logout fix

src/utils/auth.rs

@@ -531,11 +531,8 @@ pub async fn create_refresh_token(
         
 
      /*.map_err(|_| (StatusCode::INTERNAL_SERVER_ERROR, "Error mapping hotel_ids".to_string())); */   
-
-
-
     
-//FIXME: might not need the hotel list on tconflict ?
+    //FIXME: might not need the hotel list on tconflict ?
     conn.execute(
         r#"
         INSERT INTO refresh_token (
@@ -702,6 +699,7 @@ pub async fn login_refresh_token (
 
 }
 
+#[axum::debug_handler]
 pub async fn logout_from_single_device (
     State(state): State<AppState>,
     Extension(keys): Extension<JwtKeys>,
@@ -721,39 +719,61 @@ pub async fn logout_from_single_device (
     };
     
     let device_row = match conn.query_row(
-        "SELECT user_id, token_hash, hotel_id, id FROM refresh_token WHERE device_id = ?1 AND user_agent = ?2 AND revoke = 0 ",
+        "SELECT user_id, token_hash, hotel_id_list, id FROM refresh_token WHERE device_id = ?1 AND user_agent = ?2 AND revoked = 0 ",
         params![&device_id_str, &user_agent_str],
         |row| {
            let user_id: i32 = row.get(0)?;
            let token_hash: String = row.get(1)?;
-           let hotel_id: i32 = row.get(2)?;
+           let json_hotel_id_list: String = row.get(2)?;
            let id:i32 = row.get(3)?;
             //let displayname: String = row.get(3)?;
-            Ok((user_id, token_hash, hotel_id,id))
+            Ok((user_id, token_hash, json_hotel_id_list ,id))
         },
     ).optional() {
         Ok(opt) => opt,
-        Err(_) => return (StatusCode::INTERNAL_SERVER_ERROR, "DB query error").into_response(),
+        Err(e) => return (StatusCode::INTERNAL_SERVER_ERROR, format!("DB query error : {}", e )).into_response(),
     };
 
-    let (user_id, token_hash, hotel_id, token_id) = match device_row {
+
+
+    let (user_id, token_hash, json_hotel_id_list, token_id) = match device_row {
         Some(tuple) => tuple,
         None => return (StatusCode::UNAUTHORIZED, "No matching device").into_response(),
     };
 
+        let hotel_ids: Vec<i32> = match serde_json::from_str(&json_hotel_id_list) {
+    Ok(ids) => ids,
+        Err(_) =>  return (StatusCode::INTERNAL_SERVER_ERROR, "Hotel ids are not deserializable to Vec").into_response(),
+        
+    };
+
     //FIXME: need to chang the way we get refresh token from the cookies instead
     /*
     if !verify_password(&payload.refresh_token, &token_hash) {
         return (StatusCode::UNAUTHORIZED, "Invalid or mismatched token").into_response();
     }
 */
+
+/*
     let revoked: Result<String, rusqlite::Error> = conn.query_row(
         "UPDATE refresh_token SET revoked = 1 WHERE id = ?1 RETURNING device_id",
         params![&token_id],
         |row| row.get(0),
     );
 
-    return (StatusCode::OK, format!("Token deleted for device id {}", &device_id_str)).into_response()
+*/
+
+    let cookie_value = format!("refresh_token={}; HttpOnly; Secure; Max-Age=0;Path=/", "loggedout");
+
+    let mut response = (StatusCode::CREATED, format!("Token deleted for device id {}", &device_id_str))
+    .into_response();
+   
+    response.headers_mut().insert(
+        SET_COOKIE,
+        HeaderValue::from_str(&cookie_value).unwrap(),
+    );
+
+    response
 
 }