fix(identity): reduce SessionService complexity (#1194)

* feat(identity): add ICurrentUserService and IRequestContextService interfaces

- Create ICurrentUserService interface combining ICurrentUser and ICurrentUserInitializer
- Create IRequestContextService interface extending IRequestContext
- Update CurrentUserService to implement ICurrentUserService (internal sealed)
- Update RequestContextService to implement IRequestContextService (internal sealed)
- Update DI registration to register services with their new interfaces
- Maintain backward compatibility with existing ICurrentUser and IRequestContext consumers

Closes #1180

* fix(identity): reduce SessionService complexity

Refactored SessionService.cs to reduce cyclomatic complexity:

- Extract DeviceTypeClassifier: Moved device type detection logic to a
  dedicated static helper class, reducing CC from 9 to 3 (uses LINQ Any)
- Add SessionCleanupHostedService: Background service for automated
  session cleanup (runs hourly, removes sessions expired >30 days)
- Register hosted service in IdentityModule for automatic cleanup

Changes:
- SessionService.cs: ~350 lines (was 372), removed GetDeviceType method
- DeviceTypeClassifier.cs: New helper class (~40 lines)
- SessionCleanupHostedService.cs: New background service (~65 lines)
- IdentityModule.cs: Register SessionCleanupHostedService

Build: 0 errors, 0 new warnings

Closes #1177

---------

Co-authored-by: jarvis <jarvis@codewithmukesh.com>

Author: iammukeshm

src/Modules/Identity/Modules.Identity/IdentityModule.cs

@@ -113,8 +113,9 @@ public void ConfigureServices(IHostApplicationBuilder builder)
         // Register password expiry service
         services.AddScoped<IPasswordExpiryService, PasswordExpiryService>();
 
-        // Register session service
+        // Register session service and background cleanup
         services.AddScoped<ISessionService, SessionService>();
+        services.AddHostedService<SessionCleanupHostedService>();
 
         // Register group role service for group-derived permissions
         services.AddScoped<IGroupRoleService, GroupRoleService>();

src/Modules/Identity/Modules.Identity/Services/DeviceTypeClassifier.cs

@@ -0,0 +1,42 @@
+namespace FSH.Modules.Identity.Services;
+
+/// <summary>
+/// Classifies device types based on user agent device family strings.
+/// Extracted from SessionService to reduce cyclomatic complexity.
+/// </summary>
+public static class DeviceTypeClassifier
+{
+    private const string Desktop = "Desktop";
+    private const string Mobile = "Mobile";
+    private const string Tablet = "Tablet";
+
+    private static readonly string[] MobileKeywords = ["mobile", "phone", "iphone", "android"];
+    private static readonly string[] TabletKeywords = ["tablet", "ipad"];
+
+    /// <summary>
+    /// Determines the device type from a user agent device family string.
+    /// </summary>
+    /// <param name="deviceFamily">The device family string from user agent parsing.</param>
+    /// <returns>Device type: "Desktop", "Mobile", or "Tablet".</returns>
+    public static string Classify(string? deviceFamily)
+    {
+        if (string.IsNullOrWhiteSpace(deviceFamily) || deviceFamily == "Other")
+        {
+            return Desktop;
+        }
+
+        var normalized = deviceFamily.ToLowerInvariant();
+
+        if (MobileKeywords.Any(keyword => normalized.Contains(keyword, StringComparison.Ordinal)))
+        {
+            return Mobile;
+        }
+
+        if (TabletKeywords.Any(keyword => normalized.Contains(keyword, StringComparison.Ordinal)))
+        {
+            return Tablet;
+        }
+
+        return Desktop;
+    }
+}

src/Modules/Identity/Modules.Identity/Services/SessionCleanupHostedService.cs

@@ -0,0 +1,70 @@
+using FSH.Modules.Identity.Data;
+using Microsoft.EntityFrameworkCore;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Hosting;
+using Microsoft.Extensions.Logging;
+
+namespace FSH.Modules.Identity.Services;
+
+/// <summary>
+/// Background service that periodically cleans up expired sessions.
+/// Runs every hour and removes sessions that have been expired for more than 30 days.
+/// </summary>
+public sealed class SessionCleanupHostedService : BackgroundService
+{
+    private readonly IServiceScopeFactory _scopeFactory;
+    private readonly ILogger<SessionCleanupHostedService> _logger;
+    private readonly TimeSpan _cleanupInterval = TimeSpan.FromHours(1);
+    private readonly int _retentionDays = 30;
+
+    public SessionCleanupHostedService(
+        IServiceScopeFactory scopeFactory,
+        ILogger<SessionCleanupHostedService> logger)
+    {
+        _scopeFactory = scopeFactory;
+        _logger = logger;
+    }
+
+    protected override async Task ExecuteAsync(CancellationToken stoppingToken)
+    {
+        _logger.LogInformation("Session cleanup service started");
+
+        while (!stoppingToken.IsCancellationRequested)
+        {
+            try
+            {
+                await Task.Delay(_cleanupInterval, stoppingToken);
+                await CleanupExpiredSessionsAsync(stoppingToken);
+            }
+            catch (OperationCanceledException) when (stoppingToken.IsCancellationRequested)
+            {
+                // Expected during shutdown
+                break;
+            }
+            catch (Exception ex)
+            {
+                _logger.LogError(ex, "Error during session cleanup");
+            }
+        }
+
+        _logger.LogInformation("Session cleanup service stopped");
+    }
+
+    private async Task CleanupExpiredSessionsAsync(CancellationToken cancellationToken)
+    {
+        using var scope = _scopeFactory.CreateScope();
+        var db = scope.ServiceProvider.GetRequiredService<IdentityDbContext>();
+
+        var cutoffDate = DateTime.UtcNow.AddDays(-_retentionDays);
+        var expiredSessions = await db.UserSessions
+            .Where(s => s.ExpiresAt < DateTime.UtcNow && s.ExpiresAt < cutoffDate)
+            .ToListAsync(cancellationToken);
+
+        if (expiredSessions.Count > 0)
+        {
+            db.UserSessions.RemoveRange(expiredSessions);
+            await db.SaveChangesAsync(cancellationToken);
+            _logger.LogInformation("Cleaned up {Count} expired sessions", expiredSessions.Count);
+        }
+    }
+}

src/Modules/Identity/Modules.Identity/Services/SessionService.cs

@@ -58,7 +58,7 @@ public async Task<UserSessionDto> CreateSessionAsync(
             ipAddress: ipAddress,
             userAgent: userAgent,
             expiresAt: expiresAt,
-            deviceType: GetDeviceType(clientInfo.Device.Family),
+            deviceType: DeviceTypeClassifier.Classify(clientInfo.Device.Family),
             browser: clientInfo.UA.Family,
             browserVersion: clientInfo.UA.Major,
             operatingSystem: clientInfo.OS.Family,
@@ -328,30 +328,6 @@ public async Task CleanupExpiredSessionsAsync(
         }
     }
 
-    private static string GetDeviceType(string deviceFamily)
-    {
-        if (string.IsNullOrWhiteSpace(deviceFamily) || deviceFamily == "Other")
-        {
-            return "Desktop";
-        }
-
-        if (deviceFamily.Contains("mobile", StringComparison.OrdinalIgnoreCase) ||
-            deviceFamily.Contains("phone", StringComparison.OrdinalIgnoreCase) ||
-            deviceFamily.Contains("iphone", StringComparison.OrdinalIgnoreCase) ||
-            deviceFamily.Contains("android", StringComparison.OrdinalIgnoreCase))
-        {
-            return "Mobile";
-        }
-
-        if (deviceFamily.Contains("tablet", StringComparison.OrdinalIgnoreCase) ||
-            deviceFamily.Contains("ipad", StringComparison.OrdinalIgnoreCase))
-        {
-            return "Tablet";
-        }
-
-        return "Desktop";
-    }
-
     private static UserSessionDto MapToDto(UserSession session, bool isCurrentSession)
     {
         return new UserSessionDto