Added logout functionality and client error message for 500 status codes

handlers/login.go

@@ -48,7 +48,6 @@ func HandleLoginRequest(
 	config *config.Config,
 	logger *zerolog.Logger,
 	conn *sql.DB,
-	secretKey string,
 ) http.Handler {
 	return http.HandlerFunc(
 		func(w http.ResponseWriter, r *http.Request) {

handlers/logout.go

@@ -0,0 +1,62 @@
+package handlers
+
+import (
+	"database/sql"
+	"net/http"
+	"projectreshoot/config"
+	"projectreshoot/cookies"
+	"projectreshoot/jwt"
+
+	"github.com/pkg/errors"
+	"github.com/rs/zerolog"
+)
+
+// Retrieve and revoke the user's tokens
+func revokeTokens(
+	config *config.Config,
+	conn *sql.DB,
+	r *http.Request,
+) error {
+	// get the tokens from the cookies
+	atStr, rtStr := cookies.GetTokenStrings(r)
+	aT, err := jwt.ParseAccessToken(config, conn, atStr)
+	if err != nil {
+		return errors.Wrap(err, "jwt.ParseAccessToken")
+	}
+	rT, err := jwt.ParseRefreshToken(config, conn, rtStr)
+	if err != nil {
+		return errors.Wrap(err, "jwt.ParseRefreshToken")
+	}
+	// revoke the refresh token first as the access token expires quicker
+	// only matters if there is an error revoking the tokens
+	err = jwt.RevokeToken(conn, rT)
+	if err != nil {
+		return errors.Wrap(err, "jwt.RevokeToken")
+	}
+	err = jwt.RevokeToken(conn, aT)
+	if err != nil {
+		return errors.Wrap(err, "jwt.RevokeToken")
+	}
+	return nil
+}
+
+// Handle a logout request
+func HandleLogout(
+	config *config.Config,
+	logger *zerolog.Logger,
+	conn *sql.DB,
+) http.Handler {
+	return http.HandlerFunc(
+		func(w http.ResponseWriter, r *http.Request) {
+			err := revokeTokens(config, conn, r)
+			if err != nil {
+				logger.Error().Err(err).Msg("Error occured on user logout")
+				w.WriteHeader(http.StatusInternalServerError)
+				return
+			}
+			cookies.DeleteCookie(w, "access", "/")
+			cookies.DeleteCookie(w, "refresh", "/")
+			w.Header().Set("HX-Redirect", "/login")
+		},
+	)
+}