strapi-plugin-magic-sessionmanager 2.0.1 → 2.0.3

package/server/src/routes/admin.js

@@ -0,0 +1,149 @@
+'use strict';
+
+module.exports = {
+  type: 'admin',
+  routes: [
+    {
+      method: 'GET',
+      path: '/sessions',
+      handler: 'session.getAllSessionsAdmin',
+      config: {
+        policies: ['admin::isAuthenticatedAdmin'],
+        description: 'Get all sessions - active and inactive (admin)',
+      },
+    },
+    {
+      method: 'GET',
+      path: '/sessions/active',
+      handler: 'session.getActiveSessions',
+      config: {
+        policies: ['admin::isAuthenticatedAdmin'],
+        description: 'Get only active sessions (admin)',
+      },
+    },
+    {
+      method: 'GET',
+      path: '/user/:userId/sessions',
+      handler: 'session.getUserSessions',
+      config: {
+        policies: ['admin::isAuthenticatedAdmin'],
+        description: 'Get user sessions (admin)',
+      },
+    },
+    {
+      method: 'POST',
+      path: '/sessions/:sessionId/terminate',
+      handler: 'session.terminateSingleSession',
+      config: {
+        policies: ['admin::isAuthenticatedAdmin'],
+        description: 'Terminate a specific session (admin)',
+      },
+    },
+    {
+      method: 'DELETE',
+      path: '/sessions/:sessionId',
+      handler: 'session.deleteSession',
+      config: {
+        policies: ['admin::isAuthenticatedAdmin'],
+        description: 'Delete a single session permanently (admin)',
+      },
+    },
+    {
+      method: 'POST',
+      path: '/sessions/clean-inactive',
+      handler: 'session.cleanInactiveSessions',
+      config: {
+        policies: ['admin::isAuthenticatedAdmin'],
+        description: 'Delete all inactive sessions from database (admin)',
+      },
+    },
+    {
+      method: 'POST',
+      path: '/user/:userId/terminate-all',
+      handler: 'session.terminateAllUserSessions',
+      config: {
+        policies: ['admin::isAuthenticatedAdmin'],
+        description: 'Terminate all sessions for a user (admin)',
+      },
+    },
+    {
+      method: 'POST',
+      path: '/user/:userId/toggle-block',
+      handler: 'session.toggleUserBlock',
+      config: {
+        policies: ['admin::isAuthenticatedAdmin'],
+        description: 'Toggle user blocked status (admin)',
+      },
+    },
+    // License Management
+    {
+      method: 'GET',
+      path: '/license/status',
+      handler: 'license.getStatus',
+      config: {
+        policies: [],
+      },
+    },
+    {
+      method: 'POST',
+      path: '/license/auto-create',
+      handler: 'license.autoCreate',
+      config: {
+        policies: [],
+      },
+    },
+    {
+      method: 'POST',
+      path: '/license/create',
+      handler: 'license.createAndActivate',
+      config: {
+        policies: [],
+      },
+    },
+    {
+      method: 'POST',
+      path: '/license/ping',
+      handler: 'license.ping',
+      config: {
+        policies: [],
+      },
+    },
+    {
+      method: 'POST',
+      path: '/license/store-key',
+      handler: 'license.storeKey',
+      config: {
+        policies: [],
+      },
+    },
+    // Geolocation (Premium Feature)
+    {
+      method: 'GET',
+      path: '/geolocation/:ipAddress',
+      handler: 'session.getIpGeolocation',
+      config: {
+        policies: ['admin::isAuthenticatedAdmin'],
+        description: 'Get IP geolocation data (Premium feature)',
+      },
+    },
+    // Settings Management
+    {
+      method: 'GET',
+      path: '/settings',
+      handler: 'settings.getSettings',
+      config: {
+        policies: ['admin::isAuthenticatedAdmin'],
+        description: 'Get plugin settings',
+      },
+    },
+    {
+      method: 'PUT',
+      path: '/settings',
+      handler: 'settings.updateSettings',
+      config: {
+        policies: ['admin::isAuthenticatedAdmin'],
+        description: 'Update plugin settings',
+      },
+    },
+  ],
+};

package/server/src/routes/content-api.js

@@ -0,0 +1,51 @@
+'use strict';
+
+/**
+ * Content API Routes for Magic Session Manager
+ * 
+ * SECURITY: All routes require authentication
+ * - User can only access their own sessions
+ * - Admin routes are in admin.js
+ */
+
+module.exports = {
+  type: 'content-api',
+  routes: [
+    // ============================================================
+    // LOGOUT ENDPOINTS
+    // ============================================================
+    
+    {
+      method: 'POST',
+      path: '/logout',
+      handler: 'session.logout',
+    config: {
+        auth: { strategies: ['users-permissions'] },
+        description: 'Logout current session (requires JWT)',
+      },
+    },
+    {
+      method: 'POST',
+      path: '/logout-all',
+      handler: 'session.logoutAll',
+      config: {
+        auth: { strategies: ['users-permissions'] },
+        description: 'Logout from all devices (requires JWT)',
+      },
+    },
+    
+    // ============================================================
+    // SESSION QUERIES
+    // ============================================================
+    
+    {
+      method: 'GET',
+      path: '/user/:userId/sessions',
+      handler: 'session.getUserSessions',
+      config: {
+        auth: { strategies: ['users-permissions'] },
+        description: 'Get own sessions (controller validates user can only see own sessions)',
+    },
+  },
+  ],
+};

package/server/src/routes/index.js

@@ -0,0 +1,9 @@
+'use strict';
+
+const contentApi = require('./content-api');
+const admin = require('./admin');
+
+module.exports = {
+  admin,
+  'content-api': contentApi,
+};

package/server/src/services/geolocation.js

@@ -0,0 +1,180 @@
+/**
+ * IP Geolocation Service
+ * Uses ipapi.co for accurate IP information
+ * Free tier: 30,000 requests/month
+ * 
+ * Premium features:
+ * - Country, City, Region
+ * - Timezone
+ * - VPN/Proxy/Threat detection
+ * - Security scoring
+ */
+
+module.exports = ({ strapi }) => ({
+  /**
+   * Get IP information from ipapi.co
+   * @param {string} ipAddress - IP to lookup
+   * @returns {Promise<Object>} Geolocation data
+   */
+  async getIpInfo(ipAddress) {
+    try {
+      // Skip localhost/private IPs
+      if (!ipAddress || ipAddress === '127.0.0.1' || ipAddress === '::1' || ipAddress.startsWith('192.168.') || ipAddress.startsWith('10.')) {
+        return {
+          ip: ipAddress,
+          country: 'Local Network',
+          country_code: 'XX',
+          country_flag: '🏠',
+          city: 'Localhost',
+          region: 'Private Network',
+          timezone: Intl.DateTimeFormat().resolvedOptions().timeZone,
+          latitude: null,
+          longitude: null,
+          isVpn: false,
+          isProxy: false,
+          isThreat: false,
+          securityScore: 100,
+          riskLevel: 'None',
+        };
+      }
+
+      // Call ipapi.co API
+      const response = await fetch(`https://ipapi.co/${ipAddress}/json/`, {
+        method: 'GET',
+        headers: {
+          'User-Agent': 'Strapi-Magic-SessionManager/1.0',
+        },
+      });
+
+      if (!response.ok) {
+        throw new Error(`API returned ${response.status}`);
+      }
+
+      const data = await response.json();
+
+      // Check for rate limit
+      if (data.error) {
+        strapi.log.warn(`[magic-sessionmanager/geolocation] API Error: ${data.reason}`);
+        return this.getFallbackData(ipAddress);
+      }
+
+      // Parse and return structured data
+      const result = {
+        ip: data.ip,
+        country: data.country_name,
+        country_code: data.country_code,
+        country_flag: this.getCountryFlag(data.country_code),
+        city: data.city,
+        region: data.region,
+        timezone: data.timezone,
+        latitude: data.latitude,
+        longitude: data.longitude,
+        postal: data.postal,
+        org: data.org,
+        asn: data.asn,
+        
+        // Security features (available in ipapi.co response)
+        isVpn: data.threat?.is_vpn || false,
+        isProxy: data.threat?.is_proxy || false,
+        isThreat: data.threat?.is_threat || false,
+        isAnonymous: data.threat?.is_anonymous || false,
+        isTor: data.threat?.is_tor || false,
+        
+        // Calculate security score (0-100, higher is safer)
+        securityScore: this.calculateSecurityScore({
+          isVpn: data.threat?.is_vpn,
+          isProxy: data.threat?.is_proxy,
+          isThreat: data.threat?.is_threat,
+          isAnonymous: data.threat?.is_anonymous,
+          isTor: data.threat?.is_tor,
+        }),
+        
+        riskLevel: this.getRiskLevel({
+          isVpn: data.threat?.is_vpn,
+          isProxy: data.threat?.is_proxy,
+          isThreat: data.threat?.is_threat,
+        }),
+      };
+
+      strapi.log.debug(`[magic-sessionmanager/geolocation] IP ${ipAddress}: ${result.city}, ${result.country} (Score: ${result.securityScore})`);
+
+      return result;
+    } catch (error) {
+      strapi.log.error(`[magic-sessionmanager/geolocation] Error fetching IP info for ${ipAddress}:`, error.message);
+      return this.getFallbackData(ipAddress);
+    }
+  },
+
+  /**
+   * Calculate security score based on threat indicators
+   */
+  calculateSecurityScore({ isVpn, isProxy, isThreat, isAnonymous, isTor }) {
+    let score = 100;
+    
+    if (isTor) score -= 50;          // Tor = sehr verdächtig
+    if (isThreat) score -= 40;       // Known threat
+    if (isVpn) score -= 20;          // VPN = moderate risk
+    if (isProxy) score -= 15;        // Proxy = low-moderate risk
+    if (isAnonymous) score -= 10;    // Anonymous service
+    
+    return Math.max(0, score);
+  },
+
+  /**
+   * Get risk level based on indicators
+   */
+  getRiskLevel({ isVpn, isProxy, isThreat }) {
+    if (isThreat) return 'High';
+    if (isVpn && isProxy) return 'Medium-High';
+    if (isVpn || isProxy) return 'Medium';
+    return 'Low';
+  },
+
+  /**
+   * Get country flag emoji
+   */
+  getCountryFlag(countryCode) {
+    if (!countryCode) return '🏳️';
+    
+    // Convert country code to flag emoji
+    const codePoints = countryCode
+      .toUpperCase()
+      .split('')
+      .map(char => 127397 + char.charCodeAt());
+    
+    return String.fromCodePoint(...codePoints);
+  },
+
+  /**
+   * Fallback data when API fails
+   */
+  getFallbackData(ipAddress) {
+    return {
+      ip: ipAddress,
+      country: 'Unknown',
+      country_code: 'XX',
+      country_flag: '🌍',
+      city: 'Unknown',
+      region: 'Unknown',
+      timezone: 'Unknown',
+      latitude: null,
+      longitude: null,
+      isVpn: false,
+      isProxy: false,
+      isThreat: false,
+      securityScore: 50,
+      riskLevel: 'Unknown',
+    };
+  },
+
+  /**
+   * Batch lookup multiple IPs (for efficiency)
+   */
+  async batchGetIpInfo(ipAddresses) {
+    const results = await Promise.all(
+      ipAddresses.map(ip => this.getIpInfo(ip))
+    );
+    return results;
+  },
+});
+

package/server/src/services/index.js

@@ -0,0 +1,13 @@
+'use strict';
+
+const session = require('./session');
+const licenseGuard = require('./license-guard');
+const geolocation = require('./geolocation');
+const notifications = require('./notifications');
+
+module.exports = {
+  session,
+  'license-guard': licenseGuard,
+  geolocation,
+  notifications,
+};

package/server/src/services/license-guard.js

@@ -0,0 +1,308 @@
+/**
+ * License Guard Service for Magic Session Manager
+ * Handles license creation, verification, and ping tracking
+ */
+
+const crypto = require('crypto');
+const os = require('os');
+
+// FIXED LICENSE SERVER URL
+const LICENSE_SERVER_URL = 'https://magicapi.fitlex.me';
+
+module.exports = ({ strapi }) => ({
+  /**
+   * Get license server URL
+   */
+  getLicenseServerUrl() {
+    return LICENSE_SERVER_URL;
+  },
+
+  /**
+   * Generate device ID
+   */
+  generateDeviceId() {
+    try {
+      const networkInterfaces = os.networkInterfaces();
+      const macAddresses = [];
+      
+      Object.values(networkInterfaces).forEach(interfaces => {
+        interfaces?.forEach(iface => {
+          if (iface.mac && iface.mac !== '00:00:00:00:00:00') {
+            macAddresses.push(iface.mac);
+          }
+        });
+      });
+      
+      const identifier = `${macAddresses.join('-')}-${os.hostname()}`;
+      return crypto.createHash('sha256').update(identifier).digest('hex').substring(0, 32);
+    } catch (error) {
+      return crypto.randomBytes(16).toString('hex');
+    }
+  },
+
+  getDeviceName() {
+    try {
+      return os.hostname() || 'Unknown Device';
+    } catch (error) {
+      return 'Unknown Device';
+    }
+  },
+
+  getIpAddress() {
+    try {
+      const networkInterfaces = os.networkInterfaces();
+      for (const name of Object.keys(networkInterfaces)) {
+        const interfaces = networkInterfaces[name];
+        if (interfaces) {
+          for (const iface of interfaces) {
+            if (iface.family === 'IPv4' && !iface.internal) {
+              return iface.address;
+            }
+          }
+        }
+      }
+      return '127.0.0.1';
+    } catch (error) {
+      return '127.0.0.1';
+    }
+  },
+
+  getUserAgent() {
+    return `Strapi/${strapi.config.get('info.strapi') || '5.0.0'} Node/${process.version} ${os.platform()}/${os.release()}`;
+  },
+
+  async createLicense({ email, firstName, lastName }) {
+    try {
+      const deviceId = this.generateDeviceId();
+      const deviceName = this.getDeviceName();
+      const ipAddress = this.getIpAddress();
+      const userAgent = this.getUserAgent();
+
+      const licenseServerUrl = this.getLicenseServerUrl();
+      const response = await fetch(`${licenseServerUrl}/api/licenses/create`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({
+          email,
+          firstName,
+          lastName,
+          deviceName,
+          deviceId,
+          ipAddress,
+          userAgent,
+          pluginName: 'magic-sessionmanager',
+          productName: 'Magic Session Manager - Premium Session Tracking',
+        }),
+      });
+
+      const data = await response.json();
+
+      if (data.success) {
+        strapi.log.info('[magic-sessionmanager] ✅ License created:', data.data.licenseKey);
+        return data.data;
+      } else {
+        strapi.log.error('[magic-sessionmanager] ❌ License creation failed:', data);
+        return null;
+      }
+    } catch (error) {
+      strapi.log.error('[magic-sessionmanager] ❌ Error creating license:', error);
+      return null;
+    }
+  },
+
+  async verifyLicense(licenseKey, allowGracePeriod = false) {
+    try {
+      const controller = new AbortController();
+      const timeoutId = setTimeout(() => controller.abort(), 5000);
+      
+      const licenseServerUrl = this.getLicenseServerUrl();
+      const response = await fetch(`${licenseServerUrl}/api/licenses/verify`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ 
+          licenseKey,
+          pluginName: 'magic-sessionmanager',
+          productName: 'Magic Session Manager - Premium Session Tracking',
+        }),
+        signal: controller.signal,
+      });
+      
+      clearTimeout(timeoutId);
+      const data = await response.json();
+
+      if (data.success && data.data) {
+        return { valid: true, data: data.data, gracePeriod: false };
+      } else {
+        return { valid: false, data: null };
+      }
+    } catch (error) {
+      if (allowGracePeriod) {
+        return { valid: true, data: null, gracePeriod: true };
+      }
+      return { valid: false, data: null };
+    }
+  },
+
+  async getLicenseByKey(licenseKey) {
+    try {
+      const licenseServerUrl = this.getLicenseServerUrl();
+      const url = `${licenseServerUrl}/api/licenses/key/${licenseKey}`;
+      
+      strapi.log.debug(`[magic-sessionmanager/license-guard] Fetching license from: ${url}`);
+      
+      const response = await fetch(url, {
+        method: 'GET',
+        headers: { 'Content-Type': 'application/json' },
+      });
+
+      const data = await response.json();
+
+      if (data.success && data.data) {
+        strapi.log.debug(`[magic-sessionmanager/license-guard] License fetched: ${data.data.email}, featurePremium: ${data.data.featurePremium}`);
+        return data.data;
+      }
+      
+      strapi.log.warn(`[magic-sessionmanager/license-guard] License API returned no data`);
+      return null;
+    } catch (error) {
+      strapi.log.error('[magic-sessionmanager/license-guard] Error fetching license by key:', error);
+      return null;
+    }
+  },
+
+  async pingLicense(licenseKey) {
+    try {
+      const deviceId = this.generateDeviceId();
+      const deviceName = this.getDeviceName();
+      const ipAddress = this.getIpAddress();
+      const userAgent = this.getUserAgent();
+
+      const licenseServerUrl = this.getLicenseServerUrl();
+      const response = await fetch(`${licenseServerUrl}/api/licenses/ping`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({
+          licenseKey,
+          deviceId,
+          deviceName,
+          ipAddress,
+          userAgent,
+          pluginName: 'magic-sessionmanager',
+        }),
+      });
+
+      const data = await response.json();
+      return data.success ? data.data : null;
+    } catch (error) {
+      return null;
+    }
+  },
+
+  async storeLicenseKey(licenseKey) {
+    const pluginStore = strapi.store({ 
+      type: 'plugin', 
+      name: 'magic-sessionmanager' 
+    });
+    await pluginStore.set({ key: 'licenseKey', value: licenseKey });
+    strapi.log.info(`[magic-sessionmanager] ✅ License key stored: ${licenseKey.substring(0, 8)}...`);
+  },
+
+  startPinging(licenseKey, intervalMinutes = 15) {
+    strapi.log.info(`[magic-sessionmanager] ⏰ Starting license pings every ${intervalMinutes} minutes`);
+    
+    // Immediate ping
+    this.pingLicense(licenseKey);
+    
+    const interval = setInterval(async () => {
+      try {
+        await this.pingLicense(licenseKey);
+      } catch (error) {
+        strapi.log.error('[magic-sessionmanager] Ping error:', error);
+      }
+    }, intervalMinutes * 60 * 1000);
+
+    return interval;
+  },
+
+  /**
+   * Initialize license guard
+   * Checks for existing license and starts pinging
+   */
+  async initialize() {
+    try {
+      strapi.log.info('[magic-sessionmanager] 🔐 Initializing License Guard...');
+
+      // Check if license key exists in plugin store
+      const pluginStore = strapi.store({ 
+        type: 'plugin', 
+        name: 'magic-sessionmanager' 
+      });
+      const licenseKey = await pluginStore.get({ key: 'licenseKey' });
+
+      if (!licenseKey) {
+        strapi.log.info('[magic-sessionmanager] ℹ️ No license found - Running in demo mode');
+        return {
+          valid: false,
+          demo: true,
+          data: null,
+        };
+      }
+
+      // Check last validation timestamp for grace period
+      const lastValidated = await pluginStore.get({ key: 'lastValidated' });
+      const now = new Date();
+      const gracePeriodHours = 24;
+      let withinGracePeriod = false;
+      
+      if (lastValidated) {
+        const lastValidatedDate = new Date(lastValidated);
+        const hoursSinceValidation = (now.getTime() - lastValidatedDate.getTime()) / (1000 * 60 * 60);
+        withinGracePeriod = hoursSinceValidation < gracePeriodHours;
+      }
+
+      // Verify license (allow grace period if we have a last validation)
+      const verification = await this.verifyLicense(licenseKey, withinGracePeriod);
+
+      if (verification.valid) {
+        // Update last validated timestamp
+        await pluginStore.set({ 
+          key: 'lastValidated', 
+          value: now.toISOString() 
+        });
+
+        // Start automatic pinging
+        const pingInterval = this.startPinging(licenseKey, 15);
+        
+        // Store interval globally so we can clean it up
+        strapi.licenseGuard = {
+          licenseKey,
+          pingInterval,
+          data: verification.data,
+        };
+
+        return {
+          valid: true,
+          demo: false,
+          data: verification.data,
+          gracePeriod: verification.gracePeriod || false,
+        };
+      } else {
+        strapi.log.error('[magic-sessionmanager] ❌ License validation failed');
+        return {
+          valid: false,
+          demo: true,
+          error: 'Invalid or expired license',
+          data: null,
+        };
+      }
+    } catch (error) {
+      strapi.log.error('[magic-sessionmanager] ❌ Error initializing License Guard:', error);
+      return {
+        valid: false,
+        demo: true,
+        error: error.message,
+        data: null,
+      };
+    }
+  },
+});