strapi-plugin-magic-sessionmanager 2.0.1 → 2.0.3

package/server/src/bootstrap.js

@@ -0,0 +1,297 @@
+'use strict';
+
+/**
+ * Bootstrap: Mount middleware for session tracking
+ * Sessions are managed via plugin::magic-sessionmanager.session content type
+ *
+ * NOTE: For multi-instance deployments, consider Redis locks or session store
+ */
+
+const getClientIp = require('./utils/getClientIp');
+
+module.exports = async ({ strapi }) => {
+  strapi.log.info('[magic-sessionmanager] 🚀 Bootstrap starting...');
+
+  try {
+    // Initialize License Guard
+    const licenseGuardService = strapi.plugin('magic-sessionmanager').service('license-guard');
+    
+    // Wait a bit for all services to be ready
+    setTimeout(async () => {
+      const licenseStatus = await licenseGuardService.initialize();
+      
+      if (!licenseStatus.valid) {
+        strapi.log.error('╔════════════════════════════════════════════════════════════════╗');
+        strapi.log.error('║  ❌ SESSION MANAGER - NO VALID LICENSE                         ║');
+        strapi.log.error('║                                                                ║');
+        strapi.log.error('║  This plugin requires a valid license to operate.             ║');
+        strapi.log.error('║  Please activate your license via Admin UI:                   ║');
+        strapi.log.error('║  Go to Settings → Sessions → License                          ║');
+        strapi.log.error('║                                                                ║');
+        strapi.log.error('║  The plugin will run with limited functionality until         ║');
+        strapi.log.error('║  a valid license is activated.                                ║');
+        strapi.log.error('╚════════════════════════════════════════════════════════════════╝');
+      } else if (licenseStatus.valid) {
+        const pluginStore = strapi.store({
+          type: 'plugin',
+          name: 'magic-sessionmanager',
+        });
+        const storedKey = await pluginStore.get({ key: 'licenseKey' });
+        
+        strapi.log.info('╔════════════════════════════════════════════════════════════════╗');
+        strapi.log.info('║  ✅ SESSION MANAGER LICENSE ACTIVE                             ║');
+        strapi.log.info('║                                                                ║');
+        
+        if (licenseStatus.data) {
+          strapi.log.info(`║  License: ${licenseStatus.data.licenseKey}`.padEnd(66) + '║');
+          strapi.log.info(`║  User: ${licenseStatus.data.firstName} ${licenseStatus.data.lastName}`.padEnd(66) + '║');
+          strapi.log.info(`║  Email: ${licenseStatus.data.email}`.padEnd(66) + '║');
+        } else if (storedKey) {
+          strapi.log.info(`║  License: ${storedKey} (Offline Mode)`.padEnd(66) + '║');
+          strapi.log.info(`║  Status: Grace Period Active`.padEnd(66) + '║');
+        }
+        
+        strapi.log.info('║                                                                ║');
+        strapi.log.info('║  🔄 Auto-pinging every 15 minutes                              ║');
+        strapi.log.info('╚════════════════════════════════════════════════════════════════╝');
+      }
+    }, 3000); // Wait 3 seconds for API to be ready
+
+    // Get session service
+    const sessionService = strapi
+      .plugin('magic-sessionmanager')
+      .service('session');
+
+    // Cleanup inactive sessions on startup
+    strapi.log.info('[magic-sessionmanager] Running initial session cleanup...');
+    await sessionService.cleanupInactiveSessions();
+
+    // Schedule periodic cleanup every 30 minutes
+    const cleanupInterval = 30 * 60 * 1000; // 30 minutes
+    
+    const cleanupIntervalHandle = setInterval(async () => {
+      try {
+        // Get fresh reference to service to avoid scope issues
+        const service = strapi.plugin('magic-sessionmanager').service('session');
+        await service.cleanupInactiveSessions();
+      } catch (err) {
+        strapi.log.error('[magic-sessionmanager] Periodic cleanup error:', err);
+      }
+    }, cleanupInterval);
+    
+    strapi.log.info('[magic-sessionmanager] ⏰ Periodic cleanup scheduled (every 30 minutes)');
+    
+    // Store interval handle for cleanup on shutdown
+    if (!strapi.sessionManagerIntervals) {
+      strapi.sessionManagerIntervals = {};
+    }
+    strapi.sessionManagerIntervals.cleanup = cleanupIntervalHandle;
+
+    // HIGH PRIORITY: Register /api/auth/logout route BEFORE other plugins
+    strapi.server.routes([{
+      method: 'POST',
+      path: '/api/auth/logout',
+      handler: async (ctx) => {
+        try {
+          const token = ctx.request.headers?.authorization?.replace('Bearer ', '');
+          
+          if (!token) {
+            ctx.status = 200;
+            ctx.body = { message: 'Logged out successfully' };
+            return;
+          }
+
+          // Find and terminate session by token
+          const sessions = await strapi.entityService.findMany('plugin::magic-sessionmanager.session', {
+            filters: {
+              token: token,
+              isActive: true,
+            },
+            limit: 1,
+          });
+
+          if (sessions.length > 0) {
+            await sessionService.terminateSession({ sessionId: sessions[0].id });
+            strapi.log.info(`[magic-sessionmanager] 🚪 Logout via /api/auth/logout - Session ${sessions[0].id} terminated`);
+          }
+
+          ctx.status = 200;
+          ctx.body = { message: 'Logged out successfully' };
+        } catch (err) {
+          strapi.log.error('[magic-sessionmanager] Logout error:', err);
+          ctx.status = 200;
+          ctx.body = { message: 'Logged out successfully' };
+        }
+      },
+      config: {
+        auth: false,
+      },
+    }]);
+
+    strapi.log.info('[magic-sessionmanager] ✅ /api/auth/logout route registered');
+
+    // Middleware to intercept logins
+    strapi.server.use(async (ctx, next) => {
+      // Execute the actual request
+      await next();
+      
+      // Check if this was a successful login request
+      const isAuthLocal = ctx.path === '/api/auth/local' && ctx.method === 'POST';
+      const isMagicLink = ctx.path.includes('/magic-link/login') && ctx.method === 'POST';
+      
+      if ((isAuthLocal || isMagicLink) && ctx.status === 200 && ctx.body && ctx.body.user) {
+        try {
+          const user = ctx.body.user;
+          
+          // Extract REAL client IP (handles proxies, load balancers, Cloudflare, etc.)
+          const ip = getClientIp(ctx);
+          const userAgent = ctx.request.headers?.['user-agent'] || ctx.request.header?.['user-agent'] || 'unknown';
+          
+          strapi.log.info(`[magic-sessionmanager] 🔍 Login detected! User: ${user.id} (${user.email || user.username}) from IP: ${ip}`);
+          
+          // Get config
+          const config = strapi.config.get('plugin::magic-sessionmanager') || {};
+          
+          // Check if we should analyze this session (Premium/Advanced features)
+          let shouldBlock = false;
+          let blockReason = '';
+          let geoData = null;
+          
+          // Premium: Get geolocation data
+          if (config.enableGeolocation || config.enableSecurityScoring) {
+            try {
+              const geolocationService = strapi.plugin('magic-sessionmanager').service('geolocation');
+              geoData = await geolocationService.getIpInfo(ip);
+              
+              // Advanced: Auto-blocking
+              if (config.blockSuspiciousSessions && geoData) {
+                if (geoData.isThreat) {
+                  shouldBlock = true;
+                  blockReason = 'Known threat IP detected';
+                } else if (geoData.isVpn && config.alertOnVpnProxy) {
+                  shouldBlock = true;
+                  blockReason = 'VPN detected';
+                } else if (geoData.isProxy && config.alertOnVpnProxy) {
+                  shouldBlock = true;
+                  blockReason = 'Proxy detected';
+                } else if (geoData.securityScore < 50) {
+                  shouldBlock = true;
+                  blockReason = `Low security score: ${geoData.securityScore}/100`;
+                }
+              }
+              
+              // Advanced: Geo-fencing
+              if (config.enableGeofencing && geoData && geoData.country_code) {
+                const countryCode = geoData.country_code;
+                
+                // Check blocked countries
+                if (config.blockedCountries && config.blockedCountries.includes(countryCode)) {
+                  shouldBlock = true;
+                  blockReason = `Country ${countryCode} is blocked`;
+                }
+                
+                // Check allowed countries (whitelist)
+                if (config.allowedCountries && config.allowedCountries.length > 0) {
+                  if (!config.allowedCountries.includes(countryCode)) {
+                    shouldBlock = true;
+                    blockReason = `Country ${countryCode} is not in allowlist`;
+                  }
+                }
+              }
+            } catch (geoErr) {
+              strapi.log.warn('[magic-sessionmanager] Geolocation check failed:', geoErr.message);
+            }
+          }
+          
+          // Block if needed
+          if (shouldBlock) {
+            strapi.log.warn(`[magic-sessionmanager] 🚫 Blocking login: ${blockReason}`);
+            
+            // Don't create session, return error
+            ctx.status = 403;
+            ctx.body = {
+              error: {
+                status: 403,
+                message: 'Login blocked for security reasons',
+                details: { reason: blockReason }
+              }
+            };
+            return; // Stop here
+          }
+          
+          // Create a new session
+          const newSession = await sessionService.createSession({
+            userId: user.id,
+            ip,
+            userAgent,
+            token: ctx.body.jwt, // Store JWT token reference
+          });
+          
+          strapi.log.info(`[magic-sessionmanager] ✅ Session created for user ${user.id} (IP: ${ip})`);
+          
+          // Advanced: Send notifications
+          if (geoData && (config.enableEmailAlerts || config.enableWebhooks)) {
+            try {
+              const notificationService = strapi.plugin('magic-sessionmanager').service('notifications');
+              
+              // Determine if suspicious
+              const isSuspicious = geoData.isVpn || geoData.isProxy || geoData.isThreat || geoData.securityScore < 70;
+              
+              // Email alerts
+              if (config.enableEmailAlerts && config.alertOnSuspiciousLogin && isSuspicious) {
+                await notificationService.sendSuspiciousLoginAlert({
+                  user,
+                  session: newSession,
+                  reason: {
+                    isVpn: geoData.isVpn,
+                    isProxy: geoData.isProxy,
+                    isThreat: geoData.isThreat,
+                    securityScore: geoData.securityScore,
+                  },
+                  geoData,
+                });
+              }
+              
+              // Webhook notifications (Discord/Slack)
+              if (config.enableWebhooks) {
+                const webhookData = notificationService.formatDiscordWebhook({
+                  event: isSuspicious ? 'login.suspicious' : 'login.success',
+                  session: newSession,
+                  user,
+                  geoData,
+                });
+                
+                if (config.discordWebhookUrl) {
+                  await notificationService.sendWebhook({
+                    event: 'session.login',
+                    data: webhookData,
+                    webhookUrl: config.discordWebhookUrl,
+                  });
+                }
+              }
+            } catch (notifErr) {
+              strapi.log.warn('[magic-sessionmanager] Notification failed:', notifErr.message);
+            }
+          }
+        } catch (err) {
+          strapi.log.error('[magic-sessionmanager] ❌ Error creating session:', err);
+          // Don't throw - login should still succeed even if session creation fails
+        }
+      }
+    });
+
+    strapi.log.info('[magic-sessionmanager] ✅ Login/Logout interceptor middleware mounted');
+
+    // Mount lastSeen update middleware
+    strapi.server.use(
+      require('./middlewares/last-seen')({ strapi, sessionService })
+    );
+
+    strapi.log.info('[magic-sessionmanager] ✅ LastSeen middleware mounted');
+    strapi.log.info('[magic-sessionmanager] ✅ Bootstrap complete');
+    strapi.log.info('[magic-sessionmanager] 🎉 Session Manager ready! Sessions stored in plugin::magic-sessionmanager.session');
+    
+  } catch (err) {
+    strapi.log.error('[magic-sessionmanager] ❌ Bootstrap error:', err);
+  }
+};

package/server/src/config/index.js

@@ -0,0 +1,20 @@
+'use strict';
+
+module.exports = {
+  default: {
+    // Rate limit for lastSeen updates (in milliseconds)
+    lastSeenRateLimit: 30000, // 30 seconds
+
+    // Session inactivity timeout (in milliseconds)
+    // After this time without activity, a session is considered inactive
+    inactivityTimeout: 15 * 60 * 1000, // 15 minutes
+  },
+  validator: (config) => {
+    if (config.lastSeenRateLimit && typeof config.lastSeenRateLimit !== 'number') {
+      throw new Error('lastSeenRateLimit must be a number (milliseconds)');
+    }
+    if (config.inactivityTimeout && typeof config.inactivityTimeout !== 'number') {
+      throw new Error('inactivityTimeout must be a number (milliseconds)');
+    }
+  },
+};

package/server/src/content-types/index.js

@@ -0,0 +1,9 @@
+'use strict';
+
+const session = require('./session/schema.json');
+
+module.exports = {
+  'plugin::magic-sessionmanager.session': {
+    schema: session,
+  },
+};

package/server/src/content-types/session/schema.json

@@ -0,0 +1,76 @@
+{
+  "kind": "collectionType",
+  "collectionName": "sessions",
+  "info": {
+    "singularName": "session",
+    "pluralName": "sessions",
+    "displayName": "Session",
+    "description": "User session tracking with IP, device, and activity information"
+  },
+  "options": {
+    "draftAndPublish": false,
+    "comment": ""
+  },
+  "pluginOptions": {
+    "content-manager": {
+      "visible": true
+    },
+    "content-type-builder": {
+      "visible": false
+    }
+  },
+  "attributes": {
+    "user": {
+      "type": "relation",
+      "relation": "manyToOne",
+      "target": "plugin::users-permissions.user",
+      "inversedBy": "sessions"
+    },
+    "ipAddress": {
+      "type": "string",
+      "maxLength": 45,
+      "required": true
+    },
+    "userAgent": {
+      "type": "text",
+      "maxLength": 500
+    },
+    "token": {
+      "type": "text",
+      "private": true
+    },
+    "loginTime": {
+      "type": "datetime",
+      "required": true
+    },
+    "logoutTime": {
+      "type": "datetime"
+    },
+    "lastActive": {
+      "type": "datetime"
+    },
+    "isActive": {
+      "type": "boolean",
+      "default": true,
+      "required": true
+    },
+    "geoLocation": {
+      "type": "json"
+    },
+    "securityScore": {
+      "type": "integer",
+      "min": 0,
+      "max": 100
+    },
+    "deviceType": {
+      "type": "string"
+    },
+    "browserName": {
+      "type": "string"
+    },
+    "osName": {
+      "type": "string"
+    }
+  }
+}
+

package/server/src/controllers/controller.js

@@ -0,0 +1,11 @@
+const controller = ({ strapi }) => ({
+  index(ctx) {
+    ctx.body = strapi
+      .plugin('magic-sessionmanager')
+      // the name of the service file & the method.
+      .service('service')
+      .getWelcomeMessage();
+  },
+});
+
+export default controller;

package/server/src/controllers/index.js

@@ -0,0 +1,11 @@
+'use strict';
+
+const session = require('./session');
+const license = require('./license');
+const settings = require('./settings');
+
+module.exports = {
+  session,
+  license,
+  settings,
+};

package/server/src/controllers/license.js

@@ -0,0 +1,266 @@
+/**
+ * License Controller for Magic Session Manager Plugin
+ * Manages licenses directly from the Admin Panel
+ */
+
+module.exports = ({ strapi }) => ({
+  /**
+   * Auto-create license with logged-in admin user data
+   */
+  async autoCreate(ctx) {
+    try {
+      // Get the logged-in admin user
+      const adminUser = ctx.state.user;
+      
+      if (!adminUser) {
+        return ctx.unauthorized('No admin user logged in');
+      }
+
+      const licenseGuard = strapi.plugin('magic-sessionmanager').service('license-guard');
+      
+      // Use admin user data for license creation
+      const license = await licenseGuard.createLicense({ 
+        email: adminUser.email,
+        firstName: adminUser.firstname || 'Admin',
+        lastName: adminUser.lastname || 'User',
+      });
+
+      if (!license) {
+        return ctx.badRequest('Failed to create license');
+      }
+
+      // Store the license key
+      await licenseGuard.storeLicenseKey(license.licenseKey);
+
+      // Start pinging
+      const pingInterval = licenseGuard.startPinging(license.licenseKey, 15);
+
+      // Update global license guard
+      strapi.licenseGuard = {
+        licenseKey: license.licenseKey,
+        pingInterval,
+        data: license,
+      };
+
+      return ctx.send({
+        success: true,
+        message: 'License automatically created and activated',
+        data: license,
+      });
+    } catch (error) {
+      strapi.log.error('[magic-sessionmanager] Error auto-creating license:', error);
+      return ctx.badRequest('Error creating license');
+    }
+  },
+
+  /**
+   * Get current license status
+   */
+  async getStatus(ctx) {
+    try {
+      const licenseGuard = strapi.plugin('magic-sessionmanager').service('license-guard');
+      const pluginStore = strapi.store({ 
+        type: 'plugin', 
+        name: 'magic-sessionmanager' 
+      });
+      const licenseKey = await pluginStore.get({ key: 'licenseKey' });
+
+      if (!licenseKey) {
+        strapi.log.debug('[magic-sessionmanager] No license key in store - demo mode');
+        return ctx.send({
+          success: false,
+          demo: true,
+          valid: false,
+          message: 'No license found. Running in demo mode.',
+        });
+      }
+
+      strapi.log.info(`[magic-sessionmanager/license-controller] Checking stored license: ${licenseKey}`);
+
+      const verification = await licenseGuard.verifyLicense(licenseKey);
+      const license = await licenseGuard.getLicenseByKey(licenseKey);
+      
+      strapi.log.info('[magic-sessionmanager/license-controller] License data from MagicAPI:', {
+        licenseKey: license?.licenseKey,
+        email: license?.email,
+        featurePremium: license?.featurePremium,
+        isActive: license?.isActive,
+        pluginName: license?.pluginName,
+      });
+
+      return ctx.send({
+        success: true,
+        valid: verification.valid,
+        demo: false,
+        data: {
+          licenseKey,
+          email: license?.email || null,
+          firstName: license?.firstName || null,
+          lastName: license?.lastName || null,
+          isActive: license?.isActive || false,
+          isExpired: license?.isExpired || false,
+          isOnline: license?.isOnline || false,
+          expiresAt: license?.expiresAt,
+          lastPingAt: license?.lastPingAt,
+          deviceName: license?.deviceName,
+          deviceId: license?.deviceId,
+          ipAddress: license?.ipAddress,
+          features: {
+            premium: license?.featurePremium || false,
+            advanced: license?.featureAdvanced || false,
+            enterprise: license?.featureEnterprise || false,
+            custom: license?.featureCustom || false,
+          },
+          maxDevices: license?.maxDevices || 1,
+          currentDevices: license?.currentDevices || 0,
+        },
+      });
+    } catch (error) {
+      strapi.log.error('[magic-sessionmanager] Error getting license status:', error);
+      return ctx.badRequest('Error getting license status');
+    }
+  },
+
+  /**
+   * Create and activate a new license
+   */
+  async createAndActivate(ctx) {
+    try {
+      const { email, firstName, lastName } = ctx.request.body;
+
+      if (!email || !firstName || !lastName) {
+        return ctx.badRequest('Email, firstName, and lastName are required');
+      }
+
+      const licenseGuard = strapi.plugin('magic-sessionmanager').service('license-guard');
+      const license = await licenseGuard.createLicense({ email, firstName, lastName });
+
+      if (!license) {
+        return ctx.badRequest('Failed to create license');
+      }
+
+      // Store the license key
+      await licenseGuard.storeLicenseKey(license.licenseKey);
+
+      // Start pinging
+      const pingInterval = licenseGuard.startPinging(license.licenseKey, 15);
+
+      // Update global license guard
+      strapi.licenseGuard = {
+        licenseKey: license.licenseKey,
+        pingInterval,
+        data: license,
+      };
+
+      return ctx.send({
+        success: true,
+        message: 'License created and activated successfully',
+        data: license,
+      });
+    } catch (error) {
+      strapi.log.error('[magic-sessionmanager] Error creating license:', error);
+      return ctx.badRequest('Error creating license');
+    }
+  },
+
+  /**
+   * Manually ping the current license
+   */
+  async ping(ctx) {
+    try {
+      const pluginStore = strapi.store({ 
+        type: 'plugin', 
+        name: 'magic-sessionmanager' 
+      });
+      const licenseKey = await pluginStore.get({ key: 'licenseKey' });
+
+      if (!licenseKey) {
+        return ctx.badRequest('No license key found');
+      }
+
+      const licenseGuard = strapi.plugin('magic-sessionmanager').service('license-guard');
+      const pingResult = await licenseGuard.pingLicense(licenseKey);
+
+      if (!pingResult) {
+        return ctx.badRequest('Ping failed');
+      }
+
+      return ctx.send({
+        success: true,
+        message: 'License pinged successfully',
+        data: pingResult,
+      });
+    } catch (error) {
+      strapi.log.error('[magic-sessionmanager] Error pinging license:', error);
+      return ctx.badRequest('Error pinging license');
+    }
+  },
+
+  /**
+   * Store and validate an existing license key
+   */
+  async storeKey(ctx) {
+    try {
+      const { licenseKey, email } = ctx.request.body;
+
+      if (!licenseKey || !licenseKey.trim()) {
+        return ctx.badRequest('License key is required');
+      }
+
+      if (!email || !email.trim()) {
+        return ctx.badRequest('Email address is required');
+      }
+
+      const trimmedKey = licenseKey.trim();
+      const trimmedEmail = email.trim().toLowerCase();
+      const licenseGuard = strapi.plugin('magic-sessionmanager').service('license-guard');
+
+      // Verify the license key first
+      const verification = await licenseGuard.verifyLicense(trimmedKey);
+
+      if (!verification.valid) {
+        strapi.log.warn(`[magic-sessionmanager] ⚠️ Invalid license key attempted: ${trimmedKey.substring(0, 8)}...`);
+        return ctx.badRequest('Invalid or expired license key');
+      }
+
+      // Get license details to verify email
+      const license = await licenseGuard.getLicenseByKey(trimmedKey);
+      
+      if (!license) {
+        strapi.log.warn(`[magic-sessionmanager] ⚠️ License not found in database: ${trimmedKey.substring(0, 8)}...`);
+        return ctx.badRequest('License not found');
+      }
+
+      // Verify email matches
+      if (license.email.toLowerCase() !== trimmedEmail) {
+        strapi.log.warn(`[magic-sessionmanager] ⚠️ Email mismatch for license key: ${trimmedKey.substring(0, 8)}... (Attempted: ${trimmedEmail})`);
+        return ctx.badRequest('Email address does not match this license key');
+      }
+
+      // Store the license key
+      await licenseGuard.storeLicenseKey(trimmedKey);
+
+      // Start pinging
+      const pingInterval = licenseGuard.startPinging(trimmedKey, 15);
+
+      // Update global license guard
+      strapi.licenseGuard = {
+        licenseKey: trimmedKey,
+        pingInterval,
+        data: verification.data,
+      };
+
+      strapi.log.info(`[magic-sessionmanager] ✅ Existing license key validated and stored: ${trimmedKey.substring(0, 8)}... (Email: ${trimmedEmail})`);
+
+      return ctx.send({
+        success: true,
+        message: 'License key validated and activated successfully',
+        data: verification.data,
+      });
+    } catch (error) {
+      strapi.log.error('[magic-sessionmanager] Error storing license key:', error);
+      return ctx.badRequest('Error validating license key');
+    }
+  },
+});
+