Add logout endpoint and refresh token revocation support

Introduce a Logout endpoint to BaseAuthController supporting GET, POST, and DELETE methods to revoke refresh tokens and remove authentication cookies. Add abstract RevokeRefreshTokenAsync method for token revocation logic. Ensure UserFactory returns null for unauthenticated users.

Author: Vadim Belov

Sources/EasyExtensions.AspNetCore.Authorization/Controllers/BaseAuthController.cs

@@ -31,6 +31,31 @@ public abstract class BaseAuthController(
         /// </summary>
         public IPAddress RequestIP => IPAddress.Parse(Request.GetRemoteAddress());
 
+        /// <summary>
+        /// Logs out the current user by revoking the refresh token and removing the authentication cookie.
+        /// </summary>
+        /// <remarks>This endpoint supports GET, POST, and DELETE HTTP methods. If a refresh token cookie
+        /// is present, it is revoked and deleted. If no refresh token is found, the operation completes without
+        /// error.</remarks>
+        /// <returns>An <see cref="IActionResult"/> indicating the result of the logout operation. Returns a success message if
+        /// the user was logged out.</returns>
+        [HttpGet("logout")]
+        [HttpPost("logout")]
+        [HttpDelete("logout")]
+        public async Task<IActionResult> Logout([FromQuery] string? token = "")
+        {
+            if (Request.Cookies.TryGetValue(CookieRefreshTokenName, out string? refreshToken))
+            {
+                await RevokeRefreshTokenAsync(refreshToken);
+                Response.Cookies.Delete(CookieRefreshTokenName);
+            }
+            if (!string.IsNullOrWhiteSpace(token))
+            {
+                await RevokeRefreshTokenAsync(token);
+            }
+            return Ok("Logged out successfully");
+        }
+
         /// <summary>
         /// Changes the password for the currently authenticated user.
         /// </summary>
@@ -248,6 +273,15 @@ public async Task<IActionResult> LoginWithGoogle([FromQuery] string token)
         /// <returns>A task that represents the asynchronous operation.</returns>
         public abstract Task SaveAndRevokeRefreshTokenAsync(Guid userId, string oldRefreshToken, string newRefreshToken, AuthType authType);
 
+        /// <summary>
+        /// Revokes the specified refresh token, invalidating it for future use.
+        /// </summary>
+        /// <remarks>After revocation, the specified refresh token can no longer be used to obtain new
+        /// access tokens. This method is typically used to log out a user or to respond to a security event.</remarks>
+        /// <param name="refreshToken">The refresh token to revoke. Cannot be null or empty.</param>
+        /// <returns>A task that represents the asynchronous revoke operation.</returns>
+        public abstract Task RevokeRefreshTokenAsync(string refreshToken);
+
         /// <summary>
         /// Asynchronously retrieves the unique identifier of a user associated with the specified refresh token.
         /// </summary>

Sources/EasyExtensions.AspNetCore.Sentry/Factories/UserFactory.cs

@@ -23,6 +23,10 @@ public class UserFactory(IHttpContextAccessor httpContextAccessor) : ISentryUser
                 return null;
             }
             var context = httpContextAccessor.HttpContext;
+            if (context.User?.Identity == null || !context.User.Identity.IsAuthenticated)
+            {
+                return null;
+            }
             var claims = httpContextAccessor.HttpContext.User.Claims;
             int userId = httpContextAccessor.HttpContext.User.TryGetId();
             bool hasUserId = httpContextAccessor.HttpContext.User.TryGetUserId(out Guid guidUserId);