Add logout api

go.mod

@@ -5,10 +5,10 @@ go 1.20
 require (
 	github.com/BurntSushi/toml v1.3.2
 	github.com/aliyun/aliyun-oss-go-sdk v2.2.8+incompatible
-	github.com/fxamacker/cbor/v2 v2.5.0-beta5
+	github.com/fxamacker/cbor/v2 v2.5.0
 	github.com/google/uuid v1.3.0
 	github.com/klauspost/compress v1.16.7
-	github.com/ldclabs/cose v1.1.1
+	github.com/ldclabs/cose v1.1.2
 	github.com/mssola/useragent v1.0.0
 	github.com/rs/xid v1.5.0
 	github.com/stretchr/testify v1.8.4

go.sum

@@ -8,6 +8,8 @@ github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs
 github.com/dimfeld/httptreemux v5.0.1+incompatible/go.mod h1:rbUlSV+CCpv/SuqUTP/8Bk2O3LyUV436/yaRGkhP6Z0=
 github.com/fxamacker/cbor/v2 v2.5.0-beta5 h1:NldHpwv5bP+qnoI00fa/JAvGQ+68oEKxARR3PciaCdw=
 github.com/fxamacker/cbor/v2 v2.5.0-beta5/go.mod h1:TA1xS00nchWmaBnEIxPSE5oHLuJBAVvqrtAnWBwBCVo=
+github.com/fxamacker/cbor/v2 v2.5.0 h1:oHsG0V/Q6E/wqTS2O1Cozzsy69nqCiguo5Q1a1ADivE=
+github.com/fxamacker/cbor/v2 v2.5.0/go.mod h1:TA1xS00nchWmaBnEIxPSE5oHLuJBAVvqrtAnWBwBCVo=
 github.com/go-http-utils/cookie v1.3.1 h1:GCdTeqVV5vDcjP7LrgYpH8pbt3dOYKS+Wrs7Jo3/k/w=
 github.com/go-http-utils/cookie v1.3.1/go.mod h1:ATl4rfG3bEemjiVa+8WIfgNcBUWdYBTasfXKjJ3Avt8=
 github.com/go-http-utils/negotiator v1.0.0 h1:Qp1zofD6Nw7KXApXa3pAjehP06Js0ILguEBCnHhZeVA=
@@ -25,6 +27,8 @@ github.com/klauspost/compress v1.16.7 h1:2mk3MPGNzKyxErAw8YaohYh69+pa4sIQSC0fPGC
 github.com/klauspost/compress v1.16.7/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
 github.com/ldclabs/cose v1.1.1 h1:9vUZ272MebRkiysHN/7ovLPOD9KdOe9QkmCO9vtUXsE=
 github.com/ldclabs/cose v1.1.1/go.mod h1:uMgRupgJLt3ckxx/G+U7XWJr1F0WxHfjlVeRlZa5u2M=
+github.com/ldclabs/cose v1.1.2 h1:kq8IkpCiTM2jcynmPbEUH4dPQ4tM8+qQewKMvuC/ljo=
+github.com/ldclabs/cose v1.1.2/go.mod h1:M52HratClumnAkI1icUIUljX4fWfZL7kF80hh6ijGrQ=
 github.com/mssola/useragent v1.0.0 h1:WRlDpXyxHDNfvZaPEut5Biveq86Ze4o4EMffyMxmH5o=
 github.com/mssola/useragent v1.0.0/go.mod h1:hz9Cqz4RXusgg1EdI4Al0INR62kP7aPSRNHnpU+b85Y=
 github.com/pion/dtls/v2 v2.2.7 h1:cSUBsETxepsCSFSxC3mc/aDo14qQLMSL+O6IjG28yV8=

src/api/router.go

@@ -56,6 +56,7 @@ func newRouters(apis *APIs) []*gear.Router {
 	router.Get("/healthz", apis.Healthz.Get)
 	router.Get("/access_token", apis.Session.AccessToken)
 	router.Get("/userinfo", apis.Session.Verify, apis.Session.UserInfo)
+	router.Post("/logout", apis.Session.Verify, apis.Session.Logout)
 
 	router.Get("/idp/:idp/authorize", apis.AuthN.Login)
 	router.Get("/idp/:idp/callback", apis.AuthN.Callback)

src/api/session.go

@@ -1,6 +1,8 @@
 package api
 
 import (
+	"net/http"
+
 	_ "github.com/ldclabs/cose/key/hmac"
 	"github.com/teambition/gear"
 
@@ -10,14 +12,14 @@ import (
 )
 
 type Session struct {
-	blls       *bll.Blls
-	cookieName string
+	blls   *bll.Blls
+	cookie conf.Cookie
 }
 
 func NewSession(blls *bll.Blls, cfg *conf.ConfigTpl) *Session {
 	sess := &Session{
-		blls:       blls,
-		cookieName: cfg.Cookie.NamePrefix + "_SESS",
+		blls:   blls,
+		cookie: cfg.Cookie,
 	}
 
 	return sess
@@ -42,6 +44,8 @@ func (a *Session) Verify(ctx *gear.Context) error {
 		return gear.ErrInternalServerError.WithMsg("missing uid")
 	}
 
+	header := gear.CtxValue[util.ContextHTTPHeader](ctx)
+	http.Header(*header).Set("x-auth-user", output.UID.String())
 	ctx.WithContext(gear.CtxWith[bll.SessionOutput](ctx.Context(), output))
 	return nil
 }
@@ -60,8 +64,9 @@ func (a *Session) AccessToken(ctx *gear.Context) error {
 	if err != nil {
 		return gear.ErrUnauthorized.From(err)
 	}
-	output.UID = nil // should not return uid
 
+	output.SID = nil // should not return sid
+	output.UID = nil // should not return uid
 	return ctx.OkSend(output)
 }
 
@@ -78,10 +83,48 @@ func (a *Session) UserInfo(ctx *gear.Context) error {
 	return ctx.OkSend(output)
 }
 
+func (a *Session) Logout(ctx *gear.Context) error {
+	sess := gear.CtxValue[bll.SessionOutput](ctx)
+	if sess == nil || sess.SID == nil {
+		return gear.ErrUnauthorized.WithMsg("missing session")
+	}
+
+	output, err := a.blls.Session.Delete(ctx, *sess.SID)
+	if err != nil {
+		return gear.ErrInternalServerError.From(err)
+	}
+
+	didCookie := &http.Cookie{
+		Name:     a.cookie.NamePrefix + "_DID",
+		Value:    "",
+		HttpOnly: true,
+		Secure:   a.cookie.Secure,
+		MaxAge:   -1,
+		Path:     "/",
+		Domain:   a.cookie.Domain,
+		SameSite: http.SameSiteLaxMode,
+	}
+	http.SetCookie(ctx.Res, didCookie)
+
+	sessCookie := &http.Cookie{
+		Name:     a.cookie.NamePrefix + "_SESS",
+		Value:    "",
+		HttpOnly: true,
+		Secure:   a.cookie.Secure,
+		MaxAge:   -1,
+		Path:     "/",
+		Domain:   a.cookie.Domain,
+		SameSite: http.SameSiteLaxMode,
+	}
+
+	http.SetCookie(ctx.Res, sessCookie)
+	return ctx.OkSend(output)
+}
+
 func (a *Session) extractSession(ctx *gear.Context) string {
 	sess := ctx.GetHeader("X-Session")
 	if sess == "" {
-		if cookie, _ := ctx.Req.Cookie(a.cookieName); cookie != nil {
+		if cookie, _ := ctx.Req.Cookie(a.cookie.NamePrefix + "_SESS"); cookie != nil {
 			sess = cookie.Value
 		}
 	}

src/bll/common.go

@@ -85,6 +85,7 @@ type SessionInput struct {
 }
 
 type SessionOutput struct {
+	SID         *util.ID   `json:"sid,omitempty" cbor:"sid,omitempty"`
 	Sub         *util.UUID `json:"sub,omitempty" cbor:"sub,omitempty"`
 	UID         *util.ID   `json:"uid,omitempty" cbor:"uid,omitempty"`
 	AccessToken string     `json:"access_token,omitempty" cbor:"access_token,omitempty"`

src/bll/session.go

@@ -34,3 +34,11 @@ func (b *Session) UserInfo(ctx context.Context, uid util.ID) (*UserInfo, error)
 	}
 	return &output.Result, nil
 }
+
+func (b *Session) Delete(ctx context.Context, sid util.ID) (*SuccessResponse[bool], error) {
+	output := SuccessResponse[bool]{}
+	if err := b.svc.Delete(ctx, "/v1/session?sid="+sid.String(), &output); err != nil {
+		return nil, err
+	}
+	return &output, nil
+}