logout event

backend/src/event/EVENT_LOGOUT.ts

@@ -0,0 +1,6 @@
+import { User as DbUser } from '@entity/User'
+import { Event as DbEvent } from '@entity/Event'
+import { Event, EventType } from './Event'
+
+export const EVENT_LOGOUT = async (user: DbUser): Promise<DbEvent> =>
+  Event(EventType.LOGOUT, user, user).save()

backend/src/event/Event.ts

@@ -53,6 +53,7 @@ export { EVENT_CONTRIBUTION_UPDATE } from './EVENT_CONTRIBUTION_UPDATE'
 export { EVENT_CONTRIBUTION_MESSAGE_CREATE } from './EVENT_CONTRIBUTION_MESSAGE_CREATE'
 export { EVENT_CONTRIBUTION_LINK_REDEEM } from './EVENT_CONTRIBUTION_LINK_REDEEM'
 export { EVENT_LOGIN } from './EVENT_LOGIN'
+export { EVENT_LOGOUT } from './EVENT_LOGOUT'
 export { EVENT_REGISTER } from './EVENT_REGISTER'
 export { EVENT_SEND_ACCOUNT_MULTIREGISTRATION_EMAIL } from './EVENT_SEND_ACCOUNT_MULTIREGISTRATION_EMAIL'
 export { EVENT_SEND_CONFIRMATION_EMAIL } from './EVENT_SEND_CONFIRMATION_EMAIL'

backend/src/event/EventType.ts

@@ -17,6 +17,7 @@ export enum EventType {
   CONTRIBUTION_MESSAGE_CREATE = 'CONTRIBUTION_MESSAGE_CREATE',
   CONTRIBUTION_LINK_REDEEM = 'CONTRIBUTION_LINK_REDEEM',
   LOGIN = 'LOGIN',
+  LOGOUT = 'LOGOUT',
   REGISTER = 'REGISTER',
   REDEEM_REGISTER = 'REDEEM_REGISTER',
   SEND_ACCOUNT_MULTIREGISTRATION_EMAIL = 'SEND_ACCOUNT_MULTIREGISTRATION_EMAIL',

backend/src/graphql/resolver/UserResolver.ts

@@ -57,6 +57,7 @@ import {
   EVENT_REGISTER,
   EVENT_ACTIVATE_ACCOUNT,
   EVENT_ADMIN_SEND_CONFIRMATION_EMAIL,
+  EVENT_LOGOUT,
 } from '@/event/Event'
 import { getUserCreations } from './util/creations'
 import { isValidPassword } from '@/password/EncryptorUtils'
@@ -185,15 +186,9 @@ export class UserResolver {
 
   @Authorized([RIGHTS.LOGOUT])
   @Mutation(() => String)
-  async logout(): Promise<boolean> {
-    // TODO: Event still missing here!!
-    // TODO: We dont need this anymore, but might need this in the future in oder to invalidate a valid JWT-Token.
-    // Furthermore this hook can be useful for tracking user behaviour (did he logout or not? Warn him if he didn't on next login)
-    // The functionality is fully client side - the client just needs to delete his token with the current implementation.
-    // we could try to force this by sending `token: null` or `token: ''` with this call. But since it bares no real security
-    // we should just return true for now.
-    logger.info('Logout...')
-    // remove user.pubKey from logger-context to ensure a correct filter on log-messages belonging to the same user
+  async logout(@Ctx() context: Context): Promise<boolean> {
+    await EVENT_LOGOUT(getUser(context))
+    // remove user from logger context
     logger.addContext('user', 'unknown')
     return true
   }