anti/DECNET
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(auth): logout endpoint revokes the presented token

Browse Source 
POST /auth/logout adds the caller's jti to the denylist and drops the
local negative-cache entry, so the token 401s on its very next use.
Single-session semantics: only this token dies, other sessions for the
same user keep working. Reachable for must_change_password users (it
runs the revocation checks but skips the must_change gate via
get_token_claims) so a session can always be ended; an already-revoked
token is rejected.
This commit is contained in:
anti
2026-05-30 18:21:16 -04:00
parent 698ecaa322
commit c82897193e
4 changed files with 130 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
decnet/web/router/__init__.py
View File

@@ -3,6 +3,7 @@ from fastapi import APIRouter
from .auth.api_login import router as login_router
from .auth.api_change_pass import router as change_pass_router
from .auth.api_logout import router as logout_router
from .logs.api_get_logs import router as logs_router
from .logs.api_get_histogram import router as histogram_router
from .bounty.api_get_bounties import router as bounty_router
@@ -89,6 +90,7 @@ api_router = APIRouter(
# Authentication
api_router.include_router(login_router)
api_router.include_router(change_pass_router)
api_router.include_router(logout_router)
# Logs & Analytics
api_router.include_router(logs_router)