feat: Invalidate access token on logout

2025-07-19 05:09:43 +02:00 · 2022-09-07 18:39:33 +05:00 · 2022-09-07 18:39:33 +05:00 · 48ea62c0a0
commit 48ea62c0a0
parent f091de6827
26 changed files with 242 additions and 37 deletions
--- a/server/api/controllers/access-tokens/create.js
+++ b/server/api/controllers/access-tokens/create.js
@ -40,24 +40,33 @@ module.exports = {
  },

  async fn(inputs) {
+    const remoteAddress = getRemoteAddress(this.req);
+
    const user = await sails.helpers.users.getOneByEmailOrUsername(inputs.emailOrUsername);

    if (!user) {
      sails.log.warn(
-        `Invalid email or username: "${inputs.emailOrUsername}"! (IP: ${getRemoteAddress(
-          this.req,
-        )})`,
+        `Invalid email or username: "${inputs.emailOrUsername}"! (IP: ${remoteAddress})`,
      );
      throw Errors.INVALID_EMAIL_OR_USERNAME;
    }

    if (!bcrypt.compareSync(inputs.password, user.password)) {
-      sails.log.warn(`Invalid password! (IP: ${getRemoteAddress(this.req)})`);
+      sails.log.warn(`Invalid password! (IP: ${remoteAddress})`);
      throw Errors.INVALID_PASSWORD;
    }

+    const accessToken = sails.helpers.utils.createToken(user.id);
+
+    await Session.create({
+      accessToken,
+      remoteAddress,
+      userId: user.id,
+      userAgent: this.req.headers['user-agent'],
+    });
+
    return {
-      item: sails.helpers.utils.createToken(user.id),
+      item: accessToken,
    };
  },
 };
--- a/server/api/controllers/access-tokens/delete.js
+++ b/server/api/controllers/access-tokens/delete.js
@ -0,0 +1,16 @@
+module.exports = {
+  async fn() {
+    const { accessToken } = this.req;
+
+    await Session.updateOne({
+      accessToken,
+      deletedAt: null,
+    }).set({
+      deletedAt: new Date().toUTCString(),
+    });
+
+    return {
+      item: accessToken,
+    };
+  },
+};