pronounsfu/backend/routes/auth/tokens.go

package auth

import (
	"net/http"
	"time"

	"codeberg.org/u1f320/pronouns.cc/backend/db"
	"codeberg.org/u1f320/pronouns.cc/backend/server"
	"emperror.dev/errors"
	"github.com/go-chi/render"
	"github.com/rs/xid"
)

type getTokenResponse struct {
	TokenID xid.ID    `json:"id"`
	Created time.Time `json:"created"`
	Expires time.Time `json:"expires"`
}

func dbTokenToGetResponse(t db.Token) getTokenResponse {
	return getTokenResponse{
		TokenID: t.TokenID,
		Created: t.Created,
		Expires: t.Expires,
	}
}

func (s *Server) getTokens(w http.ResponseWriter, r *http.Request) error {
	ctx := r.Context()
	claims, _ := server.ClaimsFromContext(ctx)

	tokens, err := s.DB.Tokens(ctx, claims.UserID)
	if err != nil {
		return errors.Wrap(err, "getting tokens")
	}

	resps := make([]getTokenResponse, len(tokens))
	for i := range tokens {
		resps[i] = dbTokenToGetResponse(tokens[i])
	}

	render.JSON(w, r, resps)
	return nil
}

func (s *Server) deleteToken(w http.ResponseWriter, r *http.Request) error {
	ctx := r.Context()
	claims, _ := server.ClaimsFromContext(ctx)

	if !claims.TokenWrite || claims.APIToken {
		return server.APIError{Code: server.ErrInvalidToken}
	}

	tx, err := s.DB.Begin(ctx)
	if err != nil {
		return errors.Wrap(err, "beginning transaction")
	}
	defer tx.Rollback(ctx)

	err = s.DB.InvalidateAllTokens(ctx, tx, claims.UserID)
	if err != nil {
		return errors.Wrap(err, "invalidating tokens")
	}

	err = tx.Commit(ctx)
	if err != nil {
		return errors.Wrap(err, "committing transaction")
	}

	render.NoContent(w, r)
	return nil
}

func (s *Server) createToken(w http.ResponseWriter, r *http.Request) error {
	// unimplemented right now
	return server.APIError{Code: server.ErrForbidden}
}
feat: add token IDs, store tokens in db for early invalidation 2022-12-31 15:34:38 -08:00			`package auth`

			`import (`
			`"net/http"`
			`"time"`

			`"codeberg.org/u1f320/pronouns.cc/backend/db"`
			`"codeberg.org/u1f320/pronouns.cc/backend/server"`
			`"emperror.dev/errors"`
			`"github.com/go-chi/render"`
			`"github.com/rs/xid"`
			`)`

			`type getTokenResponse struct {`
			TokenID xid.ID `json:"id"`
			Created time.Time `json:"created"`
			Expires time.Time `json:"expires"`
			`}`

			`func dbTokenToGetResponse(t db.Token) getTokenResponse {`
			`return getTokenResponse{`
			`TokenID: t.TokenID,`
			`Created: t.Created,`
			`Expires: t.Expires,`
			`}`
			`}`

			`func (s Server) getTokens(w http.ResponseWriter, r http.Request) error {`
			`ctx := r.Context()`
			`claims, _ := server.ClaimsFromContext(ctx)`

			`tokens, err := s.DB.Tokens(ctx, claims.UserID)`
			`if err != nil {`
			`return errors.Wrap(err, "getting tokens")`
			`}`

			`resps := make([]getTokenResponse, len(tokens))`
			`for i := range tokens {`
			`resps[i] = dbTokenToGetResponse(tokens[i])`
			`}`

			`render.JSON(w, r, resps)`
			`return nil`
			`}`

			`func (s Server) deleteToken(w http.ResponseWriter, r http.Request) error {`
			`ctx := r.Context()`
			`claims, _ := server.ClaimsFromContext(ctx)`

feat(backend): change DELETE /auth/tokens to invalidate all tokens 2023-03-30 07:05:10 -07:00			`if !claims.TokenWrite \|\| claims.APIToken {`
			`return server.APIError{Code: server.ErrInvalidToken}`
			`}`

			`tx, err := s.DB.Begin(ctx)`
feat: add token IDs, store tokens in db for early invalidation 2022-12-31 15:34:38 -08:00			`if err != nil {`
feat(backend): change DELETE /auth/tokens to invalidate all tokens 2023-03-30 07:05:10 -07:00			`return errors.Wrap(err, "beginning transaction")`
feat(backend): add max invites to /users/@me responses, use token ID for DELETE /auth/tokens/{id} 2023-03-13 09:01:36 -07:00			`}`
feat(backend): change DELETE /auth/tokens to invalidate all tokens 2023-03-30 07:05:10 -07:00			`defer tx.Rollback(ctx)`
feat(backend): add max invites to /users/@me responses, use token ID for DELETE /auth/tokens/{id} 2023-03-13 09:01:36 -07:00
feat(backend): change DELETE /auth/tokens to invalidate all tokens 2023-03-30 07:05:10 -07:00			`err = s.DB.InvalidateAllTokens(ctx, tx, claims.UserID)`
feat(backend): add max invites to /users/@me responses, use token ID for DELETE /auth/tokens/{id} 2023-03-13 09:01:36 -07:00			`if err != nil {`
feat(backend): change DELETE /auth/tokens to invalidate all tokens 2023-03-30 07:05:10 -07:00			`return errors.Wrap(err, "invalidating tokens")`
			`}`
feat(backend): add max invites to /users/@me responses, use token ID for DELETE /auth/tokens/{id} 2023-03-13 09:01:36 -07:00
feat(backend): change DELETE /auth/tokens to invalidate all tokens 2023-03-30 07:05:10 -07:00			`err = tx.Commit(ctx)`
			`if err != nil {`
			`return errors.Wrap(err, "committing transaction")`
feat: add token IDs, store tokens in db for early invalidation 2022-12-31 15:34:38 -08:00			`}`

feat(backend): change DELETE /auth/tokens to invalidate all tokens 2023-03-30 07:05:10 -07:00			`render.NoContent(w, r)`
feat: add token IDs, store tokens in db for early invalidation 2022-12-31 15:34:38 -08:00			`return nil`
			`}`

			`func (s Server) createToken(w http.ResponseWriter, r http.Request) error {`
			`// unimplemented right now`
			`return server.APIError{Code: server.ErrForbidden}`
			`}`