2026-06-08 10:31:29 +00:00
1 changed files with 20 additions and 20 deletions
@@ -6,7 +6,6 @@ const { getJwtSecret } = require("./securityConfig");
 const JWT_SECRET = getJwtSecret();
 const JWT_EXPIRES_IN = process.env.JWT_EXPIRES_IN || "7d";
 const MAX_CONCURRENT_SESSIONS = 2;
 const USER_CONTEXT_SELECT = `
  SELECT
@@ -170,25 +169,26 @@ function verifyToken(token) {
 async function startUserSession(userId, userAgent) {
  const sessionId = crypto.randomUUID();
-  await pool.query(
+  const client = await pool.connect();
-    "INSERT INTO user_sessions (id, user_id, user_agent, created_at) VALUES ($1, $2, $3, NOW())",
+  try {
-    [sessionId, userId, userAgent || null],
+    await client.query("BEGIN");
-  );
+    await client.query("SELECT id FROM users WHERE id = $1 FOR UPDATE", [userId]);
-  await pool.query(
+    await client.query("DELETE FROM user_sessions WHERE user_id = $1", [userId]);
-    `DELETE FROM user_sessions
+    await client.query(
-     WHERE user_id = $1
+      "INSERT INTO user_sessions (id, user_id, user_agent, created_at) VALUES ($1, $2, $3, NOW())",
-       AND id NOT IN (
+      [sessionId, userId, userAgent || null],
-         SELECT id FROM user_sessions
+    );
-         WHERE user_id = $1
+    await client.query(
-         ORDER BY created_at DESC
+      "UPDATE users SET current_session_id = $1, current_session_started_at = NOW(), updated_at = NOW() WHERE id = $2",
-         LIMIT $2
+      [sessionId, userId],
-       )`,
+    );
-    [userId, MAX_CONCURRENT_SESSIONS],
+    await client.query("COMMIT");
-  );
+  } catch (error) {
-  await pool.query(
+    await client.query("ROLLBACK");
-    "UPDATE users SET current_session_id = $1, current_session_started_at = NOW(), updated_at = NOW() WHERE id = $2",
+    throw error;
-    [sessionId, userId],
+  } finally {
-  );
+    client.release();
  }
  return sessionId;
 }