63 lines
1.5 KiB
Go
63 lines
1.5 KiB
Go
package handlers
|
|
|
|
import (
|
|
"database/sql"
|
|
"net/http"
|
|
"projectreshoot/config"
|
|
"projectreshoot/cookies"
|
|
"projectreshoot/jwt"
|
|
|
|
"github.com/pkg/errors"
|
|
"github.com/rs/zerolog"
|
|
)
|
|
|
|
// Retrieve and revoke the user's tokens
|
|
func revokeTokens(
|
|
config *config.Config,
|
|
conn *sql.DB,
|
|
r *http.Request,
|
|
) error {
|
|
// get the tokens from the cookies
|
|
atStr, rtStr := cookies.GetTokenStrings(r)
|
|
aT, err := jwt.ParseAccessToken(config, conn, atStr)
|
|
if err != nil {
|
|
return errors.Wrap(err, "jwt.ParseAccessToken")
|
|
}
|
|
rT, err := jwt.ParseRefreshToken(config, conn, rtStr)
|
|
if err != nil {
|
|
return errors.Wrap(err, "jwt.ParseRefreshToken")
|
|
}
|
|
// revoke the refresh token first as the access token expires quicker
|
|
// only matters if there is an error revoking the tokens
|
|
err = jwt.RevokeToken(conn, rT)
|
|
if err != nil {
|
|
return errors.Wrap(err, "jwt.RevokeToken")
|
|
}
|
|
err = jwt.RevokeToken(conn, aT)
|
|
if err != nil {
|
|
return errors.Wrap(err, "jwt.RevokeToken")
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// Handle a logout request
|
|
func HandleLogout(
|
|
config *config.Config,
|
|
logger *zerolog.Logger,
|
|
conn *sql.DB,
|
|
) http.Handler {
|
|
return http.HandlerFunc(
|
|
func(w http.ResponseWriter, r *http.Request) {
|
|
err := revokeTokens(config, conn, r)
|
|
if err != nil {
|
|
logger.Error().Err(err).Msg("Error occured on user logout")
|
|
w.WriteHeader(http.StatusInternalServerError)
|
|
return
|
|
}
|
|
cookies.DeleteCookie(w, "access", "/")
|
|
cookies.DeleteCookie(w, "refresh", "/")
|
|
w.Header().Set("HX-Redirect", "/login")
|
|
},
|
|
)
|
|
}
|