From d6939de924b248b8f607acd4baaee6f27cd106c6 Mon Sep 17 00:00:00 2001
From: Valentin CZERYBA <valcze80@gmail.com>
Date: Sat, 30 Jul 2022 00:20:04 +0200
Subject: [PATCH] remove token

---
 .../java/com/covas/Resources/TokenRessource.java | 16 ++++++++++++++--
 src/main/resources/application.properties        |  2 +-
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/src/main/java/com/covas/Resources/TokenRessource.java b/src/main/java/com/covas/Resources/TokenRessource.java
index 8e3322e..f975e87 100644
--- a/src/main/java/com/covas/Resources/TokenRessource.java
+++ b/src/main/java/com/covas/Resources/TokenRessource.java
@@ -5,6 +5,7 @@ import java.time.Duration;
 
 import javax.inject.Inject;
 import javax.ws.rs.CookieParam;
+import javax.ws.rs.DELETE;
 import javax.ws.rs.GET;
 import javax.ws.rs.Path;
 import javax.ws.rs.Produces;
@@ -66,11 +67,11 @@ public class TokenRessource {
                 return Response.status(Response.Status.FORBIDDEN).build(); 
             }
             // Create a JWT token signed using the 'HS256' algorithm
-            String newJwtCookie = Jwt.issuer("https://example.com/issuer").upn(name).groups(users.roles).claim(Claims.kid, users.id.toString()).expiresIn(Duration.ofMinutes(1)).sign();
+            String newJwtCookie = Jwt.issuer("https://example.com/issuer").upn(name).groups(users.roles).claim(Claims.kid, users.id.toString()).expiresIn(Duration.ofMinutes(5)).sign();
             // or create a JWT token encrypted using the 'A256KW' algorithm
             // Jwt.upn("alice").encryptWithSecret(secret);
             String nameEncoded = Base64.toBase64String(name.getBytes(StandardCharsets.UTF_8));
-            return Response.status(Response.Status.CREATED).cookie(new NewCookie(new Cookie("jwt", newJwtCookie), "Token JWT", 60, false), new NewCookie(new Cookie("user", nameEncoded), "Username", 60, false)).build();
+            return Response.status(Response.Status.CREATED).cookie(new NewCookie(new Cookie("jwt", newJwtCookie), "Token JWT", 300, false), new NewCookie(new Cookie("user", nameEncoded), "Username", 60, false)).build();
       } 
       // All mp.jwt and smallrye.jwt properties are still effective, only the verification key is customized.
       try {
@@ -86,5 +87,16 @@ public class TokenRessource {
        }
        return Response.status(Response.Status.OK).build();
     }
+
+    @DELETE
+    public Response deleteToken(@CookieParam("jwt") String jwtCookie) {
+        if(jwtCookie == null){
+            return Response.status(Response.Status.BAD_REQUEST).build();
+        }
+
+        return Response.ok().cookie(new NewCookie(new Cookie("jwt", null), "", 0, false)).build();
+    }
+
+    
     
 }
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
index 475a250..edaf415 100644
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -29,6 +29,6 @@ quarkus.redis.hosts=redis://redis:6379
 
 quarkus.http.cors=true
 quarkus.http.origins=http://localhost:8084
-quarkus.http.cors.methods=GET,PUT,POST
+quarkus.http.cors.methods=GET,PUT,POST,DELETE
 quarkus.http.cors.headers=accept,authorization,content-type,x-requested-with,x-foobar
 quarkus.http.cors.access-control-allow-credentials=true
\ No newline at end of file