CODE-623: API to logout a user and delete the session token from database (#202)

2025-05-10 12:20:40 +08:00 · 2023-07-18 10:19:00 +00:00 · 2023-07-18 10:19:00 +00:00 · e26e578da2
commit e26e578da2
parent a47e8a89d5
4 changed files with 81 additions and 0 deletions
--- a/internal/api/controller/user/logout.go
+++ b/internal/api/controller/user/logout.go
@ -0,0 +1,40 @@
+// Copyright 2022 Harness Inc. All rights reserved.
+// Use of this source code is governed by the Polyform Free Trial License
+// that can be found in the LICENSE.md file for this repository.
+
+package user
+
+import (
+	"context"
+	"errors"
+
+	"github.com/harness/gitness/internal/api/usererror"
+	"github.com/harness/gitness/internal/auth"
+	"github.com/harness/gitness/types/enum"
+)
+
+// Logout searches for the user's token present in the request and proceeds to  delete it,
+// returns nil if successful.
+func (c *Controller) Logout(ctx context.Context, session *auth.Session) error {
+	var (
+		tokenID   int64
+		tokenType enum.TokenType
+	)
+
+	if session == nil {
+		return usererror.BadRequest("no authenticated user")
+	}
+	switch t := session.Metadata.(type) {
+	case *auth.TokenMetadata:
+		tokenID = t.TokenID
+		tokenType = t.TokenType
+	default:
+		return errors.New("session metadata is of unknown type")
+	}
+
+	if tokenType != enum.TokenTypeSession {
+		return usererror.BadRequestf("unsupported logout token type %v", tokenType)
+	}
+
+	return c.tokenStore.Delete(ctx, tokenID)
+}
--- a/internal/api/handler/account/logout.go
+++ b/internal/api/handler/account/logout.go
@ -0,0 +1,30 @@
+// Copyright 2022 Harness Inc. All rights reserved.
+// Use of this source code is governed by the Polyform Free Trial License
+// that can be found in the LICENSE.md file for this repository.
+
+package account
+
+import (
+	"net/http"
+
+	"github.com/harness/gitness/internal/api/controller/user"
+	"github.com/harness/gitness/internal/api/render"
+	"github.com/harness/gitness/internal/api/request"
+)
+
+// HandleLogout returns a http.HandlerFunc that deletes the
+// user token being used in the respective request and logs the user out.
+func HandleLogout(userCtrl *user.Controller) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		ctx := r.Context()
+		session, _ := request.AuthSessionFrom(ctx)
+
+		err := userCtrl.Logout(ctx, session)
+		if err != nil {
+			render.TranslatedUserError(w, err)
+			return
+		}
+
+		render.DeleteSuccessful(w)
+	}
+}
--- a/internal/api/openapi/account.go
+++ b/internal/api/openapi/account.go
@ -40,6 +40,16 @@ func buildAccount(reflector *openapi3.Reflector) {
 	_ = reflector.SetJSONResponse(&onLogin, new(usererror.Error), http.StatusNotFound)
 	_ = reflector.Spec.AddOperation(http.MethodPost, "/login", onLogin)

+	opLogout := openapi3.Operation{}
+	opLogout.WithTags("account")
+	opLogout.WithMapOfAnything(map[string]interface{}{"operationId": "opLogout"})
+	_ = reflector.SetRequest(&opLogout, nil, http.MethodPost)
+	_ = reflector.SetJSONResponse(&opLogout, nil, http.StatusOK)
+	_ = reflector.SetJSONResponse(&opLogout, new(usererror.Error), http.StatusBadRequest)
+	_ = reflector.SetJSONResponse(&opLogout, new(usererror.Error), http.StatusInternalServerError)
+	_ = reflector.SetJSONResponse(&opLogout, new(usererror.Error), http.StatusNotFound)
+	_ = reflector.Spec.AddOperation(http.MethodPost, "/logout", opLogout)
+
 	onRegister := openapi3.Operation{}
 	onRegister.WithTags("account")
 	onRegister.WithMapOfAnything(map[string]interface{}{"operationId": "onRegister"})
--- a/internal/router/api.go
+++ b/internal/router/api.go
@ -434,4 +434,5 @@ func setupAdmin(r chi.Router, userCtrl *user.Controller) {
 func setupAccount(r chi.Router, userCtrl *user.Controller) {
 	r.Post("/login", account.HandleLogin(userCtrl))
 	r.Post("/register", account.HandleRegister(userCtrl))
+	r.Post("/logout", account.HandleLogout(userCtrl))
 }