strapi-security-suite 0.1.6 → 0.1.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/server/index.js +18 -2
- package/dist/server/index.mjs +18 -2
- package/package.json +1 -1
package/dist/server/index.js
CHANGED
|
@@ -2,6 +2,8 @@
|
|
|
2
2
|
const jwt = require("jsonwebtoken");
|
|
3
3
|
const _interopDefault = (e) => e && e.__esModule ? e : { default: e };
|
|
4
4
|
const jwt__default = /* @__PURE__ */ _interopDefault(jwt);
|
|
5
|
+
const revokedTokenSet = /* @__PURE__ */ new Set();
|
|
6
|
+
const revokedConnectionTokens = /* @__PURE__ */ new Set();
|
|
5
7
|
const CHECK_INTERVAL = 5e3;
|
|
6
8
|
const LOGIN_PATH = "/admin/login";
|
|
7
9
|
const LOGOUT_PATH = "/admin/logout";
|
|
@@ -9,6 +11,19 @@ const sessionActivityMap = /* @__PURE__ */ new Map();
|
|
|
9
11
|
async function trackActivity(ctx, next) {
|
|
10
12
|
const adminUser = ctx.session?.user;
|
|
11
13
|
let key = adminUser?.id ? `${adminUser.id}:${adminUser.email}` : null;
|
|
14
|
+
const auth = ctx.request.headers?.authorization;
|
|
15
|
+
if (auth && revokedConnectionTokens.has(auth.split(" ")[1]) || revokedConnectionTokens.has(ctx.cookies.get("jwtToken"))) {
|
|
16
|
+
ctx.cookies.set("jwtToken", "", { expires: /* @__PURE__ */ new Date(0), path: "/" });
|
|
17
|
+
ctx.status = 403;
|
|
18
|
+
ctx.body = {
|
|
19
|
+
error: {
|
|
20
|
+
status: 403,
|
|
21
|
+
title: "Forbidden",
|
|
22
|
+
message: "Forbidden. Your token has been revoked."
|
|
23
|
+
}
|
|
24
|
+
};
|
|
25
|
+
return;
|
|
26
|
+
}
|
|
12
27
|
if (ctx.path.includes(LOGOUT_PATH)) {
|
|
13
28
|
ctx.session = null;
|
|
14
29
|
key = null;
|
|
@@ -87,7 +102,6 @@ const checkAdminPermission = (requiredPermission) => async (ctx, next) => {
|
|
|
87
102
|
return ctx.internalServerError("Failed to verify permissions.");
|
|
88
103
|
}
|
|
89
104
|
};
|
|
90
|
-
const revokedTokenSet = /* @__PURE__ */ new Set();
|
|
91
105
|
const forceExpireAdmin = async (ctx, userId) => {
|
|
92
106
|
const ADMIN_SECRET = strapi.config.get("admin.auth.secret");
|
|
93
107
|
const token = jwt__default.default.sign(
|
|
@@ -121,6 +135,7 @@ async function rejectRevokedTokens(ctx, next) {
|
|
|
121
135
|
ctx.cookies.set("koa.sess.sig", "", { expires: /* @__PURE__ */ new Date(0), path: "/" });
|
|
122
136
|
sessionActivityMap.delete(key);
|
|
123
137
|
revokedTokenSet.delete(adminEmail);
|
|
138
|
+
revokedConnectionTokens.add(ctx.cookies.get("jwtToken"));
|
|
124
139
|
strapi.service("plugin::strapi-security-suite.autoLogoutChecker").clearSessionActivity(id, adminEmail);
|
|
125
140
|
forceExpireAdmin(ctx, id);
|
|
126
141
|
strapi.log.info(`🔒 Session revoked: ${adminEmail} app.admin.logout`);
|
|
@@ -140,12 +155,13 @@ async function interceptRenewToken(ctx, next) {
|
|
|
140
155
|
ctx.cookies.set("koa.sess.sig", "", { expires: /* @__PURE__ */ new Date(0), path: "/" });
|
|
141
156
|
if (adminUser?.id) {
|
|
142
157
|
strapi.service("plugin::strapi-security-suite.autoLogoutChecker").clearSessionActivity(adminUser?.id, adminUser?.email);
|
|
158
|
+
revokedConnectionTokens.add(ctx.cookies.get("jwtToken"));
|
|
143
159
|
ctx.session = null;
|
|
144
160
|
sessionActivityMap.delete(`${adminUser?.id}:${adminUser?.email}`);
|
|
145
161
|
return;
|
|
146
162
|
}
|
|
147
163
|
}
|
|
148
|
-
if (ctx.path
|
|
164
|
+
if (ctx.path.includes("/renew-token") || ctx.path.includes("/content")) {
|
|
149
165
|
const { email } = ctx.session?.user || {};
|
|
150
166
|
if (!email) {
|
|
151
167
|
ctx.set("app.admin.tk", "email.admin");
|
package/dist/server/index.mjs
CHANGED
|
@@ -1,4 +1,6 @@
|
|
|
1
1
|
import jwt from "jsonwebtoken";
|
|
2
|
+
const revokedTokenSet = /* @__PURE__ */ new Set();
|
|
3
|
+
const revokedConnectionTokens = /* @__PURE__ */ new Set();
|
|
2
4
|
const CHECK_INTERVAL = 5e3;
|
|
3
5
|
const LOGIN_PATH = "/admin/login";
|
|
4
6
|
const LOGOUT_PATH = "/admin/logout";
|
|
@@ -6,6 +8,19 @@ const sessionActivityMap = /* @__PURE__ */ new Map();
|
|
|
6
8
|
async function trackActivity(ctx, next) {
|
|
7
9
|
const adminUser = ctx.session?.user;
|
|
8
10
|
let key = adminUser?.id ? `${adminUser.id}:${adminUser.email}` : null;
|
|
11
|
+
const auth = ctx.request.headers?.authorization;
|
|
12
|
+
if (auth && revokedConnectionTokens.has(auth.split(" ")[1]) || revokedConnectionTokens.has(ctx.cookies.get("jwtToken"))) {
|
|
13
|
+
ctx.cookies.set("jwtToken", "", { expires: /* @__PURE__ */ new Date(0), path: "/" });
|
|
14
|
+
ctx.status = 403;
|
|
15
|
+
ctx.body = {
|
|
16
|
+
error: {
|
|
17
|
+
status: 403,
|
|
18
|
+
title: "Forbidden",
|
|
19
|
+
message: "Forbidden. Your token has been revoked."
|
|
20
|
+
}
|
|
21
|
+
};
|
|
22
|
+
return;
|
|
23
|
+
}
|
|
9
24
|
if (ctx.path.includes(LOGOUT_PATH)) {
|
|
10
25
|
ctx.session = null;
|
|
11
26
|
key = null;
|
|
@@ -84,7 +99,6 @@ const checkAdminPermission = (requiredPermission) => async (ctx, next) => {
|
|
|
84
99
|
return ctx.internalServerError("Failed to verify permissions.");
|
|
85
100
|
}
|
|
86
101
|
};
|
|
87
|
-
const revokedTokenSet = /* @__PURE__ */ new Set();
|
|
88
102
|
const forceExpireAdmin = async (ctx, userId) => {
|
|
89
103
|
const ADMIN_SECRET = strapi.config.get("admin.auth.secret");
|
|
90
104
|
const token = jwt.sign(
|
|
@@ -118,6 +132,7 @@ async function rejectRevokedTokens(ctx, next) {
|
|
|
118
132
|
ctx.cookies.set("koa.sess.sig", "", { expires: /* @__PURE__ */ new Date(0), path: "/" });
|
|
119
133
|
sessionActivityMap.delete(key);
|
|
120
134
|
revokedTokenSet.delete(adminEmail);
|
|
135
|
+
revokedConnectionTokens.add(ctx.cookies.get("jwtToken"));
|
|
121
136
|
strapi.service("plugin::strapi-security-suite.autoLogoutChecker").clearSessionActivity(id, adminEmail);
|
|
122
137
|
forceExpireAdmin(ctx, id);
|
|
123
138
|
strapi.log.info(`🔒 Session revoked: ${adminEmail} app.admin.logout`);
|
|
@@ -137,12 +152,13 @@ async function interceptRenewToken(ctx, next) {
|
|
|
137
152
|
ctx.cookies.set("koa.sess.sig", "", { expires: /* @__PURE__ */ new Date(0), path: "/" });
|
|
138
153
|
if (adminUser?.id) {
|
|
139
154
|
strapi.service("plugin::strapi-security-suite.autoLogoutChecker").clearSessionActivity(adminUser?.id, adminUser?.email);
|
|
155
|
+
revokedConnectionTokens.add(ctx.cookies.get("jwtToken"));
|
|
140
156
|
ctx.session = null;
|
|
141
157
|
sessionActivityMap.delete(`${adminUser?.id}:${adminUser?.email}`);
|
|
142
158
|
return;
|
|
143
159
|
}
|
|
144
160
|
}
|
|
145
|
-
if (ctx.path
|
|
161
|
+
if (ctx.path.includes("/renew-token") || ctx.path.includes("/content")) {
|
|
146
162
|
const { email } = ctx.session?.user || {};
|
|
147
163
|
if (!email) {
|
|
148
164
|
ctx.set("app.admin.tk", "email.admin");
|
package/package.json
CHANGED