refactor: consolidate user and superadmin sessions into unified model

gatehouse_app/models/user/session.py

@@ -3,15 +3,24 @@ from datetime import datetime, timedelta, timezone
 from flask import current_app
 from gatehouse_app.extensions import db
 from gatehouse_app.models.base import BaseModel
-from gatehouse_app.utils.constants import SessionStatus
+from gatehouse_app.utils.constants import SessionStatus, SessionType
 
 
 class Session(BaseModel):
-    """Session model for tracking user sessions."""
+    """Session model for tracking user and superadmin sessions."""
 
     __tablename__ = "sessions"
 
-    user_id = db.Column(db.String(36), db.ForeignKey("users.id"), nullable=False, index=True)
+    # Owner discriminator — determines which table the owner_id references
+    owner_type = db.Column(
+        db.String(20), nullable=False, default=SessionType.USER, index=True
+    )
+    owner_id = db.Column(db.String(36), nullable=False, index=True)
+
+    # Legacy column kept for backward compatibility during migration;
+    # new code should use owner_id / owner_type.
+    user_id = db.Column(db.String(36), db.ForeignKey("users.id"), nullable=True, index=True)
+
     token = db.Column(db.String(255), unique=True, nullable=False, index=True)
     status = db.Column(db.Enum(SessionStatus), default=SessionStatus.ACTIVE, nullable=False)
 
@@ -34,21 +43,37 @@ class Session(BaseModel):
     # Relationships
     user = db.relationship("User", back_populates="sessions")
 
+    # Composite index for owner-scoped queries
+    __table_args__ = (
+        db.Index("ix_sessions_owner_type_owner_id", "owner_type", "owner_id"),
+    )
+
+    # ---- Convenience properties ------------------------------------------------
+
+    @property
+    def is_user(self):
+        return self.owner_type == SessionType.USER
+
+    @property
+    def is_superadmin(self):
+        return self.owner_type == SessionType.SUPERADMIN
+
+    # ---- Core methods ----------------------------------------------------------
+
     def __repr__(self):
-        """String representation of Session."""
-        return f"<Session user_id={self.user_id} status={self.status}>"
+        return f"<Session owner_type={self.owner_type} owner_id={self.owner_id} status={self.status}>"
 
     def is_active(self):
         """Check if session is currently active.
 
-        Sessions are evaluated against two independent timeouts:
+        User sessions are evaluated against two independent timeouts:
         - Idle timeout: expires if no request has been made within
           SESSION_IDLE_TIMEOUT seconds (default 15 min).
         - Absolute timeout: expires if SESSION_ABSOLUTE_TIMEOUT seconds
-          have elapsed since the session was created (default 8 h),
-          regardless of activity.
+          have elapsed since the session was created (default 8 h).
 
-        A session must satisfy *both* constraints to remain active.
+        Superadmin sessions use absolute timeout only (no idle timeout).
+        A session must satisfy *all* applicable constraints to remain active.
         """
         now = datetime.now(timezone.utc)
         created_at = self.created_at
@@ -59,12 +84,21 @@ class Session(BaseModel):
         if last_activity_at.tzinfo is None:
             last_activity_at = last_activity_at.replace(tzinfo=timezone.utc)
 
-        idle_timeout = current_app.config.get("SESSION_IDLE_TIMEOUT", 900)
         absolute_timeout = current_app.config.get("SESSION_ABSOLUTE_TIMEOUT", 28800)
-
-        idle_expires_at = last_activity_at + timedelta(seconds=idle_timeout)
         absolute_expires_at = created_at + timedelta(seconds=absolute_timeout)
 
+        if self.is_superadmin:
+            # Superadmin: absolute timeout only
+            return (
+                self.status == SessionStatus.ACTIVE
+                and now < absolute_expires_at
+                and self.deleted_at is None
+            )
+
+        # User: idle + absolute timeout
+        idle_timeout = current_app.config.get("SESSION_IDLE_TIMEOUT", 900)
+        idle_expires_at = last_activity_at + timedelta(seconds=idle_timeout)
+
         return (
             self.status == SessionStatus.ACTIVE
             and now < idle_expires_at
@@ -83,6 +117,8 @@ class Session(BaseModel):
         capped so that the session never exceeds the absolute lifetime
         (``created_at + absolute timeout``).
 
+        Superadmin sessions only update last_activity_at (no sliding window).
+
         Args:
             duration_seconds: Override for the idle timeout.  When *None*
                 (the common case), the value is read from
@@ -90,6 +126,12 @@ class Session(BaseModel):
         """
         now = datetime.now(timezone.utc)
 
+        if self.is_superadmin:
+            # Superadmin: just bump last_activity_at, no sliding window
+            self.last_activity_at = now
+            db.session.commit()
+            return
+
         if duration_seconds is None:
             duration_seconds = current_app.config.get("SESSION_IDLE_TIMEOUT", 900)