diff options
author | r <r@freesoftwareextremist.com> | 2020-03-04 15:59:59 +0000 |
---|---|---|
committer | r <r@freesoftwareextremist.com> | 2020-03-04 15:59:59 +0000 |
commit | 911c9b79937a82bd4574972fa24f45f5cb922092 (patch) | |
tree | c0f0ce04c6e0d0e2b8a7b552b8cb887ceb362ad5 | |
parent | 35a8c247d910f4a17aea5dd9df511f6e44bbc4bf (diff) | |
download | bloat-911c9b79937a82bd4574972fa24f45f5cb922092.tar.gz bloat-911c9b79937a82bd4574972fa24f45f5cb922092.zip |
Remove session details on signout
-rw-r--r-- | go.mod | 2 | ||||
-rw-r--r-- | model/session.go | 1 | ||||
-rw-r--r-- | repo/sessionRepo.go | 5 | ||||
-rw-r--r-- | service/auth.go | 13 | ||||
-rw-r--r-- | service/logging.go | 8 | ||||
-rw-r--r-- | service/service.go | 6 | ||||
-rw-r--r-- | service/transport.go | 8 | ||||
-rw-r--r-- | static/style.css | 4 | ||||
-rw-r--r-- | templates/nav.tmpl | 5 |
9 files changed, 49 insertions, 3 deletions
@@ -4,3 +4,5 @@ require ( github.com/gorilla/mux v1.7.3 github.com/tomnomnom/linkheader v0.0.0-20180905144013-02ca5825eb80 ) + +go 1.13 diff --git a/model/session.go b/model/session.go index c18225c..5ff079b 100644 --- a/model/session.go +++ b/model/session.go @@ -20,6 +20,7 @@ type Session struct { type SessionRepo interface { Add(session Session) (err error) Get(sessionID string) (session Session, err error) + Remove(sessionID string) } func (s Session) IsLoggedIn() bool { diff --git a/repo/sessionRepo.go b/repo/sessionRepo.go index ce923b1..15e3d31 100644 --- a/repo/sessionRepo.go +++ b/repo/sessionRepo.go @@ -40,3 +40,8 @@ func (repo *sessionRepo) Get(id string) (s model.Session, err error) { return } + +func (repo *sessionRepo) Remove(id string) { + repo.db.Remove(id) + return +} diff --git a/service/auth.go b/service/auth.go index 9e6f709..7fd238b 100644 --- a/service/auth.go +++ b/service/auth.go @@ -204,6 +204,19 @@ func (s *as) Signin(ctx context.Context, c *model.Client, sessionID string, return } +func (s *as) Signout(ctx context.Context, c *model.Client) (err error) { + err = s.authenticateClient(ctx, c) + if err != nil { + return + } + err = checkCSRF(ctx, c) + if err != nil { + return + } + s.Service.Signout(ctx, c) + return +} + func (s *as) Post(ctx context.Context, c *model.Client, content string, replyToID string, format string, visibility string, isNSFW bool, files []*multipart.FileHeader) (id string, err error) { diff --git a/service/logging.go b/service/logging.go index 795f329..2955959 100644 --- a/service/logging.go +++ b/service/logging.go @@ -162,6 +162,14 @@ func (s *ls) Signin(ctx context.Context, c *model.Client, sessionID string, return s.Service.Signin(ctx, c, sessionID, code) } +func (s *ls) Signout(ctx context.Context, c *model.Client) (err error) { + defer func(begin time.Time) { + s.logger.Printf("method=%v, took=%v, err=%v\n", + "Signout", time.Since(begin), err) + }(time.Now()) + return s.Service.Signout(ctx, c) +} + func (s *ls) Post(ctx context.Context, c *model.Client, content string, replyToID string, format string, visibility string, isNSFW bool, files []*multipart.FileHeader) (id string, err error) { diff --git a/service/service.go b/service/service.go index e81e007..b039849 100644 --- a/service/service.go +++ b/service/service.go @@ -38,6 +38,7 @@ type Service interface { NewSession(ctx context.Context, instance string) (redirectUrl string, sessionID string, err error) Signin(ctx context.Context, c *model.Client, sessionID string, code string) (token string, userID string, err error) + Signout(ctx context.Context, c *model.Client) (err error) Post(ctx context.Context, c *model.Client, content string, replyToID string, format string, visibility string, isNSFW bool, files []*multipart.FileHeader) (id string, err error) Like(ctx context.Context, c *model.Client, id string) (count int64, err error) @@ -722,6 +723,11 @@ func (svc *service) Signin(ctx context.Context, c *model.Client, return } +func (svc *service) Signout(ctx context.Context, c *model.Client) (err error) { + svc.sessionRepo.Remove(c.Session.ID) + return +} + func (svc *service) Post(ctx context.Context, c *model.Client, content string, replyToID string, format string, visibility string, isNSFW bool, files []*multipart.FileHeader) (id string, err error) { diff --git a/service/transport.go b/service/transport.go index 48e2ee2..6540333 100644 --- a/service/transport.go +++ b/service/transport.go @@ -646,12 +646,16 @@ func NewHandler(s Service, staticDir string) http.Handler { } signout := func(w http.ResponseWriter, req *http.Request) { - // TODO remove session from database + c := newClient(w) + ctx := newCtxWithSesionCSRF(req, req.FormValue("csrf_token")) + + s.Signout(ctx, c) http.SetCookie(w, &http.Cookie{ Name: "session_id", Value: "", Expires: time.Now(), }) + w.Header().Add("Location", "/") w.WriteHeader(http.StatusFound) } @@ -763,7 +767,7 @@ func NewHandler(s Service, staticDir string) http.Handler { r.HandleFunc("/unmuteconv/{id}", unMuteConversation).Methods(http.MethodPost) r.HandleFunc("/delete/{id}", delete).Methods(http.MethodPost) r.HandleFunc("/notifications/read", readNotifications).Methods(http.MethodPost) - r.HandleFunc("/signout", signout).Methods(http.MethodGet) + r.HandleFunc("/signout", signout).Methods(http.MethodPost) r.HandleFunc("/fluoride/like/{id}", fLike).Methods(http.MethodPost) r.HandleFunc("/fluoride/unlike/{id}", fUnlike).Methods(http.MethodPost) r.HandleFunc("/fluoride/retweet/{id}", fRetweet).Methods(http.MethodPost) diff --git a/static/style.css b/static/style.css index 83250af..26b8d46 100644 --- a/static/style.css +++ b/static/style.css @@ -477,6 +477,10 @@ a:hover, margin: 12px 0; } +.signout { + display: inline; +} + .dark { background-color: #222222; background-image: none; diff --git a/templates/nav.tmpl b/templates/nav.tmpl index 8922ba7..3386a7b 100644 --- a/templates/nav.tmpl +++ b/templates/nav.tmpl @@ -23,7 +23,10 @@ </div> <div> <a class="nav-link" href="/settings" target="_top">settings</a> - <a class="nav-link" href="/signout" target="_top">sign out</a> + <form class="signout" action="/signout" method="post" target="_top"> + <input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}"> + <input type="submit" value="signout" class="btn-link nav-link"> + </form> </div> </div> </div> |