modules/client/logout: Implement 5.4.4 logout/all.

2024-09-30 04:38:52 +02:00 · 2019-02-18 11:22:45 -08:00 · 2019-02-18 11:22:45 -08:00 · dd99d929aa
commit dd99d929aa
parent cc2ed66190
1 changed files with 112 additions and 21 deletions
--- a/modules/client/logout.cc
+++ b/modules/client/logout.cc
@ -10,6 +10,18 @@

 using namespace ircd;

+static bool
+do_logout(const m::user::id &user_id,
+          const m::event::idx &token_event_idx);
+
+static resource::response
+post__logout(client &,
+             const resource::request &);
+
+static resource::response
+post__logout_all(client &,
+                 const resource::request &);
+
 mapi::header
 IRCD_MODULE
 {
@ -26,8 +38,38 @@ logout_resource
 	}
 };

+resource
+logout_all_resource
+{
+	"/_matrix/client/r0/logout/all",
+	{
+		"(5.4.4) Invalidates all access tokens for a user, so that they can no"
+		" longer be used for authorization. This includes the access token"
+		" that made this request."
+	}
+};
+
+resource::method
+post_method
+{
+	logout_resource, "POST", post__logout,
+	{
+		post_method.REQUIRES_AUTH
+	}
+};
+
+resource::method
+post_all_method
+{
+	logout_all_resource, "POST", post__logout_all,
+	{
+		post_all_method.REQUIRES_AUTH
+	}
+};
+
 resource::response
-post__logout(client &client, const resource::request &request)
+post__logout(client &client,
+             const resource::request &request)
 {
 	const auto &access_token
 	{
@ -44,20 +86,7 @@ post__logout(client &client, const resource::request &request)
 		tokens.get("ircd.access_token", access_token)
 	};

-	const auto token_event_id
-	{
-		m::event_id(token_event_idx)
-	};
-
-	static const string_view reason
-	{
-		"logout"
-	};
-
-	const auto redaction_event_id
-	{
-		m::redact(m::user::tokens, request.user_id, token_event_id, reason)
-	};
+	do_logout(request.user_id, token_event_idx);

 	return resource::response
 	{
@ -65,11 +94,73 @@ post__logout(client &client, const resource::request &request)
 	};
 }

-resource::method
-post_method
+resource::response
+post__logout_all(client &client,
+                 const resource::request &request)
 {
-	logout_resource, "POST", post__logout,
+	const m::room::state tokens
 	{
-		post_method.REQUIRES_AUTH
-	}
-};
+		m::user::tokens
+	};
+
+	long count(0);
+	tokens.for_each("ircd.access_token", m::event::closure_idx{[&request, &count]
+	(const m::event::idx &event_idx)
+	{
+		bool match(false);
+		m::get(std::nothrow, event_idx, "sender", [&request, &match]
+		(const string_view &sender)
+		{
+			match = request.user_id == sender;
+		});
+
+		if(match)
+		{
+			do_logout(request.user_id, event_idx);
+			++count;
+		}
+	}});
+
+	return resource::response
+	{
+		client, json::members
+		{
+			{ "invalidations", count }
+		}
+	};
+}
+
+bool
+do_logout(const m::user::id &user_id,
+          const m::event::idx &token_event_idx)
+try
+{
+	static const string_view reason
+	{
+		"logout"
+	};
+
+	const auto token_event_id
+	{
+		m::event_id(token_event_idx)
+	};
+
+	const auto redaction_event_id
+	{
+		m::redact(m::user::tokens, user_id, token_event_id, reason)
+	};
+
+	return true;
+}
+catch(const std::exception &e)
+{
+	log::error
+	{
+		m::log, "Error logging out user '%s' token event_idx:%lu :%s",
+		string_view{user_id},
+		token_event_idx,
+		e.what()
+	};
+
+	return false;
+}