Reduce access token duration and enhance auth endpoints

2025-02-17 18:28:43 +01:00
parent 8ec12603b6
commit 7f5b57516e
2 changed files with 17 additions and 5 deletions
@@ -115,7 +115,7 @@ fun Route.configureNewAuth() {
            call.respond(HttpStatusCode.OK)
        }
        route("/state") {
-            post("/create") {
+            post {
                val request = call.receive<UsernamePassword>()

                val user = SteamwarUser.get(request.name)
@@ -128,12 +128,12 @@ fun Route.configureNewAuth() {

                call.respond(user.createAccessAndRefreshToken(request.keepLoggedIn))
            }
-            post("/refresh") {
+            put {
                val token = call.principal<SWAuthPrincipal>()

                if (token == null || token.token.type != TokenType.REFRESH_TOKEN) {
                    call.respond(HttpStatusCode.Forbidden, ResponseError("Invalid token type", "invalid"))
-                    return@post
+                    return@put
                }

                val code = token.token.name.substringAfterLast('-')
@@ -145,6 +145,19 @@ fun Route.configureNewAuth() {

                call.respond(token.user.createAccessAndRefreshToken(true))
            }
+            delete {
+                val token = call.principal<SWAuthPrincipal>()
+                token?.let { t ->
+                    t.token.delete()
+                    val code = t.token.name.substringAfterLast('-')
+                    Token.listUser(token.user)
+                        .filter { it.type == TokenType.REFRESH_TOKEN }
+                        .filter { it.name.endsWith(code) }
+                        .forEach { it.delete() }
+                }
+
+                call.respond(HttpStatusCode.OK)
+            }
        }
    }
 }