feat: add logout endpoint

style: rename refresh_token_cookie() to new_refresh_token_cookie() and fix error message when no refresh_token is found on refresh
2025-05-31 14:43:48 +02:00 · 2025-05-31 14:41:29 +02:00
6 changed files with 42 additions and 17 deletions
--- a/src/api/v1/auth/login.rs
+++ b/src/api/v1/auth/login.rs
@ -11,7 +11,7 @@ use crate::{
    error::Error,
    schema::*,
    utils::{
-        PASSWORD_REGEX, generate_access_token, generate_refresh_token, refresh_token_cookie,
+        PASSWORD_REGEX, generate_access_token, generate_refresh_token, new_refresh_token_cookie,
        user_uuid_from_identifier,
    },
 };
@ -89,6 +89,6 @@ pub async fn response(
        .await?;

    Ok(HttpResponse::Ok()
-        .cookie(refresh_token_cookie(refresh_token))
+        .cookie(new_refresh_token_cookie(refresh_token))
        .json(Response { access_token }))
 }
--- a/src/api/v1/auth/logout.rs
+++ b/src/api/v1/auth/logout.rs
@ -0,0 +1,31 @@
+use actix_web::{HttpRequest, HttpResponse, post, web};
+use diesel::{ExpressionMethods, delete};
+use diesel_async::RunQueryDsl;
+
+use crate::{
+    Data,
+    error::Error,
+    schema::refresh_tokens::{self, dsl},
+};
+
+// TODO: Should maybe be a delete request?
+#[post("/logout")]
+pub async fn res(
+    req: HttpRequest,
+    data: web::Data<Data>,
+) -> Result<HttpResponse, Error> {
+    let mut refresh_token_cookie = req.cookie("refresh_token").ok_or(Error::Unauthorized("request has no refresh token".to_string()))?;
+
+    let refresh_token = String::from(refresh_token_cookie.value());
+
+    let mut conn = data.pool.get().await?;
+
+    delete(refresh_tokens::table)
+        .filter(dsl::token.eq(refresh_token))
+        .execute(&mut conn)
+        .await?;
+
+    refresh_token_cookie.make_removal();
+
+    Ok(HttpResponse::Ok().cookie(refresh_token_cookie).finish())
+}
--- a/src/api/v1/auth/mod.rs
+++ b/src/api/v1/auth/mod.rs
@ -9,6 +9,7 @@ use uuid::Uuid;
 use crate::{Conn, error::Error, schema::access_tokens::dsl};

 mod login;
+mod logout;
 mod refresh;
 mod register;
 mod reset_password;
@ -24,6 +25,7 @@ pub fn web() -> Scope {
    web::scope("/auth")
        .service(register::res)
        .service(login::response)
+        .service(logout::res)
        .service(refresh::res)
        .service(revoke::res)
        .service(verify_email::get)
--- a/src/api/v1/auth/refresh.rs
+++ b/src/api/v1/auth/refresh.rs
@ -11,20 +11,16 @@ use crate::{
        access_tokens::{self, dsl},
        refresh_tokens::{self, dsl as rdsl},
    },
-    utils::{generate_access_token, generate_refresh_token, refresh_token_cookie},
+    utils::{generate_access_token, generate_refresh_token, new_refresh_token_cookie},
 };

 use super::Response;

 #[post("/refresh")]
 pub async fn res(req: HttpRequest, data: web::Data<Data>) -> Result<HttpResponse, Error> {
-    let recv_refresh_token_cookie = req.cookie("refresh_token");
+    let mut refresh_token_cookie = req.cookie("refresh_token").ok_or(Error::Unauthorized("request has no refresh token".to_string()))?;

-    if recv_refresh_token_cookie.is_none() {
-        return Ok(HttpResponse::Unauthorized().finish());
-    }
-
-    let mut refresh_token = String::from(recv_refresh_token_cookie.unwrap().value());
+    let mut refresh_token = String::from(refresh_token_cookie.value());

    let current_time = SystemTime::now().duration_since(UNIX_EPOCH)?.as_secs() as i64;

@ -47,8 +43,6 @@ pub async fn res(req: HttpRequest, data: web::Data<Data>) -> Result<HttpResponse
                error!("{}", error);
            }

-            let mut refresh_token_cookie = refresh_token_cookie(refresh_token);
-
            refresh_token_cookie.make_removal();

            return Ok(HttpResponse::Unauthorized()
@ -91,12 +85,10 @@ pub async fn res(req: HttpRequest, data: web::Data<Data>) -> Result<HttpResponse
            .await?;

        return Ok(HttpResponse::Ok()
-            .cookie(refresh_token_cookie(refresh_token))
+            .cookie(new_refresh_token_cookie(refresh_token))
            .json(Response { access_token }));
    }

-    let mut refresh_token_cookie = refresh_token_cookie(refresh_token);
-
    refresh_token_cookie.make_removal();

    Ok(HttpResponse::Unauthorized()
--- a/src/api/v1/auth/register.rs
+++ b/src/api/v1/auth/register.rs
@ -21,7 +21,7 @@ use crate::{
    },
    utils::{
        EMAIL_REGEX, PASSWORD_REGEX, USERNAME_REGEX, generate_access_token, generate_refresh_token,
-        refresh_token_cookie,
+        new_refresh_token_cookie,
    },
 };

@ -146,7 +146,7 @@ pub async fn res(
            .await?;

        return Ok(HttpResponse::Ok()
-            .cookie(refresh_token_cookie(refresh_token))
+            .cookie(new_refresh_token_cookie(refresh_token))
            .json(Response { access_token }));
    }

--- a/src/utils.rs
+++ b/src/utils.rs
@ -100,7 +100,7 @@ pub fn get_ws_protocol_header(headers: &HeaderMap) -> Result<&str, Error> {
    Ok(auth_value.unwrap())
 }

-pub fn refresh_token_cookie(refresh_token: String) -> Cookie<'static> {
+pub fn new_refresh_token_cookie(refresh_token: String) -> Cookie<'static> {
    Cookie::build("refresh_token", refresh_token)
        .http_only(true)
        .secure(true)
Author	SHA1	Message	Date
Radical	60f0219e85	feat: add logout endpoint Some checks failed ci/woodpecker/push/publish-docs Pipeline is pending Details ci/woodpecker/push/build-and-publish Pipeline failed Details	2025-05-31 14:43:48 +02:00
Radical	38aab46534	style: rename refresh_token_cookie() to new_refresh_token_cookie() and fix error message when no refresh_token is found on refresh	2025-05-31 14:41:29 +02:00