2025-07-30 03:46:50 +08:00
1 changed files with 18 additions and 9 deletions
--- a/backend/feature/auth/src/framework/web/auth_web_routes.rs
+++ b/backend/feature/auth/src/framework/web/auth_web_routes.rs
@ -8,6 +8,10 @@ use crate::{
    application::error::auth_error::AuthError,
 };

+const SESSION_KEY_AUTH_STATE: &str = "auth_state";
+const SESSION_KEY_AUTH_NONCE: &str = "auth_nonce";
+const SESSION_KEY_USER: &str = "user";
+
 pub fn configure_auth_routes(cfg: &mut web::ServiceConfig) {
    cfg.service(
        web::scope("/auth")
@ -25,11 +29,11 @@ async fn oidc_login_handler(

    match result {
        Ok(auth_url) => {
-            if let Err(e) = session.insert("auth_state", auth_url.state) {
+            if let Err(e) = session.insert(SESSION_KEY_AUTH_STATE, auth_url.state) {
                log::error!("{e:?}");
                return HttpResponse::InternalServerError().finish();
            }
-            if let Err(e) = session.insert("auth_nonce", auth_url.nonce) {
+            if let Err(e) = session.insert(SESSION_KEY_AUTH_NONCE, auth_url.nonce) {
                log::error!("{e:?}");
                return HttpResponse::InternalServerError().finish();
            }
@ -49,12 +53,12 @@ async fn oidc_callback_handler(
    query: web::Query<OidcCallbackQueryDto>,
    session: Session,
 ) -> impl Responder {
-    let expected_state: String = match session.get("auth_state") {
+    let expected_state: String = match session.get(SESSION_KEY_AUTH_STATE) {
        Ok(Some(state)) => state,
        _ => return HttpResponse::BadRequest().finish(),
    };

-    let expected_nonce: String = match session.get("auth_nonce") {
+    let expected_nonce: String = match session.get(SESSION_KEY_AUTH_NONCE) {
        Ok(Some(nonce)) => nonce,
        _ => return HttpResponse::BadRequest().finish(),
    };
@ -63,11 +67,11 @@ async fn oidc_callback_handler(
        .oidc_callback(query.into_inner(), &expected_state, &expected_nonce)
        .await;

-    session.remove("auth_state");
-    session.remove("auth_nonce");
+    session.remove(SESSION_KEY_AUTH_STATE);
+    session.remove(SESSION_KEY_AUTH_NONCE);
    match result {
        Ok(user) => {
-            if let Err(e) = session.insert("user", user) {
+            if let Err(e) = session.insert(SESSION_KEY_USER, user) {
                log::error!("{e:?}");
                return HttpResponse::InternalServerError().finish();
            }
@ -87,6 +91,11 @@ async fn oidc_callback_handler(
    }
 }

-async fn logout_handler() -> impl Responder {
-    HttpResponse::Ok().finish()
+async fn logout_handler(session: Session) -> impl Responder {
+    session.remove(SESSION_KEY_AUTH_STATE);
+    session.remove(SESSION_KEY_AUTH_NONCE);
+    session.remove(SESSION_KEY_USER);
+    HttpResponse::Found()
+        .append_header((header::LOCATION, "/"))
+        .finish()
 }