fix(auth): remove JWT cookie when it's invalid

src/middlewares/user_auth.rs

@@ -1,5 +1,10 @@
-
-use axum::{extract::{OriginalUri, Request, State}, http::StatusCode, middleware::Next, response::{Html, IntoResponse, Redirect, Response}, Extension};
+use axum::{
+    extract::{OriginalUri, Request, State},
+    http::{HeaderMap, HeaderValue, StatusCode},
+    middleware::Next,
+    response::{Html, IntoResponse, Redirect, Response},
+    Extension
+};
 use axum_extra::extract::CookieJar;
 
 use crate::{
@@ -12,6 +17,7 @@ use crate::{
 /// add optional auth to the extension data
 pub async fn auth_middleware(
     State(app_state): State<AppState>,
+    OriginalUri(original_uri): OriginalUri,
     cookies: CookieJar,
     mut req: Request,
     next: Next,
@@ -26,8 +32,13 @@ pub async fn auth_middleware(
     let token_claims: UserTokenClaims = match verify_token(&app_state.secrets, jwt) {
         Ok(val) => val,
         Err(_e) => {
+            // UserWebGUI: delete invalid JWT cookie
+            let mut headers = HeaderMap::new();
+            let jwt_cookie = "minauth_jwt=deleted; SameSite=Lax; Max-Age=0".to_string();
+            headers.insert("Set-Cookie", HeaderValue::from_str(&jwt_cookie).unwrap());
+            headers.insert("Location", HeaderValue::from_str(&original_uri.to_string()).unwrap());
             return Err(
-                (StatusCode::UNAUTHORIZED, Html("Unauthorized: The provided JWT is invalid."))
+                (StatusCode::SEE_OTHER, headers, Html("Unauthorized: Invalid JWT cookie."))
             );
         }
     };