From 5ab6b84fe74fa60f451a2f56bcd94173d21a5936 Mon Sep 17 00:00:00 2001
From: rubenwardy <rw@rubenwardy.com>
Date: Tue, 31 Oct 2023 18:46:34 +0000
Subject: [PATCH] Add delete-token API

---
 app/blueprints/api/endpoints.py | 14 ++++++++++++++
 app/flatpages/help/api.md       |  7 +++++++
 2 files changed, 21 insertions(+)

diff --git a/app/blueprints/api/endpoints.py b/app/blueprints/api/endpoints.py
index 8f511ee4..7e86e826 100644
--- a/app/blueprints/api/endpoints.py
+++ b/app/blueprints/api/endpoints.py
@@ -212,6 +212,20 @@ def whoami(token):
 		return jsonify({ "is_authenticated": True, "username": token.owner.username })
 
 
+@bp.route("/api/delete-token/", methods=["DELETE"])
+@csrf.exempt
+@is_api_authd
+@cors_allowed
+def api_delete_token(token):
+	if token is None:
+		error(404, "Token not found")
+
+	db.session.delete(token)
+	db.session.commit()
+
+	return jsonify({"success": True})
+
+
 @bp.route("/api/markdown/", methods=["POST"])
 @csrf.exempt
 def markdown():
diff --git a/app/flatpages/help/api.md b/app/flatpages/help/api.md
index ac099697..34d20e68 100644
--- a/app/flatpages/help/api.md
+++ b/app/flatpages/help/api.md
@@ -64,6 +64,13 @@ Tokens can be attained by visiting [Settings > API Tokens](/user/tokens/).
     * `is_authenticated`:  True on successful API authentication
     * `username`:  Username of the user authenticated as, null otherwise.
     * 4xx status codes will be thrown on unsupported authentication type, invalid access token, or other errors.
+* DELETE `/api/delete-token/`: Deletes the currently used token.
+
+```bash
+# Logout 
+curl -X DELETE https://content.minetest.net/api/delete-token/ \
+    -H "Authorization: Bearer YOURTOKEN"
+```
 
 
 ## Packages