pinakes-server: TLS support; session persistence and security polish

Signed-off-by: NotAShelf <raf@notashelf.dev>
Change-Id: If2c9c3e3af62bbf9f33a97be89ac40bc6a6a6964

crates/pinakes-core/src/storage/mod.rs

@@ -31,6 +31,18 @@ pub struct DatabaseStats {
     pub backend_name: String,
 }
 
+/// Session data for database-backed session storage.
+#[derive(Debug, Clone)]
+pub struct SessionData {
+    pub session_token: String,
+    pub user_id: Option<String>,
+    pub username: String,
+    pub role: String,
+    pub created_at: DateTime<Utc>,
+    pub expires_at: DateTime<Utc>,
+    pub last_accessed: DateTime<Utc>,
+}
+
 #[async_trait::async_trait]
 pub trait StorageBackend: Send + Sync + 'static {
     // Migrations
@@ -412,6 +424,28 @@ pub trait StorageBackend: Send + Sync + 'static {
         progress: f32,
     ) -> Result<()>;
     async fn cleanup_expired_transcodes(&self, before: DateTime<Utc>) -> Result<u64>;
+
+    // ===== Session Management =====
+    /// Create a new session in the database
+    async fn create_session(&self, session: &SessionData) -> Result<()>;
+
+    /// Get a session by its token, returns None if not found or expired
+    async fn get_session(&self, session_token: &str) -> Result<Option<SessionData>>;
+
+    /// Update the last_accessed timestamp for a session
+    async fn touch_session(&self, session_token: &str) -> Result<()>;
+
+    /// Delete a specific session
+    async fn delete_session(&self, session_token: &str) -> Result<()>;
+
+    /// Delete all sessions for a specific user
+    async fn delete_user_sessions(&self, username: &str) -> Result<u64>;
+
+    /// Delete all expired sessions (where expires_at < now)
+    async fn delete_expired_sessions(&self) -> Result<u64>;
+
+    /// List all active sessions (optionally filtered by username)
+    async fn list_active_sessions(&self, username: Option<&str>) -> Result<Vec<SessionData>>;
 }
 
 /// Comprehensive library statistics.