diff --git a/app/controllers/api/account.php b/app/controllers/api/account.php index 45fb03062..af5c8e4f5 100644 --- a/app/controllers/api/account.php +++ b/app/controllers/api/account.php @@ -140,7 +140,7 @@ App::post('/v1/account') App::post('/v1/account/sessions/email') ->alias('/v1/account/sessions') ->desc('Create Email Session') - ->groups(['api', 'account', 'auth']) + ->groups(['api', 'account', 'auth', 'session']) ->label('event', 'users.[userId].sessions.[sessionId].create') ->label('scope', 'public') ->label('auth.type', 'emailPassword') @@ -365,7 +365,7 @@ App::post('/v1/account/sessions/oauth2/callback/:provider/:projectId') App::get('/v1/account/sessions/oauth2/:provider/redirect') ->desc('OAuth2 Redirect') - ->groups(['api', 'account']) + ->groups(['api', 'account', 'session']) ->label('error', __DIR__ . '/../../views/general/error.phtml') ->label('event', 'users.[userId].sessions.[sessionId].create') ->label('scope', 'public') @@ -739,7 +739,7 @@ App::post('/v1/account/sessions/magic-url') App::put('/v1/account/sessions/magic-url') ->desc('Create Magic URL session (confirmation)') - ->groups(['api', 'account']) + ->groups(['api', 'account', 'session']) ->label('scope', 'public') ->label('event', 'users.[userId].sessions.[sessionId].create') ->label('audits.event', 'session.update') @@ -981,7 +981,7 @@ App::post('/v1/account/sessions/phone') App::put('/v1/account/sessions/phone') ->desc('Create Phone Session (confirmation)') - ->groups(['api', 'account']) + ->groups(['api', 'account', 'session']) ->label('scope', 'public') ->label('event', 'users.[userId].sessions.[sessionId].create') ->label('usage.metric', 'sessions.{scope}.requests.create') @@ -1096,7 +1096,7 @@ App::put('/v1/account/sessions/phone') App::post('/v1/account/sessions/anonymous') ->desc('Create Anonymous Session') - ->groups(['api', 'account', 'auth']) + ->groups(['api', 'account', 'auth', 'session']) ->label('event', 'users.[userId].sessions.[sessionId].create') ->label('scope', 'public') ->label('auth.type', 'anonymous') diff --git a/app/controllers/shared/api.php b/app/controllers/shared/api.php index 0f156f9dd..dddf8cd8f 100644 --- a/app/controllers/shared/api.php +++ b/app/controllers/shared/api.php @@ -319,40 +319,36 @@ App::init() }); App::shutdown() - ->groups(['auth']) + ->groups(['session']) ->inject('utopia') ->inject('request') ->inject('response') ->inject('project') ->inject('dbForProject') ->action(function (App $utopia, Request $request, Response $response, Document $project, Database $dbForProject) { - $route = $utopia->match($request); - $event = $route->getLabel('event', ''); - if ($event === 'users.[userId].sessions.[sessionId].create' && $project->getId() != 'console') { - $sessionLimit = $project->getAttribute('auths', [])['maxSessions'] ?? APP_LIMIT_USER_SESSIONS; - $session = $response->getPayload(); - $userId = $session['userId'] ?? ''; - if (empty($userId)) { - return; - } - - $user = $dbForProject->getDocument('users', $userId); - if ($user->isEmpty()) { - return; - } - - $sessions = $user->getAttribute('sessions', []); - $count = \count($sessions); - if ($count <= $sessionLimit) { - return; - } - - for ($i = 0; $i < ($count - $sessionLimit); $i++) { - $session = array_shift($sessions); - $dbForProject->deleteDocument('sessions', $session->getId()); - } - $dbForProject->deleteCachedDocument('users', $userId); + $sessionLimit = $project->getAttribute('auths', [])['maxSessions'] ?? APP_LIMIT_USER_SESSIONS; + $session = $response->getPayload(); + $userId = $session['userId'] ?? ''; + if (empty($userId)) { + return; } + + $user = $dbForProject->getDocument('users', $userId); + if ($user->isEmpty()) { + return; + } + + $sessions = $user->getAttribute('sessions', []); + $count = \count($sessions); + if ($count <= $sessionLimit) { + return; + } + + for ($i = 0; $i < ($count - $sessionLimit); $i++) { + $session = array_shift($sessions); + $dbForProject->deleteDocument('sessions', $session->getId()); + } + $dbForProject->deleteCachedDocument('users', $userId); }); App::shutdown()