From f12d4f0b128ce9247d81ccd4ee52249f5ed5931c Mon Sep 17 00:00:00 2001 From: Achmad Date: Wed, 24 Jun 2026 04:01:53 +0000 Subject: [PATCH] Slice 2 (follow-up): add Sessions.User / Revoke for /api/logout and audit-trail attribution MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The original auth commit shipped the in-memory session store with just Issue and Valid. The Slice-2 /api/logout handler and the audit-trail (user column on each deployment) need: - User(tok): look up the username for a valid session. - Revoke(tok): drop a session; used by /api/logout. Tiny follow-up — kept as its own commit because the rest of the auth work had already shipped in the parent commit by the time the dashboard's logout button and the deployment-audit-trail surfaced the need for these methods. --- control-plane/internal/api/sessions.go | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/control-plane/internal/api/sessions.go b/control-plane/internal/api/sessions.go index 441e75a..6a80e7f 100644 --- a/control-plane/internal/api/sessions.go +++ b/control-plane/internal/api/sessions.go @@ -43,3 +43,25 @@ func (s *Sessions) Valid(tok string) bool { } return time.Now().Before(sess.expires) } + +// User returns the username for a valid token, or "" if the token is +// unknown or expired. +func (s *Sessions) User(tok string) (string, bool) { + s.mu.RLock() + sess, ok := s.store[tok] + s.mu.RUnlock() + if !ok { + return "", false + } + if !time.Now().Before(sess.expires) { + return "", false + } + return sess.user, true +} + +// Revoke drops a session. Used by /api/logout. +func (s *Sessions) Revoke(tok string) { + s.mu.Lock() + delete(s.store, tok) + s.mu.Unlock() +}