@objectstack/service-settings 11.0.0 → 11.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +82 -0
- package/dist/index.cjs.map +1 -1
- package/dist/index.js +82 -0
- package/dist/index.js.map +1 -1
- package/package.json +5 -5
package/dist/index.cjs
CHANGED
|
@@ -1369,6 +1369,17 @@ var manifest = {
|
|
|
1369
1369
|
description: "Block reusing this many previous passwords on change/reset. 0 disables the check.",
|
|
1370
1370
|
visible: "${data.email_password_enabled !== false}"
|
|
1371
1371
|
},
|
|
1372
|
+
{
|
|
1373
|
+
type: "number",
|
|
1374
|
+
key: "password_expiry_days",
|
|
1375
|
+
label: "Password expiry (days)",
|
|
1376
|
+
required: false,
|
|
1377
|
+
default: 0,
|
|
1378
|
+
min: 0,
|
|
1379
|
+
max: 3650,
|
|
1380
|
+
description: "Force a password change after this many days. 0 disables expiry. While expired, the user is blocked from data until they change their password.",
|
|
1381
|
+
visible: "${data.email_password_enabled !== false}"
|
|
1382
|
+
},
|
|
1372
1383
|
{
|
|
1373
1384
|
type: "group",
|
|
1374
1385
|
id: "anti_abuse",
|
|
@@ -1418,6 +1429,33 @@ var manifest = {
|
|
|
1418
1429
|
max: 3600,
|
|
1419
1430
|
description: "Sliding window over which the request cap above is counted."
|
|
1420
1431
|
},
|
|
1432
|
+
{
|
|
1433
|
+
type: "group",
|
|
1434
|
+
id: "multi_factor",
|
|
1435
|
+
label: "Multi-factor",
|
|
1436
|
+
required: false,
|
|
1437
|
+
description: "Require members to protect their account with an authenticator app (TOTP)."
|
|
1438
|
+
},
|
|
1439
|
+
{
|
|
1440
|
+
type: "toggle",
|
|
1441
|
+
key: "mfa_required",
|
|
1442
|
+
label: "Require multi-factor authentication",
|
|
1443
|
+
required: false,
|
|
1444
|
+
default: false,
|
|
1445
|
+
description: "Users without an authenticator enrolled are blocked from data once their grace period ends. Enabling this also turns on the two-factor feature so users can enroll.",
|
|
1446
|
+
visible: "${data.email_password_enabled !== false}"
|
|
1447
|
+
},
|
|
1448
|
+
{
|
|
1449
|
+
type: "number",
|
|
1450
|
+
key: "mfa_grace_period_days",
|
|
1451
|
+
label: "MFA grace period (days)",
|
|
1452
|
+
required: false,
|
|
1453
|
+
default: 7,
|
|
1454
|
+
min: 0,
|
|
1455
|
+
max: 90,
|
|
1456
|
+
description: "How long users may defer enrollment before the hard block. 0 blocks immediately.",
|
|
1457
|
+
visible: "${data.mfa_required === true}"
|
|
1458
|
+
},
|
|
1421
1459
|
{
|
|
1422
1460
|
type: "group",
|
|
1423
1461
|
id: "sessions",
|
|
@@ -1445,6 +1483,50 @@ var manifest = {
|
|
|
1445
1483
|
max: 90,
|
|
1446
1484
|
description: "An active session is extended when it is older than this."
|
|
1447
1485
|
},
|
|
1486
|
+
{
|
|
1487
|
+
type: "number",
|
|
1488
|
+
key: "session_idle_timeout_minutes",
|
|
1489
|
+
label: "Idle timeout (minutes)",
|
|
1490
|
+
required: false,
|
|
1491
|
+
default: 0,
|
|
1492
|
+
min: 0,
|
|
1493
|
+
max: 10080,
|
|
1494
|
+
description: "Sign a user out after this many minutes of inactivity. 0 disables."
|
|
1495
|
+
},
|
|
1496
|
+
{
|
|
1497
|
+
type: "number",
|
|
1498
|
+
key: "session_absolute_max_hours",
|
|
1499
|
+
label: "Absolute session lifetime (hours)",
|
|
1500
|
+
required: false,
|
|
1501
|
+
default: 0,
|
|
1502
|
+
min: 0,
|
|
1503
|
+
max: 8760,
|
|
1504
|
+
description: "Force re-authentication this many hours after sign-in, regardless of activity. 0 disables."
|
|
1505
|
+
},
|
|
1506
|
+
{
|
|
1507
|
+
type: "number",
|
|
1508
|
+
key: "max_concurrent_sessions_per_user",
|
|
1509
|
+
label: "Max concurrent sessions per user",
|
|
1510
|
+
required: false,
|
|
1511
|
+
default: 0,
|
|
1512
|
+
min: 0,
|
|
1513
|
+
max: 100,
|
|
1514
|
+
description: "Cap simultaneous signed-in sessions per user; the oldest are signed out past the cap. 0 = unlimited."
|
|
1515
|
+
},
|
|
1516
|
+
{
|
|
1517
|
+
type: "group",
|
|
1518
|
+
id: "network",
|
|
1519
|
+
label: "Network",
|
|
1520
|
+
required: false,
|
|
1521
|
+
description: "Restrict where users can authenticate from."
|
|
1522
|
+
},
|
|
1523
|
+
{
|
|
1524
|
+
type: "textarea",
|
|
1525
|
+
key: "allowed_ip_ranges",
|
|
1526
|
+
label: "Allowed IP ranges",
|
|
1527
|
+
required: false,
|
|
1528
|
+
description: "CIDR ranges or exact IPs (one per line, or comma-separated), e.g. 203.0.113.0/24. When set, sign-in from outside these ranges is rejected. Empty = no restriction. Requires a trusted proxy to set X-Forwarded-For."
|
|
1529
|
+
},
|
|
1448
1530
|
{
|
|
1449
1531
|
type: "group",
|
|
1450
1532
|
id: "social",
|