session management

src/routes/auth/manage.ts

@@ -1,6 +1,8 @@
+import { formatSession } from '@/db/models/Session';
 import { User, formatUser } from '@/db/models/User';
 import { handle } from '@/services/handler';
 import { makeRouter } from '@/services/router';
+import { makeSession, makeSessionToken } from '@/services/session';
 import { z } from 'zod';
 
 const registerSchema = z.object({
@@ -12,13 +14,22 @@ export const manageAuthRouter = makeRouter((app) => {
   app.post(
     '/auth/register',
     { schema: { body: registerSchema } },
-    handle(({ em, body }) => {
+    handle(async ({ em, body, req }) => {
       const user = new User();
       user.name = body.name;
-      em.persistAndFlush(user);
+      const session = makeSession(
+        user.id,
+        body.device,
+        req.headers['user-agent'],
+      );
+
+      em.persist([user, session]);
+      await em.flush();
 
       return {
         user: formatUser(user),
+        session: formatSession(session),
+        token: makeSessionToken(session),
       };
     }),
   );

src/routes/auth/session.ts

@@ -0,0 +1,30 @@
+import { Session } from '@/db/models/Session';
+import { StatusError } from '@/services/error';
+import { handle } from '@/services/handler';
+import { makeRouter } from '@/services/router';
+import { z } from 'zod';
+
+export const sessionRouter = makeRouter((app) => {
+  app.delete(
+    '/auth/session/:sid',
+    {
+      schema: {
+        params: z.object({
+          sid: z.string(),
+        }),
+      },
+    },
+    handle(async ({ auth, params, em }) => {
+      auth.assert();
+
+      const targetedSession = await em.findOne(Session, { id: params.sid });
+      if (!targetedSession) return true; // already deleted
+
+      if (targetedSession.user !== auth.user.id)
+        throw new StatusError('Cant delete sessions you dont own', 401);
+
+      await em.removeAndFlush(targetedSession);
+      return true;
+    }),
+  );
+});