Improve JWT tokens expiration

- Reduce access tokens TTL to 15 minutes
- Set refresh tokens TTL to 60 days
- Set Guardian.DB to only track refresh tokens
- Remove refresh token when logging out

Closes #710 #705 #706

Signed-off-by: Thomas Citharel <tcit@tcit.fr>

lib/graphql/resolvers/user.ex

@@ -105,6 +105,28 @@ defmodule Mobilizon.GraphQL.Resolvers.User do
     {:error, dgettext("errors", "You need to have an existing token to get a refresh token")}
   end
 
+  def logout(_parent, %{refresh_token: refresh_token}, %{context: %{current_user: %User{}}}) do
+    with {:ok, _claims} <- Auth.Guardian.decode_and_verify(refresh_token, %{"typ" => "refresh"}),
+         {:ok, _claims} <- Auth.Guardian.revoke(refresh_token) do
+      {:ok, refresh_token}
+    else
+      {:error, :token_not_found} ->
+        {:error, :token_not_found}
+
+      {:error, error} ->
+        Logger.debug("Cannot remove user refresh token: #{inspect(error)}")
+        {:error, :unable_to_logout}
+    end
+  end
+
+  def logout(_parent, %{refresh_token: _refresh_token}, _context) do
+    {:error, :unauthenticated}
+  end
+
+  def logout(_parent, _params, _context) do
+    {:error, :invalid_argument}
+  end
+
   @doc """
   Register an user:
     - check registrations are enabled

lib/graphql/schema/user.ex

@@ -310,6 +310,12 @@ defmodule Mobilizon.GraphQL.Schema.UserType do
       resolve(&User.refresh_token/3)
     end
 
+    @desc "Logout an user, deleting a refresh token"
+    field :logout, :string do
+      arg(:refresh_token, non_null(:string))
+      resolve(&User.logout/3)
+    end
+
     @desc "Change default actor for user"
     field :change_default_actor, :user do
       arg(:preferred_username, non_null(:string), description: "The actor preferred_username")