feat: expire refresh_token immediately on unauthorized response

2025-05-04 23:02:17 +02:00 · 2025-05-04 23:02:17 +02:00 · c61f96ffe7
commit c61f96ffe7
parent 0f897dc0c6
1 changed files with 10 additions and 2 deletions
--- a/src/api/v1/auth/refresh.rs
+++ b/src/api/v1/auth/refresh.rs
@ -42,7 +42,11 @@ pub async fn res(req: HttpRequest, data: web::Data<Data>) -> Result<HttpResponse
                error!("{}", error);
            }
-            return Ok(HttpResponse::Unauthorized().finish());
+            let mut refresh_token_cookie = refresh_token_cookie(refresh_token);
            refresh_token_cookie.make_removal();
            return Ok(HttpResponse::Unauthorized().cookie(refresh_token_cookie).finish());
        }
        let current_time = SystemTime::now()
@ -100,5 +104,9 @@ pub async fn res(req: HttpRequest, data: web::Data<Data>) -> Result<HttpResponse
        }));
    }
-    Ok(HttpResponse::Unauthorized().finish())
+    let mut refresh_token_cookie = refresh_token_cookie(refresh_token);
    refresh_token_cookie.make_removal();
    Ok(HttpResponse::Unauthorized().cookie(refresh_token_cookie).finish())
 }