npm - strapi-plugin-magic-sessionmanager - Versions diffs - 4.0.0 → 4.0.1 - Mend

strapi-plugin-magic-sessionmanager 4.0.0 → 4.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (33) hide show

package/admin/src/components/LicenseGuard.jsx +6 -6
package/admin/src/components/SessionDetailModal.jsx +12 -12
package/admin/src/components/SessionInfoCard.jsx +3 -3
package/admin/src/components/SessionInfoPanel.jsx +3 -2
package/admin/src/pages/Analytics.jsx +2 -2
package/admin/src/pages/HomePage.jsx +11 -14
package/admin/src/pages/License.jsx +2 -2
package/admin/src/pages/Settings.jsx +24 -24
package/admin/src/pages/SettingsNew.jsx +21 -21
package/admin/src/utils/parseUserAgent.js +6 -6
package/dist/_chunks/{Analytics-ioaeEh-E.js → Analytics-BBdv1I5y.js} +4 -4
package/dist/_chunks/{Analytics-mYu_uGwU.mjs → Analytics-Dv9f_0eZ.mjs} +4 -4
package/dist/_chunks/{App-BXpIS12l.mjs → App-CIQ-7sa7.mjs} +26 -31
package/dist/_chunks/{App-DdnUYWbC.js → App-CJaZPNjt.js} +26 -31
package/dist/_chunks/{License-DZYrOgcx.js → License-D24rgaZQ.js} +3 -3
package/dist/_chunks/{License-C03C2j9P.mjs → License-nrmFxoBm.mjs} +3 -3
package/dist/_chunks/{Settings-C6_CqpCC.js → Settings-CqxgjU0y.js} +26 -26
package/dist/_chunks/{Settings-0ocB3qHk.mjs → Settings-D5dLEGc_.mjs} +26 -26
package/dist/_chunks/{index-DBRS3kt5.mjs → index-Duk1_Wrz.mjs} +12 -12
package/dist/_chunks/{index-DC8Y0qxx.js → index-WH04CS1c.js} +12 -12
package/dist/_chunks/{useLicense-qgGfMvse.js → useLicense-BwOlCyhc.js} +1 -1
package/dist/_chunks/{useLicense-DSLL9n3Y.mjs → useLicense-Ce8GaxB0.mjs} +1 -1
package/dist/admin/index.js +1 -1
package/dist/admin/index.mjs +1 -1
package/dist/server/index.js +142 -33
package/dist/server/index.mjs +142 -33
package/package.json +1 -1
package/server/src/bootstrap.js +76 -4
package/server/src/controllers/session.js +59 -9
package/server/src/middlewares/last-seen.js +5 -4
package/server/src/routes/content-api.js +11 -2
package/server/src/services/notifications.js +10 -10
package/server/src/services/session.js +24 -4

package/dist/server/index.js CHANGED Viewed

@@ -152,9 +152,9 @@ var encryption = {
 const SESSION_UID$3 = "plugin::magic-sessionmanager.session";
 var lastSeen = ({ strapi: strapi2, sessionService }) => {
   return async (ctx, next) => {
-    if (ctx.state.user && ctx.state.user.id) {
+    if (ctx.state.user && ctx.state.user.documentId) {
       try {
-        const userId = ctx.state.user.id;
+        const userId = ctx.state.user.documentId;
         const activeSessions = await strapi2.documents(SESSION_UID$3).findMany({
           filters: {
             user: { documentId: userId },
@@ -171,9 +171,9 @@ var lastSeen = ({ strapi: strapi2, sessionService }) => {
       }
     }
     await next();
-    if (ctx.state.user && ctx.state.user.id) {
+    if (ctx.state.user && ctx.state.user.documentId) {
       try {
-        const userId = ctx.state.user.id;
+        const userId = ctx.state.user.documentId;
         const sessionId = ctx.state.sessionId;
         await sessionService.touch({
           userId,
@@ -188,6 +188,7 @@ var lastSeen = ({ strapi: strapi2, sessionService }) => {
 const getClientIp = getClientIp_1;
 const { encryptToken: encryptToken$1, decryptToken: decryptToken$2 } = encryption;
 const SESSION_UID$2 = "plugin::magic-sessionmanager.session";
+const USER_UID$2 = "plugin::users-permissions.user";
 var bootstrap$1 = async ({ strapi: strapi2 }) => {
   strapi2.log.info("[magic-sessionmanager] [START] Bootstrap starting...");
   try {
@@ -295,7 +296,7 @@ var bootstrap$1 = async ({ strapi: strapi2 }) => {
           const user = ctx.body.user;
           const ip = getClientIp(ctx);
           const userAgent = ctx.request.headers?.["user-agent"] || ctx.request.header?.["user-agent"] || "unknown";
-          strapi2.log.info(`[magic-sessionmanager] [CHECK] Login detected! User: ${user.id} (${user.email || user.username}) from IP: ${ip}`);
+          strapi2.log.info(`[magic-sessionmanager] [CHECK] Login detected! User: ${user.documentId || user.id} (${user.email || user.username}) from IP: ${ip}`);
           const config2 = strapi2.config.get("plugin::magic-sessionmanager") || {};
           let shouldBlock = false;
           let blockReason = "";
@@ -348,8 +349,13 @@ var bootstrap$1 = async ({ strapi: strapi2 }) => {
             };
             return;
           }
+          let userDocId = user.documentId;
+          if (!userDocId && user.id) {
+            const fullUser = await strapi2.entityService.findOne(USER_UID$2, user.id);
+            userDocId = fullUser?.documentId || user.id;
+          }
           const newSession = await sessionService.createSession({
-            userId: user.id,
+            userId: userDocId,
             ip,
             userAgent,
             token: ctx.body.jwt,
@@ -357,7 +363,7 @@ var bootstrap$1 = async ({ strapi: strapi2 }) => {
             refreshToken: ctx.body.refreshToken
             // Store Refresh Token (encrypted) if exists
           });
-          strapi2.log.info(`[magic-sessionmanager] [SUCCESS] Session created for user ${user.id} (IP: ${ip})`);
+          strapi2.log.info(`[magic-sessionmanager] [SUCCESS] Session created for user ${userDocId} (IP: ${ip})`);
           if (geoData && (config2.enableEmailAlerts || config2.enableWebhooks)) {
             try {
               const notificationService = strapi2.plugin("magic-sessionmanager").service("notifications");
@@ -483,12 +489,55 @@ var bootstrap$1 = async ({ strapi: strapi2 }) => {
       lastSeen({ strapi: strapi2, sessionService })
     );
     strapi2.log.info("[magic-sessionmanager] [SUCCESS] LastSeen middleware mounted");
+    await ensureContentApiPermissions(strapi2);
     strapi2.log.info("[magic-sessionmanager] [SUCCESS] Bootstrap complete");
     strapi2.log.info("[magic-sessionmanager] [READY] Session Manager ready! Sessions stored in plugin::magic-sessionmanager.session");
   } catch (err) {
     strapi2.log.error("[magic-sessionmanager] [ERROR] Bootstrap error:", err);
   }
 };
+async function ensureContentApiPermissions(strapi2) {
+  try {
+    const authenticatedRole = await strapi2.query("plugin::users-permissions.role").findOne({
+      where: { type: "authenticated" }
+    });
+    if (!authenticatedRole) {
+      strapi2.log.warn("[magic-sessionmanager] Authenticated role not found - skipping permission setup");
+      return;
+    }
+    const requiredActions = [
+      "plugin::magic-sessionmanager.session.logout",
+      "plugin::magic-sessionmanager.session.logoutAll",
+      "plugin::magic-sessionmanager.session.getOwnSessions",
+      "plugin::magic-sessionmanager.session.getUserSessions"
+    ];
+    const existingPermissions = await strapi2.query("plugin::users-permissions.permission").findMany({
+      where: {
+        role: authenticatedRole.id,
+        action: { $in: requiredActions }
+      }
+    });
+    const existingActions = existingPermissions.map((p) => p.action);
+    const missingActions = requiredActions.filter((action) => !existingActions.includes(action));
+    if (missingActions.length === 0) {
+      strapi2.log.debug("[magic-sessionmanager] Content-API permissions already configured");
+      return;
+    }
+    for (const action of missingActions) {
+      await strapi2.query("plugin::users-permissions.permission").create({
+        data: {
+          action,
+          role: authenticatedRole.id
+        }
+      });
+      strapi2.log.info(`[magic-sessionmanager] [PERMISSION] Enabled ${action} for authenticated users`);
+    }
+    strapi2.log.info("[magic-sessionmanager] [SUCCESS] Content-API permissions configured for authenticated users");
+  } catch (err) {
+    strapi2.log.warn("[magic-sessionmanager] Could not auto-configure permissions:", err.message);
+    strapi2.log.warn("[magic-sessionmanager] Please manually enable plugin permissions in Settings > Users & Permissions > Roles > Authenticated");
+  }
+}
 var destroy$1 = async ({ strapi: strapi2 }) => {
   if (strapi2.licenseGuard && strapi2.licenseGuard.pingInterval) {
     clearInterval(strapi2.licenseGuard.pingInterval);
@@ -641,13 +690,22 @@ var contentApi$1 = {
     // ============================================================
     // SESSION QUERIES
     // ============================================================
+    {
+      method: "GET",
+      path: "/my-sessions",
+      handler: "session.getOwnSessions",
+      config: {
+        auth: { strategies: ["users-permissions"] },
+        description: "Get own sessions (automatically uses authenticated user)"
+      }
+    },
     {
       method: "GET",
       path: "/user/:userId/sessions",
       handler: "session.getUserSessions",
       config: {
         auth: { strategies: ["users-permissions"] },
-        description: "Get own sessions (controller validates user can only see own sessions)"
+        description: "Get sessions by userId (validates user can only see own sessions)"
       }
     }
   ]
@@ -807,7 +865,7 @@ var routes$1 = {
 };
 const { decryptToken: decryptToken$1 } = encryption;
 const SESSION_UID$1 = "plugin::magic-sessionmanager.session";
-const USER_UID = "plugin::users-permissions.user";
+const USER_UID$1 = "plugin::users-permissions.user";
 var session$3 = {
   /**
    * Get ALL sessions (active + inactive) - Admin only
@@ -847,6 +905,30 @@ var session$3 = {
       ctx.throw(500, "Error fetching active sessions");
     }
   },
+  /**
+   * Get own sessions (authenticated user)
+   * GET /api/magic-sessionmanager/my-sessions
+   * Automatically uses the authenticated user's documentId
+   */
+  async getOwnSessions(ctx) {
+    try {
+      const userId = ctx.state.user?.documentId;
+      if (!userId) {
+        return ctx.throw(401, "Unauthorized");
+      }
+      const sessionService = strapi.plugin("magic-sessionmanager").service("session");
+      const sessions = await sessionService.getUserSessions(userId);
+      ctx.body = {
+        data: sessions,
+        meta: {
+          count: sessions.length
+        }
+      };
+    } catch (err) {
+      strapi.log.error("[magic-sessionmanager] Error fetching own sessions:", err);
+      ctx.throw(500, "Error fetching sessions");
+    }
+  },
   /**
    * Get user's sessions
    * GET /magic-sessionmanager/user/:userId/sessions (Admin API)
@@ -857,9 +939,9 @@ var session$3 = {
     try {
       const { userId } = ctx.params;
       const isAdminRequest = ctx.state.userAbility || ctx.state.admin;
-      const requestingUserId = ctx.state.user?.id;
-      if (!isAdminRequest && requestingUserId && String(requestingUserId) !== String(userId)) {
-        strapi.log.warn(`[magic-sessionmanager] Security: User ${requestingUserId} tried to access sessions of user ${userId}`);
+      const requestingUserDocId = ctx.state.user?.documentId;
+      if (!isAdminRequest && requestingUserDocId && String(requestingUserDocId) !== String(userId)) {
+        strapi.log.warn(`[magic-sessionmanager] Security: User ${requestingUserDocId} tried to access sessions of user ${userId}`);
         return ctx.forbidden("You can only access your own sessions");
       }
       const sessionService = strapi.plugin("magic-sessionmanager").service("session");
@@ -880,7 +962,7 @@ var session$3 = {
    */
   async logout(ctx) {
     try {
-      const userId = ctx.state.user?.id;
+      const userId = ctx.state.user?.documentId;
       const token = ctx.request.headers.authorization?.replace("Bearer ", "");
       if (!userId) {
         return ctx.throw(401, "Unauthorized");
@@ -919,7 +1001,7 @@ var session$3 = {
    */
   async logoutAll(ctx) {
     try {
-      const userId = ctx.state.user?.id;
+      const userId = ctx.state.user?.documentId;
       if (!userId) {
         return ctx.throw(401, "Unauthorized");
       }
@@ -1059,24 +1141,34 @@ var session$3 = {
   /**
    * Toggle user blocked status
    * POST /magic-sessionmanager/user/:userId/toggle-block
+   * Supports both numeric id (from Content Manager) and documentId
    */
   async toggleUserBlock(ctx) {
     try {
       const { userId } = ctx.params;
-      const user = await strapi.documents(USER_UID).findOne({ documentId: userId });
+      let userDocumentId = userId;
+      let user = null;
+      user = await strapi.documents(USER_UID$1).findOne({ documentId: userId });
+      if (!user && !isNaN(userId)) {
+        const numericUser = await strapi.entityService.findOne(USER_UID$1, parseInt(userId, 10));
+        if (numericUser) {
+          userDocumentId = numericUser.documentId;
+          user = numericUser;
+        }
+      }
       if (!user) {
         return ctx.throw(404, "User not found");
       }
       const newBlockedStatus = !user.blocked;
-      await strapi.documents(USER_UID).update({
-        documentId: userId,
+      await strapi.documents(USER_UID$1).update({
+        documentId: userDocumentId,
         data: {
           blocked: newBlockedStatus
         }
       });
       if (newBlockedStatus) {
         const sessionService = strapi.plugin("magic-sessionmanager").service("session");
-        await sessionService.terminateSession({ userId });
+        await sessionService.terminateSession({ userId: userDocumentId });
       }
       ctx.body = {
         message: `User ${newBlockedStatus ? "blocked" : "unblocked"} successfully`,
@@ -1405,6 +1497,7 @@ var controllers$1 = {
 };
 const { encryptToken, decryptToken, generateSessionId } = encryption;
 const SESSION_UID = "plugin::magic-sessionmanager.session";
+const USER_UID = "plugin::users-permissions.user";
 var session$1 = ({ strapi: strapi2 }) => ({
   /**
    * Create a new session record
@@ -1443,6 +1536,7 @@ var session$1 = ({ strapi: strapi2 }) => ({
   },
   /**
    * Terminate a session or all sessions for a user
+   * Supports both numeric id (legacy) and documentId (Strapi v5)
    * @param {Object} params - { sessionId | userId }
    * @returns {Promise<void>}
    */
@@ -1459,9 +1553,16 @@ var session$1 = ({ strapi: strapi2 }) => ({
         });
         strapi2.log.info(`[magic-sessionmanager] Session ${sessionId} terminated`);
       } else if (userId) {
+        let userDocumentId = userId;
+        if (!isNaN(userId)) {
+          const user = await strapi2.entityService.findOne(USER_UID, parseInt(userId, 10));
+          if (user) {
+            userDocumentId = user.documentId;
+          }
+        }
         const activeSessions = await strapi2.documents(SESSION_UID).findMany({
           filters: {
-            user: { documentId: userId },
+            user: { documentId: userDocumentId },
             // Deep filtering syntax
             isActive: true
           }
@@ -1475,7 +1576,7 @@ var session$1 = ({ strapi: strapi2 }) => ({
             }
           });
         }
-        strapi2.log.info(`[magic-sessionmanager] All sessions terminated for user ${userId}`);
+        strapi2.log.info(`[magic-sessionmanager] All sessions terminated for user ${userDocumentId}`);
       }
     } catch (err) {
       strapi2.log.error("[magic-sessionmanager] Error terminating session:", err);
@@ -1547,13 +1648,21 @@ var session$1 = ({ strapi: strapi2 }) => ({
   },
   /**
    * Get all sessions for a specific user
-   * @param {number} userId
+   * Supports both numeric id (legacy) and documentId (Strapi v5)
+   * @param {string|number} userId - User documentId or numeric id
    * @returns {Promise<Array>} User's sessions with accurate online status
    */
   async getUserSessions(userId) {
     try {
+      let userDocumentId = userId;
+      if (!isNaN(userId)) {
+        const user = await strapi2.entityService.findOne(USER_UID, parseInt(userId, 10));
+        if (user) {
+          userDocumentId = user.documentId;
+        }
+      }
       const sessions = await strapi2.documents(SESSION_UID).findMany({
-        filters: { user: { documentId: userId } },
+        filters: { user: { documentId: userDocumentId } },
         sort: { loginTime: "desc" }
       });
       const config2 = strapi2.config.get("plugin::magic-sessionmanager") || {};
@@ -1681,7 +1790,7 @@ var session$1 = ({ strapi: strapi2 }) => ({
     }
   }
 });
-const version = "3.7.0";
+const version = "4.0.0";
 const require$$2 = {
   version
 };
@@ -2112,12 +2221,12 @@ var notifications$1 = ({ strapi: strapi2 }) => ({
     strapi2.log.debug("[magic-sessionmanager/notifications] Using default fallback templates");
     return {
       suspiciousLogin: {
-        subject: "🚨 Suspicious Login Alert - Session Manager",
+        subject: "[ALERT] Suspicious Login Alert - Session Manager",
         html: `
 <html>
 <body style="font-family: Arial, sans-serif; line-height: 1.6; color: #333;">
   <div style="max-width: 600px; margin: 0 auto; padding: 20px; background-color: #f9fafb; border-radius: 10px;">
-    <h2 style="color: #dc2626;">🚨 Suspicious Login Detected</h2>
+    <h2 style="color: #dc2626;">[ALERT] Suspicious Login Detected</h2>
     <p>A potentially suspicious login was detected for your account.</p>
     <div style="background: white; padding: 15px; border-radius: 8px; margin: 20px 0;">
@@ -2152,7 +2261,7 @@ var notifications$1 = ({ strapi: strapi2 }) => ({
   </div>
 </body>
 </html>`,
-        text: `🚨 Suspicious Login Detected
+        text: `[ALERT] Suspicious Login Detected
 A potentially suspicious login was detected for your account.
@@ -2323,10 +2432,10 @@ VPN: {{reason.isVpn}}, Proxy: {{reason.isProxy}}`
       title: this.getEventTitle(event),
       color: this.getEventColor(event),
       fields: [
-        { name: "👤 User", value: `${user.email}
+        { name: "User", value: `${user.email}
 ${user.username || "N/A"}`, inline: true },
-        { name: "🌐 IP", value: session2.ipAddress, inline: true },
-        { name: "📅 Time", value: new Date(session2.loginTime).toLocaleString(), inline: false }
+        { name: "IP", value: session2.ipAddress, inline: true },
+        { name: "Time", value: new Date(session2.loginTime).toLocaleString(), inline: false }
       ],
       timestamp: (/* @__PURE__ */ new Date()).toISOString(),
       footer: { text: "Magic Session Manager" }
@@ -2354,11 +2463,11 @@ Score: ${geoData.securityScore}/100`,
   },
   getEventTitle(event) {
     const titles = {
-      "login.suspicious": "🚨 Suspicious Login",
+      "login.suspicious": "[ALERT] Suspicious Login",
       "login.new_location": "[LOCATION] New Location Login",
-      "login.vpn": "🔴 VPN Login Detected",
-      "login.threat": "⛔ Threat IP Login",
-      "session.terminated": "🔴 Session Terminated"
+      "login.vpn": "[WARNING] VPN Login Detected",
+      "login.threat": "[THREAT] Threat IP Login",
+      "session.terminated": "[INFO] Session Terminated"
     };
     return titles[event] || "[STATS] Session Event";
   },