pinakes-server: TLS support; session persistence and security polish

Signed-off-by: NotAShelf <raf@notashelf.dev>
Change-Id: If2c9c3e3af62bbf9f33a97be89ac40bc6a6a6964

crates/pinakes-server/src/state.rs

@@ -1,11 +1,10 @@
-use std::collections::HashMap;
 use std::path::PathBuf;
 use std::sync::Arc;
 
 use tokio::sync::RwLock;
 
 use pinakes_core::cache::CacheLayer;
-use pinakes_core::config::{Config, UserRole};
+use pinakes_core::config::Config;
 use pinakes_core::jobs::JobQueue;
 use pinakes_core::plugin::PluginManager;
 use pinakes_core::scan::ScanProgress;
@@ -13,31 +12,8 @@ use pinakes_core::scheduler::TaskScheduler;
 use pinakes_core::storage::DynStorageBackend;
 use pinakes_core::transcode::TranscodeService;
 
-/// Default session TTL: 24 hours.
-pub const SESSION_TTL_SECS: i64 = 24 * 60 * 60;
-
-#[derive(Debug, Clone)]
-pub struct SessionInfo {
-    pub username: String,
-    pub role: UserRole,
-    pub created_at: chrono::DateTime<chrono::Utc>,
-}
-
-impl SessionInfo {
-    /// Returns true if this session has exceeded its TTL.
-    pub fn is_expired(&self) -> bool {
-        let age = chrono::Utc::now() - self.created_at;
-        age.num_seconds() > SESSION_TTL_SECS
-    }
-}
-
-pub type SessionStore = Arc<RwLock<HashMap<String, SessionInfo>>>;
-
-/// Remove all expired sessions from the store.
-pub async fn cleanup_expired_sessions(sessions: &SessionStore) {
-    let mut store = sessions.write().await;
-    store.retain(|_, info| !info.is_expired());
-}
+// Note: Sessions are now stored in the database via StorageBackend
+// See storage::SessionData and related methods
 
 #[derive(Clone)]
 pub struct AppState {
@@ -45,7 +21,6 @@ pub struct AppState {
     pub config: Arc<RwLock<Config>>,
     pub config_path: Option<PathBuf>,
     pub scan_progress: ScanProgress,
-    pub sessions: SessionStore,
     pub job_queue: Arc<JobQueue>,
     pub cache: Arc<CacheLayer>,
     pub scheduler: Arc<TaskScheduler>,