[FEAT] Create Endpoint to Store Session or User Cookies

[Heccubernny]

[FEAT] Integrate Session Management into Login Endpoint #197

Description

Implement backend functionality to support storing session or user cookies within the login endpoint, ensuring they are securely stored and applied correctly across the application.

Acceptance Criteria

Database Schema Update

• Update the database schema to include user session details (userId, sessionId, expiry).
• Ensure the schema can accommodate future additions.

API Endpoints Implementation

• Integrate session cookie storage into the login endpoint.
• Implement an endpoint to retrieve the user's current session details.

Session Management

• Validate inputs for userId and sessionId.
• Store session details securely in the database.
• Ensure session details are applied consistently across user sessions.

Security and Performance

• Implement proper authentication and authorization for updates to the user's session details.

Documentation

• Create comprehensive API documentation for all new endpoints.
• Include examples of request/response payloads in the documentation.

Purpose

Provide backend infrastructure to store and manage user session details, enabling a secure user experience.

Requirements

• Integrate session management into the login endpoint.
• Create an endpoint for retrieving user session details.
• Implement server-side validation for session inputs.
• Ensure session details are applied to all user-facing content.
• Write unit tests for endpoints and logic.
• Update API documentation to include new session-related endpoints.

Expected Outcome

Successfully store and apply user session details across the application, enabling personalized experiences, persistent login, and with accurate recall of user preferences, settings, and previous interactions.

Endpoints

Login and Store User Session

Description: Handle user login and store session details for a user.

POST /api/v1/auth/login

Content-Type: application/json

Request Body:

{
  "email": "wizkid@email.com",
  "password": "password123"
}

Response (Success):
On successful login, the API should return a 200 OK status code. The response body should contain a success message:

{
  "status": "success",
  "status_code": 200,
  "message": "Login successful",
  "data": {
    "userId": "user123",
    "sessionId": "session456",
    "expiry": "2024-12-31T23:59:59.000Z"
  }
}

Response (Error):
If there is an error logging the user in due to invalid login credentials, the API should return a 401 Unauthorized status code with an appropriate message:

{
  "status": "error",
  "message": "Invalid credentials",
  "statusCode": 401
}

If there is an error logging the user in (e.g., server down, network issues), the API should return a 500 Internal Server Error status code with an appropriate message:

{
  "status": "error",
  "message": "Internal server error",
  "statusCode": 500
}

Get User Session

Description: Get the current session details for a user.

GET /api/v1/session

Response (Success):
On success, the API should return a 200 OK status code. The response body should contain a success message:

{
  "status": "success",
  "status_code": 200,
  "data": {
    "userId": "user123",
    "sessionId": "session456",
    "expiry": "2024-12-31T23:59:59.000Z"
  }
}

Response (Error):
When the user does not have the necessary authorization to perform the requested action, the API should return a 401 Unauthorized status code with an appropriate message:

{
  "status": "error",
  "message": "You are not authorised for this action",
  "statusCode": 401
}

When the session ID is not found or has expired, the API should return a 401 Unauthorized status code with an appropriate message:

{
  "status": "error",
  "message": "Session not found or expired",
  "statusCode": 401
}

If there is an internal server error, the API should return a 500 Internal Server Error status code with an appropriate message:

{
  "status": "error",
  "message": "Internal server error",
  "statusCode": 500
}

Task Checklist

• Update the database schema to include user session details.
• Integrate session cookie storage into the login endpoint.
• Implement an endpoint to retrieve the user's current session details.
• Validate inputs for userId and sessionId.
• Store session details securely in the database.
• Ensure session details are applied consistently across user sessions.
• Implement proper authentication and authorization for updates to the user's session details.
• Create comprehensive API documentation for the endpoints, including examples of request and response payloads.
• Develop unit tests for the updated login endpoint and the new session retrieval endpoint.
• Implement integration tests to ensure session details are stored and retrieved correctly across the application.

Testing

• Develop unit tests for the login endpoint and the new session retrieval endpoint.
• Implement integration tests to ensure session details are stored and retrieved correctly across the application.

[markessien]

seems weird to store session cookies in an endpoint ither than login

[Heccubernny]

amendment made

[highb33kay]

@Heccubernny

"Successfully store and apply user session details across the different parts of the application."

Could you be a little more detailed?

[Heccubernny]

Okay

[Heccubernny]

@highb33kay done.

[phurhard]

@highb33kay please check this,

[highb33kay]

Like Mark mentioned why isnt this part of the login fuctionality?

Also this could be seesions management endpoint to Logout of logged in devices?