Testing anonymous sessions and cleaning out when logging in.

src/lib/server/api/controllers/login.controller.ts

@@ -14,7 +14,7 @@ import {signinUsername} from './login.routes';
 export class LoginController extends Controller {
 	constructor(
 		@inject(LoginRequestsService) private readonly loginRequestsService: LoginRequestsService,
-		@inject(SessionsService) private luciaService: SessionsService,
+		@inject(SessionsService) private sessionsService: SessionsService,
 	) {
 		super();
 	}
@@ -29,6 +29,13 @@ export class LoginController extends Controller {
 				const { username, password } = c.req.valid('json');
 				const session = await this.loginRequestsService.verify({ username, password }, c.req);
 				const sessionCookie = createSessionTokenCookie(session.id, cookieExpiresAt);
+
+				// Cleanup old session
+				const currentSession = c.var.session;
+				if (currentSession) {
+					await this.sessionsService.invalidateSession(currentSession.id);
+				}
+
 				console.log('set cookie', sessionCookie);
 				setSessionCookie(c, sessionCookie);
 				return c.json({ message: 'ok' });

src/lib/server/api/middleware/auth.middleware.ts

@@ -1,10 +1,10 @@
 import 'reflect-metadata';
 import {
+	type SessionCookie,
 	cookieExpiresAt,
 	cookieName,
 	createBlankSessionTokenCookie,
 	createSessionTokenCookie,
-	type SessionCookie,
 	setSessionCookie,
 } from '$lib/server/api/common/utils/cookies';
 import { SessionsService } from '$lib/server/api/services/sessions.service';
@@ -34,8 +34,20 @@ export const verifyOrigin: MiddlewareHandler<AppBindings> = createMiddleware(asy
 export const validateAuthSession: MiddlewareHandler<AppBindings> = createMiddleware(async (c, next) => {
 	const sessionId = getCookie(c, cookieName) ?? null;
 	if (!sessionId) {
+		const requestIpAddress = c.req.header('x-real-ip');
+		const requestIpCountry = c.req.header('x-vercel-ip-country');
+		const session = await sessionService.createSession(
+			sessionService.generateSessionToken(),
+			'anonymous',
+			requestIpCountry || 'unknown',
+			requestIpAddress || 'unknown',
+			false,
+			false,
+		);
+		const sessionCookie = createSessionTokenCookie(session.id, cookieExpiresAt);
+		setSessionCookie(c, sessionCookie);
+		c.set('session', session);
 		c.set('user', null);
-		c.set('session', null);
 		return next();
 	}
 

src/lib/server/api/services/sessions.service.ts

@@ -26,7 +26,7 @@ export type Session = {
 	isTwoFactorAuthenticated: boolean;
 };
 
-export type SessionValidationResult = { session: Session; user: Users } | { session: null; user: null } | { session: Session; user: undefined };
+export type SessionValidationResult = { session: Session; user: Users } | { session: null; user: null } | { session: Session; user: null };
 
 @injectable()
 export class SessionsService {
@@ -97,7 +97,7 @@ export class SessionsService {
 			isTwoFactorAuthenticated: result.is_two_factor_authenticated,
 		};
 		let user: Users | undefined = undefined;
-		if (session.userId) {
+		if (session.userId && session.userId !== 'anonymous') {
 			user = await this.usersRepository.findOneById(session.userId);
 		}
 		if (Date.now() >= session.expiresAt.getTime()) {
@@ -126,7 +126,7 @@ export class SessionsService {
 			);
 		}
 
-		return { session, user };
+		return { session, user: user ?? null };
 	}
 
 	async invalidateSession(sessionId: string) {