add logout for refreshTokens

2026-03-22 17:25:15 -05:00
parent 74307e614c
commit 7e02d3cfe1
3 changed files with 14 additions and 6 deletions
--- a/api/Program.cs
+++ b/api/Program.cs
@@ -39,7 +39,8 @@ builder.Services.AddAuthentication(options => {
        ValidateIssuerSigningKey = true,
        ValidIssuer = "agologum",
        ValidAudience = "agologum",
-        IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(key))
+        IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(key)),
        ClockSkew = TimeSpan.Zero
    };
 });
--- a/api/src/Controllers/AuthController.cs
+++ b/api/src/Controllers/AuthController.cs
@@ -67,10 +67,10 @@ public class AuthController : ControllerBase {
    [Authorize] // authorize is handled by middleware
    [HttpPost("logout")]
-    public ActionResult Logout() {
+    public async Task<ActionResult> Logout(string refreshTokenString) {
-        // dummy endpoint
+        // revoke refresh token
-        // logout happens upon client-side jwt removal
+        bool success = await jwt_.RevokeRefreshToken(refreshTokenString);
-        // TODO: expire all refresh tokens 
+        if(!success) return NotFound();
        return Ok();
    }
@@ -106,7 +106,6 @@ public class AuthController : ControllerBase {
    }
    // TODO
    // refresh tokens
    // email verification
    // password reset
    // oh hell naw 2FA I do not care enough
--- a/api/src/Services/JwtService.cs
+++ b/api/src/Services/JwtService.cs
@@ -69,4 +69,12 @@ public class JwtService {
        return await db_.Users.FindAsync(id);
    }
    public async Task<bool> RevokeRefreshToken(string refreshTokenString) {
        var refreshToken = await db_.RefreshTokens.FirstOrDefaultAsync(u => u.Token == refreshTokenString);
        if(refreshToken == null) return false;
        refreshToken.IsRevoked = true;
        await db_.SaveChangesAsync();
        return true;
    }
 }