From 21cc160f8fd621260d7f9d3e49ea9c677f5bc5cf Mon Sep 17 00:00:00 2001
From: Darren Clarke <darren@redaranj.com>
Date: Wed, 5 Feb 2025 14:09:59 +0100
Subject: [PATCH] Redis logout WIP

---
 apps/link/app/_lib/authentication.ts | 6 ++++++
 apps/link/app/api/logout/route.ts    | 9 +++++++++
 docker/compose/link.yml              | 1 +
 3 files changed, 16 insertions(+)

diff --git a/apps/link/app/_lib/authentication.ts b/apps/link/app/_lib/authentication.ts
index bc112e1..d58f9f6 100644
--- a/apps/link/app/_lib/authentication.ts
+++ b/apps/link/app/_lib/authentication.ts
@@ -10,6 +10,7 @@ import {
 import Google from "next-auth/providers/google";
 import Credentials from "next-auth/providers/credentials";
 import Apple from "next-auth/providers/apple";
+import { Redis } from "ioredis";
 
 const headers = { Authorization: `Token ${process.env.ZAMMAD_API_TOKEN}` };
 
@@ -122,6 +123,11 @@ export const authOptions: NextAuthOptions = {
       return roles.includes("admin") || roles.includes("agent");
     },
     session: async ({ session, token }) => {
+      const redis = new Redis(process.env.REDIS_URL);
+      const isInvalidated = await redis.get(`invalidated:${token.sub}`);
+      if (isInvalidated) {
+        return null;
+      }
       // @ts-ignore
       session.user.roles = token.roles ?? [];
       // @ts-ignore
diff --git a/apps/link/app/api/logout/route.ts b/apps/link/app/api/logout/route.ts
index 753ab17..2257c94 100644
--- a/apps/link/app/api/logout/route.ts
+++ b/apps/link/app/api/logout/route.ts
@@ -1,6 +1,12 @@
 import { NextRequest, NextResponse } from "next/server";
+import { Redis } from "ioredis";
+import { getToken } from "next-auth/jwt";
 
 export async function POST(request: NextRequest) {
+  const token = await getToken({
+    req: request,
+    secret: process.env.NEXTAUTH_SECRET,
+  });
   const allCookies = request.cookies.getAll();
   const zammadURL = process.env.ZAMMAD_URL ?? "http://zammad-nginx:8080";
   const signOutURL = `${zammadURL}/api/v1/signout`;
@@ -25,5 +31,8 @@ export async function POST(request: NextRequest) {
     }
   }
 
+  const redis = new Redis(process.env.REDIS_URL);
+  await redis.setex(`invalidated:${token.sub}`, 24 * 60 * 60, "1");
+
   return response;
 }
diff --git a/docker/compose/link.yml b/docker/compose/link.yml
index 9837110..e175d5f 100644
--- a/docker/compose/link.yml
+++ b/docker/compose/link.yml
@@ -17,6 +17,7 @@ services:
       LEAFCUTTER_URL: https://lc.digiresilience.org
       BRIDGE_URL: http://bridge-frontend:3000
       ZAMMAD_URL: http://zammad-nginx:8080
+      REDIS_URL: "redis://zammad-redis:6379"
       NEXTAUTH_URL: ${LINK_URL}
       NEXTAUTH_SECRET: ${NEXTAUTH_SECRET}
       NEXTAUTH_AUDIENCE: ${NEXTAUTH_AUDIENCE}