From f3c38a7bb6cb2e30921f9c38881f6a61c0662ced Mon Sep 17 00:00:00 2001
From: Rhilip <rhilipruan@gmail.com>
Date: Fri, 1 Feb 2019 16:04:13 +0800
Subject: [PATCH] feat(User): User can manager their own sessions

Since We add the max per user session number limit,
It is importortant for user can manager (or you can say revoke) their session.
So in this commit,
1. Add `/user/sessions` as user sessions manager route.
2. User Login out with Session expired in database.
---
 apps/controllers/UserController.php      | 31 ++++++++++++++--
 apps/views/user/sessions.html.twig       | 46 ++++++++++++++++++++++++
 apps/views/user/setting.html.twig        |  1 +
 apps/views/user/setting_layout.html.twig | 27 ++++++++++++++
 framework/User/User.php                  |  3 ++
 5 files changed, 106 insertions(+), 2 deletions(-)
 create mode 100644 apps/views/user/sessions.html.twig
 create mode 100644 apps/views/user/setting.html.twig
 create mode 100644 apps/views/user/setting_layout.html.twig
diff --git a/apps/controllers/UserController.php b/apps/controllers/UserController.php
index 4aa4061..1593a51 100644
--- a/apps/controllers/UserController.php
+++ b/apps/controllers/UserController.php
@@ -19,6 +19,11 @@ public function actionIndex()
         return $this->actionPanel();
     }
 
+    public function actionSetting()
+    {
+        return $this->render('user/setting.html.twig');
+    }
+
     public function actionPanel()
     {
         $uid = app()->request->get('id');
@@ -27,11 +32,33 @@ public function actionPanel()
         } else {
             $user = app()->user;
         }
-        return $this->render('user/panel.html.twig',['user' => $user]);
+        return $this->render('user/panel.html.twig', ['user' => $user]);
     }
 
-    public function actionSetting()
+    public function actionSessions()
     {
+        if (app()->request->isPost()) {
+            $action = app()->request->post('action');
+            if ($action == 'delsession') {
+                $to_del_session = app()->request->post('session');
+
+                // expired it from Database first
+                app()->pdo->createCommand('UPDATE `users_session_log` SET `expired` = 1 WHERE uid = :uid AND sid = :sid')->bindParams([
+                    'uid' => app()->user->getId(), 'sid' => $to_del_session
+                ])->execute();
+                $success = app()->pdo->getRowCount();
+
+                if ($success > 0) {
+                    app()->redis->zRem(app()->user->sessionSaveKey, $to_del_session);
+                } else {
+                    return $this->render('errors/action_fail.html.twig', ['title' => 'Remove Session Failed', 'msg' => 'Remove Session Failed']);
+                }
+            }
+        }
 
+        $sessions = app()->pdo->createCommand('SELECT sid,login_at,INET6_NTOA(login_ip) as login_ip,browser,platform,last_access_at FROM users_session_log WHERE uid=:uid and expired=0')->bindParams([
+            'uid' => app()->user->getId()
+        ])->queryAll();
+        return $this->render('user/sessions.html.twig', ['sessions' => $sessions]);
     }
 }
diff --git a/apps/views/user/sessions.html.twig b/apps/views/user/sessions.html.twig
new file mode 100644
index 0000000..ea91bd8
--- /dev/null
+++ b/apps/views/user/sessions.html.twig
@@ -0,0 +1,46 @@
+{% extends "user/setting_layout.html.twig" %}
+
+{% block panel %}
+    <h1>Sessions</h1>
+    <hr>
+    This is a list of devices that have logged into your account. Revoke any sessions that you do not recognize.
+    <br>
+    <br>
+    <table class="table table-striped table-bordered table-hover">
+        <thead>
+        <tr>
+            <td class="text-center">Login At</td>
+            <td class="text-center">Login IP</td>
+            <td class="text-center">Platform</td>
+            <td class="text-center">Browser</td>
+            <td class="text-center">Last access at</td>
+            <td class="text-center">Action</td>
+        </tr>
+        </thead>
+        <tbody>
+        {% for s in sessions %}
+            <tr>
+                <td class="text-center">{{ s['login_at'] | date("Y-m-d H:i:s") }}</td>
+                <td class="text-center">{{ s['login_ip'] }}</td>
+                <td class="text-center">{{ s['platform'] }}</td>
+                <td class="text-center">{{ s['browser'] }}</td>
+                <td class="text-center">{{ s['last_access_at'] |  date("Y-m-d H:i:s") }}</td>
+                <td class="text-center">
+                    {% if s['sid'] == curuser.getSessionId() %}
+                        Current
+                    {% else %}
+                        <form method="post">
+                            <input type="hidden" name="action" value="delsession"/>
+                            <input type="hidden" name="session" value="{{ s['sid'] }}"/>
+                            <button class="btn btn-default" type="submit"
+                                    onclick="return confirm('Are you sure you want to delete this session?');">
+                                <span class="glyphicon glyphicon-trash"></span>
+                            </button>
+                        </form>
+                    {% endif %}
+                </td>
+            </tr>
+        {% endfor %}
+        </tbody>
+    </table>
+{% endblock %}
diff --git a/apps/views/user/setting.html.twig b/apps/views/user/setting.html.twig
new file mode 100644
index 0000000..8015159
--- /dev/null
+++ b/apps/views/user/setting.html.twig
@@ -0,0 +1 @@
+{% extends "user/setting_layout.html.twig" %}
diff --git a/apps/views/user/setting_layout.html.twig b/apps/views/user/setting_layout.html.twig
new file mode 100644
index 0000000..1233911
--- /dev/null
+++ b/apps/views/user/setting_layout.html.twig
@@ -0,0 +1,27 @@
+{% extends "layout/base.html.twig" %}
+
+{% block title %}User setting{% endblock %}
+
+{% block container %}
+    <div class="row">
+        <div class="col-md-3">
+            <div class="panel panel-default">
+                <div class="panel-heading">
+                    <h3 class="panel-title">Personal settings</h3>
+                </div>
+                <div class="panel-body">
+                    <ul class="nav nav-pills nav-stacked">
+                        <li><a href="/user/sessions">Sessions</a></li>
+                    </ul>
+                </div><!--/.panel-body -->
+            </div>
+
+        </div>
+        <div class="col-md-9">
+            {% block panel %}{% endblock %}
+        </div>
+    </div>
+
+
+
+{% endblock %}
diff --git a/framework/User/User.php b/framework/User/User.php
index cf39b15..b9eabe4 100644
--- a/framework/User/User.php
+++ b/framework/User/User.php
@@ -62,6 +62,9 @@ public function loadUserFromCookies()
     public function deleteUserThisSession()
     {
         $success = app()->redis->zRem($this->sessionSaveKey, $this->_userSessionId);
+        app()->pdo->createCommand('UPDATE `users_session_log` SET `expired` = 1 WHERE sid = :sid')->bindParams([
+            'sid' => $this->_userSessionId
+        ])->execute();
         app()->cookie->delete($this->cookieName);
         return $success ? true : false;
     }

Login At	Login IP	Platform	Browser	Last access at	Action
{{ s['login_at'] \| date("Y-m-d H:i:s") }}	{{ s['login_ip'] }}	{{ s['platform'] }}	{{ s['browser'] }}	{{ s['last_access_at'] \| date("Y-m-d H:i:s") }}	+ {% if s['sid'] == curuser.getSessionId() %} + Current + {% else %} + + + + + + {% endif %} +