✨ Optimized risk detection

🐛 Fix bugs

DysonNetwork.Sphere/Account/AccountCurrentController.cs

@@ -428,7 +428,8 @@ public class AccountCurrentController(
         [FromQuery] int offset = 0
     )
     {
-        if (HttpContext.Items["CurrentUser"] is not Account currentUser) return Unauthorized();
+        if (HttpContext.Items["CurrentUser"] is not Account currentUser ||
+            HttpContext.Items["CurrentSession"] is not Session currentSession) return Unauthorized();
 
         var query = db.AuthSessions
             .Include(session => session.Account)
@@ -438,8 +439,10 @@ public class AccountCurrentController(
 
         var total = await query.CountAsync();
         Response.Headers.Append("X-Total", total.ToString());
+        Response.Headers.Append("X-Auth-Session", currentSession.Id.ToString());
 
         var sessions = await query
+            .OrderByDescending(x => x.LastGrantedAt)
             .Skip(offset)
             .Take(take)
             .ToListAsync();
@@ -481,4 +484,37 @@ public class AccountCurrentController(
             return BadRequest(ex.Message);
         }
     }
+
+    [HttpPatch("sessions/{id:guid}/label")]
+    public async Task<ActionResult<Session>> UpdateSessionLabel(Guid id, [FromBody] string label)
+    {
+        if (HttpContext.Items["CurrentUser"] is not Account currentUser) return Unauthorized();
+
+        try
+        {
+            await accounts.UpdateSessionLabel(currentUser, id, label);
+            return NoContent();
+        }
+        catch (Exception ex)
+        {
+            return BadRequest(ex.Message);
+        }
+    }
+
+    [HttpPatch("sessions/current/label")]
+    public async Task<ActionResult<Session>> UpdateCurrentSessionLabel([FromBody] string label)
+    {
+        if (HttpContext.Items["CurrentUser"] is not Account currentUser ||
+            HttpContext.Items["CurrentSession"] is not Session currentSession) return Unauthorized();
+
+        try
+        {
+            await accounts.UpdateSessionLabel(currentUser, currentSession.Id, label);
+            return NoContent();
+        }
+        catch (Exception ex)
+        {
+            return BadRequest(ex.Message);
+        }
+    }
 }

DysonNetwork.Sphere/Account/AccountService.cs

@@ -293,7 +293,9 @@ public class AccountService(
             case AccountAuthFactorType.EmailCode:
             case AccountAuthFactorType.InAppCode:
                 var correctCode = await _GetFactorCode(factor);
-                return correctCode is not null && string.Equals(correctCode, code, StringComparison.OrdinalIgnoreCase);
+                var isCorrect = correctCode is not null && string.Equals(correctCode, code, StringComparison.OrdinalIgnoreCase);
+                await cache.RemoveAsync($"{AuthFactorCachePrefix}{factor.Id}:code");
+                return isCorrect;
             case AccountAuthFactorType.Password:
             case AccountAuthFactorType.TimedCode:
             default:
@@ -318,6 +320,22 @@ public class AccountService(
             $"{AuthFactorCachePrefix}{factor.Id}:code"
         );
     }
+    
+    public async Task<Session> UpdateSessionLabel(Account account, Guid sessionId, string label)
+    {
+         var session = await db.AuthSessions
+             .Include(s => s.Challenge)
+             .Where(s => s.Id == sessionId && s.AccountId == account.Id)
+             .FirstOrDefaultAsync();
+         if (session is null) throw new InvalidOperationException("Session was not found.");
+       
+         session.Label = label;
+         await db.SaveChangesAsync();
+
+         await cache.RemoveAsync($"{DysonTokenAuthHandler.AuthCachePrefix}{session.Id}");
+
+         return session;
+    }
 
     public async Task DeleteSession(Account account, Guid sessionId)
     {