Remove session details on signout

9 files changed, 49 insertions, 3 deletions

diff --git a/go.mod b/go.mod
index 6c5c642..508d0be 100644
--- a/go.mod
+++ b/go.mod
@@ -4,3 +4,5 @@ require (
 	github.com/gorilla/mux v1.7.3
 	github.com/tomnomnom/linkheader v0.0.0-20180905144013-02ca5825eb80
 )
+
+go 1.13
diff --git a/model/session.go b/model/session.go
index c18225c..5ff079b 100644
--- a/model/session.go
+++ b/model/session.go
@@ -20,6 +20,7 @@ type Session struct {
 type SessionRepo interface {
 	Add(session Session) (err error)
 	Get(sessionID string) (session Session, err error)
+	Remove(sessionID string)
 }
 
 func (s Session) IsLoggedIn() bool {
diff --git a/repo/sessionRepo.go b/repo/sessionRepo.go
index ce923b1..15e3d31 100644
--- a/repo/sessionRepo.go
+++ b/repo/sessionRepo.go
@@ -40,3 +40,8 @@ func (repo *sessionRepo) Get(id string) (s model.Session, err error) {
 
 	return
 }
+
+func (repo *sessionRepo) Remove(id string) {
+	repo.db.Remove(id)
+	return
+}
diff --git a/service/auth.go b/service/auth.go
index 9e6f709..7fd238b 100644
--- a/service/auth.go
+++ b/service/auth.go
@@ -204,6 +204,19 @@ func (s *as) Signin(ctx context.Context, c *model.Client, sessionID string,
 	return
 }
 
+func (s *as) Signout(ctx context.Context, c *model.Client) (err error) {
+	err = s.authenticateClient(ctx, c)
+	if err != nil {
+		return
+	}
+	err = checkCSRF(ctx, c)
+	if err != nil {
+		return
+	}
+	s.Service.Signout(ctx, c)
+	return
+}
+
 func (s *as) Post(ctx context.Context, c *model.Client, content string,
 	replyToID string, format string, visibility string, isNSFW bool,
 	files []*multipart.FileHeader) (id string, err error) {
diff --git a/service/logging.go b/service/logging.go
index 795f329..2955959 100644
--- a/service/logging.go
+++ b/service/logging.go
@@ -162,6 +162,14 @@ func (s *ls) Signin(ctx context.Context, c *model.Client, sessionID string,
 	return s.Service.Signin(ctx, c, sessionID, code)
 }
 
+func (s *ls) Signout(ctx context.Context, c *model.Client) (err error) {
+	defer func(begin time.Time) {
+		s.logger.Printf("method=%v, took=%v, err=%v\n",
+			"Signout", time.Since(begin), err)
+	}(time.Now())
+	return s.Service.Signout(ctx, c)
+}
+
 func (s *ls) Post(ctx context.Context, c *model.Client, content string,
 	replyToID string, format string, visibility string, isNSFW bool,
 	files []*multipart.FileHeader) (id string, err error) {
diff --git a/service/service.go b/service/service.go
index e81e007..b039849 100644
--- a/service/service.go
+++ b/service/service.go
@@ -38,6 +38,7 @@ type Service interface {
 	NewSession(ctx context.Context, instance string) (redirectUrl string, sessionID string, err error)
 	Signin(ctx context.Context, c *model.Client, sessionID string,
 		code string) (token string, userID string, err error)
+	Signout(ctx context.Context, c *model.Client) (err error)
 	Post(ctx context.Context, c *model.Client, content string, replyToID string, format string,
 		visibility string, isNSFW bool, files []*multipart.FileHeader) (id string, err error)
 	Like(ctx context.Context, c *model.Client, id string) (count int64, err error)
@@ -722,6 +723,11 @@ func (svc *service) Signin(ctx context.Context, c *model.Client,
 	return
 }
 
+func (svc *service) Signout(ctx context.Context, c *model.Client) (err error) {
+	svc.sessionRepo.Remove(c.Session.ID)
+	return
+}
+
 func (svc *service) Post(ctx context.Context, c *model.Client, content string,
 	replyToID string, format string, visibility string, isNSFW bool,
 	files []*multipart.FileHeader) (id string, err error) {
diff --git a/service/transport.go b/service/transport.go
index 48e2ee2..6540333 100644
--- a/service/transport.go
+++ b/service/transport.go
@@ -646,12 +646,16 @@ func NewHandler(s Service, staticDir string) http.Handler {
 	}
 
 	signout := func(w http.ResponseWriter, req *http.Request) {
-		// TODO remove session from database
+		c := newClient(w)
+		ctx := newCtxWithSesionCSRF(req, req.FormValue("csrf_token"))
+
+		s.Signout(ctx, c)
 		http.SetCookie(w, &http.Cookie{
 			Name:    "session_id",
 			Value:   "",
 			Expires: time.Now(),
 		})
+
 		w.Header().Add("Location", "/")
 		w.WriteHeader(http.StatusFound)
 	}
@@ -763,7 +767,7 @@ func NewHandler(s Service, staticDir string) http.Handler {
 	r.HandleFunc("/unmuteconv/{id}", unMuteConversation).Methods(http.MethodPost)
 	r.HandleFunc("/delete/{id}", delete).Methods(http.MethodPost)
 	r.HandleFunc("/notifications/read", readNotifications).Methods(http.MethodPost)
-	r.HandleFunc("/signout", signout).Methods(http.MethodGet)
+	r.HandleFunc("/signout", signout).Methods(http.MethodPost)
 	r.HandleFunc("/fluoride/like/{id}", fLike).Methods(http.MethodPost)
 	r.HandleFunc("/fluoride/unlike/{id}", fUnlike).Methods(http.MethodPost)
 	r.HandleFunc("/fluoride/retweet/{id}", fRetweet).Methods(http.MethodPost)
diff --git a/static/style.css b/static/style.css
index 83250af..26b8d46 100644
--- a/static/style.css
+++ b/static/style.css
@@ -477,6 +477,10 @@ a:hover,
 	margin: 12px 0;
 }
 
+.signout {
+	display: inline;
+}
+
 .dark {
 	background-color: #222222;
 	background-image: none;
diff --git a/templates/nav.tmpl b/templates/nav.tmpl
index 8922ba7..3386a7b 100644
--- a/templates/nav.tmpl
+++ b/templates/nav.tmpl
@@ -23,7 +23,10 @@
 		</div>
 		<div>
 			<a class="nav-link" href="/settings" target="_top">settings</a>
-			<a class="nav-link" href="/signout" target="_top">sign out</a>
+			<form class="signout" action="/signout" method="post" target="_top">
+				<input type="hidden" name="csrf_token" value="{{$.Ctx.CSRFToken}}">
+				<input type="submit" value="signout" class="btn-link nav-link">
+			</form>
 		</div>
 	</div>
 </div>