strapi-plugin-magic-sessionmanager 4.2.7 → 4.2.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/dist/server/index.js +85 -58
  2. package/dist/server/index.mjs +85 -58
  3. package/package.json +1 -1
package/dist/server/index.js CHANGED
@@ -179,7 +179,7 @@ function encryptToken$2(token) {
179
179
  throw new Error("Failed to encrypt token");
180
180
  }
181
181
  }
182
- function decryptToken$4(encryptedToken) {
182
+ function decryptToken$3(encryptedToken) {
183
183
  if (!encryptedToken) return null;
184
184
  try {
185
185
  const key = getEncryptionKey();
@@ -206,62 +206,71 @@ function generateSessionId$1(userId) {
206
206
  const userHash = crypto$1.createHash("sha256").update(userId.toString()).digest("hex").substring(0, 8);
207
207
  return `sess_${timestamp}_${userHash}_${randomBytes}`;
208
208
  }
209
+ function hashToken$3(token) {
210
+ if (!token) return null;
211
+ return crypto$1.createHash("sha256").update(token).digest("hex");
212
+ }
209
213
  var encryption = {
210
214
  encryptToken: encryptToken$2,
211
- decryptToken: decryptToken$4,
212
- generateSessionId: generateSessionId$1
215
+ decryptToken: decryptToken$3,
216
+ generateSessionId: generateSessionId$1,
217
+ hashToken: hashToken$3
213
218
  };
214
219
  const SESSION_UID$3 = "plugin::magic-sessionmanager.session";
215
- const { decryptToken: decryptToken$3 } = encryption;
216
- var lastSeen = ({ strapi: strapi2, sessionService }) => {
220
+ const { hashToken: hashToken$2 } = encryption;
221
+ const lastTouchCache = /* @__PURE__ */ new Map();
222
+ var lastSeen = ({ strapi: strapi2 }) => {
217
223
  return async (ctx, next) => {
218
- if (ctx.state.user && ctx.state.user.documentId) {
219
- try {
220
- const userId = ctx.state.user.documentId;
221
- const currentToken = ctx.request.headers.authorization?.replace("Bearer ", "");
222
- if (!currentToken) {
223
- await next();
224
- return;
225
- }
226
- const activeSessions = await strapi2.documents(SESSION_UID$3).findMany({
227
- filters: {
228
- user: { documentId: userId },
229
- isActive: true
230
- }
231
- });
232
- if (!activeSessions || activeSessions.length === 0) {
233
- strapi2.log.info(`[magic-sessionmanager] [BLOCKED] User ${userId} has no active sessions`);
234
- return ctx.unauthorized("All sessions have been terminated. Please login again.");
235
- }
236
- let matchingSession = null;
237
- for (const session2 of activeSessions) {
238
- if (!session2.token) continue;
239
- try {
240
- const decrypted = decryptToken$3(session2.token);
241
- if (decrypted === currentToken) {
242
- matchingSession = session2;
243
- break;
244
- }
245
- } catch (err) {
246
- }
224
+ const currentToken = ctx.request.headers.authorization?.replace("Bearer ", "");
225
+ if (!currentToken) {
226
+ await next();
227
+ return;
228
+ }
229
+ const skipPaths = ["/admin", "/_health", "/favicon.ico"];
230
+ if (skipPaths.some((p) => ctx.path.startsWith(p))) {
231
+ await next();
232
+ return;
233
+ }
234
+ let matchingSession = null;
235
+ try {
236
+ const currentTokenHash = hashToken$2(currentToken);
237
+ matchingSession = await strapi2.documents(SESSION_UID$3).findFirst({
238
+ filters: {
239
+ tokenHash: currentTokenHash,
240
+ isActive: true
241
+ },
242
+ populate: { user: { fields: ["documentId"] } }
243
+ });
244
+ if (matchingSession) {
245
+ ctx.state.sessionId = matchingSession.documentId;
246
+ ctx.state.currentSession = matchingSession;
247
+ if (matchingSession.user?.documentId) {
248
+ ctx.state.sessionUserId = matchingSession.user.documentId;
247
249
  }
248
- if (!matchingSession) {
249
- strapi2.log.info(`[magic-sessionmanager] [BLOCKED] Session for user ${userId} has been terminated`);
250
+ } else {
251
+ if (ctx.state.user && ctx.state.user.documentId) {
252
+ strapi2.log.info(`[magic-sessionmanager] [BLOCKED] Session terminated for user ${ctx.state.user.documentId}`);
250
253
  return ctx.unauthorized("This session has been terminated. Please login again.");
251
254
  }
252
- ctx.state.sessionId = matchingSession.documentId;
253
- ctx.state.currentSession = matchingSession;
254
- } catch (err) {
255
- strapi2.log.debug("[magic-sessionmanager] Error checking session:", err.message);
256
255
  }
256
+ } catch (err) {
257
+ strapi2.log.debug("[magic-sessionmanager] Error checking session:", err.message);
257
258
  }
258
259
  await next();
259
- if (ctx.state.user && ctx.state.user.documentId && ctx.state.sessionId) {
260
+ if (matchingSession) {
260
261
  try {
261
- await sessionService.touch({
262
- userId: ctx.state.user.documentId,
263
- sessionId: ctx.state.sessionId
264
- });
262
+ const config2 = strapi2.config.get("plugin::magic-sessionmanager") || {};
263
+ const rateLimit = config2.lastSeenRateLimit || 3e4;
264
+ const now = Date.now();
265
+ const lastTouch = lastTouchCache.get(matchingSession.documentId) || 0;
266
+ if (now - lastTouch > rateLimit) {
267
+ lastTouchCache.set(matchingSession.documentId, now);
268
+ await strapi2.documents(SESSION_UID$3).update({
269
+ documentId: matchingSession.documentId,
270
+ data: { lastActive: /* @__PURE__ */ new Date() }
271
+ });
272
+ strapi2.log.debug(`[magic-sessionmanager] [TOUCH] Session ${matchingSession.documentId} activity updated`);
273
+ }
265
274
  } catch (err) {
266
275
  strapi2.log.debug("[magic-sessionmanager] Error updating lastSeen:", err.message);
267
276
  }
@@ -269,7 +278,7 @@ var lastSeen = ({ strapi: strapi2, sessionService }) => {
269
278
  };
270
279
  };
271
280
  const getClientIp = getClientIp_1;
272
- const { encryptToken: encryptToken$1, decryptToken: decryptToken$2 } = encryption;
281
+ const { encryptToken: encryptToken$1, decryptToken: decryptToken$2, hashToken: hashToken$1 } = encryption;
273
282
  const { createLogger: createLogger$3 } = logger;
274
283
  const SESSION_UID$2 = "plugin::magic-sessionmanager.session";
275
284
  const USER_UID$2 = "plugin::users-permissions.user";
@@ -553,11 +562,15 @@ var bootstrap$1 = async ({ strapi: strapi2 }) => {
553
562
  if (matchingSession) {
554
563
  const encryptedToken = newAccessToken ? encryptToken$1(newAccessToken) : matchingSession.token;
555
564
  const encryptedRefreshToken = newRefreshToken ? encryptToken$1(newRefreshToken) : matchingSession.refreshToken;
565
+ const newTokenHash = newAccessToken ? hashToken$1(newAccessToken) : matchingSession.tokenHash;
566
+ const newRefreshTokenHash = newRefreshToken ? hashToken$1(newRefreshToken) : matchingSession.refreshTokenHash;
556
567
  await strapi2.documents(SESSION_UID$2).update({
557
568
  documentId: matchingSession.documentId,
558
569
  data: {
559
570
  token: encryptedToken,
571
+ tokenHash: newTokenHash,
560
572
  refreshToken: encryptedRefreshToken,
573
+ refreshTokenHash: newRefreshTokenHash,
561
574
  lastActive: /* @__PURE__ */ new Date()
562
575
  }
563
576
  });
@@ -571,7 +584,7 @@ var bootstrap$1 = async ({ strapi: strapi2 }) => {
571
584
  });
572
585
  log.info("[SUCCESS] Refresh Token interceptor middleware mounted");
573
586
  strapi2.server.use(
574
- lastSeen({ strapi: strapi2, sessionService })
587
+ lastSeen({ strapi: strapi2 })
575
588
  );
576
589
  log.info("[SUCCESS] LastSeen middleware mounted");
577
590
  await ensureContentApiPermissions(strapi2, log);
@@ -707,10 +720,18 @@ const attributes = {
707
720
  type: "text",
708
721
  "private": true
709
722
  },
723
+ tokenHash: {
724
+ type: "string",
725
+ configurable: false
726
+ },
710
727
  refreshToken: {
711
728
  type: "text",
712
729
  "private": true
713
730
  },
731
+ refreshTokenHash: {
732
+ type: "string",
733
+ configurable: false
734
+ },
714
735
  loginTime: {
715
736
  type: "datetime",
716
737
  required: true
@@ -1742,7 +1763,7 @@ var controllers$1 = {
1742
1763
  license,
1743
1764
  settings
1744
1765
  };
1745
- const { encryptToken, decryptToken, generateSessionId } = encryption;
1766
+ const { encryptToken, decryptToken, generateSessionId, hashToken } = encryption;
1746
1767
  const { createLogger: createLogger$1 } = logger;
1747
1768
  const SESSION_UID = "plugin::magic-sessionmanager.session";
1748
1769
  const USER_UID = "plugin::users-permissions.user";
@@ -1760,6 +1781,8 @@ var session$1 = ({ strapi: strapi2 }) => {
1760
1781
  const sessionId = generateSessionId(userId);
1761
1782
  const encryptedToken = token ? encryptToken(token) : null;
1762
1783
  const encryptedRefreshToken = refreshToken ? encryptToken(refreshToken) : null;
1784
+ const tokenHashValue = token ? hashToken(token) : null;
1785
+ const refreshTokenHashValue = refreshToken ? hashToken(refreshToken) : null;
1763
1786
  const session2 = await strapi2.documents(SESSION_UID).create({
1764
1787
  data: {
1765
1788
  user: userId,
@@ -1770,11 +1793,15 @@ var session$1 = ({ strapi: strapi2 }) => {
1770
1793
  lastActive: now,
1771
1794
  isActive: true,
1772
1795
  token: encryptedToken,
1773
- // [SUCCESS] Encrypted Access Token
1796
+ // Encrypted Access Token
1797
+ tokenHash: tokenHashValue,
1798
+ // SHA-256 hash for fast lookup
1774
1799
  refreshToken: encryptedRefreshToken,
1775
- // [SUCCESS] Encrypted Refresh Token
1800
+ // Encrypted Refresh Token
1801
+ refreshTokenHash: refreshTokenHashValue,
1802
+ // SHA-256 hash for fast lookup
1776
1803
  sessionId
1777
- // [SUCCESS] Unique identifier
1804
+ // Unique identifier
1778
1805
  }
1779
1806
  });
1780
1807
  log.info(`[SUCCESS] Session ${session2.documentId} (${sessionId}) created for user ${userId}`);
@@ -1852,9 +1879,9 @@ var session$1 = ({ strapi: strapi2 }) => {
1852
1879
  const lastActiveTime = session2.lastActive ? new Date(session2.lastActive) : new Date(session2.loginTime);
1853
1880
  const timeSinceActive = now - lastActiveTime;
1854
1881
  const isTrulyActive = session2.isActive && timeSinceActive < inactivityTimeout;
1855
- const { token, ...sessionWithoutToken } = session2;
1882
+ const { token, tokenHash, refreshToken, refreshTokenHash, ...safeSession } = session2;
1856
1883
  return {
1857
- ...sessionWithoutToken,
1884
+ ...safeSession,
1858
1885
  isTrulyActive,
1859
1886
  minutesSinceActive: Math.floor(timeSinceActive / 1e3 / 60)
1860
1887
  };
@@ -1883,9 +1910,9 @@ var session$1 = ({ strapi: strapi2 }) => {
1883
1910
  const lastActiveTime = session2.lastActive ? new Date(session2.lastActive) : new Date(session2.loginTime);
1884
1911
  const timeSinceActive = now - lastActiveTime;
1885
1912
  const isTrulyActive = timeSinceActive < inactivityTimeout;
1886
- const { token, ...sessionWithoutToken } = session2;
1913
+ const { token, tokenHash, refreshToken, refreshTokenHash, ...safeSession } = session2;
1887
1914
  return {
1888
- ...sessionWithoutToken,
1915
+ ...safeSession,
1889
1916
  isTrulyActive,
1890
1917
  minutesSinceActive: Math.floor(timeSinceActive / 1e3 / 60)
1891
1918
  };
@@ -1922,9 +1949,9 @@ var session$1 = ({ strapi: strapi2 }) => {
1922
1949
  const lastActiveTime = session2.lastActive ? new Date(session2.lastActive) : new Date(session2.loginTime);
1923
1950
  const timeSinceActive = now - lastActiveTime;
1924
1951
  const isTrulyActive = session2.isActive && timeSinceActive < inactivityTimeout;
1925
- const { token, ...sessionWithoutToken } = session2;
1952
+ const { token, tokenHash, refreshToken, refreshTokenHash, ...safeSession } = session2;
1926
1953
  return {
1927
- ...sessionWithoutToken,
1954
+ ...safeSession,
1928
1955
  isTrulyActive,
1929
1956
  minutesSinceActive: Math.floor(timeSinceActive / 1e3 / 60)
1930
1957
  };
@@ -2041,7 +2068,7 @@ var session$1 = ({ strapi: strapi2 }) => {
2041
2068
  }
2042
2069
  };
2043
2070
  };
2044
- const version = "4.2.7";
2071
+ const version = "4.2.8";
2045
2072
  const require$$2 = {
2046
2073
  version
2047
2074
  };
package/dist/server/index.mjs CHANGED
@@ -175,7 +175,7 @@ function encryptToken$2(token) {
175
175
  throw new Error("Failed to encrypt token");
176
176
  }
177
177
  }
178
- function decryptToken$4(encryptedToken) {
178
+ function decryptToken$3(encryptedToken) {
179
179
  if (!encryptedToken) return null;
180
180
  try {
181
181
  const key = getEncryptionKey();
@@ -202,62 +202,71 @@ function generateSessionId$1(userId) {
202
202
  const userHash = crypto$1.createHash("sha256").update(userId.toString()).digest("hex").substring(0, 8);
203
203
  return `sess_${timestamp}_${userHash}_${randomBytes}`;
204
204
  }
205
+ function hashToken$3(token) {
206
+ if (!token) return null;
207
+ return crypto$1.createHash("sha256").update(token).digest("hex");
208
+ }
205
209
  var encryption = {
206
210
  encryptToken: encryptToken$2,
207
- decryptToken: decryptToken$4,
208
- generateSessionId: generateSessionId$1
211
+ decryptToken: decryptToken$3,
212
+ generateSessionId: generateSessionId$1,
213
+ hashToken: hashToken$3
209
214
  };
210
215
  const SESSION_UID$3 = "plugin::magic-sessionmanager.session";
211
- const { decryptToken: decryptToken$3 } = encryption;
212
- var lastSeen = ({ strapi: strapi2, sessionService }) => {
216
+ const { hashToken: hashToken$2 } = encryption;
217
+ const lastTouchCache = /* @__PURE__ */ new Map();
218
+ var lastSeen = ({ strapi: strapi2 }) => {
213
219
  return async (ctx, next) => {
214
- if (ctx.state.user && ctx.state.user.documentId) {
215
- try {
216
- const userId = ctx.state.user.documentId;
217
- const currentToken = ctx.request.headers.authorization?.replace("Bearer ", "");
218
- if (!currentToken) {
219
- await next();
220
- return;
221
- }
222
- const activeSessions = await strapi2.documents(SESSION_UID$3).findMany({
223
- filters: {
224
- user: { documentId: userId },
225
- isActive: true
226
- }
227
- });
228
- if (!activeSessions || activeSessions.length === 0) {
229
- strapi2.log.info(`[magic-sessionmanager] [BLOCKED] User ${userId} has no active sessions`);
230
- return ctx.unauthorized("All sessions have been terminated. Please login again.");
231
- }
232
- let matchingSession = null;
233
- for (const session2 of activeSessions) {
234
- if (!session2.token) continue;
235
- try {
236
- const decrypted = decryptToken$3(session2.token);
237
- if (decrypted === currentToken) {
238
- matchingSession = session2;
239
- break;
240
- }
241
- } catch (err) {
242
- }
220
+ const currentToken = ctx.request.headers.authorization?.replace("Bearer ", "");
221
+ if (!currentToken) {
222
+ await next();
223
+ return;
224
+ }
225
+ const skipPaths = ["/admin", "/_health", "/favicon.ico"];
226
+ if (skipPaths.some((p) => ctx.path.startsWith(p))) {
227
+ await next();
228
+ return;
229
+ }
230
+ let matchingSession = null;
231
+ try {
232
+ const currentTokenHash = hashToken$2(currentToken);
233
+ matchingSession = await strapi2.documents(SESSION_UID$3).findFirst({
234
+ filters: {
235
+ tokenHash: currentTokenHash,
236
+ isActive: true
237
+ },
238
+ populate: { user: { fields: ["documentId"] } }
239
+ });
240
+ if (matchingSession) {
241
+ ctx.state.sessionId = matchingSession.documentId;
242
+ ctx.state.currentSession = matchingSession;
243
+ if (matchingSession.user?.documentId) {
244
+ ctx.state.sessionUserId = matchingSession.user.documentId;
243
245
  }
244
- if (!matchingSession) {
245
- strapi2.log.info(`[magic-sessionmanager] [BLOCKED] Session for user ${userId} has been terminated`);
246
+ } else {
247
+ if (ctx.state.user && ctx.state.user.documentId) {
248
+ strapi2.log.info(`[magic-sessionmanager] [BLOCKED] Session terminated for user ${ctx.state.user.documentId}`);
246
249
  return ctx.unauthorized("This session has been terminated. Please login again.");
247
250
  }
248
- ctx.state.sessionId = matchingSession.documentId;
249
- ctx.state.currentSession = matchingSession;
250
- } catch (err) {
251
- strapi2.log.debug("[magic-sessionmanager] Error checking session:", err.message);
252
251
  }
252
+ } catch (err) {
253
+ strapi2.log.debug("[magic-sessionmanager] Error checking session:", err.message);
253
254
  }
254
255
  await next();
255
- if (ctx.state.user && ctx.state.user.documentId && ctx.state.sessionId) {
256
+ if (matchingSession) {
256
257
  try {
257
- await sessionService.touch({
258
- userId: ctx.state.user.documentId,
259
- sessionId: ctx.state.sessionId
260
- });
258
+ const config2 = strapi2.config.get("plugin::magic-sessionmanager") || {};
259
+ const rateLimit = config2.lastSeenRateLimit || 3e4;
260
+ const now = Date.now();
261
+ const lastTouch = lastTouchCache.get(matchingSession.documentId) || 0;
262
+ if (now - lastTouch > rateLimit) {
263
+ lastTouchCache.set(matchingSession.documentId, now);
264
+ await strapi2.documents(SESSION_UID$3).update({
265
+ documentId: matchingSession.documentId,
266
+ data: { lastActive: /* @__PURE__ */ new Date() }
267
+ });
268
+ strapi2.log.debug(`[magic-sessionmanager] [TOUCH] Session ${matchingSession.documentId} activity updated`);
269
+ }
261
270
  } catch (err) {
262
271
  strapi2.log.debug("[magic-sessionmanager] Error updating lastSeen:", err.message);
263
272
  }
@@ -265,7 +274,7 @@ var lastSeen = ({ strapi: strapi2, sessionService }) => {
265
274
  };
266
275
  };
267
276
  const getClientIp = getClientIp_1;
268
- const { encryptToken: encryptToken$1, decryptToken: decryptToken$2 } = encryption;
277
+ const { encryptToken: encryptToken$1, decryptToken: decryptToken$2, hashToken: hashToken$1 } = encryption;
269
278
  const { createLogger: createLogger$3 } = logger;
270
279
  const SESSION_UID$2 = "plugin::magic-sessionmanager.session";
271
280
  const USER_UID$2 = "plugin::users-permissions.user";
@@ -549,11 +558,15 @@ var bootstrap$1 = async ({ strapi: strapi2 }) => {
549
558
  if (matchingSession) {
550
559
  const encryptedToken = newAccessToken ? encryptToken$1(newAccessToken) : matchingSession.token;
551
560
  const encryptedRefreshToken = newRefreshToken ? encryptToken$1(newRefreshToken) : matchingSession.refreshToken;
561
+ const newTokenHash = newAccessToken ? hashToken$1(newAccessToken) : matchingSession.tokenHash;
562
+ const newRefreshTokenHash = newRefreshToken ? hashToken$1(newRefreshToken) : matchingSession.refreshTokenHash;
552
563
  await strapi2.documents(SESSION_UID$2).update({
553
564
  documentId: matchingSession.documentId,
554
565
  data: {
555
566
  token: encryptedToken,
567
+ tokenHash: newTokenHash,
556
568
  refreshToken: encryptedRefreshToken,
569
+ refreshTokenHash: newRefreshTokenHash,
557
570
  lastActive: /* @__PURE__ */ new Date()
558
571
  }
559
572
  });
@@ -567,7 +580,7 @@ var bootstrap$1 = async ({ strapi: strapi2 }) => {
567
580
  });
568
581
  log.info("[SUCCESS] Refresh Token interceptor middleware mounted");
569
582
  strapi2.server.use(
570
- lastSeen({ strapi: strapi2, sessionService })
583
+ lastSeen({ strapi: strapi2 })
571
584
  );
572
585
  log.info("[SUCCESS] LastSeen middleware mounted");
573
586
  await ensureContentApiPermissions(strapi2, log);
@@ -703,10 +716,18 @@ const attributes = {
703
716
  type: "text",
704
717
  "private": true
705
718
  },
719
+ tokenHash: {
720
+ type: "string",
721
+ configurable: false
722
+ },
706
723
  refreshToken: {
707
724
  type: "text",
708
725
  "private": true
709
726
  },
727
+ refreshTokenHash: {
728
+ type: "string",
729
+ configurable: false
730
+ },
710
731
  loginTime: {
711
732
  type: "datetime",
712
733
  required: true
@@ -1738,7 +1759,7 @@ var controllers$1 = {
1738
1759
  license,
1739
1760
  settings
1740
1761
  };
1741
- const { encryptToken, decryptToken, generateSessionId } = encryption;
1762
+ const { encryptToken, decryptToken, generateSessionId, hashToken } = encryption;
1742
1763
  const { createLogger: createLogger$1 } = logger;
1743
1764
  const SESSION_UID = "plugin::magic-sessionmanager.session";
1744
1765
  const USER_UID = "plugin::users-permissions.user";
@@ -1756,6 +1777,8 @@ var session$1 = ({ strapi: strapi2 }) => {
1756
1777
  const sessionId = generateSessionId(userId);
1757
1778
  const encryptedToken = token ? encryptToken(token) : null;
1758
1779
  const encryptedRefreshToken = refreshToken ? encryptToken(refreshToken) : null;
1780
+ const tokenHashValue = token ? hashToken(token) : null;
1781
+ const refreshTokenHashValue = refreshToken ? hashToken(refreshToken) : null;
1759
1782
  const session2 = await strapi2.documents(SESSION_UID).create({
1760
1783
  data: {
1761
1784
  user: userId,
@@ -1766,11 +1789,15 @@ var session$1 = ({ strapi: strapi2 }) => {
1766
1789
  lastActive: now,
1767
1790
  isActive: true,
1768
1791
  token: encryptedToken,
1769
- // [SUCCESS] Encrypted Access Token
1792
+ // Encrypted Access Token
1793
+ tokenHash: tokenHashValue,
1794
+ // SHA-256 hash for fast lookup
1770
1795
  refreshToken: encryptedRefreshToken,
1771
- // [SUCCESS] Encrypted Refresh Token
1796
+ // Encrypted Refresh Token
1797
+ refreshTokenHash: refreshTokenHashValue,
1798
+ // SHA-256 hash for fast lookup
1772
1799
  sessionId
1773
- // [SUCCESS] Unique identifier
1800
+ // Unique identifier
1774
1801
  }
1775
1802
  });
1776
1803
  log.info(`[SUCCESS] Session ${session2.documentId} (${sessionId}) created for user ${userId}`);
@@ -1848,9 +1875,9 @@ var session$1 = ({ strapi: strapi2 }) => {
1848
1875
  const lastActiveTime = session2.lastActive ? new Date(session2.lastActive) : new Date(session2.loginTime);
1849
1876
  const timeSinceActive = now - lastActiveTime;
1850
1877
  const isTrulyActive = session2.isActive && timeSinceActive < inactivityTimeout;
1851
- const { token, ...sessionWithoutToken } = session2;
1878
+ const { token, tokenHash, refreshToken, refreshTokenHash, ...safeSession } = session2;
1852
1879
  return {
1853
- ...sessionWithoutToken,
1880
+ ...safeSession,
1854
1881
  isTrulyActive,
1855
1882
  minutesSinceActive: Math.floor(timeSinceActive / 1e3 / 60)
1856
1883
  };
@@ -1879,9 +1906,9 @@ var session$1 = ({ strapi: strapi2 }) => {
1879
1906
  const lastActiveTime = session2.lastActive ? new Date(session2.lastActive) : new Date(session2.loginTime);
1880
1907
  const timeSinceActive = now - lastActiveTime;
1881
1908
  const isTrulyActive = timeSinceActive < inactivityTimeout;
1882
- const { token, ...sessionWithoutToken } = session2;
1909
+ const { token, tokenHash, refreshToken, refreshTokenHash, ...safeSession } = session2;
1883
1910
  return {
1884
- ...sessionWithoutToken,
1911
+ ...safeSession,
1885
1912
  isTrulyActive,
1886
1913
  minutesSinceActive: Math.floor(timeSinceActive / 1e3 / 60)
1887
1914
  };
@@ -1918,9 +1945,9 @@ var session$1 = ({ strapi: strapi2 }) => {
1918
1945
  const lastActiveTime = session2.lastActive ? new Date(session2.lastActive) : new Date(session2.loginTime);
1919
1946
  const timeSinceActive = now - lastActiveTime;
1920
1947
  const isTrulyActive = session2.isActive && timeSinceActive < inactivityTimeout;
1921
- const { token, ...sessionWithoutToken } = session2;
1948
+ const { token, tokenHash, refreshToken, refreshTokenHash, ...safeSession } = session2;
1922
1949
  return {
1923
- ...sessionWithoutToken,
1950
+ ...safeSession,
1924
1951
  isTrulyActive,
1925
1952
  minutesSinceActive: Math.floor(timeSinceActive / 1e3 / 60)
1926
1953
  };
@@ -2037,7 +2064,7 @@ var session$1 = ({ strapi: strapi2 }) => {
2037
2064
  }
2038
2065
  };
2039
2066
  };
2040
- const version = "4.2.7";
2067
+ const version = "4.2.8";
2041
2068
  const require$$2 = {
2042
2069
  version
2043
2070
  };
package/package.json CHANGED
@@ -1,5 +1,5 @@
1
1
  {
2
- "version": "4.2.7",
2
+ "version": "4.2.9",
3
3
  "keywords": [
4
4
  "strapi",
5
5
  "strapi-plugin",