Feat/multiple session (#64)

* fix: disable windows build

* feat: add ability to handle multiple sessions

server/resolvers/adminUpdateUser.go

@@ -60,7 +60,7 @@ func AdminUpdateUser(ctx context.Context, params model.AdminUpdateUserInput) (*m
 			return res, fmt.Errorf("user with this email address already exists")
 		}
 
-		session.DeleteToken(fmt.Sprintf("%v", user.ID))
+		session.DeleteUserSession(fmt.Sprintf("%v", user.ID))
 		utils.DeleteCookie(gc)
 
 		user.Email = newEmail
@@ -100,7 +100,7 @@ func AdminUpdateUser(ctx context.Context, params model.AdminUpdateUserInput) (*m
 			rolesToSave = strings.Join(inputRoles, ",")
 		}
 
-		session.DeleteToken(fmt.Sprintf("%v", user.ID))
+		session.DeleteUserSession(fmt.Sprintf("%v", user.ID))
 		utils.DeleteCookie(gc)
 	}
 

server/resolvers/deleteUser.go

@@ -27,7 +27,7 @@ func DeleteUser(ctx context.Context, params model.DeleteUserInput) (*model.Respo
 		return res, err
 	}
 
-	session.DeleteToken(fmt.Sprintf("%x", user.ID))
+	session.DeleteUserSession(fmt.Sprintf("%x", user.ID))
 
 	err = db.Mgr.DeleteUser(params.Email)
 	if err != nil {

server/resolvers/login.go

@@ -60,7 +60,16 @@ func Login(ctx context.Context, params model.LoginInput) (*model.AuthResponse, e
 
 	accessToken, expiresAt, _ := utils.CreateAuthToken(user, enum.AccessToken, roles)
 
-	session.SetToken(userIdStr, refreshToken)
+	session.SetToken(userIdStr, accessToken, refreshToken)
+	go func() {
+		sessionData := db.Session{
+			UserID:    user.ID,
+			UserAgent: utils.GetUserAgent(gc.Request),
+			IP:        utils.GetIP(gc.Request),
+		}
+
+		db.Mgr.SaveSession(sessionData)
+	}()
 
 	res = &model.AuthResponse{
 		Message:              `Logged in successfully`,

server/resolvers/logout.go

@@ -27,7 +27,7 @@ func Logout(ctx context.Context) (*model.Response, error) {
 	}
 
 	userId := fmt.Sprintf("%v", claim["id"])
-	session.DeleteToken(userId)
+	session.DeleteToken(userId, token)
 	res = &model.Response{
 		Message: "Logged out successfully",
 	}

server/resolvers/profile.go

@@ -30,7 +30,7 @@ func Profile(ctx context.Context) (*model.User, error) {
 
 	userID := fmt.Sprintf("%v", claim["id"])
 	email := fmt.Sprintf("%v", claim["email"])
-	sessionToken := session.GetToken(userID)
+	sessionToken := session.GetToken(userID, token)
 
 	if sessionToken == "" {
 		return res, fmt.Errorf(`unauthorized`)

server/resolvers/signup.go

@@ -127,7 +127,16 @@ func Signup(ctx context.Context, params model.SignUpInput) (*model.AuthResponse,
 
 		accessToken, expiresAt, _ := utils.CreateAuthToken(user, enum.AccessToken, roles)
 
-		session.SetToken(userIdStr, refreshToken)
+		session.SetToken(userIdStr, accessToken, refreshToken)
+		go func() {
+			sessionData := db.Session{
+				UserID:    user.ID,
+				UserAgent: utils.GetUserAgent(gc.Request),
+				IP:        utils.GetIP(gc.Request),
+			}
+
+			db.Mgr.SaveSession(sessionData)
+		}()
 		res = &model.AuthResponse{
 			Message:              `Signed up successfully.`,
 			AccessToken:          &accessToken,

server/resolvers/token.go

@@ -37,7 +37,7 @@ func Token(ctx context.Context, roles []string) (*model.AuthResponse, error) {
 
 	userIdStr := fmt.Sprintf("%v", user.ID)
 
-	sessionToken := session.GetToken(userIdStr)
+	sessionToken := session.GetToken(userIdStr, token)
 
 	if sessionToken == "" {
 		return res, fmt.Errorf(`unauthorized`)
@@ -63,7 +63,19 @@ func Token(ctx context.Context, roles []string) (*model.AuthResponse, error) {
 	if accessTokenErr != nil || expiresTimeObj.Sub(currentTimeObj).Minutes() <= 5 {
 		// if access token has expired and refresh/session token is valid
 		// generate new accessToken
+		currentRefreshToken := session.GetToken(userIdStr, token)
+		session.DeleteToken(userIdStr, token)
 		token, expiresAt, _ = utils.CreateAuthToken(user, enum.AccessToken, claimRoles)
+		session.SetToken(userIdStr, token, currentRefreshToken)
+		go func() {
+			sessionData := db.Session{
+				UserID:    user.ID,
+				UserAgent: utils.GetUserAgent(gc.Request),
+				IP:        utils.GetIP(gc.Request),
+			}
+
+			db.Mgr.SaveSession(sessionData)
+		}()
 	}
 
 	utils.SetCookie(gc, token)

server/resolvers/updateProfile.go

@@ -33,7 +33,7 @@ func UpdateProfile(ctx context.Context, params model.UpdateProfileInput) (*model
 	}
 
 	id := fmt.Sprintf("%v", claim["id"])
-	sessionToken := session.GetToken(id)
+	sessionToken := session.GetToken(id, token)
 
 	if sessionToken == "" {
 		return res, fmt.Errorf(`unauthorized`)
@@ -99,7 +99,7 @@ func UpdateProfile(ctx context.Context, params model.UpdateProfileInput) (*model
 			return res, fmt.Errorf("user with this email address already exists")
 		}
 
-		session.DeleteToken(fmt.Sprintf("%v", user.ID))
+		session.DeleteUserSession(fmt.Sprintf("%v", user.ID))
 		utils.DeleteCookie(gc)
 
 		user.Email = newEmail

server/resolvers/verifyEmail.go

@@ -47,7 +47,16 @@ func VerifyEmail(ctx context.Context, params model.VerifyEmailInput) (*model.Aut
 
 	accessToken, expiresAt, _ := utils.CreateAuthToken(user, enum.AccessToken, roles)
 
-	session.SetToken(userIdStr, refreshToken)
+	session.SetToken(userIdStr, accessToken, refreshToken)
+	go func() {
+		sessionData := db.Session{
+			UserID:    user.ID,
+			UserAgent: utils.GetUserAgent(gc.Request),
+			IP:        utils.GetIP(gc.Request),
+		}
+
+		db.Mgr.SaveSession(sessionData)
+	}()
 
 	res = &model.AuthResponse{
 		Message:              `Email verified successfully.`,