import { http } from "./client"; import type { RemoveSessionResponse, Session, ViewerTokenResponse, } from "./types"; /** * GET /api/sessions — all live sessions known to the relay's in-memory session * manager (active + offline-persistent). Requires an authenticated dashboard * JWT; any authenticated user may list. */ export function listSessions(signal?: AbortSignal): Promise { return http.get("/api/sessions", signal); } /** * POST /api/sessions/:id/viewer-token — mint a short-lived, session-scoped * viewer token. The server decides the access mode from the caller's * permissions: admin or `control` permission gets a `control` token, otherwise * a `view_only` token. A caller with neither `control` nor `view` gets 403. * The access mode is stamped into the signed token; this response only echoes * it. (See server/src/api/sessions.rs::mint_viewer_token.) */ export function mintViewerToken( sessionId: string, ): Promise { return http.post( `/api/sessions/${encodeURIComponent(sessionId)}/viewer-token`, ); } /** * DELETE /api/sessions/:id — disconnect/end a live session (admin only). The * relay sends a Disconnect to the agent. Returns 200 on success, 404 if the * session is not live in memory. This is the live-only path (no `purge`); it * does not soft-delete any persisted row. */ export function endSession(sessionId: string): Promise { return http.del(`/api/sessions/${encodeURIComponent(sessionId)}`); } /** * DELETE /api/sessions/:id?purge=true — operator removal of a session (admin * only). Soft-deletes the persisted `connect_sessions` row and drops any live * in-memory session, clearing a ghost/stale session from the console. 404 only * when neither a live nor a persisted session exists. */ export function purgeSession( sessionId: string, ): Promise { return http.del( `/api/sessions/${encodeURIComponent(sessionId)}?purge=true`, ); }