gorb/backend
5
0
Fork 1
Code Issues 12 Pull requests 1 Projects Releases Packages 1 Wiki Activity Actions

fix: return 404 when refresh token cookie is invalid
All checks were successful
ci/woodpecker/push/build-and-publish Pipeline was successful
Details
ci/woodpecker/push/publish-docs Pipeline was successful
Details

Browse source
This commit is contained in:
Radical 2025-07-05 02:41:40 +02:00
parent 8febba2816
commit b00527633a
1 changed files with 8 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

9
src/api/v1/auth/logout.rs
View file

@ -13,8 +13,11 @@ use crate::{
/// requires auth: kinda, needs refresh token set but no access token is technically required
///
/// ### Responses
///
/// 200 Logged out
///
/// 404 Refresh token is invalid
///
/// 401 Unauthorized (no refresh token found)
///
#[get("/logout")]
@ -27,12 +30,16 @@ pub async fn res(req: HttpRequest, data: web::Data<Data>) -> Result<HttpResponse
let mut conn = data.pool.get().await?;
delete(refresh_tokens::table)
let deleted = delete(refresh_tokens::table)
.filter(dsl::token.eq(refresh_token))
.execute(&mut conn)
.await?;
refresh_token_cookie.make_removal();
if deleted == 0 {
return Ok(HttpResponse::NotFound().cookie(refresh_token_cookie).finish())
}
Ok(HttpResponse::Ok().cookie(refresh_token_cookie).finish())
}