implement deleting sessions

controllers/forms.js

@@ -30,7 +30,7 @@ const express  = require('express')
 		resignController, deleteAccountController, loginController, registerController, changePasswordController,
 		deleteAccountsController, editAccountController, globalSettingsController, createBoardController, makePostController,
 		addStaffController, deleteStaffController, editStaffController, editCustomPageController, editPostController,
-		editRoleController, newCaptcha, blockBypass, logout } = require(__dirname+'/forms/index.js');
+		editRoleController, newCaptcha, blockBypass, logout, deleteSessionsController } = require(__dirname+'/forms/index.js');
 
 
 //make new post
@@ -119,6 +119,7 @@ router.post('/register', geoAndTor, torPreBypassCheck, processIp, useSession, se
 router.post('/changepassword', geoAndTor, torPreBypassCheck, processIp, useSession, sessionRefresh, verifyCaptcha, changePasswordController.paramConverter, changePasswordController.controller);
 router.post('/resign', useSession, sessionRefresh, csrf, calcPerms, isLoggedIn, resignController.paramConverter, resignController.controller);
 router.post('/deleteaccount', useSession, sessionRefresh, csrf, calcPerms, isLoggedIn, deleteAccountController.controller);
+router.post('/deletesessions', useSession, sessionRefresh, csrf, calcPerms, isLoggedIn, deleteSessionsController.paramConverter, deleteSessionsController.controller);
 
 //removes captcha cookie, for refreshing for noscript users
 router.post('/newcaptcha', newCaptcha);

controllers/forms/deletesessions.js

@@ -0,0 +1,49 @@
+'use strict';
+
+const deleteSessions = require(__dirname+'/../../models/forms/deletesessions.js')
+	, dynamicResponse = require(__dirname+'/../../helpers/dynamic.js')
+	, paramConverter = require(__dirname+'/../../helpers/paramconverter.js')
+	, { checkSchema, lengthBody, numberBody, minmaxBody, numberBodyVariable,
+		inArrayBody, arrayInBody, existsBody } = require(__dirname+'/../../helpers/schema.js');
+
+module.exports = {
+
+	paramConverter: paramConverter({
+		allowedArrays: ['checkedsessionids'],
+	}),
+
+	controller: async (req, res, next) => {
+
+		const username = res.locals.user.username;
+
+		const errors = await checkSchema([
+			{ result: lengthBody(req.body.checkedsessionids, 1), expected: false, blocking: true, error: 'Must select at least one session to delete' },
+			{ result: () => {
+				//return if any input "session ids" dont start with sess: or dont end with :username
+				return req.body.checkedsessionids.some(sid => !sid.startsWith('sess:') || !sid.endsWith(`:${username}`));
+			}, expected: false, error: 'Invalid checked sessions' },
+		]);
+
+		if (errors.length > 0) {
+			return dynamicResponse(req, res, 400, 'message', {
+				'title': 'Bad request',
+				'errors': errors,
+				'redirect': '/sessions.html',
+			});
+		}
+
+		try {
+			await deleteSessions(req.body.checkedsessionids);
+		} catch (err) {
+			return next(err);
+		}
+
+		return dynamicResponse(req, res, 200, 'message', {
+			'title': 'Success',
+			'message': 'Sessions deleted',
+			'redirect': '/sessions.html', //if deleting all, will get redirected back to login anyway
+		});
+
+	}
+
+}

controllers/forms/index.js

@@ -27,6 +27,7 @@ module.exports = {
 	loginController: require(__dirname+'/login.js'),
 	registerController: require(__dirname+'/register.js'),
 	changePasswordController: require(__dirname+'/changepassword.js'),
+	deleteSessionsController: require(__dirname+'/deletesessions.js'),
 	deleteAccountsController: require(__dirname+'/deleteaccounts.js'),
 	globalSettingsController: require(__dirname+'/globalsettings.js'),
 	createBoardController: require(__dirname+'/create.js'),

models/forms/deletesessions.js

@@ -0,0 +1,9 @@
+'use strict';
+
+const redis = require(__dirname+'/../../redis.js');
+
+module.exports = async (sessionIds) => {
+
+	await redis.del(sessionIds);
+
+}