fix: add logout endpoint and session cleanup
This commit is contained in:
@@ -47,6 +47,10 @@ func NewService(db *sql.DB, encryptionKey string) *Service {
|
||||
}
|
||||
|
||||
func (s *Service) Login(ctx context.Context, username, password string) (Session, error) {
|
||||
if err := s.cleanupExpiredSessions(ctx); err != nil {
|
||||
return Session{}, fmt.Errorf("cleanup expired sessions: %w", err)
|
||||
}
|
||||
|
||||
user, passwordHash, _, err := s.findUserByUsername(ctx, username)
|
||||
if err != nil {
|
||||
if errors.Is(err, sql.ErrNoRows) {
|
||||
@@ -107,6 +111,8 @@ func (s *Service) CurrentUserByToken(ctx context.Context, token string) (User, e
|
||||
return User{}, ErrUnauthorized
|
||||
}
|
||||
|
||||
_ = s.cleanupExpiredSessions(ctx)
|
||||
|
||||
user, err := s.findUserByToken(ctx, token)
|
||||
if err != nil {
|
||||
if errors.Is(err, sql.ErrNoRows) {
|
||||
@@ -118,6 +124,16 @@ func (s *Service) CurrentUserByToken(ctx context.Context, token string) (User, e
|
||||
return user, nil
|
||||
}
|
||||
|
||||
func (s *Service) Logout(ctx context.Context, token string) error {
|
||||
if strings.TrimSpace(token) == "" {
|
||||
return nil
|
||||
}
|
||||
if _, err := s.db.ExecContext(ctx, `DELETE FROM sessions WHERE token = ?`, strings.TrimSpace(token)); err != nil {
|
||||
return fmt.Errorf("delete session: %w", err)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (s *Service) CurrentUserBySubsonicAuth(ctx context.Context, username, password, token, salt string) (User, error) {
|
||||
if username == "" {
|
||||
return User{}, ErrUnauthorized
|
||||
@@ -262,6 +278,11 @@ func (s *Service) storeSubsonicSecret(ctx context.Context, userID, password stri
|
||||
return err
|
||||
}
|
||||
|
||||
func (s *Service) cleanupExpiredSessions(ctx context.Context) error {
|
||||
_, err := s.db.ExecContext(ctx, `DELETE FROM sessions WHERE expires_at <= ?`, time.Now().UTC().Format(time.RFC3339))
|
||||
return err
|
||||
}
|
||||
|
||||
func EncryptSubsonicSecret(value, key string) (string, error) {
|
||||
return encryptSecret(value, key)
|
||||
}
|
||||
|
||||
@@ -52,6 +52,7 @@ func NewRouter(cfg config.Config, database *sql.DB, scanService *scanner.Service
|
||||
|
||||
r.Route("/api", func(api chi.Router) {
|
||||
api.Post("/auth/login", application.login)
|
||||
api.Post("/auth/logout", application.logout)
|
||||
|
||||
api.Group(func(private chi.Router) {
|
||||
private.Use(application.requireAuth)
|
||||
@@ -142,6 +143,25 @@ func (a app) login(w http.ResponseWriter, r *http.Request) {
|
||||
writeJSON(w, http.StatusOK, session)
|
||||
}
|
||||
|
||||
func (a app) logout(w http.ResponseWriter, r *http.Request) {
|
||||
token := strings.TrimSpace(strings.TrimPrefix(r.Header.Get("Authorization"), "Bearer "))
|
||||
if token == "" {
|
||||
var payload struct {
|
||||
Token string `json:"token"`
|
||||
}
|
||||
if err := json.NewDecoder(r.Body).Decode(&payload); err == nil {
|
||||
token = strings.TrimSpace(payload.Token)
|
||||
}
|
||||
}
|
||||
|
||||
if err := a.auth.Logout(r.Context(), token); err != nil {
|
||||
writeJSON(w, http.StatusInternalServerError, map[string]string{"error": "logout failed"})
|
||||
return
|
||||
}
|
||||
|
||||
writeJSON(w, http.StatusOK, map[string]any{"status": "ok"})
|
||||
}
|
||||
|
||||
func (a app) me(w http.ResponseWriter, r *http.Request) {
|
||||
user := currentUserFromContext(r)
|
||||
writeJSON(w, http.StatusOK, user)
|
||||
|
||||
Reference in New Issue
Block a user