fix: session revoke

Signed-off-by: Innei <i@innei.in>

apps/core/src/common/decorators/current-user.decorator.ts

@@ -12,6 +12,8 @@ export const CurrentUser = createParamDecorator(
 
 export const CurrentUserToken = createParamDecorator(
   (data: unknown, ctx: ExecutionContext) => {
-    return getNestExecutionContextRequest(ctx).token
+    const token = getNestExecutionContextRequest(ctx).token
+
+    return token ? token.replace(/[Bb]earer /, '') : ''
   },
 )

apps/core/src/modules/user/user.controller.ts

@@ -158,7 +158,7 @@ export class UserController {
 
   @Delete('/session/all')
   @Auth()
-  async deleteAllSession() {
-    return this.authService.jwtServicePublic.revokeAll()
+  async deleteAllSession(@CurrentUserToken() currentToken: string) {
+    return this.authService.jwtServicePublic.revokeAll([currentToken])
   }
 }

apps/core/src/processors/helper/helper.jwt.service.ts

@@ -92,10 +92,23 @@ export class JWTService {
     }
   }
 
-  async revokeAll() {
-    const redis = this.cacheService.getClient()
-    const key = getRedisKey(RedisKeys.JWTStore)
-    await redis.del(key)
+  async revokeAll(excludeTokens?: string[]) {
+    if (Array.isArray(excludeTokens) && excludeTokens.length > 0) {
+      const redis = this.cacheService.getClient()
+      const key = getRedisKey(RedisKeys.JWTStore)
+      const allMd5Tokens = await redis.hkeys(key)
+
+      const excludedMd5Tokens = excludeTokens.map((t) => md5(t))
+      for (const md5Token of allMd5Tokens) {
+        if (!excludedMd5Tokens.includes(md5Token)) {
+          await redis.hdel(key, md5Token)
+        }
+      }
+    } else {
+      const redis = this.cacheService.getClient()
+      const key = getRedisKey(RedisKeys.JWTStore)
+      await redis.del(key)
+    }
   }
 
   async storeTokenInRedis(token: string, info?: any) {