diff options
author | r <r@freesoftwareextremist.com> | 2020-03-04 15:59:59 +0000 |
---|---|---|
committer | r <r@freesoftwareextremist.com> | 2020-03-04 15:59:59 +0000 |
commit | 911c9b79937a82bd4574972fa24f45f5cb922092 (patch) | |
tree | c0f0ce04c6e0d0e2b8a7b552b8cb887ceb362ad5 /service | |
parent | 35a8c247d910f4a17aea5dd9df511f6e44bbc4bf (diff) | |
download | bloat-911c9b79937a82bd4574972fa24f45f5cb922092.tar.gz bloat-911c9b79937a82bd4574972fa24f45f5cb922092.zip |
Remove session details on signout
Diffstat (limited to 'service')
-rw-r--r-- | service/auth.go | 13 | ||||
-rw-r--r-- | service/logging.go | 8 | ||||
-rw-r--r-- | service/service.go | 6 | ||||
-rw-r--r-- | service/transport.go | 8 |
4 files changed, 33 insertions, 2 deletions
diff --git a/service/auth.go b/service/auth.go index 9e6f709..7fd238b 100644 --- a/service/auth.go +++ b/service/auth.go @@ -204,6 +204,19 @@ func (s *as) Signin(ctx context.Context, c *model.Client, sessionID string, return } +func (s *as) Signout(ctx context.Context, c *model.Client) (err error) { + err = s.authenticateClient(ctx, c) + if err != nil { + return + } + err = checkCSRF(ctx, c) + if err != nil { + return + } + s.Service.Signout(ctx, c) + return +} + func (s *as) Post(ctx context.Context, c *model.Client, content string, replyToID string, format string, visibility string, isNSFW bool, files []*multipart.FileHeader) (id string, err error) { diff --git a/service/logging.go b/service/logging.go index 795f329..2955959 100644 --- a/service/logging.go +++ b/service/logging.go @@ -162,6 +162,14 @@ func (s *ls) Signin(ctx context.Context, c *model.Client, sessionID string, return s.Service.Signin(ctx, c, sessionID, code) } +func (s *ls) Signout(ctx context.Context, c *model.Client) (err error) { + defer func(begin time.Time) { + s.logger.Printf("method=%v, took=%v, err=%v\n", + "Signout", time.Since(begin), err) + }(time.Now()) + return s.Service.Signout(ctx, c) +} + func (s *ls) Post(ctx context.Context, c *model.Client, content string, replyToID string, format string, visibility string, isNSFW bool, files []*multipart.FileHeader) (id string, err error) { diff --git a/service/service.go b/service/service.go index e81e007..b039849 100644 --- a/service/service.go +++ b/service/service.go @@ -38,6 +38,7 @@ type Service interface { NewSession(ctx context.Context, instance string) (redirectUrl string, sessionID string, err error) Signin(ctx context.Context, c *model.Client, sessionID string, code string) (token string, userID string, err error) + Signout(ctx context.Context, c *model.Client) (err error) Post(ctx context.Context, c *model.Client, content string, replyToID string, format string, visibility string, isNSFW bool, files []*multipart.FileHeader) (id string, err error) Like(ctx context.Context, c *model.Client, id string) (count int64, err error) @@ -722,6 +723,11 @@ func (svc *service) Signin(ctx context.Context, c *model.Client, return } +func (svc *service) Signout(ctx context.Context, c *model.Client) (err error) { + svc.sessionRepo.Remove(c.Session.ID) + return +} + func (svc *service) Post(ctx context.Context, c *model.Client, content string, replyToID string, format string, visibility string, isNSFW bool, files []*multipart.FileHeader) (id string, err error) { diff --git a/service/transport.go b/service/transport.go index 48e2ee2..6540333 100644 --- a/service/transport.go +++ b/service/transport.go @@ -646,12 +646,16 @@ func NewHandler(s Service, staticDir string) http.Handler { } signout := func(w http.ResponseWriter, req *http.Request) { - // TODO remove session from database + c := newClient(w) + ctx := newCtxWithSesionCSRF(req, req.FormValue("csrf_token")) + + s.Signout(ctx, c) http.SetCookie(w, &http.Cookie{ Name: "session_id", Value: "", Expires: time.Now(), }) + w.Header().Add("Location", "/") w.WriteHeader(http.StatusFound) } @@ -763,7 +767,7 @@ func NewHandler(s Service, staticDir string) http.Handler { r.HandleFunc("/unmuteconv/{id}", unMuteConversation).Methods(http.MethodPost) r.HandleFunc("/delete/{id}", delete).Methods(http.MethodPost) r.HandleFunc("/notifications/read", readNotifications).Methods(http.MethodPost) - r.HandleFunc("/signout", signout).Methods(http.MethodGet) + r.HandleFunc("/signout", signout).Methods(http.MethodPost) r.HandleFunc("/fluoride/like/{id}", fLike).Methods(http.MethodPost) r.HandleFunc("/fluoride/unlike/{id}", fUnlike).Methods(http.MethodPost) r.HandleFunc("/fluoride/retweet/{id}", fRetweet).Methods(http.MethodPost) |