strapi-plugin-magic-sessionmanager 4.5.1 → 4.5.2

package/dist/_chunks/{Analytics-DQyamHg6.mjs → Analytics--qB2cKuD.mjs}

@@ -4,8 +4,8 @@ import { useFetchClient } from "@strapi/strapi/admin";
 import styled, { css, keyframes } from "styled-components";
 import { Loader, Typography, Box, Flex, Badge } from "@strapi/design-system";
 import { ChartBubble, Crown, User, Clock, Monitor } from "@strapi/icons";
-import { a as pluginId } from "./index-BbbrBv3t.mjs";
-import { u as useLicense } from "./useLicense-Bszkymz3.mjs";
+import { a as pluginId } from "./index-CwxKazpc.mjs";
+import { u as useLicense } from "./useLicense-B9WW9s_d.mjs";
 const theme = {
   shadows: {
     sm: "0 1px 3px 0 rgba(0, 0, 0, 0.1)",

package/dist/_chunks/{Analytics-Cp-WjeV3.js → Analytics-DM4_UffY.js}

@@ -6,8 +6,8 @@ const admin = require("@strapi/strapi/admin");
 const styled = require("styled-components");
 const designSystem = require("@strapi/design-system");
 const icons = require("@strapi/icons");
-const index = require("./index-BRESWp1b.js");
-const useLicense = require("./useLicense-D_wQcoMn.js");
+const index = require("./index-CTxGMDHr.js");
+const useLicense = require("./useLicense-BEbtA_Zo.js");
 const _interopDefault = (e) => e && e.__esModule ? e : { default: e };
 const styled__default = /* @__PURE__ */ _interopDefault(styled);
 const theme = {

package/dist/_chunks/{App-CN4bKWV9.mjs → App-CL5q29Mi.mjs}

@@ -3,10 +3,10 @@ import { useState, useEffect } from "react";
 import { useIntl } from "react-intl";
 import { useFetchClient, useNotification, Page } from "@strapi/strapi/admin";
 import styled, { css, keyframes } from "styled-components";
-import { p as parseUserAgent, a as pluginId$1, g as getTranslation } from "./index-BbbrBv3t.mjs";
+import { p as parseUserAgent, a as pluginId$1, g as getTranslation } from "./index-CwxKazpc.mjs";
 import { Modal, Flex, Box, Typography, Divider, Button, Loader, SingleSelect, SingleSelectOption, Thead, Tr, Th, Tbody, Td, Table, TextInput } from "@strapi/design-system";
 import { Check, Information, Monitor, Server, Clock, Cross, Earth, Shield, Crown, Phone, Download, User, Eye, Trash, Search, Key } from "@strapi/icons";
-import { u as useLicense } from "./useLicense-Bszkymz3.mjs";
+import { u as useLicense } from "./useLicense-B9WW9s_d.mjs";
 import { S as ShowHideButton, T as TertiaryButton, D as DangerButton, I as IconButtonPrimary, a as IconButtonWarning, b as IconButtonDanger } from "./StyledButtons-Cz8oYhmc.mjs";
 import { useNavigate } from "react-router-dom";
 const theme = {

package/dist/_chunks/{App-BvYLeEbF.js → App-DF-VsbDW.js}

@@ -5,10 +5,10 @@ const react = require("react");
 const reactIntl = require("react-intl");
 const admin = require("@strapi/strapi/admin");
 const styled = require("styled-components");
-const index = require("./index-BRESWp1b.js");
+const index = require("./index-CTxGMDHr.js");
 const designSystem = require("@strapi/design-system");
 const icons = require("@strapi/icons");
-const useLicense = require("./useLicense-D_wQcoMn.js");
+const useLicense = require("./useLicense-BEbtA_Zo.js");
 const StyledButtons = require("./StyledButtons-DDuxnYz8.js");
 const reactRouterDom = require("react-router-dom");
 const _interopDefault = (e) => e && e.__esModule ? e : { default: e };

package/dist/_chunks/{License-Bgcm630d.mjs → License-D9piCp34.mjs}

@@ -4,7 +4,7 @@ import { Loader, Box, Alert, Flex, Typography, Button, Badge, Accordion } from "
 import { useFetchClient, useNotification } from "@strapi/strapi/admin";
 import { ArrowClockwise, Duplicate, Download, User, Shield, Sparkle, ChartBubble } from "@strapi/icons";
 import styled, { css, keyframes } from "styled-components";
-import { a as pluginId } from "./index-BbbrBv3t.mjs";
+import { a as pluginId } from "./index-CwxKazpc.mjs";
 const theme = {
   borderRadius: { lg: "12px" }
 };

package/dist/_chunks/{License-DPyeZQWz.js → License-Dmm1d3fQ.js}

@@ -6,7 +6,7 @@ const designSystem = require("@strapi/design-system");
 const admin = require("@strapi/strapi/admin");
 const icons = require("@strapi/icons");
 const styled = require("styled-components");
-const index = require("./index-BRESWp1b.js");
+const index = require("./index-CTxGMDHr.js");
 const _interopDefault = (e) => e && e.__esModule ? e : { default: e };
 const styled__default = /* @__PURE__ */ _interopDefault(styled);
 const theme = {

package/dist/_chunks/{OnlineUsersWidget-E2FA7rGi.mjs → OnlineUsersWidget-DHsthkt0.mjs}

@@ -4,7 +4,7 @@ import { useIntl } from "react-intl";
 import { Box, Typography, Flex, Grid } from "@strapi/design-system";
 import { Check, Cross, Clock, User } from "@strapi/icons";
 import { useFetchClient } from "@strapi/strapi/admin";
-import { g as getTranslation } from "./index-BbbrBv3t.mjs";
+import { g as getTranslation } from "./index-CwxKazpc.mjs";
 const OnlineUsersWidget = () => {
   const { formatMessage } = useIntl();
   const { get } = useFetchClient();

package/dist/_chunks/{OnlineUsersWidget-BYnqhN3O.js → OnlineUsersWidget-KchZ_ScS.js}

@@ -6,7 +6,7 @@ const reactIntl = require("react-intl");
 const designSystem = require("@strapi/design-system");
 const icons = require("@strapi/icons");
 const admin = require("@strapi/strapi/admin");
-const index = require("./index-BRESWp1b.js");
+const index = require("./index-CTxGMDHr.js");
 const OnlineUsersWidget = () => {
   const { formatMessage } = reactIntl.useIntl();
   const { get } = admin.useFetchClient();

package/dist/_chunks/{Settings-Bt6wy131.js → Settings-CUNaxDWk.js}

@@ -7,11 +7,85 @@ const designSystem = require("@strapi/design-system");
 const admin = require("@strapi/strapi/admin");
 const icons = require("@strapi/icons");
 const styled = require("styled-components");
-const index = require("./index-BRESWp1b.js");
-const useLicense = require("./useLicense-D_wQcoMn.js");
+const index = require("./index-CTxGMDHr.js");
+const useLicense = require("./useLicense-BEbtA_Zo.js");
 const StyledButtons = require("./StyledButtons-DDuxnYz8.js");
 const _interopDefault = (e) => e && e.__esModule ? e : { default: e };
 const styled__default = /* @__PURE__ */ _interopDefault(styled);
+const COUNTRIES = [
+  { code: "DE", name: "Germany", flag: "🇩🇪" },
+  { code: "AT", name: "Austria", flag: "🇦🇹" },
+  { code: "CH", name: "Switzerland", flag: "🇨🇭" },
+  { code: "US", name: "United States", flag: "🇺🇸" },
+  { code: "CA", name: "Canada", flag: "🇨🇦" },
+  { code: "MX", name: "Mexico", flag: "🇲🇽" },
+  { code: "GB", name: "United Kingdom", flag: "🇬🇧" },
+  { code: "IE", name: "Ireland", flag: "🇮🇪" },
+  { code: "FR", name: "France", flag: "🇫🇷" },
+  { code: "IT", name: "Italy", flag: "🇮🇹" },
+  { code: "ES", name: "Spain", flag: "🇪🇸" },
+  { code: "PT", name: "Portugal", flag: "🇵🇹" },
+  { code: "NL", name: "Netherlands", flag: "🇳🇱" },
+  { code: "BE", name: "Belgium", flag: "🇧🇪" },
+  { code: "LU", name: "Luxembourg", flag: "🇱🇺" },
+  { code: "SE", name: "Sweden", flag: "🇸🇪" },
+  { code: "NO", name: "Norway", flag: "🇳🇴" },
+  { code: "DK", name: "Denmark", flag: "🇩🇰" },
+  { code: "FI", name: "Finland", flag: "🇫🇮" },
+  { code: "PL", name: "Poland", flag: "🇵🇱" },
+  { code: "CZ", name: "Czech Republic", flag: "🇨🇿" },
+  { code: "SK", name: "Slovakia", flag: "🇸🇰" },
+  { code: "HU", name: "Hungary", flag: "🇭🇺" },
+  { code: "RO", name: "Romania", flag: "🇷🇴" },
+  { code: "BG", name: "Bulgaria", flag: "🇧🇬" },
+  { code: "GR", name: "Greece", flag: "🇬🇷" },
+  { code: "HR", name: "Croatia", flag: "🇭🇷" },
+  { code: "SI", name: "Slovenia", flag: "🇸🇮" },
+  { code: "EE", name: "Estonia", flag: "🇪🇪" },
+  { code: "LV", name: "Latvia", flag: "🇱🇻" },
+  { code: "LT", name: "Lithuania", flag: "🇱🇹" },
+  { code: "IS", name: "Iceland", flag: "🇮🇸" },
+  { code: "TR", name: "Turkey", flag: "🇹🇷" },
+  { code: "RU", name: "Russia", flag: "🇷🇺" },
+  { code: "UA", name: "Ukraine", flag: "🇺🇦" },
+  { code: "BR", name: "Brazil", flag: "🇧🇷" },
+  { code: "AR", name: "Argentina", flag: "🇦🇷" },
+  { code: "CL", name: "Chile", flag: "🇨🇱" },
+  { code: "CO", name: "Colombia", flag: "🇨🇴" },
+  { code: "AU", name: "Australia", flag: "🇦🇺" },
+  { code: "NZ", name: "New Zealand", flag: "🇳🇿" },
+  { code: "JP", name: "Japan", flag: "🇯🇵" },
+  { code: "KR", name: "South Korea", flag: "🇰🇷" },
+  { code: "CN", name: "China", flag: "🇨🇳" },
+  { code: "HK", name: "Hong Kong", flag: "🇭🇰" },
+  { code: "TW", name: "Taiwan", flag: "🇹🇼" },
+  { code: "SG", name: "Singapore", flag: "🇸🇬" },
+  { code: "IN", name: "India", flag: "🇮🇳" },
+  { code: "ID", name: "Indonesia", flag: "🇮🇩" },
+  { code: "TH", name: "Thailand", flag: "🇹🇭" },
+  { code: "VN", name: "Vietnam", flag: "🇻🇳" },
+  { code: "PH", name: "Philippines", flag: "🇵🇭" },
+  { code: "MY", name: "Malaysia", flag: "🇲🇾" },
+  { code: "AE", name: "United Arab Emirates", flag: "🇦🇪" },
+  { code: "SA", name: "Saudi Arabia", flag: "🇸🇦" },
+  { code: "IL", name: "Israel", flag: "🇮🇱" },
+  { code: "EG", name: "Egypt", flag: "🇪🇬" },
+  { code: "ZA", name: "South Africa", flag: "🇿🇦" },
+  { code: "NG", name: "Nigeria", flag: "🇳🇬" },
+  { code: "KE", name: "Kenya", flag: "🇰🇪" },
+  { code: "MA", name: "Morocco", flag: "🇲🇦" }
+];
+const normalizeCountryCode = (raw) => {
+  if (typeof raw !== "string") return null;
+  const up = raw.trim().toUpperCase();
+  if (!/^[A-Z]{2}$/.test(up)) return null;
+  return up;
+};
+const formatCountry = (code) => {
+  if (!code) return "";
+  const match = COUNTRIES.find((c) => c.code === code);
+  return match ? `${match.flag} ${match.name} (${match.code})` : code;
+};
 const theme = {
   borderRadius: { md: "8px", lg: "12px" }
 };
@@ -331,6 +405,167 @@ const generateSecureKey = () => {
   }
   return key;
 };
+const GeofencingPanel = ({ settings, handleChange, t }) => {
+  const [pendingCode, setPendingCode] = react.useState("");
+  const mode = (() => {
+    if (Array.isArray(settings.allowedCountries) && settings.allowedCountries.length > 0) {
+      return "allowlist";
+    }
+    if (Array.isArray(settings.blockedCountries) && settings.blockedCountries.length > 0) {
+      return "blocklist";
+    }
+    return "allowlist";
+  })();
+  const activeField = mode === "allowlist" ? "allowedCountries" : "blockedCountries";
+  const activeList = Array.isArray(settings[activeField]) ? settings[activeField] : [];
+  const setMode = (newMode) => {
+    if (newMode === mode) return;
+    if (newMode === "allowlist") {
+      handleChange("blockedCountries", []);
+    } else {
+      handleChange("allowedCountries", []);
+    }
+  };
+  const addCode = (raw) => {
+    const code = normalizeCountryCode(raw);
+    if (!code) return;
+    if (activeList.includes(code)) return;
+    handleChange(activeField, [...activeList, code]);
+    setPendingCode("");
+  };
+  const removeCode = (code) => {
+    handleChange(activeField, activeList.filter((c) => c !== code));
+  };
+  return /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Grid.Root, { gap: 5, children: [
+    /* @__PURE__ */ jsxRuntime.jsx(designSystem.Grid.Item, { col: 12, children: /* @__PURE__ */ jsxRuntime.jsx(
+      designSystem.Box,
+      {
+        padding: 3,
+        background: settings.enableGeofencing ? "success100" : "neutral100",
+        hasRadius: true,
+        style: { borderLeft: `4px solid ${settings.enableGeofencing ? "#16A34A" : "#9CA3AF"}` },
+        children: /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Flex, { justifyContent: "space-between", alignItems: "center", children: [
+          /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Box, { children: [
+            /* @__PURE__ */ jsxRuntime.jsx(designSystem.Typography, { variant: "delta", style: { display: "block", marginBottom: "4px" }, children: t("settings.geofencing.enable.title", "Enable Geofencing") }),
+            /* @__PURE__ */ jsxRuntime.jsx(designSystem.Typography, { variant: "pi", textColor: "neutral600", style: { fontSize: "12px" }, children: t(
+              "settings.geofencing.enable.description",
+              "When enabled, the pre-login guard compares the caller's country against the configured list and rejects logins that do not match."
+            ) })
+          ] }),
+          /* @__PURE__ */ jsxRuntime.jsx(
+            designSystem.Toggle,
+            {
+              onLabel: "On",
+              offLabel: "Off",
+              checked: !!settings.enableGeofencing,
+              onChange: () => handleChange("enableGeofencing", !settings.enableGeofencing)
+            }
+          )
+        ] })
+      }
+    ) }),
+    /* @__PURE__ */ jsxRuntime.jsx(designSystem.Grid.Item, { col: 12, children: /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Box, { children: [
+      /* @__PURE__ */ jsxRuntime.jsx(designSystem.Typography, { variant: "pi", fontWeight: "bold", style: { marginBottom: "8px", display: "block" }, children: t("settings.geofencing.mode.title", "Mode") }),
+      /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Flex, { gap: 2, children: [
+        /* @__PURE__ */ jsxRuntime.jsx(
+          designSystem.Button,
+          {
+            variant: mode === "allowlist" ? "default" : "tertiary",
+            onClick: () => setMode("allowlist"),
+            disabled: !settings.enableGeofencing,
+            children: t("settings.geofencing.mode.allowlist", "Allowlist (only selected countries)")
+          }
+        ),
+        /* @__PURE__ */ jsxRuntime.jsx(
+          designSystem.Button,
+          {
+            variant: mode === "blocklist" ? "default" : "tertiary",
+            onClick: () => setMode("blocklist"),
+            disabled: !settings.enableGeofencing,
+            children: t("settings.geofencing.mode.blocklist", "Blocklist (block selected countries)")
+          }
+        )
+      ] }),
+      /* @__PURE__ */ jsxRuntime.jsx(designSystem.Typography, { variant: "pi", textColor: "neutral600", style: { fontSize: "11px", marginTop: "8px" }, children: mode === "allowlist" ? t(
+        "settings.geofencing.mode.allowlist.hint",
+        "Only countries in the list may authenticate. Empty list = no geo restriction."
+      ) : t(
+        "settings.geofencing.mode.blocklist.hint",
+        "Every country EXCEPT those in the list may authenticate."
+      ) })
+    ] }) }),
+    /* @__PURE__ */ jsxRuntime.jsx(designSystem.Grid.Item, { col: 12, children: /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Box, { children: [
+      /* @__PURE__ */ jsxRuntime.jsx(designSystem.Typography, { variant: "pi", fontWeight: "bold", style: { marginBottom: "8px", display: "block" }, children: mode === "allowlist" ? t("settings.geofencing.allowed.title", "Allowed Countries") : t("settings.geofencing.blocked.title", "Blocked Countries") }),
+      /* @__PURE__ */ jsxRuntime.jsx(designSystem.Flex, { gap: 2, wrap: "wrap", style: { marginBottom: "12px", minHeight: "36px" }, children: activeList.length === 0 ? /* @__PURE__ */ jsxRuntime.jsx(designSystem.Typography, { variant: "pi", textColor: "neutral500", children: t("settings.geofencing.empty", "No countries configured.") }) : activeList.map((code) => /* @__PURE__ */ jsxRuntime.jsxs(
+        designSystem.Badge,
+        {
+          onClick: settings.enableGeofencing ? () => removeCode(code) : void 0,
+          style: {
+            cursor: settings.enableGeofencing ? "pointer" : "not-allowed",
+            padding: "6px 10px",
+            background: mode === "allowlist" ? "#DCFCE7" : "#FEE2E2",
+            color: mode === "allowlist" ? "#15803D" : "#B91C1C"
+          },
+          children: [
+            formatCountry(code),
+            settings.enableGeofencing ? "  ✕" : ""
+          ]
+        },
+        code
+      )) }),
+      /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Flex, { gap: 2, children: [
+        /* @__PURE__ */ jsxRuntime.jsx(designSystem.Box, { style: { flex: 1 }, children: /* @__PURE__ */ jsxRuntime.jsx(
+          designSystem.SingleSelect,
+          {
+            disabled: !settings.enableGeofencing,
+            value: pendingCode || "",
+            onChange: (value) => {
+              setPendingCode(value);
+              if (value) addCode(value);
+            },
+            placeholder: t("settings.geofencing.pick", "Pick a country to add…"),
+            children: COUNTRIES.filter((c) => !activeList.includes(c.code)).map((c) => /* @__PURE__ */ jsxRuntime.jsxs(designSystem.SingleSelectOption, { value: c.code, children: [
+              c.flag,
+              " ",
+              c.name,
+              " (",
+              c.code,
+              ")"
+            ] }, c.code))
+          }
+        ) }),
+        /* @__PURE__ */ jsxRuntime.jsx(
+          designSystem.TextInput,
+          {
+            disabled: !settings.enableGeofencing,
+            placeholder: t("settings.geofencing.manual", "Or type ISO-2 (e.g. JP)"),
+            value: pendingCode.length <= 2 ? pendingCode : "",
+            onChange: (e) => setPendingCode(e.target.value.toUpperCase().slice(0, 2)),
+            style: { width: "180px" }
+          }
+        ),
+        /* @__PURE__ */ jsxRuntime.jsx(
+          designSystem.Button,
+          {
+            disabled: !settings.enableGeofencing || !normalizeCountryCode(pendingCode),
+            onClick: () => addCode(pendingCode),
+            children: t("settings.geofencing.add", "Add")
+          }
+        )
+      ] })
+    ] }) }),
+    !settings.enableGeofencing && /* @__PURE__ */ jsxRuntime.jsx(designSystem.Grid.Item, { col: 12, children: /* @__PURE__ */ jsxRuntime.jsx(designSystem.Alert, { variant: "default", closeLabel: "", title: "", onClose: () => {
+    }, children: t(
+      "settings.geofencing.disabled",
+      "Geofencing is currently disabled. Enable it above to enforce the configured country list."
+    ) }) }),
+    settings.enableGeofencing && !settings.enableGeolocation && /* @__PURE__ */ jsxRuntime.jsx(designSystem.Grid.Item, { col: 12, children: /* @__PURE__ */ jsxRuntime.jsx(designSystem.Alert, { variant: "warning", closeLabel: "", title: "", onClose: () => {
+    }, children: t(
+      "settings.geofencing.needsGeolocation",
+      "Geofencing requires Geolocation to be enabled (Security tab)."
+    ) }) })
+  ] });
+};
 const SettingsPage = () => {
   const { formatMessage } = reactIntl.useIntl();
   const { get, post, put } = admin.useFetchClient();
@@ -1059,6 +1294,24 @@ const SettingsPage = () => {
             ] }) }) })
           ] }) })
         ] }),
+        /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Accordion.Item, { value: "geofencing", children: [
+          /* @__PURE__ */ jsxRuntime.jsx(designSystem.Accordion.Header, { children: /* @__PURE__ */ jsxRuntime.jsx(
+            designSystem.Accordion.Trigger,
+            {
+              icon: icons.Shield,
+              description: t("settings.geofencing.description", "Allow or block sign-ins by country"),
+              children: t("settings.geofencing.title", "Geofencing")
+            }
+          ) }),
+          /* @__PURE__ */ jsxRuntime.jsx(designSystem.Accordion.Content, { children: /* @__PURE__ */ jsxRuntime.jsx(designSystem.Box, { padding: 6, children: /* @__PURE__ */ jsxRuntime.jsx(
+            GeofencingPanel,
+            {
+              settings,
+              handleChange,
+              t
+            }
+          ) }) })
+        ] }),
         isAdvanced && /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Accordion.Item, { value: "email", children: [
           /* @__PURE__ */ jsxRuntime.jsx(designSystem.Accordion.Header, { children: /* @__PURE__ */ jsxRuntime.jsx(
             designSystem.Accordion.Trigger,

package/dist/_chunks/{Settings-D9N7m11p.mjs → Settings-D6ILgR9X.mjs}

@@ -5,9 +5,83 @@ import { Flex, Loader, Typography, Button, Box, Badge, Accordion, Grid, SingleSe
 import { useFetchClient, useNotification } from "@strapi/strapi/admin";
 import { Check, Information, Cog, Trash, Shield, Code, Duplicate, Clock, Mail } from "@strapi/icons";
 import styled, { css, keyframes } from "styled-components";
-import { a as pluginId, g as getTranslation } from "./index-BbbrBv3t.mjs";
-import { u as useLicense } from "./useLicense-Bszkymz3.mjs";
+import { a as pluginId, g as getTranslation } from "./index-CwxKazpc.mjs";
+import { u as useLicense } from "./useLicense-B9WW9s_d.mjs";
 import { D as DangerButton, S as ShowHideButton, G as GradientButton, C as CopyButton, T as TertiaryButton, c as SecondaryButton } from "./StyledButtons-Cz8oYhmc.mjs";
+const COUNTRIES = [
+  { code: "DE", name: "Germany", flag: "🇩🇪" },
+  { code: "AT", name: "Austria", flag: "🇦🇹" },
+  { code: "CH", name: "Switzerland", flag: "🇨🇭" },
+  { code: "US", name: "United States", flag: "🇺🇸" },
+  { code: "CA", name: "Canada", flag: "🇨🇦" },
+  { code: "MX", name: "Mexico", flag: "🇲🇽" },
+  { code: "GB", name: "United Kingdom", flag: "🇬🇧" },
+  { code: "IE", name: "Ireland", flag: "🇮🇪" },
+  { code: "FR", name: "France", flag: "🇫🇷" },
+  { code: "IT", name: "Italy", flag: "🇮🇹" },
+  { code: "ES", name: "Spain", flag: "🇪🇸" },
+  { code: "PT", name: "Portugal", flag: "🇵🇹" },
+  { code: "NL", name: "Netherlands", flag: "🇳🇱" },
+  { code: "BE", name: "Belgium", flag: "🇧🇪" },
+  { code: "LU", name: "Luxembourg", flag: "🇱🇺" },
+  { code: "SE", name: "Sweden", flag: "🇸🇪" },
+  { code: "NO", name: "Norway", flag: "🇳🇴" },
+  { code: "DK", name: "Denmark", flag: "🇩🇰" },
+  { code: "FI", name: "Finland", flag: "🇫🇮" },
+  { code: "PL", name: "Poland", flag: "🇵🇱" },
+  { code: "CZ", name: "Czech Republic", flag: "🇨🇿" },
+  { code: "SK", name: "Slovakia", flag: "🇸🇰" },
+  { code: "HU", name: "Hungary", flag: "🇭🇺" },
+  { code: "RO", name: "Romania", flag: "🇷🇴" },
+  { code: "BG", name: "Bulgaria", flag: "🇧🇬" },
+  { code: "GR", name: "Greece", flag: "🇬🇷" },
+  { code: "HR", name: "Croatia", flag: "🇭🇷" },
+  { code: "SI", name: "Slovenia", flag: "🇸🇮" },
+  { code: "EE", name: "Estonia", flag: "🇪🇪" },
+  { code: "LV", name: "Latvia", flag: "🇱🇻" },
+  { code: "LT", name: "Lithuania", flag: "🇱🇹" },
+  { code: "IS", name: "Iceland", flag: "🇮🇸" },
+  { code: "TR", name: "Turkey", flag: "🇹🇷" },
+  { code: "RU", name: "Russia", flag: "🇷🇺" },
+  { code: "UA", name: "Ukraine", flag: "🇺🇦" },
+  { code: "BR", name: "Brazil", flag: "🇧🇷" },
+  { code: "AR", name: "Argentina", flag: "🇦🇷" },
+  { code: "CL", name: "Chile", flag: "🇨🇱" },
+  { code: "CO", name: "Colombia", flag: "🇨🇴" },
+  { code: "AU", name: "Australia", flag: "🇦🇺" },
+  { code: "NZ", name: "New Zealand", flag: "🇳🇿" },
+  { code: "JP", name: "Japan", flag: "🇯🇵" },
+  { code: "KR", name: "South Korea", flag: "🇰🇷" },
+  { code: "CN", name: "China", flag: "🇨🇳" },
+  { code: "HK", name: "Hong Kong", flag: "🇭🇰" },
+  { code: "TW", name: "Taiwan", flag: "🇹🇼" },
+  { code: "SG", name: "Singapore", flag: "🇸🇬" },
+  { code: "IN", name: "India", flag: "🇮🇳" },
+  { code: "ID", name: "Indonesia", flag: "🇮🇩" },
+  { code: "TH", name: "Thailand", flag: "🇹🇭" },
+  { code: "VN", name: "Vietnam", flag: "🇻🇳" },
+  { code: "PH", name: "Philippines", flag: "🇵🇭" },
+  { code: "MY", name: "Malaysia", flag: "🇲🇾" },
+  { code: "AE", name: "United Arab Emirates", flag: "🇦🇪" },
+  { code: "SA", name: "Saudi Arabia", flag: "🇸🇦" },
+  { code: "IL", name: "Israel", flag: "🇮🇱" },
+  { code: "EG", name: "Egypt", flag: "🇪🇬" },
+  { code: "ZA", name: "South Africa", flag: "🇿🇦" },
+  { code: "NG", name: "Nigeria", flag: "🇳🇬" },
+  { code: "KE", name: "Kenya", flag: "🇰🇪" },
+  { code: "MA", name: "Morocco", flag: "🇲🇦" }
+];
+const normalizeCountryCode = (raw) => {
+  if (typeof raw !== "string") return null;
+  const up = raw.trim().toUpperCase();
+  if (!/^[A-Z]{2}$/.test(up)) return null;
+  return up;
+};
+const formatCountry = (code) => {
+  if (!code) return "";
+  const match = COUNTRIES.find((c) => c.code === code);
+  return match ? `${match.flag} ${match.name} (${match.code})` : code;
+};
 const theme = {
   borderRadius: { md: "8px", lg: "12px" }
 };
@@ -327,6 +401,167 @@ const generateSecureKey = () => {
   }
   return key;
 };
+const GeofencingPanel = ({ settings, handleChange, t }) => {
+  const [pendingCode, setPendingCode] = useState("");
+  const mode = (() => {
+    if (Array.isArray(settings.allowedCountries) && settings.allowedCountries.length > 0) {
+      return "allowlist";
+    }
+    if (Array.isArray(settings.blockedCountries) && settings.blockedCountries.length > 0) {
+      return "blocklist";
+    }
+    return "allowlist";
+  })();
+  const activeField = mode === "allowlist" ? "allowedCountries" : "blockedCountries";
+  const activeList = Array.isArray(settings[activeField]) ? settings[activeField] : [];
+  const setMode = (newMode) => {
+    if (newMode === mode) return;
+    if (newMode === "allowlist") {
+      handleChange("blockedCountries", []);
+    } else {
+      handleChange("allowedCountries", []);
+    }
+  };
+  const addCode = (raw) => {
+    const code = normalizeCountryCode(raw);
+    if (!code) return;
+    if (activeList.includes(code)) return;
+    handleChange(activeField, [...activeList, code]);
+    setPendingCode("");
+  };
+  const removeCode = (code) => {
+    handleChange(activeField, activeList.filter((c) => c !== code));
+  };
+  return /* @__PURE__ */ jsxs(Grid.Root, { gap: 5, children: [
+    /* @__PURE__ */ jsx(Grid.Item, { col: 12, children: /* @__PURE__ */ jsx(
+      Box,
+      {
+        padding: 3,
+        background: settings.enableGeofencing ? "success100" : "neutral100",
+        hasRadius: true,
+        style: { borderLeft: `4px solid ${settings.enableGeofencing ? "#16A34A" : "#9CA3AF"}` },
+        children: /* @__PURE__ */ jsxs(Flex, { justifyContent: "space-between", alignItems: "center", children: [
+          /* @__PURE__ */ jsxs(Box, { children: [
+            /* @__PURE__ */ jsx(Typography, { variant: "delta", style: { display: "block", marginBottom: "4px" }, children: t("settings.geofencing.enable.title", "Enable Geofencing") }),
+            /* @__PURE__ */ jsx(Typography, { variant: "pi", textColor: "neutral600", style: { fontSize: "12px" }, children: t(
+              "settings.geofencing.enable.description",
+              "When enabled, the pre-login guard compares the caller's country against the configured list and rejects logins that do not match."
+            ) })
+          ] }),
+          /* @__PURE__ */ jsx(
+            Toggle,
+            {
+              onLabel: "On",
+              offLabel: "Off",
+              checked: !!settings.enableGeofencing,
+              onChange: () => handleChange("enableGeofencing", !settings.enableGeofencing)
+            }
+          )
+        ] })
+      }
+    ) }),
+    /* @__PURE__ */ jsx(Grid.Item, { col: 12, children: /* @__PURE__ */ jsxs(Box, { children: [
+      /* @__PURE__ */ jsx(Typography, { variant: "pi", fontWeight: "bold", style: { marginBottom: "8px", display: "block" }, children: t("settings.geofencing.mode.title", "Mode") }),
+      /* @__PURE__ */ jsxs(Flex, { gap: 2, children: [
+        /* @__PURE__ */ jsx(
+          Button,
+          {
+            variant: mode === "allowlist" ? "default" : "tertiary",
+            onClick: () => setMode("allowlist"),
+            disabled: !settings.enableGeofencing,
+            children: t("settings.geofencing.mode.allowlist", "Allowlist (only selected countries)")
+          }
+        ),
+        /* @__PURE__ */ jsx(
+          Button,
+          {
+            variant: mode === "blocklist" ? "default" : "tertiary",
+            onClick: () => setMode("blocklist"),
+            disabled: !settings.enableGeofencing,
+            children: t("settings.geofencing.mode.blocklist", "Blocklist (block selected countries)")
+          }
+        )
+      ] }),
+      /* @__PURE__ */ jsx(Typography, { variant: "pi", textColor: "neutral600", style: { fontSize: "11px", marginTop: "8px" }, children: mode === "allowlist" ? t(
+        "settings.geofencing.mode.allowlist.hint",
+        "Only countries in the list may authenticate. Empty list = no geo restriction."
+      ) : t(
+        "settings.geofencing.mode.blocklist.hint",
+        "Every country EXCEPT those in the list may authenticate."
+      ) })
+    ] }) }),
+    /* @__PURE__ */ jsx(Grid.Item, { col: 12, children: /* @__PURE__ */ jsxs(Box, { children: [
+      /* @__PURE__ */ jsx(Typography, { variant: "pi", fontWeight: "bold", style: { marginBottom: "8px", display: "block" }, children: mode === "allowlist" ? t("settings.geofencing.allowed.title", "Allowed Countries") : t("settings.geofencing.blocked.title", "Blocked Countries") }),
+      /* @__PURE__ */ jsx(Flex, { gap: 2, wrap: "wrap", style: { marginBottom: "12px", minHeight: "36px" }, children: activeList.length === 0 ? /* @__PURE__ */ jsx(Typography, { variant: "pi", textColor: "neutral500", children: t("settings.geofencing.empty", "No countries configured.") }) : activeList.map((code) => /* @__PURE__ */ jsxs(
+        Badge,
+        {
+          onClick: settings.enableGeofencing ? () => removeCode(code) : void 0,
+          style: {
+            cursor: settings.enableGeofencing ? "pointer" : "not-allowed",
+            padding: "6px 10px",
+            background: mode === "allowlist" ? "#DCFCE7" : "#FEE2E2",
+            color: mode === "allowlist" ? "#15803D" : "#B91C1C"
+          },
+          children: [
+            formatCountry(code),
+            settings.enableGeofencing ? "  ✕" : ""
+          ]
+        },
+        code
+      )) }),
+      /* @__PURE__ */ jsxs(Flex, { gap: 2, children: [
+        /* @__PURE__ */ jsx(Box, { style: { flex: 1 }, children: /* @__PURE__ */ jsx(
+          SingleSelect,
+          {
+            disabled: !settings.enableGeofencing,
+            value: pendingCode || "",
+            onChange: (value) => {
+              setPendingCode(value);
+              if (value) addCode(value);
+            },
+            placeholder: t("settings.geofencing.pick", "Pick a country to add…"),
+            children: COUNTRIES.filter((c) => !activeList.includes(c.code)).map((c) => /* @__PURE__ */ jsxs(SingleSelectOption, { value: c.code, children: [
+              c.flag,
+              " ",
+              c.name,
+              " (",
+              c.code,
+              ")"
+            ] }, c.code))
+          }
+        ) }),
+        /* @__PURE__ */ jsx(
+          TextInput,
+          {
+            disabled: !settings.enableGeofencing,
+            placeholder: t("settings.geofencing.manual", "Or type ISO-2 (e.g. JP)"),
+            value: pendingCode.length <= 2 ? pendingCode : "",
+            onChange: (e) => setPendingCode(e.target.value.toUpperCase().slice(0, 2)),
+            style: { width: "180px" }
+          }
+        ),
+        /* @__PURE__ */ jsx(
+          Button,
+          {
+            disabled: !settings.enableGeofencing || !normalizeCountryCode(pendingCode),
+            onClick: () => addCode(pendingCode),
+            children: t("settings.geofencing.add", "Add")
+          }
+        )
+      ] })
+    ] }) }),
+    !settings.enableGeofencing && /* @__PURE__ */ jsx(Grid.Item, { col: 12, children: /* @__PURE__ */ jsx(Alert, { variant: "default", closeLabel: "", title: "", onClose: () => {
+    }, children: t(
+      "settings.geofencing.disabled",
+      "Geofencing is currently disabled. Enable it above to enforce the configured country list."
+    ) }) }),
+    settings.enableGeofencing && !settings.enableGeolocation && /* @__PURE__ */ jsx(Grid.Item, { col: 12, children: /* @__PURE__ */ jsx(Alert, { variant: "warning", closeLabel: "", title: "", onClose: () => {
+    }, children: t(
+      "settings.geofencing.needsGeolocation",
+      "Geofencing requires Geolocation to be enabled (Security tab)."
+    ) }) })
+  ] });
+};
 const SettingsPage = () => {
   const { formatMessage } = useIntl();
   const { get, post, put } = useFetchClient();
@@ -1055,6 +1290,24 @@ const SettingsPage = () => {
             ] }) }) })
           ] }) })
         ] }),
+        /* @__PURE__ */ jsxs(Accordion.Item, { value: "geofencing", children: [
+          /* @__PURE__ */ jsx(Accordion.Header, { children: /* @__PURE__ */ jsx(
+            Accordion.Trigger,
+            {
+              icon: Shield,
+              description: t("settings.geofencing.description", "Allow or block sign-ins by country"),
+              children: t("settings.geofencing.title", "Geofencing")
+            }
+          ) }),
+          /* @__PURE__ */ jsx(Accordion.Content, { children: /* @__PURE__ */ jsx(Box, { padding: 6, children: /* @__PURE__ */ jsx(
+            GeofencingPanel,
+            {
+              settings,
+              handleChange,
+              t
+            }
+          ) }) })
+        ] }),
         isAdvanced && /* @__PURE__ */ jsxs(Accordion.Item, { value: "email", children: [
           /* @__PURE__ */ jsx(Accordion.Header, { children: /* @__PURE__ */ jsx(
             Accordion.Trigger,

package/dist/_chunks/{UpgradePage-DM23ZYVa.mjs → UpgradePage-D697BVWo.mjs}

@@ -4,7 +4,7 @@ import { useFetchClient, useNotification } from "@strapi/strapi/admin";
 import styled from "styled-components";
 import { Flex, Typography, Box, Badge, Button } from "@strapi/design-system";
 import { Check, Cross, Sparkle, Lightning, Rocket } from "@strapi/icons";
-import { a as pluginId } from "./index-BbbrBv3t.mjs";
+import { a as pluginId } from "./index-CwxKazpc.mjs";
 const Container = styled(Box)`
   padding: 32px;
   max-width: 1400px;

package/dist/_chunks/{UpgradePage-Bh21Lg-G.js → UpgradePage-Dwrv7g8L.js}

@@ -6,7 +6,7 @@ const admin = require("@strapi/strapi/admin");
 const styled = require("styled-components");
 const designSystem = require("@strapi/design-system");
 const icons = require("@strapi/icons");
-const index = require("./index-BRESWp1b.js");
+const index = require("./index-CTxGMDHr.js");
 const _interopDefault = (e) => e && e.__esModule ? e : { default: e };
 const styled__default = /* @__PURE__ */ _interopDefault(styled);
 const Container = styled__default.default(designSystem.Box)`

package/dist/_chunks/{index-BRESWp1b.js → index-CTxGMDHr.js}

@@ -444,7 +444,7 @@ const index = {
         id: `${pluginId}.plugin.name`,
         defaultMessage: pluginPkg.strapi.displayName
       },
-      Component: () => Promise.resolve().then(() => require("./App-BvYLeEbF.js")),
+      Component: () => Promise.resolve().then(() => require("./App-DF-VsbDW.js")),
       permissions: pluginPermissions
     });
     app.createSettingSection(
@@ -461,7 +461,7 @@ const index = {
           },
           id: "upgrade",
           to: `${pluginId}/upgrade`,
-          Component: () => Promise.resolve().then(() => require("./UpgradePage-Bh21Lg-G.js")),
+          Component: () => Promise.resolve().then(() => require("./UpgradePage-Dwrv7g8L.js")),
           permissions: pluginPermissions
         },
         {
@@ -471,7 +471,7 @@ const index = {
           },
           id: "general",
           to: `${pluginId}/general`,
-          Component: () => Promise.resolve().then(() => require("./Settings-Bt6wy131.js")),
+          Component: () => Promise.resolve().then(() => require("./Settings-CUNaxDWk.js")),
           permissions: pluginPermissions
         },
         {
@@ -481,7 +481,7 @@ const index = {
           },
           id: "analytics",
           to: `${pluginId}/analytics`,
-          Component: () => Promise.resolve().then(() => require("./Analytics-Cp-WjeV3.js")),
+          Component: () => Promise.resolve().then(() => require("./Analytics-DM4_UffY.js")),
           permissions: pluginPermissions
         },
         {
@@ -491,7 +491,7 @@ const index = {
           },
           id: "license",
           to: `${pluginId}/license`,
-          Component: () => Promise.resolve().then(() => require("./License-DPyeZQWz.js")),
+          Component: () => Promise.resolve().then(() => require("./License-Dmm1d3fQ.js")),
           permissions: pluginPermissions
         }
       ]
@@ -510,7 +510,7 @@ const index = {
           defaultMessage: "Online Users"
         },
         component: async () => {
-          const component = await Promise.resolve().then(() => require("./OnlineUsersWidget-BYnqhN3O.js"));
+          const component = await Promise.resolve().then(() => require("./OnlineUsersWidget-KchZ_ScS.js"));
           return component.default;
         },
         id: "online-users-widget",

package/dist/_chunks/{index-BbbrBv3t.mjs → index-CwxKazpc.mjs}

@@ -441,7 +441,7 @@ const index = {
         id: `${pluginId}.plugin.name`,
         defaultMessage: pluginPkg.strapi.displayName
       },
-      Component: () => import("./App-CN4bKWV9.mjs"),
+      Component: () => import("./App-CL5q29Mi.mjs"),
       permissions: pluginPermissions
     });
     app.createSettingSection(
@@ -458,7 +458,7 @@ const index = {
           },
           id: "upgrade",
           to: `${pluginId}/upgrade`,
-          Component: () => import("./UpgradePage-DM23ZYVa.mjs"),
+          Component: () => import("./UpgradePage-D697BVWo.mjs"),
           permissions: pluginPermissions
         },
         {
@@ -468,7 +468,7 @@ const index = {
           },
           id: "general",
           to: `${pluginId}/general`,
-          Component: () => import("./Settings-D9N7m11p.mjs"),
+          Component: () => import("./Settings-D6ILgR9X.mjs"),
           permissions: pluginPermissions
         },
         {
@@ -478,7 +478,7 @@ const index = {
           },
           id: "analytics",
           to: `${pluginId}/analytics`,
-          Component: () => import("./Analytics-DQyamHg6.mjs"),
+          Component: () => import("./Analytics--qB2cKuD.mjs"),
           permissions: pluginPermissions
         },
         {
@@ -488,7 +488,7 @@ const index = {
           },
           id: "license",
           to: `${pluginId}/license`,
-          Component: () => import("./License-Bgcm630d.mjs"),
+          Component: () => import("./License-D9piCp34.mjs"),
           permissions: pluginPermissions
         }
       ]
@@ -507,7 +507,7 @@ const index = {
           defaultMessage: "Online Users"
         },
         component: async () => {
-          const component = await import("./OnlineUsersWidget-E2FA7rGi.mjs");
+          const component = await import("./OnlineUsersWidget-DHsthkt0.mjs");
           return component.default;
         },
         id: "online-users-widget",

package/dist/_chunks/{useLicense-Bszkymz3.mjs → useLicense-B9WW9s_d.mjs}

@@ -1,6 +1,6 @@
 import { useState, useEffect } from "react";
 import { useFetchClient } from "@strapi/strapi/admin";
-import { a as pluginId } from "./index-BbbrBv3t.mjs";
+import { a as pluginId } from "./index-CwxKazpc.mjs";
 const useLicense = () => {
   const { get } = useFetchClient();
   const [isPremium, setIsPremium] = useState(false);

package/dist/_chunks/{useLicense-D_wQcoMn.js → useLicense-BEbtA_Zo.js}

@@ -1,7 +1,7 @@
 "use strict";
 const react = require("react");
 const admin = require("@strapi/strapi/admin");
-const index = require("./index-BRESWp1b.js");
+const index = require("./index-CTxGMDHr.js");
 const useLicense = () => {
   const { get } = admin.useFetchClient();
   const [isPremium, setIsPremium] = react.useState(false);

package/dist/admin/index.js

@@ -1,3 +1,3 @@
 "use strict";
-const index = require("../_chunks/index-BRESWp1b.js");
+const index = require("../_chunks/index-CTxGMDHr.js");
 module.exports = index.index;

package/dist/admin/index.mjs

@@ -1,4 +1,4 @@
-import { i } from "../_chunks/index-BbbrBv3t.mjs";
+import { i } from "../_chunks/index-CwxKazpc.mjs";
 export {
   i as default
 };

package/dist/server/index.js

@@ -9584,6 +9584,9 @@ var bootstrap$1 = async ({ strapi: strapi2 }) => {
       }
     }, 3e3);
     const sessionService = strapi2.plugin("magic-sessionmanager").service("session");
+    if (!strapi2.sessionManagerIntervals) {
+      strapi2.sessionManagerIntervals = {};
+    }
     log.info("Running initial session cleanup...");
     try {
       const settings2 = await getPluginSettings$3(strapi2);
@@ -9593,23 +9596,50 @@ var bootstrap$1 = async ({ strapi: strapi2 }) => {
     } catch (cleanupErr) {
       log.warn("Initial cleanup failed:", cleanupErr.message);
     }
-    const cleanupInterval = 30 * 60 * 1e3;
-    const cleanupIntervalHandle = setInterval(async () => {
+    const scheduleIdleCleanup = async () => {
+      let intervalMs = 30 * 60 * 1e3;
+      let useDbDirect = false;
       try {
-        const service = strapi2.plugin("magic-sessionmanager").service("session");
-        const settings2 = await getPluginSettings$3(strapi2).catch(() => ({}));
-        await service.cleanupInactiveSessions({
-          useDbDirect: settings2.cleanupUseDbDirect === true
-        });
-      } catch (err) {
-        log.error("Periodic cleanup error:", err);
+        const settings2 = await getPluginSettings$3(strapi2);
+        intervalMs = Math.max(5 * 60 * 1e3, settings2.cleanupInterval || intervalMs);
+        useDbDirect = settings2.cleanupUseDbDirect === true;
+      } catch {
       }
-    }, cleanupInterval);
-    log.info("[TIME] Periodic cleanup scheduled (every 30 minutes)");
-    if (!strapi2.sessionManagerIntervals) {
-      strapi2.sessionManagerIntervals = {};
-    }
-    strapi2.sessionManagerIntervals.cleanup = cleanupIntervalHandle;
+      const handle = setTimeout(async () => {
+        try {
+          const service = strapi2.plugin("magic-sessionmanager").service("session");
+          await service.cleanupInactiveSessions({ useDbDirect });
+        } catch (err) {
+          log.error("Periodic cleanup error:", err);
+        }
+        scheduleIdleCleanup();
+      }, intervalMs);
+      strapi2.sessionManagerIntervals.cleanupTimeout = handle;
+    };
+    await scheduleIdleCleanup();
+    const RETENTION_INTERVAL_MS = 24 * 60 * 60 * 1e3;
+    const scheduleRetention = async () => {
+      let useDbDirect = false;
+      try {
+        const settings2 = await getPluginSettings$3(strapi2);
+        useDbDirect = settings2.cleanupUseDbDirect === true;
+      } catch {
+      }
+      const handle = setTimeout(async () => {
+        try {
+          const service = strapi2.plugin("magic-sessionmanager").service("session");
+          await service.deleteOldSessions({ useDbDirect });
+        } catch (err) {
+          log.error("Retention cleanup error:", err);
+        }
+        scheduleRetention();
+      }, RETENTION_INTERVAL_MS);
+      strapi2.sessionManagerIntervals.retentionTimeout = handle;
+    };
+    strapi2.sessionManagerIntervals.retentionStartup = setTimeout(() => {
+      scheduleRetention();
+    }, 5 * 60 * 1e3);
+    log.info("[TIME] Dynamic cleanup + retention scheduled");
     mountPreLoginGeoGuard({ strapi: strapi2, log });
     mountFailedLoginLockout({ strapi: strapi2, log });
     mountLogoutRoute({ strapi: strapi2, log, sessionService });
@@ -10341,9 +10371,10 @@ var destroy$1 = async ({ strapi: strapi2 }) => {
       if (!handle) continue;
       try {
         clearInterval(handle);
-        log.info(`[STOP] ${name} interval stopped`);
+        clearTimeout(handle);
+        log.info(`[STOP] ${name} timer stopped`);
       } catch (err) {
-        log.warn(`Failed to stop ${name} interval:`, err.message);
+        log.warn(`Failed to stop ${name} timer:`, err.message);
       }
     }
     strapi2.sessionManagerIntervals = {};
@@ -12210,6 +12241,81 @@ var session$1 = ({ strapi: strapi2 }) => {
         throw err;
       }
     },
+    /**
+     * Permanently deletes sessions that have been inactive past the
+     * configured retention window. Distinct from `deleteInactiveSessions`
+     * (which deletes ALL inactive sessions) — this only drops rows older
+     * than `retentionDays`, so recently-terminated sessions stay queryable
+     * for audits.
+     *
+     * @param {Object} [options]
+     * @param {number} [options.retentionDays]    Overrides the stored setting.
+     * @param {boolean} [options.useDbDirect]     Fast-path via single SQL
+     *   DELETE. Bypasses lifecycle hooks; use only when necessary.
+     * @returns {Promise<number>} Number of sessions deleted
+     */
+    async deleteOldSessions({ retentionDays, useDbDirect } = {}) {
+      try {
+        const settings2 = await getPluginSettings$1(strapi2);
+        const effectiveDays = Number.isFinite(retentionDays) ? retentionDays : settings2.retentionDays || 90;
+        if (effectiveDays === -1) {
+          log.debug("[RETENTION] retentionDays=-1 (forever) — skipping");
+          return 0;
+        }
+        const cutoffDate = new Date(Date.now() - effectiveDays * 24 * 60 * 60 * 1e3);
+        const wantDbDirect = useDbDirect ?? settings2.cleanupUseDbDirect === true;
+        log.info(`[RETENTION] Deleting inactive sessions older than ${effectiveDays} days (before ${cutoffDate.toISOString()})`);
+        if (wantDbDirect) {
+          try {
+            const deleted = await strapi2.db.connection("magic_sessions").where("is_active", false).andWhere(function whereOldEnough() {
+              this.where("logout_time", "<", cutoffDate).orWhere(function whereNullLogout() {
+                this.whereNull("logout_time").andWhere(function whereOldByActivity() {
+                  this.where("last_active", "<", cutoffDate).orWhere(function whereNullActivity() {
+                    this.whereNull("last_active").andWhere("login_time", "<", cutoffDate);
+                  });
+                });
+              });
+            }).del();
+            log.info(`[SUCCESS] Retention (db-direct) deleted ${deleted} old session(s)`);
+            return deleted;
+          } catch (err) {
+            log.warn("[RETENTION] DB-direct delete failed, falling back to Document Service:", err.message);
+          }
+        }
+        let deletedCount = 0;
+        const BATCH = 200;
+        while (true) {
+          const batch = await strapi2.documents(SESSION_UID$1).findMany({
+            filters: {
+              isActive: false,
+              $or: [
+                { logoutTime: { $lt: cutoffDate } },
+                { logoutTime: { $null: true }, lastActive: { $lt: cutoffDate } },
+                { logoutTime: { $null: true }, lastActive: { $null: true }, loginTime: { $lt: cutoffDate } }
+              ]
+            },
+            fields: ["documentId"],
+            sort: { loginTime: "asc" },
+            limit: BATCH
+          });
+          if (!batch || batch.length === 0) break;
+          for (const session2 of batch) {
+            try {
+              await strapi2.documents(SESSION_UID$1).delete({ documentId: session2.documentId });
+              deletedCount++;
+            } catch (err) {
+              log.debug(`[RETENTION] Failed to delete session ${session2.documentId}:`, err.message);
+            }
+          }
+          if (batch.length < BATCH) break;
+        }
+        log.info(`[SUCCESS] Retention deleted ${deletedCount} old session(s)`);
+        return deletedCount;
+      } catch (err) {
+        log.error("Error in retention cleanup:", err);
+        return 0;
+      }
+    },
     /**
      * Permanently deletes all inactive sessions.
      * Uses an inner scan loop that tolerates partial failures.
@@ -12255,7 +12361,7 @@ var session$1 = ({ strapi: strapi2 }) => {
     }
   };
 };
-const version$1 = "4.5.0";
+const version$1 = "4.5.1";
 const require$$2 = {
   version: version$1
 };

package/dist/server/index.mjs

@@ -9571,6 +9571,9 @@ var bootstrap$1 = async ({ strapi: strapi2 }) => {
       }
     }, 3e3);
     const sessionService = strapi2.plugin("magic-sessionmanager").service("session");
+    if (!strapi2.sessionManagerIntervals) {
+      strapi2.sessionManagerIntervals = {};
+    }
     log.info("Running initial session cleanup...");
     try {
       const settings2 = await getPluginSettings$3(strapi2);
@@ -9580,23 +9583,50 @@ var bootstrap$1 = async ({ strapi: strapi2 }) => {
     } catch (cleanupErr) {
       log.warn("Initial cleanup failed:", cleanupErr.message);
     }
-    const cleanupInterval = 30 * 60 * 1e3;
-    const cleanupIntervalHandle = setInterval(async () => {
+    const scheduleIdleCleanup = async () => {
+      let intervalMs = 30 * 60 * 1e3;
+      let useDbDirect = false;
       try {
-        const service = strapi2.plugin("magic-sessionmanager").service("session");
-        const settings2 = await getPluginSettings$3(strapi2).catch(() => ({}));
-        await service.cleanupInactiveSessions({
-          useDbDirect: settings2.cleanupUseDbDirect === true
-        });
-      } catch (err) {
-        log.error("Periodic cleanup error:", err);
+        const settings2 = await getPluginSettings$3(strapi2);
+        intervalMs = Math.max(5 * 60 * 1e3, settings2.cleanupInterval || intervalMs);
+        useDbDirect = settings2.cleanupUseDbDirect === true;
+      } catch {
       }
-    }, cleanupInterval);
-    log.info("[TIME] Periodic cleanup scheduled (every 30 minutes)");
-    if (!strapi2.sessionManagerIntervals) {
-      strapi2.sessionManagerIntervals = {};
-    }
-    strapi2.sessionManagerIntervals.cleanup = cleanupIntervalHandle;
+      const handle = setTimeout(async () => {
+        try {
+          const service = strapi2.plugin("magic-sessionmanager").service("session");
+          await service.cleanupInactiveSessions({ useDbDirect });
+        } catch (err) {
+          log.error("Periodic cleanup error:", err);
+        }
+        scheduleIdleCleanup();
+      }, intervalMs);
+      strapi2.sessionManagerIntervals.cleanupTimeout = handle;
+    };
+    await scheduleIdleCleanup();
+    const RETENTION_INTERVAL_MS = 24 * 60 * 60 * 1e3;
+    const scheduleRetention = async () => {
+      let useDbDirect = false;
+      try {
+        const settings2 = await getPluginSettings$3(strapi2);
+        useDbDirect = settings2.cleanupUseDbDirect === true;
+      } catch {
+      }
+      const handle = setTimeout(async () => {
+        try {
+          const service = strapi2.plugin("magic-sessionmanager").service("session");
+          await service.deleteOldSessions({ useDbDirect });
+        } catch (err) {
+          log.error("Retention cleanup error:", err);
+        }
+        scheduleRetention();
+      }, RETENTION_INTERVAL_MS);
+      strapi2.sessionManagerIntervals.retentionTimeout = handle;
+    };
+    strapi2.sessionManagerIntervals.retentionStartup = setTimeout(() => {
+      scheduleRetention();
+    }, 5 * 60 * 1e3);
+    log.info("[TIME] Dynamic cleanup + retention scheduled");
     mountPreLoginGeoGuard({ strapi: strapi2, log });
     mountFailedLoginLockout({ strapi: strapi2, log });
     mountLogoutRoute({ strapi: strapi2, log, sessionService });
@@ -10328,9 +10358,10 @@ var destroy$1 = async ({ strapi: strapi2 }) => {
       if (!handle) continue;
       try {
         clearInterval(handle);
-        log.info(`[STOP] ${name} interval stopped`);
+        clearTimeout(handle);
+        log.info(`[STOP] ${name} timer stopped`);
       } catch (err) {
-        log.warn(`Failed to stop ${name} interval:`, err.message);
+        log.warn(`Failed to stop ${name} timer:`, err.message);
       }
     }
     strapi2.sessionManagerIntervals = {};
@@ -12197,6 +12228,81 @@ var session$1 = ({ strapi: strapi2 }) => {
         throw err;
       }
     },
+    /**
+     * Permanently deletes sessions that have been inactive past the
+     * configured retention window. Distinct from `deleteInactiveSessions`
+     * (which deletes ALL inactive sessions) — this only drops rows older
+     * than `retentionDays`, so recently-terminated sessions stay queryable
+     * for audits.
+     *
+     * @param {Object} [options]
+     * @param {number} [options.retentionDays]    Overrides the stored setting.
+     * @param {boolean} [options.useDbDirect]     Fast-path via single SQL
+     *   DELETE. Bypasses lifecycle hooks; use only when necessary.
+     * @returns {Promise<number>} Number of sessions deleted
+     */
+    async deleteOldSessions({ retentionDays, useDbDirect } = {}) {
+      try {
+        const settings2 = await getPluginSettings$1(strapi2);
+        const effectiveDays = Number.isFinite(retentionDays) ? retentionDays : settings2.retentionDays || 90;
+        if (effectiveDays === -1) {
+          log.debug("[RETENTION] retentionDays=-1 (forever) — skipping");
+          return 0;
+        }
+        const cutoffDate = new Date(Date.now() - effectiveDays * 24 * 60 * 60 * 1e3);
+        const wantDbDirect = useDbDirect ?? settings2.cleanupUseDbDirect === true;
+        log.info(`[RETENTION] Deleting inactive sessions older than ${effectiveDays} days (before ${cutoffDate.toISOString()})`);
+        if (wantDbDirect) {
+          try {
+            const deleted = await strapi2.db.connection("magic_sessions").where("is_active", false).andWhere(function whereOldEnough() {
+              this.where("logout_time", "<", cutoffDate).orWhere(function whereNullLogout() {
+                this.whereNull("logout_time").andWhere(function whereOldByActivity() {
+                  this.where("last_active", "<", cutoffDate).orWhere(function whereNullActivity() {
+                    this.whereNull("last_active").andWhere("login_time", "<", cutoffDate);
+                  });
+                });
+              });
+            }).del();
+            log.info(`[SUCCESS] Retention (db-direct) deleted ${deleted} old session(s)`);
+            return deleted;
+          } catch (err) {
+            log.warn("[RETENTION] DB-direct delete failed, falling back to Document Service:", err.message);
+          }
+        }
+        let deletedCount = 0;
+        const BATCH = 200;
+        while (true) {
+          const batch = await strapi2.documents(SESSION_UID$1).findMany({
+            filters: {
+              isActive: false,
+              $or: [
+                { logoutTime: { $lt: cutoffDate } },
+                { logoutTime: { $null: true }, lastActive: { $lt: cutoffDate } },
+                { logoutTime: { $null: true }, lastActive: { $null: true }, loginTime: { $lt: cutoffDate } }
+              ]
+            },
+            fields: ["documentId"],
+            sort: { loginTime: "asc" },
+            limit: BATCH
+          });
+          if (!batch || batch.length === 0) break;
+          for (const session2 of batch) {
+            try {
+              await strapi2.documents(SESSION_UID$1).delete({ documentId: session2.documentId });
+              deletedCount++;
+            } catch (err) {
+              log.debug(`[RETENTION] Failed to delete session ${session2.documentId}:`, err.message);
+            }
+          }
+          if (batch.length < BATCH) break;
+        }
+        log.info(`[SUCCESS] Retention deleted ${deletedCount} old session(s)`);
+        return deletedCount;
+      } catch (err) {
+        log.error("Error in retention cleanup:", err);
+        return 0;
+      }
+    },
     /**
      * Permanently deletes all inactive sessions.
      * Uses an inner scan loop that tolerates partial failures.
@@ -12242,7 +12348,7 @@ var session$1 = ({ strapi: strapi2 }) => {
     }
   };
 };
-const version$1 = "4.5.0";
+const version$1 = "4.5.1";
 const require$$2 = {
   version: version$1
 };

package/package.json

@@ -1,5 +1,5 @@
 {
-  "version": "4.5.1",
+  "version": "4.5.2",
   "keywords": [
     "strapi",
     "strapi-plugin",