From 45cc2876911e012b1752aec29af83ad05c0de44e Mon Sep 17 00:00:00 2001 From: Simon Ser Date: Mon, 19 Feb 2024 14:29:56 +0100 Subject: [PATCH] Add UI to revoke access tokens Closes: https://todo.sr.ht/~emersion/sinwon/15 --- client.go | 24 ++++++++++++++++++++++++ db.go | 12 ++++++++++-- main.go | 1 + template/index.html | 6 ++++++ diff --git a/client.go b/client.go index 0a60159ab3a82621eeff97a77a14cf04b76c6e44..3a02d0cddc78908c1829557c16d533c301c4cadd 100644 --- a/client.go +++ b/client.go @@ -127,3 +127,27 @@ if err := tpl.ExecuteTemplate(w, "client-secret.html", &data); err != nil { panic(err) } } + +func revokeClient(w http.ResponseWriter, req *http.Request) { + ctx := req.Context() + db := dbFromContext(ctx) + + id, err := ParseID[*Client](chi.URLParam(req, "id")) + if err != nil { + http.Error(w, err.Error(), http.StatusBadRequest) + return + } + + loginToken := loginTokenFromContext(ctx) + if loginToken == nil { + http.Redirect(w, req, "/login", http.StatusFound) + return + } + + if err := db.RevokeAccessTokens(ctx, id, loginToken.User); err != nil { + httpError(w, err) + return + } + + http.Redirect(w, req, "/", http.StatusFound) +} diff --git a/db.go b/db.go index 29f264d1090ce57cb3c3abfe380b342756db216d..2c3fa884a5717ee25cd85251e11843a465cac05b 100644 --- a/db.go +++ b/db.go @@ -166,7 +166,7 @@ } func (db *DB) ListAuthorizedClients(ctx context.Context, user ID[*User]) ([]AuthorizedClient, error) { rows, err := db.db.QueryContext(ctx, ` - SELECT client_id, client_name, client_uri, token.expires_at + SELECT id, client_id, client_name, client_uri, token.expires_at FROM Client, ( SELECT client, MAX(expires_at) as expires_at @@ -185,7 +185,7 @@ for rows.Next() { var authClient AuthorizedClient columns := authClient.Client.columns() var expiresAt string - err := rows.Scan(columns["client_id"], columns["client_name"], columns["client_uri"], &expiresAt) + err := rows.Scan(columns["id"], columns["client_id"], columns["client_name"], columns["client_uri"], &expiresAt) if err != nil { return nil, err } @@ -220,6 +220,14 @@ INSERT INTO AccessToken(hash, user, client, scope, issued_at, expires_at) VALUES (:hash, :user, :client, :scope, :issued_at, :expires_at) RETURNING id `, entityArgs(token)...).Scan(&token.ID) +} + +func (db *DB) RevokeAccessTokens(ctx context.Context, clientID ID[*Client], userID ID[*User]) error { + _, err := db.db.ExecContext(ctx, ` + DELETE FROM AccessToken + WHERE client = ? AND user = ? + `, clientID, userID) + return err } func (db *DB) CreateAuthCode(ctx context.Context, code *AuthCode) error { diff --git a/main.go b/main.go index a7c04ab3488c2790953b513d95aee53078b83a94..e1cc459efcb9a1ead2d603025ca915148ea6a7ab 100644 --- a/main.go +++ b/main.go @@ -55,6 +55,7 @@ mux.HandleFunc("/login", login) mux.Post("/logout", logout) mux.HandleFunc("/client/new", manageClient) mux.HandleFunc("/client/{id}", manageClient) + mux.Post("/client/{id}/revoke", revokeClient) mux.HandleFunc("/user/new", manageUser) mux.HandleFunc("/user/{id}", manageUser) mux.Get("/.well-known/oauth-authorization-server", getOAuthServerMetadata) diff --git a/template/index.html b/template/index.html index 0e2a7845706d40048386a4dd3f65dff87f41f583..da8b6b68d94449bbd66bcb8612fdb592e08cbd49 100644 --- a/template/index.html +++ b/template/index.html @@ -18,6 +18,7 @@ + {{ range . }} @@ -37,6 +38,11 @@ {{ end }} {{ end }} + {{ end }}
Client Authorized until
{{ .ExpiresAt }} +
+ +
+
-- 2.48.1