From 8c9a33cb81e55f656e9e0358a2ed01ce481b7cd9 Mon Sep 17 00:00:00 2001
From: Romain Mallard <romaimallard@gmail.com>
Date: Mon, 24 Nov 2025 17:02:12 +0100
Subject: [PATCH] register refresh token and login refresh token for multiple
 users

---
 db/1.sqlite-shm    | Bin 0 -> 32768 bytes
 db/1.sqlite-wal    |   0
 db/2.sqlite        |   0
 db/auth.sqlite-shm | Bin 32768 -> 32768 bytes
 db/auth.sqlite-wal | Bin 0 -> 300792 bytes
 src/main.rs        |   2 +-
 src/utils/auth.rs  | 142 ++++++++++++++++++++++++++++++++-------------
 utils command.txt  |  18 +++++-
 8 files changed, 119 insertions(+), 43 deletions(-)
 create mode 100644 db/1.sqlite-shm
 create mode 100644 db/1.sqlite-wal
 create mode 100644 db/2.sqlite

diff --git a/db/1.sqlite-shm b/db/1.sqlite-shm
new file mode 100644
index 0000000000000000000000000000000000000000..fe9ac2845eca6fe6da8a63cd096d9cf9e24ece10
GIT binary patch
literal 32768
zcmeIuAr62r3<XeTSayS60=Z=O-0|kP2&fu@!6Du^ziFC^7w55MN)9hQYV3Wk79a2P
z)%8g3H30$y2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
w0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5cq?@4dk5`Qvd(}

literal 0
HcmV?d00001

diff --git a/db/1.sqlite-wal b/db/1.sqlite-wal
new file mode 100644
index 0000000..e69de29
diff --git a/db/2.sqlite b/db/2.sqlite
new file mode 100644
index 0000000..e69de29
diff --git a/db/auth.sqlite-shm b/db/auth.sqlite-shm
index fe9ac2845eca6fe6da8a63cd096d9cf9e24ece10..c1b1e8d645c3d32b0e0499c6f72d42f131392a26 100644
GIT binary patch
literal 32768
zcmeI)Nm9aK5QgCo6c7{zoN&N-Rvf^2#@U0oa%Yum@8AL4cny!>72N3Foonr=lqnY$
zDcK}>|EiCKRMOS`9H8^hMLDP65|J|Jc1>I2*AKbK{q4=;RV7h=y?n~1E=q;Fm$$sf
z_pQ|Daq8|^-oMY+)1TiayG>bYy(V1my6>Iuf5%<dW>nPDU}?0(EOCodBWY>2v{)R2
z>N79@tNpuss^z}=-CtL0iGu(F2q1s}0tg_000IagfB*srAb<b@2q1s}0tg_000Iag
zfB*srAb<b@2q1s}0tg_000IagfB*srAb<b@2q1s}0tg_000IagfB*sr1WceWVDm5z
z0<{Y`J6|{mgj1jp&as&q0TUQN0fEp842E`c21j5B0t7-UkXA;+n$V2qRnm&qwWZzA
zYA|@X1R}QiHfEb`leX!$Rav#GL!IhUw|Z38sy4K(Jymq5W1Y&`+RH&8C;}sz)T|bQ
zG7fVf;6Wg28_(mm9X(|m&fAnzUcFk@nl^1S`@Rlzq!XQasK=`a_(x#WKdsU!0(BM`
z)0F14Sm&ygL%<IL<C<1cOMYmT9uYtQ0R#|0009ILKmY**5I_I{1Q0*~0R#|00D*rB
Fd;qG&EjIuF

delta 88
zcmZo@U}|V!;+1%$%K!t6lQ%L-i(0Ttu$fN2&50o+0h58L{|^Nd3nVrlV6<}t5>|Eq
DRL&St

diff --git a/db/auth.sqlite-wal b/db/auth.sqlite-wal
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..52711c3ad16bdc93acae89828847f80c5146acfd 100644
GIT binary patch
literal 300792
zcmeI*3v^?3oxt(D+9aKJB9EbrI5UNb!r1Awc{QzAp^qffY11@m)22bTljhMTZPMn^
zq^TY-Bd!NzaS>5=an)6qqbtfDbyZjuT|v(XDk#f2%fiCU@v!V!9F^rE58b{0zG!EL
zX{Uvmrv2VI&Ew|Y-v9q|Z!)L<{C>Z`_1e-yvYMk8%4BboiRHmmv)XiQ^ohqWn|w0)
z!OOoRt<o%B|9_1Y>bL#s4>wjwD-~PsmFWhz-n(^|*n$NC1Q0*~0R#|0009ILKwuLJ
z6n3bzGEKqdt=4Mvfz<GL!Wa$dvrUFZeO$URTk7{_nv8oVnhg3#B%5}Om~-xk$=72{
z^_UXjj<{Rz9&z{`K6`X{Ads7?&-JDHVmYrrZy4*(kHxyjx`q?hn61B~y47P2nyrDL
zp>C+g(hv;Rm`zq=O~6ubt*Hyw8HbEPQ^;&>j3(0K@kBIGYcT9H@2e~9P_DFn!9>5i
zC1W?V+QPBC-PhLQ^yONc^`W*&kImlDHC)#>ZtwJX&AsX9bTW~5=R1a6?v`MSr6H2H
zyX)*-4XbJ2PK8z`pY>BL1K4S6?i*?!H9O;u#y0Q%>U2tKv0Go?>WXJw28Su(>UH_j
zjsD=kL~ZwI%+cAH><NTC5v$+l@JC&imiEZ$14`F)ne<aJKVES7zTMyW%!`lRFIFma
z&&zbL=$_Xd+k{s>T}A)_1Q0*~0R#|0009ILKw!fOlqltLl}g+ymEu;Rkh-`eULg4K
zZ$9<chyQu9LN_RrOYs6yv;gq}8}2%wLkJ*%00IagfB*srAb`M%1&9||TfBe-{r5!`
zFHl~-yYzi`_+Kj1y&{u~c!B4M7g+JTg$)rv009ILKmY**5I_I{1Q1x)0*m7Xq=uHB
z7%%Xvi3cyQN;;jQzJMr6K)k@ZKA|)Y0R#|0009ILKmY**5O}Kvh!@yo@dA%N`Gxm>
z?z@BAM127<E<n7%Tm2T}_alG+0tg_000IagfB*srAaJGxmX8<6{QS!wEj$yyO~ebx
zr5XdwM{uUj4aY$M0R#|0009ILKmY**)};XP0&9yGC=}a#1h-sadHLZh{(Dfw3&^D!
z1I$OTF5j0l3IPNVKmY**5I_I{1Q0*~fmH}Bju$xjd;}L?@awy;xi{M;;sq4ad<4V`
ztb&<c5I_I{1Q0*~0R#|00D+AoK)k>vix;?N>yz)e;p5+~5b**EF(1Jz%tx?s-p=#{
z0R#|0009ILKmY**5I|sa3oIWmV7*B5@BX{)|CWdsP;T8tyujwZVCX#p2q1s}0tg_0
z00IagK)k>vix;@(f^D}Rsrbb%5ig+B9V1?V&j17vKmY**5I_I{1Q0*~0R%RTz)9l;
z)S`P2rkd5JW1~-8`oW3aKfh&v-AsJ}-BFqD1>I5I0~-c_jv#;l0tg_000IagfB*sr
zAh1ydwv{St<*9Ha6;6)~X2wUuiNQ>KLU~T9^3tWNOSE!jrF=3SPNfwRhDLzQj|=?i
z3x}IJe*5U3#khc~;+nZU0_gz@0tg_000IagfB*srAb`MIAW+y@qLpb1E^oD5qYtEp
z#}meANS|#oH0tBhjoDJaH`8R?JJDp&M<Us@W5k?uM@+sRW2(oL2zSKYdiRLK@9^29
z!vlfbRDG^5)fdZo{dvP!e|{|1J=Qgxu*Pit9o4NKbI@!J1PygVHI{~8u*Ph%8fyZU
zdTUKxxXw6a44Oh_YhyH#9*-xYfm(xMpLt)Mf;@svmPZgPY<sL{$9Wl%N1)O@GnYpo
zJzzlq0R#|0009ILKmY**5I_Kdq7@Js1SKWQ=MlW9I9&6Kw-5c8Jc6P<)ifLd1Q0*~
z0R#|0009ILKwxtUtT>OL^b~mn@#owP4}Ud%ix?LuDSu)ik3f3Jf&c;tAb<b@2q1s}
z0tghJKw)R;x(?G<l1H${M2Er-<=h$8E|-WAO!T{3GIm3&EgZ|+eQhmHU#_)TA8MQQ
z*z65m!*zY*_D+x2+?$S0Clh&hzGKMcZV7I(Jc7#)_TSyto_k*85tN9!gRkhG*B#S6
zBRyn6009ILKmY**5I_I{1Q0*~fua)-xdWx8r^q7^bq6cv>kdBpr>1BBZuIsGi5Dok
z6HS8=KmY**5I_I{1Q0;rWC9y0ULZi-!IKn5BwoN1vHE=uf7E4ZX^)(KWl8C6vt(T0
znos|B%e3)Q#syCHdBQpb5I_I{1Q0*~0R#{zK7rF17Z^Gle|Dcv9s%P5Cz~*Vae+5^
zT;P)XUcKp&OB6pOUZD6s?r1Rr2q1s}0tg_000Ib{L|`M03ouV1;{v@dU%JsB9GIx>
z9*sFV8<RbO(3?Ci&@$|;`N`*RxRG&zlYE}A3IPNVKmY**5I_I{1d31KG{yza%Aeh*
z6EAR98mK7jP_4AC-&tuO@d9toxPWZFzQC>bJonO5@t1EB;{vLRYnYFq_&)V$F#-r6
zfB*srAb<b@2rL$0Twsmm{uvk8Z1WN1bl>mzkLRyQiunjsx@VY=VDaY(j}brs0R#|0
z009ILKmY**5GXo<70pMm5HIk}AAb6K=h=?@gNPSUZrw$^K+&CV8jJt}2q1s}0tg_0
z00K({h!-GUU~i_$xObw-pbsYc-7Oirq16_S<?X(<7N;-Q+N=+?O?qthhOXhdzHxh}
z$7}9QN2imCygT19<Z`!cws?U<|M>OlulfGwXChuesXIozz>*IXo*;k#0tg_000Iag
zfB*srAW&=q%f<`HMUUp|3*55h&cpBi<v^gv-5Je<t0Lp6cpy_{lD$o)P{^*Vs**N6
zNBR-r1Y4w^Qt3x8{ivj$`DNz!%|CgA`*URbZaBZ9qFz?IMWxufy<DR^XN#)h*@_=+
z{o?$;^71#>m(>U$fB*srAb<b@XG`Fa^;~sjZLR#e9htz;SU44qq{8Wu!OZw*I5C)s
zPn@tq)9SG`_u8s@n_D_<RR>Ra{b1E)2cw~bRqb89Hiykq)$M6_HhTuDI&1?~&E8&D
zdzbVJoVKpsDsNZ2+iR=pa`jeqc{@AzRvny7hf{-#cV6_`Y>P$$>5+p~y*8h;&+Gez
z!r5prJhP|t(xHm;)rYj_t1EZyk{^;w_m!3M4+mztCk~LFxzR4^#w9cBE~&b#tV&u|
z+5Xvm#cxUk;^E_4Is58FAf3*QrzD@HeVBbU6irWz1@dpa`^b1EJhoV9@63*Kl9$aN
zdvDeJhI`7&_8h8~PVuFe%CFmY;wfHo`j(#BOP0JQ*{qV~%{r~URf|u#=;~l#IGo5F
zPg!+vzVkB|;o_ZA;jDCBFS<DAuc4|oo4wiF*;`e&XX~i!V>4IGMaNw+iX~Uf%(a?c
z>&3q4OrQ8}nAmecX=PKTToz4)!c*zwnDp1&U|=#cKJ$EV=8_#W&fHb(*|z+qhM7&v
z)7tLR(#q;;`M^vE=YDTGoSY0Ng5l$ys+V;7xEC)I&EG5SxkuM2yJIzI2C0X(U8nA$
z^dU6YOYwPBAsy=SmFzOxTd_;Iw2MZ3zBZm$TIsy>jgGeDavwA-c`CkQ|JHJ+!aU<E
z{+zykxlK(oo0dqM{>5^e&YocL$GK^_O=r8Tls28|u5_=Eeip_B>hBvHf8@?&qxi#L
z8Vrzay<T^tZo7EGf&c;tAb<b@2q1s}0tg_0z*{Jgm8oUh3$BagsquIqn$QPQ!{Z5K
zG^Ecq85;F*>BelSUq}j=$W8PPb!5CPUG{7?)*YJcu5Ayw^&<)U0lT*+I?_Frt@HR>
z8zOCv__W`cYBgC*CWq5EHau<dCq4db&NCj5CdMblm)jR^E4a34rQ@0w9W|*?%fx!o
zp2h1=)|&2kHr)}(v`tUchYxhOJ4fu9)c#@pME7(cTW70vXA&u6Dw6OgdINE<&u5Ia
z#&Y>c+LUk(v}6a2BbH`y5P3?jmQ{*F4vbHZPcCZ9$&MNIHTdk!$<{HS%@;Iuc=LUI
z;c&Cw<hEvNhuqO*$W|YU<W0V6TXkzk=l+4A1C0&I>e%#v*E?WrjO3j`>6k{*eKAI`
zFfK4H`~G|0d6o9C7~~M+0=n09f7CrEp0FT*00IagfB*srAb<b@2q1t!@e7E&0);}U
z)M}MVjffeT$pM(pBlzU!Jiq+#uI9%U#sz+>`;G3!;_o#*KmY**5I_I{1Q0*~0R#|0
zV6zHnl(SI}3XQT-I}?kbRc_Zv;Q~@zhGZf#6&B(JrgT&9xH^CSuNKAy-mSZN>wTM5
zj(#J600IagfB*srAb<b@2o!@rSXFRomI=FGd*VSvI*NRmqpUrlKp{G#UFI-r&moXb
zt2PjlGAX17qS(R0xWN72dBk+pb=P0GFfQ<dPKp>1Td*L200IagfB*srAb<b@2q1t!
zF$yfi3#gSdWfY8M%8N9f+4>4nf7GH+^LYeaAA9W8-#zl+AyIcwp*t$m9o4;{`?c7D
z1px#QKmY**5I_I{1Q0*~0R+~uz_wCltz4QRp+c?PC7+qgKuoltIHy#3saXB`6f&h+
zwX$+{3o#dgR`h9pT%hXa|Jqi2@i${)TtK<?OETT{x(lQ`76cGL009ILKmY**5I_I{
z1kRek#N5;X$4?n>vNHW^kK`9q10?5W2AIvpf6Jr##moScbMrBXPM*Q}7^IWBMV#3A
zae?W(9)DQjyz*;vCtK7W5P1gTUeqTPa~I6aYbf2bAb<b@2q1s}0tg_000IagfItxo
zD3ujrK7w-5h52!Tx(^Ir@$O{rZc$%ADNRtwJcUAs1px#QKmY**5I_I{1Q0*~fsG<?
z!aRi{WuRhyT;OM4t9knHb5)kvae*T;-T&y0=w8?;eWxD?Ab<b@2q1s}0tg_000IbX
zG6Ah>n^rDzBNSRyrFJ$kqD-}2`}#bEOX?0jd*9T1e)F+wJE%Lj$*vQ+ivR)$Ab<b@
z2q1s}0tg^b>;kK)J1FV}EU7!#yL-pK<^Qs4RE!I#w(gy)J19M1K>z^+5I_I{1Q0*~
z0R#}(^a5F>TDHC5x=4Ked<IM7DX2TBk4rTc&6fJTnI_}ji6(=7A~(@H)RFPFblJ1n
zSa)c$yS6>#){i9Y2khRS=t%cew$9^kZHTlv;?sU(s?}sMnH)~v*zmN)pY-^%InTm8
zg-hxS{Ox%+C4YbSm#-Fi1S;LLbM*zJ2P_C6fB*srAb<b@2q1s}0tg^b)B>WifKqwt
z`U01H=}%w1EuwJFjte|8S6@K)NKtp3#v_0L0tg_000IagfB*srAh3x9%2nItb1@wX
z<!ROz_;JTi9{69`yI!Tfz$Ut2=qdsTAb<b@2q1s}0tg_0z(x>QO??5C)bS<t1q!C`
z-dV41dP$56lvI3cp}v6hkOct*5I_I{1Q0*~0R#|0V4VnLRc9s7UrBv|td!<|Lau+*
z*Wj}^CtJsSHeb-t;m!B;g~QEyliQl99dbvLAzOVYk~jIPZPl$Eo%;ud4m36-t7Fpx
zUhjahF_L!%rFsp<N!jd4)t=en4bmmOq`ttXum0DIFL~&Wt3)0_iSFrz`U28J76cGL
z009ILKmY**5I_I{1P~}n0Z~&xrCLdSfro$o;e*brzx>tNae<#M)EChGv?x1HqY*#=
z0R#|0009ILKmY**5ZDX?i%JS8Rg0dSc71_ecYWY9_g(yvJ=7Q243`akL;wK<5I_I{
z1Q0*~0R#}(Kmx0&FHj=&e@T6TcYW&B#3v`7IwHmeN-N&GsJ?*ogarWv5I_I{1Q0*~
z0R#|0V2MDs<gDcRtEexKFh)cAlP3Fj$Fu2<K&EYaqCR|}yWKfr&!qMb>nFOW1KB!T
ztvi!Q8B>vjKhYbAdwo7*tTmR)N7AN*bD$+VU>vbDOZok#q+BhlEV#C52gWDIC-s5U
z@c0`aazoV@*s|{<&c1gluNQd)rMjmU)fbSSupoc{0tg_000IagfB*srAb>zo35c2k
zB_%7bFR<fIedyJD@40(+T;QHX^#yeI6jjG*ECL81fB*srAb<b@2q1s}0vlRjQ56AI
z$)YD~t1qy7Wc0|xfB3{7s4uXgFCIFF00IagfB*srAb<b@2q3WW1Xf&MK&@3PE9H~v
za4Ie83upwzgQ;e<>DcHKKiS>#qgV1n4lypEs<>9B8{B&D)?F3XmOml3VnF}_1Q0*~
z0R#|0009JwOrWr{R4daIT;6KAW|<`MNF<wfjF@xoh{@MuO!b%&;f}al?;dgZ9X@+>
zcp#9Qs?YVM`eHe+KW`Z8&yU5r$GV0S)|jooqq@~&4w|ijprLN4#?lZB)|gFJV@<$P
zZ>^~d*BOV5K~u<VZHy+;<MBi^P-`&kGw-WY779Dmb1l>^*TRv2d%8K{OLkfs^VOl@
z<beM`t}CbSk9*U-wmxI1);yIt5Kd?EiJaHo-e^29J?iM`w#CxczFhx6#+hzkMGFf%
zR4Z-YSrIJkP_DFn!9>5iC1W?V+QPBC-PhLQ^yONc^`W*&kImlDHC)#>ZtwJX&AsX9
zbTW~5=R1a6?v`MSr6H2HyX)*-4Xg3nsnE*g;tJGi6w6$Kownw_q4rU;Gwx_?^X{)s
zr=%9U_4Tc;c-Ccbm=dmDmoMGu4-QP!c8|s!osG$!K*$rZ`h5<6)MaUDkDUG`D7~Xa
z%0R{ZxIpSl+aD-5UOgpNs&voDbg$^1*B#S6qdQt;?|qt!00IagfB*srAb<b@2q1s}
z0+N8JEl^r2Zq@1&>kLR6s0GvfxWGR>owexo-FJ{jAXHcoKmY**5I_I{1Q0*~0R#{z
z8i5t(5ok`4M{wKk4T-M|T0beq1xm`Fd_9lg$)a(fp$H&=00IagfB*srAb`N@0)?H0
z9h#NKnYWL3T3Tb#u~6@*Kiv^a?N8^jZBizIb${Q1(J5z}rD3wS!#U;-c!rb1&28gp
zV?(>G&EvNwypjEeiI8P<HF4(T5v(Z_gFJ#aIgjAicTHNndaF|85tK;D1LP6B{&B)1
z1Q0*~0R#|0009ILKmY**icdh~4rnwh%_Au9zEhSibbO9Hg5o>Vv={*d5I_I{1Q0*~
z0R#|0U{edMIFCSkiadhXzA;rZ@ctKmB*q0w%bOPE5lBy15I_I{1Q0*~0R#|00D<EL
z3cIv()z;-2<ucXQ&q|oSf;<A|BWN=2ooF)XnUCOPQ({PO=_T_K+!Fr5NAJDC^%1eM
zRQLFzJOb$n3jzorfB*srAb<b@2q1s}0tgh1fXE%tYELhZ;K&`vUj3}&oXg20D4Nqu
zLlHm#0R#|0009ILKmY**5D)?@&Lb#0MIM3kD@XI^K5)NAj0>o@+`c4_Kzho800Iag
zfB*srAb<b@XI7xFt85`kU$q{i^p)fhFdxC*%v_v)B$7=#M$9>P#N_KSrg}_?a7SF4
z&tb&jclhkl;ekMIsy^43>Wk&P{=8wVKR*`h9_t!rK7u*GPFr)|Q2VIa8Fw_cdG}YR
zQ;B}JTVLPmif3I0hbiIeb@|eb{@}nwZTD!*(b<^n354F{`3U~(>>qUgc#lTp5vX;K
zF3BU1p0Xf-00IagfB*srAb<b@2q1vKx)%_+17&5a$s_n(bIk|$U+~oX$s<_zCz%E!
zfB*srAb<b@2q1s}0tg_mSYX9@1Y1s#NAOp>AOEa3{%4&S7toZwd|V!Zw1Ncz1Q0*~
z0R#|00D+ApP}sF)AxghwJx1xP$Rn_=HB6uR2yDzpz<dOC;X31xF}RZX2olc2qwh=J
zJSFl7G`fe5%Oj9hupoc{0tg_000IagfB*srAb`NS6%e@tTeh559)U)5=D}36+H`F6
ziF-pw9M9$s<|`_$m8lov1<Ic+Z`yKu*~`QWtlJY$!w^6K0R#|0009J6CqTTwn!k;w
z?%<jUrEB-|GEKqdt=4Lm30fHmxTl*FzGSDRF<%`TP7e4F<hpYD{<t^YYwI(HYRyxb
z1L1TgpU8Rb?Ty9*)1!`_ZsG;z>mmlFDt;{)yP?$<j^*vXwic%^*V?QPwM}|#_J*$E
zy1sFHr^jpVO-HAbiM%`CG30W$1Y0Z(k-XhqXYXnVnyrDLp>C+g(hv;Rm`zq=O~6ub
ztvSWl@r9j=xu_(qMzPEZUKe!-|5IIg)6>sA^v5#YGg95bg?NFZy2o{o>K-CqV0Hi5
zuonUdAb<b@2q1s}0tg_000L)5;Em!1q@$Or)#6o^O57@y;#Q%M)-Q<{F#O9^Hy)Y1
zvPr}Xl+MKqydEt;yug_`iyQ?31Q0*~0R#|0;EV|nFR<n>yNMTAGoef-zmj+XTYpD&
ztH->W@8fqUwJY=^USK8l1zvp5b&*@&e({iq7bu;N7g&fEAYR~%{r|*)5I_I{1Q0*~
z0R#|0009ILScSkT;swfA5-)I@zbyKi=e74&ls_penU5Ekt1Uo%fmNIkc0m9E1Q0*~
z0R#|O-vY!7toh6CB8V4|zK?%uh2JN)k9S&HW6`lt@2EfB5lih)=dx{Xz1zCK@4)Dk
zv(3^l+1ue9a|b-b$>HX<@wBm_ea(c#3k)Z$G2#U#nhg4NQD5NMul(TKuSLr~Ri-;C
zE18cMn5!*7eS!7;UmC4L009ILKmY**5I_I{1Q0;r#CQS8<XnxYA+Vx&fv-PyYu!sX
z-)|A|0;-vKf%%yTM6>|)1-QZxKmY**5I_I{1U8re@d9i9vb!ka1r#45ULe;$ka4El
zSCzl7T50}%B$7=#M$9>P#N_KSrg}_?a7SE<w-|Bw9X@+>cp#9Qs?YVM`eHe+KW`Z8
z&yU5r$GV6Yn4d6VUBnCA_@VtD8oS%vF5(4Lv+)9pq6Mfgu)+Qpq&o;8fB*srAb<b@
z2q1s}0vk-=r11h5E*mdU@nEW1Z8|pk#JS&_EWP#<UzAsrH_gQhZ2iHO+h=11h!@yk
z7Yp4%009ILKmY**5Rl1;7g&3|fJ~++$m9i=w_2`IE;Bp(SxMiQrePyqz}mNA;{^&k
bwc6PWP`f@az`{<&LIV}cyhF}PyukkhfafX5

literal 0
HcmV?d00001

diff --git a/src/main.rs b/src/main.rs
index e367f93..501c9e4 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -60,7 +60,7 @@ std::panic::set_hook(Box::new(|info| {
         .send();
 }));
 
-panic!("crash-test");
+//panic!("crash-test");
 
     let hotel_pools = HotelPool::new();
     let logs_manager = SqliteConnectionManager::file("db/auth.sqlite");
diff --git a/src/utils/auth.rs b/src/utils/auth.rs
index 7e9dea3..b529381 100644
--- a/src/utils/auth.rs
+++ b/src/utils/auth.rs
@@ -329,6 +329,11 @@ struct LoginResponse {
     token: String,
 }
 
+#[derive(Serialize)]
+struct MultiLoginResponse {
+    tokens: Vec<String>,
+}
+
 pub async fn clean_auth_loging(
     State(state): State<AppState>,
     Extension(keys): Extension<JwtKeys>,
@@ -428,30 +433,54 @@ pub async fn create_refresh_token(
     let conn = state.logs_pool.get()
         .map_err(|_| (StatusCode::INTERNAL_SERVER_ERROR, "DB connection error".to_string()))?;
 
-    let user_row = conn.query_row(
-        "SELECT id, password, hotel_id FROM users WHERE username = ?1",
-        params![&payload.username],
-        |row| {
+    let mut stmt = conn.prepare(
+        "SELECT id, password, hotel_id FROM users WHERE username = ?1"
+    ).map_err(|_| (StatusCode::INTERNAL_SERVER_ERROR, "DB prepare error".to_string()))?;
+
+
+ let user_rows = stmt
+        .query_map(params![&payload.username], |row| {
             let user_id: i32 = row.get(0)?;
             let password: String = row.get(1)?;
             let hotel_id: i32 = row.get(2)?;
             Ok((user_id, password, hotel_id))
-        },
-    ).optional()
-        .map_err(|_| (StatusCode::INTERNAL_SERVER_ERROR, "DB get user id error".to_string()))?;
+        })
+        .map_err(|_| (StatusCode::INTERNAL_SERVER_ERROR, "DB query error".to_string()))?;
 
+/*       
     let (user_id, stored_hash, hotel_id) = user_row
         .ok_or((StatusCode::NOT_FOUND, "User not found".to_string()))?;
+*/
+    //let mut tokens = Vec::new();
 
-    if !verify_password(&payload.password, &stored_hash) {
-        return Err((StatusCode::UNAUTHORIZED, "Invalid credentials".to_string()));
+    for user_row_result in user_rows {
+        let (user_id, stored_hash, hotel_id) = user_row_result
+            .map_err(|_| (StatusCode::INTERNAL_SERVER_ERROR, "DB row error".to_string()))?;
+
+        if !verify_password(&payload.password, &stored_hash) {
+            continue; // Skip rows with invalid password
+        }
+
+        /*
+        let mut bytes = [0u8; 64];
+        OsRng.fill_bytes(&mut bytes);
+        let raw_token = Uuid::new_v4().to_string();
+
+        let hashed_token = argon2
+            .hash_password(raw_token.as_bytes(), &salt)
+            .map_err(|e| (StatusCode::INTERNAL_SERVER_ERROR, e.to_string()))?
+            .to_string();
+        */
+        
+        conn.execute(
+            "INSERT INTO refresh_token (user_id, token_hash, device_id, user_agent, hotel_id) VALUES (?1, ?2, ?3, ?4, ?5)",
+            params![user_id, hashed_token, device_id_str, user_agent_str, hotel_id],
+        )
+        .map_err(|_| (StatusCode::INTERNAL_SERVER_ERROR, "DB insert error".to_string()))?;
+
+        //tokens.push(raw_token);
     }
 
-    conn.execute(
-        "INSERT INTO refresh_token (user_id, token_hash, device_id, user_agent, hotel_id) VALUES (?1, ?2, ?3, ?4, ?5)",
-        params![user_id, hashed_token, device_id_str, user_agent_str, hotel_id],
-    )
-    .map_err(|_| (StatusCode::INTERNAL_SERVER_ERROR, "DB insert error".to_string()))?;
 
     let cookie_value = format!("refresh_token={}; HttpOnly; Secure; Path=/", raw_token);
 
@@ -482,37 +511,63 @@ pub async fn login_refresh_token (
         Err(_) => return (StatusCode::INTERNAL_SERVER_ERROR, "DB connection error").into_response(),
     };
 
-    let user_agent_str = user_agent
+
+    /*let user_agent_str = user_agent
         .map(|ua| ua.to_string())
         .unwrap_or_else(|| "Unknown".to_string());
     
     let device_id_str = payload.device_id.to_string();
+ */
 
+let user_agent_str = match user_agent {
+    Some(ua) => ua.to_string(),
+    None => return (StatusCode::INTERNAL_SERVER_ERROR, "user agent unknown").into_response(),
+};
+    
+let device_id_str = payload.device_id.to_string();
+
+    
     //"SELECT user_id, token_hash, hotel_id FROM refresh_token WHERE device_id = ?1 AND user_agent = ?2",
 
-    let device_row = match conn.query_row(
-        "SELECT user_id, token_hash, hotel_id FROM refresh_token WHERE device_id = ?1 AND user_agent = ?2",
-        params![&device_id_str, &user_agent_str],
-        |row| {
-           let user_id: i32 = row.get(0)?;
-           let token_hash: String = row.get(1)?;
-           let hotel_id: i32 = row.get(2)?;
-            //let displayname: String = row.get(3)?;
-            Ok((user_id, token_hash, hotel_id))
-        },
-    ).optional() {
-        Ok(opt) => opt,
+    let mut stmt = match conn.prepare(
+        "SELECT user_id, token_hash, hotel_id
+        FROM refresh_token
+        WHERE device_id = ?1 AND user_agent = ?2"
+    ) {
+        Ok(s) => s,
         Err(_) => return (StatusCode::INTERNAL_SERVER_ERROR, "DB query error").into_response(),
     };
-    
-    let (user_id, token_hash, hotel_id) = match device_row {
-        Some(tuple) => tuple,
-        None => return (StatusCode::UNAUTHORIZED, "No matching device").into_response(),
+
+    let rows = match stmt.query_map(params![&device_id_str, &user_agent_str], |row| {
+        Ok((
+            row.get::<_, i32>(0)?,     // user_id
+            row.get::<_, String>(1)?,  // token_hash
+            row.get::<_, i32>(2)?,     // hotel_id
+        ))
+    }) {
+        Ok(r) => r,
+        Err(_) =>  return (StatusCode::INTERNAL_SERVER_ERROR, "DB query error").into_response(),
     };
 
+    let mut entries = Vec::new();
+    for r in rows {
+        match r {
+            Ok(t) => entries.push(t),
+            Err(_) => continue, // ignore corrupt rows
+        }
+    }
+
+    if entries.is_empty() {
+        return (StatusCode::UNAUTHORIZED, "No matching device").into_response();
+    }
+
+    let mut tokens = Vec::new();
+
+for (user_id, token_hash, hotel_id) in entries {
     if !verify_password(&payload.refresh_token, &token_hash) {
-    return (StatusCode::UNAUTHORIZED, "Invalid or mismatched token").into_response();
-}
+        // skip rows with wrong hash
+        continue;
+    }
 
     let expiration = match chrono::Utc::now().checked_add_signed(chrono::Duration::hours(15)) {
     Some(time) => time.timestamp() as usize,
@@ -520,24 +575,29 @@ pub async fn login_refresh_token (
         // Handle overflow — probably a 500, since this should never happen
         return (StatusCode::INTERNAL_SERVER_ERROR, "Time overflow".to_string()).into_response();
     }
-};
+    };
 
     let claims = serde_json::json!({
         "id": user_id,
         "hotel_id": hotel_id,
-        //"username": payload.username,
         "exp": expiration
     });
 
-    let token = match encode(
-            &Header::default(),
-            &claims,
-            &keys.encoding
-    ) {
+    let token = match encode(&Header::default(), &claims, &keys.encoding) {
         Ok(t) => t,
         Err(_) => return (StatusCode::INTERNAL_SERVER_ERROR, "JWT creation failed").into_response(),
     };
-    Json(LoginResponse { token }).into_response()
+
+    tokens.push(token);
+}
+
+
+if tokens.is_empty() {
+    return (StatusCode::UNAUTHORIZED, "Invalid or mismatched token").into_response();
+}
+
+//Json(tokens).into_response()
+    Json(MultiLoginResponse { tokens }).into_response()
 }
 
 pub async fn logout_from_single_device (
diff --git a/utils command.txt b/utils command.txt
index 9f5e42f..6600c89 100644
--- a/utils command.txt	
+++ b/utils command.txt	
@@ -27,6 +27,17 @@ GOOD
   -p 8080:8080 `
   rust-api:1.0.1
 
+linux distro
+
+  docker run `
+  --name hotel-api `
+  -e JWT_SECRET=your_jwt_secret_key `
+  -v "/var/lib/hotel-api/db:/app/db" `
+  -p 8080:8080 `
+  rust-api:1.0.2
+
+
+
 
 
 
@@ -80,4 +91,9 @@ GOOD
 			"RW": true,
 			"Propagation": "rprivate"
 		}
-	],
\ No newline at end of file
+	],
+
+
+
+
+