Revoke token when logging out (#7493)

* Revoke token when logging out * extract OAUTH2_DEVICE_CLIENT_ID * Update snapshots * Update snapshots * try fix * try fix * Move client id to `@src/lib/constants` --------- Co-authored-by: Jonathan Tran <jonnytran@gmail.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: Pierre Jacquier <pierrejacquier39@gmail.com> Co-authored-by: Pierre Jacquier <pierre@zoo.dev>
2025-06-26 21:24:16 +02:00
parent 344fb6f84d
commit 7de27c648f
5 changed files with 35 additions and 5 deletions
--- a/e2e/playwright/snapshot-tests.spec.ts-snapshots/Draft-segments-should-look-right-3-Google-Chrome-linux.png
+++ b/e2e/playwright/snapshot-tests.spec.ts-snapshots/Draft-segments-should-look-right-3-Google-Chrome-linux.png
--- a/e2e/playwright/snapshot-tests.spec.ts-snapshots/Draft-segments-should-look-right-4-Google-Chrome-linux.png
+++ b/e2e/playwright/snapshot-tests.spec.ts-snapshots/Draft-segments-should-look-right-4-Google-Chrome-linux.png
--- a/src/lib/constants.ts
+++ b/src/lib/constants.ts
@ -222,3 +222,6 @@ export const CODE_QUERY_PARAM = 'code'
 /** A query parameter to skip the sign-on view if unnecessary. */
 export const IMMEDIATE_SIGN_IN_IF_NECESSARY_QUERY_PARAM =
  'immediate-sign-in-if-necessary'
 // Only used by the desktop app
 export const OAUTH2_DEVICE_CLIENT_ID = '2af127fb-e14e-400a-9c57-a9ed08d1a5b7'
--- a/src/machines/authMachine.ts
+++ b/src/machines/authMachine.ts
@ -7,7 +7,7 @@ import {
 } from '@src/env'
 import { assign, fromPromise, setup } from 'xstate'
-import { COOKIE_NAME } from '@src/lib/constants'
+import { COOKIE_NAME, OAUTH2_DEVICE_CLIENT_ID } from '@src/lib/constants'
 import {
  getUser as getUserDesktop,
  readTokenFile,
@ -254,8 +254,32 @@ async function getAndSyncStoredToken(input: {
 async function logout() {
  localStorage.removeItem(TOKEN_PERSIST_KEY)
  if (isDesktop()) {
-    await writeTokenFile('')
+    try {
-    return Promise.resolve(null)
+      let token = await readTokenFile()
      if (token) {
        try {
          await fetch(withBaseUrl('/oauth2/token/revoke'), {
            method: 'POST',
            credentials: 'include',
            headers: {
              'Content-Type': 'application/x-www-form-urlencoded',
            },
            body: new URLSearchParams({
              token: token,
              client_id: OAUTH2_DEVICE_CLIENT_ID,
            }).toString(),
          })
        } catch (e) {
          console.error('Error revoking token:', e)
        }
        await writeTokenFile('')
        return Promise.resolve(null)
      }
    } catch (e) {
      console.error('Error reading token during logout (ignoring):', e)
    }
  }
  return fetch(withBaseUrl('/logout'), {
--- a/src/main.ts
+++ b/src/main.ts
@ -28,7 +28,10 @@ import {
  parseCLIArgs,
 } from '@src/commandLineArgs'
 import { initPromiseNode } from '@src/lang/wasmUtilsNode'
-import { ZOO_STUDIO_PROTOCOL } from '@src/lib/constants'
+import {
  ZOO_STUDIO_PROTOCOL,
  OAUTH2_DEVICE_CLIENT_ID,
 } from '@src/lib/constants'
 import getCurrentProjectFile from '@src/lib/getCurrentProjectFile'
 import { reportRejection } from '@src/lib/trap'
 import {
@ -402,7 +405,7 @@ ipcMain.handle('startDeviceFlow', async (_, host: string) => {
    // We can hardcode the client ID.
    // This value is safe to be embedded in version control.
    // This is the client ID of the KittyCAD app.
-    client_id: '2af127fb-e14e-400a-9c57-a9ed08d1a5b7',
+    client_id: OAUTH2_DEVICE_CLIENT_ID,
    token_endpoint_auth_method: 'none',
  })