From ee23ef1f3e47b3d888c0d116d14705aee6fae23a Mon Sep 17 00:00:00 2001
From: yassinedorbozgithub <yassine.dorboz.2022@gmail.com>
Date: Thu, 30 Jan 2025 16:51:59 +0100
Subject: [PATCH] fix(api): use sessionId instead of cookie to close sockets

---
 api/src/user/controllers/auth.controller.ts |  9 +--------
 api/src/websocket/websocket.gateway.ts      | 12 +++++-------
 api/types/event-emitter.d.ts                |  3 ++-
 3 files changed, 8 insertions(+), 16 deletions(-)

diff --git a/api/src/user/controllers/auth.controller.ts b/api/src/user/controllers/auth.controller.ts
index fc5e1341..d34f3e26 100644
--- a/api/src/user/controllers/auth.controller.ts
+++ b/api/src/user/controllers/auth.controller.ts
@@ -11,7 +11,6 @@ import {
   Body,
   Controller,
   Get,
-  Headers,
   Inject,
   InternalServerErrorException,
   Param,
@@ -25,7 +24,6 @@ import {
 } from '@nestjs/common';
 import { EventEmitter2 } from '@nestjs/event-emitter';
 import { CsrfCheck, CsrfGen, CsrfGenAuth } from '@tekuconcept/nestjs-csrf';
-import cookie from 'cookie';
 import { Request, Response } from 'express';
 import { Session as ExpressSession } from 'express-session';
 
@@ -73,13 +71,8 @@ export class BaseAuthController {
   logout(
     @Session() session: ExpressSession,
     @Res({ passthrough: true }) res: Response,
-    @Headers() headers: Record<string, string>,
   ) {
-    const parsedCookie = cookie.parse(headers['cookie']);
-    const sessionCookie = encodeURIComponent(
-      String(parsedCookie[config.session.name] || ''),
-    );
-    this.eventEmitter.emit('hook:user:logout', sessionCookie);
+    this.eventEmitter.emit('hook:user:logout', session);
     res.clearCookie(config.session.name);
 
     session.destroy((error) => {
diff --git a/api/src/websocket/websocket.gateway.ts b/api/src/websocket/websocket.gateway.ts
index 0477d6ee..f6e1b0f6 100644
--- a/api/src/websocket/websocket.gateway.ts
+++ b/api/src/websocket/websocket.gateway.ts
@@ -20,7 +20,7 @@ import {
 import cookie from 'cookie';
 import * as cookieParser from 'cookie-parser';
 import signature from 'cookie-signature';
-import { SessionData } from 'express-session';
+import { Session as ExpressSession, SessionData } from 'express-session';
 import { Server, Socket } from 'socket.io';
 import { sync as uid } from 'uid-safe';
 
@@ -259,12 +259,10 @@ export class WebsocketGateway
   }
 
   @OnEvent('hook:user:logout')
-  disconnectSockets(sessionCookie: string) {
-    if (sessionCookie.length) {
-      for (const [socketId, socket] of this.io.sockets.sockets) {
-        if (socket.handshake.headers.cookie?.includes(sessionCookie)) {
-          this.io.sockets.sockets.get(socketId)?.disconnect(true);
-        }
+  disconnectSockets({ id }: ExpressSession) {
+    for (const [, socket] of this.io.sockets.sockets) {
+      if (socket.data['sessionID'] === id) {
+        socket.disconnect(true);
       }
     }
   }
diff --git a/api/types/event-emitter.d.ts b/api/types/event-emitter.d.ts
index 9af687ce..4678d45b 100644
--- a/api/types/event-emitter.d.ts
+++ b/api/types/event-emitter.d.ts
@@ -6,6 +6,7 @@
  * 2. All derivative works must include clear attribution to the original creator and software, Hexastack and Hexabot, in a prominent location (e.g., in the software's "About" section, documentation, and README file).
  */
 
+import { type Session as ExpressSession } from 'express-session';
 import type { Document, Query } from 'mongoose';
 import { type Socket } from 'socket.io';
 
@@ -162,7 +163,7 @@ declare module '@nestjs/event-emitter' {
     model: TDefinition<Model>;
     permission: TDefinition<Permission>;
     role: TDefinition<Role>;
-    user: TDefinition<User, { lastvisit: Subscriber; logout: string }>;
+    user: TDefinition<User, { lastvisit: Subscriber; logout: ExpressSession }>;
   }
 
   /* entities hooks having schemas */