refactor: modify refresh token field names, add authorization & cookie deletion in revoke-session endpoint

Server/Controllers/AuthenticationController.cs

@@ -1,3 +1,4 @@
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Options;
 using Server.Configurations;
@@ -71,11 +72,12 @@ public class AuthenticationController : ControllerBase
         return Ok(authResponse);
     }
     
+    [Authorize(AuthenticationSchemes = "Bearer")]
     [HttpPost("revoke-session")]
-    public async Task<IActionResult> RevokeToken([FromBody] RevokeRefreshTokenRequest revokeRequest)
+    public async Task<IActionResult> RevokeToken()
     {
         // accept token from request body or cookie
-        var token = revokeRequest.RefreshToken ?? Request.Cookies["refreshToken"];
+        var token = Request.Cookies["refreshToken"];
         if (string.IsNullOrEmpty(token))
         {
             return BadRequest(new ResponseBase{ Message = "Refresh token is required." });
@@ -87,6 +89,8 @@ public class AuthenticationController : ControllerBase
             return NotFound(new ResponseBase{ Message = "Refresh token not found." });
         }
         
+        Response.Cookies.Delete("refreshToken");
+        
         return Ok(new ResponseBase{ Message = "Refresh token revoked." });
     }
     

Server/Models/RefreshToken.cs

@@ -6,9 +6,9 @@ namespace Server.Models;
 public class RefreshToken
 {
     public string Token { get; set; } = null!;
-    public DateTime Expires { get; set; }
-    public bool IsExpired => DateTime.UtcNow >= Expires;
-    public DateTime Created { get; set; }
+    public DateTime ExpiryDateTime { get; set; }
+    public bool IsExpired => DateTime.UtcNow >= ExpiryDateTime;
+    public DateTime CreationDateTime { get; set; }
     public DateTime? Revoked { get; set; }
     public bool IsActive => Revoked == null && !IsExpired;
 }

Server/Services/AuthenticationService.cs

@@ -87,13 +87,13 @@ public class AuthenticationService : IAuthenticationService
             var activeRefreshToken =
                 user.RefreshTokens.First(t => t.IsActive);
             refreshTokenString = activeRefreshToken.Token;
-            authResponse.RefreshTokenExpirationDate = activeRefreshToken.Expires;
+            authResponse.RefreshTokenExpirationDate = activeRefreshToken.ExpiryDateTime;
         }
         else
         {
             var refreshToken = CreateRefreshToken();
             refreshTokenString = refreshToken.Token;
-            authResponse.RefreshTokenExpirationDate = refreshToken.Expires;
+            authResponse.RefreshTokenExpirationDate = refreshToken.ExpiryDateTime;
             user.RefreshTokens.Add(refreshToken);
             await _userManager.UpdateAsync(user);
         }
@@ -135,7 +135,7 @@ public class AuthenticationService : IAuthenticationService
         var jwtSecurityToken = await CreateJwtToken(user);
         authResponse.Token = new JwtSecurityTokenHandler().WriteToken(jwtSecurityToken);
         
-        authResponse.RefreshTokenExpirationDate = newRefreshToken.Expires;
+        authResponse.RefreshTokenExpirationDate = newRefreshToken.ExpiryDateTime;
         
         return (true, authResponse, newRefreshToken.Token);
     }
@@ -208,8 +208,8 @@ public class AuthenticationService : IAuthenticationService
         return new RefreshToken
         {
             Token = Convert.ToBase64String(randomNumber),
-            Created = DateTime.UtcNow,
-            Expires = DateTime.UtcNow.AddDays(_jwt.RefreshTokenValidityInDays)
+            CreationDateTime = DateTime.UtcNow,
+            ExpiryDateTime = DateTime.UtcNow.AddDays(_jwt.RefreshTokenValidityInDays)
         };
     }
 }