public async Task <IActionResult> Logout()
{
if (!HttpContext.Request.ExtractAccessToken(out var accessToken) ||
!accessTokenHandler.ValidateAndRestore <AuthClaims>(accessToken, out var identity))
{
return(Unauthorized(Constants.INVALID_ACCESS_TOKEN));
}
var refreshToken = await database.GetRefreshTokenByUserUid(identity.UserUid);
if (refreshToken != null)
{
await database.Delete <RefreshTokenModel>(refreshToken.Uid);
}
var cookieOptions = new CookieOptions
{
Expires = DateTime.Now,
HttpOnly = true,
};
Response.Cookies.Append(Constants.REFRESH_TOKEN_COOKIE, "", cookieOptions);
return(NoContent());
}
public override async Task OnActionExecutionAsync(ActionExecutingContext ctx, ActionExecutionDelegate next)
{
var controller = ctx.Controller as IAuthorizedController;
if (controller == null ||
!ctx.HttpContext.Request.ExtractAccessToken(out var accessToken) ||
!accessTokenhandler.ValidateAndRestore <AuthClaims>(accessToken, out var identity))
{
SetUnauthorized(ctx);
return;
}
if (!cache.TryGet <UserModel>(identity.UserUid, out var user))
{
user = await database.Get <UserModel>(identity.UserUid);
if (user == null)
{
SetUnauthorized(ctx);
return;
}
cache.Put(user, USER_CACHE_TIME);
}
identity.User = user;
controller.SetAuthClaims(identity);
await base.OnActionExecutionAsync(ctx, next);
}
