MikeRust/src/auth/session.rs at main · SemplificaAI/MikeRust · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
/// Opaque session tokens — UUID v4 stored in SQLite with TTL.
/// No JWT, no signing — all validation is a DB lookup.
use anyhow::Result;
use chrono::{DateTime, Duration, Utc};
use sqlx::SqlitePool;
use uuid::Uuid;

const SESSION_TTL_HOURS: i64 = 24 * 7; // 1 week for local use

#[derive(Debug, Clone)]
pub struct Session {
    pub token: String,
    pub user_id: String,
    pub expires_at: DateTime<Utc>,
}

/// In-memory + SQLite session store.
#[derive(Clone)]
pub struct SessionStore {
    db: SqlitePool,
}

impl SessionStore {
    pub fn new(db: SqlitePool) -> Self {
        Self { db }
    }

    pub async fn create(&self, user_id: &str) -> Result<String> {
        let token = Uuid::new_v4().to_string();
        let expires_at = Utc::now() + Duration::hours(SESSION_TTL_HOURS);
        sqlx::query(
            "INSERT INTO sessions (token, user_id, expires_at) VALUES (?, ?, ?)",
        )
        .bind(&token)
        .bind(user_id)
        .bind(expires_at.to_rfc3339())
        .execute(&self.db)
        .await?;
        Ok(token)
    }

    pub async fn validate(&self, token: &str) -> Result<Option<Session>> {
        let row: Option<(String, String, String)> = sqlx::query_as(
            "SELECT token, user_id, expires_at FROM sessions WHERE token = ?",
        )
        .bind(token)
        .fetch_optional(&self.db)
        .await?;

        let Some((tok, user_id, exp_str)) = row else {
            return Ok(None);
        };

        let expires_at = DateTime::parse_from_rfc3339(&exp_str)
            .map(|d| d.with_timezone(&Utc))
            .unwrap_or(Utc::now());

        if Utc::now() > expires_at {
            self.revoke(&tok).await?;
            return Ok(None);
        }

        Ok(Some(Session { token: tok, user_id, expires_at }))
    }

    pub async fn revoke(&self, token: &str) -> Result<()> {
        sqlx::query("DELETE FROM sessions WHERE token = ?")
            .bind(token)
            .execute(&self.db)
            .await?;
        Ok(())
    }

    pub async fn revoke_all(&self, user_id: &str) -> Result<()> {
        sqlx::query("DELETE FROM sessions WHERE user_id = ?")
            .bind(user_id)
            .execute(&self.db)
            .await?;
        Ok(())
    }

    /// Purge expired sessions — call on startup or periodically.
    pub async fn purge_expired(&self) -> Result<()> {
        sqlx::query("DELETE FROM sessions WHERE expires_at < ?")
            .bind(Utc::now().to_rfc3339())
            .execute(&self.db)
            .await?;
        Ok(())
    }
}