From dc8272b15f2208629375f626184cdad70db970aa Mon Sep 17 00:00:00 2001 From: Daniel Ponte Date: Fri, 22 Nov 2024 17:05:29 -0500 Subject: [PATCH] Improve logout --- client/admin/src/app/auth.guard.ts | 14 ++++----- client/admin/src/app/login/auth.service.ts | 35 ++++++++++++++-------- client/client.go | 1 + pkg/auth/auth.go | 1 + pkg/auth/jwt.go | 27 +++++++++++++++++ 5 files changed, 57 insertions(+), 21 deletions(-) diff --git a/client/admin/src/app/auth.guard.ts b/client/admin/src/app/auth.guard.ts index 0213787..77c732b 100644 --- a/client/admin/src/app/auth.guard.ts +++ b/client/admin/src/app/auth.guard.ts @@ -1,5 +1,5 @@ import { Router, CanActivateFn } from '@angular/router'; -import { AuthService } from './login/auth.service' +import { AuthService } from './login/auth.service'; import { inject } from '@angular/core'; export const AuthGuard: CanActivateFn = (route, state) => { @@ -7,16 +7,14 @@ export const AuthGuard: CanActivateFn = (route, state) => { const authSvc: AuthService = inject(AuthService); if (sessionStorage.getItem('jwt') == null) { let success = false; - authSvc.refresh() - .subscribe((event) => { - if (event?.status == 200) { - success = true; - } - }); + authSvc.refresh().subscribe((event) => { + if (event?.status == 200) { + success = true; + } + }); router.navigate(['/login']); return success; } else { - return true; } }; diff --git a/client/admin/src/app/login/auth.service.ts b/client/admin/src/app/login/auth.service.ts index e86b11f..c774903 100644 --- a/client/admin/src/app/login/auth.service.ts +++ b/client/admin/src/app/login/auth.service.ts @@ -41,24 +41,33 @@ export class AuthService { ); } - refresh(): Observable> { - return this.http.get('/api/refresh', { withCredentials: true, observe: 'response' }).pipe( - tap((event) => { + logout() { + this.http + .get('/api/logout', { withCredentials: true, observe: 'response' }) + .subscribe((event) => { if (event.status == 200) { - sessionStorage.setItem('jwt', event.body?.jwt.toString() ?? ''); - this.loggedIn = true; + this.loggedIn = false; } - }), - ); + }); + sessionStorage.removeItem('jwt'); + this.loggedIn = false; + this._router.navigateByUrl('/login'); + } + + refresh(): Observable> { + return this.http + .get('/api/refresh', { withCredentials: true, observe: 'response' }) + .pipe( + tap((event) => { + if (event.status == 200) { + sessionStorage.setItem('jwt', event.body?.jwt.toString() ?? ''); + this.loggedIn = true; + } + }), + ); } getToken(): string | null { return sessionStorage.getItem('jwt'); } - - logout() { - sessionStorage.removeItem('jwt'); - this.loggedIn = false; - this._router.navigateByUrl('/login'); - } } diff --git a/client/client.go b/client/client.go index 7c679d6..8dd8972 100644 --- a/client/client.go +++ b/client/client.go @@ -5,5 +5,6 @@ import ( ) const Prefix = "admin/dist/admin/browser" + //go:embed admin/dist/admin/browser var Client embed.FS diff --git a/pkg/auth/auth.go b/pkg/auth/auth.go index 0fc5cf3..a5d5720 100644 --- a/pkg/auth/auth.go +++ b/pkg/auth/auth.go @@ -77,6 +77,7 @@ func (a *Auth) PublicRoutes(r chi.Router) { func (a *Auth) PrivateRoutes(r chi.Router) { r.Get("/api/refresh", a.routeRefresh) + r.Get("/api/logout", a.routeLogout) } //go:embed login.html diff --git a/pkg/auth/jwt.go b/pkg/auth/jwt.go index bb8501c..bbd7c14 100644 --- a/pkg/auth/jwt.go +++ b/pkg/auth/jwt.go @@ -237,3 +237,30 @@ func (a *Auth) routeAuth(w http.ResponseWriter, r *http.Request) { render.JSON(w, r, &jr) } + +func (a *Auth) routeLogout(w http.ResponseWriter, r *http.Request) { + cookie := &http.Cookie{ + Name: "jwt", + Value: "", + HttpOnly: true, + Secure: true, + Expires: time.Time{}, + } + + if a.allowInsecureCookie(r) { + cookie.Secure = false + cookie.SameSite = http.SameSiteLaxMode + } else { + cookie.Domain = a.cfg.Domain + } + + http.SetCookie(w, cookie) + + jr := struct { + Message string `json:"message"` + }{ + Message: "logged out", + } + + render.JSON(w, r, &jr) +}