add strip duplicate sesion middleware

server/middlewares/stripDuplicateSessions.ts

@@ -0,0 +1,49 @@
+import { NextFunction, Response } from "express";
+import ErrorResponse from "@server/types/ErrorResponse";
+import {
+    SESSION_COOKIE_NAME,
+    validateSessionToken
+} from "@server/auth/sessions/app";
+
+export const stripDuplicateSesions = async (
+    req: any,
+    res: Response<ErrorResponse>,
+    next: NextFunction
+) => {
+    const cookieHeader: string | undefined = req.headers.cookie;
+    if (!cookieHeader) {
+        return next();
+    }
+
+    const cookies = cookieHeader.split(";").map((cookie) => cookie.trim());
+    const sessionCookies = cookies.filter((cookie) =>
+        cookie.startsWith(`${SESSION_COOKIE_NAME}=`)
+    );
+
+    const validSessions: string[] = [];
+    if (sessionCookies.length > 1) {
+        for (const cookie of sessionCookies) {
+            const cookieValue = cookie.split("=")[1];
+            const res = await validateSessionToken(cookieValue);
+            if (res.session && res.user) {
+                validSessions.push(cookieValue);
+            }
+        }
+
+        if (validSessions.length > 0) {
+            const newCookieHeader = cookies.filter((cookie) => {
+                if (cookie.startsWith(`${SESSION_COOKIE_NAME}=`)) {
+                    const cookieValue = cookie.split("=")[1];
+                    return validSessions.includes(cookieValue);
+                }
+                return true;
+            });
+            req.headers.cookie = newCookieHeader.join("; ");
+            if (req.cookies) {
+                req.cookies[SESSION_COOKIE_NAME] = validSessions[0];
+            }
+        }
+    }
+
+    return next();
+};