npm - strapi-plugin-magic-sessionmanager - Versions diffs - 2.0.0 → 2.0.2 - Mend

strapi-plugin-magic-sessionmanager 2.0.0 → 2.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (52) hide show

package/admin/jsconfig.json +10 -0
package/admin/src/components/Initializer.jsx +11 -0
package/admin/src/components/LicenseGuard.jsx +591 -0
package/admin/src/components/OnlineUsersWidget.jsx +208 -0
package/admin/src/components/PluginIcon.jsx +8 -0
package/admin/src/components/SessionDetailModal.jsx +445 -0
package/admin/src/components/SessionInfoCard.jsx +151 -0
package/admin/src/components/SessionInfoPanel.jsx +375 -0
package/admin/src/components/index.jsx +5 -0
package/admin/src/hooks/useLicense.js +103 -0
package/admin/src/index.js +137 -0
package/admin/src/pages/ActiveSessions.jsx +12 -0
package/admin/src/pages/Analytics.jsx +735 -0
package/admin/src/pages/App.jsx +12 -0
package/admin/src/pages/HomePage.jsx +1248 -0
package/admin/src/pages/License.jsx +603 -0
package/admin/src/pages/Settings.jsx +1497 -0
package/admin/src/pages/SettingsNew.jsx +1204 -0
package/admin/src/pages/index.jsx +3 -0
package/admin/src/pluginId.js +3 -0
package/admin/src/translations/de.json +20 -0
package/admin/src/translations/en.json +20 -0
package/admin/src/utils/getTranslation.js +5 -0
package/admin/src/utils/index.js +2 -0
package/admin/src/utils/parseUserAgent.js +79 -0
package/package.json +3 -1
package/server/jsconfig.json +10 -0
package/server/src/bootstrap.js +297 -0
package/server/src/config/index.js +20 -0
package/server/src/content-types/index.js +9 -0
package/server/src/content-types/session/schema.json +76 -0
package/server/src/controllers/controller.js +11 -0
package/server/src/controllers/index.js +11 -0
package/server/src/controllers/license.js +266 -0
package/server/src/controllers/session.js +362 -0
package/server/src/controllers/settings.js +122 -0
package/server/src/destroy.js +18 -0
package/server/src/index.js +21 -0
package/server/src/middlewares/index.js +5 -0
package/server/src/middlewares/last-seen.js +56 -0
package/server/src/policies/index.js +3 -0
package/server/src/register.js +32 -0
package/server/src/routes/admin.js +149 -0
package/server/src/routes/content-api.js +51 -0
package/server/src/routes/index.js +9 -0
package/server/src/services/geolocation.js +180 -0
package/server/src/services/index.js +13 -0
package/server/src/services/license-guard.js +308 -0
package/server/src/services/notifications.js +319 -0
package/server/src/services/service.js +7 -0
package/server/src/services/session.js +345 -0
package/server/src/utils/getClientIp.js +118 -0

package/admin/src/pages/index.jsx ADDED Viewed

@@ -0,0 +1,3 @@
+export { default as HomePage } from './HomePage';
+export { default as ActiveSessions } from './ActiveSessions';
+export { default as App } from './App';

package/admin/src/pluginId.js ADDED Viewed

@@ -0,0 +1,3 @@
+const pluginId = 'magic-sessionmanager';
+export default pluginId;

package/admin/src/translations/de.json ADDED Viewed

@@ -0,0 +1,20 @@
+{
+  "plugin.name": "Session Manager",
+  "plugin.description": "Verfolgung von Benutzer-Login/Logout und Sitzungsaktivität",
+  "settings.section": "Session Manager",
+  "settings.sessions": "Aktive Sitzungen",
+  "settings.emailTemplates.title": "E-Mail Templates",
+  "settings.emailTemplates.description": "Passe E-Mail-Benachrichtigungen mit dynamischen Variablen an",
+  "settings.emailTemplates.validate": "Validieren",
+  "settings.emailTemplates.loadDefault": "Standard-Template laden",
+  "settings.emailTemplates.subject": "E-Mail Betreff",
+  "settings.emailTemplates.htmlTemplate": "HTML Template",
+  "settings.emailTemplates.textTemplate": "Text Template (Fallback)",
+  "settings.emailTemplates.variables": "Verfügbare Variablen (klicken zum Kopieren)",
+  "settings.emailTemplates.validation.success": "Template gültig! {count} Variablen gefunden.",
+  "settings.emailTemplates.validation.warning": "Keine Variablen im Template gefunden. Füge mindestens eine Variable hinzu.",
+  "settings.emailTemplates.defaultLoaded": "Standard-Template geladen!",
+  "settings.emailTemplates.suspiciousLogin": "Verdächtiger Login",
+  "settings.emailTemplates.newLocation": "Neuer Standort",
+  "settings.emailTemplates.vpnProxy": "VPN/Proxy"
+}

package/admin/src/translations/en.json ADDED Viewed

@@ -0,0 +1,20 @@
+{
+  "plugin.name": "Session Manager",
+  "plugin.description": "Track user login/logout and session activity",
+  "settings.section": "Session Manager",
+  "settings.sessions": "Active Sessions",
+  "settings.emailTemplates.title": "Email Templates",
+  "settings.emailTemplates.description": "Customize email notification templates with dynamic variables",
+  "settings.emailTemplates.validate": "Validate",
+  "settings.emailTemplates.loadDefault": "Load Default Template",
+  "settings.emailTemplates.subject": "Email Subject",
+  "settings.emailTemplates.htmlTemplate": "HTML Template",
+  "settings.emailTemplates.textTemplate": "Text Template (Fallback)",
+  "settings.emailTemplates.variables": "Available Variables (click to copy)",
+  "settings.emailTemplates.validation.success": "Template valid! Found {count} variables.",
+  "settings.emailTemplates.validation.warning": "No variables found in template. Add at least one variable.",
+  "settings.emailTemplates.defaultLoaded": "Default template loaded!",
+  "settings.emailTemplates.suspiciousLogin": "Suspicious Login",
+  "settings.emailTemplates.newLocation": "New Location",
+  "settings.emailTemplates.vpnProxy": "VPN/Proxy"
+}

package/admin/src/utils/getTranslation.js ADDED Viewed

@@ -0,0 +1,5 @@
+import { PLUGIN_ID } from '../pluginId';
+const getTranslation = (id) => `${PLUGIN_ID}.${id}`;
+export { getTranslation };

package/admin/src/utils/index.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export { default as parseUserAgent } from './parseUserAgent';
2	+

package/admin/src/utils/parseUserAgent.js ADDED Viewed

@@ -0,0 +1,79 @@
+/**
+ * Parse User Agent to extract device and browser info
+ * Returns human-readable device type and browser name
+ */
+export const parseUserAgent = (userAgent) => {
+  if (!userAgent) {
+    return {
+      device: 'Unknown',
+      deviceIcon: '❓',
+      browser: 'Unknown',
+      os: 'Unknown',
+    };
+  }
+  const ua = userAgent.toLowerCase();
+  // Device detection
+  let device = 'Desktop';
+  let deviceIcon = '💻';
+  if (/(tablet|ipad|playbook|silk)|(android(?!.*mobi))/i.test(userAgent)) {
+    device = 'Tablet';
+    deviceIcon = '📱';
+  } else if (/Mobile|Android|iP(hone|od)|IEMobile|BlackBerry|Kindle|Silk-Accelerated|(hpw|web)OS|Opera M(obi|ini)/.test(userAgent)) {
+    device = 'Mobile';
+    deviceIcon = '📱';
+  }
+  // Browser detection
+  let browser = 'Unknown';
+  if (ua.includes('edg/')) {
+    browser = 'Edge';
+  } else if (ua.includes('chrome/') && !ua.includes('edg/')) {
+    browser = 'Chrome';
+  } else if (ua.includes('firefox/')) {
+    browser = 'Firefox';
+  } else if (ua.includes('safari/') && !ua.includes('chrome/')) {
+    browser = 'Safari';
+  } else if (ua.includes('opera/') || ua.includes('opr/')) {
+    browser = 'Opera';
+  } else if (ua.includes('curl/')) {
+    browser = 'cURL';
+    deviceIcon = '⚙️';
+    device = 'API Client';
+  } else if (ua.includes('postman')) {
+    browser = 'Postman';
+    deviceIcon = '📮';
+    device = 'API Client';
+  } else if (ua.includes('insomnia')) {
+    browser = 'Insomnia';
+    deviceIcon = '🌙';
+    device = 'API Client';
+  }
+  // OS detection
+  let os = 'Unknown';
+  if (ua.includes('windows')) {
+    os = 'Windows';
+  } else if (ua.includes('mac os x') || ua.includes('macintosh')) {
+    os = 'macOS';
+  } else if (ua.includes('linux')) {
+    os = 'Linux';
+  } else if (ua.includes('android')) {
+    os = 'Android';
+  } else if (ua.includes('iphone') || ua.includes('ipad')) {
+    os = 'iOS';
+  }
+  return {
+    device,
+    deviceIcon,
+    browser,
+    os,
+  };
+};
+export default parseUserAgent;

package/package.json CHANGED Viewed

@@ -1,5 +1,5 @@
 {
-  "version": "2.0.0",
+  "version": "2.0.2",
   "keywords": [
     "strapi",
     "strapi-plugin",
@@ -27,6 +27,8 @@
   },
   "files": [
     "dist",
+    "server",
+    "admin",
     "strapi-admin.js",
     "strapi-server.js",
     "README.md",

package/server/jsconfig.json ADDED Viewed

@@ -0,0 +1,10 @@
+{
+  "compilerOptions": {
+    "target": "es6",
+    "module": "commonjs",
+    "allowSyntheticDefaultImports": true,
+    "esModuleInterop": true
+  },
+  "include": ["./src/**/*.js"],
+  "exclude": ["node_modules"]
+}

package/server/src/bootstrap.js ADDED Viewed

@@ -0,0 +1,297 @@
+'use strict';
+/**
+ * Bootstrap: Mount middleware for session tracking
+ * Sessions are managed via plugin::magic-sessionmanager.session content type
+ *
+ * NOTE: For multi-instance deployments, consider Redis locks or session store
+ */
+const getClientIp = require('./utils/getClientIp');
+module.exports = async ({ strapi }) => {
+  strapi.log.info('[magic-sessionmanager] 🚀 Bootstrap starting...');
+  try {
+    // Initialize License Guard
+    const licenseGuardService = strapi.plugin('magic-sessionmanager').service('license-guard');
+    // Wait a bit for all services to be ready
+    setTimeout(async () => {
+      const licenseStatus = await licenseGuardService.initialize();
+      if (!licenseStatus.valid) {
+        strapi.log.error('╔════════════════════════════════════════════════════════════════╗');
+        strapi.log.error('║  ❌ SESSION MANAGER - NO VALID LICENSE                         ║');
+        strapi.log.error('║                                                                ║');
+        strapi.log.error('║  This plugin requires a valid license to operate.             ║');
+        strapi.log.error('║  Please activate your license via Admin UI:                   ║');
+        strapi.log.error('║  Go to Settings → Sessions → License                          ║');
+        strapi.log.error('║                                                                ║');
+        strapi.log.error('║  The plugin will run with limited functionality until         ║');
+        strapi.log.error('║  a valid license is activated.                                ║');
+        strapi.log.error('╚════════════════════════════════════════════════════════════════╝');
+      } else if (licenseStatus.valid) {
+        const pluginStore = strapi.store({
+          type: 'plugin',
+          name: 'magic-sessionmanager',
+        });
+        const storedKey = await pluginStore.get({ key: 'licenseKey' });
+        strapi.log.info('╔════════════════════════════════════════════════════════════════╗');
+        strapi.log.info('║  ✅ SESSION MANAGER LICENSE ACTIVE                             ║');
+        strapi.log.info('║                                                                ║');
+        if (licenseStatus.data) {
+          strapi.log.info(`║  License: ${licenseStatus.data.licenseKey}`.padEnd(66) + '║');
+          strapi.log.info(`║  User: ${licenseStatus.data.firstName} ${licenseStatus.data.lastName}`.padEnd(66) + '║');
+          strapi.log.info(`║  Email: ${licenseStatus.data.email}`.padEnd(66) + '║');
+        } else if (storedKey) {
+          strapi.log.info(`║  License: ${storedKey} (Offline Mode)`.padEnd(66) + '║');
+          strapi.log.info(`║  Status: Grace Period Active`.padEnd(66) + '║');
+        }
+        strapi.log.info('║                                                                ║');
+        strapi.log.info('║  🔄 Auto-pinging every 15 minutes                              ║');
+        strapi.log.info('╚════════════════════════════════════════════════════════════════╝');
+      }
+    }, 3000); // Wait 3 seconds for API to be ready
+    // Get session service
+    const sessionService = strapi
+      .plugin('magic-sessionmanager')
+      .service('session');
+    // Cleanup inactive sessions on startup
+    strapi.log.info('[magic-sessionmanager] Running initial session cleanup...');
+    await sessionService.cleanupInactiveSessions();
+    // Schedule periodic cleanup every 30 minutes
+    const cleanupInterval = 30 * 60 * 1000; // 30 minutes
+    const cleanupIntervalHandle = setInterval(async () => {
+      try {
+        // Get fresh reference to service to avoid scope issues
+        const service = strapi.plugin('magic-sessionmanager').service('session');
+        await service.cleanupInactiveSessions();
+      } catch (err) {
+        strapi.log.error('[magic-sessionmanager] Periodic cleanup error:', err);
+      }
+    }, cleanupInterval);
+    strapi.log.info('[magic-sessionmanager] ⏰ Periodic cleanup scheduled (every 30 minutes)');
+    // Store interval handle for cleanup on shutdown
+    if (!strapi.sessionManagerIntervals) {
+      strapi.sessionManagerIntervals = {};
+    }
+    strapi.sessionManagerIntervals.cleanup = cleanupIntervalHandle;
+    // HIGH PRIORITY: Register /api/auth/logout route BEFORE other plugins
+    strapi.server.routes([{
+      method: 'POST',
+      path: '/api/auth/logout',
+      handler: async (ctx) => {
+        try {
+          const token = ctx.request.headers?.authorization?.replace('Bearer ', '');
+          if (!token) {
+            ctx.status = 200;
+            ctx.body = { message: 'Logged out successfully' };
+            return;
+          }
+          // Find and terminate session by token
+          const sessions = await strapi.entityService.findMany('plugin::magic-sessionmanager.session', {
+            filters: {
+              token: token,
+              isActive: true,
+            },
+            limit: 1,
+          });
+          if (sessions.length > 0) {
+            await sessionService.terminateSession({ sessionId: sessions[0].id });
+            strapi.log.info(`[magic-sessionmanager] 🚪 Logout via /api/auth/logout - Session ${sessions[0].id} terminated`);
+          }
+          ctx.status = 200;
+          ctx.body = { message: 'Logged out successfully' };
+        } catch (err) {
+          strapi.log.error('[magic-sessionmanager] Logout error:', err);
+          ctx.status = 200;
+          ctx.body = { message: 'Logged out successfully' };
+        }
+      },
+      config: {
+        auth: false,
+      },
+    }]);
+    strapi.log.info('[magic-sessionmanager] ✅ /api/auth/logout route registered');
+    // Middleware to intercept logins
+    strapi.server.use(async (ctx, next) => {
+      // Execute the actual request
+      await next();
+      // Check if this was a successful login request
+      const isAuthLocal = ctx.path === '/api/auth/local' && ctx.method === 'POST';
+      const isMagicLink = ctx.path.includes('/magic-link/login') && ctx.method === 'POST';
+      if ((isAuthLocal || isMagicLink) && ctx.status === 200 && ctx.body && ctx.body.user) {
+        try {
+          const user = ctx.body.user;
+          // Extract REAL client IP (handles proxies, load balancers, Cloudflare, etc.)
+          const ip = getClientIp(ctx);
+          const userAgent = ctx.request.headers?.['user-agent'] || ctx.request.header?.['user-agent'] || 'unknown';
+          strapi.log.info(`[magic-sessionmanager] 🔍 Login detected! User: ${user.id} (${user.email || user.username}) from IP: ${ip}`);
+          // Get config
+          const config = strapi.config.get('plugin::magic-sessionmanager') || {};
+          // Check if we should analyze this session (Premium/Advanced features)
+          let shouldBlock = false;
+          let blockReason = '';
+          let geoData = null;
+          // Premium: Get geolocation data
+          if (config.enableGeolocation || config.enableSecurityScoring) {
+            try {
+              const geolocationService = strapi.plugin('magic-sessionmanager').service('geolocation');
+              geoData = await geolocationService.getIpInfo(ip);
+              // Advanced: Auto-blocking
+              if (config.blockSuspiciousSessions && geoData) {
+                if (geoData.isThreat) {
+                  shouldBlock = true;
+                  blockReason = 'Known threat IP detected';
+                } else if (geoData.isVpn && config.alertOnVpnProxy) {
+                  shouldBlock = true;
+                  blockReason = 'VPN detected';
+                } else if (geoData.isProxy && config.alertOnVpnProxy) {
+                  shouldBlock = true;
+                  blockReason = 'Proxy detected';
+                } else if (geoData.securityScore < 50) {
+                  shouldBlock = true;
+                  blockReason = `Low security score: ${geoData.securityScore}/100`;
+                }
+              }
+              // Advanced: Geo-fencing
+              if (config.enableGeofencing && geoData && geoData.country_code) {
+                const countryCode = geoData.country_code;
+                // Check blocked countries
+                if (config.blockedCountries && config.blockedCountries.includes(countryCode)) {
+                  shouldBlock = true;
+                  blockReason = `Country ${countryCode} is blocked`;
+                }
+                // Check allowed countries (whitelist)
+                if (config.allowedCountries && config.allowedCountries.length > 0) {
+                  if (!config.allowedCountries.includes(countryCode)) {
+                    shouldBlock = true;
+                    blockReason = `Country ${countryCode} is not in allowlist`;
+                  }
+                }
+              }
+            } catch (geoErr) {
+              strapi.log.warn('[magic-sessionmanager] Geolocation check failed:', geoErr.message);
+            }
+          }
+          // Block if needed
+          if (shouldBlock) {
+            strapi.log.warn(`[magic-sessionmanager] 🚫 Blocking login: ${blockReason}`);
+            // Don't create session, return error
+            ctx.status = 403;
+            ctx.body = {
+              error: {
+                status: 403,
+                message: 'Login blocked for security reasons',
+                details: { reason: blockReason }
+              }
+            };
+            return; // Stop here
+          }
+          // Create a new session
+          const newSession = await sessionService.createSession({
+            userId: user.id,
+            ip,
+            userAgent,
+            token: ctx.body.jwt, // Store JWT token reference
+          });
+          strapi.log.info(`[magic-sessionmanager] ✅ Session created for user ${user.id} (IP: ${ip})`);
+          // Advanced: Send notifications
+          if (geoData && (config.enableEmailAlerts || config.enableWebhooks)) {
+            try {
+              const notificationService = strapi.plugin('magic-sessionmanager').service('notifications');
+              // Determine if suspicious
+              const isSuspicious = geoData.isVpn || geoData.isProxy || geoData.isThreat || geoData.securityScore < 70;
+              // Email alerts
+              if (config.enableEmailAlerts && config.alertOnSuspiciousLogin && isSuspicious) {
+                await notificationService.sendSuspiciousLoginAlert({
+                  user,
+                  session: newSession,
+                  reason: {
+                    isVpn: geoData.isVpn,
+                    isProxy: geoData.isProxy,
+                    isThreat: geoData.isThreat,
+                    securityScore: geoData.securityScore,
+                  },
+                  geoData,
+                });
+              }
+              // Webhook notifications (Discord/Slack)
+              if (config.enableWebhooks) {
+                const webhookData = notificationService.formatDiscordWebhook({
+                  event: isSuspicious ? 'login.suspicious' : 'login.success',
+                  session: newSession,
+                  user,
+                  geoData,
+                });
+                if (config.discordWebhookUrl) {
+                  await notificationService.sendWebhook({
+                    event: 'session.login',
+                    data: webhookData,
+                    webhookUrl: config.discordWebhookUrl,
+                  });
+                }
+              }
+            } catch (notifErr) {
+              strapi.log.warn('[magic-sessionmanager] Notification failed:', notifErr.message);
+            }
+          }
+        } catch (err) {
+          strapi.log.error('[magic-sessionmanager] ❌ Error creating session:', err);
+          // Don't throw - login should still succeed even if session creation fails
+        }
+      }
+    });
+    strapi.log.info('[magic-sessionmanager] ✅ Login/Logout interceptor middleware mounted');
+    // Mount lastSeen update middleware
+    strapi.server.use(
+      require('./middlewares/last-seen')({ strapi, sessionService })
+    );
+    strapi.log.info('[magic-sessionmanager] ✅ LastSeen middleware mounted');
+    strapi.log.info('[magic-sessionmanager] ✅ Bootstrap complete');
+    strapi.log.info('[magic-sessionmanager] 🎉 Session Manager ready! Sessions stored in plugin::magic-sessionmanager.session');
+  } catch (err) {
+    strapi.log.error('[magic-sessionmanager] ❌ Bootstrap error:', err);
+  }
+};

package/server/src/config/index.js ADDED Viewed

@@ -0,0 +1,20 @@
+'use strict';
+module.exports = {
+  default: {
+    // Rate limit for lastSeen updates (in milliseconds)
+    lastSeenRateLimit: 30000, // 30 seconds
+    // Session inactivity timeout (in milliseconds)
+    // After this time without activity, a session is considered inactive
+    inactivityTimeout: 15 * 60 * 1000, // 15 minutes
+  },
+  validator: (config) => {
+    if (config.lastSeenRateLimit && typeof config.lastSeenRateLimit !== 'number') {
+      throw new Error('lastSeenRateLimit must be a number (milliseconds)');
+    }
+    if (config.inactivityTimeout && typeof config.inactivityTimeout !== 'number') {
+      throw new Error('inactivityTimeout must be a number (milliseconds)');
+    }
+  },
+};

package/server/src/content-types/index.js ADDED Viewed

@@ -0,0 +1,9 @@
+'use strict';
+const session = require('./session/schema.json');
+module.exports = {
+  'plugin::magic-sessionmanager.session': {
+    schema: session,
+  },
+};

package/server/src/content-types/session/schema.json ADDED Viewed

@@ -0,0 +1,76 @@
+{
+  "kind": "collectionType",
+  "collectionName": "sessions",
+  "info": {
+    "singularName": "session",
+    "pluralName": "sessions",
+    "displayName": "Session",
+    "description": "User session tracking with IP, device, and activity information"
+  },
+  "options": {
+    "draftAndPublish": false,
+    "comment": ""
+  },
+  "pluginOptions": {
+    "content-manager": {
+      "visible": true
+    },
+    "content-type-builder": {
+      "visible": false
+    }
+  },
+  "attributes": {
+    "user": {
+      "type": "relation",
+      "relation": "manyToOne",
+      "target": "plugin::users-permissions.user",
+      "inversedBy": "sessions"
+    },
+    "ipAddress": {
+      "type": "string",
+      "maxLength": 45,
+      "required": true
+    },
+    "userAgent": {
+      "type": "text",
+      "maxLength": 500
+    },
+    "token": {
+      "type": "text",
+      "private": true
+    },
+    "loginTime": {
+      "type": "datetime",
+      "required": true
+    },
+    "logoutTime": {
+      "type": "datetime"
+    },
+    "lastActive": {
+      "type": "datetime"
+    },
+    "isActive": {
+      "type": "boolean",
+      "default": true,
+      "required": true
+    },
+    "geoLocation": {
+      "type": "json"
+    },
+    "securityScore": {
+      "type": "integer",
+      "min": 0,
+      "max": 100
+    },
+    "deviceType": {
+      "type": "string"
+    },
+    "browserName": {
+      "type": "string"
+    },
+    "osName": {
+      "type": "string"
+    }
+  }
+}

package/server/src/controllers/controller.js ADDED Viewed

@@ -0,0 +1,11 @@
+const controller = ({ strapi }) => ({
+  index(ctx) {
+    ctx.body = strapi
+      .plugin('magic-sessionmanager')
+      // the name of the service file & the method.
+      .service('service')
+      .getWelcomeMessage();
+  },
+});
+export default controller;

package/server/src/controllers/index.js ADDED Viewed

@@ -0,0 +1,11 @@
+'use strict';
+const session = require('./session');
+const license = require('./license');
+const settings = require('./settings');
+module.exports = {
+  session,
+  license,
+  settings,
+};