boha_admin/app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 26 Wiki Activity

fix: logout now properly cleans up session tokens

Browse Source 
- Deletes current token AND tokens replaced by it
- Cleans up all expired tokens on logout
- Prevents stale sessions from showing on dashboard after re-login

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
BOHA
2026-03-23 20:35:28 +01:00
parent 456232cd82
commit f71ad6e2a8
1 changed files with 17 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
src/services/auth.ts
View File

@@ -224,7 +224,23 @@ export async function refreshAccessToken(
export async function logout(refreshTokenRaw: string): Promise<void> { export async function logout(refreshTokenRaw: string): Promise<void> {
const tokenHash = hashToken(refreshTokenRaw); const tokenHash = hashToken(refreshTokenRaw);
await prisma.refresh_tokens.deleteMany({ where: { token_hash: tokenHash } }); // Delete the current token
const token = await prisma.refresh_tokens.findFirst({ where: { token_hash: tokenHash } });
if (token) {
// Delete the current token and all replaced tokens in its chain
await prisma.refresh_tokens.deleteMany({
where: {
OR: [
{ token_hash: tokenHash },
{ replaced_by_hash: tokenHash },
],
},
});
}
// Clean up expired tokens for all users
await prisma.refresh_tokens.deleteMany({
where: { expires_at: { lt: new Date() } },
});
} }
export async function verifyAccessToken(token: string): Promise<AuthData | null> { export async function verifyAccessToken(token: string): Promise<AuthData | null> {