From d031e5cabe4f27617344a7f7d1402cdf537263d0 Mon Sep 17 00:00:00 2001
From: Romain Mallard <romaimallard@gmail.com>
Date: Thu, 15 Jan 2026 01:04:03 +0100
Subject: [PATCH] logout fix

---
 db/1.sqlite-shm           | Bin 32768 -> 32768 bytes
 db/1.sqlite-wal           | Bin 0 -> 24752 bytes
 db/auth_copy_2.sqlite-shm | Bin 32768 -> 32768 bytes
 db/auth_copy_2.sqlite-wal | Bin 469712 -> 486192 bytes
 src/utils/auth.rs         |  40 ++++++++++++++++++++++++++++----------
 5 files changed, 30 insertions(+), 10 deletions(-)

diff --git a/db/1.sqlite-shm b/db/1.sqlite-shm
index fe9ac2845eca6fe6da8a63cd096d9cf9e24ece10..dd83caa8fb42e5a254b849acaa359e98d0d05982 100644
GIT binary patch
delta 187
zcmZo@U}|V!s+V}A%K!o_K+MR%AixHsHv>66cTX%<$$cnw-0o$RR_Vd&Wi=(vqL&t5
zBvn1gY!CpM`yUB_1sND7)^mz70ofqyxq%qY-q;xL%FM{Xva#_eD>D-V>&C|SBFxMT
JY#SSe<pJxLH0uBW

delta 80
zcmZo@U}|V!;+1%$%K!t66BkO0TChv7nNGgVi7p`mlYpuI4+Il)WHxT_aoxB<#|i+R
CITQr|

diff --git a/db/1.sqlite-wal b/db/1.sqlite-wal
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..b997f51d51d335e7605a95a771531350b301596f 100644
GIT binary patch
literal 24752
zcmeI3Piz!b9LHxn+ufa=ot>6iinRJ0Y-=m9_PzPDf1ZG%ZQ4VPF^wEZ)YLN84Roj3
zT?*Ai5{-Wn2plnLB8dky!Gy$w=uJ+oi6nX`i6kCCJ>Wr*#EV?~&2ATQ!@f&P(D0i>
zo0<8(@9(|O%)Xtxop0_)>@6j8Ws{<GDB-rW>+0UE2hYDT^8M~hGmFPR$3tz368*Aq
zy#Lp;Cofz(K4h3T6xCd6H<!#`%#~VG`a=YW01+SpM1Tko0U|&IhyW2F0z`la+;sv2
zYE<bO=gip`%<T8e*36J!san-?FmKHTC2M}Vh+C;Qf+~+Q{>p*p4yGfiaJL6{_Z7?4
zMLo3WMvM7kY1S{L+Uh6m+DROM-qnfHi79`&gnQ9&NR4#?F}U~Khu0=g8|En`W*%0|
zKh2Bg3G<wJ*!<aC43)GI0U|&IhyW2F0z`la5CI}U1c(3;AOdS8(4A06BE`~zU#bS>
z#g|_zR>J>Lvt0%C*5Sy->*lhuQM+}Zq3ejNgOPF&%ry>-Vt>;A==7-C8=3PfmFZc(
zyCaF>nE-2*E7R3tP)cbLwWrp+qGCJ!_V)#jezejvK6UJU15b>`Hz>F&aK<c~&zsCN
z)4!)Lq|c;}rsvX=>22wxan)EhP8;tUzA<X_8*Qn}sc%xBq~1)unA(x*)&J6e)W6bC
z>I?b{x~q33ZzO+6o=u)emXgmVw<mS&H|<;PGwnU?Rc%Zg(A310#QDUj#F4~HiJghQ
z_|5pG_}B3d;)mjU;tqC%HX=X-hyW2F0{4UfjK&l#(&PBG)peWM*$m?u?pih%c1|$9
z<(W{>>-dv?Wi|+chJ-m5_k^286+C?>k5vI`3b1=sFmnJG?VB7>kcX$_4lX<?cd%iX
z+=0PPiNF=M13M%o9AW3-35f#=av&rQws0LNNE}eWATJeQA99isT(}&v5(g&i0(cS!
z6y(8`3OEC&wZJI|hlAa^521homkL-8n6w1*U_>Iw3oj3kO9i$E8A%`V!ggW1!~s!z
zuubAn6Ks_`xbT?Nf#+dZ>cDLnYAvt}!ej8LRN&e$*t!qsfPw+J1A~64fIIMrv;>Y~
zi`;>MC2_!u<pD?>P~gDB5<xb+X&;i5z*(*UeG&&3XF}+e3b4dxNeM@IE<7l4K!FXL
zqyoGrd!!}sYHpM`aN*^kTjIb4=kP#l2c8#B7P?wH@SNZtY>+r)1%A3aTMHO|x^vLc
zs)Q@NLg-*h1dd<@NVh71oO9t+Y_xKy37i6?Bn~){=KAzd(CPRSQ}~tVWw@PTw#9LP
zOz<2eo0``J+(JYya?XO*)PW{}2MM`@197<nhnU2Hg_p8DrbHs$jyfCu7GEC)&oI~G
z_<e_+bRgPVfLF>c<ke6xjt<fn0&cesZ!(--hugxIL)dcBpSP;GmS7zU%KK|dR>;`d
zkQ6?Gu)=Vpp_~ZcF0fXY9qypSN34J42;Tnqi}H8kI=(MJIf8rg_(?^H01+SpM1Tko
z0U|&IhyW2F0z}|GC$P30LG5>jHRK3hUs`zQ=AM;+as>DJZAil>0z`la5CI}U1c(3;
zAOb{y2oQn0N?@IH1Y_9Qb;%KYy8P3z&6no}!W_X^?2rFUjsUwt8xbG^M1Tkof%PW<
zV@+=gHpK*N$`OQV2+9%EQz4WisBv&8M^NKHIf8l^%BCDa{eGYv0dk-m!T&Z#@Hds|
B=LrA+

literal 0
HcmV?d00001

diff --git a/db/auth_copy_2.sqlite-shm b/db/auth_copy_2.sqlite-shm
index 825751094d52dc986bca043aa8d24e37f413f95c..78e3e8c7ba9ec013e553c0328a549da472130d52 100644
GIT binary patch
literal 32768
zcmeI*w{lc57>4235!+y6@{*Ium|!p&OwM2oEE$t?jtw0(9e2PrP|?sp12s3ma0}E%
z@)+i@bJl|?bzaSAr2VBM&G%e@w)DM|*lI(sf%cbS93T46H|19!zI=W6?Q^;7?WgXK
zz3+eYb@UIsE{$-1IBKxPa|beQsLa!$NxZ)<^!m^nLT?Ox)KDKC#@32?bND@`q89i6
z-utg($UJyYQy5z^-?wGz@!Yunzhkv*dG)+nyf?3&R~zZxm_J%Zujm<_^Ulqy#k(q<
zD~-Yyn*s_bpnw7jD4>7>3Mim}0tzUgfC36Apnw7jD4>7>3Mim}0tzUgfC36Apnw7j
zD4>7>3Mim}0tzUgfC36Apnw7jD4>7>3Mim}0tzTFjKFLz4YTT!0x1jBuz_vt;s8fE
z$yu&*C*`<iQy?Qy%SL+G%|Uu8bB-I_&8#|AAZ39%HnE*O9O4+KIL}S)r5x963S<Q8
z*~||1a+p3&bAemj&#XFCAZ39Dwy=|Z9N{=;xX5iDq#W053S<Nt!#kcWj18}x&S4>o
zS;}%&u!=6$vW~6n=LG#c<QXqAUpZAE1%bINVhPLWWF@OvLpSSrPJEr$ra<Zftz1q$
zqWKi4A~3H?-LeAd3p9nd>f4#XB&INx>C9w4S9rve^rM@w@B(dIExdsMMHOfc|7|jk
ziA<)%G-fc14zBU|&%e(U)y3RJ5Li%zkY-ds0R<FLKmi35P(T3%6i`3`1r$&~0R<HJ
GOW+qDTuR;m

delta 254
zcmZo@U}|V!s+V}A%K!q*K+MR%AfO7Qg@E|NvC|*RRG7Y9JsN5>`H1O$%LevIyY`&x
zAyqxlC@=t-`yUBFg_#(nCN|FAoWeBAVRHeK2P32W=0v8yOpJ^WiU~q7Lnsyq#R{gl
z*%;UvxET0>u2ldEd}d-)gh=y(sm*U<g_t)dF}-49<O2&#ewHQz=5KzIDI*2|N`Fyl

diff --git a/db/auth_copy_2.sqlite-wal b/db/auth_copy_2.sqlite-wal
index 4ad6bd0fb411b561a4f4d69b881f53f7cd5305d6..7056cfcc636a4ab55452f440034d7b4f85ef3323 100644
GIT binary patch
delta 317
zcmca`Rc6CA*@hOz7N!>F7M2#)7Pc+y7qlc87#P@rnBnTtP@~C5O!q%CsFhUa)r;P)
z@R{)ozlt^|BeOVTX>n>%F(*(J2M`Ovl)ih(`fmH>Q~cX4n3;BSI~jy$`WhG)mbzsp
z1{;MK`#I)U7)J)Ggt_Vm`8$QBm6zpty0{tpS{UXP8ii?_dl}{xqy>dWMkKjL23tCM
zm?sracBrVE9I#qtdwKy=Av4F!OD6x-_br<Nb&3uir&Ndbd|h<<)Gnw~f=eok&74Xi
zgZx91%U#_vLj0<X^#fI0lKotQt5PHNi~ZA*f=i4OGXg5gB1`lAEYrd=gG<Xwi#%Mi
S%>n|Qye;5Pxz5j&$P55nfNfI%

delta 23
ecmdmRP4>c7nT8g|7N!>F7M2#)7Pc+y7qkF&nFz-K

diff --git a/src/utils/auth.rs b/src/utils/auth.rs
index b2240a0..fa429b1 100644
--- a/src/utils/auth.rs
+++ b/src/utils/auth.rs
@@ -531,11 +531,8 @@ pub async fn create_refresh_token(
         
 
      /*.map_err(|_| (StatusCode::INTERNAL_SERVER_ERROR, "Error mapping hotel_ids".to_string())); */   
-
-
-
     
-//FIXME: might not need the hotel list on tconflict ?
+    //FIXME: might not need the hotel list on tconflict ?
     conn.execute(
         r#"
         INSERT INTO refresh_token (
@@ -702,6 +699,7 @@ pub async fn login_refresh_token (
 
 }
 
+#[axum::debug_handler]
 pub async fn logout_from_single_device (
     State(state): State<AppState>,
     Extension(keys): Extension<JwtKeys>,
@@ -721,39 +719,61 @@ pub async fn logout_from_single_device (
     };
     
     let device_row = match conn.query_row(
-        "SELECT user_id, token_hash, hotel_id, id FROM refresh_token WHERE device_id = ?1 AND user_agent = ?2 AND revoke = 0 ",
+        "SELECT user_id, token_hash, hotel_id_list, id FROM refresh_token WHERE device_id = ?1 AND user_agent = ?2 AND revoked = 0 ",
         params![&device_id_str, &user_agent_str],
         |row| {
            let user_id: i32 = row.get(0)?;
            let token_hash: String = row.get(1)?;
-           let hotel_id: i32 = row.get(2)?;
+           let json_hotel_id_list: String = row.get(2)?;
            let id:i32 = row.get(3)?;
             //let displayname: String = row.get(3)?;
-            Ok((user_id, token_hash, hotel_id,id))
+            Ok((user_id, token_hash, json_hotel_id_list ,id))
         },
     ).optional() {
         Ok(opt) => opt,
-        Err(_) => return (StatusCode::INTERNAL_SERVER_ERROR, "DB query error").into_response(),
+        Err(e) => return (StatusCode::INTERNAL_SERVER_ERROR, format!("DB query error : {}", e )).into_response(),
     };
 
-    let (user_id, token_hash, hotel_id, token_id) = match device_row {
+
+
+    let (user_id, token_hash, json_hotel_id_list, token_id) = match device_row {
         Some(tuple) => tuple,
         None => return (StatusCode::UNAUTHORIZED, "No matching device").into_response(),
     };
 
+        let hotel_ids: Vec<i32> = match serde_json::from_str(&json_hotel_id_list) {
+    Ok(ids) => ids,
+        Err(_) =>  return (StatusCode::INTERNAL_SERVER_ERROR, "Hotel ids are not deserializable to Vec").into_response(),
+        
+    };
+
     //FIXME: need to chang the way we get refresh token from the cookies instead
     /*
     if !verify_password(&payload.refresh_token, &token_hash) {
         return (StatusCode::UNAUTHORIZED, "Invalid or mismatched token").into_response();
     }
 */
+
+/*
     let revoked: Result<String, rusqlite::Error> = conn.query_row(
         "UPDATE refresh_token SET revoked = 1 WHERE id = ?1 RETURNING device_id",
         params![&token_id],
         |row| row.get(0),
     );
 
-    return (StatusCode::OK, format!("Token deleted for device id {}", &device_id_str)).into_response()
+*/
+
+    let cookie_value = format!("refresh_token={}; HttpOnly; Secure; Max-Age=0;Path=/", "loggedout");
+
+    let mut response = (StatusCode::CREATED, format!("Token deleted for device id {}", &device_id_str))
+    .into_response();
+   
+    response.headers_mut().insert(
+        SET_COOKIE,
+        HeaderValue::from_str(&cookie_value).unwrap(),
+    );
+
+    response
 
 }