fix(api): use sessionId instead of cookie to close sockets

2025-04-07 06:24:23 +00:00 · 2025-01-30 16:51:59 +01:00 · 2025-01-30 16:51:59 +01:00 · ee23ef1f3e
commit ee23ef1f3e
parent a92617db98
3 changed files with 8 additions and 16 deletions
--- a/api/src/user/controllers/auth.controller.ts
+++ b/api/src/user/controllers/auth.controller.ts
@ -11,7 +11,6 @@ import {
  Body,
  Controller,
  Get,
-  Headers,
  Inject,
  InternalServerErrorException,
  Param,
@ -25,7 +24,6 @@ import {
 } from '@nestjs/common';
 import { EventEmitter2 } from '@nestjs/event-emitter';
 import { CsrfCheck, CsrfGen, CsrfGenAuth } from '@tekuconcept/nestjs-csrf';
-import cookie from 'cookie';
 import { Request, Response } from 'express';
 import { Session as ExpressSession } from 'express-session';

@ -73,13 +71,8 @@ export class BaseAuthController {
  logout(
    @Session() session: ExpressSession,
    @Res({ passthrough: true }) res: Response,
-    @Headers() headers: Record<string, string>,
  ) {
-    const parsedCookie = cookie.parse(headers['cookie']);
-    const sessionCookie = encodeURIComponent(
-      String(parsedCookie[config.session.name] || ''),
-    );
-    this.eventEmitter.emit('hook:user:logout', sessionCookie);
+    this.eventEmitter.emit('hook:user:logout', session);
    res.clearCookie(config.session.name);

    session.destroy((error) => {
--- a/api/src/websocket/websocket.gateway.ts
+++ b/api/src/websocket/websocket.gateway.ts
@ -20,7 +20,7 @@ import {
 import cookie from 'cookie';
 import * as cookieParser from 'cookie-parser';
 import signature from 'cookie-signature';
-import { SessionData } from 'express-session';
+import { Session as ExpressSession, SessionData } from 'express-session';
 import { Server, Socket } from 'socket.io';
 import { sync as uid } from 'uid-safe';

@ -259,12 +259,10 @@ export class WebsocketGateway
  }

  @OnEvent('hook:user:logout')
-  disconnectSockets(sessionCookie: string) {
-    if (sessionCookie.length) {
-      for (const [socketId, socket] of this.io.sockets.sockets) {
-        if (socket.handshake.headers.cookie?.includes(sessionCookie)) {
-          this.io.sockets.sockets.get(socketId)?.disconnect(true);
-        }
+  disconnectSockets({ id }: ExpressSession) {
+    for (const [, socket] of this.io.sockets.sockets) {
+      if (socket.data['sessionID'] === id) {
+        socket.disconnect(true);
      }
    }
  }
--- a/api/types/event-emitter.d.ts
+++ b/api/types/event-emitter.d.ts
@ -6,6 +6,7 @@
 * 2. All derivative works must include clear attribution to the original creator and software, Hexastack and Hexabot, in a prominent location (e.g., in the software's "About" section, documentation, and README file).
 */

+import { type Session as ExpressSession } from 'express-session';
 import type { Document, Query } from 'mongoose';
 import { type Socket } from 'socket.io';

@ -162,7 +163,7 @@ declare module '@nestjs/event-emitter' {
    model: TDefinition<Model>;
    permission: TDefinition<Permission>;
    role: TDefinition<Role>;
-    user: TDefinition<User, { lastvisit: Subscriber; logout: string }>;
+    user: TDefinition<User, { lastvisit: Subscriber; logout: ExpressSession }>;
  }

  /* entities hooks having schemas */