From 6ae5f6e23d361c856658c19117207b1960f89270 Mon Sep 17 00:00:00 2001
From: Moriz Wahl <moriz.wahl@gmx.de>
Date: Mon, 30 Aug 2021 16:39:10 +0200
Subject: [PATCH] logout without sessionId

---
 backend/src/graphql/resolvers/UserResolver.ts   | 17 +++++++----------
 frontend/src/graphql/queries.js                 |  4 ++--
 .../src/views/Layout/DashboardLayout_gdd.vue    |  1 -
 3 files changed, 9 insertions(+), 13 deletions(-)

diff --git a/backend/src/graphql/resolvers/UserResolver.ts b/backend/src/graphql/resolvers/UserResolver.ts
index 8e3dbf841..42a7be6da 100644
--- a/backend/src/graphql/resolvers/UserResolver.ts
+++ b/backend/src/graphql/resolvers/UserResolver.ts
@@ -1,5 +1,7 @@
-// import jwt from 'jsonwebtoken'
-import { Resolver, Query, Args, Arg } from 'type-graphql'
+/* eslint-disable @typescript-eslint/no-explicit-any */
+/* eslint-disable @typescript-eslint/explicit-module-boundary-types */
+
+import { Resolver, Query, Args, Arg, Authorized, Ctx } from 'type-graphql'
 import CONFIG from '../../config'
 import { CheckUsernameResponse } from '../models/CheckUsernameResponse'
 import { User } from '../models/User'
@@ -28,12 +30,6 @@ export class UserResolver {
       throw new Error(result.data)
     }
 
-    // temporary solution until we have JWT implemented
-    // return new LoginResponse(result.data)
-
-    // create and return the json web token
-    // The expire doesn't help us here. The client needs to track when the token expires on its own,
-    // since every action prolongs the time the session is valid.
     const data = result.data
     const sessionId = data.session_id
     delete data.session_id
@@ -55,9 +51,10 @@ export class UserResolver {
     return new LoginViaVerificationCode(result.data)
   }
 
+  @Authorized()
   @Query(() => String)
-  async logout(@Arg('sessionId') sessionId: number): Promise<string> {
-    const payload = { session_id: sessionId }
+  async logout(@Ctx() context: any): Promise<string> {
+    const payload = { session_id: context.sessionId }
     const result = await apiPost(CONFIG.LOGIN_API_URL + 'logout', payload)
     if (!result.success) {
       throw new Error(result.data)
diff --git a/frontend/src/graphql/queries.js b/frontend/src/graphql/queries.js
index 579e07912..ca5572493 100644
--- a/frontend/src/graphql/queries.js
+++ b/frontend/src/graphql/queries.js
@@ -7,8 +7,8 @@ export const login = gql`
 `
 
 export const logout = gql`
-  query($sessionId: Float!) {
-    logout(sessionId: $sessionId)
+  query {
+    logout
   }
 `
 
diff --git a/frontend/src/views/Layout/DashboardLayout_gdd.vue b/frontend/src/views/Layout/DashboardLayout_gdd.vue
index fdfea867d..35e7bb8af 100755
--- a/frontend/src/views/Layout/DashboardLayout_gdd.vue
+++ b/frontend/src/views/Layout/DashboardLayout_gdd.vue
@@ -92,7 +92,6 @@ export default {
       this.$apollo
         .query({
           query: logout,
-          variables: { sessionId: this.$store.state.sessionId },
         })
         .then(() => {
           this.$sidebar.displaySidebar(false)