1
0

chore(auth): add revoked access token checks

Signed-off-by: Alan Brault <alan.brault@visus.io>
This commit is contained in:
2026-03-27 07:23:34 -04:00
parent e6cc8267d5
commit 756a80c5b9
11 changed files with 141 additions and 33 deletions
@@ -14,15 +14,18 @@ import io.visus.demos.kotlinapi.api.contracts.LoginRequest
import io.visus.demos.kotlinapi.api.contracts.RefreshTokenRequest
import io.visus.demos.kotlinapi.api.contracts.RegisterRequest
import io.visus.demos.kotlinapi.api.contracts.RegisterResponse
import io.visus.demos.kotlinapi.domain.exception.InvalidTokenException
import io.visus.demos.kotlinapi.domain.model.User
import io.visus.demos.kotlinapi.domain.service.AuthService
import jakarta.validation.Valid
import org.springframework.http.HttpHeaders
import org.springframework.http.MediaType
import org.springframework.http.ResponseEntity
import org.springframework.security.core.annotation.AuthenticationPrincipal
import org.springframework.web.bind.annotation.PostMapping
import org.springframework.web.bind.annotation.RequestBody
import org.springframework.web.bind.annotation.RestController
import org.springframework.web.server.ServerWebExchange
@RestController
@ApiVersion(version = 1)
@@ -83,8 +86,15 @@ class AuthController(
)
suspend fun logout(
@AuthenticationPrincipal user: User,
exchange: ServerWebExchange,
): ResponseEntity<Unit> {
authService.logout(user.id!!)
val authHeader =
exchange.request.headers.getFirst(HttpHeaders.AUTHORIZATION)
?: throw InvalidTokenException("Authorization header is missing")
val accessToken = authHeader.removePrefix("Bearer ")
authService.logout(user.id!!, accessToken)
return ResponseEntity.noContent().build()
}