From 3af4b44248c32a1871782e16128dcfca34c78580 Mon Sep 17 00:00:00 2001
From: Isaque Veras <46972789+isaqueveras@users.noreply.github.com>
Date: Tue, 10 Oct 2023 15:38:57 -0300
Subject: [PATCH] feat: open sessions per user (#142) (#143)

---
 app.json                                          |  3 ++-
 config/model.go                                   |  1 +
 .../persistencie/auth/postgres/session.go         | 15 +++++++++++++++
 3 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/app.json b/app.json
index 3ab0c5a..a59d4b7 100644
--- a/app.json
+++ b/app.json
@@ -21,7 +21,8 @@
     "access_log_directory": "/var/log/powersso/access.log",
     "error_log_directory": "/var/log/powersso/error.log",
     "permission_base": "github.com/isaqueveras/power-sso",
-    "access_control_allow_origin": "*"
+    "access_control_allow_origin": "*",
+    "open_sessions_per_user": 5
   },
   "database": {
     "host": "localhost",
diff --git a/config/model.go b/config/model.go
index eef1021..e955ed9 100644
--- a/config/model.go
+++ b/config/model.go
@@ -46,6 +46,7 @@ type ServerConfig struct {
 	ErrorLogDirectory        string        `json:"error_log_directory"`
 	PermissionBase           string        `json:"permission_base"`
 	AccessControlAllowOrigin string        `json:"access_control_allow_origin"`
+	OpenSessionsPerUser      int64         `json:"open_sessions_per_user"`
 	SSL                      bool          `json:"ssl"`
 	CSRF                     bool          `json:"srf"`
 	Debug                    bool          `json:"debug"`
diff --git a/infrastructure/persistencie/auth/postgres/session.go b/infrastructure/persistencie/auth/postgres/session.go
index 1bebe17..525635a 100644
--- a/infrastructure/persistencie/auth/postgres/session.go
+++ b/infrastructure/persistencie/auth/postgres/session.go
@@ -9,6 +9,7 @@ import (
 
 	"github.com/Masterminds/squirrel"
 	"github.com/google/uuid"
+	"github.com/isaqueveras/powersso/config"
 	"github.com/isaqueveras/powersso/database/postgres"
 	"github.com/isaqueveras/powersso/oops"
 )
@@ -29,6 +30,20 @@ func (pg *PGSession) Create(userID *uuid.UUID, clientIP, userAgent *string) (ses
 		return nil, oops.Err(err)
 	}
 
+	if _, err = pg.DB.Builder.
+		Update("sessions").
+		Set("deleted_at", squirrel.Expr("NOW()")).
+		Where(`id NOT IN (
+			SELECT id FROM sessions
+			WHERE user_id = ? AND deleted_at IS NULL
+			ORDER BY created_at DESC 
+			LIMIT ?
+		)`, userID, config.Get().Server.OpenSessionsPerUser).
+		Where("user_id = ?", userID).
+		Exec(); err != nil {
+		return nil, oops.Err(err)
+	}
+
 	if _, err = pg.DB.Builder.
 		Update("users").
 		Set("attempts", 0).