fix: remove logout as session tokens are HttpOnly

Author: hrideshmg

docs/auth.md

@@ -140,18 +140,6 @@ curl -X POST http://localhost:5000/ \
   }'
 ```
 
-### Logout
-
-```graphql
-mutation {
-  logout(sessionToken: "your_session_token_here")
-}
-```
-
-This invalidates the specified session for the current user.
-
-**Returns:** `true` if successful, `false` if not authenticated
-
 ## Bot Management
 ### Creating Bots (Admin Only)
 
@@ -180,16 +168,6 @@ mutation {
 
 Bots use API keys instead of session tokens. Include the API key in the `Authorization` header in the same format as before.
 
-### Deleting Bots (Admin Only)
-
-```graphql
-mutation {
-  deleteBot(apiKeyId: 1)
-}
-```
-
-**Returns:** `true` if successful
-
 
 ## Permission Checking in Code
 
@@ -246,17 +224,6 @@ The GitHub account is not part of the specified organization. Either:
 
 ### GraphQL Mutations
 
-#### `logout(sessionToken: String!): Boolean!`
-
-Invalidate the specified session for current user.
-
-**Input:**
-- `sessionToken`: The session token to invalidate
-
-**Returns:** `true` if successful, `false` if not authenticated
-
----
-
 #### `createBot(name: String!): String!` 🔒 Admin only
 
 Create a new bot with API key.
@@ -266,17 +233,6 @@ Create a new bot with API key.
 
 **Returns:** The API key string (only shown once!)
 
----
-
-#### `deleteBot(apiKeyId: Int!): Boolean!` 🔒 Admin only
-
-Delete a bot and revoke its API key.
-
-**Input:**
-- `apiKeyId`: ID of the API key to delete
-
-**Returns:** `true` if successful
-
 ## Example
 
 ### Complete Member Authentication Flow

src/auth/session.rs

@@ -73,23 +73,6 @@ impl SessionService {
         Ok(result)
     }
 
-    pub async fn delete_session_by_token(pool: &PgPool, token: &str) -> Result<(), String> {
-        let token_hash = Self::hash_token(token);
-
-        sqlx::query(
-            r#"
-            DELETE FROM Sessions
-            WHERE token_hash = $1
-            "#,
-        )
-        .bind(token_hash)
-        .execute(pool)
-        .await
-        .map_err(|e| format!("Failed to delete session: {}", e))?;
-
-        Ok(())
-    }
-
     pub async fn cleanup_expired_sessions(pool: &PgPool) -> Result<u64, String> {
         let now = chrono::Utc::now().with_timezone(&Kolkata);
 

src/graphql/mutations/auth_mutations.rs

@@ -1,6 +1,5 @@
 use crate::auth::api_key::ApiKeyService;
 use crate::auth::guards::AdminGuard;
-use crate::auth::session::SessionService;
 use crate::auth::AuthContext;
 use crate::models::auth::ApiKeyResponse;
 use async_graphql::{Context, Object, Result};
@@ -12,24 +11,6 @@ pub struct AuthMutations;
 
 #[Object]
 impl AuthMutations {
-    /// Logout - invalidate session
-    #[graphql(name = "logout")]
-    async fn logout(&self, ctx: &Context<'_>, session_token: String) -> Result<bool> {
-        let pool = ctx.data::<Arc<PgPool>>().expect("Pool must be in context.");
-        let auth = ctx
-            .data::<AuthContext>()
-            .expect("AuthContext must be in context.");
-
-        if auth.is_authenticated() {
-            SessionService::delete_session_by_token(pool.as_ref(), &session_token)
-                .await
-                .map_err(|e| format!("Failed to logout: {}", e))?;
-            Ok(true)
-        } else {
-            Ok(false)
-        }
-    }
-
     /// Create a new bot with API key (Admin only)
     #[graphql(name = "createBot", guard = "AdminGuard")]
     async fn create_bot(&self, ctx: &Context<'_>, name: String) -> Result<ApiKeyResponse> {
@@ -50,16 +31,4 @@ impl AuthMutations {
 
         Ok(ApiKeyResponse { api_key })
     }
-
-    /// Delete a bot (Admin only)
-    #[graphql(name = "deleteBot", guard = "AdminGuard")]
-    async fn delete_bot(&self, ctx: &Context<'_>, api_key_id: i32) -> Result<bool> {
-        let pool = ctx.data::<Arc<PgPool>>().expect("Pool must be in context.");
-
-        ApiKeyService::delete_api_key(pool.as_ref(), api_key_id)
-            .await
-            .map_err(|e| format!("Failed to delete bot: {}", e))?;
-
-        Ok(true)
-    }
 }

src/graphql/queries/member_queries.rs

@@ -1,6 +1,6 @@
 use crate::auth::guards::AuthGuard;
 use crate::auth::AuthContext;
-use crate::models::{attendance::AttendanceRecord, status_update::StatusUpdateRecord};
+use crate::models::{attendance::Aggregate, attendance::AttendanceRecord, status_update::StatusUpdateRecord,};
 use async_graphql::{ComplexObject, Context, Object, Result};
 use chrono::NaiveDate;
 use sqlx::PgPool;
@@ -19,9 +19,14 @@ pub struct AttendanceInfo {
     member_id: i32,
 }
 
+pub struct Lab;
+
 #[Object]
 impl MemberQueries {
-    #[graphql(guard = "AuthGuard")]
+
+    async fn lab(&self, _ctx: &Context<'_>) -> Lab {
+        Lab
+    }
     pub async fn all_members(
         &self,
         ctx: &Context<'_>,
@@ -378,3 +383,62 @@ impl Member {
         }
     }
 }
+
+#[Object]
+
+impl Lab {
+    pub async fn attendance(
+        &self,
+        ctx: &Context<'_>,
+        start_date: NaiveDate,
+        end_date: NaiveDate,
+    ) -> Result<Vec<Aggregate>> {
+        let pool = ctx.data::<Arc<PgPool>>().expect("Pool must be in context.");
+
+        // will give the total count
+        let mut query = sqlx::QueryBuilder::new(
+            r#"
+        SELECT 
+            all_dates.date,  
+            p.present_count
+        FROM (
+            SELECT 
+                date, 
+                COUNT(*) AS total_count
+            FROM attendance
+            WHERE date BETWEEN "#,
+        );
+
+        query.push_bind(start_date);
+        query.push(" AND ");
+        query.push_bind(end_date);
+        query.push(" GROUP BY date ) AS all_dates ");
+
+        // sub query of present members joined with the above total countS
+        query.push(
+            "LEFT JOIN (
+                SELECT 
+                    date, 
+                    COUNT(*) AS present_count
+                FROM attendance
+                WHERE is_present = 't'
+                AND date BETWEEN ",
+        );
+        query.push_bind(start_date);
+        query.push(" AND ");
+        query.push_bind(end_date);
+        query.push(
+            " GROUP BY date
+            ) AS p
+            ON all_dates.date = p.date
+            ORDER BY all_dates.date;",
+        );
+
+        let results: Vec<Aggregate> = query
+            .build_query_as::<Aggregate>()
+            .fetch_all(pool.as_ref())
+            .await?;
+
+        Ok(results)
+    }
+}

src/main.rs

@@ -159,7 +159,7 @@ fn setup_cors() -> CorsLayer {
     ];
 
     CorsLayer::new()
-        // TODO 2: https://github.com/amfoss/root/issues/151, enabling all origins for the time being
+        // TODO 2: https://github.com/amfoss/root/issues/151
         .allow_credentials(true)
         .allow_origin(origins)
         .allow_methods([Method::GET, Method::POST, Method::OPTIONS])

src/models/attendance.rs

@@ -21,3 +21,9 @@ pub struct MarkAttendanceInput {
     pub date: NaiveDate,
     pub hmac_signature: String,
 }
+
+#[derive(FromRow, SimpleObject)]
+pub struct Aggregate {
+    pub date: NaiveDate,
+    pub present_count: Option<i64>,
+}