notkshitij/SkycrateBackend
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Revoke refresh token on logout for enhanced session security

Browse Source
This commit is contained in:
K
2025-07-03 03:21:53 +05:30
parent 31f13b980b
commit 9cb9c67b09
2 changed files with 24 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/main/java/com/skycrate/backend/skycrateBackend/controller/AuthController.java
+9 -3
View File
@@ -27,6 +27,9 @@ public class AuthController {
this.userRepository = userRepository;
}
@Autowired
private RefreshTokenService refreshTokenService;
@PostMapping("/login")
public ResponseEntity<?> login(@RequestBody LoginRequest request, HttpServletRequest servletRequest) {
String ip = servletRequest.getRemoteAddr();
@@ -75,14 +78,17 @@ public class AuthController {
}
String token = authHeader.substring(7);
// Blacklist access token
tokenBlacklistService.blacklistToken(token);
// Extract user from token and delete their refresh token
String email = jwtService.extractUsername(token);
userRepository.findByEmail(email).ifPresent(refreshTokenService::deleteByUser);
return ResponseEntity.ok("Logged out successfully");
}
@Autowired
private RefreshTokenService refreshTokenService;
@PostMapping("/refresh")
public ResponseEntity<?> refresh(@RequestBody TokenRefreshRequest request) {
String requestToken = request.getRefreshToken();
src/main/java/com/skycrate/backend/skycrateBackend/services/RefreshTokenService.java
+5
View File
@@ -39,4 +39,9 @@ public class RefreshTokenService {
public boolean isExpired(RefreshToken token) {
return token.getExpiryDate().isBefore(Instant.now());
}
public void deleteByUser(User user) {
refreshTokenRepo.deleteByUser(user);
}
}