revoke token access

SandroMaglione · SandroMaglione · commit 7978bc6f97b3 · 2025-03-03T05:11:16.000+01:00
diff --git a/apps/client/src/routes/$workspaceId/token.tsx b/apps/client/src/routes/$workspaceId/token.tsx
@@ -1,4 +1,4 @@
-import { createFileRoute } from "@tanstack/react-router";
+import { createFileRoute, useRouter } from "@tanstack/react-router";
 import { Duration, Effect } from "effect";
 import { ApiClient } from "../../lib/api-client";
 import { WEBSITE_URL } from "../../lib/constants";
@@ -29,6 +29,7 @@ export const Route = createFileRoute("/$workspaceId/token")({
 function RouteComponent() {
   const { workspaceId } = Route.useParams();
   const { tokens, token } = Route.useLoaderData();
+  const router = useRouter();
 
   const [, onIssueToken, issuing] = useActionEffect((formData: FormData) =>
     Effect.gen(function* () {
@@ -48,6 +49,21 @@ function RouteComponent() {
     })
   );
 
+  const [, onRevoke, revoking] = useActionEffect((formData: FormData) =>
+    Effect.gen(function* () {
+      const api = yield* ApiClient;
+
+      const clientId = formData.get("clientId") as string;
+
+      yield* api.client.syncAuth.revokeToken({
+        path: { workspaceId, clientId },
+        headers: { "x-api-key": token },
+      });
+
+      yield* Effect.promise(() => router.invalidate({ sync: true }));
+    })
+  );
+
   return (
     <div>
       <h1>Tokens</h1>
@@ -88,13 +104,26 @@ function RouteComponent() {
                   : "N/A"}
               </td>
               <td>
-                {token.revokedAt
-                  ? new Date(token.revokedAt).toLocaleDateString(undefined, {
+                {token.revokedAt ? (
+                  <span>
+                    {new Date(token.revokedAt).toLocaleDateString(undefined, {
                       year: "numeric",
                       month: "long",
                       day: "numeric",
-                    })
-                  : "N/A"}
+                    })}
+                  </span>
+                ) : (
+                  <form action={onRevoke}>
+                    <input
+                      type="hidden"
+                      name="clientId"
+                      value={token.clientId}
+                    />
+                    <button type="submit" disabled={revoking}>
+                      Revoke access
+                    </button>
+                  </form>
+                )}
               </td>
               <td>
                 <button
diff --git a/apps/server/src/group/sync-auth.ts b/apps/server/src/group/sync-auth.ts
@@ -199,8 +199,34 @@ export const SyncAuthGroupLive = HttpApiBuilder.group(
             Effect.mapError((error) => error.message)
           )
         )
-        .handle("revokeToken", ({ path: { workspaceId } }) =>
-          Effect.fail("Not implemented")
+        .handle("revokeToken", ({ path: { workspaceId, clientId } }) =>
+          Effect.gen(function* () {
+            yield* Effect.log(`Revoking token for workspace ${workspaceId}`);
+
+            const revokedAt = yield* DateTime.now;
+
+            yield* query({
+              Request: Schema.Struct({
+                workspaceId: Schema.String,
+                clientId: Schema.String,
+              }),
+              execute: (db, { workspaceId, clientId }) =>
+                db
+                  .update(tokenTable)
+                  .set({ revokedAt: DateTime.toDate(revokedAt) })
+                  .where(
+                    and(
+                      eq(tokenTable.workspaceId, workspaceId),
+                      eq(tokenTable.clientId, clientId)
+                    )
+                  ),
+            })({ workspaceId, clientId });
+
+            return true;
+          }).pipe(
+            Effect.tapErrorCause(Effect.logError),
+            Effect.mapError((error) => error.message)
+          )
         );
     })
 ).pipe(
