multi-hotel-refactor #3
BIN
db/1.sqlite-shm
BIN
db/1.sqlite-shm
Binary file not shown.
BIN
db/1.sqlite-wal
BIN
db/1.sqlite-wal
Binary file not shown.
Binary file not shown.
Binary file not shown.
@@ -532,10 +532,7 @@ pub async fn create_refresh_token(
|
||||
|
||||
/*.map_err(|_| (StatusCode::INTERNAL_SERVER_ERROR, "Error mapping hotel_ids".to_string())); */
|
||||
|
||||
|
||||
|
||||
|
||||
//FIXME: might not need the hotel list on tconflict ?
|
||||
//FIXME: might not need the hotel list on tconflict ?
|
||||
conn.execute(
|
||||
r#"
|
||||
INSERT INTO refresh_token (
|
||||
@@ -702,6 +699,7 @@ pub async fn login_refresh_token (
|
||||
|
||||
}
|
||||
|
||||
#[axum::debug_handler]
|
||||
pub async fn logout_from_single_device (
|
||||
State(state): State<AppState>,
|
||||
Extension(keys): Extension<JwtKeys>,
|
||||
@@ -721,39 +719,61 @@ pub async fn logout_from_single_device (
|
||||
};
|
||||
|
||||
let device_row = match conn.query_row(
|
||||
"SELECT user_id, token_hash, hotel_id, id FROM refresh_token WHERE device_id = ?1 AND user_agent = ?2 AND revoke = 0 ",
|
||||
"SELECT user_id, token_hash, hotel_id_list, id FROM refresh_token WHERE device_id = ?1 AND user_agent = ?2 AND revoked = 0 ",
|
||||
params![&device_id_str, &user_agent_str],
|
||||
|row| {
|
||||
let user_id: i32 = row.get(0)?;
|
||||
let token_hash: String = row.get(1)?;
|
||||
let hotel_id: i32 = row.get(2)?;
|
||||
let json_hotel_id_list: String = row.get(2)?;
|
||||
let id:i32 = row.get(3)?;
|
||||
//let displayname: String = row.get(3)?;
|
||||
Ok((user_id, token_hash, hotel_id,id))
|
||||
Ok((user_id, token_hash, json_hotel_id_list ,id))
|
||||
},
|
||||
).optional() {
|
||||
Ok(opt) => opt,
|
||||
Err(_) => return (StatusCode::INTERNAL_SERVER_ERROR, "DB query error").into_response(),
|
||||
Err(e) => return (StatusCode::INTERNAL_SERVER_ERROR, format!("DB query error : {}", e )).into_response(),
|
||||
};
|
||||
|
||||
let (user_id, token_hash, hotel_id, token_id) = match device_row {
|
||||
|
||||
|
||||
let (user_id, token_hash, json_hotel_id_list, token_id) = match device_row {
|
||||
Some(tuple) => tuple,
|
||||
None => return (StatusCode::UNAUTHORIZED, "No matching device").into_response(),
|
||||
};
|
||||
|
||||
let hotel_ids: Vec<i32> = match serde_json::from_str(&json_hotel_id_list) {
|
||||
Ok(ids) => ids,
|
||||
Err(_) => return (StatusCode::INTERNAL_SERVER_ERROR, "Hotel ids are not deserializable to Vec").into_response(),
|
||||
|
||||
};
|
||||
|
||||
//FIXME: need to chang the way we get refresh token from the cookies instead
|
||||
/*
|
||||
if !verify_password(&payload.refresh_token, &token_hash) {
|
||||
return (StatusCode::UNAUTHORIZED, "Invalid or mismatched token").into_response();
|
||||
}
|
||||
*/
|
||||
|
||||
/*
|
||||
let revoked: Result<String, rusqlite::Error> = conn.query_row(
|
||||
"UPDATE refresh_token SET revoked = 1 WHERE id = ?1 RETURNING device_id",
|
||||
params![&token_id],
|
||||
|row| row.get(0),
|
||||
);
|
||||
|
||||
return (StatusCode::OK, format!("Token deleted for device id {}", &device_id_str)).into_response()
|
||||
*/
|
||||
|
||||
let cookie_value = format!("refresh_token={}; HttpOnly; Secure; Max-Age=0;Path=/", "loggedout");
|
||||
|
||||
let mut response = (StatusCode::CREATED, format!("Token deleted for device id {}", &device_id_str))
|
||||
.into_response();
|
||||
|
||||
response.headers_mut().insert(
|
||||
SET_COOKIE,
|
||||
HeaderValue::from_str(&cookie_value).unwrap(),
|
||||
);
|
||||
|
||||
response
|
||||
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user