Strapi v4 Extending Server API for Plugins does not work

Question

I am trying to follow the Strapi v4.0.0 guide on https://docs.strapi.io/developer-docs/latest/developer-resources/plugin-api-reference/server.html#entry-file for extending the users-permission plugin to add a custom route/controller, but so far have been unsuccessful. I add the custom files as stated in the docs, but there is no change in the UI.

I managed to get this to work for normal API highlighted in yellow, but was unable to do so for the users-permission plugin

In the previous version 3.6.8 this functionality was allowed through the extensions folder.

Am I missing something from the new guide, I even tried copying the files from node_modules > @strapi > plugin-users-permission and adding a new route and method to the exiting controller file but it still does not reflect the change in the section where we assign different route permission to roles. The user-permission plugin still shows the original routes, with no change.

Thanks,

Answer 1

When exporting routes you need to export the type, either content-api or admin-api. Look at the Strapi email plugin in node_modules for example, change the folder and file structure in your routes folder to match that and then you will be able to set permissions in the admin panel.

Answer 2

I ran into this thread while researching pretty much the same issue, and I wanted to share my solution.

First of all, I found this portion of the documentation more useful than the one you referenced: https://docs.strapi.io/developer-docs/latest/development/plugins-extension.html

My goal was the write a new route to validate JWT tokens based on the comment made here: https://github.com/strapi/strapi/issues/3601#issuecomment-510810027 but updated for Strapi v4.

The solution turned out to be simple:

1. Create a new folder structure: ./src/extensions/user-permissions if it does not exist.
2. Create a new file ./src/extensions/user-permissions/strapi-server.js if it does not exist.
3. Add the following to the file:

module.exports = (plugin) => {
  plugin.controllers.<controller>['<new method>'] = async (ctx) => {
    // custom logic here
  }

  plugin.routes['content-api'].routes.push({
    method: '<method>',
    path: '/your/path',
    handler: '<controller>.<new method>',
    config: {
      policies: [],
      prefix: '',
    },
  });

  return plugin;
};

If you're unsure what controllers are available, you can always check the API documentation or console.log(plugin) or console.log(plugin.controllers) .

After the admin server restarts, you should see your new route under the user-permissions section as you would expect, and you can assign rights to it as you see fit.

My full strapi-server.js file including the logic to validate JWT:

module.exports = (plugin) => {
  plugin.controllers.auth['tokenDecrypt'] = async (ctx) => {
    // get token from the POST request
    const {token} = ctx.request.body;

    // check token requirement
    if (!token) {
      return ctx.badRequest('`token` param is missing')
    }

    try {
      // decrypt the jwt
      const obj = await strapi.plugin('users-permissions').service('jwt').verify(token);

      // send the decrypted object
      return obj;
    } catch (err) {
      // if the token is not a valid token it will throw and error
      return ctx.badRequest(err.toString());
    }
  }

  plugin.routes['content-api'].routes.push({
    method: 'POST',
    path: '/token/validation',
    handler: 'auth.tokenDecrypt',
    config: {
      policies: [],
      prefix: '',
    },
  });

  return plugin;
};

Answer 3

If your Strapi server is using Typescript, make sure that you name your extension files accordingly. So instead of strapi-server.js , you would need to name your file strapi-server.ts .