From 79cb85f74f4ac5778ff646189a8a2c11dea04da3 Mon Sep 17 00:00:00 2001 From: yassinedorbozgithub Date: Wed, 29 Jan 2025 14:50:05 +0100 Subject: [PATCH 1/2] fix: logout disconnection sockets --- api/src/user/controllers/auth.controller.ts | 15 ++++++++++++++- api/src/websocket/websocket.gateway.ts | 15 +++++++++++++-- api/types/event-emitter.d.ts | 4 ++-- 3 files changed, 29 insertions(+), 5 deletions(-) diff --git a/api/src/user/controllers/auth.controller.ts b/api/src/user/controllers/auth.controller.ts index 559bc2ee..fc5e1341 100644 --- a/api/src/user/controllers/auth.controller.ts +++ b/api/src/user/controllers/auth.controller.ts @@ -1,5 +1,5 @@ /* - * Copyright © 2024 Hexastack. All rights reserved. + * Copyright © 2025 Hexastack. All rights reserved. * * Licensed under the GNU Affero General Public License v3.0 (AGPLv3) with the following additional terms: * 1. The name "Hexabot" is a trademark of Hexastack. You may not use this name in derivative works without express written permission. @@ -11,6 +11,8 @@ import { Body, Controller, Get, + Headers, + Inject, InternalServerErrorException, Param, Post, @@ -21,7 +23,9 @@ import { UseGuards, UseInterceptors, } from '@nestjs/common'; +import { EventEmitter2 } from '@nestjs/event-emitter'; import { CsrfCheck, CsrfGen, CsrfGenAuth } from '@tekuconcept/nestjs-csrf'; +import cookie from 'cookie'; import { Request, Response } from 'express'; import { Session as ExpressSession } from 'express-session'; @@ -38,6 +42,9 @@ import { UserService } from '../services/user.service'; import { ValidateAccountService } from '../services/validate-account.service'; export class BaseAuthController { + @Inject(EventEmitter2) + private readonly eventEmitter: EventEmitter2; + constructor(protected readonly logger: LoggerService) {} /** @@ -66,7 +73,13 @@ export class BaseAuthController { logout( @Session() session: ExpressSession, @Res({ passthrough: true }) res: Response, + @Headers() headers: Record, ) { + const parsedCookie = cookie.parse(headers['cookie']); + const sessionCookie = encodeURIComponent( + String(parsedCookie[config.session.name] || ''), + ); + this.eventEmitter.emit('hook:user:logout', sessionCookie); res.clearCookie(config.session.name); session.destroy((error) => { diff --git a/api/src/websocket/websocket.gateway.ts b/api/src/websocket/websocket.gateway.ts index 10c7c628..0477d6ee 100644 --- a/api/src/websocket/websocket.gateway.ts +++ b/api/src/websocket/websocket.gateway.ts @@ -1,12 +1,12 @@ /* - * Copyright © 2024 Hexastack. All rights reserved. + * Copyright © 2025 Hexastack. All rights reserved. * * Licensed under the GNU Affero General Public License v3.0 (AGPLv3) with the following additional terms: * 1. The name "Hexabot" is a trademark of Hexastack. You may not use this name in derivative works without express written permission. * 2. All derivative works must include clear attribution to the original creator and software, Hexastack and Hexabot, in a prominent location (e.g., in the software's "About" section, documentation, and README file). */ -import { EventEmitter2 } from '@nestjs/event-emitter'; +import { EventEmitter2, OnEvent } from '@nestjs/event-emitter'; import { ConnectedSocket, MessageBody, @@ -258,6 +258,17 @@ export class WebsocketGateway this.eventEmitter.emit(`hook:websocket:connection`, client); } + @OnEvent('hook:user:logout') + disconnectSockets(sessionCookie: string) { + if (sessionCookie.length) { + for (const [socketId, socket] of this.io.sockets.sockets) { + if (socket.handshake.headers.cookie?.includes(sessionCookie)) { + this.io.sockets.sockets.get(socketId)?.disconnect(true); + } + } + } + } + async handleDisconnect(client: Socket): Promise { this.logger.log(`Client id:${client.id} disconnected`); // Configurable custom afterDisconnect logic here diff --git a/api/types/event-emitter.d.ts b/api/types/event-emitter.d.ts index a39d15cf..9af687ce 100644 --- a/api/types/event-emitter.d.ts +++ b/api/types/event-emitter.d.ts @@ -1,5 +1,5 @@ /* - * Copyright © 2024 Hexastack. All rights reserved. + * Copyright © 2025 Hexastack. All rights reserved. * * Licensed under the GNU Affero General Public License v3.0 (AGPLv3) with the following additional terms: * 1. The name "Hexabot" is a trademark of Hexastack. You may not use this name in derivative works without express written permission. @@ -162,7 +162,7 @@ declare module '@nestjs/event-emitter' { model: TDefinition; permission: TDefinition; role: TDefinition; - user: TDefinition; + user: TDefinition; } /* entities hooks having schemas */ From ee23ef1f3e47b3d888c0d116d14705aee6fae23a Mon Sep 17 00:00:00 2001 From: yassinedorbozgithub Date: Thu, 30 Jan 2025 16:51:59 +0100 Subject: [PATCH 2/2] fix(api): use sessionId instead of cookie to close sockets --- api/src/user/controllers/auth.controller.ts | 9 +-------- api/src/websocket/websocket.gateway.ts | 12 +++++------- api/types/event-emitter.d.ts | 3 ++- 3 files changed, 8 insertions(+), 16 deletions(-) diff --git a/api/src/user/controllers/auth.controller.ts b/api/src/user/controllers/auth.controller.ts index fc5e1341..d34f3e26 100644 --- a/api/src/user/controllers/auth.controller.ts +++ b/api/src/user/controllers/auth.controller.ts @@ -11,7 +11,6 @@ import { Body, Controller, Get, - Headers, Inject, InternalServerErrorException, Param, @@ -25,7 +24,6 @@ import { } from '@nestjs/common'; import { EventEmitter2 } from '@nestjs/event-emitter'; import { CsrfCheck, CsrfGen, CsrfGenAuth } from '@tekuconcept/nestjs-csrf'; -import cookie from 'cookie'; import { Request, Response } from 'express'; import { Session as ExpressSession } from 'express-session'; @@ -73,13 +71,8 @@ export class BaseAuthController { logout( @Session() session: ExpressSession, @Res({ passthrough: true }) res: Response, - @Headers() headers: Record, ) { - const parsedCookie = cookie.parse(headers['cookie']); - const sessionCookie = encodeURIComponent( - String(parsedCookie[config.session.name] || ''), - ); - this.eventEmitter.emit('hook:user:logout', sessionCookie); + this.eventEmitter.emit('hook:user:logout', session); res.clearCookie(config.session.name); session.destroy((error) => { diff --git a/api/src/websocket/websocket.gateway.ts b/api/src/websocket/websocket.gateway.ts index 0477d6ee..f6e1b0f6 100644 --- a/api/src/websocket/websocket.gateway.ts +++ b/api/src/websocket/websocket.gateway.ts @@ -20,7 +20,7 @@ import { import cookie from 'cookie'; import * as cookieParser from 'cookie-parser'; import signature from 'cookie-signature'; -import { SessionData } from 'express-session'; +import { Session as ExpressSession, SessionData } from 'express-session'; import { Server, Socket } from 'socket.io'; import { sync as uid } from 'uid-safe'; @@ -259,12 +259,10 @@ export class WebsocketGateway } @OnEvent('hook:user:logout') - disconnectSockets(sessionCookie: string) { - if (sessionCookie.length) { - for (const [socketId, socket] of this.io.sockets.sockets) { - if (socket.handshake.headers.cookie?.includes(sessionCookie)) { - this.io.sockets.sockets.get(socketId)?.disconnect(true); - } + disconnectSockets({ id }: ExpressSession) { + for (const [, socket] of this.io.sockets.sockets) { + if (socket.data['sessionID'] === id) { + socket.disconnect(true); } } } diff --git a/api/types/event-emitter.d.ts b/api/types/event-emitter.d.ts index 9af687ce..4678d45b 100644 --- a/api/types/event-emitter.d.ts +++ b/api/types/event-emitter.d.ts @@ -6,6 +6,7 @@ * 2. All derivative works must include clear attribution to the original creator and software, Hexastack and Hexabot, in a prominent location (e.g., in the software's "About" section, documentation, and README file). */ +import { type Session as ExpressSession } from 'express-session'; import type { Document, Query } from 'mongoose'; import { type Socket } from 'socket.io'; @@ -162,7 +163,7 @@ declare module '@nestjs/event-emitter' { model: TDefinition; permission: TDefinition; role: TDefinition; - user: TDefinition; + user: TDefinition; } /* entities hooks having schemas */