fase(25-26): keyboard shortcuts, mobile responsive, enterprise SSO/audit

- Phase 25.4: N shortcut for new exploration on dashboard (react-hotkeys-hook) - Phase 25.5: overflow-x-auto on tables, responsive padding (p-4 md:p-6) - Phase 26: SAML/OIDC/LDAP providers (build-fixed), TOTP/MFA service - Phase 26: KyselySSOConfigRepository + KyselyTOTPRepository - Phase 26: SSO HTTP controller (config CRUD + MFA setup/verify/disable) - Phase 26: Audit module index.ts + SSO module index.ts - Phase 26: Session management endpoints (findByUserId, deleteById, list/revoke) - Phase 26: SSO and audit routes feature-gated (auth:sso, audit:logs) - Phase 26: Frontend SSOSection (SAML/OIDC/LDAP config + TOTP setup) - Phase 26: Frontend SessionsSection (list/revoke active sessions) - Phase 26: Settings navigation updated with SSO & Sessions sections Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-08 13:38:25 -04:00
parent c3911bafe8
commit 08011d22d5
58 changed files with 2689 additions and 23 deletions
--- a/dist/modules/auth/infrastructure/http/AuthController.js
+++ b/dist/modules/auth/infrastructure/http/AuthController.js
@@ -166,5 +166,27 @@ function createAuthController(registerCommand, loginCommand, createOrgCommand, i
        await apiKeyRepository.delete(keyId);
        res.json({ success: true });
    });
+    // GET /api/auth/sessions — list active sessions (session management dashboard)
+    router.get('/sessions', authMiddleware, async (req, res) => {
+        const sessions = await sessionRepository.findByUserId(req.user.id);
+        res.json(sessions.map((s) => ({
+            id: s.id,
+            createdAt: new Date(s.createdAt).toISOString(),
+            expiresAt: new Date(s.expiresAt).toISOString(),
+        })));
+    });
+    // DELETE /api/auth/sessions/:id — revoke a specific session
+    router.delete('/sessions/:id', authMiddleware, async (req, res) => {
+        const sessionId = String(req.params['id']);
+        // Only allow revoking own sessions
+        const userSessions = await sessionRepository.findByUserId(req.user.id);
+        const owns = userSessions.some((s) => s.id === sessionId);
+        if (!owns) {
+            res.status(404).json({ error: 'Session not found' });
+            return;
+        }
+        await sessionRepository.deleteById(sessionId);
+        res.json({ success: true });
+    });
    return router;
 }
--- a/dist/modules/auth/infrastructure/repositories/KyselySessionRepository.js
+++ b/dist/modules/auth/infrastructure/repositories/KyselySessionRepository.js
@@ -33,9 +33,28 @@ class KyselySessionRepository {
            createdAt: new Date(row.created_at),
        };
    }
+    async findByUserId(userId) {
+        const rows = await this.db
+            .selectFrom('auth_sessions')
+            .selectAll()
+            .where('user_id', '=', userId)
+            .where('expires_at', '>', Date.now())
+            .orderBy('created_at', 'desc')
+            .execute();
+        return rows.map((row) => ({
+            id: row.id,
+            userId: row.user_id,
+            token: row.token,
+            expiresAt: new Date(row.expires_at),
+            createdAt: new Date(row.created_at),
+        }));
+    }
    async deleteByToken(token) {
        await this.db.deleteFrom('auth_sessions').where('token', '=', token).execute();
    }
+    async deleteById(id) {
+        await this.db.deleteFrom('auth_sessions').where('id', '=', id).execute();
+    }
    async deleteExpired() {
        await this.db
            .deleteFrom('auth_sessions')