Feature / Refactor to session based auth in backend #9
|
@ -1,7 +1,8 @@
|
|||
import { Injectable } from '@nestjs/common';
|
||||
import { InjectRepository } from '@nestjs/typeorm';
|
||||
import { Response } from 'express';
|
||||
import { Session } from 'src/entities';
|
||||
import { Repository } from 'typeorm';
|
||||
import { LessThan, Repository } from 'typeorm';
|
||||
import { v4 as uuidv4 } from 'uuid';
|
||||
|
||||
@Injectable()
|
||||
|
@ -30,6 +31,21 @@ export class SessionRepository {
|
|||
return session;
|
||||
}
|
||||
|
||||
public async findSessionBySessionId(sessionId: string): Promise<Session> {
|
||||
return await this.sessionRepository.findOne({
|
||||
where: { sessionId: sessionId },
|
||||
relations: ['userCredentials'],
|
||||
});
|
||||
}
|
||||
|
||||
public attachSessionToResponse(response: Response, sessionId: string): void {
|
||||
response.cookie('session_id', sessionId, {
|
||||
httpOnly: true,
|
||||
secure: true,
|
||||
sameSite: 'strict',
|
||||
});
|
||||
}
|
||||
|
||||
public async validateSessionUserAgent(
|
||||
sessionId: string,
|
||||
currentUserAgent: string
|
||||
|
@ -45,4 +61,41 @@ export class SessionRepository {
|
|||
|
||||
return session.userAgent === currentUserAgent;
|
||||
}
|
||||
|
||||
public async checkSessionLimit(userId: string): Promise<void> {
|
||||
const userSessions = await this.sessionRepository
|
||||
.createQueryBuilder('session')
|
||||
.leftJoinAndSelect('session.userCredentials', 'userCredentials')
|
||||
.where('userCredentials.id = :userId', { userId })
|
||||
.orderBy('session.expiresAt', 'ASC')
|
||||
.getMany();
|
||||
|
||||
if (userSessions.length >= 5) {
|
||||
await this.sessionRepository.delete(userSessions[0].id);
|
||||
}
|
||||
}
|
||||
|
||||
public async invalidateAllSessionsForUser(userId: string): Promise<void> {
|
||||
await this.sessionRepository.delete({ userCredentials: userId });
|
||||
}
|
||||
|
||||
public async extendSessionExpiration(sessionId: string): Promise<void> {
|
||||
const session = await this.sessionRepository.findOne({
|
||||
where: { sessionId },
|
||||
});
|
||||
|
||||
if (session) {
|
||||
session.expiresAt = new Date(
|
||||
session.expiresAt.setMinutes(session.expiresAt.getMinutes() + 30)
|
||||
);
|
||||
await this.sessionRepository.save(session);
|
||||
}
|
||||
}
|
||||
|
||||
// TODO Add cron job to clear expired sessions
|
||||
public async clearExpiredSessions(): Promise<void> {
|
||||
const now = new Date();
|
||||
|
||||
await this.sessionRepository.delete({ expiresAt: LessThan(now) });
|
||||
}
|
||||
}
|
||||
|
|
|
@ -88,7 +88,7 @@ export class AuthService {
|
|||
|
||||
this.sessionService.attachSessionToResponse(response, sesseionId.sessionId);
|
||||
|
||||
return this.generateAndPersistTokens(user.id, user.email);
|
||||
return this.generateAndPersistTokens(user.id, user.email, true);
|
||||
}
|
||||
|
||||
public async logout(userId: string): Promise<boolean> {
|
||||
|
|
|
@ -2,7 +2,6 @@ import { Injectable } from '@nestjs/common';
|
|||
import { InjectRepository } from '@nestjs/typeorm';
|
||||
import { Response } from 'express';
|
||||
import { Session } from 'src/entities';
|
||||
import { LessThan, Repository } from 'typeorm';
|
||||
|
||||
import { SessionRepository } from '../repositories/session.repository';
|
||||
|
||||
|
@ -10,76 +9,47 @@ import { SessionRepository } from '../repositories/session.repository';
|
|||
export class SessionService {
|
||||
public constructor(
|
||||
@InjectRepository(Session)
|
||||
private sessionRepository: Repository<Session>,
|
||||
private readonly sessionRepository2: SessionRepository
|
||||
private readonly sessionRepository: SessionRepository
|
||||
) {}
|
||||
|
||||
public async createSession(
|
||||
userId: string,
|
||||
userAgent: string
|
||||
): Promise<Session> {
|
||||
return this.sessionRepository2.createSession(userId, userAgent);
|
||||
return await this.sessionRepository.createSession(userId, userAgent);
|
||||
}
|
||||
|
||||
public async validateSessionUserAgent(
|
||||
sessionId: string,
|
||||
currentUserAgent: string
|
||||
): Promise<boolean> {
|
||||
return this.sessionRepository2.validateSessionUserAgent(
|
||||
return await this.sessionRepository.validateSessionUserAgent(
|
||||
sessionId,
|
||||
currentUserAgent
|
||||
);
|
||||
}
|
||||
|
||||
public async checkSessionLimit(userId: string): Promise<void> {
|
||||
const userSessions = await this.sessionRepository
|
||||
.createQueryBuilder('session')
|
||||
.leftJoinAndSelect('session.userCredentials', 'userCredentials')
|
||||
.where('userCredentials.id = :userId', { userId })
|
||||
.orderBy('session.expiresAt', 'ASC')
|
||||
.getMany();
|
||||
|
||||
if (userSessions.length >= 5) {
|
||||
await this.sessionRepository.delete(userSessions[0].id);
|
||||
}
|
||||
await this.sessionRepository.checkSessionLimit(userId);
|
||||
}
|
||||
|
||||
public async invalidateAllSessionsForUser(userId: string): Promise<void> {
|
||||
await this.sessionRepository.delete({ userCredentials: userId });
|
||||
await this.sessionRepository.invalidateAllSessionsForUser(userId);
|
||||
}
|
||||
|
||||
// TODO Add cron job to clear expired sessions
|
||||
public async clearExpiredSessions(): Promise<void> {
|
||||
const now = new Date();
|
||||
|
||||
await this.sessionRepository.delete({ expiresAt: LessThan(now) });
|
||||
await this.sessionRepository.clearExpiredSessions();
|
||||
}
|
||||
|
||||
public async extendSessionExpiration(sessionId: string): Promise<void> {
|
||||
const session = await this.sessionRepository.findOne({
|
||||
where: { sessionId },
|
||||
});
|
||||
|
||||
if (session) {
|
||||
session.expiresAt = new Date(
|
||||
session.expiresAt.setMinutes(session.expiresAt.getMinutes() + 30)
|
||||
);
|
||||
await this.sessionRepository.save(session);
|
||||
}
|
||||
await this.sessionRepository.extendSessionExpiration(sessionId);
|
||||
}
|
||||
|
||||
public async findSessionBySessionId(sessionId: string): Promise<Session> {
|
||||
return this.sessionRepository.findOne({
|
||||
where: { sessionId: sessionId },
|
||||
relations: ['userCredentials'],
|
||||
});
|
||||
return await this.sessionRepository.findSessionBySessionId(sessionId);
|
||||
}
|
||||
|
||||
public attachSessionToResponse(response: Response, sessionId: string): void {
|
||||
response.cookie('session_id', sessionId, {
|
||||
httpOnly: true,
|
||||
secure: true,
|
||||
sameSite: 'strict',
|
||||
});
|
||||
this.sessionRepository.attachSessionToResponse(response, sessionId);
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue