Added Session Concurrency

Author: mckaragoz

src/CodeBeam.UltimateAuth.Core/Abstractions/Issuers/ISessionIssuer.cs

@@ -6,7 +6,7 @@ namespace CodeBeam.UltimateAuth.Core.Abstractions;
 
 public interface ISessionIssuer
 {
-    Task<IssuedSession> IssueLoginSessionAsync(AuthenticatedSessionContext context, CancellationToken cancellationToken = default);
+    Task<IssuedSession> IssueSessionAsync(AuthenticatedSessionContext context, CancellationToken cancellationToken = default);
 
     Task<IssuedSession> RotateSessionAsync(SessionRotationContext context, CancellationToken cancellationToken = default);
 

…stractions/Stores/ISessionStoreKernel.cs …ore/Abstractions/Stores/ISessionStore.cssrc/CodeBeam.UltimateAuth.Core/Abstractions/Stores/ISessionStoreKernel.cs renamed to src/CodeBeam.UltimateAuth.Core/Abstractions/Stores/ISessionStore.cs src/CodeBeam.UltimateAuth.Core/Abstractions/Stores/ISessionStoreKernel.cs renamed to src/CodeBeam.UltimateAuth.Core/Abstractions/Stores/ISessionStore.cs

@@ -2,25 +2,28 @@
 
 namespace CodeBeam.UltimateAuth.Core.Abstractions;
 
-public interface ISessionStoreKernel
+public interface ISessionStore
 {
     Task ExecuteAsync(Func<CancellationToken, Task> action, CancellationToken ct = default);
     Task<TResult> ExecuteAsync<TResult>(Func<CancellationToken, Task<TResult>> action, CancellationToken ct = default);
 
     Task<UAuthSession?> GetSessionAsync(AuthSessionId sessionId);
-    Task SaveSessionAsync(UAuthSession session);
+    Task SaveSessionAsync(UAuthSession session, long expectedVersion);
+    Task CreateSessionAsync(UAuthSession session);
     Task<bool> RevokeSessionAsync(AuthSessionId sessionId, DateTimeOffset at);
 
     Task<UAuthSessionChain?> GetChainAsync(SessionChainId chainId);
-    Task SaveChainAsync(UAuthSessionChain chain);
+    Task SaveChainAsync(UAuthSessionChain chain, long expectedVersion);
+    Task CreateChainAsync(UAuthSessionChain chain);
     Task RevokeChainAsync(SessionChainId chainId, DateTimeOffset at);
-    Task<AuthSessionId?> GetActiveSessionIdAsync(SessionChainId chainId);
-    Task SetActiveSessionIdAsync(SessionChainId chainId, AuthSessionId sessionId);
+    //Task<AuthSessionId?> GetActiveSessionIdAsync(SessionChainId chainId);
+    //Task SetActiveSessionIdAsync(SessionChainId chainId, AuthSessionId sessionId);
 
-    Task<UAuthSessionRoot?> GetSessionRootByUserAsync(UserKey userKey);
-    Task<UAuthSessionRoot?> GetSessionRootByIdAsync(SessionRootId rootId);
-    Task SaveSessionRootAsync(UAuthSessionRoot root);
-    Task RevokeSessionRootAsync(UserKey userKey, DateTimeOffset at);
+    Task<UAuthSessionRoot?> GetRootByUserAsync(UserKey userKey);
+    Task<UAuthSessionRoot?> GetRootByIdAsync(SessionRootId rootId);
+    Task SaveRootAsync(UAuthSessionRoot root, long expectedVersion);
+    Task CreateRootAsync(UAuthSessionRoot root);
+    Task RevokeRootAsync(UserKey userKey, DateTimeOffset at);
 
     Task<SessionChainId?> GetChainIdBySessionAsync(AuthSessionId sessionId);
     Task<IReadOnlyList<UAuthSessionChain>> GetChainsByUserAsync(UserKey userKey);

…ons/Stores/ISessionStoreKernelFactory.cs …tractions/Stores/ISessionStoreFactory.cssrc/CodeBeam.UltimateAuth.Core/Abstractions/Stores/ISessionStoreKernelFactory.cs renamed to src/CodeBeam.UltimateAuth.Core/Abstractions/Stores/ISessionStoreFactory.cs src/CodeBeam.UltimateAuth.Core/Abstractions/Stores/ISessionStoreKernelFactory.cs renamed to src/CodeBeam.UltimateAuth.Core/Abstractions/Stores/ISessionStoreFactory.cs

@@ -5,15 +5,15 @@ namespace CodeBeam.UltimateAuth.Core.Abstractions;
 /// <summary>
 /// Provides a factory abstraction for creating tenant-scoped session store
 /// instances capable of persisting sessions, chains, and session roots.
-/// Implementations typically resolve concrete <see cref="ISessionStoreKernel"/> types from the dependency injection container.
+/// Implementations typically resolve concrete <see cref="ISessionStore"/> types from the dependency injection container.
 /// </summary>
-public interface ISessionStoreKernelFactory
+public interface ISessionStoreFactory
 {
     /// <summary>
     /// Creates and returns a session store instance for the specified user ID type within the given tenant context.
     /// </summary>
     /// <returns>
-    /// An <see cref="ISessionStoreKernel"/> implementation able to perform session persistence operations.
+    /// An <see cref="ISessionStore"/> implementation able to perform session persistence operations.
     /// </returns>
-    ISessionStoreKernel Create(TenantKey tenant);
+    ISessionStore Create(TenantKey tenant);
 }

src/CodeBeam.UltimateAuth.Core/Domain/Session/UAuthSession.cs

@@ -59,6 +59,7 @@ public static UAuthSession Create(
         SessionChainId chainId,
         DateTimeOffset now,
         DateTimeOffset expiresAt,
+        long securityVersion,
         DeviceContext device,
         ClaimsSnapshot? claims,
         SessionMetadata metadata)
@@ -73,37 +74,14 @@ public static UAuthSession Create(
             lastSeenAt: now,
             isRevoked: false,
             revokedAt: null,
-            securityVersionAtCreation: 0,
+            securityVersionAtCreation: securityVersion,
             device: device,
             claims: claims ?? ClaimsSnapshot.Empty,
             metadata: metadata,
             version: 0
         );
     }
 
-    public UAuthSession WithSecurityVersion(long securityVersion)
-    {
-        if (SecurityVersionAtCreation == securityVersion)
-            return this;
-
-        return new UAuthSession(
-            SessionId,
-            Tenant,
-            UserKey,
-            ChainId,
-            CreatedAt,
-            ExpiresAt,
-            LastSeenAt,
-            IsRevoked,
-            RevokedAt,
-            securityVersion,
-            Device,
-            Claims,
-            Metadata,
-            Version + 1
-        );
-    }
-
     public UAuthSession Touch(DateTimeOffset at)
     {
         return new UAuthSession(

src/CodeBeam.UltimateAuth.Core/Domain/Session/UAuthSessionChain.cs

@@ -80,8 +80,8 @@ public UAuthSessionChain AttachSession(AuthSessionId sessionId)
             SecurityVersionAtCreation,
             ClaimsSnapshot,
             activeSessionId: sessionId,
-            isRevoked: false,
-            revokedAt: null,
+            isRevoked: IsRevoked,
+            revokedAt: RevokedAt,
             version: Version + 1
         );
     }

src/CodeBeam.UltimateAuth.Core/Domain/Session/UAuthSessionRoot.cs

@@ -46,12 +46,27 @@ public static UAuthSessionRoot Create(
             SessionRootId.New(),
             tenant,
             userKey,
-            isRevoked: false,
-            revokedAt: null,
-            securityVersion: 0,
+            false,
+            null,
+            0,
             chains: Array.Empty<UAuthSessionChain>(),
-            lastUpdatedAt: issuedAt,
-            version: 0
+            issuedAt,
+            0
+        );
+    }
+
+    public UAuthSessionRoot IncreaseSecurityVersion(DateTimeOffset at)
+    {
+        return new UAuthSessionRoot(
+            RootId,
+            Tenant,
+            UserKey,
+            IsRevoked,
+            RevokedAt,
+            SecurityVersion + 1,
+            Chains,
+            at,
+            Version + 1
         );
     }
 
@@ -64,12 +79,12 @@ public UAuthSessionRoot Revoke(DateTimeOffset at)
             RootId,
             Tenant,
             UserKey,
-            isRevoked: true,
-            revokedAt: at,
-            securityVersion: SecurityVersion,
-            chains: Chains,
-            lastUpdatedAt: at,
-            version: Version + 1
+            true,
+            at,
+            SecurityVersion + 1,
+            Chains,
+            at,
+            Version + 1
         );
     }
 

src/CodeBeam.UltimateAuth.Core/Errors/Runtime/UAuthNotFoundException.cs

@@ -0,0 +1,14 @@
+namespace CodeBeam.UltimateAuth.Core.Errors;
+
+public class UAuthNotFoundException : UAuthRuntimeException
+{
+    public override int StatusCode => 400;
+
+    public override string Title => "The resource is not found.";
+
+    public override string TypePrefix => "https://docs.ultimateauth.com/errors/notfound";
+
+    public UAuthNotFoundException(string code = "resource_not_found") : base(code, code)
+    {
+    }
+}

src/CodeBeam.UltimateAuth.Core/Errors/UAuthNotFoundException.cs

@@ -15,7 +15,7 @@ public static IServiceCollection Build(this UltimateAuthServerBuilder builder)
         //if (!services.Any(sd => sd.ServiceType.IsAssignableTo(typeof(IUAuthUserStore<>))))
         //    throw new InvalidOperationException("No credential store registered.");
 
-        if (!services.Any(sd => sd.ServiceType.IsAssignableTo(typeof(ISessionStoreKernel))))
+        if (!services.Any(sd => sd.ServiceType.IsAssignableTo(typeof(ISessionStore))))
             throw new InvalidOperationException("No session store registered.");
 
         return services;

src/CodeBeam.UltimateAuth.Server/Composition/UltimateAuthServerBuilderValidation.cs

@@ -5,9 +5,9 @@ namespace CodeBeam.UltimateAuth.Server.Flows;
 
 public sealed class SessionTouchService : ISessionTouchService
 {
-    private readonly ISessionStoreKernelFactory _kernelFactory;
+    private readonly ISessionStoreFactory _kernelFactory;
 
-    public SessionTouchService(ISessionStoreKernelFactory kernelFactory)
+    public SessionTouchService(ISessionStoreFactory kernelFactory)
     {
         _kernelFactory = kernelFactory;
     }
@@ -29,14 +29,17 @@ public async Task<SessionRefreshResult> RefreshAsync(SessionValidationResult val
         await kernel.ExecuteAsync(async _ =>
         {
             var session = await kernel.GetSessionAsync(validation.SessionId.Value);
+
             if (session is null || session.IsRevoked)
                 return;
 
             if (sessionTouchMode == SessionTouchMode.IfNeeded && now - session.LastSeenAt < policy.TouchInterval.Value)
                 return;
 
+            var expectedVersion = session.Version;
             var touched = session.Touch(now);
-            await kernel.SaveSessionAsync(touched);
+
+            await kernel.SaveSessionAsync(touched, expectedVersion);
             didTouch = true;
         }, ct);