-
Notifications
You must be signed in to change notification settings - Fork 28
/
logout.go
79 lines (66 loc) · 2.01 KB
/
logout.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
// Copyright (c) 2021 Target Brands, Inc. All rights reserved.
//
// Use of this source code is governed by the LICENSE file in this repository.
package api
import (
"fmt"
"net/http"
"net/url"
"github.com/gin-gonic/gin"
"github.com/go-vela/server/database"
"github.com/go-vela/server/router/middleware/user"
"github.com/go-vela/server/util"
"github.com/go-vela/types"
"github.com/go-vela/types/constants"
"github.com/sirupsen/logrus"
)
// swagger:operation GET /logout authenticate GetLogout
//
// Log out of the Vela api
//
// ---
// produces:
// - application/json
// responses:
// '200':
// description: Successfully logged out
// schema:
// type: string
// '503':
// description: Logout did not succeed
// schema:
// "$ref": "#/definitions/Error"
// Logout represents the API handler to
// process a user logging out of Vela.
// Primarily, it deletes the current
// refresh token cookie.
func Logout(c *gin.Context) {
// grab the metadata to help deal with the cookie
m := c.MustGet("metadata").(*types.Metadata)
u := user.Retrieve(c)
logrus.Infof("logging out user: %s", u.GetName())
// parse the address for the backend server
// so we can set it for the cookie domain
addr, err := url.Parse(m.Vela.Address)
if err != nil {
// silently fail
logrus.Error("unable to parse Vela address during logout")
}
// set the same samesite attribute we used to create the cookie
c.SetSameSite(http.SameSiteLaxMode)
// remove the refresh token from the cookies, Max-Age value -1 will do it
c.SetCookie(
constants.RefreshTokenName, "", -1, "/", addr.Hostname(), c.Value("securecookie").(bool), true,
)
// unset the refresh token for the user
u.SetRefreshToken("")
// send API call to update the user in the database
err = database.FromContext(c).UpdateUser(u)
if err != nil {
retErr := fmt.Errorf("unable to update user %s: %w", u.GetName(), err)
util.HandleError(c, http.StatusServiceUnavailable, retErr)
return
}
// return 200 for successful logout
c.JSON(http.StatusOK, "ok")
}