feat: automatic termination of older sessions on login (temporary until release 4);

fix: login controller method not returning tokens

backend/docs/docs.go

@@ -141,7 +141,10 @@ const docTemplate = `{
                 ],
                 "responses": {
                     "200": {
-                        "description": "desc"
+                        "description": "Account is created and awaiting verification"
+                    },
+                    "409": {
+                        "description": "Username or email is already taken"
                     }
                 }
             }
@@ -362,13 +365,10 @@ const docTemplate = `{
                     "type": "string"
                 },
                 "password": {
-                    "description": "TODO: password checking",
                     "type": "string"
                 },
                 "username": {
-                    "type": "string",
+                    "type": "string"
-                    "maxLength": 20,
-                    "minLength": 3
                 }
             }
         },
@@ -380,21 +380,14 @@ const docTemplate = `{
                 "verification_code"
             ],
             "properties": {
-                "avatar_url": {
-                    "type": "string",
-                    "maxLength": 255
-                },
                 "birthday": {
                     "type": "string"
                 },
                 "name": {
-                    "type": "string",
+                    "type": "string"
-                    "maxLength": 75
                 },
                 "username": {
-                    "type": "string",
+                    "type": "string"
-                    "maxLength": 20,
-                    "minLength": 3
                 },
                 "verification_code": {
                     "type": "string"

backend/docs/swagger.json

@@ -137,7 +137,10 @@
                 ],
                 "responses": {
                     "200": {
-                        "description": "desc"
+                        "description": "Account is created and awaiting verification"
+                    },
+                    "409": {
+                        "description": "Username or email is already taken"
                     }
                 }
             }
@@ -358,13 +361,10 @@
                     "type": "string"
                 },
                 "password": {
-                    "description": "TODO: password checking",
                     "type": "string"
                 },
                 "username": {
-                    "type": "string",
+                    "type": "string"
-                    "maxLength": 20,
-                    "minLength": 3
                 }
             }
         },
@@ -376,21 +376,14 @@
                 "verification_code"
             ],
             "properties": {
-                "avatar_url": {
-                    "type": "string",
-                    "maxLength": 255
-                },
                 "birthday": {
                     "type": "string"
                 },
                 "name": {
-                    "type": "string",
+                    "type": "string"
-                    "maxLength": 75
                 },
                 "username": {
-                    "type": "string",
+                    "type": "string"
-                    "maxLength": 20,
-                    "minLength": 3
                 },
                 "verification_code": {
                     "type": "string"

backend/docs/swagger.yaml

@@ -32,11 +32,8 @@ definitions:
       email:
         type: string
       password:
-        description: 'TODO: password checking'
         type: string
       username:
-        maxLength: 20
-        minLength: 3
         type: string
     required:
     - password
@@ -44,17 +41,11 @@ definitions:
     type: object
   models.RegistrationCompleteRequest:
     properties:
-      avatar_url:
-        maxLength: 255
-        type: string
       birthday:
         type: string
       name:
-        maxLength: 75
         type: string
       username:
-        maxLength: 20
-        minLength: 3
         type: string
       verification_code:
         type: string
@@ -157,7 +148,9 @@ paths:
       - application/json
       responses:
         "200":
-          description: desc
+          description: Account is created and awaiting verification
+        "409":
+          description: Username or email is already taken
       summary: Register an account
       tags:
       - Auth

backend/internal/controllers/auth.go

@@ -50,7 +50,6 @@ func NewAuthController(_log *zap.Logger, as services.AuthService) AuthController
 	return &authControllerImpl{log: _log, authService: as}
 }
 
-// Login implements AuthController.
 // @Summary Acquire tokens via login credentials (and 2FA code if needed)
 // @Tags Auth
 // @Accept json
@@ -65,7 +64,7 @@ func (a *authControllerImpl) Login(c *gin.Context) {
 		return
 	}
 
-	_, err := a.authService.Login(request.Body)
+	response, err := a.authService.Login(request.Body)
 
 	if err != nil {
 		if errors.Is(err, errs.ErrForbidden) {
@@ -76,11 +75,10 @@ func (a *authControllerImpl) Login(c *gin.Context) {
 		return
 	}
 
-	c.Status(http.StatusOK)
+	c.JSON(http.StatusOK, response)
 	return
 }
 
-// PasswordResetBegin implements AuthController.
 // @Summary Request password reset email
 // @Tags Auth
 // @Accept json
@@ -90,7 +88,6 @@ func (a *authControllerImpl) PasswordResetBegin(c *gin.Context) {
 	c.Status(http.StatusNotImplemented)
 }
 
-// PasswordResetComplete implements AuthController.
 // @Summary Complete password reset with email code and provide 2FA code or backup code if needed
 // @Tags Auth
 // @Accept json
@@ -100,7 +97,6 @@ func (a *authControllerImpl) PasswordResetComplete(c *gin.Context) {
 	c.Status(http.StatusNotImplemented)
 }
 
-// Refresh implements AuthController.
 // @Summary Receive new tokens via refresh token
 // @Tags Auth
 // @Accept json
@@ -110,7 +106,6 @@ func (a *authControllerImpl) Refresh(c *gin.Context) {
 	c.Status(http.StatusNotImplemented)
 }
 
-// RegistrationComplete implements AuthController.
 // @Summary Register an account
 // @Tags Auth
 // @Accept json
@@ -142,7 +137,6 @@ func (a *authControllerImpl) RegistrationBegin(c *gin.Context) {
 	return
 }
 
-// RegistrationBegin implements AuthController.
 // @Summary Confirm with code, finish creating the account
 // @Tags Auth
 // @Accept json

backend/internal/database/query.sql.go

@@ -664,6 +664,18 @@ func (q *Queries) PruneTerminatedSessions(ctx context.Context) error {
 	return err
 }
 
+const terminateAllSessionsForUserByUsername = `-- name: TerminateAllSessionsForUserByUsername :exec
+UPDATE sessions
+SET terminated = TRUE
+FROM users
+WHERE sessions.user_id = users.id AND users.username = $1::text
+`
+
+func (q *Queries) TerminateAllSessionsForUserByUsername(ctx context.Context, username string) error {
+	_, err := q.db.Exec(ctx, terminateAllSessionsForUserByUsername, username)
+	return err
+}
+
 const updateBannedUser = `-- name: UpdateBannedUser :exec
 UPDATE banned_users
 SET 

backend/internal/services/auth.go

@@ -303,6 +303,15 @@ func (a *authServiceImpl) Login(request models.LoginRequest) (*models.LoginRespo
 		return nil, returnedError
 	}
 
+	// Until release 4, only 1 session at a time is supported
+	if err = db.TXQueries.TerminateAllSessionsForUserByUsername(db.CTX, request.Username); err != nil {
+		a.log.Error(
+			"Failed to terminate older sessions for user trying to log in",
+			zap.String("username", request.Username),
+			zap.Error(err))
+		return nil, errs.ErrServerError
+	}
+
 	session, err = db.TXQueries.CreateSession(db.CTX, database.CreateSessionParams{
 		// TODO: use actual values for session metadata
 		UserID: userRow.ID,