diff options
author | r <r@freesoftwareextremist.com> | 2023-10-02 06:44:26 +0000 |
---|---|---|
committer | r <r@freesoftwareextremist.com> | 2023-10-02 06:44:26 +0000 |
commit | b83a00aa2cdabfc20c162379c885caac0110e167 (patch) | |
tree | e212d216b794374624bef4d241038a763066a250 | |
parent | df031d5eddc3dc581e228bfcd9a327b9f169cdd5 (diff) | |
download | bloat-b83a00aa2cdabfc20c162379c885caac0110e167.tar.gz bloat-b83a00aa2cdabfc20c162379c885caac0110e167.zip |
Revoke oauth token on signout
-rw-r--r-- | mastodon/mastodon.go | 10 | ||||
-rw-r--r-- | service/service.go | 4 | ||||
-rw-r--r-- | service/transport.go | 4 |
3 files changed, 18 insertions, 0 deletions
diff --git a/mastodon/mastodon.go b/mastodon/mastodon.go index a80269d..194ca30 100644 --- a/mastodon/mastodon.go +++ b/mastodon/mastodon.go @@ -138,6 +138,16 @@ func (c *Client) AuthenticateToken(ctx context.Context, authCode, redirectURI st return c.authenticate(ctx, params) } +func (c *Client) RevokeToken(ctx context.Context) error { + params := url.Values{ + "client_id": {c.config.ClientID}, + "client_secret": {c.config.ClientSecret}, + "token": {c.GetAccessToken(ctx)}, + } + + return c.doAPI(ctx, http.MethodPost, "/oauth/revoke", params, nil, nil) +} + func (c *Client) authenticate(ctx context.Context, params url.Values) error { u, err := url.Parse(c.config.Server) if err != nil { diff --git a/service/service.go b/service/service.go index 7043310..6b8d0ee 100644 --- a/service/service.go +++ b/service/service.go @@ -902,6 +902,10 @@ func (s *service) Signin(c *client, code string) (err error) { return c.setSession(c.s) } +func (s *service) Signout(c *client) (err error) { + return c.RevokeToken(c.ctx) +} + func (s *service) Post(c *client, content string, replyToID string, format string, visibility string, isNSFW bool, files []*multipart.FileHeader) (id string, err error) { diff --git a/service/transport.go b/service/transport.go index 69d08e2..1182d6c 100644 --- a/service/transport.go +++ b/service/transport.go @@ -676,6 +676,10 @@ func NewHandler(s *service, verbose bool, staticDir string) http.Handler { }, CSRF, HTML) signout := handle(func(c *client) error { + err := s.Signout(c) + if err != nil { + return err + } c.unsetSession() c.redirect("/") return nil |