mirror of
https://github.com/advplyr/audiobookshelf.git
synced 2026-03-01 13:39:41 +00:00
073eff74ef
Implement OIDC Back-Channel Logout 1.0 (RFC). When enabled, the IdP can POST a signed logout_token JWT to invalidate user sessions server-side. - Add BackchannelLogoutHandler: JWT verification via jose, jti replay protection with bounded cache, session destruction by sub or sid - Add oidcSessionId column to sessions table with index for fast lookups - Add backchannel logout route (POST /auth/openid/backchannel-logout) - Notify connected clients via socket to redirect to login page - Add authOpenIDBackchannelLogoutEnabled toggle in schema-driven settings UI - Migration v2.34.0 adds oidcSessionId column and index - Polish settings UI: auto-populate loading state, subfolder dropdown options, KeyValueEditor fixes, localized descriptions via descriptionKey, duplicate key detection, success/error toasts - Localize backchannel logout toast (ToastSessionEndedByProvider) - OidcAuthStrategy tests now use real class via require-cache stubbing
100 lines
2.2 KiB
JavaScript
100 lines
2.2 KiB
JavaScript
const { DataTypes, Model, Op } = require('sequelize')
|
|
|
|
class Session extends Model {
|
|
constructor(values, options) {
|
|
super(values, options)
|
|
|
|
/** @type {UUIDV4} */
|
|
this.id
|
|
/** @type {string} */
|
|
this.ipAddress
|
|
/** @type {string} */
|
|
this.userAgent
|
|
/** @type {Date} */
|
|
this.createdAt
|
|
/** @type {Date} */
|
|
this.updatedAt
|
|
/** @type {UUIDV4} */
|
|
this.userId
|
|
/** @type {Date} */
|
|
this.expiresAt
|
|
/** @type {string} */
|
|
this.oidcIdToken
|
|
/** @type {string} */
|
|
this.oidcSessionId
|
|
|
|
// Expanded properties
|
|
|
|
/** @type {import('./User').User} */
|
|
this.user
|
|
}
|
|
|
|
static async createSession(userId, ipAddress, userAgent, refreshToken, expiresAt, oidcIdToken = null, oidcSessionId = null) {
|
|
const session = await Session.create({ userId, ipAddress, userAgent, refreshToken, expiresAt, oidcIdToken, oidcSessionId })
|
|
return session
|
|
}
|
|
|
|
/**
|
|
* Clean up expired sessions from the database
|
|
* @returns {Promise<number>} Number of sessions deleted
|
|
*/
|
|
static async cleanupExpiredSessions() {
|
|
const deletedCount = await Session.destroy({
|
|
where: {
|
|
expiresAt: {
|
|
[Op.lt]: new Date()
|
|
}
|
|
}
|
|
})
|
|
return deletedCount
|
|
}
|
|
|
|
/**
|
|
* Initialize model
|
|
* @param {import('../Database').sequelize} sequelize
|
|
*/
|
|
static init(sequelize) {
|
|
super.init(
|
|
{
|
|
id: {
|
|
type: DataTypes.UUID,
|
|
defaultValue: DataTypes.UUIDV4,
|
|
primaryKey: true
|
|
},
|
|
ipAddress: DataTypes.STRING,
|
|
userAgent: DataTypes.STRING,
|
|
refreshToken: {
|
|
type: DataTypes.STRING,
|
|
allowNull: false
|
|
},
|
|
expiresAt: {
|
|
type: DataTypes.DATE,
|
|
allowNull: false
|
|
},
|
|
oidcIdToken: DataTypes.TEXT,
|
|
oidcSessionId: DataTypes.STRING
|
|
},
|
|
{
|
|
sequelize,
|
|
modelName: 'session',
|
|
indexes: [
|
|
{
|
|
name: 'sessions_oidc_session_id',
|
|
fields: ['oidcSessionId']
|
|
}
|
|
]
|
|
}
|
|
)
|
|
|
|
const { user } = sequelize.models
|
|
user.hasMany(Session, {
|
|
onDelete: 'CASCADE',
|
|
foreignKey: {
|
|
allowNull: false
|
|
}
|
|
})
|
|
Session.belongsTo(user)
|
|
}
|
|
}
|
|
|
|
module.exports = Session
|