strapi-plugin-magic-sessionmanager 4.2.6 → 4.2.8

package/dist/server/index.js

@@ -179,7 +179,7 @@ function encryptToken$2(token) {
     throw new Error("Failed to encrypt token");
   }
 }
-function decryptToken$3(encryptedToken) {
+function decryptToken$4(encryptedToken) {
   if (!encryptedToken) return null;
   try {
     const key = getEncryptionKey();
@@ -208,39 +208,96 @@ function generateSessionId$1(userId) {
 }
 var encryption = {
   encryptToken: encryptToken$2,
-  decryptToken: decryptToken$3,
+  decryptToken: decryptToken$4,
   generateSessionId: generateSessionId$1
 };
 const SESSION_UID$3 = "plugin::magic-sessionmanager.session";
+const { decryptToken: decryptToken$3 } = encryption;
+const lastTouchCache = /* @__PURE__ */ new Map();
 var lastSeen = ({ strapi: strapi2, sessionService }) => {
   return async (ctx, next) => {
-    if (ctx.state.user && ctx.state.user.documentId) {
-      try {
-        const userId = ctx.state.user.documentId;
+    const currentToken = ctx.request.headers.authorization?.replace("Bearer ", "");
+    if (!currentToken) {
+      await next();
+      return;
+    }
+    const skipPaths = ["/admin", "/_health", "/favicon.ico"];
+    if (skipPaths.some((p) => ctx.path.startsWith(p))) {
+      await next();
+      return;
+    }
+    let matchingSession = null;
+    let userId = null;
+    try {
+      if (ctx.state.user && ctx.state.user.documentId) {
+        userId = ctx.state.user.documentId;
         const activeSessions = await strapi2.documents(SESSION_UID$3).findMany({
           filters: {
             user: { documentId: userId },
             isActive: true
-          },
-          limit: 1
+          }
         });
         if (!activeSessions || activeSessions.length === 0) {
-          strapi2.log.info(`[magic-sessionmanager] [BLOCKED] Blocked request - User ${userId} has no active sessions`);
+          strapi2.log.info(`[magic-sessionmanager] [BLOCKED] User ${userId} has no active sessions`);
           return ctx.unauthorized("All sessions have been terminated. Please login again.");
         }
-      } catch (err) {
-        strapi2.log.debug("[magic-sessionmanager] Error checking active sessions:", err.message);
+        for (const session2 of activeSessions) {
+          if (!session2.token) continue;
+          try {
+            const decrypted = decryptToken$3(session2.token);
+            if (decrypted === currentToken) {
+              matchingSession = session2;
+              break;
+            }
+          } catch (err) {
+          }
+        }
+        if (!matchingSession) {
+          strapi2.log.info(`[magic-sessionmanager] [BLOCKED] Session for user ${userId} has been terminated`);
+          return ctx.unauthorized("This session has been terminated. Please login again.");
+        }
+      } else {
+        const allActiveSessions = await strapi2.documents(SESSION_UID$3).findMany({
+          filters: { isActive: true },
+          populate: { user: { fields: ["documentId"] } },
+          limit: 500
+          // Reasonable limit for performance
+        });
+        for (const session2 of allActiveSessions) {
+          if (!session2.token) continue;
+          try {
+            const decrypted = decryptToken$3(session2.token);
+            if (decrypted === currentToken) {
+              matchingSession = session2;
+              userId = session2.user?.documentId;
+              break;
+            }
+          } catch (err) {
+          }
+        }
+      }
+      if (matchingSession) {
+        ctx.state.sessionId = matchingSession.documentId;
+        ctx.state.currentSession = matchingSession;
       }
+    } catch (err) {
+      strapi2.log.debug("[magic-sessionmanager] Error checking session:", err.message);
     }
     await next();
-    if (ctx.state.user && ctx.state.user.documentId) {
+    if (matchingSession) {
       try {
-        const userId = ctx.state.user.documentId;
-        const sessionId = ctx.state.sessionId;
-        await sessionService.touch({
-          userId,
-          sessionId
-        });
+        const config2 = strapi2.config.get("plugin::magic-sessionmanager") || {};
+        const rateLimit = config2.lastSeenRateLimit || 3e4;
+        const now = Date.now();
+        const lastTouch = lastTouchCache.get(matchingSession.documentId) || 0;
+        if (now - lastTouch > rateLimit) {
+          lastTouchCache.set(matchingSession.documentId, now);
+          await strapi2.documents(SESSION_UID$3).update({
+            documentId: matchingSession.documentId,
+            data: { lastActive: /* @__PURE__ */ new Date() }
+          });
+          strapi2.log.debug(`[magic-sessionmanager] [TOUCH] Session ${matchingSession.documentId} activity updated`);
+        }
       } catch (err) {
         strapi2.log.debug("[magic-sessionmanager] Error updating lastSeen:", err.message);
       }
@@ -562,9 +619,13 @@ var bootstrap$1 = async ({ strapi: strapi2 }) => {
 };
 async function ensureContentApiPermissions(strapi2, log) {
   try {
-    const authenticatedRole = await strapi2.query("plugin::users-permissions.role").findOne({
-      where: { type: "authenticated" }
+    const ROLE_UID = "plugin::users-permissions.role";
+    const PERMISSION_UID = "plugin::users-permissions.permission";
+    const roles = await strapi2.entityService.findMany(ROLE_UID, {
+      filters: { type: "authenticated" },
+      limit: 1
     });
+    const authenticatedRole = roles?.[0];
     if (!authenticatedRole) {
       log.warn("Authenticated role not found - skipping permission setup");
       return;
@@ -573,10 +634,12 @@ async function ensureContentApiPermissions(strapi2, log) {
       "plugin::magic-sessionmanager.session.logout",
       "plugin::magic-sessionmanager.session.logoutAll",
       "plugin::magic-sessionmanager.session.getOwnSessions",
-      "plugin::magic-sessionmanager.session.getUserSessions"
+      "plugin::magic-sessionmanager.session.getUserSessions",
+      "plugin::magic-sessionmanager.session.getCurrentSession",
+      "plugin::magic-sessionmanager.session.terminateOwnSession"
     ];
-    const existingPermissions = await strapi2.query("plugin::users-permissions.permission").findMany({
-      where: {
+    const existingPermissions = await strapi2.entityService.findMany(PERMISSION_UID, {
+      filters: {
         role: authenticatedRole.id,
         action: { $in: requiredActions }
       }
@@ -588,7 +651,7 @@ async function ensureContentApiPermissions(strapi2, log) {
       return;
     }
     for (const action of missingActions) {
-      await strapi2.query("plugin::users-permissions.permission").create({
+      await strapi2.entityService.create(PERMISSION_UID, {
         data: {
           action,
           role: authenticatedRole.id
@@ -767,6 +830,15 @@ var contentApi$1 = {
         description: "Get own sessions (automatically uses authenticated user)"
       }
     },
+    {
+      method: "GET",
+      path: "/current-session",
+      handler: "session.getCurrentSession",
+      config: {
+        auth: { strategies: ["users-permissions"] },
+        description: "Get current session info based on JWT token"
+      }
+    },
     {
       method: "GET",
       path: "/user/:userId/sessions",
@@ -775,6 +847,18 @@ var contentApi$1 = {
         auth: { strategies: ["users-permissions"] },
         description: "Get sessions by userId (validates user can only see own sessions)"
       }
+    },
+    // ============================================================
+    // SESSION MANAGEMENT (for own sessions only)
+    // ============================================================
+    {
+      method: "DELETE",
+      path: "/my-sessions/:sessionId",
+      handler: "session.terminateOwnSession",
+      config: {
+        auth: { strategies: ["users-permissions"] },
+        description: "Terminate a specific own session (not current)"
+      }
     }
   ]
 };
@@ -977,19 +1061,52 @@ var session$3 = {
    * Get own sessions (authenticated user)
    * GET /api/magic-sessionmanager/my-sessions
    * Automatically uses the authenticated user's documentId
+   * Marks which session is the current one (based on JWT token)
    */
   async getOwnSessions(ctx) {
     try {
       const userId = ctx.state.user?.documentId;
+      const currentToken = ctx.request.headers.authorization?.replace("Bearer ", "");
       if (!userId) {
         return ctx.throw(401, "Unauthorized");
       }
-      const sessionService = strapi.plugin("magic-sessionmanager").service("session");
-      const sessions = await sessionService.getUserSessions(userId);
+      const allSessions = await strapi.documents(SESSION_UID$1).findMany({
+        filters: { user: { documentId: userId } },
+        sort: { loginTime: "desc" }
+      });
+      const config2 = strapi.config.get("plugin::magic-sessionmanager") || {};
+      const inactivityTimeout = config2.inactivityTimeout || 15 * 60 * 1e3;
+      const now = /* @__PURE__ */ new Date();
+      const sessionsWithCurrent = allSessions.map((session2) => {
+        const lastActiveTime = session2.lastActive ? new Date(session2.lastActive) : new Date(session2.loginTime);
+        const timeSinceActive = now - lastActiveTime;
+        const isTrulyActive = session2.isActive && timeSinceActive < inactivityTimeout;
+        let isCurrentSession = false;
+        if (session2.token && currentToken) {
+          try {
+            const decrypted = decryptToken$1(session2.token);
+            isCurrentSession = decrypted === currentToken;
+          } catch (err) {
+          }
+        }
+        const { token, refreshToken, ...sessionWithoutTokens } = session2;
+        return {
+          ...sessionWithoutTokens,
+          isCurrentSession,
+          isTrulyActive,
+          minutesSinceActive: Math.floor(timeSinceActive / 1e3 / 60)
+        };
+      });
+      sessionsWithCurrent.sort((a, b) => {
+        if (a.isCurrentSession) return -1;
+        if (b.isCurrentSession) return 1;
+        return new Date(b.loginTime) - new Date(a.loginTime);
+      });
       ctx.body = {
-        data: sessions,
+        data: sessionsWithCurrent,
         meta: {
-          count: sessions.length
+          count: sessionsWithCurrent.length,
+          active: sessionsWithCurrent.filter((s) => s.isTrulyActive).length
         }
       };
     } catch (err) {
@@ -1084,6 +1201,104 @@ var session$3 = {
       ctx.throw(500, "Error during logout");
     }
   },
+  /**
+   * Get current session info based on JWT token
+   * GET /api/magic-sessionmanager/current-session
+   * Returns the session associated with the current JWT token
+   */
+  async getCurrentSession(ctx) {
+    try {
+      const userId = ctx.state.user?.documentId;
+      const token = ctx.request.headers.authorization?.replace("Bearer ", "");
+      if (!userId || !token) {
+        return ctx.throw(401, "Unauthorized");
+      }
+      const sessions = await strapi.documents(SESSION_UID$1).findMany({
+        filters: {
+          user: { documentId: userId },
+          isActive: true
+        }
+      });
+      const currentSession = sessions.find((session2) => {
+        if (!session2.token) return false;
+        try {
+          const decrypted = decryptToken$1(session2.token);
+          return decrypted === token;
+        } catch (err) {
+          return false;
+        }
+      });
+      if (!currentSession) {
+        return ctx.notFound("Current session not found");
+      }
+      const config2 = strapi.config.get("plugin::magic-sessionmanager") || {};
+      const inactivityTimeout = config2.inactivityTimeout || 15 * 60 * 1e3;
+      const now = /* @__PURE__ */ new Date();
+      const lastActiveTime = currentSession.lastActive ? new Date(currentSession.lastActive) : new Date(currentSession.loginTime);
+      const timeSinceActive = now - lastActiveTime;
+      const { token: _, refreshToken: __, ...sessionWithoutTokens } = currentSession;
+      ctx.body = {
+        data: {
+          ...sessionWithoutTokens,
+          isCurrentSession: true,
+          isTrulyActive: timeSinceActive < inactivityTimeout,
+          minutesSinceActive: Math.floor(timeSinceActive / 1e3 / 60)
+        }
+      };
+    } catch (err) {
+      strapi.log.error("[magic-sessionmanager] Error getting current session:", err);
+      ctx.throw(500, "Error fetching current session");
+    }
+  },
+  /**
+   * Terminate a specific own session (not the current one)
+   * DELETE /api/magic-sessionmanager/my-sessions/:sessionId
+   * SECURITY: User can only terminate their OWN sessions
+   */
+  async terminateOwnSession(ctx) {
+    try {
+      const userId = ctx.state.user?.documentId;
+      const { sessionId } = ctx.params;
+      const currentToken = ctx.request.headers.authorization?.replace("Bearer ", "");
+      if (!userId) {
+        return ctx.throw(401, "Unauthorized");
+      }
+      if (!sessionId) {
+        return ctx.badRequest("Session ID is required");
+      }
+      const sessionToTerminate = await strapi.documents(SESSION_UID$1).findOne({
+        documentId: sessionId,
+        populate: { user: { fields: ["documentId"] } }
+      });
+      if (!sessionToTerminate) {
+        return ctx.notFound("Session not found");
+      }
+      const sessionUserId = sessionToTerminate.user?.documentId;
+      if (sessionUserId !== userId) {
+        strapi.log.warn(`[magic-sessionmanager] Security: User ${userId} tried to terminate session ${sessionId} of user ${sessionUserId}`);
+        return ctx.forbidden("You can only terminate your own sessions");
+      }
+      if (sessionToTerminate.token && currentToken) {
+        try {
+          const decrypted = decryptToken$1(sessionToTerminate.token);
+          if (decrypted === currentToken) {
+            return ctx.badRequest("Cannot terminate current session. Use /logout instead.");
+          }
+        } catch (err) {
+        }
+      }
+      const sessionService = strapi.plugin("magic-sessionmanager").service("session");
+      await sessionService.terminateSession({ sessionId });
+      strapi.log.info(`[magic-sessionmanager] User ${userId} terminated own session ${sessionId}`);
+      ctx.body = {
+        message: `Session ${sessionId} terminated successfully`,
+        success: true
+      };
+    } catch (err) {
+      strapi.log.error("[magic-sessionmanager] Error terminating own session:", err);
+      ctx.throw(500, "Error terminating session");
+    }
+  },
   /**
    * Terminate specific session
    * DELETE /magic-sessionmanager/sessions/:sessionId
@@ -1862,7 +2077,7 @@ var session$1 = ({ strapi: strapi2 }) => {
     }
   };
 };
-const version = "4.2.5";
+const version = "4.2.7";
 const require$$2 = {
   version
 };

package/dist/server/index.mjs

@@ -175,7 +175,7 @@ function encryptToken$2(token) {
     throw new Error("Failed to encrypt token");
   }
 }
-function decryptToken$3(encryptedToken) {
+function decryptToken$4(encryptedToken) {
   if (!encryptedToken) return null;
   try {
     const key = getEncryptionKey();
@@ -204,39 +204,96 @@ function generateSessionId$1(userId) {
 }
 var encryption = {
   encryptToken: encryptToken$2,
-  decryptToken: decryptToken$3,
+  decryptToken: decryptToken$4,
   generateSessionId: generateSessionId$1
 };
 const SESSION_UID$3 = "plugin::magic-sessionmanager.session";
+const { decryptToken: decryptToken$3 } = encryption;
+const lastTouchCache = /* @__PURE__ */ new Map();
 var lastSeen = ({ strapi: strapi2, sessionService }) => {
   return async (ctx, next) => {
-    if (ctx.state.user && ctx.state.user.documentId) {
-      try {
-        const userId = ctx.state.user.documentId;
+    const currentToken = ctx.request.headers.authorization?.replace("Bearer ", "");
+    if (!currentToken) {
+      await next();
+      return;
+    }
+    const skipPaths = ["/admin", "/_health", "/favicon.ico"];
+    if (skipPaths.some((p) => ctx.path.startsWith(p))) {
+      await next();
+      return;
+    }
+    let matchingSession = null;
+    let userId = null;
+    try {
+      if (ctx.state.user && ctx.state.user.documentId) {
+        userId = ctx.state.user.documentId;
         const activeSessions = await strapi2.documents(SESSION_UID$3).findMany({
           filters: {
             user: { documentId: userId },
             isActive: true
-          },
-          limit: 1
+          }
         });
         if (!activeSessions || activeSessions.length === 0) {
-          strapi2.log.info(`[magic-sessionmanager] [BLOCKED] Blocked request - User ${userId} has no active sessions`);
+          strapi2.log.info(`[magic-sessionmanager] [BLOCKED] User ${userId} has no active sessions`);
           return ctx.unauthorized("All sessions have been terminated. Please login again.");
         }
-      } catch (err) {
-        strapi2.log.debug("[magic-sessionmanager] Error checking active sessions:", err.message);
+        for (const session2 of activeSessions) {
+          if (!session2.token) continue;
+          try {
+            const decrypted = decryptToken$3(session2.token);
+            if (decrypted === currentToken) {
+              matchingSession = session2;
+              break;
+            }
+          } catch (err) {
+          }
+        }
+        if (!matchingSession) {
+          strapi2.log.info(`[magic-sessionmanager] [BLOCKED] Session for user ${userId} has been terminated`);
+          return ctx.unauthorized("This session has been terminated. Please login again.");
+        }
+      } else {
+        const allActiveSessions = await strapi2.documents(SESSION_UID$3).findMany({
+          filters: { isActive: true },
+          populate: { user: { fields: ["documentId"] } },
+          limit: 500
+          // Reasonable limit for performance
+        });
+        for (const session2 of allActiveSessions) {
+          if (!session2.token) continue;
+          try {
+            const decrypted = decryptToken$3(session2.token);
+            if (decrypted === currentToken) {
+              matchingSession = session2;
+              userId = session2.user?.documentId;
+              break;
+            }
+          } catch (err) {
+          }
+        }
+      }
+      if (matchingSession) {
+        ctx.state.sessionId = matchingSession.documentId;
+        ctx.state.currentSession = matchingSession;
       }
+    } catch (err) {
+      strapi2.log.debug("[magic-sessionmanager] Error checking session:", err.message);
     }
     await next();
-    if (ctx.state.user && ctx.state.user.documentId) {
+    if (matchingSession) {
       try {
-        const userId = ctx.state.user.documentId;
-        const sessionId = ctx.state.sessionId;
-        await sessionService.touch({
-          userId,
-          sessionId
-        });
+        const config2 = strapi2.config.get("plugin::magic-sessionmanager") || {};
+        const rateLimit = config2.lastSeenRateLimit || 3e4;
+        const now = Date.now();
+        const lastTouch = lastTouchCache.get(matchingSession.documentId) || 0;
+        if (now - lastTouch > rateLimit) {
+          lastTouchCache.set(matchingSession.documentId, now);
+          await strapi2.documents(SESSION_UID$3).update({
+            documentId: matchingSession.documentId,
+            data: { lastActive: /* @__PURE__ */ new Date() }
+          });
+          strapi2.log.debug(`[magic-sessionmanager] [TOUCH] Session ${matchingSession.documentId} activity updated`);
+        }
       } catch (err) {
         strapi2.log.debug("[magic-sessionmanager] Error updating lastSeen:", err.message);
       }
@@ -558,9 +615,13 @@ var bootstrap$1 = async ({ strapi: strapi2 }) => {
 };
 async function ensureContentApiPermissions(strapi2, log) {
   try {
-    const authenticatedRole = await strapi2.query("plugin::users-permissions.role").findOne({
-      where: { type: "authenticated" }
+    const ROLE_UID = "plugin::users-permissions.role";
+    const PERMISSION_UID = "plugin::users-permissions.permission";
+    const roles = await strapi2.entityService.findMany(ROLE_UID, {
+      filters: { type: "authenticated" },
+      limit: 1
     });
+    const authenticatedRole = roles?.[0];
     if (!authenticatedRole) {
       log.warn("Authenticated role not found - skipping permission setup");
       return;
@@ -569,10 +630,12 @@ async function ensureContentApiPermissions(strapi2, log) {
       "plugin::magic-sessionmanager.session.logout",
       "plugin::magic-sessionmanager.session.logoutAll",
       "plugin::magic-sessionmanager.session.getOwnSessions",
-      "plugin::magic-sessionmanager.session.getUserSessions"
+      "plugin::magic-sessionmanager.session.getUserSessions",
+      "plugin::magic-sessionmanager.session.getCurrentSession",
+      "plugin::magic-sessionmanager.session.terminateOwnSession"
     ];
-    const existingPermissions = await strapi2.query("plugin::users-permissions.permission").findMany({
-      where: {
+    const existingPermissions = await strapi2.entityService.findMany(PERMISSION_UID, {
+      filters: {
         role: authenticatedRole.id,
         action: { $in: requiredActions }
       }
@@ -584,7 +647,7 @@ async function ensureContentApiPermissions(strapi2, log) {
       return;
     }
     for (const action of missingActions) {
-      await strapi2.query("plugin::users-permissions.permission").create({
+      await strapi2.entityService.create(PERMISSION_UID, {
         data: {
           action,
           role: authenticatedRole.id
@@ -763,6 +826,15 @@ var contentApi$1 = {
         description: "Get own sessions (automatically uses authenticated user)"
       }
     },
+    {
+      method: "GET",
+      path: "/current-session",
+      handler: "session.getCurrentSession",
+      config: {
+        auth: { strategies: ["users-permissions"] },
+        description: "Get current session info based on JWT token"
+      }
+    },
     {
       method: "GET",
       path: "/user/:userId/sessions",
@@ -771,6 +843,18 @@ var contentApi$1 = {
         auth: { strategies: ["users-permissions"] },
         description: "Get sessions by userId (validates user can only see own sessions)"
       }
+    },
+    // ============================================================
+    // SESSION MANAGEMENT (for own sessions only)
+    // ============================================================
+    {
+      method: "DELETE",
+      path: "/my-sessions/:sessionId",
+      handler: "session.terminateOwnSession",
+      config: {
+        auth: { strategies: ["users-permissions"] },
+        description: "Terminate a specific own session (not current)"
+      }
     }
   ]
 };
@@ -973,19 +1057,52 @@ var session$3 = {
    * Get own sessions (authenticated user)
    * GET /api/magic-sessionmanager/my-sessions
    * Automatically uses the authenticated user's documentId
+   * Marks which session is the current one (based on JWT token)
    */
   async getOwnSessions(ctx) {
     try {
       const userId = ctx.state.user?.documentId;
+      const currentToken = ctx.request.headers.authorization?.replace("Bearer ", "");
       if (!userId) {
         return ctx.throw(401, "Unauthorized");
       }
-      const sessionService = strapi.plugin("magic-sessionmanager").service("session");
-      const sessions = await sessionService.getUserSessions(userId);
+      const allSessions = await strapi.documents(SESSION_UID$1).findMany({
+        filters: { user: { documentId: userId } },
+        sort: { loginTime: "desc" }
+      });
+      const config2 = strapi.config.get("plugin::magic-sessionmanager") || {};
+      const inactivityTimeout = config2.inactivityTimeout || 15 * 60 * 1e3;
+      const now = /* @__PURE__ */ new Date();
+      const sessionsWithCurrent = allSessions.map((session2) => {
+        const lastActiveTime = session2.lastActive ? new Date(session2.lastActive) : new Date(session2.loginTime);
+        const timeSinceActive = now - lastActiveTime;
+        const isTrulyActive = session2.isActive && timeSinceActive < inactivityTimeout;
+        let isCurrentSession = false;
+        if (session2.token && currentToken) {
+          try {
+            const decrypted = decryptToken$1(session2.token);
+            isCurrentSession = decrypted === currentToken;
+          } catch (err) {
+          }
+        }
+        const { token, refreshToken, ...sessionWithoutTokens } = session2;
+        return {
+          ...sessionWithoutTokens,
+          isCurrentSession,
+          isTrulyActive,
+          minutesSinceActive: Math.floor(timeSinceActive / 1e3 / 60)
+        };
+      });
+      sessionsWithCurrent.sort((a, b) => {
+        if (a.isCurrentSession) return -1;
+        if (b.isCurrentSession) return 1;
+        return new Date(b.loginTime) - new Date(a.loginTime);
+      });
       ctx.body = {
-        data: sessions,
+        data: sessionsWithCurrent,
         meta: {
-          count: sessions.length
+          count: sessionsWithCurrent.length,
+          active: sessionsWithCurrent.filter((s) => s.isTrulyActive).length
         }
       };
     } catch (err) {
@@ -1080,6 +1197,104 @@ var session$3 = {
       ctx.throw(500, "Error during logout");
     }
   },
+  /**
+   * Get current session info based on JWT token
+   * GET /api/magic-sessionmanager/current-session
+   * Returns the session associated with the current JWT token
+   */
+  async getCurrentSession(ctx) {
+    try {
+      const userId = ctx.state.user?.documentId;
+      const token = ctx.request.headers.authorization?.replace("Bearer ", "");
+      if (!userId || !token) {
+        return ctx.throw(401, "Unauthorized");
+      }
+      const sessions = await strapi.documents(SESSION_UID$1).findMany({
+        filters: {
+          user: { documentId: userId },
+          isActive: true
+        }
+      });
+      const currentSession = sessions.find((session2) => {
+        if (!session2.token) return false;
+        try {
+          const decrypted = decryptToken$1(session2.token);
+          return decrypted === token;
+        } catch (err) {
+          return false;
+        }
+      });
+      if (!currentSession) {
+        return ctx.notFound("Current session not found");
+      }
+      const config2 = strapi.config.get("plugin::magic-sessionmanager") || {};
+      const inactivityTimeout = config2.inactivityTimeout || 15 * 60 * 1e3;
+      const now = /* @__PURE__ */ new Date();
+      const lastActiveTime = currentSession.lastActive ? new Date(currentSession.lastActive) : new Date(currentSession.loginTime);
+      const timeSinceActive = now - lastActiveTime;
+      const { token: _, refreshToken: __, ...sessionWithoutTokens } = currentSession;
+      ctx.body = {
+        data: {
+          ...sessionWithoutTokens,
+          isCurrentSession: true,
+          isTrulyActive: timeSinceActive < inactivityTimeout,
+          minutesSinceActive: Math.floor(timeSinceActive / 1e3 / 60)
+        }
+      };
+    } catch (err) {
+      strapi.log.error("[magic-sessionmanager] Error getting current session:", err);
+      ctx.throw(500, "Error fetching current session");
+    }
+  },
+  /**
+   * Terminate a specific own session (not the current one)
+   * DELETE /api/magic-sessionmanager/my-sessions/:sessionId
+   * SECURITY: User can only terminate their OWN sessions
+   */
+  async terminateOwnSession(ctx) {
+    try {
+      const userId = ctx.state.user?.documentId;
+      const { sessionId } = ctx.params;
+      const currentToken = ctx.request.headers.authorization?.replace("Bearer ", "");
+      if (!userId) {
+        return ctx.throw(401, "Unauthorized");
+      }
+      if (!sessionId) {
+        return ctx.badRequest("Session ID is required");
+      }
+      const sessionToTerminate = await strapi.documents(SESSION_UID$1).findOne({
+        documentId: sessionId,
+        populate: { user: { fields: ["documentId"] } }
+      });
+      if (!sessionToTerminate) {
+        return ctx.notFound("Session not found");
+      }
+      const sessionUserId = sessionToTerminate.user?.documentId;
+      if (sessionUserId !== userId) {
+        strapi.log.warn(`[magic-sessionmanager] Security: User ${userId} tried to terminate session ${sessionId} of user ${sessionUserId}`);
+        return ctx.forbidden("You can only terminate your own sessions");
+      }
+      if (sessionToTerminate.token && currentToken) {
+        try {
+          const decrypted = decryptToken$1(sessionToTerminate.token);
+          if (decrypted === currentToken) {
+            return ctx.badRequest("Cannot terminate current session. Use /logout instead.");
+          }
+        } catch (err) {
+        }
+      }
+      const sessionService = strapi.plugin("magic-sessionmanager").service("session");
+      await sessionService.terminateSession({ sessionId });
+      strapi.log.info(`[magic-sessionmanager] User ${userId} terminated own session ${sessionId}`);
+      ctx.body = {
+        message: `Session ${sessionId} terminated successfully`,
+        success: true
+      };
+    } catch (err) {
+      strapi.log.error("[magic-sessionmanager] Error terminating own session:", err);
+      ctx.throw(500, "Error terminating session");
+    }
+  },
   /**
    * Terminate specific session
    * DELETE /magic-sessionmanager/sessions/:sessionId
@@ -1858,7 +2073,7 @@ var session$1 = ({ strapi: strapi2 }) => {
     }
   };
 };
-const version = "4.2.5";
+const version = "4.2.7";
 const require$$2 = {
   version
 };

package/package.json

@@ -1,5 +1,5 @@
 {
-  "version": "4.2.6",
+  "version": "4.2.8",
   "keywords": [
     "strapi",
     "strapi-plugin",