veza/apps/web/src/components/settings/security/SessionManagement.tsx

import React, { useState, useEffect } from 'react';
import { Card } from '../../ui/card';
import { Button } from '../../ui/button';
import { Smartphone, Monitor, Clock } from 'lucide-react';
import { useToast } from '../../../components/feedback/ToastProvider';
import { sessionService, Session } from '../../../services/sessionService';
import { logger } from '@/utils/logger';

export const SessionManagement: React.FC = () => {
  const { addToast } = useToast();
  const [sessions, setSessions] = useState<Session[]>([]);
  const [loading, setLoading] = useState(true);

  useEffect(() => {
    loadSessions();
  }, []);

  const loadSessions = async () => {
    try {
      setLoading(true);
      const res = await sessionService.getSessions();
      setSessions(res.sessions);
    } catch (error) {
      logger.error('Error loading sessions', {
        error: error instanceof Error ? error.message : String(error),
        stack: error instanceof Error ? error.stack : undefined,
      });
    } finally {
      setLoading(false);
    }
  };

  const handleRevoke = async (id: string) => {
    try {
      await sessionService.revokeSession(id);
      setSessions((prev) => prev.filter((s) => s.id !== id));
      addToast('Session revoked successfully', 'success');
    } catch {
      addToast('Failed to revoke session', 'error');
    }
  };

  const handleRevokeAll = async () => {
    try {
      await sessionService.logoutAll();
      // Ideally reload or clear all except current, but for safety re-fetch
      loadSessions();
      addToast('All other sessions have been logged out', 'success');
    } catch {
      addToast('Failed to log out all devices', 'error');
    }
  };

  if (loading)
    return (
      <div className="text-center p-4 text-muted-foreground">Loading sessions...</div>
    );

  return (
    <Card variant="default">
      <div className="flex justify-between items-center mb-6">
        <div>
          <h3 className="text-xl font-bold text-foreground">Active Sessions</h3>
          <p className="text-sm text-muted-foreground">
            Manage devices logged into your account.
          </p>
        </div>
        <Button
          variant="ghost"
          className="text-destructive hover:bg-destructive/10 border-destructive/30"
          onClick={handleRevokeAll}
        >
          Log Out All Other Devices
        </Button>
      </div>

      <div className="space-y-4">
        {sessions.map((session) => {
          // Simple heuristics for icon since backend might not provide device type explicitly yet
          const isMobile = session.user_agent.toLowerCase().includes('mobile');
          return (
            <div
              key={session.id}
              className="flex flex-col md:flex-row md:items-center justify-between p-4 bg-card rounded-xl shadow-[0_0_8px_rgba(26,26,30,0.05)] transition-colors"
            >
              <div className="flex items-start gap-4">
                <div
                  className={`p-4 rounded-full ${session.is_current ? 'bg-primary/10 text-primary' : 'bg-muted text-muted-foreground'}`}
                >
                  {isMobile ? (
                    <Smartphone className="w-6 h-6" />
                  ) : (
                    <Monitor className="w-6 h-6" />
                  )}
                </div>
                <div>
                  <div className="flex items-center gap-2">
                    <h4 className="font-bold text-foreground text-sm">
                      {session.ip_address}
                    </h4>
                    {session.is_current && (
                      <span className="bg-success/10 text-success text-xs px-2 py-0.5 rounded border border-success/30 font-bold">
                        CURRENT DEVICE
                      </span>
                    )}
                  </div>
                  <p className="text-xs text-muted-foreground mt-1 truncate max-w-xs">
                    {session.user_agent}
                  </p>
                  <div className="flex items-center gap-4 mt-2 text-xs text-muted-foreground">
                    <span className="flex items-center gap-1">
                      <Clock className="w-3 h-3" /> Active:{' '}
                      {new Date(session.last_activity).toLocaleString()}
                    </span>
                  </div>
                </div>
              </div>

              {!session.is_current && (
                <Button
                  variant="ghost"
                  size="sm"
                  className="mt-4 md:mt-0 text-muted-foreground hover:text-foreground shadow-[0_0_8px_rgba(26,26,30,0.05)] hover:bg-muted"
                  onClick={() => handleRevoke(session.id)}
                >
                  Revoke Access
                </Button>
              )}
            </div>
          );
        })}
        {sessions.length === 0 && (
          <p className="text-center text-muted-foreground text-sm py-8">No active sessions found.</p>
        )}
      </div>
    </Card>
  );
};
chore: remove production logs in components 2026-01-07 09:31:02 +00:00			`import React, { useState, useEffect } from 'react';`
			`import { Card } from '../../ui/card';`
			`import { Button } from '../../ui/button';`
			`import { Smartphone, Monitor, Clock } from 'lucide-react';`
improving UI: adding API doc to Developer Page 2026-01-26 13:12:17 +00:00			`import { useToast } from '../../../components/feedback/ToastProvider';`
chore: remove production logs in components 2026-01-07 09:31:02 +00:00			`import { sessionService, Session } from '../../../services/sessionService';`
			`import { logger } from '@/utils/logger';`

			`export const SessionManagement: React.FC = () => {`
			`const { addToast } = useToast();`
			`const [sessions, setSessions] = useState<Session[]>([]);`
			`const [loading, setLoading] = useState(true);`

			`useEffect(() => {`
incus deployement fully implemented, Makefile updated and make fmt ran 2026-01-13 18:47:57 +00:00			`loadSessions();`
chore: remove production logs in components 2026-01-07 09:31:02 +00:00			`}, []);`

			`const loadSessions = async () => {`
incus deployement fully implemented, Makefile updated and make fmt ran 2026-01-13 18:47:57 +00:00			`try {`
			`setLoading(true);`
			`const res = await sessionService.getSessions();`
			`setSessions(res.sessions);`
			`} catch (error) {`
			`logger.error('Error loading sessions', {`
			`error: error instanceof Error ? error.message : String(error),`
			`stack: error instanceof Error ? error.stack : undefined,`
			`});`
			`} finally {`
			`setLoading(false);`
			`}`
chore: remove production logs in components 2026-01-07 09:31:02 +00:00			`};`

			`const handleRevoke = async (id: string) => {`
			`try {`
incus deployement fully implemented, Makefile updated and make fmt ran 2026-01-13 18:47:57 +00:00			`await sessionService.revokeSession(id);`
			`setSessions((prev) => prev.filter((s) => s.id !== id));`
			`addToast('Session revoked successfully', 'success');`
refactor(web): zero out @typescript-eslint/no-unused-vars (134 → 0) Two-step cleanup of the no-unused-vars warning bucket : 1. Widened the rule's ignore patterns in eslint.config.js so the `_`-prefix convention works uniformly across all four contexts (function args, local vars, caught errors, destructured arrays). The argsIgnorePattern was already `^_` ; added varsIgnorePattern, caughtErrorsIgnorePattern, destructuredArrayIgnorePattern with the same `^_` regex. Knocked 17 warnings out instantly because the codebase had already adopted `_xxx` for unused locals and was waiting on this config change. 2. Fixed the remaining 117 cases across 99 files by pattern : * 26 catch-binding cases : `catch (e) {…}` → `catch {…}` (TS 4.0+ optional binding, ES2019). Cleaner than `catch (_e)` for the dozen "swallow and toast" error handlers that don't read the error. * 58 unused imports removed (incl. one literal `electron` contextBridge import that crept in from a phantom port-attempt). * 28 destructure / assignment cases : prefixed with `_` where the name documents the contract (test fixtures, hook return tuples where one slot isn't used yet) ; deleted outright when the assignment had no side effect and no documentary value. * 3 function param cases : prefixed with `_`. * 2 self-recursive `requestAnimationFrame` blocks that were dead code (an interval-based alternative did the work) : deleted. `tsc --noEmit` reports 0 errors after the changes. ESLint total dropped from 1240 to 1108. Updated the baseline in .github/workflows/ci.yml in the next commit. Pattern decisions logged inline so future maintainers know that `_`-prefix isn't slop — it's the documented, lint-aware way to mark "intentionally unused" without having to remove the name. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-04-30 21:05:32 +00:00			`} catch {`
incus deployement fully implemented, Makefile updated and make fmt ran 2026-01-13 18:47:57 +00:00			`addToast('Failed to revoke session', 'error');`
chore: remove production logs in components 2026-01-07 09:31:02 +00:00			`}`
			`};`

			`const handleRevokeAll = async () => {`
			`try {`
incus deployement fully implemented, Makefile updated and make fmt ran 2026-01-13 18:47:57 +00:00			`await sessionService.logoutAll();`
			`// Ideally reload or clear all except current, but for safety re-fetch`
			`loadSessions();`
			`addToast('All other sessions have been logged out', 'success');`
refactor(web): zero out @typescript-eslint/no-unused-vars (134 → 0) Two-step cleanup of the no-unused-vars warning bucket : 1. Widened the rule's ignore patterns in eslint.config.js so the `_`-prefix convention works uniformly across all four contexts (function args, local vars, caught errors, destructured arrays). The argsIgnorePattern was already `^_` ; added varsIgnorePattern, caughtErrorsIgnorePattern, destructuredArrayIgnorePattern with the same `^_` regex. Knocked 17 warnings out instantly because the codebase had already adopted `_xxx` for unused locals and was waiting on this config change. 2. Fixed the remaining 117 cases across 99 files by pattern : * 26 catch-binding cases : `catch (e) {…}` → `catch {…}` (TS 4.0+ optional binding, ES2019). Cleaner than `catch (_e)` for the dozen "swallow and toast" error handlers that don't read the error. * 58 unused imports removed (incl. one literal `electron` contextBridge import that crept in from a phantom port-attempt). * 28 destructure / assignment cases : prefixed with `_` where the name documents the contract (test fixtures, hook return tuples where one slot isn't used yet) ; deleted outright when the assignment had no side effect and no documentary value. * 3 function param cases : prefixed with `_`. * 2 self-recursive `requestAnimationFrame` blocks that were dead code (an interval-based alternative did the work) : deleted. `tsc --noEmit` reports 0 errors after the changes. ESLint total dropped from 1240 to 1108. Updated the baseline in .github/workflows/ci.yml in the next commit. Pattern decisions logged inline so future maintainers know that `_`-prefix isn't slop — it's the documented, lint-aware way to mark "intentionally unused" without having to remove the name. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-04-30 21:05:32 +00:00			`} catch {`
incus deployement fully implemented, Makefile updated and make fmt ran 2026-01-13 18:47:57 +00:00			`addToast('Failed to log out all devices', 'error');`
chore: remove production logs in components 2026-01-07 09:31:02 +00:00			`}`
			`};`

incus deployement fully implemented, Makefile updated and make fmt ran 2026-01-13 18:47:57 +00:00			`if (loading)`
			`return (`
style(settings,auth): elevate Security and Auth to SaaS Premium Co-authored-by: Cursor <cursoragent@cursor.com> 2026-02-07 15:02:52 +00:00			`<div className="text-center p-4 text-muted-foreground">Loading sessions...</div>`
incus deployement fully implemented, Makefile updated and make fmt ran 2026-01-13 18:47:57 +00:00			`);`
chore: remove production logs in components 2026-01-07 09:31:02 +00:00
			`return (`
			`<Card variant="default">`
			`<div className="flex justify-between items-center mb-6">`
			`<div>`
feat(ui): semantic tokens in settings views + XPBar Gamification: - XPBar: track bg-kodo-void → bg-muted (gold gradient and pattern kept) Settings: - CloudIntegrationView, BackupsView: toggle thumb bg-white → bg-background - AccessibilitySettingsView: hover:bg-white/5 → hover:bg-muted/50 - AppearanceSettingsView: density option hover + kodo-magenta → primary - IntegrationsView: icon container bg-white → bg-muted/50 - DeleteAccount*: labels/titles text-white → text-foreground, destructive btn → text-destructive-foreground, disabled → bg-muted - ChangeEmailModal, DataExportModal: titles, labels, text → text-foreground; DataExport input bg-kodo-void → bg-muted - SessionManagement, LoginHistory, SecuritySettings: headings text-white → text-foreground, row hover → hover:bg-muted/50 - TwoFactorSetupStep2: QR container bg-white → bg-card - LoginHistory: table cell text-white → text-foreground Co-authored-by: Cursor <cursoragent@cursor.com> 2026-02-10 08:43:22 +00:00			`<h3 className="text-xl font-bold text-foreground">Active Sessions</h3>`
style(settings,auth): elevate Security and Auth to SaaS Premium Co-authored-by: Cursor <cursoragent@cursor.com> 2026-02-07 15:02:52 +00:00			`<p className="text-sm text-muted-foreground">`
incus deployement fully implemented, Makefile updated and make fmt ran 2026-01-13 18:47:57 +00:00			`Manage devices logged into your account.`
			`</p>`
chore: remove production logs in components 2026-01-07 09:31:02 +00:00			`</div>`
incus deployement fully implemented, Makefile updated and make fmt ran 2026-01-13 18:47:57 +00:00			`<Button`
			`variant="ghost"`
style(settings,auth): elevate Security and Auth to SaaS Premium Co-authored-by: Cursor <cursoragent@cursor.com> 2026-02-07 15:02:52 +00:00			`className="text-destructive hover:bg-destructive/10 border-destructive/30"`
incus deployement fully implemented, Makefile updated and make fmt ran 2026-01-13 18:47:57 +00:00			`onClick={handleRevokeAll}`
			`>`
chore: remove production logs in components 2026-01-07 09:31:02 +00:00			`Log Out All Other Devices`
			`</Button>`
			`</div>`

			`<div className="space-y-4">`
incus deployement fully implemented, Makefile updated and make fmt ran 2026-01-13 18:47:57 +00:00			`{sessions.map((session) => {`
			`// Simple heuristics for icon since backend might not provide device type explicitly yet`
			`const isMobile = session.user_agent.toLowerCase().includes('mobile');`
			`return (`
			`<div`
			`key={session.id}`
fix: stabilize builds, tests, and lint across all stacks Complete stabilization pass bringing all 3 stacks to green: Frontend (apps/web/): - Fix TypeScript nullability in useSeason.ts, useTimeOfDay.ts hooks - Disable no-undef in ESLint config (TypeScript handles it; JSX misidentified) - Rename 306 story imports from @storybook/react to @storybook/react-vite - Fix conditional hook call in useMediaQuery.ts useIsTablet - Move useQuery to top of LoginPage.tsx component - Remove useless try/catch in GearFormModal.tsx - Fix stale closure in ResetPasswordPage.tsx handleChange - Make Storybook decorators (withRouter, withQueryClient, withToast, withAudio) no-ops since global StorybookDecorator already provides these — prevents nested Router / duplicate provider crashes in vitest-browser - Fix nested MemoryRouter in 3 page stories (TrackDetail, PlaylistDetail, UserProfile) - Update i18n initialization in test setup (await init before changeLanguage) - Update ~30 test assertions from English to French to match i18n translations - Update test assertions to match SUMI V3 design changes (shadow vs border) - Fix remaining story type errors (PlayerError, PlaylistBatchActions, TrackFilters, VirtualizedChatMessages) Backend (veza-backend-api/): - Fix response_test.go RespondWithAppError signature (2 args, not 3) - Fix TestErrorContractAuthEndpoints expected error codes (ErrCodeUnauthorized vs ErrCodeInvalidCredentials) - Fix TestTrackHandler_GetTrackLikes_Success missing auth middleware setup - Fix TestPlaybackAnalyticsService_GetTrackStats k-anonymity threshold (needs 5 unique users, not 1) - Replace NOW() PostgreSQL function with time.Now() parameter in marketplace service for SQLite test compatibility - Add missing AutoMigrate entries in marketplace_test.go (ProductImage, ProductPreview, ProductLicense, ProductReview) Results: - Frontend TypeCheck: 617 errors -> 0 errors - Frontend ESLint: 349 errors -> 0 errors - Frontend Vitest: 196 failing tests -> 1 skipped (3396/3397 passing) - Backend go vet: 1 error -> 0 errors - Backend tests: 5 failing -> all 13 packages passing - Rust: 150/150 tests passing (unchanged) - Storybook audit: 0 errors across 1244 stories Triage report: docs/TRIAGE_REPORT.md Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-05 14:48:07 +00:00			`className="flex flex-col md:flex-row md:items-center justify-between p-4 bg-card rounded-xl shadow-[0_0_8px_rgba(26,26,30,0.05)] transition-colors"`
incus deployement fully implemented, Makefile updated and make fmt ran 2026-01-13 18:47:57 +00:00			`>`
			`<div className="flex items-start gap-4">`
			`<div`
style(settings,auth): elevate Security and Auth to SaaS Premium Co-authored-by: Cursor <cursoragent@cursor.com> 2026-02-07 15:02:52 +00:00			className={`p-4 rounded-full ${session.is_current ? 'bg-primary/10 text-primary' : 'bg-muted text-muted-foreground'}`}
incus deployement fully implemented, Makefile updated and make fmt ran 2026-01-13 18:47:57 +00:00			`>`
			`{isMobile ? (`
			`<Smartphone className="w-6 h-6" />`
			`) : (`
			`<Monitor className="w-6 h-6" />`
			`)}`
			`</div>`
			`<div>`
			`<div className="flex items-center gap-2">`
feat(ui): semantic tokens in settings views + XPBar Gamification: - XPBar: track bg-kodo-void → bg-muted (gold gradient and pattern kept) Settings: - CloudIntegrationView, BackupsView: toggle thumb bg-white → bg-background - AccessibilitySettingsView: hover:bg-white/5 → hover:bg-muted/50 - AppearanceSettingsView: density option hover + kodo-magenta → primary - IntegrationsView: icon container bg-white → bg-muted/50 - DeleteAccount*: labels/titles text-white → text-foreground, destructive btn → text-destructive-foreground, disabled → bg-muted - ChangeEmailModal, DataExportModal: titles, labels, text → text-foreground; DataExport input bg-kodo-void → bg-muted - SessionManagement, LoginHistory, SecuritySettings: headings text-white → text-foreground, row hover → hover:bg-muted/50 - TwoFactorSetupStep2: QR container bg-white → bg-card - LoginHistory: table cell text-white → text-foreground Co-authored-by: Cursor <cursoragent@cursor.com> 2026-02-10 08:43:22 +00:00			`<h4 className="font-bold text-foreground text-sm">`
incus deployement fully implemented, Makefile updated and make fmt ran 2026-01-13 18:47:57 +00:00			`{session.ip_address}`
			`</h4>`
			`{session.is_current && (`
ui(tokens): migrate bg/border-kodo-red → destructive, bg/border-kodo-lime → success (25 files) Complete semantic color token migration for background and border variants: - bg-kodo-red → bg-destructive - border-kodo-red → border-destructive - bg-kodo-lime → bg-success - border-kodo-lime → border-success Covers UI primitives (badge, alert), forms, settings, social, playlists, admin, education, and marketplace components. Co-authored-by: Cursor <cursoragent@cursor.com> 2026-02-08 23:17:14 +00:00			`<span className="bg-success/10 text-success text-xs px-2 py-0.5 rounded border border-success/30 font-bold">`
incus deployement fully implemented, Makefile updated and make fmt ran 2026-01-13 18:47:57 +00:00			`CURRENT DEVICE`
			`</span>`
			`)}`
chore: remove production logs in components 2026-01-07 09:31:02 +00:00			`</div>`
style(settings,auth): elevate Security and Auth to SaaS Premium Co-authored-by: Cursor <cursoragent@cursor.com> 2026-02-07 15:02:52 +00:00			`<p className="text-xs text-muted-foreground mt-1 truncate max-w-xs">`
incus deployement fully implemented, Makefile updated and make fmt ran 2026-01-13 18:47:57 +00:00			`{session.user_agent}`
			`</p>`
style(settings,auth): elevate Security and Auth to SaaS Premium Co-authored-by: Cursor <cursoragent@cursor.com> 2026-02-07 15:02:52 +00:00			`<div className="flex items-center gap-4 mt-2 text-xs text-muted-foreground">`
incus deployement fully implemented, Makefile updated and make fmt ran 2026-01-13 18:47:57 +00:00			`<span className="flex items-center gap-1">`
			`<Clock className="w-3 h-3" /> Active:{' '}`
			`{new Date(session.last_activity).toLocaleString()}`
			`</span>`
chore: remove production logs in components 2026-01-07 09:31:02 +00:00			`</div>`
			`</div>`
			`</div>`
incus deployement fully implemented, Makefile updated and make fmt ran 2026-01-13 18:47:57 +00:00
			`{!session.is_current && (`
			`<Button`
			`variant="ghost"`
			`size="sm"`
fix: stabilize builds, tests, and lint across all stacks Complete stabilization pass bringing all 3 stacks to green: Frontend (apps/web/): - Fix TypeScript nullability in useSeason.ts, useTimeOfDay.ts hooks - Disable no-undef in ESLint config (TypeScript handles it; JSX misidentified) - Rename 306 story imports from @storybook/react to @storybook/react-vite - Fix conditional hook call in useMediaQuery.ts useIsTablet - Move useQuery to top of LoginPage.tsx component - Remove useless try/catch in GearFormModal.tsx - Fix stale closure in ResetPasswordPage.tsx handleChange - Make Storybook decorators (withRouter, withQueryClient, withToast, withAudio) no-ops since global StorybookDecorator already provides these — prevents nested Router / duplicate provider crashes in vitest-browser - Fix nested MemoryRouter in 3 page stories (TrackDetail, PlaylistDetail, UserProfile) - Update i18n initialization in test setup (await init before changeLanguage) - Update ~30 test assertions from English to French to match i18n translations - Update test assertions to match SUMI V3 design changes (shadow vs border) - Fix remaining story type errors (PlayerError, PlaylistBatchActions, TrackFilters, VirtualizedChatMessages) Backend (veza-backend-api/): - Fix response_test.go RespondWithAppError signature (2 args, not 3) - Fix TestErrorContractAuthEndpoints expected error codes (ErrCodeUnauthorized vs ErrCodeInvalidCredentials) - Fix TestTrackHandler_GetTrackLikes_Success missing auth middleware setup - Fix TestPlaybackAnalyticsService_GetTrackStats k-anonymity threshold (needs 5 unique users, not 1) - Replace NOW() PostgreSQL function with time.Now() parameter in marketplace service for SQLite test compatibility - Add missing AutoMigrate entries in marketplace_test.go (ProductImage, ProductPreview, ProductLicense, ProductReview) Results: - Frontend TypeCheck: 617 errors -> 0 errors - Frontend ESLint: 349 errors -> 0 errors - Frontend Vitest: 196 failing tests -> 1 skipped (3396/3397 passing) - Backend go vet: 1 error -> 0 errors - Backend tests: 5 failing -> all 13 packages passing - Rust: 150/150 tests passing (unchanged) - Storybook audit: 0 errors across 1244 stories Triage report: docs/TRIAGE_REPORT.md Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-05 14:48:07 +00:00			`className="mt-4 md:mt-0 text-muted-foreground hover:text-foreground shadow-[0_0_8px_rgba(26,26,30,0.05)] hover:bg-muted"`
incus deployement fully implemented, Makefile updated and make fmt ran 2026-01-13 18:47:57 +00:00			`onClick={() => handleRevoke(session.id)}`
			`>`
			`Revoke Access`
			`</Button>`
			`)}`
			`</div>`
			`);`
chore: remove production logs in components 2026-01-07 09:31:02 +00:00			`})}`
incus deployement fully implemented, Makefile updated and make fmt ran 2026-01-13 18:47:57 +00:00			`{sessions.length === 0 && (`
ui(components): migrate inline empty states to EmptyState component Replace bare text "No X found" messages with the shared EmptyState component (icon + title + description + optional action). This gives empty moments a designed, intentional feel instead of a raw fallback. - EmptyState: use design system tokens (text-foreground, text-muted-foreground) - MarketplaceHome: EmptyState with ShoppingBag icon - MarketplaceViewGrid: EmptyState with clear filters action - ProfileViewTracksTab: EmptyState with Music icon - ProfileViewPlaylistsTab: EmptyState with ListMusic icon - PurchasesViewList: EmptyState with ShoppingCart icon - SessionManagement: centered empty text with padding Co-authored-by: Cursor <cursoragent@cursor.com> 2026-02-08 22:15:53 +00:00			`<p className="text-center text-muted-foreground text-sm py-8">No active sessions found.</p>`
incus deployement fully implemented, Makefile updated and make fmt ran 2026-01-13 18:47:57 +00:00			`)}`
chore: remove production logs in components 2026-01-07 09:31:02 +00:00			`</div>`
			`</Card>`
			`);`
			`};`