From 5ca84f4aa31d3d8f731bb08d0be2eb4d5d61dc9a Mon Sep 17 00:00:00 2001
From: Ludy87 <Ludy87@users.noreply.github.com>
Date: Wed, 26 Mar 2025 12:06:10 +0100
Subject: [PATCH] Update AnonymusSessionStatusController.java

---
 .../AnonymusSessionStatusController.java      | 65 ++++++++++++++-----
 1 file changed, 49 insertions(+), 16 deletions(-)

diff --git a/src/main/java/stirling/software/SPDF/config/anonymus/session/AnonymusSessionStatusController.java b/src/main/java/stirling/software/SPDF/config/anonymus/session/AnonymusSessionStatusController.java
index 04b2c6ce2..fad153806 100644
--- a/src/main/java/stirling/software/SPDF/config/anonymus/session/AnonymusSessionStatusController.java
+++ b/src/main/java/stirling/software/SPDF/config/anonymus/session/AnonymusSessionStatusController.java
@@ -1,7 +1,8 @@
 package stirling.software.SPDF.config.anonymus.session;
 
 import java.util.ArrayList;
-import java.util.List;
+import java.util.Collection;
+import java.util.Date;
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
@@ -14,35 +15,67 @@ import jakarta.servlet.http.HttpSession;
 
 import lombok.extern.slf4j.Slf4j;
 
+import stirling.software.SPDF.config.interfaces.SessionsInterface;
+
 @RestController
 @Slf4j
 public class AnonymusSessionStatusController {
 
     @Autowired private AnonymusSessionRegistry sessionRegistry;
-    private static final int MAX_SESSIONS = 3;
+    @Autowired private SessionsInterface sessionsInterface;
+    private static final int MAX_SESSIONS = 1;
 
     @GetMapping("/session/status")
     public ResponseEntity<String> getSessionStatus(HttpServletRequest request) {
         HttpSession session = request.getSession(false);
-        List<AnonymusSessionInfo> allNonExpiredSessions =
-                new ArrayList<>(sessionRegistry.getAllNonExpiredSessions());
-
-        for (AnonymusSessionInfo info : allNonExpiredSessions) {
-            log.info(
-                    "Session ID: {}, Created At: {}, Last Request: {}, Expired: {}",
-                    info.getSession().getId(),
-                    info.getCreatedAt(),
-                    info.getLastRequest(),
-                    info.isExpired());
+        if (session == null) {
+            return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body("No session found");
         }
 
-        if (allNonExpiredSessions.size() > MAX_SESSIONS) {
+        Collection<AnonymusSessionInfo> allNonExpiredSessions =
+                new ArrayList<>(sessionRegistry.getAllNonExpiredSessions());
+        if (allNonExpiredSessions.isEmpty()) {
+            allNonExpiredSessions.add(
+                    new AnonymusSessionInfo(session, new Date(), new Date(), false));
+        }
+
+        // wenn session expire ist dann UNAUTHORIZED
+        if (allNonExpiredSessions.stream()
+                .anyMatch(s -> s.getSession().getId().equals(session.getId()) && s.isExpired())) {
+            return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body("Session expired");
+        }
+
+        // wenn nicht in der Liste dann UNAUTHORIZED
+        if (allNonExpiredSessions.stream()
+                .noneMatch(s -> s.getSession().getId().equals(session.getId()))) {
+            return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body("No session found");
+        }
+
+        if (allNonExpiredSessions.size() > MAX_SESSIONS
+                && sessionsInterface.isSessionValid(session.getId())
+                && sessionsInterface.isOldestNonExpiredSession(session.getId())) {
             return ResponseEntity.status(HttpStatus.UNAUTHORIZED)
                     .body("Session ungültig oder abgelaufen");
-        } else if (session != null) {
-            return ResponseEntity.ok("Session gültig: " + session.getId());
+        }
+        return ResponseEntity.ok("Session gültig: " + session.getId());
+    }
+
+    @GetMapping("/session/expire")
+    public ResponseEntity<String> expireSession(HttpServletRequest request) {
+        HttpSession session = request.getSession(false);
+        if (session != null) {
+            session.invalidate();
+            return ResponseEntity.ok("Session invalidated");
         } else {
-            return ResponseEntity.ok("User has session");
+            return ResponseEntity.ok("No session to invalidate");
         }
     }
+
+    @GetMapping("/session/expire/all")
+    public ResponseEntity<String> expireAllSessions() {
+        sessionRegistry
+                .getAllNonExpiredSessions()
+                .forEach(sessionInfo -> sessionInfo.getSession().invalidate());
+        return ResponseEntity.ok("All sessions invalidated");
+    }
 }