feat: add DELETE /access-tokens/:token

packages/backend/src/controllers/api/v1/access-tokens/revoke-access-token.js

@@ -0,0 +1,15 @@
+export default async (request, response) => {
+  const token = request.params.token;
+
+  const accessToken = await request.currentUser
+    .$relatedQuery('accessTokens')
+    .findOne({
+      token,
+      revoked_at: null,
+    })
+    .throwIfNotFound();
+
+  await accessToken.revoke();
+
+  response.status(204).send();
+};

packages/backend/src/models/access-token.js

@@ -27,6 +27,10 @@ class AccessToken extends Base {
       },
     },
   });
+
+  async revoke() {
+    return await this.$query().patch({ revokedAt: new Date().toISOString() });
+  }
 }
 
 export default AccessToken;

packages/backend/src/routes/api/v1/access-tokens.js

@@ -1,9 +1,16 @@
 import { Router } from 'express';
 import asyncHandler from 'express-async-handler';
 import createAccessTokenAction from '../../../controllers/api/v1/access-tokens/create-access-token.js';
-
+import revokeAccessTokenAction from '../../../controllers/api/v1/access-tokens/revoke-access-token.js';
+import { authenticateUser } from '../../../helpers/authentication.js';
 const router = Router();
 
 router.post('/', asyncHandler(createAccessTokenAction));
 
+router.delete(
+  '/:token',
+  authenticateUser,
+  asyncHandler(revokeAccessTokenAction)
+);
+
 export default router;