add my-device and force login

2026-03-02 08:46:38 +00:00 · 2025-11-25 10:51:36 -05:00
parent d23f61d995
commit ac68dbd545
22 changed files with 472 additions and 107 deletions
--- a/server/routers/auth/login.ts
+++ b/server/routers/auth/login.ts
@@ -1,7 +1,9 @@
 import {
    createSession,
    generateSessionToken,
-    serializeSessionCookie
+    invalidateSession,
+    serializeSessionCookie,
+    SESSION_COOKIE_NAME
 } from "@server/auth/sessions/app";
 import { db, resources } from "@server/db";
 import { users, securityKeys } from "@server/db";
@@ -21,11 +23,11 @@ import { UserType } from "@server/types/UserTypes";
 import { logAccessAudit } from "#dynamic/lib/logAccessAudit";

 export const loginBodySchema = z.strictObject({
-        email: z.email().toLowerCase(),
-        password: z.string(),
-        code: z.string().optional(),
-        resourceGuid: z.string().optional()
-    });
+    email: z.email().toLowerCase(),
+    password: z.string(),
+    code: z.string().optional(),
+    resourceGuid: z.string().optional()
+});

 export type LoginBody = z.infer<typeof loginBodySchema>;

@@ -41,6 +43,21 @@ export async function login(
    res: Response,
    next: NextFunction
 ): Promise<any> {
+    const { forceLogin } = req.query;
+    const { session: existingSession } = await verifySession(
+        req,
+        forceLogin === "true"
+    );
+    if (existingSession) {
+        return response<null>(res, {
+            data: null,
+            success: true,
+            error: false,
+            message: "Already logged in",
+            status: HttpCode.OK
+        });
+    }
+
    const parsedBody = loginBodySchema.safeParse(req.body);

    if (!parsedBody.success) {
@@ -55,17 +72,6 @@ export async function login(
    const { email, password, code, resourceGuid } = parsedBody.data;

    try {
-        const { session: existingSession } = await verifySession(req);
-        if (existingSession) {
-            return response<null>(res, {
-                data: null,
-                success: true,
-                error: false,
-                message: "Already logged in",
-                status: HttpCode.OK
-            });
-        }
-
        let resourceId: number | null = null;
        let orgId: string | null = null;
        if (resourceGuid) {
@@ -225,6 +231,12 @@ export async function login(
            }
        }

+        // check for previous cookie value and expire it
+        const previousCookie = req.cookies[SESSION_COOKIE_NAME];
+        if (previousCookie) {
+            await invalidateSession(previousCookie);
+        }
+
        const token = generateSessionToken();
        const sess = await createSession(token, existingUser.userId);
        const isSecure = req.protocol === "https";