add logout route

app/auth.py

@@ -57,6 +57,15 @@ def create_session(user_id, temporary=False):
         'expires_at': int(time.time()) + (expires_days * 24 * 60 * 60),
     })
 
+def revoke_session(user_id):
+    if not is_logged_in():
+        return
+    sess = Sessions.find({'key': session['pyrom_session_key']})
+    if not sess:
+        return
+    sess.delete()
+    session.clear()
+
 def parse_username(username: str) -> Tuple[str, str]:
     """first is the unmodified name/display name, second is username"""
     if len(username) < 3:

app/routes/users.py

@@ -5,7 +5,7 @@ import time
 from ..auth import (
     digest, verify, create_session,
     is_logged_in, parse_username, is_password_valid,
-    login_required
+    login_required, revoke_session, get_active_user
     )
 from ..models import Users, Posts, Reactions, Threads
 from ..constants import PermissionLevel
@@ -29,11 +29,6 @@ def redirect_if_logged_in(destination='topics.all_topics'):
 def log_in():
     return render_template('users/log_in.html')
 
-@bp.post('/log-out/')
-@login_required
-def log_out():
-    return 'stub'
-
 @bp.post('/log-in/')
 @redirect_if_logged_in()
 def log_in_post():
@@ -52,6 +47,12 @@ def log_in_post():
         session.permanent = True
     return redirect(request.form.get('return_to', default=url_for('topics.all_topics')))
 
+@bp.post('/log-out/')
+@login_required
+def log_out():
+    revoke_session(get_active_user().id)
+    return redirect(url_for('topics.all_topics'))
+
 @bp.get('/sign-up/')
 @redirect_if_logged_in()
 def sign_up():