strapi-security-suite

v0.2.4

Published

6 months ago

All-in-one authentication and session security plugin for Strapi v5

0High
0Medium
0Low

mohamedjohnson

strapi plugin security session management password admin v5

🛡️ Strapi Security Suite (Beta)

The Last Plugin You’ll Ever Need to Sleep at Night

A high-performance, in-memory security enhancement plugin for Strapi v5, Session-obsessed. Built for the chaotic genius admin who refuses to get breached by a stale token.
Powered by rage, memory maps, and accountability.

✨ Why This Exists

Because “just trusting sessions” is how breaches happen.
Because the admin panel deserves better.
Because your team deserves a real security layer, not a checkbox.

⚔️ Features That Slap

🔒 Auto Logout (with taste)

Kick idle admins like it’s office closing time.

🔍 Tracks every request
⏲️ Custom inactivity timeout from DB
🧠 Memory-first with sessionActivityMap
💨 Triggers soft or nuclear logout depending on your vibe
💾 Graceful 440s, JS responses, and gentle redirects

🚷 Multi-Session Lock

One admin = one session. No shadow clones allowed.

💥 First login wins, others are denied
🧹 Cleans old sessions like a digital janitor

🧄 Session Exorcism Layer™

Revoked tokens get ghosted instantly.
Even if Strapi tries to pretend they’re still cute.

🔪 Middleware blocks
🪦 Session cookie wipeout
📩 Headers set for frontend rejections
🗑️ isLoggedIn purged with prejudice

🧠 Smart Middleware Stack

trackActivity: Updates timestamps on every move
rejectRevokedTokens: Blocks dead sessions like a haunted firewall
interceptRenewToken: Stops Strapi’s clingy /renew-token requests from reviving zombies

🧪 Configuration Schema

{
  "autoLogoutTime": 30,
  "multipleSessionsControl": true,
  "passwordExpiryDays": 30,
  "nonReusablePassword": true,
  "enablePasswordManagement": true
}

Defined in the content-type:
plugin::strapi-security-suite.security_settings

🧠 Architecture You’ll Brag About

🧬 In-memory tracking via Map()
⏱️ startAutoLogoutWatcher() with 5s intervals
🔄 Frontend fetch interceptor for 440s
🧹 JS logout payload injected server-side to destroy sessions, cookies, and self-respect

⚙️ Admin Panel UI

🎛️ Control timeouts, session logic, and password rules
📜 Planned audit logs, charts, and drama
🌌 Future dashboard: all your infra sins visualized

🔐 Frontend Catch Logic

Fetch wrapper intercepts 440
Purges local/session storage
Sends you crying to /session-expired
Optionally calls /admin/logout for drama

📦 Installation

yarn add strapi-security-suite

npm install strapi-security-suite

🔹 `config/plugins.js`

Add the following entry inside your config/plugins.js file:

module.exports = ({ env }) => ({
  'strapi-security-suite': {
    enabled: true,
  },
});

🔮 Upcoming

| Feature | Status | | ------------------------------- | -------------- | | Password Expiry | 🛠️ In Dev | | Non-Reusable Passwords | 🛠️ In Dev | | Admin Activity Logs | 🔜 | | Security Dashboard | 🔜 | | Brute Force Detection | 🔜 | | Real-time Session Visualization | 🔜 (and spicy) |

💥 Real-World Impact

“We installed this and now our interns can’t share logins anymore.”
— CTO, probably

“Our admin panel feels like it judges us now. I love it.”
— That one developer who cares

🧑‍💻 Author

LPIX-11

💡 Philosophy

Security should be:

Fast
Unforgiving
Elegant
Mildly judgmental

⚠️ Legal Drama

This plugin is in Beta.
You break it, it breaks you back, but we’ll still love you.
Not liable for insecure vibes.