MBO-Tech-IT-Webseite/lib/token-blacklist.ts

import { createServiceClient } from "./supabase";

export async function revokeSessionToken(
  tokenSignature: string,
  adminId: string,
  reason: "logout" | "password_changed" | "suspicious_activity" = "logout",
  notes?: string
): Promise<boolean> {
  try {
    const db = createServiceClient();
    const { error } = await db.from("admin_session_blacklist").insert({
      admin_id: adminId,
      token_signature: tokenSignature,
      reason,
      notes,
    });
    if (error) {
      console.error("Failed to revoke session token:", error);
      return false;
    }
    return true;
  } catch (error) {
    console.error("Error revoking session token:", error);
    return false;
  }
}

export async function isSessionTokenRevoked(tokenSignature: string): Promise<boolean> {
  try {
    const db = createServiceClient();
    const { data, error } = await db
      .from("admin_session_blacklist")
      .select("id")
      .eq("token_signature", tokenSignature)
      .single();

    if (error && error.code !== "PGRST116") {
      console.error("Error checking token revocation:", error);
      return false;
    }
    return data?.id != null;
  } catch {
    return false;
  }
}

export async function markActionTokenUsed(
  tokenSignature: string,
  anfrageId: string,
  actionType: string,
  ipAddr?: string
): Promise<boolean> {
  try {
    const db = createServiceClient();
    const { error } = await db.from("action_token_blacklist").insert({
      token_signature: tokenSignature,
      anfrage_id: anfrageId,
      action_type: actionType,
      used_by_ip: ipAddr,
    });
    if (error) {
      console.error("Failed to mark action token as used:", error);
      return false;
    }
    return true;
  } catch {
    return false;
  }
}

export async function isActionTokenUsed(tokenSignature: string): Promise<boolean> {
  try {
    const db = createServiceClient();
    const { data, error } = await db
      .from("action_token_blacklist")
      .select("id")
      .eq("token_signature", tokenSignature)
      .single();

    if (error && error.code !== "PGRST116") {
      console.error("Error checking action token usage:", error);
      return false;
    }
    return data?.id != null;
  } catch {
    return false;
  }
}