chore: remove access token after sign out

usememos · May 20, 2024 · fb15386 · fb15386
1 parent 21838d0
commit fb15386
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 3 deletions.
diff --git a/server/router/api/v1/acl.go b/server/router/api/v1/acl.go
@@ -24,6 +24,7 @@ const (
 	// The key name used to store username in the context
 	// user id is extracted from the jwt token subject field.
 	usernameContextKey ContextKey = iota
+	accessTokenContextKey
 )
 
 // GRPCAuthInterceptor is the auth interceptor for gRPC server.
@@ -74,9 +75,9 @@ func (in *GRPCAuthInterceptor) AuthenticationInterceptor(ctx context.Context, re
 		return nil, errors.Errorf("user %q is not admin", username)
 	}
 
-	// Stores userID into context.
-	childCtx := context.WithValue(ctx, usernameContextKey, username)
-	return handler(childCtx, request)
+	ctx = context.WithValue(ctx, usernameContextKey, username)
+	ctx = context.WithValue(ctx, accessTokenContextKey, accessToken)
+	return handler(ctx, request)
 }
 
 func (in *GRPCAuthInterceptor) authenticate(ctx context.Context, accessToken string) (string, error) {

diff --git a/server/router/api/v1/auth_service.go b/server/router/api/v1/auth_service.go
@@ -3,6 +3,7 @@ package v1
 import (
 	"context"
 	"fmt"
+	"log/slog"
 	"regexp"
 	"strings"
 	"time"
@@ -214,6 +215,17 @@ func (s *APIV1Service) SignUp(ctx context.Context, request *v1pb.SignUpRequest)
 }
 
 func (s *APIV1Service) SignOut(ctx context.Context, _ *v1pb.SignOutRequest) (*emptypb.Empty, error) {
+	accessToken, ok := ctx.Value(accessTokenContextKey).(string)
+	// Try to delete the access token from the store.
+	if ok {
+		_, err := s.DeleteUserAccessToken(ctx, &v1pb.DeleteUserAccessTokenRequest{
+			AccessToken: accessToken,
+		})
+		if err != nil {
+			slog.Error("failed to delete access token", err)
+		}
+	}
+
 	if err := s.clearAccessTokenCookie(ctx); err != nil {
 		return nil, status.Errorf(codes.Internal, "failed to set grpc header, error: %v", err)
 	}