chat-api/crates/database/src/repositories/session_repository.rs at 64a0f61dddff64e8ea6cc5dab0db3cd8fa2d2cab · nearai/chat-api · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
use crate::pool::DbPool;
use async_trait::async_trait;
use chrono::{Duration, Utc};
use services::{
    auth::ports::{SessionRepository, UserSession},
    SessionId, UserId,
};
use sha2::{Digest, Sha256};
use uuid::Uuid;

pub struct PostgresSessionRepository {
    pool: DbPool,
}

impl PostgresSessionRepository {
    pub fn new(pool: DbPool) -> Self {
        Self { pool }
    }

    /// Generate a new session token
    fn generate_session_token() -> String {
        format!("sess_{}", Uuid::new_v4().to_string().replace("-", ""))
    }

    /// Hash a session token for storage
    fn hash_session_token(token: &str) -> String {
        let mut hasher = Sha256::new();
        hasher.update(token.as_bytes());
        format!("{:x}", hasher.finalize())
    }
}

#[async_trait]
impl SessionRepository for PostgresSessionRepository {
    async fn create_session(&self, user_id: UserId) -> anyhow::Result<UserSession> {
        tracing::info!("Creating session for user_id={}", user_id);

        let client = self.pool.get().await?;

        let created_at = Utc::now();
        // Sessions expire after 30 days
        let expires_at = created_at + Duration::days(30);

        tracing::debug!("Session expiry set to: {} (30 days from now)", expires_at);

        // Generate token and hash it
        let token = Self::generate_session_token();
        let token_hash = Self::hash_session_token(&token);

        tracing::debug!("Generated session token and hash for user_id={}", user_id);

        let row = client
            .query_one(
                "INSERT INTO sessions (user_id, created_at, expires_at, token_hash)
                 VALUES ($1, $2, $3, $4)
                 RETURNING id, user_id, created_at, expires_at",
                &[&user_id, &created_at, &expires_at, &token_hash],
            )
            .await?;

        let session = UserSession {
            session_id: row.get(0),
            user_id: row.get(1),
            created_at: row.get(2),
            expires_at: row.get(3),
            token: Some(token), // Return the unhashed token only on creation
        };

        tracing::info!(
            "Session created successfully: session_id={}, user_id={}, expires_at={}",
            session.session_id,
            session.user_id,
            session.expires_at
        );

        Ok(session)
    }

    async fn get_session_by_token_hash(
        &self,
        token_hash: String,
    ) -> anyhow::Result<Option<UserSession>> {
        tracing::debug!(
            "Looking up session by token_hash: {}...",
            &token_hash.chars().take(16).collect::<String>()
        );

        let client = self.pool.get().await?;

        let row = client
            .query_opt(
                "SELECT id, user_id, created_at, expires_at
                 FROM sessions
                 WHERE token_hash = $1",
                &[&token_hash],
            )
            .await?;

        let result = row.map(|r| UserSession {
            session_id: r.get(0),
            user_id: r.get(1),
            created_at: r.get(2),
            expires_at: r.get(3),
            token: None, // Never return the token on retrieval
        });

        if let Some(ref session) = result {
            tracing::debug!(
                "Session found: session_id={}, user_id={}",
                session.session_id,
                session.user_id
            );
        } else {
            tracing::debug!("No session found for provided token_hash");
        }

        Ok(result)
    }

    async fn get_session_by_id(
        &self,
        session_id: SessionId,
    ) -> anyhow::Result<Option<UserSession>> {
        tracing::debug!("Looking up session by session_id: {}", session_id);

        let client = self.pool.get().await?;

        let row = client
            .query_opt(
                "SELECT id, user_id, created_at, expires_at
                 FROM sessions
                 WHERE id = $1",
                &[&session_id],
            )
            .await?;

        let result = row.map(|r| UserSession {
            session_id: r.get(0),
            user_id: r.get(1),
            created_at: r.get(2),
            expires_at: r.get(3),
            token: None, // Never return the token on retrieval
        });

        if let Some(ref session) = result {
            tracing::debug!(
                "Session found: session_id={}, user_id={}",
                session.session_id,
                session.user_id
            );
        } else {
            tracing::debug!("No session found for session_id: {}", session_id);
        }

        Ok(result)
    }

    async fn delete_session(&self, session_id: SessionId) -> anyhow::Result<()> {
        tracing::info!("Deleting session: session_id={}", session_id);

        let client = self.pool.get().await?;

        let rows_affected = client
            .execute("DELETE FROM sessions WHERE id = $1", &[&session_id])
            .await?;

        if rows_affected > 0 {
            tracing::info!("Session deleted successfully: session_id={}", session_id);
        } else {
            tracing::warn!("No session found to delete: session_id={}", session_id);
        }

        Ok(())
    }
}