Merge pull request #277 from d-rec/DR-815

fix: when user invlidated one token other tokens still be alive
d-rec · May 31, 2024 · 311b2cc · 311b2cc
2 parents 4bd6574 + 7ee0df3
commit 311b2cc
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 5 deletions.
diff --git a/apps/drec-api/src/auth/auth.controller.ts b/apps/drec-api/src/auth/auth.controller.ts
@@ -43,7 +43,8 @@ export class AuthController {
   @HttpCode(HttpStatus.OK)
   async logout(@Request() req: ExpressRequest) {
     this.logger.verbose('Within login');
-    await this.authService.logout(req.user as Omit<IUser, 'password'>);
+    const token: string = req.headers.authorization?.split(' ')[1];
+    await this.authService.logout(req.user as Omit<IUser, 'password'>, token);
     return { message: 'Logout successful' };
   }
 

diff --git a/apps/drec-api/src/auth/auth.service.ts b/apps/drec-api/src/auth/auth.service.ts
@@ -53,8 +53,8 @@ export class AuthService {
       accessToken: token,
     };
   }
-  async logout(payload: IJWTPayload) {
-    return await this.userService.removeUsersession(payload.id);
+  async logout(payload: IJWTPayload, token: string) {
+    return await this.userService.removeUsersession(payload.id, token);
   }
 
   async isTokenBlacklisted(

diff --git a/apps/drec-api/src/pods/user/user.service.ts b/apps/drec-api/src/pods/user/user.service.ts
@@ -725,8 +725,11 @@ export class UserService {
    * @param userId
    * @returns
    */
-  async removeUsersession(userId: number) {
-    return await this.userloginSessionRepository.delete({ userId: userId });
+  async removeUsersession(userId: number, token: string) {
+    return await this.userloginSessionRepository.delete({
+      userId: userId,
+      accesstoken_hash: token.trim(),
+    });
   }
 
   async hasgetUserTokenvalid(