fix(auth): tighten refresh session revocation

2026-05-13 15:04:37 +08:00
parent b13870f71b
commit 4fecf9c975
36 changed files with 1664 additions and 170 deletions
--- a/server-rs/crates/module-auth/src/commands.rs
+++ b/server-rs/crates/module-auth/src/commands.rs
@@ -87,10 +87,17 @@ pub struct RotateRefreshSessionInput {
    pub next_refresh_token_hash: String,
 }

+#[derive(Clone, Debug, PartialEq, Eq)]
+pub struct RevokeRefreshSessionByUserInput {
+    pub user_id: String,
+    pub session_id: String,
+}
+
 #[derive(Clone, Debug, PartialEq, Eq)]
 pub struct LogoutCurrentSessionInput {
    pub user_id: String,
    pub refresh_token_hash: Option<String>,
+    pub session_id: Option<String>,
 }

 #[derive(Clone, Debug, PartialEq, Eq)]