npm - strapi-plugin-magic-sessionmanager - Versions diffs - 2.0.1 → 2.0.3 - Mend

strapi-plugin-magic-sessionmanager 2.0.1 → 2.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (54) hide show

package/admin/jsconfig.json +10 -0
package/admin/src/components/Initializer.jsx +11 -0
package/admin/src/components/LicenseGuard.jsx +591 -0
package/admin/src/components/OnlineUsersWidget.jsx +208 -0
package/admin/src/components/PluginIcon.jsx +8 -0
package/admin/src/components/SessionDetailModal.jsx +445 -0
package/admin/src/components/SessionInfoCard.jsx +151 -0
package/admin/src/components/SessionInfoPanel.jsx +375 -0
package/admin/src/components/index.jsx +5 -0
package/admin/src/hooks/useLicense.js +103 -0
package/admin/src/index.js +137 -0
package/admin/src/pages/ActiveSessions.jsx +12 -0
package/admin/src/pages/Analytics.jsx +735 -0
package/admin/src/pages/App.jsx +12 -0
package/admin/src/pages/HomePage.jsx +1248 -0
package/admin/src/pages/License.jsx +603 -0
package/admin/src/pages/Settings.jsx +1497 -0
package/admin/src/pages/SettingsNew.jsx +1204 -0
package/admin/src/pages/index.jsx +3 -0
package/admin/src/pluginId.js +3 -0
package/admin/src/translations/de.json +20 -0
package/admin/src/translations/en.json +20 -0
package/admin/src/utils/getTranslation.js +5 -0
package/admin/src/utils/index.js +2 -0
package/admin/src/utils/parseUserAgent.js +79 -0
package/dist/server/index.js +91 -2
package/dist/server/index.mjs +91 -2
package/package.json +3 -1
package/server/jsconfig.json +10 -0
package/server/src/bootstrap.js +297 -0
package/server/src/config/index.js +20 -0
package/server/src/content-types/index.js +9 -0
package/server/src/content-types/session/schema.json +76 -0
package/server/src/controllers/controller.js +11 -0
package/server/src/controllers/index.js +11 -0
package/server/src/controllers/license.js +266 -0
package/server/src/controllers/session.js +362 -0
package/server/src/controllers/settings.js +122 -0
package/server/src/destroy.js +18 -0
package/server/src/index.js +23 -0
package/server/src/middlewares/index.js +5 -0
package/server/src/middlewares/last-seen.js +56 -0
package/server/src/policies/index.js +3 -0
package/server/src/register.js +32 -0
package/server/src/routes/admin.js +149 -0
package/server/src/routes/content-api.js +51 -0
package/server/src/routes/index.js +9 -0
package/server/src/services/geolocation.js +180 -0
package/server/src/services/index.js +13 -0
package/server/src/services/license-guard.js +308 -0
package/server/src/services/notifications.js +319 -0
package/server/src/services/service.js +7 -0
package/server/src/services/session.js +345 -0
package/server/src/utils/getClientIp.js +118 -0

package/server/src/controllers/session.js ADDED Viewed

@@ -0,0 +1,362 @@
+'use strict';
+/**
+ * Session Controller
+ * Handles HTTP requests for session management
+ */
+module.exports = {
+  /**
+   * Get ALL sessions (active + inactive) - Admin only
+   * GET /magic-sessionmanager/sessions
+   */
+  async getAllSessionsAdmin(ctx) {
+    try {
+      const sessionService = strapi
+        .plugin('magic-sessionmanager')
+        .service('session');
+      const sessions = await sessionService.getAllSessions();
+      ctx.body = {
+        data: sessions,
+        meta: {
+          count: sessions.length,
+          active: sessions.filter(s => s.isTrulyActive).length,
+          inactive: sessions.filter(s => !s.isTrulyActive).length,
+        },
+      };
+    } catch (err) {
+      ctx.throw(500, 'Error fetching sessions');
+    }
+  },
+  /**
+   * Get active sessions only
+   * GET /magic-sessionmanager/sessions/active
+   */
+  async getActiveSessions(ctx) {
+    try {
+      const sessionService = strapi
+        .plugin('magic-sessionmanager')
+        .service('session');
+      const sessions = await sessionService.getActiveSessions();
+      ctx.body = {
+        data: sessions,
+        meta: {
+          count: sessions.length,
+        },
+      };
+    } catch (err) {
+      ctx.throw(500, 'Error fetching active sessions');
+    }
+  },
+  /**
+   * Get user's sessions
+   * GET /magic-sessionmanager/user/:userId/sessions
+   * SECURITY: User can only access their own sessions
+   */
+  async getUserSessions(ctx) {
+    try {
+      const { userId } = ctx.params;
+      const requestingUserId = ctx.state.user?.id;
+      // SECURITY CHECK: User can only see their own sessions
+      if (requestingUserId && String(requestingUserId) !== String(userId)) {
+        strapi.log.warn(`[magic-sessionmanager] Security: User ${requestingUserId} tried to access sessions of user ${userId}`);
+        return ctx.forbidden('You can only access your own sessions');
+      }
+      const sessionService = strapi
+        .plugin('magic-sessionmanager')
+        .service('session');
+      const sessions = await sessionService.getUserSessions(userId);
+      ctx.body = {
+        data: sessions,
+        meta: {
+          count: sessions.length,
+        },
+      };
+    } catch (err) {
+      ctx.throw(500, 'Error fetching user sessions');
+    }
+  },
+  /**
+   * Logout handler - terminates current session
+   * POST /api/magic-sessionmanager/logout
+   */
+  async logout(ctx) {
+    try {
+      const userId = ctx.state.user?.id;
+      const token = ctx.request.headers.authorization?.replace('Bearer ', '');
+      if (!userId) {
+        return ctx.throw(401, 'Unauthorized');
+      }
+      const sessionService = strapi
+        .plugin('magic-sessionmanager')
+        .service('session');
+      // Find current session by token
+      const sessions = await strapi.entityService.findMany('plugin::magic-sessionmanager.session', {
+        filters: {
+          user: { id: userId },
+          token: token,
+          isActive: true,
+        },
+      });
+      if (sessions.length > 0) {
+        // Terminate only the current session
+        await sessionService.terminateSession({ sessionId: sessions[0].id });
+        strapi.log.info(`[magic-sessionmanager] User ${userId} logged out (session ${sessions[0].id})`);
+      }
+      ctx.body = {
+        message: 'Logged out successfully',
+      };
+    } catch (err) {
+      strapi.log.error('[magic-sessionmanager] Logout error:', err);
+      ctx.throw(500, 'Error during logout');
+    }
+  },
+  /**
+   * Logout from all devices - terminates all sessions for current user
+   * POST /api/magic-sessionmanager/logout-all
+   */
+  async logoutAll(ctx) {
+    try {
+      const userId = ctx.state.user?.id;
+      if (!userId) {
+        return ctx.throw(401, 'Unauthorized');
+      }
+      const sessionService = strapi
+        .plugin('magic-sessionmanager')
+        .service('session');
+      // Terminate all sessions for this user
+      await sessionService.terminateSession({ userId });
+      strapi.log.info(`[magic-sessionmanager] User ${userId} logged out from all devices`);
+      ctx.body = {
+        message: 'Logged out from all devices successfully',
+      };
+    } catch (err) {
+      strapi.log.error('[magic-sessionmanager] Logout-all error:', err);
+      ctx.throw(500, 'Error during logout');
+    }
+  },
+  /**
+   * Terminate specific session
+   * DELETE /magic-sessionmanager/sessions/:sessionId
+   */
+  async terminateSession(ctx) {
+    try {
+      const { sessionId } = ctx.params;
+      const sessionService = strapi
+        .plugin('magic-sessionmanager')
+        .service('session');
+      await sessionService.terminateSession({ sessionId });
+      ctx.body = {
+        message: `Session ${sessionId} terminated`,
+      };
+    } catch (err) {
+      ctx.throw(500, 'Error terminating session');
+    }
+  },
+  /**
+   * Terminate a single session (Admin action)
+   * POST /magic-sessionmanager/sessions/:sessionId/terminate
+   */
+  async terminateSingleSession(ctx) {
+    try {
+      const { sessionId } = ctx.params;
+      const sessionService = strapi
+        .plugin('magic-sessionmanager')
+        .service('session');
+      await sessionService.terminateSession({ sessionId });
+      ctx.body = {
+        message: `Session ${sessionId} terminated`,
+        success: true,
+      };
+    } catch (err) {
+      strapi.log.error('[magic-sessionmanager] Error terminating session:', err);
+      ctx.throw(500, 'Error terminating session');
+    }
+  },
+  /**
+   * Terminate ALL sessions for a specific user (Admin action)
+   * POST /magic-sessionmanager/user/:userId/terminate-all
+   */
+  async terminateAllUserSessions(ctx) {
+    try {
+      const { userId } = ctx.params;
+      const sessionService = strapi
+        .plugin('magic-sessionmanager')
+        .service('session');
+      await sessionService.terminateSession({ userId });
+      ctx.body = {
+        message: `All sessions terminated for user ${userId}`,
+        success: true,
+      };
+    } catch (err) {
+      strapi.log.error('[magic-sessionmanager] Error terminating all user sessions:', err);
+      ctx.throw(500, 'Error terminating all user sessions');
+    }
+  },
+  /**
+   * Get IP Geolocation data (Premium feature)
+   * GET /magic-sessionmanager/geolocation/:ipAddress
+   */
+  async getIpGeolocation(ctx) {
+    try {
+      const { ipAddress } = ctx.params;
+      if (!ipAddress) {
+        return ctx.badRequest('IP address is required');
+      }
+      // Check if user has premium license
+      const licenseGuard = strapi.plugin('magic-sessionmanager').service('license-guard');
+      const pluginStore = strapi.store({
+        type: 'plugin',
+        name: 'magic-sessionmanager'
+      });
+      const licenseKey = await pluginStore.get({ key: 'licenseKey' });
+      if (!licenseKey) {
+        return ctx.forbidden('Premium license required for geolocation features');
+      }
+      const license = await licenseGuard.getLicenseByKey(licenseKey);
+      if (!license || !license.featurePremium) {
+        return ctx.forbidden('Premium license required for geolocation features');
+      }
+      // Get geolocation data
+      const geolocationService = strapi.plugin('magic-sessionmanager').service('geolocation');
+      const ipData = await geolocationService.getIpInfo(ipAddress);
+      ctx.body = {
+        success: true,
+        data: ipData,
+      };
+    } catch (err) {
+      strapi.log.error('[magic-sessionmanager] Error getting IP geolocation:', err);
+      ctx.throw(500, 'Error fetching IP geolocation data');
+    }
+  },
+  /**
+   * Delete a single session permanently (Admin action)
+   * DELETE /magic-sessionmanager/sessions/:sessionId
+   */
+  async deleteSession(ctx) {
+    try {
+      const { sessionId } = ctx.params;
+      const sessionService = strapi
+        .plugin('magic-sessionmanager')
+        .service('session');
+      await sessionService.deleteSession(sessionId);
+      ctx.body = {
+        message: `Session ${sessionId} permanently deleted`,
+        success: true,
+      };
+    } catch (err) {
+      strapi.log.error('[magic-sessionmanager] Error deleting session:', err);
+      ctx.throw(500, 'Error deleting session');
+    }
+  },
+  /**
+   * Delete all inactive sessions (Admin action)
+   * POST /magic-sessionmanager/sessions/clean-inactive
+   */
+  async cleanInactiveSessions(ctx) {
+    try {
+      const sessionService = strapi
+        .plugin('magic-sessionmanager')
+        .service('session');
+      const deletedCount = await sessionService.deleteInactiveSessions();
+      ctx.body = {
+        message: `Successfully deleted ${deletedCount} inactive sessions`,
+        success: true,
+        deletedCount,
+      };
+    } catch (err) {
+      strapi.log.error('[magic-sessionmanager] Error cleaning inactive sessions:', err);
+      ctx.throw(500, 'Error deleting inactive sessions');
+    }
+  },
+  /**
+   * Toggle user blocked status
+   * POST /magic-sessionmanager/user/:userId/toggle-block
+   */
+  async toggleUserBlock(ctx) {
+    try {
+      const { userId } = ctx.params;
+      // Get current user status
+      const user = await strapi.entityService.findOne('plugin::users-permissions.user', userId);
+      if (!user) {
+        return ctx.throw(404, 'User not found');
+      }
+      // Toggle blocked status
+      const newBlockedStatus = !user.blocked;
+      await strapi.entityService.update('plugin::users-permissions.user', userId, {
+        data: {
+          blocked: newBlockedStatus,
+        },
+      });
+      // If blocking user, terminate all their sessions
+      if (newBlockedStatus) {
+        const sessionService = strapi
+          .plugin('magic-sessionmanager')
+          .service('session');
+        await sessionService.terminateSession({ userId });
+      }
+      ctx.body = {
+        message: `User ${newBlockedStatus ? 'blocked' : 'unblocked'} successfully`,
+        blocked: newBlockedStatus,
+        success: true,
+      };
+    } catch (err) {
+      strapi.log.error('[magic-sessionmanager] Error toggling user block:', err);
+      ctx.throw(500, 'Error toggling user block status');
+    }
+  },
+};

package/server/src/controllers/settings.js ADDED Viewed

@@ -0,0 +1,122 @@
+'use strict';
+/**
+ * Settings controller
+ * Manages plugin settings stored in Strapi database
+ */
+module.exports = {
+  /**
+   * Get plugin settings
+   */
+  async getSettings(ctx) {
+    try {
+      const pluginStore = strapi.store({
+        type: 'plugin',
+        name: 'magic-sessionmanager',
+      });
+      let settings = await pluginStore.get({ key: 'settings' });
+      // If no settings exist, return defaults
+      if (!settings) {
+        settings = {
+          inactivityTimeout: 15,
+          cleanupInterval: 30,
+          lastSeenRateLimit: 30,
+          retentionDays: 90,
+          enableGeolocation: true,
+          enableSecurityScoring: true,
+          blockSuspiciousSessions: false,
+          maxFailedLogins: 5,
+          enableEmailAlerts: false,
+          alertOnSuspiciousLogin: true,
+          alertOnNewLocation: true,
+          alertOnVpnProxy: true,
+          enableWebhooks: false,
+          discordWebhookUrl: '',
+          slackWebhookUrl: '',
+          enableGeofencing: false,
+          allowedCountries: [],
+          blockedCountries: [],
+          emailTemplates: {
+            suspiciousLogin: { subject: '', html: '', text: '' },
+            newLocation: { subject: '', html: '', text: '' },
+            vpnProxy: { subject: '', html: '', text: '' },
+          },
+        };
+      }
+      ctx.send({
+        settings,
+        success: true
+      });
+    } catch (error) {
+      strapi.log.error('[magic-sessionmanager/settings] Error getting settings:', error);
+      ctx.badRequest('Error loading settings');
+    }
+  },
+  /**
+   * Update plugin settings
+   */
+  async updateSettings(ctx) {
+    try {
+      const { body } = ctx.request;
+      if (!body) {
+        return ctx.badRequest('Settings data is required');
+      }
+      const pluginStore = strapi.store({
+        type: 'plugin',
+        name: 'magic-sessionmanager',
+      });
+      // Validate and sanitize settings
+      const sanitizedSettings = {
+        inactivityTimeout: parseInt(body.inactivityTimeout) || 15,
+        cleanupInterval: parseInt(body.cleanupInterval) || 30,
+        lastSeenRateLimit: parseInt(body.lastSeenRateLimit) || 30,
+        retentionDays: parseInt(body.retentionDays) || 90,
+        enableGeolocation: !!body.enableGeolocation,
+        enableSecurityScoring: !!body.enableSecurityScoring,
+        blockSuspiciousSessions: !!body.blockSuspiciousSessions,
+        maxFailedLogins: parseInt(body.maxFailedLogins) || 5,
+        enableEmailAlerts: !!body.enableEmailAlerts,
+        alertOnSuspiciousLogin: !!body.alertOnSuspiciousLogin,
+        alertOnNewLocation: !!body.alertOnNewLocation,
+        alertOnVpnProxy: !!body.alertOnVpnProxy,
+        enableWebhooks: !!body.enableWebhooks,
+        discordWebhookUrl: String(body.discordWebhookUrl || ''),
+        slackWebhookUrl: String(body.slackWebhookUrl || ''),
+        enableGeofencing: !!body.enableGeofencing,
+        allowedCountries: Array.isArray(body.allowedCountries) ? body.allowedCountries : [],
+        blockedCountries: Array.isArray(body.blockedCountries) ? body.blockedCountries : [],
+        emailTemplates: body.emailTemplates || {
+          suspiciousLogin: { subject: '', html: '', text: '' },
+          newLocation: { subject: '', html: '', text: '' },
+          vpnProxy: { subject: '', html: '', text: '' },
+        },
+      };
+      // Save to database
+      await pluginStore.set({
+        key: 'settings',
+        value: sanitizedSettings
+      });
+      strapi.log.info('[magic-sessionmanager/settings] Settings updated successfully');
+      ctx.send({
+        settings: sanitizedSettings,
+        success: true,
+        message: 'Settings saved successfully!'
+      });
+    } catch (error) {
+      strapi.log.error('[magic-sessionmanager/settings] Error updating settings:', error);
+      ctx.badRequest('Error saving settings');
+    }
+  },
+};

package/server/src/destroy.js ADDED Viewed

@@ -0,0 +1,18 @@
+'use strict';
+module.exports = async ({ strapi }) => {
+  // Stop license pinging
+  if (strapi.licenseGuard && strapi.licenseGuard.pingInterval) {
+    clearInterval(strapi.licenseGuard.pingInterval);
+    strapi.log.info('[magic-sessionmanager] 🛑 License pinging stopped');
+  }
+  // Stop cleanup interval
+  if (strapi.sessionManagerIntervals && strapi.sessionManagerIntervals.cleanup) {
+    clearInterval(strapi.sessionManagerIntervals.cleanup);
+    strapi.log.info('[magic-sessionmanager] 🛑 Session cleanup interval stopped');
+  }
+  strapi.log.info('[magic-sessionmanager] ✅ Plugin cleanup completed');
+};

package/server/src/index.js ADDED Viewed

@@ -0,0 +1,23 @@
+'use strict';
+const register = require('./register');
+const bootstrap = require('./bootstrap');
+const destroy = require('./destroy');
+const config = require('./config');
+const contentTypes = require('./content-types');
+const routes = require('./routes');
+const controllers = require('./controllers');
+const services = require('./services');
+const middlewares = require('./middlewares');
+module.exports = {
+  register,
+  bootstrap,
+  destroy,
+  config,
+  contentTypes,
+  routes,
+  controllers,
+  services,
+  middlewares,
+};

package/server/src/middlewares/index.js ADDED Viewed

@@ -0,0 +1,5 @@
+'use strict';
+module.exports = {
+  'last-seen': require('./last-seen'),
+};

package/server/src/middlewares/last-seen.js ADDED Viewed

@@ -0,0 +1,56 @@
+'use strict';
+/**
+ * lastSeen Middleware
+ * Updates user lastSeen and session lastActive on each authenticated request
+ * Rate-limited to prevent DB write noise (default: 30 seconds)
+ */
+module.exports = ({ strapi, sessionService }) => {
+  return async (ctx, next) => {
+    // BEFORE processing request: Check if user's sessions are active
+    if (ctx.state.user && ctx.state.user.id) {
+      try {
+        const userId = ctx.state.user.id;
+        // Check if user has ANY active sessions
+        const activeSessions = await strapi.entityService.findMany('plugin::magic-sessionmanager.session', {
+          filters: {
+            user: { id: userId },
+            isActive: true,
+          },
+          limit: 1,
+        });
+        // If user has NO active sessions, reject the request
+        if (!activeSessions || activeSessions.length === 0) {
+          strapi.log.info(`[magic-sessionmanager] 🚫 Blocked request - User ${userId} has no active sessions`);
+          return ctx.unauthorized('All sessions have been terminated. Please login again.');
+        }
+      } catch (err) {
+        strapi.log.debug('[magic-sessionmanager] Error checking active sessions:', err.message);
+        // On error, allow request to continue (fail-open for availability)
+      }
+    }
+    // Process request
+    await next();
+    // AFTER response: Update activity timestamps if user is authenticated
+    if (ctx.state.user && ctx.state.user.id) {
+      try {
+        const userId = ctx.state.user.id;
+        // Try to find or extract sessionId from context
+        const sessionId = ctx.state.sessionId;
+        // Call touch with rate limiting
+        await sessionService.touch({
+          userId,
+          sessionId,
+        });
+      } catch (err) {
+        strapi.log.debug('[magic-sessionmanager] Error updating lastSeen:', err.message);
+      }
+    }
+  };
+};

package/server/src/policies/index.js ADDED Viewed

@@ -0,0 +1,3 @@
+'use strict';
+module.exports = {};

package/server/src/register.js ADDED Viewed

@@ -0,0 +1,32 @@
+'use strict';
+/**
+ * Register hook
+ * Sessions relation is hidden from UI to keep User interface clean
+ * Sessions are accessed via the Session Manager plugin UI components
+ */
+module.exports = async ({ strapi }) => {
+  strapi.log.info('[magic-sessionmanager] 🚀 Plugin registration starting...');
+  try {
+    // Get the user content type
+    const userCT = strapi.contentType('plugin::users-permissions.user');
+    if (!userCT) {
+      strapi.log.error('[magic-sessionmanager] User content type not found');
+      return;
+    }
+    // REMOVE sessions relation from User content type to keep UI clean
+    // Sessions are managed through SessionInfoPanel sidebar instead
+    if (userCT.attributes && userCT.attributes.sessions) {
+      delete userCT.attributes.sessions;
+      strapi.log.info('[magic-sessionmanager] ✅ Removed sessions field from User content type');
+    }
+    strapi.log.info('[magic-sessionmanager] ✅ Plugin registered successfully');
+  } catch (err) {
+    strapi.log.error('[magic-sessionmanager] ❌ Registration error:', err);
+  }
+};