version 0.0.24

backend/src/routes/auth.js

@@ -2,7 +2,7 @@ const express = require('express');
 const bcrypt = require('bcryptjs');
 const router = express.Router();
 const { getDb, getOrCreateSupportGroup } = require('../models/db');
-const { generateToken, authMiddleware } = require('../middleware/auth');
+const { generateToken, authMiddleware, setActiveSession, clearActiveSession } = require('../middleware/auth');
 
 // Login
 router.post('/login', (req, res) => {
@@ -25,6 +25,8 @@ router.post('/login', (req, res) => {
   if (!valid) return res.status(401).json({ error: 'Invalid credentials' });
 
   const token = generateToken(user.id);
+  const ua = req.headers['user-agent'] || '';
+  const device = setActiveSession(user.id, token, ua); // displaces prior session on same device class
 
   const { password: _, ...userSafe } = user;
   res.json({ 
@@ -58,8 +60,9 @@ router.get('/me', authMiddleware, (req, res) => {
   res.json({ user });
 });
 
-// Logout (client-side token removal, but we can track it)
+// Logout — clear active session for this device class only
 router.post('/logout', authMiddleware, (req, res) => {
+  clearActiveSession(req.user.id, req.device);
   res.json({ success: true });
 });
 

backend/src/routes/groups.js

@@ -116,6 +116,23 @@ router.post('/:id/members', authMiddleware, (req, res) => {
   res.json({ success: true });
 });
 
+// Remove a member from a private group (owner or admin only)
+router.delete('/:id/members/:userId', authMiddleware, (req, res) => {
+  const db = getDb();
+  const group = db.prepare('SELECT * FROM groups WHERE id = ?').get(req.params.id);
+  if (!group) return res.status(404).json({ error: 'Group not found' });
+  if (group.type !== 'private') return res.status(400).json({ error: 'Cannot remove members from public groups' });
+  if (group.owner_id !== req.user.id && req.user.role !== 'admin') {
+    return res.status(403).json({ error: 'Only owner or admin can remove members' });
+  }
+  const targetId = parseInt(req.params.userId);
+  if (targetId === group.owner_id) {
+    return res.status(400).json({ error: 'Cannot remove the group owner' });
+  }
+  db.prepare('DELETE FROM group_members WHERE group_id = ? AND user_id = ?').run(group.id, targetId);
+  res.json({ success: true });
+});
+
 // Leave private group
 router.delete('/:id/leave', authMiddleware, (req, res) => {
   const db = getDb();

backend/src/routes/messages.js

@@ -141,7 +141,7 @@ router.delete('/:id', authMiddleware, (req, res) => {
   if (!message) return res.status(404).json({ error: 'Message not found' });
 
   const canDelete = message.user_id === req.user.id || 
-    (req.user.role === 'admin' && message.group_type === 'public') ||
+    req.user.role === 'admin' ||
     (message.group_type === 'private' && message.group_owner_id === req.user.id);
 
   if (!canDelete) return res.status(403).json({ error: 'Cannot delete this message' });

backend/src/routes/push.js

@@ -24,7 +24,7 @@ function getVapidKeys() {
 function initWebPush() {
   const keys = getVapidKeys();
   webpush.setVapidDetails(
-    'mailto:admin@teamchat.local',
+    'mailto:admin@jama.local',
     keys.publicKey,
     keys.privateKey
   );

backend/src/routes/settings.js

@@ -115,7 +115,7 @@ router.post('/icon-groupinfo', authMiddleware, adminMiddleware, uploadGroupInfo.
 // Reset all settings to defaults (admin)
 router.post('/reset', authMiddleware, adminMiddleware, (req, res) => {
   const db = getDb();
-  const originalName = process.env.APP_NAME || 'TeamChat';
+  const originalName = process.env.APP_NAME || 'jama';
   db.prepare("UPDATE settings SET value = ?, updated_at = datetime('now') WHERE key = 'app_name'").run(originalName);
   db.prepare("UPDATE settings SET value = '', updated_at = datetime('now') WHERE key = 'logo_url'").run();
   db.prepare("UPDATE settings SET value = '', updated_at = datetime('now') WHERE key IN ('icon_newchat', 'icon_groupinfo', 'pwa_icon_192', 'pwa_icon_512')").run();