refactor: rename the router controller to 'find' for fetching with a read-only API token

Author: boazpoolman

.changeset/hungry-planes-return.md

@@ -0,0 +1,5 @@
+---
+"strapi-plugin-webtools": patch
+---
+
+refactor: rename the router controller to 'find' for fetching with a read-only API token

packages/core/server/controllers/core.ts

@@ -9,37 +9,47 @@ import { sanitizeOutput } from '../util/sanitizeOutput';
  * Router controller
  */
 
+const routerController = async (ctx: Context) => {
+  const { path, ...searchQuery } = ctx.query;
+  const { auth } = ctx.state;
+
+  const { entity, contentType } = await getPluginService('url-alias').findRelatedEntity(path as string, searchQuery);
+
+  if (!entity) {
+    ctx.notFound();
+    return;
+  }
+
+  // Check 'find' permissions for the content type we're querying.
+  // eslint-disable-next-line @typescript-eslint/no-unsafe-argument
+  await strapi.auth.verify(auth, { scope: [`${contentType}.find`] });
+
+  // Add content type to response.
+  const responseEntity = {
+    ...entity,
+    contentType,
+  };
+
+  const contentTypeObj = strapi.contentTypes[contentType] as Schema.ContentType;
+
+  // Format response.
+  const sanitizedEntity = await sanitizeOutput(responseEntity, contentTypeObj, auth);
+  ctx.body = await strapi.controller(contentType as UID.Controller)
+    // @ts-expect-error
+    // The strapi object is typed in a way that the following is expected to be a controller.
+    // In fact that is not true, as this also exposes the helper functions of the controller.
+    // That is the reason we put a ts-expect-error here.
+    .transformResponse(sanitizedEntity, {});
+};
+
 export default {
-  router: async (ctx: Context) => {
-    const { path, ...searchQuery } = ctx.query;
-    const { auth } = ctx.state;
-
-    const { entity, contentType } = await getPluginService('url-alias').findRelatedEntity(path as string, searchQuery);
-
-    if (!entity) {
-      ctx.notFound();
-      return;
-    }
-
-    // Check 'find' permissions for the content type we're querying.
-    // eslint-disable-next-line @typescript-eslint/no-unsafe-argument
-    await strapi.auth.verify(auth, { scope: [`${contentType}.find`] });
-
-    // Add content type to response.
-    const responseEntity = {
-      ...entity,
-      contentType,
-    };
-
-    const contentTypeObj = strapi.contentTypes[contentType] as Schema.ContentType;
-
-    // Format response.
-    const sanitizedEntity = await sanitizeOutput(responseEntity, contentTypeObj, auth);
-    ctx.body = await strapi.controller(contentType as UID.Controller)
-      // @ts-expect-error
-      // The strapi object is typed in a way that the following is expected to be a controller.
-      // In fact that is not true, as this also exposes the helper functions of the controller.
-      // That is the reason we put a ts-expect-error here.
-      .transformResponse(sanitizedEntity, {});
-  },
+  /**
+   * @description Name the controller 'find' to allow it to be fetched by a read-only API token.
+   */
+  find: routerController,
+  /**
+   * @deprecated Use 'find' instead.
+   * @description Will be removed in future versions.
+   */
+  router: routerController,
 };

packages/core/server/routes/index.ts

@@ -45,7 +45,7 @@ export default {
       {
         method: 'GET',
         path: '/router',
-        handler: 'core.router',
+        handler: 'core.find',
         config: {
           policies: [],
         },