coop/shared
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Instant logout detection: skip grant cache when did_auth cleared

Browse Source 
When account logs out it deletes did_auth:{device_id} from Redis.
If that key is gone, bypass the 60s grant cache and re-check the
DB immediately, detecting the revoked grant on the first request.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
giles
2026-02-24 01:30:21 +00:00
parent beac1b3dab
commit e7d180912b
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
infrastructure/factory.py
View File

@@ -172,8 +172,11 @@ def create_base_app(
if uid and grant_token: if uid and grant_token:
cache_key = f"grant:{grant_token}" cache_key = f"grant:{grant_token}"
if redis: if redis:
# Quick check: if did_auth was cleared (logout), skip cache
device_id = g.device_id
did_auth_present = await redis.get(f"did_auth:{device_id}") if device_id else True
cached = await redis.get(cache_key) cached = await redis.get(cache_key)
if cached == b"ok": if cached == b"ok" and did_auth_present:
return return
if cached == b"revoked": if cached == b"revoked":
qs.pop("uid", None) qs.pop("uid", None)