refactor(server): use session model in auth service (#9660)

2026-02-13 21:05:19 +00:00 · 2025-01-14 07:43:26 +00:00
parent ee99b0cc9d
commit b7635c8944
9 changed files with 116 additions and 152 deletions
--- a/packages/backend/server/src/tests/auth/guard.spec.ts
+++ b/packages/backend/server/src/tests/auth/guard.spec.ts
@@ -6,6 +6,7 @@ import request from 'supertest';

 import { AuthModule, CurrentUser, Public, Session } from '../../core/auth';
 import { AuthService } from '../../core/auth/service';
+import { Models } from '../../models';
 import { createTestingApp } from '../utils';

@Controller('/')
@@ -35,6 +36,8 @@ let server!: any;
 let auth!: AuthService;
 let u1!: CurrentUser;

+let sessionId = '';
+
 test.before(async t => {
  const { app } = await createTestingApp({
    imports: [AuthModule],
@@ -44,13 +47,10 @@ test.before(async t => {
  auth = app.get(AuthService);
  u1 = await auth.signUp('u1@affine.pro', '1');

-  const db = app.get(PrismaClient);
-  await db.session.create({
-    data: {
-      id: '1',
-    },
-  });
-  await auth.createUserSession(u1.id, '1');
+  const models = app.get(Models);
+  const session = await models.session.createSession();
+  sessionId = session.id;
+  await auth.createUserSession(u1.id, sessionId);

  server = app.getHttpServer();
  t.context.app = app;
@@ -69,7 +69,7 @@ test('should be able to visit public api if not signed in', async t => {
 test('should be able to visit public api if signed in', async t => {
  const res = await request(server)
    .get('/public')
-    .set('Cookie', `${AuthService.sessionCookieName}=1`)
+    .set('Cookie', `${AuthService.sessionCookieName}=${sessionId}`)
    .expect(HttpStatus.OK);

  t.is(res.body.user.id, u1.id);
@@ -90,7 +90,7 @@ test('should not be able to visit private api if not signed in', async t => {
 test('should be able to visit private api if signed in', async t => {
  const res = await request(server)
    .get('/private')
-    .set('Cookie', `${AuthService.sessionCookieName}=1`)
+    .set('Cookie', `${AuthService.sessionCookieName}=${sessionId}`)
    .expect(HttpStatus.OK);

  t.is(res.body.user.id, u1.id);
@@ -100,10 +100,10 @@ test('should be able to parse session cookie', async t => {
  const spy = Sinon.spy(auth, 'getUserSession');
  await request(server)
    .get('/public')
-    .set('cookie', `${AuthService.sessionCookieName}=1`)
+    .set('cookie', `${AuthService.sessionCookieName}=${sessionId}`)
    .expect(200);

-  t.deepEqual(spy.firstCall.args, ['1', undefined]);
+  t.deepEqual(spy.firstCall.args, [sessionId, undefined]);
  spy.restore();
 });

@@ -112,17 +112,17 @@ test('should be able to parse bearer token', async t => {

  await request(server)
    .get('/public')
-    .auth('1', { type: 'bearer' })
+    .auth(sessionId, { type: 'bearer' })
    .expect(200);

-  t.deepEqual(spy.firstCall.args, ['1', undefined]);
+  t.deepEqual(spy.firstCall.args, [sessionId, undefined]);
  spy.restore();
 });

 test('should be able to refresh session if needed', async t => {
  await t.context.app.get(PrismaClient).userSession.updateMany({
    where: {
-      sessionId: '1',
+      sessionId,
    },
    data: {
      expiresAt: new Date(Date.now() + 1000 * 60 * 60 /* expires in 1 hour */),
@@ -131,7 +131,7 @@ test('should be able to refresh session if needed', async t => {

  const res = await request(server)
    .get('/session')
-    .set('cookie', `${AuthService.sessionCookieName}=1`)
+    .set('cookie', `${AuthService.sessionCookieName}=${sessionId}`)
    .expect(200);

  const cookie = res
--- a/packages/backend/server/src/tests/auth/job.spec.ts
+++ b/packages/backend/server/src/tests/auth/job.spec.ts
@@ -0,0 +1,47 @@
+import { ScheduleModule } from '@nestjs/schedule';
+import { TestingModule } from '@nestjs/testing';
+import { PrismaClient } from '@prisma/client';
+import test from 'ava';
+
+import { AuthModule, AuthService } from '../../core/auth';
+import { AuthCronJob } from '../../core/auth/job';
+import { createTestingModule } from '../utils';
+
+let m: TestingModule;
+let db: PrismaClient;
+
+test.before(async () => {
+  m = await createTestingModule({
+    imports: [ScheduleModule.forRoot(), AuthModule],
+  });
+
+  db = m.get(PrismaClient);
+});
+
+test.after.always(async () => {
+  await m.close();
+});
+
+test('should clean expired user sessions', async t => {
+  const auth = m.get(AuthService);
+  const job = m.get(AuthCronJob);
+  const user1 = await auth.signUp('u1@affine.pro', '1');
+  const user2 = await auth.signUp('u2@affine.pro', '1');
+  await auth.createUserSession(user1.id);
+  await auth.createUserSession(user2.id);
+  let userSessions = await db.userSession.findMany();
+  t.is(userSessions.length, 2);
+
+  // no expired sessions
+  await job.cleanExpiredUserSessions();
+  userSessions = await db.userSession.findMany();
+  t.is(userSessions.length, 2);
+
+  // clean all expired sessions
+  await db.userSession.updateMany({
+    data: { expiresAt: new Date(Date.now() - 1000) },
+  });
+  await job.cleanExpiredUserSessions();
+  userSessions = await db.userSession.findMany();
+  t.is(userSessions.length, 0);
+});
--- a/packages/backend/server/src/tests/auth/service.spec.ts
+++ b/packages/backend/server/src/tests/auth/service.spec.ts
@@ -192,8 +192,10 @@ test('should be able to signout multi accounts session', async t => {

  const session = await auth.createSession();

-  await auth.createUserSession(u1.id, session.id);
-  await auth.createUserSession(u2.id, session.id);
+  const userSession1 = await auth.createUserSession(u1.id, session.id);
+  const userSession2 = await auth.createUserSession(u2.id, session.id);
+  t.not(userSession1.id, userSession2.id);
+  t.is(userSession1.sessionId, userSession2.sessionId);

  await auth.signOut(session.id, u1.id);