Use latest login session as active device

2026-06-08 15:55:43 +08:00
parent fdd408d06b
commit 0f94010104
1 changed files with 20 additions and 20 deletions
@@ -6,7 +6,6 @@ const { getJwtSecret } = require("./securityConfig");

 const JWT_SECRET = getJwtSecret();
 const JWT_EXPIRES_IN = process.env.JWT_EXPIRES_IN || "7d";
-const MAX_CONCURRENT_SESSIONS = 2;

 const USER_CONTEXT_SELECT = `
  SELECT
@@ -170,25 +169,26 @@ function verifyToken(token) {

 async function startUserSession(userId, userAgent) {
  const sessionId = crypto.randomUUID();
-  await pool.query(
-    "INSERT INTO user_sessions (id, user_id, user_agent, created_at) VALUES ($1, $2, $3, NOW())",
-    [sessionId, userId, userAgent || null],
-  );
-  await pool.query(
-    `DELETE FROM user_sessions
-     WHERE user_id = $1
-       AND id NOT IN (
-         SELECT id FROM user_sessions
-         WHERE user_id = $1
-         ORDER BY created_at DESC
-         LIMIT $2
-       )`,
-    [userId, MAX_CONCURRENT_SESSIONS],
-  );
-  await pool.query(
-    "UPDATE users SET current_session_id = $1, current_session_started_at = NOW(), updated_at = NOW() WHERE id = $2",
-    [sessionId, userId],
-  );
+  const client = await pool.connect();
+  try {
+    await client.query("BEGIN");
+    await client.query("SELECT id FROM users WHERE id = $1 FOR UPDATE", [userId]);
+    await client.query("DELETE FROM user_sessions WHERE user_id = $1", [userId]);
+    await client.query(
+      "INSERT INTO user_sessions (id, user_id, user_agent, created_at) VALUES ($1, $2, $3, NOW())",
+      [sessionId, userId, userAgent || null],
+    );
+    await client.query(
+      "UPDATE users SET current_session_id = $1, current_session_started_at = NOW(), updated_at = NOW() WHERE id = $2",
+      [sessionId, userId],
+    );
+    await client.query("COMMIT");
+  } catch (error) {
+    await client.query("ROLLBACK");
+    throw error;
+  } finally {
+    client.release();
+  }
  return sessionId;
 }