同一アカウントでのマルチログインに対応する #34

Author: sinproject-iwasaki

prisma/schema.prisma

@@ -10,6 +10,14 @@ datasource db {
   url      = env("DATABASE_URL")
 }
 
+model AppSetting {
+  id         Int      @id @default(autoincrement())
+  created_at DateTime @default(now())
+  updated_at DateTime @updatedAt
+  key        String   @unique
+  value      String
+}
+
 model Role {
   id         Int      @id @default(autoincrement())
   created_at DateTime @default(now())
@@ -33,9 +41,11 @@ model AuthToken {
   id         Int      @id @default(autoincrement())
   created_at DateTime @default(now())
   updated_at DateTime @updatedAt
-  user_id    Int      @unique
+  user_id    Int
   token      String   @unique
   user       User     @relation(fields: [user_id], references: [id])
+
+  @@index(updated_at)
 }
 
 model AuthPin {

src/hooks.server.ts

@@ -1,34 +1,24 @@
+import { Auth } from '$lib/auth'
 import { CookiesManager } from '$lib/cookies_manager'
-import { db } from '$lib/database'
 import type { Handle } from '@sveltejs/kit'
 
 // export const handle: Handle = async ({ event, resolve }) => resolve(event)
 
 export const handle: Handle = async ({ event, resolve }) => {
-	const session_id = event.cookies.get('session_id')
-
+	const cookiesManager = new CookiesManager(event.cookies) 
+	const session_id = cookiesManager.session_id
 	if (!session_id) return await resolve(event)
 
-	const auth_token = await db.authToken.findUnique({
-		where: { token: session_id },
-		include: {
-			user: {
-				include: {
-					role: true,
-				},
-			},
-		},
-	})
-
+	const auth_token = await Auth.findAuthToken(session_id)
 	if (!auth_token) return await resolve(event)
 
+	await Auth.accessValid(auth_token.id, event.cookies)
+
 	event.locals.user = {
 		email: auth_token.user.email,
 		role: auth_token.user.role.name,
 	}
 
-	new CookiesManager(event.cookies).setSessionId(auth_token.token);
-
 	return await resolve(event)
 
 	// console.log('🍌')

src/lib/auth.ts

@@ -0,0 +1,126 @@
+import type { AuthPin, AuthToken, Role, User } from '@prisma/client'
+import type { Cookies } from '@sveltejs/kit'
+import { CookiesManager } from './cookies_manager'
+import { Database, db } from './database'
+
+export class Auth {
+	public static async getSessionLifetimeSec(): Promise<number> {
+		return await Database.getAppSettingInt('session_lifetime_sec')
+	}
+
+	public static async getPinCodeLifetimeSec(): Promise<number> {
+		return await Database.getAppSettingInt('pin_code_lifetime_sec')
+	}
+
+	public static getLimit(lifetime_sec: number): Date {
+		const limit = new Date()
+
+		if (lifetime_sec == 0) console.warn('lifetime_sec is 0')
+
+		limit.setSeconds(limit.getSeconds() - lifetime_sec)
+
+		return limit
+	}
+
+	public static async createAuthToken(
+		user_id: number,
+		session_lifetime_sec: number
+	): Promise<AuthToken> {
+		const session_limit = await Auth.getLimit(session_lifetime_sec)
+
+		const [auth_token] = await db.$transaction([
+			db.authToken.create({
+				data: { user_id, token: crypto.randomUUID() },
+			}),
+			db.authToken.deleteMany({
+				where: { updated_at: { lt: session_limit } },
+			}),
+		])
+
+		return auth_token
+	}
+
+	public static async updateAuthToken(auth_token_id: number): Promise<AuthToken> {
+		const auth_token = await db.authToken.update({
+			where: { id: auth_token_id },
+			data: { updated_at: new Date() },
+		})
+
+		return auth_token
+	}
+
+	public static async findAuthPin(email: string, pin_code: string): Promise<AuthPin | null> {
+		const pin_lifetime_sec = await Auth.getPinCodeLifetimeSec()
+		const pin_limit = Auth.getLimit(pin_lifetime_sec)
+
+		const auth_pin = await db.authPin.findFirst({
+			where: {
+				updated_at: { gte: pin_limit },
+				pin_code,
+				user: {
+					email,
+				},
+			},
+		})
+
+		return auth_pin
+	}
+
+	public static async signIn(
+		user_id: number,
+		cookies: Cookies,
+		pin_code_id?: number
+	): Promise<void> {
+		const session_lifetime_sec = await Auth.getSessionLifetimeSec()
+
+		const auth_token = await Auth.createAuthToken(user_id, session_lifetime_sec)
+
+		new CookiesManager(cookies).setSessionId(auth_token.token, session_lifetime_sec)
+
+		if (pin_code_id) {
+			await db.authPin.delete({ where: { id: pin_code_id } })
+		}
+	}
+
+	public static async signOut(cookies: Cookies): Promise<void> {
+		const cookiesManager = new CookiesManager(cookies)
+
+		await db.authToken.delete({ where: { token: cookiesManager.session_id } })
+		cookiesManager.deleteSessionId()
+	}
+
+	public static async accessValid(auth_token_id: number, cookies: Cookies): Promise<void> {
+		const auth_token = await Auth.updateAuthToken(auth_token_id)
+		const session_lifetime_sec = await Auth.getSessionLifetimeSec()
+
+		new CookiesManager(cookies).setSessionId(auth_token.token, session_lifetime_sec)
+	}
+
+	public static async findAuthToken(session_id: string): Promise<
+		| (AuthToken & {
+				user: User & {
+					role: Role
+				}
+		  })
+		| null
+	> {
+		const session_lifetime_sec = await Auth.getSessionLifetimeSec()
+		const session_limit = Auth.getLimit(session_lifetime_sec)
+
+		const auth_token = await db.authToken.findFirst({
+			where: {
+				updated_at: { gte: session_limit },
+				token: session_id,
+			},
+			include: {
+				user: {
+					include: {
+						role: true,
+					},
+				},
+			},
+		})
+
+		return auth_token
+	}
+}

src/lib/cookies_manager.ts

@@ -1,16 +1,26 @@
 import type { Cookies } from "@sveltejs/kit";
 
 export class CookiesManager {
+	private static readonly _session_id_key = 'session_id'
+
 	public constructor(private readonly _cookies: Cookies) {}
 
-	public setSessionId(session_id: string): void {
-		this._cookies.set('session_id', session_id, {
+	public get session_id(): string {
+		return this._cookies.get(CookiesManager._session_id_key) ?? ''
+	}
+
+	public setSessionId(session_id: string, max_age_sec: number): void {
+		this._cookies.set(CookiesManager._session_id_key, session_id, {
 			path: '/',
-			maxAge: 60 * 60 * 24 * 30,
+			maxAge: max_age_sec,
 			sameSite: 'lax',
 			secure: true,
 			// secure: process.env.NODE_ENV === 'production',
 			httpOnly: true,
 		})
 	}
+
+	public deleteSessionId(): void {
+		this._cookies.delete(CookiesManager._session_id_key)
+	}
 }

src/lib/database.ts

@@ -7,21 +7,31 @@ enum Roles {
 
 export const db = new prisma.PrismaClient()
 
-export async function findUser(email: string, can_register = true): Promise<User | undefined> {
-	const user = await db.user.findUnique({ where: { email } })
+export class Database {
+	public static async findUser(email: string, can_register = true): Promise<User | undefined> {
+		const user = await db.user.findUnique({ where: { email } })
 
-	if (user) return user
-	if (!can_register) return undefined
+		if (user) return user
+		if (!can_register) return undefined
 
-	try {
-		return await db.user.create({
-			data: {
-				role: { connect: { name: Roles.user } },
-				email,
-			},
-		})
-	} catch (error) {
-		console.error(error)
-		return undefined
+		try {
+			return await db.user.create({
+				data: {
+					role: { connect: { name: Roles.user } },
+					email,
+				},
+			})
+		} catch (error) {
+			console.error(error)
+			return undefined
+		}
+	}
+
+	public static async getAppSettingInt(key: string): Promise<number> {
+		const appSetting = await db.appSetting.findUnique({ where: { key } })
+		const number_value = Number(appSetting?.value)
+		const number_value_not_nan = Number.isNaN(number_value) ? 0 : number_value
+
+		return number_value_not_nan
 	}
 }

src/routes/logout/+page.server.ts

@@ -1,13 +1,14 @@
-import { redirect, type Actions } from "@sveltejs/kit";
-import type { PageServerLoad } from "./$types";
+import { Auth } from '$lib/auth'
+import { redirect, type Actions } from '@sveltejs/kit'
+import type { PageServerLoad } from './$types'
 
 export const load: PageServerLoad = async () => {
-	throw redirect(302, "/")
+	throw redirect(302, '/')
 }
 
 export const actions: Actions = {
 	default: async ({ cookies }) => {
-		cookies.delete('session_id')
+		Auth.signOut(cookies)
 		throw redirect(302, '/')
-	}
+	},
 }

src/routes/pin_code/+page.server.ts

@@ -1,5 +1,5 @@
-import { CookiesManager } from '$lib/cookies_manager'
-import { db, findUser } from '$lib/database'
+import { Auth } from '$lib/auth'
+import { Database, db } from '$lib/database'
 import { NodemailerManager as NodeMailerManager } from '$lib/nodemailer_manager'
 import type { PageServerLoad } from '.svelte-kit/types/src/routes/$types'
 import type { User } from '@prisma/client'
@@ -70,7 +70,7 @@ export const actions: Actions = {
 
 		if (!email) throw redirect(302, '/')
 
-		const user = await findUser(email, true)
+		const user = await Database.findUser(email, true)
 
 		if (!user) return { credentials: true, email, missing: false, success: false }
 
@@ -94,38 +94,11 @@ export const actions: Actions = {
 
 		if (!email || !pin_code) return invalid(400, { missing: true, email })
 
-		const limit_date = new Date()
-
-		limit_date.setMinutes(limit_date.getMinutes() - 5)
-
-		const auth_pin = await db.authPin.findFirst({
-			where: {
-				pin_code,
-				updated_at: { gt: limit_date },
-				user: {
-					email,
-				},
-			},
-		})
+		const auth_pin = await Auth.findAuthPin(email, pin_code)
 
 		if (!auth_pin) return invalid(400, { credentials: true, email })
 
-		const user_id = auth_pin.user_id
-
-		const [auth_token] = await db.$transaction([
-			db.authToken.upsert({
-				where: { user_id },
-				update: { token: crypto.randomUUID() },
-				create: { user_id, token: crypto.randomUUID() },
-			}),
-			db.authPin.delete({
-				where: {
-					id: auth_pin.id,
-				},
-			}),
-		])
-
-		new CookiesManager(cookies).setSessionId(auth_token.token)
+		await Auth.signIn(auth_pin.user_id, cookies, auth_pin.id)
 
 		return { success: true, email }
 	},
@@ -147,19 +120,11 @@ export const actions: Actions = {
 		console.log('Email: ' + payload.email)
 
 		const email = payload.email as string
-		const user = await findUser(email, true)
+		const user = await Database.findUser(email, true)
 
 		if (!user) return { credentials: true, email, missing: false }
 
-		const user_id = user.id
-
-		const auth_token = await db.authToken.upsert({
-			where: { user_id },
-			update: { token: crypto.randomUUID() },
-			create: { user_id, token: crypto.randomUUID() },
-		})
-
-		new CookiesManager(cookies).setSessionId(auth_token.token)
+		await Auth.signIn(user.id, cookies)
 
 		throw redirect(302, '/login')
 	},