Introduce signout everywhere

engine/src/auth/session.rs

@@ -52,4 +52,16 @@ impl SessionState {
 
         Ok(sessions)
     }
+
+    // Set every session to invalid
+    pub async fn delete_by_user_id(user_id: i32, database: &Database) -> Result<Vec<Self>, sqlx::Error> {
+        let sessions = sqlx::query_as::<_, SessionState>(
+            "UPDATE sessions SET valid = FALSE WHERE user_id = $1",
+        )
+        .bind(user_id)
+        .fetch_all(&database.pool)
+        .await?;
+
+        Ok(sessions)
+    }
 }

engine/src/routes/auth.rs

@@ -116,3 +116,22 @@ pub async fn get_sessions(state: Data<&Arc<AppState>>, cookies: &CookieJar) -> i
 
     Json(sessions)
 }
+
+#[handler]
+pub async fn delete_sessions(
+    cookies: &CookieJar,
+    state: Data<&Arc<AppState>>,
+) -> impl IntoResponse {
+    let token = cookies.get("property.v3x.token").unwrap();
+    let token = Uuid::parse_str(token.value_str()).unwrap();
+
+    let session = SessionState::get_by_id(token, &state.database)
+        .await
+        .unwrap();
+
+    let sessions = SessionState::delete_by_user_id(session.user_id, &state.database)
+        .await
+        .unwrap();
+
+    Json(sessions)
+}

engine/src/routes/mod.rs

@@ -41,7 +41,7 @@ pub async fn serve(state: AppState) -> Result<(), poem::Error> {
     let app = Route::new()
         .at("/login", get(auth::login))
         .at("/me", get(auth::me))
-        .at("/sessions", get(auth::get_sessions))
+        .at("/sessions", get(auth::get_sessions).delete(auth::delete_sessions))
         .at("/callback", get(auth::callback))
         .nest("/api", api_service)
         .nest("/openapi.json", spec)