fix(auth): invalidate access tokens on session revoke

2026-04-22 13:30:34 +08:00
parent 01a991f56f
commit 3d29f7c2fa
6 changed files with 90 additions and 19 deletions
--- a/backend/internal/handler/user_handler.go
+++ b/backend/internal/handler/user_handler.go
@@ -259,7 +259,7 @@ func (h *UserHandler) UnbindIdentity(c *gin.Context) {
 		return
 	}
 	if h.authService != nil {
-		if err := h.authService.RevokeAllUserSessions(c.Request.Context(), subject.UserID); err != nil {
+		if err := h.authService.RevokeAllUserTokens(c.Request.Context(), subject.UserID); err != nil {
 			response.ErrorFrom(c, err)
 			return
 		}