strapi-plugin-magic-sessionmanager 4.2.15 → 4.2.16

package/dist/server/index.js

@@ -206,7 +206,7 @@ function generateSessionId$1(userId) {
   const userHash = crypto$1.createHash("sha256").update(userId.toString()).digest("hex").substring(0, 8);
   return `sess_${timestamp}_${userHash}_${randomBytes}`;
 }
-function hashToken$4(token) {
+function hashToken$3(token) {
   if (!token) return null;
   return crypto$1.createHash("sha256").update(token).digest("hex");
 }
@@ -214,113 +214,63 @@ var encryption = {
   encryptToken: encryptToken$2,
   decryptToken: decryptToken$3,
   generateSessionId: generateSessionId$1,
-  hashToken: hashToken$4
+  hashToken: hashToken$3
 };
 const SESSION_UID$3 = "plugin::magic-sessionmanager.session";
-const { hashToken: hashToken$3 } = encryption;
-const lastTouchCache = /* @__PURE__ */ new Map();
-const CACHE_MAX_SIZE = 1e4;
-const CACHE_CLEANUP_AGE = 60 * 60 * 1e3;
-function cleanupOldCacheEntries() {
-  if (lastTouchCache.size < CACHE_MAX_SIZE) return;
-  const now = Date.now();
-  const cutoff = now - CACHE_CLEANUP_AGE;
-  for (const [key, timestamp] of lastTouchCache.entries()) {
-    if (timestamp < cutoff) {
-      lastTouchCache.delete(key);
-    }
-  }
+const AUTH_PATTERNS = [
+  "/auth/",
+  // All /api/auth/* endpoints (login, logout, refresh, etc.)
+  "/magic-link/",
+  // All Magic-Link endpoints
+  "/passwordless/",
+  // Legacy passwordless endpoints
+  "/otp/",
+  // OTP endpoints (any plugin)
+  "/login",
+  // Any login endpoint
+  "/register",
+  // Any register endpoint
+  "/forgot-password",
+  // Password reset
+  "/reset-password"
+  // Password reset
+];
+function isAuthEndpoint(path) {
+  return AUTH_PATTERNS.some((pattern) => path.includes(pattern));
 }
-var lastSeen = ({ strapi: strapi2 }) => {
+var lastSeen = ({ strapi: strapi2, sessionService }) => {
   return async (ctx, next) => {
-    const currentToken = ctx.request.headers.authorization?.replace("Bearer ", "");
-    if (!currentToken) {
-      await next();
-      return;
-    }
-    const skipPaths = [
-      "/admin",
-      // Admin panel UI
-      "/content-manager",
-      // Content Manager
-      "/content-type-builder",
-      // Content-Type Builder
-      "/upload",
-      // Media Library
-      "/i18n",
-      // Internationalization
-      "/users-permissions",
-      // Users & Permissions settings
-      "/email",
-      // Email plugin
-      "/_health",
-      // Health check
-      "/favicon.ico",
-      // Static assets
-      "/api/auth/local",
-      // Login endpoint
-      "/api/auth/register",
-      // Registration endpoint
-      "/api/auth/forgot-password",
-      // Password reset
-      "/api/auth/reset-password",
-      // Password reset
-      "/api/auth/logout",
-      // Logout endpoint (handled separately)
-      "/api/auth/refresh",
-      // Refresh token (has own validation in bootstrap.js)
-      "/api/connect",
-      // OAuth providers
-      "/api/magic-link"
-      // Magic link auth (if using magic-link plugin)
-    ];
-    if (skipPaths.some((p) => ctx.path.startsWith(p))) {
-      await next();
-      return;
-    }
-    if (!ctx.path.startsWith("/api/")) {
+    if (isAuthEndpoint(ctx.path)) {
       await next();
       return;
     }
-    let matchingSession = null;
-    try {
-      const currentTokenHash = hashToken$3(currentToken);
-      matchingSession = await strapi2.documents(SESSION_UID$3).findFirst({
-        filters: {
-          tokenHash: currentTokenHash,
-          isActive: true
-        },
-        populate: { user: { fields: ["documentId"] } }
-      });
-      if (matchingSession) {
-        ctx.state.sessionId = matchingSession.documentId;
-        ctx.state.currentSession = matchingSession;
-        if (matchingSession.user?.documentId) {
-          ctx.state.sessionUserId = matchingSession.user.documentId;
+    if (ctx.state.user && ctx.state.user.documentId) {
+      try {
+        const userId = ctx.state.user.documentId;
+        const activeSessions = await strapi2.documents(SESSION_UID$3).findMany({
+          filters: {
+            user: { documentId: userId },
+            isActive: true
+          },
+          limit: 1
+        });
+        if (!activeSessions || activeSessions.length === 0) {
+          strapi2.log.info(`[magic-sessionmanager] [BLOCKED] Request blocked - session terminated or invalid (user: ${userId.substring(0, 8)}...)`);
+          return ctx.unauthorized("All sessions have been terminated. Please login again.");
         }
-      } else {
-        strapi2.log.info(`[magic-sessionmanager] [BLOCKED] Request blocked - session terminated or invalid (token hash: ${currentTokenHash.substring(0, 8)}...)`);
-        return ctx.unauthorized("This session has been terminated. Please login again.");
+      } catch (err) {
+        strapi2.log.debug("[magic-sessionmanager] Error checking active sessions:", err.message);
       }
-    } catch (err) {
-      strapi2.log.debug("[magic-sessionmanager] Error checking session:", err.message);
     }
     await next();
-    if (matchingSession) {
+    if (ctx.state.user && ctx.state.user.documentId) {
       try {
-        const config2 = strapi2.config.get("plugin::magic-sessionmanager") || {};
-        const rateLimit = config2.lastSeenRateLimit || 3e4;
-        const now = Date.now();
-        const lastTouch = lastTouchCache.get(matchingSession.documentId) || 0;
-        if (now - lastTouch > rateLimit) {
-          lastTouchCache.set(matchingSession.documentId, now);
-          cleanupOldCacheEntries();
-          await strapi2.documents(SESSION_UID$3).update({
-            documentId: matchingSession.documentId,
-            data: { lastActive: /* @__PURE__ */ new Date() }
-          });
-          strapi2.log.debug(`[magic-sessionmanager] [TOUCH] Session ${matchingSession.documentId} activity updated`);
-        }
+        const userId = ctx.state.user.documentId;
+        const sessionId = ctx.state.sessionId;
+        await sessionService.touch({
+          userId,
+          sessionId
+        });
       } catch (err) {
         strapi2.log.debug("[magic-sessionmanager] Error updating lastSeen:", err.message);
       }
@@ -2484,7 +2434,7 @@ var session$1 = ({ strapi: strapi2 }) => {
     }
   };
 };
-const version = "4.2.14";
+const version = "4.2.15";
 const require$$2 = {
   version
 };

package/dist/server/index.mjs

@@ -202,7 +202,7 @@ function generateSessionId$1(userId) {
   const userHash = crypto$1.createHash("sha256").update(userId.toString()).digest("hex").substring(0, 8);
   return `sess_${timestamp}_${userHash}_${randomBytes}`;
 }
-function hashToken$4(token) {
+function hashToken$3(token) {
   if (!token) return null;
   return crypto$1.createHash("sha256").update(token).digest("hex");
 }
@@ -210,113 +210,63 @@ var encryption = {
   encryptToken: encryptToken$2,
   decryptToken: decryptToken$3,
   generateSessionId: generateSessionId$1,
-  hashToken: hashToken$4
+  hashToken: hashToken$3
 };
 const SESSION_UID$3 = "plugin::magic-sessionmanager.session";
-const { hashToken: hashToken$3 } = encryption;
-const lastTouchCache = /* @__PURE__ */ new Map();
-const CACHE_MAX_SIZE = 1e4;
-const CACHE_CLEANUP_AGE = 60 * 60 * 1e3;
-function cleanupOldCacheEntries() {
-  if (lastTouchCache.size < CACHE_MAX_SIZE) return;
-  const now = Date.now();
-  const cutoff = now - CACHE_CLEANUP_AGE;
-  for (const [key, timestamp] of lastTouchCache.entries()) {
-    if (timestamp < cutoff) {
-      lastTouchCache.delete(key);
-    }
-  }
+const AUTH_PATTERNS = [
+  "/auth/",
+  // All /api/auth/* endpoints (login, logout, refresh, etc.)
+  "/magic-link/",
+  // All Magic-Link endpoints
+  "/passwordless/",
+  // Legacy passwordless endpoints
+  "/otp/",
+  // OTP endpoints (any plugin)
+  "/login",
+  // Any login endpoint
+  "/register",
+  // Any register endpoint
+  "/forgot-password",
+  // Password reset
+  "/reset-password"
+  // Password reset
+];
+function isAuthEndpoint(path) {
+  return AUTH_PATTERNS.some((pattern) => path.includes(pattern));
 }
-var lastSeen = ({ strapi: strapi2 }) => {
+var lastSeen = ({ strapi: strapi2, sessionService }) => {
   return async (ctx, next) => {
-    const currentToken = ctx.request.headers.authorization?.replace("Bearer ", "");
-    if (!currentToken) {
-      await next();
-      return;
-    }
-    const skipPaths = [
-      "/admin",
-      // Admin panel UI
-      "/content-manager",
-      // Content Manager
-      "/content-type-builder",
-      // Content-Type Builder
-      "/upload",
-      // Media Library
-      "/i18n",
-      // Internationalization
-      "/users-permissions",
-      // Users & Permissions settings
-      "/email",
-      // Email plugin
-      "/_health",
-      // Health check
-      "/favicon.ico",
-      // Static assets
-      "/api/auth/local",
-      // Login endpoint
-      "/api/auth/register",
-      // Registration endpoint
-      "/api/auth/forgot-password",
-      // Password reset
-      "/api/auth/reset-password",
-      // Password reset
-      "/api/auth/logout",
-      // Logout endpoint (handled separately)
-      "/api/auth/refresh",
-      // Refresh token (has own validation in bootstrap.js)
-      "/api/connect",
-      // OAuth providers
-      "/api/magic-link"
-      // Magic link auth (if using magic-link plugin)
-    ];
-    if (skipPaths.some((p) => ctx.path.startsWith(p))) {
-      await next();
-      return;
-    }
-    if (!ctx.path.startsWith("/api/")) {
+    if (isAuthEndpoint(ctx.path)) {
       await next();
       return;
     }
-    let matchingSession = null;
-    try {
-      const currentTokenHash = hashToken$3(currentToken);
-      matchingSession = await strapi2.documents(SESSION_UID$3).findFirst({
-        filters: {
-          tokenHash: currentTokenHash,
-          isActive: true
-        },
-        populate: { user: { fields: ["documentId"] } }
-      });
-      if (matchingSession) {
-        ctx.state.sessionId = matchingSession.documentId;
-        ctx.state.currentSession = matchingSession;
-        if (matchingSession.user?.documentId) {
-          ctx.state.sessionUserId = matchingSession.user.documentId;
+    if (ctx.state.user && ctx.state.user.documentId) {
+      try {
+        const userId = ctx.state.user.documentId;
+        const activeSessions = await strapi2.documents(SESSION_UID$3).findMany({
+          filters: {
+            user: { documentId: userId },
+            isActive: true
+          },
+          limit: 1
+        });
+        if (!activeSessions || activeSessions.length === 0) {
+          strapi2.log.info(`[magic-sessionmanager] [BLOCKED] Request blocked - session terminated or invalid (user: ${userId.substring(0, 8)}...)`);
+          return ctx.unauthorized("All sessions have been terminated. Please login again.");
         }
-      } else {
-        strapi2.log.info(`[magic-sessionmanager] [BLOCKED] Request blocked - session terminated or invalid (token hash: ${currentTokenHash.substring(0, 8)}...)`);
-        return ctx.unauthorized("This session has been terminated. Please login again.");
+      } catch (err) {
+        strapi2.log.debug("[magic-sessionmanager] Error checking active sessions:", err.message);
       }
-    } catch (err) {
-      strapi2.log.debug("[magic-sessionmanager] Error checking session:", err.message);
     }
     await next();
-    if (matchingSession) {
+    if (ctx.state.user && ctx.state.user.documentId) {
       try {
-        const config2 = strapi2.config.get("plugin::magic-sessionmanager") || {};
-        const rateLimit = config2.lastSeenRateLimit || 3e4;
-        const now = Date.now();
-        const lastTouch = lastTouchCache.get(matchingSession.documentId) || 0;
-        if (now - lastTouch > rateLimit) {
-          lastTouchCache.set(matchingSession.documentId, now);
-          cleanupOldCacheEntries();
-          await strapi2.documents(SESSION_UID$3).update({
-            documentId: matchingSession.documentId,
-            data: { lastActive: /* @__PURE__ */ new Date() }
-          });
-          strapi2.log.debug(`[magic-sessionmanager] [TOUCH] Session ${matchingSession.documentId} activity updated`);
-        }
+        const userId = ctx.state.user.documentId;
+        const sessionId = ctx.state.sessionId;
+        await sessionService.touch({
+          userId,
+          sessionId
+        });
       } catch (err) {
         strapi2.log.debug("[magic-sessionmanager] Error updating lastSeen:", err.message);
       }
@@ -2480,7 +2430,7 @@ var session$1 = ({ strapi: strapi2 }) => {
     }
   };
 };
-const version = "4.2.14";
+const version = "4.2.15";
 const require$$2 = {
   version
 };

package/package.json

@@ -1,5 +1,5 @@
 {
-  "version": "4.2.15",
+  "version": "4.2.16",
   "keywords": [
     "strapi",
     "strapi-plugin",