auth: force disconnect realtime on revoke-all sessions

2026-03-08 19:04:23 +03:00
parent 7e38123d4a
commit 1c9855b34c
5 changed files with 72 additions and 19 deletions
--- a/app/auth/router.py
+++ b/app/auth/router.py
@@ -42,6 +42,7 @@ from app.auth.service import (
 )
 from app.database.session import get_db
 from app.email.service import EmailService
+from app.realtime.service import realtime_gateway
 from app.config.settings import settings
 from app.utils.rate_limit import enforce_ip_rate_limit
 from app.users.models import User
@@ -193,6 +194,7 @@ async def revoke_all_sessions(
    current_user: User = Depends(get_current_user),
 ) -> None:
    await revoke_all_user_sessions(db, user_id=current_user.id)
+    await realtime_gateway.disconnect_user(current_user.id)


@router.post("/2fa/setup", response_model=TwoFactorSetupRead)