strapi-security-suite 0.1.2 → 0.1.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist/admin/index.js +10 -45
  2. package/dist/admin/index.mjs +10 -45
  3. package/dist/server/index.js +153 -25226
  4. package/dist/server/index.mjs +152 -25215
  5. package/package.json +4 -3
package/dist/admin/index.js CHANGED
@@ -27,17 +27,6 @@ const Initializer = ({ setPlugin }) => {
27
27
  return null;
28
28
  };
29
29
  const PluginIcon = () => /* @__PURE__ */ jsxRuntime.jsx(icons.User, {});
30
- const autologout = () => {
31
- console.warn("💥 Intercepted module import failure! Executing backup plan.");
32
- localStorage.setItem("isLoggedIn", "false");
33
- sessionStorage.clear();
34
- document.cookie = "koa.sess=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT;";
35
- document.cookie = "koa.sess.sig=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT;";
36
- document.cookie = "jwtToken=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT;";
37
- setTimeout(() => {
38
- window.location.href = "/admin/auth/login?t=" + Date.now();
39
- }, 50);
40
- };
41
30
  const index = {
42
31
  register(app) {
43
32
  app.addMenuLink({
@@ -64,44 +53,20 @@ const index = {
64
53
  isReady: false,
65
54
  name: PLUGIN_ID
66
55
  });
67
- const originalSetItem = Storage.prototype.setItem;
68
- Storage.prototype.setItem = function(key, value) {
69
- console.log(`🕵️ Intercepted localStorage.setItem:`, key, value);
70
- return originalSetItem.apply(this, arguments);
71
- };
72
- if (!window.__fetchPatchedForSession) {
73
- window.addEventListener("unhandledrejection", function(event) {
74
- console.log(event.reason);
75
- autologout();
76
- });
77
- window.addEventListener("error", function(event) {
78
- const message = event.message || "";
79
- console.log(message);
80
- autologout();
81
- });
56
+ if (!window.__secureFetchPatched) {
82
57
  const originalFetch = window.fetch;
83
58
  window.fetch = async (...args) => {
84
- try {
85
- const response = await originalFetch(...args);
86
- const except = await originalFetch(...args);
87
- const exceptError = await except.json();
88
- const { error } = exceptError ?? {};
89
- if ([400, 440].includes(response.status) && !error?.message?.includes("Invalid credentials")) {
90
- if (window.stop) window.stop();
91
- if (document.execCommand) document.execCommand("Stop");
92
- window.location.reload();
93
- return;
94
- }
95
- return response;
96
- } catch (err) {
97
- console.log(err);
98
- if (err?.message?.includes("MIME")) {
99
- window.location.reload();
100
- return;
101
- }
59
+ const response = await originalFetch(...args);
60
+ const captured = response.headers.get("app.admin.tk");
61
+ if (captured) {
62
+ console.log("Captured logout instruction for", captured);
63
+ window.stop();
64
+ window.location.reload();
65
+ return;
102
66
  }
67
+ return originalFetch(...args);
103
68
  };
104
- window.__fetchPatchedForSession = true;
69
+ window.__secureFetchPatched = true;
105
70
  }
106
71
  },
107
72
  async registerTrads({ locales }) {
package/dist/admin/index.mjs CHANGED
@@ -26,17 +26,6 @@ const Initializer = ({ setPlugin }) => {
26
26
  return null;
27
27
  };
28
28
  const PluginIcon = () => /* @__PURE__ */ jsx(User, {});
29
- const autologout = () => {
30
- console.warn("💥 Intercepted module import failure! Executing backup plan.");
31
- localStorage.setItem("isLoggedIn", "false");
32
- sessionStorage.clear();
33
- document.cookie = "koa.sess=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT;";
34
- document.cookie = "koa.sess.sig=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT;";
35
- document.cookie = "jwtToken=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT;";
36
- setTimeout(() => {
37
- window.location.href = "/admin/auth/login?t=" + Date.now();
38
- }, 50);
39
- };
40
29
  const index = {
41
30
  register(app) {
42
31
  app.addMenuLink({
@@ -63,44 +52,20 @@ const index = {
63
52
  isReady: false,
64
53
  name: PLUGIN_ID
65
54
  });
66
- const originalSetItem = Storage.prototype.setItem;
67
- Storage.prototype.setItem = function(key, value) {
68
- console.log(`🕵️ Intercepted localStorage.setItem:`, key, value);
69
- return originalSetItem.apply(this, arguments);
70
- };
71
- if (!window.__fetchPatchedForSession) {
72
- window.addEventListener("unhandledrejection", function(event) {
73
- console.log(event.reason);
74
- autologout();
75
- });
76
- window.addEventListener("error", function(event) {
77
- const message = event.message || "";
78
- console.log(message);
79
- autologout();
80
- });
55
+ if (!window.__secureFetchPatched) {
81
56
  const originalFetch = window.fetch;
82
57
  window.fetch = async (...args) => {
83
- try {
84
- const response = await originalFetch(...args);
85
- const except = await originalFetch(...args);
86
- const exceptError = await except.json();
87
- const { error } = exceptError ?? {};
88
- if ([400, 440].includes(response.status) && !error?.message?.includes("Invalid credentials")) {
89
- if (window.stop) window.stop();
90
- if (document.execCommand) document.execCommand("Stop");
91
- window.location.reload();
92
- return;
93
- }
94
- return response;
95
- } catch (err) {
96
- console.log(err);
97
- if (err?.message?.includes("MIME")) {
98
- window.location.reload();
99
- return;
100
- }
58
+ const response = await originalFetch(...args);
59
+ const captured = response.headers.get("app.admin.tk");
60
+ if (captured) {
61
+ console.log("Captured logout instruction for", captured);
62
+ window.stop();
63
+ window.location.reload();
64
+ return;
101
65
  }
66
+ return originalFetch(...args);
102
67
  };
103
- window.__fetchPatchedForSession = true;
68
+ window.__secureFetchPatched = true;
104
69
  }
105
70
  },
106
71
  async registerTrads({ locales }) {