1
0
mirror of https://github.com/Unleash/unleash.git synced 2025-01-20 00:08:02 +01:00
unleash.unleash/src/lib/routes/logout.ts
2023-04-06 11:46:54 +02:00

85 lines
2.6 KiB
TypeScript

import { Response } from 'express';
import { promisify } from 'util';
import { IUnleashConfig, NONE } from '../types';
import Controller from './controller';
import { IAuthRequest } from './unleash-types';
import { IUnleashServices } from '../types';
import SessionService from '../services/session-service';
class LogoutController extends Controller {
private clearSiteDataOnLogout: boolean;
private cookieName: string;
private baseUri: string;
private sessionService: SessionService;
constructor(
config: IUnleashConfig,
{ sessionService }: Pick<IUnleashServices, 'sessionService'>,
) {
super(config);
this.sessionService = sessionService;
this.baseUri = config.server.baseUriPath;
this.clearSiteDataOnLogout = config.session.clearSiteDataOnLogout;
this.cookieName = config.session.cookieName;
this.route({
method: 'post',
path: '/',
handler: this.logout,
permission: NONE,
acceptAnyContentType: true,
});
}
async logout(req: IAuthRequest, res: Response): Promise<void> {
if (req.session) {
// Allow SSO to register custom logout logic.
if (req.session.logoutUrl) {
res.redirect(req.session.logoutUrl);
return;
}
}
if (req.logout) {
if (this.isReqLogoutWithoutCallback(req.logout)) {
// passport < 0.6.0
req.logout();
} else {
// for passport >= 0.6.0, a callback function is expected as first argument.
// to reuse controller error handling, function is turned into a promise
const logoutAsyncFn = promisify(req.logout).bind(req);
await logoutAsyncFn();
}
}
if (req.session) {
if (req.session.user?.id) {
await this.sessionService.deleteSessionsForUser(
req.session.user.id,
);
}
req.session.destroy();
}
res.clearCookie(this.cookieName);
if (this.clearSiteDataOnLogout) {
res.set('Clear-Site-Data', '"cookies", "storage"');
}
if (req.user?.id) {
await this.sessionService.deleteSessionsForUser(req.user.id);
}
res.redirect(`${this.baseUri}/`);
}
private isReqLogoutWithoutCallback(
logout: IAuthRequest['logout'],
): logout is () => void {
return logout.length === 0;
}
}
export default LogoutController;