From 1fc7b932bc623e4d441eacb9880a9797aa5d7fa4 Mon Sep 17 00:00:00 2001 From: zihluwang Date: Tue, 14 Apr 2026 12:13:02 +0800 Subject: [PATCH] feat: add logout endpoint and refactor cookie management in AuthController --- .../deltaforceguide/config/SecurityConfig.java | 2 +- .../deltaforceguide/controller/AuthController.java | 13 ++++++++++++- .../onixbyte/deltaforceguide/shared/CookieName.java | 6 ++++++ 3 files changed, 19 insertions(+), 2 deletions(-) create mode 100644 src/main/java/com/onixbyte/deltaforceguide/shared/CookieName.java diff --git a/src/main/java/com/onixbyte/deltaforceguide/config/SecurityConfig.java b/src/main/java/com/onixbyte/deltaforceguide/config/SecurityConfig.java index 1ac6d71..f77a522 100644 --- a/src/main/java/com/onixbyte/deltaforceguide/config/SecurityConfig.java +++ b/src/main/java/com/onixbyte/deltaforceguide/config/SecurityConfig.java @@ -45,8 +45,8 @@ public class SecurityConfig { .authorizeHttpRequests((customiser) -> customiser .requestMatchers("/error", "/error/**").permitAll() .requestMatchers("/captcha", "/captcha/**").permitAll() - .requestMatchers("/auth/**").permitAll() .requestMatchers("/auth/logout").authenticated() + .requestMatchers("/auth/**").permitAll() .requestMatchers( "/swagger-ui.html", "/swagger-ui", diff --git a/src/main/java/com/onixbyte/deltaforceguide/controller/AuthController.java b/src/main/java/com/onixbyte/deltaforceguide/controller/AuthController.java index 172f8b7..481a549 100644 --- a/src/main/java/com/onixbyte/deltaforceguide/controller/AuthController.java +++ b/src/main/java/com/onixbyte/deltaforceguide/controller/AuthController.java @@ -5,6 +5,7 @@ import com.onixbyte.deltaforceguide.domain.dto.UserResponse; import com.onixbyte.deltaforceguide.client.TokenClient; import com.onixbyte.deltaforceguide.service.AuthService; import com.onixbyte.deltaforceguide.service.CookieService; +import com.onixbyte.deltaforceguide.shared.CookieName; import jakarta.validation.Valid; import org.springframework.http.HttpHeaders; import org.springframework.http.ResponseEntity; @@ -13,6 +14,8 @@ import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; +import java.time.Duration; + @RestController @RequestMapping("/auth") public class AuthController { @@ -31,10 +34,18 @@ public class AuthController { public ResponseEntity login(@Valid @RequestBody LoginRequest request) { var user = authService.login(request); var accessToken = tokenClient.generateToken(user); - var accessTokenCookie = cookieService.buildCookie("AccessToken", accessToken); + var accessTokenCookie = cookieService.buildCookie(CookieName.ACCESS_TOKEN, accessToken); return ResponseEntity.ok() .header(HttpHeaders.SET_COOKIE, accessTokenCookie.toString()) .body(UserResponse.from(user)); } + + @PostMapping("/logout") + public ResponseEntity logout() { + var expiredCookie = cookieService.buildCookie(CookieName.ACCESS_TOKEN, "", Duration.ZERO); + return ResponseEntity.noContent() + .header(HttpHeaders.SET_COOKIE, expiredCookie.toString()) + .build(); + } } diff --git a/src/main/java/com/onixbyte/deltaforceguide/shared/CookieName.java b/src/main/java/com/onixbyte/deltaforceguide/shared/CookieName.java new file mode 100644 index 0000000..329852b --- /dev/null +++ b/src/main/java/com/onixbyte/deltaforceguide/shared/CookieName.java @@ -0,0 +1,6 @@ +package com.onixbyte.deltaforceguide.shared; + +public class CookieName { + + public static final String ACCESS_TOKEN = "AccessToken"; +}