cjones/immich
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: lock auth session (#18322)

Browse Source
This commit is contained in:
Jason Rasmussen
2025-05-15 18:08:31 -04:00
committed by GitHub
parent ecb66fdb2c
commit c1150fe7e3
37 changed files with 765 additions and 123 deletions
Download Patch File Download Diff File Expand all files Collapse all files
server/src/services/session.service.ts
+6 -1
View File
@@ -30,7 +30,7 @@ export class SessionService extends BaseService {
const session = await this.sessionRepository.create({
parentId: auth.session.id,
userId: auth.user.id,
expiredAt: dto.duration ? DateTime.now().plus({ seconds: dto.duration }).toJSDate() : null,
expiresAt: dto.duration ? DateTime.now().plus({ seconds: dto.duration }).toJSDate() : null,
deviceType: dto.deviceType,
deviceOS: dto.deviceOS,
token: tokenHashed,
@@ -49,6 +49,11 @@ export class SessionService extends BaseService {
await this.sessionRepository.delete(id);
}
async lock(auth: AuthDto, id: string): Promise<void> {
await this.requireAccess({ auth, permission: Permission.SESSION_LOCK, ids: [id] });
await this.sessionRepository.update(id, { pinExpiresAt: null });
}
async deleteAll(auth: AuthDto): Promise<void> {
const sessions = await this.sessionRepository.getByUserId(auth.user.id);
for (const session of sessions) {