From 51a408611be2b2297234d05b05bf538d30ade29d Mon Sep 17 00:00:00 2001
From: Max Peintner <max@caos.ch>
Date: Tue, 6 Jun 2023 17:11:49 +0200
Subject: [PATCH 1/3] delete account api

---
 apps/login/app/(login)/accounts/page.tsx | 64 +++------------
 apps/login/app/session/route.ts          | 45 ++++++++++-
 apps/login/lib/zitadel.ts                | 10 +++
 apps/login/ui/SessionItem.tsx            | 99 ++++++++++++++++++++++++
 apps/login/utils/cookies.ts              | 18 +++++
 packages/zitadel-server/src/index.ts     |  1 +
 6 files changed, 182 insertions(+), 55 deletions(-)
 create mode 100644 apps/login/ui/SessionItem.tsx

diff --git a/apps/login/app/(login)/accounts/page.tsx b/apps/login/app/(login)/accounts/page.tsx
index b280580ce8c..645f6392ca8 100644
--- a/apps/login/app/(login)/accounts/page.tsx
+++ b/apps/login/app/(login)/accounts/page.tsx
@@ -1,11 +1,10 @@
-import { Session } from "#/../../packages/zitadel-server/dist";
+import { Session } from "@zitadel/server";
 import { listSessions, server } from "#/lib/zitadel";
 import Alert from "#/ui/Alert";
-import { Avatar } from "#/ui/Avatar";
 import { getAllSessionIds } from "#/utils/cookies";
-import { UserPlusIcon, XCircleIcon } from "@heroicons/react/24/outline";
-import moment from "moment";
+import { UserPlusIcon } from "@heroicons/react/24/outline";
 import Link from "next/link";
+import SessionItem from "#/ui/SessionItem";
 
 async function loadSessions(): Promise<Session[]> {
   const ids = await getAllSessionIds();
@@ -23,7 +22,7 @@ async function loadSessions(): Promise<Session[]> {
 }
 
 export default async function Page() {
-  const sessions = await loadSessions();
+  let sessions = await loadSessions();
 
   return (
     <div className="flex flex-col items-center space-y-4">
@@ -35,56 +34,15 @@ export default async function Page() {
           sessions
             .filter((session) => session?.factors?.user?.loginName)
             .map((session, index) => {
-              const validPassword = session?.factors?.password?.verifiedAt;
               return (
-                <Link
+                <SessionItem
+                  session={session}
+                  reload={async () => {
+                    "use server";
+                    sessions = sessions.filter((s) => s.id !== session.id);
+                  }}
                   key={"session-" + index}
-                  href={
-                    validPassword
-                      ? `/signedin?` +
-                        new URLSearchParams({
-                          loginName: session.factors?.user?.loginName as string,
-                        })
-                      : `/password?` +
-                        new URLSearchParams({
-                          loginName: session.factors?.user?.loginName as string,
-                        })
-                  }
-                  className="group flex flex-row items-center bg-background-light-400 dark:bg-background-dark-400  border border-divider-light hover:shadow-lg dark:hover:bg-white/10 py-2 px-4 rounded-md transition-all"
-                >
-                  <div className="pr-4">
-                    <Avatar
-                      size="small"
-                      loginName={session.factors?.user?.loginName as string}
-                      name={session.factors?.user?.displayName ?? ""}
-                    />
-                  </div>
-
-                  <div className="flex flex-col">
-                    <span className="">
-                      {session.factors?.user?.displayName}
-                    </span>
-                    <span className="text-xs opacity-80">
-                      {session.factors?.user?.loginName}
-                    </span>
-                    {validPassword && (
-                      <span className="text-xs opacity-80">
-                        {moment(new Date(validPassword)).fromNow()}
-                      </span>
-                    )}
-                  </div>
-
-                  <span className="flex-grow"></span>
-                  <div className="relative flex flex-row items-center">
-                    {validPassword ? (
-                      <div className="absolute h-2 w-2 bg-green-500 rounded-full mx-2 transform right-0 group-hover:right-6 transition-all"></div>
-                    ) : (
-                      <div className="absolute h-2 w-2 bg-red-500 rounded-full mx-2 transform right-0 group-hover:right-6 transition-all"></div>
-                    )}
-
-                    <XCircleIcon className="hidden group-hover:block h-5 w-5 transition-all opacity-50 hover:opacity-100" />
-                  </div>
-                </Link>
+                />
               );
             })
         ) : (
diff --git a/apps/login/app/session/route.ts b/apps/login/app/session/route.ts
index 142f5bf51f2..0d4da683874 100644
--- a/apps/login/app/session/route.ts
+++ b/apps/login/app/session/route.ts
@@ -1,8 +1,16 @@
-import { createSession, getSession, server, setSession } from "#/lib/zitadel";
+import {
+  createSession,
+  getSession,
+  server,
+  setSession,
+  deleteSession,
+} from "#/lib/zitadel";
 import {
   SessionCookie,
   addSessionToCookie,
   getMostRecentSessionCookie,
+  getSessionCookieById,
+  removeSessionFromCookie,
   updateSessionCookie,
 } from "#/utils/cookies";
 import { NextRequest, NextResponse } from "next/server";
@@ -115,10 +123,43 @@ export async function PUT(request: NextRequest) {
         }
       })
       .catch((error) => {
-        console.error("erasd", error);
         return NextResponse.json(error, { status: 500 });
       });
   } else {
     return NextResponse.error();
   }
 }
+
+/**
+ *
+ * @param request id of the session to be deleted
+ */
+export async function DELETE(request: NextRequest) {
+  const { searchParams } = new URL(request.url);
+  const id = searchParams.get("id");
+  if (id) {
+    const session = await getSessionCookieById(id);
+
+    return deleteSession(server, session.id, session.token)
+      .then(() => {
+        return removeSessionFromCookie(session)
+          .then(() => {
+            return NextResponse.json({ factors: session.factors });
+          })
+          .catch((error) => {
+            return NextResponse.json(
+              { details: "could not set cookie" },
+              { status: 500 }
+            );
+          });
+      })
+      .catch((error) => {
+        return NextResponse.json(
+          { details: "could not delete session" },
+          { status: 500 }
+        );
+      });
+  } else {
+    return NextResponse.error();
+  }
+}
diff --git a/apps/login/lib/zitadel.ts b/apps/login/lib/zitadel.ts
index 4d514d1758e..b44b4793420 100644
--- a/apps/login/lib/zitadel.ts
+++ b/apps/login/lib/zitadel.ts
@@ -19,6 +19,7 @@ import {
   GetSessionResponse,
   VerifyEmailResponse,
   SetSessionResponse,
+  DeleteSessionResponse,
 } from "@zitadel/server";
 
 export const zitadelConfig: ZitadelServerOptions = {
@@ -103,6 +104,15 @@ export function getSession(
   return sessionService.getSession({ sessionId, sessionToken }, {});
 }
 
+export function deleteSession(
+  server: ZitadelServer,
+  sessionId: string,
+  sessionToken: string
+): Promise<DeleteSessionResponse | undefined> {
+  const sessionService = session.getSession(server);
+  return sessionService.deleteSession({ sessionId, sessionToken }, {});
+}
+
 export function listSessions(
   server: ZitadelServer,
   ids: string[]
diff --git a/apps/login/ui/SessionItem.tsx b/apps/login/ui/SessionItem.tsx
new file mode 100644
index 00000000000..f87713459b7
--- /dev/null
+++ b/apps/login/ui/SessionItem.tsx
@@ -0,0 +1,99 @@
+"use client";
+import { Session } from "@zitadel/server";
+import Link from "next/link";
+import { useState } from "react";
+import { Avatar } from "./Avatar";
+import moment from "moment";
+import { XCircleIcon } from "@heroicons/react/24/outline";
+
+export default function SessionItem({
+  session,
+  reload,
+}: {
+  session: Session;
+  reload: () => void;
+}) {
+  const [loading, setLoading] = useState<boolean>(false);
+
+  async function clearSession(id: string) {
+    setLoading(true);
+    const res = await fetch("/session?" + new URLSearchParams({ id }), {
+      method: "DELETE",
+      headers: {
+        "Content-Type": "application/json",
+      },
+      body: JSON.stringify({
+        id: id,
+      }),
+    });
+
+    const response = await res.json();
+
+    if (!res.ok) {
+      setLoading(false);
+      //   setError(response.details);
+      return Promise.reject(response);
+    } else {
+      setLoading(false);
+      return response;
+    }
+  }
+
+  const validPassword = session?.factors?.password?.verifiedAt;
+
+  return (
+    <Link
+      href={
+        validPassword
+          ? `/signedin?` +
+            new URLSearchParams({
+              loginName: session.factors?.user?.loginName as string,
+            })
+          : `/password?` +
+            new URLSearchParams({
+              loginName: session.factors?.user?.loginName as string,
+            })
+      }
+      className="group flex flex-row items-center bg-background-light-400 dark:bg-background-dark-400  border border-divider-light hover:shadow-lg dark:hover:bg-white/10 py-2 px-4 rounded-md transition-all"
+    >
+      <div className="pr-4">
+        <Avatar
+          size="small"
+          loginName={session.factors?.user?.loginName as string}
+          name={session.factors?.user?.displayName ?? ""}
+        />
+      </div>
+
+      <div className="flex flex-col">
+        <span className="">{session.factors?.user?.displayName}</span>
+        <span className="text-xs opacity-80">
+          {session.factors?.user?.loginName}
+        </span>
+        {validPassword && (
+          <span className="text-xs opacity-80">
+            {moment(new Date(validPassword)).fromNow()}
+          </span>
+        )}
+      </div>
+
+      <span className="flex-grow"></span>
+      <div className="relative flex flex-row items-center">
+        {validPassword ? (
+          <div className="absolute h-2 w-2 bg-green-500 rounded-full mx-2 transform right-0 group-hover:right-6 transition-all"></div>
+        ) : (
+          <div className="absolute h-2 w-2 bg-red-500 rounded-full mx-2 transform right-0 group-hover:right-6 transition-all"></div>
+        )}
+
+        <XCircleIcon
+          className="hidden group-hover:block h-5 w-5 transition-all opacity-50 hover:opacity-100"
+          onClick={(event) => {
+            event.preventDefault();
+            clearSession(session.id).then(() => {
+              reload();
+            });
+          }}
+        />
+      </div>
+    </Link>
+  );
+}
diff --git a/apps/login/utils/cookies.ts b/apps/login/utils/cookies.ts
index 3158e27ab8e..78f00a9bfc1 100644
--- a/apps/login/utils/cookies.ts
+++ b/apps/login/utils/cookies.ts
@@ -92,6 +92,24 @@ export async function getMostRecentSessionCookie(): Promise<any> {
   }
 }
 
+export async function getSessionCookieById(id: string): Promise<any> {
+  const cookiesList = cookies();
+  const stringifiedCookie = cookiesList.get("sessions");
+
+  if (stringifiedCookie?.value) {
+    const sessions: SessionCookie[] = JSON.parse(stringifiedCookie?.value);
+
+    const found = sessions.find((s) => s.id === id);
+    if (found) {
+      return found;
+    } else {
+      return Promise.reject();
+    }
+  } else {
+    return Promise.reject();
+  }
+}
+
 export async function getAllSessionIds(): Promise<any> {
   const cookiesList = cookies();
   const stringifiedCookie = cookiesList.get("sessions");
diff --git a/packages/zitadel-server/src/index.ts b/packages/zitadel-server/src/index.ts
index bc8b26f2835..98fbdd84cb8 100644
--- a/packages/zitadel-server/src/index.ts
+++ b/packages/zitadel-server/src/index.ts
@@ -17,6 +17,7 @@ export {
   GetSessionResponse,
   CreateSessionResponse,
   SetSessionResponse,
+  DeleteSessionResponse,
 } from "./proto/server/zitadel/session/v2alpha/session_service";
 export {
   GetPasswordComplexitySettingsResponse,

From 1b28d50278495193d4926320841e99b5986b348b Mon Sep 17 00:00:00 2001
From: Max Peintner <max@caos.ch>
Date: Tue, 6 Jun 2023 17:19:30 +0200
Subject: [PATCH 2/3] clear session from the list, once removed

---
 apps/login/app/(login)/accounts/page.tsx | 22 ++-------------
 apps/login/ui/SessionsList.tsx           | 34 ++++++++++++++++++++++++
 2 files changed, 36 insertions(+), 20 deletions(-)
 create mode 100644 apps/login/ui/SessionsList.tsx

diff --git a/apps/login/app/(login)/accounts/page.tsx b/apps/login/app/(login)/accounts/page.tsx
index 645f6392ca8..b3b0631e162 100644
--- a/apps/login/app/(login)/accounts/page.tsx
+++ b/apps/login/app/(login)/accounts/page.tsx
@@ -1,10 +1,9 @@
 import { Session } from "@zitadel/server";
 import { listSessions, server } from "#/lib/zitadel";
-import Alert from "#/ui/Alert";
 import { getAllSessionIds } from "#/utils/cookies";
 import { UserPlusIcon } from "@heroicons/react/24/outline";
 import Link from "next/link";
-import SessionItem from "#/ui/SessionItem";
+import SessionsList from "#/ui/SessionsList";
 
 async function loadSessions(): Promise<Session[]> {
   const ids = await getAllSessionIds();
@@ -30,24 +29,7 @@ export default async function Page() {
       <p className="ztdl-p mb-6 block">Use your ZITADEL Account</p>
 
       <div className="flex flex-col w-full space-y-2">
-        {sessions ? (
-          sessions
-            .filter((session) => session?.factors?.user?.loginName)
-            .map((session, index) => {
-              return (
-                <SessionItem
-                  session={session}
-                  reload={async () => {
-                    "use server";
-                    sessions = sessions.filter((s) => s.id !== session.id);
-                  }}
-                  key={"session-" + index}
-                />
-              );
-            })
-        ) : (
-          <Alert>No Sessions available!</Alert>
-        )}
+        <SessionsList sessions={sessions} />
         <Link href="/username">
           <div className="flex flex-row items-center py-3 px-4 hover:bg-black/10 dark:hover:bg-white/10 rounded-md transition-all">
             <div className="w-8 h-8 mr-4 flex flex-row justify-center items-center rounded-full bg-black/5 dark:bg-white/5">
diff --git a/apps/login/ui/SessionsList.tsx b/apps/login/ui/SessionsList.tsx
new file mode 100644
index 00000000000..faf497b4b57
--- /dev/null
+++ b/apps/login/ui/SessionsList.tsx
@@ -0,0 +1,34 @@
+"use client";
+
+import { Session } from "@zitadel/server";
+import SessionItem from "./SessionItem";
+import Alert from "./Alert";
+import { useEffect, useState } from "react";
+
+type Props = {
+  sessions: Session[];
+};
+
+export default function SessionsList({ sessions }: Props) {
+  const [list, setList] = useState<Session[]>(sessions);
+
+  return sessions ? (
+    <div className="flex flex-col">
+      {list
+        .filter((session) => session?.factors?.user?.loginName)
+        .map((session, index) => {
+          return (
+            <SessionItem
+              session={session}
+              reload={() => {
+                setList(list.filter((s) => s.id !== session.id));
+              }}
+              key={"session-" + index}
+            />
+          );
+        })}
+    </div>
+  ) : (
+    <Alert>No Sessions available!</Alert>
+  );
+}

From b493753f36fdafe1b97a5cc8762f5f9a11e913b5 Mon Sep 17 00:00:00 2001
From: Max Peintner <max@caos.ch>
Date: Wed, 7 Jun 2023 16:19:15 +0200
Subject: [PATCH 3/3] Update apps/login/ui/SessionItem.tsx

Co-authored-by: Elio Bischof <elio@zitadel.com>
---
 apps/login/ui/SessionItem.tsx | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/apps/login/ui/SessionItem.tsx b/apps/login/ui/SessionItem.tsx
index f87713459b7..d766ca0f139 100644
--- a/apps/login/ui/SessionItem.tsx
+++ b/apps/login/ui/SessionItem.tsx
@@ -29,12 +29,11 @@ export default function SessionItem({
 
     const response = await res.json();
 
+    setLoading(false);
     if (!res.ok) {
-      setLoading(false);
       //   setError(response.details);
       return Promise.reject(response);
     } else {
-      setLoading(false);
       return response;
     }
   }