Feat(BE-69,70,71,72,73): crud and integration sso with lti, revoke_token

2026-05-22 22:35:43 +00:00 · 2025-10-21 20:31:10 +07:00
parent e239246d02
commit ab8c5d2ec4
6 changed files with 119 additions and 16 deletions
@@ -55,6 +55,17 @@ func Auth(userService service.UserService, requiredRights ...string) fiber.Handl
 		}

 		if revoker := session.GetRevocationStore(); revoker != nil {
+			logoutAt, err := revoker.UserLogoutTime(c.Context(), verification.UserID)
+			if err != nil {
+				utils.Log.WithError(err).Warn("failed to load logout marker")
+				return fiber.NewError(fiber.StatusUnauthorized, "Please authenticate")
+			}
+			if !logoutAt.IsZero() {
+				if verification.Claims.IssuedAt == nil || !verification.Claims.IssuedAt.Time.After(logoutAt) {
+					return fiber.NewError(fiber.StatusUnauthorized, "Please authenticate")
+				}
+			}
+
 			if fingerprint := session.TokenFingerprint(token); fingerprint != "" {
 				revoked, err := revoker.IsRevoked(c.Context(), fingerprint)
 				if err != nil {