feat(User): User can manager their own sessions

Since We add the max per user session number limit, It is importortant for user can manager (or you can say revoke) their session. So in this commit, 1. Add `/user/sessions` as user sessions manager route. 2. User Login out with Session expired in database.
Rhilip · Feb 1, 2019 · f3c38a7 · f3c38a7
1 parent 857dc20
commit f3c38a7
Show file tree

Hide file tree

Showing 5 changed files with 106 additions and 2 deletions.
diff --git a/apps/controllers/UserController.php b/apps/controllers/UserController.php
@@ -19,6 +19,11 @@ public function actionIndex()
         return $this->actionPanel();
     }
 
+    public function actionSetting()
+    {
+        return $this->render('user/setting.html.twig');
+    }
+
     public function actionPanel()
     {
         $uid = app()->request->get('id');
@@ -27,11 +32,33 @@ public function actionPanel()
         } else {
             $user = app()->user;
         }
-        return $this->render('user/panel.html.twig',['user' => $user]);
+        return $this->render('user/panel.html.twig', ['user' => $user]);
     }
 
-    public function actionSetting()
+    public function actionSessions()
     {
+        if (app()->request->isPost()) {
+            $action = app()->request->post('action');
+            if ($action == 'delsession') {
+                $to_del_session = app()->request->post('session');
+
+                // expired it from Database first
+                app()->pdo->createCommand('UPDATE `users_session_log` SET `expired` = 1 WHERE uid = :uid AND sid = :sid')->bindParams([
+                    'uid' => app()->user->getId(), 'sid' => $to_del_session
+                ])->execute();
+                $success = app()->pdo->getRowCount();
+
+                if ($success > 0) {
+                    app()->redis->zRem(app()->user->sessionSaveKey, $to_del_session);
+                } else {
+                    return $this->render('errors/action_fail.html.twig', ['title' => 'Remove Session Failed', 'msg' => 'Remove Session Failed']);
+                }
+            }
+        }
 
+        $sessions = app()->pdo->createCommand('SELECT sid,login_at,INET6_NTOA(login_ip) as login_ip,browser,platform,last_access_at FROM users_session_log WHERE uid=:uid and expired=0')->bindParams([
+            'uid' => app()->user->getId()
+        ])->queryAll();
+        return $this->render('user/sessions.html.twig', ['sessions' => $sessions]);
     }
 }
diff --git a/apps/views/user/sessions.html.twig b/apps/views/user/sessions.html.twig
@@ -0,0 +1,46 @@
+{% extends "user/setting_layout.html.twig" %}
+
+{% block panel %}
+    <h1>Sessions</h1>
+    <hr>
+    This is a list of devices that have logged into your account. Revoke any sessions that you do not recognize.
+    <br>
+    <br>
+    <table class="table table-striped table-bordered table-hover">
+        <thead>
+        <tr>
+            <td class="text-center">Login At</td>
+            <td class="text-center">Login IP</td>
+            <td class="text-center">Platform</td>
+            <td class="text-center">Browser</td>
+            <td class="text-center">Last access at</td>
+            <td class="text-center">Action</td>
+        </tr>
+        </thead>
+        <tbody>
+        {% for s in sessions %}
+            <tr>
+                <td class="text-center">{{ s['login_at'] | date("Y-m-d H:i:s") }}</td>
+                <td class="text-center">{{ s['login_ip'] }}</td>
+                <td class="text-center">{{ s['platform'] }}</td>
+                <td class="text-center">{{ s['browser'] }}</td>
+                <td class="text-center">{{ s['last_access_at'] |  date("Y-m-d H:i:s") }}</td>
+                <td class="text-center">
+                    {% if s['sid'] == curuser.getSessionId() %}
+                        Current
+                    {% else %}
+                        <form method="post">
+                            <input type="hidden" name="action" value="delsession"/>
+                            <input type="hidden" name="session" value="{{ s['sid'] }}"/>
+                            <button class="btn btn-default" type="submit"
+                                    onclick="return confirm('Are you sure you want to delete this session?');">
+                                <span class="glyphicon glyphicon-trash"></span>
+                            </button>
+                        </form>
+                    {% endif %}
+                </td>
+            </tr>
+        {% endfor %}
+        </tbody>
+    </table>
+{% endblock %}
diff --git a/apps/views/user/setting.html.twig b/apps/views/user/setting.html.twig
@@ -0,0 +1 @@
+{% extends "user/setting_layout.html.twig" %}
diff --git a/apps/views/user/setting_layout.html.twig b/apps/views/user/setting_layout.html.twig
@@ -0,0 +1,27 @@
+{% extends "layout/base.html.twig" %}
+
+{% block title %}User setting{% endblock %}
+
+{% block container %}
+    <div class="row">
+        <div class="col-md-3">
+            <div class="panel panel-default">
+                <div class="panel-heading">
+                    <h3 class="panel-title">Personal settings</h3>
+                </div>
+                <div class="panel-body">
+                    <ul class="nav nav-pills nav-stacked">
+                        <li><a href="/user/sessions">Sessions</a></li>
+                    </ul>
+                </div><!--/.panel-body -->
+            </div>
+
+        </div>
+        <div class="col-md-9">
+            {% block panel %}{% endblock %}
+        </div>
+    </div>
+
+
+
+{% endblock %}
diff --git a/framework/User/User.php b/framework/User/User.php
@@ -62,6 +62,9 @@ public function loadUserFromCookies()
     public function deleteUserThisSession()
     {
         $success = app()->redis->zRem($this->sessionSaveKey, $this->_userSessionId);
+        app()->pdo->createCommand('UPDATE `users_session_log` SET `expired` = 1 WHERE sid = :sid')->bindParams([
+            'sid' => $this->_userSessionId
+        ])->execute();
         app()->cookie->delete($this->cookieName);
         return $success ? true : false;
     }