#5: add Logout helper

README.md

@@ -132,6 +132,10 @@ func main() {
 	pkey.MountStaticRoutes(mux, "/static/")
 
 	mux.Handle("/", http.FileServer(http.Dir("./_example/web")))
+    mux.HandleFunc("/logout", func(w http.ResponseWriter, r *http.Request) {
+      pkey.Logout(w, r)
+      http.Redirect(w, r, "/", http.StatusSeeOther)
+    })
 
 	privateMux := http.NewServeMux()
 	privateMux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {

_example/main.go

@@ -11,6 +11,8 @@ import (
 	"github.com/go-webauthn/webauthn/webauthn"
 )
 
+const userKey = "pkUser"
+
 func main() {
 	proto := "http"
 	host := "localhost"
@@ -41,11 +43,15 @@ func main() {
 	pkey.MountStaticRoutes(mux, "/static/")
 
 	mux.Handle("/", http.FileServer(http.Dir("./_example/web")))
+	mux.HandleFunc("/logout", func(w http.ResponseWriter, r *http.Request) {
+		pkey.Logout(w, r)
+		http.Redirect(w, r, "/", http.StatusSeeOther)
+	})
 
 	privateMux := http.NewServeMux()
 	privateMux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
 		// get the userID from the request context
-		userID, ok := passkey.UserFromContext(r.Context(), "pkUser")
+		userID, ok := passkey.UserFromContext(r.Context(), userKey)
 		if !ok {
 			http.Error(w, "No user found", http.StatusUnauthorized)
 
@@ -74,7 +80,7 @@ func main() {
 
 	withAuth := passkey.Auth(
 		storage,
-		"pkUser",
+		userKey,
 		nil,
 		passkey.RedirectUnauthorized(url.URL{Path: "/"}),
 	)

_example/web/private.html

@@ -37,7 +37,11 @@
 </nav>
 
 <div class="container d-flex justify-content-center align-items-center vh-100">
-    <h1>Hi, {{ .UserID }}!</h1>
+    <div class="container d-flex flex-column justify-content-center align-items-center vh-100">
+        <h1>Hi, {{ .UserID }}!</h1>
+        <p>Here is your private page.</p>
+        <a href="/logout" class="btn btn-primary">Logout</a>
+    </div>
 </div>
 
 <script src="script.js"></script>

errors.go

@@ -2,4 +2,6 @@ package passkey
 
 import "fmt"
 
-var ErrNoUsername = fmt.Errorf("no username provided")
+var (
+	ErrNoUsername = fmt.Errorf("no username provided")
+)

passkey.go

@@ -44,6 +44,7 @@ type Passkey struct {
 	l Logger
 }
 
+// New creates new Passkey instance
 func New(cfg Config, opts ...Option) (*Passkey, error) {
 	p := &Passkey{
 		cfg: cfg,
@@ -106,10 +107,12 @@ func (p *Passkey) setupRoutes() {
 	p.staticMux.Handle("/", http.FileServer(http.Dir("./static")))
 }
 
+// MountRoutes mounts passkey routes to mux
 func (p *Passkey) MountRoutes(mux *http.ServeMux, path string) {
 	mux.Handle(path, http.StripPrefix(path[:len(path)-1], p.mux))
 }
 
+// MountStaticRoutes mounts static routes to mux
 func (p *Passkey) MountStaticRoutes(mux *http.ServeMux, path string) {
 	mux.Handle(path, http.StripPrefix(path[:len(path)-1], p.staticMux))
 }

utils.go

@@ -0,0 +1,16 @@
+package passkey
+
+import "net/http"
+
+// Logout deletes session from session store and deletes session cookie
+func (p *Passkey) Logout(w http.ResponseWriter, r *http.Request) {
+	sid, err := r.Cookie(sessionCookieName)
+	if err != nil {
+		p.l.Errorf("can't get session cookie: %s", err.Error())
+
+		return
+	}
+
+	p.sessionStore.DeleteSession(sid.Value)
+	deleteCookie(w, sessionCookieName)
+}

utils_test.go

@@ -0,0 +1,84 @@
+package passkey
+
+import (
+	"github.com/go-webauthn/webauthn/webauthn"
+	"github.com/stretchr/testify/assert"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+)
+
+func TestPasskey_Logout(t *testing.T) {
+	tests := []struct {
+		name         string
+		sessionStore func() SessionStore
+		l            func() Logger
+		w            http.ResponseWriter
+		r            func() *http.Request
+	}{
+		{
+			name: "succ: delete session",
+			sessionStore: func() SessionStore {
+				mock := NewMockSessionStore(t)
+
+				mock.EXPECT().
+					DeleteSession("hello-darkness-my-old-friend").
+					Times(1)
+
+				return mock
+			},
+			l: func() Logger {
+				mock := NewMockLogger(t)
+
+				return mock
+			},
+			w: httptest.NewRecorder(),
+			r: func() *http.Request {
+				r := httptest.NewRequest(http.MethodGet, "/", http.NoBody)
+				r.AddCookie(&http.Cookie{
+					Name:  sessionCookieName,
+					Value: "hello-darkness-my-old-friend",
+				})
+
+				return r
+			},
+		},
+		{
+			name: "err: can't get session cookie",
+			sessionStore: func() SessionStore {
+				return NewMockSessionStore(t)
+			},
+			l: func() Logger {
+				mock := NewMockLogger(t)
+
+				mock.EXPECT().
+					Errorf("can't get session cookie: %s", "cookie not found").
+					Times(1)
+
+				return mock
+			},
+			w: httptest.NewRecorder(),
+			r: func() *http.Request {
+				return httptest.NewRequest(http.MethodGet, "/", http.NoBody)
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			p, err := New(
+				Config{
+					WebauthnConfig: &webauthn.Config{
+						RPDisplayName: "Passkey Test",
+						RPID:          "localhost",
+						RPOrigins:     []string{"localhost"},
+					},
+					UserStore:     nil,
+					SessionStore:  tt.sessionStore(),
+					SessionMaxAge: 69,
+				},
+			)
+			assert.NoError(t, err)
+			p.Logout(tt.w, tt.r())
+		})
+	}
+}