refactor(server): use session model in auth service

Author: fengmk2

packages/backend/server/src/__tests__/auth/guard.spec.ts

@@ -6,6 +6,7 @@ import request from 'supertest';
 
 import { AuthModule, CurrentUser, Public, Session } from '../../core/auth';
 import { AuthService } from '../../core/auth/service';
+import { Models } from '../../models';
 import { createTestingApp } from '../utils';
 
 @Controller('/')
@@ -35,6 +36,8 @@ let server!: any;
 let auth!: AuthService;
 let u1!: CurrentUser;
 
+let sessionId = '';
+
 test.before(async t => {
   const { app } = await createTestingApp({
     imports: [AuthModule],
@@ -44,13 +47,10 @@ test.before(async t => {
   auth = app.get(AuthService);
   u1 = await auth.signUp('u1@affine.pro', '1');
 
-  const db = app.get(PrismaClient);
-  await db.session.create({
-    data: {
-      id: '1',
-    },
-  });
-  await auth.createUserSession(u1.id, '1');
+  const models = app.get(Models);
+  const session = await models.session.create();
+  sessionId = session.id;
+  await auth.createUserSession(u1.id, sessionId);
 
   server = app.getHttpServer();
   t.context.app = app;
@@ -69,7 +69,7 @@ test('should be able to visit public api if not signed in', async t => {
 test('should be able to visit public api if signed in', async t => {
   const res = await request(server)
     .get('/public')
-    .set('Cookie', `${AuthService.sessionCookieName}=1`)
+    .set('Cookie', `${AuthService.sessionCookieName}=${sessionId}`)
     .expect(HttpStatus.OK);
 
   t.is(res.body.user.id, u1.id);
@@ -90,7 +90,7 @@ test('should not be able to visit private api if not signed in', async t => {
 test('should be able to visit private api if signed in', async t => {
   const res = await request(server)
     .get('/private')
-    .set('Cookie', `${AuthService.sessionCookieName}=1`)
+    .set('Cookie', `${AuthService.sessionCookieName}=${sessionId}`)
     .expect(HttpStatus.OK);
 
   t.is(res.body.user.id, u1.id);
@@ -100,10 +100,10 @@ test('should be able to parse session cookie', async t => {
   const spy = Sinon.spy(auth, 'getUserSession');
   await request(server)
     .get('/public')
-    .set('cookie', `${AuthService.sessionCookieName}=1`)
+    .set('cookie', `${AuthService.sessionCookieName}=${sessionId}`)
     .expect(200);
 
-  t.deepEqual(spy.firstCall.args, ['1', undefined]);
+  t.deepEqual(spy.firstCall.args, [sessionId, undefined]);
   spy.restore();
 });
 
@@ -112,17 +112,17 @@ test('should be able to parse bearer token', async t => {
 
   await request(server)
     .get('/public')
-    .auth('1', { type: 'bearer' })
+    .auth(sessionId, { type: 'bearer' })
     .expect(200);
 
-  t.deepEqual(spy.firstCall.args, ['1', undefined]);
+  t.deepEqual(spy.firstCall.args, [sessionId, undefined]);
   spy.restore();
 });
 
 test('should be able to refresh session if needed', async t => {
   await t.context.app.get(PrismaClient).userSession.updateMany({
     where: {
-      sessionId: '1',
+      sessionId,
     },
     data: {
       expiresAt: new Date(Date.now() + 1000 * 60 * 60 /* expires in 1 hour */),
@@ -131,7 +131,7 @@ test('should be able to refresh session if needed', async t => {
 
   const res = await request(server)
     .get('/session')
-    .set('cookie', `${AuthService.sessionCookieName}=1`)
+    .set('cookie', `${AuthService.sessionCookieName}=${sessionId}`)
     .expect(200);
 
   const cookie = res

packages/backend/server/src/core/auth/service.ts

@@ -6,6 +6,7 @@ import type { CookieOptions, Request, Response } from 'express';
 import { assign, pick } from 'lodash-es';
 
 import { Config, MailService, SignUpForbidden } from '../../base';
+import { Models } from '../../models';
 import { FeatureManagementService } from '../features/management';
 import { QuotaService } from '../quota/service';
 import { QuotaType } from '../quota/types';
@@ -47,6 +48,7 @@ export class AuthService implements OnApplicationBootstrap {
   constructor(
     private readonly config: Config,
     private readonly db: PrismaClient,
+    private readonly models: Models,
     private readonly mailer: MailService,
     private readonly feature: FeatureManagementService,
     private readonly quota: QuotaService,
@@ -103,11 +105,7 @@ export class AuthService implements OnApplicationBootstrap {
   async signOut(sessionId: string, userId?: string) {
     // sign out all users in the session
     if (!userId) {
-      await this.db.session.deleteMany({
-        where: {
-          id: sessionId,
-        },
-      });
+      await this.models.session.delete(sessionId);
     } else {
       await this.db.userSession.deleteMany({
         where: {
@@ -138,8 +136,7 @@ export class AuthService implements OnApplicationBootstrap {
     // fallback to the first valid session if user provided userId is invalid
     if (!userSession) {
       // checked
-      // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
-      userSession = sessions.at(-1)!;
+      userSession = sessions.at(-1) as UserSession;
     }
 
     const user = await this.user.findUserById(userSession.userId);
@@ -170,11 +167,7 @@ export class AuthService implements OnApplicationBootstrap {
   ) {
     // check whether given session is valid
     if (sessionId) {
-      const session = await this.db.session.findFirst({
-        where: {
-          id: sessionId,
-        },
-      });
+      const session = await this.getSession(sessionId);
 
       if (!session) {
         sessionId = undefined;
@@ -233,17 +226,11 @@ export class AuthService implements OnApplicationBootstrap {
   }
 
   async createSession() {
-    return this.db.session.create({
-      data: {},
-    });
+    return await this.models.session.create();
   }
 
   async getSession(sessionId: string) {
-    return this.db.session.findFirst({
-      where: {
-        id: sessionId,
-      },
-    });
+    return await this.models.session.get(sessionId);
   }
 
   async refreshUserSessionIfNeeded(

packages/backend/server/src/models/user.ts

@@ -14,7 +14,7 @@ import {
 } from '../base';
 import type { Payload } from '../base/event/def';
 import { Permission } from '../core/permission';
-import { Quota_FreePlanV1_1 } from '../core/quota';
+import { Quota_FreePlanV1_1 } from '../core/quota/schema';
 
 const publicUserSelect = {
   id: true,