feat: auth hardening + codebase quality sweep
Refresh tokens: RefreshToken entity, PostgresRefreshTokenRepository, login returns refresh token, POST /auth/refresh (rotation), POST /auth/logout, JWT expiry 24h→1h, configurable via with_expiry(). Route protection: require_auth middleware on protected routes, public routes split (register, login, refresh, sharing/access). Authorization: caller_id added to ReadAssetFileQuery, ReadDerivativeQuery, GetStackQuery, DeleteStackCommand with ownership checks. Admin-only gates on processing, storage, sidecar, duplicates handlers. Quality fixes: visibility filtering bypass in search(), unwrap panics in date parsing, DRY auth header parsing, centralized parsers module, email validation via email_address crate, value objects (Username, MimeType, RelativePath), domain events (UserCreated, UserDeleted, AlbumCreated, TagCreated, DuplicateDetected), postgres error mapping for constraint violations, OptionExt::or_not_found helper, in_memory_repo! macro, GetStackQuery moved to queries, album add_entry 200→201.
This commit is contained in:
16
crates/application/src/identity/commands/logout.rs
Normal file
16
crates/application/src/identity/commands/logout.rs
Normal file
@@ -0,0 +1,16 @@
|
||||
use domain::{errors::DomainError, ports::RefreshTokenRepository, value_objects::SystemId};
|
||||
use std::sync::Arc;
|
||||
|
||||
pub struct LogoutHandler {
|
||||
refresh_repo: Arc<dyn RefreshTokenRepository>,
|
||||
}
|
||||
|
||||
impl LogoutHandler {
|
||||
pub fn new(refresh_repo: Arc<dyn RefreshTokenRepository>) -> Self {
|
||||
Self { refresh_repo }
|
||||
}
|
||||
|
||||
pub async fn execute(&self, user_id: &SystemId) -> Result<(), DomainError> {
|
||||
self.refresh_repo.delete_by_user(user_id).await
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user