Add user session management to Identity & Blazor UI

- Introduce UserSession entity and migration for session tracking
- Implement ISessionService for session CRUD, validation, and cleanup
- Add API endpoints for listing/revoking sessions (user & admin)
- Integrate session logic into token issuance/refresh flows
- Add session management permissions and register dependencies
- Update Blazor UI: new /sessions page, navigation link, and tenant settings stub
- Update OpenAPI client for new session endpoints and DTOs
- Add UAParser for device info; improve tenant provisioning startup logic

Author: iammukeshm

src/BuildingBlocks/Shared/Identity/IdentityPermissionConstants.cs

@@ -17,4 +17,12 @@ public static class Roles
         public const string Update = "Permissions.Roles.Update";
         public const string Delete = "Permissions.Roles.Delete";
     }
+
+    public static class Sessions
+    {
+        public const string View = "Permissions.Sessions.View";
+        public const string Revoke = "Permissions.Sessions.Revoke";
+        public const string ViewAll = "Permissions.Sessions.ViewAll";
+        public const string RevokeAll = "Permissions.Sessions.RevokeAll";
+    }
 }

src/Directory.Packages.props

@@ -82,6 +82,7 @@
     <PackageVersion Include="Serilog.AspNetCore" Version="10.0.0" />
     <PackageVersion Include="Serilog.Enrichers.CorrelationId" Version="3.0.1" />
     <PackageVersion Include="SonarAnalyzer.CSharp" Version="10.17.0.131074" />
+    <PackageVersion Include="UAParser" Version="3.1.47" />
     <PackageVersion Include="Microsoft.AspNetCore.OpenApi" Version="10.0.1" />
     <PackageVersion Include="Microsoft.NET.Test.Sdk" Version="18.0.1" />
     <PackageVersion Include="System.IdentityModel.Tokens.Jwt" Version="8.15.0" />

src/Modules/Identity/Modules.Identity.Contracts/DTOs/UserSessionDto.cs

@@ -0,0 +1,20 @@
+namespace FSH.Modules.Identity.Contracts.DTOs;
+
+public class UserSessionDto
+{
+    public Guid Id { get; set; }
+    public string? UserId { get; set; }
+    public string? UserName { get; set; }
+    public string? UserEmail { get; set; }
+    public string? IpAddress { get; set; }
+    public string? DeviceType { get; set; }
+    public string? Browser { get; set; }
+    public string? BrowserVersion { get; set; }
+    public string? OperatingSystem { get; set; }
+    public string? OsVersion { get; set; }
+    public DateTime CreatedAt { get; set; }
+    public DateTime LastActivityAt { get; set; }
+    public DateTime ExpiresAt { get; set; }
+    public bool IsActive { get; set; }
+    public bool IsCurrentSession { get; set; }
+}

src/Modules/Identity/Modules.Identity.Contracts/Services/ISessionService.cs

@@ -0,0 +1,72 @@
+using FSH.Modules.Identity.Contracts.DTOs;
+
+namespace FSH.Modules.Identity.Contracts.Services;
+
+public interface ISessionService
+{
+    Task<UserSessionDto> CreateSessionAsync(
+        string userId,
+        string refreshTokenHash,
+        string ipAddress,
+        string userAgent,
+        DateTime expiresAt,
+        CancellationToken cancellationToken = default);
+
+    Task<List<UserSessionDto>> GetUserSessionsAsync(
+        string userId,
+        CancellationToken cancellationToken = default);
+
+    Task<List<UserSessionDto>> GetUserSessionsForAdminAsync(
+        string userId,
+        CancellationToken cancellationToken = default);
+
+    Task<UserSessionDto?> GetSessionAsync(
+        Guid sessionId,
+        CancellationToken cancellationToken = default);
+
+    Task<bool> RevokeSessionAsync(
+        Guid sessionId,
+        string revokedBy,
+        string? reason = null,
+        CancellationToken cancellationToken = default);
+
+    Task<int> RevokeAllSessionsAsync(
+        string userId,
+        string revokedBy,
+        Guid? exceptSessionId = null,
+        string? reason = null,
+        CancellationToken cancellationToken = default);
+
+    Task<int> RevokeAllSessionsForAdminAsync(
+        string userId,
+        string revokedBy,
+        string? reason = null,
+        CancellationToken cancellationToken = default);
+
+    Task<bool> RevokeSessionForAdminAsync(
+        Guid sessionId,
+        string revokedBy,
+        string? reason = null,
+        CancellationToken cancellationToken = default);
+
+    Task UpdateSessionActivityAsync(
+        string refreshTokenHash,
+        CancellationToken cancellationToken = default);
+
+    Task UpdateSessionRefreshTokenAsync(
+        string oldRefreshTokenHash,
+        string newRefreshTokenHash,
+        DateTime newExpiresAt,
+        CancellationToken cancellationToken = default);
+
+    Task<bool> ValidateSessionAsync(
+        string refreshTokenHash,
+        CancellationToken cancellationToken = default);
+
+    Task<Guid?> GetSessionIdByRefreshTokenAsync(
+        string refreshTokenHash,
+        CancellationToken cancellationToken = default);
+
+    Task CleanupExpiredSessionsAsync(
+        CancellationToken cancellationToken = default);
+}

src/Modules/Identity/Modules.Identity.Contracts/v1/Sessions/AdminRevokeAllSessions/AdminRevokeAllSessionsCommand.cs

@@ -0,0 +1,5 @@
+using Mediator;
+
+namespace FSH.Modules.Identity.Contracts.v1.Sessions.AdminRevokeAllSessions;
+
+public sealed record AdminRevokeAllSessionsCommand(Guid UserId, string? Reason = null) : ICommand<int>;

src/Modules/Identity/Modules.Identity.Contracts/v1/Sessions/AdminRevokeSession/AdminRevokeSessionCommand.cs

@@ -0,0 +1,5 @@
+using Mediator;
+
+namespace FSH.Modules.Identity.Contracts.v1.Sessions.AdminRevokeSession;
+
+public sealed record AdminRevokeSessionCommand(Guid UserId, Guid SessionId, string? Reason = null) : ICommand<bool>;

src/Modules/Identity/Modules.Identity.Contracts/v1/Sessions/GetMySessions/GetMySessionsQuery.cs

@@ -0,0 +1,6 @@
+using FSH.Modules.Identity.Contracts.DTOs;
+using Mediator;
+
+namespace FSH.Modules.Identity.Contracts.v1.Sessions.GetMySessions;
+
+public sealed record GetMySessionsQuery : IQuery<List<UserSessionDto>>;

src/Modules/Identity/Modules.Identity.Contracts/v1/Sessions/GetUserSessions/GetUserSessionsQuery.cs

@@ -0,0 +1,6 @@
+using FSH.Modules.Identity.Contracts.DTOs;
+using Mediator;
+
+namespace FSH.Modules.Identity.Contracts.v1.Sessions.GetUserSessions;
+
+public sealed record GetUserSessionsQuery(Guid UserId) : IQuery<List<UserSessionDto>>;

src/Modules/Identity/Modules.Identity.Contracts/v1/Sessions/RevokeAllSessions/RevokeAllSessionsCommand.cs

@@ -0,0 +1,5 @@
+using Mediator;
+
+namespace FSH.Modules.Identity.Contracts.v1.Sessions.RevokeAllSessions;
+
+public sealed record RevokeAllSessionsCommand(Guid? ExceptSessionId = null) : ICommand<int>;

src/Modules/Identity/Modules.Identity.Contracts/v1/Sessions/RevokeSession/RevokeSessionCommand.cs

@@ -0,0 +1,5 @@
+using Mediator;
+
+namespace FSH.Modules.Identity.Contracts.v1.Sessions.RevokeSession;
+
+public sealed record RevokeSessionCommand(Guid SessionId) : ICommand<bool>;