implement bookmark delete

packages/server/src/auth/session.ts

@@ -15,21 +15,8 @@ const SESSION_ID_BYTE_LENGTH = 24
 const SESSION_ID_COOKIE_NAME = "session-id"
 const SESSION_DURATION_MS = 30 * 60 * 1000
 
-const findSessionQuery = db.query("SELECT user_id, expires_at_unix FROM sessions WHERE session_id = $sessionId")
-
-const deleteSessionQuery = db.query("DELETE FROM sessions WHERE session_id = $sessionId")
-const forgetAllSessionsQuery = db.query("DELETE FROM sessions WHERE user_id = $userId")
-const deleteExpiredSessionsQuery = db.query("DELETE FROM sessions WHERE expires_at_unix_ms < $time")
-
-const saveSessionQuery = db.query(
-	"INSERT INTO sessions(session_id, user_id, expires_at_unix_ms) VALUES ($sessionId, $userId, $expiresAt)",
-)
-
-const extendSessionQuery = db.query(
-	"UPDATE sessions SET expires_at_unix_ms = $newExpiryDate WHERE session_id = $session_id",
-)
-
 function startBackgroundSessionCleanup() {
+	const deleteExpiredSessionsQuery = db.query("DELETE FROM sessions WHERE expires_at_unix_ms < $time")
 	setInterval(() => {
 		deleteExpiredSessionsQuery.run({ time: dayjs().valueOf() })
 	}, 5000)
@@ -48,9 +35,11 @@ function signSessionId(sessionId: string): string {
 async function createSessionForUser(user: User, cookies: Bun.CookieMap) {
 	const sessionId = await newSessionId()
 	const signedSessionId = signSessionId(sessionId)
-
 	const expiryDate = dayjs().add(30, "minutes").valueOf()
 
+	const saveSessionQuery = db.query(
+		"INSERT INTO sessions (session_id, user_id, expires_at_unix_ms) VALUES ($sessionId, $userId, $expiresAt)",
+	)
 	saveSessionQuery.run({
 		sessionId,
 		userId: user.id,
@@ -59,13 +48,17 @@ async function createSessionForUser(user: User, cookies: Bun.CookieMap) {
 
 	cookies.set(SESSION_ID_COOKIE_NAME, signedSessionId, {
 		maxAge: user.id === DEMO_USER.id ? undefined : SESSION_DURATION_MS,
+		path: "/api",
 		httpOnly: true,
 	})
+
+	console.log("session created for user", user.id)
 }
 
 async function saveSession(session: Session, cookies: Bun.CookieMap) {
 	cookies.set(SESSION_ID_COOKIE_NAME, session.signedId, {
 		maxAge: SESSION_DURATION_MS,
+		path: "/api",
 		httpOnly: true,
 	})
 }
@@ -73,6 +66,7 @@ async function saveSession(session: Session, cookies: Bun.CookieMap) {
 function verifySession(cookie: Bun.CookieMap): Session | null {
 	const signedSessionId = cookie.get(SESSION_ID_COOKIE_NAME)
 	if (!signedSessionId) {
+		console.log("no cookie")
 		return null
 	}
 
@@ -84,18 +78,23 @@ function verifySession(cookie: Bun.CookieMap): Session | null {
 
 	const isEqual = a.length === b.length && crypto.timingSafeEqual(a, b)
 	if (!isEqual) {
+		console.log("not equal")
 		return null
 	}
 
+	const findSessionQuery = db.query("SELECT user_id, expires_at_unix_ms FROM sessions WHERE session_id = $sessionId")
 	const row = findSessionQuery.get({ sessionId: value })
 	if (!row) {
+		console.log("no row")
 		return null
 	}
 	const foundSession = row as { user_id: string; expires_at_unix_ms: number }
 
 	const now = dayjs().valueOf()
 	if (now > foundSession.expires_at_unix_ms) {
+		const deleteSessionQuery = db.query("DELETE FROM sessions WHERE session_id = $sessionId")
 		deleteSessionQuery.run({ sessionId: value })
+		console.log("session expired!")
 		return null
 	}
 
@@ -110,6 +109,9 @@ function verifySession(cookie: Bun.CookieMap): Session | null {
 
 function extendSession(session: Session): Session {
 	const newExpiryDate = dayjs().add(30, "minutes").valueOf()
+	const extendSessionQuery = db.query(
+		"UPDATE sessions SET expires_at_unix_ms = $newExpiryDate WHERE session_id = $session_id",
+	)
 	extendSessionQuery.run({
 		sessionId: session.id,
 		newExpiryDate,
@@ -121,6 +123,7 @@ function extendSession(session: Session): Session {
 }
 
 function forgetAllSessions(user: User) {
+	const forgetAllSessionsQuery = db.query("DELETE FROM sessions WHERE user_id = $userId")
 	forgetAllSessionsQuery.run({ userId: user.id })
 }