npm - strapi-plugin-magic-link-v5 - Versions diffs - 4.3.1 → 4.4.1 - Mend

strapi-plugin-magic-link-v5 4.3.1 → 4.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/COPYRIGHT_NOTICE.txt +9 -10
package/LICENSE +27 -48
package/README.md +208 -296
package/admin/src/pages/Tokens/TokensProfessional.jsx +19 -8
package/admin/src/pages/Tokens/TokensRedesign.jsx +9 -3
package/package.json +2 -2
package/LICENSE-DUAL.md +0 -37
package/LICENSE_GUARD.md +0 -323
package/SECURITY.md +0 -79

package/COPYRIGHT_NOTICE.txt CHANGED Viewed

@@ -1,20 +1,19 @@
 /**
  * Magic Link - Passwordless Authentication for Strapi
  *
- * Copyright (c) 2025 [Dein Name/Firma]
- * All Rights Reserved.
+ * Copyright (c) 2025 Schero A. (begservice)
  *
- * PROPRIETARY AND CONFIDENTIAL
+ * Licensed under the MIT License
  *
- * This file is part of Magic Link plugin for Strapi.
+ * This plugin is free to use for personal and commercial projects.
  *
- * Unauthorized copying, modification, distribution, or use of this software
- * via any medium is strictly prohibited without prior written permission.
+ * IMPORTANT RESTRICTION:
+ * The license validation system (license-guard.js and related components)
+ * must remain intact and functional. Removing or bypassing this system
+ * is strictly prohibited.
  *
- * This software is licensed under a proprietary commercial license.
  * See LICENSE file for full terms.
  *
- * For licensing inquiries: [Deine Email]
- * Website: [Deine Website]
+ * Repository: https://github.com/begservice/strapi-plugin-magic-link-v5
+ * Issues: https://github.com/begservice/strapi-plugin-magic-link-v5/issues
  */

package/LICENSE CHANGED Viewed

@@ -1,48 +1,27 @@
-PROPRIETARY LICENSE AGREEMENT
-Copyright (c) 2025 [Dein Name/Firma]
-This software and associated documentation files (the "Software") are proprietary
-and confidential. All rights reserved.
-TERMS AND CONDITIONS:
-1. LICENSE GRANT
-   This Software is licensed, not sold. Subject to payment of applicable license
-   fees and compliance with these terms, you are granted a limited, non-exclusive,
-   non-transferable license to use the Software.
-2. RESTRICTIONS
-   You may NOT:
-   - Copy, modify, or distribute the Software
-   - Reverse engineer, decompile, or disassemble the Software
-   - Remove or modify any proprietary notices or labels
-   - Use the Software for any unlicensed purpose
-   - Share your license key with unauthorized parties
-   - Host the Software on multiple servers without appropriate licensing
-3. INTELLECTUAL PROPERTY
-   All title, ownership rights, and intellectual property rights in and to the
-   Software remain with the copyright holder. The Software is protected by
-   copyright laws and international treaty provisions.
-4. TERMINATION
-   This license is effective until terminated. Your rights under this license
-   will terminate automatically without notice if you fail to comply with any
-   term of this license.
-5. WARRANTY DISCLAIMER
-   THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-   IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS
-   FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-6. LIMITATION OF LIABILITY
-   IN NO EVENT SHALL THE COPYRIGHT HOLDER BE LIABLE FOR ANY CLAIM, DAMAGES OR
-   OTHER LIABILITY ARISING FROM THE USE OF THE SOFTWARE.
-7. LICENSE PURCHASE
-   To obtain a valid license, visit: [Deine Website]
-   Each license is subject to separate terms and pricing.
-For licensing inquiries, contact: [Deine Email]
+MIT License
+Copyright (c) 2025 Schero A. (begservice)
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+**ADDITIONAL CONDITION:**
+The license validation system (including but not limited to license-guard.js,
+license controller, and related API endpoints) must remain intact and functional.
+Removing, bypassing, or disabling the license validation system is strictly
+prohibited.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md CHANGED Viewed

@@ -1,39 +1,69 @@
-# Magic Link - Passwordless Authentication for Strapi
+# Magic Link - Passwordless Authentication for Strapi v5
-A secure passwordless authentication solution for Strapi, allowing users to log in via email links without requiring passwords.
+Secure passwordless authentication for Strapi using email-based magic links. No passwords required.
----
+[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](LICENSE)
+[![npm version](https://badge.fury.io/js/strapi-plugin-magic-link-v5.svg)](https://www.npmjs.com/package/strapi-plugin-magic-link-v5)
-## ⚠️ LICENSE & USAGE NOTICE
+---
-**This is proprietary commercial software.**
+## 📜 License
-- ❌ **NOT** open source or free to use
-- ❌ **NOT** licensed under MIT, Apache, or similar permissive licenses
-- ✅ Requires a **valid commercial license** for production use
-- ✅ Source code is visible for transparency and evaluation only
+This plugin is licensed under the **MIT License** - free for everyone to use!
-**Using this software without a valid license is copyright infringement.**
+### What you CAN do:
+- ✅ Use the plugin freely (personal & commercial)
+- ✅ View and study the source code
+- ✅ Report issues and contribute improvements
+- ✅ Deploy in production without fees
+- ✅ Integrate in your commercial projects
-📄 See [LICENSE](./LICENSE) for full terms
-💼 Purchase a license: [Your Website]
-📧 Questions? Contact: [Your Email]
+### What you CANNOT do:
+- ❌ Remove or bypass the license validation system
+- ❌ Modify `license-guard.js` or license-related endpoints
+- ❌ Disable license activation requirements
----
+**Important:** The license validation system must remain intact and functional. This ensures quality, support, and continued development. Users must activate the plugin (free) through the admin interface.
-![Magic Link Overview](pics/pic6.png)
+📄 See [LICENSE](./LICENSE) for full terms
-## Core Features!
+---
-- **Passwordless Authentication**: Login via secure email links
-- **Token Management**: Admin dashboard for managing and monitoring tokens
-- **JWT Session Tracking**: Monitor and manage active sessions
-- **Security Features**: IP banning, token expiration controls
-- **Admin Interface**: Statistics dashboard and configuration options
+## ✨ Features
+### Core Authentication
+- 🔐 **Passwordless Login** - Users log in via secure email links
+- 🎫 **Magic Link Tokens** - Cryptographically secure, time-limited tokens
+- 🔑 **JWT Session Management** - Monitor and manage active user sessions
+- 👤 **Auto User Creation** - Optionally create users automatically on first login
+- 🌍 **Multi-language Support** - English and German translations included
+### Security & Control
+- 🛡️ **IP Banning** - Block suspicious IP addresses
+- 🔒 **Session Revocation** - Instantly revoke any active JWT session
+- ⏰ **Token Expiration** - Configurable expiration periods
+- 🎯 **Login Attempt Limiting** - Prevent brute force attacks
+- 📊 **Security Score** - Real-time security configuration assessment
+- 📝 **Login Info Tracking** - Store IP addresses and user agents for audit
+### Admin Interface
+- 📱 **Modern Dashboard** - Beautiful statistics and monitoring interface
+- 🎨 **Professional Token Management** - Create, extend, and manage tokens
+- 🔍 **Search & Filter** - Find tokens and sessions quickly
+- 📄 **Pagination** - Handle large datasets efficiently
+- 🎭 **Bulk Operations** - Select and manage multiple tokens at once
+- 🌐 **License Management** - Built-in license activation interface
+### Customization
+- ✉️ **Email Templates** - Customize HTML and plain text email templates
+- 🎨 **Template Variables** - Use `<%= URL %>` and `<%= CODE %>` placeholders
+- ⚙️ **Flexible Configuration** - Configure via admin panel
+- 🔄 **Token Reusability** - Choose between one-time or reusable tokens
+- 📧 **Email Designer Support** - Integrates with Email Designer 5 plugin
-![Core Features](pics/pic7.png)
+---
-## Installation!
+## 🚀 Installation
 ```bash
 # Using npm
@@ -42,334 +72,216 @@ npm install strapi-plugin-magic-link-v5
 # Using yarn
 yarn add strapi-plugin-magic-link-v5
-# Install directly from GitHub
-npm install begservice/strapi-magic-link
-# or
-yarn add begservice/strapi-magic-link
+# Using pnpm
+pnpm add strapi-plugin-magic-link-v5
 ```
-After installation, restart your Strapi server and the plugin will be available in the admin panel.
+After installation, **restart your Strapi server**. The plugin will appear in your admin panel.
-## License Server
+---
-This plugin uses a **centralized license server** for validation and activation.
+## 🎯 Quick Start
-### How It Works
+### 1️⃣ Activate License
-- The plugin connects to a fixed license server URL for all license operations
-- License keys are validated against this server
-- The server URL is hardcoded for security (cannot be changed by end users)
-- Supports **24-hour grace period** for offline operation
+After installing, navigate to **Settings → Magic Link → License** in your Strapi admin panel and activate the plugin (free).
-### For Developers (Development Mode)
+### 2️⃣ Configure Settings
-During development, you can override the license server URL:
+Go to **Settings → Magic Link → Settings** and configure:
-```bash
-# .env file
-LICENSE_SERVER_URL=http://localhost:1337
-NODE_ENV=development
+```javascript
+{
+  "enabled": true,
+  "createUserIfNotExists": true,    // Auto-create users
+  "expire_period": 3600,             // Token valid for 1 hour
+  "token_length": 20,                // Token security level
+  "from_email": "noreply@yourdomain.com",
+  "from_name": "Your App",
+  "object": "Your Magic Link Login",
+  "confirmationUrl": "https://yourdomain.com/auth/callback"
+}
 ```
-**Note**: This override only works in development mode for testing purposes.
-## How It Works
-### Email User with Login Link
-1. **Request Process**:
-   - User requests a login link by entering their email
-   - System generates a secure token and sends an email
-   - Email contains a magic link with the token
-2. **Token Details**:
-   - Cryptographically secure random tokens
-   - Configurable expiration time
-   - Option for one-time use or reusable tokens
-   - Tracks IP address and user agent information
-### Login with Token
-1. **Authentication Process**:
-   - User clicks the link in their email
-   - System verifies the token is valid and not expired
-   - User is automatically authenticated
-   - JWT token is generated for the session
-2. **Security Measures**:
-   - IP address validation (optional)
-   - Token expiration
-   - One-time use tokens (configurable)
-   - Automatic blocking after failed attempts
-![Authentication Process](pics/pic8.png)
-## Configuration
-Configure the plugin through **Settings > Magic Link** in the Strapi admin panel:
-![Configuration Interface](pics/pic9.png)
-### General Settings
-- **Enable Magic Link**: Turn the feature on/off
-- **Create New Users**: Automatically create users if they don't exist
-- **Token Stays Valid**: Configure one-time use or reusable tokens
-- **Expiration Period**: Set how long tokens remain valid
-- **Token Length**: Configure the security level of tokens
-### Authentication Settings
-- **Default Role**: Select which user role is assigned to new users
-- **JWT Token Expiration**: Define how long JWT tokens remain valid (e.g., 30d, 24h)
-- **Store Login Info**: Enable tracking of user agents and IP addresses
-- **Remember Me**: Allow users to stay logged in for extended periods
-### Email Settings
-- **Sender Information**: Configure the email sender details (name, email)
-- **Reply-To Address**: Set a reply-to email address for support inquiries
-- **Email Subject**: Customize the subject line of the magic link emails
-- **Email Templates**: Customize HTML and text templates
-- **Email Designer Integration**: Use with Email Designer 5 if installed
-## Dashboard & Admin Interface
-Magic Link provides a comprehensive admin interface with several key sections:
-![Admin Dashboard](pics/pic10.png)
-### Dashboard Overview
-- **Security Score**: Dynamic score (0-100) showing your current security configuration
-- **Active Tokens**: Count and management of currently active tokens
-- **Token Usage**: Metrics on token creation and usage patterns
-- **Users Using Magic Link**: Number of unique users authenticating via magic links
-- **Tokens About to Expire**: Warning system for tokens expiring soon
-### Token Management
-- **Token List View**: Sortable and filterable list of all tokens
-- **Token Status Indicators**: Visual indicators showing token status (active, expired, used)
-- **Token Details**: Inspect complete token information including:
-  - Creation and expiration dates
-  - IP address and user agent information
-  - Usage history and context data
-- **Bulk Actions**: Select multiple tokens for batch operations
-- **Search & Filter**: Find tokens by email, status, or creation date
-- **Token Operations**:
-  - Block/deactivate tokens
-  - Extend token expiration
-  - Delete tokens
-### JWT Session Management
-- **Active Sessions**: Monitor all active JWT sessions across your application
-- **Session Revocation**: Ability to revoke any active session immediately
-- **Session Details**: View complete session information including:
-  - User details
-  - Creation and expiration time
-  - Last activity
-  - IP address and device information
+### 3️⃣ Frontend Implementation
-### Security Features
-- **IP Ban Management**: View and manage banned IP addresses
-- **IP Ban Controls**: Ban suspicious IPs and view associated tokens
-- **Security Audit**: Track login attempts and security events
-- **System Status**: Monitor the health of the plugin and its dependencies
-### Token Creation Interface
-- **Manual Token Creation**: Generate tokens for specific users
-- **Email Control**: Option to send or not send the email with the token
-- **Context Injection**: Add custom JSON context data to tokens
-- **Email Validation**: Verify email existence before token creation
-## Admin Features
-### Token Management
-- View all active/inactive tokens
-- Block or activate individual tokens
-- Delete expired tokens
-- See token usage statistics
-### Security Dashboard
-- Security score based on your configuration
-- IP banning for suspicious activity
-- JWT session monitoring and management
-- Token expiration warnings
-## API Endpoints
-- `POST /api/magic-link/send` - Generate and send a magic link
-- `GET /api/magic-link/login?loginToken=xxx` - Authenticate with token
-- `GET /api/magic-link/tokens` - List tokens (admin only)
-- `GET /api/magic-link/jwt-sessions` - List active sessions (admin only)
-- `POST /api/magic-link/tokens/:id/block` - Block a specific token
-- `POST /api/magic-link/ban-ip` - Ban an IP address
-## Frontend Implementation
+**Request a magic link:**
+```javascript
+const response = await fetch('/api/magic-link/send-link', {
+  method: 'POST',
+  headers: { 'Content-Type': 'application/json' },
+  body: JSON.stringify({
+    email: 'user@example.com',
+    context: { redirectTo: '/dashboard' }  // Optional
+  })
+});
+```
+**Verify token on callback page:**
 ```javascript
-// Request a magic link
-const requestLogin = async (email) => {
-  try {
-    await axios.post("/api/magic-link/send", { email });
-    // Show success message
-  } catch (error) {
-    // Handle error
-  }
-};
-// Verify token on the callback page
-const verifyToken = async () => {
-  const token = new URLSearchParams(window.location.search).get("loginToken");
-  if (token) {
-    try {
-      const response = await axios.get(
-        `/api/magic-link/login?loginToken=${token}`
-      );
-      // Store JWT and redirect user
-      localStorage.setItem("token", response.data.jwt);
-      window.location.href = "/dashboard";
-    } catch (error) {
-      // Handle invalid token
-    }
-  }
-};
+const urlParams = new URLSearchParams(window.location.search);
+const loginToken = urlParams.get('loginToken');
+if (loginToken) {
+  const response = await fetch(`/api/magic-link/login?loginToken=${loginToken}`);
+  const { jwt, user } = await response.json();
+  // Store JWT for authenticated requests
+  localStorage.setItem('token', jwt);
+  // Redirect to dashboard
+  window.location.href = '/dashboard';
+}
 ```
-## Context Data
+---
-You can include additional context when sending a magic link:
+## 📡 API Endpoints
-```javascript
-await axios.post("/api/magic-link/send", {
-  email: "user@example.com",
-  context: {
-    redirectUrl: "/dashboard",
-    source: "registration",
-  },
-});
-```
+### Public Endpoints (No Auth Required)
-## Security Best Practices
+| Method | Endpoint | Description |
+|--------|----------|-------------|
+| `POST` | `/api/magic-link/send-link` | Generate and send magic link to email |
+| `GET` | `/api/magic-link/login?loginToken=xxx` | Authenticate user with token |
-- Set reasonable token expiration times
-- Use one-time tokens for sensitive operations
-- Regularly monitor the security dashboard
-- Ban suspicious IP addresses promptly
+### Admin Endpoints (Admin Auth Required)
-## Troubleshooting
+| Method | Endpoint | Description |
+|--------|----------|-------------|
+| `GET` | `/magic-link/tokens` | List all tokens |
+| `POST` | `/magic-link/tokens` | Create a new token |
+| `DELETE` | `/magic-link/tokens/:id` | Delete a token |
+| `POST` | `/magic-link/tokens/:id/block` | Block a token |
+| `POST` | `/magic-link/tokens/:id/extend` | Extend token validity |
+| `GET` | `/magic-link/jwt-sessions` | List active JWT sessions |
+| `POST` | `/magic-link/revoke-jwt` | Revoke a JWT session |
+| `POST` | `/magic-link/ban-ip` | Ban an IP address |
+| `GET` | `/magic-link/banned-ips` | List banned IPs |
-| Issue                  | Solution                                       |
-| ---------------------- | ---------------------------------------------- |
-| Emails not sending     | Check your Strapi email provider configuration |
-| Token validation fails | Verify token expiration settings               |
-| User not found errors  | Check "Create New Users" setting               |
+---
-## License
+## ⚙️ Configuration
-[MIT](LICENSE)
+### General Settings
+- `enabled` - Enable/disable magic link authentication
+- `createUserIfNotExists` - Auto-create users on first login
+- `expire_period` - Token expiration time (seconds)
+- `token_length` - Security level (20-40 recommended)
+- `stays_valid` - Token reusable after first use
+- `max_login_attempts` - Limit failed login attempts
-## Development & Contributing
+### Email Settings
+- `from_name` - Sender name
+- `from_email` - Sender email address
+- `response_email` - Reply-to email
+- `object` - Email subject line
+- `message_html` - HTML email template
+- `message_text` - Plain text email template
+### JWT Settings
+- `use_jwt_token` - Use JWT for authentication
+- `jwt_token_expires_in` - JWT validity period (e.g., '30d', '7d')
+- `store_login_info` - Track IP and user agent
+### Advanced
+- `user_creation_strategy` - `email` | `emailUsername` | `manual`
+- `verify_email` - Require email verification
+- `callback_url` - Post-login redirect URL
-### Release Process
+---
-This project uses [semantic-release](https://github.com/semantic-release/semantic-release) to automate version management and package publishing.
+## 🎨 Email Templates
-To create a new release:
+Customize your magic link emails using template variables:
-```bash
-npx semantic-release
+```html
+<!-- HTML Template -->
+<h1>Welcome!</h1>
+<p>Click to login:</p>
+<a href="<%= URL %>?loginToken=<%= CODE %>">
+  Login to Your Account
+</a>
 ```
-This will automatically:
-1. Analyze commit messages since the last release
-2. Determine the appropriate version bump (major, minor, or patch)
-3. Generate release notes
-4. Update the version in package.json
-5. Create a new Git tag
-6. Publish the package to npm
+**Available Variables:**
+- `<%= URL %>` - Your confirmation URL
+- `<%= CODE %>` - The generated token
-### Commit Guidelines
+---
-To ensure semantic-release can properly determine the next version number, please follow these commit message conventions:
+## 🔒 Security Features
-#### Commit Message Format
+- **Token Expiration** - Configurable expiration periods
+- **One-time Tokens** - Optional single-use tokens
+- **IP Tracking** - Monitor login locations
+- **IP Banning** - Block suspicious addresses
+- **JWT Blacklist** - Revoke compromised sessions
+- **Login Attempt Limiting** - Prevent brute force
+- **User Agent Tracking** - Device fingerprinting
-Each commit message consists of a **header**, an optional **body**, and an optional **footer**:
+---
-```
-<type>(<scope>): <subject>
-<BLANK LINE>
-<body>
-<BLANK LINE>
-<footer>
-```
+## 🎯 Use Cases
-The **header** is mandatory and must conform to the following format:
+- **SaaS Applications** - Simplify user onboarding
+- **Customer Portals** - Secure, password-free access
+- **Multi-tenant Systems** - Easy user management
+- **Mobile Apps** - Seamless authentication flow
+- **Content Platforms** - Reduce password fatigue
-- **type**: What type of change this commit is making. Must be one of:
+---
-  - `feat`: A new feature (triggers a minor release)
-  - `fix`: A bug fix (triggers a patch release)
-  - `docs`: Documentation changes only
-  - `style`: Changes that don't affect code functionality (formatting, etc.)
-  - `refactor`: Code changes that neither fix a bug nor add a feature
-  - `perf`: Performance improvements
-  - `test`: Adding or updating tests
-  - `chore`: Changes to build process or auxiliary tools
-  - `ci`: Changes to CI configuration files and scripts
+## 🐛 Troubleshooting
-- **scope**: Optional, can be anything specifying the place of the commit change (e.g., `admin`, `api`, `auth`)
+| Issue | Solution |
+|-------|----------|
+| Emails not sending | Check Strapi email provider configuration |
+| Token invalid errors | Verify token hasn't expired |
+| User not found | Enable `createUserIfNotExists` setting |
+| License activation fails | Check network connectivity |
+| npm install fails | Use `npm install --legacy-peer-deps` |
-- **subject**: Brief description of the change
+---
-#### Breaking Changes
+## 🤝 Contributing
-For breaking changes, add `BREAKING CHANGE:` in the footer of the commit message or append a `!` after the type/scope:
+Contributions are welcome! Please:
-```
-feat(api)!: completely restructure API endpoints
+1. Fork the repository
+2. Create a feature branch (`git checkout -b feature/amazing-feature`)
+3. Commit your changes (`git commit -m 'feat: add amazing feature'`)
+4. Push to the branch (`git push origin feature/amazing-feature`)
+5. Open a Pull Request
-BREAKING CHANGE: The API endpoints have been completely restructured.
-```
+**Commit Convention:** Follow [Conventional Commits](https://www.conventionalcommits.org/)
+- `feat:` - New features
+- `fix:` - Bug fixes
+- `docs:` - Documentation changes
+- `chore:` - Maintenance tasks
-This will trigger a major version bump.
+---
-#### Examples
+## 📝 Changelog
-```
-feat(auth): add support for multiple roles
+This project uses [semantic-release](https://github.com/semantic-release/semantic-release) for automated versioning and releases. See [GitHub Releases](https://github.com/begservice/strapi-plugin-magic-link-v5/releases) for version history.
-fix(email): correct template rendering issue
+---
-docs: update API documentation
+## 📄 License
-chore(deps): update dependencies
+This project is licensed under the **MIT License** - see the [LICENSE](LICENSE) file for details.
-fix!: critical security vulnerability in token validation
-```
+**Important:** While the code is open source, the license validation system must remain intact. This ensures quality, security, and continued development of the plugin.
-### Branching Strategy
+---
-- `main`: Production-ready code
-- `develop`: Integration branch for features
-- `feature/*`: New features
-- `fix/*`: Bug fixes
-- `docs/*`: Documentation changes
+## 💬 Support
-When creating PRs, always merge feature branches into `develop` first. The `develop` branch is periodically merged into `main` for releases.
+- 🐛 **Issues**: [GitHub Issues](https://github.com/begservice/strapi-plugin-magic-link-v5/issues)
+- 📧 **Contact**: 124470865+begservice@users.noreply.github.com
+- 📦 **npm**: [strapi-plugin-magic-link-v5](https://www.npmjs.com/package/strapi-plugin-magic-link-v5)
 ---
-## Support
-If you encounter issues or have questions, please check the admin documentation or open an issue.
+Made with ❤️ by [begservice](https://github.com/begservice)

package/admin/src/pages/Tokens/TokensProfessional.jsx CHANGED Viewed

@@ -683,9 +683,15 @@ const TokensProfessional = () => {
   // Stats berechnen
   const stats = useMemo(() => ({
     total: tokens.length,
-    active: tokens.filter(t => !t.expired && !t.used).length,
-    expired: tokens.filter(t => t.expired).length,
-    used: tokens.filter(t => t.used).length,
+    active: tokens.filter(t => {
+      const isExpired = t.expires_at && new Date(t.expires_at) < new Date();
+      return t.is_active && !isExpired;
+    }).length,
+    expired: tokens.filter(t => {
+      const isExpired = t.expires_at && new Date(t.expires_at) < new Date();
+      return isExpired;
+    }).length,
+    used: tokens.filter(t => !t.is_active).length,
   }), [tokens]);
   // Gefilterte und sortierte Tokens
@@ -703,13 +709,14 @@ const TokensProfessional = () => {
     // Status Filter
     if (filterStatus !== 'all') {
       filtered = filtered.filter(token => {
+        const isExpired = token.expires_at && new Date(token.expires_at) < new Date();
         switch (filterStatus) {
           case 'active':
-            return !token.expired && !token.used;
+            return token.is_active && !isExpired;
           case 'expired':
-            return token.expired;
+            return isExpired;
           case 'used':
-            return token.used;
+            return !token.is_active;
           default:
             return true;
         }
@@ -939,12 +946,16 @@ const TokensProfessional = () => {
   };
   const getStatusBadge = (token) => {
-    if (token.used) {
+    // Prüfe zuerst is_active - wenn false, wurde der Token verwendet oder blockiert
+    if (!token.is_active) {
       return <AnimatedBadge variant="secondary">{formatMessage({ id: getTrad('tokens.status.used') })}</AnimatedBadge>;
     }
-    if (token.expired) {
+    // Prüfe ob abgelaufen
+    const isExpired = token.expires_at && new Date(token.expires_at) < new Date();
+    if (isExpired) {
       return <AnimatedBadge variant="warning">{formatMessage({ id: getTrad('tokens.status.expired') })}</AnimatedBadge>;
     }
+    // Token ist aktiv und nicht abgelaufen
     return <AnimatedBadge variant="success">{formatMessage({ id: getTrad('tokens.status.active') })}</AnimatedBadge>;
   };

package/admin/src/pages/Tokens/TokensRedesign.jsx CHANGED Viewed

@@ -369,9 +369,15 @@ const TokensRedesign = () => {
   // Stats berechnen
   const stats = {
     total: tokens.length,
-    active: tokens.filter(t => !t.expired && !t.used).length,
-    expired: tokens.filter(t => t.expired).length,
-    used: tokens.filter(t => t.used).length,
+    active: tokens.filter(t => {
+      const isExpired = t.expires_at && new Date(t.expires_at) < new Date();
+      return t.is_active && !isExpired;
+    }).length,
+    expired: tokens.filter(t => {
+      const isExpired = t.expires_at && new Date(t.expires_at) < new Date();
+      return isExpired;
+    }).length,
+    used: tokens.filter(t => !t.is_active).length,
   };
   // Stat Cards Konfiguration

package/package.json CHANGED Viewed

@@ -1,5 +1,5 @@
 {
-  "version": "4.3.1",
+  "version": "4.4.1",
   "keywords": [],
   "type": "commonjs",
   "exports": {
@@ -60,7 +60,7 @@
   },
   "name": "strapi-plugin-magic-link-v5",
   "description": "This plugin provides passwordless authentication via magic links sent to email",
-  "license": "SEE LICENSE IN LICENSE",
+  "license": "MIT",
   "private": false,
   "author": "Schero A. <124470865+begservice@users.noreply.github.com>",
   "repository": {

package/LICENSE-DUAL.md DELETED Viewed

@@ -1,37 +0,0 @@
-# DUAL LICENSE
-This software is available under a dual licensing model.
-## 1. GNU AFFERO GENERAL PUBLIC LICENSE (AGPL-3.0)
-If you are creating an open-source application under a license compatible with
-the GNU AGPL-3.0, you may use this software under those terms.
-**Key Requirements:**
-- You MUST make your complete source code available
-- You MUST license your application under AGPL-3.0
-- Network use counts as distribution (you must share code even for SaaS)
-- You MUST provide prominent notice and attribution
-See: https://www.gnu.org/licenses/agpl-3.0.html
-## 2. COMMERCIAL LICENSE
-If you want to use this software in a proprietary/commercial application
-WITHOUT the obligations of AGPL-3.0, you must purchase a commercial license.
-**Commercial License Benefits:**
-- No obligation to open-source your code
-- Can be used in proprietary/closed-source applications
-- Can be used in SaaS without sharing code
-- Priority support and updates
-- No copyleft requirements
-**Purchase:** [Deine Website]
-**Contact:** [Deine Email]
----
-**Note:** Using this software without a valid license (either AGPL-3.0 compliance
-or commercial license) is copyright infringement and will be prosecuted.

package/LICENSE_GUARD.md DELETED Viewed

@@ -1,323 +0,0 @@
-# Magic Link License Guard
-Der License Guard schützt und verwaltet das Magic Link Plugin über das bestehende License API System.
-## 🚀 Features
-- ✅ **Automatische Lizenz-Initialisierung** beim Plugin-Start
-- ✅ **Auto-Ping alle 15 Minuten** für Online-Tracking
-- ✅ **Geräteerkennung** (DeviceID, DeviceName, IP, UserAgent)
-- ✅ **Grace Period Support** (24h Offline-Nutzung)
-- ✅ **Admin-Endpoints** für Lizenzverwaltung
-- ✅ **Automatisches Cleanup** beim Plugin-Stop
-## 📋 Wie es funktioniert
-### 1. Beim Plugin-Start
-```
-Plugin startet → License Guard initialisiert
-                ↓
-Lizenzschlüssel im Store?
-    ↓ JA                    ↓ NEIN
-Verifizieren             Demo-Mode
-    ↓                        ↓
-Gültig?                   Warnung anzeigen
-    ↓ JA      ↓ NEIN
-Ping starten   Demo-Mode
-```
-### 2. Automatisches Pinging
-Alle 15 Minuten sendet der Guard automatisch:
-```json
-POST /api/licenses/ping
-{
-  "licenseKey": "A1B2-C3D4-E5F6-G7H8"
-}
-```
-Dies aktualisiert:
-- `lastPingAt` - Aktueller Zeitstempel
-- `lastActiveAt` - Aktivitäts-Tracker
-- `isOnline` - Online-Status basierend auf Grace Period
-## 🎯 Verwendung
-### Option 1: Lizenz über API erstellen
-```bash
-curl -X POST http://localhost:1337/api/licenses/create \
-  -H "Content-Type: application/json" \
-  -d '{
-    "email": "admin@example.com",
-    "firstName": "Admin",
-    "lastName": "User",
-    "deviceName": "Server-01",
-    "deviceId": "device-abc-123",
-    "ipAddress": "192.168.1.100",
-    "userAgent": "Strapi/5.11.2"
-  }'
-```
-**Response:**
-```json
-{
-  "success": true,
-  "message": "License created successfully",
-  "data": {
-    "id": 1,
-    "licenseKey": "A1B2-C3D4-E5F6-G7H8",
-    "email": "admin@example.com",
-    "isActive": true,
-    ...
-  }
-}
-```
-Der License Guard erkennt automatisch die neue Lizenz beim nächsten Start!
-### Option 2: Auto-Create über Admin-Endpoint
-```bash
-curl -X POST http://localhost:1337/magic-link/license/auto-create
-```
-Erstellt automatisch eine Lizenz mit Standard-Daten und aktiviert sie sofort.
-### Option 3: Programmatisch erstellen
-```javascript
-// Im Strapi-Code oder Terminal
-await strapi
-  .plugin('magic-link')
-  .service('license-guard')
-  .autoCreateLicense('your@email.com', 'First', 'Last');
-```
-## 📡 Admin-Endpoints
-Alle Endpoints sind unter `/magic-link/...` verfügbar:
-| Endpoint | Methode | Beschreibung |
-|----------|---------|--------------|
-| `/license/status` | GET | Aktueller Lizenz-Status |
-| `/license/create` | POST | Lizenz erstellen & aktivieren |
-| `/license/auto-create` | POST | Auto-Lizenz mit Defaults |
-| `/license/ping` | POST | Manueller Ping |
-| `/license/stats` | GET | Online-Statistiken |
-| `/license/deactivate` | POST | Lizenz deaktivieren |
-### Beispiele
-**Status abfragen:**
-```bash
-curl http://localhost:1337/magic-link/license/status
-```
-**Response:**
-```json
-{
-  "success": true,
-  "valid": true,
-  "data": {
-    "licenseKey": "A1B2-C3D4-E5F6-G7H8",
-    "isActive": true,
-    "isExpired": false,
-    "isOnline": true,
-    "expiresAt": "2026-10-13T10:00:00.000Z",
-    "lastPingAt": "2025-10-13T21:00:00.000Z",
-    "deviceName": "MacBook-Pro.local",
-    "features": {
-      "premium": true,
-      "advanced": false,
-      "enterprise": false,
-      "custom": false
-    },
-    "maxDevices": 1,
-    "currentDevices": 1
-  }
-}
-```
-**Manuelle Ping:**
-```bash
-curl -X POST http://localhost:1337/magic-link/license/ping
-```
-**Online-Statistiken:**
-```bash
-curl http://localhost:1337/magic-link/license/stats
-```
-## 🔧 Gesammelte Daten
-Der License Guard sammelt automatisch:
-### Device Information
-- **DeviceID**: SHA256-Hash von MAC-Adressen + Hostname
-- **DeviceName**: System-Hostname (z.B. "MacBook-Pro.local")
-- **IP Address**: Server-IP (erste nicht-interne IPv4)
-- **User Agent**: "Strapi/{version} Node/{version} {platform}/{release}"
-### Beispiel gesammelte Daten:
-```javascript
-{
-  deviceId: "a3f8e92c1d4b5e6f7a8b9c0d1e2f3a4b",
-  deviceName: "MacBook-Pro.local",
-  ipAddress: "192.168.1.100",
-  userAgent: "Strapi/5.11.2 Node/v20.11.0 darwin/23.0.0"
-}
-```
-## 📊 Console Output
-Beim Plugin-Start siehst du eine dieser Meldungen:
-### ✅ Lizenz aktiv:
-```
-╔════════════════════════════════════════════════════════════════╗
-║  ✅ MAGIC LINK PLUGIN LICENSE ACTIVE                           ║
-║                                                                ║
-║  License: A1B2-C3D4-E5F6-G7H8                                  ║
-║  User: Max Mustermann                                          ║
-║  Email: max@example.com                                        ║
-║                                                                ║
-║  🔄 Auto-pinging every 15 minutes                              ║
-╚════════════════════════════════════════════════════════════════╝
-```
-### ⚠️ Demo-Mode:
-```
-╔════════════════════════════════════════════════════════════════╗
-║  ⚠️  MAGIC LINK PLUGIN RUNNING IN DEMO MODE                   ║
-║                                                                ║
-║  To activate, create a license:                                ║
-║  POST http://localhost:1337/api/licenses/create                ║
-║                                                                ║
-║  Or auto-create with:                                          ║
-║  strapi.plugin("magic-link").service("license-guard")          ║
-║         .autoCreateLicense("your@email.com", "First", "Last")  ║
-╚════════════════════════════════════════════════════════════════╝
-```
-## 🔄 Lifecycle
-### Bootstrap (Plugin Start)
-1. License Guard Service wird geladen
-2. Nach 3 Sekunden: Initialize()
-3. Prüfe auf gespeicherten Lizenzschlüssel
-4. Verifiziere Lizenz
-5. Starte Auto-Ping (alle 15 Min)
-### Destroy (Plugin Stop)
-1. Stoppe Ping-Interval
-2. Cleanup-Log
-## 💻 Integration in dein Plugin
-### Lizenz-Status im Admin-Panel anzeigen
-Erstelle eine Settings-Seite mit Lizenz-Info:
-```javascript
-// In deiner Settings-Component
-const { data: licenseStatus } = await get('/magic-link/license/status');
-if (licenseStatus.valid) {
-  console.log('✅ License active:', licenseStatus.data.licenseKey);
-  console.log('Features:', licenseStatus.data.features);
-} else {
-  console.log('⚠️ Demo mode or invalid license');
-}
-```
-### Lizenz erstellen aus dem Admin-Panel
-```javascript
-const createLicense = async () => {
-  const response = await post('/magic-link/license/create', {
-    email: 'user@example.com',
-    firstName: 'John',
-    lastName: 'Doe',
-  });
-  if (response.data.success) {
-    console.log('License created:', response.data.data.licenseKey);
-  }
-};
-```
-## 🔐 Sicherheit
-- ✅ **DeviceID ist persistent** - Basiert auf Hardware
-- ✅ **Eindeutige Identifikation** - SHA256-Hash
-- ✅ **Keine Speicherung sensibler Daten** - Nur Hashes
-- ✅ **GDPR-konform** - User-Daten anonymisiert
-## 🛠 Troubleshooting
-### Plugin startet im Demo-Mode
-**Ursache:** Keine Lizenz gefunden oder Lizenz ungültig
-**Lösung:**
-```bash
-# Option 1: Auto-Create
-curl -X POST http://localhost:1337/magic-link/license/auto-create
-# Option 2: Manuell über License API
-curl -X POST http://localhost:1337/api/licenses/create \
-  -H "Content-Type: application/json" \
-  -d '{"email":"admin@localhost","firstName":"Admin","lastName":"User"}'
-# Option 3: Im Strapi Terminal
-await strapi.plugin('magic-link').service('license-guard')
-  .autoCreateLicense('admin@example.com', 'Admin', 'User');
-```
-### Pinging funktioniert nicht
-**Prüfen:**
-```bash
-# Manueller Ping
-curl -X POST http://localhost:1337/magic-link/license/ping
-# Status prüfen
-curl http://localhost:1337/magic-link/license/status
-```
-### Lizenz als "offline" markiert
-- Grace Period ist abgelaufen (>24h kein Ping)
-- Pinging wurde gestoppt
-- Netzwerk-Probleme
-**Lösung:** Einmal pingen → `isOnline` wird wieder auf `true` gesetzt
-## 📚 Logs
-Der License Guard loggt:
-```
-[INFO] 🔐 Initializing License Guard...
-[INFO] 📄 Found existing license key: A1B2-C3D4-E5F6-G7H8
-[INFO] ✅ License is valid and active
-[INFO] 📡 Started pinging license every 15 minutes
-[DEBUG] 📡 License ping successful: A1B2-C3D4-E5F6-G7H8
-[INFO] 🛑 License pinging stopped
-```
-## 🎉 Fertig!
-Der License Guard läuft nun automatisch im Hintergrund:
-- ✅ Verifiziert beim Start
-- ✅ Pingt alle 15 Minuten
-- ✅ Tracked Online-Status
-- ✅ Bereit für Production
-Für weitere Informationen siehe:
-- `/src/api/license/README.md` - License API Dokumentation
-- `/src/api/license/TRACKING.md` - Tracking-Details
-- `/src/api/license/SUMMARY.md` - Zusammenfassung

package/SECURITY.md DELETED Viewed

@@ -1,79 +0,0 @@
-# Security & License Protection
-## License Enforcement
-This software includes multiple layers of license protection:
-### 1. Backend License Check
-- API endpoints are protected by `license-check` policy
-- All requests are validated against active license
-- Invalid/expired licenses are rejected with 401 status
-### 2. Frontend License Guard
-- Admin UI displays activation modal without valid license
-- Prevents unauthorized UI access
-- Requires license activation before use
-### 3. License Verification
-- License keys are validated against central license database
-- Regular "ping" mechanism ensures license is active
-- Offline grace period for temporary network issues
-## Anti-Piracy Measures
-### Current Protection:
-1. **License Key Validation**: Server-side verification
-2. **Device Binding**: License tied to specific server instances
-3. **Online Checks**: Regular validation against license server
-4. **IP Tracking**: Monitor and limit license usage by IP
-5. **Audit Logging**: All license operations are logged
-### Additional Recommendations:
-#### Code Obfuscation (Optional)
-Consider obfuscating critical parts of the code:
-```bash
-npm install javascript-obfuscator --save-dev
-```
-#### API Key Protection
-Never commit license server API credentials to git:
-```bash
-# Add to .env
-LICENSE_SERVER_URL=https://your-license-server.com
-LICENSE_API_KEY=your-secret-key
-```
-#### Monitoring
-Set up monitoring for:
-- Unusual license activation patterns
-- Multiple IPs using same license
-- Attempts to bypass license checks
-## Reporting License Violations
-If you discover unauthorized use of this software:
-**Email:** [Your Email]
-**Subject:** License Violation Report
-Include:
-- URL or location where unauthorized use was found
-- Screenshots/evidence
-- Any relevant information
-We take license violations seriously and will pursue legal action when necessary.
-## Legal Notice
-Unauthorized use, copying, or distribution of this software constitutes:
-- Copyright infringement
-- Breach of software license agreement
-- Potential criminal violation under applicable laws
-Violators will be prosecuted to the fullest extent of the law.
----
-**Last Updated:** 2025-01-13