From bd20d9728fe9dcaca4dd2abb097089f97477073d Mon Sep 17 00:00:00 2001
From: Romain Mallard <romaimallard@gmail.com>
Date: Fri, 16 Jan 2026 03:17:34 +0100
Subject: [PATCH] lougout all device fix

---
 db/1.sqlite-shm           | Bin 32768 -> 32768 bytes
 db/auth_copy_2.sqlite-wal | Bin 519152 -> 531512 bytes
 src/utils/auth.rs         |  39 +++++++++++++++++++++++++++++++-------
 3 files changed, 32 insertions(+), 7 deletions(-)

diff --git a/db/1.sqlite-shm b/db/1.sqlite-shm
index dd83caa8fb42e5a254b849acaa359e98d0d05982..73b6945161bab113566605324a0d37425b8ff756 100644
GIT binary patch
delta 56
ucmZo@U}|V!;*@x#%K!!wIpqb5YD%0BUR-<;S&$7PI5AF%k!@pReLVoZ7ZDEt

delta 56
vcmZo@U}|V!;*@x#%K!o_6FKDtm(`Rwi(XoM5m}H8A~-QliIHJrV|_gUtBw#O

diff --git a/db/auth_copy_2.sqlite-wal b/db/auth_copy_2.sqlite-wal
index 17b4465e66ed69b306d81ca47b8e76e438e564d8..c3cb572571dbf9db608191fede097c2e9b834273 100644
GIT binary patch
delta 129
zcmexxU4F+7g@zW!7N!>F7M2#)7Pc+yA70BdFfeccF~ilPp+=LBnC?%$BR_vedXYXa
zP>h9V;dXmwrY+ptS3hTWWtnav%p|~X?0<}ldGEbYE|3EL7u&;ynf~z0@Bw*3Ff-;_
V-cM2r`ELPM!sohuzBAKLegOCmDdqqG

delta 23
fcmdn7L*c`9`Gyw87N!>F7M2#)7Pc+yA6^3hc-aZM

diff --git a/src/utils/auth.rs b/src/utils/auth.rs
index 7fadaab..20947c3 100644
--- a/src/utils/auth.rs
+++ b/src/utils/auth.rs
@@ -781,12 +781,12 @@ pub async fn logout_from_all_devices (
     State(state): State<AppState>,
     Extension(keys): Extension<JwtKeys>,
     AuthClaims { user_id, hotel_id }: AuthClaims,
-    Json(payload): Json<LoginRefreshTokenValues>
+    //Json(payload): Json<LoginRefreshTokenValues>
 ) -> impl IntoResponse {
 
 
     
-    let device_id_str = payload.device_id.to_string();
+    //let device_id_str = payload.device_id.to_string();
 
     let conn = match state.logs_pool.get() {
         Ok(c) => c,
@@ -794,23 +794,48 @@ pub async fn logout_from_all_devices (
     };
     
     let result = conn.execute(
-        "UPDATE refresh_token SET revoked = 1 WHERE user_id = ?1 AND revoked = 0",
+        "DELETE FROM refresh_token WHERE user_id = ?1",
         params![&user_id],
     );
 
+    /* 
+
     match result {
-        Ok(count) if count > 0 => {
-            (StatusCode::OK, format!("Revoked {} active tokens", count)).into_response()
-        }
-        Ok(_) => (StatusCode::NOT_FOUND, "No active tokens to revoke").into_response(),
+        //Ok(count) if count > 0 => {
+        //    (StatusCode::OK, format!("Revoked {} active tokens", count)).into_response()
+        //}
+        //Ok(_) => (StatusCode::NOT_FOUND, "No active tokens to revoke").into_response(),
         Err(_) => (
             StatusCode::INTERNAL_SERVER_ERROR,
             "Database update error".to_string(),
         )
             .into_response(),
     }
+   */
 
 
+    let cookie_value = format!("refresh_token={}; HttpOnly; Secure; Max-Age=0;Path=/", "loggedout");
+
+    let mut response = (StatusCode::CREATED, format!("Token deleted for device id "))
+    .into_response();
+   
+    response.headers_mut().insert(
+        SET_COOKIE,
+        HeaderValue::from_str(&cookie_value).unwrap(),
+    );
+
+    match result {
+        //Ok(count) if count > 0 => {
+        //    (StatusCode::OK, format!("Revoked {} active tokens", count)).into_response()
+        //}
+        Ok(_) => response,
+        Err(err) => (
+            StatusCode::INTERNAL_SERVER_ERROR, err.to_string(), // or format!("{err:?}")
+        )
+        .into_response(),
+    }
+
+    //response
 
 }