From db4eaef0792038a638a4f31247e8e04159fd2ade Mon Sep 17 00:00:00 2001
From: axel <contact@axel.moe>
Date: Sat, 19 Apr 2025 00:47:57 +0200
Subject: [PATCH] feat: store random public ID and IP with session data for #1

---
 src/lib/server/sessions.ts        | 36 ++++++++++++++++++++++++-------
 src/routes/login/+page.server.ts  |  1 +
 src/routes/logout/+page.server.ts |  2 +-
 3 files changed, 30 insertions(+), 9 deletions(-)

diff --git a/src/lib/server/sessions.ts b/src/lib/server/sessions.ts
index 8a62497..7fccf94 100644
--- a/src/lib/server/sessions.ts
+++ b/src/lib/server/sessions.ts
@@ -5,15 +5,16 @@ import { users } from './db';
 type SessionData = {
   userId: string;
   userAgent: string;
+  ip: string;
 };
 
-const sessions: Map<string, SessionData> = new Map();
+const sessions: Map<string, SessionData & { publicId: string }> = new Map();
 
 export function createSession(data: SessionData) {
-  const token = nanoid();
-  sessions.set(token, data);
-  setTimeout(() => sessions.delete(token), parseInt(env.SESSION_LIFETIME) * 1000 || 86_400_000);
-  return token;
+  const sessionId = nanoid();
+  sessions.set(sessionId, { ...data, publicId: nanoid() });
+  setTimeout(() => sessions.delete(sessionId), parseInt(env.SESSION_LIFETIME) * 1000 || 86_400_000);
+  return sessionId;
 }
 
 export async function getUserFromSession(sessionId?: string) {
@@ -25,7 +26,26 @@ export async function getUserFromSession(sessionId?: string) {
   return await users.getById(data.userId);
 }
 
-export function deleteSession(sessionId?: string) {
-  if (!sessionId) return;
-  sessions.delete(sessionId);
+export function deleteSession(criteria: { sessionId?: string; publicId?: string }) {
+  let deleted = false;
+
+  if (criteria.sessionId) {
+    deleted = sessions.delete(criteria.sessionId);
+  } else {
+    for (let [k, v] of sessions) {
+      if (v.publicId == criteria.publicId) {
+        // surprisingly, deleting while iterating is fine with ES6 iterables
+        deleted = sessions.delete(k);
+      }
+    }
+  }
+
+  return deleted;
+}
+
+export function getUserSessions(userId: string) {
+  return sessions
+    .values()
+    .filter((s) => s.userId == userId)
+    .toArray();
 }
diff --git a/src/routes/login/+page.server.ts b/src/routes/login/+page.server.ts
index 24bbb5f..9fd3d7a 100644
--- a/src/routes/login/+page.server.ts
+++ b/src/routes/login/+page.server.ts
@@ -91,6 +91,7 @@ export const actions = {
       createSession({
         userAgent: request.headers.get('user-agent') ?? 'UNKNOWN',
         userId: user.id,
+        ip,
       }),
       {
         path: '/',
diff --git a/src/routes/logout/+page.server.ts b/src/routes/logout/+page.server.ts
index 9cb52e1..d46ec8e 100644
--- a/src/routes/logout/+page.server.ts
+++ b/src/routes/logout/+page.server.ts
@@ -2,7 +2,7 @@ import { deleteSession } from '$lib/server/sessions';
 import { redirect, type ServerLoad } from '@sveltejs/kit';
 
 export const load: ServerLoad = async ({ cookies }) => {
-  deleteSession(cookies.get('session'));
+  deleteSession({ sessionId: cookies.get('session') });
   cookies.delete('session', { path: '/' });
   redirect(302, '/login');
 };