feat: expire refresh_token immediately on unauthorized response

2025-05-04 23:02:17 +02:00 · 2025-05-04 23:02:17 +02:00 · c61f96ffe7
commit c61f96ffe7
parent 0f897dc0c6
1 changed files with 10 additions and 2 deletions
--- a/src/api/v1/auth/refresh.rs
+++ b/src/api/v1/auth/refresh.rs
@ -42,7 +42,11 @@ pub async fn res(req: HttpRequest, data: web::Data<Data>) -> Result<HttpResponse
                error!("{}", error);
            }

-            return Ok(HttpResponse::Unauthorized().finish());
+            let mut refresh_token_cookie = refresh_token_cookie(refresh_token);
+
+            refresh_token_cookie.make_removal();
+
+            return Ok(HttpResponse::Unauthorized().cookie(refresh_token_cookie).finish());
        }

        let current_time = SystemTime::now()
@ -100,5 +104,9 @@ pub async fn res(req: HttpRequest, data: web::Data<Data>) -> Result<HttpResponse
        }));
    }

-    Ok(HttpResponse::Unauthorized().finish())
+    let mut refresh_token_cookie = refresh_token_cookie(refresh_token);
+
+    refresh_token_cookie.make_removal();
+
+    Ok(HttpResponse::Unauthorized().cookie(refresh_token_cookie).finish())
 }