client` (string): Client used to persist sessions. Default value: `redis`.
@ -143,8 +141,6 @@ The session doesn't work with `mongo` as a client. The package that we should us
## Response middlewares
**Path —** `./config/environments/**/response.json`.
- [`gzip`](https://en.wikipedia.org/wiki/Gzip)
- `enabled` (boolean): Enable or not GZIP response compression.
- `responseTime`
@ -155,8 +151,6 @@ The session doesn't work with `mongo` as a client. The package that we should us
### Security middlewares
**Path —** `./config/environments/**/security.json`.
- [`csp`](https://en.wikipedia.org/wiki/Content_Security_Policy)
- `enabled` (boolean): Enable or disable CSP to avoid Cross Site Scripting (XSS) and data injection attacks.
- [`p3p`](https://en.wikipedia.org/wiki/P3P)
@ -185,7 +179,7 @@ The session doesn't work with `mongo` as a client. The package that we should us
### Load order
The middlewares are injected into the Koa stack asynchronously. Sometimes it happens that some of these middlewares need to be loaded in a specific order. To define a load order, we created a dedicated file located in `./config/middleware.json`.
The middlewares are injected into the Koa stack asynchronously. Sometimes it happens that some of these middlewares need to be loaded in a specific order. To define a load order, we created a dedicated file located in `./config/middleware.js`.
**Path —** `./config/middleware.js`.

2
docs/3.0.0-beta.x/concepts/models.md
View File

@ -130,7 +130,7 @@ Additional settings can be set on models:
}
```
In this example, the model `Restaurant` will be accessible through the `Restaurants` global variable. The data will be stored in the `Restaurants_v1` collection or table and the model will use the `mongo` connection defined in `./config/environments/**/database.json`
In this example, the model `Restaurant` will be accessible through the `Restaurants` global variable. The data will be stored in the `Restaurants_v1` collection or table and the model will use the `mongo` connection defined in `./config/database.js`
::: warning
If not set manually in the JSON file, Strapi will adopt the filename as `globalId`.

52
docs/3.0.0-beta.x/concepts/webhooks.md
View File

@ -211,21 +211,21 @@ This event is triggered only when you delete a media through the media interface
### Available configurations
You can set webhook configurations inside the file `./config/environments/{env}/server.json`.
You can set webhook configurations inside the file `./config/server.js`.
- `webhooks`
- `defaultHeaders`: You can set default headers to use for your webhook requests. This option is overwritten by the headers set in the webhook itself.
**Example configuration**
```json
{
"webhooks": {
"defaultHeaders": {
"Custom-Header": "my-custom-header"
}
}
}
```js
module.exports = {
webhooks: {
defaultHeaders: {
'Custom-Header': 'my-custom-header',
},
},
};
```
### Securing your webhooks
@ -235,34 +235,34 @@ Most of the time, webhooks make requests to public URLs, therefore it is possibl
To prevent this from happening you can send a header with an authentication token. Using the Admin panel you would have to do it for every webhook.
Another way is to define `defaultHeaders` to add to every webhook requests.
You can configure these global headers by updating the file at `./config/environments/{env}/server.json`:
You can configure these global headers by updating the file at `./config/server.js`:
:::: tabs
::: tab "Simple token"
```json
{
"webhooks": {
"defaultHeaders": {
"Authorization": "Bearer my-very-secured-token"
}
}
}
```js
module.exports = {
webhooks: {
defaultHeaders: {
Authorization: 'Bearer my-very-secured-token',
},
},
};
```
:::
::: tab "Environment variable"
```json
{
"webhooks": {
"defaultHeaders": {
"Authorization": "Bearer ${ process.env.WEBHOOK_TOKEN }"
}
}
}
```js
module.exports = {
webhooks: {
defaultHeaders: {
Authorization: `Bearer ${process.env.WEBHOOK_TOKEN}`,
},
},
};
```
::::

86
docs/3.0.0-beta.x/guides/client.md
View File

@ -44,15 +44,16 @@ module.exports = strapi => {
When the hook is created, we have to enable it to say to Strapi to use this hook.
**Path —** `./config/hook.json`
**Path —** `./config/hook.js`
```json
{
...
"github": {
"enabled": true
}
}
```js
module.exports = {
settings: {
github: {
enabled: true,
},
},
};
```
Now you can start your application, you should see a log `my hook is loaded` in your terminal.
@ -62,16 +63,23 @@ Now you can start your application, you should see a log `my hook is loaded` in
First lets update the config file to add your [GitHub token](https://github.com/settings/tokens).
By following the [documentation](https://octokit.github.io/rest.js/#authentication) you will also find the way to use GitHub applications.
**Path —** `./config/hook.json`
**Path —** `./config/hook.js`
```json
{
...
"github": {
"enabled": true,
"token": "bf78d4fc3c1767019870476d6d7cc8961383d80f"
}
}
```js
module.exports = {
settings: {
github: {
enabled: true,
token: process.env.GITHUB_TOKEN,
},
},
};
```
**Path -** `.env`
```
GITHUB_TOKEN=bf78d4fc3c1767019870476d6d7cc8961383d80f
```
Now we have to load the GitHub client.
@ -84,10 +92,10 @@ const GitHubAPI = require('@octokit/rest');
module.exports = strapi => {
return {
async initialize() {
const { token } = strapi.config.hook.github;
const { token } = strapi.config.get('hook.settings.github');
strapi.services.github = new GitHubAPI({
userAgent: `${strapi.config.info.name} v${strapi.config.info.version}`,
userAgent: `${strapi.config.get('info.name')} v${strapi.config.get('info.version')}`,
auth: `token ${token}`,
});
},
@ -111,43 +119,3 @@ module.exports = async () => {
```
Restart your server and you should see your GitHub profile data.
## Configs by environment
You would probably want specific configurations for development and production environment.
To do so, we will update some configurations.
You have to move your `github` configs from `./config/hook.json` to `./config/environments/development.json`, then remove it from the `hook.json` file.
And in your GitHub hook, you will have to replace `strapi.config.hook.github` by `strapi.config.currentEnvironment.github` to access to the configs.
**Path —** `./config/environments/development.json`
```json
{
"github": {
"enabled": true,
"token": "806506ab855a94e8608148315eeb39a44c29aee1"
}
}
```
**Path —** `./hooks/github/index.js`
```js
const GitHubAPI = require('@octokit/rest');
module.exports = strapi => {
return {
async initialize() {
const { token } = strapi.config.currentEnvironment.github;
strapi.services.github = new GitHubAPI({
userAgent: `${strapi.config.info.name} v${strapi.config.info.version}`,
auth: `token ${token}`,
});
},
};
};
```

36
docs/3.0.0-beta.x/guides/databases.md
View File

@ -313,23 +313,29 @@ Please note the `<password>` after your `username`. In this example, after `mong
Replace the contents of `/database.json` with the following and replace **< password >** with the password of the user of your database you created earlier:
`Path: ./config/environments/(development|production)/database.json`.
`Path: ./config/database.js`.
```json
{
"defaultConnection": "default",
"connections": {
"default": {
"connector": "mongoose",
"settings": {
"uri": "mongodb://paulbocuse:<password>@strapidatabase-shard-00-00-fxxx6c.mongodb.net:27017,strapidatabase-shard-00-01-fxxxc.mongodb.net:27017,strapidatabase-shard-00-02-fxxxc.mongodb.net:27017/test?ssl=true&replicaSet=strapidatabase-shard-0&authSource=admin&retryWrites=true&w=majority"
```js
module.exports = ({ env }) => ({
defaultConnection: 'default',
connections: {
default: {
connector: 'mongoose',
settings: {
uri: env('DATABASE_URI'),
},
"options": {
"ssl": true
}
}
}
}
options: {
ssl: true,
},
},
},
});
```
`Path: .env`
```
DATABASE_URI=mongodb://paulbocuse:<password>@strapidatabase-shard-00-00-fxxx6c.mongodb.net:27017,strapidatabase-shard-00-01-fxxxc.mongodb.net:27017,strapidatabase-shard-00-02-fxxxc.mongodb.net:27017/test?ssl=true&replicaSet=strapidatabase-shard-0&authSource=admin&retryWrites=true&w=majority
```
::: warning NOTE

34
docs/3.0.0-beta.x/guides/error-catching.md
View File

@ -67,28 +67,26 @@ It's important to call `throw(error);` to avoid stopping the middleware stack. I
Make sure your middleware is added at the end of the middleware stack.
**Path —** `./config/middleware.json`
**Path —** `./config/middleware.js`
```json
{
...
"after": [
"parser",
"router",
"sentry"
]
}
}
```js
module.exports = {
load: {
after: ['parser', 'router', 'sentry'],
},
};
```
And finally you have to enable the middleware.
**Path —** `./config/environments/**/middleware.json`
**Path —** `./config/middleware.js`
```json
{
"sentry": {
"enabled": true
}
}
```js
module.exports = {
settings: {
sentry: {
enabled: true,
},
},
};
```

13
docs/3.0.0-beta.x/guides/scheduled-publication.md
View File

@ -38,7 +38,7 @@ module.exports = {
};
```
Make sure the enabled cron config is set to true in `./config/environments/**/server.json` file.
Make sure the enabled cron config is set to true in `./config/server.js` file.
::: tip
Please note that Strapi's built in CRON feature will not work if you plan to use `pm2` or node based clustering. You will need to execute these CRON tasks outside of Strapi.
@ -58,20 +58,15 @@ module.exports = {
// fetch articles to publish
const draftArticleToPublish = await strapi.api.article.services.article.find({
status: 'draft',
publish_at_lt: new Date()
publish_at_lt: new Date(),
});
// update status of articles
draftArticleToPublish.forEach(async (article) => {
await strapi.api.article.services.article.update(
{id: article.id},
{status: 'published'}
);
draftArticleToPublish.forEach(async article => {
await strapi.api.article.services.article.update({ id: article.id }, { status: 'published' });
});
},
};
```
And tada!

17
docs/3.0.0-beta.x/installation/digitalocean-one-click.md
View File

@ -27,7 +27,7 @@ To create a project head over to the Strapi [listing on the marketplace](https:/
### Step 3: Visit your app
Please note that it may take anywhere from 30 seconds to a few minutes for the droplet to startup, when it does you should see it in your [droplets list](https://cloud.digitalocean.com/droplets).
Please note that it may take anywhere from 30 seconds to a few minutes for the droplet to startup, when it does you should see it in your [droplets list](https://cloud.digitalocean.com/droplets).
::: warning
After the droplet has started, it will take a few more minutes to finish the Strapi installation.
@ -151,19 +151,10 @@ pm2 stop strapi-develop
psql -c "ALTER USER strapi with password 'your-new-password';"
```
- Update the `/srv/strapi/strapi/config/environments/development/database.json` file with the new password.
- Update the `/srv/strapi/strapi/config/.env` file with the new password.
```json
...
"settings": {
"client": "postgres",
"host": "127.0.0.1",
"port": "5432",
"database": "strapi",
"username": "strapi",
"password": "your-new-password"
},
...
```
DATABASE_PASSWORD=your-new-password
```
- Restart Strapi and confirm the password change was successful

2
docs/3.0.0-beta.x/plugins/users-permissions.md
View File

@ -745,5 +745,5 @@ You can update these templates under **Plugins** > **Roles & Permissions** > **E
JWT tokens can be verified and trusted because the information is digitally signed. To sign a token a _secret_ is required. By default Strapi generates one that is stored in `./your-app/extensions/users-permissions/config/jwt.json`. This is useful during development but for security reasons it is **recommended** to set a custom token via an environment variable `JWT_SECRET` when deploying to production. It is also possible to modify `jwt.json` file to accept `JWT_TOKEN` automatically by doing following ([docs](https://strapi.io/documentation/3.0.0-beta.x/concepts/configurations.html#dynamic-configurations)).
```
"jwtSecret": "${process.env.JWT_SECRET}"
"jwtSecret": "${process.env.JWT_SECRET}"
```