diff --git a/src/core/session.rs b/src/core/session.rs index 9458469..fc40e21 100644 --- a/src/core/session.rs +++ b/src/core/session.rs @@ -1,7 +1,5 @@ use crate::{ - errors::{Error, Result}, - traits::{decryption::Decrypt, encryption::Encrypt}, - utils::{encryption_utils::Encryption, session_utils::{IDToken, RefreshToken}}, + errors::{Error, Result}, models::session_model::SessionResponse, traits::{decryption::Decrypt, encryption::Encrypt}, utils::{encryption_utils::Encryption, session_utils::{IDToken, RefreshToken}} }; use bson::{doc, DateTime}; use futures::StreamExt; @@ -17,7 +15,7 @@ pub struct Session { pub id_token: String, pub refresh_token: String, pub user_agent: String, - pub is_active: bool, + pub is_revoked: bool, pub created_at: DateTime, pub updated_at: DateTime, } @@ -40,7 +38,7 @@ impl Session { id_token, refresh_token, user_agent: user_agent.to_string(), - is_active: true, + is_revoked: false, created_at: DateTime::now(), updated_at: DateTime::now(), } @@ -81,12 +79,12 @@ impl Session { .count_documents(doc! { "uid": encrypted_id, "id_token": encrypted_id_token, - "is_active": true, + "is_revoked": false, }, None) .await { Ok(count) => { - if count > 0 { + if count == 1 { Ok(()) } else { Err(Error::SessionExpired { @@ -111,7 +109,7 @@ impl Session { token_data } - pub async fn get_all_from_uid(mongo_client: &Client, uid: &str) -> Result> { + pub async fn get_all_from_uid(mongo_client: &Client, uid: &str) -> Result> { let db = mongo_client.database("test"); let collection_session: Collection = db.collection("sessions"); @@ -126,24 +124,39 @@ impl Session { .find( doc! { "uid": encrypted_uid, - "is_active": true, + "is_revoked": false, }, None, ) .await .unwrap(); - let mut sessions: Vec = Vec::new(); + let mut sessions_res: Vec = Vec::new(); while let Some(session) = cursor.next().await { match session { Ok(data) => { let decrypted_session = data.decrypt(&dek_data.dek); - sessions.push(decrypted_session); + match IDToken::verify(&decrypted_session.id_token) { + Ok(token) => { + println!("{:?}", token); + sessions_res.push( + SessionResponse { + uid: decrypted_session.uid, + email: decrypted_session.email, + user_agent: decrypted_session.user_agent, + is_revoked: decrypted_session.is_revoked, + created_at: decrypted_session.created_at, + updated_at: decrypted_session.updated_at, + } + ); + } + Err(_) => continue, + } } Err(e) => return Err(Error::ServerError { message: e.to_string() }), } } - Ok(sessions) + Ok(sessions_res) } pub async fn revoke_all(mongo_client: &Client, uid: &str) -> Result<()> { @@ -153,7 +166,7 @@ impl Session { match collection_session .update_many( doc! {"uid": uid}, - doc! {"$set": {"is_active": false}}, + doc! {"$set": {"is_revoked": true}}, None, ) .await @@ -176,7 +189,7 @@ impl Session { match collection_session .update_one( doc! {"id_token": id_token, "refresh_token": refresh_token }, - doc! {"$set": {"is_active": false}}, + doc! {"$set": {"is_revoked": true}}, None, ) .await diff --git a/src/handlers/session_handler.rs b/src/handlers/session_handler.rs index 3bf8560..1742e9d 100644 --- a/src/handlers/session_handler.rs +++ b/src/handlers/session_handler.rs @@ -1,12 +1,12 @@ use axum::{extract::State, Json}; use axum_macros::debug_handler; -use crate::{core::session::Session, errors::{Error, Result}, models::{session_model::VerifyJwt, user_model::UserIdPayload}, utils::session_utils::IDToken, AppState}; +use crate::{core::session::Session, errors::{Error, Result}, models::{session_model::{SessionResponse, VerifySession}, user_model::UserIdPayload}, utils::session_utils::IDToken, AppState}; #[debug_handler] pub async fn verify_session( State(state): State, - payload: Json, + payload: Json, ) -> Result> { // check if the token is not empty if payload.token.is_empty() { @@ -27,7 +27,7 @@ pub async fn verify_session( pub async fn get_all_from_uid( State(state): State, payload: Json, -) -> Result>> { +) -> Result>> { // check if the token is not empty if payload.uid.is_empty() { return Err(Error::InvalidPayload { message: "Invalid payload passed".to_string() }); @@ -39,6 +39,5 @@ pub async fn get_all_from_uid( return Ok(Json(data)); } Err(e) => return Err(e), - }; } \ No newline at end of file diff --git a/src/models/session_model.rs b/src/models/session_model.rs index 6dda6ef..fc25e5f 100644 --- a/src/models/session_model.rs +++ b/src/models/session_model.rs @@ -1,6 +1,17 @@ +use bson::DateTime; use serde::{Deserialize, Serialize}; #[derive(Deserialize, Debug, Clone, Serialize)] -pub struct VerifyJwt { +pub struct VerifySession { pub token: String, +} + +#[derive(Deserialize, Debug, Clone, Serialize)] +pub struct SessionResponse { + pub uid : String, + pub email : String, + pub user_agent : String, + pub is_revoked : bool, + pub created_at : DateTime, + pub updated_at : DateTime, } \ No newline at end of file diff --git a/src/utils/auth_utils.rs b/src/utils/auth_utils.rs index 814a64e..749076d 100644 --- a/src/utils/auth_utils.rs +++ b/src/utils/auth_utils.rs @@ -7,9 +7,7 @@ use crate::{ core::{dek::Dek, session::Session, user::User}, errors::{Error, Result}, models::auth_model::{SignInPayload, SignUpPayload}, - utils::{ - hashing_utils::verify_password_hash, session_utils::IDToken, - }, + utils::hashing_utils::verify_password_hash, }; pub async fn sign_up(mongo_client: &Client, payload: Json) -> Result> { diff --git a/src/utils/session_utils.rs b/src/utils/session_utils.rs index 2018f7b..ce83c47 100644 --- a/src/utils/session_utils.rs +++ b/src/utils/session_utils.rs @@ -54,7 +54,7 @@ impl IDToken { uid: user.uid.to_string(), iss: server_url, iat: chrono::Utc::now().timestamp() as usize, - exp: chrono::Utc::now().timestamp() as usize + (3600 * 12), // 12h + exp: chrono::Utc::now().timestamp() as usize + 3600, // 1h token_type: "id".to_string(), data : Some( [