-- Create function to get user's own sessions from auth.sessions
CREATE OR REPLACE FUNCTION public.get_my_sessions()
RETURNS TABLE (
  id uuid,
  created_at timestamptz,
  updated_at timestamptz,
  refreshed_at timestamptz,
  user_agent text,
  ip inet,
  not_after timestamptz,
  aal auth.aal_level
)
SECURITY DEFINER
SET search_path = auth, public
LANGUAGE plpgsql
AS $$
BEGIN
  -- Only return sessions for the authenticated user
  RETURN QUERY
  SELECT 
    s.id,
    s.created_at,
    s.updated_at,
    s.refreshed_at,
    s.user_agent,
    s.ip,
    s.not_after,
    s.aal
  FROM auth.sessions s
  WHERE s.user_id = auth.uid()
  ORDER BY s.refreshed_at DESC NULLS LAST, s.created_at DESC;
END;
$$;

-- Grant execute to authenticated users
GRANT EXECUTE ON FUNCTION public.get_my_sessions() TO authenticated;

-- Create function to revoke user's own session
CREATE OR REPLACE FUNCTION public.revoke_my_session(session_id uuid)
RETURNS void
SECURITY DEFINER
SET search_path = auth, public
LANGUAGE plpgsql
AS $$
BEGIN
  -- Only delete own sessions
  DELETE FROM auth.sessions
  WHERE id = session_id
    AND user_id = auth.uid();
END;
$$;

-- Grant execute to authenticated users
GRANT EXECUTE ON FUNCTION public.revoke_my_session(uuid) TO authenticated;

-- Drop the unused public.user_sessions table
DROP TABLE IF EXISTS public.user_sessions CASCADE;