From 35f591fb670855f997879a3d66b4a6ebc24777b6 Mon Sep 17 00:00:00 2001
From: Sebastian Pravda <sebastian.pravda@gmail.com>
Date: Thu, 24 Nov 2022 20:09:14 +0100
Subject: [PATCH] feat: candidate logout endpoint

---
 api/src/lib.rs                         |  1 +
 api/src/routes/candidate.rs            | 13 +++++++++++++
 core/src/services/candidate_service.rs |  5 +++++
 3 files changed, 19 insertions(+)

diff --git a/api/src/lib.rs b/api/src/lib.rs
index d5752f4..b0f903e 100644
--- a/api/src/lib.rs
+++ b/api/src/lib.rs
@@ -40,6 +40,7 @@ pub fn rocket() -> Rocket<Build>{
             "/candidate/",
             routes![
                 routes::candidate::login,
+                routes::candidate::logout,
                 routes::candidate::whoami,
                 routes::candidate::get_details,
             ],
diff --git a/api/src/routes/candidate.rs b/api/src/routes/candidate.rs
index 7068bb6..905ef87 100644
--- a/api/src/routes/candidate.rs
+++ b/api/src/routes/candidate.rs
@@ -51,6 +51,19 @@ pub async fn login(
     return Ok(response);
 }
 
+#[post("/logout")]
+pub async fn logout(conn: Connection<'_, Db>, session: CandidateAuth, cookies: &CookieJar<'_>,) -> Result<(), Custom<String>> {
+    let db = conn.into_inner();
+    let candidate: entity::candidate::Model = session.into();
+
+    cookies.remove_private(Cookie::named("id"));
+    cookies.remove_private(Cookie::named("key"));
+
+    CandidateService::logout(db, candidate.application)
+        .await
+        .map_err(|e| Custom(Status::from_code(e.code()).unwrap_or(Status::InternalServerError), e.to_string()))
+}
+
 #[get("/whoami")]
 pub async fn whoami(session: CandidateAuth) -> Result<String, Custom<String>> {
     let candidate: entity::candidate::Model = session.into();
diff --git a/core/src/services/candidate_service.rs b/core/src/services/candidate_service.rs
index 264535a..f4b6b1b 100644
--- a/core/src/services/candidate_service.rs
+++ b/core/src/services/candidate_service.rs
@@ -131,6 +131,11 @@ impl CandidateService {
         Ok(new_password_plain)
     }
 
+    pub async fn logout(db: &DbConn, id: i32) -> Result<(), ServiceError> {
+        SessionService::revoke_all_sessions(db, Some(id), None).await?;
+        Ok(())
+    }
+
     pub(in crate::services) async fn add_candidate_details(
         db: &DbConn,
         candidate: candidate::Model,