hardened login / logout flow

author: Daniel Hader <[email protected]> 2026-05-30 12:59:21 -0500
committer: Daniel Hader <[email protected]> 2026-05-30 12:59:21 -0500
commit: bcff4d006a0600ecf86f18ecdaa74e0df31766f0 (patch)
tree: 5889f48f0c7d348d0bfe6240ab5136cd710d4ce4 /src
parent: 929be68e691c1c4015fc6874111b19b9f5d68c02 (diff)
2 files changed, 8 insertions, 1 deletions
diff --git a/src/main.rs b/src/main.rs
index 0fdd2fb..36ef319 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -10,7 +10,7 @@ use axum::{
 
 use routes::problem::{get_problems, create_problem};
 use routes::user::{create_user, me};
-use routes::auth::login;
+use routes::auth::{login, logout};
 use tower_http::services::ServeDir;
 
 use crate::database::Database;
@@ -41,6 +41,7 @@ async fn main() {
     
     let app = Router::new()
         .route("/login", post(login))
+        .route("/logout", post(logout))
         .route("/problem", get(get_problems))
         .route("/problem", post(create_problem))
         .route("/user", post(create_user))
diff --git a/src/routes/auth.rs b/src/routes/auth.rs
index 979e617..ab7a393 100644
--- a/src/routes/auth.rs
+++ b/src/routes/auth.rs
@@ -111,6 +111,12 @@ pub async fn login(
     Ok(jar.add(cookie))
 }
 
+pub async fn logout(
+    jar: CookieJar,
+) -> Result<impl IntoResponse, RouteError> {
+    Ok(jar.remove(Cookie::from("token")))
+}
+
 #[cfg(test)]
 mod tests {
     use super::*;
author	Daniel Hader <[email protected]>	2026-05-30 12:59:21 -0500
committer	Daniel Hader <[email protected]>	2026-05-30 12:59:21 -0500
commit	bcff4d006a0600ecf86f18ecdaa74e0df31766f0 (patch)
tree	5889f48f0c7d348d0bfe6240ab5136cd710d4ce4 /src
parent	929be68e691c1c4015fc6874111b19b9f5d68c02 (diff)