Remove device on logout

src/api/middlewares/Authentication.ts

@@ -68,7 +68,7 @@ declare global {
 		interface Request {
 			user_id: string;
 			user_bot: boolean;
-			token: { id: string; iat: number };
+			token: { id: string; iat: number; ver?: number; did?: string };
 			rights: Rights;
 			fingerprint?: string;
 		}
@@ -85,7 +85,7 @@ export async function Authentication(req: Request, res: Response, next: NextFunc
 			.find((x) => x.startsWith("__sb_sessid="))!
 			.split("=")[1];
 	// for some reason we need to require here, else the openapi generator fails with "route is not a function"
-	else res.setHeader("Set-Cookie", `__sb_sessid=${req.fingerprint = (await require("../util")).randomString(32)}; Secure; HttpOnly; SameSite=None; Path=/`);
+	else res.setHeader("Set-Cookie", `__sb_sessid=${(req.fingerprint = (await require("../util")).randomString(32))}; Secure; HttpOnly; SameSite=None; Path=/`);
 
 	if (
 		NO_AUTHORIZATION_ROUTES.some((x) => {

src/api/routes/auth/logout.ts

@@ -18,6 +18,7 @@
 
 import { route } from "@spacebar/api";
 import { Request, Response, Router } from "express";
+import { Session } from "@spacebar/util";
 
 const router: Router = Router({ mergeParams: true });
 export default router;
@@ -31,16 +32,17 @@ router.post(
 	}),
 	async (req: Request, res: Response) => {
 		if (req.body.provider != null || req.body.voip_provider != null) {
-			console.log(
-				`[LOGOUT]: provider or voip provider not null!`,
-				req.body,
-			);
+			console.log(`[LOGOUT]: provider or voip provider not null!`, req.body);
 		} else {
 			delete req.body.provider;
 			delete req.body.voip_provider;
-			if (Object.keys(req.body).length != 0)
-				console.log(`[LOGOUT]: Extra fields sent in logout!`, req.body);
+			if (Object.keys(req.body).length != 0) console.log(`[LOGOUT]: Extra fields sent in logout!`, req.body);
 		}
+
+		if (req.token.did) {
+			await Session.delete({ user_id: req.user_id, session_id: req.token.did });
+		}
+
 		res.status(204).send();
 	},
 );