strapi-security-suite 0.1.9 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/server/index.js +36 -2
- package/dist/server/index.mjs +36 -2
- package/package.json +1 -1
package/dist/server/index.js
CHANGED
|
@@ -12,6 +12,7 @@ async function trackActivity(ctx, next) {
|
|
|
12
12
|
const adminUser = ctx.session?.user;
|
|
13
13
|
let key = adminUser?.id ? `${adminUser.id}:${adminUser.email}` : null;
|
|
14
14
|
const auth = ctx.request.headers?.authorization;
|
|
15
|
+
console.log("revokedConnectionTokens =======>", revokedConnectionTokens);
|
|
15
16
|
if (auth && revokedConnectionTokens.has(auth.split(" ")[1]) || revokedConnectionTokens.has(ctx.cookies.get("jwtToken"))) {
|
|
16
17
|
ctx.cookies.set("jwtToken", "", { expires: /* @__PURE__ */ new Date(0), path: "/" });
|
|
17
18
|
ctx.status = 403;
|
|
@@ -135,7 +136,10 @@ async function rejectRevokedTokens(ctx, next) {
|
|
|
135
136
|
ctx.cookies.set("koa.sess.sig", "", { expires: /* @__PURE__ */ new Date(0), path: "/" });
|
|
136
137
|
sessionActivityMap.delete(key);
|
|
137
138
|
revokedTokenSet.delete(adminEmail);
|
|
138
|
-
|
|
139
|
+
const userToken = ctx.cookies.get("jwtToken");
|
|
140
|
+
if (userToken) {
|
|
141
|
+
revokedConnectionTokens.add(ctx.cookies.get("jwtToken"));
|
|
142
|
+
}
|
|
139
143
|
strapi.service("plugin::strapi-security-suite.autoLogoutChecker").clearSessionActivity(id, adminEmail);
|
|
140
144
|
forceExpireAdmin(ctx, id);
|
|
141
145
|
strapi.log.info(`🔒 Session revoked: ${adminEmail} app.admin.logout`);
|
|
@@ -155,7 +159,10 @@ async function interceptRenewToken(ctx, next) {
|
|
|
155
159
|
ctx.cookies.set("koa.sess.sig", "", { expires: /* @__PURE__ */ new Date(0), path: "/" });
|
|
156
160
|
if (adminUser?.id) {
|
|
157
161
|
strapi.service("plugin::strapi-security-suite.autoLogoutChecker").clearSessionActivity(adminUser?.id, adminUser?.email);
|
|
158
|
-
|
|
162
|
+
const userToken = ctx.cookies.get("jwtToken");
|
|
163
|
+
if (userToken) {
|
|
164
|
+
revokedConnectionTokens.add(ctx.cookies.get("jwtToken"));
|
|
165
|
+
}
|
|
159
166
|
ctx.session = null;
|
|
160
167
|
sessionActivityMap.delete(`${adminUser?.id}:${adminUser?.email}`);
|
|
161
168
|
return;
|
|
@@ -246,9 +253,36 @@ const bootstrap = async ({ strapi: strapi2 }) => {
|
|
|
246
253
|
} catch (error) {
|
|
247
254
|
strapi2.log.error("❌ Failed to register SecSuite Plugin permissions:", error);
|
|
248
255
|
}
|
|
256
|
+
await ensureDefaultSecuritySettings(strapi2);
|
|
249
257
|
strapi2.server.use(middlewares.preventMultipleSessions);
|
|
250
258
|
strapi2.service("plugin::strapi-security-suite.autoLogoutChecker").startAutoLogoutWatcher();
|
|
251
259
|
};
|
|
260
|
+
async function ensureDefaultSecuritySettings(strapi2) {
|
|
261
|
+
try {
|
|
262
|
+
const existing = await strapi2.entityService.findMany(
|
|
263
|
+
"plugin::strapi-security-suite.security_settings",
|
|
264
|
+
{}
|
|
265
|
+
);
|
|
266
|
+
if (Array.isArray(existing) && existing.length > 0) {
|
|
267
|
+
strapi2.log.info("✅ Default security settings already exist.");
|
|
268
|
+
return;
|
|
269
|
+
}
|
|
270
|
+
const DEFAULT_SETTINGS = {
|
|
271
|
+
autoLogoutTime: 30,
|
|
272
|
+
multipleSessionsControl: true,
|
|
273
|
+
passwordExpiryDays: 30,
|
|
274
|
+
nonReusablePassword: true,
|
|
275
|
+
enablePasswordManagement: true
|
|
276
|
+
};
|
|
277
|
+
await strapi2.entityService.create(
|
|
278
|
+
"plugin::strapi-security-suite.security_settings",
|
|
279
|
+
{ data: DEFAULT_SETTINGS }
|
|
280
|
+
);
|
|
281
|
+
strapi2.log.info("✅ Default security settings created successfully.");
|
|
282
|
+
} catch (error) {
|
|
283
|
+
strapi2.log.error("❌ Failed to ensure default security settings:", error);
|
|
284
|
+
}
|
|
285
|
+
}
|
|
252
286
|
const destroy = ({ strapi: strapi2 }) => {
|
|
253
287
|
strapi2.service("plugin::strapi-security-suite.autoLogoutChecker").stopAutoLogoutWatcher();
|
|
254
288
|
};
|
package/dist/server/index.mjs
CHANGED
|
@@ -9,6 +9,7 @@ async function trackActivity(ctx, next) {
|
|
|
9
9
|
const adminUser = ctx.session?.user;
|
|
10
10
|
let key = adminUser?.id ? `${adminUser.id}:${adminUser.email}` : null;
|
|
11
11
|
const auth = ctx.request.headers?.authorization;
|
|
12
|
+
console.log("revokedConnectionTokens =======>", revokedConnectionTokens);
|
|
12
13
|
if (auth && revokedConnectionTokens.has(auth.split(" ")[1]) || revokedConnectionTokens.has(ctx.cookies.get("jwtToken"))) {
|
|
13
14
|
ctx.cookies.set("jwtToken", "", { expires: /* @__PURE__ */ new Date(0), path: "/" });
|
|
14
15
|
ctx.status = 403;
|
|
@@ -132,7 +133,10 @@ async function rejectRevokedTokens(ctx, next) {
|
|
|
132
133
|
ctx.cookies.set("koa.sess.sig", "", { expires: /* @__PURE__ */ new Date(0), path: "/" });
|
|
133
134
|
sessionActivityMap.delete(key);
|
|
134
135
|
revokedTokenSet.delete(adminEmail);
|
|
135
|
-
|
|
136
|
+
const userToken = ctx.cookies.get("jwtToken");
|
|
137
|
+
if (userToken) {
|
|
138
|
+
revokedConnectionTokens.add(ctx.cookies.get("jwtToken"));
|
|
139
|
+
}
|
|
136
140
|
strapi.service("plugin::strapi-security-suite.autoLogoutChecker").clearSessionActivity(id, adminEmail);
|
|
137
141
|
forceExpireAdmin(ctx, id);
|
|
138
142
|
strapi.log.info(`🔒 Session revoked: ${adminEmail} app.admin.logout`);
|
|
@@ -152,7 +156,10 @@ async function interceptRenewToken(ctx, next) {
|
|
|
152
156
|
ctx.cookies.set("koa.sess.sig", "", { expires: /* @__PURE__ */ new Date(0), path: "/" });
|
|
153
157
|
if (adminUser?.id) {
|
|
154
158
|
strapi.service("plugin::strapi-security-suite.autoLogoutChecker").clearSessionActivity(adminUser?.id, adminUser?.email);
|
|
155
|
-
|
|
159
|
+
const userToken = ctx.cookies.get("jwtToken");
|
|
160
|
+
if (userToken) {
|
|
161
|
+
revokedConnectionTokens.add(ctx.cookies.get("jwtToken"));
|
|
162
|
+
}
|
|
156
163
|
ctx.session = null;
|
|
157
164
|
sessionActivityMap.delete(`${adminUser?.id}:${adminUser?.email}`);
|
|
158
165
|
return;
|
|
@@ -243,9 +250,36 @@ const bootstrap = async ({ strapi: strapi2 }) => {
|
|
|
243
250
|
} catch (error) {
|
|
244
251
|
strapi2.log.error("❌ Failed to register SecSuite Plugin permissions:", error);
|
|
245
252
|
}
|
|
253
|
+
await ensureDefaultSecuritySettings(strapi2);
|
|
246
254
|
strapi2.server.use(middlewares.preventMultipleSessions);
|
|
247
255
|
strapi2.service("plugin::strapi-security-suite.autoLogoutChecker").startAutoLogoutWatcher();
|
|
248
256
|
};
|
|
257
|
+
async function ensureDefaultSecuritySettings(strapi2) {
|
|
258
|
+
try {
|
|
259
|
+
const existing = await strapi2.entityService.findMany(
|
|
260
|
+
"plugin::strapi-security-suite.security_settings",
|
|
261
|
+
{}
|
|
262
|
+
);
|
|
263
|
+
if (Array.isArray(existing) && existing.length > 0) {
|
|
264
|
+
strapi2.log.info("✅ Default security settings already exist.");
|
|
265
|
+
return;
|
|
266
|
+
}
|
|
267
|
+
const DEFAULT_SETTINGS = {
|
|
268
|
+
autoLogoutTime: 30,
|
|
269
|
+
multipleSessionsControl: true,
|
|
270
|
+
passwordExpiryDays: 30,
|
|
271
|
+
nonReusablePassword: true,
|
|
272
|
+
enablePasswordManagement: true
|
|
273
|
+
};
|
|
274
|
+
await strapi2.entityService.create(
|
|
275
|
+
"plugin::strapi-security-suite.security_settings",
|
|
276
|
+
{ data: DEFAULT_SETTINGS }
|
|
277
|
+
);
|
|
278
|
+
strapi2.log.info("✅ Default security settings created successfully.");
|
|
279
|
+
} catch (error) {
|
|
280
|
+
strapi2.log.error("❌ Failed to ensure default security settings:", error);
|
|
281
|
+
}
|
|
282
|
+
}
|
|
249
283
|
const destroy = ({ strapi: strapi2 }) => {
|
|
250
284
|
strapi2.service("plugin::strapi-security-suite.autoLogoutChecker").stopAutoLogoutWatcher();
|
|
251
285
|
};
|
package/package.json
CHANGED