.gitignore

@@ -6,7 +6,7 @@ target/
 
 # Remove Cargo.lock from gitignore if creating an executable, leave it for libraries
 # More information here https://doc.rust-lang.org/cargo/guide/cargo-toml-vs-cargo-lock.html
-Cargo.lock
+# Cargo.lock
 
 # These are backup files generated by rustfmt
 **/*.rs.bk

bruno/user/Logout User.bru

@@ -0,0 +1,11 @@
+meta {
+  name: Logout User
+  type: http
+  seq: 5
+}
+
+post {
+  url: {{api_base}}/auth/logout
+  body: none
+  auth: inherit
+}

crates/backend/src/controller/auth.rs

@@ -1,12 +1,12 @@
 use actix_session::Session;
 use actix_web::{
-    post,
+    HttpRequest, HttpResponse, Responder, post,
     web::{self, ServiceConfig},
-    HttpResponse, Responder,
 };
+use log::debug;
 use serde::Deserialize;
 
-use crate::{error::ApiError, Database};
+use crate::{Database, error::ApiError};
 
 #[derive(Deserialize)]
 struct LoginRequest {
@@ -15,7 +15,7 @@ struct LoginRequest {
 }
 
 pub fn setup(cfg: &mut ServiceConfig) {
-    cfg.service(login);
+    cfg.service(login).service(logout);
 }
 
 #[post("/login")]
@@ -34,3 +34,12 @@ async fn login(
 
     Ok(HttpResponse::Ok())
 }
+
+#[post("/logout")]
+async fn logout(session: Session, request: HttpRequest) -> Result<impl Responder, ApiError> {
+    debug!("request cookies: {:?}", request.cookies());
+    debug!("Session entries: {:?}", session.entries());
+    session.purge();
+    debug!("Session entries after purge: {:?}", session.entries());
+    Ok(HttpResponse::Ok().body("Logged out successfully"))
+}

crates/backend/src/db.rs

@@ -16,4 +16,8 @@ impl Database {
             conn: sea_orm::Database::connect(options).await?,
         })
     }
+
+    pub fn connection(&self) -> &DatabaseConnection {
+        &self.conn
+    }
 }

crates/backend/src/main.rs

@@ -1,5 +1,7 @@
 use actix_files::NamedFile;
+use actix_session::Session;
 use actix_session::{SessionMiddleware, storage::RedisSessionStore};
+use actix_web::cookie::SameSite;
 use actix_web::{App, HttpResponse, HttpServer, cookie::Key, middleware::Logger, web};
 use log::debug;
 
@@ -9,6 +11,9 @@ mod error;
 
 pub use db::Database;
 pub use db::entity;
+use log::info;
+use migration::Migrator;
+use migration::MigratorTrait;
 
 #[derive(Clone)]
 struct AppConfig {
@@ -24,6 +29,10 @@ async fn main() -> std::io::Result<()> {
 
     let database = Database::new(database_url.into()).await.unwrap();
 
+    info!("Running migrations");
+    Migrator::up(database.connection(), None).await.unwrap();
+    info!("Migrations completed");
+
     let redis_conn = connect_to_redis_database().await;
 
     let app_config = AppConfig { ldap_auth: false };
@@ -33,14 +42,23 @@ async fn main() -> std::io::Result<()> {
     debug!("Secret Key {:?}", secret_key.master());
 
     HttpServer::new(move || {
+        let session_middleware = SessionMiddleware::builder(redis_conn.clone(), secret_key.clone());
+
+        let session_middleware = if cfg!(debug_assertions) {
+            session_middleware.cookie_secure(false)
+        } else {
+            session_middleware
+                .cookie_same_site(SameSite::Strict)
+                .cookie_secure(true)
+        };
+
+        let session_middleware = session_middleware.build();
+
         let app = App::new()
             .app_data(web::Data::new(database.clone()))
             .app_data(web::Data::new(app_config.clone()))
             .wrap(Logger::default())
-            .wrap(SessionMiddleware::new(
+            .wrap(session_middleware)
-                redis_conn.clone(),
-                secret_key.clone(),
-            ))
             .service(web::scope("/api/v1").configure(controller::register_controllers));
 
         #[cfg(feature = "serve")]