@objectstack/service-settings 11.0.0 → 11.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.cjs CHANGED
@@ -1369,6 +1369,17 @@ var manifest = {
1369
1369
  description: "Block reusing this many previous passwords on change/reset. 0 disables the check.",
1370
1370
  visible: "${data.email_password_enabled !== false}"
1371
1371
  },
1372
+ {
1373
+ type: "number",
1374
+ key: "password_expiry_days",
1375
+ label: "Password expiry (days)",
1376
+ required: false,
1377
+ default: 0,
1378
+ min: 0,
1379
+ max: 3650,
1380
+ description: "Force a password change after this many days. 0 disables expiry. While expired, the user is blocked from data until they change their password.",
1381
+ visible: "${data.email_password_enabled !== false}"
1382
+ },
1372
1383
  {
1373
1384
  type: "group",
1374
1385
  id: "anti_abuse",
@@ -1418,6 +1429,33 @@ var manifest = {
1418
1429
  max: 3600,
1419
1430
  description: "Sliding window over which the request cap above is counted."
1420
1431
  },
1432
+ {
1433
+ type: "group",
1434
+ id: "multi_factor",
1435
+ label: "Multi-factor",
1436
+ required: false,
1437
+ description: "Require members to protect their account with an authenticator app (TOTP)."
1438
+ },
1439
+ {
1440
+ type: "toggle",
1441
+ key: "mfa_required",
1442
+ label: "Require multi-factor authentication",
1443
+ required: false,
1444
+ default: false,
1445
+ description: "Users without an authenticator enrolled are blocked from data once their grace period ends. Enabling this also turns on the two-factor feature so users can enroll.",
1446
+ visible: "${data.email_password_enabled !== false}"
1447
+ },
1448
+ {
1449
+ type: "number",
1450
+ key: "mfa_grace_period_days",
1451
+ label: "MFA grace period (days)",
1452
+ required: false,
1453
+ default: 7,
1454
+ min: 0,
1455
+ max: 90,
1456
+ description: "How long users may defer enrollment before the hard block. 0 blocks immediately.",
1457
+ visible: "${data.mfa_required === true}"
1458
+ },
1421
1459
  {
1422
1460
  type: "group",
1423
1461
  id: "sessions",
@@ -1445,6 +1483,50 @@ var manifest = {
1445
1483
  max: 90,
1446
1484
  description: "An active session is extended when it is older than this."
1447
1485
  },
1486
+ {
1487
+ type: "number",
1488
+ key: "session_idle_timeout_minutes",
1489
+ label: "Idle timeout (minutes)",
1490
+ required: false,
1491
+ default: 0,
1492
+ min: 0,
1493
+ max: 10080,
1494
+ description: "Sign a user out after this many minutes of inactivity. 0 disables."
1495
+ },
1496
+ {
1497
+ type: "number",
1498
+ key: "session_absolute_max_hours",
1499
+ label: "Absolute session lifetime (hours)",
1500
+ required: false,
1501
+ default: 0,
1502
+ min: 0,
1503
+ max: 8760,
1504
+ description: "Force re-authentication this many hours after sign-in, regardless of activity. 0 disables."
1505
+ },
1506
+ {
1507
+ type: "number",
1508
+ key: "max_concurrent_sessions_per_user",
1509
+ label: "Max concurrent sessions per user",
1510
+ required: false,
1511
+ default: 0,
1512
+ min: 0,
1513
+ max: 100,
1514
+ description: "Cap simultaneous signed-in sessions per user; the oldest are signed out past the cap. 0 = unlimited."
1515
+ },
1516
+ {
1517
+ type: "group",
1518
+ id: "network",
1519
+ label: "Network",
1520
+ required: false,
1521
+ description: "Restrict where users can authenticate from."
1522
+ },
1523
+ {
1524
+ type: "textarea",
1525
+ key: "allowed_ip_ranges",
1526
+ label: "Allowed IP ranges",
1527
+ required: false,
1528
+ description: "CIDR ranges or exact IPs (one per line, or comma-separated), e.g. 203.0.113.0/24. When set, sign-in from outside these ranges is rejected. Empty = no restriction. Requires a trusted proxy to set X-Forwarded-For."
1529
+ },
1448
1530
  {
1449
1531
  type: "group",
1450
1532
  id: "social",