🏠 Overview 🧩 Components 🧩 SessionRepository

SessionRepository

Component Detail

Data Layer medium complexity backend
0
Dependencies
0
Dependents
2
Entities
0
Integrations

Description

Data access layer responsible for querying and mutating session and refresh token records in the database. Provides the persistence operations that SessionManagementService uses to list, invalidate, and clean up sessions. Also manages the storage and retrieval of support access grant records.

Feature: Session Management

session-repository

Sources & reasoning

Line 207 explicitly names admin-initiated session revocation as an auth module capability, and line 259 requires organizations to be able to revoke Global Admin support access immediately on demand. admin-security is always-on (line 241), fixing target release at MVP. Session Management is the admin surface that exposes the auth module's revocation capability; without it, the revocation requirement from line 259 cannot be fulfilled.

  • docs/source/likeperson.md · line 207
    Session revocation (sign-out, forced expiry, admin-initiated)
  • docs/source/likeperson.md · line 259
    Orgs can grant a Global Admin *time-bounded* support access via a flag in Organization Settings (e.g. "Allow Norse support access until {date}"); revoking the flag or hitting the expiry immediately removes access.

Responsibilities

  • Query active sessions by user ID with device, IP address, and last-activity fields
  • Mark sessions as terminated and flag their refresh token chains as invalidated
  • Bulk-terminate all sessions for a given user in a single transaction
  • Persist and retrieve Global Admin support access grant records with expiry timestamps
  • Delete or invalidate expired support access grants

Interfaces

findActiveSessionsByUser(userId: string): Promise<Session[]>
terminateSession(sessionId: string): Promise<void>
terminateAllSessionsByUser(userId: string): Promise<number>
invalidateRefreshTokenChain(sessionId: string): Promise<void>
saveSupportAccessGrant(grant: SupportAccessGrant): Promise<SupportAccessGrant>
findSupportAccessGrant(grantId: string): Promise<SupportAccessGrant | null>
revokeSupportAccessGrant(grantId: string): Promise<void>

Related Data Entities (2)

Data entities managed by this component

Organization 21 fields core Refresh Token 13 fields core