From 865f909c28d4c88d02c5cb98eda4da70d0f7d2ad Mon Sep 17 00:00:00 2001
From: feedmeapples <aksenov.ro@outlook.com>
Date: Fri, 14 Jan 2022 10:14:33 -0500
Subject: [PATCH] Add logout endpoint

---
 server/routes/auth.go | 27 ++++++++++++++++++++++++++-
 1 file changed, 26 insertions(+), 1 deletion(-)

diff --git a/server/routes/auth.go b/server/routes/auth.go
index 0ff452c2c7..dc437bc850 100644
--- a/server/routes/auth.go
+++ b/server/routes/auth.go
@@ -81,6 +81,7 @@ func SetAuthRoutes(e *echo.Echo, cfg *config.Auth) {
 	api := e.Group("/auth")
 	api.GET("/sso", authenticate(&config))
 	api.GET("/sso/callback", authenticateCb(ctx, &config, provider))
+	api.GET("/logout", logout)
 }
 
 func authenticate(config *oauth2.Config) func(echo.Context) error {
@@ -121,10 +122,34 @@ func authenticateCb(ctx context.Context, config *oauth2.Config, provider *oidc.P
 		sess.Values["name"] = &user.IDToken.Name
 		sess.Save(c.Request(), c.Response())
 
-		return c.Redirect(http.StatusSeeOther, "/")
+		returnUrl := c.Request().Header.Get("Referer")
+		if returnUrl == "" {
+			returnUrl = "/"
+		}
+
+		return c.Redirect(http.StatusSeeOther, returnUrl)
 	}
 }
 
+func logout(c echo.Context) error {
+	sess, _ := session.Get("auth", c)
+	sess.Options = &sessions.Options{
+		Path:     "/",
+		MaxAge:   -1,
+		HttpOnly: true,
+		SameSite: http.SameSiteNoneMode,
+		Secure:   true,
+	}
+	sess.Save(c.Request(), c.Response())
+
+	returnUrl := c.Request().Header.Get("Referer")
+	if returnUrl == "" {
+		returnUrl = "/"
+	}
+
+	return c.Redirect(http.StatusSeeOther, returnUrl)
+}
+
 func exchangeCode(ctx context.Context, r *http.Request, config *oauth2.Config, provider *oidc.Provider) (*User, error) {
 	state, err := r.Cookie("state")
 	if err != nil {