"Last active at" column on users and sessions (#1081)

Author: N2D4

apps/backend/prisma/migrations/20260101000000_add_last_active_at_columns/migration.sql

@@ -0,0 +1,99 @@
+-- AlterTable
+-- Add lastActiveAt column to ProjectUser table as nullable first (for backfill)
+ALTER TABLE "ProjectUser" ADD COLUMN "lastActiveAt" TIMESTAMP(3);
+
+-- AlterTable
+-- Add lastActiveAt and lastActiveAtIpInfo columns to ProjectUserRefreshToken table
+ALTER TABLE "ProjectUserRefreshToken" ADD COLUMN "lastActiveAt" TIMESTAMP(3);
+ALTER TABLE "ProjectUserRefreshToken" ADD COLUMN "lastActiveAtIpInfo" JSONB;
+
+-- SPLIT_STATEMENT_SENTINEL
+-- SINGLE_STATEMENT_SENTINEL
+-- CONDITIONALLY_REPEAT_MIGRATION_SENTINEL
+-- Backfill ProjectUser.lastActiveAt from Events table (using $user-activity events)
+WITH to_update AS (
+    SELECT pu."tenancyId", pu."projectUserId"
+    FROM "ProjectUser" pu
+    JOIN "Tenancy" t ON t."id" = pu."tenancyId"
+    WHERE pu."lastActiveAt" IS NULL
+    LIMIT 1000
+),
+event_activity AS (
+    SELECT 
+        t."id" AS "tenancyId",
+        e."data"->>'userId' AS "userId",
+        MAX(e."eventStartedAt") AS "lastActiveAt"
+    FROM "Event" e
+    JOIN "Tenancy" t ON t."projectId" = e."data"->>'projectId' 
+                    AND t."branchId" = COALESCE(e."data"->>'branchId', 'main')
+    WHERE '$user-activity' = ANY(e."systemEventTypeIds"::text[])
+      AND e."data"->>'userId' IS NOT NULL
+      AND EXISTS (SELECT 1 FROM to_update tu WHERE tu."tenancyId" = t."id" AND tu."projectUserId"::text = e."data"->>'userId')
+    GROUP BY t."id", e."data"->>'userId'
+),
+updated AS (
+    UPDATE "ProjectUser" pu
+    SET "lastActiveAt" = COALESCE(ea."lastActiveAt", pu."createdAt")
+    FROM to_update tu
+    LEFT JOIN event_activity ea ON ea."tenancyId" = tu."tenancyId" AND ea."userId"::uuid = tu."projectUserId"
+    WHERE pu."tenancyId" = tu."tenancyId" AND pu."projectUserId" = tu."projectUserId"
+    RETURNING 1
+)
+SELECT COUNT(*) > 0 AS should_repeat_migration FROM updated;
+
+-- SPLIT_STATEMENT_SENTINEL
+-- SINGLE_STATEMENT_SENTINEL
+-- CONDITIONALLY_REPEAT_MIGRATION_SENTINEL
+-- Backfill ProjectUserRefreshToken.lastActiveAt and lastActiveAtIpInfo from Events table (using $session-activity events)
+WITH to_update AS (
+    SELECT rt."tenancyId", rt."id"
+    FROM "ProjectUserRefreshToken" rt
+    JOIN "Tenancy" t ON t."id" = rt."tenancyId"
+    WHERE rt."lastActiveAt" IS NULL
+    LIMIT 1000
+),
+-- Get the most recent session activity event for each session, along with its IP info
+event_activity AS (
+    SELECT DISTINCT ON (t."id", e."data"->>'sessionId')
+        t."id" AS "tenancyId",
+        e."data"->>'sessionId' AS "sessionId",
+        e."eventStartedAt" AS "lastActiveAt",
+        CASE 
+            WHEN eip."id" IS NOT NULL THEN jsonb_build_object(
+                'ip', eip."ip",
+                'countryCode', eip."countryCode",
+                'regionCode', eip."regionCode",
+                'cityName', eip."cityName",
+                'latitude', eip."latitude",
+                'longitude', eip."longitude",
+                'tzIdentifier', eip."tzIdentifier"
+            )
+            ELSE NULL
+        END AS "ipInfo"
+    FROM "Event" e
+    JOIN "Tenancy" t ON t."projectId" = e."data"->>'projectId' 
+                    AND t."branchId" = COALESCE(e."data"->>'branchId', 'main')
+    LEFT JOIN "EventIpInfo" eip ON eip."id" = e."endUserIpInfoGuessId"
+    WHERE '$session-activity' = ANY(e."systemEventTypeIds"::text[])
+      AND e."data"->>'sessionId' IS NOT NULL
+      AND EXISTS (SELECT 1 FROM to_update tu WHERE tu."tenancyId" = t."id" AND tu."id"::text = e."data"->>'sessionId')
+    ORDER BY t."id", e."data"->>'sessionId', e."eventStartedAt" DESC
+),
+updated AS (
+    UPDATE "ProjectUserRefreshToken" rt
+    SET "lastActiveAt" = COALESCE(ea."lastActiveAt", rt."createdAt"),
+        "lastActiveAtIpInfo" = ea."ipInfo"
+    FROM to_update tu
+    LEFT JOIN event_activity ea ON ea."tenancyId" = tu."tenancyId" AND ea."sessionId"::uuid = tu."id"
+    WHERE rt."tenancyId" = tu."tenancyId" AND rt."id" = tu."id"
+    RETURNING 1
+)
+SELECT COUNT(*) > 0 AS should_repeat_migration FROM updated;
+
+-- SPLIT_STATEMENT_SENTINEL
+-- Make columns NOT NULL with default NOW() for new rows
+ALTER TABLE "ProjectUser" ALTER COLUMN "lastActiveAt" SET NOT NULL;
+ALTER TABLE "ProjectUser" ALTER COLUMN "lastActiveAt" SET DEFAULT NOW();
+
+ALTER TABLE "ProjectUserRefreshToken" ALTER COLUMN "lastActiveAt" SET NOT NULL;
+ALTER TABLE "ProjectUserRefreshToken" ALTER COLUMN "lastActiveAt" SET DEFAULT NOW();

apps/backend/prisma/schema.prisma

@@ -170,8 +170,9 @@ model ProjectUser {
   mirroredProjectId String
   mirroredBranchId  String
 
-  createdAt DateTime @default(now())
-  updatedAt DateTime @updatedAt
+  createdAt    DateTime @default(now())
+  updatedAt    DateTime @updatedAt
+  lastActiveAt DateTime @default(now())
 
   displayName            String?
   serverMetadata         Json?
@@ -430,8 +431,10 @@ model ProjectUserRefreshToken {
   tenancyId     String @db.Uuid
   projectUserId String @db.Uuid
 
-  createdAt DateTime @default(now())
-  updatedAt DateTime @updatedAt
+  createdAt          DateTime @default(now())
+  updatedAt          DateTime @updatedAt
+  lastActiveAt       DateTime @default(now())
+  lastActiveAtIpInfo Json?
 
   refreshToken    String    @unique
   expiresAt       DateTime?

apps/backend/src/app/api/latest/auth/sessions/crud.tsx

@@ -1,12 +1,11 @@
-import { getPrismaClientForTenancy, getPrismaSchemaForTenancy, globalPrismaClient, sqlQuoteIdent } from "@/prisma-client";
+import { globalPrismaClient } from "@/prisma-client";
 import { createCrudHandlers } from "@/route-handlers/crud-handler";
 import { SmartRequestAuth } from "@/route-handlers/smart-request";
-import { Prisma } from "@/generated/prisma/client";
 import { KnownErrors } from "@stackframe/stack-shared";
 import { sessionsCrud } from "@stackframe/stack-shared/dist/interface/crud/sessions";
 import { userIdOrMeSchema, yupObject, yupString } from "@stackframe/stack-shared/dist/schema-fields";
 import { StatusError, throwErr } from "@stackframe/stack-shared/dist/utils/errors";
-import { GeoInfo } from "@stackframe/stack-shared/dist/utils/geo";
+import { geoInfoSchema } from "@stackframe/stack-shared/dist/utils/geo";
 import { createLazyProxy } from "@stackframe/stack-shared/dist/utils/proxies";
 
 export const sessionsCrudHandlers = createLazyProxy(() => createCrudHandlers(sessionsCrud, {
@@ -17,8 +16,6 @@ export const sessionsCrudHandlers = createLazyProxy(() => createCrudHandlers(ses
     user_id: userIdOrMeSchema.defined(),
   }).defined(),
   onList: async ({ auth, query }) => {
-    const prisma = await getPrismaClientForTenancy(auth.tenancy);
-    const schema = await getPrismaSchemaForTenancy(auth.tenancy);
     const listImpersonations = auth.type === 'admin';
 
     if (auth.type === 'client') {
@@ -39,60 +36,25 @@ export const sessionsCrudHandlers = createLazyProxy(() => createCrudHandlers(ses
       },
     });
 
-    // Get the latest event for each session
-    const events = await prisma.$queryRaw<Array<{ sessionId: string, lastActiveAt: Date, geo: GeoInfo | null, isEndUserIpInfoGuessTrusted: boolean }>>`
-      WITH latest_events AS (
-        SELECT data->>'sessionId' as "sessionId", 
-               MAX("eventStartedAt") as "lastActiveAt"
-        FROM ${sqlQuoteIdent(schema)}."Event"
-        WHERE ${refreshTokenObjs.length > 0
-          ? Prisma.sql`data->>'sessionId' = ANY(${Prisma.sql`ARRAY[${Prisma.join(refreshTokenObjs.map(s => s.id))}]`})`
-          : Prisma.sql`FALSE`}
-        AND "systemEventTypeIds" @> '{"$session-activity"}'
-        AND data->>'userId' = ${query.user_id}
-        AND data->>'projectId' = ${auth.tenancy.project.id}
-        AND COALESCE(data->>'branchId', 'main') = ${auth.tenancy.branchId}
-        GROUP BY data->>'sessionId'
-      )
-      SELECT e.data->>'sessionId' as "sessionId", 
-             le."lastActiveAt", 
-             row_to_json(geo.*) as "geo",
-             e.data->>'isEndUserIpInfoGuessTrusted' as "isEndUserIpInfoGuessTrusted"
-      FROM ${sqlQuoteIdent(schema)}."Event" e
-      JOIN latest_events le ON e.data->>'sessionId' = le."sessionId" AND e."eventStartedAt" = le."lastActiveAt"
-      LEFT JOIN ${sqlQuoteIdent(schema)}."EventIpInfo" geo ON geo.id = e."endUserIpInfoGuessId"
-      WHERE e."systemEventTypeIds" @> '{"$session-activity"}'
-      AND e.data->>'userId' = ${query.user_id}
-      AND e.data->>'projectId' = ${auth.tenancy.project.id}
-      AND COALESCE(e.data->>'branchId', 'main') = ${auth.tenancy.branchId}
-    `;
-
-    const sessionsWithLastActiveAt = refreshTokenObjs.map(s => {
-      const event = events.find(e => e.sessionId === s.id);
-      return {
-        ...s,
-        last_active_at: event?.lastActiveAt.getTime(),
-        last_active_at_end_user_ip_info: event?.geo,
-      };
-    });
-
     const result = {
-      items: sessionsWithLastActiveAt.map(s => ({
-        id: s.id,
-        user_id: s.projectUserId,
-        created_at: s.createdAt.getTime(),
-        last_used_at: s.last_active_at,
-        is_impersonation: s.isImpersonation,
-        last_used_at_end_user_ip_info: s.last_active_at_end_user_ip_info ?? undefined,
-        is_current_session: s.id === auth.refreshTokenId,
-      })),
+      items: refreshTokenObjs.map(s => {
+        const ipInfo = s.lastActiveAtIpInfo ? geoInfoSchema.validateSync(s.lastActiveAtIpInfo) : undefined;
+        return {
+          id: s.id,
+          user_id: s.projectUserId,
+          created_at: s.createdAt.getTime(),
+          last_used_at: s.lastActiveAt.getTime(),
+          is_impersonation: s.isImpersonation,
+          is_current_session: s.id === auth.refreshTokenId,
+          last_used_at_end_user_ip_info: ipInfo,
+        };
+      }),
       is_paginated: false,
     };
 
     return result;
   },
   onDelete: async ({ auth, params }: { auth: SmartRequestAuth, params: { id: string }, query: { user_id?: string } }) => {
-    const prisma = await getPrismaClientForTenancy(auth.tenancy);
     const session = await globalPrismaClient.projectUserRefreshToken.findFirst({
       where: {
         tenancyId: auth.tenancy.id,

apps/backend/src/app/api/latest/internal/metrics/route.tsx

@@ -1,8 +1,8 @@
+import { Prisma } from "@/generated/prisma/client";
 import { getOrSetCacheValue } from "@/lib/cache";
 import { Tenancy } from "@/lib/tenancies";
 import { getPrismaClientForTenancy, getPrismaSchemaForTenancy, globalPrismaClient, PrismaClientTransaction, sqlQuoteIdent } from "@/prisma-client";
 import { createSmartRouteHandler } from "@/route-handlers/smart-route-handler";
-import { Prisma } from "@/generated/prisma/client";
 import { KnownErrors } from "@stackframe/stack-shared";
 import { UsersCrud } from "@stackframe/stack-shared/dist/interface/crud/users";
 import { adaptSchema, adminAuthTypeSchema, yupArray, yupMixed, yupNumber, yupObject, yupString } from "@stackframe/stack-shared/dist/schema-fields";
@@ -193,52 +193,20 @@ async function loadLoginMethods(tenancy: Tenancy): Promise<{ method: string, cou
 }
 
 async function loadRecentlyActiveUsers(tenancy: Tenancy, includeAnonymous: boolean = false): Promise<UsersCrud["Admin"]["Read"][]> {
-  const events = await globalPrismaClient.$queryRaw<{ userId: string, lastActiveAt: Date }[]>`
-    WITH ordered_events AS (
-      SELECT
-        "data"->>'userId' AS "userId",
-        "eventStartedAt" AS "lastActiveAt"
-      FROM "Event"
-      WHERE "data"->>'projectId' = ${tenancy.project.id}
-        AND COALESCE("data"->>'branchId', 'main') = ${tenancy.branchId}
-        AND (${includeAnonymous} OR COALESCE("data"->>'isAnonymous', 'false') != 'true')
-        AND '$user-activity' = ANY("systemEventTypeIds"::text[])
-        AND "data"->>'userId' IS NOT NULL
-      ORDER BY "eventStartedAt" DESC
-      LIMIT 4000
-    ),
-    latest_events AS (
-      SELECT DISTINCT ON ("userId")
-        "userId",
-        "lastActiveAt"
-      FROM ordered_events
-      ORDER BY "userId", "lastActiveAt" DESC
-    )
-    SELECT "userId", "lastActiveAt"
-    FROM latest_events
-    ORDER BY "lastActiveAt" DESC
-    LIMIT 5
-  `;
-  if (events.length === 0) {
-    return [];
-  }
-
   const prisma = await getPrismaClientForTenancy(tenancy);
   const dbUsers = await prisma.projectUser.findMany({
     where: {
       tenancyId: tenancy.id,
-      projectUserId: {
-        in: events.map((event) => event.userId),
-      },
+      ...(!includeAnonymous ? { isAnonymous: false } : {}),
+    },
+    orderBy: {
+      lastActiveAt: 'desc',
     },
+    take: 5,
     include: userFullInclude,
   });
 
-  const userObjects = events.map((event) => {
-    const user = dbUsers.find((user) => user.projectUserId === event.userId);
-    return user ? userPrismaToCrud(user, event.lastActiveAt.getTime()) : null;
-  });
-  return userObjects.filter((user): user is UsersCrud["Admin"]["Read"] => user !== null);
+  return dbUsers.map((user) => userPrismaToCrud(user));
 }
 
 export const GET = createSmartRouteHandler({

apps/backend/src/app/api/latest/team-member-profiles/crud.tsx

@@ -8,17 +8,17 @@ import { teamMemberProfilesCrud } from "@stackframe/stack-shared/dist/interface/
 import { userIdOrMeSchema, yupObject, yupString } from "@stackframe/stack-shared/dist/schema-fields";
 import { StatusError, throwErr } from "@stackframe/stack-shared/dist/utils/errors";
 import { createLazyProxy } from "@stackframe/stack-shared/dist/utils/proxies";
-import { getUserLastActiveAtMillis, getUsersLastActiveAtMillis, userFullInclude, userPrismaToCrud } from "../users/crud";
+import { userFullInclude, userPrismaToCrud } from "../users/crud";
 
 const fullInclude = { projectUser: { include: userFullInclude } };
 
-function prismaToCrud(prisma: Prisma.TeamMemberGetPayload<{ include: typeof fullInclude }>, lastActiveAtMillis: number) {
+function prismaToCrud(prisma: Prisma.TeamMemberGetPayload<{ include: typeof fullInclude }>) {
   return {
     team_id: prisma.teamId,
     user_id: prisma.projectUserId,
     display_name: prisma.displayName ?? prisma.projectUser.displayName,
     profile_image_url: prisma.profileImageUrl ?? prisma.projectUser.profileImageUrl,
-    user: userPrismaToCrud(prisma.projectUser, lastActiveAtMillis),
+    user: userPrismaToCrud(prisma.projectUser),
   };
 }
 
@@ -78,10 +78,8 @@ export const teamMemberProfilesCrudHandlers = createLazyProxy(() => createCrudHa
         include: fullInclude,
       });
 
-      const lastActiveAtMillis = await getUsersLastActiveAtMillis(auth.project.id, auth.branchId, db.map(user => user.projectUserId), db.map(user => user.createdAt));
-
       return {
-        items: db.map((user, index) => prismaToCrud(user, lastActiveAtMillis[index])),
+        items: db.map((user) => prismaToCrud(user)),
         is_paginated: false,
       };
     });
@@ -121,7 +119,7 @@ export const teamMemberProfilesCrudHandlers = createLazyProxy(() => createCrudHa
         throw new KnownErrors.TeamMembershipNotFound(params.team_id, params.user_id);
       }
 
-      return prismaToCrud(db, await getUserLastActiveAtMillis(auth.project.id, auth.branchId, db.projectUser.projectUserId) ?? db.projectUser.createdAt.getTime());
+      return prismaToCrud(db);
     });
   },
   onUpdate: async ({ auth, data, params }) => {
@@ -155,7 +153,7 @@ export const teamMemberProfilesCrudHandlers = createLazyProxy(() => createCrudHa
         include: fullInclude,
       });
 
-      return prismaToCrud(db, await getUserLastActiveAtMillis(auth.project.id, auth.branchId, db.projectUser.projectUserId) ?? db.projectUser.createdAt.getTime());
+      return prismaToCrud(db);
     });
   },
 }));