feat: implemented destroy session functionality

Signed-off-by: bhavanakarwade <[email protected]>

Author: bhavanakarwade

.env.demo

@@ -156,7 +156,7 @@ OTEL_LOGS_OTLP_ENDPOINT='http://localhost:4318/v1/logs'
 OTEL_HEADERS_KEY=88ca6b1XXXXXXXXXXXXXXXXXXXXXXXXXXX
 OTEL_LOGGER_NAME='credebl-platform-logger'
 HOSTNAME='localhost'
-
+SESSIONS_LIMIT=10
 # SSO
 # To add more clients, simply add comma separated values of client names
 SUPPORTED_SSO_CLIENTS=CREDEBL

.env.sample

@@ -153,7 +153,7 @@ SCHEMA_FILE_SERVER_URL= // Please provide schema URL
 SCHEMA_FILE_SERVER_TOKEN=xxxxxxxx // Please provide schema file server token for polygon
 
 FILEUPLOAD_CACHE_TTL= //Provide file upload cache ttl
-
+SESSIONS_LIMIT= //Provide limits of sessions
 FIELD_UPLOAD_SIZE= //Provide field upload size
 
 IS_ECOSYSTEM_ENABLE= //Set this flag to `true` to enable the ecosystem, or `false` to disable it.

apps/api-gateway/src/authz/authz.controller.ts

@@ -15,7 +15,7 @@ import {
 } from '@nestjs/common';
 import { AuthzService } from './authz.service';
 import { CommonService } from '../../../../libs/common/src/common.service';
-import { ApiBody, ApiOperation, ApiQuery, ApiResponse, ApiTags } from '@nestjs/swagger';
+import { ApiBearerAuth, ApiBody, ApiOperation, ApiQuery, ApiResponse, ApiTags } from '@nestjs/swagger';
 import { ApiResponseDto } from '../dtos/apiResponse.dto';
 import { UserEmailVerificationDto } from '../user/dto/create-user.dto';
 import IResponseType from '@credebl/common/interfaces/response.interface';
@@ -33,9 +33,9 @@ import { RefreshTokenDto } from './dtos/refresh-token.dto';
 import { getDefaultClient } from '../user/utils';
 import { ClientAliasValidationPipe } from './decorators/user-auth-client';
 import { SessionGuard } from './guards/session.guard';
-interface SessionDetails {
-  sessionId: string;
-}
+import { UserLogoutDto } from './dtos/user-logout.dto';
+import { AuthGuard } from '@nestjs/passport';
+import { ISessionData } from 'apps/user/interfaces/user.interface';
 @Controller('auth')
 @ApiTags('auth')
 @UseFilters(CustomExceptionFilter)
@@ -190,11 +190,7 @@ export class AuthzController {
     required: false
   })
   @ApiResponse({ status: HttpStatus.OK, description: 'Success', type: AuthTokenResponse })
-  async sessionDetails(
-    @Res() res: Response,
-    @Req() req: Request,
-    @Query() sessionId: SessionDetails
-  ): Promise<Response> {
+  async sessionDetails(@Res() res: Response, @Req() req: Request, @Query() sessionId: ISessionData): Promise<Response> {
     this.logger.debug(`in authz controller`);
 
     let sessionDetails;
@@ -309,4 +305,30 @@ export class AuthzController {
 
     return res.status(HttpStatus.OK).json(finalResponse);
   }
+
+  /**
+   * Log out user.
+   *
+   * @body LogoutUserDto
+   * @returns Logged out user from current session
+   */
+  @Post('/signout')
+  @ApiOperation({
+    summary: 'Logout user',
+    description: 'Logout user from current session.'
+  })
+  @ApiResponse({ status: HttpStatus.OK, description: 'Success', type: ApiResponseDto })
+  @UseGuards(AuthGuard('jwt'))
+  @ApiBearerAuth()
+  @ApiBody({ type: UserLogoutDto })
+  async logout(@Body() logoutUserDto: UserLogoutDto, @Res() res: Response): Promise<Response> {
+    await this.authzService.logout(logoutUserDto);
+
+    const finalResponse: IResponseType = {
+      statusCode: HttpStatus.OK,
+      message: ResponseMessages.user.success.logout
+    };
+
+    return res.status(HttpStatus.OK).json(finalResponse);
+  }
 }

apps/api-gateway/src/authz/authz.service.ts

@@ -18,6 +18,7 @@ import { ResetTokenPasswordDto } from './dtos/reset-token-password';
 import { NATSClient } from '@credebl/common/NATSClient';
 import { user } from '@prisma/client';
 import { ISessionDetails } from 'apps/user/interfaces/user.interface';
+import { UserLogoutDto } from './dtos/user-logout.dto';
 @Injectable()
 @WebSocketGateway()
 export class AuthzService extends BaseService {
@@ -79,4 +80,8 @@ export class AuthzService extends BaseService {
     const payload = { userInfo };
     return this.natsClient.sendNatsMessage(this.authServiceProxy, 'add-user', payload);
   }
+
+  async logout(logoutUserDto: UserLogoutDto): Promise<string> {
+    return this.natsClient.sendNatsMessage(this.authServiceProxy, 'user-logout', logoutUserDto);
+  }
 }

apps/api-gateway/src/authz/dtos/user-logout.dto.ts

@@ -0,0 +1,15 @@
+import { IsArray, IsNotEmpty, IsOptional, IsString } from 'class-validator';
+
+import { ApiPropertyOptional } from '@nestjs/swagger';
+
+export class UserLogoutDto {
+  @ApiPropertyOptional({
+    description: 'List of session IDs to log out',
+    type: [String]
+  })
+  @IsOptional()
+  @IsArray({ message: 'sessions must be an array' })
+  @IsString({ each: true, message: 'each session Id must be a string' })
+  @IsNotEmpty({ each: true, message: 'session Id must not be empty' })
+  sessions?: string[];
+}

apps/organization/src/organization.service.ts

@@ -705,7 +705,7 @@ export class OrganizationService {
     this.logger.debug(`orgRoleDetails::::${JSON.stringify(orgRoleDetails)}`);
     // check seesion details
     const userSessionDetails = await this.userRepository.fetchUserSessions(orgRoleDetails['user'].id);
-    if (10 <= userSessionDetails?.length) {
+    if (Number(process.env.SESSIONS_LIMIT) <= userSessionDetails?.length) {
       throw new BadRequestException(ResponseMessages.user.error.sessionLimitReached);
     }
     // Creation sessison and account

apps/user/interfaces/user.interface.ts

@@ -244,6 +244,9 @@ export interface UserRoleMapping {
   userRoleId: string;
 }
 
+export interface ISessions {
+  sessions: string[];
+}
 export interface UserRoleDetails {
   id: string;
   role: $Enums.UserRole;
@@ -273,3 +276,6 @@ export interface IAccountDetails {
   id_token?: string;
   session_state?: string;
 }
+export interface ISessionData {
+  sessionId: string;
+}

apps/user/repositories/user.repository.ts

@@ -16,9 +16,19 @@ import {
   UserRoleMapping
 } from '../interfaces/user.interface';
 import { Injectable, InternalServerErrorException, Logger, NotFoundException } from '@nestjs/common';
-import { ProviderType, UserRole } from '@credebl/enum/enum';
 // eslint-disable-next-line camelcase
-import { RecordType, account, client_aliases, schema, session, token, user, user_org_roles } from '@prisma/client';
+import {
+  Prisma,
+  RecordType,
+  account,
+  client_aliases,
+  schema,
+  session,
+  token,
+  user,
+  user_org_roles
+} from '@prisma/client';
+import { ProviderType, UserRole } from '@credebl/enum/enum';
 
 import { PrismaService } from '@credebl/prisma-service';
 
@@ -959,4 +969,21 @@ export class UserRepository {
       throw error;
     }
   }
+
+  async destroySession(sessions: string[]): Promise<Prisma.BatchPayload> {
+    try {
+      const userSessions = await this.prisma.session.deleteMany({
+        where: {
+          id: {
+            in: sessions
+          }
+        }
+      });
+
+      return userSessions;
+    } catch (error) {
+      this.logger.error(`Error in logging out user: ${error.message}`);
+      throw error;
+    }
+  }
 }

apps/user/src/user.controller.ts

@@ -2,6 +2,7 @@ import {
   ICheckUserDetails,
   IOrgUsers,
   ISessionDetails,
+  ISessions,
   IUserDeletedActivity,
   IUserForgotPassword,
   IUserInformation,
@@ -263,4 +264,9 @@ export class UserController {
   async getuserOrganizationByUserId(payload: { userId: string }): Promise<user_org_roles[]> {
     return this.userService.getuserOrganizationByUserId(payload.userId);
   }
+
+  @MessagePattern({ cmd: 'user-logout' })
+  async logout(logoutUserDto: ISessions): Promise<string> {
+    return this.userService.logout(logoutUserDto);
+  }
 }

apps/user/src/user.service.ts

@@ -40,7 +40,8 @@ import {
   UserKeycloakId,
   IEcosystemConfig,
   IUserForgotPassword,
-  ISessionDetails
+  ISessionDetails,
+  ISessions
 } from '../interfaces/user.interface';
 import { AcceptRejectInvitationDto } from '../dtos/accept-reject-invitation.dto';
 import { UserActivityService } from '@credebl/user-activity';
@@ -451,7 +452,7 @@ export class UserService {
 
       const userSessionDetails = await this.userRepository.fetchUserSessions(userData?.id);
 
-      if (3 <= userSessionDetails?.length) {
+      if (Number(process.env.SESSIONS_LIMIT) <= userSessionDetails?.length) {
         throw new BadRequestException(ResponseMessages.user.error.sessionLimitReached);
       }
 
@@ -1300,4 +1301,17 @@ export class UserService {
       throw new RpcException(error.response ? error.response : error);
     }
   }
+
+  async logout(logoutUserDto: ISessions): Promise<string> {
+    try {
+      if (logoutUserDto?.sessions) {
+        await this.userRepository.destroySession(logoutUserDto?.sessions);
+      }
+
+      return 'user logged out successfully';
+    } catch (error) {
+      this.logger.error(`Error in logging out session: ${error}`);
+      throw new RpcException(error.response ? error.response : error);
+    }
+  }
 }