✨ Add logout endpoint, invalidate session

staart · Sep 3, 2019 · da895a6 · da895a6
1 parent 5b484b8
commit da895a6
Show file tree

Hide file tree

Showing 4 changed files with 33 additions and 4 deletions.
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "staart-manager",
-  "version": "1.1.22",
+  "version": "1.1.23",
   "main": "index.js",
   "repository": "[email protected]:AnandChowdhary/staart.git",
   "author": "Anand Chowdhary <[email protected]>",
@@ -147,5 +147,5 @@
     "setup"
   ],
   "snyk": true,
-  "staart-version": "1.1.22"
+  "staart-version": "1.1.23"
 }
diff --git a/src/controllers/v1/auth.ts b/src/controllers/v1/auth.ts
@@ -9,7 +9,8 @@ import {
   approveLocation,
   verifyEmail,
   register,
-  login2FA
+  login2FA,
+  invalidateRefreshToken
 } from "../../rest/auth";
 import { verifyToken, LoginResponse } from "../../helpers/jwt";
 import {
@@ -181,6 +182,14 @@ export class AuthController {
     res.json(await validateRefreshToken(token, res.locals));
   }
 
+  @Post("logout")
+  async postLogout(req: Request, res: Response) {
+    const token =
+      req.body.token || (req.get("Authorization") || "").replace("Bearer ", "");
+    joiValidate({ token: Joi.string().required() }, { token });
+    res.json(await invalidateRefreshToken(token, res.locals));
+  }
+
   @Post("reset-password/request")
   @Middleware(
     validator(

diff --git a/src/crud/user.ts b/src/crud/user.ts
@@ -490,6 +490,19 @@ export const updateSessionByJwt = async (
   );
 };
 
+/**
+ * Update a user's details
+ */
+export const deleteSessionByJwt = async (
+  userId: string,
+  sessionJwt: string
+) => {
+  return await query(
+    `DELETE FROM ${tableName("sessions")} WHERE jwtToken = ? AND userId = ?`,
+    [sessionJwt, userId]
+  );
+};
+
 /**
  * Invalidate a session
  */

diff --git a/src/rest/auth.ts b/src/rest/auth.ts
@@ -7,7 +7,8 @@ import {
   addApprovedLocation,
   getUserBackupCode,
   updateBackupCode,
-  checkUsernameAvailability
+  checkUsernameAvailability,
+  deleteSessionByJwt
 } from "../crud/user";
 import { InsertResult } from "../interfaces/mysql";
 import {
@@ -64,6 +65,12 @@ export const validateRefreshToken = async (token: string, locals: Locals) => {
   return await postLoginTokens(user, locals, token);
 };
 
+export const invalidateRefreshToken = async (token: string, locals: Locals) => {
+  const data = <User>await verifyToken(token, Tokens.REFRESH);
+  if (!data.id) throw new Error(ErrorCode.USER_NOT_FOUND);
+  await deleteSessionByJwt(data.id, token);
+};
+
 export const login = async (
   email: string,
   password: string,