feat: Gestion des sessions utilisateur

Permet aux utilisateurs de visualiser et gérer leurs sessions actives sur différents appareils, avec la possibilité de révoquer des sessions à distance en cas de suspicion d'activité non autorisée. Fonctionnalités : - Liste des sessions actives avec métadonnées (appareil, navigateur, localisation) - Identification de la session courante - Révocation individuelle d'une session - Révocation de toutes les autres sessions - Déconnexion avec nettoyage des cookies sur les deux chemins (legacy et actuel) Sécurité : - Cache frontend scopé par utilisateur pour éviter les fuites entre comptes - Validation que le refresh token appartient à l'utilisateur JWT authentifié - TTL des sessions Redis aligné sur l'expiration du refresh token - Événements d'audit pour traçabilité (SessionInvalidee, ToutesSessionsInvalidees) @see Story 1.6 - Gestion des sessions
2026-02-03 10:10:40 +01:00
parent affad287f9
commit b823479658
40 changed files with 4222 additions and 42 deletions
--- a/frontend/src/routes/+layout.svelte
+++ b/frontend/src/routes/+layout.svelte
@@ -2,6 +2,7 @@
 	import '../app.css';
 	import { browser } from '$app/environment';
 	import { QueryClient, QueryClientProvider } from '@tanstack/svelte-query';
+	import { onLogout } from '$lib/auth/auth.svelte';

 	let { children } = $props();

@@ -16,6 +17,11 @@
 			}
 		})
 	);
+
+	// Clear user-specific caches on logout to prevent cross-account data leakage
+	onLogout(() => {
+		queryClient.removeQueries({ queryKey: ['sessions'] });
+	});
 </script>

 <QueryClientProvider client={queryClient}>
--- a/frontend/src/routes/settings/+layout.svelte
+++ b/frontend/src/routes/settings/+layout.svelte
@@ -0,0 +1,135 @@
+<script lang="ts">
+	import { goto } from '$app/navigation';
+	import { logout } from '$lib/auth/auth.svelte';
+
+	let { children } = $props();
+	let isLoggingOut = $state(false);
+
+	async function handleLogout() {
+		isLoggingOut = true;
+		try {
+			await logout();
+		} finally {
+			isLoggingOut = false;
+		}
+	}
+
+	function goHome() {
+		goto('/');
+	}
+</script>
+
+<div class="settings-layout">
+	<header class="settings-header">
+		<div class="header-content">
+			<button class="logo-button" onclick={goHome}>
+				<span class="logo-text">Classeo</span>
+			</button>
+			<nav class="header-nav">
+				<button
+					class="logout-button"
+					onclick={handleLogout}
+					disabled={isLoggingOut}
+				>
+					{#if isLoggingOut}
+						<span class="spinner"></span>
+						Déconnexion...
+					{:else}
+						Déconnexion
+					{/if}
+				</button>
+			</nav>
+		</div>
+	</header>
+
+	<div class="settings-content">
+		{@render children()}
+	</div>
+</div>
+
+<style>
+	.settings-layout {
+		min-height: 100vh;
+		display: flex;
+		flex-direction: column;
+		background: var(--surface-primary, #f8fafc);
+	}
+
+	.settings-header {
+		background: var(--surface-elevated, #fff);
+		border-bottom: 1px solid var(--border-subtle, #e2e8f0);
+		padding: 0 24px;
+	}
+
+	.header-content {
+		max-width: 1200px;
+		margin: 0 auto;
+		display: flex;
+		justify-content: space-between;
+		align-items: center;
+		height: 64px;
+	}
+
+	.logo-button {
+		background: none;
+		border: none;
+		cursor: pointer;
+		padding: 8px 0;
+	}
+
+	.logo-text {
+		font-size: 20px;
+		font-weight: 700;
+		color: var(--accent-primary, hsl(199, 89%, 48%));
+	}
+
+	.header-nav {
+		display: flex;
+		align-items: center;
+		gap: 16px;
+	}
+
+	.logout-button {
+		display: inline-flex;
+		align-items: center;
+		gap: 8px;
+		padding: 8px 16px;
+		font-size: 14px;
+		font-weight: 500;
+		color: var(--text-secondary, #64748b);
+		background: transparent;
+		border: 1px solid var(--border-subtle, #e2e8f0);
+		border-radius: 8px;
+		cursor: pointer;
+		transition: all 0.2s;
+	}
+
+	.logout-button:hover:not(:disabled) {
+		color: var(--color-alert, hsl(0, 72%, 51%));
+		border-color: var(--color-alert, hsl(0, 72%, 51%));
+	}
+
+	.logout-button:disabled {
+		opacity: 0.6;
+		cursor: not-allowed;
+	}
+
+	.spinner {
+		width: 14px;
+		height: 14px;
+		border: 2px solid var(--border-subtle, #e2e8f0);
+		border-top-color: var(--text-secondary, #64748b);
+		border-radius: 50%;
+		animation: spin 0.8s linear infinite;
+	}
+
+	.settings-content {
+		flex: 1;
+	}
+
+	@keyframes spin {
+		to {
+			transform: rotate(360deg);
+		}
+	}
+</style>
--- a/frontend/src/routes/settings/+page.svelte
+++ b/frontend/src/routes/settings/+page.svelte
@@ -0,0 +1,126 @@
+<script lang="ts">
+	import { goto } from '$app/navigation';
+
+	function navigateTo(path: string) {
+		goto(path);
+	}
+</script>
+
+<svelte:head>
+	<title>Paramètres | Classeo</title>
+</svelte:head>
+
+<div class="settings-page">
+	<div class="page-container">
+		<header class="page-header">
+			<h1>Paramètres</h1>
+			<p class="page-description">
+				Gérez votre compte et vos préférences.
+			</p>
+		</header>
+
+		<main class="page-content">
+			<div class="settings-grid">
+				<button class="settings-card" onclick={() => navigateTo('/settings/sessions')}>
+					<span class="card-icon">🔐</span>
+					<div class="card-content">
+						<h2>Mes sessions</h2>
+						<p>Gérez vos sessions actives et déconnectez les appareils à distance.</p>
+					</div>
+					<span class="card-arrow">→</span>
+				</button>
+			</div>
+		</main>
+	</div>
+</div>
+
+<style>
+	.settings-page {
+		padding: 24px;
+		font-family: 'Inter', ui-sans-serif, system-ui, sans-serif;
+	}
+
+	.page-container {
+		max-width: 640px;
+		margin: 0 auto;
+	}
+
+	.page-header {
+		margin-bottom: 32px;
+	}
+
+	.page-header h1 {
+		font-size: 24px;
+		font-weight: 700;
+		color: var(--text-primary, #1a1f36);
+		margin: 0 0 8px 0;
+	}
+
+	.page-description {
+		font-size: 14px;
+		color: var(--text-secondary, #64748b);
+		margin: 0;
+		line-height: 1.5;
+	}
+
+	.page-content {
+		background: var(--surface-elevated, #fff);
+		border-radius: 16px;
+		padding: 8px;
+		box-shadow: 0 1px 3px rgba(0, 0, 0, 0.08);
+	}
+
+	.settings-grid {
+		display: flex;
+		flex-direction: column;
+		gap: 8px;
+	}
+
+	.settings-card {
+		display: flex;
+		align-items: center;
+		gap: 16px;
+		padding: 16px;
+		background: transparent;
+		border: none;
+		border-radius: 12px;
+		cursor: pointer;
+		text-align: left;
+		transition: background 0.2s;
+		width: 100%;
+	}
+
+	.settings-card:hover {
+		background: var(--surface-primary, #f8fafc);
+	}
+
+	.card-icon {
+		font-size: 28px;
+		flex-shrink: 0;
+	}
+
+	.card-content {
+		flex: 1;
+		min-width: 0;
+	}
+
+	.card-content h2 {
+		font-size: 15px;
+		font-weight: 600;
+		color: var(--text-primary, #1a1f36);
+		margin: 0 0 4px 0;
+	}
+
+	.card-content p {
+		font-size: 13px;
+		color: var(--text-secondary, #64748b);
+		margin: 0;
+		line-height: 1.4;
+	}
+
+	.card-arrow {
+		font-size: 18px;
+		color: var(--text-muted, #94a3b8);
+		flex-shrink: 0;
+	}
+</style>
--- a/frontend/src/routes/settings/sessions/+page.svelte
+++ b/frontend/src/routes/settings/sessions/+page.svelte
@@ -0,0 +1,254 @@
+<script lang="ts">
+	import { goto } from '$app/navigation';
+	import { createQuery, createMutation, useQueryClient } from '@tanstack/svelte-query';
+	import { getSessions, revokeSession, revokeAllSessions } from '$lib/features/sessions/api/sessions';
+	import SessionList from '$lib/features/sessions/components/SessionList.svelte';
+
+	const queryClient = useQueryClient();
+
+	let mutationError = $state<string | null>(null);
+
+	const sessionsQuery = createQuery({
+		queryKey: ['sessions'],
+		queryFn: getSessions,
+		// Always refetch on mount to prevent cross-account cache leakage
+		// when user A logs out and user B logs in on the same tab
+		refetchOnMount: 'always',
+		staleTime: 0
+	});
+
+	const revokeSessionMutation = createMutation({
+		mutationFn: revokeSession,
+		onSuccess: () => {
+			mutationError = null;
+			queryClient.invalidateQueries({ queryKey: ['sessions'] });
+		},
+		onError: () => {
+			mutationError = 'Impossible de déconnecter cette session. Veuillez réessayer.';
+		}
+	});
+
+	const revokeAllMutation = createMutation({
+		mutationFn: revokeAllSessions,
+		onSuccess: () => {
+			mutationError = null;
+			queryClient.invalidateQueries({ queryKey: ['sessions'] });
+		},
+		onError: () => {
+			mutationError = 'Impossible de déconnecter les autres sessions. Veuillez réessayer.';
+		}
+	});
+
+	async function handleRevokeSession(familyId: string): Promise<void> {
+		mutationError = null;
+		await $revokeSessionMutation.mutateAsync(familyId);
+	}
+
+	async function handleRevokeAll(): Promise<void> {
+		mutationError = null;
+		await $revokeAllMutation.mutateAsync();
+	}
+
+	function dismissError() {
+		mutationError = null;
+	}
+
+	function goBack() {
+		goto('/settings');
+	}
+</script>
+
+<svelte:head>
+	<title>Mes sessions | Classeo</title>
+</svelte:head>
+
+<div class="sessions-page">
+	<div class="page-container">
+		<header class="page-header">
+			<button class="back-button" onclick={goBack}>
+				← Retour
+			</button>
+			<h1>Mes sessions</h1>
+			<p class="page-description">
+				Gérez vos sessions actives. Vous pouvez déconnecter un appareil à distance si vous suspectez une activité non autorisée.
+			</p>
+		</header>
+
+		{#if mutationError}
+			<div class="mutation-error" role="alert">
+				<span class="error-message">{mutationError}</span>
+				<button class="dismiss-button" onclick={dismissError} aria-label="Fermer">×</button>
+			</div>
+		{/if}
+
+		<main class="page-content">
+			{#if $sessionsQuery.isPending}
+				<div class="loading-state">
+					<span class="spinner"></span>
+					<p>Chargement des sessions...</p>
+				</div>
+			{:else if $sessionsQuery.isError}
+				<div class="error-state">
+					<span class="error-icon">⚠️</span>
+					<p>Impossible de charger les sessions.</p>
+					<button class="retry-button" onclick={() => $sessionsQuery.refetch()}>
+						Réessayer
+					</button>
+				</div>
+			{:else if $sessionsQuery.data}
+				<SessionList
+					sessions={$sessionsQuery.data}
+					onRevokeSession={handleRevokeSession}
+					onRevokeAll={handleRevokeAll}
+				/>
+			{/if}
+		</main>
+	</div>
+</div>
+
+<style>
+	.sessions-page {
+		padding: 24px;
+		font-family: 'Inter', ui-sans-serif, system-ui, sans-serif;
+	}
+
+	.page-container {
+		max-width: 640px;
+		margin: 0 auto;
+	}
+
+	.page-header {
+		margin-bottom: 32px;
+	}
+
+	.back-button {
+		display: inline-flex;
+		align-items: center;
+		gap: 4px;
+		padding: 8px 12px;
+		font-size: 14px;
+		font-weight: 500;
+		color: var(--text-secondary, #64748b);
+		background: transparent;
+		border: none;
+		border-radius: 8px;
+		cursor: pointer;
+		margin-bottom: 16px;
+		margin-left: -12px;
+		transition: color 0.2s;
+	}
+
+	.back-button:hover {
+		color: var(--text-primary, #1a1f36);
+	}
+
+	.page-header h1 {
+		font-size: 24px;
+		font-weight: 700;
+		color: var(--text-primary, #1a1f36);
+		margin: 0 0 8px 0;
+	}
+
+	.page-description {
+		font-size: 14px;
+		color: var(--text-secondary, #64748b);
+		margin: 0;
+		line-height: 1.5;
+	}
+
+	.page-content {
+		background: var(--surface-elevated, #fff);
+		border-radius: 16px;
+		padding: 24px;
+		box-shadow: 0 1px 3px rgba(0, 0, 0, 0.08);
+	}
+
+	.loading-state,
+	.error-state {
+		display: flex;
+		flex-direction: column;
+		align-items: center;
+		gap: 16px;
+		padding: 48px 24px;
+		color: var(--text-secondary, #64748b);
+	}
+
+	.loading-state .spinner {
+		width: 32px;
+		height: 32px;
+		border: 3px solid var(--border-subtle, #e2e8f0);
+		border-top-color: var(--accent-primary, hsl(199, 89%, 48%));
+		border-radius: 50%;
+		animation: spin 0.8s linear infinite;
+	}
+
+	.error-icon {
+		font-size: 48px;
+	}
+
+	.error-state p {
+		margin: 0;
+		font-size: 15px;
+	}
+
+	.retry-button {
+		padding: 10px 20px;
+		font-size: 14px;
+		font-weight: 500;
+		color: #fff;
+		background: var(--accent-primary, hsl(199, 89%, 48%));
+		border: none;
+		border-radius: 8px;
+		cursor: pointer;
+		transition: background 0.2s;
+	}
+
+	.retry-button:hover {
+		background: hsl(199, 89%, 42%);
+	}
+
+	@keyframes spin {
+		to {
+			transform: rotate(360deg);
+		}
+	}
+
+	.mutation-error {
+		display: flex;
+		align-items: center;
+		justify-content: space-between;
+		gap: 12px;
+		padding: 12px 16px;
+		margin-bottom: 16px;
+		background: hsl(0, 84%, 95%);
+		border: 1px solid hsl(0, 84%, 85%);
+		border-radius: 8px;
+		color: hsl(0, 84%, 32%);
+	}
+
+	.mutation-error .error-message {
+		font-size: 14px;
+		font-weight: 500;
+	}
+
+	.mutation-error .dismiss-button {
+		display: flex;
+		align-items: center;
+		justify-content: center;
+		width: 24px;
+		height: 24px;
+		padding: 0;
+		font-size: 18px;
+		font-weight: 500;
+		color: hsl(0, 84%, 32%);
+		background: transparent;
+		border: none;
+		border-radius: 4px;
+		cursor: pointer;
+		transition: background 0.2s;
+	}
+
+	.mutation-error .dismiss-button:hover {
+		background: hsl(0, 84%, 90%);
+	}
+</style>