From f1abbc5a07766c8f1bb8794ddd4af3f11368b583 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?BENEDEK=20L=C3=A1szl=C3=B3?= <lacbenedek@gmail.com>
Date: Sun, 1 Jun 2025 20:37:55 +0200
Subject: [PATCH] Delete previous session tokens at login

---
 controller/AuthController.go |  5 ++++
 dao/ISessionDAO.go           |  1 +
 dao/valkey/SessionDAO.go     | 49 ++++++++++++++++++++++++++++++++++++
 3 files changed, 55 insertions(+)

diff --git a/controller/AuthController.go b/controller/AuthController.go
index fc5d91a..4a92a89 100644
--- a/controller/AuthController.go
+++ b/controller/AuthController.go
@@ -88,6 +88,11 @@ func (c AuthController) Login(username string, password string) (string, bool, e
 		return "", false, err
 	}
 
+	err = c.sessionDAO.DeleteAllByID(user.ID)
+	if err != nil {
+		return "", false, err
+	}
+
 	err = c.sessionDAO.Set(token, user.ID)
 	if err != nil {
 		return "", false, err
diff --git a/dao/ISessionDAO.go b/dao/ISessionDAO.go
index 7e48a54..307034a 100644
--- a/dao/ISessionDAO.go
+++ b/dao/ISessionDAO.go
@@ -4,5 +4,6 @@ type ISessionDAO interface {
 	Set(token string, id int) error
 	Get(token string) (int, error)
 	Delete(token string) error
+	DeleteAllByID(id int) error
 	Bump(token string, time int) error
 }
diff --git a/dao/valkey/SessionDAO.go b/dao/valkey/SessionDAO.go
index 158335e..9582f56 100644
--- a/dao/valkey/SessionDAO.go
+++ b/dao/valkey/SessionDAO.go
@@ -34,6 +34,55 @@ func (d SessionDAOVK) Delete(token string) error {
 	return (*d.vk).Do(context.Background(), cmd).Error()
 }
 
+func (d SessionDAOVK) DeleteAllByID(id int) error {
+	// iterate all session keys
+	var cursor uint64 = 0
+	pattern := SESSION_PREFIX + "*"
+	for {
+		cmd := (*d.vk).B().Scan().Cursor(cursor).Match(pattern).Build()
+
+		result := (*d.vk).Do(context.Background(), cmd)
+		if err := result.Error(); err != nil {
+			return err
+		}
+
+		entry, err := result.AsScanEntry()
+		if err != nil {
+			return err
+		}
+
+		for _, key := range entry.Elements {
+			// get the value of the key
+			cmd = (*d.vk).B().Get().Key(key).Build()
+
+			result := (*d.vk).Do(context.Background(), cmd)
+			if err := result.Error(); err != nil {
+				return err
+			}
+
+			value, err := result.AsInt64()
+			if err != nil {
+				return err
+			}
+
+			// check if the value is the same as our id
+			if value == int64(id) {
+				// if so, delete it
+				cmd = (*d.vk).B().Del().Key(key).Build()
+				result := (*d.vk).Do(context.Background(), cmd)
+				if err := result.Error(); err != nil {
+					return err
+				}
+			}
+		}
+
+		if cursor = entry.Cursor; cursor == 0 {
+			break
+		}
+	}
+	return nil
+}
+
 func (d SessionDAOVK) Bump(token string, time int) error {
 	cmd := (*d.vk).B().Expire().Key(SESSION_PREFIX + token).Seconds(int64(time)).Build()
 	return (*d.vk).Do(context.Background(), cmd).Error()