go-escuela · nmenag · Dec 2, 2023 · Dec 2, 2023 · Dec 2, 2023
diff --git a/apps/core/priv/repo/migrations/20231202042816_guardiandb.exs b/apps/core/priv/repo/migrations/20231202042816_guardiandb.exs
@@ -0,0 +1,17 @@
+defmodule Web.Repo.Migrations.CreateGuardianDBTokensTable do
+  use Ecto.Migration
+
+  def change do
+    create table(:guardian_tokens, primary_key: false) do
+      add(:jti, :string, primary_key: true)
+      add(:aud, :string, primary_key: true)
+      add(:typ, :string)
+      add(:iss, :string)
+      add(:sub, :string)
+      add(:exp, :bigint)
+      add(:jwt, :text)
+      add(:claims, :map)
+      timestamps()
+    end
+  end
+end
diff --git a/apps/web/lib/web/auth/guardian.ex b/apps/web/lib/web/auth/guardian.ex
@@ -43,4 +43,28 @@ defmodule Web.Auth.Guardian do
     {:ok, token, _claims} = encode_and_sign(account)
     {:ok, account, token}
   end
+
+  def after_encode_and_sign(resource, claims, token, _options) do
+    with {:ok, _} <- Guardian.DB.after_encode_and_sign(resource, claims["typ"], claims, token) do
+      {:ok, token}
+    end
+  end
+
+  def on_verify(claims, token, _options) do
+    with {:ok, _} <- Guardian.DB.on_verify(claims, token) do
+      {:ok, claims}
+    end
+  end
+
+  # def on_refresh({old_token, old_claims}, {new_token, new_claims}, _options) do
+  #   with {:ok, _, _} <- Guardian.DB.on_refresh({old_token, old_claims}, {new_token, new_claims}) do
+  #     {:ok, {old_token, old_claims}, {new_token, new_claims}}
+  #   end
+  # end
+
+  def on_revoke(claims, token, _options) do
+    with {:ok, _} <- Guardian.DB.on_revoke(claims, token) do
+      {:ok, claims}
+    end
+  end
 end
diff --git a/apps/web/lib/web/auth/set_account.ex b/apps/web/lib/web/auth/set_account.ex
@@ -15,15 +15,14 @@ defmodule Web.Auth.SetAccount do
     else
       user_id = get_session(conn, :user_id)
 
-      if is_nil(user_id), do: raise(message: "Unauthorized", plug_status: 401)
-      account = User.find(user_id)
-
-      case !is_nil(account) do
-        true ->
-          assign(conn, :account, account)
-
+      with false <- is_nil(user_id),
+           account <- User.find(user_id),
+           false <- is_nil(account) do
+        assign(conn, :account, account)
+      else
         _ ->
           assign(conn, :account, nil)
+          Web.FallbackController.call(conn, {:error, :unauthorized}) |> halt()
       end
     end
   end

diff --git a/apps/web/lib/web/controllers/auth/session_controller.ex b/apps/web/lib/web/controllers/auth/session_controller.ex
@@ -16,4 +16,14 @@ defmodule Web.Auth.SessionController do
         error
     end
   end
+
+  def destroy(conn, _params) do
+    account = conn.assigns[:account]
+    token = Guardian.Plug.current_token(conn)
+    Guardian.revoke(token)
+
+    conn
+    |> Plug.Conn.clear_session()
+    |> render(:destroy, %{account: account, token: nil})
+  end
 end
diff --git a/apps/web/lib/web/controllers/auth/session_json.ex b/apps/web/lib/web/controllers/auth/session_json.ex
@@ -5,4 +5,8 @@ defmodule Web.Auth.SessionJSON do
   def create(%{account: account, token: token}) do
     %{email: account.email, id: account.uuid, name: account.full_name, token: token}
   end
+
+  def destroy(%{account: _account, token: _token}) do
+    %{message: "sign out sucessul"}
+  end
 end
diff --git a/apps/web/lib/web/router.ex b/apps/web/lib/web/router.ex
@@ -16,6 +16,7 @@ defmodule Web.Router do
 
     get "/", Home.PageController, :show
     post "/auth/sessions", Auth.SessionController, :create
+    delete "/auth/sessions", Auth.SessionController, :destroy
   end
 
   scope "/api", Web do

diff --git a/apps/web/lib/web/telemetry.ex b/apps/web/lib/web/telemetry.ex
@@ -13,7 +13,8 @@ defmodule Web.Telemetry do
     children = [
       # Telemetry poller will execute the given period measurements
       # every 10_000ms. Learn more here: https://hexdocs.pm/telemetry_metrics
-      {:telemetry_poller, measurements: periodic_measurements(), period: 10_000}
+      {:telemetry_poller, measurements: periodic_measurements(), period: 10_000},
+      {Guardian.DB.Sweeper, []}
       # Add reporters as children of your supervision tree.
       # {Telemetry.Metrics.ConsoleReporter, metrics: metrics()}
     ]

diff --git a/apps/web/mix.exs b/apps/web/mix.exs
@@ -44,6 +44,7 @@ defmodule Web.MixProject do
       {:jason, "~> 1.2"},
       {:plug_cowboy, "~> 2.5"},
       {:guardian, "~> 2.3"},
+      {:guardian_db, "~> 3.0"},
       {:core, in_umbrella: true}
     ]
   end

diff --git a/config/config.exs b/config/config.exs
@@ -27,8 +27,17 @@ config :core, :ecto_repos, [
   GoEscuelaLms.Core.Repo
 ]
 
+config :web, :ecto_repos, [
+  GoEscuelaLms.Core.Repo
+]
+
 config :web, Web.Auth.Guardian,
   issuer: "go_escuela_lms",
   secret_key: System.get_env("SECRET_AUTH_KEY")
 
+config :guardian, Guardian.DB,
+  repo: GoEscuelaLms.Core.Repo,
+  schema_name: "guardian_tokens",
+  sweep_interval: 60
+
 import_config "#{Mix.env()}.exs"
diff --git a/mix.lock b/mix.lock
@@ -19,6 +19,7 @@
   "file_system": {:hex, :file_system, "0.2.10", "fb082005a9cd1711c05b5248710f8826b02d7d1784e7c3451f9c1231d4fc162d", [:mix], [], "hexpm", "41195edbfb562a593726eda3b3e8b103a309b733ad25f3d642ba49696bf715dc"},
   "gettext": {:hex, :gettext, "0.23.1", "821e619a240e6000db2fc16a574ef68b3bd7fe0167ccc264a81563cc93e67a31", [:mix], [{:expo, "~> 0.4.0", [hex: :expo, repo: "hexpm", optional: false]}], "hexpm", "19d744a36b809d810d610b57c27b934425859d158ebd56561bc41f7eeb8795db"},
   "guardian": {:hex, :guardian, "2.3.2", "78003504b987f2b189d76ccf9496ceaa6a454bb2763627702233f31eb7212881", [:mix], [{:jose, "~> 1.8", [hex: :jose, repo: "hexpm", optional: false]}, {:plug, "~> 1.3.3 or ~> 1.4", [hex: :plug, repo: "hexpm", optional: true]}], "hexpm", "b189ff38cd46a22a8a824866a6867ca8722942347f13c33f7d23126af8821b52"},
+  "guardian_db": {:hex, :guardian_db, "3.0.0", "c42902e3f1af1ba1e2d0c10913b926a1421f3a7e38eb4fc382b715c17489abdb", [:mix], [{:ecto, "~> 3.0", [hex: :ecto, repo: "hexpm", optional: false]}, {:ecto_sql, "~> 3.1", [hex: :ecto_sql, repo: "hexpm", optional: false]}, {:guardian, "~> 1.0 or ~> 2.0", [hex: :guardian, repo: "hexpm", optional: false]}, {:postgrex, "~> 0.13", [hex: :postgrex, repo: "hexpm", optional: true]}], "hexpm", "9c2ec4278efa34f9f1cc6ba795e552d41fdc7ffba5319d67eeb533b89392d183"},
   "jason": {:hex, :jason, "1.4.1", "af1504e35f629ddcdd6addb3513c3853991f694921b1b9368b0bd32beb9f1b63", [:mix], [{:decimal, "~> 1.0 or ~> 2.0", [hex: :decimal, repo: "hexpm", optional: true]}], "hexpm", "fbb01ecdfd565b56261302f7e1fcc27c4fb8f32d56eab74db621fc154604a7a1"},
   "jose": {:hex, :jose, "1.11.6", "613fda82552128aa6fb804682e3a616f4bc15565a048dabd05b1ebd5827ed965", [:mix, :rebar3], [], "hexpm", "6275cb75504f9c1e60eeacb771adfeee4905a9e182103aa59b53fed651ff9738"},
   "mime": {:hex, :mime, "2.0.5", "dc34c8efd439abe6ae0343edbb8556f4d63f178594894720607772a041b04b02", [:mix], [], "hexpm", "da0d64a365c45bc9935cc5c8a7fc5e49a0e0f9932a761c55d6c52b142780a05c"},