Rajdip019 · Rajdip019 · May 3, 2024 · May 3, 2024
diff --git a/src/core/session.rs b/src/core/session.rs
@@ -1,7 +1,5 @@
 use crate::{
-    errors::{Error, Result},
-    traits::{decryption::Decrypt, encryption::Encrypt},
-    utils::{encryption_utils::Encryption, session_utils::{IDToken, RefreshToken}},
+    errors::{Error, Result}, models::session_model::SessionResponse, traits::{decryption::Decrypt, encryption::Encrypt}, utils::{encryption_utils::Encryption, session_utils::{IDToken, RefreshToken}}
 };
 use bson::{doc, DateTime};
 use futures::StreamExt;
@@ -17,7 +15,7 @@ pub struct Session {
     pub id_token: String,
     pub refresh_token: String,
     pub user_agent: String,
-    pub is_active: bool,
+    pub is_revoked: bool,
     pub created_at: DateTime,
     pub updated_at: DateTime,
 }
@@ -40,7 +38,7 @@ impl Session {
             id_token,
             refresh_token,
             user_agent: user_agent.to_string(),
-            is_active: true,
+            is_revoked: false,
             created_at: DateTime::now(),
             updated_at: DateTime::now(),
         }
@@ -81,12 +79,12 @@ impl Session {
                     .count_documents(doc! {
                         "uid": encrypted_id,
                         "id_token": encrypted_id_token,
-                        "is_active": true,
+                        "is_revoked": false,
                     }, None)
                     .await
                 {
                     Ok(count) => {
-                        if count > 0 {
+                        if count == 1 {
                             Ok(())
                         } else {
                             Err(Error::SessionExpired {
@@ -111,7 +109,7 @@ impl Session {
         token_data
     }
 
-    pub async fn get_all_from_uid(mongo_client: &Client, uid: &str) -> Result<Vec<Session>> {
+    pub async fn get_all_from_uid(mongo_client: &Client, uid: &str) -> Result<Vec<SessionResponse>> {
         let db = mongo_client.database("test");
         let collection_session: Collection<Session> = db.collection("sessions");
 
@@ -126,24 +124,39 @@ impl Session {
             .find(
                 doc! {
                     "uid": encrypted_uid,
-                    "is_active": true,
+                    "is_revoked": false,
                 },
                 None,
             )
             .await
             .unwrap();
 
-        let mut sessions: Vec<Session> = Vec::new();
+        let mut sessions_res: Vec<SessionResponse> = Vec::new();
         while let Some(session) = cursor.next().await {
             match session {
                 Ok(data) => {
                     let decrypted_session = data.decrypt(&dek_data.dek);
-                    sessions.push(decrypted_session);
+                    match IDToken::verify(&decrypted_session.id_token) {
+                        Ok(token) => {
+                            println!("{:?}", token);
+                            sessions_res.push(
+                                SessionResponse {
+                                    uid: decrypted_session.uid,
+                                    email: decrypted_session.email,
+                                    user_agent: decrypted_session.user_agent,
+                                    is_revoked: decrypted_session.is_revoked,
+                                    created_at: decrypted_session.created_at,
+                                    updated_at: decrypted_session.updated_at,
+                                }
+                            );
+                        }
+                        Err(_) => continue,
+                    }
                 }
                 Err(e) => return Err(Error::ServerError { message: e.to_string() }),
             }
         }
-        Ok(sessions)
+        Ok(sessions_res)
     }
 
     pub async fn revoke_all(mongo_client: &Client, uid: &str) -> Result<()> {
@@ -153,7 +166,7 @@ impl Session {
         match collection_session
             .update_many(
                 doc! {"uid": uid},
-                doc! {"$set": {"is_active": false}},
+                doc! {"$set": {"is_revoked": true}},
                 None,
             )
             .await
@@ -176,7 +189,7 @@ impl Session {
         match collection_session
             .update_one(
                 doc! {"id_token": id_token, "refresh_token": refresh_token },
-                doc! {"$set": {"is_active": false}},
+                doc! {"$set": {"is_revoked": true}},
                 None,
             )
             .await

diff --git a/src/handlers/session_handler.rs b/src/handlers/session_handler.rs
@@ -1,12 +1,12 @@
 use axum::{extract::State, Json};
 use axum_macros::debug_handler;
 
-use crate::{core::session::Session, errors::{Error, Result}, models::{session_model::VerifyJwt, user_model::UserIdPayload}, utils::session_utils::IDToken, AppState};
+use crate::{core::session::Session, errors::{Error, Result}, models::{session_model::{SessionResponse, VerifySession}, user_model::UserIdPayload}, utils::session_utils::IDToken, AppState};
 
 #[debug_handler]
 pub async fn verify_session(
     State(state): State<AppState>,
-    payload: Json<VerifyJwt>,
+    payload: Json<VerifySession>,
 ) -> Result<Json<IDToken>> {
     // check if the token is not empty
     if payload.token.is_empty() {
@@ -27,7 +27,7 @@ pub async fn verify_session(
 pub async fn get_all_from_uid(
     State(state): State<AppState>,
     payload: Json<UserIdPayload>,
-) -> Result<Json<Vec<Session>>> {
+) -> Result<Json<Vec<SessionResponse>>> {
     // check if the token is not empty
     if payload.uid.is_empty() {
         return Err(Error::InvalidPayload { message: "Invalid payload passed".to_string() });
@@ -39,6 +39,5 @@ pub async fn get_all_from_uid(
             return Ok(Json(data));
         }
         Err(e) => return Err(e),
-
     };
 }
diff --git a/src/models/session_model.rs b/src/models/session_model.rs
@@ -1,6 +1,17 @@
+use bson::DateTime;
 use serde::{Deserialize, Serialize};
 
 #[derive(Deserialize, Debug, Clone, Serialize)]
-pub struct VerifyJwt {
+pub struct VerifySession {
     pub token: String,
+}
+
+#[derive(Deserialize, Debug, Clone, Serialize)]
+pub struct SessionResponse {
+    pub uid : String,
+    pub email : String,
+    pub user_agent : String,
+    pub is_revoked : bool,
+    pub created_at : DateTime,
+    pub updated_at : DateTime,
 }
diff --git a/src/utils/auth_utils.rs b/src/utils/auth_utils.rs
@@ -7,9 +7,7 @@ use crate::{
     core::{dek::Dek, session::Session, user::User},
     errors::{Error, Result},
     models::auth_model::{SignInPayload, SignUpPayload},
-    utils::{ 
-        hashing_utils::verify_password_hash, session_utils::IDToken,
-    },
+    utils::hashing_utils::verify_password_hash,
 };
 
 pub async fn sign_up(mongo_client: &Client, payload: Json<SignUpPayload>) -> Result<Json<Value>> {

diff --git a/src/utils/session_utils.rs b/src/utils/session_utils.rs
@@ -54,7 +54,7 @@ impl IDToken {
             uid: user.uid.to_string(),
             iss: server_url,
             iat: chrono::Utc::now().timestamp() as usize,
-            exp: chrono::Utc::now().timestamp() as usize + (3600 * 12), // 12h
+            exp: chrono::Utc::now().timestamp() as usize + 3600, // 1h
             token_type: "id".to_string(),
             data : Some(
                 [