backend for xcvr appview
add logout
+35
+10
server/internal/db/oauth.go
+10
server/internal/db/oauth.go
···
126
126
return nil
127
127
}
128
128
129
+
func (s *Store) DeleteOauthSession(id int, ctx context.Context) error {
130
+
_, err := s.pool.Exec(ctx, `
131
+
DELETE FROM oauthsessions s WHERE s.id = $1
132
+
`, id)
133
+
if err != nil {
134
+
return errors.New("error deleting oauth request:" + err.Error())
135
+
}
136
+
return nil
137
+
}
138
+
129
139
func (s *Store) SetDpopPdsNonce(id int, dpopnonce string) error {
130
140
_, err := s.pool.Exec(context.Background(), `
131
141
UPDATE oauthsessions SET dpop_pds_nonce = $1 WHERE id = $2
+1
server/internal/handler/handler.go
+1
server/internal/handler/handler.go
···
48
48
// oauth handlers
49
49
mux.HandleFunc(oauthJWKSPath(), h.WithCORS(h.serveJWKS))
50
50
mux.HandleFunc("POST /oauth/login", h.oauthLogin)
51
+
mux.HandleFunc("POST /oauth/logout", h.oauthLogout)
51
52
mux.HandleFunc("GET /oauth/whoami", h.getSession)
52
53
mux.HandleFunc(oauthCallbackPath(), h.WithCORS(h.oauthCallback))
53
54
return h
+17
server/internal/handler/oauthHandlers.go
+17
server/internal/handler/oauthHandlers.go
···
252
252
h.clientmap.Append(session.ID, client, session.Expiration)
253
253
return client
254
254
}
255
+
256
+
func (h *Handler) oauthLogout(w http.ResponseWriter, r *http.Request) {
257
+
s, _ := h.sessionStore.Get(r, "oauthsession")
258
+
id, ok := s.Values["id"].(int)
259
+
if ok {
260
+
h.db.DeleteOauthSession(id, r.Context())
261
+
h.clientmap.Delete(id)
262
+
}
263
+
s.Values = make(map[interface{}]interface{})
264
+
s.Options.MaxAge = -1
265
+
err := s.Save(r, w)
266
+
if err != nil {
267
+
h.serverError(w, errors.New("issue logging out: "+err.Error()))
268
+
return
269
+
}
270
+
http.Redirect(w, r, "/", http.StatusSeeOther)
271
+
}