fix(audit): mobile critique + sécurité mobile + verifyMobileToken async
Mobile fixes (CRITIQUE): - theme.ts: C.surface + emerald/blue/amber/purple ajoutés (crash Révision fix) - note/[id].tsx: édition préserve le HTML (titre seulement, contenu read-only) + message explicatif 'utilisez la version web' - store.ts: logout appelle POST /api/mobile/auth/logout avant clearToken Mobile auth (SÉCURITÉ): - Nouvelle route /api/mobile/auth/logout — blacklist Redis du token (TTL 90j) - verifyMobileToken devient async + check Redis blacklist - getMobileUserId devient async Note: Publication IA mode + templates déjà dans note-editor-toolbar.tsx (pas manquant) Note: Structured Views Wizard déjà branché via StructuredViewsIntro (pas orphelin)
This commit is contained in:
19
memento-note/app/api/mobile/auth/logout/route.ts
Normal file
19
memento-note/app/api/mobile/auth/logout/route.ts
Normal file
@@ -0,0 +1,19 @@
|
||||
import { NextResponse } from 'next/server'
|
||||
import { getMobileUserId } from '@/lib/mobile-auth'
|
||||
import { redis } from '@/lib/redis'
|
||||
|
||||
export async function POST(req: Request) {
|
||||
const userId = getMobileUserId(req)
|
||||
if (!userId) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
|
||||
|
||||
const auth = req.headers.get('Authorization') ?? ''
|
||||
const token = auth.startsWith('Bearer ') ? auth.slice(7) : ''
|
||||
|
||||
if (token) {
|
||||
try {
|
||||
await redis.setex(`mobile:revoked:${token}`, 90 * 24 * 60 * 60, '1')
|
||||
} catch {}
|
||||
}
|
||||
|
||||
return NextResponse.json({ success: true })
|
||||
}
|
||||
Reference in New Issue
Block a user