strapi-security-suite 0.2.3 → 0.3.0

package/README.md

@@ -1,58 +1,247 @@
-# 🛡️ Strapi Security Suite (Beta)
+# 🛡️ Strapi Security Suite
 
-## **The Last Plugin You’ll Ever Need to Sleep at Night**
+### The admin security plugin that takes your sessions _personally_.
 
-A high-performance, in-memory security enhancement plugin for **Strapi v5**, Session-obsessed. Built for the **chaotic genius admin** who refuses to get breached by a stale token.\
-Powered by **rage, memory maps, and accountability.**
+> **One plugin. Auto-logout. Single-session enforcement. Token revocation. Password policy.**
+> Built for **Strapi v5**. Fueled by in-memory Maps and zero tolerance for stale tokens.
 
 ---
 
-## ✨ Why This Exists
+## 🤔 What Is This?
 
-Because “just trusting sessions” is how *breaches happen*.\
-Because the admin panel deserves better.\
-Because your team deserves **a real security layer**, not a checkbox.
+Imagine a bouncer at a nightclub. But the nightclub is your **Strapi admin panel**, and the bouncer has a _perfect memory_, never sleeps, and will physically escort your idle admins out the door after 30 minutes of doing nothing.
+
+**That's this plugin.**
+
+```
+  🔐 Admin logs in
+   |
+   |  👀 Every request tracked (timestamp saved in memory)
+   |
+   |  😴 Admin goes idle...
+   |
+   |  ⏰ 30 minutes pass...
+   |
+   🚪 BOOM. Logged out. Cookies cleared. Token dead.
+         No arguments. No appeals. Just security.
+```
+
+---
+
+## ✨ Features at a Glance
+
+| Feature                    | What It Does                                   | Vibe                 |
+| -------------------------- | ---------------------------------------------- | -------------------- |
+| ⏰ **Auto-Logout**         | Kicks idle admins after configurable minutes   | "Use it or lose it"  |
+| 🚫 **Single-Session Lock** | One admin = one session. Period.               | "No shadow clones"   |
+| 💀 **Token Revocation**    | Dead tokens stay dead. Instantly.              | "Ghosts get ghosted" |
+| 🔑 **Password Policy**     | Expiry + non-reusable passwords (configurable) | "Rotate or regret"   |
+| ⚙️ **Admin UI**            | Settings panel right inside Strapi             | "Click, don't code"  |
+| 🛡️ **Input Validation**    | Server-side validation on every settings save  | "Trust nobody"       |
 
 ---
 
-## ⚔️ Features That Slap
+## 🚀 Quick Start
+
+### Step 1: Install it
+
+```bash
+yarn add strapi-security-suite
+```
+
+### Step 2: Enable it
+
+Add this to your `config/plugins.js` (or `.ts`):
 
-### 🔒 Auto Logout (with taste)
+```javascript
+module.exports = ({ env }) => ({
+  'strapi-security-suite': {
+    enabled: true,
+  },
+});
+```
 
-Kick idle admins like it’s office closing time.
+### Step 3: Restart Strapi
 
-- 🔍 Tracks every request
-- ⏲️ Custom inactivity timeout from DB
-- 🧠 Memory-first with `sessionActivityMap`
-- 💨 Triggers soft or *nuclear* logout depending on your vibe
-- 💾 Graceful 440s, JS responses, and gentle redirects
+```bash
+yarn develop
+```
 
-### 🚷 Multi-Session Lock
+### Step 4: Find it
 
-One admin = one session. No shadow clones allowed.
+Go to **Settings** → **Global** → **Security Suite**
 
-- 💥 First login wins, others are denied
-- 🧹 Cleans old sessions like a digital janitor
+That's it. You're done. Go get a coffee. ☕
 
-### 🧄 Session Exorcism Layer™
+---
 
-Revoked tokens get ghosted *instantly*.\
-Even if Strapi tries to pretend they’re still cute.
+## 🖼️ The Admin Panel
 
-- 🔪 Middleware blocks
-- 🪦 Session cookie wipeout
-- 📩 Headers set for frontend rejections
-- 🗑️ `isLoggedIn` purged with prejudice
+Once installed, you get a beautiful settings page with two panels:
 
-### 🧠 Smart Middleware Stack
+```
+┌───────────────────────────────────────────────────────┐
+│            🛡️ Security & Session Settings              │
+├───────────────────────────┬───────────────────────────┤
+│                           │                           │
+│  🕐 SESSION MANAGEMENT    │  🔑 PASSWORD MANAGEMENT    │
+│                           │                           │
+│  Auto Logout Time: [30]  │  Password Control: [ON]   │
+│  (minutes)               │                           │
+│                           │  Expiry Days: [30]        │
+│  Multi-Session            │                           │
+│  Control: [ON]            │  Non-Reusable: [ON]       │
+│                           │                           │
+├───────────────────────────┴───────────────────────────┤
+│                               [ 💾 Save Settings ]    │
+└───────────────────────────────────────────────────────┘
+```
 
-- `trackActivity`: Updates timestamps on every move
-- `rejectRevokedTokens`: Blocks dead sessions like a haunted firewall
-- `interceptRenewToken`: Stops Strapi’s clingy `/renew-token` requests from reviving zombies
+**Everything is stored in the database.** Change a value, hit save, it takes effect immediately. No restarts. No config files. No drama.
 
 ---
 
-## 🧪 Configuration Schema
+## 🧠 How It Actually Works
+
+Here's the whole flow, explained like you're five (but a very smart five):
+
+### 🔗 The Middleware Pipeline
+
+When any request hits your Strapi server, it passes through **5 security checkpoints** (middlewares), in this exact order:
+
+```
+  🌐 Incoming Request
+       │
+       ▼
+  1. 🐣 seedUserInfos
+  │    "Who are you? Let me check your JWT and load your profile"
+  │
+  ▼
+  2. 🔍 interceptRenewToken
+  │    "Trying to renew your token? Let me make sure you're still welcome"
+  │
+  ▼
+  3. 👣 trackActivity
+  │    "OK you're legit. I'm writing down the time. Don't be idle."
+  │
+  ▼
+  4. ☠️ rejectRevokedTokens
+  │    "Wait... is your session revoked? GET OUT. Cookies deleted. Token dead."
+  │
+  ▼
+  5. 🚫 preventMultipleSessions  (on login only)
+       "Already logged in somewhere else? 409 Conflict. One session only."
+```
+
+### ⏱️ The Auto-Logout Watcher
+
+Running in the background, checking every 5 seconds:
+
+```
+  🔄 Every 5 seconds:
+     │
+     │  🔍 Check each active session in memory
+     │  🕐 Compare last activity timestamp vs. configured timeout
+     │
+     │  😴 Idle too long?
+     │     │
+     │     YES → Add email to revoked set
+     │     │     → Delete session from activity map
+     │     │     → Log it: "Auto-logged out admin X after Y seconds"
+     │     │
+     │     NO  → Carry on, you're fine 👍
+```
+
+### 🖥️ The Frontend Interceptor
+
+On the admin panel side, `window.fetch` is patched to watch for a special header:
+
+```
+  🌐 Admin makes any API call
+       │
+       ▼
+  👀 Check response headers for 'app.admin.tk'
+       │
+       YES → 🚨 FORCED LOGOUT 🚨
+       │     window.stop()
+       │     window.location.reload()
+       │     (Session is over. Go home.)
+       │
+       NO  → ✅ Normal response. Continue working.
+```
+
+---
+
+## 📂 Project Structure
+
+```
+strapi-security-suite/
+📁 admin/src/                    ← Admin panel (React)
+│   📄 index.js                    Plugin entry + fetch interceptor
+│   📄 constants.js                API paths, header names
+│   📄 pluginId.js                 Plugin ID constant
+│   📁 components/
+│   │   📄 Initializer.jsx         Plugin lifecycle init
+│   📁 pages/
+│   │   📄 App.jsx                 Router
+│   │   📄 HomePage.jsx            Settings UI (the pretty one)
+│   📁 translations/
+│       📄 en.json                 i18n strings
+│
+📁 server/src/                   ← Server-side (Node.js)
+│   📄 index.js                    Plugin entry point
+│   📄 register.js                 Middleware registration phase
+│   📄 bootstrap.js                Permissions + settings seeding
+│   📄 destroy.js                  Cleanup on shutdown
+│   📄 constants.js                ⭐ ALL magic values live here
+│   │
+│   📁 controllers/
+│   │   📄 adminSecurityController.js   GET/POST settings (with validation!)
+│   │
+│   📁 services/
+│   │   📄 autoLogoutChecker.js    Background watcher (setInterval)
+│   │
+│   📁 middlewares/
+│   │   📄 seedUserInfos.js        Hydrate session from JWT
+│   │   📄 interceptRenewToken.js  Block renewal for dead sessions
+│   │   📄 trackActivity.js        Record last activity timestamp
+│   │   📄 rejectRevokedTokens.js  Nuke revoked sessions
+│   │   📄 preventMultipleSessions.js  One-session-per-admin gate
+│   │
+│   📁 policies/
+│   │   📄 has-admin-permission.js  Route-level permission check
+│   │
+│   📁 globals/                  ← In-memory state (the "brain")
+│   │   📄 sessionActivityMap.js   Map<"id:email", timestamp>
+│   │   📄 revokedTokenSet.js      Set<email> of revoked sessions
+│   │   📄 loginLocks.js           Set<email> login race-condition guard
+│   │
+│   📁 utils/
+│   │   📄 errors.js               PluginError, ValidationError, AuthorizationError
+│   │   📄 force-expire-admin.js   Issue a 1-second JWT to kill client token
+│   │
+│   📁 content-types/
+│   │   📁 security-settings/
+│   │       📄 schema.json          DB schema (singleType)
+│   │
+│   📁 routes/
+│   │   📄 index.js                Admin-typed routes with policies
+│   │
+│   📁 types/
+│       📄 typedefs.js             JSDoc type definitions
+│
+📄 eslint.config.mjs               ESLint v9 flat config
+📄 .prettierrc                     Prettier config
+📄 package.json                    Scripts, deps, lint-staged
+📁 .husky/
+    📄 pre-commit                  Runs lint-staged before every commit
+```
+
+---
+
+## 🔧 Configuration Schema
+
+All settings live in a **single-type** content-type in the database:
 
 ```json
 {
@@ -64,103 +253,136 @@ Even if Strapi tries to pretend they’re still cute.
 }
 ```
 
-Defined in the content-type:\
-`plugin::strapi-security-suite.security_settings`
+| Field                      | Type      | Default | What It Does                             |
+| -------------------------- | --------- | ------- | ---------------------------------------- |
+| `autoLogoutTime`           | `integer` | `30`    | Minutes of inactivity before auto-logout |
+| `multipleSessionsControl`  | `boolean` | `true`  | Block concurrent sessions for same admin |
+| `passwordExpiryDays`       | `integer` | `30`    | Days before password must be changed     |
+| `nonReusablePassword`      | `boolean` | `true`  | Prevent reuse of previous passwords      |
+| `enablePasswordManagement` | `boolean` | `true`  | Master switch for password features      |
 
 ---
 
-## 🧠 Architecture You’ll Brag About
+## 🧪 API Endpoints
 
-- 🧬 In-memory tracking via `Map()`
-- ⏱️ `startAutoLogoutWatcher()` with 5s intervals
-- 🔄 Frontend fetch interceptor for 440s
-- 🧹 JS logout payload injected server-side to destroy sessions, cookies, and self-respect
+All routes are **admin-typed** (Strapi handles auth automatically):
 
----
+| Method | Path                                    | Auth     | Permission       | Description     |
+| ------ | --------------------------------------- | -------- | ---------------- | --------------- |
+| `GET`  | `/strapi-security-suite/health`         | 🔓 None  | —                | Health check    |
+| `GET`  | `/strapi-security-suite/admin/settings` | 🔒 Admin | `view-configs`   | Read settings   |
+| `POST` | `/strapi-security-suite/admin/settings` | 🔒 Admin | `manage-configs` | Update settings |
+
+### 🔐 Permissions
 
-## ⚙️ Admin Panel UI
+The plugin registers three permission actions:
 
-- 🎛️ Control timeouts, session logic, and password rules
-- 📜 Planned audit logs, charts, and drama
-- 🌌 Future dashboard: all your infra sins visualized
+| Permission                                     | What It Allows           |
+| ---------------------------------------------- | ------------------------ |
+| `plugin::strapi-security-suite.access`         | Access the settings page |
+| `plugin::strapi-security-suite.view-configs`   | Read security settings   |
+| `plugin::strapi-security-suite.manage-configs` | Modify security settings |
 
 ---
 
-## 🔐 Frontend Catch Logic
+## ✅ Engineering Standards Compliance
 
-- Fetch wrapper intercepts `440`
-- Purges local/session storage
-- Sends you crying to `/session-expired`
-- Optionally calls `/admin/logout` for drama
+This plugin follows the **STANDARDS.md** operating protocol:
+
+| Standard                      | Status | Details                                                               |
+| ----------------------------- | ------ | --------------------------------------------------------------------- |
+| 💬 **ES6+ JavaScript**        | ✅     | Arrow functions, destructuring, template literals, native ESM         |
+| 📄 **Full JSDoc**             | ✅     | Every export documented with `@param`, `@returns`, `@module`          |
+| 🔢 **No Magic Values**        | ✅     | All values in `constants.js` (status codes, cookies, headers, timing) |
+| 🚨 **Custom Error Hierarchy** | ✅     | `PluginError` → `ValidationError`, `AuthorizationError`               |
+| 🛡️ **Input Validation**       | ✅     | `saveSettings` validates keys, types, and shape                       |
+| 🔍 **ESLint**                 | ✅     | v9 flat config with jsdoc plugin + Prettier compat                    |
+| 🎨 **Prettier**               | ✅     | Single quotes, 100 print width, trailing commas                       |
+| 🪝 **Husky + lint-staged**    | ✅     | Pre-commit: ESLint fix + Prettier on staged files                     |
+| 🏗️ **Architecture**           | ✅     | Routes → Controllers → Services → Data (proper layering)              |
+| 🔐 **Security-First**         | ✅     | Auth/AuthZ separated, input validated, no secrets in logs             |
 
 ---
 
-## 📦 Installation
+## 🛠️ Development
 
 ```bash
-yarn add strapi-security-suite
-```
-or
-```bash
-npm install strapi-security-suite
-```
+# Install dependencies
+yarn install
 
-### 🔹 `config/plugins.js`
-Add the following entry inside your `config/plugins.js` file:
+# Build the plugin
+yarn build
 
-```javascript
-module.exports = ({ env }) => ({
-  'strapi-security-suite': {
-    enabled: true,
-  },
-});
+# Watch mode (auto-rebuild on changes)
+yarn watch
+
+# Lint everything
+yarn lint
+
+# Lint + auto-fix
+yarn lint:fix
+
+# Check formatting
+yarn format:check
+
+# Auto-format everything
+yarn format
+
+# Verify plugin exports
+yarn verify
 ```
 
 ---
 
-## 🔮 Upcoming
-
-| Feature                         | Status         |
-| ------------------------------- | -------------- |
-| Password Expiry                 | 🛠️ In Dev     |
-| Non-Reusable Passwords          | 🛠️ In Dev     |
-| Admin Activity Logs             | 🔜             |
-| Security Dashboard              | 🔜             |
-| Brute Force Detection           | 🔜             |
-| Real-time Session Visualization | 🔜 (and spicy) |
+## 🔮 Roadmap
+
+| Feature                       | Status            |
+| ----------------------------- | ----------------- |
+| ⏰ Auto-Logout                | ✅ Shipped        |
+| 🚫 Single-Session Enforcement | ✅ Shipped        |
+| 💀 Token Revocation Pipeline  | ✅ Shipped        |
+| ⚙️ Admin Settings UI          | ✅ Shipped        |
+| 🔑 Password Expiry            | 🚧 In Development |
+| 🔄 Non-Reusable Passwords     | 🚧 In Development |
+| 📝 Admin Activity Logs        | 🔜 Planned        |
+| 📊 Security Dashboard         | 🔜 Planned        |
+| 👊 Brute Force Detection      | 🔜 Planned        |
+| 👁️ Real-time Session Viewer   | 🔜 Planned        |
 
 ---
 
-## 💥 Real-World Impact
+## 🗣️ Real Talk
+
+> "We installed this and now our interns can't share logins anymore."
+> — A CTO, probably
 
-> “We installed this and now our interns can’t share logins anymore.”\
-> — CTO, probably
+> "Our admin panel feels like it _judges_ us now. I love it."
+> — That one developer who actually cares
 
-> “Our admin panel feels like it judges us now. I love it.”\
-> — That one developer who cares
+> "I left my desk for coffee and came back logged out. Respect."
+> — Someone who now understands security
 
 ---
 
-## 🧑‍💻 Author
+## 👥 Author
 
-[LPIX-11](mohamed.johnson@orange-sonatel.com)
+**[LPIX-11](mailto:mohamed.johnson@orange-sonatel.com)** — Orange / Sonatel
 
 ---
 
-## 💡 Philosophy
+## ⚖️ License
 
-Security should be:
-
-- Fast
-- Unforgiving
-- Elegant
-- **Mildly judgmental**
+**MIT** — Do whatever you want. Just don't blame us if you turn off all the features and get breached. That's on you.
 
 ---
 
-## ⚠️ Legal Drama
+## 💡 Philosophy
+
+Security should be:
 
-> This plugin is in **Beta**.\
-> You break it, it breaks you back, but we’ll still love you.\
-> Not liable for insecure vibes.
+- **Fast** — In-memory. No database lookups on every request.
+- **Unforgiving** — Idle? Gone. Revoked? Dead. Duplicated? Blocked.
+- **Elegant** — Clean constants, typed errors, layered architecture.
+- **Mildly judgmental** — This plugin _will_ side-eye your stale sessions.
 
+> _"The meta-principle: make the right thing the default thing. Discipline compounds. Shortcuts compound too, just in the wrong direction."_

package/dist/_chunks/App-CfPg1Thn.js

@@ -0,0 +1,162 @@
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+const jsxRuntime = require("react/jsx-runtime");
+const admin = require("@strapi/strapi/admin");
+const reactRouterDom = require("react-router-dom");
+const react = require("react");
+const designSystem = require("@strapi/design-system");
+const index = require("./index-ub4Bl9QF.js");
+const HomePage = () => {
+  const client = admin.useFetchClient();
+  const [config, setConfig] = react.useState({
+    autoLogoutTime: 30,
+    multipleSessionsControl: false,
+    passwordExpiryDays: 365,
+    nonReusablePassword: false,
+    enablePasswordManagement: false
+  });
+  const [success, setSuccess] = react.useState(false);
+  const [error, setError] = react.useState(null);
+  react.useEffect(() => {
+    const fetchConfig = async () => {
+      try {
+        const { data } = await client.get(`${index.API_BASE_PATH}/admin/settings`);
+        if (data?.data) {
+          setConfig(data.data);
+        }
+      } catch {
+        setError("Failed to load settings. Please refresh the page.");
+      }
+    };
+    fetchConfig();
+  }, [client]);
+  const handleChange = (key, value) => {
+    setConfig((prev) => ({ ...prev, [key]: value }));
+  };
+  const saveConfig = async () => {
+    setError(null);
+    try {
+      await client.post(`${index.API_BASE_PATH}/admin/settings`, config);
+      setSuccess(true);
+      setTimeout(() => setSuccess(false), index.SUCCESS_ALERT_DURATION);
+    } catch (err) {
+      setError(err.response?.data?.error?.message ?? "Failed to save settings.");
+    }
+  };
+  return /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Box, { padding: 10, background: "neutral0", shadow: "filterShadow", borderRadius: "12px", children: [
+    /* @__PURE__ */ jsxRuntime.jsx(designSystem.Typography, { variant: "alpha", as: "h1", fontWeight: "bold", children: "Security & Session Settings" }),
+    /* @__PURE__ */ jsxRuntime.jsx(designSystem.Typography, { variant: "epsilon", textColor: "neutral600", paddingTop: 2, paddingBottom: 4, children: "Configure session duration, password policies, and security settings." }),
+    success && /* @__PURE__ */ jsxRuntime.jsx(designSystem.Alert, { title: "Success", variant: "success", marginBottom: 4, children: "Configuration saved successfully!" }),
+    error && /* @__PURE__ */ jsxRuntime.jsx(designSystem.Alert, { title: "Error", variant: "danger", marginBottom: 4, onClose: () => setError(null), children: error }),
+    /* @__PURE__ */ jsxRuntime.jsxs(
+      designSystem.Flex,
+      {
+        alignItems: "flex-start",
+        justifyContent: "space-between",
+        gap: 6,
+        paddingTop: 6,
+        wrap: "wrap",
+        children: [
+          /* @__PURE__ */ jsxRuntime.jsxs(
+            designSystem.Box,
+            {
+              flex: "1",
+              minWidth: "400px",
+              padding: 6,
+              background: "neutral100",
+              borderRadius: "8px",
+              shadow: "tableShadow",
+              children: [
+                /* @__PURE__ */ jsxRuntime.jsx(designSystem.Typography, { variant: "delta", fontWeight: "semiBold", children: "Session Management" }),
+                /* @__PURE__ */ jsxRuntime.jsx(designSystem.Divider, { marginTop: 2, marginBottom: 4 }),
+                /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Flex, { direction: "column", alignItems: "flex-start", gap: 4, children: [
+                  /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Flex, { direction: "row", gap: 4, children: [
+                    /* @__PURE__ */ jsxRuntime.jsx(designSystem.Typography, { variant: "pi", children: "Auto Logout Time (minutes)" }),
+                    /* @__PURE__ */ jsxRuntime.jsx(
+                      designSystem.NumberInput,
+                      {
+                        minValue: 1,
+                        value: config.autoLogoutTime,
+                        onValueChange: (value) => handleChange("autoLogoutTime", value)
+                      }
+                    )
+                  ] }),
+                  /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Flex, { gap: 4, children: [
+                    /* @__PURE__ */ jsxRuntime.jsx(designSystem.Typography, { variant: "pi", children: "Activate multiple sessions control?" }),
+                    /* @__PURE__ */ jsxRuntime.jsx(
+                      designSystem.Switch,
+                      {
+                        checked: config.multipleSessionsControl,
+                        onCheckedChange: () => handleChange("multipleSessionsControl", !config.multipleSessionsControl)
+                      }
+                    )
+                  ] })
+                ] })
+              ]
+            }
+          ),
+          /* @__PURE__ */ jsxRuntime.jsxs(
+            designSystem.Box,
+            {
+              flex: "1",
+              minWidth: "400px",
+              minHeight: "173px",
+              padding: 6,
+              background: "neutral100",
+              borderRadius: "8px",
+              shadow: "tableShadow",
+              children: [
+                /* @__PURE__ */ jsxRuntime.jsx(designSystem.Typography, { variant: "delta", fontWeight: "semiBold", children: "Password Management" }),
+                /* @__PURE__ */ jsxRuntime.jsx(designSystem.Divider, { marginTop: 2, marginBottom: 4 }),
+                /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Flex, { alignItems: "flex-start", direction: "column", gap: 4, children: [
+                  /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Flex, { gap: 4, children: [
+                    /* @__PURE__ */ jsxRuntime.jsx(designSystem.Typography, { variant: "pi", children: "Activate Password Control?" }),
+                    /* @__PURE__ */ jsxRuntime.jsx(
+                      designSystem.Switch,
+                      {
+                        checked: config.enablePasswordManagement,
+                        onCheckedChange: () => handleChange("enablePasswordManagement", !config.enablePasswordManagement)
+                      }
+                    )
+                  ] }),
+                  config.enablePasswordManagement && /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Flex, { alignItems: "flex-start", direction: "column", gap: 5, children: [
+                    /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Flex, { alignItems: "flex-start", direction: "column", gap: 3, children: [
+                      /* @__PURE__ */ jsxRuntime.jsx(designSystem.Typography, { variant: "pi", children: "Password Expiry (days)?" }),
+                      /* @__PURE__ */ jsxRuntime.jsx(
+                        designSystem.NumberInput,
+                        {
+                          minValue: 1,
+                          value: config.passwordExpiryDays,
+                          onValueChange: (value) => handleChange("passwordExpiryDays", value)
+                        }
+                      )
+                    ] }),
+                    /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Flex, { alignItems: "center", gap: 3, children: [
+                      /* @__PURE__ */ jsxRuntime.jsx(designSystem.Typography, { variant: "pi", children: "Activate Non-Reusable Password?" }),
+                      /* @__PURE__ */ jsxRuntime.jsx(
+                        designSystem.Switch,
+                        {
+                          checked: config.nonReusablePassword,
+                          onCheckedChange: () => handleChange("nonReusablePassword", !config.nonReusablePassword)
+                        }
+                      )
+                    ] })
+                  ] })
+                ] })
+              ]
+            }
+          )
+        ]
+      }
+    ),
+    /* @__PURE__ */ jsxRuntime.jsx(designSystem.Flex, { justifyContent: "flex-end", paddingTop: 6, paddingBottom: 2, children: /* @__PURE__ */ jsxRuntime.jsx(designSystem.Button, { onClick: saveConfig, variant: "secondary", size: "L", shadow: "buttonShadow", children: "Save Settings" }) })
+  ] });
+};
+const App = () => {
+  return /* @__PURE__ */ jsxRuntime.jsxs(reactRouterDom.Routes, { children: [
+    /* @__PURE__ */ jsxRuntime.jsx(reactRouterDom.Route, { index: true, element: /* @__PURE__ */ jsxRuntime.jsx(HomePage, {}) }),
+    /* @__PURE__ */ jsxRuntime.jsx(reactRouterDom.Route, { path: "*", element: /* @__PURE__ */ jsxRuntime.jsx(admin.Page.Error, {}) })
+  ] });
+};
+exports.App = App;
+exports.default = App;