// KillSession deletes a session for an existing user account based on // the session token func (a *AuthAPI) KillSession(params *api.Request) api.Response { sessionToken, found := filter.GetStringParameter("token", params.Form) if !found || len(sessionToken) == 0 { return api.BadRequest(ErrTokenNotSpecified) } session, err := cookies.GetSession(sessionToken) if err != nil { return api.InternalServerError(err) } err = session.Delete() if err != nil { return api.InternalServerError(err) } return api.StatusResponse(http.StatusOK) }
// Authorize tries to authorize an existing gostToken func Authorize(httpHeader http.Header) (*identity.Identity, error) { ghostToken, err := extractGhostToken(httpHeader) if err != nil { if err == errAnonymousUser { return identity.NewAnonymous(), nil } return nil, err } encryptedToken, err := util.Decode([]byte(ghostToken)) if err != nil { return nil, err } jsonToken, err := security.Decrypt(encryptedToken) if err != nil { return nil, err } cookie := new(cookies.Session) err = util.DeserializeJSON(jsonToken, cookie) if err != nil { return nil, err } dbCookie, err := cookies.GetSession(cookie.Token) if err != nil || dbCookie == nil { return nil, ErrDeactivatedUser } if !identity.IsUserActivated(dbCookie.UserID) { return nil, ErrDeactivatedUser } go dbCookie.ResetToken() return identity.New(dbCookie), nil }