Initial logout route

bryphe-coder · bryphe-coder · commit 16a7e575d400 · 2022-01-22T01:43:07.000Z
diff --git a/coderd/coderd.go b/coderd/coderd.go
@@ -33,6 +33,7 @@ func New(options *Options) http.Handler {
 		})
 		r.Post("/user", users.createInitialUser)
 		r.Post("/login", users.loginWithPassword)
+		r.Post("/logout", logout)
 		// Require an API key and authenticated user for this group.
 		r.Group(func(r chi.Router) {
 			r.Use(
diff --git a/coderd/users.go b/coderd/users.go
@@ -199,6 +199,21 @@ func (users *users) loginWithPassword(rw http.ResponseWriter, r *http.Request) {
 	})
 }
 
+// Clear the user's session cookie
+func logout(rw http.ResponseWriter, r *http.Request) {
+	// Get a blank token cookie
+	cookie := &http.Cookie{
+		// MaxAge < 0 means to delete the cookie now
+		MaxAge: -1,
+		Name:   httpmw.AuthCookie,
+		Path:   "/",
+	}
+
+	http.SetCookie(rw, cookie)
+
+	render.Status(r, http.StatusOK)
+}
+
 // Generates a new ID and secret for an API key.
 func generateAPIKeyIDSecret() (id string, secret string, err error) {
 	// Length of an API Key ID.
