107 lines
2.9 KiB
Go
107 lines
2.9 KiB
Go
package api
|
|
|
|
import (
|
|
"encoding/json"
|
|
"fmt"
|
|
"net/http"
|
|
"net/url"
|
|
|
|
"carcontrol/api/internal/auth"
|
|
"carcontrol/api/internal/models"
|
|
)
|
|
|
|
// handleListSessions lists the current user's active (non-revoked) logins,
|
|
// flagging which one is the request being made right now.
|
|
func (s *Server) handleListSessions(w http.ResponseWriter, r *http.Request) {
|
|
claims, ok := r.Context().Value(claimsKey).(*auth.Claims)
|
|
if !ok {
|
|
writeError(w, http.StatusUnauthorized, "not authenticated")
|
|
return
|
|
}
|
|
|
|
res, err := s.pb.List(r.Context(), colSessions, url.Values{
|
|
"filter": {fmt.Sprintf("user='%s' && revoked=false", claims.Sub)},
|
|
"sort": {"-created"},
|
|
"perPage": {"50"},
|
|
})
|
|
if err != nil {
|
|
writePBError(w, err)
|
|
return
|
|
}
|
|
var recs []sessionRecord
|
|
if err := json.Unmarshal(res.Items, &recs); err != nil {
|
|
writeError(w, http.StatusInternalServerError, err.Error())
|
|
return
|
|
}
|
|
|
|
out := make([]models.Session, 0, len(recs))
|
|
for _, rec := range recs {
|
|
out = append(out, models.Session{
|
|
ID: rec.ID,
|
|
DeviceLabel: rec.DeviceLabel,
|
|
IP: rec.IP,
|
|
Current: rec.Jti == claims.Jti,
|
|
Created: parsePBDate(rec.Created),
|
|
ExpiresAt: parsePBDate(rec.ExpiresAt),
|
|
})
|
|
}
|
|
writeJSON(w, http.StatusOK, out)
|
|
}
|
|
|
|
// handleRevokeSession logs out one specific device (including possibly the
|
|
// current one, same as an ordinary logout).
|
|
func (s *Server) handleRevokeSession(w http.ResponseWriter, r *http.Request) {
|
|
claims, ok := r.Context().Value(claimsKey).(*auth.Claims)
|
|
if !ok {
|
|
writeError(w, http.StatusUnauthorized, "not authenticated")
|
|
return
|
|
}
|
|
|
|
id := r.PathValue("id")
|
|
var rec sessionRecord
|
|
if err := s.pb.GetOne(r.Context(), colSessions, id, &rec); err != nil {
|
|
writePBError(w, err)
|
|
return
|
|
}
|
|
if rec.User != claims.Sub {
|
|
writeError(w, http.StatusNotFound, "session not found")
|
|
return
|
|
}
|
|
if err := s.pb.Update(r.Context(), colSessions, id, map[string]any{"revoked": true}, nil); err != nil {
|
|
writePBError(w, err)
|
|
return
|
|
}
|
|
w.WriteHeader(http.StatusNoContent)
|
|
}
|
|
|
|
// handleRevokeOtherSessions logs out every device except the one making this
|
|
// request ("log out everywhere else").
|
|
func (s *Server) handleRevokeOtherSessions(w http.ResponseWriter, r *http.Request) {
|
|
claims, ok := r.Context().Value(claimsKey).(*auth.Claims)
|
|
if !ok {
|
|
writeError(w, http.StatusUnauthorized, "not authenticated")
|
|
return
|
|
}
|
|
|
|
res, err := s.pb.List(r.Context(), colSessions, url.Values{
|
|
"filter": {fmt.Sprintf("user='%s' && revoked=false && jti!='%s'", claims.Sub, claims.Jti)},
|
|
"perPage": {"200"},
|
|
})
|
|
if err != nil {
|
|
writePBError(w, err)
|
|
return
|
|
}
|
|
var recs []sessionRecord
|
|
if err := json.Unmarshal(res.Items, &recs); err != nil {
|
|
writeError(w, http.StatusInternalServerError, err.Error())
|
|
return
|
|
}
|
|
for _, rec := range recs {
|
|
if err := s.pb.Update(r.Context(), colSessions, rec.ID, map[string]any{"revoked": true}, nil); err != nil {
|
|
writePBError(w, err)
|
|
return
|
|
}
|
|
}
|
|
writeJSON(w, http.StatusOK, map[string]int{"revoked": len(recs)})
|
|
}
|