From e7d180912b0dfc1ed40d70b002cfebde9250026a Mon Sep 17 00:00:00 2001
From: giles <giles.bradshaw@sigyl.com>
Date: Tue, 24 Feb 2026 01:30:21 +0000
Subject: [PATCH] Instant logout detection: skip grant cache when did_auth
 cleared

When account logs out it deletes did_auth:{device_id} from Redis.
If that key is gone, bypass the 60s grant cache and re-check the
DB immediately, detecting the revoked grant on the first request.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 infrastructure/factory.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/infrastructure/factory.py b/infrastructure/factory.py
index 208d2f7..dfae5d6 100644
--- a/infrastructure/factory.py
+++ b/infrastructure/factory.py
@@ -172,8 +172,11 @@ def create_base_app(
             if uid and grant_token:
                 cache_key = f"grant:{grant_token}"
                 if redis:
+                    # Quick check: if did_auth was cleared (logout), skip cache
+                    device_id = g.device_id
+                    did_auth_present = await redis.get(f"did_auth:{device_id}") if device_id else True
                     cached = await redis.get(cache_key)
-                    if cached == b"ok":
+                    if cached == b"ok" and did_auth_present:
                         return
                     if cached == b"revoked":
                         qs.pop("uid", None)