RevokeSession handles DELETE /auth/sessions/{sessionId}.
(w http.ResponseWriter, r *http.Request)
| 1240 | |
| 1241 | // RevokeSession handles DELETE /auth/sessions/{sessionId}. |
| 1242 | func (h *AuthHandler) RevokeSession(w http.ResponseWriter, r *http.Request) { |
| 1243 | userID, _ := r.Context().Value(middleware.UserIDKey).(string) |
| 1244 | currentSessionID, _ := r.Context().Value(middleware.SessionIDKey).(string) |
| 1245 | sessionIDParam := chi.URLParam(r, "sessionId") |
| 1246 | if userID == "" { |
| 1247 | Error(w, http.StatusUnauthorized, "Unauthorized") |
| 1248 | return |
| 1249 | } |
| 1250 | if sessionIDParam == "" { |
| 1251 | Error(w, http.StatusBadRequest, "Session ID required") |
| 1252 | return |
| 1253 | } |
| 1254 | if sessionIDParam == currentSessionID { |
| 1255 | Error(w, http.StatusBadRequest, "Cannot revoke current session") |
| 1256 | return |
| 1257 | } |
| 1258 | if err := h.sessions.RevokeByID(r.Context(), sessionIDParam, userID); err != nil { |
| 1259 | Error(w, http.StatusNotFound, "Session not found") |
| 1260 | return |
| 1261 | } |
| 1262 | JSON(w, http.StatusOK, map[string]string{"message": "Session revoked successfully"}) |
| 1263 | } |
| 1264 | |
| 1265 | // RevokeAllSessions handles DELETE /auth/sessions (revoke all except current). |
| 1266 | func (h *AuthHandler) RevokeAllSessions(w http.ResponseWriter, r *http.Request) { |
nothing calls this directly
no test coverage detected