feat: delete sessions

2024-09-07 16:48:06 +02:00 · 2024-09-07 16:48:06 +02:00 · d9377a9731
parent e4012844a6
commit d9377a9731
2 changed files with 44 additions and 0 deletions
--- a/lib/Database.ts
+++ b/lib/Database.ts
@ -231,6 +231,12 @@ class Database {
    return token;
  }

+  async deleteSession(id: string): Promise<boolean> {
+    const [ result ] = await this.mysqlPool!.query('DELETE FROM user_sessions WHERE id = ?', [ id ]);
+
+    return (result as any).affectedRows === 1;
+  }
+
  async getSession(token: string): Promise<any | undefined> {
    const [ rows ] = await this.mysqlPool!.query('SELECT * FROM user_sessions WHERE token = ?', [ token ]);

--- a/pages/api/v1/user/@me/session/[id].ts
+++ b/pages/api/v1/user/@me/session/[id].ts
@ -0,0 +1,38 @@
+import { ErrorResponse, User } from '@/interfaces';
+import Database from '@/lib/Database';
+import { getAuthenticatedUser } from '@/utils/auth_util';
+
+import type { NextApiRequest, NextApiResponse } from 'next';
+
+export default async function handler(
+  req: NextApiRequest,
+  res: NextApiResponse<any>, // User | ErrorResponse
+) {
+  const db   = new Database();
+  const user = await getAuthenticatedUser(req);
+
+  const { id } = req.query;
+
+  if (!user)
+    return res.status(401).json({
+      code: 401,
+      message: 'Unauthorized'
+    });
+
+  if (req.method === 'DELETE') {
+    const didDelete = await db.deleteSession(id as string);
+
+    if (!didDelete)
+      return res.status(404).json({
+        code: 404,
+        message: 'Session Not Found'
+      });
+
+    return res.status(204).end();
+  }
+
+  return res.status(405).json({
+    code: 405,
+    message: 'Method Not Allowed'
+  });
+}