feat: support user session management (#1157)

Reviewed-by: @ben-pr-p 
Reviewed-by: @ajohn25 
Reviewed-by: @hiemanshu

Author: bchrobot

__test__/lib/session.ts

@@ -21,7 +21,7 @@ export const createSession = async (options: CreateSessionOptions) => {
     .post("/login-callback")
     .send({ authType: "login", email, password })
     .then((res) => {
-      const setCookies: string[] = res.headers["set-cookie"];
+      const setCookies: string[] = res.headers["set-cookie"] ?? [];
       const cookies = setCookies.reduce<Record<string, string>>(
         (acc, cookie) => {
           const [cookieName, cookieValue] = cookie.split(";")[0].split("=");

migrations/20220426234444_support-suspending-users.js

@@ -0,0 +1,23 @@
+// Ref: https://github.com/voxpelli/node-connect-pg-simple/blob/main/table.sql
+
+exports.up = function up(knex) {
+  return knex.schema.raw(`
+    alter table public.user add column is_suspended boolean not null default false;
+
+    create table user_session (
+      sid text primary key,
+      sess json not null,
+      expire timestamptz not null,
+      user_id integer generated always as ((sess->'passport'->>'user')::integer) stored
+    );
+
+    create index on user_session (expire);
+  `);
+};
+
+exports.down = function down(knex) {
+  return knex.schema.raw(`
+    drop table user_session;
+    alter table public.user drop column is_suspended;
+  `);
+};

package.json

@@ -96,7 +96,7 @@
     "camelcase-keys": "^4.1.0",
     "chart.js": "^2.9.4",
     "connect-datadog-graphql": "^0.0.11",
-    "cookie-session": "^1.4.0",
+    "connect-pg-simple": "^7.0.0",
     "css-loader": "^5.0.1",
     "dataloader": "^1.2.0",
     "dotenv": "^8.0.0",
@@ -106,6 +106,7 @@
     "express": "^4.17.3",
     "express-basic-auth": "^1.2.1",
     "express-rate-limit": "^6.3.0",
+    "express-session": "^1.17.2",
     "express-winston": "^4.2.0",
     "fakeredis": "^2.0.0",
     "fast-csv": "^4.3.1",
@@ -198,6 +199,7 @@
     "@rewired/commitlint-circle": "^3.1.0",
     "@types/aphrodite": "^2.0.0",
     "@types/chart.js": "^2.9.32",
+    "@types/connect-pg-simple": "^7.0.0",
     "@types/draft-js": "^0.10.45",
     "@types/express-rate-limit": "^6.0.0",
     "@types/faker": "^5.1.5",
@@ -210,15 +212,15 @@
     "@types/node-cron": "^2.0.3",
     "@types/nodemailer": "^6.4.0",
     "@types/passport": "^1.0.4",
-    "@types/pg": "^7.14.3",
+    "@types/pg": "^8.6.5",
     "@types/promise-retry": "^1.1.3",
     "@types/react": "^16.14.0",
     "@types/react-dom": "^16.9.11",
     "@types/react-router": "^5.1.5",
     "@types/react-router-dom": "^5.1.7",
     "@types/react-select": "^2.0.0",
     "@types/recompose": "^0.30.7",
-    "@types/redis": "^2.8.28",
+    "@types/redis": "^2.8.32",
     "@types/superagent": "^4.1.7",
     "@types/supertest": "^2.0.11",
     "@types/webpack": "^5.28.0",

schema-dump.sql

@@ -3037,7 +3037,8 @@ CREATE TABLE public."user" (
     assigned_cell text,
     is_superadmin boolean,
     terms boolean DEFAULT false,
-    updated_at timestamp with time zone DEFAULT CURRENT_TIMESTAMP
+    updated_at timestamp with time zone DEFAULT CURRENT_TIMESTAMP,
+    is_suspended boolean DEFAULT false NOT NULL
 );
 
 
@@ -3142,6 +3143,20 @@ ALTER TABLE public.user_organization_id_seq OWNER TO postgres;
 ALTER SEQUENCE public.user_organization_id_seq OWNED BY public.user_organization.id;
 
 
+--
+-- Name: user_session; Type: TABLE; Schema: public; Owner: postgres
+--
+
+CREATE TABLE public.user_session (
+    sid text NOT NULL,
+    sess json NOT NULL,
+    expire timestamp with time zone NOT NULL,
+    user_id integer GENERATED ALWAYS AS ((((sess -> 'passport'::text) ->> 'user'::text))::integer) STORED
+);
+
+
+ALTER TABLE public.user_session OWNER TO postgres;
+
 --
 -- Name: user_team; Type: TABLE; Schema: public; Owner: postgres
 --
@@ -3950,6 +3965,14 @@ ALTER TABLE ONLY public."user"
     ADD CONSTRAINT user_pkey PRIMARY KEY (id);
 
 
+--
+-- Name: user_session user_session_pkey; Type: CONSTRAINT; Schema: public; Owner: postgres
+--
+
+ALTER TABLE ONLY public.user_session
+    ADD CONSTRAINT user_session_pkey PRIMARY KEY (sid);
+
+
 --
 -- Name: user_team user_team_pkey; Type: CONSTRAINT; Schema: public; Owner: postgres
 --
@@ -4464,6 +4487,13 @@ CREATE INDEX user_organization_organization_id_user_id_index ON public.user_orga
 CREATE INDEX user_organization_user_id_index ON public.user_organization USING btree (user_id);
 
 
+--
+-- Name: user_session_expire_idx; Type: INDEX; Schema: public; Owner: postgres
+--
+
+CREATE INDEX user_session_expire_idx ON public.user_session USING btree (expire);
+
+
 --
 -- Name: assignment_request _500_assignment_request_updated_at; Type: TRIGGER; Schema: public; Owner: postgres
 --

src/api/schema.ts

@@ -254,6 +254,8 @@ const rootSchema = `
     editUser(organizationId: String!, userId: String!, userData:UserInput): User
     resetUserPassword(organizationId: String!, userId: String!): String!
     changeUserPassword(userId: String!, formData: UserPasswordChange): User
+    setUserSuspended(userId: String!, isSuspended: Boolean!): User!
+    clearUserSessions(userId: String!): User!
     updateTextingHours( organizationId: String!, textingHoursStart: Int!, textingHoursEnd: Int!): Organization
     updateTextingHoursEnforcement( organizationId: String!, textingHoursEnforced: Boolean!): Organization
     updateTextRequestFormSettings(organizationId: String!, textRequestFormEnabled: Boolean!, textRequestType: String!, textRequestMaxCount: Int!): Organization

src/api/user.ts

@@ -25,6 +25,7 @@ export interface User {
   assignment: Assignment;
   terms: boolean;
   isSuperadmin: boolean;
+  isSuspended: boolean;
 }
 
 export const schema = `
@@ -45,6 +46,7 @@ export const schema = `
     assignment(campaignId: String): Assignment,
     terms: Boolean
     isSuperadmin: Boolean!
+    isSuspended: Boolean!
   }
   
   type UsersList {

src/containers/AdminPeople/AdminPeople.tsx

@@ -99,6 +99,22 @@ export interface AdminPeopleMutations {
       resetUserPassword: string;
     }>
   >;
+  setUserSuspended: (
+    userId: string,
+    isSuspended: boolean
+  ) => Promise<
+    ApolloQueryResult<{
+      id: string;
+      isSuspended: boolean;
+    }>
+  >;
+  clearUserSessions: (
+    userId: string
+  ) => Promise<
+    ApolloQueryResult<{
+      id: string;
+    }>
+  >;
   removeUsers: () => Promise<
     ApolloQueryResult<{
       purgeOrganizationUsers: number;
@@ -321,6 +337,14 @@ class AdminPeople extends React.Component<
     }
   };
 
+  handleSetSuspended = async (userId: string, isSuspended: boolean) => {
+    await this.props.mutations.setUserSuspended(userId, isSuspended);
+  };
+
+  handleClearSessions = async (userId: string) => {
+    await this.props.mutations.clearUserSessions(userId);
+  };
+
   ctx(): AdminPeopleContext {
     const { campaignId } = queryString.parse(this.props.location.search);
     return {
@@ -353,6 +377,9 @@ class AdminPeople extends React.Component<
       editAutoApprove: (autoApprove, userId) =>
         this.handleEditAutoApprove(autoApprove, userId),
       resetUserPassword: (userId) => this.handleResetPassword(userId),
+      setSuspended: (userId, isSuspended) =>
+        this.handleSetSuspended(userId, isSuspended),
+      clearSessions: (userId) => this.handleClearSessions(userId),
       error: (message) => this.setState({ error: { message, seen: false } })
     };
   }
@@ -557,6 +584,36 @@ const mutations: MutationMap<AdminPeopleExtendedProps> = {
       }
     };
   },
+  setUserSuspended: (_ownProps) => (userId: string, isSuspended: boolean) => {
+    return {
+      mutation: gql`
+        mutation SetUserSuspended($userId: String!, $isSuspended: Boolean!) {
+          setUserSuspended(userId: $userId, isSuspended: $isSuspended) {
+            id
+            isSuspended
+          }
+        }
+      `,
+      variables: {
+        userId,
+        isSuspended
+      }
+    };
+  },
+  clearUserSessions: (_ownProps) => (userId: string) => {
+    return {
+      mutation: gql`
+        mutation ClearUserSessions($userId: String!) {
+          clearUserSessions(userId: $userId) {
+            id
+          }
+        }
+      `,
+      variables: {
+        userId
+      }
+    };
+  },
   removeUsers: (ownProps) => () => {
     return {
       mutation: gql`