Package Exports
- strapi-security-suite/package.json
- strapi-security-suite/strapi-admin
- strapi-security-suite/strapi-server
Readme
๐ก๏ธ Strapi Security Suite (Beta)
The Last Plugin Youโll Ever Need to Sleep at Night
A high-performance, in-memory security enhancement plugin for Strapi v5, Session-obsessed. Built for the chaotic genius admin who refuses to get breached by a stale token.
Powered by rage, memory maps, and accountability.
โจ Why This Exists
Because โjust trusting sessionsโ is how breaches happen.
Because the admin panel deserves better.
Because your team deserves a real security layer, not a checkbox.
โ๏ธ Features That Slap
๐ Auto Logout (with taste)
Kick idle admins like itโs office closing time.
- ๐ Tracks every request
- โฒ๏ธ Custom inactivity timeout from DB
- ๐ง Memory-first with
sessionActivityMap - ๐จ Triggers soft or nuclear logout depending on your vibe
- ๐พ Graceful 440s, JS responses, and gentle redirects
๐ท Multi-Session Lock
One admin = one session. No shadow clones allowed.
- ๐ฅ First login wins, others are denied
- ๐งน Cleans old sessions like a digital janitor
๐ง Session Exorcism Layerโข
Revoked tokens get ghosted instantly.
Even if Strapi tries to pretend theyโre still cute.
- ๐ช Middleware blocks
- ๐ชฆ Session cookie wipeout
- ๐ฉ Headers set for frontend rejections
- ๐๏ธ
isLoggedInpurged with prejudice
๐ง Smart Middleware Stack
trackActivity: Updates timestamps on every moverejectRevokedTokens: Blocks dead sessions like a haunted firewallinterceptRenewToken: Stops Strapiโs clingy/renew-tokenrequests from reviving zombies
๐งช Configuration Schema
{
"autoLogoutTime": 30,
"multipleSessionsControl": true,
"passwordExpiryDays": 30,
"nonReusablePassword": true,
"enablePasswordManagement": true
}Defined in the content-type:plugin::strapi-security-suite.security_settings
๐ง Architecture Youโll Brag About
- ๐งฌ In-memory tracking via
Map() - โฑ๏ธ
startAutoLogoutWatcher()with 5s intervals - ๐ Frontend fetch interceptor for 440s
- ๐งน JS logout payload injected server-side to destroy sessions, cookies, and self-respect
โ๏ธ Admin Panel UI
- ๐๏ธ Control timeouts, session logic, and password rules
- ๐ Planned audit logs, charts, and drama
- ๐ Future dashboard: all your infra sins visualized
๐ Frontend Catch Logic
- Fetch wrapper intercepts
440 - Purges local/session storage
- Sends you crying to
/session-expired - Optionally calls
/admin/logoutfor drama
๐ฆ Installation
yarn add strapi-security-suiteor
npm install strapi-security-suite๐น config/plugins.js
Add the following entry inside your config/plugins.js file:
module.exports = ({ env }) => ({
'strapi-security-suite': {
enabled: true,
},
});๐ฎ Upcoming
| Feature | Status |
|---|---|
| Password Expiry | ๐ ๏ธ In Dev |
| Non-Reusable Passwords | ๐ ๏ธ In Dev |
| Admin Activity Logs | ๐ |
| Security Dashboard | ๐ |
| Brute Force Detection | ๐ |
| Real-time Session Visualization | ๐ (and spicy) |
๐ฅ Real-World Impact
โWe installed this and now our interns canโt share logins anymore.โ
โ CTO, probably
โOur admin panel feels like it judges us now. I love it.โ
โ That one developer who cares
๐งโ๐ป Author
๐ก Philosophy
Security should be:
- Fast
- Unforgiving
- Elegant
- Mildly judgmental
โ ๏ธ Legal Drama
This plugin is in Beta.
You break it, it breaks you back, but weโll still love you.
Not liable for insecure vibes.