chore(auth): add revoked access token checks
Signed-off-by: Alan Brault <alan.brault@visus.io>
This commit is contained in:
@@ -14,15 +14,18 @@ import io.visus.demos.kotlinapi.api.contracts.LoginRequest
|
||||
import io.visus.demos.kotlinapi.api.contracts.RefreshTokenRequest
|
||||
import io.visus.demos.kotlinapi.api.contracts.RegisterRequest
|
||||
import io.visus.demos.kotlinapi.api.contracts.RegisterResponse
|
||||
import io.visus.demos.kotlinapi.domain.exception.InvalidTokenException
|
||||
import io.visus.demos.kotlinapi.domain.model.User
|
||||
import io.visus.demos.kotlinapi.domain.service.AuthService
|
||||
import jakarta.validation.Valid
|
||||
import org.springframework.http.HttpHeaders
|
||||
import org.springframework.http.MediaType
|
||||
import org.springframework.http.ResponseEntity
|
||||
import org.springframework.security.core.annotation.AuthenticationPrincipal
|
||||
import org.springframework.web.bind.annotation.PostMapping
|
||||
import org.springframework.web.bind.annotation.RequestBody
|
||||
import org.springframework.web.bind.annotation.RestController
|
||||
import org.springframework.web.server.ServerWebExchange
|
||||
|
||||
@RestController
|
||||
@ApiVersion(version = 1)
|
||||
@@ -83,8 +86,15 @@ class AuthController(
|
||||
)
|
||||
suspend fun logout(
|
||||
@AuthenticationPrincipal user: User,
|
||||
exchange: ServerWebExchange,
|
||||
): ResponseEntity<Unit> {
|
||||
authService.logout(user.id!!)
|
||||
val authHeader =
|
||||
exchange.request.headers.getFirst(HttpHeaders.AUTHORIZATION)
|
||||
?: throw InvalidTokenException("Authorization header is missing")
|
||||
|
||||
val accessToken = authHeader.removePrefix("Bearer ")
|
||||
|
||||
authService.logout(user.id!!, accessToken)
|
||||
return ResponseEntity.noContent().build()
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user