gorb/backend
5
0
Fork 1
Code Issues 12 Pull requests 1 Projects Releases Packages 1 Wiki Activity Actions

fix: return 404 when refresh token cookie is invalid
All checks were successful
ci/woodpecker/push/build-and-publish Pipeline was successful
Details
ci/woodpecker/push/publish-docs Pipeline was successful
Details

Browse source
This commit is contained in:
Radical 2025-07-05 02:41:40 +02:00
parent 8febba2816
commit b00527633a
1 changed files with 8 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

9
src/api/v1/auth/logout.rs
View file

@ -13,8 +13,11 @@ use crate::{
/// requires auth: kinda, needs refresh token set but no access token is technically required /// requires auth: kinda, needs refresh token set but no access token is technically required
/// ///
/// ### Responses /// ### Responses
///
/// 200 Logged out /// 200 Logged out
///
/// 404 Refresh token is invalid /// 404 Refresh token is invalid
///
/// 401 Unauthorized (no refresh token found) /// 401 Unauthorized (no refresh token found)
/// ///
#[get("/logout")] #[get("/logout")]
@ -27,12 +30,16 @@ pub async fn res(req: HttpRequest, data: web::Data<Data>) -> Result<HttpResponse
let mut conn = data.pool.get().await?; let mut conn = data.pool.get().await?;
delete(refresh_tokens::table) let deleted = delete(refresh_tokens::table)
.filter(dsl::token.eq(refresh_token)) .filter(dsl::token.eq(refresh_token))
.execute(&mut conn) .execute(&mut conn)
.await?; .await?;
refresh_token_cookie.make_removal(); refresh_token_cookie.make_removal();
if deleted == 0 {
return Ok(HttpResponse::NotFound().cookie(refresh_token_cookie).finish())
}
Ok(HttpResponse::Ok().cookie(refresh_token_cookie).finish()) Ok(HttpResponse::Ok().cookie(refresh_token_cookie).finish())
} }