npm - strapi-plugin-magic-sessionmanager - Versions diffs - 4.2.7 → 4.2.8 - Mend

strapi-plugin-magic-sessionmanager 4.2.7 → 4.2.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/server/index.js CHANGED Viewed

@@ -213,16 +213,24 @@ var encryption = {
 };
 const SESSION_UID$3 = "plugin::magic-sessionmanager.session";
 const { decryptToken: decryptToken$3 } = encryption;
+const lastTouchCache = /* @__PURE__ */ new Map();
 var lastSeen = ({ strapi: strapi2, sessionService }) => {
   return async (ctx, next) => {
-    if (ctx.state.user && ctx.state.user.documentId) {
-      try {
-        const userId = ctx.state.user.documentId;
-        const currentToken = ctx.request.headers.authorization?.replace("Bearer ", "");
-        if (!currentToken) {
-          await next();
-          return;
-        }
+    const currentToken = ctx.request.headers.authorization?.replace("Bearer ", "");
+    if (!currentToken) {
+      await next();
+      return;
+    }
+    const skipPaths = ["/admin", "/_health", "/favicon.ico"];
+    if (skipPaths.some((p) => ctx.path.startsWith(p))) {
+      await next();
+      return;
+    }
+    let matchingSession = null;
+    let userId = null;
+    try {
+      if (ctx.state.user && ctx.state.user.documentId) {
+        userId = ctx.state.user.documentId;
         const activeSessions = await strapi2.documents(SESSION_UID$3).findMany({
           filters: {
             user: { documentId: userId },
@@ -233,7 +241,6 @@ var lastSeen = ({ strapi: strapi2, sessionService }) => {
           strapi2.log.info(`[magic-sessionmanager] [BLOCKED] User ${userId} has no active sessions`);
           return ctx.unauthorized("All sessions have been terminated. Please login again.");
         }
-        let matchingSession = null;
         for (const session2 of activeSessions) {
           if (!session2.token) continue;
           try {
@@ -249,19 +256,48 @@ var lastSeen = ({ strapi: strapi2, sessionService }) => {
           strapi2.log.info(`[magic-sessionmanager] [BLOCKED] Session for user ${userId} has been terminated`);
           return ctx.unauthorized("This session has been terminated. Please login again.");
         }
+      } else {
+        const allActiveSessions = await strapi2.documents(SESSION_UID$3).findMany({
+          filters: { isActive: true },
+          populate: { user: { fields: ["documentId"] } },
+          limit: 500
+          // Reasonable limit for performance
+        });
+        for (const session2 of allActiveSessions) {
+          if (!session2.token) continue;
+          try {
+            const decrypted = decryptToken$3(session2.token);
+            if (decrypted === currentToken) {
+              matchingSession = session2;
+              userId = session2.user?.documentId;
+              break;
+            }
+          } catch (err) {
+          }
+        }
+      }
+      if (matchingSession) {
         ctx.state.sessionId = matchingSession.documentId;
         ctx.state.currentSession = matchingSession;
-      } catch (err) {
-        strapi2.log.debug("[magic-sessionmanager] Error checking session:", err.message);
       }
+    } catch (err) {
+      strapi2.log.debug("[magic-sessionmanager] Error checking session:", err.message);
     }
     await next();
-    if (ctx.state.user && ctx.state.user.documentId && ctx.state.sessionId) {
+    if (matchingSession) {
       try {
-        await sessionService.touch({
-          userId: ctx.state.user.documentId,
-          sessionId: ctx.state.sessionId
-        });
+        const config2 = strapi2.config.get("plugin::magic-sessionmanager") || {};
+        const rateLimit = config2.lastSeenRateLimit || 3e4;
+        const now = Date.now();
+        const lastTouch = lastTouchCache.get(matchingSession.documentId) || 0;
+        if (now - lastTouch > rateLimit) {
+          lastTouchCache.set(matchingSession.documentId, now);
+          await strapi2.documents(SESSION_UID$3).update({
+            documentId: matchingSession.documentId,
+            data: { lastActive: /* @__PURE__ */ new Date() }
+          });
+          strapi2.log.debug(`[magic-sessionmanager] [TOUCH] Session ${matchingSession.documentId} activity updated`);
+        }
       } catch (err) {
         strapi2.log.debug("[magic-sessionmanager] Error updating lastSeen:", err.message);
       }

package/dist/server/index.mjs CHANGED Viewed

@@ -209,16 +209,24 @@ var encryption = {
 };
 const SESSION_UID$3 = "plugin::magic-sessionmanager.session";
 const { decryptToken: decryptToken$3 } = encryption;
+const lastTouchCache = /* @__PURE__ */ new Map();
 var lastSeen = ({ strapi: strapi2, sessionService }) => {
   return async (ctx, next) => {
-    if (ctx.state.user && ctx.state.user.documentId) {
-      try {
-        const userId = ctx.state.user.documentId;
-        const currentToken = ctx.request.headers.authorization?.replace("Bearer ", "");
-        if (!currentToken) {
-          await next();
-          return;
-        }
+    const currentToken = ctx.request.headers.authorization?.replace("Bearer ", "");
+    if (!currentToken) {
+      await next();
+      return;
+    }
+    const skipPaths = ["/admin", "/_health", "/favicon.ico"];
+    if (skipPaths.some((p) => ctx.path.startsWith(p))) {
+      await next();
+      return;
+    }
+    let matchingSession = null;
+    let userId = null;
+    try {
+      if (ctx.state.user && ctx.state.user.documentId) {
+        userId = ctx.state.user.documentId;
         const activeSessions = await strapi2.documents(SESSION_UID$3).findMany({
           filters: {
             user: { documentId: userId },
@@ -229,7 +237,6 @@ var lastSeen = ({ strapi: strapi2, sessionService }) => {
           strapi2.log.info(`[magic-sessionmanager] [BLOCKED] User ${userId} has no active sessions`);
           return ctx.unauthorized("All sessions have been terminated. Please login again.");
         }
-        let matchingSession = null;
         for (const session2 of activeSessions) {
           if (!session2.token) continue;
           try {
@@ -245,19 +252,48 @@ var lastSeen = ({ strapi: strapi2, sessionService }) => {
           strapi2.log.info(`[magic-sessionmanager] [BLOCKED] Session for user ${userId} has been terminated`);
           return ctx.unauthorized("This session has been terminated. Please login again.");
         }
+      } else {
+        const allActiveSessions = await strapi2.documents(SESSION_UID$3).findMany({
+          filters: { isActive: true },
+          populate: { user: { fields: ["documentId"] } },
+          limit: 500
+          // Reasonable limit for performance
+        });
+        for (const session2 of allActiveSessions) {
+          if (!session2.token) continue;
+          try {
+            const decrypted = decryptToken$3(session2.token);
+            if (decrypted === currentToken) {
+              matchingSession = session2;
+              userId = session2.user?.documentId;
+              break;
+            }
+          } catch (err) {
+          }
+        }
+      }
+      if (matchingSession) {
         ctx.state.sessionId = matchingSession.documentId;
         ctx.state.currentSession = matchingSession;
-      } catch (err) {
-        strapi2.log.debug("[magic-sessionmanager] Error checking session:", err.message);
       }
+    } catch (err) {
+      strapi2.log.debug("[magic-sessionmanager] Error checking session:", err.message);
     }
     await next();
-    if (ctx.state.user && ctx.state.user.documentId && ctx.state.sessionId) {
+    if (matchingSession) {
       try {
-        await sessionService.touch({
-          userId: ctx.state.user.documentId,
-          sessionId: ctx.state.sessionId
-        });
+        const config2 = strapi2.config.get("plugin::magic-sessionmanager") || {};
+        const rateLimit = config2.lastSeenRateLimit || 3e4;
+        const now = Date.now();
+        const lastTouch = lastTouchCache.get(matchingSession.documentId) || 0;
+        if (now - lastTouch > rateLimit) {
+          lastTouchCache.set(matchingSession.documentId, now);
+          await strapi2.documents(SESSION_UID$3).update({
+            documentId: matchingSession.documentId,
+            data: { lastActive: /* @__PURE__ */ new Date() }
+          });
+          strapi2.log.debug(`[magic-sessionmanager] [TOUCH] Session ${matchingSession.documentId} activity updated`);
+        }
       } catch (err) {
         strapi2.log.debug("[magic-sessionmanager] Error updating lastSeen:", err.message);
       }

package/package.json CHANGED Viewed

@@ -1,5 +1,5 @@
 {
-  "version": "4.2.7",
+  "version": "4.2.8",
   "keywords": [
     "strapi",
     "strapi-plugin",