feat: delete user session when user logout

Author: Tha-Orakkle

api/v1/routes/auth.py

@@ -34,7 +34,6 @@
     UserData2,
 )
 from api.v1.schemas.token import TokenRequest
-# from api.v1.schemas.session import SessionCreate
 from api.v1.schemas.user import (MagicLinkRequest,
                                  ChangePasswordSchema,
                                  AuthMeResponse)
@@ -53,7 +52,7 @@
 )
 from api.v1.services.totp import totp_service
 from api.utils.settings import settings
-# from api.v1.services.session import SessionService
+from api.v1.services.session import SessionService
 
 auth = APIRouter(prefix="/auth", tags=["Authentication"])
 
@@ -307,6 +306,11 @@ def logout(
 ):
     """Endpoint to log a user out of their account"""
 
+    # logout/delete current user session    
+    current_refresh_token = request.cookies.get("refresh_token")
+    SessionService.logout_session(db, current_user.id, current_refresh_token)
+    
+
     response = success_response(status_code=200, message="User logged put successfully")
 
     # Delete refresh token from cookies

api/v1/services/session.py

@@ -13,6 +13,16 @@ def __init__(self, db: Session):
         """Initialize the service."""
         self.db = db
 
+    @staticmethod
+    def logout_session(db: Session, user_id: str, refresh_token: str):
+        """Logout a session."""
+        session = db.query(UserSession).filter(
+            UserSession.refresh_token == refresh_token, UserSession.user_id == user_id).first()
+        if not session:
+            return
+        db.delete(session)
+        db.commit()
+
     def is_revoked_or_expired(self, refresh_token: str):
         """Check if a session (refresh token) is revoked."""
         session = self.db.query(UserSession).filter(UserSession.refresh_token == refresh_token).first()