From 352c021955798b4f840e2e825d66c06e17ac5870 Mon Sep 17 00:00:00 2001 From: Dean Date: Thu, 7 Apr 2022 12:32:00 +0100 Subject: [PATCH] Refactored the invalidate session functionality. --- .../backend-core/src/security/sessions.js | 43 ++++++++++--------- 1 file changed, 22 insertions(+), 21 deletions(-) diff --git a/packages/backend-core/src/security/sessions.js b/packages/backend-core/src/security/sessions.js index cd0405c0c9..1720eeb820 100644 --- a/packages/backend-core/src/security/sessions.js +++ b/packages/backend-core/src/security/sessions.js @@ -14,25 +14,7 @@ function makeSessionID(userId, sessionId) { return `${userId}/${sessionId}` } -exports.createASession = async (userId, session) => { - // invalidate all other sessions - await this.invalidateSessions(userId) - - const client = await redis.getSessionClient() - const sessionId = session.sessionId - if (!session.csrfToken) { - session.csrfToken = uuidv4() - } - session = { - createdAt: new Date().toISOString(), - lastAccessedAt: new Date().toISOString(), - ...session, - userId, - } - await client.store(makeSessionID(userId, sessionId), session, EXPIRY_SECONDS) -} - -exports.invalidateSessions = async (userId, sessionIds = null) => { +async function invalidateSessions(userId, sessionIds = null) { let sessions = [] // If no sessionIds, get all the sessions for the user @@ -58,6 +40,24 @@ exports.invalidateSessions = async (userId, sessionIds = null) => { await Promise.all(promises) } +exports.createASession = async (userId, session) => { + // invalidate all other sessions + await invalidateSessions(userId) + + const client = await redis.getSessionClient() + const sessionId = session.sessionId + if (!session.csrfToken) { + session.csrfToken = uuidv4() + } + session = { + createdAt: new Date().toISOString(), + lastAccessedAt: new Date().toISOString(), + ...session, + userId, + } + await client.store(makeSessionID(userId, sessionId), session, EXPIRY_SECONDS) +} + exports.updateSessionTTL = async session => { const client = await redis.getSessionClient() const key = makeSessionID(session.userId, session.sessionId) @@ -70,8 +70,6 @@ exports.endSession = async (userId, sessionId) => { await client.delete(makeSessionID(userId, sessionId)) } -exports.getUserSessions = getSessionsForUser - exports.getSession = async (userId, sessionId) => { try { const client = await redis.getSessionClient() @@ -87,3 +85,6 @@ exports.getAllSessions = async () => { const sessions = await client.scan() return sessions.map(session => session.value) } + +exports.getUserSessions = getSessionsForUser +exports.invalidateSessions = invalidateSessions