cardosofelipe/eventspace
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add token revocation mechanism and support for logout APIs

Browse Source 
This commit introduces a system to revoke tokens by storing their `jti` in a new `RevokedToken` model. It includes APIs for logging out (revoking a current token) and logging out from all devices (revoking all tokens). Additionally, token validation now checks revocation status during the decode process.
This commit is contained in:
Felipe Cardoso
2025-02-28 17:45:33 +01:00
parent aa77752981
commit 8814dc931f
8 changed files with 270 additions and 208 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
backend/app/models/token.py
View File

@@ -0,0 +1,15 @@
from sqlalchemy import Column, String, ForeignKey
from sqlalchemy.dialects.postgresql import UUID
from sqlalchemy.orm import relationship
from app.models.base import Base, TimestampMixin, UUIDMixin
class RevokedToken(UUIDMixin, TimestampMixin, Base):
"""Model to store revoked JWT tokens via their jti (JWT ID)."""
__tablename__ = "revoked_tokens"
jti = Column(String(length=50), nullable=False, unique=True, index=True)
token_type = Column(String(length=20), nullable=False)
user_id = Column(UUID(as_uuid=True), ForeignKey("users.id", ondelete="CASCADE"))
user = relationship("User", back_populates="revoked_tokens")