Reduce access token duration and enhance auth endpoints

WebsiteBackend/src/de/steamwar/routes/v2/Auth.kt

@@ -115,7 +115,7 @@ fun Route.configureNewAuth() {
             call.respond(HttpStatusCode.OK)
         }
         route("/state") {
-            post("/create") {
+            post {
                 val request = call.receive<UsernamePassword>()
 
                 val user = SteamwarUser.get(request.name)
@@ -128,12 +128,12 @@ fun Route.configureNewAuth() {
 
                 call.respond(user.createAccessAndRefreshToken(request.keepLoggedIn))
             }
-            post("/refresh") {
+            put {
                 val token = call.principal<SWAuthPrincipal>()
 
                 if (token == null || token.token.type != TokenType.REFRESH_TOKEN) {
                     call.respond(HttpStatusCode.Forbidden, ResponseError("Invalid token type", "invalid"))
-                    return@post
+                    return@put
                 }
 
                 val code = token.token.name.substringAfterLast('-')
@@ -145,6 +145,19 @@ fun Route.configureNewAuth() {
 
                 call.respond(token.user.createAccessAndRefreshToken(true))
             }
+            delete {
+                val token = call.principal<SWAuthPrincipal>()
+                token?.let { t ->
+                    t.token.delete()
+                    val code = t.token.name.substringAfterLast('-')
+                    Token.listUser(token.user)
+                        .filter { it.type == TokenType.REFRESH_TOKEN }
+                        .filter { it.name.endsWith(code) }
+                        .forEach { it.delete() }
+                }
+
+                call.respond(HttpStatusCode.OK)
+            }
         }
     }
 }

WebsiteBackend/src/de/steamwar/util/TokenUtils.kt

@@ -23,7 +23,6 @@ import de.steamwar.sql.Token
 import java.time.LocalDateTime
 import kotlin.time.Duration
 import kotlin.time.Duration.Companion.days
-import kotlin.time.Duration.Companion.hours
 import kotlin.time.Duration.Companion.minutes
 import kotlin.time.toJavaDuration
 
@@ -38,7 +37,7 @@ val Token.type: TokenType
 val TokenType.lifetime: Duration
     get() = when (this) {
         TokenType.REFRESH_TOKEN -> 7.days
-        TokenType.ACCESS_TOKEN -> 1.hours
+        TokenType.ACCESS_TOKEN -> 5.minutes
         TokenType.RESET_PASSWORD -> 10.minutes
         TokenType.OLD_TOKEN -> 1.days
     }