SessionRepository - Meander Platform - Likeperson App

Description

Manages persistent storage and retrieval of session records, including refresh token hashes and revocation state. It provides the query interface AuthService uses to validate and rotate tokens and to enforce per-user session limits.

Feature: Email & Password Login

session-repository

Sources & reasoning

Line 42 explicitly designates email/password as the MVP login method, with BankID/Vipps deferred to Fase 2. Line 319 repeats this in the Fase 1 MVP scope list. This is the entry-point authentication mechanism that unblocks all other features at launch, mapping to MVP by ordinal phase position.

docs/source/likeperson.md · line 42

**MVP leveres med e-post/passord-innlogging; BankID og Vipps ruller ut i Fase 2**
docs/source/likeperson.md · line 319

E-post/passord innlogging (BankID/Vipps i fase 2)

Responsibilities

Persist session records linking user IDs to hashed refresh tokens and expiry timestamps
Query sessions by refresh token hash for validation and rotation
Mark sessions as revoked on logout or admin action
Delete expired or revoked sessions to prevent unbounded table growth
List active sessions per user for admin session-management views

Interfaces

createSession(userId: string, tokenHash: string, expiresAt: Date): Promise<Session>

findByTokenHash(tokenHash: string): Promise<Session | null>

revokeSession(sessionId: string): Promise<void>

revokeAllByUserId(userId: string): Promise<void>

deleteExpired(): Promise<number>

Related Data Entities (1)

Data entities managed by this component

Auth Session 17 fields core