Skip to content

Commit bd1eb5d

Browse files
trueleotrueleo
committed
Add logout
1 parent 1be08f7 commit bd1eb5d

File tree

3 files changed

+25
-0
lines changed

3 files changed

+25
-0
lines changed

server/src/handlers/http.rs

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -247,6 +247,7 @@ pub fn configure_routes(cfg: &mut web::ServiceConfig, oidc_client: Option<Arc<op
247247

248248
let mut oauth_api = web::scope("/o")
249249
.service(resource("/login").route(web::get().to(oidc::login)))
250+
.service(resource("/logout").route(web::get().to(oidc::logout)))
250251
.service(resource("/code").route(web::get().to(oidc::reply_login)));
251252

252253
if let Some(client) = oidc_client {

server/src/handlers/http/oidc.rs

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -101,6 +101,22 @@ pub async fn login(
101101
}
102102
}
103103

104+
pub async fn logout(
105+
req: HttpRequest,
106+
query: web::Query<RedirectAfterLogin>,
107+
oidc_client: Data<openid::Client>,
108+
) -> HttpResponse {
109+
let Some(session) = extract_session_key_from_req(&req).ok() else {
110+
return return_to_client(query.redirect.as_str(), None);
111+
};
112+
Users.remove_session(&session);
113+
if let Some(url) = oidc_client.config().end_session_endpoint.clone() {
114+
redirect_to_oidc_logout(url, &query.redirect)
115+
} else {
116+
return_to_client(query.redirect.as_str(), None)
117+
}
118+
}
119+
104120
/// Handler for code callback
105121
/// User should be redirected to page they were trying to access with cookie
106122
pub async fn reply_login(
@@ -156,6 +172,13 @@ fn redirect_to_oidc(
156172
.finish()
157173
}
158174

175+
fn redirect_to_oidc_logout(mut logout_endpoint: Url, redirect: &Url) -> HttpResponse {
176+
logout_endpoint.set_query(Some(&format!("post_logout_redirect_uri={}", redirect)));
177+
HttpResponse::TemporaryRedirect()
178+
.insert_header((header::LOCATION, logout_endpoint.to_string()))
179+
.finish()
180+
}
181+
159182
fn return_to_client(url: &str, cookies: impl IntoIterator<Item = Cookie<'static>>) -> HttpResponse {
160183
let mut response = HttpResponse::MovedPermanently();
161184
response.insert_header((header::LOCATION, url));

server/src/rbac/map.rs

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -119,6 +119,7 @@ impl Sessions {
119119
expiry: DateTime<Utc>,
120120
permissions: Vec<Permission>,
121121
) {
122+
self.remove_expired_session(&user);
122123
self.user_sessions
123124
.entry(user.clone())
124125
.and_modify(|sessions| sessions.push((key.clone(), expiry)))

0 commit comments

Comments
 (0)