strapi-plugin-magic-sessionmanager 4.2.3 → 4.2.5

package/server/src/controllers/settings.js

@@ -1,122 +0,0 @@
-'use strict';
-
-/**
- * Settings controller
- * Manages plugin settings stored in Strapi database
- */
-
-module.exports = {
-  /**
-   * Get plugin settings
-   */
-  async getSettings(ctx) {
-    try {
-      const pluginStore = strapi.store({
-        type: 'plugin',
-        name: 'magic-sessionmanager',
-      });
-      
-      let settings = await pluginStore.get({ key: 'settings' });
-      
-      // If no settings exist, return defaults
-      if (!settings) {
-        settings = {
-          inactivityTimeout: 15,
-          cleanupInterval: 30,
-          lastSeenRateLimit: 30,
-          retentionDays: 90,
-          enableGeolocation: true,
-          enableSecurityScoring: true,
-          blockSuspiciousSessions: false,
-          maxFailedLogins: 5,
-          enableEmailAlerts: false,
-          alertOnSuspiciousLogin: true,
-          alertOnNewLocation: true,
-          alertOnVpnProxy: true,
-          enableWebhooks: false,
-          discordWebhookUrl: '',
-          slackWebhookUrl: '',
-          enableGeofencing: false,
-          allowedCountries: [],
-          blockedCountries: [],
-          emailTemplates: {
-            suspiciousLogin: { subject: '', html: '', text: '' },
-            newLocation: { subject: '', html: '', text: '' },
-            vpnProxy: { subject: '', html: '', text: '' },
-          },
-        };
-      }
-      
-      ctx.send({ 
-        settings,
-        success: true 
-      });
-    } catch (error) {
-      strapi.log.error('[magic-sessionmanager/settings] Error getting settings:', error);
-      ctx.badRequest('Error loading settings');
-    }
-  },
-
-  /**
-   * Update plugin settings
-   */
-  async updateSettings(ctx) {
-    try {
-      const { body } = ctx.request;
-      
-      if (!body) {
-        return ctx.badRequest('Settings data is required');
-      }
-      
-      const pluginStore = strapi.store({
-        type: 'plugin',
-        name: 'magic-sessionmanager',
-      });
-      
-      // Validate and sanitize settings
-      const sanitizedSettings = {
-        inactivityTimeout: parseInt(body.inactivityTimeout) || 15,
-        cleanupInterval: parseInt(body.cleanupInterval) || 30,
-        lastSeenRateLimit: parseInt(body.lastSeenRateLimit) || 30,
-        retentionDays: parseInt(body.retentionDays) || 90,
-        enableGeolocation: !!body.enableGeolocation,
-        enableSecurityScoring: !!body.enableSecurityScoring,
-        blockSuspiciousSessions: !!body.blockSuspiciousSessions,
-        maxFailedLogins: parseInt(body.maxFailedLogins) || 5,
-        enableEmailAlerts: !!body.enableEmailAlerts,
-        alertOnSuspiciousLogin: !!body.alertOnSuspiciousLogin,
-        alertOnNewLocation: !!body.alertOnNewLocation,
-        alertOnVpnProxy: !!body.alertOnVpnProxy,
-        enableWebhooks: !!body.enableWebhooks,
-        discordWebhookUrl: String(body.discordWebhookUrl || ''),
-        slackWebhookUrl: String(body.slackWebhookUrl || ''),
-        enableGeofencing: !!body.enableGeofencing,
-        allowedCountries: Array.isArray(body.allowedCountries) ? body.allowedCountries : [],
-        blockedCountries: Array.isArray(body.blockedCountries) ? body.blockedCountries : [],
-        emailTemplates: body.emailTemplates || {
-          suspiciousLogin: { subject: '', html: '', text: '' },
-          newLocation: { subject: '', html: '', text: '' },
-          vpnProxy: { subject: '', html: '', text: '' },
-        },
-      };
-      
-      // Save to database
-      await pluginStore.set({ 
-        key: 'settings', 
-        value: sanitizedSettings 
-      });
-      
-      strapi.log.info('[magic-sessionmanager/settings] Settings updated successfully');
-      
-      ctx.send({ 
-        settings: sanitizedSettings,
-        success: true,
-        message: 'Settings saved successfully!' 
-      });
-    } catch (error) {
-      strapi.log.error('[magic-sessionmanager/settings] Error updating settings:', error);
-      ctx.badRequest('Error saving settings');
-    }
-  },
-};
-

package/server/src/destroy.js

@@ -1,22 +0,0 @@
-'use strict';
-
-const { createLogger } = require('./utils/logger');
-
-module.exports = async ({ strapi }) => {
-  const log = createLogger(strapi);
-  
-  // Stop license pinging
-  if (strapi.licenseGuard && strapi.licenseGuard.pingInterval) {
-    clearInterval(strapi.licenseGuard.pingInterval);
-    log.info('🛑 License pinging stopped');
-  }
-
-  // Stop cleanup interval
-  if (strapi.sessionManagerIntervals && strapi.sessionManagerIntervals.cleanup) {
-    clearInterval(strapi.sessionManagerIntervals.cleanup);
-    log.info('🛑 Session cleanup interval stopped');
-  }
-
-  log.info('[SUCCESS] Plugin cleanup completed');
-};
-

package/server/src/index.js

@@ -1,23 +0,0 @@
-'use strict';
-
-const register = require('./register');
-const bootstrap = require('./bootstrap');
-const destroy = require('./destroy');
-const config = require('./config');
-const contentTypes = require('./content-types');
-const routes = require('./routes');
-const controllers = require('./controllers');
-const services = require('./services');
-const middlewares = require('./middlewares');
-
-module.exports = {
-  register,
-  bootstrap,
-  destroy,
-  config,
-  contentTypes,
-  routes,
-  controllers,
-  services,
-  middlewares,
-};

package/server/src/middlewares/index.js

@@ -1,5 +0,0 @@
-'use strict';
-
-module.exports = {
-  'last-seen': require('./last-seen'),
-};

package/server/src/middlewares/last-seen.js

@@ -1,62 +0,0 @@
-'use strict';
-
-/**
- * lastSeen Middleware
- * Updates user lastSeen and session lastActive on each authenticated request
- * Rate-limited to prevent DB write noise (default: 30 seconds)
- * 
- * [SUCCESS] Migrated to strapi.documents() API (Strapi v5 Best Practice)
- */
-
-const SESSION_UID = 'plugin::magic-sessionmanager.session';
-
-module.exports = ({ strapi, sessionService }) => {
-  return async (ctx, next) => {
-    // BEFORE processing request: Check if user's sessions are active
-    // Strapi v5: Use documentId instead of numeric id for Document Service API
-    if (ctx.state.user && ctx.state.user.documentId) {
-      try {
-        const userId = ctx.state.user.documentId;
-        
-        // Check if user has ANY active sessions
-        const activeSessions = await strapi.documents(SESSION_UID).findMany( {
-          filters: {
-            user: { documentId: userId },
-            isActive: true,
-          },
-          limit: 1,
-        });
-
-        // If user has NO active sessions, reject the request
-        if (!activeSessions || activeSessions.length === 0) {
-          strapi.log.info(`[magic-sessionmanager] [BLOCKED] Blocked request - User ${userId} has no active sessions`);
-          return ctx.unauthorized('All sessions have been terminated. Please login again.');
-        }
-      } catch (err) {
-        strapi.log.debug('[magic-sessionmanager] Error checking active sessions:', err.message);
-        // On error, allow request to continue (fail-open for availability)
-      }
-    }
-
-    // Process request
-    await next();
-
-    // AFTER response: Update activity timestamps if user is authenticated
-    if (ctx.state.user && ctx.state.user.documentId) {
-      try {
-        const userId = ctx.state.user.documentId;
-
-        // Try to find or extract sessionId from context
-        const sessionId = ctx.state.sessionId;
-
-        // Call touch with rate limiting
-        await sessionService.touch({
-          userId,
-          sessionId,
-        });
-      } catch (err) {
-        strapi.log.debug('[magic-sessionmanager] Error updating lastSeen:', err.message);
-      }
-    }
-  };
-};

package/server/src/policies/index.js

@@ -1,3 +0,0 @@
-'use strict';
-
-module.exports = {};

package/server/src/register.js

@@ -1,36 +0,0 @@
-'use strict';
-
-const { createLogger } = require('./utils/logger');
-
-/**
- * Register hook
- * Sessions relation is hidden from UI to keep User interface clean
- * Sessions are accessed via the Session Manager plugin UI components
- */
-module.exports = async ({ strapi }) => {
-  const log = createLogger(strapi);
-  
-  log.info('[START] Plugin registration starting...');
-
-  try {
-    // Get the user content type
-    const userCT = strapi.contentType('plugin::users-permissions.user');
-
-    if (!userCT) {
-      log.error('User content type not found');
-      return;
-    }
-
-    // REMOVE sessions relation from User content type to keep UI clean
-    // Sessions are managed through SessionInfoPanel sidebar instead
-    if (userCT.attributes && userCT.attributes.sessions) {
-      delete userCT.attributes.sessions;
-      log.info('[SUCCESS] Removed sessions field from User content type');
-    }
-
-    log.info('[SUCCESS] Plugin registered successfully');
-    
-  } catch (err) {
-    log.error('[ERROR] Registration error:', err);
-  }
-};

package/server/src/routes/admin.js

@@ -1,149 +0,0 @@
-'use strict';
-
-module.exports = {
-  type: 'admin',
-  routes: [
-    {
-      method: 'GET',
-      path: '/sessions',
-      handler: 'session.getAllSessionsAdmin',
-      config: {
-        policies: ['admin::isAuthenticatedAdmin'],
-        description: 'Get all sessions - active and inactive (admin)',
-      },
-    },
-    {
-      method: 'GET',
-      path: '/sessions/active',
-      handler: 'session.getActiveSessions',
-      config: {
-        policies: ['admin::isAuthenticatedAdmin'],
-        description: 'Get only active sessions (admin)',
-      },
-    },
-    {
-      method: 'GET',
-      path: '/user/:userId/sessions',
-      handler: 'session.getUserSessions',
-      config: {
-        policies: ['admin::isAuthenticatedAdmin'],
-        description: 'Get user sessions (admin)',
-      },
-    },
-    {
-      method: 'POST',
-      path: '/sessions/:sessionId/terminate',
-      handler: 'session.terminateSingleSession',
-      config: {
-        policies: ['admin::isAuthenticatedAdmin'],
-        description: 'Terminate a specific session (admin)',
-      },
-    },
-    {
-      method: 'DELETE',
-      path: '/sessions/:sessionId',
-      handler: 'session.deleteSession',
-      config: {
-        policies: ['admin::isAuthenticatedAdmin'],
-        description: 'Delete a single session permanently (admin)',
-      },
-    },
-    {
-      method: 'POST',
-      path: '/sessions/clean-inactive',
-      handler: 'session.cleanInactiveSessions',
-      config: {
-        policies: ['admin::isAuthenticatedAdmin'],
-        description: 'Delete all inactive sessions from database (admin)',
-      },
-    },
-    {
-      method: 'POST',
-      path: '/user/:userId/terminate-all',
-      handler: 'session.terminateAllUserSessions',
-      config: {
-        policies: ['admin::isAuthenticatedAdmin'],
-        description: 'Terminate all sessions for a user (admin)',
-      },
-    },
-    {
-      method: 'POST',
-      path: '/user/:userId/toggle-block',
-      handler: 'session.toggleUserBlock',
-      config: {
-        policies: ['admin::isAuthenticatedAdmin'],
-        description: 'Toggle user blocked status (admin)',
-      },
-    },
-    // License Management
-    {
-      method: 'GET',
-      path: '/license/status',
-      handler: 'license.getStatus',
-      config: {
-        policies: [],
-      },
-    },
-    {
-      method: 'POST',
-      path: '/license/auto-create',
-      handler: 'license.autoCreate',
-      config: {
-        policies: [],
-      },
-    },
-    {
-      method: 'POST',
-      path: '/license/create',
-      handler: 'license.createAndActivate',
-      config: {
-        policies: [],
-      },
-    },
-    {
-      method: 'POST',
-      path: '/license/ping',
-      handler: 'license.ping',
-      config: {
-        policies: [],
-      },
-    },
-    {
-      method: 'POST',
-      path: '/license/store-key',
-      handler: 'license.storeKey',
-      config: {
-        policies: [],
-      },
-    },
-    // Geolocation (Premium Feature)
-    {
-      method: 'GET',
-      path: '/geolocation/:ipAddress',
-      handler: 'session.getIpGeolocation',
-      config: {
-        policies: ['admin::isAuthenticatedAdmin'],
-        description: 'Get IP geolocation data (Premium feature)',
-      },
-    },
-    // Settings Management
-    {
-      method: 'GET',
-      path: '/settings',
-      handler: 'settings.getSettings',
-      config: {
-        policies: ['admin::isAuthenticatedAdmin'],
-        description: 'Get plugin settings',
-      },
-    },
-    {
-      method: 'PUT',
-      path: '/settings',
-      handler: 'settings.updateSettings',
-      config: {
-        policies: ['admin::isAuthenticatedAdmin'],
-        description: 'Update plugin settings',
-      },
-    },
-  ],
-};

package/server/src/routes/content-api.js

@@ -1,60 +0,0 @@
-'use strict';
-
-/**
- * Content API Routes for Magic Session Manager
- * 
- * SECURITY: All routes require authentication
- * - User can only access their own sessions
- * - Admin routes are in admin.js
- */
-
-module.exports = {
-  type: 'content-api',
-  routes: [
-    // ============================================================
-    // LOGOUT ENDPOINTS
-    // ============================================================
-    
-    {
-      method: 'POST',
-      path: '/logout',
-      handler: 'session.logout',
-    config: {
-        auth: { strategies: ['users-permissions'] },
-        description: 'Logout current session (requires JWT)',
-      },
-    },
-    {
-      method: 'POST',
-      path: '/logout-all',
-      handler: 'session.logoutAll',
-      config: {
-        auth: { strategies: ['users-permissions'] },
-        description: 'Logout from all devices (requires JWT)',
-      },
-    },
-    
-    // ============================================================
-    // SESSION QUERIES
-    // ============================================================
-    
-    {
-      method: 'GET',
-      path: '/my-sessions',
-      handler: 'session.getOwnSessions',
-      config: {
-        auth: { strategies: ['users-permissions'] },
-        description: 'Get own sessions (automatically uses authenticated user)',
-      },
-    },
-    {
-      method: 'GET',
-      path: '/user/:userId/sessions',
-      handler: 'session.getUserSessions',
-      config: {
-        auth: { strategies: ['users-permissions'] },
-        description: 'Get sessions by userId (validates user can only see own sessions)',
-      },
-    },
-  ],
-};

package/server/src/routes/index.js

@@ -1,9 +0,0 @@
-'use strict';
-
-const contentApi = require('./content-api');
-const admin = require('./admin');
-
-module.exports = {
-  admin,
-  'content-api': contentApi,
-};

package/server/src/services/geolocation.js

@@ -1,182 +0,0 @@
-/**
- * IP Geolocation Service
- * Uses ipapi.co for accurate IP information
- * Free tier: 30,000 requests/month
- * 
- * Premium features:
- * - Country, City, Region
- * - Timezone
- * - VPN/Proxy/Threat detection
- * - Security scoring
- */
-
-module.exports = ({ strapi }) => ({
-  /**
-   * Get IP information from ipapi.co
-   * @param {string} ipAddress - IP to lookup
-   * @returns {Promise<Object>} Geolocation data
-   */
-  async getIpInfo(ipAddress) {
-    try {
-      // Skip localhost/private IPs
-      if (!ipAddress || ipAddress === '127.0.0.1' || ipAddress === '::1' || ipAddress.startsWith('192.168.') || ipAddress.startsWith('10.')) {
-        return {
-          ip: ipAddress,
-          country: 'Local Network',
-          country_code: 'XX',
-          country_flag: '🏠',
-          city: 'Localhost',
-          region: 'Private Network',
-          timezone: Intl.DateTimeFormat().resolvedOptions().timeZone,
-          latitude: null,
-          longitude: null,
-          isVpn: false,
-          isProxy: false,
-          isThreat: false,
-          securityScore: 100,
-          riskLevel: 'None',
-        };
-      }
-
-      // Call ipapi.co API
-      const response = await fetch(`https://ipapi.co/${ipAddress}/json/`, {
-        method: 'GET',
-        headers: {
-          'User-Agent': 'Strapi-Magic-SessionManager/1.0',
-        },
-      });
-
-      if (!response.ok) {
-        throw new Error(`API returned ${response.status}`);
-      }
-
-      const data = await response.json();
-
-      // Check for rate limit
-      if (data.error) {
-        strapi.log.warn(`[magic-sessionmanager/geolocation] API Error: ${data.reason}`);
-        return this.getFallbackData(ipAddress);
-      }
-
-      // Parse and return structured data
-      const result = {
-        ip: data.ip,
-        country: data.country_name,
-        country_code: data.country_code,
-        country_flag: this.getCountryFlag(data.country_code),
-        city: data.city,
-        region: data.region,
-        timezone: data.timezone,
-        latitude: data.latitude,
-        longitude: data.longitude,
-        postal: data.postal,
-        org: data.org,
-        asn: data.asn,
-        
-        // Security features (available in ipapi.co response)
-        isVpn: data.threat?.is_vpn || false,
-        isProxy: data.threat?.is_proxy || false,
-        isThreat: data.threat?.is_threat || false,
-        isAnonymous: data.threat?.is_anonymous || false,
-        isTor: data.threat?.is_tor || false,
-        
-        // Calculate security score (0-100, higher is safer)
-        securityScore: this.calculateSecurityScore({
-          isVpn: data.threat?.is_vpn,
-          isProxy: data.threat?.is_proxy,
-          isThreat: data.threat?.is_threat,
-          isAnonymous: data.threat?.is_anonymous,
-          isTor: data.threat?.is_tor,
-        }),
-        
-        riskLevel: this.getRiskLevel({
-          isVpn: data.threat?.is_vpn,
-          isProxy: data.threat?.is_proxy,
-          isThreat: data.threat?.is_threat,
-        }),
-      };
-
-      strapi.log.debug(`[magic-sessionmanager/geolocation] IP ${ipAddress}: ${result.city}, ${result.country} (Score: ${result.securityScore})`);
-
-      return result;
-    } catch (error) {
-      strapi.log.error(`[magic-sessionmanager/geolocation] Error fetching IP info for ${ipAddress}:`, error.message);
-      return this.getFallbackData(ipAddress);
-    }
-  },
-
-  /**
-   * Calculate security score based on threat indicators
-   */
-  calculateSecurityScore({ isVpn, isProxy, isThreat, isAnonymous, isTor }) {
-    let score = 100;
-    
-    if (isTor) score -= 50;          // Tor = sehr verdächtig
-    if (isThreat) score -= 40;       // Known threat
-    if (isVpn) score -= 20;          // VPN = moderate risk
-    if (isProxy) score -= 15;        // Proxy = low-moderate risk
-    if (isAnonymous) score -= 10;    // Anonymous service
-    
-    return Math.max(0, score);
-  },
-
-  /**
-   * Get risk level based on indicators
-   */
-  getRiskLevel({ isVpn, isProxy, isThreat }) {
-    if (isThreat) return 'High';
-    if (isVpn && isProxy) return 'Medium-High';
-    if (isVpn || isProxy) return 'Medium';
-    return 'Low';
-  },
-
-  /**
-   * Get country flag emoji
-   * @param {string} countryCode - ISO 2-letter country code
-   * @returns {string} Flag emoji or empty string
-   */
-  getCountryFlag(countryCode) {
-    if (!countryCode) return '';
-    
-    // Convert country code to flag emoji
-    const codePoints = countryCode
-      .toUpperCase()
-      .split('')
-      .map(char => 127397 + char.charCodeAt());
-    
-    return String.fromCodePoint(...codePoints);
-  },
-
-  /**
-   * Fallback data when API fails
-   */
-  getFallbackData(ipAddress) {
-    return {
-      ip: ipAddress,
-      country: 'Unknown',
-      country_code: 'XX',
-      country_flag: '[GEO]',
-      city: 'Unknown',
-      region: 'Unknown',
-      timezone: 'Unknown',
-      latitude: null,
-      longitude: null,
-      isVpn: false,
-      isProxy: false,
-      isThreat: false,
-      securityScore: 50,
-      riskLevel: 'Unknown',
-    };
-  },
-
-  /**
-   * Batch lookup multiple IPs (for efficiency)
-   */
-  async batchGetIpInfo(ipAddresses) {
-    const results = await Promise.all(
-      ipAddresses.map(ip => this.getIpInfo(ip))
-    );
-    return results;
-  },
-});
-

package/server/src/services/index.js

@@ -1,13 +0,0 @@
-'use strict';
-
-const session = require('./session');
-const licenseGuard = require('./license-guard');
-const geolocation = require('./geolocation');
-const notifications = require('./notifications');
-
-module.exports = {
-  session,
-  'license-guard': licenseGuard,
-  geolocation,
-  notifications,
-};