// LogoutHandler DELETE /user/auth
func LogoutHandler(w http.ResponseWriter, r *http.Request) {
token := r.Header.Get("Authorization")
err := auth.InvalidateToken(token)
if err != nil {
http.Error(w, err.Error(), http.StatusForbidden)
return
}
fmt.Fprintf(w, "{}")
}
// RefreshTokenHandler handles POST /users/refreshToken
func RefreshTokenHandler(w http.ResponseWriter, r *http.Request) {
decoder := json.NewDecoder(r.Body)
var b refreshTokenBody
err := decoder.Decode(&b)
if err != nil {
http.Error(w, "Invalid Body.", http.StatusBadRequest)
return
}
user, err := auth.ValidateJWTToken(b.Token)
if err != nil {
http.Error(w, err.Error(), http.StatusForbidden)
return
}
token, err := auth.GenerateJWTToken(*user)
if err != nil {
http.Error(w, err.Error(), http.StatusForbidden)
return
}
err = auth.InvalidateToken(b.Token)
if err != nil {
InternalServerError(err, w)
return
}
user.AvatarURL = os.Getenv("BASE_URL") + "/users/" + user.Name + "/avatar"
bytes, err := json.Marshal(authResponseBody{Token: token, User: *user})
if err != nil {
InternalServerError(err, w)
return
}
w.Write(bytes)
}