store: DeleteSessionsByUserID for force-logout

internal/store/sessions.go

@@ -86,3 +86,18 @@ func (s *Store) PurgeExpiredSessions(ctx context.Context) (int64, error) {
 	n, _ := res.RowsAffected()
 	return n, nil
 }
+
+// DeleteSessionsByUserID removes every session row owned by the
+// user. Returns count for caller logging. Used by:
+//   - admin "Force logout" button
+//   - admin Disable user (sessions outlive the disable flag, so we
+//     also clear them so the user gets bounced immediately)
+func (s *Store) DeleteSessionsByUserID(ctx context.Context, userID string) (int64, error) {
+	res, err := s.db.ExecContext(ctx,
+		`DELETE FROM sessions WHERE user_id = ?`, userID)
+	if err != nil {
+		return 0, fmt.Errorf("store: delete sessions by user: %w", err)
+	}
+	n, _ := res.RowsAffected()
+	return n, nil
+}