MCPcopy Index your code
hub / github.com/PatchMon/PatchMon / Logout

Method Logout

server-source-code/internal/handler/auth.go:1123–1136  ·  view source on GitHub ↗

Logout handles POST /auth/logout. Revokes the current session server-side and clears auth cookies on the client. The patchmon_device_trust cookie is intentionally preserved — "remember this device" must survive logout (that is the whole point of the feature). Trust is killed only by explicit revocat

(w http.ResponseWriter, r *http.Request)

Source from the content-addressed store, hash-verified

1121// must survive logout (that is the whole point of the feature). Trust is killed only
1122// by explicit revocation, password change, TFA disable, or natural expiry.
1123func (h *AuthHandler) Logout(w http.ResponseWriter, r *http.Request) {
1124 userID, _ := r.Context().Value(middleware.UserIDKey).(string)
1125 sessionID, _ := r.Context().Value(middleware.SessionIDKey).(string)
1126 if h.log != nil {
1127 h.log.Debug("auth request", "method", r.Method, "path", r.URL.Path, "user_id", userID, "session_id", sessionID)
1128 }
1129 if sessionID != "" && userID != "" && h.sessions != nil {
1130 if err := h.sessions.RevokeByID(r.Context(), sessionID, userID); err != nil && h.log != nil {
1131 h.log.Error("logout revoke session failed", "user_id", userID, "session_id", sessionID, "error", err)
1132 }
1133 }
1134 clearAuthCookies(w, r)
1135 JSON(w, http.StatusOK, map[string]string{"message": "Logged out"})
1136}
1137
1138// parseUserAgent extracts browser, OS, and device from user agent string.
1139func parseUserAgent(ua string) map[string]string {

Callers

nothing calls this directly

Calls 5

clearAuthCookiesFunction · 0.85
ErrorMethod · 0.80
JSONFunction · 0.70
ValueMethod · 0.45
RevokeByIDMethod · 0.45

Tested by

no test coverage detected