Fix #81: login/logout workin

lib/Trog/Auth.pm

@@ -76,6 +76,18 @@ sub mksession ($user,$pass) {
     return $uuid;
 }
 
+=head2 killsession(user) = BOOL
+
+Delete the provided user's session from the auth db.
+
+=cut
+
+sub killsession ($user) {
+    my $dbh = _dbh();
+    $dbh->do("DELETE FROM session WHERE user_id IN (SELECT id FROM user WHERE name=?)",undef,$user);
+    return 1;
+}
+
 =head2 useradd(user, pass) = BOOL
 
 Adds a user identified by the provided password into the auth DB.

lib/Trog/Routes/HTML.pm

@@ -44,6 +44,10 @@ our %routes = (
         method   => 'GET',
         callback => \&Trog::Routes::HTML::login,
     },
+    '/logout' => {
+        method => 'GET',
+        callback => \&Trog::Routes::HTML::logout,
+    },
     '/auth' => {
         method   => 'POST',
         nostatic => 1,
@@ -333,6 +337,7 @@ sub login ($query, $render_cb) {
     # Note to future me -- this user value is overwritten explicitly in server.psgi.
     # If that ever changes, you will die
     $query->{to} //= $query->{route};
+    $query->{to} = '/config' if $query->{to} eq '/login';
     if ($query->{user}) {
         return $routes{$query->{to}}{callback}->($query,$render_cb);
     }
@@ -371,6 +376,19 @@ sub login ($query, $render_cb) {
     }, @headers);
 }
 
+=head2 logout
+
+Deletes your users' session and opens the login page.
+
+=cut
+
+sub logout ($query, $render_cb) {
+    Trog::Auth::killsession($query->{user}) if $query->{user};
+    delete $query->{user};
+    $query->{to} = '/config';
+    return login($query,$render_cb);
+}
+
 =head2 config
 
 Renders the configuration page, or redirects you back to the login page.

www/server.psgi

@@ -79,12 +79,6 @@ my $app = sub {
          ($active_user,$user_id) = Trog::Auth::session2user($cookies->{tcmslogin}->value);
     }
 
-    $query->{acls} = Trog::Auth::acls4user($user_id) // [] if $user_id;
-
-    $query->{user}   = $active_user;
-    $query->{domain} = $env->{HTTP_HOST};
-    $query->{route}  = $path;
-
     #Disallow any paths that are naughty ( starman auto-removes .. up-traversal)
     if (index($path,'/templates') == 0 || $path =~ m/.*\.psgi$/i ) {
         return Trog::Routes::HTML::forbidden($query, \&_render);
@@ -130,6 +124,13 @@ my $app = sub {
         @$query{keys(%{$body->upload})} = values(%{$body->upload});
     }
 
+    #Set various things we don't want overridden
+    $query->{acls} = Trog::Auth::acls4user($user_id) // [] if $user_id;
+
+    $query->{user}   = $active_user;
+    $query->{domain} = $env->{HTTP_HOST};
+    $query->{route}  = $path;
+
     my $output =  $routes{$path}{callback}->($query, \&_render);
     return $output;
 };

www/templates/sysbar.tx

@@ -12,6 +12,7 @@
         <a href="/post/files"  title="Files"         class="topbar">Files</a>
         <a href="/post/series" title="Series"        class="topbar">Series</a>
         <a href="/post/about"  title="About"         class="topbar">About</a>
+        <a href="/logout"      title="Logout"        class="topbar">🚪</a>
     </span>
 </div>
 <div style="height:3rem;">hidon</div>