How to ban users

We are looking for proper way to ban users.
Just call usersBanId isn’t enough. Looks like we should call sessionDisconnect, but how to get sessionId by userId we can’t find.

Hi @formatCvt I suggest doing the ban, logout and disconnect on the server via an RPC.

The steps will look like this:

  • A user with elevated privileges calls a custom server RPC supplying the userId
  • The RPC bans the user
  • Then calls sessionLogout with no session and refresh token which invalidates all the user’s session tokens
  • Then lists all their connections and call sessionDisconnect to disconnect the sockets (multiple devices)

For the last point, every connected socket has an automatic presence on a notification stream for that user ID (so if the user has 2 connected sockets, it’ll be 2 presences).

You can do a stream user list on stream with mode 0 and user ID as the subject nk.streamUserList({mode: 0, subject: userID}, true, true) and call sessionDisconnect to close all the sockets.

1 Like

Thanks, but not working with 3.11.0 from dockehub because fixed later and not released yet Fix data returned by StreamUserList in JS runtime. · heroiclabs/nakama@c773c24 · GitHub