Merged
Conversation
Contributor
|
@nafiuishaaq |
Contributor
Author
|
Resolved sir @ayshadogo |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
I've implemented the logout functionality with the following changes:
Verifies JWT tokens from the Authorization header
Validates that the token is an access token (not refresh token)
Attaches the user object and userId to the request
Added the logout function that:
Gets the authenticated user's ID from the request
Finds the user in the database
Clears the refreshTokenHash and refreshTokenExpiresAt fields
Returns a 200 OK response
Added POST /api/auth/logout endpoint
Protected by the authenticate middleware
Calls the logout controller
API Endpoint
POST /api/auth/logout
Headers: Authorization: Bearer <access_token>
Response: 200 OK with message "Logout successful"
The logout endpoint securely invalidates the user's session by clearing the stored refresh token hash from the database, preventing any future token refresh attempts.
Closes #24